From 7248ec417c7d81cfb19038eee0db15723a85550e Mon Sep 17 00:00:00 2001 From: Ed Maste Date: Wed, 26 Apr 2023 12:37:20 -0400 Subject: [PATCH] Vendor import of libfido2 1.9.0 --- CMakeLists.txt | 59 +- NEWS | 22 + README.adoc | 9 +- examples/assert.c | 44 +- examples/cred.c | 110 +-- examples/extern.h | 8 - examples/reset.c | 13 +- examples/util.c | 28 - fuzz/Dockerfile | 6 +- fuzz/Makefile | 16 +- fuzz/clock.c | 79 +++ fuzz/dummy.h | 83 +++ fuzz/export.gnu | 12 + fuzz/functions.txt | 1165 ++++++++++++++++--------------- fuzz/fuzz_assert.c | 48 +- fuzz/fuzz_bio.c | 1 + fuzz/fuzz_cred.c | 39 +- fuzz/fuzz_credman.c | 1 + fuzz/fuzz_hid.c | 30 +- fuzz/fuzz_largeblob.c | 1 + fuzz/fuzz_mgmt.c | 28 + fuzz/fuzz_netlink.c | 94 +-- fuzz/mutator_aux.c | 5 +- fuzz/mutator_aux.h | 5 +- fuzz/report.tgz | Bin 303082 -> 320981 bytes fuzz/summary.txt | 86 +-- fuzz/wrap.c | 201 ++++-- fuzz/wrapped.sym | 25 +- man/CMakeLists.txt | 17 +- man/es256_pk_new.3 | 18 +- man/fido2-token.1 | 12 + man/fido_cred_new.3 | 50 +- man/fido_cred_set_authdata.3 | 57 +- man/fido_cred_verify.3 | 12 +- man/fido_dev_enable_entattest.3 | 27 +- man/fido_dev_info_manifest.3 | 10 + man/fido_dev_set_io_functions.3 | 35 +- man/rs256_pk_new.3 | 18 +- openbsd-compat/hkdf.c | 124 ---- openbsd-compat/hkdf.h | 65 -- openbsd-compat/openbsd-compat.h | 17 +- openbsd-compat/strsep.c | 79 +++ regress/CMakeLists.txt | 10 +- regress/assert.c | 88 ++- regress/cred.c | 646 ++++++++++++++++- regress/dev.c | 154 +++- src/CMakeLists.txt | 15 +- src/assert.c | 168 +---- src/authkey.c | 16 +- src/bio.c | 77 +- src/cbor.c | 107 ++- src/config.c | 74 +- src/cred.c | 281 +++++--- src/credman.c | 62 +- src/dev.c | 63 +- src/ecdh.c | 12 +- src/eddsa.c | 82 ++- src/es256.c | 62 +- src/export.gnu | 9 + src/export.llvm | 9 + src/export.msvc | 9 + src/extern.h | 55 +- src/fido.h | 18 +- src/fido/config.h | 2 + src/fido/eddsa.h | 9 +- src/fido/es256.h | 3 +- src/fido/param.h | 8 +- src/fido/rs256.h | 3 +- src/fido/types.h | 14 +- src/hid_freebsd.c | 8 +- src/hid_linux.c | 4 +- src/hid_openbsd.c | 17 +- src/hid_osx.c | 32 +- src/hid_unix.c | 3 +- src/hid_win.c | 48 +- src/info.c | 81 +-- src/io.c | 106 ++- src/iso7816.c | 4 +- src/iso7816.h | 5 +- src/largeblob.c | 65 +- src/netlink.c | 4 +- src/nfc_linux.c | 44 +- src/pin.c | 72 +- src/reset.c | 12 +- src/rs1.c | 99 +++ src/rs256.c | 131 +++- src/time.c | 74 ++ src/tpm.c | 286 ++++++++ src/types.c | 76 ++ src/u2f.c | 158 ++++- src/webauthn.h | 839 ++++++++++++++++++++++ src/winhello.c | 387 +++++----- tools/CMakeLists.txt | 3 + tools/config.c | 48 ++ tools/extern.h | 3 +- tools/fido2-token.c | 2 + tools/token.c | 6 + windows/build.ps1 | 390 +++++------ windows/const.ps1 | 42 ++ windows/release.ps1 | 84 +++ 100 files changed, 5620 insertions(+), 2328 deletions(-) create mode 100644 fuzz/clock.c delete mode 100644 openbsd-compat/hkdf.c delete mode 100644 openbsd-compat/hkdf.h create mode 100644 openbsd-compat/strsep.c create mode 100644 src/rs1.c create mode 100644 src/time.c create mode 100644 src/tpm.c create mode 100644 src/types.c create mode 100644 src/webauthn.h create mode 100644 windows/const.ps1 create mode 100644 windows/release.ps1 diff --git a/CMakeLists.txt b/CMakeLists.txt index 101b7b33e2fc..d775a98c5b48 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2018 Yubico AB. All rights reserved. +# Copyright (c) 2018-2021 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. @@ -28,7 +28,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON) set(CMAKE_COLOR_MAKEFILE OFF) set(CMAKE_VERBOSE_MAKEFILE ON) set(FIDO_MAJOR "1") -set(FIDO_MINOR "8") +set(FIDO_MINOR "9") set(FIDO_PATCH "0") set(FIDO_VERSION ${FIDO_MAJOR}.${FIDO_MINOR}.${FIDO_PATCH}) @@ -68,10 +68,11 @@ if(NOT MSVC) set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DARWIN_C_SOURCE") set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__STDC_WANT_LIB_EXT1__=1") elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux") - set(NFC_LINUX OFF) + set(NFC_LINUX ON) set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_GNU_SOURCE") set(FIDO_CFLAGS "${FIDO_CFLAGS} -D_DEFAULT_SOURCE") - elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") + elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD") set(FIDO_CFLAGS "${FIDO_CFLAGS} -D__BSD_VISIBLE=1") endif() set(FIDO_CFLAGS "${FIDO_CFLAGS} -std=c99") @@ -79,7 +80,7 @@ if(NOT MSVC) endif() check_c_compiler_flag("-Wshorten-64-to-32" HAVE_SHORTEN_64_TO_32) -check_c_compiler_flag("-fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) +check_c_compiler_flag("-Werror -fstack-protector-all" HAVE_STACK_PROTECTOR_ALL) check_include_files(cbor.h HAVE_CBOR_H) check_include_files(endian.h HAVE_ENDIAN_H) @@ -88,7 +89,6 @@ check_include_files(openssl/opensslv.h HAVE_OPENSSLV_H) check_include_files(signal.h HAVE_SIGNAL_H) check_include_files(sys/random.h HAVE_SYS_RANDOM_H) check_include_files(unistd.h HAVE_UNISTD_H) -check_include_files("windows.h;webauthn.h" HAVE_WEBAUTHN_H) check_symbol_exists(arc4random_buf stdlib.h HAVE_ARC4RANDOM_BUF) check_symbol_exists(clock_gettime time.h HAVE_CLOCK_GETTIME) @@ -101,17 +101,13 @@ check_symbol_exists(getrandom sys/random.h HAVE_GETRANDOM) check_symbol_exists(memset_s string.h HAVE_MEMSET_S) check_symbol_exists(readpassphrase readpassphrase.h HAVE_READPASSPHRASE) check_symbol_exists(recallocarray stdlib.h HAVE_RECALLOCARRAY) -check_symbol_exists(sigaction signal.h HAVE_SIGACTION) check_symbol_exists(strlcat string.h HAVE_STRLCAT) check_symbol_exists(strlcpy string.h HAVE_STRLCPY) +check_symbol_exists(strsep string.h HAVE_STRSEP) check_symbol_exists(sysconf unistd.h HAVE_SYSCONF) check_symbol_exists(timespecsub sys/time.h HAVE_TIMESPECSUB) check_symbol_exists(timingsafe_bcmp string.h HAVE_TIMINGSAFE_BCMP) -set(CMAKE_EXTRA_INCLUDE_FILES signal.h) -check_type_size("sig_atomic_t" HAVE_SIG_ATOMIC_T) -set(CMAKE_EXTRA_INCLUDE_FILES) - set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) try_compile(HAVE_POSIX_IOCTL "${CMAKE_CURRENT_BINARY_DIR}/posix_ioctl_check.o" @@ -134,16 +130,15 @@ list(APPEND CHECK_VARIABLES HAVE_POSIX_IOCTL HAVE_READPASSPHRASE HAVE_RECALLOCARRAY - HAVE_SIGACTION HAVE_SIGNAL_H HAVE_STRLCAT HAVE_STRLCPY + HAVE_STRSEP HAVE_SYSCONF HAVE_SYS_RANDOM_H HAVE_TIMESPECSUB HAVE_TIMINGSAFE_BCMP HAVE_UNISTD_H - HAVE_WEBAUTHN_H ) foreach(v ${CHECK_VARIABLES}) @@ -156,26 +151,26 @@ if(HAVE_EXPLICIT_BZERO AND NOT LIBFUZZER) add_definitions(-DHAVE_EXPLICIT_BZERO) endif() -if(HAVE_SIGACTION AND (NOT HAVE_SIG_ATOMIC_T STREQUAL "")) - add_definitions(-DSIGNAL_EXAMPLE) -endif() - if(UNIX) add_definitions(-DHAVE_DEV_URANDOM) endif() if(MSVC) if((NOT CBOR_INCLUDE_DIRS) OR (NOT CBOR_LIBRARY_DIRS) OR - (NOT CRYPTO_INCLUDE_DIRS) OR (NOT CRYPTO_LIBRARY_DIRS) OR - (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS)) - message(FATAL_ERROR "please provide definitions for " - "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY}_DIRS when building " - "under msvc") + (NOT CBOR_BIN_DIRS) OR (NOT CRYPTO_INCLUDE_DIRS) OR + (NOT CRYPTO_LIBRARY_DIRS) OR (NOT CRYPTO_BIN_DIRS) OR + (NOT ZLIB_INCLUDE_DIRS) OR (NOT ZLIB_LIBRARY_DIRS) OR + (NOT ZLIB_BIN_DIRS)) + message(FATAL_ERROR "please define " + "{CBOR,CRYPTO,ZLIB}_{INCLUDE,LIBRARY,BIN}_DIRS when " + "building under msvc") endif() set(CBOR_LIBRARIES cbor) set(ZLIB_LIBRARIES zlib) set(CRYPTO_LIBRARIES crypto-46) set(MSVC_DISABLED_WARNINGS_LIST + "C4152" # nonstandard extension used: function/data pointer + # conversion in expression; "C4200" # nonstandard extension used: zero-sized array in # struct/union; "C4204" # nonstandard extension used: non-constant aggregate @@ -191,12 +186,10 @@ if(MSVC) ${MSVC_DISABLED_WARNINGS_LIST}) string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS}) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}") - set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Z7 /guard:cf /sdl /RTCcsu") + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /Od /Z7 /guard:cf /sdl /RTCcsu") set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /Zi /guard:cf /sdl") - if (HAVE_WEBAUTHN_H) - add_definitions(-DUSE_WINHELLO) - set(USE_WINHELLO ON) - endif() + add_definitions(-DUSE_WINHELLO) + set(USE_WINHELLO ON) else() include(FindPkgConfig) pkg_search_module(CBOR libcbor) @@ -275,9 +268,14 @@ else() set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -fno-omit-frame-pointer") set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -D_FORTIFY_SOURCE=2") + if(CRYPTO_VERSION VERSION_GREATER_EQUAL 3.0) + add_definitions(-DOPENSSL_API_COMPAT=0x10100000L) + endif() + if(FUZZ) add_definitions(-DFIDO_FUZZ) endif() + if(LIBFUZZER) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=fuzzer-no-link") endif() @@ -404,10 +402,9 @@ if(BUILD_MANPAGES) endif() if(NOT WIN32) - if(CMAKE_BUILD_TYPE STREQUAL "Debug") - if(NOT LIBFUZZER AND NOT FUZZ) - subdirs(regress) - endif() + if(CMAKE_BUILD_TYPE STREQUAL "Debug" AND NOT FUZZ) + enable_testing() + subdirs(regress) endif() if(FUZZ) subdirs(fuzz) diff --git a/NEWS b/NEWS index a89766b72e89..04cda4e0e83a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,25 @@ +* Version 1.9.0 (2021-10-27) + ** Enabled NFC support on Linux. + ** Added OpenSSL 3.0 compatibility. + ** Removed OpenSSL 1.0 compatibility. + ** Support for FIDO 2.1 "minPinLength" extension. + ** Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation. + ** Support for TPM 2.0 attestation. + ** Support for device timeouts; see fido_dev_set_timeout(). + ** New API calls: + - es256_pk_from_EVP_PKEY; + - fido_cred_attstmt_len; + - fido_cred_attstmt_ptr; + - fido_cred_pin_minlen; + - fido_cred_set_attstmt; + - fido_cred_set_pin_minlen; + - fido_dev_set_pin_minlen_rpid; + - fido_dev_set_timeout; + - rs256_pk_from_EVP_PKEY. + ** Reliability and portability fixes. + ** Better handling of HID devices without identification strings; gh#381. + ** Fixed detection of Windows's native webauthn API; gh#382. + * Version 1.8.0 (2021-07-22) ** Dropped 'Requires.private' entry from pkg-config file. ** Better support for FIDO 2.1 authenticators. diff --git a/README.adoc b/README.adoc index f5ffa7e4e602..a0e188bf8774 100644 --- a/README.adoc +++ b/README.adoc @@ -23,6 +23,8 @@ file for the full license text. *libfido2* is known to work on Linux, macOS, Windows, OpenBSD, and FreeBSD. +NFC support is available on Linux and Windows. + === Documentation Documentation is available in troff and HTML formats. An @@ -40,7 +42,7 @@ is also available. ==== Releases -The current release of *libfido2* is 1.8.0. Please consult Yubico's +The current release of *libfido2* is 1.9.0. Please consult Yubico's https://developers.yubico.com/libfido2/Releases[release page] for source and binary releases. @@ -66,7 +68,7 @@ Follow the instructions for Ubuntu 18.04 (Bionic) below. Or from source, on UNIX-like systems: - $ (rm -rf build && mkdir build && cd build && cmake ..) + $ cmake -B build $ make -C build $ sudo make -C build install @@ -75,7 +77,8 @@ https://www.freedesktop.org/wiki/Software/pkg-config/[pkg-config] may need to be installed, or the PKG_CONFIG_PATH environment variable set. *libfido2* depends on https://github.com/pjk/libcbor[libcbor], -https://www.openssl.org[OpenSSL], and https://zlib.net[zlib]. On Linux, libudev +https://www.openssl.org[OpenSSL] 1.1 or newer, and https://zlib.net[zlib]. +On Linux, libudev (part of https://www.freedesktop.org/wiki/Software/systemd[systemd]) is also required. diff --git a/examples/assert.c b/examples/assert.c index dc3fda3ac447..8b0dbd9f6eb2 100644 --- a/examples/assert.c +++ b/examples/assert.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -20,7 +20,7 @@ #include "../openbsd-compat/openbsd-compat.h" #include "extern.h" -static const unsigned char cdh[32] = { +static const unsigned char cd[32] = { 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7, 0x82, 0x34, 0xaa, 0xca, 0x07, 0xa1, 0xf6, 0x56, 0x42, 0x1c, 0xb6, 0xf6, 0xb3, 0x00, 0x86, 0x52, @@ -106,10 +106,9 @@ verify_assert(int type, const unsigned char *authdata_ptr, size_t authdata_len, errx(1, "fido_assert_new"); /* client data hash */ - r = fido_assert_set_clientdata_hash(assert, cdh, sizeof(cdh)); + r = fido_assert_set_clientdata(assert, cd, sizeof(cd)); if (r != FIDO_OK) - errx(1, "fido_assert_set_clientdata_hash: %s (0x%x)", - fido_strerr(r), r); + errx(1, "fido_assert_set_clientdata: %s (0x%x)", fido_strerr(r), r); /* relying party */ r = fido_assert_set_rp(assert, "localhost"); @@ -166,7 +165,7 @@ main(int argc, char **argv) const char *blobkey_out = NULL; const char *hmac_out = NULL; unsigned char *body = NULL; - long long seconds = 0; + long long ms = 0; size_t len; int type = COSE_ES256; int ext = 0; @@ -182,16 +181,12 @@ main(int argc, char **argv) pin = optarg; break; case 'T': -#ifndef SIGNAL_EXAMPLE - (void)seconds; - errx(1, "-T not supported"); -#else - if (base10(optarg, &seconds) < 0) + if (base10(optarg, &ms) < 0) errx(1, "base10: %s", optarg); - if (seconds <= 0 || seconds > 30) + if (ms <= 0 || ms > 30) errx(1, "-T: %s must be in (0,30]", optarg); + ms *= 1000; /* seconds to milliseconds */ break; -#endif case 'a': if (read_blob(optarg, &body, &len) < 0) errx(1, "read_blob: %s", optarg); @@ -262,10 +257,9 @@ main(int argc, char **argv) fido_dev_force_u2f(dev); /* client data hash */ - r = fido_assert_set_clientdata_hash(assert, cdh, sizeof(cdh)); + r = fido_assert_set_clientdata(assert, cd, sizeof(cd)); if (r != FIDO_OK) - errx(1, "fido_assert_set_clientdata_hash: %s (0x%x)", - fido_strerr(r), r); + errx(1, "fido_assert_set_clientdata: %s (0x%x)", fido_strerr(r), r); /* relying party */ r = fido_assert_set_rp(assert, "localhost"); @@ -286,20 +280,12 @@ main(int argc, char **argv) if (uv && (r = fido_assert_set_uv(assert, FIDO_OPT_TRUE)) != FIDO_OK) errx(1, "fido_assert_set_uv: %s (0x%x)", fido_strerr(r), r); -#ifdef SIGNAL_EXAMPLE - prepare_signal_handler(SIGINT); - if (seconds) { - prepare_signal_handler(SIGALRM); - alarm((unsigned)seconds); - } -#endif + /* timeout */ + if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK) + errx(1, "fido_dev_set_timeout: %s (0x%x)", fido_strerr(r), r); - r = fido_dev_get_assert(dev, assert, pin); - if (r != FIDO_OK) { -#ifdef SIGNAL_EXAMPLE - if (got_signal) - fido_dev_cancel(dev); -#endif + if ((r = fido_dev_get_assert(dev, assert, pin)) != FIDO_OK) { + fido_dev_cancel(dev); errx(1, "fido_dev_get_assert: %s (0x%x)", fido_strerr(r), r); } diff --git a/examples/cred.c b/examples/cred.c index 74145c761380..4a9d8bf4b25a 100644 --- a/examples/cred.c +++ b/examples/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -17,7 +17,7 @@ #include "../openbsd-compat/openbsd-compat.h" #include "extern.h" -static const unsigned char cdh[32] = { +static const unsigned char cd[32] = { 0xf9, 0x64, 0x57, 0xe7, 0x2d, 0x97, 0xf6, 0xbb, 0xdd, 0xd7, 0xfb, 0x06, 0x37, 0x62, 0xea, 0x26, 0x20, 0x44, 0x8e, 0x69, 0x7c, 0x03, 0xf2, 0x31, @@ -42,9 +42,8 @@ usage(void) static void verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, - size_t authdata_len, const unsigned char *x509_ptr, size_t x509_len, - const unsigned char *sig_ptr, size_t sig_len, bool rk, bool uv, int ext, - const char *key_out, const char *id_out) + size_t authdata_len, const unsigned char *attstmt_ptr, size_t attstmt_len, + bool rk, bool uv, int ext, const char *key_out, const char *id_out) { fido_cred_t *cred; int r; @@ -57,11 +56,10 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, if (r != FIDO_OK) errx(1, "fido_cred_set_type: %s (0x%x)", fido_strerr(r), r); - /* client data hash */ - r = fido_cred_set_clientdata_hash(cred, cdh, sizeof(cdh)); + /* client data */ + r = fido_cred_set_clientdata(cred, cd, sizeof(cd)); if (r != FIDO_OK) - errx(1, "fido_cred_set_clientdata_hash: %s (0x%x)", - fido_strerr(r), r); + errx(1, "fido_cred_set_clientdata: %s (0x%x)", fido_strerr(r), r); /* relying party */ r = fido_cred_set_rp(cred, "localhost", "sweet home localhost"); @@ -96,15 +94,10 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, goto out; } - /* x509 */ - r = fido_cred_set_x509(cred, x509_ptr, x509_len); + /* attestation statement */ + r = fido_cred_set_attstmt(cred, attstmt_ptr, attstmt_len); if (r != FIDO_OK) - errx(1, "fido_cred_set_x509: %s (0x%x)", fido_strerr(r), r); - - /* sig */ - r = fido_cred_set_sig(cred, sig_ptr, sig_len); - if (r != FIDO_OK) - errx(1, "fido_cred_set_sig: %s (0x%x)", fido_strerr(r), r); + errx(1, "fido_cred_set_attstmt: %s (0x%x)", fido_strerr(r), r); r = fido_cred_verify(cred); if (r != FIDO_OK) @@ -138,27 +131,6 @@ verify_cred(int type, const char *fmt, const unsigned char *authdata_ptr, fido_cred_free(&cred); } -static fido_dev_t * -open_from_manifest(const fido_dev_info_t *dev_infos, size_t len, - const char *path) -{ - size_t i; - fido_dev_t *dev; - - for (i = 0; i < len; i++) { - const fido_dev_info_t *curr = fido_dev_info_ptr(dev_infos, i); - if (path == NULL || - strcmp(path, fido_dev_info_path(curr)) == 0) { - dev = fido_dev_new_with_info(curr); - if (fido_dev_open_with_info(dev) == FIDO_OK) - return (dev); - fido_dev_free(&dev); - } - } - - return (NULL); -} - int main(int argc, char **argv) { @@ -171,16 +143,13 @@ main(int argc, char **argv) const char *blobkey_out = NULL; const char *key_out = NULL; const char *id_out = NULL; - const char *path = NULL; unsigned char *body = NULL; - long long seconds = 0; + long long ms = 0; size_t len; int type = COSE_ES256; int ext = 0; int ch; int r; - fido_dev_info_t *dev_infos = NULL; - size_t dev_infos_len = 0; if ((cred = fido_cred_new()) == NULL) errx(1, "fido_cred_new"); @@ -191,16 +160,12 @@ main(int argc, char **argv) pin = optarg; break; case 'T': -#ifndef SIGNAL_EXAMPLE - (void)seconds; - errx(1, "-T not supported"); -#else - if (base10(optarg, &seconds) < 0) + if (base10(optarg, &ms) < 0) errx(1, "base10: %s", optarg); - if (seconds <= 0 || seconds > 30) + if (ms <= 0 || ms > 30) errx(1, "-T: %s must be in (0,30]", optarg); + ms *= 1000; /* seconds to milliseconds */ break; -#endif case 'b': ext |= FIDO_EXT_LARGEBLOB_KEY; blobkey_out = optarg; @@ -248,21 +213,20 @@ main(int argc, char **argv) } } - fido_init(0); - argc -= optind; argv += optind; - if (argc > 1) + if (argc != 1) usage(); - dev_infos = fido_dev_info_new(16); - fido_dev_info_manifest(dev_infos, 16, &dev_infos_len); - if (argc == 1) - path = argv[0]; - if ((dev = open_from_manifest(dev_infos, dev_infos_len, path)) == NULL) - errx(1, "open_from_manifest"); + fido_init(0); + if ((dev = fido_dev_new()) == NULL) + errx(1, "fido_dev_new"); + + r = fido_dev_open(dev, argv[0]); + if (r != FIDO_OK) + errx(1, "fido_dev_open: %s (0x%x)", fido_strerr(r), r); if (u2f) fido_dev_force_u2f(dev); @@ -271,11 +235,10 @@ main(int argc, char **argv) if (r != FIDO_OK) errx(1, "fido_cred_set_type: %s (0x%x)", fido_strerr(r), r); - /* client data hash */ - r = fido_cred_set_clientdata_hash(cred, cdh, sizeof(cdh)); + /* client data */ + r = fido_cred_set_clientdata(cred, cd, sizeof(cd)); if (r != FIDO_OK) - errx(1, "fido_cred_set_clientdata_hash: %s (0x%x)", - fido_strerr(r), r); + errx(1, "fido_cred_set_clientdata: %s (0x%x)", fido_strerr(r), r); /* relying party */ r = fido_cred_set_rp(cred, "localhost", "sweet home localhost"); @@ -301,20 +264,12 @@ main(int argc, char **argv) if (uv && (r = fido_cred_set_uv(cred, FIDO_OPT_TRUE)) != FIDO_OK) errx(1, "fido_cred_set_uv: %s (0x%x)", fido_strerr(r), r); -#ifdef SIGNAL_EXAMPLE - prepare_signal_handler(SIGINT); - if (seconds) { - prepare_signal_handler(SIGALRM); - alarm((unsigned)seconds); - } -#endif + /* timeout */ + if (ms != 0 && (r = fido_dev_set_timeout(dev, (int)ms)) != FIDO_OK) + errx(1, "fido_dev_set_timeout: %s (0x%x)", fido_strerr(r), r); - r = fido_dev_make_cred(dev, cred, pin); - if (r != FIDO_OK) { -#ifdef SIGNAL_EXAMPLE - if (got_signal) - fido_dev_cancel(dev); -#endif + if ((r = fido_dev_make_cred(dev, cred, pin)) != FIDO_OK) { + fido_dev_cancel(dev); errx(1, "fido_makecred: %s (0x%x)", fido_strerr(r), r); } @@ -329,9 +284,8 @@ main(int argc, char **argv) uv = true; verify_cred(type, fido_cred_fmt(cred), fido_cred_authdata_ptr(cred), - fido_cred_authdata_len(cred), fido_cred_x5c_ptr(cred), - fido_cred_x5c_len(cred), fido_cred_sig_ptr(cred), - fido_cred_sig_len(cred), rk, uv, ext, key_out, id_out); + fido_cred_authdata_len(cred), fido_cred_attstmt_ptr(cred), + fido_cred_attstmt_len(cred), rk, uv, ext, key_out, id_out); if (blobkey_out != NULL) { /* extract the "largeBlob" key */ diff --git a/examples/extern.h b/examples/extern.h index 0ea68c4fb585..5633b23d2003 100644 --- a/examples/extern.h +++ b/examples/extern.h @@ -11,10 +11,6 @@ #include #include -#ifdef HAVE_SIGNAL_H -#include -#endif - /* util.c */ EC_KEY *read_ec_pubkey(const char *); RSA *read_rsa_pubkey(const char *); @@ -25,9 +21,5 @@ int write_blob(const char *, const unsigned char *, size_t); int write_ec_pubkey(const char *, const void *, size_t); int write_rsa_pubkey(const char *, const void *, size_t); int write_eddsa_pubkey(const char *, const void *, size_t); -#ifdef SIGNAL_EXAMPLE -void prepare_signal_handler(int); -extern volatile sig_atomic_t got_signal; -#endif #endif /* _EXTERN_H_ */ diff --git a/examples/reset.c b/examples/reset.c index eb341c26c0cd..b429d05f0fe4 100644 --- a/examples/reset.c +++ b/examples/reset.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -34,16 +34,9 @@ main(int argc, char **argv) if ((r = fido_dev_open(dev, argv[1])) != FIDO_OK) errx(1, "fido_dev_open: %s (0x%x)", fido_strerr(r), r); -#ifdef SIGNAL_EXAMPLE - prepare_signal_handler(SIGINT); -#endif - if ((r = fido_dev_reset(dev)) != FIDO_OK) { -#ifdef SIGNAL_EXAMPLE - if (got_signal) - fido_dev_cancel(dev); -#endif - errx(1, "fido_reset: %s (0x%x)", fido_strerr(r), r); + fido_dev_cancel(dev); + errx(1, "fido_dev_reset: %s (0x%x)", fido_strerr(r), r); } if ((r = fido_dev_close(dev)) != FIDO_OK) diff --git a/examples/util.c b/examples/util.c index caa68aa880ee..8b360af21c7a 100644 --- a/examples/util.c +++ b/examples/util.c @@ -21,9 +21,6 @@ #include #include #include -#ifdef HAVE_SIGNAL_H -#include -#endif #ifdef HAVE_UNISTD_H #include #endif @@ -33,31 +30,6 @@ #include "../openbsd-compat/openbsd-compat.h" #include "extern.h" -#ifdef SIGNAL_EXAMPLE -volatile sig_atomic_t got_signal = 0; - -static void -signal_handler(int signo) -{ - (void)signo; - got_signal = 1; -} - -void -prepare_signal_handler(int signo) -{ - struct sigaction sa; - - memset(&sa, 0, sizeof(sa)); - - sigemptyset(&sa.sa_mask); - sa.sa_handler = signal_handler; - - if (sigaction(signo, &sa, NULL) < 0) - err(1, "sigaction"); -} -#endif - int base10(const char *str, long long *ll) { diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile index 895da69e4c4c..f175991d0462 100644 --- a/fuzz/Dockerfile +++ b/fuzz/Dockerfile @@ -1,12 +1,12 @@ -# Copyright (c) 2019 Yubico AB. All rights reserved. +# Copyright (c) 2019-2021 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. FROM ubuntu:focal ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update -RUN apt-get install -y clang-11 cmake git libssl-dev libudev-dev make pkg-config +RUN apt-get install -y clang-12 cmake git libssl-dev libudev-dev make pkg-config RUN apt-get install -y zlib1g-dev RUN git clone --branch v0.8.0 https://github.com/PJK/libcbor RUN git clone https://github.com/yubico/libfido2 -RUN CC=clang-11 CXX=clang++-11 /libfido2/fuzz/build-coverage /libcbor /libfido2 +RUN CC=clang-12 CXX=clang++-12 /libfido2/fuzz/build-coverage /libcbor /libfido2 diff --git a/fuzz/Makefile b/fuzz/Makefile index 4b067c23aac2..1a974a2bf557 100644 --- a/fuzz/Makefile +++ b/fuzz/Makefile @@ -1,11 +1,11 @@ -# Copyright (c) 2019 Yubico AB. All rights reserved. +# Copyright (c) 2019-2021 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. -IMAGE := libfido2-coverage:1.8.0 +IMAGE := libfido2-coverage:1.9.1 RUNNER := libfido2-runner -PROFDATA := llvm-profdata-11 -COV := llvm-cov-11 +PROFDATA := llvm-profdata-12 +COV := llvm-cov-12 TARGETS := fuzz_assert fuzz_bio fuzz_cred fuzz_credman fuzz_hid \ fuzz_largeblob fuzz_netlink fuzz_mgmt CORPORA := $(foreach f,${TARGETS},${f}/corpus) @@ -50,16 +50,18 @@ profdata: run report.tgz: profdata docker exec ${RUNNER} /bin/sh -c 'rm -rf /report && mkdir /report && \ ${COV} show -format=html -tab-size=8 -instr-profile=/$< \ - -output-dir=/report /libfido2/build/src/libfido2.so' + --show-branch-summary=false -output-dir=/report \ + /libfido2/build/src/libfido2.so' docker exec -i ${RUNNER} tar Czcf / - report > $@ summary.txt: profdata docker exec ${RUNNER} ${COV} report -use-color=false \ - /libfido2/build/src/libfido2.so -instr-profile=/$< > $@ + --show-branch-summary=false /libfido2/build/src/libfido2.so \ + -instr-profile=/$< > $@ functions.txt: profdata docker exec ${RUNNER} /bin/sh -c '${COV} report -use-color=false \ - -show-functions -instr-profile=/$< \ + -show-functions --show-branch-summary=false -instr-profile=/$< \ /libfido2/build/src/libfido2.so /libfido2/src/*.[ch]' > $@ clean: run diff --git a/fuzz/clock.c b/fuzz/clock.c new file mode 100644 index 000000000000..23803c2ee3e5 --- /dev/null +++ b/fuzz/clock.c @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2021 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + */ + +#include +#include + +#include "mutator_aux.h" + +/* + * A pseudo-random monotonic clock with a probabilistic discontinuity to + * the end of time (as measured by struct timespec). + */ + +extern int prng_up; +extern int __wrap_clock_gettime(clockid_t, struct timespec *); +extern int __real_clock_gettime(clockid_t, struct timespec *); +extern int __wrap_usleep(unsigned int); +static TLS struct timespec fuzz_clock; + +static void +tick(unsigned int usec) +{ + long long drift; + + /* + * Simulate a jump to the end of time with 0.125% probability. + * This condition should be gracefully handled by callers of + * clock_gettime(). + */ + if (uniform_random(800) < 1) { + fuzz_clock.tv_sec = LLONG_MAX; + fuzz_clock.tv_nsec = LONG_MAX; + return; + } + + drift = usec * 1000LL + (long long)uniform_random(10000000); /* 10ms */ + if (LLONG_MAX - drift < (long long)fuzz_clock.tv_nsec) { + fuzz_clock_reset(); /* Not much we can do here. */ + } else if (drift + (long long)fuzz_clock.tv_nsec < 1000000000) { + fuzz_clock.tv_nsec += (long)(drift); + } else { + fuzz_clock.tv_sec += (long)(drift / 1000000000); + fuzz_clock.tv_nsec += (long)(drift % 1000000000); + } +} + +int +__wrap_clock_gettime(clockid_t clk_id, struct timespec *tp) +{ + if (!prng_up || clk_id != CLOCK_MONOTONIC) + return __real_clock_gettime(clk_id, tp); + if (uniform_random(400) < 1) + return -1; + + tick(0); + *tp = fuzz_clock; + + return 0; +} + +int +__wrap_usleep(unsigned int usec) +{ + if (uniform_random(400) < 1) + return -1; + + tick(usec); + + return 0; +} + +void +fuzz_clock_reset(void) +{ + memset(&fuzz_clock, 0, sizeof(fuzz_clock)); +} diff --git a/fuzz/dummy.h b/fuzz/dummy.h index 981cceec37b5..95744eba634b 100644 --- a/fuzz/dummy.h +++ b/fuzz/dummy.h @@ -93,4 +93,87 @@ const uint8_t dummy_eddsa[] = { 0xe2, 0x39, 0xdf, 0x2f, 0x87, 0x19, 0xb3, 0x02, }; +const uint8_t dummy_netlink_wiredata[] = { + 0xd8, 0x01, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x9d, 0x2e, 0x00, 0x00, + 0x01, 0x02, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x6e, 0x66, 0x63, 0x00, 0x06, 0x00, 0x01, 0x00, + 0x1e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x04, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x05, 0x00, + 0x1f, 0x00, 0x00, 0x00, 0x80, 0x01, 0x06, 0x00, + 0x14, 0x00, 0x01, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0e, 0x00, 0x00, 0x00, 0x14, 0x00, 0x02, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x03, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x03, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x04, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x06, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x05, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x07, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x06, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x07, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x05, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x08, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x08, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x09, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x0f, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0a, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x13, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0c, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x15, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x0d, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x11, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0e, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x12, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x0f, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x1a, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0c, 0x00, 0x00, 0x00, 0x14, 0x00, 0x10, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x1b, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x11, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x1c, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x12, 0x00, + 0x08, 0x00, 0x01, 0x00, 0x1d, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, + 0x14, 0x00, 0x13, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x1e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x0a, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x07, 0x00, + 0x18, 0x00, 0x01, 0x00, 0x08, 0x00, 0x02, 0x00, + 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x00, 0x00, + 0x24, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x9d, 0x2e, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, + 0x1e, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x9d, 0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x24, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x05, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x1c, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x09, 0x01, 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, + 0x1e, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x9d, 0x2e, 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, + 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x08, 0x00, 0x03, 0x00, 0x10, 0x00, 0x00, 0x00, + 0x06, 0x00, 0x05, 0x00, 0x44, 0x00, 0x00, 0x00, + 0x05, 0x00, 0x06, 0x00, 0x20, 0x00, 0x00, 0x00, + 0x0b, 0x00, 0x07, 0x00, 0x27, 0x00, 0x00, 0x00, + 0x93, 0xb9, 0x25, 0x00 +}; + #endif /* !_DUMMY_H */ diff --git a/fuzz/export.gnu b/fuzz/export.gnu index bd70d1c7eaac..0c712b30a429 100644 --- a/fuzz/export.gnu +++ b/fuzz/export.gnu @@ -7,6 +7,7 @@ eddsa_pk_to_EVP_PKEY; es256_pk_free; es256_pk_from_EC_KEY; + es256_pk_from_EVP_PKEY; es256_pk_from_ptr; es256_pk_new; es256_pk_to_EVP_PKEY; @@ -30,6 +31,7 @@ fido_assert_rp_id; fido_assert_set_authdata; fido_assert_set_authdata_raw; + fido_assert_set_clientdata; fido_assert_set_clientdata_hash; fido_assert_set_count; fido_assert_set_extensions; @@ -98,6 +100,8 @@ fido_cbor_info_transports_ptr; fido_cbor_info_versions_len; fido_cbor_info_versions_ptr; + fido_cred_attstmt_len; + fido_cred_attstmt_ptr; fido_cred_authdata_len; fido_cred_authdata_ptr; fido_cred_authdata_raw_len; @@ -137,19 +141,23 @@ fido_credman_rp_new; fido_credman_set_dev_rk; fido_cred_new; + fido_cred_pin_minlen; fido_cred_prot; fido_cred_pubkey_len; fido_cred_pubkey_ptr; fido_cred_rp_id; fido_cred_rp_name; + fido_cred_set_attstmt; fido_cred_set_authdata; fido_cred_set_authdata_raw; fido_cred_set_blob; + fido_cred_set_clientdata; fido_cred_set_clientdata_hash; fido_cred_set_extensions; fido_cred_set_fmt; fido_cred_set_id; fido_cred_set_options; + fido_cred_set_pin_minlen; fido_cred_set_prot; fido_cred_set_rk; fido_cred_set_rp; @@ -205,6 +213,8 @@ fido_dev_set_io_functions; fido_dev_set_pin; fido_dev_set_pin_minlen; + fido_dev_set_pin_minlen_rpid; + fido_dev_set_timeout; fido_dev_set_transport_functions; fido_dev_supports_cred_prot; fido_dev_supports_credman; @@ -230,10 +240,12 @@ fido_strerr; rs256_pk_free; rs256_pk_from_ptr; + rs256_pk_from_EVP_PKEY; rs256_pk_from_RSA; rs256_pk_new; rs256_pk_to_EVP_PKEY; prng_init; + fuzz_clock_reset; set_netlink_io_functions; set_udev_parameters; uniform_random; diff --git a/fuzz/functions.txt b/fuzz/functions.txt index 28fe4f6af17b..886893b1d11d 100644 --- a/fuzz/functions.txt +++ b/fuzz/functions.txt @@ -1,285 +1,286 @@ File '/libfido2/src/aes256.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------- +-------------------------------------------------------------------------------------------------------- aes256_cbc_enc 3 0 100.00% 4 0 100.00% aes256_cbc_dec 3 0 100.00% 4 0 100.00% aes256_gcm_enc 1 0 100.00% 3 0 100.00% aes256_gcm_dec 1 0 100.00% 3 0 100.00% -aes256.c:aes256_cbc_fips 26 2 92.31% 45 7 84.44% -aes256.c:aes256_cbc 29 1 96.55% 40 3 92.50% -aes256.c:aes256_cbc_proto1 1 0 100.00% 7 0 100.00% -aes256.c:aes256_gcm 51 1 98.04% 69 4 94.20% ------------------------------------------------------------------------------- -TOTAL 115 4 96.52% 175 14 92.00% +aes256.c:aes256_cbc_fips 26 2 92.31% 42 7 83.33% +aes256.c:aes256_cbc 29 1 96.55% 36 3 91.67% +aes256.c:aes256_cbc_proto1 1 0 100.00% 5 0 100.00% +aes256.c:aes256_gcm 51 1 98.04% 60 4 93.33% +-------------------------------------------------------------------------------------------------------- +TOTAL 115 4 96.52% 157 14 91.08% File '/libfido2/src/assert.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------- -fido_dev_get_assert 40 0 100.00% 41 0 100.00% -fido_check_flags 13 0 100.00% 18 0 100.00% -fido_get_signed_hash 32 0 100.00% 46 0 100.00% -fido_verify_sig_es256 17 2 88.24% 31 7 77.42% -fido_verify_sig_rs256 17 2 88.24% 31 7 77.42% -fido_verify_sig_eddsa 23 2 91.30% 43 7 83.72% -fido_assert_verify 48 4 91.67% 79 5 93.67% -fido_assert_set_clientdata 12 12 0.00% 12 12 0.00% -fido_assert_set_clientdata_hash 8 0 100.00% 7 0 100.00% -fido_assert_set_hmac_salt 10 0 100.00% 7 0 100.00% -fido_assert_set_hmac_secret 12 12 0.00% 8 8 0.00% -fido_assert_set_rp 12 0 100.00% 14 0 100.00% -fido_assert_allow_cred 13 2 84.62% 29 3 89.66% -fido_assert_set_extensions 14 0 100.00% 11 0 100.00% -fido_assert_set_options 6 6 0.00% 6 6 0.00% -fido_assert_set_up 2 0 100.00% 5 0 100.00% -fido_assert_set_uv 2 0 100.00% 5 0 100.00% +----------------------------------------------------------------------------------------------------------------- +fido_dev_get_assert 40 0 100.00% 35 0 100.00% +fido_check_flags 13 0 100.00% 15 0 100.00% +fido_get_signed_hash 36 0 100.00% 46 0 100.00% +fido_assert_verify 48 4 91.67% 67 5 92.54% +fido_assert_set_clientdata 12 12 0.00% 11 11 0.00% +fido_assert_set_clientdata_hash 8 0 100.00% 6 0 100.00% +fido_assert_set_hmac_salt 10 0 100.00% 6 0 100.00% +fido_assert_set_hmac_secret 12 12 0.00% 7 7 0.00% +fido_assert_set_rp 12 0 100.00% 11 0 100.00% +fido_assert_allow_cred 13 2 84.62% 22 3 86.36% +fido_assert_set_extensions 14 0 100.00% 10 0 100.00% +fido_assert_set_options 6 6 0.00% 5 5 0.00% +fido_assert_set_up 2 0 100.00% 4 0 100.00% +fido_assert_set_uv 2 0 100.00% 4 0 100.00% fido_assert_clientdata_hash_ptr 1 0 100.00% 3 0 100.00% fido_assert_clientdata_hash_len 1 0 100.00% 3 0 100.00% fido_assert_new 1 0 100.00% 3 0 100.00% fido_assert_reset_tx 1 0 100.00% 12 0 100.00% fido_assert_reset_rx 4 0 100.00% 19 0 100.00% -fido_assert_free 6 0 100.00% 10 0 100.00% +fido_assert_free 6 0 100.00% 9 0 100.00% fido_assert_count 1 0 100.00% 3 0 100.00% fido_assert_rp_id 1 0 100.00% 3 0 100.00% -fido_assert_flags 4 0 100.00% 6 0 100.00% -fido_assert_sigcount 4 0 100.00% 6 0 100.00% -fido_assert_authdata_ptr 4 0 100.00% 6 0 100.00% -fido_assert_authdata_len 4 0 100.00% 6 0 100.00% -fido_assert_sig_ptr 4 0 100.00% 6 0 100.00% -fido_assert_sig_len 4 0 100.00% 6 0 100.00% -fido_assert_id_ptr 4 0 100.00% 6 0 100.00% -fido_assert_id_len 4 0 100.00% 6 0 100.00% -fido_assert_user_id_ptr 4 0 100.00% 6 0 100.00% -fido_assert_user_id_len 4 0 100.00% 6 0 100.00% -fido_assert_user_icon 4 0 100.00% 6 0 100.00% -fido_assert_user_name 4 0 100.00% 6 0 100.00% -fido_assert_user_display_name 4 0 100.00% 6 0 100.00% -fido_assert_hmac_secret_ptr 4 0 100.00% 6 0 100.00% -fido_assert_hmac_secret_len 4 0 100.00% 6 0 100.00% -fido_assert_largeblob_key_ptr 4 0 100.00% 6 0 100.00% -fido_assert_largeblob_key_len 4 0 100.00% 6 0 100.00% -fido_assert_blob_ptr 4 0 100.00% 6 0 100.00% -fido_assert_blob_len 4 0 100.00% 6 0 100.00% -fido_assert_set_authdata 24 0 100.00% 35 0 100.00% -fido_assert_set_authdata_raw 24 0 100.00% 34 0 100.00% -fido_assert_set_sig 14 0 100.00% 8 0 100.00% -fido_assert_set_count 10 0 100.00% 21 0 100.00% -assert.c:fido_dev_get_assert_wait 21 0 100.00% 16 0 100.00% -assert.c:fido_dev_get_assert_tx 56 2 96.43% 77 5 93.51% -assert.c:fido_dev_get_assert_rx 19 0 100.00% 38 0 100.00% -assert.c:adjust_assert_count 24 0 100.00% 33 0 100.00% -assert.c:parse_assert_reply 12 0 100.00% 26 0 100.00% -assert.c:fido_get_next_assert_tx 8 0 100.00% 10 0 100.00% -assert.c:fido_get_next_assert_rx 15 2 86.67% 26 4 84.62% -assert.c:decrypt_hmac_secrets 9 0 100.00% 16 0 100.00% -assert.c:check_extensions 5 0 100.00% 11 0 100.00% +fido_assert_flags 4 0 100.00% 5 0 100.00% +fido_assert_sigcount 4 0 100.00% 5 0 100.00% +fido_assert_authdata_ptr 4 0 100.00% 5 0 100.00% +fido_assert_authdata_len 4 0 100.00% 5 0 100.00% +fido_assert_sig_ptr 4 0 100.00% 5 0 100.00% +fido_assert_sig_len 4 0 100.00% 5 0 100.00% +fido_assert_id_ptr 4 0 100.00% 5 0 100.00% +fido_assert_id_len 4 0 100.00% 5 0 100.00% +fido_assert_user_id_ptr 4 0 100.00% 5 0 100.00% +fido_assert_user_id_len 4 0 100.00% 5 0 100.00% +fido_assert_user_icon 4 0 100.00% 5 0 100.00% +fido_assert_user_name 4 0 100.00% 5 0 100.00% +fido_assert_user_display_name 4 0 100.00% 5 0 100.00% +fido_assert_hmac_secret_ptr 4 0 100.00% 5 0 100.00% +fido_assert_hmac_secret_len 4 0 100.00% 5 0 100.00% +fido_assert_largeblob_key_ptr 4 0 100.00% 5 0 100.00% +fido_assert_largeblob_key_len 4 0 100.00% 5 0 100.00% +fido_assert_blob_ptr 4 0 100.00% 5 0 100.00% +fido_assert_blob_len 4 0 100.00% 5 0 100.00% +fido_assert_set_authdata 24 0 100.00% 28 0 100.00% +fido_assert_set_authdata_raw 24 0 100.00% 27 0 100.00% +fido_assert_set_sig 14 0 100.00% 7 0 100.00% +fido_assert_set_count 10 0 100.00% 17 0 100.00% +assert.c:fido_dev_get_assert_wait 21 0 100.00% 14 0 100.00% +assert.c:fido_dev_get_assert_tx 56 2 96.43% 62 5 91.94% +assert.c:fido_dev_get_assert_rx 19 0 100.00% 27 0 100.00% +assert.c:adjust_assert_count 24 0 100.00% 26 0 100.00% +assert.c:parse_assert_reply 12 0 100.00% 24 0 100.00% +assert.c:fido_get_next_assert_tx 8 0 100.00% 8 0 100.00% +assert.c:fido_get_next_assert_rx 15 2 86.67% 21 4 80.95% +assert.c:decrypt_hmac_secrets 9 0 100.00% 15 0 100.00% +assert.c:check_extensions 5 0 100.00% 9 0 100.00% assert.c:fido_assert_reset_extattr 1 0 100.00% 5 0 100.00% assert.c:fido_assert_clean_authdata 1 0 100.00% 5 0 100.00% ---------------------------------------------------------------------------------------- -TOTAL 616 46 92.53% 924 64 93.07% +----------------------------------------------------------------------------------------------------------------- +TOTAL 563 40 92.90% 694 40 94.24% File '/libfido2/src/authkey.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------------------------------- fido_dev_authkey 1 0 100.00% 3 0 100.00% -authkey.c:fido_dev_authkey_wait 10 0 100.00% 9 0 100.00% -authkey.c:fido_dev_authkey_tx 19 0 100.00% 33 0 100.00% -authkey.c:fido_dev_authkey_rx 6 0 100.00% 18 0 100.00% -authkey.c:parse_authkey 8 0 100.00% 12 0 100.00% ---------------------------------------------------------------------------------------- -TOTAL 44 0 100.00% 75 0 100.00% +authkey.c:fido_dev_authkey_wait 10 0 100.00% 7 0 100.00% +authkey.c:fido_dev_authkey_tx 19 0 100.00% 25 0 100.00% +authkey.c:fido_dev_authkey_rx 6 0 100.00% 14 0 100.00% +authkey.c:parse_authkey 8 0 100.00% 10 0 100.00% +----------------------------------------------------------------------------------------------------------------- +TOTAL 44 0 100.00% 59 0 100.00% File '/libfido2/src/bio.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------------------------------- fido_bio_dev_get_template_array 5 2 60.00% 6 0 100.00% fido_bio_dev_set_template_name 7 0 100.00% 6 0 100.00% -fido_bio_dev_enroll_begin 25 2 92.00% 37 0 100.00% +fido_bio_dev_enroll_begin 25 2 92.00% 31 0 100.00% fido_bio_dev_enroll_continue 5 2 60.00% 6 0 100.00% -fido_bio_dev_enroll_cancel 1 1 0.00% 3 3 0.00% -fido_bio_dev_enroll_remove 1 0 100.00% 3 0 100.00% -fido_bio_dev_get_info 1 0 100.00% 3 0 100.00% +fido_bio_dev_enroll_cancel 1 1 0.00% 4 4 0.00% +fido_bio_dev_enroll_remove 1 0 100.00% 4 0 100.00% +fido_bio_dev_get_info 1 0 100.00% 4 0 100.00% fido_bio_template_name 1 0 100.00% 3 0 100.00% fido_bio_template_id_ptr 1 0 100.00% 3 0 100.00% fido_bio_template_id_len 1 0 100.00% 3 0 100.00% fido_bio_template_array_count 1 0 100.00% 3 0 100.00% fido_bio_template_array_new 1 0 100.00% 3 0 100.00% fido_bio_template_new 1 0 100.00% 3 0 100.00% -fido_bio_template_array_free 6 0 100.00% 10 0 100.00% -fido_bio_template_free 6 0 100.00% 10 0 100.00% -fido_bio_template_set_name 8 0 100.00% 9 0 100.00% -fido_bio_template_set_id 8 0 100.00% 8 0 100.00% -fido_bio_template 4 0 100.00% 6 0 100.00% +fido_bio_template_array_free 6 0 100.00% 8 0 100.00% +fido_bio_template_free 6 0 100.00% 8 0 100.00% +fido_bio_template_set_name 8 0 100.00% 7 0 100.00% +fido_bio_template_set_id 8 0 100.00% 6 0 100.00% +fido_bio_template 4 0 100.00% 5 0 100.00% fido_bio_enroll_new 1 0 100.00% 3 0 100.00% fido_bio_info_new 1 0 100.00% 3 0 100.00% fido_bio_info_type 1 0 100.00% 3 0 100.00% fido_bio_info_max_samples 1 0 100.00% 3 0 100.00% -fido_bio_enroll_free 6 0 100.00% 11 0 100.00% -fido_bio_info_free 6 0 100.00% 9 0 100.00% +fido_bio_enroll_free 6 0 100.00% 8 0 100.00% +fido_bio_info_free 6 0 100.00% 7 0 100.00% fido_bio_enroll_remaining_samples 1 0 100.00% 3 0 100.00% fido_bio_enroll_last_status 1 0 100.00% 3 0 100.00% -bio.c:bio_get_template_array_wait 11 0 100.00% 9 0 100.00% -bio.c:bio_tx 43 0 100.00% 66 0 100.00% -bio.c:bio_prepare_hmac 18 0 100.00% 36 0 100.00% -bio.c:bio_rx_template_array 11 0 100.00% 21 0 100.00% -bio.c:bio_parse_template_array 26 1 96.15% 34 4 88.24% -bio.c:decode_template_array 12 1 91.67% 23 3 86.96% -bio.c:decode_template 9 0 100.00% 18 0 100.00% -bio.c:bio_set_template_name_wait 19 0 100.00% 24 0 100.00% -bio.c:bio_enroll_begin_wait 17 0 100.00% 24 0 100.00% -bio.c:bio_rx_enroll_begin 15 0 100.00% 29 0 100.00% -bio.c:bio_parse_enroll_status 20 0 100.00% 31 0 100.00% -bio.c:bio_parse_template_id 8 0 100.00% 12 0 100.00% -bio.c:bio_enroll_continue_wait 19 0 100.00% 25 0 100.00% -bio.c:bio_rx_enroll_continue 11 0 100.00% 22 0 100.00% -bio.c:bio_enroll_cancel_wait 11 11 0.00% 12 12 0.00% -bio.c:bio_enroll_remove_wait 17 0 100.00% 24 0 100.00% -bio.c:bio_get_info_wait 11 0 100.00% 11 0 100.00% -bio.c:bio_rx_info 11 0 100.00% 21 0 100.00% +bio.c:bio_get_template_array_wait 11 0 100.00% 7 0 100.00% +bio.c:bio_tx 43 0 100.00% 55 0 100.00% +bio.c:bio_prepare_hmac 18 0 100.00% 29 0 100.00% +bio.c:bio_rx_template_array 11 0 100.00% 17 0 100.00% +bio.c:bio_parse_template_array 26 1 96.15% 27 4 85.19% +bio.c:decode_template_array 12 1 91.67% 18 3 83.33% +bio.c:decode_template 9 0 100.00% 15 0 100.00% +bio.c:bio_set_template_name_wait 19 0 100.00% 20 0 100.00% +bio.c:bio_enroll_begin_wait 17 0 100.00% 19 0 100.00% +bio.c:bio_rx_enroll_begin 15 0 100.00% 24 0 100.00% +bio.c:bio_parse_enroll_status 20 0 100.00% 28 0 100.00% +bio.c:bio_parse_template_id 8 0 100.00% 10 0 100.00% +bio.c:bio_enroll_continue_wait 19 0 100.00% 20 0 100.00% +bio.c:bio_rx_enroll_continue 11 0 100.00% 18 0 100.00% +bio.c:bio_enroll_cancel_wait 11 11 0.00% 10 10 0.00% +bio.c:bio_enroll_remove_wait 17 0 100.00% 19 0 100.00% +bio.c:bio_get_info_wait 11 0 100.00% 10 0 100.00% +bio.c:bio_rx_info 11 0 100.00% 17 0 100.00% bio.c:bio_reset_info 1 0 100.00% 4 0 100.00% -bio.c:bio_parse_info 20 0 100.00% 31 0 100.00% -bio.c:bio_reset_template_array 4 0 100.00% 8 0 100.00% +bio.c:bio_parse_info 20 0 100.00% 28 0 100.00% +bio.c:bio_reset_template_array 4 0 100.00% 7 0 100.00% bio.c:bio_reset_template 1 0 100.00% 5 0 100.00% -bio.c:bio_reset_enroll 3 0 100.00% 7 0 100.00% ---------------------------------------------------------------------------------------- -TOTAL 419 20 95.23% 660 22 96.67% +bio.c:bio_reset_enroll 3 0 100.00% 6 0 100.00% +----------------------------------------------------------------------------------------------------------------- +TOTAL 419 20 95.23% 559 21 96.24% File '/libfido2/src/blob.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------- +----------------------------------------------------------------------------------------------------------------- fido_blob_new 1 0 100.00% 3 0 100.00% fido_blob_reset 1 0 100.00% 4 0 100.00% -fido_blob_set 9 0 100.00% 19 0 100.00% -fido_blob_append 12 2 83.33% 22 6 72.73% -fido_blob_free 6 0 100.00% 10 0 100.00% -fido_free_blob_array 7 0 100.00% 14 0 100.00% -fido_blob_encode 6 0 100.00% 6 0 100.00% +fido_blob_set 9 0 100.00% 15 0 100.00% +fido_blob_append 12 1 91.67% 20 3 85.00% +fido_blob_free 6 0 100.00% 8 0 100.00% +fido_free_blob_array 7 0 100.00% 12 0 100.00% +fido_blob_encode 6 0 100.00% 5 0 100.00% fido_blob_decode 1 0 100.00% 3 0 100.00% fido_blob_is_empty 3 0 100.00% 3 0 100.00% -fido_blob_serialise 7 1 85.71% 12 1 91.67% ---------------------------------------------------------------------------------------- -TOTAL 53 3 94.34% 96 7 92.71% +fido_blob_serialise 7 1 85.71% 10 1 90.00% +----------------------------------------------------------------------------------------------------------------- +TOTAL 53 2 96.23% 83 4 95.18% File '/libfido2/src/buf.c': Name Regions Miss Cover Lines Miss Cover ---------------------------------------------------------------------------------------- -fido_buf_read 4 0 100.00% 10 0 100.00% -fido_buf_write 4 1 75.00% 10 1 90.00% ---------------------------------------------------------------------------------------- -TOTAL 8 1 87.50% 20 1 95.00% +----------------------------------------------------------------------------------------------------------------- +fido_buf_read 4 0 100.00% 8 0 100.00% +fido_buf_write 4 1 75.00% 8 1 87.50% +----------------------------------------------------------------------------------------------------------------- +TOTAL 8 1 87.50% 16 1 93.75% File '/libfido2/src/cbor.c': Name Regions Miss Cover Lines Miss Cover ----------------------------------------------------------------------------------------- -cbor_map_iter 20 1 95.00% 30 4 86.67% -cbor_array_iter 12 0 100.00% 20 0 100.00% -cbor_parse_reply 27 0 100.00% 43 0 100.00% +------------------------------------------------------------------------------------------------------------------ +cbor_map_iter 20 1 95.00% 26 4 84.62% +cbor_array_iter 12 0 100.00% 16 0 100.00% +cbor_parse_reply 27 0 100.00% 36 0 100.00% cbor_vector_free 6 0 100.00% 5 0 100.00% -cbor_bytestring_copy 14 0 100.00% 22 0 100.00% -cbor_string_copy 14 0 100.00% 23 0 100.00% -cbor_add_bytestring 14 0 100.00% 26 0 100.00% -cbor_add_string 14 0 100.00% 26 0 100.00% -cbor_add_bool 14 0 100.00% 26 0 100.00% -cbor_flatten_vector 14 1 92.86% 21 1 95.24% -cbor_build_frame 15 0 100.00% 32 0 100.00% -cbor_encode_rp_entity 13 0 100.00% 14 0 100.00% -cbor_encode_user_entity 21 0 100.00% 18 0 100.00% -cbor_encode_pubkey_param 36 0 100.00% 48 0 100.00% -cbor_encode_pubkey 10 0 100.00% 13 0 100.00% -cbor_encode_pubkey_list 18 0 100.00% 23 0 100.00% -cbor_encode_cred_ext 46 0 100.00% 46 0 100.00% -cbor_encode_cred_opt 13 0 100.00% 13 0 100.00% -cbor_encode_assert_opt 13 0 100.00% 13 0 100.00% -cbor_encode_pin_auth 20 1 95.00% 30 3 90.00% -cbor_encode_pin_opt 4 0 100.00% 10 0 100.00% -cbor_encode_change_pin_auth 33 1 96.97% 49 3 93.88% -cbor_encode_assert_ext 33 0 100.00% 35 0 100.00% -cbor_decode_fmt 11 0 100.00% 19 0 100.00% -cbor_decode_pubkey 21 1 95.24% 32 2 93.75% -cbor_decode_cred_authdata 31 1 96.77% 45 3 93.33% -cbor_decode_assert_authdata 21 0 100.00% 42 0 100.00% -cbor_decode_attstmt 8 0 100.00% 10 0 100.00% -cbor_decode_uint64 4 0 100.00% 10 0 100.00% -cbor_decode_cred_id 8 0 100.00% 10 0 100.00% -cbor_decode_user 8 0 100.00% 10 0 100.00% -cbor_decode_rp_entity 8 0 100.00% 10 0 100.00% -cbor_build_uint 10 4 60.00% 10 5 50.00% -cbor_array_append 17 0 100.00% 23 0 100.00% -cbor_array_drop 18 2 88.89% 19 3 84.21% -cbor.c:ctap_check_cbor 28 0 100.00% 32 0 100.00% -cbor.c:check_key_type 8 0 100.00% 9 0 100.00% -cbor.c:cbor_add_arg 13 0 100.00% 28 0 100.00% -cbor.c:cbor_add_uint8 14 0 100.00% 26 0 100.00% -cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 7 0 100.00% -cbor.c:cbor_encode_hmac_secret_param 53 2 96.23% 75 4 94.67% -cbor.c:get_cose_alg 36 0 100.00% 48 0 100.00% -cbor.c:find_cose_alg 35 0 100.00% 40 0 100.00% -cbor.c:decode_attcred 25 0 100.00% 56 0 100.00% -cbor.c:decode_cred_extensions 14 0 100.00% 31 0 100.00% -cbor.c:decode_cred_extension 40 3 92.50% 45 9 80.00% -cbor.c:decode_assert_extensions 14 0 100.00% 29 0 100.00% -cbor.c:decode_assert_extension 19 0 100.00% 31 0 100.00% -cbor.c:decode_attstmt_entry 38 0 100.00% 44 0 100.00% -cbor.c:decode_x5c 4 0 100.00% 8 0 100.00% -cbor.c:decode_cred_id_entry 10 0 100.00% 23 0 100.00% -cbor.c:decode_user_entry 25 0 100.00% 39 0 100.00% -cbor.c:decode_rp_entity_entry 15 0 100.00% 29 0 100.00% ----------------------------------------------------------------------------------------- -TOTAL 986 17 98.28% 1426 37 97.41% +cbor_bytestring_copy 14 0 100.00% 18 0 100.00% +cbor_string_copy 14 1 92.86% 18 3 83.33% +cbor_add_bytestring 14 0 100.00% 21 0 100.00% +cbor_add_string 14 0 100.00% 21 0 100.00% +cbor_add_bool 14 0 100.00% 21 0 100.00% +cbor_flatten_vector 14 1 92.86% 16 1 93.75% +cbor_build_frame 15 0 100.00% 25 0 100.00% +cbor_encode_rp_entity 13 0 100.00% 11 0 100.00% +cbor_encode_user_entity 21 0 100.00% 15 0 100.00% +cbor_encode_pubkey_param 36 0 100.00% 39 0 100.00% +cbor_encode_pubkey 10 0 100.00% 11 0 100.00% +cbor_encode_pubkey_list 18 0 100.00% 19 0 100.00% +cbor_encode_str_array 18 0 100.00% 19 0 100.00% +cbor_encode_cred_ext 55 0 100.00% 50 0 100.00% +cbor_encode_cred_opt 13 0 100.00% 11 0 100.00% +cbor_encode_assert_opt 13 0 100.00% 11 0 100.00% +cbor_encode_pin_auth 20 1 95.00% 22 3 86.36% +cbor_encode_pin_opt 4 0 100.00% 8 0 100.00% +cbor_encode_change_pin_auth 31 1 96.77% 36 3 91.67% +cbor_encode_assert_ext 33 0 100.00% 32 0 100.00% +cbor_decode_fmt 13 0 100.00% 15 0 100.00% +cbor_decode_pubkey 21 1 95.24% 30 2 93.33% +cbor_decode_cred_authdata 31 1 96.77% 35 3 91.43% +cbor_decode_assert_authdata 21 0 100.00% 32 0 100.00% +cbor_decode_attstmt 13 0 100.00% 16 0 100.00% +cbor_decode_uint64 4 0 100.00% 8 0 100.00% +cbor_decode_cred_id 8 0 100.00% 9 0 100.00% +cbor_decode_user 8 0 100.00% 9 0 100.00% +cbor_decode_rp_entity 8 0 100.00% 9 0 100.00% +cbor_build_uint 10 4 60.00% 9 4 55.56% +cbor_array_append 17 0 100.00% 21 0 100.00% +cbor_array_drop 18 2 88.89% 17 3 82.35% +cbor.c:ctap_check_cbor 28 0 100.00% 26 0 100.00% +cbor.c:check_key_type 8 0 100.00% 7 0 100.00% +cbor.c:cbor_add_arg 13 0 100.00% 21 0 100.00% +cbor.c:cbor_add_uint8 14 0 100.00% 21 0 100.00% +cbor.c:cbor_encode_largeblob_key_ext 6 0 100.00% 6 0 100.00% +cbor.c:cbor_encode_hmac_secret_param 59 4 93.22% 66 8 87.88% +cbor.c:get_cose_alg 36 1 97.22% 38 3 92.11% +cbor.c:find_cose_alg 35 0 100.00% 33 0 100.00% +cbor.c:decode_attcred 25 0 100.00% 44 0 100.00% +cbor.c:decode_cred_extensions 14 0 100.00% 24 0 100.00% +cbor.c:decode_cred_extension 49 10 79.59% 49 17 65.31% +cbor.c:decode_assert_extensions 14 0 100.00% 23 0 100.00% +cbor.c:decode_assert_extension 19 0 100.00% 27 0 100.00% +cbor.c:decode_attstmt_entry 52 0 100.00% 50 0 100.00% +cbor.c:decode_x5c 4 0 100.00% 6 0 100.00% +cbor.c:decode_cred_id_entry 10 0 100.00% 19 0 100.00% +cbor.c:decode_user_entry 25 0 100.00% 35 0 100.00% +cbor.c:decode_rp_entity_entry 15 0 100.00% 25 0 100.00% +------------------------------------------------------------------------------------------------------------------ +TOTAL 1047 28 97.33% 1237 54 95.63% File '/libfido2/src/compress.c': Name Regions Miss Cover Lines Miss Cover ----------------------------------------------------------------------------------------- +------------------------------------------------------------------------------------------------------------------ fido_compress 1 0 100.00% 3 0 100.00% fido_uncompress 1 0 100.00% 3 0 100.00% -compress.c:do_compress 32 4 87.50% 24 3 87.50% ----------------------------------------------------------------------------------------- -TOTAL 34 4 88.24% 30 3 90.00% +compress.c:do_compress 32 4 87.50% 22 3 86.36% +------------------------------------------------------------------------------------------------------------------ +TOTAL 34 4 88.24% 28 3 89.29% File '/libfido2/src/config.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_dev_enable_entattest 1 0 100.00% 3 0 100.00% -fido_dev_toggle_always_uv 1 0 100.00% 3 0 100.00% -fido_dev_set_pin_minlen 1 0 100.00% 3 0 100.00% -fido_dev_force_pin_change 1 0 100.00% 3 0 100.00% -config.c:config_enable_entattest_wait 6 0 100.00% 8 0 100.00% -config.c:config_tx 37 0 100.00% 57 0 100.00% -config.c:config_prepare_hmac 8 1 87.50% 22 3 86.36% -config.c:config_toggle_always_uv_wait 6 0 100.00% 8 0 100.00% -config.c:config_pin_minlen 5 0 100.00% 8 0 100.00% -config.c:config_pin_minlen_tx 28 0 100.00% 31 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 94 1 98.94% 146 3 97.95% +------------------------------------------------------------------------------------------------------------------- +fido_dev_enable_entattest 1 0 100.00% 4 0 100.00% +fido_dev_toggle_always_uv 1 0 100.00% 4 0 100.00% +fido_dev_set_pin_minlen 1 0 100.00% 4 0 100.00% +fido_dev_force_pin_change 1 0 100.00% 4 0 100.00% +fido_dev_set_pin_minlen_rpid 6 0 100.00% 15 0 100.00% +config.c:config_enable_entattest_wait 6 0 100.00% 7 0 100.00% +config.c:config_tx 37 0 100.00% 48 0 100.00% +config.c:config_prepare_hmac 8 0 100.00% 19 0 100.00% +config.c:config_toggle_always_uv_wait 6 0 100.00% 7 0 100.00% +config.c:config_pin_minlen 5 0 100.00% 7 0 100.00% +config.c:config_pin_minlen_tx 36 0 100.00% 32 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 108 0 100.00% 151 0 100.00% File '/libfido2/src/cred.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ +------------------------------------------------------------------------------------------------------------------- fido_dev_make_cred 12 0 100.00% 10 0 100.00% -fido_check_rp_id 4 0 100.00% 14 0 100.00% -fido_cred_verify 50 4 92.00% 75 8 89.33% -fido_cred_verify_self 58 6 89.66% 94 10 89.36% +fido_check_rp_id 4 0 100.00% 11 0 100.00% +fido_cred_verify 56 2 96.43% 72 5 93.06% +fido_cred_verify_self 58 4 93.10% 83 5 93.98% fido_cred_new 1 0 100.00% 3 0 100.00% -fido_cred_reset_tx 1 0 100.00% 22 0 100.00% -fido_cred_reset_rx 1 0 100.00% 8 0 100.00% -fido_cred_free 6 0 100.00% 10 0 100.00% -fido_cred_set_authdata 23 0 100.00% 37 0 100.00% -fido_cred_set_authdata_raw 25 0 100.00% 38 0 100.00% -fido_cred_set_id 6 0 100.00% 6 0 100.00% -fido_cred_set_x509 6 0 100.00% 6 0 100.00% -fido_cred_set_sig 6 0 100.00% 6 0 100.00% -fido_cred_exclude 14 2 85.71% 25 3 88.00% -fido_cred_set_clientdata 12 12 0.00% 12 12 0.00% -fido_cred_set_clientdata_hash 8 0 100.00% 7 0 100.00% -fido_cred_set_rp 18 0 100.00% 26 0 100.00% -fido_cred_set_user 32 0 100.00% 46 0 100.00% -fido_cred_set_extensions 15 0 100.00% 11 0 100.00% -fido_cred_set_options 6 6 0.00% 6 6 0.00% -fido_cred_set_rk 2 0 100.00% 5 0 100.00% -fido_cred_set_uv 2 0 100.00% 5 0 100.00% -fido_cred_set_prot 21 0 100.00% 16 0 100.00% -fido_cred_set_blob 13 2 84.62% 10 1 90.00% -fido_cred_set_fmt 18 4 77.78% 16 1 93.75% -fido_cred_set_type 17 0 100.00% 9 0 100.00% +fido_cred_reset_tx 1 0 100.00% 19 0 100.00% +fido_cred_reset_rx 1 0 100.00% 7 0 100.00% +fido_cred_free 6 0 100.00% 9 0 100.00% +fido_cred_set_authdata 23 0 100.00% 28 0 100.00% +fido_cred_set_authdata_raw 25 0 100.00% 29 0 100.00% +fido_cred_set_id 6 0 100.00% 5 0 100.00% +fido_cred_set_x509 6 0 100.00% 5 0 100.00% +fido_cred_set_sig 6 0 100.00% 5 0 100.00% +fido_cred_set_attstmt 20 0 100.00% 23 0 100.00% +fido_cred_exclude 14 2 85.71% 19 3 84.21% +fido_cred_set_clientdata 12 12 0.00% 11 11 0.00% +fido_cred_set_clientdata_hash 8 0 100.00% 6 0 100.00% +fido_cred_set_rp 18 0 100.00% 22 0 100.00% +fido_cred_set_user 32 0 100.00% 41 0 100.00% +fido_cred_set_extensions 16 0 100.00% 10 0 100.00% +fido_cred_set_options 6 6 0.00% 5 5 0.00% +fido_cred_set_rk 2 0 100.00% 4 0 100.00% +fido_cred_set_uv 2 0 100.00% 4 0 100.00% +fido_cred_set_prot 21 0 100.00% 14 0 100.00% +fido_cred_set_pin_minlen 7 0 100.00% 8 0 100.00% +fido_cred_set_blob 13 2 84.62% 8 1 87.50% +fido_cred_set_fmt 20 4 80.00% 12 1 91.67% +fido_cred_set_type 17 0 100.00% 7 0 100.00% fido_cred_type 1 0 100.00% 3 0 100.00% fido_cred_flags 1 0 100.00% 3 0 100.00% fido_cred_sigcount 1 0 100.00% 3 0 100.00% @@ -293,13 +294,16 @@ fido_cred_authdata_ptr 1 0 100.00% 3 fido_cred_authdata_len 1 0 100.00% 3 0 100.00% fido_cred_authdata_raw_ptr 1 0 100.00% 3 0 100.00% fido_cred_authdata_raw_len 1 0 100.00% 3 0 100.00% -fido_cred_pubkey_ptr 9 0 100.00% 20 0 100.00% -fido_cred_pubkey_len 9 0 100.00% 20 0 100.00% +fido_cred_attstmt_ptr 1 0 100.00% 3 0 100.00% +fido_cred_attstmt_len 1 0 100.00% 3 0 100.00% +fido_cred_pubkey_ptr 9 0 100.00% 18 0 100.00% +fido_cred_pubkey_len 9 0 100.00% 18 0 100.00% fido_cred_id_ptr 1 0 100.00% 3 0 100.00% fido_cred_id_len 1 0 100.00% 3 0 100.00% fido_cred_aaguid_ptr 1 0 100.00% 3 0 100.00% fido_cred_aaguid_len 1 0 100.00% 3 0 100.00% fido_cred_prot 1 0 100.00% 3 0 100.00% +fido_cred_pin_minlen 1 0 100.00% 3 0 100.00% fido_cred_fmt 1 0 100.00% 3 0 100.00% fido_cred_rp_id 1 0 100.00% 3 0 100.00% fido_cred_rp_name 1 0 100.00% 3 0 100.00% @@ -309,82 +313,83 @@ fido_cred_user_id_ptr 1 0 100.00% 3 fido_cred_user_id_len 1 0 100.00% 3 0 100.00% fido_cred_largeblob_key_ptr 1 0 100.00% 3 0 100.00% fido_cred_largeblob_key_len 1 0 100.00% 3 0 100.00% -cred.c:fido_dev_make_cred_wait 10 0 100.00% 9 0 100.00% -cred.c:fido_dev_make_cred_tx 64 0 100.00% 85 0 100.00% -cred.c:fido_dev_make_cred_rx 19 0 100.00% 27 0 100.00% -cred.c:parse_makecred_reply 14 0 100.00% 29 0 100.00% -cred.c:check_extensions 2 0 100.00% 9 0 100.00% -cred.c:get_signed_hash_u2f 22 0 100.00% 20 0 100.00% -cred.c:verify_sig 27 2 92.59% 40 7 82.50% -cred.c:fido_cred_clean_authdata 1 0 100.00% 9 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 581 38 93.46% 872 48 94.50% +cred.c:fido_dev_make_cred_wait 10 0 100.00% 7 0 100.00% +cred.c:fido_dev_make_cred_tx 64 0 100.00% 70 0 100.00% +cred.c:fido_dev_make_cred_rx 29 0 100.00% 32 0 100.00% +cred.c:parse_makecred_reply 14 0 100.00% 27 0 100.00% +cred.c:check_extensions 2 0 100.00% 6 0 100.00% +cred.c:get_signed_hash_u2f 27 0 100.00% 26 0 100.00% +cred.c:verify_attstmt 23 2 91.30% 40 5 87.50% +cred.c:fido_cred_clean_authdata 1 0 100.00% 8 0 100.00% +cred.c:fido_cred_clean_attstmt 1 0 100.00% 8 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 632 34 94.62% 830 36 95.66% File '/libfido2/src/credman.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_credman_get_dev_metadata 1 0 100.00% 3 0 100.00% -fido_credman_get_dev_rk 1 0 100.00% 3 0 100.00% -fido_credman_del_dev_rk 1 0 100.00% 3 0 100.00% -fido_credman_get_dev_rp 1 0 100.00% 3 0 100.00% -fido_credman_set_dev_rk 1 0 100.00% 3 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_credman_get_dev_metadata 1 0 100.00% 4 0 100.00% +fido_credman_get_dev_rk 1 0 100.00% 4 0 100.00% +fido_credman_del_dev_rk 1 0 100.00% 4 0 100.00% +fido_credman_get_dev_rp 1 0 100.00% 4 0 100.00% +fido_credman_set_dev_rk 1 0 100.00% 4 0 100.00% fido_credman_rk_new 1 0 100.00% 3 0 100.00% -fido_credman_rk_free 6 1 83.33% 10 0 100.00% +fido_credman_rk_free 6 1 83.33% 8 0 100.00% fido_credman_rk_count 1 0 100.00% 3 0 100.00% -fido_credman_rk 4 0 100.00% 6 0 100.00% +fido_credman_rk 4 0 100.00% 5 0 100.00% fido_credman_metadata_new 1 0 100.00% 3 0 100.00% -fido_credman_metadata_free 6 1 83.33% 9 0 100.00% +fido_credman_metadata_free 6 1 83.33% 7 0 100.00% fido_credman_rk_existing 1 0 100.00% 3 0 100.00% fido_credman_rk_remaining 1 0 100.00% 3 0 100.00% fido_credman_rp_new 1 0 100.00% 3 0 100.00% -fido_credman_rp_free 6 1 83.33% 10 0 100.00% +fido_credman_rp_free 6 1 83.33% 8 0 100.00% fido_credman_rp_count 1 0 100.00% 3 0 100.00% -fido_credman_rp_id 4 0 100.00% 6 0 100.00% -fido_credman_rp_name 4 0 100.00% 6 0 100.00% -fido_credman_rp_id_hash_len 4 0 100.00% 6 0 100.00% -fido_credman_rp_id_hash_ptr 4 0 100.00% 6 0 100.00% -credman.c:credman_get_metadata_wait 11 0 100.00% 10 0 100.00% -credman.c:credman_tx 36 0 100.00% 60 0 100.00% -credman.c:credman_prepare_hmac 31 1 96.77% 56 2 96.43% -credman.c:credman_rx_metadata 11 0 100.00% 21 0 100.00% -credman.c:credman_parse_metadata 9 0 100.00% 19 0 100.00% -credman.c:credman_get_rk_wait 27 0 100.00% 28 0 100.00% -credman.c:credman_rx_rk 19 0 100.00% 36 0 100.00% -credman.c:credman_parse_rk_count 16 0 100.00% 25 0 100.00% -credman.c:credman_grow_array 17 2 88.24% 28 5 82.14% -credman.c:credman_parse_rk 23 0 100.00% 33 0 100.00% -credman.c:credman_rx_next_rk 15 2 86.67% 26 4 84.62% -credman.c:credman_del_rk_wait 16 0 100.00% 20 0 100.00% -credman.c:credman_get_rp_wait 23 0 100.00% 18 0 100.00% -credman.c:credman_rx_rp 19 0 100.00% 36 0 100.00% -credman.c:credman_parse_rp_count 16 0 100.00% 25 0 100.00% -credman.c:credman_parse_rp 9 0 100.00% 19 0 100.00% -credman.c:credman_rx_next_rp 15 2 86.67% 26 4 84.62% -credman.c:credman_set_dev_rk_wait 11 0 100.00% 10 0 100.00% -credman.c:credman_reset_rk 4 0 100.00% 10 0 100.00% -credman.c:credman_reset_rp 4 0 100.00% 13 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 382 10 97.38% 614 15 97.56% +fido_credman_rp_id 4 0 100.00% 5 0 100.00% +fido_credman_rp_name 4 0 100.00% 5 0 100.00% +fido_credman_rp_id_hash_len 4 0 100.00% 5 0 100.00% +fido_credman_rp_id_hash_ptr 4 0 100.00% 5 0 100.00% +credman.c:credman_get_metadata_wait 11 0 100.00% 8 0 100.00% +credman.c:credman_tx 36 0 100.00% 50 0 100.00% +credman.c:credman_prepare_hmac 31 1 96.77% 50 2 96.00% +credman.c:credman_rx_metadata 11 0 100.00% 17 0 100.00% +credman.c:credman_parse_metadata 9 0 100.00% 17 0 100.00% +credman.c:credman_get_rk_wait 27 0 100.00% 23 0 100.00% +credman.c:credman_rx_rk 19 0 100.00% 27 0 100.00% +credman.c:credman_parse_rk_count 16 0 100.00% 20 0 100.00% +credman.c:credman_grow_array 17 2 88.24% 21 5 76.19% +credman.c:credman_parse_rk 23 0 100.00% 31 0 100.00% +credman.c:credman_rx_next_rk 15 2 86.67% 21 4 80.95% +credman.c:credman_del_rk_wait 16 0 100.00% 15 0 100.00% +credman.c:credman_get_rp_wait 23 0 100.00% 15 0 100.00% +credman.c:credman_rx_rp 19 0 100.00% 27 0 100.00% +credman.c:credman_parse_rp_count 16 0 100.00% 20 0 100.00% +credman.c:credman_parse_rp 9 0 100.00% 17 0 100.00% +credman.c:credman_rx_next_rp 15 2 86.67% 21 4 80.95% +credman.c:credman_set_dev_rk_wait 11 0 100.00% 8 0 100.00% +credman.c:credman_reset_rk 4 0 100.00% 9 0 100.00% +credman.c:credman_reset_rp 4 0 100.00% 12 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 382 10 97.38% 518 15 97.10% File '/libfido2/src/dev.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_dev_register_manifest_func 10 2 80.00% 18 3 83.33% -fido_dev_unregister_manifest_func 7 7 0.00% 13 13 0.00% -fido_dev_info_manifest 22 4 81.82% 28 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_dev_register_manifest_func 10 2 80.00% 14 3 78.57% +fido_dev_unregister_manifest_func 7 7 0.00% 11 11 0.00% +fido_dev_info_manifest 22 4 81.82% 24 0 100.00% fido_dev_open_with_info 5 5 0.00% 6 6 0.00% -fido_dev_open 11 5 54.55% 26 12 53.85% -fido_dev_close 9 2 77.78% 10 0 100.00% -fido_dev_set_sigmask 12 12 0.00% 10 10 0.00% +fido_dev_open 5 1 80.00% 19 12 36.84% +fido_dev_close 9 2 77.78% 8 0 100.00% +fido_dev_set_sigmask 18 18 0.00% 11 11 0.00% fido_dev_cancel 11 0 100.00% 8 0 100.00% -fido_dev_get_touch_begin 50 0 100.00% 68 0 100.00% -fido_dev_get_touch_status 17 0 100.00% 25 0 100.00% -fido_dev_set_io_functions 18 4 77.78% 17 6 64.71% -fido_dev_set_transport_functions 6 2 66.67% 11 3 72.73% -fido_init 8 1 87.50% 6 0 100.00% -fido_dev_new 5 0 100.00% 16 0 100.00% -fido_dev_new_with_info 10 10 0.00% 20 20 0.00% -fido_dev_free 6 0 100.00% 11 0 100.00% +fido_dev_get_touch_begin 50 0 100.00% 59 0 100.00% +fido_dev_get_touch_status 17 0 100.00% 20 0 100.00% +fido_dev_set_io_functions 18 4 77.78% 14 6 57.14% +fido_dev_set_transport_functions 6 2 66.67% 9 3 66.67% +fido_init 8 1 87.50% 5 0 100.00% +fido_dev_new 5 0 100.00% 14 0 100.00% +fido_dev_new_with_info 10 10 0.00% 16 16 0.00% +fido_dev_free 6 0 100.00% 8 0 100.00% fido_dev_protocol 1 0 100.00% 3 0 100.00% fido_dev_major 1 0 100.00% 3 0 100.00% fido_dev_minor 1 0 100.00% 3 0 100.00% @@ -401,135 +406,141 @@ fido_dev_has_uv 2 0 100.00% 3 fido_dev_supports_permissions 2 0 100.00% 3 0 100.00% fido_dev_force_u2f 2 0 100.00% 4 0 100.00% fido_dev_force_fido2 2 2 0.00% 3 3 0.00% -fido_dev_get_pin_protocol 11 0 100.00% 8 0 100.00% +fido_dev_get_pin_protocol 11 0 100.00% 7 0 100.00% fido_dev_maxmsgsize 1 0 100.00% 3 0 100.00% -dev.c:find_manifest_func_node 5 0 100.00% 9 0 100.00% -dev.c:fido_dev_open_wait 10 0 100.00% 9 0 100.00% -dev.c:fido_dev_open_tx 56 15 73.21% 67 26 61.19% +fido_dev_set_timeout 6 2 66.67% 6 1 83.33% +dev.c:find_manifest_func_node 5 0 100.00% 8 0 100.00% +dev.c:fido_dev_open_wait 10 0 100.00% 7 0 100.00% +dev.c:fido_dev_open_tx 56 15 73.21% 56 26 53.57% dev.c:set_random_report_len 11 0 100.00% 6 0 100.00% -dev.c:fido_dev_open_rx 36 1 97.22% 62 1 98.39% +dev.c:fido_dev_open_rx 36 1 97.22% 53 1 98.11% dev.c:fido_dev_set_flags 1 0 100.00% 5 0 100.00% -dev.c:fido_dev_set_extension_flags 7 0 100.00% 8 0 100.00% -dev.c:fido_dev_set_option_flags 29 0 100.00% 19 0 100.00% -dev.c:fido_dev_set_protocol_flags 11 0 100.00% 18 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 414 74 82.13% 556 106 80.94% +dev.c:fido_dev_set_extension_flags 7 0 100.00% 7 0 100.00% +dev.c:fido_dev_set_option_flags 29 0 100.00% 18 0 100.00% +dev.c:fido_dev_set_protocol_flags 11 0 100.00% 17 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 420 78 81.43% 488 102 79.10% File '/libfido2/src/ecdh.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_do_ecdh 29 0 100.00% 40 0 100.00% -ecdh.c:do_ecdh 37 0 100.00% 48 0 100.00% -ecdh.c:kdf 19 1 94.74% 32 2 93.75% -ecdh.c:hkdf_sha256 32 1 96.88% 41 3 92.68% ------------------------------------------------------------------------------------------ -TOTAL 117 2 98.29% 161 5 96.89% +------------------------------------------------------------------------------------------------------------------- +fido_do_ecdh 29 0 100.00% 36 0 100.00% +ecdh.c:do_ecdh 37 0 100.00% 44 0 100.00% +ecdh.c:kdf 19 1 94.74% 28 2 92.86% +ecdh.c:hkdf_sha256 32 1 96.88% 38 3 92.11% +------------------------------------------------------------------------------------------------------------------- +TOTAL 117 2 98.29% 146 5 96.58% File '/libfido2/src/eddsa.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -eddsa_pk_decode 8 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------------------------------- +eddsa_pk_decode 8 0 100.00% 9 0 100.00% eddsa_pk_new 1 0 100.00% 3 0 100.00% -eddsa_pk_free 6 0 100.00% 9 0 100.00% -eddsa_pk_from_ptr 6 0 100.00% 8 0 100.00% -eddsa_pk_to_EVP_PKEY 3 0 100.00% 9 0 100.00% -eddsa_pk_from_EVP_PKEY 14 0 100.00% 12 0 100.00% -eddsa.c:decode_pubkey_point 8 0 100.00% 14 0 100.00% -eddsa.c:decode_coord 8 0 100.00% 12 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 54 0 100.00% 77 0 100.00% +eddsa_pk_free 6 0 100.00% 7 0 100.00% +eddsa_pk_from_ptr 6 0 100.00% 6 0 100.00% +eddsa_pk_to_EVP_PKEY 3 0 100.00% 7 0 100.00% +eddsa_pk_from_EVP_PKEY 14 0 100.00% 10 0 100.00% +eddsa_verify_sig 19 2 89.47% 30 6 80.00% +eddsa_pk_verify_sig 7 1 85.71% 13 2 84.62% +eddsa.c:decode_pubkey_point 8 0 100.00% 11 0 100.00% +eddsa.c:decode_coord 8 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 80 3 96.25% 106 8 92.45% File '/libfido2/src/err.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ +------------------------------------------------------------------------------------------------------------------- fido_strerr 122 10 91.80% 126 10 92.06% ------------------------------------------------------------------------------------------ +------------------------------------------------------------------------------------------------------------------- TOTAL 122 10 91.80% 126 10 92.06% File '/libfido2/src/es256.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -es256_pk_decode 8 0 100.00% 10 0 100.00% -es256_pk_encode 56 0 100.00% 70 0 100.00% +------------------------------------------------------------------------------------------------------------------- +es256_pk_decode 8 0 100.00% 9 0 100.00% +es256_pk_encode 56 0 100.00% 48 0 100.00% es256_sk_new 1 0 100.00% 3 0 100.00% -es256_sk_free 6 0 100.00% 9 0 100.00% +es256_sk_free 6 0 100.00% 7 0 100.00% es256_pk_new 1 0 100.00% 3 0 100.00% -es256_pk_free 6 0 100.00% 9 0 100.00% -es256_pk_from_ptr 11 0 100.00% 13 0 100.00% -es256_pk_set_x 1 0 100.00% 5 0 100.00% -es256_pk_set_y 1 0 100.00% 5 0 100.00% -es256_sk_create 39 0 100.00% 46 0 100.00% -es256_pk_to_EVP_PKEY 42 0 100.00% 66 0 100.00% -es256_pk_from_EC_KEY 38 0 100.00% 43 0 100.00% -es256_sk_to_EVP_PKEY 28 0 100.00% 50 0 100.00% -es256_derive_pk 25 0 100.00% 34 0 100.00% -es256.c:decode_pubkey_point 9 0 100.00% 16 0 100.00% -es256.c:decode_coord 8 0 100.00% 12 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 280 0 100.00% 394 0 100.00% +es256_pk_free 6 0 100.00% 7 0 100.00% +es256_pk_from_ptr 11 0 100.00% 10 0 100.00% +es256_pk_set_x 1 0 100.00% 4 0 100.00% +es256_pk_set_y 1 0 100.00% 4 0 100.00% +es256_sk_create 39 0 100.00% 41 0 100.00% +es256_pk_to_EVP_PKEY 42 0 100.00% 54 0 100.00% +es256_pk_from_EC_KEY 38 0 100.00% 36 0 100.00% +es256_pk_from_EVP_PKEY 7 2 71.43% 7 0 100.00% +es256_sk_to_EVP_PKEY 28 0 100.00% 40 0 100.00% +es256_derive_pk 25 0 100.00% 30 0 100.00% +es256_verify_sig 12 2 83.33% 19 5 73.68% +es256_pk_verify_sig 7 1 85.71% 13 2 84.62% +es256.c:decode_pubkey_point 9 0 100.00% 13 0 100.00% +es256.c:decode_coord 8 0 100.00% 10 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 306 5 98.37% 358 7 98.04% File '/libfido2/src/extern.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ +------------------------------------------------------------------------------------------------------------------- File '/libfido2/src/fido.h': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ +------------------------------------------------------------------------------------------------------------------- File '/libfido2/src/hid.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_hid_get_usage 13 0 100.00% 28 0 100.00% -fido_hid_get_report_len 19 0 100.00% 33 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_hid_get_usage 13 0 100.00% 22 0 100.00% +fido_hid_get_report_len 19 0 100.00% 27 0 100.00% fido_dev_info_new 1 0 100.00% 3 0 100.00% -fido_dev_info_free 9 0 100.00% 18 0 100.00% +fido_dev_info_free 9 0 100.00% 14 0 100.00% fido_dev_info_ptr 1 0 100.00% 3 0 100.00% fido_dev_info_path 1 0 100.00% 3 0 100.00% fido_dev_info_vendor 1 0 100.00% 3 0 100.00% fido_dev_info_product 1 0 100.00% 3 0 100.00% fido_dev_info_manufacturer_string 1 0 100.00% 3 0 100.00% fido_dev_info_product_string 1 0 100.00% 3 0 100.00% -hid.c:get_key_len 6 0 100.00% 14 0 100.00% -hid.c:get_key_val 6 0 100.00% 20 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 60 0 100.00% 134 0 100.00% +hid.c:get_key_len 6 0 100.00% 12 0 100.00% +hid.c:get_key_val 6 0 100.00% 18 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 60 0 100.00% 114 0 100.00% File '/libfido2/src/hid_linux.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_hid_manifest 35 4 88.57% 50 1 98.00% -fido_hid_open 27 27 0.00% 44 44 0.00% -fido_hid_close 3 3 0.00% 8 8 0.00% -fido_hid_set_sigmask 2 2 0.00% 8 8 0.00% -fido_hid_read 15 15 0.00% 26 26 0.00% -fido_hid_write 12 12 0.00% 21 21 0.00% -fido_hid_report_in_len 1 1 0.00% 5 5 0.00% -fido_hid_report_out_len 1 1 0.00% 5 5 0.00% -hid_linux.c:copy_info 34 0 100.00% 53 0 100.00% -hid_linux.c:is_fido 10 2 80.00% 19 2 89.47% -hid_linux.c:get_parent_attr 6 0 100.00% 11 0 100.00% -hid_linux.c:parse_uevent 12 0 100.00% 28 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_hid_manifest 35 4 88.57% 41 1 97.56% +fido_hid_open 27 27 0.00% 40 40 0.00% +fido_hid_close 3 3 0.00% 6 6 0.00% +fido_hid_set_sigmask 2 2 0.00% 6 6 0.00% +fido_hid_read 15 15 0.00% 21 21 0.00% +fido_hid_write 12 12 0.00% 17 17 0.00% +fido_hid_report_in_len 1 1 0.00% 4 4 0.00% +fido_hid_report_out_len 1 1 0.00% 4 4 0.00% +hid_linux.c:copy_info 34 0 100.00% 44 0 100.00% +hid_linux.c:is_fido 10 2 80.00% 14 2 85.71% +hid_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00% +hid_linux.c:parse_uevent 12 0 100.00% 24 0 100.00% hid_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00% -hid_linux.c:get_report_descriptor 14 1 92.86% 22 3 86.36% ------------------------------------------------------------------------------------------ -TOTAL 173 68 60.69% 303 123 59.41% +hid_linux.c:get_report_descriptor 14 1 92.86% 17 3 82.35% +------------------------------------------------------------------------------------------------------------------- +TOTAL 173 68 60.69% 250 104 58.40% File '/libfido2/src/hid_unix.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_hid_unix_open 18 11 38.89% 26 14 46.15% -fido_hid_unix_wait 12 9 25.00% 26 14 46.15% ------------------------------------------------------------------------------------------ -TOTAL 30 20 33.33% 52 28 46.15% +------------------------------------------------------------------------------------------------------------------- +fido_hid_unix_open 18 11 38.89% 22 14 36.36% +fido_hid_unix_wait 10 9 10.00% 21 10 52.38% +------------------------------------------------------------------------------------------------------------------- +TOTAL 28 20 28.57% 43 24 44.19% File '/libfido2/src/info.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_dev_get_cbor_info_wait 10 0 100.00% 9 0 100.00% -fido_dev_get_cbor_info 1 0 100.00% 3 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_dev_get_cbor_info_wait 10 0 100.00% 7 0 100.00% +fido_dev_get_cbor_info 1 0 100.00% 4 0 100.00% fido_cbor_info_new 1 0 100.00% 3 0 100.00% fido_cbor_info_reset 1 0 100.00% 8 0 100.00% -fido_cbor_info_free 6 0 100.00% 9 0 100.00% +fido_cbor_info_free 6 0 100.00% 8 0 100.00% fido_cbor_info_versions_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_versions_len 1 0 100.00% 3 0 100.00% fido_cbor_info_extensions_ptr 1 0 100.00% 3 0 100.00% @@ -549,259 +560,307 @@ fido_cbor_info_fwversion 1 0 100.00% 3 fido_cbor_info_protocols_ptr 1 0 100.00% 3 0 100.00% fido_cbor_info_protocols_len 1 0 100.00% 3 0 100.00% fido_cbor_info_algorithm_count 1 0 100.00% 3 0 100.00% -fido_cbor_info_algorithm_type 4 0 100.00% 6 0 100.00% -fido_cbor_info_algorithm_cose 4 0 100.00% 6 0 100.00% -info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 12 0 100.00% -info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 18 0 100.00% -info.c:parse_reply_element 19 0 100.00% 39 0 100.00% -info.c:decode_string_array 12 0 100.00% 21 0 100.00% -info.c:decode_string 4 0 100.00% 14 0 100.00% -info.c:decode_aaguid 8 0 100.00% 12 0 100.00% -info.c:decode_options 11 0 100.00% 18 0 100.00% -info.c:decode_option 11 0 100.00% 22 0 100.00% -info.c:decode_protocols 12 0 100.00% 21 0 100.00% -info.c:decode_protocol 6 0 100.00% 16 0 100.00% -info.c:decode_algorithms 12 0 100.00% 21 0 100.00% -info.c:decode_algorithm 9 0 100.00% 23 0 100.00% -info.c:decode_algorithm_entry 20 0 100.00% 31 0 100.00% -info.c:free_algo 1 0 100.00% 5 0 100.00% -info.c:free_str_array 4 0 100.00% 8 0 100.00% -info.c:free_opt_array 4 0 100.00% 9 0 100.00% -info.c:free_byte_array 1 0 100.00% 6 0 100.00% -info.c:free_algo_array 4 0 100.00% 8 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 198 0 100.00% 405 0 100.00% +fido_cbor_info_algorithm_type 4 0 100.00% 5 0 100.00% +fido_cbor_info_algorithm_cose 4 0 100.00% 5 0 100.00% +info.c:fido_dev_get_cbor_info_tx 8 0 100.00% 9 0 100.00% +info.c:fido_dev_get_cbor_info_rx 6 0 100.00% 14 0 100.00% +info.c:parse_reply_element 19 0 100.00% 37 0 100.00% +info.c:decode_string_array 12 0 100.00% 17 0 100.00% +info.c:decode_string 4 0 100.00% 10 0 100.00% +info.c:decode_aaguid 8 0 100.00% 10 0 100.00% +info.c:decode_options 11 0 100.00% 15 0 100.00% +info.c:decode_option 11 0 100.00% 17 0 100.00% +info.c:decode_protocols 12 0 100.00% 17 0 100.00% +info.c:decode_protocol 6 0 100.00% 12 0 100.00% +info.c:decode_algorithms 12 0 100.00% 17 0 100.00% +info.c:decode_algorithm 9 0 100.00% 17 0 100.00% +info.c:decode_algorithm_entry 20 0 100.00% 27 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 184 0 100.00% 316 0 100.00% File '/libfido2/src/io.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_tx 13 0 100.00% 13 0 100.00% -fido_rx 13 1 92.31% 17 3 82.35% -fido_rx_cbor_status 8 0 100.00% 12 0 100.00% -io.c:tx_empty 9 0 100.00% 17 0 100.00% -io.c:tx 13 0 100.00% 21 0 100.00% -io.c:tx_preamble 16 1 93.75% 24 1 95.83% -io.c:tx_frame 15 1 93.33% 22 1 95.45% -io.c:rx 40 2 95.00% 65 1 98.46% -io.c:rx_preamble 23 2 91.30% 26 5 80.77% -io.c:rx_frame 8 0 100.00% 11 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 158 7 95.57% 228 11 95.18% +------------------------------------------------------------------------------------------------------------------- +fido_tx 13 0 100.00% 11 0 100.00% +fido_rx 13 1 92.31% 14 3 78.57% +fido_rx_cbor_status 8 0 100.00% 10 0 100.00% +io.c:transport_tx 7 0 100.00% 10 0 100.00% +io.c:tx_empty 9 0 100.00% 14 0 100.00% +io.c:tx_pkt 7 0 100.00% 10 0 100.00% +io.c:tx 13 0 100.00% 19 0 100.00% +io.c:tx_preamble 16 1 93.75% 20 1 95.00% +io.c:tx_frame 15 1 93.33% 18 1 94.44% +io.c:transport_rx 7 0 100.00% 10 0 100.00% +io.c:rx 40 2 95.00% 52 1 98.08% +io.c:rx_preamble 23 2 91.30% 22 5 77.27% +io.c:rx_frame 11 0 100.00% 11 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 182 7 96.15% 221 11 95.02% File '/libfido2/src/iso7816.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -iso7816_new 4 0 100.00% 18 0 100.00% -iso7816_free 6 0 100.00% 8 0 100.00% -iso7816_add 6 1 83.33% 9 0 100.00% +------------------------------------------------------------------------------------------------------------------- +iso7816_new 4 0 100.00% 16 0 100.00% +iso7816_free 6 0 100.00% 7 0 100.00% +iso7816_add 6 1 83.33% 8 0 100.00% iso7816_ptr 1 0 100.00% 3 0 100.00% iso7816_len 1 0 100.00% 4 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 18 1 94.44% 42 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 18 1 94.44% 38 0 100.00% File '/libfido2/src/largeblob.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_dev_largeblob_get 26 2 92.31% 41 4 90.24% -fido_dev_largeblob_set 27 0 100.00% 39 0 100.00% -fido_dev_largeblob_remove 12 0 100.00% 21 0 100.00% -fido_dev_largeblob_get_array 15 2 86.67% 30 4 86.67% -fido_dev_largeblob_set_array 14 0 100.00% 21 0 100.00% -largeblob.c:largeblob_get_array 32 0 100.00% 39 0 100.00% -largeblob.c:get_chunklen 9 1 88.89% 11 0 100.00% -largeblob.c:largeblob_get_tx 19 0 100.00% 28 0 100.00% -largeblob.c:largeblob_get_rx 15 0 100.00% 23 0 100.00% -largeblob.c:parse_largeblob_reply 8 0 100.00% 10 0 100.00% -largeblob.c:largeblob_array_check 7 0 100.00% 18 0 100.00% -largeblob.c:largeblob_array_digest 10 0 100.00% 11 0 100.00% -largeblob.c:largeblob_array_load 14 2 85.71% 21 7 66.67% -largeblob.c:largeblob_array_lookup 25 0 100.00% 36 0 100.00% -largeblob.c:largeblob_decode 16 2 87.50% 17 6 64.71% -largeblob.c:largeblob_do_decode 27 3 88.89% 32 5 84.38% -largeblob.c:largeblob_decrypt 15 0 100.00% 28 0 100.00% -largeblob.c:largeblob_aad 1 0 100.00% 12 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_dev_largeblob_get 26 2 92.31% 38 4 89.47% +fido_dev_largeblob_set 27 2 92.59% 36 4 88.89% +fido_dev_largeblob_remove 12 0 100.00% 18 0 100.00% +fido_dev_largeblob_get_array 15 2 86.67% 27 4 85.19% +fido_dev_largeblob_set_array 14 0 100.00% 19 0 100.00% +largeblob.c:largeblob_get_array 32 0 100.00% 36 0 100.00% +largeblob.c:get_chunklen 9 1 88.89% 9 0 100.00% +largeblob.c:largeblob_get_tx 19 0 100.00% 24 0 100.00% +largeblob.c:largeblob_get_rx 15 0 100.00% 21 0 100.00% +largeblob.c:parse_largeblob_reply 8 0 100.00% 9 0 100.00% +largeblob.c:largeblob_array_check 7 0 100.00% 16 0 100.00% +largeblob.c:largeblob_array_digest 10 0 100.00% 9 0 100.00% +largeblob.c:largeblob_array_load 14 2 85.71% 19 7 63.16% +largeblob.c:largeblob_array_lookup 25 0 100.00% 33 0 100.00% +largeblob.c:largeblob_decode 16 2 87.50% 16 6 62.50% +largeblob.c:largeblob_do_decode 27 3 88.89% 30 5 83.33% +largeblob.c:largeblob_decrypt 15 0 100.00% 24 0 100.00% +largeblob.c:largeblob_aad 1 0 100.00% 10 0 100.00% largeblob.c:largeblob_reset 1 0 100.00% 5 0 100.00% -largeblob.c:largeblob_encode 16 0 100.00% 23 0 100.00% +largeblob.c:largeblob_encode 16 0 100.00% 21 0 100.00% largeblob.c:largeblob_new 1 0 100.00% 3 0 100.00% -largeblob.c:largeblob_seal 20 0 100.00% 35 0 100.00% -largeblob.c:largeblob_get_nonce 8 1 87.50% 19 3 84.21% -largeblob.c:largeblob_free 6 0 100.00% 9 0 100.00% -largeblob.c:largeblob_add 27 2 92.59% 40 3 92.50% -largeblob.c:largeblob_drop 21 0 100.00% 30 0 100.00% -largeblob.c:largeblob_set_array 54 2 96.30% 64 4 93.75% -largeblob.c:largeblob_get_uv_token 19 0 100.00% 27 0 100.00% -largeblob.c:largeblob_set_tx 35 0 100.00% 40 0 100.00% -largeblob.c:prepare_hmac 13 2 84.62% 26 7 73.08% ------------------------------------------------------------------------------------------ -TOTAL 513 19 96.30% 759 43 94.33% +largeblob.c:largeblob_seal 20 0 100.00% 32 0 100.00% +largeblob.c:largeblob_get_nonce 8 1 87.50% 16 3 81.25% +largeblob.c:largeblob_free 6 0 100.00% 8 0 100.00% +largeblob.c:largeblob_add 27 2 92.59% 35 3 91.43% +largeblob.c:largeblob_drop 21 0 100.00% 27 0 100.00% +largeblob.c:largeblob_set_array 54 2 96.30% 61 4 93.44% +largeblob.c:largeblob_get_uv_token 19 0 100.00% 23 0 100.00% +largeblob.c:largeblob_set_tx 35 0 100.00% 36 0 100.00% +largeblob.c:prepare_hmac 13 2 84.62% 23 7 69.57% +------------------------------------------------------------------------------------------------------------------- +TOTAL 513 21 95.91% 684 47 93.13% File '/libfido2/src/log.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ +------------------------------------------------------------------------------------------------------------------- fido_log_init 1 0 100.00% 4 0 100.00% -fido_log_debug 6 1 83.33% 10 0 100.00% -fido_log_xxd 16 1 93.75% 27 0 100.00% -fido_log_error 8 2 75.00% 13 1 92.31% +fido_log_debug 6 1 83.33% 8 0 100.00% +fido_log_xxd 16 1 93.75% 24 0 100.00% +fido_log_error 8 2 75.00% 11 1 90.91% fido_set_log_handler 3 0 100.00% 4 0 100.00% log.c:log_on_stderr 1 1 0.00% 3 3 0.00% -log.c:do_log 4 0 100.00% 12 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 39 5 87.18% 73 4 94.52% +log.c:do_log 4 0 100.00% 9 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 39 5 87.18% 63 4 93.65% File '/libfido2/src/netlink.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_nl_power_nfc 18 1 94.44% 26 3 88.46% -fido_nl_get_nfc_target 16 1 93.75% 33 3 90.91% -fido_nl_free 10 2 80.00% 11 1 90.91% -fido_nl_new 16 2 87.50% 29 6 79.31% +------------------------------------------------------------------------------------------------------------------- +fido_nl_power_nfc 18 1 94.44% 24 3 87.50% +fido_nl_get_nfc_target 17 1 94.12% 31 3 90.32% +fido_nl_free 10 2 80.00% 9 1 88.89% +fido_nl_new 16 1 93.75% 26 3 88.46% set_netlink_io_functions 1 0 100.00% 4 0 100.00% -netlink.c:nlmsg_new 8 0 100.00% 18 0 100.00% -netlink.c:nlmsg_set_genl 1 0 100.00% 9 0 100.00% -netlink.c:nlmsg_write 6 1 83.33% 9 1 88.89% +netlink.c:nlmsg_new 8 0 100.00% 15 0 100.00% +netlink.c:nlmsg_set_genl 1 0 100.00% 7 0 100.00% +netlink.c:nlmsg_write 6 1 83.33% 7 1 85.71% netlink.c:nlmsg_set_u32 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_setattr 14 1 92.86% 21 0 100.00% -netlink.c:nlmsg_tx 10 1 90.00% 15 3 80.00% +netlink.c:nlmsg_setattr 14 1 92.86% 17 0 100.00% +netlink.c:nlmsg_tx 10 1 90.00% 13 3 76.92% netlink.c:nlmsg_ptr 1 0 100.00% 3 0 100.00% netlink.c:nlmsg_len 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_rx 11 3 72.73% 19 9 52.63% -netlink.c:nl_parse_reply 20 0 100.00% 30 0 100.00% -netlink.c:nlmsg_from_buf 15 0 100.00% 22 0 100.00% +netlink.c:nlmsg_rx 11 3 72.73% 17 9 47.06% +netlink.c:nl_parse_reply 20 0 100.00% 28 0 100.00% +netlink.c:nlmsg_from_buf 15 0 100.00% 17 0 100.00% netlink.c:nlmsg_type 1 0 100.00% 3 0 100.00% -netlink.c:nlmsg_get_status 8 0 100.00% 10 0 100.00% -netlink.c:nlmsg_read 6 0 100.00% 9 0 100.00% -netlink.c:nlmsg_get_genl 6 0 100.00% 10 0 100.00% -netlink.c:nlmsg_iter 6 0 100.00% 15 0 100.00% +netlink.c:nlmsg_get_status 8 0 100.00% 8 0 100.00% +netlink.c:nlmsg_read 6 0 100.00% 7 0 100.00% +netlink.c:nlmsg_get_genl 6 0 100.00% 7 0 100.00% +netlink.c:nlmsg_iter 6 0 100.00% 13 0 100.00% netlink.c:nlmsg_getattr 1 0 100.00% 3 0 100.00% -netlink.c:nla_from_buf 17 0 100.00% 26 0 100.00% -netlink.c:nl_nfc_poll 18 1 94.44% 27 3 88.89% -netlink.c:parse_nfc_event 10 0 100.00% 19 0 100.00% +netlink.c:nla_from_buf 17 0 100.00% 21 0 100.00% +netlink.c:nl_nfc_poll 18 1 94.44% 25 3 88.00% +netlink.c:parse_nfc_event 10 0 100.00% 17 0 100.00% netlink.c:nla_type 1 0 100.00% 3 0 100.00% netlink.c:nla_get_u32 1 0 100.00% 3 0 100.00% -netlink.c:nla_read 6 0 100.00% 9 0 100.00% -netlink.c:nl_dump_nfc_target 19 1 94.74% 33 3 90.91% -netlink.c:parse_target 9 0 100.00% 15 0 100.00% -netlink.c:nl_get_nfc_family 23 1 95.65% 35 3 91.43% +netlink.c:nla_read 6 0 100.00% 7 0 100.00% +netlink.c:nl_dump_nfc_target 19 1 94.74% 31 3 90.32% +netlink.c:parse_target 9 0 100.00% 13 0 100.00% +netlink.c:nl_get_nfc_family 23 1 95.65% 33 3 90.91% netlink.c:nlmsg_set_u16 1 0 100.00% 3 0 100.00% netlink.c:nlmsg_set_str 1 0 100.00% 3 0 100.00% -netlink.c:parse_family 10 0 100.00% 20 0 100.00% +netlink.c:parse_family 10 0 100.00% 17 0 100.00% netlink.c:nla_get_u16 1 0 100.00% 3 0 100.00% -netlink.c:nla_iter 6 0 100.00% 15 0 100.00% +netlink.c:nla_iter 6 0 100.00% 13 0 100.00% netlink.c:nla_getattr 1 0 100.00% 3 0 100.00% netlink.c:parse_mcastgrps 1 0 100.00% 3 0 100.00% -netlink.c:parse_mcastgrp 15 0 100.00% 27 0 100.00% -netlink.c:nla_get_str 10 0 100.00% 13 0 100.00% ------------------------------------------------------------------------------------------ -TOTAL 327 15 95.41% 565 35 93.81% +netlink.c:parse_mcastgrp 15 0 100.00% 24 0 100.00% +netlink.c:nla_get_str 10 0 100.00% 11 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 328 14 95.73% 498 32 93.57% File '/libfido2/src/nfc_linux.c': Name Regions Miss Cover Lines Miss Cover ------------------------------------------------------------------------------------------ -fido_nfc_tx 28 0 100.00% 48 0 100.00% +------------------------------------------------------------------------------------------------------------------- +fido_nfc_tx 28 0 100.00% 43 0 100.00% fido_nfc_rx 8 1 87.50% 13 3 76.92% -fido_nfc_manifest 35 2 94.29% 54 0 100.00% -fido_nfc_open 14 14 0.00% 21 21 0.00% -fido_nfc_close 1 1 0.00% 5 5 0.00% -fido_nfc_set_sigmask 2 2 0.00% 8 8 0.00% -fido_nfc_read 14 14 0.00% 34 34 0.00% -fido_nfc_write 12 12 0.00% 21 21 0.00% -nfc_linux.c:nfc_do_tx 20 2 90.00% 30 6 80.00% -nfc_linux.c:tx_short_apdu 14 0 100.00% 37 0 100.00% -nfc_linux.c:rx_init 25 6 76.00% 34 5 85.29% -nfc_linux.c:rx_cbor 4 0 100.00% 8 0 100.00% -nfc_linux.c:rx_msg 18 2 88.89% 28 6 78.57% -nfc_linux.c:rx_apdu 8 1 87.50% 22 3 86.36% -nfc_linux.c:tx_get_response 4 0 100.00% 14 0 100.00% -nfc_linux.c:copy_info 30 6 80.00% 42 0 100.00% +fido_nfc_manifest 35 5 85.71% 45 13 71.11% +fido_nfc_open 20 3 85.00% 23 5 78.26% +fido_nfc_close 1 1 0.00% 4 4 0.00% +fido_nfc_set_sigmask 2 2 0.00% 6 6 0.00% +fido_nfc_read 14 14 0.00% 30 30 0.00% +fido_nfc_write 12 12 0.00% 18 18 0.00% +nfc_linux.c:nfc_do_tx 20 2 90.00% 25 6 76.00% +nfc_linux.c:tx_short_apdu 14 0 100.00% 32 0 100.00% +nfc_linux.c:rx_init 25 6 76.00% 27 5 81.48% +nfc_linux.c:rx_cbor 4 0 100.00% 6 0 100.00% +nfc_linux.c:rx_msg 18 2 88.89% 23 6 73.91% +nfc_linux.c:rx_apdu 14 1 92.86% 22 3 86.36% +nfc_linux.c:tx_get_response 4 0 100.00% 11 0 100.00% +nfc_linux.c:copy_info 41 9 78.05% 44 3 93.18% nfc_linux.c:get_usb_attr 1 0 100.00% 3 0 100.00% -nfc_linux.c:get_parent_attr 6 0 100.00% 11 0 100.00% -nfc_linux.c:to_int 21 21 0.00% 16 16 0.00% -nfc_linux.c:sysnum_from_syspath 12 12 0.00% 20 20 0.00% -nfc_linux.c:nfc_new 6 6 0.00% 14 14 0.00% -nfc_linux.c:nfc_target_connect 9 9 0.00% 24 24 0.00% -nfc_linux.c:nfc_free 12 12 0.00% 13 13 0.00% ------------------------------------------------------------------------------------------ -TOTAL 304 123 59.54% 520 199 61.73% +nfc_linux.c:get_parent_attr 6 0 100.00% 9 0 100.00% +nfc_linux.c:to_int 21 6 71.43% 14 1 92.86% +nfc_linux.c:sysnum_from_syspath 12 0 100.00% 17 0 100.00% +nfc_linux.c:nfc_new 6 0 100.00% 11 0 100.00% +nfc_linux.c:nfc_target_connect 9 9 0.00% 21 21 0.00% +nfc_linux.c:nfc_free 12 0 100.00% 11 0 100.00% +------------------------------------------------------------------------------------------------------------------- +TOTAL 327 73 77.68% 458 124 72.93% File '/libfido2/src/pin.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------- -fido_sha256 7 0 100.00% 13 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +fido_sha256 7 0 100.00% 10 0 100.00% fido_dev_get_uv_token 1 0 100.00% 3 0 100.00% -fido_dev_set_pin 1 0 100.00% 3 0 100.00% -fido_dev_get_retry_count 1 0 100.00% 3 0 100.00% -fido_dev_get_uv_retry_count 1 0 100.00% 3 0 100.00% -cbor_add_uv_params 17 0 100.00% 28 0 100.00% -pin.c:uv_token_wait 14 2 85.71% 14 0 100.00% -pin.c:ctap21_uv_token_tx 49 0 100.00% 59 0 100.00% -pin.c:pin_sha256_enc 19 0 100.00% 30 0 100.00% +fido_dev_set_pin 1 0 100.00% 4 0 100.00% +fido_dev_get_retry_count 1 0 100.00% 4 0 100.00% +fido_dev_get_uv_retry_count 1 0 100.00% 4 0 100.00% +cbor_add_uv_params 17 0 100.00% 23 0 100.00% +pin.c:uv_token_wait 14 2 85.71% 12 0 100.00% +pin.c:ctap21_uv_token_tx 49 0 100.00% 53 0 100.00% +pin.c:pin_sha256_enc 19 0 100.00% 24 0 100.00% pin.c:encode_uv_permission 20 1 95.00% 19 3 84.21% -pin.c:ctap20_uv_token_tx 37 0 100.00% 53 0 100.00% -pin.c:uv_token_rx 20 0 100.00% 36 0 100.00% -pin.c:parse_uv_token 8 0 100.00% 12 0 100.00% -pin.c:fido_dev_set_pin_wait 21 0 100.00% 27 0 100.00% -pin.c:fido_dev_change_pin_tx 45 0 100.00% 68 0 100.00% -pin.c:pin_pad64_enc 15 0 100.00% 26 0 100.00% -pin.c:pad64 18 0 100.00% 24 0 100.00% -pin.c:fido_dev_set_pin_tx 33 0 100.00% 48 0 100.00% -pin.c:fido_dev_get_pin_retry_count_wait 10 0 100.00% 9 0 100.00% -pin.c:fido_dev_get_retry_count_tx 19 0 100.00% 28 0 100.00% -pin.c:fido_dev_get_pin_retry_count_rx 11 0 100.00% 21 0 100.00% +pin.c:ctap20_uv_token_tx 37 0 100.00% 45 0 100.00% +pin.c:uv_token_rx 20 0 100.00% 30 0 100.00% +pin.c:parse_uv_token 8 0 100.00% 10 0 100.00% +pin.c:fido_dev_set_pin_wait 21 0 100.00% 24 0 100.00% +pin.c:fido_dev_change_pin_tx 45 0 100.00% 56 0 100.00% +pin.c:pin_pad64_enc 15 0 100.00% 21 0 100.00% +pin.c:pad64 18 0 100.00% 19 0 100.00% +pin.c:fido_dev_set_pin_tx 33 0 100.00% 41 0 100.00% +pin.c:fido_dev_get_pin_retry_count_wait 10 0 100.00% 7 0 100.00% +pin.c:fido_dev_get_retry_count_tx 19 0 100.00% 23 0 100.00% +pin.c:fido_dev_get_pin_retry_count_rx 11 0 100.00% 17 0 100.00% pin.c:parse_pin_retry_count 1 0 100.00% 3 0 100.00% -pin.c:parse_retry_count 13 0 100.00% 20 0 100.00% -pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 9 0 100.00% -pin.c:fido_dev_get_uv_retry_count_rx 11 0 100.00% 21 0 100.00% +pin.c:parse_retry_count 13 0 100.00% 16 0 100.00% +pin.c:fido_dev_get_uv_retry_count_wait 10 0 100.00% 7 0 100.00% +pin.c:fido_dev_get_uv_retry_count_rx 11 0 100.00% 17 0 100.00% pin.c:parse_uv_retry_count 1 0 100.00% 3 0 100.00% -------------------------------------------------------------------------------------------- -TOTAL 403 3 99.26% 583 3 99.49% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 403 3 99.26% 495 3 99.39% File '/libfido2/src/random.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------- -fido_get_random 6 1 83.33% 8 1 87.50% -------------------------------------------------------------------------------------------- -TOTAL 6 1 83.33% 8 1 87.50% +--------------------------------------------------------------------------------------------------------------------- +fido_get_random 6 1 83.33% 6 1 83.33% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 6 1 83.33% 6 1 83.33% File '/libfido2/src/reset.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------- -fido_dev_reset 1 0 100.00% 3 0 100.00% -reset.c:fido_dev_reset_wait 15 0 100.00% 14 0 100.00% -reset.c:fido_dev_reset_tx 8 0 100.00% 10 0 100.00% -------------------------------------------------------------------------------------------- -TOTAL 24 0 100.00% 27 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +fido_dev_reset 1 0 100.00% 4 0 100.00% +reset.c:fido_dev_reset_wait 15 0 100.00% 11 0 100.00% +reset.c:fido_dev_reset_tx 8 0 100.00% 8 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 24 0 100.00% 23 0 100.00% + +File '/libfido2/src/rs1.c': +Name Regions Miss Cover Lines Miss Cover +--------------------------------------------------------------------------------------------------------------------- +rs1_verify_sig 20 1 95.00% 30 3 90.00% +rs1.c:rs1_get_EVP_MD 4 0 100.00% 6 0 100.00% +rs1.c:rs1_free_EVP_MD 1 0 100.00% 3 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 25 1 96.00% 39 3 92.31% File '/libfido2/src/rs256.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------- -rs256_pk_decode 8 0 100.00% 10 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +rs256_pk_decode 8 0 100.00% 9 0 100.00% rs256_pk_new 1 0 100.00% 3 0 100.00% -rs256_pk_free 6 0 100.00% 9 0 100.00% -rs256_pk_from_ptr 6 0 100.00% 8 0 100.00% -rs256_pk_to_EVP_PKEY 32 0 100.00% 48 0 100.00% -rs256_pk_from_RSA 32 4 87.50% 32 6 81.25% -rs256.c:decode_rsa_pubkey 9 0 100.00% 16 0 100.00% -rs256.c:decode_bignum 8 0 100.00% 12 0 100.00% -------------------------------------------------------------------------------------------- -TOTAL 102 4 96.08% 138 6 95.65% +rs256_pk_free 6 0 100.00% 7 0 100.00% +rs256_pk_from_ptr 6 0 100.00% 6 0 100.00% +rs256_pk_to_EVP_PKEY 32 0 100.00% 39 0 100.00% +rs256_pk_from_RSA 32 4 87.50% 26 6 76.92% +rs256_pk_from_EVP_PKEY 7 2 71.43% 7 0 100.00% +rs256_verify_sig 20 1 95.00% 30 2 93.33% +rs256_pk_verify_sig 7 1 85.71% 13 2 84.62% +rs256.c:decode_rsa_pubkey 9 0 100.00% 13 0 100.00% +rs256.c:decode_bignum 8 0 100.00% 10 0 100.00% +rs256.c:rs256_get_EVP_MD 4 0 100.00% 6 0 100.00% +rs256.c:rs256_free_EVP_MD 1 0 100.00% 3 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 141 8 94.33% 172 10 94.19% + +File '/libfido2/src/time.c': +Name Regions Miss Cover Lines Miss Cover +--------------------------------------------------------------------------------------------------------------------- +fido_time_now 4 0 100.00% 7 0 100.00% +fido_time_delta 23 1 95.65% 23 0 100.00% +time.c:timespec_to_ms 16 2 87.50% 13 1 92.31% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 43 3 93.02% 43 1 97.67% + +File '/libfido2/src/tpm.c': +Name Regions Miss Cover Lines Miss Cover +--------------------------------------------------------------------------------------------------------------------- +fido_get_signed_hash_tpm 20 0 100.00% 25 0 100.00% +tpm.c:check_rsa2048_pubarea 16 0 100.00% 28 0 100.00% +tpm.c:bswap_rsa2048_pubarea 1 0 100.00% 10 0 100.00% +tpm.c:check_sha1_certinfo 14 0 100.00% 38 0 100.00% +tpm.c:get_signed_sha1 17 0 100.00% 19 0 100.00% +tpm.c:get_signed_name 7 0 100.00% 10 0 100.00% +tpm.c:bswap_sha1_certinfo 1 0 100.00% 8 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 76 0 100.00% 138 0 100.00% + +File '/libfido2/src/types.c': +Name Regions Miss Cover Lines Miss Cover +--------------------------------------------------------------------------------------------------------------------- +fido_str_array_free 4 0 100.00% 7 0 100.00% +fido_opt_array_free 4 0 100.00% 8 0 100.00% +fido_byte_array_free 1 0 100.00% 5 0 100.00% +fido_algo_free 1 0 100.00% 5 0 100.00% +fido_algo_array_free 4 0 100.00% 7 0 100.00% +fido_str_array_pack 11 0 100.00% 14 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 25 0 100.00% 46 0 100.00% File '/libfido2/src/u2f.c': Name Regions Miss Cover Lines Miss Cover -------------------------------------------------------------------------------------------- -u2f_register 70 1 98.57% 88 0 100.00% -u2f_authenticate 32 0 100.00% 44 0 100.00% -u2f_get_touch_begin 30 0 100.00% 46 0 100.00% -u2f_get_touch_status 18 0 100.00% 29 0 100.00% -u2f.c:key_lookup 44 0 100.00% 69 0 100.00% -u2f.c:send_dummy_register 31 1 96.77% 49 0 100.00% -u2f.c:parse_register_reply 49 0 100.00% 71 0 100.00% -u2f.c:x5c_get 21 1 95.24% 34 3 91.18% -u2f.c:sig_get 6 0 100.00% 11 0 100.00% -u2f.c:encode_cred_authdata 33 2 93.94% 76 6 92.11% -u2f.c:cbor_blob_from_ec_point 22 0 100.00% 39 0 100.00% -u2f.c:u2f_authenticate_single 32 0 100.00% 52 0 100.00% -u2f.c:do_auth 50 1 98.00% 71 0 100.00% -u2f.c:parse_auth_reply 23 0 100.00% 29 0 100.00% -u2f.c:authdata_fake 12 0 100.00% 34 0 100.00% -------------------------------------------------------------------------------------------- -TOTAL 473 6 98.73% 742 9 98.79% +--------------------------------------------------------------------------------------------------------------------- +u2f_register 69 0 100.00% 75 0 100.00% +u2f_authenticate 32 0 100.00% 36 0 100.00% +u2f_get_touch_begin 30 0 100.00% 39 0 100.00% +u2f_get_touch_status 18 0 100.00% 26 0 100.00% +u2f.c:key_lookup 44 0 100.00% 59 0 100.00% +u2f.c:send_dummy_register 30 0 100.00% 39 0 100.00% +u2f.c:delay_ms 13 1 92.31% 15 3 80.00% +u2f.c:parse_register_reply 49 0 100.00% 62 0 100.00% +u2f.c:x5c_get 21 1 95.24% 26 3 88.46% +u2f.c:sig_get 6 0 100.00% 10 0 100.00% +u2f.c:encode_cred_attstmt 45 0 100.00% 52 0 100.00% +u2f.c:encode_cred_authdata 33 2 93.94% 61 6 90.16% +u2f.c:cbor_blob_from_ec_point 22 0 100.00% 31 0 100.00% +u2f.c:u2f_authenticate_single 32 0 100.00% 43 0 100.00% +u2f.c:do_auth 49 0 100.00% 61 0 100.00% +u2f.c:parse_auth_reply 23 0 100.00% 23 0 100.00% +u2f.c:authdata_fake 12 0 100.00% 27 0 100.00% +--------------------------------------------------------------------------------------------------------------------- +TOTAL 528 4 99.24% 685 12 98.25% diff --git a/fuzz/fuzz_assert.c b/fuzz/fuzz_assert.c index 1ecbde38bd0a..4331148b5e06 100644 --- a/fuzz/fuzz_assert.c +++ b/fuzz/fuzz_assert.c @@ -255,6 +255,7 @@ verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len, int ext, void *pk) { fido_assert_t *assert = NULL; + int r; if ((assert = fido_assert_new()) == NULL) return; @@ -285,33 +286,52 @@ verify_assert(int type, const unsigned char *cdh_ptr, size_t cdh_len, } fido_assert_set_sig(assert, 0, sig_ptr, sig_len); - assert(fido_assert_verify(assert, 0, type, pk) != FIDO_OK); + r = fido_assert_verify(assert, 0, type, pk); + consume(&r, sizeof(r)); fido_assert_free(&assert); } /* - * Do a dummy conversion to exercise rs256_pk_from_RSA(). + * Do a dummy conversion to exercise es256_pk_from_EVP_PKEY(). + */ +static void +es256_convert(const es256_pk_t *k) +{ + EVP_PKEY *pkey = NULL; + es256_pk_t *pk = NULL; + int r; + + if ((pkey = es256_pk_to_EVP_PKEY(k)) == NULL || + (pk = es256_pk_new()) == NULL) + goto out; + + r = es256_pk_from_EVP_PKEY(pk, pkey); + consume(&r, sizeof(r)); +out: + es256_pk_free(&pk); + EVP_PKEY_free(pkey); +} + +/* + * Do a dummy conversion to exercise rs256_pk_from_EVP_PKEY(). */ static void rs256_convert(const rs256_pk_t *k) { EVP_PKEY *pkey = NULL; rs256_pk_t *pk = NULL; - RSA *rsa = NULL; - volatile int r; + int r; if ((pkey = rs256_pk_to_EVP_PKEY(k)) == NULL || - (pk = rs256_pk_new()) == NULL || - (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) + (pk = rs256_pk_new()) == NULL) goto out; - r = rs256_pk_from_RSA(pk, rsa); + r = rs256_pk_from_EVP_PKEY(pk, pkey); + consume(&r, sizeof(r)); out: - if (pk) - rs256_pk_free(&pk); - if (pkey) - EVP_PKEY_free(pkey); + rs256_pk_free(&pk); + EVP_PKEY_free(pkey); } /* @@ -322,13 +342,14 @@ eddsa_convert(const eddsa_pk_t *k) { EVP_PKEY *pkey = NULL; eddsa_pk_t *pk = NULL; - volatile int r; + int r; if ((pkey = eddsa_pk_to_EVP_PKEY(k)) == NULL || (pk = eddsa_pk_new()) == NULL) goto out; r = eddsa_pk_from_EVP_PKEY(pk, pkey); + consume(&r, sizeof(r)); out: if (pk) eddsa_pk_free(&pk); @@ -349,6 +370,7 @@ test(const struct param *p) void *pk; prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); @@ -362,6 +384,8 @@ test(const struct param *p) es256_pk_from_ptr(es256_pk, p->es256.body, p->es256.len); pk = es256_pk; + es256_convert(pk); + break; case 1: cose_alg = COSE_RS256; diff --git a/fuzz/fuzz_bio.c b/fuzz/fuzz_bio.c index ed3deec93693..49a50932a543 100644 --- a/fuzz/fuzz_bio.c +++ b/fuzz/fuzz_bio.c @@ -408,6 +408,7 @@ void test(const struct param *p) { prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); diff --git a/fuzz/fuzz_cred.c b/fuzz/fuzz_cred.c index 004852d3451a..d7b630224054 100644 --- a/fuzz/fuzz_cred.c +++ b/fuzz/fuzz_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019 Yubico AB. All rights reserved. + * Copyright (c) 2019-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -231,12 +231,15 @@ make_cred(fido_cred_t *cred, uint8_t opt, int type, const struct blob *cdh, fido_cred_set_rp(cred, rp_id, rp_name); fido_cred_set_user(cred, user_id->body, user_id->len, user_name, user_nick, user_icon); + if (ext & FIDO_EXT_HMAC_SECRET) fido_cred_set_extensions(cred, FIDO_EXT_HMAC_SECRET); if (ext & FIDO_EXT_CRED_BLOB) fido_cred_set_blob(cred, user_id->body, user_id->len); if (ext & FIDO_EXT_LARGEBLOB_KEY) fido_cred_set_extensions(cred, FIDO_EXT_LARGEBLOB_KEY); + if (ext & FIDO_EXT_MINPINLEN) + fido_cred_set_pin_minlen(cred, strlen(pin)); if (rk & 1) fido_cred_set_rk(cred, FIDO_OPT_TRUE); @@ -268,11 +271,13 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, size_t authdata_len, const unsigned char *authdata_raw_ptr, size_t authdata_raw_len, int ext, uint8_t rk, uint8_t uv, const unsigned char *x5c_ptr, size_t x5c_len, const unsigned char *sig_ptr, - size_t sig_len, const char *fmt, int prot) + size_t sig_len, const unsigned char *attstmt_ptr, size_t attstmt_len, + const char *fmt, int prot, size_t minpinlen) { fido_cred_t *cred; uint8_t flags; uint32_t sigcount; + int r; if ((cred = fido_cred_new()) == NULL) return; @@ -282,13 +287,19 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, fido_cred_set_rp(cred, rp_id, rp_name); consume(authdata_ptr, authdata_len); consume(authdata_raw_ptr, authdata_raw_len); + consume(x5c_ptr, x5c_len); + consume(sig_ptr, sig_len); + consume(attstmt_ptr, attstmt_len); if (fido_cred_set_authdata(cred, authdata_ptr, authdata_len) != FIDO_OK) fido_cred_set_authdata_raw(cred, authdata_raw_ptr, authdata_raw_len); fido_cred_set_extensions(cred, ext); - fido_cred_set_x509(cred, x5c_ptr, x5c_len); - fido_cred_set_sig(cred, sig_ptr, sig_len); + if (fido_cred_set_attstmt(cred, attstmt_ptr, attstmt_len) != FIDO_OK) { + fido_cred_set_x509(cred, x5c_ptr, x5c_len); + fido_cred_set_sig(cred, sig_ptr, sig_len); + } fido_cred_set_prot(cred, prot); + fido_cred_set_pin_minlen(cred, minpinlen); if (rk & 1) fido_cred_set_rk(cred, FIDO_OPT_TRUE); @@ -299,12 +310,19 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, /* repeat memory operations to trigger reallocation paths */ if (fido_cred_set_authdata(cred, authdata_ptr, authdata_len) != FIDO_OK) - fido_cred_set_authdata_raw(cred, authdata_ptr, authdata_len); + fido_cred_set_authdata_raw(cred, authdata_raw_ptr, + authdata_raw_len); + if (fido_cred_set_attstmt(cred, attstmt_ptr, attstmt_len) != FIDO_OK) { + fido_cred_set_x509(cred, x5c_ptr, x5c_len); + fido_cred_set_sig(cred, sig_ptr, sig_len); + } fido_cred_set_x509(cred, x5c_ptr, x5c_len); fido_cred_set_sig(cred, sig_ptr, sig_len); - assert(fido_cred_verify(cred) != FIDO_OK); - assert(fido_cred_verify_self(cred) != FIDO_OK); + r = fido_cred_verify(cred); + consume(&r, sizeof(r)); + r = fido_cred_verify_self(cred); + consume(&r, sizeof(r)); consume(fido_cred_pubkey_ptr(cred), fido_cred_pubkey_len(cred)); consume(fido_cred_id_ptr(cred), fido_cred_id_len(cred)); @@ -321,6 +339,8 @@ verify_cred(int type, const unsigned char *cdh_ptr, size_t cdh_len, consume(&sigcount, sizeof(sigcount)); type = fido_cred_type(cred); consume(&type, sizeof(type)); + minpinlen = fido_cred_pin_minlen(cred); + consume(&minpinlen, sizeof(minpinlen)); fido_cred_free(&cred); } @@ -360,7 +380,9 @@ test_cred(const struct param *p) fido_cred_authdata_raw_len(cred), p->ext, p->rk, p->uv, fido_cred_x5c_ptr(cred), fido_cred_x5c_len(cred), fido_cred_sig_ptr(cred), fido_cred_sig_len(cred), - fido_cred_fmt(cred), fido_cred_prot(cred)); + fido_cred_attstmt_ptr(cred), fido_cred_attstmt_len(cred), + fido_cred_fmt(cred), fido_cred_prot(cred), + fido_cred_pin_minlen(cred)); fido_cred_free(&cred); } @@ -408,6 +430,7 @@ void test(const struct param *p) { prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); diff --git a/fuzz/fuzz_credman.c b/fuzz/fuzz_credman.c index 89a37379d87f..fb34f22f8147 100644 --- a/fuzz/fuzz_credman.c +++ b/fuzz/fuzz_credman.c @@ -374,6 +374,7 @@ void test(const struct param *p) { prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); diff --git a/fuzz/fuzz_hid.c b/fuzz/fuzz_hid.c index 6aca7ef5da5b..556e62ac4cd3 100644 --- a/fuzz/fuzz_hid.c +++ b/fuzz/fuzz_hid.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020 Yubico AB. All rights reserved. + * Copyright (c) 2020-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -12,6 +12,7 @@ #include "../openbsd-compat/openbsd-compat.h" #include "mutator_aux.h" +#include "dummy.h" extern int fido_hid_get_usage(const uint8_t *, size_t, uint32_t *); extern int fido_hid_get_report_len(const uint8_t *, size_t, size_t *, size_t *); @@ -21,6 +22,7 @@ struct param { int seed; char uevent[MAXSTR]; struct blob report_descriptor; + struct blob netlink_wiredata; }; /* @@ -58,13 +60,14 @@ unpack(const uint8_t *ptr, size_t len) cbor.read != len || cbor_isa_array(item) == false || cbor_array_is_definite(item) == false || - cbor_array_size(item) != 3 || + cbor_array_size(item) != 4 || (v = cbor_array_handle(item)) == NULL) goto fail; if (unpack_int(v[0], &p->seed) < 0 || unpack_string(v[1], p->uevent) < 0 || - unpack_blob(v[2], &p->report_descriptor) < 0) + unpack_blob(v[2], &p->report_descriptor) < 0 || + unpack_blob(v[3], &p->netlink_wiredata) < 0) goto fail; ok = 0; @@ -83,19 +86,20 @@ unpack(const uint8_t *ptr, size_t len) size_t pack(uint8_t *ptr, size_t len, const struct param *p) { - cbor_item_t *argv[3], *array = NULL; + cbor_item_t *argv[4], *array = NULL; size_t cbor_alloc_len, cbor_len = 0; unsigned char *cbor = NULL; memset(argv, 0, sizeof(argv)); - if ((array = cbor_new_definite_array(3)) == NULL || + if ((array = cbor_new_definite_array(4)) == NULL || (argv[0] = pack_int(p->seed)) == NULL || (argv[1] = pack_string(p->uevent)) == NULL || - (argv[2] = pack_blob(&p->report_descriptor)) == NULL) + (argv[2] = pack_blob(&p->report_descriptor)) == NULL || + (argv[3] = pack_blob(&p->netlink_wiredata)) == NULL) goto fail; - for (size_t i = 0; i < 3; i++) + for (size_t i = 0; i < 4; i++) if (cbor_array_push(array, argv[i]) == false) goto fail; @@ -107,7 +111,7 @@ pack(uint8_t *ptr, size_t len, const struct param *p) memcpy(ptr, cbor, cbor_len); fail: - for (size_t i = 0; i < 3; i++) + for (size_t i = 0; i < 4; i++) if (argv[i]) cbor_decref(&argv[i]); @@ -132,6 +136,9 @@ pack_dummy(uint8_t *ptr, size_t len) strlcpy(dummy.uevent, dummy_uevent, sizeof(dummy.uevent)); memcpy(&dummy.report_descriptor.body, &dummy_report_descriptor, dummy.report_descriptor.len); + dummy.netlink_wiredata.len = sizeof(dummy_netlink_wiredata); + memcpy(&dummy.netlink_wiredata.body, &dummy_netlink_wiredata, + dummy.netlink_wiredata.len); assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0); if (blob_len > len) @@ -171,7 +178,10 @@ manifest(const struct param *p) fido_dev_info_t *devlist; int16_t vendor_id, product_id; + set_netlink_io_functions(fd_read, fd_write); + set_wire_data(p->netlink_wiredata.body, p->netlink_wiredata.len); set_udev_parameters(p->uevent, &p->report_descriptor); + ndevs = uniform_random(64); if ((devlist = fido_dev_info_new(ndevs)) == NULL || fido_dev_info_manifest(devlist, ndevs, &nfound) != FIDO_OK) @@ -194,6 +204,7 @@ void test(const struct param *p) { prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); @@ -212,4 +223,7 @@ mutate(struct param *p, unsigned int seed, unsigned int flags) NO_MSAN mutate_blob(&p->report_descriptor); mutate_string(p->uevent); } + + if (flags & MUTATE_WIREDATA) + mutate_blob(&p->netlink_wiredata); } diff --git a/fuzz/fuzz_largeblob.c b/fuzz/fuzz_largeblob.c index 6886261bf529..3289ed46e2a7 100644 --- a/fuzz/fuzz_largeblob.c +++ b/fuzz/fuzz_largeblob.c @@ -242,6 +242,7 @@ void test(const struct param *p) { prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); diff --git a/fuzz/fuzz_mgmt.c b/fuzz/fuzz_mgmt.c index 28afbc6aae5f..7c28979fb624 100644 --- a/fuzz/fuzz_mgmt.c +++ b/fuzz/fuzz_mgmt.c @@ -16,6 +16,8 @@ #include "../openbsd-compat/openbsd-compat.h" +#define MAXRPID 64 + struct param { char pin1[MAXSTR]; char pin2[MAXSTR]; @@ -440,10 +442,35 @@ dev_set_pin_minlen(const struct param *p) fido_dev_free(&dev); } +static void +dev_set_pin_minlen_rpid(const struct param *p) +{ + fido_dev_t *dev; + const char *rpid[MAXRPID]; + const char *pin; + size_t n; + int r; + + set_wire_data(p->config_wire_data.body, p->config_wire_data.len); + if ((dev = open_dev(0)) == NULL) + return; + n = uniform_random(MAXRPID); + for (size_t i = 0; i < n; i++) + rpid[i] = dummy_rp_id; + pin = p->pin1; + if (strlen(pin) == 0) + pin = NULL; + r = fido_dev_set_pin_minlen_rpid(dev, rpid, n, pin); + consume_str(fido_strerr(r)); + fido_dev_close(dev); + fido_dev_free(&dev); +} + void test(const struct param *p) { prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); @@ -457,6 +484,7 @@ test(const struct param *p) dev_toggle_always_uv(p); dev_force_pin_change(p); dev_set_pin_minlen(p); + dev_set_pin_minlen_rpid(p); } void diff --git a/fuzz/fuzz_netlink.c b/fuzz/fuzz_netlink.c index 9b7f930cde38..2447215a2471 100644 --- a/fuzz/fuzz_netlink.c +++ b/fuzz/fuzz_netlink.c @@ -12,6 +12,7 @@ #include "../openbsd-compat/openbsd-compat.h" #include "mutator_aux.h" +#include "dummy.h" struct param { int seed; @@ -19,94 +20,6 @@ struct param { struct blob wiredata; }; -/* - * Sample netlink messages. These are unlikely to get the harness very far in - * terms of coverage, but serve to give libFuzzer a sense of the underlying - * structure. - */ -static const uint8_t sample_netlink_wiredata[] = { - 0xd8, 0x01, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x9d, 0x2e, 0x00, 0x00, - 0x01, 0x02, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x6e, 0x66, 0x63, 0x00, 0x06, 0x00, 0x01, 0x00, - 0x1e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0x00, - 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x04, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x05, 0x00, - 0x1f, 0x00, 0x00, 0x00, 0x80, 0x01, 0x06, 0x00, - 0x14, 0x00, 0x01, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x01, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0e, 0x00, 0x00, 0x00, 0x14, 0x00, 0x02, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x03, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x03, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x04, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x06, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x05, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x07, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x06, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x07, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x05, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x08, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x08, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x09, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x0f, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0a, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x0b, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x13, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0c, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x15, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x0d, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x11, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x0e, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x12, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x0f, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x1a, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0c, 0x00, 0x00, 0x00, 0x14, 0x00, 0x10, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x1b, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x11, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x1c, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x14, 0x00, 0x12, 0x00, - 0x08, 0x00, 0x01, 0x00, 0x1d, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x02, 0x00, 0x0a, 0x00, 0x00, 0x00, - 0x14, 0x00, 0x13, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x1e, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x0a, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x07, 0x00, - 0x18, 0x00, 0x01, 0x00, 0x08, 0x00, 0x02, 0x00, - 0x05, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x01, 0x00, - 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x00, 0x00, - 0x24, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, - 0x00, 0x00, 0x00, 0x00, 0x9d, 0x2e, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x00, 0x00, - 0x1e, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, - 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, - 0x9d, 0x2e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x24, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x05, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x1c, 0x00, 0x00, 0x00, 0x1e, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x09, 0x01, 0x00, 0x00, 0x08, 0x00, 0x01, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, - 0x1e, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x9d, 0x2e, 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, - 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x08, 0x00, 0x03, 0x00, 0x10, 0x00, 0x00, 0x00, - 0x06, 0x00, 0x05, 0x00, 0x44, 0x00, 0x00, 0x00, - 0x05, 0x00, 0x06, 0x00, 0x20, 0x00, 0x00, 0x00, - 0x0b, 0x00, 0x07, 0x00, 0x27, 0x00, 0x00, 0x00, - 0x93, 0xb9, 0x25, 0x00 -}; - struct param * unpack(const uint8_t *ptr, size_t len) { @@ -190,8 +103,8 @@ pack_dummy(uint8_t *ptr, size_t len) memset(&dummy, 0, sizeof(dummy)); - dummy.wiredata.len = sizeof(sample_netlink_wiredata); - memcpy(&dummy.wiredata.body, &sample_netlink_wiredata, + dummy.wiredata.len = sizeof(dummy_netlink_wiredata); + memcpy(&dummy.wiredata.body, &dummy_netlink_wiredata, dummy.wiredata.len); assert((blob_len = pack(blob, sizeof(blob), &dummy)) != 0); @@ -213,6 +126,7 @@ test(const struct param *p) uint32_t target; prng_init((unsigned int)p->seed); + fuzz_clock_reset(); fido_init(FIDO_DEBUG); fido_set_log_handler(consume_str); diff --git a/fuzz/mutator_aux.c b/fuzz/mutator_aux.c index 0dc3ae1bf054..92a67be78106 100644 --- a/fuzz/mutator_aux.c +++ b/fuzz/mutator_aux.c @@ -37,6 +37,8 @@ consume(const void *body, size_t len) while (len--) x ^= *ptr++; + + (void)x; } void @@ -308,7 +310,8 @@ open_dev(int nfc) goto fail; } - if (fido_dev_open(dev, "nodev") != FIDO_OK) + if (fido_dev_set_timeout(dev, 300) != FIDO_OK || + fido_dev_open(dev, "nodev") != FIDO_OK) goto fail; return dev; diff --git a/fuzz/mutator_aux.h b/fuzz/mutator_aux.h index 6b1a98215b07..a9bebe232bae 100644 --- a/fuzz/mutator_aux.h +++ b/fuzz/mutator_aux.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019 Yubico AB. All rights reserved. + * Copyright (c) 2019-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -49,7 +49,7 @@ #define MUTATE_ALL (MUTATE_SEED | MUTATE_PARAM | MUTATE_WIREDATA) #define MAXSTR 1024 -#define MAXBLOB 3072 +#define MAXBLOB 3600 struct blob { uint8_t body[MAXBLOB]; @@ -88,6 +88,7 @@ ssize_t fd_write(int, const void *, size_t); fido_dev_t *open_dev(int); void set_wire_data(const uint8_t *, size_t); +void fuzz_clock_reset(void); void prng_init(unsigned long); unsigned long prng_uint32(void); diff --git a/fuzz/report.tgz b/fuzz/report.tgz index c8d4d3f38028e034432e767f03012117960f9d7b..cf74f315cb80af025316b8d1873e0b87ae575556 100644 GIT binary patch literal 320981 zcmYJZ18^qM7A>4)G80Xbi8HZn+sPN(wrzW2+qP{?Y#U$fFShgM-uvGFcU5;+SDoEw z@3q%j)u&G5M?!=B_xN_MW978LwtRW~4(rUNwNX9vCeyP2dqhET3bd-BwPwTTL4nlJ zmM`Aj#o^%kw*3S~Kq8L;2qfs_hIh*hBM{8G1LK(CY$F{>q@jPnclG#f|579M6=L;i z_qyRMy;09I(~yn-bAiSC80z3sx#G1Vf@u=zm2jrvw*IN-;oa|kT;l`dP&lwzP~p7b zr($2uepQ9v$kRppYpeInJNWO;U#6e0kt@9^`_Lb6--SNxuTSY_Dp)Mx8%QQ%XXOSA zj75fTBKdXAgF+c}Zm>K=woc9FzWJD>6`NRL#_S*LLO1u1k@QvX8(IdXGYr)nHSVj|OT>l3KOqqbQC^h9C)Y~*D<)0ntC1tab3zrg(d4~#xIUS{ z<@af9fFsX$5t8Fque&`CVP{|XG@~j5#LK}O;uWMeWR93RNSo1vr4)?$Yfis7V939R zgs6NKXp$8@tL98mi)T`{_bBu{!~Eh-x4Q@VmfCLRg4hIl2G<2rl=qvy(-N9>=MCzO zt3sQUbj=@cWk}Q?M1l_d{z@qB*FWDzAjovwSJ2}|H+W^$vi-299h=zrSSOma9^W+U z(denKdhf*9cSeCBGU9~37v7HROEVOp71WG=d)P4CZK{l$_vm5x3A()u&o+;r+@3bU z3}7sBRjiz!YCs5Wv0)ILpphDP@24?T9VAtU9SumVi@GZJ$O8Li{}8ECNm&GY@@ z0=G8UA4?l-$4*(lqHV%9LmyK56^n7-y`qW`T9O}q(t715Rt?MqvsdwCfDoBM% z+Il9nu7?r0WwjoiQ=+na_QD}+WCZh!{O?ur!=wwAC<@Q(5ev|MoI)3_ne)RZzmg}f z{ePP9K%?kp=6%$Uexi@!vyA%v9-1^7U?GG2+ujR4zPE4kh(&ThH?2)>^^jh4`QaB)!$vhShTuIp^5M6^EaNo& z)d~*{)ARNvXP^C!X%cj65QtR%zL5ATha*->ZloO&#<4{I6lNuXHIBz_M*ma>@A-T8 z4O83B(+RUwe?5;JeHQmd%Bl8qP#^W^dk77_r=2Evkr3ju2*t@EUNm9GXQbFgfGN0fqwY>cx{T<~dj3dxfZ?ZlNcSjnuNx%mwhjlFY@ zXj-ax=eQi>F8s+ZDP{&bNP^%9I_y;hQLe9cBENGW*GMu+|GKe4#E?umW)Gr1YdxHg zlQ(?N3(^twUz&KT{(Fm3A-#^z^cj4)Ze&lg+k-G1YC#pj2zYs)zN1qlySoZyy3qS9v(lp__P1da z$}BPb`zQA-5ys4 zpd;N1RFmWcsmWS*5k`+-7j*PYglEZ3(&gL39PToRNP9d zZI9ymHUtg-sbQ zTAuxp1ojoTFr08$|D~CLdSXQuUF2gQNy1$SnCkfEsuO{U!)AZl@(tLi5+Z<;>5xXZ zBf8Ln{lM-Fkle;{SOMdoPjdY1b4Q|T_K|A+wiFf~w7%fgK8)s`A%g|g2AI}N$(hou zpY+Y#HHON$gj6J(Sj1uDFgT4dp%{iiEKvAHk#dd7EFmStiT*RN+p(yi&_6y%f(KEF z_4ghHRX>?B&7lX5f|OHO;u2Yl1}x3B$QYEjePa@PMc1k6+}kncQUl9CA$)&gwhU9V zzeC-3J$aiVbSNX`sG(na@)3~Vrt*4_IDWQJo6LWkdMtPQuE(G}9sA2#%wfSG?`eb3 zq?%KzWt`FJ@3b|e)#dMw(vB-|s#b|CRlTG7y>crevV=5l+(~V@4Y4f&CkpkLQmsqP z64}Yi-x&a#4sbT08ZHxxdIgK_U<4_j=rs)$h$Caoly_BwnhTj(E8ytWnPOS-qB7Bh z2R=-_-}OdMtF;v~v9Ygc0|ZZBb7{)~~b z85L8S?uqF@@1SqL4YC@I%&Rat3 zVg*=+r{SuryJ9%wi+)d8FXGNx4{%&LQuA_zbaDr$(TFX(W90x8%66(*+m+#A3#n>l zn?_B?pYu&BnU(E_!G`lrRi*W7U4flj{Y9)!)B-RVZJfAzr94B@gAqS0YS%2(jNKM% zyh_qgO;Ly)zkWKg+DJ9R*sX762}YAMoLtV* z1+YcrJ3^xMm4=Nr!6Hd{0GYRIT+B@9bjjPM4oEk0${W{?^DH~}zSL1InmndL3`R8= zQ&kkWIJ!&dS?7+Hvg9k2TDwg^2+eDj)=^p00u`;&am$*6yr-E)d}94Z$Q(Q2G;$F8 z+>)sNFp%}*#`D_}YK^XHhy)>f$nL_SBSAO)kf1*O2}|UD;suE*!S6*#NC^BrBp_lG zsX>r6f~xbvrF;mZoj&fUBU8d(qEvf=Gr8Wr;xI zh6Ord4bFa#55+I=KHRlL?y*L2x(J#T1l_Ev`YYK6%9-kMn=Q-2Lo2uA?F_p|$QleP z4AgyPqhCJBG}{+LxRCugOBe+-v(? z?=h}Aoh_}lS{Ym`S7SJ@Y@FQrsBDc_57pws2B`Dv-%b3{;JzL9+1(3%D*G^jvne^) ze@e^-=7Off8hfpS1)~=KG=d(*z56Pj`!_RF43}Xu-lcYh+O~NTZ0*ME1z7%^VsHjj zr3L;S5MdfKiV{y{7;e zg#R#zc*TSt3oxOOJ=LEQed==ZSjZ>lNO0MiK5zpi=!o8e9FaYk!@FL!a*)Fh25-#v zo*zQJN%!7SOM{96$zGfk@i0tKON-fFUut+#5}DJ+elLfS20m?^e^u3B^J z9c6^;KtI^eLku@Rd&kH39aKV0Qno{uFu>x-B*tkR=aQlp>*9+5T>AjM6P%)AnEZZ}fwDxhKv3P&wa z(c%A!%1|CDUWi7uGP=O6v~-hoAXuAV?>CgGK=UJH7+t>i9eRlp)06>SxLZB#ia~MOn3%29Ss)s1=;y& zHjC?1J@k?uqC8LRy_@j%>owfwze+aT$9y0i-pDT(HbW*fa*SzMipwez1$+3MQ;Km}UOPbOc zR~=9c)a7L&g0yuP`6>oij%uI^9~~Xn!9%#NlT3hOfhgrOxTNFk`gQ#Mgr+=Mz<{lk zK@0v5j3#R~v_|PBy8FaYmkBkNS{5wzY1YP`{jPJ@H4^N`a@&w_(>70&8$UzTH!g(0 z$!{bUMK%E!*3+(!#MZ4Mh)T@e4`{n9leKf>Z(4bR_sBZh+B!YmK5mblMHemKC7U=& z*E1CgU~T3#vuT@=pcjuIE$zhe9M=!ps&184tpfyXWb+=0Av>B^{lsCZt}CWImQ)8S z|DkPd>BQEIZ?I6TI;4ruc}5{9MQTfdX}iD>6$y7wy`KB32<0R;Qgs}R7}ICw|8rkx zJ%kHlge%J^8^GbJWfKmcoq@Sn(OinIEbm@VEv2Of*wG5TtGliRtBTI=Eti+KhsU|Z;>c|Okx5B$ip3FV zwPU~X*JF@1u9!^Y1rpG=8xwe!m6%#1a70J$q$cwhhaCfGO_21rm+n|kO{VMZ84}F+ z*%=!kH9R#De&C)xm-ifQo|bJ&|J1<2E1R`t z8UPX#U-lV^6P4c)i*+h&rDVUH*1LnWz2{)}v^3=*B}E>c+CMldPd`d}T;T}_;F%W4 z$#CJQ#DKJBh5?1ciIh@{up4DQTDvMV%N@Za?Kw!^u)(!0BiWTkUBb{DIH2FM84hPR{4 z*aGaOH1EH!-*8?$XZ|q;g;9@1^!yd%J0{SBhmw#a`4u+`qux@P3*3--(R8Qp}Z=WC_; z=S=qY7w9i&`{|3X@4@HG&L$f5{L7^K&jypqhTmb-69W4k5ofq-YbHiMv-4KQ!I}BdInEa&FjPZ(nBq# z&hQWgo|;D(!Kdg|znn&TpPq?A^loYq1oy@&HRo(cqfdwU=9Q1Hf1b;8nJD((U5GT) zU5`~n(t!sZn|sn|-!Za>m)#!*kAP{Y&82C5P6yW(a7?g{VFm3ZkImY$WP<2CBB?;d zp4ObA`+b&4{IKZX7|kx=PQstlRAX~v*)|wt4npWd1MUJBTZFJqQDhwWBcz;%(U^T{ zn7=z7a;m)WO%G;=Il42eap_6c%tF0l1ZfMP-T&j@AH{4K3)6O%PE(mQk9JwV8GrDn zMZx`fsE0GahxG?EFC{HnrD7+6sHY_D1rXOLF^y4}=B$@}EoyDpY#T&5VfGoPO`aYu z?cExRL^?Mur0J~c!3BkpstD}_^i>Kh{n1+TaWBaOM7ZQ*!>{pn-Z!F6r{v{q#K*3HuH#dwh zPQd_s`DS5j%#7}ifwblrvH+cJJrRLR^J=8E{k`{$Mvt6__F%SVkB&8B2hb zk_*GSa`}shdLir$Jl$}Q^le5d7(gPc^bFX&$@>!|Qy55AzSyv$1WZoeEI zw_oqRem)Pem!N5@`!iym^SrytC;Zw@J3mnVb`71bTaDf9+M$(r_qmRnp3jMn&bIhj z^T5Yq9tL;U(fJQ$L;mtrvs8SA`ZKDm*|eGEj?#JmD!Ki^M;j+O`L+u!cjrr@p^MNq`L&%Z*>`vr z5siAsv*h`B^ayiPZ_^$azT%cG8#4RZ+uXCiW@`BH5p7*)nm6E&_0eYdwcWPjkA8fd9Su}w>b5@RuL#=J*64nvcDwD`?sGi)+$oSz zlW&m7D4gW9;+o)V7TDCBxQL89xYp34L;sYp4gf=7SS03d&;4+n(TDy1%UV|D2@H~G z5J~h`LWO4sXgjt-52Nqk`~XN_IwLpT^Q7CuNiDYh)|e=K`0#Q=*h$Q$ZCA6YxGRue zb^f*cv1WmUDXW*8+vWB2dGT_Zx$;JJ_N5Zd^gt7v%uOEweS73GC$r@5b$4kuu25n% zg`N#!RDtXkzN+QVrO?_wO;d>KGU6?oUWE4cjo~j@7l0piTI5fUVb#j}d_5>lE#=Sd z^7SpC^)2Lm1D&po^+d#%p22(;0T*MBYe&x3y68J95u(pdlY4nhVAaGXna+c+;1*9 z+gL7O;TInN$CqtRSuUTC%O^|cSmc6R2{U|30kv5}rmWv}wi+hr!|uvAw5wafweTsh zWM7uus02K|ausH}s(QKW1_@9Df2^pugxDC4HkGV>VDl{pS3^URcD|*~dA7HXDOuC| z1KPay0QUR{fYfZ9F(1)=uIN)TDrv4~BAh*|+fVtxE$vl~Hv7}dtb~f%NpIRbW9TZK zOvx%g)9(acm7kyYddoENQ=Herhf*!YYHPVq>9U@uoyJqeKoLaY{h)7Y`f#u3HD@^N z8gw{c2}=tRQD4i$ADuqTMG=aAst~DvUau+nxz6{fnY+-Gtli|9dZp)?kzFc>P~u^h zRvB)iCaPIG@S~!wtRQ7KUT?el$! zbZoG57C>tKgtMr;u<7-3RO|G#H*u@d!9L0*^||H=sLr$HQ;O7tm!ZC^RG->nc8!)y zRGDGMq(OZ{%gf7rzpC}4HWwe7dorGP{|y2l@_5S+aFvDjeIA=PnVcl+76vK`Tn z_TlvrT~dfxS{&<{UoFQ#SgF_ywn1uX;d1xA3Lagi@<%qi=28Z8#3xImxtOC4YkiNo zK}|>N>Q(9HtrS%A5|L$HMX0v+6kA={$=KJ{>qR>ILqrB%F=c8V<));9CFLX4o0f|y z)4DJ2*`srte1NdeT;$ry&{fYz%9I%Kij9^BgBR@h!FJLm1Ffrkt4yPM@1qEj@y;95 z{nF0^0e+~9VU(N9r>{M``c4?$Nh>LH^9^fN+_VKg6lB zp-bP-@ZSnIEL^DX?`OSS9tWDbqG+g_tDHQ_kGS#tI)rPekK0+W5PE3T^<;sIWiJ<7 z)}Ad=@Txh)sSzD1Demi%W-vP@q+{7!P~>!+6gtO4Cqfjt?edb2yxdpyC-pT0we$~; zvz@2TwM)52^l)P?m#Q)|w8Nz-Jz7%*M<6jey&!GWnU>UzyhY3BqthRYw{GhR613b6 z;hOw%OH>xFC>j<)u)wYDe;?Ff*BgmFbbIfszpqD7n~$=0CiXfk47hEs)1F6~{E^2ifXcJRU+6k1I$&>HNGN z`KxEDpXd<{3ZM0~bK@pSlP5_pjb*Pe(AfNz;mT$#2_dvL{yh5lE_0!t$EOoCOHnmT zv8CH45?Dx4SxAM=t9Hhk|47MrLS+s!+p=mddz81o*Y(O3OU#LgZ-+zOY$HRcP#G{ws3Xg^?FwW^oEEZ5nV-IyLd&z)}UDAZ&B<| zDFdDiH^`evPX!AC<|5+zQZGy1p|pSarCj+@kLOMzHnsuDL_O10J=2k4OpOtxj*~Kr z*=r*{YUuBL=;~{?C|FP7tg9lP=>7IR!%XT)`xFkmQ=Cz_BalG<3JC@OCa zC;z%5rR;yFw9=%slGJ12+q(%QVXG!#E2d|z9-i2$B(HtK#%C7KUXaXI+Vf=`Q@TtO zEXYuyf{qc@JEiqmvEf-nqd^2eWBH;#xmH@Fst8%3mbJArEU<(sh`UK2sVZHqLS>;D;w zE`Xyc5>Cu>^Yyf5NMS<%C<2FqrRi^OjyzIm}ZJl3cHwwRzKw^ixkCt ztU}N%&E^uXN&PSR)Qbd}Kk~*_E%cV(Olta9r~4^HDx~$%*Z8d6OXRyArO@2#_?ONI zi2BP79TxZ6FBKq#rl=F|-_1*k(3bPmYiBo{LEy5MEA4~`xrmMG=XX3aiE{X3t&b-t zLl_EQpTXKquT+*abSrXNh9BFr_BBY5jk3h8`>W?=yU>BHEA25xERovR$JA+3-*kg* z80;}3q4l?%)YJTig{%537~(_|%Y#ZPAA~ubR)5$j?cww_+)VY6dOy_GvnvyxOryzr zr5Mu59<8TNBS(!bM9F#u+Ii& z46}X>xiaaae}*v!HVNl&OrG-u;;RmdtI1+cWAS_Wzh0)echs^yu+&(gTo~Pgu?rFK z-TioZzt+6mZWnI2WsEgV2UVQ2`lFLK882^p1&{tY+8A0QNzQ` zqYq{6I<)6HuYX(7_EqmGr<#f9MoSoee0=;~N(5zF*;(Cw9yMNDu~%DN9g%DEmy=ZRE7CI=MfjDWkJ>0LO;Ao$OR#N9;Kf`%cc0dePzd1n%JbQ2J*;5@sy*H1=32FK zlJt>r5I9s1S+ZN@efMW=*Y_hszXpnz*v8~dujtst`Asz!2^yXenoZ2Vr&%QMpJQ&! zlcc4!A6fn)({>bI_Z;i6FE@MObK7W_5W6;Xr0dU3YTwX~{HpfvJAd#?tlR!}pFj}J2ordk%YKg{Tp%-NvI?0WRJ@k&}jtgXeI6aD5WjO;P zh;51XGShDF7}jKpJUhOLCr$#tUHPohzrJ8}53Uqzt&KEP*`@?mYk8#kXr5CkE#=;R z=BeMuhD?(B6;1+!)+m#E8a>aVZSO34)wZ_saN5V61ER?h5xh@7ke(hth-bKaFPUpY zEs|Qic65NQ5#6cQT+{$uV_;|DvyvafEavB@eCOomlvP5l*UpEJ=)?@(NYB%0$9DIl zE!Tdz+BN;1!cE<^up!qHiH6!x(S&w$&+ENSYg@b_dQu!v+u1B}NBa`8N8;RuRmV_s znV|PE$0Iv(TEb+rrgJ?ys;gO&k%DTgVmTYfll_D6Nxwkwns$MRs(ZPE)Fm42tYBz; zIuUz+=?t;O5?inPlLfaj{q)>vDBRQq_?DY-c!^@tITiU`4nMM0(xkG&VNpp;l z-PMA)8ILpftN4qnr`EIUngX3kdxp*>Mk_Y@f^RnshyiH%t0HnUgBCDu04Yc^;WVAZtqcEGd`HER4aRoAa>*GE8u3 zJA9;5?_>d`lL~SBPc_?itS$QO8CL*I&wQuE{O)U^ZhO7f0Jh6d?i=#I zI{>}A-j$ozj4xg|KDyi9$T`J7HDV1t#k#Y;GHD)6+{$`0JOB(h}Gg%{xML610KA*RjQIU>bdkxXvOeuy z3%>S?3f4bZq?_4CWGJBq_^R7Vi|uD__yz?G7&C8I$*@sen%qiX&Jy*9uI*%ZK{_t& zWXwKh^qXZtpDb#$m58p0N4>{b+xq?VUR^9{*AxF{-Pq2U40KuE#+nS(LCZ6v^<=n|UQ|EAl937386n6w{maHLUe;bs zjX*a*;Erhyle*o*@lyP8_FTGf9C>_MJ!60jS$^)C9>XCXo(xEEjIMnY`S`kj84DC1 zPozMTs2q_NCNdkTc@#m;9h+Eayn7r2-MRUFv(wBCVnHaHZ0p=#>{?yQk@s2|13lHI zbfjJC_+qxw(WmFIq{&S*jf$pJ@gP6Ez1^&>jdk8VzHD#hocr+I+dif;nT`9jcX!Xc z4T-{C>GjZr$C5rObbpB0t)g-%7r||xGt2FddNfmaCKGIC@Hy!`(Oqn1W7uLn1PG%Z zw(%)4yQn><;S?);R{CVcvepzXHf{e~JPqTbSK?$tb+>m`;_4v8YP*%g z^igj{$0lHf3sr8?E?M4;)wp7SuvV6SBnGFWv!?BEca~LfW1XFYK+}WVZBu-=rL{6- zFLbM1neKW&#W1!6)9;GNb`~y+_@@CVwtP6OaBVM;!j>uYPFBx(z)zObsEr{Z(=?w3 zLxQ*kkBgK#xR%tb=GulXotlAltfS?eEnVqe>AQ0=KY?70D@L6{(^uq`q{>ZhZOoj= z?RtD9*5j2AV#V$%AI{&vrlp|YZnvQBKcDWS_mzF91|Qy8O}wlYtDYFX`7gT{hFSD1 zTpPrec=aEAr@VBh4*XxJZgIqY@YH?qK$XSKySUZrSQhpw7ItS}Z+AP;%rN$(^kz28)-inRA#u^PLh*Dww##t*5ng~&Kx5)@;^WBl4%>znC9ZUDoIfDh z9}uI+iYqz?P3fRa>2M$xer5G`m{UWu=CoBB#{@`b0@xO{ z6yUTY9eNIktQ{;9XI;U-@L@cZVLT3MgqFwt z0?u$$&T!flj^8$X*DrpW0Zl#i3LANaAn;Tm@Y<2=4;1_sr=Yyfq6dm2%MrT^3yEuP z80XL1=FeB7O+lh%t%l0m2uu7Y&H^LiWBZb0M(mQlBat4p9iXtFOH|^A80v=@VA&I{ z-le;~0lVUTo8tXybODB|TrwuASS&ZngWS=YaYw7AMR#56;Ny=|ckNU6t})P*5y^l9 z=|Da9Z(UaObX6jYXljdSpg6Tvp?R_u5cHWhvbc(gVJ6@r#*78GMRSQYrEPQ>HzMx8 zFX?Y|o9+@FL}ThG8FkN6bI(GCFS^2Df64-ptBR@<>|?==yi|m|6zmNtb1k68+X7Wc zy);B`Tl+W;3F4nFD+tANF8a7)6+B(h^P}ZTnx}FdQw}6yFDGHo2dBw;RgZ>s!y_V; zr6QCy4+XLyvQ8JAxDVyK{9dUrvNrXpW7vWh@ivI^l+e+=a=io+vM#v^Yk zJQZK&NFScryBu&ovanq!>m*;yJNqKW*15!`@iX`H(<{YVFbp?-0Wke*duie;- zVdW}g<<7G7q`YiS9LEQiCI^;g@<__YZ*q9lB3NjvS!jz(v^A#B6k>O#FO*2^ElBMt zWp+*)`$_$sW-TvLS+x5u=*8#eCFc|kVILKQe*JQDibA!})3nf&)a_dy-5QA9d7>J0 zwj1_pbnsM1YjF)}P0g;krOZsaI`{f|FLj$K9Z8Hos+!>&^>Iye1WWt2SA7Pk4(2V@ zyB-1|(gO~;>+Y#KE&MV*$iGU8mmzQrWB~+VQK$T zG?`l+7r7+WLFK9>~zzBgsGsmlh{#iB<{r(9aFQ zrKw+?RuGF(7t=1R)1KB4B~y=gdD|-x1lD-J^l@>GV5PT-Ef4cMM{r^%Xs0s3NPxjg zq^XN9)1i%sx3$)C3HEO&E{6gj29h9WlY(JNjW0?D(BicPUZ>K12dVZ8!yHXk-oaTM zeMuNPB)~c)I0D%nqWiIaW|0{{uxhkAvko*NzF_W<`0tQNLzA~WY;qDEvA}?_!T^fM zY82F|0~See@-uL%vKU(>z}h4@h}apKjvc&@UV{%&f64U^x@$J?>mH9La^nvAlYY5-FQ! zK;_>-O7Kz2-7wDLN{+S=gY<8=Neua==LNeTtda;2gr*WO{t_@mG8J3%f3RVKzC*uf zL2MuF)#b~FS;#@y%LR^l6|^goT+m!lP0k0k&&mcc%0h6+20}X$nfNSwF|Bex3ipr0 z9grCav9~*3IwqJ*1N&~_R>=+a_|`fGREcO(1bmRm&J!Q5)omSJxs8qz!A=tMwm#NR z=zf(5!2A_}0pL*lLtO#^Nd40X7Mwp6_;M6ARwdIR{Ny7oUZ zZT52G?**tCKbDysh7|NTtqfxws=WNQkz>-N{;^3HoK@mitsW^WMHVU0E9_wB9(o}W zawjo3Jl7bMIxs-|Qwdo>37ISlIh8hgCgu_kOCuZIAT9wcA;CUaaS!W{%1?WV{z0h* z8%<~RL0d^0Coo}TGA!g3%gcMP!Z^sfxL{&T{q!pVe=_@y)Pm+JB{MPw^jqS<+Ts}I{;aaqqzUfWLTon%K`e9l|AGOa68)>X z!=IQ$nt%}W!!?CAm{ACVL#Q7Txq;0$N3-y)|0A6BwG@F&ERB%_jEO`#iO>oIcRGqe zRUAxBJngU0QIBK|o2 zPm_Dr0fK@M;)4Cbu#VtHd$7z8Tl7pK}}5 zuYz|1W_NiZ*)Jt@KW)DUg@e#kdHi3Xxu!-ObQcm67gl<4Kt>nA3 z2bJ?c)baEW9$M&nG1vjX>;Y+E+*WgV(vwL3lSnaXoZh1#o)&vttu{YTUvSos`PLtW z9Oz!GPj)Kt@0O1NiuIGNJ3DoJ9xINmPN6~Msjn%p7L%UUM4xyfWi5@(`g*m~s5W1?$M+{yq`xWIly*w%RE#y1H_>jkohq1?BgWe3q#%Bx$Km-Fa2zaJO0MfvC0bqPg8TUIZTKE_@ z@+kK_l1He+SJVZvoS{f8q)03aq35!XE+L~S0Kyc2%*dU|R~wf$NE|Ro98Q9lfi0ik zVEKFS;hPnizIzeOfYAj2S4Z=Z=uN|5>U%{jiK0)KnUp-;?jj0Jv;T9v$Y5+Vx%C3$ zH~?ZCfULk5or57Uxf}m?H=YbZ?(Q}GlneQUYhGkUBi7eYC zk_(xFD?xm&JlSAUMIvfE-hVt^L>Yn7Wkba@e-IiM2Kpa%C#&lSj1hJ$%Yp*u;wXk@ zQyRy}!mcC&u0_P72rCp-;sRswWRlZdvW=u-`{Dxo;wV_5cv(Ava#szl-Xq5(Z@sN+ zEcCUn2V4OU&}AG6;zJ5n(^xy+wnhCM*f1Q}5`$}tjrCZU_}oK*TcD`+0bCSYl3%t( z;r2#057NCgZ`~5dN?r-k02KK83|I0G2fhq)D$o zj@cjZ-i=%Ta>eLNfGWe15LvqBNxSgkL(=~D)3O-EpjZY0+w!mzIZv7maexgmZoN&L zm_hfqnrIdW8|@Py%a!zP_w;jJhI*Y@2c`)zxCyZgMJ8(#)iS;Qia1keNYO~{tH;y& zMkQ7f?mR=a7(}%gvIT2CYA`n{_rfH%&)xgG$s2I&Ywhjj{?F@CsT;lQbWU#e=gQcp zo3>irJ9wQKasVrdTE$Ah*bM58X`?Z)<;V zsO;%*c3`US33Gy9;2%-@_s5MYX9MPVkY{-kf{*6#t(Vx|@LQVw}CYf5l&__55DcqkYUC#Q${(nmDXHXOW9ETWKH9L3qW$ zq9MrD-TK_emwVv6QFsz(?;7fzQ>>+cj;K9rerAmz?mhgHh3rRER!``8%?b-*c+FmM zJSyIGseCHoy>d&OqhR;B%+Iwu1gw^kQJ2iCWlUY{>(9t!C|{3$YaS)D&M#^|?+PUQ5GDv}JXZn8#P)vF0Q^8<>QV29qpmdmvU_wRDy*E{7!-qIRL>3&Ax_SRJ)#4T~o`{x7FO#`B@eesDLF z#7feLrvV$k*}MCk0gg=R?&%_R-BaP$E`BW82jm95bBhzEn3&f&m*Ya+I1~0QlYgzc zgxj|9<_Ux@$Su1hM=#Z7SGD_9#`faay3bC`7zZIs0?3G z6(*{B8lTJKUE?=1aPxVrn|h8jfE`eWB3?OAajb4qR%4xB-ui@}oq6*#ME}%i{1`#l zj0peN1r>%y**qP#Np(pF5)d`mr=dEg`LOEnBu-K|8KZtQ@@Tae?<8WHM_3cS zS$}Y1#=^%*Cx%cZ)RW1O^Y>JJ1tML@xKQKeMV$8W>^T_hWY~krLsn%Ba86L|(PQ(s z?9%;BIN$Z#@Mo|!dbk~|w^<{(5ooc1Kms4{N{d3Y`Mu(N(~uMyKp3FWj`JO_9(fLD zgN&5OWyGq=UymoJeHB8xUM1+bbVj)|bVachA$vM-6iX*~RsYE=+ zCQ*9s^{4~KDNl)Iq(!>yjPuDnNwW3SR$>Wfw_8a_WuSU|k~W3X4}-L#M@frRE*P(! zu2nk>rLWp1u>`Az7t0{yC~@n;-OX77=Y`c$qE$Zqj8pY@$JDwr>iLl@{#3oqJcZ`A zcB&DAa>UVU%BeE%FR5bPePzQROO=`W@mX5cN)Oi^ItjGC zN}G8~&D#G&I{$x>sj}HUA1?*-Sfri-$+?2|YwJj3m=G~4u zF`Tnh8Ae(qst;LS+MX)bpVzfi}xj^@*A)+m*BnRKvJfGTcXE zmC!LZxvER{)8(o_a==yS+HsXvrWsZw+Z6Xe*Y@1d+qQ>z+1BUbf!#$Vja~D0HZHyS zlIDY>?eN%L%j?HwnW=Zua@&(LoJwPkQF6XkRfg|}7jH_?GO?;mpxQ=JMw4zk-3U$@ z*;GBP(v;^kZv~oevAT^9`||Un;p|llzpR%ZD>jg9E)*yiBR^Hxru@dpJ|^fpU4m11a8O$0ODx@0G}?!#niC_-f!b0?Tn8Opj`6YT z|3FbH!^+_m3Yec?oaVcV;dV80pj$1f;aq;po=w-1z3eZzA9vwAI-sM8 zFxn_lXwLFt!FsqncW)J;sshIW3Wfg<9Joclz$l*kX>KrJmY1s82E7GxFO<^0yCbqvW; zTXOuymd|qp%B7Vmn2&YCW>~ibF2QTd%KI~`eVF!k9`& zrQ`nvpZdqVKHNdX&XVdFTDe-y1S5u{sH649K}CvFtYXb@;^&BL&c$-Pig(iG(NO>Y zBtDlgMi+tp&r6VL|LY~THR7AV$Uh*?r!*1JMdrfFacA-?`N5nml?v|&m2j(ic|kVK zBk4c=Nd8YhV=rh!|Fl=}uMK>~^QkYcbo9x@7nkNNrw^f)#jG}8_xlJJh{J$6TXgmR znrr0u$?dTZ!GEG6(f_Y{vuK(rVr6-uNl# zDl_dPG8|Ep{2*3yj~;vWv`XjX26 zl2bT)*{GGCF)AUp_3A!AIPW|ZE~km9+lX1}mBX~mL$v=x)mK18^@M%zE(n6SWgOor;%h%y2kYL)MQKivI#sTU zrTPu-eD?pKEp7fZLAM^zKkHaUSC>M8F+wvVT3@&_yAs3k>us{Lcy(tjg};wmZD>$O zbW2JB#XkuyO%GjCxP4^`8@=NshC})eO#3@9aVBQ&8+sStsjW(mOD;D{}SbAH1D!?>~${q_%>2C_BG{B z6elfnLr7Wve@-ZDL}z;VpA&lah3&uiDH5F}Tw}wa)mty0^CH!HT3c#t*U;HbzW96g zJ0XXffAXyOB$gx&n0!im==hyPF)Fe|{^_p#Lv5Y8lsTdzCOkKd!p%CZr1}o2>Xfj; z)Yykg|G9L_f;*Qk1H_CW*yunRI(-k#-kohPB%<`M?Ki|?Aw_q_J1z4s_=(;HKkvKX z_dI`&@uoYd+j55O#j(4?OtFU8Lyd+4b!Seq5ySeZybD8{6v3z4Q!B)|BPJ4dZ`0ir z5+9@$+Gg{PrK5bwSb`#Vi+HEpx?J2>r4lzit8Km?mA{QtPMnYQO!W#v__RGs6B^qu z1Wr@AY*>91*{N0}9e$Q32&mViSA|PcE5kW-mp}Rm;{Nmm<>kF(Qx<3}ES@#hyZC01 z)g)MNkR?%++vHebP`Ec1-~Aka;6Vgu>a|y+bX?u?lKTevz32F4>>MrkKK+nC)r#5{ zyNkNukbIyr&Ryjg#EvFeDa?(`!=O*^kPD0+?nZmHlKT{CBGX=jpQy9wM?RYob zT(?8$v11{=L0IOhP?|OOT5j}jQKeH@hZ0mwZ(hd1s_1vf{^wu9nj}7%y<~ZQHwJv9 zRhnb#X8osZb?=Mr*ni+u_t@<)xqet47c3wvcv;%ZLqY9J+ESxZWO;s~n`4|%FV{O34mq>;bxGS%RkY{9+g*uwS{>-Ar`>oxtr zzBU3$+aLRElijMF|Gc<5i&&D40$^ufKK*BBVH_w$0B3`7r(K7V4bd3IKfV3kadb4* zuFp&Vc`rw1w?~=&fcNSq`_Fq(hy*bKlLFxGDdnoAmsrz0ZAIvBv^m|sv1SLmlAA{H zom_PP$pzev_#aE|WY+dzEFYQ4d~#j}lCmpuQTiyBG$iR@l@hzjff}3HiC%WXi#*PinI2{)<)#cca+XcZU26Fl0vZ5>p*}x7QrP zma<|GU;b0Usp;;oGItSI|G$W9@S5clP<`lM^;b;Ixb-phNB@K}HmwMZ;eP!S%J1aP z)L%JeE7L2_i!1~;+_0{F^N+`jc{g{_N{Y8^^WDe)J1SUCH88ph6(#>d1>{ube^pSf zg8Q;bL+rLujDfk`mIZVCKSg2gA#`&Tkp+4z6FPclMPX!Q9c6$_^_!nk1%6v6bYmmq zJ#urx(dsSh>F0`Pb&zpz7C}BS^#i=2DzWTl^48y8SykTud1fqzt?>9^rFcoP+FtFA zYu)SHYpla*{&&B)p0}jau2g^4J(_Uqv^y0?Up(DgjIu~Yj)(M!F13FvWSl3ZE-=7| zw#1IJ#Ksykr>qkin`x@gYuR?%kzuFNWT&CjOf>nkb;@Jp_)B{EzUK0M%J!I<@a+?6 z21-o^N=lh1lMLhJkD8qMnw-4(lx<(Va}^a(ACyoKe~xfHD+A8Jrp6Clx$0`b66L zMBj!&&oA29&**nx96PYNci7=0mH3_K?W(_}KM-qwApS;18rDTYFA~Bo5<=69^Od=l zh>?j-gPAV+<+<_CCYYkUrlS0BInhK19w~MrEq0=M4V+wA1)3}+8U~?d_4cM+m$%>1 zowvz9#*&b7CsMis^Ys-Sd#igYg$8s~a=vYV+0U>9?D- z&WAvjksbT#7Ao^5y)){$wIIX$gb6;wbdKKAR3ti7Bn@Mf*AP!FBaK@+dozu2Ce~6W zR#y%YHRy!!mq!jck1AfqO>v0I4UvpW*IFtui8?TgR=gZq`sngS*da%_g1W=x<1zH1 z>hp)H%W@WptM#I=?$u(~R>!pN&Fl)nfn<_Lzo ztTy@B1+`FpZUIoUs-q{yQF@M}v@E9%5T;dRr&XL?S0G|YkQb;*&rvWKRx)^A+we;H zz%kK#nJUbgwZxg#rC~$M+SO6sCUlgwWR%sVNSr+EnzUP0zgu-v*LKn-Xq2&Jl+mT= zL0@nJ!+`?Ffx=ucHve*t0^P6@-E*Of)~~Q`DgAD#O*wK-*1(6Kg1&wV8r|_QYaW-N zJ(>E*Fs8sUrZBhbR+2^-Z*_SdIXWXqO_3GoEbIGXI>YCWmv@V!&a(8$YV&ny5Ob}2q$!6f~S*pKjs4_eGqVv_%+6eEYevWr!=xE32+0A%!&tL7A z_xl8e+SXW%OIOU2dkpuCi$C)FlIBfLlNNhFX1$U!b|6MP`+iK{qRMfvm=E$;?nx-4 z4}Ez%EQ+#X=mk*nfejK?bo&D(YgiQi(th#nZ}$eun(gL~0y3zNu-X~3u%+^^Nj7}s zlwb%W&0COgXfUKV0#r{F$%2c774t$!<%G2<8?@WMF(7r?vlX!6#8#nD)oAKpFgS5h zFqAAhMdcoxI4lTy5EaS5gH+&TAeNE&riP#Y!Nha;eDuMBA>PGYjiI~)ey0?pL6^v}!v^a%~LV6Sry*LHMgCq9JA3rDD*WoGdj}M3(>%=}jm@73| zi`S>&!U-3Kw+h2qy4t>}B|v|Y!4}D2B<04x4i)gI;7BSs%V?|UKq7Pv69&S9k?;>atm(-WRM0GJQ=Tz5-m?A;NS{fWJwb**-V)OL5T7O=IAi4e8-XSe$%?q zn~|#o>*1CwQ-^&f`+_EvzUNZ@q>qW@s{$nlAJF0Aa*6-Ju*qoA-8MgUr@t3@BNMFi zl0Q%2VML=_xSg1n?``estx&zEn4^2Z&#UbMp3-Rw^%@?UiJgQz6|-2qoSP~uZB7mK z0UjEPBPV9i#9v&tH41d$c|9?z_Y8CN09QWn3V7qkEy>(sui0bA0j|q8LTUl!abF#X z^FA=_omw;P`0&VgsjmOl_DU%5;^tRkswp=w84^T}6kdarXR~tOQmEhZ&|rY<-YA3=3ER|D+a973w3E~o>W@4z1RB8N~enM+>C~Uyc`-}mI#tCH4TK=0yGHN z7|o{&U4Mm$Kp;rScRocF^&>tBBnXKVW`NmCv&dn?jIm+z`ygO@!zk$+dmx=97O%v3Lgn(rrOO%SO z1Zjy<2#_>_#tGK5SdcPa$yY%PjzbFnBrca`C1=PWhRN$fY}ebLK)^`IQm{fRutNzC zffK;UB1t6bD}23ie5rHA&mPVOZ)Jm{5tv#=mrK>T?!CCS6^*TR5O5K-HaNaQ_XdFPAYLdpxM9>c;>}RjSI+^kyKEiS=QTIJc8A0QZQ&&Ok zgabtZ)ElIIInTgVjiq8Q+4J?Lyk zupSg*3_Kcvq9)~YK!O~R!lnfF5#KMs<=~}Y!Nu2*kSPqvB0$+2BrBJ?=p1*zC_GMq z1Ta#8P}b#Sc4VbI_2P>~g8l<=QU%Tzf&_&k>&%IC1sKSQQADuL#}He*b~Xr@6S4%8 zYmM+rlth4}5HuPv;C*pD=n7@uPRC}pXw@L2rosqEF~ZUBp~`%N4BaIB_n^po0gOsu zyq85xYIq!QBnKSrfT`U^$bn;gFTm;svsW>V%1PHHAO*9 zQO+`W_V8mSb1Vg8EQQWKP*{F~@g;Hjo(4^_0v=`*2r~+u0h-MZk^~VWLBm8alocsC zEdMG2&3;?5bf0+QMmhgF0d09(gw9p@8sbigi2!3FXfr{x?N3y&qL5fo=q?bq=>seb z1rUZpr!mNqAXv1ExfEMK;>_Q!R^r065!#xkv~s|Wt~YEb8f*aO4+~GvMMj90*gYz zqR=pK9QCXvLMMS{K_Ow6%%rEv@*USe+3JFM z^hjA=;2Q8K@yLy4XU%VRw1|q_f5k|QFWlFbZifScqb~nfmDh*DiW=M?PBqZBHOHX$ z?An|Y)XF`TO=|{bG6sKPOTx@=8<<%nlA2GFnu z*^+i>f^alJ8^QNlBeD{q2tO!-HW~zIN}Jzbpo>=vm|?1>SSTnKAX-rVg}z0Op>Zvb z=98vWufFMNNX?jT8j1)(%Lg%jy`>=XRoB7H5(Tvcq>67}vHbHl23?MN^s z83Ig(pv{KV4Z#!6mDvsx&^=f6L-2{e%K58+1kdZ`OqNjhd^Ykwv@`}*a_)K0-)zjK zoZ6jh5K-(XvrQ+U!%p66R4l$QRF&JFdB|M4oS@#pL#uT#z$&V>MILGfmW`@wHIniJ z)l}az1H|N6+dg26OD~h*ftOM33Y!21U0hZny`T8w>i@~_(%%p#n zfhfTJfw6QmL46EhU%A&>DV0r)_T^DO4^$;M{GeCgWRnK5B5-sck)XN3B zxu26QdS!`!ee!E#%gM*Mz2lTPbT4OR`LgF(ioc~nFi$2N(8cx^YW%k(2c{mq5Bln! z8A+uAtmf@8Ff37xSZCA!v|Kx`i?De|*M%EN-3NO0)2O~j{QM{8HSxWRoa_%b z9pxVD1-F{GTPd^F`lME5q-V;Vm^ZVCuq{BnkCo+Ju7NVg5wqsHvOL)Zpz04KHGmGq z5)K~LYIh3N(HKdIG&>uh30Zr|Nz@FIc`_dZ82k##w2q?>!98Xs-2~vi;9g6rvow+# z1D>oVEa|e9G^pjtv^5efo%tgtVNlAGX#hMlaaaDplL-aNZ2;ndkj>qk>~Eek4_UbD z64dQ^Xenl;CtuL58#&Mu5l<{A=eH!FH}_2XxQ(K-3Cnsv$37bBG#A3B*ivR2Pe6wr zm*j=iSp&WTpjt!7Wl&=^m8)G6@&-%kEN6w-$2F>*7$Xo6$db5_!ZMXNj=;sRMua#J zv02sQd1&KSXRs6vqIog_1t{$bLKMigYYAGPp4Un#807F|DgkOS+(PnjCt;utWh4a# zpl!9IrEqxI67U=_hgjd{Xp@l-x_TM0MxxxSe|}0CwDM%4fSxVB?UX8}Q?CRlY&!uv z2EkeY*|_F6oJS53&4dCM%_~&bIl5hf+Qw#>lw0p7tYn+dya?QRYwC~NJCCo$M^7)& zo0m2i*^wOA-uXwTv|1M{t?$?M1Ye`L@LPxF9n4o&p8L`%U3<&t-1METuPpn}g}P8AaNvc0}ir%-2UcPJofq$-E;Gw zPf+q*(8y`AdED-DBR+b5iQc-}laa2e*VWJ1UvSerYl%N+$c3IEarS97AluT6@l=bL zXXy7}?muCPw2K&Gt!{k;i*gEmxchz-i(<=|_KZy2x2Ks`z_T}i*@xkf0;EE3=4d1? z>*g1NJbV`%nk2-1Y}G{5r&ngeBwMVaNq5aiQG{%u1)_T(tfMPDbD#9$+P}m8%kNBF z%i=Gt5!8RBLE1c^duM1AB+iaJZ&ExL_Y6s~PdkK}al8bX$a1iGNyb6Si|y6f2X-~? zfM5oL7l=$z)Vh3#R%|3{4+aN@Jyvjau$R0hDzMd3w*Ht8s}&m$wMU78vZ?OcJK!U4 z#pVPm;@ZC@)=zbmHh4p5twONxN3$r#fL#Ympk!RckZW}dAVTGGQIBTPSL}k6THV5l zfv$(+?St0fA8#5d#5m z0^{A$r;4BNC>}OX3I=0{gRs2hQQ)lzm2j$kumHe6KBw(#@*T^$G+h)(WKm3xz@CxS z9QUl1e4n-gvo4wh1K<*Nh6X`^&UJzKTix36$|F8gQY>O{14!WNhJM!0TcD(0#E=4T zg4aoS{gr=2&YFRHhF*u9L=*KA*#i_mgK6$haRoob5Ld_Y>Wl^3a<;z)({(|b87o0T zu|%S1SN3AGo)|K6!P=AzpP-+sqs61;~reIQdx? zm*N`f=8b2}Z@{;dLhqLDPVl?D%5v z%Y|d^gK+^VKy>A0@L>C3_@WpDDxAb;`UFMz9<;#s07Z?d4cc%DPXv{GW43ezE}2-ybl%Ug?V-2L2Ru%2ElY0 z7|o39AfXylG>VW0umkx!FzGX}0XcvZl}jPtizu#EZ2R!{{iqkk*0A1jIXPfzxR|^UFZpm#&=6q^#0vq)Q4w6V&iW(RhBcnV80!q32u3f{ zX%iy=eS$%r0Y#!#zyRza;|DygNIwt?;%Alt;=jR6M8H9k2zwd0@y`~JG#G+{K!E|P zLAIB5ETLR|OPri+{GU8KUvc+Nv>!MZ3`JtVXhuL^bM9X1NS4nvtyf0iS5(jg?%B7G z1&&2Y1_!Yt>;vxE!(kYG_%IYTTzDBv7#4t2!vns2(BYtrx(^2PLLdO|wup8F3WNmt zF~aXAhxgTQ=!DsC-DqHZFa!vWT%?4eFqX7VKiY7{Q!WB*)q!jw^tn(d5(h@30Wp9| zh2z0M_u;})Sd-XNc=#|76P4*}aod>P?;NW*adxJ&a`JVj@dxoPY{348;T& zX27w3gI@)K7-K@wx_5rA7|Z}53S)b%$`Pm~`xX@f2E#ER^6jAFck#!&;GZxkFm0kS zfzGOI@&R+D4?uGWV-iL_0R+erxtL7VYA0Fz2!suz`2nsQBJ>ACKp0STD`<8-NCX77 z2SMa%?&isC8CO8(Z|stgWX5<%5GAUW2+Np$8`%2dE_T^hLs|qY2SenoL6qfA%nym* zhx5DJIh+inxerC=f zc7ebf_1{B!)tuVQ#`mD;B*<)jqzMGv3Wdn?f^A1T;eH?l#E&uf&SS{7!T}jVt+T~H z;y^(pFq$?fdDhL{{tzeSV~jpB7>WZfymqgc;G&lrk=pp;qi>2VmpLJ{^#P2g3VSk> zL>dY~!Jue*$eVRe>d{<2z845kE&$HM)`)mYK<$wTdnkNSP8p8?2BLurL$Cn{@*Oe@ zbX=%aP~Q}V1c3mVB8}&7s_a==uZ7)Fx~jrU)j+gZ%n(JmrF2j0`g@G~0+ zNf?;ALn?vxIn_TZ&y{PdhQwj>0(bgALb|5kk)QyeF%uLuC!Zby1XK&=1k8Br9tsm8 zZwyYz3rG}%gKPjpq|W~~J2lWb`^gVPf(=0sK+z!>o~Nn#zb4g+2*xH?Xn>@~twd0? z161&3S)vdeWQVZtqn<1x$U5T+>A-FUDDH#AOig#d(*O~{R&=878`LAXa26hK#P=uw zUkpFSE>v%DNH+#J3L7H-8%)Y~{ss%Y1|UZVqdCMLr{d?!K!A{via5Q2oQth zVxodE9Y0?(0`wTTuG$)rl&Ay;#R2>>FaA_fVT7UN01`w1f`1{rA6kjRGgNwj?Tgdb zPa1~KlwE^B5Dv$ooFLy-y+GdiIBi zQWp*?N7&hfzKqv+R%G{@s-=hCP}Q3Zb`w$ zp0aaknj&}xHl%YMoFW|3h5<$aSm%d35K!xRHR`MPttfs^BrgKmZsYh>GteWfNUyU}NAwK*UhAAJlVNMorbrc4|Tm zN~s73eL~oWGnI#i>AnXk000ng>j^T(Qy2qPlc0U}l%@=lFqsd7MA4}G1kx%DFh3c% zC5(HEqAfnxhAC{;EhZG^4+u0XC%J#9r{4@a8NdcX? z2MGo!X0@8=wkJbIfnv2WJtu)2t!;#Aa5N@80#~ZD3-a}cFzwv4Z-=x$|IXChJZnl& zvu!w^EjVFHnI{;PW^1X$mdJe&fP4z0eL-k#%J!2o0L2HRHN!i}IB+PM5#%OkTOEe5QKs@xkz~d?q3O`~D94QcS03h7>7}Y*NNV0HIb0T|bhFo|6k{(72 ztXk0%#b8Sz2m{bv7=SbP0K%Sg0JS{@G2eRxbRW46dt$Gq@Vl%PurnxwB2&rzY>H}^1va6z;6nBB2qpp z1auteoWLR*o9S;PtjlkZ&k;pST2Tsm3rOp}F}5rx69^YZ+XhLLGm$~Uf>DD+46U!! z+wD>CMG&A(t2^~+-nBq);+jwB*Ih;FMJ`9pF4VLvh`{|zNH_%4MK0;0`s+pexGg!HM(!-6dAVd zmN(L!0=I!Bsoh@=I|M~d=fE%kY{;O2bNfALEPw=atE_W-7YZH)&SZRzN?8v!0h)$L zb(Vu{o!b*pa9-fL3P?zFS?Lzeel0B@cLV4_6w<+WJ-@Cc7)`#)LSMQ;n3*f#Y%mgO zx_sv9@k@}L13&gG2(5JWhlr^2`}fTs9cTI8U1uE9eNdPm4xpG2OzS51`yOXWkuKY7U13Us%U&X7;i#;3Ty(<|Ujp_v~mn z97=p))i;?d`o6j^-8{Cv6bw%3q~-w5c70udgyP2|z(% zwDe$u;wnBmz*zx`LRdbSc%|Kb55pQY$VYvrL3ju#B_I(jK!fV`B?7(!;#-mcTr!>d z7M*C}u^T06MHaH&cfD@*)>fS}LH|iMqY5|}1%ZoXf$H$Wh~zM2P*}kxT0ZAs`IM-@&j};1TZY$c!TiN6m`?0ru~5vc{u~ z96=%WZN5;<+vt@Kw+$vk$+qMslt?Hqs*4B@^s(w!T*Uv;F@VbU;RK^d;3CUVBuC{- z_#v2K5km%j4w^*;n}CQ~K@9S|AX{X+>@5-LwLCDn2lR3WC3@SXk?NcD>xGKhwk$+_!n~yh}YFM zHTJOpr!*R<+WO_1$+Cld;$0E%WLz6*l#>ML|2g$K2bA)Ma@ zZiwy}w7e>^b)DLam=-zBnujG^$*cdR6Jb9Ok~Gkr>J{G{%-^F)i3@Z)eyVpiZYa>` z*EU2uSNM~sjJYA{ue=yJ|01>w`V1Twq*hl;C7VbM2MZw_`|t-7WJyb2ecdm%u+b;8 zBH71a=)3~C;&lu|TLHj%QPk3WObCbq@;8haaEiV7NPt^)&&U-jMjlu!>FA$R`=-;L!?bhZV&^YX ze6w>59VXeE3n%_gET1yKeGrTSjD$WD#1-Mo3+|a5tg2-*7V}B(=l58$HEb_tr6m@I zb>{x0dp{t&nDd!$K9d)`PwNtSG+1g;NaXESWVa`bR&YvJnr zcH^{3L+JKVe;OK%bC_J7VLJHsu4B{*{K=c+Mj#}GJqZdZ&*8d zS`Ia5)=xIXxdtY8zlON&$Ns@eUe_7%5{mI!l{>gFvKt-I?DzV^HRE+QL?SPB%tG|U zCM55<$8)cV&}LjIHJ7TFd%q7SFO94_2QM=8Y3uZ;pFCZ>AHd_DbghNXJ;I)!nZX_V zYG~&?vOyS`cwc}m-TXvIEO{76E|z-aM7G`-#xw6eemGAk_M^z6|1(#1y`#Vj*Vn97 zMVV8c0&WYh?@>%M6bc5iz#S3 zBc&x6qD{@b⋙4ZthCy^6-?PyLB8EKR@2-9r=^@XNT@)>-SuW_nw5P(8^wz(Hfog z?eS4HPtr@{vq9SaSz6k9elDqR7=O0W=&3(*&QZQbn>m}Gb!JOL)E1WZy|dr$ovqV8 zo2R91bQ;4?ulZrpP*io|pHuIDDx)~JFCn@zbmZyHWwN_Ek(9Th?i;1rI3&EcaC95( zo~oA0V|c)t_>8{9@9@1&=Yc_WThOL`ZnMTc331+_Lr3|}Rd)SC_&S-x-?8qZs+hx* z`y)zU`0TBB*GE5#oXW9d{8>Vye;n687-453wdH<5*Y48`c!N$MpKJxT2`kmk;1+dxn67vtE8y*g&~X|*c|U^)1hAZ`D*Dj#oJ?1JT9^dnJ}cfzotD{lhOSyaeX8)Cd@}3>hrD%<64?oPK`T{*8A~!mHFeK5mbPUf>G6T7OfYX4ZF= zlG@%Md*0m8kJc%3$4YKf1u3SQPL>z&rEwr5qrR?R==CN z$2QN$*isB$PX#gTn17i+UuaUiZQ+UhsMoL7Y{3~e;u)^@dFpqrL@N2#L3Ez>+_yFB ztJT4V`wxdSjl_PW>340#=7!BYIlMconS$m%R7+J{dxd7%#4vhb^!Lwyxf}WSUP!c@ z#719itqY!VSD7CE*1wjeFlsDPl*f#i&lE}v7eDdTQ>&kNNa7i46C$6$ssAL!@g1Ig zedtWb%EPqo_cw?lx`<9adAs`escp#HZXdxnyLpe}ZF*>lBUV!i1;uaA+r>N&SI&(h z7gFEny`7(Nv-1)0cKB-=|G~p6cb?OCi?+o_!|Uqo`h37{-ks;!Kw8TaAXD-hZHw1N z0dNrb?D%{Ghu=NF;z~1>#@pkj>U8&a-ilj~pHL6>>Yv#^69Y!gz77``dEX;ObS#sL z8`B$Bn$8ana_ZRg3{x9DZ>k<0oCS>}(zzb{M1a$pS(^ULM;g(@#NK&`nl%yv-AC{ zUt3i%w}*!3dEzTg!agonF+Q4mp%S8(CkM>^o6Tp32j^4N$FJuL9=M;}tk&ze9P+j)xHrvKi6x$okjn2(!B?#rcLmrggvR=j39=O?-E z-mgw<#SHf{d|BtqNz*>~|1(m?W}1`u)Yn(wvuukuThC!_@g=KlczbO$_^ulf(D$Bo zy0Nl)kZc~T9*H-58HRDLV7+iH!uMy#W=cnrcOB8qYU){v?}fg4@9;Y>BF8Vv$$biI z`7wN~MwCc~M7bVcS#_rx$XhP=NTA+rtU!g*JKyH`xyOsCg4?!!)m#?HOmbQ07r|s3 zUIDd4D_)_hiv@O(_Z#ryPkr)UkE`N!<_^CO)x|{s`0U_{jyhuiuRM-y;#ObOY)EZ>g^V98JKR%R8 z80!x4xk$S~i3imU`~KqHvQUuiyj@qK=G@3+LNP$ z58^!T?iW|TkEcT1rgY4%hElQlYF(+sy4_#r@s1hFcw&JqC43JzcMjYy|H!)v9|k?* z>WoXhH3z}FEIeFJ8n1i18{}apy3?;lNkR)&b4_Cg3BwG=e0jcO@A|yio!g?w>nxj* zaJn@1#|GoFQCtUzNpr+1`*&h!)9x?eZ}_p(qZgXJ-G^<md56grZmq4bii6Ea&Pk0bf_qy2$FVmO)FOQ6uc;U)In9~PL7j34Y z*knQX{tD>s)^SjM1WM2Y^g;D{lx}n8-j}!veA5@?!7=e1{VW!2VFS0lM;mqg8?(CA zmj1slZ#tY+YfIzm zH4*pP47??icxFUY1`CDiEHGXR-y51_%MaJ$FWtmPDv0@RIJbLJrQ$IeXeF5P_L+q z1LP0QY&ZS>blphz=_pGylWpd_s-ptXST}XO|7Qs?-_yV62O|8FQAA9nt_z$RLg{$l zQoYpj8s0ry*dE@Ta^tt8OUNHW0B38Gq?ltLM}Ektl;0LxooR6pd*e?@Jo~WID0w3` zf?qk&_1g15QQM`bDyDW;JmfV?@oN@mM*cUoFJ3t&N4$ONSfE_l!0;)n{8QFoG^w6* z2h8X~j7Ol#?@A+m+kClWsAe}6f>y6TPiH1s|2Z(N7%<6O?#q}NnI z!kexvG5rb5{kwm4YzZUCZEs5&C$E|f1NL?Ui#&xwzK8DHG}-Hw6>W!O+deW)4u5ft zm>8h__P##W90&8)&Zjd1qq^@C%mQH+6wQ1OxWgBIE3tmBZU4c1pjzTwI8AE)HavQ* zJ#MXiclX^vd?=YsgGo5)!&1_R^Ha^FaFzLD5D+K@2fhj8GBr0CCFIXm8Hzo2_| zyA?1)5?#|CSJQ6$Ro2MKH*R&MUn{r4$erw7EjB|(2uDYVP)k%uba8uJaXa-d`cB2) zQL^)+QfpU7V;fuP{b=7O7PtFXWNxw~j3OZ%A|Z2KA-jPWSm8@!U!9VwdAaWRMvMfMIw!TKJ>s9dJFT&7#PmO|>Wxy1VquPBVJ;mP@PAm9{7`Z@Msql(PDx&# z`Vz=o-qewITCTRg-Mpik(F-Pe3ugL) zt#Fj-V4=X$J8REsvEhWT!wI8fKPi1-jF^fXn2N8MUuV;MiEXPLrj4=v?5I$uZ8(n$ zeaEHQ-QW9Ks9u+d%YbC&L)N7Bi!CyNcq8D%4!5QZE=5O827AqzjFQXzR%G!e>&v?5 zHJCY-TtcCbQfaG-^0OtxBt}0smHC{mZ1j@cwB^2A`Zi5YI$k4~{+>m@F1!ZQccP7ChjnkLbI*~crm$;i zJG%_u?z)Y!tUzVEm+GD~jxMZ~s&pMWU%B#gY;0mj%TbnzRaBqbsK_6}uBm&u9#nK$ zCrVQbCb4mm58^oq`f~{XpdIqMT-!dHIN3<~^T)vUi*ANs9}pdFf3UMGYH$=dkW5=& zQDD_Bq+ZdzQpns3zwN7ez%fK~uo!yKnobdhnf8NbeKB<1-bi`(IOtrwgJ_JYk>QAp;idk4KVV?_tCGXFpv3+vr94GHFiy> z)-K|TtCsnE*B5>#Vs-@`1QH(03h%7VuD-5H*vO_SG~<5Q8$BF3b#`Y>@0`C~UdWuK zeE&)LyEQSweZc#jgTGsbK-Z_=_eX!fF`;h6DCutaF6fS}?@#g3W|QD6RvC?%?T}Dl znU@Su&&zD`W2vOoNn!afL;vyZS0>a=SS3@vzytXDRXTw-CsbeM_V8x<1m58@$evGR zT)#Y!8M}B})A1$kU_&jhEYip)kKBsFLvqSn-xNQdBKj)VCW@uUz(=4P$7c6qJqtKf zB`i6>NAP*y6w`W)g+|PNe@=T{rWUt!cI>lSgE%?&&$dZnsvm@C8I7q}9KU;i+A~T| zOKn-44=Wd(&jmiXd`N-j+p&a~bbrm43}*2h`6{WIJKsL&DdkbLd;9F~(^r^Nz+i2w z*7SC8D_^LiO_RK7KS}30d_&gXSamh<`9YY5PYE7(@v&i(@08DV?zJ2jsjnCC0g8^@ ziN2WCbiQkgsK)LzjF|Iej=$W?lfGx%KiTz+>yu7T%yWEK&DfF~-dj2AUCTTzUgU#_ z0C{A)W;u%a)Va*xuKL@!MT8 zR|(diXr0#fQ@^_1RTrwc!9P_9ySMgLpk-UU=iQipouH7yMb77nCU9R#v6= zJg%lqstO6&)ZqP0@Fc82DF&vQE2}wJ5Cbw&tra3!>~#A7H+>lG*-<@q~=rO6(DkFKjH^SXdA9jHRFwuJ}G)Kp~-obH$cI zs5?4P(si+k68|=v|AA`DKv=|t_3~`%7(vSEr{C-U${&ab;V^d0CSxr?$q@)8?$n zeRD2MUrw+guOF3#bv(U?UnNV^dxS;Q3}^$&Fz>LSsQz{3n<%_BmoeH{$mWc9kGS_b zS&L@By-1v9Vwtp2dGf%|joL$uS@O?Ig%;T*37W|A>h<^Jyf3XD+c)7StgUc0kFnL;K5ilA zPrg0C7ZDg&5O@h^5|w1wM&}Y+@4bP0S?Mos2*cyqk%H1Uif(>a7&cmue7#ijanfsu zkJBfVnymsC&MOjBJFkngZq_HV8E^OdEW$5;JY}+pnyrE|5L+a_2NL59c>4Tq+9br9 z`XZb;Xh$2jaJyH!dE_p*gBLm4x}4xHpm1yQAmwq_&J+TjuV_8M;vj=x=_we43j%nP2TFcS-e?M$&n=j+)Hu!P9`dhRKx%w$QrP<5X{!+)Pn zTrf}ahHxYcOH!PWDCF@s)8^t;o)#*mTV5_p_~r;xSia=nyW8F3ZhA6r|LhrxORUYy zk24(xSqx22iUX;Sj-SmqEANYs_kG4X5C`(le>tgU$e)L9k6hWZ?d|xY0nnJI>YH(znP~4?i z#ib@GVQVhfgmoad!>K2CWceU=W8K3v3jb7-dV7!m4@wpCG1h7?RQlNBO~GdH<$UdY z(a3}--9@>Frz>hnPh^-gZvE&vE6ht%F5V?9@cjI@b|ht!*5gfAJJwB}75xRah+ySC z3;09L+#mcqSE7h;&b>-$zN$uTSgxn=V@6J<9yWlmxM zzVOo1oK#(Vs)7yX)<*YGR@PFv;lF9vd|<#Gh!GC|brKr*o2)I|ss`g5ymvcoIKqWK zFd4hzF$}M8dS}D$)T~8#rR#~n!_U7`L(L+emE{LCo@Kqg?}4@YYPOI(jY88fqR~O# zTk2M%G*MU*P8)KTH~n;V#Kkwt-SY>lTH}Jmp?)2kGA7lr_Qw3}2z!g|Ck?T5ZIANY`6GtDrs9xeT=lbU^`^BaBGFyX7K5mSOH z7qI7p{tlkQfYZ0O+ng%-VY3SA|g4j=Y$mM@-hy7H_B zFU~y6IjyT~@}SLsU;6!5TkMR#L9357jk;8WqB&uwvpLn%`$;Q3^ABJC?S4Y@GNxWt zIdE22`9;OL0Ul~rFc)H*9K@g=A~0T3pO5x@A>cBc;&Zt$;B%vyXE;Z2{8x%g@aU(F z%Wj67*wi~X`|Zaa)~c66IBh1tcP<*%nx*15kM^x_l;N!#qXjG>1MuOK54LJZi8cw+EK#lV+|} z$sFD(Wjvc;^N7(oDY=pL9UN$RKeBa$?=+HAPfWO0Tu^a=w-)}TU=uI(r{*u|>9YQ` zT3-?OAjzr+jbdW6WENo!YGb-wKc#%op}nxknaH>}r!<^HN6TUBZNbo{0J!{%U(aRuKr8BPO;RJze_4v+(3r`Eo2}!mfXzQQW)#@z=KYn@u8~ z`=XaObKM8Z*Mmu}LWwtaB-S@`ju#F(Up=!T3>O*(NjSus$VY}*VlHhi=3Dd_e5X!B zpZ5K2yK#239lE7bS(#`MnI6C4)sdiekvQ_)=}i1VcmiaWHyFS^ZJlP|I;%CqLDUE*sg}SsgjZbSv^b7pC1?NbssSyYNjc6-d-IN*bqj zzkM-)Q(G$V{>5Hpi06gm(;*GU+sU;5N7h?Mwbev@qY0iuvEW`LP~0glMGAxhEydl7 zyGw9)3tps9+zS*7?(W4Y4uxW+_?PE>zqRhY>;9QFb8<3g_MFV#^ApxbpS{D+8R_^)^=Smp0eBv&zR&7W=C1QI%40c?J|K8wZ{-Stt=J_jJ-04G}(^?zDvsUzZ8 zbcVI3!RS^Uv&5?_`*_Kdg6LwZmpFAnXVMEIhZUyd>AuO{1_ z{ppyEW}YY|=47SU#@*l>oMJAlO7rxWSnc)P*4??6N2D;jmq7IV<1Tv5wpS=FGu+qv zR<*$zr1270LoW@2<^i}i((k4bK6`IDpRAuwKijB8^pBPL^2zhjUK=#<(UR`c7N6EN zdn#P#i?=b{->(M>BFTj#1oixza@# zI2NZ_`%SYtk_J(JOHwmC_42smVD+kD>qIavcthw+1%CB z$L``q9K;c0c?T(*YxuIhfQ_G`ojBA=EyUADEbpE#s{>;G_Qs0e_w|tF*`)Pfhs3z` z{OOZ6@EQjrM>uOH7J?a80htM#Bn1LhcOz0Ty@%HbF{qPTPh0} z9R2AX$ykrhb7$U|q=mr|lbsm|Tw0g>H%)HVO!f!ZK{W>Md z^3QT6ft+OQ<5Ci;DqcgHuUD(wYcHQ}p`Lq=UDr=WYiY~>6kJ{aO2-1=18`>pvtiRQZHi`)ray>_JH%)jqJo;hRh zchM6CJ&SU=U7b-HJ@4&z4eW0Wm+;2EvwEyB9Jma8B}ay?JSmy({O|f9kh-R3|M~sI z^SQON|3VkcpU9{#;r;i|8F-VQ2LG-6mg^F|h!1?@;^nYzj)J)V?0mU-a@BgkdWU+) zexvj(;6vRnbYC*0ViL<^KZ>vC51P#L~3^G5q@{qtt>#}a~G+ZFWe>OA8>JZ zBJ1uUa7SxU4j=`u&%J(T5X~|A*)m@@?Emx7_`NFnFVVkDkkWBwmqz>9?0TYy`M$ST!ArmT#;!K4Xyu`H341hrZ8*bu zf>`T_=U?<%$R8GhxZfGccn!-Knv{IZUG4UglK%IX!)<>rFO51v9G;eaOB{{7hQB(0 zP_3#mVDY_PCD@e>^vhLg!BtBrsiK~u_Pvr8xCeJ5XH+_Mp$e&o@a=lskbqTpcY5T& zMKvPc|J1=O#cJMG#O3>0PR4p(a!TRVJELD0_f~maS_|}gpE7^u>mTF&_{Pf-YQ_D- z=B7SorJ}>7@M`eT(*_=Jf^#RX+7w=@x1I3Z!V&0o(6o{~y=Hf?m9 zO;SaY;l9Tms&Yi-13CwUC-$5b#1eA798MjPn*yqx;ZCIH4TdCp?C{F|N}W-N3G8=Dq1#|9y7MQ?q~iV4^yX6wZnw z^epPUa`lEcs3uUG({Q&pP%m@3;9^<2s&-N{5{D`fyy7b)Bi#*lcP3wZRD*5^|b37IY zS<%fTQ8)Qo5yAaxqj70$7jlwZ_w~dcV~w=Sj6#tqQ)C%?+O=b25+Vg{qc&Fh?7w)76c=c5hFkfeN)YJGAsHnjRRMn5}mCaTBKt)(fnKy!ApI4>O@22Y+ zrXzTBfZFhKSVP4_)-oC{emQgdwnTnIxYU#-L$ir_R__XBGG`4E-H>KD(*GmaXI;w?fJCc9?`%% zn_o&cX3=v$T<#N1%N9fqqRq(Mng!bplBk&W9ZuzL!1btn53#m@A`qIsw2Z@w|$Gk z7;7Yx^?IVlWw<%`G8_}N_XD_Ugr)W~7QgGe^31pOWtkywGgYSAUzP2>9ER+@^l-`k zawzjbg_Q7TeJ-EKyvverN%OmwbBc^rnQ;#LEUCJCBSS&BV^1`YgI?=E4(uU)&>8@b!n2 z#t$c{aCs>0&Ufq-B9NOd$n9s2R2%%F^j*%ZQqIT1HxXBI#z_RFKgI~=F!GQJ;fm^% zk-e;<*TVhAFX?RYNw0Cbu8!ATn0FSN4Rby?ZzGhSW3+4w+Sy`3WlE4Jz-&(7xooRFHeZ2GwU86BdtmsV^@Z#{4!eSo zhz`RV$sbME&a@)iOiQ-@iqn@& zBCQ^FBTHt2B{MUz=kcvt!BD8l!z?u;|DlrQ?hV(DgnBb-~i1ynhUP0Z1jiCSEtPB zQ7=*6)}X1?go1ppmz+aU8miF{)o6zf?0WepGvsI(x*$4T5bI1dRh5klCieMD5_AJ|%kH zS29H>@yJz)X8& zi5mD9=MFS&MPq5f2wHGFzZ^+s{%%-fFVvlm7*L2!b6>HP`qq<&@_Ji&N=#15s+tQch`ASCQ0U{Be_^{etKZ( zmu=<4_37~%smbdgBWPIxf>nU%4dO1?Nwm}~LKpO2T=q)Dh7DrE8eHg~0+2O)5TFSJ zE*qcGc`Qu+W7U9-dAhBGuC^HpLS2Nl?KW@(+UpcOqL&PU5Q8AFq{Dnbac{2ajawk{ z+$~(V>t%{yukoADRdR4vW&j&=q`q+Q?#WdACt84O@H@D&?sZJBKG6{fng)iYfg#m7 zYf1%tnlYhyly%)+!azS^6O^$kT}bo6wc7O}rsQ%B9(TigK;wJ-GIuJWYuh?bOxlk> zv|ky+a{*bo+*>E#1H)k6-Y78d;CEvyn=gQ7=V(snp`h62X=0SUMG#;K1nzbS>)7= zwtn-VTyCKOwnL-v7yX8M0YX4DArqMvog2`Ks5x4A73fP92<#9?UfOyQUiKNK_H%Hb zitBS_T{{p}1x{y;R`f3{jm#MWbA~_@`DlI`R?#~uutuQ{2W3Vf=@ngED%DNIF16g+ zw6SW3P9@3LoBZ{Qju#&OFD@t00F!8GULJGw>xwT(lOz4lM9)q;p!4(i2d=AA@g|>9 ztUm`wDp%adwsuqZPN7Xrg@Pg${G0~e_<&w~CfnInOf6;-}c&QH*@5F=-T;U86CO!&n(84EpTJEB<~{>sR7E(2{YgR!vl zNV|pT4}pK_!AA?si|A5Q$%-^M2oeN>L_ups0_u7VqdB16Jt}+r%Fw4|si$Pf#iDKx z&7QB~rmrG+BZl;E`d(vPxOgmD3JfhJKGB#G$Cr!^0%U`zXxF8EF2y?|ap|Rj#3<6m zD1vojKfhu=Ip6msGiHi7x}}jXTpKN@IaB`Q=?Ox zYnnLq6_;CAhH7cb>Fk7kK$YUb8iT#i{f2d!77<#%*0t^(#Xox70A`deOy20?8VTm@ zH;G-By10++H}0b2qTtE_1Ly4mYlln@=`!5(kELZn$KX zNnSiX3^My%6ksf35~E;Dc4qDwVJu&XjLvOTR(bu6n<(`AnftyX$=B_w@uBA5LDEwc zjY3$^?w23wNFRyg&h@rJ(TaTK>wrJ|`ze(vRvl+zO#y_evd2+Gd4IZQy@1!Vl4S)T zGo9O1V!u?$aSYD8EjKq&_4h~r3*QzvIwR-!#LglgKwdU7*`*|~HN)tp)NuKi*dtKY-}mctmdV29|6?dIjkp9x`7>R|AEn{82fe^} zyQ>heHr(N0bzoq={`F`rOY!3ledqtJMyOQJ8SgD8$aW;VDJYvc1T%KZ{m^BzcUlYP zD#>}2a}W%Fo}%@@Y%W($C-)J#qBh9r+SiFbOV4_wbig(6-rLk;whTR36F1j(`>aZp!eIIOFqRza?&AP(--?J@B|09BcUijm7@rvWrxFIS)`daEodIX zAZc?-W*pS3L;g_7`6NU85iSI-jZl4<&ktB6k`l<@lWrLPLXOS~I&* zkfZ)QdP4MfqvQOWx#RI|y4`x@_HVgK1Us!Ejkzz2B$>HiUVdwsn=3vdy3F%%;w;~L zGSKU?x+=*lO74+>^V2s!`t;gAelt%8r71AU9{OEsW`9iwd^XeByEnmMsU2zN<=EpN zKgLj5-Tub*R!)oPW6%hXXc*7#Sa`bmF;g5UK&8SP;6B`gRQN$ZPfXiH_l=-%RO@}Z zl5Z|OKP9nqAQ=1{!~MPj6Ys_R=vC?8=u8B(d`Zm`ryXOx3FJBM5wU{$M}pJtm%|4I zo&gG$g?PG!?;kax4H)pIC<~R^mop5O{?)mG>uo7+MbhM$LLX17#U(02icKs!de-mx0NtDiXSarQ zRcKiCQ9-MI`%)K}W2WGGI9}dqyn};C@AAtRI(aH3CtuOR2~cC;k@S!Oi}7TRzT)fb z0e0Km;qbcNa!dzDxVH+ zQD_h&6djb(K3C(i9sW<#g6LDsnQ6Dd-NTXG)=hz@jvf ztW>i#O&waVEhj`%K*fImw2=A;@>34$zS|o8UrC9mNlR#q9%k)T{KnQi+%Zu@roqcl z14ODRj3}F|KkgU>f{W?|AELyK|BzpMt?xc76u2c}TU;$g4UvgB9{<9j#ze+~BW41A zzcjwEG+3Ek!G*r{tNNWY1I54#)K73MV#w)LFuVkt+dzSRO;kZR zg;+tDjn~v}(vw?~^iQj-k3$FNNX~E5Jq|j@s6M@{zIEKvN48w^^2??eZf+XCTi;hd zYT^U^-T#7bTF@@-fL6-I%QN~q5}dE~KVQ~pBmU?bFJ?_OjSphyxV}&-2!&m2o8pS-M4?YHQ{S}*!@bP;nOUN+VBW9zrnTao?;!qIH7RE6+!tx(KQBmpdW=J9V;d-`A#koPkv$9%(baE^m9ER zg{j_L`03LzXvxy&hHV9%u@8~Kv~BU4lY5aA&WY``99M6_qf0VWFI#Kp#0ZL@oBzlq zNH#(rLSKC{ZaSWaEBM=wcAIF7t|bT)#D=hrV%N=zxoc9B=+@$3>;`;ey7+v&JaIA& ze~V3~3l95!P80XvT?OjQ7h6mR5ZaslSx$9=YBJ0k_({;2A=O3!-r9n z(<76=?(aH(Jm;1pp{s|4+g-kWF-#(5rZT22bjz1w6aFK0M(^sEsp*aH(t{QAl<`0I zS}T(i=NtM+ZnVBvJ!iKue#+$_Cfqlv<>d!JP zcyH!M5HtxrvNGz`%0q*E55|}l_`;n!l^N=dK2*UlaO@(h zJ9-5Kn*#A|w|lF7?_lb6QqclIrn$L|Re7^(^H>h=q<&&HYJ=I+e=jY#Bt97!Sw79W zWvRI6J)~ql6Ac9Ua9rjWE@(Z?>KYo|sy2}A!JhdkIX+>zg#}*x)nFXlKYRA~<@@Wl zt@j^BEYaUl?cp(3(p8=6c^&bM`A34^S9$-h@=3p+mEw4__)6tpUYseIT^E;zl+GSc zOgD9ICbt^>aYTuCdB19t%-GbkRN5~xGh@z5KQglug_=?}#j>J#dR;=ToYI_6*z}%` zGVNY=%kkz(k3;F_u3P=ud`j=N*)kRPm%b$HKSvyxZlyjLoaUd$Xrd=L#aIFzBP?B| zoC>`QY(0y-l*lI6so1uBEf$vfIIoK&gI&-DxRx!Xi#J(o9IqYTtn-h~J-2xW z@?RA)4CjG=7>i7c$bK{zBYnf1#e6rKTX>?pDRVjuq8P14}Jj*f=QSLVrcGm3LYtmp7IbIV=o4kY`zY+}<-n6l2yb^&~3eftL z;Z*LGN#epj$;>&vq4qgH9pSI|-Z3KNgg2m*Y?l~|no7J?-GFH}ue6bCVnH=kLpJdf z&ye@!=!6qzLxr>q$t*o4T4l>qqv?E(qDp3T(^*Z|(+H-wI)T=>P$l-0#$&kLJr>m0 z0PvOOdxogfx4v(C(rg-Ja}<-=S+Y{&tV>Fdua&PB{8x8^nVI4X_Z)yOz=U$E%^tgg zETV6SBWj|qpE-g_TOY>pgfT-|bQ=WSSEcvlb$knrn&L&5F3m}I%Dit}8k!HTP^d|B zSi?gcRI!HG*+iM)E*p#+(MT+lO_NU_;fwZ?|11W5NCHXlu9nQ^&<9y@j%Z!nL|NZO zpSgAY?g6%x&gW;NAHrPaoQ=Klw^6ZwtG8{uRS?v5jcHQp8m#Vg4(hs?y<2(R&yd{D zFw_6GSeJ38}k*Fm`J1!x2I{aOEhOnM zb2y)VmGK3?P>7k-E^wz(>)5`#{AK8|+)BN(Aq-z`+jJ*juQ5E<3vB)3%|q3=uEX@J zqcQ_mA2$>ANK5=}E5?URgYgV$bw&N-J|zLHEflmML-<6=&x-1KeP~ENQ#W7fPZj$1 z7t`$DD|kjs9}0f<4K(Y}n6Ir1oH*Ftop-lLHV#;*zcOaSFxr;%1N4Sj2!HXO=W&$Q z)Yqpy3cipN^y8l>u-^V#v>u+H@4FtLPYN8HNts{#GN51GjIB>L{9x)wl5P1FbuBy3 zhw!p3J$`cH{d%rzhcf`H$m`dMk{0jZ3h#KTv^|UERF&1?!{F!sKi#{#-^>ZMFWqNe z7Iu|~YaCav58bDFFXkp>W|T=jGIgEe)m-WIvL8P(`-;mCgf7cR_NVR)x2&BN#K_j6 zmEFd4URwsd+RrcfHBo!lhFu+%1v$8BQJu(=FOgjGnYwB7STxKd`TcQKg4;Iklc(^C z07{zif;PheslHO}oE)y!qxk}(Na_+lAT4o08`Zkna(5&buSiriP&mN*uF(JCwDhLt zyE=AelkYeP^38{If6&_=LqP?t(@? z=zZ}U=P{C<$dEJ&+yX8ApS_8g^lL1pdFJ2s>_z+)BLRZy^9#NF*aK_F%3}o<72P!aIi_z4_08?j^T3 z6yO8JUpB+RYf%a&H$$N_>yah5HB{s#f&z%4@LJ<`0h1)ziYFvhX5%-Jn$+KDd{hJ) zJ_3yZNHTgiOU*&?D?qxl?0wc>w~@E#hF-qw5`i~Q#Tv2Oq}8_COF`ri=oB~R3n015 z>`GlHyYWvNtCZ{~w{n_U4cje=E(!(XJviV1PWNGO>4RjMZ0GE8lcVI3t&phD?1#-Z zp^i3IqaE?XViwA;gIK&k9A4?r#JaT3uAz?1+@Q3)qcYWhluw*@zfaw5PX^;M%~8IX z2P-i#oO)~=j^Dh;C;1W7FbsrbfuyoPtg~Z1wzlH^?R-E4p9y`QuuBlzw^ag1x`29@23-3 z8X$d$&4GQYGgqUj^?=^V7=)8Y~8w zdc<5G`;_pm_)L28b?!jZO+P%_#>xY)3x_HtuQ=WRetG&}EI*H8v&Ueh%>7;kpsIo& zWWz#P`1g%q2-)T2sX6K-0iYWai6a;vgB|Sr#I^#gypj40hCs6!Fe~LyW>?WRS3{%r zEkBEB(QvP*09IAr6t?~6S&#irP};m6UGb4z%xzgH&_vRey%F{qEc;$BcjxUIU)L|) zs5H_yc0FjOuIe|}JjZ)Sqq~fwe@|^lMF+yLg-ph4dTgqrtNv`(k67-L$6XUU+4uC> z>h&h}24l4gNTXG&>(;Y|He0`|bb_gYWy5umj%4xG+CBeMDR11P6(}hHAqqeWV*JOW zzqu(?0F)~5P3!cuy_BD6d+Bn^D5$e&__JsPnVO}8F3bb)NC+Sb5((vxzFNl>NLJjh zJ^JZMO*#<570A{1Z~nZdW+Gr)6AODx0t}D@%ifXqXYAJh>>*Y8YS{)u$0f54#*%Ju z39`TI;fTMqr4nLwB@=_d#2}FeJW9UXQiYBeoINVH;(GtMgP?$5D4fjP)>^mH9q|$@ z>qJ&oK~g#~k6$t32&uTik6ugK?p0gW_iLUM_Zo=h0VeWD7sskU%-3vREqUCa&i0~h z_M#=x$`4%{k>T7p1VC5q1B^T200f+laDa?Pvq5+1+3SXF160{Bg$I`PBkKm8@{>07 zpdorfqevF~#CrU=fG{o-dcX6(@cCHJWZ(R|+a@9MIEVJp>AvG{WPI%u<_)X(6^!gS z4}?+=gt9wYQV8~p2)`Il+k;*SgPNH&u&YQPAtZp7`qDYqphed^pqW?w3kPD!GyccF zU!n?6o!rgh#%i{nAI70D*%!p`XaE-)@SnElJf`vzP`lfh*b3D@h@za+>r@7wMf999j ziTFm)q(;!vKFHrJ1UM3-4x`}@qY*1E_|;QkB!cJ?qvGg?&@2-{utX3zES6LyhHM9^ zL~yj3LSLz?D#YUp1^7Yn56vWAsU{O>wsx8vqO)dln+&u2&(`d=dx}T>yN}kHc8pkG zJFcZdH^h+yOG$zu56i5toXNb-ejKr%nrdbNw6o}DW{?}+L4#NkFhT?jS<1{kTy2SQ zHb?O?4@P5jrSasUhXNR&a5|H8?>e^d^X83uS_u*ZV{Z`Q*ra%8S>7QGXsq?gWtK8B5;%NVHW&nFABhfvL=i?fg$qys%j!T%RdOpQ&u8oPtF2S3tP7;Tyb# zk3C(-N+HkE-*y+7yYeQzM%TOG)6%AhG&DpSKd^d%`!Btn2AcddTI|e$)AOx(YjeMa z=6ra~ljVjYMs;5#J1CO>?Xi5Cond)v`Uq+UA{kcLU+4~u2S?h6`-q9UE5BE4cX zAuh##jjT*SR;DPm*U?}z) znFQZs4BBH<;V+fv^3s_W#ntk_X&aSb+!I#Z6jlUJmbLmCSe~~{tZ`a6Y0xkvCUD55MVX4Ss8_1e^y z4q9WRuFI|zO6BQSMCn%)DST5^KKC?txIe!Bf|F-g5oK2~i$zt>ou{SGiy7p_tk@?i z;3d@3=L7*cK@>yz)N9^aIu4pnC8JFx^9Q9b;EUA4fMSY-TZ%iB&yab+lNm%+GIsea z%@+w$G>ei1cs*lKJ!4cV(~*0i@`I(Im5S+AGTK!#e?bNnJn)Pmi(S0X;=RD4GJ7S$ zC0RBdJg+P?`zh8f8RnJ@DgJoLKnc!a#Lr<&+9V=eGR?2P4>`$ul<_C3b7@PYeBhZ; zM43?}OnRS+^KBkzCx>gyBewc7u(B5xgbepo1_jbyL^R*M{5F8Z9RO9NH;z88F7kq< z(ZG-~pHs+=C|``O8+^}~0as!QQeslkU{w}sso;$*PllBz$E$rpDug+peo@K-d`e(= zWoY`4iuRDoxLukBjU4><8uah==N{Fntst|0^!QYM=i-G{oWWQYP%O)5Q(1zsV~hVF zi|d`8hi)q$uT|1jZ>CI}>cZaaDJX6#C@MU#h*xT|w;~N=TTmjVKM+oRNRCXm;Vz*4 zSj4D?j0=h;rJ!S@)FNq?hTfMoMs&1u8TXd4M^+mFqxpiScd2N1sf;tFd&6FhVAw=X z&^Gm$^=r0Cxx158(b(){Sa!1PDp9YrILE^G3?Y(@y+vdWJbm*>U6A;tMsiAR?r5F! zDWuPi6=cV%X#Vls!L@w#cWSolT1@o|$2Av`N_teGWD~M9G_o|to^Ss+54EN#ZN=rk zXK4Qj(qxKiWX&+7A3RCfwNwrcDQ1KfGZHX1tAJ{f-7Qisl5KB)-)7+(?kSglH?%>>kDibAj| z=Pxazk|{C)6`54tmG3c#l*lQ5ky8Y7L>tf1-eq*0%=iX+%sd?<+03ejoqoMd;L%sG zykgK*-?z&tJ(N$L9aL`BCA%UGVg$a<7ua6ialgp!7=d?;DpSnil%uo7^hyCocr^{( z#-X3=cs>>x8MY4OeKb)^MN><4LyNw9D|m9v)mmcmh^C*)zg39*Z>cp#K~u`2Q~SGR zS4Z`&rN5nC__)G$dNMVcgwp@}Vyn_vS~4OnS)-cBvDafBLuu=}K{9^+s`5(xF+eT} zZ&IhS4OW<}K}3A^?fKU`@$rzyT};20BWAwE)}pmRSvJ~8&CV$6d7SH=t81=7E>)w( zgpJ3mr}^Py*G>f#Uq(bxi9@9Y=S%;w{)?cPUD0h*=eUbHbqO-L6(Y@U_5yT1?a1p= z`$yk0xhmMKkq5?XEOnC~6xlg?7hI;T_|8h%ra6^Ni7M8|Pw!>xq&DnW0|J2D|j zTY|364@_t~4>Eyzp01lbJY6r}H#=^$i%NPIII2kcUuH=rGMpHot*f6k?HavsVdGl4 zJ7A*Rdvsu)B(c)%FP=sQ19StyhDx7kt}UM*WbRvV!L zM?OhKI)*@Ar0__w4(bGj6u<7r#SLPAoOhcql#V$bguaeJYXQ#Rc#~cAB$ACd$pI1ZyNvD)N%iF5Y9u(ZPp3m+Z#f!rZDk<^uFHCQP6)M6Oa7?#&H?7#G8eAS@hV7 z9R{e)MI_@A@#f3Ea$S%3-*Gtx2kA6dx_jp&s2fUrY4-z<#0ZOSW3WT#FOa^RNNd1T zTETRVP4nCMH##R*uW5_w{iG~zAsQqC{^gsH?=gJW9eNg@XC^wf+jREktSe_r90p@H z0(Rb;^U#fAN~No!nTLHgOSGm9sq_Qr+{z|?qQ<7p@g$ktTBg;zz|FX>eIS>7Z@h~N zOH)PD7IwbycsNPucsu`fE~CxiD8AH(az(W=L8|RSrLjUlma@`Q>idO?Ios&KVnxe} zGb-gWJYp9WZmZkb&k>)*+m1TDDY%(yw*)L!f=b zuQ)Yxf#dCP=fA^c_}BMRo9uZP^=VXSt1Amno9t*8b#9bdrlaReKznnw&jnB6D5h+N zs;t|5UFPGrx=57B(G8Z!(Lp*+S}FZbP+yZgdt`#Nt^};n5Bx61*s#@QQeuC(c5HKs zn4qPyeMh5w!-@15p0JBbi+p}{4-{Hct^#-rRen;sw~%7uv-BvVz{hJ*$Ei$x3rQqN zA#k|U>+!R&=x?Ztqub$leu(ER`K6g8hW;&}pLrQ7t9DzTLG z<}F5|@1$=2^FQxBvvXgC;R^{2yIa5#@)jK7D|by~y;r|}c}PK5E`q-AfUL z6k9IwaH=nW`n%xnPwwoM+uF_w?~(Y4pE1|-n0MlBKRszt%l!Zvx3W^i{n@+N+TD}~ zl5$L6bG5VqLCU+}Rt=&WOIgX@xu`&niiEO{5^AM>^zP9+?@&v z4*XdUmLdhsu+GrMh0PJ+7fDYe)PmKN7h@@tCR-AEB|S)?#?G$J-j4|oxK2-?q)mbRw!+) zp4Ge&E$Ff1q+QbQj2hqVdwZ;JjdOMZT;I*!G|&up)%ptW-bD==72;`Gzz?r8M|DFk zk>)ATRLFQUe~|%A`(mz%BR6I92~E&fN-TYeBt*YUc{|d>`t|kcrvUpyB28z2%PoXX z>v9bf+~h}Rb1Pd&^7U&|w3aWXkMiwpc0Uu8q(emxBzC1G#4<^s0{no;Ftb zO+^vwDrZg@P9J(zwBJOyQ~WXP1f9)Cx}FV+tIVMPO)hfdRBZrD9W0VCCE4M;$8KkNqzvo+^}CZ) zw9-g0LGZ`t3*L_WZmKPyWimQ~5&Ijoo+KCb>wcJ3>9hOH|Il~LoxRne1ZUy)9td3S zGIqcR9Vx~%=hgPvtr5|{S|k-%gXJ&yWnIOq7Nz#`;JomAnX(&Ga1QaOl*E zpg^&(VfZBYAd@+>@okNUA8HA+^g&sFHgIxVW^~bH1M~Z2s7C^fO5qfRYsmK$~2Efsh>T^=hYE;Ul zu9JQPEU`wHntl;U#34)HxoBOjX~M4wu&zXe4(Rqa4Ctb_R3JjzbQMnRV0D^6<0=#d zZ8kq94fU#9bfePMR#z&ufOY`)usb!*|^W^v~L@C*HC`p>F@UVRRaEL z1CtVVV~T3)MypVuh!-#zF+NE9+OBeY-e2+SdjId;4LN0uE`P}iafyUShxe5ou!9$o zk(}YXyVc<&E7QAqE--QOKCBu5zF`n(t0^2esGlfN4@l4|M`h~+TDd0jSsbZrtX^J`8;s#;GI_U;}+2?AE zGslx^m<2(tRuIUyDI8;<9xJi}L9ktJ^FiSDG_GAW({t?>?wxrzYlM^}{G-$*Fjl`F zc(K1r7C{WaWux1!wH7x&bU=K)e@?G1(CrjXJZ4@{GqymN)g&38wBaWTU?+-ZzsJu1 zfX&0~`3eJ`M+^{Wqnl|+?c&Jlx^q8UZt|Jww~uV_B`CeT9N4zseRv3#t=`aX4az6R zzts`zy0(qKYky|#>lJ;>{>?$+L1&9DTTimFGBSAYd%LwZId=EPS0whe0Z{D+3i#`2 z=4>2vl6#8{(4!^A=yy(4pZmpRMhj3}1ABK@xIB?tXtJjT7^^WZ8mj^Db)gssphNZ+ z%gY(No^VJV8u}_vL>c~B%a6+!9C?hzeS}ky0EF4OlX}^6=eX?d6prupQDX710kkCe z=O)0omv(cryQK&0Y&fn%D4U7s5Zp{kEv@b0Ql#isLZ_q;uWm0Olu(b zGzvX9&iIXxj0wLkz`79;DsL+xW74Ao2yKA9dy^81z4=OpqZhDGhuF3*007p7Ev85t zTnzdtaF!Zik>W)y zyYeHP8UdTuK!W&zKRqHdrY4y9x>9Hb1UOa-y6mF}VQj$>VQlVwcEE&=)K1Q@cXUrL zX4C)R65cCr4U&&>V8irC@LMgUAAQywtg^-d-jV>q+3Aq501vGi`pK8o z?>SsO+~2Lfohjj>Fw(%h271`_{qLhqQT8rkV& zM#*-yET)dGOLCj8*^#UaUTi1}pHQ`~JNuXjHq4y_u5IO6LV6c+O-lH`sz3Wjj<+v`8wM8gUZj&<}2(;Y*-=*9P4x3?bi(TG$Bt3oa2g{n#uJp|NFhQ+hJ_~ zjP1kh#hWMcmG9jRcwZ{fAtSnG_8&PWENSY@z!)r}Qsfr%^Tw(IK3= zmofaY?AQPu6160Y(7o9e6D2PzQEB~#^Hd-fGB~B=c_{G?MJcDPN+s*=x$+1ArtEa| z11x#g+(eU0__KX7U!uZfv&c%9&jwN=%#O3Wmip828-`?zlfq<4bULE(i9wl{`}ni{ zGGAiCWPgxVIWgUf(Ok7Xw)>wa*zwNvOGUJBM~X`0@_4bM{n55YNf4l6d>aeG27*Zl zc}yBHs+CTcb-uoW1cXUFyol(sh6_n&T!N3Gj$>9l3lG2D5GCPjR_mtA3AsOs5^}K=zlT&JsKrveE zj|S@a(uC|Vk1gM@2)j>Fj5+!{^1d2;@&Dxm^Ija+ONyUGHB~?7vekL zRRpqUAOe>~qf2N?=kDcglL#=6X7J+SURDvpR%ImkMwq(uG=5*^4<~4|fHK93JpXDY ziVo%(f6p~K5|U*-5NoN$(}%680LCIz^*K~z#}$RM{{Cte7XCMjavYB!R?z4UG%pt_ zP<)R7(caZgIf!qC2A%2Ot(fuU?&dUN)7n8L8 zGmbcfLs>vbF-heGk)q4fx1&$>WW!$9nO9r^Os*tU#K7Set5iHu-f*xR=-9%O zf7OHQr_ON6sM&K9me?d#FCO%=3c_wsF*aK4PWcHzg9Vf%HZ71O)+N_W@B5r5MI&?E ziLDVDK$}YgRA9-T_mb;udYq*EoCmi`(m0VJr7b=Lijm4apBVVlhS2~iSh8(A#vi|b zU)gA~&5-hD9XhT%-x`6MeHBL@^p{y$Kj=x}6=9AU)FvvqJH^@WA`w{=0kEUdMb{tZ zFy9z%dds_T_WkkJRqwK8{_D!=tD`~}oo{WrUJ_gKCLiR7dwiSdcRceU;zxx0bs@Dc z!xsjByW0QaYmb5(v4Bd%BtzENT-X>LIpv({4&ZvG0C$$`9q$B=_cQB@ymIBeC9U-O z{=d}?{CU(jBXGZHbW2)iWIuHXe5ThA$cJR8Uwse(845xzkKP{~{k^wen}@ z<0OZcP8&@~5KHzdDWr@vy&ZC&G#j3ml|tm!vF^cYb%f>A*-g{K+>5|<&hSH+Cdsd= z8eaWFVP7{Cy}!4ko9S(y=R?$g27GVNYob^3;$e_%$l7-u$e{_5XUU%MdZPHfN1&Nr zpHxY$Au=j4;(Fe*dqEJ&E_CU@LRYKOe_x861!LO+5ekZxAB*t_is1 z$1E&QpNA<2XE!{wUX}?db?4EaQ$ZXiEO))RA$&4!*GINx?!53>iVH9CLlj(Mt{L7u zoPB_532F8Hrst;Y*O2q6<`s)D2}7X*t9^RyTO1QzvMUcmpZZ2kTnl^gpVfSm*_x99 zS=o#CssG9st&dDL8Xx7X+2YNqkPSnso>OSoEhC2&d^zfNB}wy@BNOr$$xJ+dlZ zn!WWl6@JbPIu?}-nKQmCC^#SI$uu#>Q!|yNBV)Y&!4ejDT@|`yg0(*Ph|+J2fS}IGuw!DM|b21nPEyU&Ah~2H%Z-Q7sN5h=po5x(n6d zNz6b_(O;6Bq8+|+udmdUgad3L}(jUh9#g@j@WvLwglNv)*76Vg7-FSezPDmZ_2J zR1+OXVJSlCff`aWeLpJEzXr(OaGXvYlhnTO+#dcNtN>08{$J?g z&t+NL_T%$wikxk7Em!ZWW!K`+P+<_#SXBkv2DcHb^F?gs!e;cLEklpL8ty1o$M?O4ArrH$jR`4n`wMvEvDJ~pGhxtz@t^3% z?w^6QGqHeXrmQ@3=H_63_lKst_1VlNM{d0qt-Xv@R00+ZDII(rGW{A`)SM3*5qTbJ zC~B6ep0kM8vfI6lRa739DZCaeq}20i;##auh1fdk#mD3h_9`lAirPGoozOlsaOgks{BK3(Fv( z3L8U#WWt_Z#7AcPogW$38S*L-8qUJ(dYSaoGJa0)59}R&I7FFM zI1n3Sb>hp%-pS}jnpHdj)W+(dNoM;cfDuz}+rNZF$va;oaCg;E1lZIyH(#PrF;$5c zLrmEpIXRmh1MqxdG+3c|uH*wT@d;aounmn`;)KduU-Xwq-7c~LzF3?#V^*W;lO#&` z4MyN?ft$8r*|C%|?ztRv)oVZ%ftx(x<6Lyrvp@p@PgO?JO9v?$4;2G4>HOF72E^n% zDsJTz2(+v286oi3nKX7W9uZF+3t(b2Fi;LkJ<)=L7=d5`gbHqLvQciK|7AvNv0-9a z*ha0k5bpq4ERK?q!B6S%^+IAW?P(0)0G6es_$?_|=O6~R3cHIqU9IVoqNRc92O?l& zQFmA4gr|R8b^v%UPf|rCJFkmVF&6JlDw~h0Of|Md1rnywr3Jgr^ z_xAI~mxASdsz-o>`~?dE>@8m3{!x+zA^@kVs64&JOOffj#3R~r0sRn!5L5J47N=sd zzk}K82mgIfzR&KaIw5R~2Bpf#Ikb!IuC47_$AaGRDER<;EbcC27U7<*pLDR*k#sDl zz?^l(9`07Gjx_I+;7q$u94Lv7KZR6ZG*V&${)|K{5Sd0?XFtg-Wvr;fy%>SZq)|?M zEweYA#q0YIAW{_lMWt+o%4aaaOp~EH83CgyJ-K@a#jd6#9jg=0`<2sTw(rbRPp`GL zWz>S{wyd9m8DV{JcGSx%t|&NOE*9X&IGmzU&;${uxS*HH0Q6R0)tWgJ;F}eM)9Gg3m;6+=1D? z)(1=HN5{gTY1bysysf{QI|Ru#Kipz^zHlE|xsaV$*;
  • Z_`e zH64}x%uS?xBmPu&yLu2LC{Tb8^_`Wk)~%hmbz=S)F31Qp6evJMupJKf$cxMod17_g z3qH0)p_&2|cjEy=>I_Uzf0X3DnL2OQ6k4^4KQ0x8`!E8x1PT@s*$$uoCz{i}qF`@* zoU_nJg(JCx%4IX>{+UU@)s89!L5m^1wCl)y>FZVdY7<+E5DsG^LkZosEy(6FfRi(kQ475-$kVKp zS=nmnWm0HTa>#Tq`y#VFlyS$Xn?U-VM(FK_Jk868?{97<&sbIu0#^i4o;k-C9D5^< z=AT^^t0#cJ1yRr(*9*eLSqM49s$NaZ<)5483GR2sNzlS>BPGVZt+11w`s^yKk`XPg zgg_nrcrRYD2Uh|I80@M84J0U3y8+R$9KZtCHCOCFbZiI%(;Z^;TB2K&A6dGT1WKh_ zDLhtJwPbAO14Rp7*0N*u9ehZy26E9=|IA?L)6${$R6!l8N3Iy|t5p;8uIpbI2dKIW zm?hw?hQg9$3#kFB5)h^5Z3f4ePpd*q34rU2sq;!wbhR%)HoPH#b(m5p7KU`5;q#Vo zr06En#_A5_p|mzCpqqBI@K_+4@fG0Sx>$9b#2o<&H+|Oy3Mnpfw15DGzP>AnoFTq> zlWsp;9!7-c!O==JytG3dZ~OARq@>7kook+hLEE?Pz-@5)w19j975!srxJ@xgUtb4I zJ{+p-XLjPGrxD^*?j1IHEs^PZv`S5kKwSr`9}-TrE7bAvnCDtQS6&oWW0i;WU^Rr3 zWqj3muRL3_c>2?e?-je-W#0#q$dh7u2HafZxnqIKj4%e(!}EnTN_F~f9CxfPRl%|> z7)8^q#2m|!5>Xd)j2Go5pc%<*1#UA$Hl|fvj)j$DSlB|F?n!t=VG%whX4l%M^Wly6 zYGPy$e5JtqvDkU0Zj{w9?+E<>IyS_XQ5Fj)MG`wG*b4|>cpj_VD>E2ycNa;*iO0qq z7dSeAYh$oBux`|CgZ)5IXEf;@cXy(V>h&5M2^3?ul0Ym6Lu|E&QqL%v9Gay$^tZYM zF#!vkcHV3b^;47BiCs|lRZCc>rnu2fTHRu7cx5dG2X&kBuk$8gmDsvbMZ;_zRO7NX z@NQJ(@XMm&FHIknzjhPC8Ob1mw^NeG#YIgoap8=z2p)-qj-f($o<A zYXR3&=Y-HEbqNnr-+o57ZGTK$g7mOYNM%7o190Wf_Rn)JwARUs)ZI2pfJ_f2`85-=Od6Yl2HoW zeuf(#f>jfN$Nb*l%bG`NHs^Y@$GH;>mriDK1B&tzSTy+61V`AoW9bbSu z{jns{YgOOxyu%Cw8!;i1Fj$uS4U2FaIXzn6oQd!i7X_S6*?n50Hw4YGX99c|Ib&>K z*mErRYL{y0{aUS1326x%4=jwr=^6*H{|5RA7FO$M`GlS}D+YKI_KN#fz+cl&D7erb ztJK$}nx@k^60&s711-Toxi4MB+n$#RRuYFW9DK;<(+tfQg(#UrVRgm39w|05+Mwqd z;hIj*%5N|WCxbg5L2)0Es;1h7%_%nQ+92tSu5dfEdm2JPybBx`jWl+UY%JS68;+x=-`v!u^6usB&^~A!+a79mg7S=s)vA) zd=j>%<8{m!v=bk2Pz$?IVH&HsPlE^FGlAl&kVdOog^17)Aqe0hR7ij6Sv1w#3Z#-5 zCOR!$S5))=o+HV13r&KYRcm2EYX!aTaQG}8KX%c&gSBZ*d+l8torhu~ThsLgvM>fhJJhYSO* z7~CYDKoCuOA{d$_20>dwHFQ`=^J4}#f~OZ09gOH&XpRHlvxMTBk*X!ywKqevL?LLB z8)}PBKI3>uE_npiNM@$I85$xA0hmKIh#9gs3$7;LI)J^bp!1)QsKNeU4&Y96D6RpS zKs0B|WYF=$;Pyz3i{D6N(DBCLHt>WmVo#_zOs4=7cmhuJNixGzj7H$hu`F5sh% zbcT303}6ON7!v(3-!|}3;|q5qn@Fq;t+jnDD2Q- z(=+t07{tQ@uP!Z?&<~;bj06N=qKTQ;zCt2DApw3Eo#afZaQcd8L^q7iMuyavn7FtZ zs16Q;1Efl-;B5P;GZd7Xkf=0m(i&K64z+1OCQgWoCCy3<@d5L+7pPW4Ka$NEe2QH3 z83@MUuJD9o@h2uMI$jvuGG0=}%f-SH{f`g0p{>&O*;U^Xy~YRpp^a5(t>D4i^pOQ< zV>=oo%f+1G<{a&IU>y(@p@;!YYhsS>=L2SFW3f#Y`5HFuWWFRrv)C8lBnB}Ew*^## zD)X$%{#x%29FPhCpd^4c<6>8mN_#MuN?jHfTCC{7c~E4+%MnRwUphMkg|wW zo6ktpvi5!r*vkSs--tvdYS*rPKqprk3lS(%0oPD2;S`-?EVRBDzz&`O5Pz}?Gd;kq z;-wMIrj_Xs8`Kki>9I zv<^YH@*x_G0#fNHLbOgWKR#IT{gm>qh8 zhV0lv5nPU8af}1u7#t*(KtO+sq8}j5=Y7(;BL1X++$ndTSDsMGEJT2(0whR=;hpKs zIw2SwD3u_9ezMA9x(ztPOLu%W6*WSi^8t@Z4!-o%&>pW=XdfVe2@)|ethL^v?d$}w zG#bOpPFVg3rr`zHK@n)jd+Vu;FsvbWR}o4@XA#KTJ)g-)6fcFGe{kceF)b{D^Q3}Q zP*1@;os4)!J6l6yM-fV7fbCQbmq1Mv&{*2_)nv3iVr z<#;k1{M@ZaEm@$TyJL*;d?MMV4Z0JDN}z3XY<;(*6V-ITYP|KxwKE;lo?CM7P8Q?*tx|}>XaMP$z&I~a z3gNtmE>pA@V=|MDK&QLdlV zZZR%88xn_$Q0(7ge>0tE1bMMV{JkkSiHx@YaBYF|^BHRpb(8BxzhbnxT?%om{i^4OJZXU|=6v=YRq#8i3Oqf{T+DnY{;PL8 z=;hVgpToQU&`1|)!66Sr4M}#=BJCT3OU8LcIz zOIs#9&U1_R@n~v(a>o0QReo3eqD}o%^5A)4`)V0UQrhkPzstp|*~Go=E9ncjEzgtj z{GV>tWt1~+`~J-1PTcE7Mjx)vXz(%2wi=|bUyEET0*qlw^*NgFm=p&5u_Q6$)-Rb3 z06(T?>&tp)c(E+Q+fqS6{4c`iNIMt_>L6PRX{wcBB(Kvqitn|08{8a_!YBKb#c!yct7H6g{1k zSx18n^R9}FPU&XW9Yb&C@B^p?r1EjozII$`yI_E?vS2!k(VVBZevi;~#=IY@z{d&# zb{l%s6S+UaFU&aJQLW!zCAwdB1g^qq(?DSs zd=6H8W$yK~_vJM}UK$mkVA86!3{Z7>vNxe7+jV^m4od@}1f*<3$I*M$k3n1fd<#LV zmUaba-LA(qEfnJl+!sZtk)+zH;U9Y(VWEZq@?wp%<61GJ4bgP6YNXQA1s!5hSn7z&(_x}f;7!O zCgs#mqHa;ZiUBAsT^j`dme{65Ztf@lz=0emn`8rO?!q77o1P2dhvPSw*@}r$TDlgz z!ktY|%xDF*fQD(=+-lz_5juQYAzEqBQdQ-P@u>+jE_LQ&oQPJ;7ewg0(~mJ>3h}qK zfKSu1ht$j0wk%d2Nd^o>O=1MAQwfYh{> zcSdce1oKmXaB(70i{u+BGDATro^<0nt4A%n?Cg8CMuyZSMQPDmWfJKh@BZ$rC}K3l z2&SZ~zIJbsp6#?KVrxPe|p&@Kh=pVVgz9Rssk~C6v$$LrdA9NiGAnstU78} zLvTLH5OEnjESUYM(9YP9x}xZLA*r=myrB(WG0GTkDLlpX*VfsPdZ_3JSQpzzY2qaT z5+ny3K33tb{C(FBNVaV77|U6?Bu%#%XGmlzMg^pFKbx%!ezC&n{u{7;8FsTO*z_09 zElsB2#$TXAFfPhgLy(wgh}bBZ1gYwXXoZ-jL1Wa6yR}KGwl?zy)I`$2%l!%^qt(&T z3L&IrM`Om#0#Dn&K`8ab=gd^{OC*9;+Y>!L^0gnrXawgo4Pikp>ACS2!!1cw)4WTH zH$|$6mRh>g#mnThVHt)1(PGsh{F+8+PLR1yA_u$$uxbEkGZIV{%$!2w` zQ<%6FiEeC+QllYk_J5MfXVWcP@x4MjTyhR){4D3GURSr{WAvGiY2KcAjb`(xJ=bXH zJP(l+-V)JZ{}gtg3}`rqseAJttOc~2GN?l0&G=*>LX~U`3g+g z;UM&1Y}3E&MlJ8z>J@RUvPQRshHhi=SXgn7%ra_gMLHx5eX_4ZiG_ zvA5q=_pWawe{+6-5*K(+5Ef4vR^2ZiqV^3iey8+xggk}WD+PtkT1_e}-D%33!&c3q z#71QzPePG#O-Pu8c3Hmp;f$1+-|Zhz5OnK zurC^T@qdNg3(BwlE9}0wKoWKbp8h|=?tvZzr_S@qJGrN==ci`kXA|3wda>@;&pLx< zw`p^9#{S&)f4k_vYqHwe?eg~W%h^6x?rL8MTNRhlAGq9^V|FmB{ph;LgW%fwg~>a9 z|IA+W{;i9p(9qE9zlu%b{F}S_%nWXNedNi>%1Z6ldaH1A?P-(IHYJHHuusNs{A@5) z%PuE+9409DJNTW1;M%)j!+RXqusuu^^f2=~2>AbF2L!s7&T@!8v=A)NWIg@*{j(9z zV+oP;ZN;DdA^%Z#KQElkp~lm*Jk-D1o_baDZuImtbphbR3~E*0J@UC6c#~eRY93*w zF*PU`mi*Nix~^{BO1Ay~6+vFRfjGSM_8;C({ItkL`m_^;gJcdRANlV|taI!JD8*Xz z)f5{3B>SJXE9sA!`_kd+;DA!@a5Me#$wBF5H_Q9Q3y*&b7zuA*1#Yt{$w>ycW2Hkg zsf{$QZohjCw+_T^ZW|^<<^1F-yK`%M>F<8(PbdB|lDzx(S}xJR@)z%4sUrUwP(30V zm;cmtV=L@-{s?{H1vrhmtd?zjX!&9K#gCA^)#h{g?}h>7-!|qvYCl`px-fjJtmt;i zpA%Wa-fg)3>MQy~ttJenE5hV;^(^x3%;2Q5l%@aGW50X%??Tb?#Ixq= za&1xB1PtfvH?JG4x!PpR_PFg|;(WYp#WNdIWfl2~p1=3ue?NQfdGm-H`x1A@%T_ou z;GJ%Qe||NcV(B}N)6?EN+Il>Wr??|`+avEn{|4U`=6_FTR#!Gg1iU{}&BjMmnreLU zms)o&f4?}0d}2NKyxG6u>p)SZWAB~TPV$kj?aEG`hYTZXKkisApU}@{MCh80W{9Ns z)!KaYtn~7V7IQRof2=pvJtI%*FP6bL&S>7+Xb~Ne#eq9=v~|j86gU4)6oL=zwK%nE zwEmzIKg+!m3*OHmsn6)Re0oPY`>o_B>%qSGV+pU4Gs2Ph@&<$ZT*tC#R+8TC&h>G} z1LdZFsvaClkEo3TZZhUB5MBQaT6Zf6CPp0ckpHABDpBgX1Kho_*V#c3MhhgtVrjbq^WuAPBlOB6MNg9G#&_Yf>Jh&hBT&I?jAfMu( zw_o(~;XBJX%n`SBRILC_=4krdR_!PU`hs)*2=y;;v6aehE5y@1bozbHmf`z)X~N;F zoAnmgW&CokO>xz_DP(V?!+7M$JaH}UUjn$7VIe0sxsOC{x!DfenwSN^33Q(V5MsH% z%S6)wwcEfzJ-)f0cV17Bz2a)tGy&exEBaQRulG<#0}iy2BV?&L(M9i?-dWom1}qp;D;e|uwx_pFPJLOQe1f_s*VaX52s8c@=u5Z{D}Q^^KY~d2?RP~ z08G4XS3lzJF|M8e!A@U3HOf=1-qhgV+Dw`OwfbIz&$9RUgX;rdDUCkIq_uTSMK$C< zNm{tku*h60#eEdh71-=GPCC9r{1;Pkacb<k;&Xg(dKwSJ%UkjCCeM z8{(O4!PzZQ6;B$QVA#*O<~MO~hM60HDa>TGbKx6K?~g?ZHiU0<&OwN*+01!P)Y}kDM|GghCd}ZhPQBvas5;j~Wwa!{@2TqRpw{*-MwkEe=~5kY0#BoR z9RNcGCpeYE-RNBXVZU;G>$8K!j@Kc+3X~RRqc>N$glQqX-zaqzmJJM`~|y92CpT(S7Y;! zh@bco+v}{R5w%ON^kaEX+oCL76(eWJ)@Q?;8@%&0d0mqfje7kk7wNovZQu!X_5lcZ z?lNd=HG;;h!RP5;@Zdy5n&m=qq49m+OpDPJIZ%I2^oIsXOTE3Oao$aEw0w%K9(#Mg z3rvQ8A?xV;{P^kF37z}w$6)Ee2Ykt`fj%9FG=gaKR!p>iwzUtQ&tmpA&g>Z1F(&}w z3fl<@)9acaWizcD4{7uETm5J=_Z#23gkwFzHS$BZPVTST#$61}?OQ4v($f1QI&-$Q z?gqYUDQH`12~}nNa)3ey?!V!15gA(2_3&GWH*C`{o5;@rlIUospGV4jU!$eyCo{>3 zPUlxwYHhb3=zY{CYW3=Y>Y2R6+?S)v6TP=4jTscNF4;!r7ecL2;Z~ualGg_X(EXhH z|5Wj<&oyrg-K_hNe_2>{UkH81Idr7DC*P?yRYp1&9lgH>tv}=KF{*%a82j4|)0n=0fO>w<&4)&%2DUi6rAF)O;J8YV_Yb10ztR+} z@82gK`OS_u_NR}dC^!Eay}HXez<4PZZ0ELVvm@`ZtvliGG`q$!@T)?cqoX1~X$gio zx$Km>TmBl|bH23lS7^s>NWtS@3?YyvxRM<3vs=YhB;~c{om^qCrbEbg_m2JdiH_mQ z9j$W!*cou5ZTM^kZO27_wpE|#6kCkAnu=LVof)3j5B3UpWnJ6-B&5l@R3xQQ&wu*X z?t*nwB;*`0&!6jabN-+ks^&hBromWPKifPlJSY%5uW*SzO9;9eYRM||lWz`=+(a+$ zk|pM%Mlf2G&5H2tXSbwV9=ZJvJ@{&ttv)6FBv={sAvlQT$>P6SamRbhgYO**uLbAk zG(hf^>U`TQJ>2Q_PH~nKr8JVDQ@vsN(lxzPiz{1#M0rC0&NHJ?-BG&S`sK4E{+f38 zW7(@aQNOXkJ!?PAKsZ!RJmL4kR-t#4tktJmd3znt?QnMQpDsq4ezF2EB;N1|(Uq|R zi-vap&?!ap4KTI3qQAxN*f#7j#raT^gde-kRv+*18TWjitbUKMX?iejTvI8}wju+T znb=~CyK`+IC1Hz|tvs@8R%EDh$H3a&r02w}tTW)5Ya5dgv%45!G%ZFr@H8QiE|T~G zQWxGt6G-!E>8@KAfw{+LTwzaiK4YcM0gH#vka^FW69vD!eElJ}77aaatQX_XSP6Hy z^VeRdkXhf@Dqu$Wj2#Us`||At-j@(sAi$${TsVm zv?#@rC>}}vh@bQpekih2y9^M8DL;wGEbTbDAlT+>`s?5ev0c8D47GkQAvX`z!&oC-jht4_<5Oq|6SPOMU0R z<9F)f$Zw9bC#ZcI&a=u0QB#gIZTw&pWCz^s0I6R-?bCE-Ib`)YjN@2l7857TSt@;M z#$_d%OW&FzTlTL86uur6cr_sK$|-Ena%jpmfWJCtQ2Z|Uhq~zd&ZBXqz&TeD{C@wn zXq-so74O1DVF=+iguw8zrVT~P2Y%*#6TU-zwXDHfKW}}T z6)bz%xEidJ1;u4SQG-9e4*w`i!FE|{*lwi(cG9@+7xqj+Q%jWzK4BiaK@71?NK%r{eNgiK&@a!a z&FS{PHKxGB2;gJ_n4z2Ted5KN4 zqT3{KR8J75p8kV<41DG(`a|P`033l_@9OXmbp}0z+8U0`I>xBc)!nzo5`0CP&dtX2zyg?_Bl{ z&Q}u%jOphV4(%3vKpQ?~KH-m?8O&8hcItS5CLV2oCoqc*?qsr53w4xwFH=wsJcI&_ zp{Ngr`}gQZQ^E78;PhNo=SR}tHuYrHnC5fVX4S^~9W+*M*U-62*kJ(n7=1x)u!)VH zwcqe(!&^lQ*?l9qBuUQL(DTusE1TiL3OB?o@^7`>iz4*z@9;h7A64*jDEv$_ItdY7 zmVp3dAwrWeTXr8Ee*L<#a?(C{A6ba$`JO_IvTf%VkAYkzarmsA_CliQ-z51T3`x zoL3MY!!#B!5YJro?$w;0hSA_@<%+3<#3crBg`o%POKmtQzNkpU`9e`Wqii`c##-~Y zAh0}_H~kLr=1`(JG!dt*-M=(xbrjoObGc^oBHln3WU3oV^(2<_I&qqnvIh;BM?(J10L~*- z>9${ih$N@8e0}Bp>|V*9V;}G3^BZ2-U>s=*|M-)Aw)p%7yST-?Oj~>U+mz=l!lfkc zkhgY+V4+lQY!;i-6_t)L6i1pI^@jVllwPS|Tq-!_HRJf4u0SkxIaz<-%EJ9TCv6SF znXp*%C0C1im4qLL6z)o%&^`^LoBJL3^Waw}o79(`OaHKnY+%3iP7WAy{HKhSIqGw| ziRlpVI-kySffcKZ{t}eR-8cW$(VzTZ*3HR_{*b%-Y##ciNk$}A# zJ%wXcn0%sMT-4>STtcg43j8(_cpDj0o$t3W#ycICMi4=Uh#+I^c_NeCzH{(JQebct z7=&c>Jf+uXK8YKepc|Um6G~60-a&2)0Snm*H^sw8J-rLxirimtiM7PEr>mEq@=;am zTLhp!%tIBg+cqYH8JQUpqHZhz*UfBxP)eotPqZCLF^cNfLapUUaH zp>I6j^xOjGabkoHqk~$)!%6|m9GH0y3~bx^S}WDM!cH7A-P-8tz!9UF>sS7gt|ewS z99XSB5-#=V9?T9%iA|AYh}+19XXw>RMJcq3erSBLwEi_fYd!2y3`7%3rHR*6@-%Cx z8!>Rwh7R1v6Yt}VyrFH8eJFZcHHx=*Ns08^h7CvwCk)65BeNhv0@!%)K|J_eLWS@4 zx36T!KZN15@Ki>R#Wt<5*?4d^UUE3?Ka)-pgu-N_F;Cy2emyPD7)&5>}81yPj!Y?6bsqF@H};FF3?LLBLkf_(jKxxQBF3^d z+!z>H--klx2EB)i<;_D+KV;vvw)bV`ij)f2ol&^upo(qAgPZY1Bk9ggV%?jD^>J)E zCU_+iylOMP6E-{PR8-6S7i=GB(TXFAickalDY?c3!fZ;2QTCr1z) zmQ?s05;%v9IetsDHERC;dk>ZqCLIx?55?bd;s-g4Da5jyD=CvZF(Enfz+jcD<$Vv zk)mXTM-`07G+3ZDFdz+*_XYl{Of6NU9W5@EG;w_;z7 zd-~KT8XbfI1z`+#wWXxhEt-1r_#kmPq&WlOH8SKiQuj~MawjMffx#g# z2*#Knkz+kck z;ZtLs*U?wUsxZ?Vz)Ga9Gau#k=Bz6oWR>qPRcn_dHCZMSkXgh#4-I}9K8%45VMfC5BPPgiamrt7meqSS$_N?F zL=I&Z#eBBEqqaa{7H^El8RJoPBiT;sgj!@sEi&dc-`c>cW7+fjhe-$;!Rt%V%$ko!(Dp^!~pbZDY^yvJcu#`5>lzm=2-4+c)5zNT4SYlUzt~0A@rL^GM1&MoLkbPGs=@;MDsh z>o@E#i$yd8oZDZ}JrSeNK&DiyK6{@mZ9*wRXhVjyA!E+@%1*jRv-oyCIyJaH-s6j2tl4F!(n<2? zYI+qA2II>V93@YP&U?D?Z+i;Ml47(K=raQl&tg2jF17pGEAG<2Vh`=xGO25}4(k1Q zv%^^3#-X$PSCZKs6YJO(5AA0o7O!8G&V+XN((-Y^wJz0JwGSIF!S6O zXYh+z2iu)z1*sF8SB3 zwSSv3F79*j#s?_DPZH_X)qZ$-O0L^gq|ll2=0;0VpZBb>1rD(9h1~t~if~Vd#`a?2 z+}Q9(Ur`O_9>)xUtLy*^!kvRJM;b@n-s=Ok!9DtQ21^%E z5knl=jS=B!hOPCUxWWd%22_OLMt60k-$<#Fi(qksySl6F{kO;V<3CvL4@bqz-|g|` z;M$QK#3$hz{(fJWbRq+Wz6kXkpoTOsXh*slF?#(6fDv zo7?4r1oig*xA615^ZRCovZ*zbX6=u}PIe@GdMURO-50hhPVjVGsXhVR+sCSV_g^b~ zlI>1+r2VlAELntw$h;7-ptXs6z*Rma9}rI}EM0`9$S`sp9MT%(>0AxevkG$&pPwgm zJP)89-37i~gxSiZMY^tOLAiKe1SqW?qlyxXg*|L`hTb60A3TWvvkUAawIDabW7K|E zZLXJ{lS^7oA*Hi(XL!?rQ{nC2vC`6Rj1gxj*R%`M+x26mpS!xxN#lYLd5!DejcI%> z9R%;Sl$twuptx=Iyqk;=^?-7ddu);NeQcGlBtAqFXd389(YrK zqm>tYi`%WVnvcHGbTObx$?WBm#!rV6{_huD3Q|Iu^{Cd-)jk0TfByV;E3(x+1??$c%*t|-3!D=e6kTP~pqJ^rD;SSPHHHj{oGdFrwIWu4W zG&w#?Q2`ws0NZyO`|?)y({OUU6E%@>PgjSh;XdgEQXPj*K@ zDnYWEr_Wa|_aSG*c$a$$Ly-Z9r_qb)4{ds=5M1=C3Jl8OkAHDVwq#m*yIlqUyNqf| zSkz+tyl*i7YwudIrsU~1EnYyc?*snfWQN6uPf0%e&HD6^*hUb98SvF`Yx!hj`+#=& zzy<0$cz5QO{y(<#SR@{QHlTC#_wV16H%lbwrCqotP^Ab1h5Dq zEW$Zg4!z&U4)c(NO=I)#UCfnZ1vG(-MbY~7OFMi&AL+xX3<2O$IDMDvtuv#=aH>bi zu`bGFuOGkutpqZZfH;47CqDr+oClQZTp!|8dhtwVsFpJxB1jB3Lg{=tEdApoKfz=; zPhCn7uJdVs-*$mFB{$3il@h4CTy4>*Rb0j<@7iQOW0L%;nTm+ih7!UhR}8>?C2C)8 zwLc*Oy>$&5C^*CrN4f-P8a(#wz`V!O)?O2Mlay~mFI+P9Vp{6zE&SCz>H!`#$*Aye zrp+Q(wOk^Ug2`b>}58X#RBDpqv!ugbLg?+R*xW6EC{PO1c%)$qn8(DjXP>L`{oU#xF1;e|aXWkb@S~}GKHKb+~ zY9BS*tvfYwVK9GLLOAPmwUtdfH1^lE71IQ=6h&Lm^JPqT|70`{WfV{rdJA5<9y0U% zHLM+KD4|_)^^9#@k@|p3?MJXc@4olR$3juryLM9=A)AHR`tN{V#ubHXU&i5ueD+aJ zs|=!85-3xH!IJYOeZQQzwoR1=@Mq!muZIEyhXV628B^AIu31G@e0f(rS4iA8P;HBX zzCZgT(D$x-rjWR0pxVOE%a+lE%fUFc<)=5T~beU5=EB=jDbtbck_?q_cKYq0nvnX zu4`YDP(q5KHHwAzbU$;?2Xv-&^O#d*)t~l5?oNIjhEt6Iz<=TNX%pW601p>3GKLHn zK64GP>(hUEw_$4=%KJvCsB5NUhWDBV`N6c*C;|5jaZNfU@we)kWSD|Fn9;R<7f`Fg zHo?nbm-He0l>(a$977ggWQR61>~FFIE+)ns#hnIi^9q(z!t{03HFC+V76}?~NXBS{ z4=$JZQJGFtNw<1-jp)*do3+7FSBuQN)Jgy|m~XS&f$r0ivyszomrkK-g6oQcVM2IZ z`Wy1Ny2&NB3L*XJzfrI$KPphxGgHlErn?q~JhNvCl-JA(zq5uK!yZUrKeU~uX$AJu z*Jq#lqtTi1P?Ae<ao~QZP{sBroD9J>FM?HhLB%bGoOeTyb zQEV%g$HV8szcE3ZYVE3UXCPOo!DJW~Y+e+ZM8t$~FKb5Cd;j}fm=`B|zY97oISOWt zx}|34#m#>G-?|7K%prR_djJHK8Aw!wRKouN!JNZSMdpeK8 zrod7Xz0;9|OuPbgZ23OFE@D745u*Y|{FPo-_-J=Bt75_8&ULQy>aMe%yI(Y5yW=8l zNz}=TC`ssPAb7=d{uk}Uejepsx-Cx^Zv;0tmsI8uiAr^Mp-0Gt#NX}vUxlwfE~P`J zyU1J$uWltRudvti` z3CzCiI$?>&J-sM~P+T7iW%F{YqUmP}#Nt(n%mc)Yv7i4BU3NGdumk_7& zdCU*w7m+^*i8j)3$sYQ}Y53h&#NX@TlNL$k@%}Qx`5(F~d~mF|53w>Bt2)lmu+saz zZHr_lmB&d=aDcrSh)We-{)&Zv$t(1T8P6k`c~K$8D>?kFouCa@4$qVueSNl&u1PyQ zc(sV&3%^Yzzs-*<9t}r&w%sk?Nfw1&i_bpU=G`Bs)vF_aT)&Q%BsZT1KyB!UX19;u zZmUrK_dc0J?6p6o{dB4;uI_<&r6$is)>TwDzk&-|%ry+R!x6-9$z?OG!Np+->goz+ z2Jqmj=X<@iseEhmBZWsrtDq{N^0Y5x$tC*`pf)WjANg%D^^t^3NRBd_$xqn|Ze|4! z{#Il*p;|JyaA%|@rdPi1t#8|J82g`Z`Cp)KKm-*NUR)Bh zpsa!JeB7({T20DcSxRFjs^Aom+3>io%@~)BaXL?;i7d{4zD{I;#?zQg={(HoJcRO@ zFfNriEB_$4Sr8nxyC@Qk_SmD%{Bu0zO#%h4Rc4~4A$`8KPC zyAy}&Boj771^0f6USGbCZD&ATO^o!G86#^b)V1{MH-0?~h%+}8P_;$7+JDRW`RP84 zieSPok2NE`1WB$`eI3<}OajUdn-?I{V|&<=fMmnUI*dKy$9P5%a%Ct0oI#$)(*+z@ zApY<3g0&#)Z?}ws4EAE-E+k$V{%L}G_FUR#u7gL3*!y}sl{Rkka@wo@635n^Dd3~rc2gR4>zIl0WT!{G@-Pa<$*$Q%@R{jr$*9Tf38gWLrP8(VJgu8O}<#igeJB+BDT z?pw4YTjitL8Bq0KQ!mvpsphup@b2j(pv|y(QfgCd59^C;Mq<|_ zC>sg7BRf+h1x70jL!VK?EwOA=?D(vj){;C1N+FgZk8832RM0z;1hg0?OktWp{+_`6 z=-0+-T+?gb^{nvla=GkfZ(Qb7TtYc!X*N73@AXeOvPqGwa0!vye!?Um*06a{!U?Hh zt8fPAU$2v_Yip8TIL107ad5H&`i8&Lr@zJCzVdgXN7jROf)jP$gg`&FTJ-Y z%+Ij?O{lznpY`eTeEZw(+R9CGfUGc|Kn`kxIZRA-zjmQ9O_Y^6d!t(m3Nea=O0PsQ z)P5J(K>6=GKXN;fWdt7@p*xaw4jwsXJ~{ph+d9k8T3fw&@aY!bwl?h_Mr=N>3$@Ea zoym&=8P`T)U)^eU-aD!+iL6fmn&k&AVi}b&c?#na`IwCT?V*2UC&~1KuGEMMTi(-V#7zB=B!-!sWyElOFCQ7pjsTb}Op)rG+_$YSC6Wtzo5`D4iMLAd1sVr;kU-aw zgt78j*IGxW7hj3Jyj&WcQb;%z+q!fz$gM7#asQHkgCd@3%ekkMxUX+eHB%yWG$c6e zOo~PTsurd&Qb&`I?>oyLeV&4!vS4P*afaYmX6lfL?w5RxT z%@;t8RWj10`t9i0T8{kO#cPZVozk?9W5ufH&@kJ4moU6!0ZF$2j6o&2DtvpJl^h{i z7Km{ugsSGGst(L9)rwedhqtT)E@kze)zg+)Ha|-1;T$SMhw0)5kY5~T- zJA-klK$+3L*I)hgUNTcyM7Fiw)DBy8{f0^=M-vfNC56*B+^O+>D1+?6SbQWKs$^)G9WZ79X=g?d>bqggWx}I)vc@xesqwM$mAEr(tC;}E{>*|}yd6ug64jS zO*HSD7nCWnHtJ(1P1vY2>SWe$vLZ`1`EaZtfO0$L1ludSyJ{ItspJR>y+ve%dLv(t@ls69 z=c*lS@V9<1B)aej=oG9t%4tc%oi|VRQH87?EH_)wg5E`4&3>a-Dcv|JWPxPCZyJKMOsDfI|@_35G4?xu`7^dS86vN+y>GMU@+ zQ2AdfG_Ux}Ojd_c{+dU&sWtLp$i<5YC1;;tyKF8t#AlK?nrIXa&GfYxoAH5@c< zZpNqP!c}9Z*{|}l^WNRL<-H^Q?dEV9hwbg=c9zYszlU+{vAMWso#YC(hUMtF*UY%4 z%X`rpZMQmFL7jp>eb{yFuU?5>&-|$fFYIp}o%0d#xhCZ%Jmk}H%3_+5I{JkxwvZjox!It6_<|K&mV;CgP0y#EZ%;jkb3ujp3iVg(75JNJdsIaOu_8ysa6QJyRJLTJr zg^rM*`IhywzWxE0lPdh<>lx%8TDYP(jCuHuEv$%5Of?k?4%zf-&7E9z)r)m!ebIu9 z-Bb0gPCM3UI_TDR#x%oK(m|Bk;pWQP{msWTlh@Uu{c0Cezewy1FQp}TM`pG=669)O zHleYa$Bo-R-%@96pi|)99}y@7GP@l?@w13LPs!`9^=HKY1)sq*k1^H}tFgoF9wAm- zM8psafOS&K%xykUzsvbNUX`YI84+{FU#6W}W~xH@>07*Ii%`FR3VP?r!2Or@z;l1s zD22B#N>XAoG#}QoO%Wp~Viu7A(v3g)-zM#$6P2{83+b@_kI*~GEjBE{l<^`p=U1UK zlvD@ULY6az2-K-71u%J z+2IDs`qwS$DcDD2gI}N_V~LdaCL_7E<{Gra>S!ev(s5Hnu^hG_eda*ZI>rdryRvXR zh8JOpu@ut7GUo$|$>>5;CSgM;66SDRl}CoCbKuK5h(7q8 z>D90ba?vzo2<3yh8P-(pKp}tb%;$QGDp`97#5|C^4q^&ci=cS!Tv&;x^CQeo{*`P@ zkWhO+S|WPTkR^S@^Uk51_@3_7S@u{@Q*6p8w zE;#G`Kw4#a#uFKkkZapKPi@O`v=Uc5#| zN0_zEM4KcS#tBS8;`LY?WZc1SCbb}QaqKz>6Ic$=h8>m;R|wk_VZrxYAZEs~WcM_$&H^w5Rs^zwmdwl?CTSf2J05IKLVN>9 zPAdq{ZoRxy?>C-4QP|Wk(Bhdu!Vii{kPb88S}o)g%jh}Jnb39mL2cK?JoztfG5%f~ zY%yv%G;ixcvd&PN)r9Xe1;0K2)~=h0pVUfrm+EPcnKX8BC;>T?oR!l`|3?wIdSk`* zSYtH?g7}p`pmP5*Mi1?O@QgQ=eBt_=z2>JH;-^|)eQtZ&pQ1nZzuCD~)c~t%eJ9i& zuN>p>V^#Ncd#KQH?Cwd7?@1tA;VYjm!N$(7*y~Rd>huFOa#7TC=}Z14$OJki3vHD;u=*0jHUf+>AB()Dv-<_ zhtNGrzCf{v#d#@Ojm%g`3U_Jv$Li=!wM<--si%K-sn{HA#Fx0sYQ~+v_X2Xj1U2Qr zY<%{%g&QTy(e3@;u&$jwANHKqG5e(|B#pxu-8eJPSoED+p)N&6dGT z9Y#S=qpyb0S5w~3RLrlHL3<7sWw4q~i~$%>Cd}6dNFe-SKfoe8ddAcx0P2#6Q!WZ- z4ENCRA-2*MlO|IFA^|HPiJEeLy4k`OVW3VrigtR?P>CM6E8S^5ptsOiRh zqg{WCPHIF~e{HhDa?mm8z%!8ms3B2D6iXB~b5pZbkkD3;Ky-?qM8Zf@P)JhflM9l# zwz`vKfl0DN$?8d#!k%O9`#Si(Nx}9hD0V49))n(xb%%~g!QLq-UMchg6*Ws&yC#q`I-4ImYMx*gRxUluu_9yH9vZWxxaUF z$pN|Kh=O%6ngpF1P>hOc@7|<32{|l+C<4*}(r&^vo5wwUExPM>y~iPIRV} z#LQRK`zuT0Z`txo^`VMJhzn{j1%Vwh$hz(qq6h}Aei{HqO-83V=63quoC{s{$44fkL?qKoXP*b4o5U0WVv1-@ z8Fk%RcDUPjwTz>R08vG>s*DD@6FEx8K}CR|A_1_t>i?(+BF5k`mKrWq1ea=GNaF9C zzRmO8g}zvYGp!}wGlNHzJ4WWDAq(>Qyu_ThNBofKg5ErKv z^MZXfFOH4)tFMI**1vC!`~n*R^!%#X=Uv>arn$o%Fwx+5=+eqKV#-nELC~(ykTdEg zCiE$G@ySxmEH&erB0xEwYXQxx%z{?4*5`Od2EIb@@fh@zYr6cOcSL#GIt zqx<^eT9~4n`qF2M@=CzWqzGVAM2o|q`_EDKK+pD=HvAzGEjS!mwJ~6AQMF{ z&_fZon|3hgl99ky16DebR0ZT5C`H7&sL?}iq?p=~v@x%Ikb& zKL#X@!K@H2RTM5&OB87j3#?}Qtn~(kJbP~sk=3Sa5rdT$NBOzk|9{v?ATXMaDT0nk z2X_M(t0RJ|b<0e?2u;2y#)LlD^OIdP(l{EKVMpXp=v0TIQ8ZQ*RpkC@ECksVf`l-K ztemQB%-%oHSTW^E%0ii@KRylWVAm%kRfeA2i3+0Ln*d57Cz2!SEYN!{#0dqUm%VgUORXA2txByni6Fkw&e(&Iz-uj8SF(ifjB`feH zt69^~?x}}qWMCo)@vQn7TqpN+dGrz(oJWfJi?4-mXJF@^v&{VhADM(Kp~Of!`ScS} zKMaNqgHcF)0L5G9uwTm%q0%z}=q+#w;dUpz-kW!5OeK=Cd6FaKOg(noo<5+dx-N`j=0jM9p~*oZ+CgEA4$YxnrIX9ts>XZ$no>=2AS)2aYKAqmuJ+b0 z2x%OIgb*{X&Eg#EFRV~mu_7c!k&Eu26zC&hn`NqPYNeKIRkX<~~()am)-}Thpkh5b|kod40H<^|x;n|RACWAdx zWHtDzLHMec)8fyY>&O@N@z4@KTs}7A?LxHe!WdQ>?A{L-s7vK@rV|>b#HaQ5u{IcJZur*{Kt;Daf28C^u#m*Ht&nf4o6$RiPi2o!NBie$ z7o#_qrZ;J8O#VO5D&~CdG*;#pT5q&Q`}I6SN2>V_lB<{Xcm`Ppk42IH*2uMJD%>AF zUNoOpunr8|D_ZB**K2;+-<6~byMs#RfsxO;r}*!gF7(kQ!1 zaoImq#qZsN_tn#xj{A|pSff3`bxr!yJ_mBG^%rI1+2~R7+Ea_bO0MX;oB-|YF`8ci zUh2gwN2U#*+TLZb?<(m-zdT`I?QdBcKBRnJy}zi)%G>ko&VW|RTX1*hvU8Wla`Fk9M>%Vdxw~(wO=o_3Xi_X zG9KJMOs@!V>;8OtJmefR585F*VxymYz4>-W8qO1LZAIw4Lr@rAXjM_6bkN^=cJ$}Z zZ*h0$2$%EEzZ_q(R7}lO$IB?CjjBAXj1RrH&<;rdOnqi5<{Il!l4zBy(tk2zDWaPb z+prrwUe+uobBrlHN3+%(FwpLHe>r2#_l$ydr2dr?{t`9Qte!hY_+z^U?x^iyQ|0D- z?qow@^1}9?qfc&{7vVEgn{~IFpUzjJttO2guiIMYD>^1Wie?7Xe~TBs8Y>JpI@JxS zC_H}r8r<VI4!QG;=kT~|kEO<#!cKoQ8{4PG zn-gc+d&X8R0nKdfOO-gF1gAXYaJ-!f=x6IBgmW>#zP43NR zX5N1Ank(d%K~{|ocY{?j6`m_E>fiMcyzGoiN2p#%9j4vVSpCQ3r%K|#Js}F|weQm_ zCsv$DyS2|#m!?$W0;w{7<7KG&t?9|gl%w7e>|fHNUrx^!%I!4~t!7}q;x@a3URfwXj_s?0 z_-%Tq752%-IgVajSzgPZrmn212nHXeXUMig^g{lT+I?e8b!MO%{R#Qd3jOkS?!o!q zxUZd7Suxl?qt77Y1C8FTVa)A_cGaqa(yn9m8WnHjCnJZ)Ki9=9Muu}JGs&D!&MTj` zrmO|uS19hejTB9tP%F;&z$yW0cv9%h(`aO38l>eB}2AWq4>d| zB^M-#$qTSECiv_2*kLTce^1AxJn8Rr_MU@~8fDlrH#eOyt!r=WXRo;27>>+41<#FJ z1LNgDOh=+ns)9Zj7fp}G)?+G<%s&ose1{xSAofFUrc~rsNZPWvN@gf~Ngq`S(!;ft zWu(1klt*pjon^E#eP~W$ZET@$Yw7Xod(NGgELxvWa!g!w#aTg@8KB0Dqz?$a1zV@` z$IlCPZTTdZ$pa0^m;UVQu?00sJPisw7h=ag59z*WDs{o^MYB{z28*MIM_#?)!ToTD4UaURdQ71!wHmZ<#o#-}4}>Z| z;>!fx>pvKjj`X4Li)z`6ybHzxu44Fedpgui6W>YGmUFwdv5+_*xx<=I7auvQ8Tpt zOYPS$jTkCd!B=baD-NE!L|qTN6R8zOS1aQsl5zhahmNuKjz{b+%NeRDA1Gcww~n`6 zDaJUTtiLS$gztVDVR2g4epHs}uYUFM!226z{omo=e+UYNqa~XhsFC9gn&YGC+MbYI zU4|Z}%e)@y+OE|TZ>+TWU>x5*6yNqzI(;(&*~9)fhet=`D_N0g@S7P|{SX4%lYZF~ zrUswJ5cQ>5!tS;FS5HYDMIobC;ujs-ryXp&`P4zGsYoYhk+SiZZ^wV#`GGhFFuz|% z6kmfeq0Um+TI<0mpZacn4KhcmsFhbk=zTH2)`rU+iifsq2ezB+M{Rw;QI?^*!cal8 zIQ*GR-C^;PXi$nc&l089yyv&}rIz^XG%0It;_vu|r5G496x!umKVNr+66ZPeh#x$y z(_<;42Bzv-V@{9zuZ4jJ^ukTs#+A8V_it8wz9N?snD|zaQeb(9QXAd|4!ZTUkB;zl zksWyqvU`;sROi*9t^8TRbBm+1U0f%$p}kM*8h+$=%{O;~CChyHc%jWJ?2){n{iZ>6 z34{8a_W^Ncr-!tnk&oI6g%>qwQ1HjLRMq+}Z%0|>FJP0*dOp(&>!?&F$lAFhl68#py zXBetg-GQd{xc0J>tD0K>8h?M4Xms_oV1G-BR3AXFzeY5=R$I_r;f+0mrw=5+S?}Lp zD{lDw?x0KRG>_S^lF{&qbG+al>*6S4`{=hbJm&>wdxGCw!7O(1U(=MoNlX3=_RI!# z;Ex|7+q6U5VqzUHfi7CFo#%wXnJ+6c1|8ltrsWIcxc@V?_;>r);(Eo+>)rdw%&p<2 zIiHsK2~O2jMFK;mtG}hYh5^||Eu5I=n)?-%P3Jj?X-|61TZhRDZR*iSGJ5o?5SBbp zZiGgUStHTpzqL)$`o@fsI~1)kVr7U@-)&g^Y4|*_)lDXMSdEfop5aCxnH3%8=$3g1Vywc;}^F^KA9@{_}(G>x;M=+TB2!B zIgT;+{*JD#W)R#JdJ3H_ynLbPzut>QPbl%8Q|3Bn-$!gAR&Z`^&2Bz^Eb)NGy5Z<- zEsQuFNn|{NMgN9jxD-00_A0QL9H<^cs|z{5EOi)rnI1~C-h)MtJJY_gJd7=Ej0WbS zALu$4jWIouLR`~Fq&%|a3z}?_eauHGpHa){dp+_+Vcx7Za82a%3X9>>#x0w~O}OvA zDAs$9^YL2(vj@G0aB-2&xqx}RNQ!;YrqyZu(spEkQzM`=B>-mk!*QDi2D#UK+?cq0 z(tM;_%w8K2#qC&L@SO@j_-2!$s^l3jRK>|3?dgzbb5amK*BBV))0Ax_ve?W~n#KO< zp>Mkt^=CBUt+wCK3;GsbLQdSdaJS!@u>Hb`_f7A>Mgwkr{d47rzdODBAIUzm$ARbBu$6iniwQ zQMQ7A#{8N6y=E(Y{w{Q{(^8T*^v1n?ej@((bGva?RZH(AG<;Y^`UBO=hm@XS6`2A( z)U!#G>9_DEnz8G$sd3wBYQ7{nm2*)C^Rl<%tzsU@Sq22|R1h1NOJ;$5r7+L#*qMU=LNW)H=yf$kA8o|y6&h1yz{|nT7I-~*T~r$|5tGq zt;74($@A{>LULF8*Olx^Rm!C$*PcTH?YmF@0zZgFKSY0tT=Q^-%6c`2T-U^#vSm*y zttzceiYlyB{sAu?Fi_;4vaW1>w3ub_UcTHYmhlumc-X$+xgJiQ`c`e!p4)LVNt3G- z;B)#f*0+`IAH#EA%GaCx-uJAGQu;D}o&usB-VdAGYfWidVWnZejq56F5oK1b>R|-ft_W$VKERex|@S5vOd(pGEICbmu zZf(|ZtN+lpx9xylRQC1eK*gl(S-IMX2+d`Vot4&%rQu#l@Pa{&P>et6( zv-#I4yU~xID%sGtTI;K+7CrAUq>s}TZ@$abk%aHoFBwp?9zD|B5GJ@W9=yljP{K`K@?DU*`MqK zI90Ph_FaDWraKyf`J;nM-7hfQ1QJ~EGj{E*fQqcERp*Ow73*A8$knQE=fUW>ZF>$s ze?XRg|EUW};ciHV2wUR86iY+4o_daMQOA?+k9Q+K^fv!c#JstCc}Xui&30HjsO@5M z*KWq<8ez};FKubB^~OV2G|RD+SfflxnDPG70lHb1aQl=lzO@^2l9$lnKZ>*Hw_m0& zsbLOYJ~?pDUe3I*#>rb^MKCJ@2SU<(>sZKRL7fi7oy?jOVDPKEr+1m0{H`7>AKn=> zzB3^Hh?lhZ;^oY-B3@ZeSV3jSzp5koWmiN}n?rINGqbm*{E@-(WBPt>cPzGr+lr-| z-%!6^F!Z|(_jfu=+n*{9+)92$2SBX2*0*nWIV)KnUzKlFiDR$TW3MTX+9=NDkQI2i(5?Tp!({y^)lCq|Q~ z#Ik$GZ?Z5QDZaN_zqd*_^KhD;q?nG^e-~hk`hza|krEjh8#=SFmEU>={CrT{>~M-J zyIg`eJx{=VU2HH@Vj!WP%uIE1zN8R5{l#YH3tg3(r!9BmJoNjR-&22TIn!adS9zj- zU9N8IwyDQ8c8cyxhpR7W@UY)*9MWxHcY#z$H8Jbj(|=DNI< zL}-uv=TH)GF`2zAd&G8C3xD=IQdZ?S_QltFuU%YK0_#ktEc=7Jf~~;(+s`$iT54jb9*%qxo3K`fj7qi`{DxEl=NXnJzs^o93w0Ou>YQ+DUGcRgN`6_J)9TqAPJ3!vEe@_n4RrCE+BpgOhaq>2x*_5(@psC>VZ{*4-=Ru_+!yJ= zV`G&8Za)-^-=SMf30$dQxmtX%W*WJ$$U2Z4@pG>F@t8q|Df?iNbt|_SW_rx^U2Jr- zFst=t#S7CBGr-a*C0C zyR&ej(n)1G9yQjb3|Y8A_)cF}c4ewHy;=itMv_2cV%V?hiMacwxWTi9TLYgb@w3dj zoL|U3engy{w8@q4UA!JmmVE_J$C7h%3ofWdDPU}9>UW793qRA5io5RbiyI41x_epn zHZ?h^9M#OvCgftoQFS@WNcCTl#Hfu90-4P6i#9zW*I`5!5^f1?qI`V_&Z|c zCbNB1)^G2CGQ+lvufM)2g@4NC7B9D(E~$g(N;&>Yna*97S1!q{&#?V4rk>*wz_lwz zj4Oh;7L%7KI%2&pYMqq0WOxO^$HHmR%4d)wANV=+xB{!2d#m($XmmRS3cL_EdcTZ*;ATJ>gmWPzAm_bd)^S0t4 z5D12useIeY;i`wjX%}RNVPIV*hG36A5|TFH54;Y)G3^qb|KX$&M1Vh!2~ zrav=d6Nw4@L{5CgAB%nU@k(UUBn;FAH&l$8g8P1`O*Y#}iqjkDR&vc`$`zIqq~}Q& z?vd2P$hE#*_xy_p_?0tT;!fOpdBWa1tUJPZVig;12hGf1eo2nl?J29#@_K)X)ZQ-Et9S+o zl^vp!vC?;f2ytlyW&I@oT&Mp9uZhIM_wHjSjv zrPbhXHWTcLL$OkFDw1S|MLnO5y#^+LAmVQxerR6N93?D_^`bu+qK>Md`~i#C7oOLe zv@Lt?8c4rdSuO29F}RGu_^6H|@J9T+%nMRoA--45+2PIW_jr48elfXB$R*DtRsxdD zjC$GAn$mk>70uLoDgZ}SVloxcaM^0+mOIqMMpQ`3SM3MPssz3{)G;wFnH!W`>%C~} zj1O?;Q1!#>yiFB7F?Nzg2r!xco?TUt40`U4A$Xz=6rl*XcVQDfrt$gm_nQp0oi4W6 zS2T_9rszk~xdwL&c>kIipGR|e$n)`JU;WN;&{+S*uM813GkIAJZ0T$bhGeT z-iZ@y7_=j=0?}$kk{hJ34!t7I-y79(ESU&0l?fu|jnE2$89LL$sWWQynGjVV$=0Z8 zx8tUwU>9JAVVAgEfEkl4fS4&lQJt5A=x=xC_wezt_WL$ELqhj};4P@8HS~s+c-#sl3uVCR<9TsW5wj0{~1BC`b{_cYg(f%f7`*%}0U& zQrHC~{V%@9PYt0-`F@(C){WZjPZpuxK;oYxX&2S%2foQLW|wy-f-pmi&{B)glvRUl z;iSk{N=;Elexo9P1ww8zC=q~@(ug0>gj055GIW{9x1QNMl?>~~mU`8p6z+;LKAi<97^o_2m2uQAj zlcOr5pn=61^Fqw!DVOed8n9VP1S-X`*YnV(f=#7}#@$$3O>3!`0P!Hm`=}MtCI+6L zMQBc{^gHki(GOukuTEh3wZ63Gbo30YT4%rND`Hf{nOucdk7y zczjuCc?$F;d`GSJ6OHPwK7J|off#D?C~V9`z3FvmX&V**d3NlYR7qStSzAHR`vGJU zKn~u=RSdMn-Ri?!O{5KyIe)~S{BjS@JW3?Rh((K#4uVlmnFi@#kKp(TH~0KV1nj{G z%NaTq?p!}Ph1xR$1(IkFV3-s!PKp>$FhU^Xhoyx=BE_*T(#Uizo-S(=r0^B*qz!As zesjonPIwtL{(f6)rT|>dI-LQuPJ~SllYCLSnx{VL{~QbbZ%Rd3u9@XLBBYicsGCUZ zA{F+C=HVGNaM<%t;0(ox(bQihH_VD$xyF?dAP7?5D|@mU)aD0uy^2hCoP9zBNihJ6 z5+gFC?|f-Z9)?IIzBpiJEwyF!;*beY^LhpxzC|sCcO^K^bg=s$~l0%XZh7l|cEg`=U#Wg8|p{O&ODNn8X%Prgaxmju0#%nxYZ+7M?bq3tJ_T+_dLlH7b zSk#F@uAeP~&<~tBW<_Jrbd$Eig4G}}SQ3~nv3Gb*#hDC)0Zu&&OPYrz88Z&2C)Qsj zfEW=T?PV>}mt-TWUrCwRNa1X3aKcn`d2QL)FLArwYZaPLss=YtA3eS=-tRr}JNR3K z2PShG%R-4up3~A4Q)%ho1tF4x4Z|-CK{GIrH6y$zQIIz?i>lUxQCuhqa%7E2j{U|k zBn4%DiC4E8%1)0>mN;fk#0xswWA)eWbgZq=L9a+_)3>K^U=yeSnlPG$5LINJ#Mh2LFh~PfWzZKb++BI3RXXIWI&>g%B(RveY7z!JsS&j0)+R74K4 zgn<%iZ|%P3R673^uDxUEen^zO3Kt=A{jA5iBhGbLfnF-(6u>z3V3Hf^(=+s*ApIe+ z>k&qOCvlK*diEov_dPK=W)cE*ICxVGv?T^|qJ{SbTBpgh-naNnilz$e0v{O4&y`9) z24@}DEHHE*CPKbhA8G_m9^T*NE-7lvHAlaCK>xqyc ztF`aC9<28LIls*kWrBtnBI%VH`5Jn~ex}IVoxy6n8K-vg(GyIVh}GVM%BU#{eQs$O zYPuP^*Apd!!#&vU^oINJ{<70G0?^ansMSqTsK*OzWkw>)H9tklE;@&~>hJ@YE^^Npl15Ww% zsjgNLI;8bh7J``y!Gfq5%{-J{loa$@`o1KfX}|{5=`P1; zE%rd8Vjy!`I5P0h%(vNMxk_~Sk03^s7X_1T%PddROc=q82=OEwjMIq^)9j)@5scPi zNne18K9={wMeGKq^e_~nXTZGjQ!mXWg3(J1x&ve~qNYgYs3m6<$4!!ilr4SlR`ApY zB+&wf(*ZnPHv@b4f1b7Ji=orfw;YG&AT!WJ^>cM<&UV3Oqb~PTRaL_ghx{>Z7%Me4 zNqmv2aE{^rbJVD|he3QJ5fU2yyfwxhYH^6{r^YsoXN-DZ4}ezcnP$iYjWL)(m7Y-1 zF5MZg1(W_9{D`v%I7lU5NkkkEk+*Pn(G3j0;Gu%gx<#ZNC?BM1uP4%;45fD^zs|l} zZbzNLyJ@X%oO|K##qD=?Te|x$6#_YC0A3|ZE)OP|K38mE{QHJk+MkhD6dHDK9trWb zL6Z;z(bB?05YLXckVfBmJld_yz@N{+FxG61?%PDj0m~@YTrVXvSr8+ZIFuRfqGIQ= zHl)0Uzo_e#D#Q^ihb&)FH!*|(Ig29Nl>d5F^$aASn8EsE@>g5Sd%_Y>Bw+ox`41~@ z!aq<-db$!&jA2B9`3|UZJ8#U>f zPhDSn8(NS84SGp@RE7u~Z+8N__O!6;S|uZf<~if&60K6Ezb3c+q2UfkRrCP)KRKy$ z9~Z~SiFU=vej4=6c={;O-oKHW+P5mS58#6HnY&c$P#YTb`glR`Q6bk+A>vX+a&eGs z<*K~otEy?63~;s3)Qi9snouVl`P^MFGoId7WOhM&ABV}(hlJ~W)X=$h=k^8SAUSR%&2N!&ifM=e%CN%Ix7E_^5$3?+~P;tElrUJhdntoB-EKW4B z096R#%u-3Id$z>PET4x#sL<2nqD%xIK7W*71Lrxa$8=D*7=Z5ha6Y{vJ+l`$NcwiM zdeyTeH8d(?;+MHU*xdWl!-+&d;LXnZVY7TRJl=ha)Y6%xMj&cv^Er!D2*unWwNEw< zg-M1e<+Uz=f{YoGSqK|D$5iIph(fWx=U$hkPZBY;uh8dX z=}r0jM!!Fo5bM=0D5$RaSlIPl1@eozd5@n3ZwoVk((l5Fr?Y9%pHc&2U^G_IaeeaE z0Vco@6jf;YW&)6gH4$vQ3NG+Ab7Ov}*V!Bw4}8P64Nh=TmmgVZ6o5=T6gaG+8_NF$ z=Xt8ftPYb{{M#q`=}q!S_)WHT`@HvG9E!J0|L+{2;M)n`ylwE8)WUddQp4$=lMuf`M2Cv{ zZOM%MTMKk534WZsS5l!4L)<;Hyl#i9U?<1t&cbl&jwPi>4L95!Fu+wEcWke7#^hES z=vNqVj(0RYR1*}<`U)KxORvheGJtbT8$CsdZXFwy&x@Mvm|X}cQ^`PN8gC~reaOxd zt5AV_4O{H_wr$s%W2E>W_ow1wYW!l6Am9mopI9S6cmv-^yH+J{9$a9`Fy|bO_hZ?H ziOh}!i!Ta1|7>fn`s299JK@Tmgu_5UDPMveiAr7m_fCWT@X4SRpX_z9DiuhxC4vrR zmsQM$gs3>5YI+5PX7PsK;QnW~M*W&K(?p7%7?hZv;DDEx=zTD6I{oBbU*(7sich8+UhM~?9Z?wQs zM7lfvr#`fO(!Krfd|L_keMWCqG~ATrAaCYtEpgN$Lyt8cPG!C!r_|!iEDMjpl;3y$ zg|p_SuDpcEZYJAx1~xmjiJvls`T4%+sh{$-r;FF&3E^21=ah7l6Qhi2OE|fv=25D!P~X*4 z>HARxr3lF)XT~5aRz}?LiIQUp;wLF(6mk&ds_$mae&hX#fxqep06!Dx0DT6{p#qUY zYS2B4xqr{(W-#%K^|(RoKv)c%xRf#u`Osg7-D)-DYP(x|PSkPQ2l1kWF3W2G!;(8^zq(NpO%b(VNsp%NZ ztYpj@OzQhusHt{Dm=_jV%P(rfy9An zA5tq5iKCpO!wm|jT2yBC^nE1ZYRm`+LteJKpjz_{#bTTI+A zYP45g{~IV($SlV|^2|-*O{#G7)$;O3?n3Dk37Cf@jFg3aXiN~HzkmM5T zN^8rSHtF4&_F+RwHJ15y@WxVYE57x-aO){QRN!!NrDxV?+p-|wGa3p9MAUo7kEajS00mn{h!+g(exZ(Oq@%B`ziOkMPbuRBkBB{@Ql_mA~=Sb!)iD*vFJVE}DD|CnI?I^T^n3#NlQK_a@c_r61eaaK~ zNH73E+?li+JJ)ci6Klq;%`aFWCV!Ws( zVo>RIjeMM=ZV%r~hN)sfaZ+G0ieLGPzi!Le8w!D|v*Ko@YqrA1%Y{QqF(3vha6Z|S zzPgXJ>@iWrfQwGxYleAo&x! zTVX)^toWHE*)c_KlF_;(yj@}VPX$;mp%qFdS~!%D&AJfyW0rm4i~r_#FgWaE2E)<} zrmatAhd|yl&)n!uyIIt-Wsi+BdaVrR$(J_iRf$q|=R#oHEc-#p+c@H9ZW1a|g<#u? zLfH?EOOZPRr;}mG$HcJnjb64x zNxN;NmT9(q?}peN3$48@0Fc&)qu0_ri*{Bu@b@fxaOj4^9r18D zp*#gSrw534hc_Lrx{!00pU;lEuCcIpb(Y;C)C26;nO=LpF1cV>^XuIAuVP!>&qA^F zS#d`xvNcRrw{MAr5N9rIetyY=y0xF@8gPE!)-{ZLq=LE%!=EtODg0JXxQ~8ZW@*eW zl&|VbwtEl?aAfU>Zq2IsgyO8)L5YP`OCu*2zwMR13$wj1F1KM7kj$d&g%NzbO5bL2 zEBQ&($Q9IGq>)}tGO0mk4ZeJ zUK%_|-3@ZhD~6vSw%U$zj^Z2xOQz5U!hk?$@sKvD;3X$}I(E0B0D(F7v$8ka(62NY z&GC?5lIkK~ItG(nXaBUqZ%bx`k-FIMK1c18Bg9EO<(b6~nZ<(|q=!ce0tm6{6pO@Q zM4s%hR(A)Nm%EpL^EcMbIr?O+Zgh$oq%D-0HZe9)1XiMv&gdV0d8t=4bko7x5?QfD zIZv>ew6IHS34I_ox|9xbFEah3?04CrpY1CfjYQAo5X&_yR50i?9&9h7ZfGU=o*)uY!z%Ds9>Rw+ZW zKufNg_$1P^B06V8b(j{ARM9EtA!t3&-{8B{Fp#1+stMPttB{b5=)S5NPd z2Ob`+f?Av<(pq#`Y(A+lML4M}Mf>|dH)ym8G4ax)_1kEcP@(Pd$98KF?TK==ni|dI zofr|nh?uF3Owf;_@TCM^3NXRHJy<^Qs@}Eu5(lZRs|;uu;3VTu_^(pnd}=e7y4)ydW^Qjm_xTVb4z33CSYR~gp=&9HSc|!|-7B~|Eg2n*0&dL8X22e+ zW&9ndPCk48hK#mG{m;!zy5@z+;&cAlXe?HH`o!}}aB2l{eK=KQ?beOjmHl!WQL(azhnQ(=fS+)3OzLR02exAX`K+FCl^xB`^!f-h*I_7^ zmQkaYQU5iwGCS}g(f&$=`TsFP)T+wos}XpVO%g@{qh=aGMGk;wUaXXpVSOLAPbzK7a55##X=%K54SbE-RF>gI<#h`@H8W{e-7It%#yRNP95=jxC942GjVYlp zifwgc9p9tuaHbTYORI!1$vpnezPTkq4i~^Q@fhZX?WVn+iX&BdXVgNZRb6ZZpR0DFU>h@h z3_|8?LgxNC9PFOf+pU7!Md(B-kT253of`Few#_Y&n@RXSCe(X<*SQ`>EG|aye9_&O zqw7!ERx9Ei6_5kt=b_@ZCdaL!O&^LSDFH`~*klHH*`#;xm1P2owz7=&MgiAmCKIY} zg&>Vg^fHBzGVa-!uRcz521IUO+1)z9CHv(n0li&`z^zeiA9|g%Q~JkCA<10yJm_BD zL1OPgBJgGudzStKLt<1L+(`|uiWV|~;RgjVt-B3$$$a!YrI4^s>R@ci&h0jfJb^n0 ztBNijf9Y&+_XFK9xgewj9a|M5DQ_N0G^EpHU;27l7@sKtIbZ8lNd}gW4HQ*W)teIo z*uIzp8adb}tj|gJvT*TR>=acY_e4z`03Bj#O9`}Kfzjc*WZ=r!fKlbElzx>e@k}|o zc4@(G{oPW{S;{}vSWdPB)sPD4<362Rvw-IWJ5xDCj{Og@tv1~{*aAbL4QI5P-b+1wir0Yqv%XUnx1CMbzw~)8Ht`J0SO^s z*KFio+qfaBHSZ-n?wej0LtB#oolt*nii{Y2p*v`8F(vxI;ZKlGr1Kw5F>BADzi%QQ zxHp2GURcDom%8Tijfi&?=xJthFbgn6RMg5NOHccjtx}AjH?%gI`#2J&%>Rpi2$0*B$t} zM6T>)vXZ~Oi}8>U{#$M|-@)Q~#f-ybr=Kz^U?ViDv#X9O97hnX8;3BwK1?ws`be zaq64^=12`9aSi}=I#JldJhAji8Lw$zzL`mg%3C1?C=MMU4FORVldm(&X=q7vP|*?> z#4VUt?UnGJP!K!B%1;Q9Y@6-iAqmEZUy27yer;|%{WEZwFtKMGGXjt@GaAP`yr2^*DU0T=&bBeMe)7D~*_=2R)sLvuS@!+}^;|e^>F0nE{f#lzTIltc-h}KFlk^DVEPL zDKAd?NFKTS>=OCD_w`zMMXHPmetFwcTE~AKSq?WC`En!g$<*<1W5mg^JYG#=^C< z`@7D6Gni7nJl_)W;eNUFaFN`sgGz=6F}-8>wV4T@6@_AVkMK)DmvC~E6~=`-n!L6+ zX$(-HLW9Ibr;FweuJ-(o5rDgzmu0cjURwKhw;ruBZ=d@{|LnYNhF%ay7x4*+mz)2QDCaAL`^uV*yt#cL2(Jph!#?b~k$*+yX<`KbiRP@&Pr(Itp3 z92chN3YAy;D|hr&JkRcSQWB_&5tLDp76x+YbMmDmevtgmocD=41Qo;KaJvKTe*^?@ zVC}Mx@Yu$yaXp)v7z`U>Y`Ha#Z`$?^8U1sSd{sN6>#@hFNlrTu6ca?suDH@exJqQ0 z#AtFKfE-BOa?%*u$R#Sp4I)2XW1NT>@M$Q>Cn%I6n4ysqkA0XmBW|mUFcXt#5XTRv zKya#`F?ksY^ffbmn%z{cK3F$#m2*4-;ldCmw6bzC_d@>^qnti!NvBx8TMe`u-F~Q9 zs;owemi(O>G{$){EJ5HUMbJSbcN4=K-)HnUK|z0XS0m>!Kf>9!VWXJDF4#Q=P!Ug8 zA-Rs6FNr4Xb*K$8l_IF4ksF9PSPOd|E(2&x^-o-t-R+`)G(vGxHeS*b8;B}3Ga6x0~#Qy7)~iDT6M*{!AN*D?Xjul-fb&y$c|BQ z3?QaWjUZuVbwAAYk0Q#6lS(NiOjIVZEydF*#-;w}KV!$ojel1gcO9iN1WS3$mP#pQ zVm{nKgj4t1BH9IS&fC3c&rpJY^l~@3A*3B_*Jc484dQ!NpH|Su>=>sO`~_EosG$Tj zP=YvmIq@8ZP*y2?%*gNbXnl!vs8IckN#Ql#^1w4Q)3$kl1?fICF4I=tj>MhkgJe2$ z9*o7qQG8OOum3gnsIy_wzCxpRON1m}#K3P`SbA7A5ixHRHvm$6=65iz(5Yq6K*hS6 z)&Uz`;%qtXG6&@o5lcpg(n?;vh$PdPspM0_*pxACs^5vo2c#byDVw-v$Uf=%kiw;Y5||!dWnpG5fSb8 zPC^tO8+s@kxY*b~c!KBrcZ~J*VG(&fWV(C2=OPKweGK(?5x(?eEiM1%qvjtFCy&w2aET6$ETCpPq*qN+WaZm%p-~^ z3<9c4dQ%NK@)TJ!)Cpv z4eYUu>{V5X2+Ta%ahc4@b}GRtdbirGU4Il+YmG8IlZ{hi{^v?`a7sxRB9+?wCB@7$ zFxHbCxo1jDIwRUd5*>#sQbw_KD_+$IiDl8@@Mw?%2ykh3~lmZDy zpH}UT_AFT8bz$9h)~v2I+qc)9Zjt06#cq$wmVJ?~bl>}bf44UOJ+q$FISj#zjj13q z8fZn1OS-rjE0B{9_ZwlTgR1*O)d##QfGn8bNsIH8 zeM&|>>x+HaFT!(ax-#vL9}AzKj?8`tR&=c}2S-yzz5ZWDn#t|fYiH*A&)WL_C0<($ zV^uq{4Xn*>QP=iEp7WLC&vkm8m6-i&$8J)SI%BDsBAY(8zy78i-c(sHIv<@qCd7pF zO7-{5=GiKbxp3Ll7}5@!JL(bqDPZO+9lD(!z(yte1bjz!mDAF5r4GDO$4RUWYtcWu zUhKEt)}Mkl)7&R4A6Wm`WYI`1TwJyE5~loG!RY#t?rX^2Y=7;~e0c{3F!J~21$oN1 zjNj*@2dkN-BJzIjmkquc{}vlHw`4l@ewE}sAzIU=yJaIb*Q3_eqZUNd9Yn?pe`gw1 z$RrwJ0*o-3h-$nE0j@O=FEkM2TTF^3pSo5y=rx!9Tr@rK7Jd-7Y6?|SdMr$JryVmP zYSf`B)u9#y(#2xb-<>PFgkBrD%?gsVekYjG`InnW60$0;aZmzT&gn+4xVzI&o}kA>s^I)Z{ii zD}U8^U(w~~wug-+`8F-RGE1qtY=Jsqf!||+kMy_k|F^`2BV8BPY={;KKF_HMflj9; z;P2>S5Ub%3sskA;T_PhNcZ+-W)PZ~IIGnXl-BfG_>Hq`vfr|>`+zvdVA|^l)lL?i2 zUm{@(pY?eVq1{~%o;nauU97ll!7-G-Zz2>Qajz70yA+jL1on`emiaFmgHw#q&{gmO zD){Vi*8T?H6G<&q5S0@P$d#S~v7f*7reh$K2Qo;Hnktm_!oKxTLhh;T9$9>GjR->5 z6b~v$5h_&?D)l=FH2+Lyc5HP3w)%j7*=zepP%bJU7nS;fc4#=*D@UlYG(@pdoBj2N ze5vRg6;00jcGAZSos5J^e|~X6`@odu~*K zH!5O9sSIMfn=I-^_T>Qkaw<=`U~KE;i`C5BH4zcPRbTmNAie%}3MzGrc-Xrg-xRnt zIm8t?#94y^=f6?y;ixC<_}lFG;<4c~PaSKmsPe4%qOADrp5l50l+uA)n1Sa5Tt^`8TZu9%;u~Ha8|?4r|DCELBBgT;wT4jlvBma zoFTngoGkZhr~)-qaT+r`1xU^-u%#>-2RS}MvO0j@m`vj4_nS45%M zB;-A1DL;TVHUf*w;EKwqArhzhSo|Yr1Sg;Iw?E^vQ(F7mfcC#q<)c!gNKCR#Vu*Sf zZf{0ny0x$c_42C$`PFdd^XCE`bA6tjIf4T@MbcCdXOpNyRC418QzK8EUuUyvx?2y1 zT*+I`%M5ny-zPg34zyB)l?O`8I~M#qJaTT%<`FCS$k~l_xJS6=Bgi=WM-P))T@0^W zrEu`Qzwo-Q;Uo_0)U~J*zIb2+_}q{%wb2}G*XXo!=UbKZ6ZY`wR^R~sHnfqlbk5wZ^KRujqoo(Z?nQ8)j%ZD7!<>(g!^AhVxmq~V7J9R+spMdpsAmN zkv&iy5U4(YUB#?;mre6`v#t>%J8g`~e~c+ijX-F9Hy@0qgNUqys62C|kHlJ+sP3Pr zPPQ=0^nWev>?+JgQn!$|k*~ChF?j~~;WQt z|Ig~!wCYe;Ad3hQ9S!dgVx(a=JyU~|0fTxw|+b*i5=O%4el(1>nNk%lPI=F$;i#h zY4Hl!BX!$xzwO#Yz43i3DP8?GuAe(trv|K36ALcpSKIsptC09!-T%G%fF7d({F>w0 z9!1jKbzRpsuA7)qTm>MmA}l~nNP<(h`}x9ca&tX+qXKTdf_hJ*7*S<1sTSI-AgI|m zNJ8!Cw=EeEUI7) z!{N9)I&|AQbU4c<13RuH+=yI;-8o(Ek9&{DsnFKMMBHl~x(glisO2%R#L<{pI7SUF zdQF0*1CGv=UMoX=hI(Lzdcs20I!f_?yE=-yI&pvH9l4Osp!I=UduT1w%8K)KyT<+& zuC~c~1;Tm-8D2{p&*C=CuUsv@4@-G& z`_K}KcwEYO+!$nYFYOwd1glcZ@X;FFks1z3SD!Be5_0I@k^$e6+2bnT0`NZT(uwMt zqyLhnl#b0%N9neVw^}m{|6YR|T$8}yj8ov4tKFF7d387Nfu3^lcwlmU9>ZzzoE4g2 zW1dR1&jj3O3g;#KPXPE!W&=Ybe4RJOiD zJ+MQ4Xt%m3#A&~XXom^7!(>Xd4EW5b*bcBvW*4>D+Wx$L_iaYgS@y&!dD|(OJ@?q} z>^(o7MyIS&=UCd&t%x^M1V%kBdVPXfn2(*RvV2^!Xk0RF;7O0FvTahbQBrbx6bDRK zIzsZOiW)T)G%5IhnnJ`2*X%6&$!5;U1}dWL=(LN)J|f<(Ib1!jzWdsNt^< z6+D&n`D-D1#(y4>>n!Nvg$hHor=_~wIdI*-R-qWY;GRtnvfv4R`@KbNd|ricUPbF^ zu`y1&C2;PLACqyNb^3~&X-Su6NjEEAh?IW&ifn2{XJloLE;o)Ve)WO_T9gGW%2Jmt z!L|^dX{w5o^NN$%KUBZ{i}7f}b#LMrDm-m(J@LKCcrM&HtMFXs)17Kwd;ELT|Ie&l z=bRhoCrJlk<_2cqjT^iyb4@Z;O)|UVSARG7zM1Q2DcC~VU6;6jtpOnuMsfthU966! zP2XvEY$}=fRU`OS(>~dBcEgO2YJ`yLD0bVISg94|_r1#R!(%ciyV_!;B5yBY3|9xH zCNG8Z!xTH7tDP@A->$!t72& zkuEf3f?JTKen=2LoW~j|R3a!;(pu|~?+LB1QfoBIDm9L!Wx$xlL#r5JRUF{>P=!?w@J7iExK(jI-KF7xjw2#lN6fM?0Z}1=o`VZvS~d)JP@^%v(b%-- zF)wp#_|TSN&;rfP7`&j|l;7%jJ@k0WbR`142ZG**vuWMm{>#kOMU!DC=Qso$0QY>>2`1=Ah>jsC)Gvjlpe#Q^on0(!@YkW=Vo@2v<-+~^xn<{jfl`&mJQ zvVcKZYK9?c{+Fn3ErR!A1nDsz<^$eICd1JLQH^lpimu(yAikmNfIk?^_gA^nCTD4{f@~< z_IAo&feoG;2(taA1hNezu0vrn0#n0F@_F+$J)vlHK=RxbOd<#yS5F%Cw+RSl`aYi> zW*aSA!__PX@9J!9Ff^-*^l~pE*jAv7mbC51TYVgBmv?oo-%yTgdG|Cs`e-ZU`B3*n zyf?RvfCk$+s(`TPTTi=KExzo~^ZYfbv4+!I3?5N;v3f_V?WR^a-G5qI>G8{S5M{3% z(xa+iBB=h>i8`(Vjw^b)=r4YW7mEq6#k*|#JWAEMq z!bCaBY!*k#-FALk2$ZEJMo;7`;osUX^ymBSgr6u7n2%0#UC4JYe+ag}%&!;vgV`9= z64O2pI)~-2_@`$o5JgJqijY>kBz`Xipfh>2X%%#b|2g+O~~Q zkrR|vvIycYtzZ(SR>HdxGv8FQ6NRO*K>J1Fua##=JTZ+jShN7bPRmq%x*kv5uMGAt zgrsjXzy@SR5We*%^?b-iu1;&Z-$yZ*<@e7?J7(yA=4m0q7!I_Ke-LY|KK;!=mTEW^ zH1*x;^&mbeMp-mCn)%{d+RF!SDw2_xJ9<+y-LQmfo24xwjYpmPSe&Dg*{X~3WnX`S zP{E%yW8i@rq_&TW+_~lZ#~>h$DFdL+6|O8XAvu+Dz7jpa2+Asufs`WiT$#NDY)EGr z^nAz|Sf~C(^EPTnpvcyPu3$1T10W}&$KLjbuwz>GL?nRGU*rK#=>vI`pRT6}QcLGO zoy*$>x?I|D>qg%oe%>;)56=H68ee93jh~P2+2wdS} zq9@!1&rL=ve#qTk92J;6EpNucmT=xPv_nX@TW@t&oWQ>ppVWLUhY3@z2{N_6@>8_7 zP;7879`#JmpP$tqaRL`%$9*i>TcP0jzs+9?{q(c!rr*_B79z+B|Ye))RU>rQ!)k=z0HCOm%-l}eol6%NyQ zGXRcU;W$#yx^^7JH?Sa(C>e578E{VmM4XxNL&p>CY=WnYVOH7#dk+`T-|7=W8v0AX z*yQxa_xhCc209mJE(KA`jDg@1--5}w1@;pz;EL6!;A~uz-w>A*euW;Fi~+sUS5-90 z42VCMLYQWUR&WI{=jO+7cyRoJlxc9wNA>h3P-*k+9 zPcK7ZQwCFm&11g9LYy4t`tWP?KM1;t^U?>s|2VoUyRo?1?a5nF;1FA{r&Z&*=*j8D zrSo-q|Jac54AsZ2RcCrty$YgLlHo7^F?>|*S*pokspsm3-Bwqjr#WN5w(^AiQ!bjt z;9@Zt*)ZI6Tw41cDaAtwo>T|S z)&vp%9O(vXeI%~b1}il}#6L!IFEy@3?BfE=6);iF71)wK0$~`U;08-*+uS|BF`5k= z!BViLv5U>eXXl+FjI%}BJp&AfHpel<7HeFm%8+&D0FMfk3$;WdsDxz>DXpm&UB7!GBQ zPjGD3pAZYBLrFlP2p^pSM@v!Spov6}Ts^Y`jA*+hDC&09=#_XZ7W>( zoF__K_IWN~iPa~wjEc3dV>gu>!7ax>hFvtx-ITMu11vMJ!y%4U$T$nJ2f3Y3myb7( zv2$8yjh;~-6#zCF*!2*d`Jkxf9RH1+M*af(t$+JBkDTdo4>W=nT?`S7Yy=tA5*7UKfF*u8KdC$>0GZQs`~2YpJ=sS`KcY z;xwkZjRbbcg)z2G&3wPnUU-EShh^i8I){|47uvJVY(M z*jIX#X82LG3tQ|AU-%w(k*WO9Yiq9IJ2FSz1u-u~gRXgfKVli>9#0({#QecK1=6RX zGV^i7vc~;oXCA3g#J=WB>S?#y3!&dR1=-Kq%i0F2Mzq{j)9uCT%B`2}7uAln>T^?o zq5xU1n%G16C-lLi7l+`_PCEX*MPd&!pXH~HKJ@sNNP;KugLB`LB`sIHUW@S)3TK1A zf0$xO;B`eJ)_Xu#RI6wBAoBl99;AH;LTB*-(I;qx7-a5E1spwHz5G2|mTRf@yZKuk zaUUz$dqn;ro}Dq<))=l~8^&npCDei%H|#6zN6$W{s>;a>IC?*Y&@Hxi_P+(t5L)_E$r- z6+U9FNx}lS*_Cz}`)-v~__DdESP}Z+^{8{%SBET#ZiAao>OZJPq{j9OlzqkCcdT?; zzKXD2U(8hv);kFn9UXf&d_h~!58W*w8P&%knWnZCXhed>n{%Ab4`?-e&iggawzfVM z-ILDIZ|(U_zHiJPw2NY{OTq%+Y}Q`C^rtD{t>pUSkQ%v}-6T z7y3TKD7F=vDol=+yYx&;FZE6NK z1fqxTbB6+6o7$_G?Zz4v!30WEE*LwT#dkt`sLseP?`7Se!FjgO2+J6fhD{{$E^JlL z%WY&%lVcvl2B!7eNfg4rFcAt?SgSJ)%=+p*71OGhPT{khST{dESylRb93g!DL0oaS z^PyP(JSXV8@jhvnJR1(1FSRIM@7(xm3A!O94VOrSj_SxLD7mp(hhPFeDi=von`+vvBfy5Vx3$S z(_Mo6@9m|!ji+}-Pmdcr)i8R|pN+r&nm#N&-91%#yk8eO)0tw;EY&~#`4UF18|PdN zZDV(fEK^%twIIy4c{yu2p?BgQsb1P&N~`+O(m#qx9wT(xBG%U^{5!t5ie=IkiR+&h zp5KvFk(IjD;7?=~{oktO#6tza3rAp8i+I)H$&_+&NNBl8qj&gp1Qy9C zUOVeQr~f$X+*il-SvD&Ju>ut8a5BCsd)2_3qs2c3g5-Qd=e%lUqtHW z-&-u>6cDPw@^w1NF07L?kG2u;a_i(ZxA;RnGVpzRK%63yz*wk@duifSi^5FnA5);2 z{(~7g_{ZJG;{MtwPS&h4*m{Tpujr+(^d)U6nQoixy@7e$Z@JvxrfHfg$E!SC=5al8 zxjm+OFd0srxaiMZsR{LLvPYRU1XjcRqu<1A|2UOqs<7rTZ>`Ve-C}>H()H~HM;bzs zFRo}&-vQ9#@V8h9t4~O5ypc@x{{02jVXE-qa9-UzPxrVAx!ejnL6E^<+=JM^@YjWhas5R5P zmL^H8gvF->Vq$tjtXb0~h|+L7U~!zr%q@zPj!^FLN0oCHSQ*1C_R!frGge)>{~!CO z>m|>0T75|5V=uGO9}6Hmoo$#Z*z7obdPy7*0Esw7 z6WWmr;;~?Q{KA+>H4XL7DOE8K^>}BGyZahG{i0S{<#oM!og~9XnfCA~iVh(ys6`s} z{*%a;PLLSfIqAZ&Rn6U>@%5*zIyh;uMF|&rup~y3`@p5RFm&)tUa)IM?%I6D3}+zk zZXl2C!S0!KuCcawVB4&9wZ;@U;JM3KztkJnv1U$_vK| z`$;aigHG1mrO(Vw*!UFvlNGApVVEQQ(a(7{B$lfRCV=HPki}8UUk(9~dI3lc1L}P~Df5Sa z#d4o6=JJ>+WcbFW+w41IJNbc5^Ei#&p)EQSZ%rNE+cWQ*@~vdq^)Dab&g9(B?kcSJzK0`}cPErL`_{X1ipo)F(TNa$TR^tvito~>&&sl;@ISWY(QIi>z^+)M zI3NH8D*%NWVM(YaPYz4PqY@P|(w+kXi<3lA{5=EpFKR-o@(ez5kIcaYYw_Di3W-kV zhPKTssAyc5&;woAw&s0FF$DRv3;DD#c4JtX3T%ZED1@!Ex{>z4eu@Hcb+0+iT-aH5Di5q3?`P{zejMi{Zp8%HaL(n_%AinzS-v#pc) zb`8pT4N5`#&_UI`MLd&_H|NXm+e)74+{=0CyegF1DwKkT6q>$DCa)#|-;Imip^XNL zoQL0tiR9C@DAe60$mbOsnRML-HJe{#;{z5U9gC1Kjm$jzqtoXvd_C*I!|Mn*PNu=2 z@P_@&zy9vv9CtALpASx9K^x3So|zY(nY>|}OTL(FK;$N#-#>V8<~Lu>ApjsIy&xvN zH1GO82M}4B@3#z}7~Nmoq2*V*6nHm9cQ-}s4L$=#%lkv#@yDljO~b~008p1+P?z4s zR{s}Y)HINVAXS8!r90EGYb_`A+W%jnozV`8{SHb(bZVtQ8~hx|`8bs3e$DMQoBy$d zJkJR9*GgEd;PG3`&^=k6*V)GTzcsA0*U&`P2BV5S6j3p1z#DzhozbU#eK8y-#5Wfe zFSej-vivZ|;Fr=nT@hGWMNvFdC|(4S@(B7hjI)YAkxhIxb@9%{_wCPLELMa6LWZ(M zGCU;^;0i9_3c^srI`wf{uonMZSv#(>(LZbA&lO-nLJj2cVB|5cn{w54fGi$`EMDk$ zTnPXjDi$3ob&~YTPTT`Xl!_9Sl``Uhsgk>?5_WViW@lvQGgBPG_f!N4d0evX zBqZCs3){Sr0Z_?#92P+AH&6@*9zoS@#J;U<=cFu9{%^V{jwu}9+=G7R_$u0mfP4Cm zd-|}=+*Zm#GZ9&2HId)yB4TPU{7v=bBTq>~5~6P?(6?}+msA2M>%>pwD$(E7qGC;O zC;>Oc-y#7>coax@>|_pM?}Vg7DXzfcBe4!qFhY3d;~jD=YpkT{jCy}SXzl_0Hq?C^ zN=EPi242t$UeJg2Q2q|X3eAh`IRkH=fkS^hiyPge*x#cRY)BEyg$#Cx8{MGT-=GxC zO0g30(eB}|c=xS&2U=dw7Rr}$!lgmo)1cVKU1wh{wgM4YaxYkNd8@|h;ZmXQsZeZv z;qJpaRgn-WF2csjHmJqwA*#T$tooDo>ZH6ffiNpHD$o_L^ z{s|0#JHvD_kW%iAQf`!(&r57O2jI2{>6R8}VSeKt*K8-k3~(fabtFSwCS~Q#QYj7U z%em>x5v;1Chc||L8bfiv3-yU9c*(zm{{;2?1jR+^#JmSE%EqG)2pkRy$l#ra-81op zQ4`O&&ds|fNU!1iqL=_QJc@HToE5p9nN75k=4~OCWZ#rzN2R-3N%8hO5faC_%_X`e zNN>6jv8;^p7@ZbboSH@bApMhs^f>P1!U5Jy{kJXwa>%}M$d2lDiQ=!#gyp;bT@ydK z2-MpT7a*oN3&S!>SfwRCaGg7LO(n=)?#3O%>C zWzM%p(}Ggnqe8cn%m9ZnScjuTMfa>NRJcaobEe)LA(!Ui95ki0@YYaIYbb8H&|ZTg z9Lx-WdImso5xamIE^zu#Pkrc+b0;t)Pjo!dU_4R$19VPf{=Yls9mv!kjHVT|uyT7= z%NRD;w0gF`cXU)+OH=qBo4Mwqe=!evIQ(}-+mB7AwbnJ7LKOX+--MnL2L1|v5j(^ofiZ~iba;Crj~}Hhmw&6F@`N8(kT<}B4rEm zf+F&6BJyaN0&lQaf=u(^WNYDM3s9x~X5IY>qs)5%veSSuBKR~s@;7k=CwQz|8Qg_b zKM)1B*Bsc3L-M3}vIm@7fEbl?6O}{D;YptI0oULzJ|L97Gn77@g2FtX{n4C~c-wVu z$CV>w4Z|@V#5f=6oWL-L6Z0h|R55^$zLSqWd@rlxjhyao1nxBsumU*IxC zXc;1-r<;qF4fjpK^P57#$j7VCrCo;i@xU&KP#47Xfn?t$R~Jj7q2q=IUPr-GM*-LB zqt{!9zYiAngXP?_Wx_$Bi>0YR-tFUDEV>}qp%9nM%?$G8%@xeN;XJ(Mlv$WY4!F77 zWi*;9vY0Z9;v+S&#F{H095s`tl@l21?+m1d|03`CMLr>|{-2Z(psxt2&kP+|uA?E; z2T=lKopxiLMq6Q=j#j?=pY54;`?%i}84z1qZ$h+ZTZTqMx; zR)+eL73pAEj1p!2sHNo0S=;x8T^N{r6PO%@qG8qBqgU3VsRS1->lrOO#8r_cwsDO* zHYpH+Zu1MMOedsFXDYtfMe5A|CbC-+>0g$RQiFUzWK$rDIm!%*GN&tfBgg|trL~6fqrY@zaunUR^3(Vxh{$LQE?2@`e=e(dC ziT49`nsMD7d$gt*;Cy|QX*jq68P5TkA#D0j|BtS>jB4Wz8#jYXp+JCQ#oY-~+=@G; zcyS0)+#P}x0tBZxl;ZBi-QC^YrFik>_rCkzv*+yDk29HMCYi}I&)jld(@V;j_A&Li zkG>UI++Y3cOFgQW)Tf_!1#fF00OvR|=Qz+v*cD6GnoHm>Km(NQG!wVhP-1;w2G2~i zLSQiYsK=|RYIV+Hh^OiPG{-N2i)cf6YFn8zMDTPu*@s}aW4LPE}lkLWi=J; z&|$orGg*^fJc%cxVb6IVS>QZ)}bu@E*4D2*d4 zjRRGFhZ=JvV|aMW15X(rI0#2L(jMHGUA?=<$>B5rDvVevj8sBWi-~64Hh}L-^K(;wWZ8adC2O>a6d(|MC>l@BW3K?)m!Zg ze(8T@>ZnTSuTsb8C(bfOBuu;{Or$c=zV?)_VR7^Q?W!zlUClFb)4J@eI7dtadwMLSacCkBE+XhNA-mA_Lrl>s5^Hu(R`Un(axCmK zUpRaprqldi_YTtvrVH#-dD+vvbAy*x#U9lR9@QjIBM7P=YnvBSYZ`bZx~?iF&k88m zox0xxK)Y}tDa0PtJQ1~t#%k#|+!K2UV>TgORKL{SbpO~#IMjS0)O-_)1wfD%#G5hN zyNK}Yrw?Hen5CdUFWM*oIll!tA4*Kfiamz9w?^vTUUYmOl}29l8cpgI^V~|14>cfU zcj1m(WjV%AyPC&>#iP_1$!}nSq_}$yhDCHjtBv3{|7R(Lcqp(j(7juI1e3&s;T^C^ zrc0fUrc~I$Q268X)75y6;eO8O{gIcaK$C98+SnSKXk_v6i>egjKwg%PLj;8XeovqJ&SY+;t z;*t$qn^yxFM*N|)S^rcgvL37jSC%JKmItj(`4k`mt0;rl!g0Gt9fQ%u*T^m%(u@AVnm)#7nxw@Dy!?+(5A!HG>*8$n+JYwb*^GsZvwM}7-O zzDbuhmDPxyb<9R9UA{@`0)X0y0?Nn^Wz43~bhUldIaxqQ1?{4Nq-c69;cgmCnX`Hl z3VPIGK$5K?G^a+3PIVZPg2;q>RKhIn&CYO%m+9hvP9R_B7$5GXGGrd4VzSz_3E-GQ z%)PK^zRA-9V4oJ!oeG(GYcJc=#HPdH_@~gd(5-f`u*TOr1H%pNd&CRwZc)B&_O$_{ub=h41wvy`DZpmGl z*_|{=KV&oHV}sdHvsw62+=YbOuj?m5Lhuj?IQ)CU1;St~145gkXPaX0ziJ`lN-lG; zG)9#)Mk-rP%qSCxEjOHbzL0soN%A6qpUz<@!F@=buHfy$M_H1_b+8z6wqWYZz;s*) znmPNzB_%m(sbybh%N^jF-{P7Noztn`yAsro(G|ANHz{2NScr-ZCCI#eKrTz8b})Ja z=WZh>{`Sy8FO^7Yd^7JjP0~Nj0E7G%gM6r$&hIl`oQ11)2>aJe_OGBe*y4au*Zi46 zvGQkKVS9X8iy;LIrg)dWx4~#d$T{C+L}%-_Yd!8Pj_t4bi;7hWXU`$UUWOW9iPD3$ z+cZy;Ckll{Gkgm3A!>6bT$BIa*4HAL4+W^?p`Gd&$O`X~-Kx$+u=Ksv+-s0~k}i9a!f^}-f3Gk_Bxt{vL&{3J%u1pPFc8Lw z7oWP8e0x#WJ@8rfo zIW}czZClYZ)GwP`zCRp2_~ql7T1WjEWhVJ{COPVhsV9Ovd3(f-bnsIyjuCjt6r39V zla#{>@k7e(hmY80=OTdx$lBXB&Z zwe#YxY=0T^C)wB1pi~J z=giagfq{I$d}-J`l_5>eOS;)TIrJeiJ-sZao$d{5=AdoE(QM&m)7T-$2to0Wih-s!N3sn-#$BC38z1k(n_ zo6M)us-n^=yKAo7)`3;|sF{3S& z`B==Qhho~(2HMjgV_R%AZ4~v?TlLhaFIIYJ4JqZT)PTp+rc*opvo%XnY^x<)t5n6@ zNU*T(kvb- z_fp=EaGj2FDRGa}RX>WiG>VSuFZS!G>X3?=FG-lEqNaT5a{RS?aZNLH1mKt^0j1OcN`ikV51k(X*`K@gErcK(HlcOBs=o6sRNf4<-{{p7PU9lMcv;qD!NW%ttMMfiu z6?RBS^C{Ob2Z3JEn_khvsmsB5tM~Bt6ESI}=~9hp>OfSHX`WZQ7*bdAZC5fKy6I{v zks^=VwVp7OmW*In`Q-nzFQ<>b6FdTd!CI6-ZXBANA8~2rlW-FG!V>wW7>fXEGm2;{ z_UOZ8p+rBA&@5}0tR$<7q{C!`I{Ws$;I;zCf#uK+vFSCjX%GVI*L41iQ~>`p+1q*C zf#J$rBKJZ>rZYvRB_Ci@9=ATMS);WDqb{&dBqrSGmlf_q+>?y){Yb_Y>-uRW1O=yU z-`#}7$!?8Oq5{B=bG$@a*Q?FN1O@!a^AzmfSBhUpxtxqLLbUbXjewJ2Ikqu_!qEIM z3S!Z}GgU)~3n>>1DU>D_*VqlziD*V#+s0hDL8A}kRf>>AqUb~-DqU%kswp@6G%Ce@dj0>({G{-9$ zg%jC_6J;~bl@(l|6mwddAEu>P5O6f>$7ku|u9pk(W@6hTsQYr9bUx#Mss1^c4d{A`P0OMJFeutC}IuIHtfMRtlG$; zCUiD^e5-?NsoiI-9a3ye+p}9g&Zcah8@FY`C@X% zIOp0pr=(~Ej(Lbo8(mf{te_Snb}G9CZS-w!94j0JHsPBC5b-;d!rV(SCaZw`sT7!b zq6yq^ieMo{FqA{1KBQ*c8=^uKt&&10!qef270kH(gAo@uKg5T@3Z8MugYk{C!tfw5 zcs%OkTSy;AXOsi8$iaw>RO{cCi@vIX_;Y5yv4viWzHtR9YX8by#g)5zthI=v17yHZ zGB9vlvZbc_x#VzTl=|Y8LS#Qpeja>QoI?B_fAKv&tVl@$BSzfhnlqkqNU^6|u;*>V z4#mE1#Sm035O+OgL481=(gr$G;=LF_?VE05(5Z#tNiJyWa5R5NC}e{(bAwYd@E9UUh2T2u;W~^xTL$MYiJX;qk(EdpsN3_1 z<>nmZ8Awp2sMten6h==`3ZpN@h^@>f?d!ozhtmTK>4BjR8uj>>32%$vz(U`^CN>%m zS0&e&=>gW@7HhCc`7B`G8lX;urA|bpDkYf3|H%RQZ^Fgj1j??jt6s$3S?GTmwl5fP zyK_SLF2utx`{KihRJv_8FaY%1aP+tc=?yCiJQB?ocY9}@uFn&xt)dh$nXsfxMMbZr z=0Pd9!rakJ6Xd_~7k}d^yWRp^VHT6mC+irJ4BJu+5_rEYFB(+ZA9)cZhdd;Qda#Q| z9Pgjg$}KwHE4O3PceAQM)QFTBR;Y4+u4(uL?^#zZ5e4SA%!Rn{^&vJ8pW+aoU}Tr4F}e*d~kJSKWB4u4ym z5LTr2Uun&@m-vtwFn8*0o5X~R#Dp*%wd>QgW9B5D56dbo!s#amfr>|wjPZlXPOU7y z-c}UKMC{5$#e5oThWarXr3m^%9{NM7u0`)7F{)i$4{N=N$jd8$yot#F5-$EFgl&Ee z`*K}f#ywFCn=e*WERn~cdCZ>z)N+#5a;AteyEO-v?jtct;1$ZExW};O!Rdm9biq)| zpZ`i@6>*a_`_eQ+EOkL$BaM07|NB)ZYfOS;pAu-qN?|gkiWpV$Z)GnJgdLiF-I{dB z-!M7eBQgBEVE9RytzLb==6ZL}!P`*)>o35-|Fwlr9A)#WZMf?lM>3(_H~k;I>ZU4* zdpmvwP{m1B#VOfy1R)WIUmEgQ8tSnu>9)H@onhXdWtPyWK>Q8gh5aat@G|7_GK784 z>=n6hCn1rKrY&Ynq+(1&_2XvooD%bZdHaxABDdl_uh0Udtva)5*&tOX9!!xv?0FERB+@)ocYN>gYbtb)@93u}YJjPN(fZq}O9o=QeOLCQ))%UE#g zOoCI4O+ztDnUBkuNovZcQpd-71N_0Q{$SIWSwJJ-Mp@~88B1(^oYWnB(c!XyO^3eD zxc(xcd#}x>$8?n2pEtKZN6ieYmhp3S*$oyIw=_6njd?i-vNB7nLDk_)1NHL}yH;QO zDpG>PpL?)sc5l*!x6vt>k13fIf=hR*&MF_%GWOu}hP?8IfIo}vMtf??AO6mHJ`5fd zyrtL^{(D9o5nT}{yOR7#3)FZks=%<|Wh=ZqD0~4o`A+C5JXNvDIvbQ%gBriDlLTi! z3UihwtqXnW%FigG!1OvD0{&r^XSukdv2o5W?uZ*#-_X}N*I!I_ceNgI5?%21)B9EQ zzlEY$8m}|wuUliQzuKJ)UxrWZ*My4Xo8rCpqeU&-yMP}p>Q{cCw$ zNvyD-BT`veT3^XB+4a`KrSoKJ!1EHfen5fZy*t#GPy*K%3dya`%&k_B3wPjHT{$?A z_=eGR`1^l6dryUj30Oz7YW1!B##P)Lg{8cOEVEfuO(rr)#%5$c}q^|V@JA~XJ zuiPQESf=*Ln-`gxlA8ldURl=E=k5q|qL=E2Rq~gZ$`9lK^*IFfL{!zo;7AQ6m8Pb( z^k(M2lLy^z2Hu$@ogs-3Kx#EvYITtK*VE~NVjP)K&8quE|2vYxuX80|>)c(L4A;>J znU0B=6wC^dS3vlHuX6}r6Hyg$9#GoL#Ov;)6KILQe0ECa}&;M>S5-Opl) z4azp;@D#K+`mAIBStlD!Dw@1iu4~j z3bRmTm(pk3z@SU+oak!`0}+!1Dyeqcb^^z*%U6}Rnc$k$=`j@Vm%UdxA0V-+#@ttp zPtqDUb<0NUN`!6SRNnC)r=>(g-GLTS&Qg-!t~4eK#2D@lAUa&jiJN8*h~ zBJGw=0zztwGLE*++&7&>OR%fe^=anqtlO>IVVhIaKh@{g<=Ml6qok|T-b?oO$E3&7 zeXWw4+meTkk+sowUADC*0*xK5v>Umb*$AfF(Y=2=3qSgw?O`R+vrR959#;No$mi^y z2Y--Pu+A&?Q;zz<;Kxh6k8xc-eq(-&UAtbURbqRxfA;v&ey~4om|m{DGAxtx0RM7z z_PSql^u0aVep&g>81y=;&(QAve(SAL&G+)rkf31sioW0qD}fJ&ZmVx zg>_$LMO*C^H!5X$q@?|FI;~yAji}%#@Vw-U(f!U{+G)YAkF&@xt=DSn-uQLG(ghMA{q>yyV1PUUUvB^Af*Lf_uf7WaqbGEOYL zrXW9-UfDv?rZVSQ_g6hvqk{_##Vaqbzx(=k((5awR|IV(eVGnDR&6gfuB7E>f7bt1y|70|6;D=>{#`kydwqP^`d+IaIrhQ&&Q2nY zPI~xZ{nzskZwY9~Y+AH(T=lfpNWIhq-}?JY&ktW^uw=&H1kiI4?)%G=lYtLg+t=4~$=qQZNxoKN~rAD~y z_!+4`Ut~O5u$5SEofb^mT;D{m3zZ9Evm?9g&#t-cdg>H}8|y@pCuw|KzFKs1Q5&6I zA1i4-IUb&#+^T-q^0{7(uoyRd`Pb64Q1UWvE!vdv{XFmTBomD5b@0Bh^_ib$0b*yo z^q3?xoc~(aAf#jP>k~WeQw}kE^!RG=$BLf^Yk94XgI5XT_0@hz^O1)dg2(Guy5V+T zm%I~#+TMqsi)^d~=|XH*egl@zo3 zBrgOu_wW^nT>=!RL|LrohS%V4-w6q=(`39K=JPyHpRaFR8k>B0i>FLoE45}{YwSxe zYNlP1Tdn4>Bcibjqd_BOJbF-Eu-xG4&LG6Wh#ZgC5ymkU_9XbQ9Jt!wP zJS|Pg*4DK@d8UvyG6nSJpvJDVbJ54rqP}-WyX$Vv3nk}G6>oiGJW2l$Uc0eUf7wl8 z+})FX0*c8}JfJ3ctXlA*pS^p74=!Uw=Deb0+r6Ssf9lSKhoDO;2M~kPXxiLx?;lu1 zIxJxPXQu9OGe43WV<>@ljaNT=1q}(Gk0b02lzz4Q3Hx4Lie~!VZKWMf&-*_fKJK%x zpS&Q~1et8Wd4v+4#rzIx!pT2#)mr}JO(XnY3R@<7kb7`Es|p$JgQQ~MfQ!64J$6O` z@3>*R&k(COL?2a^5=s}$+U(48%5NnN3r>&DLv^5n$|L4&o`uV&J{kkz#ZakGIvezg zb56{$n~T_wfPxY38Y*pW_eC#G!UvAy=&1^jcjD@lESq7l8subFsjtYYo4feY1+TT{3BIQNRNwvM2}1=t@8kBMRiB2~6VEf(Y!O zN@8N(jeX8y6b?rbLf9>4sh%NKSdu)l$TUaPVGbR{@Gg+KYcC(wE9#L&z{Zr!`mJzf zckSTwbS!bE8P-4h+JMWg$O#w_+aYY~={&jC)&P8^q+_~XI|Ky-Fg|056Xs6m_#iZi zk9^8<^KwDy_wnc?MOIaVKY$E;#B0TbXP|}C6w5_Fv)4UVp`Sv1l~Bs^Cd4t>3<4UfkQhu9v&-FTBoQC%QQd{CSMN zXF0EL^=UudeY9m?xA(peWE|c9qhL4i>~s3}$Qo zOArs!?v7IA@g?o>DoLgN<;?SDIIZAqzW90(*^Ei#|M8tU;!K(UBNfLT^FCi7Z^g@P zJyT%8`g6O=>s9}u%4=1G7$9rnuI(Tt@aNzbeEh}eNSyJF3#nnUO3`rKibxRsVpfaho$zOLg8MR|aVC5VuRE)e+!?mEWBZ@FyLX5+{np{?q%vXna?`v1z5$6{MZHUE7FM~UU6^+Ma1J24 zot%uaYwfKfmDP2!;4)-4SJ+4Au^RHlY5MWl9rTvGu#EC`SDTv6u*CmN?q04I%#+y!xg~uR{OdG#V)J=y zR$)N!212E z8GOdeKE8+WnOoDE;eD5v&N4QQb|KcX-^g>X$X3Js6)s& z5y%%o4y(BRUqok(Lj$WB)bXk2@U}v?kbOUfKXQrUB^dusS1nCeeI*c-FH$9B(EI@9 zlXCo3LDtkbS2Nq&dvcl3+Ko&AAIK@zLnYSpd+cr6Am{(2@OEFf?%>58z+nE?;DDWg zN%a9U?wTMq=eQ&1KJT%lF|ppkk&=N`l7*!Q^^kEm!Gy)!9TMFhK;@>X@|2uzEul0A7)uD3m^Ir%&xc)q|orc77<4HJoja1#DEAg z@j+^nPU^mcMaC~Hs3KZj9kdBq5MY&$+UJ3yFob!Pz$3YyB{|q07cMGWIwCmUL@GXx zym5Q2*8WbrnXmrXQgAA#E!tAP>@Ruq_IE|qh%oIiIi`o4x<~Kn)9sit-rq#<>Q+>9 zmhxfze*`y)6;%VmwEe@T{mlKlcz$MO1OH?K4+qiDRAlUY^X2MGioWp+7Qc0>lDXXY z-I3hAp@SooerB|JOnJRK5&1F9A&x_5g7(&VN`x@b+KNsN)mueNvI?Y9ngJ@wZPK|j zaOXfc<*TUV7pXSf7`e$ICbCs(vX8_zOE&03+Cc{P&F zxv<^Ih7hr&3X56gY8&S&b~dTh^u4z>^w(Z=L)lUh`X*s{>^i_VYEvqjp6>t>Is@XY}fd8gui_hZrmDjh~h( zBP{(8dEbhj%grr*vK*nHH2=OXZ4EQ7>7^Z72dA|we1FLgMx)-lHI4t5DwDkK|5dcl zhg(3f{H`H`bpFKTC$-x7w0y$F@Tcvh9vFGsx5PS@wg?d|Hij>8?8`KUz<43*wvEHn zv|o*7GK0-F@$PbpYp}Tj^Gaa51BU%aTrQ5^t1H0}pzR{v(q)Xo18#x>y)9dYsxu?_ z7r$Pi4XQ)n)KRWdNxVpAU^8=^RgH>jenxGI+tmKmslYd$;XfKpspHXh^h{@2pTrN{ zr}Ee3$h`-ajEs`Lk`CI%2Ce!eXwuv2W?VORkJvk3p1RjZpP;JFrPt~>PwkstHm$ne zTGSJPyX4Z)=v(dBoNe9ij^#$B86BqbI|eC_qZL)1(rO27r}o_{SEKCg(2~&RxFORA z+q<-Oe|8)@EIdTFvmkwh?}$w)xcfZq2;=htKzpFR4O7_FTXP>-{0Mu-q{ef#Ycx6U z@?k|y@9nMK`G|LJNfCJz<_-+R+UvTh&@j|NSVL&)0P3q{nalg(fRe7(V+9+9fwG9U zC5q=wU{x@XC6TGFG8L(WwnYdpL2C1fu*Yc5D%B|;I8p~zl>|cOFjZ_0&FMK1;U$P} zjOH?_AMB1dC9g7_el)Ok{($cw;te!9(giaiVFc$@J$!;J{3y zE(d23$8+^S{Q*3Bp$bWy2#H(%Ak;zzdnue@F*OTpg0!Z;tDz61E2mo~ZB1*+?4M4) z019}|#YyW#%*4bz5yGKjU!qRz(uKpvQjdq5GfC%%d^eyvw!%%y$C$+)S+Uz$b|CH!==Yl zcq!}i$((t>BI)2{<0%ql--^6h++7GAfE0XTgqz%ADBb*+wY1_piL(71PBQMeS0m0c zp?S1$GjSBU3JHW%ya*%o&=mzl51^?MWWd{w!2nY%)dOaq!mV%{iI$XCmJz+U`jIe8>6HTeofZwGBWP`pi+qjKo3lD z$-dRd@7=vNacoRCJo}mK)~D8L{P*-u(epDuVJ__E9P;9zF!R>eB*wY;M#o_JZ^QfPd z1{w`gu@~fl5L&e2!~_8{niO|dwJ(QtgR2w^lPbZUv9 zEaeo#73CD(&Sd?0NHg?-eUA{0qlHGy00{E3QrW5yj%<>jr?}wGx;|e_)2P= z>8J<8+3w6(z{J~0&ao@;LSv_Yr-*}A2}Q)AHYxpkcjZ^j5Xe;3rg$PwFadf;(}4t( zB!s%fe03K#Mwf*k(G(J@7U*@K-Y>l3003dhfSK39zPV_?iHzBlUmQ7x=|36B6E)|g zXgwLm-LpEOw-~$_1rBb2$Z?Kj}No=xw11CJtxOG*yJHS!_A~QuI!&nxcjr z;(!Y16|S6j>`(4d0lt!o*N3mE{YKG%DjDp-Otm<7*1HQbrVwAm0g*u2N0+x@Q?yGr z8c;6N(~=2S4wt?O*u(+-u!s>J)}F%=JBB8gbuZSmq}U6pM01`R^u0s@ATroUnNutN zznv`bl9zCdPN9T#-8Ph&DrRe~Fjq1-p=jv65W@AR^e)H-&YMQp$*g;I_&`l&I%3g@ z%YHp51BqZ zvN3Hv73X7xT4Gc7_0dN!e@T-XnZQNrLG$tF@h>UVl|72li1{*o$zi3i)w6VP#*vZ>No_3MMQ%>wE@Phpwa9Z6fM=43xD4 zYlMK>WJIQ($V7fsmDJ)3u^?l5UnU{f63h!6kGoLw!$=YmWly840mVHs|c40NF+n*MPq8QX*@{lA*vFgNVqyDNvRbip*(pW|dv@#D{$Z*E1T0tI2K z=vddUEbc^vWN`qjK|-OPkMlsc8Cez_xfm#o2G!R14^LJ-xnfF5zS=OAO`5tOngwxAa}?0y?rH3HNm&h`#88ERy!h3>S>Rdy*{Q8n`(@X? z-S_4EzI4BQ;-A)yD~~tt>-R>FV`+^0S##gZSvl7t(qA8&OQ?3+LFFQv#}D&IxG&$| z@ziavqp>C=&dF;$r!(XdzS?n*;hUW}w=QbBZ{+-cBeZqD%J*`b&R;$6Uaxd`RP{#c zPmON=Pl(paSFn9WxLV*2zxo~eLcc`y1{R7h8ktuA8m@?y`dE?v}-YwF>bgZ0PR zjFI^D*XzBC=+zFrNQ3i|N$3CnAZ=*h_I5?;>#V5PN!vDZaZ|u(p)1?#rH%W2l)-$G z^Np{Lum0=qqL;|>n93_(oGBw&#DyuN^ylZvNyYzyw2{6X+M1xo*gp^b?$p!|d*-gK z<$*4tTNiFs`gPq$ZEI6ewKok*I{|y4?Ij^64q0~p8>H?1pCD~TR8%nxPA6Ny>wjXj zJNe}iH|BzYEdsi8uP-O;D=3`@UpClUgqXbyh0XG15(ocRa} z2zaXMf6VqdDUX@-H)z*SFO^nl7a!wkc+I7%gm+mpMa`o+V#z^xvy);#l(|9+ftH{WrSZgmPgb=8k>(ERo4dq=7N~ z9ne_1wU9YpmlMCZdvNOGqUjp`{|VA=mB2yf{alx!i!t4;2mLU=%VO_f( z%VFTey{F}^OEXV>{Wv>E3s;Sd!_mu<(fgBsD`mEq#1X^){#@O@5I;`B=o!m;!BK9n z89}L>;$L#y3dgV12g%#LVuyG8w)Hn%%}s-x-rJg9(c}w9J{PkwBrWVfhV9aPw9)XW z{cIyHce4DyrR!&oji=spyrndso}>NKM7*D$NX!)wZcA+$8##SLz7v7 zmX9xbI89N766?NrR*$xiva1kSjJP44E7YF~9I)MOxR%yQc}^)mlyG>syD!%X>Ff=y zzE@&5Ki@w~G}c`WWEUkpB||Y?KYM<{6{73=uh(6K*jJlX*&05&^#b?&*%~3Yts`%E zZH)$vZ110vw=g${HdC33oNLT#MGpPhv(0V%r>Cqk+gEY-YoushqsFR!YV_Snf;Zxs zIH|_GOQhb+IA8&PB1ne)@6L~h7Z5G*&WfsWMR|R+e%h-y2W>xso>~ieRTw=j@u?u` zA0wtvF6CZZ9G>d+WL`v_LHyut2T=5P019_c>e)5mTdLpFhDuHaS=5JfHmzg+$2wLI z2*S8M^v7~DN~iBmDEUOkRZ5UZW~Yk9#wJG9^+Q$Ns`ts>eDCd!5ARC@+45iS^8U+5 z20s%7EE`L?>Ebhtt-(@anqKl%S8ul}uwiWj8Dc^Zg=SC|_oMlIiAv{Ti+M*eU(^wr z;xqOXc+o5V>kare^Mf8a{E!58iNpcgMd`pp=}39~enHJC%>TQpa!40WRTEB_ZGXyQ z61n}@Xxr5kGN1mqpVC@Z5VM+?c(}H3xNi`Ef5w|@b#yz1d2{nKf$Bb$<{p)GgYCXI z%fhJ)8p)9^_OR~6^0=aBLmyH?1BGV8#0%0wE~vaM)Y4mdx+F`YkqF<}o3k7Ohs0rW z!_N8RK*Sw}&UVxs0{dpTZnt{g*qMWdh_^&Bw>a?e>B;o-*k>-Z!V+35(ubSwRD2} z`5F4-v!#2*hz>Rz4m|#66Qs`zn7f~_^BfC50GU5bJq{t3Kf-}UIW?YTebEDk{l#vg zwJ)&7(%jC(d+ZjyRWkCwMQqjUFq_*jH8Kd|g}pwTUDWQdndvU#eRUmb^~`J^pdW%g?XLf%&fJMnT`@gu9VD!(-MVnwevbA?1z!<+Kf zp{j?TO;oYEzB(%%0` zH&@<-XN$dGlD|$x=x+)Tt4arHOG)e-u-n6r|1pVDa1cX!ZvyvT8pE$$9=2mqiSN1_RpXR8@o$MA~JNxo+F3rOd-crOoryzq9bYV$~G^)RR2=LHU2XC zVmrPJR^Ag7`vw*i^<60b?t-Wpu*#S4y*^8S`A3eL8-`ek$tdm7DBrUmS?>h=rn1io zZ<8WMZ>8g$tIP=>9IdblPjHw|s#L}*cVYzdAi^k=S^^#TVp#yxsu!8h3;fgYYX>2pn1jem8)wrQ|25lfQ9-%X8kE|-R@rbEKRvmbu{*}#=Pt= zH}fAXBI3>I*?F5cyJ%FCXfzYe{N29Rp1A#KaH&wL!-7SvXol2L&Ho>9*{qUzy^|yd9Mh1_epYJYB@#yvUwl-~>BO)jQ2l-z^5!`LDv%fAVRZ(c5+}niNyv@{q znqTYv^Dl&sasThgCTup#Q6CS^^^0UF+fXL-%V3;OBQ|-M4fwa?AU+(emSpLU{GLaA zgv9m{3w&`6RNFOCk<#Ja@688h_@fF`lV|*66i=`EVtUP*>FL9pQ1c=mEy&r<*7Y9U zeN#~5i>5n|-M|7vKpc^QicCRky7R#K{bAoWgzrThIoucR$!~%#ps5BAG z4V$K~=QYkqRqPDm@1^liO2uM{#927wfvyjQf&3o|DXF16W_*;DGWaJYVoF3fC5$x% zy?qnBm@~_tjhSwa9tl>2v8b}TTJS$~cL7Z|$WABFu2dH&8}V^ujWXefwUzpOi<<*x zXFpl}P(b{gOy32SGCQb;6G3aa+kQODcD+NI&GWe$);nX!>TO|_?&(d)USEFr${s5I*!8X-<+|=7#etr(RWrL zDpqTbK`TMk8KE3$mQ)EWNQSh-)Gd=POzK!P(g;-v5=>`;N6a3Xu2D1AyW2c@a_Lg5 zKhDP6{NtUUK_~JXR#gdGVFr)(w}TmTRBNjNi%J1o?)?{ElGzjZc9(M-n^e|~=4DvT z9FOsN1CaAAh5sPeY+ulWMtyQ?>RhtW(s1$2doxTDEp0K%wpO#IE`H7TS=elp+2L(5Nr{x(PWyT^A9r%qR>Ms%oMmn+-# zyN4gEhf|zpxCyqjViwv8g4;-jhM6Ly+oYcW;Bi4{HnN{SHXFbjvE#(IPK`vl^43r* zbz^Ja13P@svae=$O?KBZjj|LV6SPoC0x;0!Kh2UelG}GQFt?Ys#M#Ow;7SkPhfN%@ ziQ%;Uxvj!V-uK>uPHF28*gyPeGGO9+L9Hi1OxQX|hZ!Z=sczaN96yR^t@uKO^7Tx=U z_)nJ#*=E=H#fi<^G*$sHNNYl;l}Hhn1mc*d?KlR4Dw*F5Az`HX^@t1KsBqhQZSj;L zVs>cRjT*4#_OF|Qc?w>qXLUC(NV5<7WUIvlJ*xph_iS)}Nfht~36`q`YqIf8*s%Yz z1{QvL@ngfa?S~O=g2N?GI@JEdG&M%Z~wt+eAEz|N~=;clBg z8gK`cT#q1=eMk=G5PrIbD121E2PWSGH+;~ju4#wQ5WGV6_q0!e z9d2mZ%d_B9rrjd`5A}#K-vTY|Vn490c8{8y_leZ<*#@T5nz+mX2pE;qAbM!oPEz_M zdfS7n^}Bpm0s6F15B$7c@!R1Bs6OJ4aNoSGAQ9AFk)MDpdF&rdQ{}&QEY`G3fE^lP z$y&W19UH^Yk2T=`F~ts6Y<)tfXZl+tiBU*gtNuw@4xk#AEcWwuIVAYeO6jb1|U9;c&jPQV-;8~WpNfb*(I9^8Fy_6&y*=z+|?~Q?n zBp82%p}XRMw9|UL*D1le5r$w(JYWKNQ})wQ+ln@7kH$RvNGwLQYlqqnRFab^S zJhh4*!t*$6ulS}qBc}FuvX0(iHMlynh6s`n&=f{k7-UKKZw*BJUpm@8<#DEc;GI6t zx&hWYgXic`k0G%?1ARIK_V`qGOIYp5aCr*isBP)RVmbM=9{mg!%rBpoRvp_j z8uM1<9Vr#+;u+?I@J21A@*FSSw(H(qCxZ62_~fg|6=vfYG@v-oC!(##y2Ll>o7Wui zBa*yLpT2-X?Sq+HFCpt{oIx)qk<=#LfwwQ@-W?`gzT;Ofi19VS$7Khw$Iq~9Wi|M&`rXDEYLMMv5g?VD#RAB(Nf7s-H2{kwY! zw4Av&)s*HRXVxkoYRF*ej4LdExfDW5j~WY^93pWekKo~nlHq0|!fayz)blY&kS771 zqGr32Z=c4W%S)#cG7W`-YV`spHm~}rh(xP7fbODg6)Y$Ige$v=Z=nBwH<62OhXKheVbbccDe}59vM?{` z?J1$~!12}j?cV+VVg0Fe&Vr}I$Z2zA{K5{zx0XBOwiyz$N@zF>A$f-czmJi;C4c>4 zG|8!2l2aCW zG5R2hi<)8@5fS;eD%Tps7CF4tTmY(WRj;36q?MCF3fFniBWF@0M^ro ztUxlNa+olG-Im@jdAj+A>kSgu2~qW|zq;Og30J-yESx+!dQ9hhH!G2YgIZQjXnx$r zcDH3**@u|j$QO(+6h~al;!+(wjaEL5dwHk-mkf2 zHrNJB#W&Ko2`3$2s$;bqJ~#pn3Jbf#CgAzc9b3*0UT*B%{ssFLezT`S?>mUmXXHVM-LL2y_MU;%YS1l!6l ztz!D`<$xhQV@Kkp1Q$M?pq|f5&wty$bf;q{^&uh(tb0H+B^*)9I))ig0Z!z zi?Es`It}s-UZO#DNMxvxNGUw^+Sf5?-2(6Vm!58UZc9UYXHa+~@X~1%tU^&}+h;U3 zKhvHaV?EwnO41Dm%Brfx#IL$= znn|$=3L?l)CpL+B^I=1`1c_-38YULVPs_sxj;K#KC03xwy9~&C5e&K#UO1xyK`KH( z(4Be$8doDjh(VIH4H(yqO^us)>wX!{=9R)ApvZm5avwAiKF5G+mlXR$ z;kmEi_a}4mLo|#hzILH4-=DO z%N5~`iUlG`~(4Lhe zK5yzP-VlTyC3~;WG6_n`%7K!$7x?$#DM%7W4~pfW8P?a1HOWZIlQthZ){T~+!i36{ z9Gjv1ioHu>o)pYAPBJjWp&-_~;h0)D@$}-k7thfv)IEfij1Z|XLQyiLwCm{EL|&f- zLh|^1dK|xTCC6#f^?#{A74NB^yU9g1msgmPkM#0$tYW=7K<*n*HqfvuuLa@l z^~?C-|H6*kB0bL8%}987G!=z~HVTobbK8jDd#Mj}dnjn^hGQKk$No@TE&ONu8AU%Z ziAHQZ?57&ugc{yHGih>Odh`6zdh#tq$;0++NoMIo1@AP~PTfBSiGU>Od$2$sRi}={&B?B(!wiaB`qxB zMrab&D0K&dct%d3FC>wmPMJlDAG_nQb~@Z8I@Tyo{CZV`?(4@jP*`!(a{6g?TosEF zMK~=+u=4k@Hb@uMhYFm=YHZ5`#ZY%f@J~Yeq5XSv3`2$BYAcKu#V>;1B1o2ccy%8# zP&{QLhIKbK{i% z-T6|&45j();H~YXj#b1s8=}?sXo$}9FYL~Ql%Cz0pp=n@^=j8n!lo?!fp2^RooWG` zo9FeL97Rq&melyO^{ndQ44h4q8 zZDl6R#@a;u>ynLN(o}Di>d4L#GzuG7bG*j$zBFwxxv^v+7&W!7n8a8sG(bkhwUT+( zfex&^UKb2t1&$#`gnU5k`(6O2cgK=k!@{o1ic?9TQ}x@b$ED}#n)NYhAnH5Zkm4{- zrGMDs%bh0=`C;Y&DwRGvp=CXmn7lc=5^QR*g}$z4p$jKCXL`nFdE$aPS$Bw_q=7)) zAX?hGo%$TQYxX|``U#DXF4O@&WTpckkLRWc)d*GqB0*ZThEX?V@;|!Gh`}D+Yj&6& zfJ}HN$`^)7Vcm#00HSP~P}y8@-CS|su_mxE#`_Mh1%*}FnU$uM0J2daGU5DybfJ5< zQYePhLI7hJjpB%#XL8l@k+GSa+19m5dvfmQZC{6d=fohC5GNLWBQ+WdD)PvqY{5!X zPXHOBqnN!DF+ig?KucsNlxp}|X|RDy7-oRh$Nn9468c$iL_gc0&BPJYO{!#mt_bT@ zY_URUaP6LM%~Rfkn12~<%=Ku?LqDBG2$#XZDnRsp6>H~<1LFkt?hoAprxK*MW4;a z@?NaZ{Ffr^m*S`@!i%Vm4}BtcHO`xrAF=}k+$7=q6>$+i$WCnP7BgQMO6$O!r^Lpw zAI)U*H4^eT3~Nrl#^ zji%2=Xjwi#8r3+5n^G(wDB@CcDH0(N+VIF97){QpT0&#OTJTjSW;wvM+OM_9t!w>f zgV^QfjP?_U+M@n|CXG33LHKu^`_eyrkS9m`9j>dKDOWX@WuxHV^k_a7bcXQq{3n%|nA+?-bgPT<#zEgbb) z>NZR5{XzA*KVpeWLE`tM0XGMS52yQckvgCnYSA{qRA6fokkwWQrDZ( z{M4Jd`_%k>n6p!sZ|A64mS~euD4)@XaOJ4B*9}2XhmU}}Q>%_Xw-!wXYk}1W3g}Aw zesEz~t=Bd(lo^#KowdMh1clKjYM>DYW`Y2hot`&aM06Jciy$Lf!wNoDO<+Bgu_P)r zon!&Wf06bKtzE8lwD8|q!hlfzMmhfB5P_>j^cYwp)RQ{u=&=Bh z3%|GcutgeNz0&Yd%^R{dyCW-33xUQ;re_d-p~+0Q0b;|J!dE}We!cC12(T8jzy79X zzB6k@$9K2#^O4;#e!g7-te4b+8^gT8mGE0pSEJ~kZkS?xyV_VnY0)P}$fQ|ZE5$J9 zn!vis_j=SuBQ$-0j8*%~2cMjg5>CGL=1L%5RmjCJ-~aJet=A*Jz@jLbpfPaDq;w&? zZXq5v@JEYMJUupg?Kw402~+s0skRU65FGXr{4r%42|56;1YF7koHK+13SuyUh~Lub z$Sm&oX)jgSo~J!phC&Is5z#W}*sNa4To}^-mw9pTOF%S15M|BAlxmI1^l{W|LmAe& z#G=h0^`X%NbNV1Zr##)O#RV}ukwEVDz$WnO_|kWB?~6~WXwO~|_F)EHrtLRTLpR*Z z%A>GvcPol)-kzi3nQ)RSxTqgxyDl5o*$Iqkr_;x|8cTu=w4`m~NYCPwk+7SbN0tLi zVOitPTGJM^C`VQab{wOl8i8B?zKD4rc8Dzdw`fOxS%%?`!7nR{ZtpVM& z&kp8C1g^_Vi5%EwysEHdr51KZTeFRauvJs6vxnNsSrg?{K|p1{)*zRlE(XR&HMLj z=J6g7Zu9y4dXzZG5}D481`m!l)%XW;l7Q5_{^SD9p?yKRoSlG&O%c$iG^A?*cvJJZ zD{ncc8fI4tE-?1q!UwGDZ8xa34Xd=wTAe;48k^Ww)F?4&7Szj@N)#?g$HhPVT6)=A za(8Q3QQhwF&AXhMm;1}1^~R$28;V$dkeH!u8KxR0Q3^()yntzq9?1+~sb?+iPg#)G zx_rYLr7W(aDwRlB0E*PSYsEPUVDe?huewT+kdawBlX3A=4sPIK#GTmme44&!#&q^tGIjtp7qUq8-tEzhQnne3}t^pA76avUF1kYb&w*y>=vRXUAS; zj{}7T(pRGAomYIfbF8(mTlSnZd3GegiHqaIl+B7Kb$Z2~Td`U&Yp^dE_kux`woFzD z8!rJft-})H#DVxQg|gyL9RKq|;)m-j;i>;}5pu2uJC|;^Al_t8H}}9<7;HD$X}<&Y z%zL6N*dG`SS5Qw{+8?_BUYv9L3Hk}mZq$VNlf2_oANqVza>82JHq>tjEq zL5mvM$wB&~n%pm}x^n5E4z;hS247q{ogoiQ9yPQoR~}Nj+NfF2R^f#N)Y88Nvse3u`%!QsHnbf$b$HmaaReIX{6%JJlJ|w+ z_Y;!0v<^?-ale>ao&el z-oJsF$In2?skhH%BcXXn{c8A#VzMmdQUpxTyomvs@(;LV)0BB!4W+QF3qY&d_iNO3 zZ?bb?m8Pqgn8(Fkdl&?1OGLG>&{8lO6|L;!xIOePHtqjh@-B6rSxZkj1lu`o+SftV zj%Nxa?d&Is#s%#u=fBqkr7q%UyoA+f0RqF~IY{}cqrn|-ky`9?_KC-y$_4BEi=JY> z$o%5GUYEQA-kGNx)q zbFdxzf_>tNr*a9ond3k?A%PI3*6~A}N|W&18zxR1tuSU{4wIx;tW&W!8BJ^I*ni@e zx?O3=;JwL$g;fwPN%}k0@+hK4E_09`Rq;24eMO%AZk7J?3sNo;yc#~{r@%!))3}B7 z{)N6Bd%CbuY^IN!W>{+Qk)>b?s_xf~rZ9s~nC!Xn^F1FTDDJ9sCnl zhss$UJDHqzDTj>l0N$ ze7>npP~Sc}l!+^)3x2YvJ4~~$X1GTc<@?7=5|C+khuLcs`d@QQ?*6ZwX=Yw(@SUZW z=O*tHj4Qtu%+Bl!s*i|~uS9&aOo^c%MssgV@NWq4_`YN)A}S1b9oq!ilNJ5*AIdho z$?L;QB?cCxQ4`+&76qOa=B}&MZVei0#CXr~uenU2x8IsM{UQ78bXxrTiHVPS$g=-+OnUhVd$_mK-G z|Laq0HRY_4;2fkrRceH~FKO6bxb?_vpBQ0%R7dyQo5;;Cx#1r6dB3`6?vGoW%JxZS zBhjjkhPO2p9#QG)EW~VjpgLDxW5A*asxa)MRFAw0779Z1C~U>SJlc#kel*V2>Fc^7 z>umYe(#LUuvo6?-kJy#9Ju2k77{7Kf>|B{j`tP?4F;llN}*Ya17;V!Ol(%iSz5Ca~}2na(Uvm#Y7r(Ml$2a58He&3OcAK z>XtA?5_Un#=EwKgT5;-HZB(n z+4S9S-va;Hzy$CB@8bRsy?m@uI`#<^jGe*sQ4`$CebqxteU5*ZWQCjjFP0i+)Tv zX4}MH7#g3oe(T@!0|%%wVX>!hM4FtPVr|wo>zz%2>9ws;6hT5iqduZcSoA3zj;2Ws zW8>bO>LZ>&bpajtaGNNc&zD-?x&4M$GGNaqaq1f3`(O&&)`7_!V?BV3Yw{Gl|pAy{54><&S1Dubg#P%i%i{ODD z$N;0-!W*Fo^oL5=SRj%9&_G=vX8%TtGpMYLVX0zzN+q@#IN6#W7QzKDo=yvA?(XmS zoYiQCJ{gQ?6Gf!o%I9TBDX?3MX2v-gOl)IeqJPz&eOuU%ijxnN3LkNo_2|y1)zWq1 z`d|}G$Rn-GZYzCB{^II-iC{T76kGo`>NXidy3>d89lnrq@7_NUesZ5$JDUO)mPZ?b zz52BV_=4ifgorh%E?5_ik{RgR&;dQ!E$4#QP6un42Mi^8Qq{5Bh!gQh8?Xz0TNplc z5ParUi9sy2ry0b6U|7ax1M+SD{ugmXjvv^R%qYf`T@8!O1Ei>W-^CX;Mat%s^6arg z_PzRi_0Qpo`|4kGkV`lR7d%lq?PoJm3y)U|7tc#_)azY;jBn{+Qj6E2qmJRNzo%~l z3D~7xJ7X9S`U$-4w^2m}wPY?u8yH3&V2We#F3gd8-v9fd`m7PjZXtdq(sQ&$eyun@l+JajI_|mj3Nnj zjRT53==*=Az<&9OQw>dZ_L>=b>=~O#z&MgoFT>FIVIl2xT#3YZI%uzOchDAc=DTTDE!ARdS@pV!o6i!oNu2zO_eBExZ7Tg8sYvmBQUbb$q#>{cV?$8| z`-59E(bz~47{QX?5YP_9x}a?Es8(eRI2RQ)m#h`Il-ugsVI9x(dhI|G3~m^t3=)#2 zD@NL1n9^}PIa5SR4-p|+oPCl^Na&cZ<~v5H&WW@g5)s>yysE@(1Sb_7^f7nHQc>VW$vhgavnc&i2`nUOd(ftF_ z7b&79TJnW&4~Uty$lITgo`f2PA)ljCQVTQgyOM?6L�U2ki~oAAProEM60u z$1Ent;B2fc)8~4^j<%C8TYjC*t9!ii@tCDQ^N9$pAb8p$d%vS4^R}eRH;6N=l0Z^O zTAw%Wf4@<3c5Gje6=6HBm^7Gi8WeOF*~v^_XD_{$H> zBe$I_$5@xs-feULakw5U@L#;wdHv2ai{;n0G$g)Mb`m8%8+PkXUS9*!CK9^_7~WNq zS>8UzP<(P0#ndvEIV=zEY=?TVRljtDG=8~~`Qs)oBD zh+AWLK84Os7$qpjVEb>(#YADUMB?;H2yu398@_!jqhT^JI`rrjkhpT$S8N{=rUn>% z13G1C;f+^i>NCz42bOvl-UVq|I)g(mbam}2fEj?;rh*gMq0}!tK{RfJY zED-~}Qc5gub%9ph@b1OEg^y6cv%T=P<8sV|cikrKC>8P~nSogx`}dDOUnq8M#-5Pq zvMWMF8h{VSJQPvTKfO%jni)m#7}5gOVF^~{qMGmUxYIxLX;#xi7vIIh4d~IUAdC&N z9nV^cGkY4Gsfq0J@~JGexC35!Gsg;?zmnOH6;jKXLEGlbPQjP=5}YI7*>@EAzJ0Jp z74-2Rgh@sW9>;?%xx_q*cOlVg2xeU+DdFw=`%Q}n1=Lg!lc6@~9;CL0Px?4>J}VO$(8RDq z*fmEhdec-nMxxlwpoVZkU+7f{=B$0nMp|q&a>!-;V}Cj2IgsDCka0&Yn$H6uvN{R?o(P{m=lcirVyY_Ud(~iH^v=D6Lk82({zM4k*ccuyy`PaCz-m!0secTDxIZ?MSok(dUPWY}9>cD| zk<{=^A8EvjWGF*aMW@sh-O-etWmczT)z8=fOtTBdk8h+(l;V@c!b~#b;;{-LZOBOf z!PT#gYIXb)+E0gW28j!i2|FT=B{t}bam3&xWAD{IVz3N^(mW&3D-pz=*E6OJpNaKC zv#>&atSk>T-Ul(i#jy9uq@obBE^X3|eK)Pswvu3LkS;G%nrMGQRFWbpqV-d^AG5F@ z3+1)4oS&t6LhO_v+MvlA$LzSqLa0glWEB6uu6!uKar3}n`o@kUl`4-Bz{iy}e42;| z8XH;sF@tB*sL$3wLugQ-eMdUzh&U3B))yU3qPzI)YG7tk24hl2b0Z1nGNcX;2zmVh z_ws}85F69AjnFwIRQCQ!$mZ>l6>Soqun(V5I#-_h%g97$xnD4vG8UmY79r5xE*O3A zx2%C30f%>iTknE3kYG{QOsWhtO+6wyooz8_d3at8%0DcT5;)5(S6UOp@6&?n$+_I3R9L=lgdY1$ z5d2J_y%C8dw7DHID3w^vV~JA+gHx6tDt>2|EX+d`iiQ&!osN_8%iYU%#D`=tpRNQ6 zb2h_`3W>0crb66~`R?^hW<1LXT^WH;9D%SKM*A*)uFUDs$VF^S5iD8MH{QpUabEpNB$HFbneL$DUzRi`i z7TdzUaCO*lbqU6Bl<&OG(}E3GD=c;F+QIDF6xu{=|C4a6f1GO4^;{w)TcRwmd-i})r25PG8^L|z~3ssGW!P}W3 z9M=xy`m!jn%quo!Ix|}^Gn>UHjnp4|WjUYXa<$Xe#~s^^awegP)}`cOiaGJlaXiZ2 zg?*PAu$LMVo(XnyzbZ9ak$#HBB22o>7Trk1Ge@S2u?35|cMvG-ybCk3*?eUUIL~d_MvR7g zpRV(dYl{am>Nzao4lE%M+b%dcUW;l+Oor(tviBGGH4pA3 zkM8iju9Yi~o%nWwqrA%#GuTaP&>k~ApKb)zVJ-EipRvc#t@D}h-{rgJ@8WOcMQ~$9bh1pZ+f8r5Iwf%0C3Gd+ z0nTUG>E>*~&^ROvEe90u+`MBJE$@Pk~hA*?z>%H?mrn9X+#W*#v` z#wp=u+QbXkEbx|WfhN5Cx36*dUk8xibR=$Su|!mNz?60dGSGwBb(T+Hc(zI!4TH`2 z4;VVF@h+_s=S!`x#ztR-PzrQ$@tYfrjljf&-&)XuTcSytmfmF|bgJOAtLREBFx{7< zoGRfQE9sJ*K+DE^cm6GcSN>wy6^UYVgFh2-Jw?0l(`7v-!>cC9u44Kuyj`(H^OZ;X##v>l|Q!yqQY14&m z)0G%$?r6&CWREScf-9@~ov*DM@?VKg)*3Tu2Ntn`iu? zeUB8W2@R$xnk4_@*O8%IUD#Y*+}oxkEu{doUwW4aRkgBe&RuS8Jr>xQ0xF^XI#%3m z(D$nX=6+Qui|t$~!&&7&JAmr$6ypOG8panwm@kCV`btS=W^K9~0JNxxypOIU@Z6O& zNd{dwFB$R;pV2U^2w|)Ufixckk(`l+oONNHbtOC-SM<8S$o>N*pjN}7RENsj6`MYS zuq;eJ3Ur4y=nSP)Z|DUE@Zr@4WGjXouvxG#@74rlYlfV%acdYu%-|Xy!&J9aHJ>DFoB2 z6a_o=S#`eV`BGI&grqo+B|9PHj4jHDnB$ibbHxyz9x9%mk2<*Wf09Bs^Z3rR;u|0ruy_J&qM8>399DF2z)SbVxDtrr%BCAAOk~gj{zy_%p5Hi$C?MOnZfryUsGB-uRYW&CgZN z=DvH@ca z-n)zP#5t7!K|SLVk7i@ia#QmU;!leNggb{1L-ntaCLdY2N+kr{Wf`-J{FA{Zxh z&vt3QFEO%JP82ox@3HWY$wmIA;d)NWShCJE=%OjwWLvE5C^7{Z|I-mET2 z0H4+xlFYx$h<61C+s+mM;mg73b^rTd%uG{Wtx*v^Xw0{o^a3=YsBViE*;> zY@mye_RT+U@)<-CZEB3y+o612*%pu^ex>5_+0SK7=Dt$tRByRB&}WqFT$c81iSbwE znMF4rvFPq*nM${KoB6yQS6uSI5{T7kYi?y`q=!SqCa&klnLjN>5aA4s;aWNXW=gtaaf3*` z?Pi{B9s91JcC56jbCbcq{g#d)Cs6xFYSq33698xJ6t8IsBw+}fN1nIK=N(r?{DU>TEX)ZIeI(>fqI=gCt0|=lDhSN+#D5_Bs$4kQ< zT^qK(7X-J(NNc1;71YGAtnr>1s6{!7I3R`biM3I&i~hS~N@P97(^>=pWym>$ey+^s z#Sv%xy~o9qHKvR001S+E_Wj*R!Jc;iY?C1wD10Fn7e^LoTww=*tK!u$K~g&{ysSnkYE7Xgn9M^QSCJUGQdKlCh|Cu%VlvP2qC`%K^&9;v*=~r^&vpX?}(@HDn za?%^=>^S)Cn*fe>EUuZ*U6aTen3T5BOtWXY2H4eoBjCX&l{YR4X)<1oz_iCMFQn3t z>qah)_m!u-j}kgXYve1o{s zc>MmQ2hQ*La_Z#zR?EEcm()v{++U3ZFf}5In@{Hur;eXI?R}KwX*)|%T*w{C72n&* z{paRLbHnzT9BfZbdISY;w!P<|t4c0OGl7+L+@dM( z+4B57FRe7_q}P9!`a`s`2wsLS0Aep!-y{4MB-X{=Lp#MYCUhSKI&If4&4+BBjz##( zZAnp7$O&k3;$Sgy5R`Z&<@f?t?e`e3xc~k1KFSUH6cbuPd6(n6FMMy*qa{37Js*o#M_edcdj(lM>OjEz-M|AHk*V4-U)~1&L(FHjbC{?<#I3 zQ^Wm|@-COV)J!-5WWXZqjfBL)Ty(*;#ju2{R?i}127&}%2CDnE-*ZHaLs**a+ujEjFMHGw zmmt*P0xGbKNSgk>4~Ex0getPzKK|qqt85tz-vla0&c^Y8n33a$u{uZu7Qp7#NS6PpxMh_q1D&Pmz zBE3l2=wet4tGUjJ(!jShJwLbNC92naswWAN66zsVVWRb!>0?^TMS7vKqk^zC7hHA3 zQwZ9kN4a>eUekH0@lo!f5%xho)i|^~#SrV?pz=5VHEEFsurDCX4jG&LP}(BWSJ^A- zxsK!J>FIt_)Z=-s_hod7_x;w<^$kc4cz?yE1Gfe(*+et*|NH&GsZyn)Nr5 zv~h-E@3r#ZdBZcSpuGhYg87wJvQNAJGh zh2XNo+q=lHD=LX3rTPNw%U=)i6^f}K(3Mc$#Ck^INoq)#iT#tuw`7Qzh=&)^b*Y;DAbDI#s0f6BNzUcADZT)!#(eg-!6G59$f$KXNCi@Y3A6 z8~8tKxqX*AD3$xEHdFi(MW3ka(-h!q^?aw_qV|U^;g@PcRSwm}T6?EDzf8{619W}? zbEwRPy2aB~jR!eL!X{*neG`sV6J~RA(KlCDP?cL|%ZBf%l5t=^i4gbE1NL(616`9% zF_E8k^1Co^h+sU3S)oLy1C7S)zlmUONuWyFKw}sY3_ig%wAHS7C)ijbe%P_|yQtNZ z_H@csD39%pzc0_YR4bhP#a-0e39vlJ%MiB6%UAm1&S+6Jrdk}tJcJ2LCn6&0>kBBd zJ;H;$=0hSmh@cZa&R z)0rEeKS*#3L>W+b#v7mPo!q_#ORFVBGzTd+de)}y}OLm|MY9E+<gQ7R=bUI3j)c8Z)~hHe&MWpHME8 zP`^oDJ7S)A6!Rh^#&Y>hZTkm{7yWy=(0hGzmM%H!l6-iDYB=`KUj*+@vWi+DMUU~1 z!e^povP@baCXaER-?~5I0AUXMTslWwE&L14m9t~!71QPbhmuX*{>rm_vUatl_Js1q zrcE~9hTMwAT=b$<8E7HvifQW*oXmV<yVh zBb!sBLpp1!iZe4Z(y2vKjzkVEexxO(Cf$G7C6F=YoG~M^sY^q&1$nCyRVzStNknQv z2jP+JLc1yU0Iz0#xfV@wp?zny-M*yOkz|@eV@yi{WLG(7SASC3Py}T`-myd#nv6GG z>tmJ^ph$=rxpiWvVEW=e+s!w5*%la#B|4nSrPs9DHX3S2cXrL(tcEt+-) ztPl4F*cFOFc;`QBmVQjTYj}R3wJ&NeQvIU*%xLwzvy>xG_QX|wOS=$m-yR@Omcdod zvm3U?J{;5o`IRJ8-TpN-@>G=}Za;N#eCnWVEHmby$>4(sxCkMx(E;Jy+HwNcwW0^(NE%w5 zwa()W2ZCcnGOjnHy$}Lnkfv1wL(~vBS*Bl|T|YL83Nj99_B0PG@KYWJ=;up9wwk!zsnskg=E8hq*6B!zMXI83hxUwv5_RJ{rw81x7!W(jm{f zGm9H%8Jd{vvP=50?&iSlzM*gj0qzPftCR`I6CV?kwp5%(Gg)D}L#)+#kFk_>Dbpva ziZ)zRqtQ`vhf9BF$&bO%#2KDw%*k_CsM1BMgnSZui|#O(u^@d z(=8ZvN!&p@Zjpsp^VSR>zk+tY>~oO@08;WQ+T?)4Tft;Ukem-uQT|(%r;h0)yR;T- z;lOjDs$BMsuh79sR-}rrkZdisqM4LXJ`1%yQ1as+Qk^{>HUUu{vX*);$&crxI_o^q z_A^Du70X)`5e_Rn6)m;|3%RQ`>1R{@)v9xL$IbsVKOU3nEbv4t%s3LqcY*Ep8!~e> zu$5-YkVFa{d}R>}Y`YEtI)j-S%^wRx4S8g;W(T^89n^U$N^A&{Gws_|?EbHey3F(y zL{2szTTx6poMQ9Y8UKIsecgPlgFH_~s*N^{J(FGQ57?P9vRsY+-HiU7o08%hsli;0 zW|6|b56XU@0yQ#a@hUG!hg)sC!e4ZF>bq#Erljc~m+oSJFYsKTKFOGNLlD0B%8Iay z6q4P=R-BL$M&(|g3Gr5u>KO8{b$x7fBwjlfFq__!1)x?jd}AeUt*#xGgU+RvrVV? z5T-;}s>Vl-LaNkM4b0E7OHHw8(i49{1Z1hP6&$358%Y^)Os{8iMRDEd+#j~E2tGz%&1YSiW*frwgf@#Bvh%| zo7SorMNmacYu2iws9KND=leXr*Yo@9zH-iepVxKnoO9pjeXi^Mz74JZ`!y2OAJ|0M zpMuRg?kThN6llpyH-~Dww|lOPYV*%d$0Uc^XzR;Sa#%4*i_r7dSGh#gQ_~viPp2o} zq9elL@w-B@+w4~JQk(g8E|$Hi=8arsK@UGLKh<1dm2F|SdVE!}gs_ZGGM8h!ax%%B z7NkE7PrfzOAKY{^WyMNVN~DERrs&Y1_gA$Rzr(b8@?Sz2`}8ko%bnheuYV;EW~0Ww zAa2B(%iSvL0y68%nXy}yNp3n{(X=$3EmL|bG=-rFN5xvb6?t*y?~&M2wYQhk-^8_} zudblJx`I_-&W7EpUec>s3_8L0nU6Rh6GvX=MXMifaVOc!Q?l~YgQ;FG$;y)V6?W0) zT5{}T@+BD^US#?=4IcQi&UWDMmt?eg-MBiPJlTs~vQqwmih2(D8_`I$qz@H>K~85drOdaVN44zdg> znEN`SLpQ5cr%;5rs!}goy;fJ25S~&zz?fEBZ#o8rU=$HoV4;=Jn|4GYLV>(_w-)i^ zw0e5eC=^2Es)~_TRB!q|D!>+~;wf;44pqs;yc%E@bd*>3zOW)s%{=NedcInla~H^I zh^owBp1zgI=f`p9|!QuN+XXZ4F2`=PkJQZG5Z)+x-_=3BJ7deaH0TQL<0!_$K< zaz&-r_kddMbhLtc(@<1^6tGkup^9~K_gLPr?FOLk%ZagA*^8i%uNpdzYI(~m>`cr- zN`SMx9|PyVw)AC3Sgi6zQOGw99ow~0uPW|Xn1i5hY_$6P{nKWs04<=()j3!uD;c4o z{+DE)ymLRGvfr4jdWBF_MGf=XKga`0AFk-iWT1=1V@z|j72r$`?Sgq5d4~20e9*Y~8L4qut$yGwU$AaE9PjZcSB)#}qxX%{BGB5p=}vvP z8uso>p3l!DF8uDY7Rja#Yb2Q-jD2Qj5$d+6m990h@IftF6nreXa0q0V{HUU#kks*m zLBBiSw7hle_~+?KC^aWje4yKR=7vVv~c(xx1ycs{Q|we2i}<) zr#}xou}*57?nV0Rv*`V#^9ff>8u_wN(!qPhXYTpc`!#RFf9l;oGgW_ian|SFSDN_O zMz(m_V^Ms+X4%_6%dLOW+h}jQUG)^Enwq3HeVzNRs>6lT$!m%up(b$=>K1S8o8M_; z)@gpf--NwPD%x5)-Afx=pS?F0w`lO!?6uJ5uf+Qq(u?!wfPT|R;XDPe+eujO1KYFJ z*8{gBTCfWvN%wZ}!I^3M{?h>q=Ju6G4c=-w#uxj?PAtZc>y;cME>C_FT4zfCzCYd9 zxVytbEE%E*Iv(p@gpZYm+2Q_%C^gy2olmr!ol?L{`Z*8dO>6S{^i5(KhxZ z*Oz{nIM~>}qJD;Cu>sG__rfX`m`>AmBiofY3rx$(is(wq_7p`T-ON?1lDsc~oZN%g zqe||}eY|z>vx;)1moJIHW*#ADr#nm`SJzF?;^a8jJ&+nY)}|4A}QSS|3-4TopIk0kSzii1}i)@-Dw0N&}Q*)k>6X0?O&TIcDFlX15 zI+bvuV`S-ks>kt9Hf>#Bir^A^C>)4UOcAnQKQOCos_i{>8g~vdKa(h3uW|Za)U6UR z5g8s9`g`feZ%?@Z^)uLQmt2N#@Oz_V`)k)G#m{V#zkQv*F#XWop{f;Blb}h>|E^Ud z@5JRQHZv(Pum33EY#!Ob8pWXheDZ}Xa1ejz_UQQmV+wo3*I+h;GmT=bAydMLvD-+V zneN*SkU$URqr413ju45lP-SPmUrT?c_cr`(@lr1=*{_*^NK<@%h}s#MDoXVZ@w}3G zhCo+_dxd&|_wOkh+3*>nU7cG6#6C6zs}CBiXRzPYyq@%r7+Yk2$cN@_m){cWlVj)a z!_@z@HLL24bMv=2ot&o$oxcxORr}yK(migC4tIW#em}7%K+EQ3iJorx?avx9%b|g9 z4c`ZF*lv~y|ryt|&clY1lSBc2xt3ZUp zo)*&&y9}>>+3E*R20LS~mfHE9d%x>6My?>vadsJ61JsrFiQoRhRb%s50=52TF{dk0 znmV;su9^d>r#{>W=xoT(D!+o+{ zd7U)q#TdYgFnxAbbkE#cWwjjlaw*CxoYGlPe-G6mniKS7%Wlr8Bl26VV@ZU~2swK5 zc&PcV6^n`(U#-TOx!uG)2F8@bVoBCIn;67RzS_#Ili&Ug>`?uanIC5&Dwo2A*Yt&w zFk(3wEZ@MOXPv__{_N+=JPctDYG04$w{D-sdHlG1!_DQqovxSoIpCUoPurvRFZ1iu z9+78b`R9X<#hZ&mNzUCiW3{KN|MV<}7O&}L=NRpK?Sy_F^YYehz8s6F)lwE*7><3` z$ZB8z@H-PD&bRcP4L#P+@bb5)2JQ)8@AW9>9>(vS`l0=weeD+QX>XKy^rQV9)i;Mv zqE|<>)Z8R(KQgI?GOO8hyNPaJyC$*kD#nT(3PQ%-hdZmAkor8Vp-441=NV|GfG0aW-&)XLYu*U@`)JHby?v)9UToLrF!g8)I(T z4(E5kOvQcTq1%s=%qnHmx5EzKnwS0Xczmm&NtR1Xa_JqG{d3UGs<~GKXft)n@YCu@ znaG?b`}FFBTQ1tpBlPlqi1ch87#puMlrP!(V$&z{?K{di2DY`Ho(^hwgZRX6mkG7t zQk+}diay5Xo*~qRZ_tA*zV)-@?(5(J2Z_3{T_^IHdW{(tKMmzCHL0T2-J*gA6HNTZ zBW{U}ktMt=jCTiId$DN`rM&8qV~_8~-Dd|oLxqy9e;szY7Etd*>kuDlh!mAbPg@H~ zz;E*qi#XtJkYOlKz~{J+>_8Wgi}x~K0rF@e%%2x8ac;)V|8xYO>J#SDdj2jv1TG^M z&dB{XX^!321&U0z__^tlHk~ENjQc>z?NaBGDV-yuJ?^7?_KZQ-!L&Z{d@;NF_Q(w| zkFX_iP{0M{isC{Xwm$wiPtGmQPkVTW!&wF~3a_voHeFX8^?1=3w6t#Gxvqh6vCl zO7SX9pGahEPUP`l#TrIJVm9-)CW`r^KCX_%0=pz<%b*6J0wesqLj`}~ z$Joh`?31HSoO6&=3&;B6GjS8`{8U%v9HZvb#wZ1J8hT?rF5 zWs4#*Q@ev*kBLv)Z4}p=5$q=_J-gW71KAw`Y zqK{VdS1Q{Bq(Fb2W^tE5m9g>zwXj(^DoI}h&9pzNY=zB8JWc!P6T!X4bREFsl|#xI z7gFe%Vff<~uSd@sn?Cd%HA%EEzxBQs+F0^I;5TZMv}%>JpQzN%krIENRO;pWZ1r`A zzT9luW~0Qg+fn?|-%>h;JVgQIQo2(2$3@GfH!_cIYFn{CNqEuE%fK2xLJW?mxX2=3 zMd_4^(&hRMHA}R%e7a}mZ>ZhxjFo#p(k@Z*H~i7Z`?Na8z2l8UPTyVBuEH&*cwOk- zroHTW^_(6m`6mgfeY{$X@n2XRUpDW#9lV9&^-j~>MnN$SolTUrHu_wplKzH$ecyFJ z@cXn8ua0uy|Dca=*0lYcObcjeyCyk(ok=Cv*Zf95;>itcL24d*A0jNPk&a(pezp750q?o{{r!XbjHz|A%8(`{2k~rM!>(d_DPmcI|`vdxzQ)?)T#U5z?=#bP5{>&#SV~3{whuHku9S zvjsL5hMmx!NO9YQDyF-}<0D@d+^#8I{bL)^rrGOVt{B`48Eb!Fpb&7@;ap^WtpyI) z{Ri^1M&r~b>vC_qY~5#^_I)S$mynZ8wws^}i8A&P35|1mF^9i3fjW{^R5}aqGC6wp z8?vo@-!8T^`N=sCM924TxB?ZjUyuuij&-E?Dg>)N%;)RAvahE z3w&;Hjdf{BTW1dB%Zq4}1TfRk zBO*209GN?F7OiPVYPcJzAFJ$Hp*F1Xhr98w9fJWqR-)UC>EU?zAFFS{om(t+wy3va z{Zn-UyoREz2wPNxSpQ00uxPWdRaF49Bs;6ibJKHa5Ap2j*HDC{xW~h}y3CM{Qr$=+ zhIe@Qb?dhYJ06FmI+LNb-9K3u&)x}=xk>0Xyp1CpmDKaZ z2E1~PDm(HsyyL+(9na?fG+|GNUP0h9{vIE+HsvkIh5J7I{1IB0 z8oHuakUt43_~9AAG22=erj8YRV~})}f|GH3+w20S8wqSW?{7VRDsk!1_1i|=S9CGB zYHlXUtIs0&dTa(C2Vs!L!do_(2`E=~lH+Cv?<#2&>N@|u_BA5V-|TNI+tJLHuYvOyu8(J*nt1$CnhnqlI|9}__g>F{X#C`2-|B}x6V=>+6IbV< z-GW&&DT_WVkl->P+$sw$wj(5nTY#FY&IK~$O~|U!$Xq>a2Nbc~vkKiPKV?C9z#uad z-~3NN^%$d1%m-$o3ksY@#ipCJRc|eGYd?y4mp|sN*SVxH6`*`K%XavSa{R8&1gD$Lo;I%fdoN8;U=z~)2zFb{91@1Kw{%! zP#GJ6lEwlmmHbrc^$sO>4&&s#3}+NF&L_to_v#K(QcoTm@cn^G%h!}>zb&+1FO78P zQ~u&vJmn4y)M%vr`u18?m@FJ8*B8+rVp-+1HsU`3kREdm!VbQ7-uYmIp8il=?<^bf*WRA_?L=Y)cm8Hn?QQMDT|J40 zmTx3?8aI%h?A1tt?M`U16^nJvB|;I4VH9OC4wFY-G}|4t{dt{(6S`vXf`m?xJI zy4ns+d$@y@@>lkR!a*lxDvNImB2_Ee z8NLG$`10w2{j;2;OYfbm8EfVm<_v2T(oxFC9#G(=xd&kg!MChswJc@jT#1D#bu4X` z?-lL@he2{j&J?xp0CYZC&EBU`UwOSXfV36cTC+MzSi!tgCZONAzdqYu{ zxcK$`Z{wq^fbZ7%*s6AIPanIY96t_k zNP#ei=ASwBY{auEJZszI-L6}tV z4%?RBDEk1WwJX4^Gv4(OxqXYgKfuwIa`v3ZjqjU%)i%#Nr*H}FFYaWC7(=pxfL1Ck z18QQHX}9|C7E5!_1|YqxCMz2k4@RjU4LOFK3fMJ;fp7@3YZx?}ghdo);J{*$kvCjJ@y7Qvu1)0s0A>__@`{Ih!19?FqqxP3# zHS96x4k-_^1tpCruGiyYd$z$nSwU3R`I~D;Ly?cO&h}&NW;?d4^ImqYN>!v)w9cgo zD;P%i=^Bw|yWg=%zPICXpwcTT`dtoXo7X2c%3S}#WX+F80j?7p@-kg~RJTdh{ixrF zPPWZ14=z3$*f>`-GV{X&xnJKfJm%FMrA=qV6pzon`{~H4IU^S(BGS2K_yEcGRu=uP zt^3PTeu^#n-j(lFL67RC^fLAEH*75z>Ln^*NZ6|eBRu0s*Jn0E*_!7}?x;V!~Pi#uITQC|X4BSfPdlPx*)u^nkR#1Ugf_O0$B)_NvHkS>}<6 z>@Zf$`LUa2kZ^`b0$+by+>~iGU~biOmJVYC`Ss`bkN$~`i3qTin1Vm((&~-?LAkC> zb~1H|45>k@wDif{c<;`glmLvN5=3TI*jF~iKJMW2YUgXA+)u|iNOYeVqzB`E%i_zu z-rq*%FG&I>8x$<%vM7tZKHv^xc~|03?j?)7U%=76^0}>_ygc~CG!jVNi$Z}@hTq?G zu3t^+7GQV1WDN&?OahH2n!nLs9}PP49{ac+o-YY$D3-M~Q%=9xSW+Y8<2n&fTG2t~ z+-_V3al_2=goQ_O#VrmUTY4E=C=VQ537z()e#2NQz{W6NvY|+J)^yHIqj6EUn1~~~ zUfrj}$8N|8QbBKR;~U-CU3-w5-Jp|YNe>R}OoGND^EL56vMhk{P-YO&NF`WZvL*wE zbI2rtJZR|ENHN??J6hhV_zyHwfCZUjITdjlg-aKN z8Onfp7p#09&ZG2!hG=G7E{t9RTURu*`H>|hG+j{5Q0B1M_ub5|_c28YYn0vq~^xaSE1Zs(?~ zwTs)iEM&b2Fn*C4LcZ7VftVH~n);y#hiK+WUZ~b>iv1o-+xO zNNsEbwezhu>8|@fvW??9S+;nDv6rDo?06z+MHl&osnN=|->omq z_y`?gb_y;##}Ok)pwq-l?vGt>GP7?#7D_ak11N*#O+1>IWG-7~Y#Ofg_H;A~BQZga zX1*i=1tj4Mj;_uAu8VNNFP#uDx&xQHpDE%+w+yhKSa}mftyhMi4EnRalvbCddTF!v z0URmGZ910Zce!D@-wN%+$~r^y5~YCQ@4{Y_wz(vDs?UZ=WeztLhu1IV|F$dk7cbzz zek4%mtH!}KXa3$5Fd4?3(X3+-x1*$OnpZ5e^P+IhZ*1Z*X+;T1SZ{F1*GY@%57;`D z=sHP|LH6XzGI=azb%KH#RP#*X!BCv59Fj2ICwk^ZeR1aEauA;JcBT2BNpUJ@o~Wb` zOKi)6vmM|GxP1!GHKj6A)+c~uLpKZ`LMwQXq_hSjjeVQ3DUG59=>Av9_B)*d#*Udm zAz&5vAUPB`uTNly5iM^#%Yzjk^l|nh-Ya&cG?NBtg5d-9;Z)l`&#IfGDaAQnWG7SG z?bAiyw+D;gjSk4m;6CNcM%!ibiW6HJ1ZKfzC$c=rMQoR^uXZTNmt%v6dWuo5 zhI-Oamc*yW^L8xm^oG)80vv+rebfUHO?E764EIsacxG0=J|NBOR+E9aDW=4j<|tM8c+48zBY~^ln3xS$RnZq~^DNFT&c07o8-ZjBT8q`Fr z*(ME81BG-jXn%8)9R>k32$)_P24*(QG1{m)g$p28~2q>hP4B5Y>1rHqY#VK&) zEKEh9<0;X+F+@oQ!Hjm+*K_4AqHH?D@((jW&UMGmtCXDxW3U+_e|^!BT#oXoj2 ziO@KpwEt3L5q(&*7KTVaKmluI&@lXcKao5isUFC&W2UZfv+ zO~gvCXyVj z_0@3As#w;$w7$dR?yyu$gN|P6i_dLt4dtUz^rerNj?v*@qicMX%Dt~J?hQ<}-Xni# zXI>~RV9G&I1tfmX50Xs)bM)Y7n9xfYhdCUdh#O^=^lcP`Ll;j|0vm{h_`G!b&NWVY zS=c0Tq1L8OY0B}UJej(1t|5aL?&A=9xGf34+3yWK!hD~zh;ZOh;_w>BORvDL_N=Ev zS@eR3=vCd|zbsF!n5BR^SPWGRSgWRd1Y{nO#gcZ^@#A7dW9U>Z!I-0mK*N*|3GHAa zwVoFqy8Vfd%sGl4FOyy|=O7sLCqA{%5H`C_$s(e2E6Z8LvT_n}Ti9k2btj8AWk^y^ z1YC6y&cj?mLuDBUH1i(<`PxVsFlo7QV~V8>%{cffXmW~S^Jxy>XwQl+1Uk1UO*pP! zb>gMhrCq6rn_-qT)C%=P{Kld2I7-@8kAuL{XiUUsQ9KdWQO5Xhn5ndU$Nn<(mj?AC zbNtvDe57OKIoRd|p7kmcyH-@fMiUItyf~s{2EjGy#saQ@qA#1q*(fei{NEu4@Z6Q- z&ohb}0rbk|DAtlijwV!Q@>&rktpGLjI6VVPB7LPRyaIN*!`%ap`zFvEgSMGD&{|C7 z&2>$HN<*a+nQG3-LWJTNGkK|qk^q5gfvxpV5rYC8h)fzZc)wUxr-MmHf|#D;igje< zr$lPd6bR^;Wcn+CRXo!qzh-*6!b>x}gFL0M$@?{WsiPm&)?&wHq*pjN2p-H&gLiu$ ze6ji&6x=l6u8R6!WW^77@o;hWBJI5JPuGJ5z~o>Hw9Njv|6=KUUfq{1eCue?G5x== zNO)d7sLRH$;HYe^$G_5PQXY)EuJDdYkVnFVkMxQ>N6x%}>i4jVz0~^Az45`5Dvdh}au3C5872j4 zO$F&sEeU;Z4PJ7}meAyy4Y+Ch^ffeTf$=AIoP~8HG5+t(mZasSpAdN@*6$~ky9KwV z7n-`$KbI!cFo08Lc%~9d@A915pZ_VaJl(sC1f zgTT?BBr@gtG#P6N#aeFn;OzW*TyQ0b(h`IqZGT5;KfB9`&33h7!`f-VhqU{~t9(Ul zHIENiLpb6TS&wPrvTRDmb$4LS$G>S+Ak&5Uk@ zD-MCcAq4pWqUZZuUpBwm&3;NK`+;C~KrQjI>Gl6m>t9jphwdgmMQ$PSRv#2<9DTd4 zV!6i;FUyym91AUFz{B%zm6JkqZ^e}Gv9U0*v9z}c@0#s+C~=2Bo6`tC{vI58@}|Df zkWt283SuDzwve*OTlz5B@?_Zfc=c=ju*0VpOsUj}hAZ)JJmQUbKOL=1PVkzrzPN~> zxJVGve8)O4uow|gj3C^|>YHzOEvnI9_TIT7=JYr&JkgO75tI@MN;J>sn_GgP92%^2 zk#Dd3X`VbM4f&o~+!0#y)viDYY6BAMCqmD!xJ=>WYt(4vS(wyhc4l1TLW0%S-xtlU z*x$rFRPHB??2zUT#}Pw9Ix07Y*+V2}i2K2{C&?&FD9Uog5~tXoL&ue#flACk@nAAg z8UIpTu;OLk#odwu@A`jfeGrNKbr)!|iU_ib1l5`?%w&I* zSp3!HGyBBegmwNy$4e<;AqHk1yeL7i(ey(_Ub}4EUxkDI-a2zs z)IS3Xo&nvLObh;8fZAnii?^B4+sra<J7t=!LIV1&0g=%#U-02ISyeuKMKy%OUPZ4?|w)kbr_DU{HpMO3OR!1f?4) zSD0ywxAPtP)y$hG)50#V4LGxLyod;aSfINIG$4m_VdUa}o7`njyTgLR!vaJiGbQnv zqs;Bz1TIxDmOjxL%de7jGqVh*MB%o*7=ueZYxUcO!>BAWHS#0wa#-u&(oL@9D zN>su^%dtphf9|P$EPS4uJNRxUXW1w-`u}wtkL4uVpmGNo*AaiakF`XBf}%ioJMi(0 z*hT|IsG(GdVePQa-20S)5xw8$cN5ez$DS5PFry=w+kf+KY_}Htel%7XUvQww3l!u9 z(g_IoD6RAE&=upD(Ku!q0A9Xa*$j#TLs7X1#-}~^e$gnGLZnI{d(l^i|EyYStNo6; zt%G$%jn=9nPW`qL0*L{MqC%n^4AGKsq`sCfP|z0`Qqv zoE(z{b6lP!Z9nv{;U99*%|U4AAlTZbBII;AfPx%A_aVcVufKe1ot1)srNCe*3&>Io zLc_iwPuz(Pr3iy6!bbY8q6~;FB+GhKgZW@I!KDF>s6!(N1p*0D+rUXF5=3eOQk!&t zKS^hfSMxvb>8`%_Kpo4GV}{2jir|SykExQz%FfQbrtip^CLCA1#o8o7Q4X%8ILSc2 zQ+(}ubm_D#=|r+G8PSuBU~^xwU9j&AQv4pOzU6@q!$ihLcdge4H0Ww%KAp~xMww-JwIKK3h+*Gre^Nim5pG5@(nlK!hJb)qXZDU?aZp(s&i%#1c>mhs^; zanBHR$HXEsV-WEJR7}9st<_z4OKRO?rR41H5&16+=w07m| zk6ntXn=0(I{m7fdQtV*qXFb*(K|y=X5KF8W7>II!n7^&~*#+)LBdr$`qI>$l>Es9OP%7ea?F0QXM+AL@8y&l)_w(6flV)ao>DlAQfd$ zORehFX^?Tx6+`cO^%-7%=TGfr$jpVmWQ}Dp4P`N}xcniGY;!e^f)%U)94i3Ym|*dH z`tR}y4IB6T$IP>R&gA!IG#$yE#xy;Dvx^lm>57<^z7npfW-{t5vyvXMy2Efz>^)fw zy)34sm^ZCCYB<`zb(aiZ@*d zcia^B2X(2XB-I(+CWn|&Lky`Qa67Zp6b@w#DkY7? z;ggI4_YBj6_kX_5#|C?eX-x_7P6_#!s23i0RL^u%!8EDNHL1|o|Ch63+Rlq_<;2UUZmh zcbN99geyiFs?;a^5s3LC0O~70KjJ|a#&{OSfDb&c*x+UQPY&-q$+h|J#u>Ed^m-1>q1g1>yf${;gV^qB6TQ!I_$C|0mt5`L2OlM1#EB=P<7B(A~Ee zqx&PGwrAK@q7VeGp5bwJWWn`b=DjUP9_N9&m6R4B=EJDG7mIg{crneji1@r_4c?(H`!Wh7~r zH-G}+@0+^fCZ(mum~>-|YK1YT_&+O*U*7zMyt%f#Ipb%+y1;|&uILf#1GlbH(-$Cf zZIJm=K%zY0gZNQ5go!IphbmWxYVz(JA;#*^Z|B|t*^|nSh}J`EG7HTiUG6wzge%IzJHLbIK~UZ(8DmQ!Z6Ie|18N2zEAvr z(>;2HgjoRsS7W(0;R=DoC~~T6_v>Z zc8qzCK=NEsxYkQy-j~Au-*r_ylO>%PMKLWlytA(x-v3(kV-1nD(M5}KvUalVttbU( zQ~7HrCNa%@E^K&K>_2gmH4qQXaV?DjGWjp{Hq68M8P_P-!D4MU%XX$i(1kgOwQ&=CSZ%Jk^S|Em=hs_7{YaFqu@>%p;MS>3FjZ?joC z2{9dnm<>6qt8m)My%h}o%GHxbsJk@D-U>P%qXLL}^zVKLo^b=yVpwkcaHDBm>Dx~G zpO-acC4`t_Lf=if#z^3VJ7mxuf|X}lhmmh)7r)1(zsI!D2-?2K%TcHiVpIuzt5Q4P zf?O*3ZGrwoNPAdqf<8=JAGRc&=_jYe z4}%+wsb0qwcQz*_@Bw1@03c?fO!hZFwhS{!f*AxGlW9%4RO*t)FAwyu1@AOJ^W+D( z@&mj%6IHTK&1!na4IqOC5Ue_*kmD)Uz6i}LTucQn1`NpE5o-L&^)4oYEzS_8Z3yep z%_L)p3*(4;1k-*5>xn_LYZ;z8C-4AbcmSX?Pl_D|g8hqRMmAT0d^S58!LqZ587}n) zY5N?!Q^|~^WJZEJj%i^{n*B-E>D|KW46(FQ9@hHzxWD$O%ekjbmoD8xT@u)*RC*8_ z;mq^?Q+(CD-eQ|t9oxz*&*g!8k^Ac;iBI){~x41)r%)s zXcH`Yqzkn5tQ*Izbek_I9*KPVzY(p!d16x1tq9wT4UX$UfI&0_UTAr0tN}5j0-I4; zyjW_&chzr=V-wbACz2q8Nf4|fvrxb(5?RQVTM>h;h#~6si+ih3sgI=wTWSYe_VksJ zmHZv6=cmu2r_Yj%64sxCJM48DnM;SGn;n96|EGzD#KxU3mveg991F5S*!4mf+b;nz-X}Gxsc9w* zJ`gG&$c++XlJ=8YGY1i7reEuDotfN*-G!q_<%`u-;^segyY-$Hx`i<9LYUxwU*cGV zopO@A-VPA319bB;{o;A&>BCm5nhxhCIhx0eJ}3c8h=AoLU&(bcR@`!K>D{c%yIJI! zWmjRoGqAqpkZdW`!SrWm@qa+hM{u{PT8ujuZ>WdY)x$$YAjeH4c5jN(96N8%1v=LWLPgvVFw)yk`ER|Z|k|wtZfLp|E-z<6Z zq4wyF;zLa4Ax65oT>KWO>nk=B90+kJouuSDqwN5IGurtnfe z(vIlU90Zt&dl4goS*U%h&;l6{ZsgvId!;&>1eNiq7*nkXL{CYamT7WalD^|qhW z-2(38e>1jgdBnH!j~m1?A;1g>5N){>^BMbvQdK-@2nHE~ZNjpz>sl1FQ13s>4Px9LIhwizgDk;@m~-Zy z5mT#RkSf?FBJ1B^D<@+trcD@Eko+b?0g|Wyap=eh40L$9E}*95Umpv^z;RQnd^;^= zF@`XRA#77S^LilWdRkS6F(lC#;@}NC&7!L=!&H@FkX-(6w*L->hErOoZ;wCT=XNR! z$7F_Mq<6}Ev@!A@JX!FrEO^jsPYP4=HA(FR7@M|$&k@SrsR2m}K!EsP2-E7)SLZy= z3?mt8tOFm=}}Diy@beSy@jl|3Qggp~OesEjje4QGFk% zGkn#@zglR{@*#0grmSQN(hKG{{ z%^-qiL$Xo9ZV??-RqEv?<%ZYsy4Ueg#)_}Lw<|S)uQWHJuMYoNNMV+WFK}V;JA$%| zQ6x>i@z9_B%XtcGZpb#xe}n=52)kX^TziMxc@mNS4G6pFy1x%BLAT zz*HXKTt(`t9=b*S2m5@{0Jl40^O#4=7-h%Z&BcE4>jYJp9f`uq4rXZwgW16dq@LEU zrZh*5))e5;=6p~o7q{=&#t~g8h-)9N3>}MQa%o5JaIH8g_jLzyV1U6Ob&@XJe1 zVGk>PxL>d9=2fWt=m{K*-DrWcj|FH9d|31#wMDNO#SiABCWSF%JA5YoC_W+a9^jXy zoq~Q<5Ns+iw^-a6R!2QE%WDI#&aE(tH_I`(H{})%5jmB%TPY*15;$HP6HUL6Kb5Kk z>GfMW&ut+C$DeGZZ;`&Yfs%uY@1$7HG`-Ax{*2F;ME_)iev|aQ6eKQBT~Qxs=&{if zn0=Ig)74tJ?@i$KTG7JM>-(ZyOV-Mui2gELtjA3Bge%3)^*dr*(l*M_X#8l&1%i!bn3w6w6nP2efg^00`ZyS zk9|xTT!BW)E7^fvT+O&>UvT`FOp_#EqCQX`zAhD;VRO|?EiM`Xj_jT_&#ok%+O9QwN5M^;mfJ&a1?lexP61=Wug{G?%xX zNxZ*t%i5-4_L%|3H3o@N2N?*GKTxm`a5eF9j_5MO{J;eH4M`-Ll~_zi667kqYGTfn zB8!@d>zZJJ=JUj{&;>eaK`sPT88pyWR`&QxeB27edL`WPOgAeKYniBQI6pr!rS%-A z^A9+lD&5<9;PCzJ;({eX>Z}YpAU_vDy3XMQKg}bTL5JikpqSQGu1E|tWZGzvWjG35 z01Vs{zbD9#&`}1-_mwfQ(>jQ2K5y)}+AUP>OAdsO3<|n6Ox_Wj(0Yv1Su_0LmP%=q z@HNopg9`QA)aGbyaC}T=s*&()Lu&H^eZ!L()js6~y1)Ef`v%IONLPxKo9@zl2FlO? z0ri#nu19THhj-7+rUw5_X0M?rEBSMWU!BAohFk72i1}`4K@Jh%$~064CF0J@|Jg~W zo8{%o;i{X*L^B*}qF@b}^8NH-z*ZwRP(ib;?t5`K* zk*YHh7gm9MTyF!|&iD@YlOfMW%kPY%q8lrE%6&uo%N^F%EajifIsMEhD9rp9cI#P0Jw4-_r+7x%)~d+ z?MVKw04kp9lFbYjBxh+r)TH5_+KJUbhvC&=-^d;$4NitVl5bk%NL6RKRL!UBW{rfe z&Mfmp9(Nb{9m)YF=-t{onN3#R)4W6PJ?!_MtCyHzuGyTWQJVj&mT7|UTX}?SEn@)Xa zs^)X+YEDu|6mYs+7Rt^!Dtq#_2Hz;<8FFhNqWp}O6zTk|=?$$!RlZGGTqr)FJD$i2~Ru?t? zn1Akm{u4Q^L^~-LF0w79(_FV{8JFvq$ZarIUSD%Cv1-M=Q=lPINIRW!5%gGIxk%qY zgG<+7+28UakYV!YX?9_`g&SNY7?2|6! zg8BlE zBcTIJ{nJ*5B~`C5ac_@DOhP-~1AV?TW4?w@@XYuA#N*?)bxu`o`0SpobKU%zL`^*# ze-utWcLWq;aOIf$&fyuozNt7<`nBUgSwD?)(czEy#0Re8hHJ9p&WH3Pvw_N~ab>Yw ztA~ES^)3;T+(on>@f3h>O=fc}n{&)_e=VX^l#x2+4>g1?wTF&{mfTI|hB-V%Ju-g8 zb8=608vE?_cP-aOghj{{QIB!=r<62E$c{ISk0!=I9L|P>zW?EQnnEI&&lFD39t`}| zZ1zAc7n;p64t-&0bGY`p%G%LnOpunuxx?t@%jm{Br{1bpl22RT@F)G3XU>mkU&em5 z(gryQ(Ysuma`9=LTN)YN-0Uckta(T4Mr$?1LV5! z2Si<@KfYPPy9*t_v0^5jJwoVGQntLANa^t?WDrsCn`4}#CTJ*{URfNybTbGL`S z&|UT2*%$E&5?(vg>Z$f0!=yVRgmfh*c{JKSdGUG~{lm29m?C}9^WVM*OWZka1v2gh zMs$WI9A)p_J&)T{oxSUZ!@ZVxga+?oixe^Zh;VzOy^CGx_5rVeZHzBsu3?pDQF=;ox<8*VHBe^p0bx zu@)!$tYWaL!mXY+A=2Dg5tX54?a1I_d;A|HShwfBH4g#8Yqk=nRT#Lp=|np>I(Q+6 zpb|J}7rvH_ot1T9XpM%SOtPb{6X%@`c!eVHrf_u#9r|mnoy)cx7-Sf5qjrpaG>a;h zj+-`Y{NCQO5*`42tGQS@n`e1@RSLjbFj>Qwdp0##HRVQi$95QLCT%zNj-Q;Yw({9a zSn9rjy4+TAPaF?s1^6eyn{*0QV%9(6q^&cUT)-8)hwPTI3&I+)m3FE50RnozFpR#u zH@?5DUq(am9!JH(ub%*IQ?h^!*mL(}qowGc@%jdjg+{lg*D_?pw5Gn#E2t;ydVl@Z`J3Nd1U$?VO`*##_ zfx2kL)9t;b7MD2RPp{-_O>*t-X&LScv9pcs-NKwC7KtxspqWEd86)HBdVnmJ5c_<(^g|p&*9-25HlHEH{ z1X{r!KXIp8KWk1#N}op$FmTj}zIfm)i?Ls5G#l$IWq47@ilHGDB3|FsDxQtiNgZ2W ziZLip>@b`l-@HXz9OC>|#qhy$vq&hXHI!!mX1sck_O*HN!mt}qPAILZ&gRVRaqXCp zv;?x-sEQgrNp9c^o)swwfp++*X)&qE6R8fLtR7Jm0au>QBRlJ?Cuu|+JoS&9IoV2s z{F!}6qMt7`2|88>P6KNK&qY6nB7-;p8UR=4cuLINOo-R z@Le64lO)c)*p&n%*fq=6t%vKgFN9VsSJqjA!Cy5Feq6%jHV(%CsRkXAzqHHuKYl}Q zv;E(6kwMpOrr)3j2n_{F2DY!cmf}+g&fkbkuQCC0mm(3KC-%p$xvS^ydwISqG1}Yg zb@77xodQTJFmoF4#D1M?^0tj;o!>`Z*kz*@wEK9+_4{aGU0ir3im(Jk+CL(cmw2d5cjCYtdiMSEI?HnuT+lZRwF<~wCp3|4u1Z$;W(a`gupL*g%`8&}6gXFu zM>xEqk0566cw9WOD7|^#9PdTHO}85fbqERZc3uZ;`FXJ_EMnnB_g-}hyx*XFtoIx@ zfxD`KHe#6!>$QOQ4Bz!!jMeC}r_qG@NRrdX>$hdv3LWBWo|- zg;k2p^iWnXMVeeKsOo(H6&=Pn3YHZ@@rR^kYZ`T@P7+AkkQl6*O2HuCT2b>Gb@CAe zYUkdQOFe)D-^{jiOR;2=b_(0)ripOM#}gK5+i9PS%R7l=6Z=2zfZLz>4n}u0JF8&t zoTVw$fKjIbP&ses7w4%YWYOn+LZZ{XxTqq1rWLgRm2O4)OFD4_MHP17{`J%35^aqv zn%QBmCV>KL@7l$O^L!}oP8M#@DYex>7q_p3n&0<9s#SgHZ(K0*0upxF z&aGaRMj!lbHRN6NaVs22|3Ox{@eQ$Kj+Ki z?$vgm=>h)^)_d*UohxG)9g1s>zQyI3%KGaWdgjc=PF<_PKGA~@7vIdHVR9&fl-N*( zysB-I;YQMO6=ciQ6O<3n>4WZ*yP|hi!h18UO^*pNKNj{ zz~Vdkr5?~Jk=hPj!xK}3fufkFI|zeNoeH%KzVI`yZg5nM$llE7V9T(M#<3s7pM#K+ z%`Wl_4% zuiO+x=2m4Wz{OpTii%{ssvo$`^LGShc`FjpRxL0>v!IP^n|7f7I}kOke4uk>?klvZ-4&*k^k1X>)K}1VJK|5TxM26VOx^?ee%Y z#gow?l$ptEzF7u`$=#W{GqkIQ9(6^p{)kiS%TO^&yLlf8%%MnC3Qc(&@yoeJeHIe* z@S^A}9@3+TVR_t`!O+aXlK5w*F}%KXrY|ZV>}YT&rWM4QKMsGy zqkI<0mQ!lg8oHpry2ru(yCY#EY&(m=6(aTQu74q1BNeHH2`Ns+%aP&jGRwbhb1@c1 z=dO|Zr4&C{oJy9%G&Jz%Ez8q5mL`WHNr_EENC#o#lTX0|j*f3s|Ql7I=fBQ1`5#8+L~AdJT^Wc4)n{R zWSjDN>TP_;p%#^1r>{FtLT+E}*@^Z_MBs;To_bD-E{kbX^u`|l>b=OZmoK`~>H)3O z_nzaZweN(w59Yr;H(D8N(0?OU!i+1{7u_i86F834dk2c#IyC=eQXl-5-&QQMJ_~eX zQT}bx21lqPq`;KpUh5kO^Y07?)Ns$a?2~SN;S>ct#RB0xa3cDyQ2%S(D6-+a;Uw@* zw>~^dayizAy8Kw%8~!2U3FY>3%$An?OX2ZcuoI4UjHHxdOGu*d8uBey8JMNou?GJ< z@bfylZOghNVt%^YbZceO%M9l<^-gCMJnOyTg5;t#obvQ`&U3D;aIR84cZB5(;y}dWQ4b|DbyM1P7==kcr-_77wS#6?Zi~)@3 zV*~OYG6|F!iZ+B?1b;pDO?MSKn|TZxR0ST9Fn_k%sR+ntc>)AqK0qUzRUX(?D9?)# z?`MH)N-ZU`ZXTxxcX>)S6I#(ikbBg2Jn;u>z*ci#y4KpC>0S0ZZZ?K(W(S*^bGSCY z^fjR~=jRo~wI(LO?4#G?*pr>o9O%rt?yg~U1sQL~hQF2bmJ5Dd3mAx}B55|5ANcN{l&vfc-I8x1gvEt#}Szve- z#N_s>(fu*@N~cQ4#>pOHt|Xo1PVUx2a%>~C@BMGj+sXRi&@s0C$jXqG$;SMGv(_Vh zcw@M?gM&83?`%=3yVL)Dv|bqPo-*oonRGDsm-9@-nziV819B_!$``S?=jn}cbGEij z^FEM3mcCHi>xT$ORzCOiFZ^fDryYGsT&@wL*1db2$YA7+DRMw@Wb`Z$=-?tY$nz(z z$YSG#q3Z%l3nb0zD?60$@sh|5eVuVkKjc2k+Z3(F=}5I&o>{-Kk;VKz3)^Ci_ZRQ& z2*Ro0o9=#TEwYe59z2%zJF`eeaTdsHf2~W?lnhr$ z>?=w`BVxg`_7~ApNUSU}XwrTDietj5z?#0_3(E78y=rBpn&QL+tw{Witj~LJH$$Sz zm9Gz}``1i#O&n;F4i~m=K)2b6Nyx^kfS-yM68QCAGKmF2R~T20lDa4oYqnC^bVfYf zJ(Y%EzS$=HF*B+#9&xrm#2SFz6xrzyF#BciVZNNZ*EtWX zNCt5hNc~eq@igpzso-{wI(17@#flD2Y*jfDman)o;!mzvFd-8FVuV5ONA zIhD&Om6)Iu8WFj6*h(^#{xF2{SN0PY-@N@T573pwSI|5I-KVnoq| zhs>X^W*pd`6w+U4&aN{0EkY0z8>0p2{fE)CqBa?>AUoF?j~x$UZA4o6?*+pFGr)Ii z_<6Khz@vQn5yxfK4Ftr#_Pz8TsM)Rw2DH6s`5Zy)+5UI9@tX|K+GU4iX5r4%q!eNo zvRe7{VfM=r53=nJ$k1jwXe3imEt2a{tZ#wC)AVi9@lX@*E@n>acIG+oB zb-LuM^-MaaoNZnA(z#0To(7`tz%NN`*+j%b1Dd(_9~|zS&T8o`^k>^eU2MxL`Qn8# zc{9MsvR5uRL3)MkBuj7A)n@v{`Mi%qzui+A?Th0RX2fNz0o1s^9}-XH43pY0A);Sk zioAo0IkB@>ghDJ!qgneqMf;06x71cbmCpVK4vZ~V?T*7D3B$)2dd{e z%Smm}saj)|x{}4q>e9)l?8;k%IUsa%#YZ4IX8aFH#?da%X_y3=amFKMy)Z z2Y$-@?wZPc(6496;DWI6>jQoEov4ivS^s~B5U#x7ttBbtnvbh_v^$-y5)YYo)%w zV60Sf#IY7C){ByJ^@8$PSCMiN(J>5iOZ^b-le2CS!Z8d~%T!MM3oI~dak!PG@<)z> zA8GI!e^3~V!*E#p)c>TSGdgH>nE~U`7^=I7jn8sL7{)MgEmPI;S+ogJ*4S3iuk&V= zVAvvl5{M3R&_#wzBX>a=XazmjGW2g4yANC1Fa@F#_5W)VvPJLwo^ zG;NdM4?I0YL)DWtmkS9o2#fqxUAh@CI2S0~Aa4TpPL$c38Tj;`$u&aW$D4%deRgvf zf}(M1Spl2JW6 zhfL*b_5v@0qJ3)QJG>gQn2(8Hdkn%5J%&xSm58=GWk1uih$VryR1M*Er>ynSQr>UI z0=VGfS;U6GPUJ>Cc{P)>HcRgn70lc4NE}?b#$nMx)Z4{J&{m01l;cMlH;QhQ#Fy=L zn5`(bUXv<(48BTC}jHtHq}GbZPuIe~K>%Ixq;)#*&eFQF82(ounu zSc|Da_FXdqaBO3=hx+G_Oky8WoIYwh51S?#C07?N@FH7_MKPq1 ziV<=Xipk@;%cjjMC`c@eprd+oCzvsiYDlb0@fbIYIKITk~c>_B1L zX1VRMXEU9^6z~9ndNWF?-aw&);M`2h+5VUJ|MyRRds~k@Sx$*`%*-%QIYPn+0EA7!w204$ z1tDqQWK%odgOpRr>BeA#dI={_q3z!W(%{Tga>cP0o?3%dz0ZEEVnV6b5ct)qU<%|< zE`pe*0}>Huznx7csAQEz&2G1mnNVctjF$j-U`&gjpno9y15(@V(kutzSPX?59a$vT%fe3GfW@gt{oW zv=4aBST^H4A(6abPmaFraZ!klAL#6dg3xpJrO6Ww<#@}_hINQmZ%@}pQ{f*GoI4aV z?ts4nL@0hceLxry>jAjJGho-`waU5Qr`iCKlynmv8>o`C*s(k^3x#6oXSA_x=ls|~ z@UST~X*Fgbv5P1V6=I08Wj_$wd{%?xf9WSw+b4FKVN&Z@DFJ?#4EN6@7oMnjX>lyP z%jLBi%H&{jnc&8or2nA4k3#PfRytY5~D zjeFG1$6XGO(ESraCWriYhxVz0i%pDQ9I%4~fG^F#RxoPpk>3ZXd(X_@kdnE@Mlui! zI_BY1QmkBHz0blBGRa{lzGJpjCTSkI;$GQ@J#h7HubyX#Bi8idRelv)fId9i)$vSq z;+`vkJ`1^qOkppl7p*AKC+XiYmP3*pOhjjItXy184Rom!Iq}@phxr6o)AD4b{+%XWzdCPPuI}B zUeD$?zaB_rJshoPxuv zo6E#`N4fS-L-hpP%VUb3T$97f<_jonw)?9l3+Jbc>yOmL14EaKm?^57<*RU$$`L)-w^3_i1<20{un42vFa0yN2w3M z)(3EGwVjPfQ!e~P?lQwUF~vIBhQ~cI{ap_+MvSVp*eB%bN|7u`A<^=c~gT^tP}SeZ+1xzAPoo5GTmux0cO2qI?wUl0Ibz= zDuq4}E&tU2n--8r3*ZpsHRK^Ge&oJQ>z_pLbz|@k%dr8648W6Nf~gt7|{y9@97 z^6O`HHN%bi%bN<-*1`k!fx`;OZUw~GDn{k$y8fs`c%=SB+JU48EUazu63 z?fE!*`TW0Wqmkk}MF1gNC{`C;=!fqo~@~n z(NM<_){luufOd7B_ol8+UQzQMQ_~$&01;p;uhLS&;RaHPX~R3Z-#*JK2@j-!2U_xe z-^w8ys|=}t0L|^Og>^3umX9BG-1F`=X?0gATk{8Fk5w>BIc}Rt&Q>=(y!b>Oi(O%V z`RmF1>z!V$azRG@J4OgOp!1Q&{nLHt3!}Fk%k=lh|7IkR`QI%#qt*BMZ&x@qT@U19 zh0HXC%Q_3z_En}sa_z^sTTPsGS=oEXAa(L;#JE;BqD0cQ6tYa-k0yBL$@ZaSm4FK_GFWagX5S?fOs`reio1sGN5 zK+dh15j{GoABfS+=S)rKOab}(1UAcCbYdDfHe9vcpo6pMkJEJTx(W-hkr>$QTQ;@G zTF7|0hOsqvKiCHL8WeuevH4&Z;kC0i8mpw=(phm^k=9qgE*lHAZ1}wGzdF4?__3j& zO#6vzGSg@>yVu$fZF7Enj^+9XBJiwf2=368@6bKnp6?Yu%JRTai$+w7Hb_l38ZL~4 zA8tq;YFLseYRvJBlZuX%iZ&2fDblrT+RT_vz0hA9J9Q|O2x!X0^QEdT29-g~%OLV< z3iFPCn*Bpg)K_xdt)V-{Fdg^`l3rm1U&TkG`*r2}b;qa{sNxrxzu#*j3#8u^*ZaC* zcj_5Xt(a1*m;$DoN;RV?*8Fy&i9hFUngU+&IJMuo@SkDK`yoI|p!A3BB77IV$M0;j z;cDK`J@pL*CH;_sen?;v4-`h(!$JhKOY=;QT4iYC=jr3Dci1_$Dn1u;UpzsB#RUD| z&L1HD4ZiRWdg~{UE4T+6)9t+Uz_{ji=^=>t5CkYX!C_|;>A<4E(z_80M6-NcdsE4Y zKq{Yw#IR7fu#vmeBB!l#CLL5Oc}zC$8U;1BfaW3Q^AP=V#Tpn=z*XiO4N%zqV?=Ir zD++P<%SI`TUrVZQ%hF!oW3v9*m8mN9Q^7sWi67*}Hl6T-$Faxl*5c=pMY8l?b|0^$ zUfzZ&&27^-Bh9n1KMNBzg##P8LoKq?wJ)Y7O#}38VEE$1Hd)uXIxM&LC-)66@ePmT zmRph20@gw_0YHe&RO`r==w}9K^BrYi;iQps{%Z>U1jw7ZfzdGhJ{D*WfdCnS+C5TY z-SBX;q)yIGWQvN=Tmw7v9taS5;@aCgrn$7YaGv{M zYRX4Z&S0sdvBg4DM49*76aaV2Tx}sK&Ojs1;7+aztqmLfEPSLCvhK?))pJc%b4^o_ zaNl%#p*lvj)2nO&t*hz@Um3{1GB}m07>=4w z!bewRfAoI7DhRmQx?xHFP5z~W1|&~yE>8_K8?n6{Kcn;gG==}8=z}Ms>+`{h`v+P_ z#pjDyCCEp7lt0QJI!uhEp2#}i|Ghk3KHqQ83~E26%1(}U{G4%=?v`CLrvYhDn`=-5 z%NgXiCjayPw9L_`@D-|ZfT`t3Q$4yPbCS{UI>g`{2g|&lcnA#?i>{fVJ6*befp{%) zaF$gZ8@JcfeX92*a~+wZbhoVS_-j91j?4ndG(^cXdSOdpwU%FJN|x;rZei#}N*KsX z7)(Spf3rp8XnUfHxo65UmXbC*t3K|_ZdYOf9OqZQKHMQ(!+KSOcvkd7%>2yYb!ZVxs9{a0 zfzTFUQt&Sg(O(+9t`!gCqo61&t6xPHdS;W68~@G*oYJ=?+z`{X5Yw~}XFIk-b;H_! z=JCy%GPgi~3>oI&u86Ki`5^_>VF8jFpPL#xXf!s^H|k6;LbWUVAvUkEHafM~;*wgu z>}@117828prI9h(%KlX)nu_yomr&hk&So;&S@#N2w$Vl_Bz# z{T4R=xmw?-2^gJ*wfPBV^R1KPtdn8cD+$fK`51n(HB`TIyL-jD{)m;-6qVHM<*b{z zd0V3)-pIE}jRO#3J<9a>8}i-cW@#E>lKTw_=A9FuD^?uEl-1`+so9-Dqm$J^l+lTl8?kv0%ePF9 zvrKN`WR%RU_`tx7Pa|x%j<`m=Y#IF9|F{zYePc4XPG)C*+z>fW{;8yWh)mK+CFUDZ5TnoLk`GMGGT zW+FS4`{)RHY=@z(mxZjA_3vq({U+!!mz-1YEh^$!bmP%QnHbR7tP1PG|2b$Cd>t#H zxbbhQ(>LH|wtVLe{?+CEAYZH6pU)dO$uXor-LF7x=U|f|4N3d#LaqYE&}h`)rSBE)#1e z6RT*y!GM5h+*Z(vs&aFPo4TKy8rWqG?*>1MCnJZbrn_x0shY?DEVxaMT5$93DjqUs znsoVOC_{)>#NG?#G^_fNZT;3%QjA_|j8`aG>74>)_&v2*#V~`CSTU)VPtvXv5RHym zS&VK1yzlo9A=ml$#oNd~(|-Oa2tlM8HZ6^{V-WSG*ueeatSaiPx}A{N+jX>RTM?0X zp)6`oPi{|dVk7s0i*;9DkZAWsE8k?Z3U(PR8F-ZVuOK9nHZ&qnzl8$r69?0@G-9G8 z5@wh|E5$FEMCMB=#6)2vOo`Sh$uFOatW@K$ih}x)cXGDx5E6ksQjy3)Ho{iq&Pf=~ zNiA{t#w^|TMv}g4Y>NrONvy;L?nb_pK1mopNi9pzWL_QyDMWgyNIBk>GZ4mBUdZ3P zemDT4RPZY_j-X69U0?owL8}I^$r#Q-X^l=qogYG#-%m{d=i{;eXo)YFA0m+7zefNU zaOUA7e}s!^$shC!3*g#c8qu8hkBOP)Yh4Uhiv6z7>lyyd#QlgKn&O2&%bAxSYb;iM zQcG&#!p6!bftgv7&w=Bk&|+!_qNA+7=PVi)ilyaMdcrruS<)!lYh_*bvB3~7>cA4i6QZ`J-wia-5BDC)uZDj8Dle_;ew$=>UlRE_%rAVA@zCzj03cfgaO(&EJ z`9c*>)tFv4j=xC}f_@>aej)I0StBdBn*O{aw|Ud3!SzDzrcU*$P8AHE-{|bV?doG> zkBPUAVw$2CGl6fXFVmqf)hU%5UwJid?vSe&@z==FXfMmZ%UJ#CdEvkNN@J_)+OF!{ zt_ogle71P;$niMA^$yCV#d!iA$edqT_(-IhhR{nqU~mwh7&uk8@ZoEPZ?Ej_9|UaZ zPzsuznA#acosmCI;Lz75(bdjLM8aKgR(IZBwhqw66jH@N!9J#?>z!tDY6&hTYAz^a*q}lnh8?Z#wAxL#>Q(p5w>Pc&=>aV?cbax#?5<}SOawVZ1i7?t+ES#h zdU|xJ6mTh6a4GEcHPBu;ql`B*j{G!&+%SS1=^TRG|EUZlQ}1u}?Fr5%zXRQGoh@%+ zeSkRf@%VC)_;LpQsUF(nB;gPAJxNj#+Q*{(D*>{~sB$u>a(WtlBLk@LY%`H_ID$1v z0yT4cfpCnS9aE{R2>)bterP=$e7Gj8)hUf0zv@be)l!gHCW)w~DdOs_Qw5|no>*|x zujtS(>y(a8tn?5M7D$X}9IIC0hqe(YTsatl6bnEqh2|=SOwl&ch6{E=(y7VPL64NSQgI!@P#D5c2vjdk=5ws>Y?;W9N=k@I zYEv&DUi1oyR1Jz$#goVBn4tWcg!MJ)b6(iXu|Sj(r(Q0$GDGi1SwR8ivrZ0)bz16mTDK#iZT1bL3rt;a2dKyCW?F70SBNwVgzM;`kqtRJ7 zeY*pAbO&-taMDq8(z)e|^njZyn~9dpTOzjrg8^qy%QRR*&6M6CD3wuhV;bW0ZNYK?CPwA2T*ZoI~*@K2N%DLZZ^AoC>;S9FEWTPG6sKRc{r`xe~c-~jwy|p`u8>?r;ZOT$mldF@}I#J zvF16SR&dDvPLu!1-+>Y6x2Q-DYEO|B zjK0%kv>|;Bh|y4+Df*BVi^fYzTy#y2>_D(sf2geQITiu?!!`B8kb5Y&$&Aj=Rr={r zpyXy+@o3}}!~hBk zpxJy&MI8M-A=-1@-G5uu4G+g=s?%G1Tc~C$v{aztOz+~VhytYv6R>dg7J7rE_7Zr#9*u5u?uS^#edRit`Y1g(zD-QT#nWHMl<=Apnz z|4qj?J%AzEwc#l%Dml_E-A3&t`xxi_0!sLmkQqP;KcQ5q>5KhY>+`41Xa6^&o9n)d z@Y(B^6Q<}9@9VzfoaNso=8HOp8n;UMr}ciyUC~i&n%N3hR-1k#sMqCI63Bvlli5i| zr?E8ozMS~NI+^GL%N(m`jPFs`yNX)~=o>i@C@B-EV{M_W~LZQ&CD{8vO$Qe~cgg{zP;S zaIYAo|MnV88tTV>SgZAV%i4Kc+)KHh`^nI)`%{+N6OXr0mS0vZu=)yg0d*dJFFD74 z4*CCb9+v+9ori|r^HS)p=SMq-{}1P3G3Wp7JhW65z_&8W7rB{z1}KdXQbm7!I?-?x zoDwOCjfQV7@s;@UI8PQk5nXljf24=nC|gmEmeb|n$ylWgQh<{0^oOC5*ulc8w^0+m z+3B6)I;^d-%QDiNxOL^jA&vDGGRR{e$XTe1o1ASCqBxHl#vfwY46GJ36LSw)vBck(8@5kBpo%;);+jr=?`0FS)?Q0@> zbpW3~?Km83rMT@m40G$MXJoYy8jEig8*m`M(K9e*`?aTw0viw68K1ck*;Qy^;N;MU zfLvp`uKnAfz z%DDwK)GwXcHNhK?;0m)c1-U_65h^F-Ymf&{F|^|8IS&anhy$mrH6ed^NwcK3n_*iJ zel7f|P5HBKz?Gr=B(V)7>9=`wxOp(Ua}(C>qHGYGIlKfpvsHGfbqVtjDNUX_0_(25 zQjn{8fu{Li?JB74dW>-YZgc8p;DM}lzZSQ2{2UDMTMdAM;l6@63%>ewl8g&5%-ZEq zx`LR|Jv{H+`R_nxh5~BcKX{m2=y0eg$v z3JopdF`6ZCe0xZn`ez2K!MkT1Z8k*5YAyKzFJjv6(i#n)nWyNrANG$~y1O2{s_l9= z-uFuAeBL3WM!z<5?u>|YUYwu6uZP~+YtePmR(mG4@8_cXpFmPZOg4}Pi`JuLBi7h<2u!K>6oxkc<4(L}5&^HWItI45nF2EHL_{hID&TWn+7Jot^T{uQ1e{*}Yq%XuZh?pU4FtIm9Ek=Y{=(V z1U|JGuYzZth@mM@fa1mEp<4OLP^@vRy5UBb$(UDPm&tOspC>PbzOei zb}?QJYp%a{HHf|8U12g#K5$JMpBAeOp1CJGH*I-?KGmr~@ja1=;@MUG@a9I0Bwa}h z{;JUyXo#6)zyiPGA<~qHmpc|!~jj|g>H?x}XU?jeE?8JJG{*SQH793)7GvUEZ{PNg|CxYqC zxL!=+Nm*6M$r@j`sa%g9XLh9Lz8lgH@x9(KPu9ty(lq*pu1(Q#Ts(oxT}p*ck$XRqQUe*p)|~^mE`dy=}jUYvp|ZQ(hgu z>JdI#DtE*P8Q5}dL?iYc0_F5wSV)|5;)B}0RVoVLP~L7<50v(ba*He2gz6DTX{~43 zxNn(eTS!nj_rgbJl*uzI_8BqJVhgbN26L50^^B$TA}hU)U5%`oWP7qOI7n2=-o{1O z{`2MI%bsxK%Q~XKWp0=~YOlVU2Cs0ov6f65%fnjg^=J0682fP(^ z|NJ-C#dSaPWT^EnM`^7?!Kb-9rm@F!<_j?=;4rh*lt~U*umY*2sU`ok4xrTQY|^_^ z{1NQ`m(9&pHtQs=4fX5Tmx8k_#Ax`b=|`8-or5NN<9SfBtz8vVo4I$>+x^;k2xcC{ z(6pJIHZmj?Yz{8jyMOz6FM&_K%g5LG%g>XTzgMJb>C4~g%jcR)5yAq>Q+?W{#*MMR zk#4TWStlKQ7mQsG0wa^vd4hVakWcmkv%h{dxMYEvYnRfUB!?f3<0YB{MYk|M#CGK; zUceChHgCi;X0K%AosMe7OuM$)dSo*@3_L=Ip6Rs7!ZR)FiFZDA=(ZMXk;iK4^12Hc zuF04rV5#E0TJ+Jx5cMvKs_k^BpQ-BlKMC!o+B3f653O=fSCXvEK_MO`tb$jji-iq8 z#_cWDB;;WtBjgM;f!NqzJ1$uR&6tI_686F#6Z6b0G9~nU0)JyC?p=s409>-0^EaL- zWLYqWe6XzYm!ZL=0ynV}FJ`2V#jwuj%K}8wQc3^2en<#5PVIP{R~^}fj^s>=_PG`9 z?s_u!@xYqRh9OKT@!HPB8vXhBOhzsZHx{ly?V~|Bj6;jCQ|FdKs+QXgkGTWH4DLu> zWHC1=FlfcXQbH|A8PV`w1S{|LuRCIddpAkHhK&1d)rs<#B0f7FoUh_NCt|R_IG<*T ziT;(bWq%LO>UF`y&5AB*IiOf@q|lz`x=3re$p42UE>TRzuumT$_?B^Y>|%94xG|}m zMH&iE&%h_G0)6MB5EVJTOKp`#M=2VpSE&K|#K}%!=mla_rmcUDxDoCYJ*iwMt;vu| zZ!JehO&F?=)dP4TU7eX;sRk%fz`lFK@-*D+sglDG$vwVYr+eg6M;cPv*~vr@SGxFo z8Vi(*Twr|je-xX9yGM$3Q+KV%cP2hrTEWfz+=EW4>4{R1XGWHMf_9n6J@ zT2hu$2BV@eBl?xKOgDdf;@SoH`v7P?A6I5m7UjjT>u!O!X(!+MRS9>f7#e9<53*N- z>n-&)$}bI5(-6}LEGWxEY&tyJcj0ExE}r}S6dk*_S|2-pF)?y6Atc*AhPqrn1V(VZ_!Ms8f;Oy%WKuk3tNL)|UYtkNG#ZuzM(t5FG4J1HXk%z3>U zRYAC|phNmvkId}wZNDj5WGj+7Y4ZPQsMkCsQZ1l zP{I)BO|Kl6P&W#L8CQB5dY3tw2Ie1+1Z1Wre9y0_-^-`N7gk-(U5W z>L$tEp&v0#IDvXmUQ|>pG|$WB4nqdyGKq{7`cXJQhyY>&Y251rkWfq7mcFhL=Xy;F zs;FhpVU=xhbF^EjW*51fC5t88H=}66xt^0U{Jxjp1p3?zJw4zX8&!%X$i)vA>eDS2 z{Y86JQ}vh#V9F0w4p#8WyDN-%RvoLSrta}xWL5uz!)6@i^@pnXa7Luc8e^=nXUs5n zz#f_FLdIx5?>6i3YX3tro5WbEGq2gk<=3ZXA`e{QYcIJ_o-~Rq`Bu+5P0_m5Xe%8q zqjLehrZb#uDWY&cIG9nK`!8b-Ei?|ZohXYVCQ3mcI3a?niKJBll;P_LGm|*?IOAt> zK!=?gxo>M}rruT(p(dHS-Unz3tC^KeAcvK85$sFLc}+6SueiRYZ)A*ztO5yOs1bEk%!x#~z*NTI91uL)L0z9FlPH z-rV6%J5v!)a|lJXb$-KzCPj-2%=vj;i7`WFF23 zy`YR9P~H^0W6U~>{i`UIkMJU^dXdIG^j{jqqdePD{h8&MfO{Qd!zj*{MN}#Hve-z= z#mt|-9QW8f%99;(Gi-jHFh@<-tXVw}ygdk4PakLzMW1r%*hevD5BjpGp0hZ&|K)9e zwdP+3YU(#cHZ^(3&j6yA_>ZBgX%uDhY?bVjJ{Y2e%Ak1q-XR<{%AL)SydERBKLv1u zb290vrp~6rxp4~&oA*gt-TG4GLgOed%$LR^d%=yHAHPk=#UB)={s!Opd3dRqlrVNT zrP>eQs{;Sp!Y|?_(m5GM9eG_=Rk9T2VjQbdxzW?i&!0!}sW;)U>5c5!o&9y-R%EP* zWkjhjlIu!Bn`e@+OF`PTWQN}^zjbZaoY}JBZP$0`t7~|5-Wu9D3FYMd-BXCLr79m< z-aa2@aP;zVMlb4=8PeYjby&?~aW1lGM$4S~cOH!kq(i^6eD<>B_Ka-aqTg-9@iK@) zbeHMX6;chB)DF&g`M>x&>!>!maNW}uZE=DXcPSREP+Wor30@qEmqKxOcWrSg!QEYo zyF;-SN^mbyAOyMjzH{z9XPvw5{U_Oz$?TPxwP)7K^FHtIVb9uzUP_7QJdK+Q8r^#l zOgc;rL0zVKfbz+IiqZ#2xxof(yD%9AAVu_Vl&3!R=)l<;5BlgX%vpHT#6cqC^ogN(w zq^b?=;al%6{*T!5|4mwIuWI( zDIUSoy+CPE` zBLn!tjZmGZ02J@G0LH6{-*k#2-)MqsVkOE(@H=McjMCT^$_ziEP2h#Ys=3 zcH>z7r@|&=(M5Iyz-AFWny4s^tv^n{pjnv2#w^c_)!z{h1s6v$Yl5?4HC>%>hJUJ3 zW;lCUoJ{Z10*gn;G`TD$XkJB@O3-y5rJF?IYJx@VJ8TK^78xRg*yg?iQeF_LlJy(3 zC0vl;y0Ds=M3?zt?S&so`@Gzgn3a+#HFa5Hx$>WEryn@~vYj$xG`$4hj;P@OW-9MpbfPL z)xoiWcPdS6{%USu-`kG;nXR6-zk60mc)O6R4!CP(hyPi3-V^D={U5~UmFUyE@q&v3 z_`iH7Q9GpiBlagxZp9jr?`sXu70ue7?na2d-qoFsHaprE_0jOJb9@VnL*HVFx$G74 zu}ZN+;+=@_N#37Jz(3zz60KppvHLz;fF7Uc*D}%*-!Q2Cl{lb*bFks;;#m1yh>Jw~ z@4NrPI~_xfNj}4Wn*85*r?eW(@C|v8o!0-MI~nlBAn8sE)a4E!@OvbYskYqUPygVR zl`*O<_aG8BpHLCqR@bccrKvJ=e8>X6Ruk>LQF%0ehK$wXCoR&F@HBa}hISRK^lHjH zKJ0pvtU%UmxhQ2PW`9yg4vi*XxPSj+T6Kscmk7Hz z;}@pc03;OVjAlZG*Tde^Y7f_R)vHcFb_IwD-LUa!{Hl0b2szcV zOI+0!p|N5$HtBQrUa}erS=6ejt;JDnV7E`NZ2VSRfqkmG9Zsf043{E}6_8CTmo=-O zp^+oK$xUbBaQkrMpnb^WRkC{*YWeY)xqOU-xnxH5i{f>g1dZ=0H>vU0h^e)v*yfZ@ z8l-k{aj`Arovod{`%jZ)BUX>-r%KU&RWgGQf8B@;gw$Mschi-5@)h&7Mal`EcOcqB zJZ#GM-c%c|I-r*+8Rcv-U25~Qf0F!A23$skzJU2gIRP5_(!bK#ixt0+DCvm?&hf$~ zfGU&`ib^eGdRm0GK&M;Tt&#|^Y^esJ68T7>{lt-j)u#MXgOmHG2zbAGOfOwAIXop&D&zVx%1WS--sSQWZ#2|<;K+Rf^tkrIzqWSDDNV#hK@ zST2K8Jl7;-4qo?qRDaKUWm<}3HFv(_#~GWy$?}=hXcDb_+7|24jp)}K??e+uzu7SE z=8YpMog^&~X*sKE7@t?S93)8+lvcvZy*-)H7@Meo33APdgz=7v07fX2o%f}24IF78 z%#7(XJB0q1R4)fGMyXwALrzRSj7V9$Y*&y7WywZyEWN_%hbw~>iiIl>0_c@4G$CU>DRHAPRicW61EKM(&@JO`aip6Zf! z+|E%0II!`Y@ix7bvhEY)?_FH3o;l@zk=M#q9wTBIgFPc? zmW%wEP5~lrPD$E$Um;SwrN>JQukhu!X?M;2m*?uv3?q{} ztxmYZuf{)ilU+@B?+&V)if0<0t|*&0kRWYCq#2$qJeiKN z-N3=OszR0t8{wJ}8nQpQO}>-Tp}l&gK}PVI>sfVJZ8ZDm43jGQyN8By9fh~xd|LTH z%K3y>t*_?f47x}07LO$D<12-^1cu{l#_rToTYn~g7|nAzcQM`}aYw~3WJut`muKN1 zDAY>cH^l!{{CX_$1ZgC{Tv-y!D*Ex}aM6^PvL-Y4p*&M54}D|^b*AmU?V6i^TNAdM zzDl_#?Q;W#Br_<)AB=p`G&R$fein}+l=k%FaaC8rov{<``MR%932PU@)vojUZP)zD zl>GY4dMJhJJ|t+_n7}p}lM?c^9|+miZnj z?v;<3RErx$#geqJaaA@F2gV}NZOWfN_GE6pcG0((8rRGIxUvsdt5-&Nl1@7Zt^@Dv z2O5BGf~t%QB3#m}OQ2MPs;|8Os;xbVE;e|Szpg$O-Cz=INcJZz)5qL{I!4QSPf9K= zf=L{ylfn{0P{Bzk7nz8l011heDScXWqMTQ{JZP;o~)?7v{W35 zKyls>IaV%SbaYvF%XEKQX|@o#3P<%De|FlS`x%6$Pg>QjV+CH_SgJOTz5$=OVCd; z+YexS@bJwIW9TS$8BcOwy85!<;My`;7xjd+%5(v-oEDkp%dG(^su}ul!Qw0ed{Y&4U34++sUBu#A!=Mh$uB~Ybo%2hu>K9jvRu`t*4DT<1;d}_zZ_pv z2-Npdv>>_D<)>SJbE4FiKdMtSHJ#Tk%gL;jw&A3;Z2AeO4HHklE_v}K;>DL~E-Ea> zI7}iv6{l7X+_T6`Md|xMQ~io>@sb)5jq2$cc4qw`d;2MHED^Ik^g3_Fx7|7c*Rbfl z4{N+ommq3<=I_tslwz z@W|ZuSL(g)8kubck(>Iw>75e0Lh8U3hY?5>DWx@7m3X8!2#{vzieNKKe z+q`E?c%ak>=l95(w|Vj#t|RAnxNAJN*y%qo&(yiPKDb~{r1*b6ez7Ni|38AA9MWf> z)KLRVC7(wk&*VY@q0V*sVZO+!Mz>KQ)vm~KOom!E39o<}fC*s@Wu=!+9mhQHsE=d0 znXI{}hAVd>l+UJ4U@@ zj1DB+Ayf)R)xfPd^Bz5H{no20E^{eM;9c;%jHOTdn|DE^7=-I)0O6ozL}-vPpiATg z0KJQLK4*mmD|ay36tVVcXwh>1Q;f}&%`TN3it@Fhb-3*npry1@_HwZb^k&E^!N|nY zI;Q)u%XlZ-cAPS~wMf#z!kWigpq4r=PLM{xH|9K4G*TD=yGwv4@&kw?W&SB-Q>?Iz zh2?pgsIGB40b`ZjomMc|Ncqy%oCBUXG%jS)lGGsEC9I_RFshP=W$R*Ac)1!cR5gkR zds`a-XCFhWw8w;wpN89~tLW#-u}_7M)U!IjPkm)|o=dTI+M6}I3RlOY3FeF*Alace z2%dNm?tjaJM|4?WI5l33!?MxWACZy8K}L)jl0;H2^|-VvA%fslt;ZEu3TKR^Cz5MZ zCv#dU@-vV%2e1Lz@rnL1jF`a8v}kGM)>}Y3AcB8pdez~GC}Si-AiJUL;;Y1g4f{WF zxk=%V?}j*H(II3Y_E_gS9(txa0!f0j#v;&P5CNhf{dAl}gt@5e^OXVM8CNu0D^Ig) zaK(FnY7@NaOYU60FokATUIPHpCo@?yHC}O%^4?Yq{4OuWF682Bo2AVX6{a|O#iD%WpxPs>qw=wh&ARwI7 zzc5YHXLs9_pM;cho(;}5hSupxY`97)bp=YgD=<7(Mi7&lk%H=DoM*Y751$`w*%+zB zGrt!!T>jxiw_aL4;|D?QVNJWQFI!phhgN-Zw`VD$)c!Iq7cIeX#Mmi*H_4UA@eYL| z;F|T$3`hYk@9}m}3*}s8M2MYN_4|T{V$JFJu1WFEkVx0r7KiFT=3@;#KhMOn8Oe*Di%+z ze@J9L*oE7r7?#djB~Fb-e$7F~>IeywVTcd}!V%3bmKuQ~dY;s;Kqnt}a&)?inF?i`ju)DpK;ZFy{FJiV&ClUNQ$ z=@^nlhl4CnB!mt)Q1f+2l zk}wL>Y4M@kbGw*kv>@I@=UK^3gUWW`Z-DsEB7U@LO^%G<^VfD^sU| zVm=|kL1MgH4Ok3L_5{ShlBPU7r(CXHmvk=;cS~%$HjCR+UK!_IJ$|Q963`IMWTmEx zgnj$_ZLQO&r>n{G8nV1K9|^bV^L3@27}n{|KU)@970J5wqJ5HpMsntbV^ej$V7wsB|W{pNosw%>P00y6|lr zzdY|OuZ^(TIu+{JAlAaSHT1+5OOjj#J%-@wR)5gc1scw-F3%Xt<(Tspt&9$T#_{xaFsBEpm3 z=Yye2V~JMmGO@2#VVD|FvBFX6IWC{l2ZHVYH;eiS>p%61oe;s+iQIU3>*j!hJg(h6 zwFdb8@B8oKxW-R${jiiFC%E9>3u|?tI(hX2Vkh!bB0}0%e z8iXWemb4w+oFd=>v(tDzG^*287}Q^y9wQbd8l+}r4XwQv{r&zEMNPH8x55~3ZRCYJ z+hBHW>zXUZ*0bD#Oy1$~uNR_;ZLn@`(Rn1^(+z?D9}=}ecY!cMkH2}#dV}+#X3O5` zi{;>kz4G~ShbTfrG(HBjs83BPYV>FVufVuwX^vul)oNc;eU&h+o8Wj=?VBBwcLYP6 zCrt0H&`u+@iaYfRmcu_$I!U}61`Y+c2Y8?g`I8bcv`%}D0KKND|DjcUb(i^6mbqLn zWn>k;bJoqC`NwL$>;CcbK*goG{H_;qA@TZzSh(=3b2s9A!?D^r=|nqWH%7DoKoB?H z6YvM>YVZO~sG}Jw<@}`ijXC7ufc<@VMwK_ESl(3klzf`5SEI*csi&aU+q<>Nm3`mW zR1dEBRB^))_&n%5ma86KV(&>C^Q?VCdrxGh?I;0?7sHWhEDK+>A>hoL9(k13^7XQP z%2YfDXZyvW&#Il7h_W5UbD-~g={}tDh>%5-4T0u?Y_O3UbT3z9SN;DViCWFc&08OSLNk%b-Mre{NP;VVA7Ujzrx%!SCQg&T^;Q2QBvpm zExNJ_^f&8l3W+!Vr{Oq<*nz_}KMl-@R{N{!J^HqriR)Guwu;qh$AF@@Xc%ey z?c0`rXZ{vN4xPpS?x6Nw>^J10>trb5HlgW(e`fEZxOI+LKjASsL2aj~P`E!u?Zzlr zlKjNk=eQoV7a;sjSlEB@>7XCcqv(jy{j%V#)WjCs^Iy2w!)Lj_D;T{~21Ki+J=Ki6 zydFP3{W^a_Z0>Y?u)TTp&C$6#W5S~}Yc6v5tok=0wti6E+Htq{KjZPmsj#91p_tj9BmX`LH2COhtVV7xefn=p4)~ zz7SUya^68R^Olw(SFzu*=lN|s1Xt`sA0n7vbo39HEVl;%%dNvj+i?q+iDqHXWgCn^ zIGiPH{7uNsBN5AbT-!<^y@(EZDN6ST{6buB`ovw!-vjdwow1+K%=3WC`||qs7bFt# z;@5NDO(RC%n43Kv;!b$y{%Vd-N&ms+dn{8v0T>(}SEzlitI@a50u z_6=SqQFq<#Om?J|1bA_FiOkT^_O7EXpV`PNIl+H1?NcO%oSFYIuw9AfxYPLgMeZT@ zk58IkPfGYF^5ms1DdxOXU*=@)uD9-L*;Msjak5FXETFuo{fKtH$-w*5S6Aqfi`M0L z7rrismsYPqe$W3J<@#5Y?Jhi3@!Q>pp7U`&;A-(d0W5%AgY zlc#-MBND73A@#sjBJrDof}&r|J*d1jp7ubkK!WHB?{7JJ!FdNm;#t(0_2I)>9^^A3 zp3+a~A;u9D6syK8k+Qv)=jDF$sWqyM5qe&$8~ zJgQ*?7HYSAiKD-m_yO`x{!wxvNg9Yth(u)KU!V*8d%I)g&ts%V;3=HNe|nDe!I8{% zzUT5xU8mYdogqN2Cc@P36#38RLcR-j`Y@TonQ9^yxoBtL6xU}eqZwEgmJn$O2E|Mp zdi4h!>8Y<>e@|YP_J>bvz7WG}H2VE1eJZez2mr{*&o^XY4ejI(_)9s?D#|W33&9$5 z(~{0=*{P92=Y5H%rS6&^Y))PJ+e!Cc?&;;Ufx7E@uz79^{-5elvb#5;5mK|l*wJ3N zA@?WsRIEK-Hy0)e$OZxGo|I~!rswOBf_bvkBmQum4epw-9j}BLi~>z6z@-)jQw}=o zl4Z^#NcF|$0Zz24qx!@=1=)_r237R%Wp(~5*@(BSyPG(3nU{|z=a&T^;Kr+TnmAcC zL-2GA-q3O&Abvy4*4)2ocX<4MSN&y9&LeX-Rr=+}-GqaCC#BPFx{@BRb*zbNfoCK9 zD1U>jTEjj;_+?l9|Sjc~UYf|+D zgiFYw-u%Lk9=V({b*MR)D1Nl|o@@C6qJ2h-v-tbT?kNEa#ksHb<`MOUfR+qOC6;8` zGqQW^tcz-GYnz{U2Ud4~rc9pJ&xGVr(TJmh$3QR9MdU3y);3zPT`#-LhjP)JLdJG* z&=cTOh*4jm^`85pCV6NO@sd7pcyePB3NZ}j!9#aUNIot>+vnF<-Fhvdne= zj4p4|heFx_LsU!KlS>TXq9J2)v$(M$0e_b&zgdX~_+&)NH8uY61p#K6A^mndP2%Cp zP%p+>A_a{?XGqen(p3XhCHo1zKFO&cg|^ZfL=xgsfWZ^z6h-rJ_Ro zH`7G5DNo3dMIsdasiZ8@UZs@mpRL7>zZ>^tBTkQd2bHb!G3WCQqrHng zhW;)Qk`5dn-Ng;DeWTY_>5?d7M8ps`kAHvvEcyP4nu^U2C(`lR0h8(P3WdGYyBx@v zIRD&@`eOaormn?lM$*ZK)2VP`EFrPcqpz#6MVg_W;Hg)9Y&{Mi0`%njE(h;Mr{w!T zISWX!{^oMO?!iUkj-Lt#I&9K?Djzc&U^RHt<9m|8cMhz4hU>u*zG9Hw#wIq$|D7&w zjkq?mfy@XX)_>8?jsDP322Mwzu%(i3w)lvJo0M9e=P9O zG!GcU)V;)26rM-q4A3@8ir5_c&7DC2Nk_c_1UyGYDCnkp|du$h6ZrWA2gQURk zwoz-u@Abd64%0OUq_xSDpVoGai5Dhr80GxR_M7Owww^CY%<`@p#JhpwY&`Lk>E^8T z-fJxT;W+D=c_%jiKn}1sb+6s3=r%8AF`*6*x)NxIAlicjfN{g?~z=tw?>jx%` z-NZINML);9C~k;w4R0p4GdzU=mMUS4dZgz0A-)v+?TNQF_W`~|B(j6B6lUS?S~l=| z*iUMtA%hL{Y)djt_!N!%{1q7KdinV`4fpdOU3cy7HQnAnD^OTaGG9zaYAt(M=lxmo z?tcwa7hf-Wl~pcHIoyIw)N0B0DKsgR5s@If?iYKR)SxkCTZ!>g8DQ^@$8Q@=TgRDTpkHdy7dIUvU}5I=$;NUjD~P zVwI=sywrD%nkw4oJKa=$2xxxe_faUm^{OKMRX`p-j9)}`Gz{yDpQzChmcW3N%V>~Q z=gnpA4z82;Pj?W>y5;rC=c*0M>u(ORgaUW;eK4m4`xMvwdMwxc+7|vd7oa4X0%V&9 z)3H#PQ1&Dx*`oe1+W>(*a-k=s>n5Q2kDc0GalC{7Ib3`}-81ycDrwqrO83|4iYb4I z4f^G{+SAv2qt^<7FP1%nmiK(Ota-k6+h97)=;zZGUw;`TV!{daS=L8Px(D*jd8S>z z>oB%}=lWINKxHy_>P=#-TbD74ntH6>eJ8h`kZ&fFJFU|1t|!j0$g@S&iGPzKze6@5 z7}LiHfGzVGYc1|M+qE=d%WWCueEji9)F)ON+i+?6*XvH`E!Ww>T#ZO(m4lKI^l1wv(3PmEzY7gob$V`wddrkXyvi8q#>9>ZjeKMKJ zu_G$pCu_GR6jrGO@{M9Ysq>x{hx;7s9jV|TSb-2t1`diF1skIr63)qbE6cm6>-fB$+wqjGo7ucjDJQj;DQJJwOib<# z0dM`ZuBt984kmXNom))K1CTtA@du|6_Bor+xf|F+TQz-=t$U%P^!0ByX}$Ay{;{cI z7njC{*a)?^vOd-q=yuz`tHCfi`7xg5WbC>aM&OiylLB%T@5;rwm|d|EW#>J&scRi2 z!4O9{EtdpGjd30WLxs-9DQ$M2b0pY)!Qb=Dc(J&3V-u74{tCtZ<3dZ73X;wPNhz9^ z4ZQ61OcSHv4qXeA$(|p4b5#81)TwTT#jPoKV`bQWG@S7IPLU!UU*6`NBHS{<;FoYJ z&$IS5x~XZH#57{9<|@;+Vo93@`UXll=VoOXVh<-ogDjm8v#2Px{g5 z*QR+P{al_Vz7aO<&Oe7k!}j*Rrt*)K`qx}I+#?6tAkWx1;_C))Ccz5bgZ`@a4qIMo z70pCwCI1HDjbr9*gx*QMEi6xp>0{>h8FE^FOFa?V!(ujfeib_7;Lvx@(OtbEeQV{m zckG`spXVsM<)>%MHQ3&@f0_r3XBG3X=#W1~*{rLi{O&BLvUx8RpUqB9DHqXh$nV11 z9V-=|zUr_N)b$J2@U@SUe9-s`VrVpNxfc{4rSW$yrRq%vPQGE|1!A!e;DvoZpD#E# zvx!$zuC{WE({NdU@3W)Y?YtJE7rm9Y3lO4yvP@0h%6N`O_hk@`g~>|?%}Ei?LfMpO z+?TCX=$(z!Eatr$Tl!ArEQ{G5S+fQTZ(AfD6xWL}Rq0j%D&DlqO!fvt^=JI-9b}_9j5l zV3DV!-xcqQq^i8}V^CxwJxHOAjLwOC>EjLDR5UmDjBV8yBJtYUQkG7-P=QVZ9B%V( zjW30eTxKi``y{Yo=vc-+(YZ}3R(d6xk(11dR>MCv2A-sK6XW&u#O&zG^W2HK3NdoW z>g)#~y0&dOWf*}fY(v1w5xO_$cU6X*p^wT>HQ7C6ohe)l{ANe>w^oA`U?NtyZGXG zdM$Z04L2k;tx{G!9;PH*Ic|&bqM@nxdnG0I#B*$P{2vg;BUY}e{%F<-Qxsw0a3A>H`p27;AA<|0~$}gbz>PV;nt-d>d+Z&dtmJ z*p(JF|0omlJ&t};4vpSnyW|(03v{Fn!nH5=gDu_o#v1PHNTqF{@o`*JIy!GY!-E=Q z{hJdMvkd~?VHWPB$;Hp}j9`oBq1c(T4`nLU9oVrn{=~vj?K+DM&^1_nnePjY?1ls# zQy@8Ax&-df^i`a_f>mRg^K35Na#M{&xxlD6b&5f)Pq5S;jpo-%kM|dYS&!!;K1w4d z$YgBaSqbl(@rb2imJ*ogl5O^>9?jWpz6`&sEufb_nr(g|rOiNs4J1#Pi%b_w($6JR ze}qRXU^jdNZR$eQCrz~57$SW{d{JlHn>kf~pzJQnNXdQ5xuvC$B` zw-jR7ef~^<5=0sA>?M@tU{ddv?)*mTTRb!pS>mA?uBoJOz}i_H;v`R)s(f7q_Wbq$IzjeC z^MC4hYJDG5m1|ZMX(*yzgXH3z=>(F+uj$7TCa3$R8(<}t_jZW>=ySN>innd zPlhxO6XV%A2p`tDY5^F3wCn4^ZQEwn-&O9-@AAvUp=IljY@aaH%OSFhr5H_i0CR!p z#@9PAyL+y>7W5kY8c5+1E3-)hD5>a#?KOWi{_7nL8~4vp;HxA6)KF_ebyd^V1klSp z#?+&*Hea*WR011(u<2#(Gfh%^yoofjpCRq=K;Yuz%$3bGHZ;8@vL=#ySi0 zij-QV*N+51z$jK}CuMRAAfm&9j8bJEiwYdFXSxzkE@&eS!rE;KPj}5v z*GpSHfAjJln|%*las$qNj-W}9*@03UW+;q&co@aWl_wr|u-B-bI|}NLwMQXK8nUl} zf83NPF6DcLQxG9_#fo{YuP_B~u$(@*^$H*!**Z4V_bt@rpM8_5SfddAG(T>lD&ENz zBLPUGPGJ~j&t$7mP{J#z2g}JIu#qeAscK2hEkKaQ$QopI%P5u!f|eF2YR!TnVWdB* zK3EkhbMmvZWu^iqwKPPP&pd?U<+wp9X$3S3%Cq}LHWwQF^U7w%dgF{$gxt*a7Yb>! zpA))0?tKH=8b@frb0d{D<~sZ-?>Es_M;01-eLwqUsN7u-Wb)qccx6r($Rw2VSQCvE zWU$7_Yh5?5lm#Al;{Lg}dSp8yRna5g>Hah!9U7gHgHJjsYxw-vTb&R<{&S$vc09EQ$PByvQrpcx$4+|6=pS3rbP+0K@} z-TSAi3sRkvrD2p4Qg+@<0QsbrMf-h9?5Sh-*JlwQJ8SWzmSe5V`GOT5*0_#Y5}BbH znb^>6Sn;a{(J0_5)6jALK_9ltj~FX`?wk;687N0q^)V$y^*D#bF}M7_4~-1J!G52O zvsvSK*m?Z8|Ml^2ck&V5Qgcs)ZK8E^Hwh2}3nxY3fH$*j98)?A@a@5Mjyt;XO8q80 zfw~H%e~0VP8SM;;bOim-I&+9_9Z!1;l6X%IWcD++2qj&)v>bBdaj%FD<@D;Vy%~uKK_@c!ZMNaL<3MGe6_@wr&$E-!xU4Te1ib> zQ_K^@{~YL(`~$k8kB1m->37~ZO7KeTq&~Uu?lTDx$*ZkIasSQPjgwBM2%ojzi7>*D z{)s;EWgBkOyhpSv=zGN~N_d*r-6t34Z-*EY|6Txn|~zP`bOV-U~ZSkDDf$NC@=LHC*5vcy@EE@ zNiWH#96^n$r;C3vU_{wE+5!s1Gu3G(W&QrSn>S?6U(QoDGhi6TQwVU)of z*g^3#$z4uOA=`y1_csEIIaFR-=8-Fuy{?ZIY5aA{tAkufeC0clC_oBxv| zO*n6T;&sKh?MZ@n%9+_rldfN}pYG>@#Mn-g(x;uMKozhh zUD&3Ie^6(1mze$yE4b~r+nYb|70SfEu%CU}*;`rP@xP*Bf@!*De+`Ks+_}Ug(F7i- ztrkgyz5LPKD7b+1NqV|=>-*>rv|x`y>jn!|UZz^HtCzj(p{^tU)ap(uf?B9#Tg=Xc zwcN1@l2#(3Lk3EuTF(}7a<^+_8nT@@7p*#aLE`5a!OXGu2a@-Bi} z>y+R4ixe~GxNOHn^6Q1mpR@Vfx(b)+z}I+gpappQD~#W?i$=@mxGL=Ce>53?C$atT zy*HClww9kxZ#B#`3~RXu)OW15`^73#H#Rwjf^p)fg^6vNUsDJ=mJ2t5&MHXnQ)Lg; zP^U&$=l8z45Ye$3xfmNkDivn~4`_ouGWv$A0Mkg@;j zRQJAj9jkKvvqj3cjWwQ-*spYQ<2>Y?HMC<)Rk;vGGLST+*5rb>0N;u@B>gKLc)XRT zii+QvibE^n<>Kxfn*njm_GSz38f}DSWIrz$SNYmMKw#f6*VCOVz}tsRIzigTr7X4U z_G#1SB&nBoz?7UhgsJ;_ye<3U@G0UJ#t?3a+0V;`UGZ=jnfirpY>bEP%_9-yNc1njJJ@7ytr?hJk*h1 z&U6&N)*}5oAvb1ueZ`4jH^nDxedX{9D7)1)7U?{iIibxCRE8D8XFfB!ugVJPK1c+Lvh-hNqtdM&PNkT=Q;SVjE-8Yz^D>H%ryVc&uS<=M;_p}(rp^z2WmC)$t6~l`U`)HSSu<)J zDFu5wfH!qEi`L+u1`2K-!-#k=**bcvfH&mOPS%)cd zwu4iqZw%keGCh6mK9j$)UQ{o+KREn+jy^CCsaG99M1M|%oP)Bf5}<>*hm;Wp6~ z3MOafZTgiRI}KBkEySkN2#-=YXW@FmSuHC*hEHRe?we{q^V;5t=>igd%i6yU?F`1O zZ6$nQmGMtCyMuJH7OGGcsE4bwZb^Szbv#t};w=;68t+KUe*4F)yUTvckk15A$IzYwo>Lro=6jPBnXz+ zCyENC$kWi9LiEE%Q!rWj8MDb+D%*h+q_0=EO-Y|cas#c5`ZBSJKCaTgwlzUhVU}S| zamoOTcp@8mlY1su+zO+2NJ(TkX5=90~nly~zR!WtP* z3TU$}FjaXCg={N$1&52>h^Q^%-mEHw+cWkzCFupBMl9pJQw+~$>~~A{goM7Gz~NO2 zCu7<&Praw9_&eAxvq8%vMc84HeoV+6dA(yFa-U4+Kgt7VGS&-1Zj~p~X(KO8(RB)2 zyF$1jW4~)sI%zYf@EWbR1*RA;_$rcA`47{b^ zzc--|Hv8OeuR~+7dqLq?q*%-^-7zpI7~`=C!z3QhggAwjKD!~lww5agh3d`2h?oy z=h^1WzZo%?d!!D{Mt!uLch`RXP`M<_DNfHWUf$tv+MuQD1Q2xsI(`?${eAmzO*>BZ zP@H~`-1qk6ckqWt#vnGUm*CD4sM$##ml}~kmtysW6qmno_5d}!t#8cnobo+ zX&F)@^KE7jOGz#%8i#w^WdMWmEn`+=QZeFiN98ueN0OLe1DUu2^=dL`;dN9jkeED*97 zBUUCU+#0`_*MBi@t{RB12896SB-ofG*sKtW$N7d4U&b)jN*M+V83w^rieaJ$ovoI= z#y#KuUB-M&jEbJ?XB&x9(NR*-8Q6r#&Uy%Wy*#i^zAi>=Rf@frQe^;gOdl`ksJtXS zczS2m2|ElQ4-I;{vN$qtOg67iHgEni5aqBq=|;u z>_rqa1p!Y%CS2oPDL>El)0+~-3_!pGkO{_k#!aucbvBfP7LE*TcQ}GOLzow zpFaYL{dY7WA5Z2Qz469lJI)*yXD;a2sIoV?_eJDF4tOpH%z6up4+-zCf#VBCV+lsD z)DpCK*h>uFp7>_t?2a$Jm2nCQuZDoDArtO#t)v?_-`mO9py{m8bQN+%F8}-&N9K(2 z=JfIAq)vcs7@}uW4ug#ugUw1rp|64lhVwR40hpmsH!f=@F-{u{APNR_;4_{b9iAx< zjxY`mFb;AtD`ry`b-iRvF{e*~Nm?W$8y*mmV$nv&v#Q1=-`oKy?tqR)hU=q7SeiVk z$v^h?LqGkM5Q%?4Pp=v`cjz}v`inwkU1RYz!1x-Jn9}ubHZmw6!?_>CafRuz$R`Tp zq9$SQ#uJ?Nn<*Ja@PRGhFlxWZ2k zb0grXBMb*L@D!?(KC@QrH1F#Kf7O_%Pxbw9S7MEs-ZyFx{lZJRPnr%2Ac6w;$eFB; zYFm^@(q+fel*Z$XzpXpc_W+1`0DN#JIs3SQ)>^_7i=C^8Ri!m=Ec(k z*rpw^4V`hlRvQFP(O6E=8IdWp8fT*(u9@b}ndZgw$p2fesj+05U^317d@{}d7#;Ve zhpx1?`?fUjP7WfrEnJaUfpqiY{(tPod^8E`8sK$}1e$&fUAClAOoe}9e(p3VhIKVp%QH+63+ON{#K^&wrD0>HVRMHoWUa;{ zmgE$D@@<#~Etm$uZ){_pS6jy(9yz<~rE?QDCKA>ofz@FHNVm4vchpU2=x^u%8Vxc} zmMM~mDU^r_oE_<+Emc~!hBcFKP4go5f~YWtupowz*=Qhg+~1*#=e=O`IQ-RGedTpY zG)5AZv^qJAMN+ODc2^@94aR??g!x7(U2m2oA!rymLn$j=DXWtd$m|aFkz$qT zDwgmfmN3nF;c+VlA0mwpfdxn2bJ@f&jG#V)hN2+PfUHR(*!Ta@UQT_>H*GcV_1M_? zJY@X%z|+-=sKmcLJx^k?dwa##`Lmm84EvKKB}pEC{J2Dn+NByXO(x^xe`5<44kkeR zKbx&TwACHD0UjL0b9SpYI?nct2o98R^0FP2h0Er>= z8lV5)mhDc@{oGt`5^VwT|LQKc|HbyIwNgR%Zg{U^_^r3D_|)LE+xf%o@ZP0;qILfn zgJ0<)k=w0og+j*JiRv+|L;|pw#O_X@sq+Iyqw|H>zcqb*B8K*)$TKFKn>Mf(<3bw6Lf=jTV!65{<5G=U6yIXMg;G}UUxVt;Sy@OkD zX`CPpG;WQ{>vQhAcZ~1vDz9C8jlE~BIT!Q)(95mWt0=qK-@0avXM43Avs$|*{=+c0 zdg+Ln^-q*p2$b5r65+U4r~Rs9+p(MB4YARn$5eXsUXyrZ!rbHU00a zUpYE6-Z#Zm1U;|)=g0BY!~z_mrp-N!-joH!mfDWqx@4t%pI22lFTobo=lTIN8Q!&S zh@92g<_$WLZ1S2g`_kJGo8iWA5GuzXM65J5!Yd_VW8FY#LZssOX71`@NhE`+fbkGH zEC=Xb60v}heZ_UzWMPC>vpDZy5x-w7qZXctHP6=P>@q<@XTYF`iLqH`+c2r5R7q{3 zQKrC07*Dis`FJ+OQ0%b^!(?Nz7)35bR4cuF^|ctqHrPcoJ&vij^1+2`tjCGT;(enU zWs0=a$5d0z^cbd2Z?JzCIj>r>VW5nzg)B8~QKzV;PvR-5&UF7yWOz6iwp@OZzx+kz zgiz|uhbimb?68-&eok>7>ahi+Ot&TUl#ts+%)s7fiN`vO4)r;CBVER>#8w(1L*>g+ z1XuM&IU_FHr)g^158|>2A4}3M*-akD>WOFx=46eC8J!6xtGr*Xo339u1V)CK22M0O zv_C&J18pxOTuRYl($^`SvFdM@Oiz>SLnCF|nQny) z;(5<~Po04OUExB{HeC-omL!+`^Yl~0gG+|UCh4s1X=Z1#4}k{aKgz-Ae!5?ym8|WA zMS&t$E{2@dF9AC9J~qsvH2fc zMLR*8?9$QR&Q<4O2@PV!+PL9z8+Tfaq~9ay>$hvPsGF1OkAt_Kp0`PYzR8C8%Ms{h zESv^D>)V`?tQ}YD_S3!ye0Sw`f9DsAso1g!0$HumZ)u17kyRD7E|UISGtIA9`ytl* z_z@HzsKZL`_$@a3D|0z=H>uqBFe?J-38SBu#4ndNiCfW@9QoM2zEYtR0=Ayk8BTu! za3_(k`#dXw3K$6!-)y<9Cm?~s%&)AJ;5d}(`?6`JKSnssXhqf1-&_ZNTmqJt$9Mg|jF8JwmZfx}n9e_V7+AE;1IUG#!1>p;R1@X!!B)_*W7qSAoG<(SEv@ z#W0|+q`Rw5m(|@n$prA1f4+M99Hew=^&>OHy6a9OCzSbR#f2l700$*22P#f4p$zEj zNg2xDdcT-e7PF@9niXlTiIuy_Ld~z&6p5nrKfPB)`A=(Qqg%&a75oKSBj=NpNF&Qy z3RR~)KThq-iYs;&>MPjPPSjW;b8gZ7@`)6sTEufYZglMUVZmqk{;cQIBKrd(JS6w0 zLAvwW>pqe!h;|7X-v0ElFq^&j(uU)$lg#sPIj_$pFe!l>r|I*=lGKWPR%V~evPib_ zh~Ke~_k(WA3g4h4r+JITVq?XsW5`36b&S99`@41OTH|@;lg?uY-2ek(GN+irfG^vU zl)$_C(Xk}DiGGW=?wd7}Td>Z~PpY>hR?^6{S_Gy8U^K^>EO4UEXk~uQ@7ZSee6&cS zH0_suy4r+)hIW8DWJty)Ek}>&D|5&F1Q?&_dPk(g`pMqtiKp7t_3iY0u`yJ%n3C37 zF2@tlRMcMKdX%qX{o|$uv`VWVw2ezzVlHlFG+aa5dfay+R)s<9d1Y<%Tyw~}Ic&4% ziOMM;*T^QT?Iv;-FeMnVS~32C>6p{1?#e%G=li^*=UAZ_=8R!5lJxcSi7Ovt(sZ=rYV~-%IUhQ;{S~cQ7Q1V?I~H zvTAbR?ACf62JLWAjU-1;h`Y97edo)c65m1`-9g+Hu84_YVXJHhsIHeM6q{Lr)~$BN z-YvMIjbK{ruCDd?dvf=%^%~c#-fAz|(L^YaI8nV%-)VTuuKjcwm_iLrN!$?x2 zFx6U`3hj;peK|j^l;6bH@58er1UaZx6RKZUS;AOqY0|ViboFgb^ADsZ*W8DiWBD~L zD$H>Vstp}ZvGUw#zeHAO0U}p-7=cW68;6jET{#&VSgy9AE4y9jTn^(s5h1HtH#EAhqV zEV~-U^&1YPCI{&%n;dtED;Ew}HdPI(sY=`_%d|UZ!jOrhuoJsiMCaI-v{~U?$3@iw zJ7lI`2%gLZpUKuJHBL8iv^GwjrrfH-8MKns0g9E<9=yr3=|3m6B{HirD@CUkPLqNt zVy}AKYAqkI4IhO%4K0lA3A6?ZtEj6)KWKd-HdrVc{7(kcmNF_`j*LqC9wr=<7T>+X zFgE7DHtI_sxBdn*c3aiKf7AJaAK;se!YHtRx!U8adM{t-UmDq~4mhbU0`YY4-5s}3 zdz8v{ssk#R4_gR6V=g~Kkh65Fqs*>YZdM(Bhup0G8dSG1uM}kKJJ5#UAt%A9G)gfqSv$pZY^nC3*Xuh-wBNwrap ztN)aXT=EBB&y)!VnGVLM*Mx`JXRAkzVQCn)Z?0)N$A`ZskcIoE)ATAJ-E@tw8K$(d z*u432d^EDa5XF>Ej)ClpMc+q>_A4ZAm%>vUw}mjdyGOFFp`)=&g{PxOdUGrEDo&e4 zZ*nBq-|)F4)x`*BDT8`u>@~5MZx^quBMI48?eP7V;N-!wnsR_K0vzGN@=;+S7Zg$$EBlCb$}_mFVDWoV>S2BkY}p^+cc0JWmr}^&6EPtRX0^| z*JJ+Vo%rUqsX5)W0up==L(Ws@JRqb$N2w+qea}}8BWxu@myKW)%*1r)?aNr7;kwHe z{KywvaDe;#-=Lnc?AMrd8DLJgPtfC4M{{$=H@RtbzGB!d;T}(b1Y%3iX(NWx*^C!ueBcy$TsgXdrcfN3Dp(ZrB9}YnWjg4LfWFO|mdC z=Dh*;%WXj$GsgY~O)AW4#h6K}(LjY9;@J*$M59X4IjyGV3Bt0K<5rc%=EDr(s19{N z4zoemBO!Zc!j#ih&DPf1@f~~F^|9FIxr|?v&n$Jva>7Dj31t-TX9oN_d|Vx-U#^SY z&#m0+>uu;i6iBQQ79$YCBv{(oKU;}J2RNaX85PxPQms|_D5TYX>vqL*#pW3KU|R~G zsco={V6={$@Ap$K6^DgDw(n|OG=p@kOC9j1dZt!DUptzEnLxH_wa$|$o&1^spvCk{ z_p>v}(4}eF=SF!X&T8V*Xjp2~wn2?bQDFj##io;>v52|~RYvm)O{$10HpuC0wM^z0 z&ksDM@U|K-iB7DUYLyv`WQ-VQ?_!~)ykg|i$Po2+LKQ{cFFs!1^p}m+r#dWv5XO`O zd^J_30wl{%zpt`C*G{4Mcx?$_PJ44Gd_XOQk5=WOc)F#@-^?+APDlH3q48J7yicJ) zkw*$G$iiJ0Vm~EE+gA%N(4<0>*Jn@+59O~Etx9&(rCUi~@knG%Hs{J6Tci$iN~UR- zLrTi7BKYHRd@5m9db#4Cr83Pbi62XplHY% zbUvy~RH%#X^w6#ux8D~5&I&!n1M3Q+Dd-H6+(liC@R@;smkefG+Bl7~AGOL|&m03T z9NP;aX()OQ3*CZWki)7{Xtd>#+)A~r!lx0! zLexvdDn-dOjabWGU;*7=o1P^~(sT5L_!Jshd8DKg7F(Syz|iDhHf56=>;ERl(1jN~ zH0pm=_D(@Bk%7G~J~<2Y1d#zu{N&)izgL0C{Yue$bOe!3Ro1A;yAu%fItJ)3sI%{e z_unzvZ2yM3)S@C0NB(CPRxmNZrZU#OUpcN8N?niI6{vYjoIvqVGg3S$cUYDucKQ}Mp-VgyaXN~f5E_B?!2FARAW+0SbgBJcSkl) zCnnGItHeX*;rb_dq**>C3EhHm5zJ1HkgWsEqD)CApJyyoVEWbB{QJbGq47J(=R`Rq zn#_U|t|K;tWsG*0kF0c3#L4KjUs5F^cfL_#4j0>1zOfpzBSw||GFP|wQYlKTF==6B zc|iF@wA%+RTC%g}6hO?copDhQ<*O8pp4Vr%{+PqHbJbY7ZG)fB6{WKJSy-;05jPk{ z#OT?y?>$N(GBoQWAP~Ip-G-&FCH8Z!BjtVJ@H^vzSIvTBAV>XK1rkoEYkIYK^r=5= z+{igdeDVD{T8S^%j(K<}LaN|JGcDRdO_ zC_9BmyNVPny==pv())fe82pY7o6rP%_gKw;I|=GvNWsF7U(FSz#b2N+g*SZ{*1l~N z!Nu_Rm{tcO>ZbK?w}87}Gs~2T9H%Vn+Nn=)ko8ZAGG8iIs0I=cDWd}|d+yzDM*dLS z34J(go+#&cR)KC69#j!b_pE=M;KVfexwt$#ZfK&_RNm|w+E>?Hq-{mP#>IT4ayfH= z!ODMka2nsJHTZEjJwZZ;2TjM04A!=)89=%GIlxV&-{v|yJ^XQU00?+4pi!Fmdu~t{ zA{v_tJ2^peb#s8dst<;5T>R5T@=vHPgw4{e@^}WN2*0&351oi)qofz)@$5?1L~Fh9 zu*+=RYCWhx|M3IAOEe&&{EOiz0Ubp@gd4ECMw;R~(heEPBl8*+&`zu*pJGphjM>Wd z2!YPWwjx0bXCc9i=@*RTB>9b{^-DUu2!_yO9wfGSG`z1LHTi#uX#o=&EPFFg*jN-N zOJMVhPHj+?)wZRn_MmF4s+cF@eS66F8o0JGx2CFZk~`DOoh_c*Q-g?75V)a;1l@yz zQVBm?Gta^{K}ag+O6k%<`2e&S6MXcvBZI%fsC1HoHK_bR_E4afI#(hO5v@vTR(%uk za~@b9c0KWXDz0G$XCyJAerg6N{!ui&RA7xZG4@7vA>B71OY>AF+m0X^_hs2w6u`zlrCMN^2g8Y5?{XMUIqx>Q}DZ8q580shv z;i3*pj3mpEg*4md@s2L{Q@DQn+Eh{;-k`#l8sSt7KM>2_@CEu@S={eV5EaOtK7N zOGeGH$!msCbZ$inL1)4!^lMOjHQ^;}iHNIQjcmvKyC0adn5$)2mJp0sewQ@Id|qs> zWnusP=?yX#fvb5ifU)zEn9Php-YMTSu;#7Yrl}0JSj$dVoc;Pf% zX9|{Ny8b?(EP2c(D}E361AH;pyW(aH;>8BGop>|9M&9ZCw*c?w6UZ3km_EToWC}D) z`L;F5@}%*gQptaq@jpwalbM-ykWsC;z8cw{r%!#yN|5$g3cP)?-qmRJ^3_!wI5c{6;S98| ze}xVVJ)ac57#%czN0~kV&Q6NF@UaC>ia zEvr0P#)Pd=CE3F@v+QBZq15}vGA$b#VI3o7slcBb0e*|7JY7CtelbMVbvjdcIlXjy zkYh)jA|(=&Jb#8EPGo)(+@v@V@im6SqsLrYp`U`3JCC9 zhJT&*JCeK@C@gjz#8E24H`G6t^gpMBH$87#cZ5~T@PI)H*1YpI5YqbSx2nIy-^tAg z{-E#+p!Xo$hmU^^9c%BPB%iJmnH)K1YdZXQVl2GK6!jW-?d8uCLlFduqEMkzyWEhn zsIJ;SpTCY*M2U2%zUNVe-BKM+(!^O2sd;@fmIS-SoM1~nP;RXNhnK+JFZgjq=f*-l zst!n*SU7Xq?;JB+ctB=J2En#oe5;Wu{0>{Qh|MvZ0j%KF=3DI`Y9PpLEoC+){irug*Vm|)FB0uQ;tP&BSy%VymabpYEKcIqREX=W*|pvOY!?SMiXu7c zFJZHz!1ayNA4t(II-Ad5$fB(mwH9;EM$dk^S)e$g6v2zuE3VNrN4{ch`S#lEtvi$0 zUDly}X(ZPL5^U3-^&%*2`)BU}1y0W_CXMN|7;Yow#?}vKf>=QAqs(e|5K}w7f7K@~ ze?oND2lwf{j?1^$rYLhJ>*{1yRw=ImP~Vz?woduPnay&XnI#u*bc3$Oa=%%gP;z#w z5J{*Ic&N*-vlDxvrjpIsC*quuZF7BoC}7mjuh7t2PUXjqUr*5psc&ZiwugvGzOLWL zTaMi6momcSdd53`)g#a3KcM1=!*LCZ3zZaqa+W(^jXfs9OWcpo_@(A3ogih$juxSsAWMXdr<8G5TkCka*=hz<0Y& zZ2KZ%{w74HjZ87MOc5fw;bt${vPju2g$$CEn+50}(4b@lo-=cliD=xq7bthMp$R^7 zOtDR1f$T%Sn+TK9iD_VY6i9cFiZ208>HD$0!ZN2*?#U{s&**}kPnkE5Q4Ps01yJmA zm{U-JIDw7zOFa?6lBOP)Q|zXc zHC+KyIms;*p_B<^uf}e5-Q=O$-41fOH6QC!QGazS2y9bI+B%Hka0_WFkpzn>IfC}e zEF1ClSiV|OYkY7k@M`nS1hvxnQaIPqSW#%~xE6%Bi%0!=P$O|IU@&TT~86vn8>r&{OoX_`1hac%b4KP4_4v_h7k{^^kP z@PMJggtes_bD{QD89GI`>ybr(PAFMx(1LG|;`EDT75T{8uiPtLr?|<#Y0uSuY3CVW zP)gVa;9uXY+`jLY8v28wal9s)>wK>1z?lVutQl6PA?1Xgh|Wq%?g-GoJsKm=q^x$x z6gm3G$VWAPtO6tg0LKnru4rC*g8su*S<0`!hR9+CPT_Yvkoc^laV zw3_p&>I*ALb8UkAFAAdNs&sxRvfaX3&CE$>!F#M)xY~-)9=}RY=Ypx8NhZtdS&!ci z6`*i&96nW)Em2JWY=ZGO@NF6y&s*sx5TO5-)<`&s>Kjp_fXd-Ql?t3UdLBnO6znTiEIkDYR`)$EOAsjJhBRfi!!g< z+@00{FoyDQeE)(fpQ^~Vl@eQB<1cj6uVzP|$tqG^n&3(IR}GLNF)M6c3iA5es&IU% z&ALpF2+1n+T$(<_5&kv6ym(tM;Zyb7#^gQ>+qdKD=^)Ovh9^8HNrZ=`Si zAwYFEwM!okC0tslN(we70Q&4(g-hh;W}8`Jieg5Y2;7#v5>14Ph@k`vW#3fO_XSd1 zd$D|ukqVJoT(B1U93=8x+x~ve(#%t35TaINga35GQrhsnsVIJu$zx<69PrPEGc$le+D+*DLmJ^~ zuMBdSQ4WEpt9D@*A3MQsG+8aghDx)=#Bx22%3#^<0;_2z)h6rg>jMFV$c_TKDJE4s zYtZ{;Vh5e3pFiK*q1VE5hhcreh#V>?n_)85IE3oyhQ$i39iy%m48siH57#_dvQ3;S zD>OxDJygHj5LA5eh?ELf#X35vf%o#-%z%q|?Q%?rfmWCmYp+-Q6v_cXbw7JKFzqIK zRUb)K5~x>^-#KwJx?{*BhwIr|gFsZ8%;;KwoTew42qDP=ZtUDOi_!K34X`V7+Ja=0 zz8d&jKjZvROXQJ##AW}4t9&=dne2LR9l%c=rPaUn&TDMo{>19wz@VW4^bI5u%??}D z(tB~?@50RQbDz+Q2_lOZD@LEZ@Wt4B;T^-y&@iKymkt#Lz>e4)A9OD};NNvFrTUvR z|NL=~k002q-p24T(V0myfYCglQnZ16u8xru?9gh%PAWxBqKHeXh!h-Bi{GTf2pI_; zRA(=Av==%esdNjgdQV21lAe04H#3MI_VrYY(3j|!|_}Lks%E>OdebIa}F>4 zC7v%FIMm%)=z}`$5R~-KwaiffRNOU9DvPzUq+^ta)Ii}8?~-=L{&pDh(x$}9=G63> zSB@*$#c1ADDeBUuBs6@`rDr)Bq=EQT1Ayw1?YoEtWCp{N1t?(_^w8L}5!f3hln+#2 zdL$`>QZI8q#4<;+mBVj?N$`KGnT)a~BqFFCXi}Z5mpxzSgG#YomZT_hX{d71B}?p8 zcUCQ1#Xo+D#fY>mhZj5LNiEv-JJx=W0AI9ODZ1RHG!#7^{mTG3K#2N6lL~pW?0FGM zZH6^OQ&37*kRUQfN5{OldFZYr8b?qHUl6AF3F1JAiN5*`-uz|!=M$9*F0~4h_}&V} z{TikgRa01opi~a5R!ZA9UP`}>;*I6n_9fZxi*m)7IzXSrL!j-Lfqr_Rulsp)94T2w=O&o@#`iY5>{; zNV8`BM3ddbRZt25Al_hE@S~5YXHVLpo-4IYi)}s1rs#IA$JI!c;TK}=30hB2FSu^yrCZIi(yT##{ z;%7p{3h&`jlw1Y87#i=Ob8M@>HQbA^*n2IiXfq|GwN4(4uNRSYnuBzjfPbN+vuEBs z-J@>-?N^TIJ~6fD2P?Sp6_N54@MdVdH=Pt+OPU1);l$!nWa0#bU(V+VHvGW)Zcha!f-$paL9S zI|@VS%L>pD2^>`I{WptvWbrgZ@iYP6!I-NH7`_IY?}bFnkhG}kOhe3D;aa6UXCQdm zsz^KNJQW&Re_AU(_cjN2j37g78@0|ZMZ1Bi|yc&qk5EKq(LH009;7hv6+ujpJ!jj zPt*`59CH_mbOGhn*CSIdQ5RTqw)R40Qa|zl5o*|eh5rjjo|?}Favt7AkygM15O`An ziW>#`1=aMD1?YpQ>kCD+a$!sGzkf!z|75};c9Dn)pKk)9A5NknR=_91@oKh%2T$se zJKcldDn)OAnA|K3Ozr50<7hXq_vsY|8<@~Z=c6M+s{d5C*oPMxm@9y=Q6UFT2A+f_BW!+h8|?3;rT!4 z44R^e@Mi0mW$@0gXfCpRnVuuj;3G6})&Al>W<&!o?M?Y?gjtq>aUet@#B+^nI^D3Q2z3S2dZ6d0Yto z)Cw=eDWfZUjR@6LAT4kG$2T&a3EgEmx-P-iH@^2p9-#o0) zl{Ngg{Qy%_> zphrwBPIc+zdJ~Ni#usb0s(pxM0d$KOD}lN;aFJ%(&vEDo2#fIW7aF zUsm;OU=CBE9KjXR&&uVoCYd%57w|*FTcM`uO)sMNJOIu)NVfc77lWDmeQiX;p>ouA8N!!! z*lGSjOOcH=_}w7x-@(9nzOc`iXZQIFp}*43^ta3hyLS&FTT@daV4$IuPO`HIUeJD} z5WXObBzcblrSh8KLXx(A3OYB=O4P=SAI_@K5jMOttadn?2DY)5!6q< znQ|Nk5qe56`K}!VJv;|pKRlfLOQ_zpxJskGo0qj2$vDlSmar_PYURgSJE(aMhe}g5vifd$Z{=C-byM zhGn*|yatRE0h!>s^X(OLwUssH1L~Lhdr16C8Ml8}Y$-wa!WIR)j>}D>?(D;z=PUGn zZP$l?eD1pbQ*M0|O4XAnEZ(r5HH!1?jJJdJb4X6L<*DauIy)&l<&TAa0P&Nlo$oKJ}ZN0PiGtD|CBCVNZN?YDq&*{Y>>!ex~qf4PLcaw{rDU(;; zKa3H7D_G+xMFWFwPKC_Q5G|BhwBF+_33ju4^!)Q?ZX=~j>HU9kpZ3|KdXazYm^F=tOefs^^0Wnt)t$Va0)-GuZBb z)1wgRua68V_BHeJyUK?8s!<(PjC;vm_2{U1vP@n#%#;^{Mu#SXhE2pB9y*`9?tBXB zJcA8d9D0n3xP782&nt=#Jb`<}VkCcboZ}N<+NRM%Yy=7;BE5uWz4}eWxnt`qZHM2eUWr|z6b;R8L({KNJ4^%aA4ro;viaZwHg}>GUdgzOk@j>{?)b_VS(xn@nLGUTS9%$NOx<2F510F$%cb0bfi) z##BV|$biB=oc=F&lq%>#DKkL}d2Ko?+g*)1+WD)ms^V{Ie&fdAlolb%>HJ<_=*>-p zl1N3USKDi+k~3rN`E@zWOp*8O;qP{Z$m3fVF>|(L+^EBQ?s$B;f3uiP8RUOCcNUkN zZ+t-CQ_il8Ap~oCo2HZw6%1mV*?ppnP@w<@K5y*m&<~t%3Hr5WB>+^h{hP~p?ej#^ zYpO@sgZLiKR$|V>>y3fl5BCwJJRKA;INyJ zH@x-A##oe;z^T)Pi;?7c`iZD9C{CW}1vs0c*XVo`w!xRXV-q9C`uM)6Le#=>^AqjI zW`eO4JtGj-brDvbQh#5R{6E3@${iA3?yP$4kkwrEr&ZC$^ zoOJH2Vccy0xjTnm2StA}tCvKvl?^Pxf)agYaov`3(B0W%~w z97W`f=yk^1{<2#ye~L9!xO5bnFK`Lh+4p@7QUB8s>x?1!On(itz0ZFjsU2r;JZmUN z{|_98Q0agfLq}K_kq^GGL)yH0Z10PzLbZGw+nLvql^6C6pexkdL{vh0O)Us8efw$` zw0{&xcqo~1e0e{4EK;u|Ul(zK7%VhXfs|E^pl>R4l$><@pQ^iGkNo!S{0NhLo=eq zv1(8U8~Zqh^qhn@Vjq^x0^H={8%r!j_7}O*hzr!wfUX=WjFvp+G8Qxy}L)nj_e2x|UP(S9|cAYq@6wMwI+{M7$uE4MPMH}o>l ze4x8yu1>BdJ;tD2!zvVS4?ADNii1o=niCso%t?6YS3hqNCYc4g;?<&>S&J*Vylb?n zbp4bL{uFMj-=26@(wi|r$+m!{ueYJTfUjjdmUV2FN^RuipU0;BUNnl0u|p5kPo$)4 zM-6jFv!+U2=?QJFt_YPv=`|eWrG>@}S;w;WB{9wfjbAm%!j|SFi%|NL8E?N7^H|lf zSt)&;Qwx}l<)Z5m#K}|o?e~$J-5ttie+3uy&qIIWIrJkg%xd}3lf|8z#a>@esIT^$ zrJ``HP^id%s@s3$W_5?M*v}O+uN(caCyg=c{`m0-4c1gD+q{*lU3djo$X?Ky~^U4>F4<|rSff1a_Gwm9CRF5E&X zYvJ6mwb$kKbtrqD{@9nn>^^RCw1VhkH9_W!Sf8;-;N?174fI2>Ga;zh7J5#!=!@;( z;S6MorTESJv4sv}Aybh7*W1aCjj*CkmjNB#>wR&!8Q?LDdk*_mhJpUx@aP?31(L4r z)w|Z)qA6nli67c$_&3?w4tURf@n|`KrJlvLhp@IuE4h8pjo40WZ<=k*X2X*8*a|q?{$t;FoqOd;>zn*$LX< zzB?qZ`o3_Re(GribMi)eRrP0HU^yCUREo~|uj)q1fxboyuSIN8nnY|v#R2XEVAqSk zapdD7A^}Med^$SCg2EX_Yv)hIq-;MV{%J-(hy=b4(%CFkyY*ly!mUd8`<~MoZf!~Giikd*yM=r zGU{y;&Dx)2PoQ7EiMw?@GK>yq$z$NLZz!Na?xN2ual>8)e@%4&a zrxQoRE|h9X`SR8K ze!qUm(dA~>KW%c#3NHbU2^II#na%zj13JK@*ZXDXe(0;#R-?Ly7#ywiTvP!5tfy4T z2|OEKF%)U4%;19Xp7bT49YG8=IPA=3*p-(E$kzcBeAtFmgN{?9gi(TV@G%x4oM|4V zF+Jj2kxMlBpWbC#%)VCbb29E#uU==eA$p2K+v;0estf)Eb^AUJ*j_XJx>AI9p-+0f zZP6|nyUbU~sw)Je;P7}CL7{)8WiOVl=XKbTqmD!(i~kD-%|@&|uYXrVp_aO73-Swu z@^bq-6#}3{V!G%7g_&4=(W>Md8=H#2$84c9K_C5J+zS1ZyC4;lzH9e42HZ5fN4axd3DHmSooht@z@0gSa!Ya3xZ3H(b#4?CC1yU42pLsy?P58I~wZLZFZ z&V)h&vOdCM5H6FG(_3HOWBqRS;Dy5#r$5mNBPwr$P}iaze4tu2p*BoHn6?w73?MVv zFqBI6cx3BphIAHRtqx`-!y+B6I(uJI9>_RDM9Ds!aR$BKmp}iqy=*?N{&b|Uf?^mg z@pK%b@ZGd7;nIWX_!C@oVR<_QVH!i;boY_Zra9R}N`CoQ%A}1=(1wc{Mz`lRr^xVh zT^Yn2H+6`6)`6twTfn2ntMglqG$>ik>r1wYPt8XjOR-->#wCV8fB(n5q3dl}+z2`n zSR5a5<-2{bljNLb&(VNC69tSiRmljXSs2YO`!`d;(1$+`1x5qlHlLWbtXu6IzP##? z{2^1T)Z`KxtR*c=KW zc@-eDlKWqI6AN0|dCjSLL(}K)=VwxoalT&4Xiv<~4KCAWBC}3gL(CsXW}yz3~y|HRAv+v`5|nd@ETKc zlDsHx{Df=;!alil%cSlKp}VKx%OkQ~Rk$U}n8gQY->&p?3o2gYwzn0J_mE#wP&^^P zl=8vQtqAtltKwYWZ9fR^{h#7-6be@j59A!hTKS9QT^bpMi~%>qx{C_8Fd0Qup&FT)u(g@sAXz*N_X;oOLzuUVN|+d7anF%H(qo2n!+KOY@=mlao)>_AstU zk_pcF7mH6gWPpR&SS$R&bg|Gg=z`iM6*ZoLr~Ugd0!g#{DDJA5j8Hb$51oB(_SzUr z<_~2tmkvi7HXBmJ;^{W1MplI~{fv*y4{jno6t52tySv-W2E;8VnDlk+XEf-A3M`>) zUz^G%=&|24IdP%~HI%<3dEsocOAb1fToMOo|tbFV_QA#_(q6S9#KDM zEVWJO{859rNvp*Pd|Kj;Xt)a%mP6Uj9WolC>*V4NR8(L=Q1S`xSMZjLQW>zBpl<{O z+iDSgL^BGe^%yX0Un2K=t=A=%ZLR04&EZ;SoqV~njG;a&#Uq~n57j8|_{1~5 z{W#=(yd%FRkCV|sp5O8uNwy6Vz1wUQiTzLC*xiRyJIuG+1s=JQI$QHKeH7waRO!E6 zYp;JKD$Bx+j6LE>CTx(ty3NL}Zmn^%&7v#r(cqyqj13)X&jeML96IYPQ`7wzWl+1( zAPmRK7YWp|$fo29lX`QyoqCIZt=IhSG0DuA7^6(Pd^yh9}9bFHth&-X~7tf!VBB;9)C$ z_j)Q5<=*eX^%{tRFnjGW_e_TGCUI2rj7w6_}ntuHFPyzl?RswOe*Qfm> z{&B0>A@AN%8cxaClKUr_EqSA{Hz(!$^T>-W+---4AeqoD*SWkrC8w*;dUT2g5-S}y za(Pae_-y|7b}?v9)p;Y=#3mlK*?%`Nr{~*v&#~kuZijY`&C@76 zMFM9RDJR$|qzAU8ddI>C26nRNkbgLEdUF^Z*m`}^Qo1M8ug#d7*7QRN{-@=gE1n6c%4n( z?K1Hjuz89XjbPfLr_jpTU{o1^`EF}d-W)>a4p=>%c8xJ~*uv>m689qL2U03wjk9&1 zTkl>U_Vy?hj|SKVjJI#vkWL(ku*dF76f~i%{Q;L~3&Uag!M0<=7)yXWv#!a<35F11 z@QP#yZwOa%!A)dwm&9Q2o}6&q zF7Fom7NEdjjCVC>?l~~mHyW-Cn!-3pW$N^QHxRG!09K8KUIqfS7yBqYR;I^Q^P?IBB3Bc z>h@Woo*{}46j~B91#L+Q!IP_3kySAdoBugsCd)wnbTcy1h_n@0a-78ktdeLgglC&F2fV zov@Nvqua8*yc4%R zt*7uo=5WaKV1U$C`~PDNfSch`@P$-4;xe(OM8+iF_TXOjx>)U&m43iD$WY2~qMVtq z6g%JP&%|^}Gv=#5TlI21UZ=}jamugSv}8Q=)|Wo8H_6+upjhN^C~)7^%3BRS{TvIE zR>^Mr(9o#wXe1l)lmD8__E?%9aWAtR%_yM8P@zy_)=VPr%dnMjn==rhAjk6{5_dDS zOCLMf?QAeOMCzi;lV{~y29t35vBRS~M`eH$XodLjHpV3cC-3tv@jqW7RInbcf5DR{ z&-u5*LzH$?XFP1y6b3jHeV&r1UNh`>NolrDA_AS}>89n`PEwse+CDkY%>}|QT%mI; z0#bevLeWJR1qznK`;>ot*!CmYXr&yhUqcWpZvh1lBZTKmpd#jL=e`oszQzramnKW; z=VuL$EFn^>+6VmDieD=$3#2yJc%2yCrTClaU3PDJG@KdzF~R_(NdE8_Ki_(TOGCOh zYU!*3UPTLMp+!=t5{RQ(^Fve`tG^)aA%<#N@54V24$NRdTe-u9O_E5WFZn7xAyQF_{6jiSjE`XtVE&sKr?JI=z32!#j6s`5mSHEv_p2qDft zw#aPH^G@fjWN#l;Kj^u&{5jVWp*GqY?NmeTQe#_3r5qFBGafvria<}lsf4%j8{?n^$l+dW) zx*WkpF2zSavn~c6G)i?j~Bds?u<9z@r3_7>hBfko;C&*rBv)DA3{94 zxcN1_hq|UFxu(XpuKct_iTf>@_**o_*fx^+5IjR|wD&%4a&csGv0*_Dc`V(ddhj*_ z8)gJ|)*bZ?(+<;RWYIBgbKFj&qrMPmn0xsy`nCszp)|P2u(Mbp`X|ev2)(lAa46EE z*pPwrQtggEn{u5HFV#K`tLr<&4DJhWG#_s?TIa`%uC;`i%bUZZNRMK}3ev*R;~%E> zv)Qma)?FITc(+2=P!icmcy%{?GdE2t<#LV@DN-QCK~^UUv^_x|SInf#GtGn>q2H`)E3&pC&tG1jd9D_w`! zKxT=~F<+e>f3Hw$Q~UL7F3tvQ|KSt*^LUVgY*=WxLuzE3euPz2^*uql5E)o#$Vz%y z9GLrM+PY=<-PPB4%%~CW=%`{_*A?0@8JuvLHhyl?7Jq@8{>!#b5L!F?)&dhlYw=`P z{5Mjd8|iM}Tw~9DB7Y&WK%wD8X7;H+WR$6Iv{YO;lPAJ>{Umhb1vyVmI!{drLAl~b z&%&Y2{86N*#=-XWc-{T->p>qfVqperhPJ1eAQw#+6VZ|7hYm^+yiG$*svO0j49ZPF z^Z{Tj%oFFwyUsESSYe;n6QEN-d>Kr$3O2hkTIPl!yJ`d9)RZE@5dz3pW z$&QmhR8$8*oI_xnD*GuJ!cGeld@B=CujMcjTs8rxehM0Niwv*P8qF^IS-a{vKqUQp zq`TUHyP8rhIM9ZQ@BP7F(>|;|D}!;`s>)7}{}K26 z{x5Owaqs$iN$>7ZFg7~&X7VcckZHqR$5#9F<$n7n1jJ;#%$m-cZ57}B!XY{hpxjOK z^-B|F`uB}LC$8br=E}sGHwzN)z@hy@upq$(eKGdFetQ0}aIkBCw7<%wOyRG`U2Ocn zl3fwy^=_-KrbqFdx9-21huOH-xV77`pdysk|44S}PB6)C>i?GP3jKg(|0CH|J&yJ~ zD?7@KT3mr4yh6)ihZ6}9vit~R{V$a>okKlKC%ca-7%D0k{) z`8PK!;TZC%!`}77|2gAryZ>pBC9|6di{ZGB?@n!3tvyTqiiL|Tj6cNqhuG~=C#-Ef z>P&XH;aKJRvSXZ8kiR3n1{)T&^8eB7{E7h3$LE_)+BrCbMz*)(@4qze3;Dp@Ss>}9 zT`!!}3hsI_?A<^=>$fc1ZifF=?L1(r-O0y>mzs#E3RiN5Hn_|^AB*%t;S6%+!WLV% z#Pf)28{x^G3>nz$J@;p~;3$!=<2#Eh+VsFjV@$kY*?Y<{I?10GSLe(7g^0M=6-;cA z{DH(O(+qr%NsW)$U=?u0!UVfuIxlHzR5VrTZXn%6(R6s}VDNPU{&&LhH<^qdc^LA; zZFsp4k@^*$AT{PYZ;xt%4sF~pXW6F9Pkzm}>({d%YN#s-khI_%>ZhJf)P3e~kP!53Q*XoVE9{+QC`%{tNGf4knjkYf*ya}9+o6hR zmk0k_q1D~S4uh9AmCO&DpbV*8txM{R-UrCS-%7_~hN0Qtj{CAkGpSv$AJ|RG2B~ta zQ%^B2V~n{sHD=Oa}f(H)-)euCp`dh@EMyOh0P>L%-iJ;c$Py&AeJCakvfW@^)_vs-wlqRy3w=Wm=}>6o}8H zoup39+z^+-*uf!&pa?8e|EoZU%6X4!ewh-P*1F^LLgHd_3Fu^aHF@?+0F~LD3qn*C-csC&+eG3V-cA z%g%Bd^FN*vQ`uPW6w>|rcsohq@7&$J;hOH)5t&L${>Rf67Pnr5_UIV4F z0-m>3q32-~D=xR(1O%)-Fp? zxR_{HP*YnKnE-2Zk-mXd8JqpL8fXPDD>X8~j|!_0km&LindPh-^DLIde|A`JDr7=+YF8|B<%|Ja?j-g~_|I3GM~ zk+^O^(O!i1;UhD_ZM&V%iZOpio;*nw+k>JZ|0I^&-GJ_?=0PX@Z?qRyf;+BbA3Yy} zZhWCP!n2XA%qdv^G6NfC7rDJ(ntt^vf%^(>Ici)6ODG7j52O4DF2tVn_of*eXDaT8 za=JA6(7}F9p%WHz%sTohh6Z4k6P#E@lx3eL{Rs=M)aJ-HDlrTm?u+A#irP+d&sbhf1gT$Mh{=2 zFgWzxF4iAUs@5kXIs(+xkG@p>6>jx{!9Vv)!}9m;7pSQ-ao5|OmDF0(DIn`gW$n=ORvOI$mNn4PWrGosV#yS!HZiwRBAR$8KgjSs(sp$PQ zB-0+n>lfrI2<1GIMD9Z!>ffQHu~_=f@i}o8IpaRu3t#!&d)%Cj?XqvjJc}pRxi6&% ze#YvL-J$!>UeT<8YjZWtE?}?`Wf4n|uM*3B#sxGMzKrTCRZftYGD~3A1!mcI&4+YN z#BUw)yB^8@&8&*GzY-Sh@AB8 zyzzy{m^qi-_Z(kL?Sa!X7W^^e|a=-V|nAf~6y_(_T!-EvmdrfF0D-TKFSo{n$i$DxK^kJ^Kc8@}#a9Gy|3u%$i=Zw2E?n(dO@6wky*QUm z4HVmYycb`d(Q_ej_yq$^V5D3NNe0^lhLs3$s8M zhfI;(F`g=bzkDl#cJJ8n%$)P-p7_25zfP&DTH7=2*sFC&!uhx zS?B=wG;bWt>ea2q`pE^e9YOHmEVW}5m?4pFg9N&p6|~~z(vQ^h0YS*!P&{YWKGoKP zO+o;P80{zKoaP@ZLi$duA9ZQA^Ar<80MAUFVSl##L%c!&ml*B7U#HiA2@>gYNNXJT z1LH#8?2@)by+|M$GPnND(B%(@$Fss>wpg-yykfdmFCM+PUVG_8}!ryZF}wGHkQG|tk`1n@`1IFl6%=S?Nv=PMjSK3W~h%Gn@iwG-x zCkt@vbhTz_%k&TQbatqS1WWbU_G~Tv*Ime~^vDU9SxfFYSXiq(SB^=YZNfgfa7F|x zkt5lJy=-;G2lxS*P(zt;QNyTcfOIswk~lo^fVv-Ba#;2eK;!Ad*QmUnVOpkI_ zN1XYN$12ZhEAPyjcij17i9)vUQre+=284$p-}X&Th{O263q=Q#(ODqv3?N5)244Q$ zZr*fJ`YF_Lb~u&)paUx%3e?FPW;jWNMcjIsn}{_jRF*%L%jK|^*F387fC{rXo{0uBvP}~Q+-y|YI6-nBlze4*#N>47=S6TmILllx0`0l5qot62X!Sg zJQc4)0+RY4_`N@V8yza6UMfdFD32k2!)3(%XX?iZn}8Pl7uakZ-Hcax0}ym9Y*^0! zEt)(rwJ$hLJiC^i^>i}A*ywzk>aWe4W>`($y2=s!IIx)=POk&_sUui zriF$09X5@EGl?4O=AbqrInVc8{NxvIUA+ldsrH%EFp(r@;voe22y&<3t{&;GKH#pd zR6ECOt~2REP?*B_V;9ZU83CIwUJ^@AiE%er(ECU=v>c=BINkYEm!9NIv{*Amp+dZf zT%3AnoVt<+zU*a_yy2X`KxUDTBK=@;v{5FL`dC;ZDnG2LWtlT~JQtZa6~<$;7a97M z)oQds`43nZNIR+oJ1&0;dlK3+Sf%#Ox7zS^E5F|q$Uk_EGAqg;{xllu^BfSW&Rn3* zOq6E#Ar3WLxVJb3%sbDWQz2U}G(1<)r$8O0fD^4yr>AMKTDH{oPoIV1DX{MgGm$6D zfJjr{n3^i&1+v$fIbEo1q^g&>yS5Y1jBQ(V&zj%4W5jjp>I!@ie z4d2`itY1X0E-svQAcMkGbf=J_9+{#(kfIJK)r=HLTVdZA?~$llJ1pN|zGv1`HPfp^ z`nGdL|9w4%Nn(6?iK;E2(A0IOS)_*<=OO=n0&}CWC7i89^>aqpv>VNR2b)dQRMrg464#o zi^`aH#qYLD)o&)T*eeAXj0Z~1xX_wjibHOsW$qcy3R!JFNThD+FD9X$2<>w#Q zS62~y(<)z#H@dKk-b0*&xG`o#<6B8DRkAKrvZ4aF*xN(MM$&SMDKX)9Wb6>6Z2ud7 zz%qg>{ENStVwbRe?KfA!AX#O^@~vD4FS+mSrGMAlNG5b36AGC6jY;_SE{rrm)#1bR ziFHS_w9Nk9Lv}V?gT*avf)R`$&=vK2zT<+*)j*|dpa7rLmc6@%;x=G2Ah(k6Q>sV@ zku8F;ExfTU(L;F@O6#*SEV@M5?Gt&VBRv7?s~~3utY&I(gYJVH;Tm^2@2jP|LRe}8 zS3Pu*KKA94^2?{m9pg(KtZXIYmm*~MQ^jBPQRa=SG+RMBv?z*rD2kuub)Wy>9zaq2 zia>uqvG<1QER*W#X6foK5B4qhE&xjuf3r+NwCmQ{7ZhIrR@ZKB9w-C>5f!WSudtrqz4=jqd$h8@{A*l2aREbMl)jfK_%gle~4UbXr zvw)t&Ei4wiu`OK&lEwf@^Pp~8*52>;`#D6ioWQVi_N4J{fK zEoJy*J3mcsftDych4xLZE$;%$`3&+84*o_)7lAY@O$v0vO)>*5OX%OooJ3{rr@2;o zCKcIlTn2if08DML&!jBnRmk(LgQJ8RxZ&|Z@W-U<uIn_Q;{Waw*t}P zpiVOfpc0Yg+!5eT93Z@IG7oF{KKAR8uahUM8e;37RB{n$Kwj`hFZfm>*)GVd=*Fe(&x}GjsX|XRH#+iPGEE zh;}wV_HJ24P2W-{Zl6I`Go3**-6OwUf6lgxG9ulG_yRjevE#z9_x5RbA?%=xOh#Jz z9Cj?~Ji`f@wR4-cbEC~Qtpz2MFA*KqzGywbFEiiM;K#N>4G{~N#9DG4O%$q8r? zTL~8DR2Jtvg^zA(#;PJy+`m3N@i4x5EIin8VqX{by~-wU^N%4yGM46=10?C$Zv%PT zXhL^G_FyGVdFv*`cX9p zFRfdaNB*4tTn$f4*d`wJVk27Hg8o{_XLVzW{O%`~ddDp_i@8t_$G-_L#ZfQCdOIx( z=&OS8b+rzIaK0XMk-E2}DCoP$d?ldPwvD_nDXMG+s%#Iq!vGCJ%r@7oR@ddh?B_{6 z{+(&tt!Z1Lz-ke+mUjFxthxEBnO8aY^jzz1yl5Qa+5JYa=;CsyHlI)S3m^D~Rfl*! zuvLB8*dDzF`AZ4tTYI*R$eQLeIKj^R1!y67N;B8wBi!cxUPX3p$t=A> z@!FsK96P=QCB8(@s}n@2W5X08H$-eO(8X_&FEG;!jLmK`ktHpRgdx22qYtk32tJy>R*g~w+IoILt1h(NS z(ve-P_>#MQERhHla{)6}J0kPCR8u>34l!9QaN~Z*;@D~bD!&b|NfB(1MGNc`vm^TF z++ttjowrs9H8P2W$SXtSPid5!?~A?ckAH?0`TQ&)D*Pc&nEGBv*qD#E`+^h`9Ro$X z3{*R|5WbzZ=K8G89{|h2-nv(qAxodeA2K-N-vGOPM|B_960I-MCG+AjB@8ho9;U+gHuZ_qWl_^*Ait@# z;xEwb)hky2eUa*Yue^Txz7h`{Q3JHVm8A@orR$%xHEFdq@w7ENY708v#o9x{?Fz!} z2zlJV4;G15{eur{^EQ{RYzhJ~W9pEt57(5nV(Gy9bTO7#(}bI{sGBl9$n@&~2a+RCxtk{3n2W{^p4utaMj1!xPwHI{ z?_wj3Gr`4b4<~ZDIbxnz`8n~4vl(!81oTdB8PwhIfcMkCq%uBarbOb;;HPNgcV-D3 zc99%*hM}_y@3BKJRHQCcwu1xDXx?#-oN^DGaswPo=-$=cls1iQTV;`@+xm1@h6MP! zN??46wqk6~{xvU296~(cL)zyF_$cTZ97sy^;u;UYipmX-%pC&0te%1r{e7NZ)ULPJ&Ne(Tl4LOwWii0Q zq(^|mg?o^YmGR55)ob&?Oh7-Mu=rRR^;ns++7|u(!>v`1lqd)32j*`DQ4)^j)Q;uO&KiO5txzt@!Y|5(!c<--Gw7wuNF~cii4>ar z8$uH_r4lr^gCS=NtmG3gsQg7KY@w82Qg6SzB^o(ISX)Y1dwZ*{+3CBZw_?LK(ds)> zLuoplZJM@!gy`5qKxtnd!1A%v@PD56(rwTYu9Oh2q!zAp-Zb^J585*#nfS0<_PoBD zb9m<(ER|G6omAzV=-^4o;(uA=DkK>j(dwPx`Z3rADD$W5hY)1S9#iWuUD1<;W>Ticl22o3~<^fkYvs|<;ZWI zf!{oU;xkNb|}f7WP5m1m*Z0gQVsUiX)5SG7Q!hh{3$7+jZV9t zh{)$)FO2VA7-$2>_MM)WFW)bWq%Mpa@VwX$mlm!+Z24ns`eUG-cXaGyh2D_{-(_V> z`XWwKYAH|Y%!fGPBr?>0yzS{{*tAtq7~lLig-Zx4S+9)E>D{0blZ@ULlT zN)C@#8jqJX>)XW$GF*4~yY6Ddpqh(HV?*9FxQUvRW}Mls@R=?vv4eFXM=~%Ry8l|_ zPh+W{#tk}CH9aVjV>Q%cHIFKJFQkwc(t?+)F7*Hm*i9{9@(Xj%+tOkzGCVH=Jg+Yt z-1%iY&SQ7@L$?*X-$u|KsuV-;ZB}-lk3oYDF&9q3Vl8&p<|#qA(!e|q+c$To79GbyLPA`SY zEe{_T6VL2!#oZ}w2$-*%lm*6MqHg!-s3D}8THLfHo#9<~TgKXiEB&de@W{{-gp0N1 zG;ORBUk1_`zT0!b%4gv2sul3+<)NX{Qr3N0{=hE#p>56Z``@0IyB=6tTcHCXC}tnn zJq~4+N!~iA^#2rNOyyH%md;V~904VSii_y|(=wg9nSDL*@_4ls4e-p|#XQRaQLP=E z^EnM$Hym7gW*=Ny;1XvyKN zZK3DIKXj!nxdm!BYZZ)G(HL}daKVWz_$cqQM%*)Y?##1}6G3tH2dtjIo#qZ`Hn8?* zy|My1V{=4ALNzo8uZ zPx@9j-KqWD)*KDrc44KfZNGdb@PAaZy#@nj&R%ZJ2uMBt$Rt+UVrS&AVdaaQNO>U$OOM=5L?5~w}iVQ!~5sB$NR%K zRhej7@ynmBQ(uLoClDtB8QPnD`J-u`6`QfgP%y*n9^R*3yisT8#IuLGe7DZ$3eYA9 zJOD-%U1*|AvxN45Xavr15<8`LFt!0lkl-bEK@lc2^s)BfV>J)vU4gCM@GrcW8?)ce z=jZnJg=)HCwjfG%I~4WfZ^Y`4o|d(tauKcP{R{S<|9 z|6A+T0{@poaPr(@%bOfrI_p22uh;3XH#a~7{tHs;9@0PlypFJnqEnZc?msrmuEcC# z|FH#DvFDSL^vpk;(q0N0QW(d+8mtAJa-}X`A9fF6RPJCQ+@;EEzF*YDZNe7FOKh*r zISbOiW~*O_aqYtIPM>)FoX60c~iv*Bez@d-}QJ1 za6!+azv3kV6%C4Uu2OrIjk@8ff8V{SvY;rP7BZXmsW;1uC2GSK_);^HYJwq>I@7>% z@aEZ$Te(+a_Ah(k>Vqe}uDwdpolsTdy(_&gi%RNMrR3vGHNyC6+1Q%a&e^d-c~gP` z#wPhk?HY~C_6iRW%N4uiBb8B}pocbz?}dE0*Y~l0z4=WxVR(~C-c*MMmgW|J1g39; zyO!?rU-DDKRdj2VcbBW}PK(2A-R!XtbX}F{7ptS~%lzhzjE&l?w=3M7vvYt;lC8US z96yfgL6%G3=~|ppi1ufj9#Y>QXP2!mX`P;YY6Y#kmepoB1DSQ6Z@%cNDIpG4`Ws=&ayFEG=M{1;_o2zUfzOC~ zp6sKUp((Vll<(g4Dp;{tSj}^~rd;9?2=fxaI*QZ$_y0P^=qDl|o2J!^Sg;(scEmou zIlgIMdM^3(t>7|u$9;i$gRT18u3}nFR0@|r+hT{SR`FJ73jMC`31Ob!+ht1&)6n9t zU=sdKm7tMgv`%R6p_AUCoAQO{P>5OHn6kzM_Nekp(~%IH)_q6kpuQUm5KAixkc=G6 zz{2O0zx;CNRZrOZ9K$9pr>XtVSL>0D()#t@%ZKy2^0gUux8-cu-~8xy!!A$x{{HD4 z|}kt$*)**a^3QJ%fXUqSNJGYrm{sC!Y6&@ zT$9{*hdBj+CqmOD|2f7T;vo8Qa=%ceLgw?m>}(+uKaz`Q~Z?&A-L zMwuYnLOL3~U0q}+X&Y=PnLBqQ*gm!Q_V6%mlj5toQZ*QN<7HatQP*Hb^wXCe%Xd~+ zHw8L`K7AE=n%BrO`0CImSy{XtsQub|4upQ4VAFO|b>jG=-?D7vIEG@R(^)neCa2<9 z2XikU-v`k2w#{Dz1f$K}E>|WHDGad1JFT~boZhqPox!k1LK#=^_6p_TyWNXUwVNq3 zWHr2=>=9_!)e3vyhAHd0abve7t8sX0i|h^A=KkxwIucTgVW(+WIb@CoA;ch_jj(q4 z_Pip4AwK97t>N2wLq+v_6i4$(Sv4J&+dzvd9;c7Y2juKBs|N&1`S-r(ED zZa(UhG2MU4BQ`f@R(=7`Z0aBNksm$j)37%6n4drr+S*y5m90}itHsGe#m&*l)11U^?*gCWl4ni( zyP&V1*s693-?xbEz(xCeOPv|#e$2b^6iN&u8}IqY`@rf;G}%lv{gmFePBJ}J-Eir! zj6V&tT$Eq%G}XXnaWBdDf848;Rc2nl_&T$8v}>`Nu=$OYnA3VY?WJ}O1F&wj2QoYP zu9eoW*>BLlivOWcS$}URbZMw$Rp{WAHp%$maSHt#z+_Ry=U8e#SUug-mY3BoTp{dA zs`t{9-3YTM@NVn!*i@&QsHK|gr_tl#>8V3Auf*0hM#skn37j>~7~kf#+;4xvvU=S@ zi6{0Z;x?46uQh*?3BAJ-EfszU@+90nq(+}W(%qH-Qat;ee+>FSp-JKO>*g2dzF-?? zRV#8xbmbP*UGGp5LV)#)9gC$$`0t}-S33%3L&VC+r!T+E8B>S9crofk6`1n5z#EB{ zb^7&PUwvc?UEzn@&(@q0TCxssfOq68TXn=O9ddpwvm-kRyfQtraDpb>VxT;%K(1O) zK7$tA;+pxSi;9@>N0nnIyK8;thP?W>!1!|b-)Aq6)2G90jJpLA9aS%ylNi3$k0hG2(RLy>0M8Ic3N@Nra&X@Su%t174-9S6lV8P>6Mo3s;px7LBQd$ z?BA+57AN;c6(@Iub=VSZSz)I^vf<^T`S}CE-=FVr`0EPCqR20Q606`nGjoqN+0eSb zBA3C1V*JfUSNXl9ojk)$5YoN*rbBA)*6 ze$Af(NsCAg9%P2%w&a-XT&3aqBV*X{-syqWV;fg6hU%o=Q}bVQ?@ zr)cpVuqf+^XuX}9YgBYS&6M3EJmux^o({_mMPz38@#vI0x&1rop>^03%D_`1s+ReE z7I5Yjg5urud6-v{f%<44vXFeK|MZqm$3^@xa)Tl|ruh74^{#cvzoPaosK z!?bC2gh$JU%}s{j=f!}Z5Yl05#4G1SzfN~&D+9ylf+RbKT!PhM;Qi9~TXFUl$t#Xb z;ZD z0BD9c^c{1-JDB9p#3vM!JjL^Esa!|d-oH{rS>c%0X!5`(iUeXflP7-kAZ*UEgUSq# zRwiyi4U2R#j$(os%2A)!-2_Z%j-aa}V5l3~&1kEGl}VnYw~&~L_)A|8W#|%U7!q70 zzI%8ROWnoOJjA0)zv&6Ztlc*1330FXq)|*HP(Y9=AsH`u68ohzmF( zBzzx3H$LS{KE>0##G73O($znU;IlxUnEIZWh!(9sAi-zjQ~Tm4FZGj6-r4A&&Wc9= z5gkLkztoPvG^~QF!N2;B4;PG|jE(=6m8pY@A`y)(5j~2GdqDiRGt7?)7(_KlhXC6! zNX*FZ)urF7`wqe}@4zv`!!tABFl{u(JjL1r-pcuh(LXAisUH{W>_+g({>qW}KjEhRZdsFLy_L**TQNYh{pqEr{}3_h;~30XHd3{Lv)=qr7h$i^AoDK zSagtBwEW8^O74$jn>$yF6*usp47)5bWs^=^yktT=O;WsBfnSFCVKseo!Q=2`hti$D6OS}jsJ*d$6V8i# ze~=wZ(8W0>DnO7GAsL1=mi%Q|Jkk1G(rZSzIQnCSPO$ zbr^PIIDs?GC1(k|S7D{y4JK)#WTb7C!)cRin*pxBZx!BbzvMdJ$(**7 z%5o(#a3xwLMP0FtxAu1{)DYTws2a`3EtEKkE{4CJ$x(X)%f)W6E-y0A6&2XjPN%WwO@BA<)B%(+A zR}Sy5oGYBHfjryV3o<_xfgcL^HH%qHmQ9iv-3Zof?5|*p{X?z%hngH&sF8wcRqLiJ z0FkzHA3DMY9bkhhIjZ&GwR~t=kfVi4(?XRaz?yibNK&M3y}A7KXL2`v$3iWEQ{V@*vKY_He**)$@WJ4OE&23cyvH zGw_ZtO1`Edd{I}Vt(3#7l>2N7geQOhQ6oVK5~T#mw4ez;fr=yQNoVOw`_!<~#In*T zv(ijj;OzcLOU%-|mNg&Ue<^+oYve88j{ zy-p#kRv`bn`lTV;GjlPL3mVD=1*E9;LzUgE(e|0$1LSz2(!5Zmdf294SY5|`=dY$| zkQ>{D3+7G&b0>lu!G^#8AxV=aGLR-(K_k7SI#5uj)4d{((Jb(6&G2lAevBB9w0D=f z_Myf0ne_2MW4UKzxsx3sdTxaxt0q)ia(G*EpK)Zlc=|mg7e+Xs0~}DLa2yo^Tf?9U z8s!O^Q!~OQr?dnWNR$c$PU>v^(aK&H3btw19`l(XYWJn#wk66h zbG98qPcq{)F3zZ#Jy?sy=pJ+pbIfK^S_Yb45x%9hv1l<{+X_hRrfZYGT~yo)@1bW4 zJ7;qz9}gVM=uhYwPAt_6H4H=Ytr_={t+;X@)-=f&s*bq3>RQq^E;8uQQIOG!GIdKK zg>7UNI!e%anAdBtL+7zCc^a=TpSw4o8xM0(!_+?~THH)Pk2mdL_=juiu}_m%x)ax< z1GTCGo~lAekotPVT5_NQ%m3pIBncQw~n}N)I$`eyAK-$Vy(#n>B3!M99p2IX@w2c!~aXwmt z_FXS4NG}Uz;)s5Q&!3&K0{xg>^rcDo)pvpbi7K=Ys)SD{3l~M+`B2-rcag!2E*_at zlsQmI@m}3%N)zjK(KC5zW!2MLiAaWAdKRh_O(=_o)pE!VMbV$->wvuMH47gy= zeSm+X_){vwQ>qoTra4)Qg%-Ys8?L4i&1?Q&KWb7HcOtBrs6N%R50R^yo3pwR>^z8F z!-2Se_`K!*Vf{{wV#f0-L?^~A%I2lhH|gOT$~S)2oQXhwZ`dICnP`?>-9FrlRoRQR zOGh|OMmUW@IBjpMPFLz|WW(?60DSDe?@3IaA^^OW7`_uRr!7??Dmvpa2e?gkPyw74cRTJN_Dd*Q_+F`Y&PnUlQ+$v5oK`A?l1D}}Zs~>j zsM=Qz-0sYYp^{y`T&hePzh0>1XLCeCxk8~_fRwZrUXR4zpqxqd^lM~{f)@1rmKe0I z`F3i~k#VkpaV~&S+Wp8nPW%eO&#m-|!9w<_?Af;3*B=s8>C{x|rtocE`YS5*?L3kT z@1oMxW3Gnj-b9_Lk(PAA|LBCnrbw*x-{8s+C$nRB->=A$KSBCM$A4gORiblNq9>aU zHU>PFodzkvybd1^y{~bqTQArHGB8~RbI+pgt%FG!AZ`UGTq!v~rW>zFb zpDXI{s~P1wT_{ENd*gDD+VsO)^}|Q!lbG9_AN-g_{YZBlNVXhEh^)sAur}ofr~<~Z z1IAk~3{J@yA@(E%_9OsM#qc3W+czkbv@fIxLy$=TdOs4dlptvb#-6l9p0qTy0XQL^ zmgMuQzxdfAzwwGtF0}ndrK%Xmt{88Hv1jKT zbdDr6jwD3RVCvtLLqz+Bz#CZG(S?(W%A4QS$r4)G&w~TxeAvp_;85p>)*h=_G_n~A zJ;7Y9anZW_qoc<1Xoo|R3Te~|Y0hf(2zHgeM}0DW#47A_qZZmNEW1%OVhvH*WPJ_j zy$vyFIfHr);w$sZB4uRc~l; z68DIar#o_rD|CwM`-~o}=*b@EWUSRh2R)x+Jv}-sF8V=xXs~7Lr^1=+qrP9OT*HWw zZ#v=yQNv?+-Kz$7mLIXdzH}k$7+{VG>$PwRc)0?;q)TOqz>KfeVZgpqFibW{@Ux8c zvozePAZJy*(UY#_0t6E*qAhk-XezlGN<+8+G^vIYwomz90%=2VBdJ^isa%HDDRy<9 z#S$hd)FvsL@P*Au&fDbq1AG;Nbw=tcVU^5MmCV~_%1utl z31pU$WR`}jOyQ~?Lh^`G#z0}F?JbGXmVnGz>?_rv7)GfW#(oRoL7yKU{OaaG*o;!x zjQyefUm49$5B(Cggpaj|n%vvde&bSAj$&7ia+oTcrotnq>ayL0A~`<6!QUvB;(rV1ds~J--HVg`EcMD{9i;U93Zrf`;ibv`22kG!p#^o5C;z5iVZdI`-5d<2XjM{A9s`Qk{r+z9h9h&lryUV1Q;OPOW1>)$*5@t5lJyTPJJ4=|w0~{=hG@U*`a|pY0sP!+85E@bfpLryoIsB#70`KF|a%<7IcM?3|;ymFf zo%aI=Vr+#8SG%+kJfqbstUyq=}`ZiMMI`yy&!N z-#ZAwNybQLWJGdsCL=eD0Z_kUm_fP*qQn zNP`x4C?4FsNO7mQdni_*KykMsh2mb|<#&Jg-uK?TxifEO|Jco*?4I51Zf4K>LFbH@pEc}R>aalnm%12CJ zhY8*;%GVYzponttIcr0KY*sB+8ho3F$M7^|{7UBN~o)B(4|93Aq;u^C=5x144u2wdD>WX5L`| z4I>v^>YK;Y4}QFTpm*XRlU{4;FCNRwNVx|o(w^s&r+ zgT$TRC|xh>)S;k1mSPeJEYww+ugXwhg(Wr?ssu%lJQQdU>aXA>maT?RM7NAUAP6JT z>)txn;r%DAsQCw)iz0L@4x##2slyuej*0I~9ttvJfg7@y$l3#mWl2awSv+KvJRE@u z5E9a4K@kMRfw?Ux}HbapJ-tIc%MTL74@VqC|tks(t;J zY#B{13K2>ciOwiL*X+}k_Ywa$3WS9(Q3(o+v>ckphLc9(vXOLrVzS^Nn)hi}u14Kb zg!acH!2gEhYKao$Nl2rSHDyB9^eJkX*_q)SUdt`5C|`uE3H4b$rhc@iH_c2qm9)OR z2(q%wkT=%R*A>vWpKGFiGVzge*XP8vWCy$8A@oodnfdAzp+H}`s?cAA3{fl~GUSgW z&qR(#OKzdGB~3}9A@(^TF@u4*4xfLEmh_8S!w8dI9|c1!3y2!>qa?8rNW$=*1=-m4 zLm~P$9AlSk*a5X&ST+)2pQ7XoK-HFk76c=}uZ9V^Q14&$`yjwoLxkL@Z#aTo5nz#s z7FNo<7FS_u21QlrxD0}wkCVgP0Uf6_9m2?2_$)xc zkd{v2bGVr!>d#_8CbM;t==&y={dssVpaX~I*a$_=77_XjZlXjG&}`v|O(H5Pq!6m0 ziW9pK_A}unT5xpJWdhtdHlvlAFS&B+uMnz>5Om8H0j^Qlw?oUqs(p`P>5M>Z!A-d0 za?HpXl9@puMH=`BBRQT4MV}B9X#7E+C{k$_9$5kCD5GYqk`dcO54A&J%)>K3#imuG z-gEccA;6sqzH_~M37?hXG7@O&@JH%g?LOPbWh~G*GYCf@?Jb5Fi*S>KSQA6^B0GfK zJlw>MAf9U{>Zho9_NwY~tBBkW1=Wn$jL1c$xFxYy4A#t`9|}kP_BgDa)x<%(M7i&L+3&v-Bq;qD-LLQ5o6UHt)Q!~!McoC12SxWDT*-Z5L zXd#D_-s&=3?i8Mh5zkGQ^ag<8ioo~{H!+W+aDn9{3(qDICoorQ_Kf`z7H5J9Fq6;x{a&(RdkiGKE)iM zI5~LoaTR)*usFqRja)eTxaz#%z)8PLNgf6Hx{>>7###LTkioD#Xp{TC88IN6Gu3gq zY58w1OXBeppOmjiuKUCrJ&K-Zh1buQ+pV`k&%Xk7Ljr2&A5;fNcZ{lP)t+1{q%;p3 z%3dnS-|Sf@?qYx0Z@9BhYYX^WbMmYpweA-nDb}E+uT$0Ll=iHuc!$=d++Z8uNnc8T zBzwm{YJzNlX;3r^pv<#LkDr*i*>1R$Ig1!LbNdpjn2a6WFva3;$?b5azrei1H2$3W zy0$0KoYuP=7BKPp>i?Us@IPfOV)g$ISqnqh=UvCP|C6kRd3E+M=uqB>$I`_}{@-BV(nNMg@zVOBBRE#$u5i*tOzSlfGFJ0=Rd?pKDf#pG zKEvyGsj&K+KhOTI?zC17;=-B0{e)uLDA3@#)VD}$BRhn;#@7=T}IBTR%xv)_DRDCFCLOwc-a}Vm^YPL; zF|AtdKR93R|HkCXjPm}=@@We?kx!t~;8vnrWVDDouj`4R>#_Cv=RR*->gPQ6fBE;s`(Jt%kJL5z+LQCEQJ=+|M(eWq3KkEj0>HbNoAv#^0ZFBSMV*`x6A|5>im#^ol zHK>%YY`fzSYad0pZ%a$&~hOWVKFb!9~ zIc9$U_#Q@hnQYzQW%l=21_@U;rV zK2Ks7OA;Q=-(!Eg`LKV63VS>(I$%*7>>&(oz2JI$@I ztXbQzJ^}E-_GgdS&?!+{#$6ATRpQo*(!U)@OXJt6-)SR{eV6ytvz2G2cn2&t5&Sle z@9vGeJ@AyEK8YNT+xD#q-`!);?gQ}Xk9Hdf_$|skf#yH1n13~~Wv`fYG0}9b=p*K( zY^-MXFD|?M>m;ROMu+T|uiv!i1!kLmV>`I~c?ekTd9Reta_#=L8Qf_jklL6Ij{U;f zZ`{VNuYETsTVd~)3a*)HU^jvrVT9~df~Jolj=%?Oz~)pA`|@Uj|ox7UffBtZ(dT=X8nw5~Xx*qKMN} z-FF-bOqF8|*RpJ}29@_!wd7|rI}b*%9;@*yaYOH6#nXC=BjD&-Q7I8k4&6N*;rwUiR^V|Qda z;5k$LFzXi1QaCCbkXWQ$3q5A!U(xd{;AQLDJKXNwU2`nN6HE$y}SPSt^ zHRYbJiW!Z9w-}kq?r=&x7q*7r1~&-xfA}#qQX1*4ltXlT-hSri9>Yy&d{ZE$ zejZqu{rp8!_jC|r&!w)dQ@1HEWZHW*dkMX;a|MIL6ywZ=uQRL09*b*a;0rMERQ_|V zv>(q`xr|qkwxrIBf`d!nf9Qp+=GcoSp?{%C9nGYMUQjuHU{IT}am}?2)e3!3E1Gj_ z8k+)r876-l&ImG{&Wd1PoYtf(r)a{JxqG9tt1Tb+1ZZzsqq)`~7`ZcfIv*__*LRYYjPjSB|GD(Huk{YDFO_!0Ej zcRW^DIr(2ZQCoqr19`pQ#m|5Xqk{^x*Q&;RK)tFf-LOzzv{1e~^D5ohX(3E)1P;@0 zDE#hlYLpujIs||7J2>vn4se=;He!hZa&;a-gRK9i#oQW!tA7tozB|xi8C!1B!zc)A z;^uO6;dv#j_3P2gnQ@lzpFrYxhPgoCF{sT$Ww(EhEfIJv)}r9xl~ z2)zmYOpupQK_%a&EwazC6Ibp%b>FmcRpa#@l{m}P6k6XD+6o2}d#ng7h!@sIz>Rjb zT!RWcc(%KvCU&-yGji>lqfYxH?Y=a&t6)nlGn4V7@fc~rk#3Eao~`hyxh$r+ESI{uPF*|?jxyrW5}eTzW6fq-bGC2a@_La4 z^*#_DaC?T>&8D`j5iA8O)OPfV|CX!9CH}d4tM?GnQ}Rb073mE9wm);p zo7jk(6_Ks77v$wbVTZU|lQ%BUMYdn^$oGfj@6YDu0?<}v%Bdf1!k(Sa0<*p~SBeF# znji;0p?}0g#gjut=Cp%-fnA;Ep0!+o_~7W1%9TND;H( z5~*FGSC*zj-b33)Q$=nBkQV54SX<4wq+?>5UXL|SAYU=@Vj+C7(D-LAZD|>Y++TL+ zUv{9|keEs}&DP31w>DppB4e;3AVd)}_!POd9{Cm8U9^)>ubnsF(A#3zDymdFMvt}4 zFx|!$wi3BtrG>Ceb^Mng>7#>3(Mn`?jd@-zXM19^?p{U@&X;-K4Gw%1=^QTg6(M_| zwM6F#M&|(1vfrv?h_jk9N+9)X)~@kCij~!cW}SI? z@?|SxpE@R;?ElTfV>YD2i8AT@*RLO6Q0@n0wpIezD78tym6^a!?W-Tvg>ghi2=NO^ z9^ny>Rkcppv;Gx?xD$jJvLYxrwvY%%>+su6loH%2g{TFEDBRa1`wYz*`?I*Pq6}5$ zJIC_Bc%zf~GdlWEo00}uVa<54l#ASSvnEaBU z=gBNUY|rsJ0vPWSnnFY2tD&5q((c<1!sh=L1Z9#O3>gAFP~x^`F*i0 zdot6jWGFQAm*j0a9zZpUQgsy5VySPb%pGjl1hz<74aQAz>!mn&f zjN}94n7qCyp}q*G0g1Sf>zV?5H7hloYf>6|}*^Nd~sC7x7gr^50l?3t0byKV<^ul-gPqI`$iChz*M1 z21UlhOpbY1UEhy~g|sn*wZZjTABd++twIjxm)xrF-T3ImTL5Ph_|1NCNI{&5$e!YA zyqVk8&{bvgz<&OhO5b9l^lTEhL^&00RpTVp<9PZ>qEoFF>d)pkQ8@3l<=$)i$|HgQ z|9L`3JQ0kv^!-vVBfoTeU#qs4Cyo~3j1?IhgUsaTOg?eIru=mKxsy%4mu-+$@@kRPw-SOBRm6kZ z`d*H&uNoK6aAm|wOQtYMr)-fF+*V-WlmoDf;n>Bk(q+e1=~y8+KH73V+TdUB9>OW9 z)T0>GN9CQ*SJ#{5rniE4@1L3a)AX@^xew?zzV?Vw@RHT`ECn6?~D8>~wDw)2kLYU(PgINI*yEgF9onM@X0@^sM^MeJ5l z0031r3P&|6(tJr7F=`pwv84Ev#DtOzCCM=8_gy_=Hi7_*A#MB0$JuCdOdL=q4iH(S z5PS@(*fF4I71!)#e1uILQUnhvGG-{Ejp2I3RsiGxb;Dc4m%aHRwi0FfYGs+_V*UZg z&Yv?#78Rm46h`G=+Xgx?gew6el=x)ij+(S`TYg*3vdndp?}t}h$EsT)r4!v#rm7Wu zZ{GfQYsGbsG*!AuD-C+s5u4vmPc`TDYf}d3Qyu9;={XAMIe<@Pum?9WAD+8IC1veU zWo@wDG@&r@y*3jg2N;h7KsMe+H?R{DL=~&Sy$>!rK}C5EL=rx69t>zi_FUa zZRR^A(mN%A5k)Q-A2{PJR)-1Qb$^K)d^-GmSYjF>F|GPHQ8Wou6>;WIjjEJ|qO^o5 zZL3)r_-nCb@!_`LqxkvhAQ_0vX8SiE2$7G|+R2c!_K03o-njx0;i*o+#iv8Xr@=dk zey0*XvvvqdSU)8U_en7K>!*jd4+M6`tNmp@RGKLq)9u^tzUlKhS z7GGAUO>No&XobOy%J&ykxSC!OLW~m?{+TKrv3E12+pQ9ye~*-4Dvs3@OGP!kJyHC|b{s6xJ$@^)1w0T?JVvRZc;sET7Z zjbS$pHkcvw!16If<}1#4b zHrWG^qB1{zi_aYY#l;^I`};yi{LdPnoP)4*G&LtCf8h*`pG zu#YK|4w7@Kut4!uq*a(MTkY5vj~X-)^(BHlsN&e^M17mTbMCOnoDM(r)#8Jmu-Gl_h2w6;c_M2Hf}P&ruNx^At*}({iiRs)uQR*=3xv z#L%a`%_q7P7SccqY1aMC{~8I1qnPwmNcB`YzP<1JMcg6e)`u()KGb{oj)(g`3+H{7 z+Rt;*utlzITg8?yuo!7>HEHf~Ok0OS$9%aDJLa%0a~K#~MNlS3+DZnebsD2}+PF7W zHR4KrRQFw(?|IrNb-8|4nSPc^*OD#OU6B&=r84Oy@{aQ<2KW@?`V_bQr!-isW9Co8rLYOS z%BDwYVOJaG#5T$Cu)i)g!Gt*(#!G`cc$E&HrSbYqvU*LHF#qBeh6qN<%B6$k(mfd4 zmtMngcBe6Rr&Zb07m79?*U)`0ef0%JzJ#}KzqL#US*BYvb;OaCE?(W+xD%21TfL*4 zPo|qA0q$m_uD;pqZp6PKH=b`hR-j@bA{DjB60yh{!A*u;sHCV1Ftz@^=Ij|)PC z3|VK+M2gqC_UD>&{1z>$q!;+c2jje9MqC|2VNYZdo%CHfrG2Jc!bzhuU63sZ29U{H@B z>A$9&{Vh?&cvUx^F8%g&h4yq%d%DL|mxp0x$TzUsH}G+=d*u6>RjsBOZCCu*d>*xY zo?|qBA;YS;wJk@}!d?$lNFx2m{eUHg_>D7=1eH&445mUwj$SKuI>5p!q{( zi!kE#(ytW9wHIA2bB5w;d=(VQwhsuUmzM5SP>dZdWf|F`H%#7Co!VnbJs~|B++DXDj$;D`N~UN1OJ?&||DN{qR;KP}HTpdcCAZxnoSVWlROy zv*iT54ei1@&<)?${Vrd-)HfkJDOdDrn@RVMkg2dP@2WGtTg3C~CiyVdG}hc89CrYE z;2<@adlfmKpl=1&w=(FgIE}`6q?Rd+!KdEsB7K>4J?@`zWX?0wu`SZjet@Mzg!DHxP7)Z#@(7YzzQe8%J{UB_+|6{%GNij!R|{DB4)`kVo4;V zWT-Z)fDX{}E9?VbeZZTYWq5I}MlSm<@Z(hSV^s318q9j|>xp&6JvWFw`oMOS0Qeythn%S;1je#;TRH3pkhBp#}V^WaO@v4qs#jGKXHyy6blf zsSwXzunlaVn06Y^>5xk))6zvtttRI_0o1K<)R831D<}Wsy|mw-Dz(_VOA#E2Sg88p zDEi^}t%o$Ycp**_U0iI!2C892oNtRb2UtxaQ>wNy`g3zS{Y3rll8uQje;}Ip!8NHZ zbkjevV7lQSb**a~UxhTjdfWJFph$OcfzPko z?@H;125awZj`bz>57v-c|2vnHo2HRKbpmLyRCGJ)Rp*s!azw2+!`1&m0`c{~5{O+t zqy!?(=f4sNtHiIl|94-}`RBm@Iv_r(JPZ|%gbXfzOp>ezwcK*rm$mD8|0p10VHYO>$tRji({1W7=a$QHm*@W1z=mw^nj+dL z>_w4mo$TkdRqf2sev}lf%71q@Z4Tu|Dd&HNuK$)EysV9S{^XXB-8}lm@MtA)-PlBN zk<0V(LY^X#4gTMrq9sljE5Y&uCt~c&({5FUA0yQT{S0XGH--PJ!-#_R%j(#CgmOX8 zdM9n(c)`%Rd%;jLM90rFv35rOO<-QGXJ|K$xYllj?7^vZqC!J7dj}0qflI8yHFm+j z_>&{E50jBjQu2lS9r_w{WDklZ=w36U>ER>hqeub7@Bbx$uosM7E18n-rk}VNuy`62 z^tryg-MO5FbT3>S^CZ)&H_x^S|7iHuDvlOcKFjEyr>G;6uQxQqt6%oNeEwYVY;(xS zs*PXRB<(vPDim>KMOvb_}H4z|L$*0`jizQl3$cL z@-bCLAQ!9`*s8aCauLW_DbpSr^|hACW>5^N0W)aw5QVp?q_iWBR$FpDyKOf#Lyu~w zDfSi=a@&UmCjGfK(-(CMM=U*lJ3mK2R8kstlnrfr{)h@kmzth+is`OtPE#txSN!R` zpKb;E>vG;cyqcEpTW8U|dv01NwWufEeZ%)ICqre;)a8A#i|!;|7mv7Oukgii8i)bpyK!rzPiRf-%*@LBIzEwC zXtD7yYpQu=l{dB3P6%|`>1ycK2&ilrJ=eEdu9k2OE)NXQx<&1}?}l;^GXhxK_!mHFji{=|>* zz#63_mA|QzmRdL4gJE9=quA$^4IQ~QN~_8_jAmxddZ;z)rk!d{yzO{Pl$mPK_hN3R zoqaLZo1T0*9cA(PqyPM@>un_Y)U#V`aQAMtK1}rYl8)C`ou>LM6nf~)fh*;z z%^&d&yCj1tmxm1c)uxjTM%<)ulAzX7t+@B@Kn4@~3{JUnSqC33JK3ky37f%Ndf_iy zh}zQ(EIC7Ihg|6s{mRk34P%w_uQYkW>R)7^qjBG)HE8H_bW>rXF=zGlHuH&Wy~}Uj5Hd> ztR}SwwiOkjBQ06Gl1TIfe0Ez9^fC)Q!+wWqfGPxcFtUXjkJ?+tDIw z#LE8DrlfaFTSHV|rEM;UQrN#R*QqAWX>GfEWx!;U82VP^5PQfTyCtW$Um8=aORMm; zeqPJ<9;F|9lZC6h#RnxFpMO67;irpq57k;7Li#O2GW$u(*lN3?#KpE( zv}IK^IT7~aYS{_u+Xxc2)x&SBTrB7XZ9^!^@ZUEryAsg_Jb$Pav`zhflrnetG*n{q z>mp|HT($A}CEXCcTtjrUe3k>tM;e7<##W#Nu`RA+TvlP5PocLRObWZjGF#-*I6N7; zgXLjd7;g6?z)m~+X1U^`^?1ALIpfFL-CV#ze8*E^DYnly)90z^fSuZ$Y9bY%0KNM93$re- zi}PDV3H9^kVYz%`>BXJBg_p<(+9|IgTc3< zbLNMRv&+?*^E<0xlDqPqhlyiaiGOE-PW6(3BD*6iM^%2|pFH?&W-RD9_pl3g3svtV zGx8Dobk)AikbSHwbzdOF2GLnXG@&AQR$;oE4$lUk$F5&hr9`M+gF9k*}p z3k3GTPbZBon`64VWjyNUyJ4-=MEn@T%yv+uPU36iY|v4^|$A066jRRki? zEtj3x80;;5Mad{K*tCX74xc+2|n_xb<<|eEqD)z0TrWJkBWM z>3(DNKGpM&fQHUWokr;%wyErgZhF>#d_?bzaJgfk_Zxfnsd;}+E_i3LhvsT&i~`pq z$|b#O0(RT(gNWWWdu~;uMAmCq_7dBm)HrFjb)&YdYE-?)cgEV7#7dQV`RU=-o|(bq zZ~9=CipSL>Np|LB@TVK1-XMZk*uv(y173IwVSIW1w~CqUSCa$mX78Ta1v-j&NYOv} zgp3{#WT?j%%YRmKMOkyy^zP`B)UZK6H47OHB*=J*7K%BR&qDuX7cyE+kl`3xtkRMA z8|7ky0}zmB`U%DKlcskc>V?-3wMBdVYG!{PSvbM^}lGAY3wCwhg)D(MXVk$W&8Vdj{)C{u@+awhmYrHZzEYQ$hNv z60)n8EWCR7=+}6mv=LwUXK_p8xy9(|RVv*IOuKEyGA}Y6_ja`CJQcSg>&;&p2dP|O zgZFHS0QDaF^5eTFm8s$eUY5JO?tA5x8Ua+rY@Ik^i+&~5(jiavn+tQ!1^)l;&w@ln z?)}0y3mShwd3P*H(ds_wr*g=yHt8B>#lgO$*%LuT+9aN6Vj|vI(r8bw%l|p`vzSF$uK85hChxp{tGH1Y|0>=e zVL!yMWDspHDf-f?_>Y2`Lkg=Nw)m~qZeM)HekzKG?9~zAgMFaU!s&jH;?OSh>8WCB zgw&R|m(;ei%JQx)?h;k9I_2$i;pj8{S=>xOdsvKh9D|2Q1vG-$^oU_b!E4hSW2#S! zoR+4EidG3T3}vGX4<&9%VW9i8sP&Bt~9Aw>gP_1(>&+PLVX zdvv4alxJ`{8w zV^G*T|D`s2T@xa~eubk24AD#aPD-r9zH2{#XO}#0aBa0rxT;UI9sJWhmv)yH zrPIeNzB?JB8XIFE+i%n7$7j*byPfsi>&Nhprwa-RKkZf7-lmg3hb=C7a@K{NwN}WO z>HSK7gqqo|q?6yW65q+wrB+h!Sjl_ihI(_LUC3uypgzmIlYc&M*$PCC z6WG@!c+tQ#!29y>oMgIspcaj{NA|Vu+wWBwd_QvA#m_1=Bx={<|K-~nWRmNLFY30; z7WstbQ^^-mk>dz4|A)#1SnIGORArp&ygDaeqw1-Jb`oPiUq8RTNjX>^IjW||To`#i zE;rQ}a(}A*d-zYK=OWPa^e*SQV)#i>Juqm7FjF7{ z!h^jaDxnt1!aeq+N}VK5Splbgv)`x&2?)!2l&gvSXD2|U_=A<#m-Qp7hEpqlrK_dQ zDt8&w?X5zh!rF11Dwc~VkY*)-?$M;y^=}fVhK}PfH4jYzg=>9|$CNP^$C#UrlBRSa zVNCS~`YlW*3d1ke^(HW{WXi!W`$E=k)ijSoK&A6#kQN6X%48vB5A zMBta8U!%A(9M%vg2l%+$gmrQwJ@5q(_KP&s{0GU?tFAX4PmP^hbqZ&B5n5;1mESkR z{mD45^B|(u1Xt%)=DWylF*6b0;P*=tlCObVT7kw(6B1?%Cb{`x1~;(1zX{-2&+Zd@o_-9bAUbr{I5j_TeApcD&~^ z%2gnWeiyVpl@cp-tuq`9w3gcAmrA%k`bg@_h0K^0zos3C-rqn04%ntH=s)=0Y^14| zXyI(}DKbBZvd^D8w8H@q#*JZ#G*F}S>pCT~`K!vq;fR4~zf{5qDDOv<0DiL}PXQw{ zK5C8YVdU$lt;MJQ-^{Na!;Widj(^vfp{Mq3EQRcLC7~^*Iz^+TSdls!{n8<9=0^LO ze)q=52_O7nQN{M48RxT!aOGZ4b@O1EQW|}?SVz6gfef7`SflugD|Dc2fv?5Nm!Tc9*9w4l?gF(6Gb3W4@ICR{#+zjN;=#$L3q}EGj6z=f6NuoFTmfy$snN z1uRPwXW?9!vB@OD3}60*w00V;V|2u3zxiH?QRhP&!|pZkBg%Ka8}kgF>Ec@AQJT-r zE6b8A?$u$b56k3zt&g(9D8$f-D1$ZdjFK`oKZ>>2OBGJcDi=uK@uWcdb;ke(mhghU zo5Mfwc(}X>9oLvR#$Jom{(2iuF)}4+SD)RqsfiEvwarf_tGTxX-Pd+2kZlDdY5>w= zAmO#6bUiU^)#|wVU3hSJbZEX!kVu%6{o=>7A(X2a@1m_=_RC($zEPgo{P)s>jRPSp zKM`lU51&i5d2-MaqW#_P2j7J;eEBeCTEzDFJ-TAKr8MI&EkCdmVlZ5sGjeQ71f+8SM(K%7PW1Ru#P)qJm%UDO_&r6Imv8Y?IDBO($ zqQ4;fEiBk5{&N^r^!C1|p;0qzm`?r&-C*eT>Fnh?-Tr#y zZlN(RJx|}@GCHjwARq<*jC7;F>)@=-%jtR@xZi?{S7fY{@3E>7QnBfQ{U(qJmjk5y zk$wU_M~p9=jFkUZ_l0y(0#gZ685Aa7TQ^@{I&+Y-I8(W=Qo-Wm(oe<#E`@(BdR&QG zybwmkVbhjl(^eHvq{a|LyP_g!eop*Yg!4ZDoyd|k3WgesN&OX95K}N?`vO)z8(Rue z^%3KvkzZMwdA7=Az5rY>$A1lKy$pJD7QA!F?k^IzU9n3Va z{Fp{2`BtXE9dZZe%@X(V0{l7-={*Hrq^||w9p!)RAxt0Fa9Pp&FuvaP9Fb^k&$&av zfrbPt+ThGxCPQ0T9dH(H1dBG9eTtC!U;Z-_VWLYATzu&CRoAPJ$o6J>1(VUB`oJ_c z8O9DJK&MjMzP!aR_JS;Y9RzbK{{NsbUJhX9|-sL4))ZR2u<`(?!B@wqW zQEO*zciCUZ-8q6YrKnq_C|sqjeKjlwDS9%SVC}s<4P8H=AnXG|wcZevMUU+=bX zlV)HYWZ~dr0lsW~zdfeAH|8(PKvs}MR)?%~+Aj@C-Dg0ta%3ruKi^p#8L3yJn)JRa zbF2ZgyfO12#>+aQNuIJ*`vDHf>D0;*#ll(uXK@7?|NA)VKFrFm**zVMQ`Oz>Q z+rTl#N+m#*Qrk!QT;{gUD2jDB!)K+z{#Z zDll1-V@^^6Br9PClbFQ+j&_3+1l6$RrG5Fmv5sY6IRFgoeN!Augj=Sd`bYf>GZnNLUADfs~3B3$1hlLh9@P5FIPA=wx~nV3d==#DqGtANQ)4a0cg zj*DP?)K8?9E$0U^qygD86>?c@#yqA(I;P}msPIB9Dm{Sn`CDsM8lAIHL8Rc<$VPm% zMs&L=#jp1)WG$k5*8_%sMSJQ!VksHbC>h5QICXkK{*fhCnz}rb*?F&{BC@w4IDq-L zGZLH5@0jD1NaK_`KFQ_YFKIXey6CM1WupaUq6JCcW6*R-^9Wp+^9WFjDrSi&W{rp@ zm9@U;-gp09eCe*hj0qvdga~jb(a?r!r7Mgkf<_ZPwBoY1`a^G`e5E}&MVh6VnINQ0 z5CH(BTKW$f6kiaUDrk`^NLsnm0};Ov6zoqI>`QON?{18LBNi(TQWFOqZ}AB^lC51W z^>r%SygEU;4Hk<9#MzUBPGrQJV)}~TKpCVpk$4I+M(m?h?CZ&!ULvmka$ZRWaEi6d*P{EHDD5aK_Bpggt*iyDtdTg9kDGU=B>>`LT;k%) z&+OqFNSTHvyP76@mp*%n0(%OGJ;hq~tB=paFJd?AtxK%f6*jdMw(%WF2j&*9_Nft) zQAmfTx>$zeWf_L)H29R{*|GXsj)Rbep?sjxTZIUh9|*fV@$ zl=fsG9IXRDjvs?gtCA!iG+o2X0p&%wa_ zaFkT15_L!IOa$C+N%@%UoL>N!2{wA3ZrZG@4rrp5rF%>!A zDl%QMU3Lm>y^tME0*xj)=G5=}7-knF^r)AoO9s&;JH`(EvL}=)U@m}=79g(ywPQ19 zMk@%Z74n)r-;a)edE1EVEed5}Zb3(sF#X^NZfs2oA<1q#RLKla@*r9eni zARYOt9iH72I&3`0e3uNG$sR#j?`OI*ZZ9smfTdg*;F1-6nHWBty&@Bl(sk*WpnW#A zeYRs+smCSgi%>~eu;f9PY@Q%;lF1V!y+_oAjR|eKdc8eQ2Aw10y7HO%F4le$l>2wSWOo0gaDaFOhb=VD%gzQ*$(1ZXlc{q;Rp0Wyx0eAH;{ zu;Bpyr$WD-yQ|*I{VO($NQ!m;*IUxaQ8HJ|$hfTo*&!uLj&X$2NJ*unXnu?r^k)Q# zv9iFXwz$=yvc0O7RNPa~l0N+ck3YAyfvub-OjZ*H46g8>3D4(H%jY;oQ}ZVJ$N#EI zTLR6CfaM*G=^Ya2vK8YlvS5Oi3R;vl;)^wf94LCKka5t$nRZR^KZ|pyiE|upK_X2# z@O$2q74t^F?TY3V3N985Di$Q=Dt@!t+Lcd&tCfYLl?8z#9R{OH_LoCr4sK7Zbz#y@ zkblT~O6p7}ztsyjg<>pjBJrEXQkcK(x(mZJgmfArkf`2?>QE`7&wK+Ry@3d{X^30x zYoFGfuTa#4CEgT8-V~X1mOkg(S+K~!m}Fo;+=^qPnb>Iqp2wf%q}a+GBAPwT5AWn; zV6w=Sc(&LeA`>C4T*35nL_J9~(e}}i3+(z(=;XXqw@4aRAPoazR-CD)%3xCO{x!Ttww7cJO{j&r=lRCoNf^b z$+ITZ{hP?I#U?MRKU0U-p;EFEJF9fSjbdM&zH$y(KzV_W^S#)F7pyUY|I!@qrTOG= z?f2(%K6Fa5|CS5F>drlXN2BV>{Auz-Vc`%Pf4X&28%xE)WM2g;MOaR%deB-H@li1@ z(&%H(QyzTX;O+J`=j3iUw1`Koh-aL|AL3@WZ?0!j?`tZuroiox3N9tDWur7G!R*go%IA zZJZ!!#rPJ<5UUDML6=8fr2z_2gF|3InySZ_EIUE4t)K&Gao+Vk;SfvSx0bx5@E2H< z4!bh2?a0!z%&VyH`k2MIninQ=1Q}a?%;A6vLXx@69^R(P+g(& zl&ZNlNt=i!@T5$|s$*2_%WkzIjJL%47tX+$d_1k*5Ti*!y|>Zzf>OrYueJ4Yik-buv>b%lxodiY)!n_oOnU% z`CZ~{t$g_$BIVbUI5E>W zF95cz#N{ElKZ5IRZ9LpSt19RN+e)GWrrYyW(TD8wz1`>AmW_{$yRsUautLfu3LiZ@ z)I}ScoEF3>%Jug1BUP+3jOznjJT3ACe<(0yGBRW$Z3LktdTHj{3i7rj#75RQM%Eb% z{Biqge(kmC^m`(*B+v`nciGo1V&KKaq=Ws_@5 z=I%V^cRK4*8{)C6B?X;&VKEhhAN{*r!+#k(J++fBewQxXpoD!b@qcmk)?rP5f84*M zAT_#Sj1cKjBGMhB8_CfrAkxi%!ANP4kdp2O$&E(3RgjPp5D=vK?eo3w>;B{S&#s;A zeVu-t^FHxyXgZ?-2i<$3X$k(Mok7L-9t-2ibkE-52Pv58K$iH>3*kY3vR1E;Y!M%KTs+uZgS zQNa>Yz!C~~w92hNTA6ye^t2_gbwxv|{^)k=JgLoo6>rUz#uh;fMbJ{eiC;Mu`+dX$ zMG;z~2+6sr+WZ3H#$b74@YX;aK6|x)hcozFD1VDJoJk1AB*gbO>+?p7qNgP7&g+E? z>Kk)bBr)mZz!dEFN~9lI+%%NJf6U0u}4{!IGcqy z+tYJIV%Wo9T78DbVwP$qTTDVeD4QiH+j?`{`0yu4eB?`f4GDMRp>F@oTe6f1fmmCH z{;H&ll#Y9VbOp$90^m3yAZzoDMcU7jk#t;T!%JAQKpS(Hb!t>5Nwph1xSgQNVbdhJ zX2~oacw>8YwL|hYzu;pJl@?imaYQ05hj+C@>&fIhaIO*MtC@CV%WHnrk<^4~{{{Dc z-^^82-L|he9)l1zgAm_FmIEIv-%x`0+j`fNNASaE-&fVLKG`fj+18EYY&R=Y7`SvI zcDn_&EM#hq06>Ju!F$;FTaGo>CcqP5JEkoIc>Mk&Rh^7 zwTdk@`UHPn6y^jWIT=?hiWXUk0=)79yn`?&R6NZxacD<1!o*lKr={vkVF`6_3Rh%) zGQe~wYTCJT}3hRgA{; ze`Apyf{?G24u!$${wV==@BllrdG1fh*(-8V<7j{}2LMx@LqC3_Dyz@P6Zj|n?Hw)a z5EnAFn(f3pT zKTBF6_E>PvU#Zj6t!vo^97Im}p=$_D&4V#av4?~L9PtT?DUX5(P*m0KfW*t4bnK&e z&VM++mjCewq(r6y&QF=>O-dkct0{va3+LOJanT zl#2tT{~IJ1OMKR9qufwMT<#DQ5;7I~%8dJrOQ)$dX!l`3E}&W2SRYbfo`sLl&6DkI zp=t%o6+$CqP<(i4#zQ&2b>{gDO8*dsOChCB;DKUjgfa@^N1>Iy^T{G8M_E@NQc|9! z8n-$6TQ7r(^%)ljh5m0j*`vOmPcEz<^d{I}H7J3fMDi-}=|RlOvc~N;Cwpq(jl1kF zL{-G+Pdi9?5a5zJUvNYY6jKCcrmgq6OR?$t4d&i-sWupt2bB{?K}zOi+(-&cL3v)q z#_|jcvhJHNmN zPy>_KB1wJb7HY|E<9PXr`%*qpkjuZY7ffU8q!Zqcw;emJuPw*VzQ>*7uzZ4Ykc}yWEiX;t8OpQ7 zw85!Z>^iamSYgYbv+A`P2yW-oWQwoRj3 za$RsLSLwADx9@8F#VMYTNj#)7D@z}os=D(@a6uY|SDtK1N#4ulb6Pdvy!Dn-K#*nG z;CF<1)QpVlbAf8$9olv+MIsd2dXw(iZ#-V*m(0kz{ae$E`i27joML@O% z%BMf>FoD`B1V^+$FtiaZb4jI5lUd zDstU`#;Xy!X^Z01G`vkA8K{9qyg@D8}TmH_b|Hg!JG4@ zdxDamIAjG-w8cX<=X6{&nr+x5Pzru=*|5*N*wv75H?5RqihsF?P#VTy%9Tfc^043k z;+gFKo$*KUjKq^-QIg|w*+UDnOieY4a_!#&pWkQMwCAkZiPeWOVU4pX>OdEy$DJ~np zRaW|f*T?omvFPRXip0y!Ddxxd=)C@`FcpIagnoACSb}Nau332gPx@Bk;TSc}vM?Uk(l;G8ZPY*zOesTP)3O)xTTT7m24;i8 z9*)cQ;Q8tqrisz9ow?%rfiAdS{J1*)GlcQ)nZnn&>}{SOn)MI_S)RQE+rzHljAQBE z&!JD6wan2^kl*9Xzwtf-tWrNV>b|^oI5jkSjQES4_@plDiA4j!#=>8Y$sU5OC~U{#ydXVyS4!Oq3=CM|X(*T62fIm`93>Al#+n*+fZqe`|;ZA>2& zpH(KIjtufA8$Ge6MlpOgsEV2##6stCiX6^AXroN(q};9^r8#^2tn%eE~?!!wzGs z*TyWkQG#p~Cr`#!?dbVR*Gqw?as-w z87C!MNpg_I7gye=RUU{K9E}F}8!)1EPAeB#7Y1I>=QuBX87VG*lV6SqoIsLsStO8_hQiogleTW^9%URB3rGD-N2Lzw5Jh?UyP@YVLZ43{TPN*9+DbX z4_#^t>`gCk42(_MtHb*uWHy z3@}U1g3QgXA-CPsZeMpZX~h)h{%+(cHD?+pcrOp(jV4ndJM>hANRpz&#(i zTZT-I$g=sem}PUw{5jRUVB6{k6~4VBDC@!uyQ$Fh=|!iC)FJ70^)Oq(X!_}84_x?= zbhdg}A?K755NI7wg=e{FvpEiFyNHQlf=&d$z=s_I_W2)7EeSq{BmDVBWd{RWd0iWQ zpSC_ba@Mh6;9>s5cPB~tVKzWP?XW||DL){Uw@QVo^y^dsMF6uBbzV`=mW2*{~dV!#IjxqfbitXguF$> z6SgvemjfWU^zvQ};quCw8!h<+-HQ))^aBe4*hYsP8_pV2vyn#_8V?5VBw=+Ics+|Y z152$PZ_dhd4q2RQl*?O~$XkX&4*d%9?XLM1Cs)eW$>_ykH5YiT=qDF#r?jeWIyRfx z3^62m8x{f}t#s-*+*&ck$^y+ysf$Onv1K7LlP=Dz9ZCUqH?D zJ$EaL$*N(pZVlj@Fho1=JDErp*$p}pUkj{R=+OBloKF;=h8!?jwF~lZVfJJBRHY0YDexM@&d-uTer&)Z1Tc<!dx*89Vko{5P#ji55IbsM;;^ zJh~jC^)!_naJn!Pt0{xG7Jpb={dNI(x4=4KFcsB7Hf~H?ox2acbI-}oRNuJ!4!TuV zIW{NBHk5>#UYJ3+-{$?{Tjjex5IFQ_PvER#`cxgjmzLhfWjtqUZej)37I(HN zKml>k;HdL6hQ^%pv><@*A@xzN#W%EmonaCWl?jC>ACStS<5ZDN6@63(Pq))H<4OZ9 zZ1D;XNP{YeVOpwxEz~tgX2Tm|C@PtB$^#(J(iIp_s-)O-F5n6aHXq8xiqw;s@Ujm` zZPAZIhyuE8Po~BT{lTWui=wVQ4l8v#FUN+cws2Y)UWCfHlLAB*Sm*VVVsms&{j|JY zBpomJ#mz)G$vy`td^`Zh>XEUptvt{?0a#TIV?$KuPuCyzj_|?g{#GVdglLnFeuABS z&;iubFk<~SERB3MiFP{kOM%X}d^_qv5#v=IkXEC!VSxXpu9JQ?1+5k!Ems|Y-EaVA zF$}VcG%RJ=t5hzm$|vxqRKP!BOcJPO>aP#rqsc(e|M!Xd)l51K0eoDBTOqqG-i=+W zivsD}JO4Y)@yaZIy09|#Bl#OalJzkQQ-Owg79 z*up_az3CB4*1J?4r>4`vwjt8C2l^h?NKf3K-2r?bja*nGeMZ!uqag^#=+62j#LnY@ z3Dgq+yE*`qqLs#4kb_iRwXPXm-$G+hBJL^8dJjr;X+VN%Wghg*jC1*BbKsJcd+~X- zaX~EQIZyB3c=;PV%0qJf>M2;P=vaP&-mh9 z)2m=ZaXMnug2zUpqTlQ2oMT>g9i7eJct@ZU&V;a^8-4DXG$(b2xc6o~qn}PocUT8+Mqgxq6JWKS7yF`f&K7;HiSL}B z{A(h@j%4y)3#87wHn>|_&MlyH&V3^uerb7fjs zqgmyk39SsVGz&L4j_bKuU=8TbpvO>1zQC7VbO4Qb7lihj8oT;EVe`E!Jb0;ZL9vmW zrLP(<1eaQLm>mwdqc1(ca*hz6{gUL`Ak~1nfwX4%eLb-7QI%4THhu3thE>IGq*=)s zO|C$5D1>iArsz3K9P6byv!!$to%M2FIp4Uz4;sv&1*zPseB$unY24kplGdH8_^O~^ zj%XWQFG7nBUPJng!K)89yNlXeN5Aj%>iaM~ZG#6=F0#c0nI*qq5wN9Q#A+`(kd3i% zseBjtFm|KBbtt52_mPn;g93{Hinz#j1#99p=k>Sl{urE;7x)&aN;$L_A!8HF;TWG{ zXeI4t?6e(w5&L}6;S8A-_j^Q))umdix zVa2B+i>Wjs7?yN_kFLIf;gam#sv@qsfG(-C;Tt3~y2IG$^8Rw-9W}1S=`_ataPjXM z+aYUmwU$hy6uHU}z3J3Vy%cEl2F7+Mlw#|d9)!zNO@BW7z-!Nunz#_Kq=YyF8zzN%OC zQq;_gYf}87r`8|y%#~bnJFAh|6ZX>UX3S}XRZyE<+;veKP9I;URX?^wU`VyrRf80{ zbXn)x?sZ-Qm6Kgu$*vU)et{2KbdW=e=@##xxGMYuBx&OZC?wC}bGco;e<`Ai z&sUAt73p1g4XF4nTU9yu$T8ojfsR=-s4NfKj2PV#o$}rOcfO9aPoW|W1z3?q!IGiIyJ3XDS5@C%m}w7O78*H<0<9xHjot9I!gv=#bo^W(ry5iImdfS9+NW zagIs;y!brdbRDJV(gtjPHBIajqJV}YX}bk;RJ#4!NegCcy@*{#ThN*?>y&Bt`xz1P z&YE5$?>EddZozVG7v_7SQ$M@d*RYQxGmcx^)rozWVSsii*^L`MJhS2=jPVLOT;R75 zrD2Fndk+B~wTk%(V?uem)ThlGh(3d|_kN<1m03ZUXE3!u?LA`xvQ3I~{RXnRb{ROtrZy>I; z$~ccDIJT)5u^NjGjiX|Mf$Y4%q-re*bXQSs#TrK($4%P=^995UMc=BL$`G0q2%v|Q zXr5zSWJ)VK9$=$X_{a?e@Sj1*b8Qaaz|h0OsSW!4u7Tog=mtrDDCBR`*%ch1IQVNt z>J<Z%E>$L+tQn?Olw9%d#BsN82LjR@8UjoipuQGg%xUHar}MpBjP(xLK^9kFwkr+ zEY@We-APjWRxNuSQZZ(8a1~tW1e`P&i2g9v`{6b};jOrWyVC(Wo%$4BdLrBSIgJoO z^XD~peP=jL|Brh@wnq_rAZ(?Z*RBSa1PNy2B5mo~vmi%-4BOm9@H%0uvve^VxcNie z`)=nmqi=?Y80z5XGikVHIUlsiyJ&SNZyiX?r`O5Eoi^m2A6ZotRgtKDuJ;t3f9=XX{d?~yDAhJ3(MTsM3N)$Yw^ZG8!XFa0 z8pvV`;3olmqE97CUJwQv&V`LTLmk;9p}-m^ndUN#)J0?ksFl7f?ztQF)H6v-#k7T` z0qW1hfCFJ*`CK2)`_C>8IRVvPpI8mH}PA%DLR0J%SMC)PD(d+iZ2RkLnyCZ6HZV`*;in-q(Hb z6SO}06uv+QFm%}%aBjJEx6qSZ?xJmM$3e3hChSTe(?7A3MZ-T`k ziV$i~X!brdL2bqTNCTK+QOmhJ-HKyMYB$E>phgJQ_Na=CbkG5Io%^=U+(^^lM?5#e zP$MF<-<4>wQ-6J|O>~1wROZ<(0DYZhzEy-HUhiZYG%Xt#5*1b8!pi8{r}gtqL=sG0 zOBVH0l8pJi-zn77wc{CvZ1`44EB&1ho7ThP3#b$l@ckE_JoHB;n+{;-+*blYV{dp( z@v?AXcNG|?pK$b1G9T`Z_7 zx_?z%GP3Iy;VQ(^3B1th)^X)#MB_rSHdTns7%B=oVH$XHPZq+S=wnfbIX@l8`NG0d zh6_Pbyqk+s$CtaD4_ns5;s{iG-+6kux#W8F<3j|%TmVcM@{@yRJW3oV9W#A1M1mIt<#qwii@W|)^Dy|!t zu{Z(_-?}M0Nj5ROMsSfV^d7Hl3GYYD7B0AL#-fQ1@&Y1(O&H-5xR7L%zJUuL-M0WA zQQ-1Q82;<6Dq1pQu*}U$*q#Fx$Gt0w!M_n%dcae+jm<)Td_JNnK!PYxcr^^6q@Hzm zyz_qkpi?w&l^In-LQ9-B%KPJtCJI39*0)_$QEVv4ptcZs6bLIq7fjSjZicNB_xm-T z3OxYm)`wl9I{)X#tqO!50CwwREAv#yJPyImBf|3*wTk#E(e-Mzr?pCy=#*m7wldS+;0>n$ zl;jh^1JFh{)vnWc57WSqEnf*Mw8x^JufDG`gryPT>7sKrCKgFAj>9HvW+K<#2#e)D zH~iEdLw#7N{Zvu>chf7yh~)-Yy$wG3>mgd>Dd7z4QEU8^K{Ae4uJi@0gqUR5Fm`M_ zb+fQ~Mu;~_)Io~2b>#rcp9g=lk8B{EosS{Ql4)Gx%h=;lUP&Vx9a_wXCj5 zke&>gZ7e&IOg)PSys+PviTMF2%){bnJOGP!d%jg>#5rWWv4m5vL1)TjK3Fb|j^`nOVanuh0OJEFzYjFDvUGXKNbz!AKq!ToW?5EC<@Z zk{M%!j5=&0G#gi4L?u};17OGFsWX(r{CVLm&jL`E%0!N*5jF}+b^4)ODI4*(5w>TC zpK38Qr%E>h`pm^#c0qZ<7w90egNhMCO{NzTS^t1|U(R|CAy037gG7k#~Q z#;v8*N)FEeVDWl_r@Q|qyVE0!*kOw5S;oRs$6|`U5iM^vrvLTgL+8i_%Ge>UIk2@Z z)cxBLcN~1V1+s`r_Q0r0c02=hyvhuLPtG5Il7uwGIJUs1onr}VS|dFbnKiyO!A2$5 zSOi|l)|$wfp#vgoO3(@&g?tk^i6$gU$R)HW<#h(Ym&e+3c(t8E{?bV9cO4A%05y-R z!DFTW2R$75x!I50(j*+Uz)$%?Mz!Kn^}0b<_tmpkvJ-}KSvAP073WSTi#(x7%WxJ& zZk9O1ffC36b}h>>mt@#g=G5S2=>krs=*j%qlrw7vgCsRZ3mJztg4LhkrJu^A8ayXm zpu)tAecL9{J#o({77?=0LoS#hV-bZHy=9mn*;zxmk{YDq>P@4E^uxB+R-WxSjWv`VKlJ)9$eRU>SQbRwKz#J4#Oj*W&a)s z!>)tjS;QhX7D`NBlgO#p47yRqbHfQU1V*ib?Boqa*hX;G;Y1nj%T^j{uIt!0)clvW z5zFSoR0sdQEf z3Vd69(vc4`*n;T$01o)l8SQ^;LZpC>`5_VU4KNxTRp3w-n%GkHKSLGh1z!-E04Op5 zoIF1x237;T<fCIrUqyx0 z>5SZ~!Ee*+J1iL(saEcORhtSm&2&sww`cS8YCl+169>G)3}xs0li4QDE1}E6#lxa+ zJfIZii8gUXSR_04Q*|?s`pfUcUR`9HKJ2dU)Gicle#)m}wXCh&EUrcaD4(d;wd<#R zvv`pooDzF-fL8eAm_tk7LfixI`~DGU>+TiA{!4H7v$W=8GgZ4#(l?STuSG^3oXslJ zv9m(CS&)XCa;`WPN#%v?+c(6b)N^Oz3?HqZ1gS=RtA@3k#3FJR3Ozr#K4N-&-Y=BJ z^XZMTt$~f0;-^-#>onF7Me)?YjM1S|)Qn1ZsQ@OB&2T^wdXYs@ctbu{^njcv#$uD@ zF_bf|h9OYU@_=0nXPO9)u4gvHn2zjxVTQL2i~|j15jN~*VpKN70~W(9!rUy5hMN)g zM^@T1!Q@+9)`GQSkq3dyF(s8S6$AWK{gwn|uFt8pXu#_R%U8_3Q;$xnwAcKZD+}9e zQz7yN=yiUs0|~;K_W!DVW&a{bVn;n&M;L$@lp`a$jQkiA|@DXI7q~IVDN1 zStfUsm*N7xkfffV^PAhJi_0sD>2DuKi}|TnKC5=NL+0+@w(3gU2&zl}8ux4{_wo6B zUVmqKTFiLM*fsSGV_d_xqF2&_Z+*|M;p6$q;oaeB+wi$}TIsH(a%a^7)pU+-gWiF=vUk;1KlvpmG^yHAy07r2*KqR4JB^MNgl5p^ zbymFS4Uy=oSce*|`x)HD6i0shW#FT^CfE1a)6tp8W9u%#Uz?C=$eTm)7(UZBu#BsT zzd*|Z0sS7l6$}R!)ootOn0p>84>uiZou77%^GI*3HxZQ3-{1c_x^ktGe5fUt%!d?h zb|FR#LnhZh?=of+0|t#qg9>MpZf9~8=_dJ#etUJp#}w&SnBiyAJx!qr!RmguFX$B4 zzXY5WF3Siq0z2!Vw*tO_9cWHW$p4QM^Ad^X#Qd^^6gy}oX=z&KZ6hSt9|f;jZ0j&D z1+<_u_c4O8z{*)Th8;+dC~W;B5Pv1Ny|aRz>#INJrmtv|PUUGx8vM*SnWVGjRpJw4CD4kL^K7T6 z?9Aqk7I;UK(Ka!eFJAlB=8?)Uf8Nw*p}GbvEqSp#8R5K^>>fG?0)CzT3V`h}YS}3? z2mS5kaMUCzk%ec2ZSjwwKXK~>Q8=0M<@D71N_@Y^Ft0}l++zep`QkKg=ZNxStVH+> ziCnPxzs@1fD*xWTe7vw6_`@hc^wZv~nKl}B-5^O{pop-0Hr9WS$PK-B$tw8w^@K70 z^UBY&FSQ5uFTPaDXApj}HDjZFODQ!mY|=T8VafDGq<@eiugourRkHXbh zJ=P*$A_Q7jQx!`(M)Vc2AqZ)OOu3%wD|)#@y1|2eL{!O)e_fF z#v5&TzscZ-jZzm(P3XT=`1z(03S&D8w-aDLa8U<#M8_RVUVaik%qzSNRER+A&UUuR zK?yM4m~~U-x8<1nUL2sBe(sMRI-rTEpzbP+7{!SUnUM@>9%@EB6N!jDStCxKb`EF< zwp_P4O*-z+ z#%)k{=c$=!Er=*k1T#x(96=38K!Tfgd}(RU0S(~QCO+;bD{GjT%+pjd5$$~*q$o4= zjK$ClmVQaid&N{#jvZ0HY{cD#>9|)*b%K^1P|<4v)XKS1QkzC)H@uY|KgUILdvtpK zDW#77uD&Ys`^=&l<;WFo#nqi3Gkd(+q$UbW`g zq|Xntk*TbS&j^Ye6aH?k=yx}tQpV<|V18k(3HEqtkw0}_N6|~kl$W9+CqqV+WE(h& zc&~H2y|~R>TEkcKPdc+p#8UYTg~^w~3F3i|e5bqDHQG`VzuKUSrP_>$@;e!G=6={J z&`s&bBI7_$mDcb(f{v_Df4Rv0fiNu385vXGX}lw#eGI`0i|_P_t|fKC2ocD=J&e9f zv{_{lSRak3`uWx|v)Eaq=Dx09m&8Q6J^S z7m}9CN+igL5q(nF_=^`t3J-1gSr|iITy?sgx*QjdVBL;F__3HIZ#k9SbfnT3sK0)I zzVkaEVqQ+)(WT2%_kS;HYJ2i)N!O$SOF|@!WUD>IM5EoW7g!tNNXcicc98(4?XoONHkXZj2Rk^EN>J z>iYQ2S)^3DA`l0QzOjdbTrl!qv#pT^OXVad(U^z z$w_E2VE_+O?B%tf51Lr+=d6E3mDAf^ZDQUADA%~1vwFN#PVaiP3A$<}^$5;g^6`to zwd`C<>QiSlusDDd{9IEa{b?bMN%CIbzq~lu{wY&9iFjquv`$v>SFbuFBN{o3{-=xv zQhS^eD`jRLqEM2K@BKd+42XB(yB;4B-IF2%u!(oey~LCyVBdW(-J8B2?IHfXHaydP z!Jib;l*ch}U)$L-_T6CrSZZ{y5`pS4ul#z1Taz+S!ldnVrZAc(gUlDx0z$1T@up6y2Bx^79oG}M6N398A=oX z11)^jKrHCi(om85R>ZZBzY7dPJtKBbq46qwR*aXW_lZlS7WK^aC+H1K8%O?wTo8D> zNU6ivn(uN2p}$~7#hnvH;4mXr{{84_OZ=hZ4kCv9`*vKw&jAZqO1JA0>&bkvGa#N4 zXE3TCkJW#L*XjCJ&_uQxD`1wAX%IDxS3LO3A80iCfWB}4{qR}U&rRp%PpYI+t3D)C z`6Ru}JrdW_Z#6BxBtDo&r$fI_tJiTd@DVE0cc#C_bzwk0`&3|IEq*z^Umh-QSVBx) zIp~|VAJ22CG;*wseWJ}55Toz7?@6=55Vyg=1;~@<(ocA39*~ZDWk2ibw;jx+R2vPd zkM>FtG2Z<-^9L%`MfXdNN!aIQr=`b9=5WC+)2{WlD<`HKC$&@YewpY#LyIp^X)hXd z5bb6C5-C`#iL6re@~8QpSysVi>&Y46$w{3s_~vS-bL2f|4u~g&Nxi9$LQtGSR$L#b z_8)UmUtv$1Pa)=C)+*N7{U*$HZHSK~Ju{Eq=~J6rSq!K=#!E+%E^V4oXn8J$z@IrT zjF}5?Dvt)dh+qbCQm+&{IsJVtsidFr9|J3hbIMKeUvkE<0;b2b3nD@8_b&(r7L zsX}@8mw>5%wsQ?)p+c6zhyo?>po`WfkOILtsX@rVc*IxwQtPk9mqCzo&Jf#2X`Z^W z#dyR~Xv^LH=3-^N%;qiEb`mFMGADI7^3Bgup%yRcaGN|5ln?)4L|ao&0N@wOLK^gsm6>^0%Gn_ zin8KGT>XnNlm>p0lfX$L52d02B_+HJ%{%?_8myZ}@L^WC(ldrs=#vpc`ak}32Qzn~ zQ$TUjbNe_iS-tKS+J%#t?`tyEGy#DF6`a&s?8(p__TQXHc2~3F7j+(E6MHg+3bgdt zc>wP_Y-=69XNWdFAB2LXI`@xI4`1r-ko41>_D zBjrhdwb_hHkM~RpnTKKroEutE>RX{=r316l38&#f!^MrroE34PHQ3$iikoqu?YL)1 zvj*iVUnhI+uO!a1i6x&HBMd204ATf&X6r%cBem;4(q9zmQ8ehK5#)n1JcH|&-0Mg( z@y9%f-T$TB69?*xd!}HFhSu`M@4esxNU>YFhCwJ4wJ9j!ak?DZ)kSEf zdaNj03PneX9cZy|R8?n_;uOy5LtRU!$wjAiekGb?e!H>Z%q!M@MnariQG{1nWTsEq zP=vniFO?{O&Y^=M7exSgv!Yx^CcQM6Myu2l!%LqcTwfpfAEkbR14%dtIMVM|3z7v9yJCWQ;-Xscd0I4BZfx%poc=b#{8U_?M6I5Br|66Dip-!cE$;&sd+R!0 zsE$IYPWT^wbn^w0Z7O!q@K27zby}91NthJ%dEdWft>$~1cyvaZ6kLP)Ryq95qD~-% zsu+*D*sPo8q@ixn(?}|9PXnK!*le4oVSZKsI~E+54CVp|DWPpj1)aW(UzW#03SO*^ zLaa`>0C=3@^80oq$XtokLaF0QP$PRh&jPVa4IAey8t0_8P~x$%!?8+V_SW`HVT-V* zNU^6N7a2?q?%?sl>7J7%l`n?N7n=cd7_;!b4X`tGAdQ4?A(5XWIa;VHs+cM!K%)=e z6I$H~=DTMV0s6&o{bI~d&M-Nad?nHXrH&^eL^gE3i8OUUH?~Mns}gA&T0Td_RdQ7g zS8*f(G?w6H?e0@=IDJZr_E|^~=?3$CKqCquqlNEpG;QSe&erjglVSi2iWCex0~>za z<~+5!kr`xiq$S1hl43K?JfNwFomNIp^k}}qLn7!&k{7Apz}|a<5>|uwM0e|joU&j1${kr!uj}1f?02i&ce}A1Cpxd?9z6}Ta?OtMow$$P zYrr>^LgGtR@0#(G(M;ou;@FE~^J?bMj{DRV;l@zmhEQ+dWs*LptE(mh^W^r`AKbYv zK4aEZW%5;Jp&6;Q|LAJ7@Y5OC=?q`|6mc2->m2ej<);IGucTC*urD1kFCD4tV}dc7 zgFZyOJgDc_r2|Xm2uS9{?$6}0F03vjDQzZlY$n>1`L?E#7JCPzbSCrxi4KG#e1*e( zg~_`I=SD&p>U7(BkWT~CXW@r4u)`TXGc6mO6H;{t;mtFL7YWA98pg~=12@fYSyGmZ zW0#Awkxbud1@JW6wp56@#P7bW^)-e}>Cu6ua|EPUqpnx_843^C+>`9R0{z}?+)I?E z%oNAY6lcfhAC+X_vX89JAXjJj7Qdnk!^m;!a-AZR3$AW-15fDwF3b zcP&f&I9R|;_o_MKl9L@s;uuJ>Ck^>c;fMDg%M|nNw1==PxG-Jr*ULu za%5z3@G)04ot^d~J~C^3WIo!wYnJ{#ay)}Po(W%;{PBrEH%M3~s2Q<2NNi5!B-)(N zvQ$jnbx%%TW0t2L{B$5txIa*s{KuTo5hb28_L(E*nIm1r|l zYOy&Q(dPR6uNC&<45XgeMHoD_!T5`|n_POrg>ByvwC~8F8q>xp{*tjvK>XULDL#Yy zMV&0GkTSWDvQYLb!Jp^7_SS(O(s7!-(o7E?UN^2+OR1T4`8~;v#v&iQgj2kl5ot}4 zc8Rs|g`zq5E!IS*mF|x3zjd1`-Jf_&BB&)J+=av4n+d#G4b?S*k`g}3pxse9h(udtQ8Ed+%TD&c#fNR`&kF?&ubRvpagwd4Sm|lk}=ok zHp@WF4#Avu!BtfHN`JK6Q>AH|qlh6t5(j!6Y%hCZPy1$sP*Y^T;*uf_?Id#K5AKr1 z*ZwuP;x*GBx+~2+rksDTS(y*RW#}|y=#DUFg?DJHGk)+DECI}l@y&{{!d=ieJ<)8u z1Rq)F944OElDJ;Wk0IDPB01V3IkA;1==So6ET_{br#q5c_>IPjwU8R3izC=Y=$_13 z9LrgZMQUf*pFsK7o)i{eNGev0FIH^cmmS@b<*Ks*OmG0aEXIFXY~D`$3AW8rW}=_i z;1^SD$@(MS=hS|6T@o*A20Lp8(nsh5%r$p=)w=z5Tzc`N`!#!R>)l^8vi5pTZ~sh* zDuIJ4!M@Q^O#G>L2VTVtcEt>zibm=m?%Xd6Fy7%GCwas=qB+{4t5JOQ< zCI74qjI_@n+h@XQUZO{Q46uM5zJ&gC-x@lLI(gtsU#NQCXqpkLPFc$K)g-Q_ig=0Uh|wQyxf)*1zW#nm)dn;wj;)%3)Y^X$ zgq}EZxjmh(ov~eVEHfYE_GqDgtdyo99Nz4BVe2dm7Rec%|MSeEpqRd19XpR!<7@mc zaiMA`>ol8Wp(?9jF@E;U8%29zkWfxC?WBTz*23hGl6gZE=_UWbF=X{>sm`ZV4GU$f zG7*0X7U~br(CS7s{q{FRY<|d7Y;j|v_!)9&t!o}$Uz0$0M5p1CV81GIr@~4^3TT*t zEjuzp=R!neTa;2wi-Vmf4_tD+~zZqHu4gSiXKzFd9!9ea3Y{Vi9u_46;z z!XCo3Vyg}t3PeAtVhwobBbC%bd<9rjV~evni20jexOKSqoFBiA!-zEfYNt{>h}6hQ zw09Qo-mBdH4zK;K&OaKN947FIya7G9YWm3-NI9{kh_^nrKvPcSTa4FogHpYbNnDro zBfB$iF8qaWByxh7Cja{Tz1$AU*?q5;X%qxmu|0Dv7;Or#ijB=GVLVFp8F*8y_-M`5 zlcsX&SmY<1x@l53KO0MH>mv+)y*m86Ikby(d}x!Z&D>-iiEB)`2e}M+W1fRik z=T_z46OoBV^A_(-ed;=pVPWd(1BO2Ufqw>8PJ6k>`!7#`5wjt~Q5A6=Y2UA+HMn-6$w(&_R zD>ARcUc{%-Z0SKoSBb4|K)@jdOlUbH=TqvowQw&n(rIEVchG++XQz{tI=>yPm(>_b z=CBFMiEodmcYF#+17nZTaBwzRh|T&uk)@R{j6V$*JZi%l>7#*K#V3XTY{N2$d1ER! zVa(P>lkv?fR8Ii$KEGZz6_q>+4dNKDoD@HJphV1eCdnXJ3Q+>#8SmBnZ2mt0#6Ua0 zLDE=Uy)j#nv0{A2N??hrN7gL|c8f&B<;FBd42$tGEE}lun4U;kF-&EJb1}=MNbY_9 z@`UK>)v0nzb?DTze>g=@{nKrh`;Y$BWcKav7^YH#9<8KFouc4n1l68I;*Sl&6+H})|ga@i7{JcVhl1dhL{+`WMVki zl{Qt#A6m?$WWpGx3A0X_#ZN2dOoCsG4}RIet;U>5ev66Zw*(KDQF1XPxfq}1!k%HD zf7)>?_|FIRG*dqwWV%!Q?|8D8{Kx-$J(+*|r`b12xstK^axdxi&Wroq z>xuISVljrW7{kP3WRZq1e>W(`7!qTQPmBpJzBC~sBx4AYF-%A%HOw;-rm(Ggr)rNL zOx@V5QDs)FeEmO*g|E_ZG1ZbcV_4pd`^EdE-rGgLvrY~2)9ZIT%gXepf0d@opZ;}y zvqtSD(;KbIw}ICKb30Kt#z)<>c0HOkFC;1?Z48k%#z)#jkLurnAz;6NU>oCuZ9?lM zJ&&J0Ee?-anaGySezf);!5l+ij`4vx?RO~9!!hLH7^a8Ax&y(8k3k^E5RhYhK#sJ~ z(u{*#jv+3`MB;L!g~F6gNREkw+p^I`;O>n`i%Z?DiqI(4RyM#}I~Nd>GE=`;*0$Se2@S;>P4il8*67I=_K_ zBkDSabREOeb++7ZM2p9e#bcNj54*CJ&)&sw(7PTFKlMKLhx2ke>UskWLQwp7g!;&n?TZ#VM#;Vu8`P`AdSfQG@=+4vYeNE zeSGw^tcSE=nkFHm*F%Jf48cUk2NShl5AT?*bT7!=EX#`NmCz>^?IT0>k@49_zkzy) zK$0OK$@qYzFRdOTm1KxYGE6FoRSz2zDrFUNAQ4m!!gen;ys?>hpAHgI;V3P5H zNugIgc>lRUP{|OeWSF4RT7{NQq9BE2h(a9K4>lpt$*)z%BSXHCVf#jDx4k(Pw2KVc zMTTt`ty9LjJ!mexm9_~;78xRo44W+Clsv>VGzbwHf{2U{B5J>dKtITkA7r?Gklts! zrT=&_9OXraxKB#byL$Iv(H;J30kw(W%A+7;NDwkyL8!CO!2T)K6(LoPiCgYjv@qh7 zhZc|_3&{8^plDH)>pc7NqGKu~G01SmAW_lrRd&E5gn5(bAmgKhRz=X|FIBzOQ@uHH zQ9WJJ`l#p;8S;n>*CPsuG{W)@cg~^oUBIA>bg0p}4%U~3W3<*VsDHN?&YVqyH^hrdK@exHExZRiyi4`(FR%nw0 z86<@akwPXCDdcvLEQT@AaelY4aSYl-hHN6^vx!zMBHvf-!CD4^B11rt@c~8RGS=-u zlyQtjjK~s3WSJNdujC=)7>hEIC7HHq33yz&#bbeQ0XO|ncjiMLcJWN3yik|h_(`dp;;TRnu3EI~-t2O+Jzhz!VfF*2*$ z5qTFHy(CLslJ$8>tIEEgGG342AYkW`-jSV8CzrkAfv(Q3soG2WW3PG0kvv{Zo1`yU zpT4vr-orLte3Vxq+K2(!CQEFSWwK2nfkqfHpzLHxcCt*_NfLy#TZXceCE3YxWvBg= z(HLNTTG$3fM`Gu)sxIYGX~(Z$zj_@|YcK;oV*DL024PsP?iZn1>KR*MQ;|FCriweWin5a7^JlufhSAAljQphc0&l1OEl zB9$x#al3~3os25$Gpbg{- zvP5B7CWY1JRvL=}mL&np`UI>E+-yvTc!3FS${Tv zH@&)bhyuOnkiNn|9?B9AWqmx<%BJY>puKk(=s#KVpDfdVTCa?CbuUJG=l#p!=(D@f z)t?-zJ$)yw{pdPba-FQtbqWrm;%Zz8#HGeeMevjL!B6cs2nah_f}JcAcH&*i*~j7h z?4mkSqnzgGKah9uk$tknK3O086o{o4?MI$GIeGoOcXV>{y7%JA(VLUrPp^OOy*zqx z{EajWOlSl}SsxS?!F+e0%DFF!v0VRG9xTys0PxbVFbNVaWqr6*q_D~dZ9YA_yefm+ zOJ4r?r1#VD%jb(5cKo;FmnY>dE9ck(hL~thSu&?A)0|RE07^FKa>Wt%rx2yGgi={1 zN)-|Vj=PdayU8!V{8G-I{jX&AkuWG!t1PKi)~8lQ3QF2%MAFI z!LzHVLs`VYFf36XSwgLwFyb|mn`{9mgO%+ACjV|WJy%A zOi_t*`R;5+hVRCc>2Unc4UCe`r$2qVEqmc0R{X$V-X>znZk1TFNGw?*mMoK4;@pM^ zH4oD+2}_nKEUi;!agD=_Nx+ibDzIb`Sh55x*)IfGvIs0$0+wtfV5vDPJc~aqjDV6Q zK*_QJrS2N51*IK11e7cRN|p^Mty9LE)txqm_wn67-4S`Sinfv^TgkF*rFDXmwg<>5 zS>lxJRyie$oRTF@$@(~@O|}O}BUz%6tdB-ww+Gd5sfES>GZcYHmJcGexX%UUBTMp; z<;zE`jV_Vj5g~qL2|uzv{AdFe3o{uxMV9Lnv94^?w=HNCSu%<&*C^UgId9&Y6J7GcXe~97x*{0MgpVx2 zN0tpAbr`4M;60!jGL@~GAsa?mmyAl1B_+u+m82Hbg5fQnTHM1zWyzAVWPQp~)EFa7 zjG@V7$z-xVlPO9F(hegcO_q=*>qDAW*PMVe4CMoKM3^igOqPi-seL2QAN7ltS8soQ zBTgZh$H{53Os9z##?706!=|d~x;b*1iHA-pa!x66PAQXf>h2#fAR=LnNKtZ1NpecJ zDmkSnIi(~yrA*0*cLBFNjhQ0$loIxo`mm=B+z5+>vQ#Ku8s^=I;C3=awkajHDP^)v z>y=tu?=mc7MrDkHQAi8b#X@zdP;us0L#HlM)R9usky4+I#KTEkr*?dPR?lD1se83R zvRm>a<<~}+szlg}`V{q~l=P&OsVAjojR#fO6HgIMN(oI$eQ1)jh;<7P!|h1XRZ7WK zN|~+_tK2pJQtCGUNR|GlxbT<&iC0RQyb|-GFXxb|KZpyDnT*_})aNdR7C!Wh#uQnm zlvt+J$1;VM*|jbc=^Q|cP*X}!QyK|sk`@Y+8VO6OPgn}RicKM9oPXRY*Qq{x+H<3p zy`;03WH!QT+!T$al#Hd6Z7eZ@qsFi|gWccdXza<0r@fz!PpbL62g`%orNLopC7mf{ z>rCR{++0!}TXUvzFToocAymw{1UjW`&`BJsTOYnERJWWOR$5o9t3#tj4k{%MD)n(t z@uHo7st%kCo)1hBkV*-VO1Xg4J~xhXWEix^GDSZsB|j=<`%#jjhfndP$U&vVL8VL% zidTH;pbAB<ibLDLSQ`6}+Jj2c~i2n^Gp<#47P+ep$3aJ1}csCP~+Wnw&4*ugIq{ zP_BKTXDkTIe^&wE3KlZl1N|6t{ zO%aSr35-g8VAPj?$YzR)R7#3e>Qkh?utPReM5Izeq*5j##jlc+_hp@Ikgtnc2}f== zdh5~%v3Ee|RLVrBSP{Apb;MsD|7X>QYrG7t-zd~gYS>P>6d9_N7^;-XP^o<-aPvHk z3Etjsl0U6DzIXCooK29YN{OdRnLL#&<_LW!^rlksrc$Oi#VfwF?}V^aO0ZPQgr$mx zk$FaaSvmHH12;f-@a9D+=}qh>1#>OjNc6jqWXJ`P!k#rBqj>R~dn* zlz^y|2}H4qzO2SKE4DZYO!fpsr9L34{h3cRpi(lRQl9(yfwDDUweqkx!|QeA?toQpBB7!ktnd?!;c-J?~H7<@4z4yHix3Qc|B% zpZc__zjSc_6DjRZAOV#U0hRg)C}9cfdS3LftIJ)!e-2vKouUwxk`R?f5~75KLii~q z_$lSWPmD|I`knJ~sp|RUdOUEQPFTTH8k;{psix*nj$Z$CeA0XN^6Bv}@=hqaQ7O4m zDc6nat{>vPeb5c9YC>!(C2T6?VpD?1!}BAOQz?;CsgIlrEW0#MqC=IELzQwJs`a;f zuW%Bo3iY8sy3WI2_n=Fal1r5`U8;!HrD}qs4b~8>N(rn=nP8Q?QUr|D5T!~9rAnD7 z)duPWW@>_^QYI|5zFve0<#D3KmlsnsSyHLbl4?IiqXm_c1(h-_sP(U9c-xH@R7w_9 z%Cw;FFR}FLMDHmj?hBaC?(qngdk*ps(vb~{Oeu*>DN|%xXRIwvxri>Mgf68_bcr*A5oMVtB1$PC zN+}aj;uJgHDo>P=Qj(EUri{cXd+<6*l#o)AkW!|E#3^#vGD(z>Qj(BTpM=zYJB!3o zO2kphC5|{3@%Ado@u=*uxaIEEs`i)9U-W+L9Xx zrc$&J=b!3lGt$~Yw3t$|m{O+2q%~hd3tSwAAX7>pQ_2LHBn6K!PDHCIC95g*Sxte3 zm-fXGa7qbqN_~LSN-cB!hduPUz$8qhQ|cp~0t%XtEM_LKK#0^ z^>zqsr37rHTwqHOafBWR%3CSPTPauGViaE5<3L_3C0;AtDzB9yuay$7l`?rPoohrC5`}|!F zyqb(gZOrtdT$Pesl``e3bd9&h(zJ%|R7&nt%5AlgJ*gXn@S0rN}1Rcr^sP5y{Jm1q)MeeRjT!dHbV(2BMB;FN>Hqe zxP_VC3=ye}5UI?ENCk#Tt;))o-Zv*luTOeEzj_|NT|7gJDkF<3V_H=5*xH}%&5)kT zh@Q%P^i-=M{`~sY$*U)?p1-NSSAN-h_U4tc)|%dnqc?wz5VOUYEyWx^P2Y|=_6&E1 z;8jN8RmKFb)cQSl8m9(LWM+t9WrSd5J_IXHxx+`B8CqExSy`FS$_gvHa0HT}nw627 zmHE`HRZn`l{;)XosW`*}A5wvtKnJ71U)uC`hUivC=vL-KxBlBqZ)YfXWh8fHKDq15 zpWe=p^va0z%6z2P7dE|}A?%eA?3Hn0FK)%$@GjM3xammN6kRLBJ6@7U+y+}_Yt}n03sqDpeOwVLCnzhw$@0HVSmowoscZSqfM$}fu zq_(>E4}YXN4`r>4WUY)TYpqehx*doy$(++SZ&8NINQTOoGL$&9 z4a~|T9+eRul`-)sQH0Sas1cXS2$#y3xRhaqQjR~vW+D-f$_S6jn0OSw*bzpN$U$Yq zL1j!1YW<>1M-~V_WduKEO!%q0vB_!FpEA;)GN%5-D6e2{y6DxnI5&-mR7QwY=0l|Z z`^-%vK9vzZm9g-tSi#4en?}7VBfTo~=~Z9a+%#fV8DUl#6SHE}OJtPiC@9axT1tlA zRYu-b=JT$?f|&1@U`NrqRD(cq!7;y+iIw?GtO%{*Mqdn|tCf+fmHAw)un^tncF%bs z%+70Ewz_Y@ZwOG{%1GYInDW-L!T93e5Fq505#*IIAumC|5&Cw>cxA+RWj@9$tnAXx z9nxMI(Owyo_A=`i)HMrV&G$=%MP3<@>&l4h%9vc277SPX{7^EU%#$*64+1m642<`DCmO+-A&k#9(DU25XZq$&kCsh`Y)naaUCb!u9;}5BWGgSehY> zl@W}UF=4E9jW$S{%MilK2*S#k5Y{>+tSfp+DUHh4kZ1ExL11ZyOjbrrR_0@}0!xo? zO~s|g#6*r(7Rk|)77CLPAzGOa(F(kjH4?eXRmJ&oc}ERZt&CKyjHzmAD_HovT~{?j ztt%s~D`RS1lE}mJIFel%kzE;+?BbMNn$Z#H$_VJnm_V2AuD=#*1*}?*_u-9FKy|@n zOL$kt#JeJn@r$UUjbu>z%1HXke9~8x;35oU&;!fJ1Iw5mSo_0y1idl>y)q`~rJ2)w z#Y5uWgcp5@avo2aHI{ zKAPpy!eV|Vc`IYeTb#nKpP$`hwK_k$Cro^MFfS9?mHEi7_Pc&aab-ktWn7AjQE$UL z35arKgmPs}lxv+bi(5m?rlfFXK836OTa7MOMlM#ya`SYJ|JuJd7+EGRhN9LuFtn>KQBCe{p#oN#Lz|Gs!P6A z*XLXPmJ&l3ajP!jR$U)%wVA{)m`<)@Wri+tR$bz(x<1ZotC^vTWL1~Qs;-Z$+FWMn zB23jKn5yf8sWy}uy68@I$(`yl-6>9HaP88xwf!Vr^r^b!Q+0hl)qk7)Bwe(wx@28- zeb&{Nzn`Rwd{vkDs_sVls<8beT|}t5giv*T2vuM;!wn^8^G~>?r1(<2RHTdWRF~kX zt`D9HjHD>;e)-lmU=dXpv8gU$Q(Y!D#ck&{x~HUz*i@IWsV)74aZV}e;-;Q6_ zTT0&aeth-z<XMMv^$A(w%*hIwYVlHPFRAS*H=qxELDfZHt4qFC*XL`k2rlF0&ihizjmV>o?~&W; z61UZ5a$AC6W7HQ+{v>gAnGzSH?BeQzIh*jUt`Fa8{grYTZLKcZT3x2CwZVN_T_m-- zL~3=Jq*iPDw7LjrbqUbw`T(u=Z!Q$H2t1eT$N=^6uy^o+YccEU@CB3T4)T`DiVk2wSi{YeI8%?S%nN(e$ zNwtBhgZYJUsV)oRrUP{cZ6BjCqLIsViSr$_8SJ2s=6dqb$wD*a4YNb*mxxFJE1StC10xR^QA(IyjwP8 zWrHOyHD+A$qq;snN?K}Zrw@IoF8NShpAWTx2NcsOc~4!R_ax|B6&YVzKFqAdI(2=l zlc0PKLvE>mVo&0%}}J>-?T#4B}~ywX}ljN0ErC8X(910rF)@Oc1zFtqtWDSN6{O_;+c5xAh@H7 zP*Rtmq%IRmV#RcGnxZVe^g%)Ws7v}$m#H7IyQR=CeVn-EK>2*<=*Q&>uQ#ur{I&P` z=s%NRt3N(@{_6Ob<0sO$jOZkF$w}%moh0^fqF$%=)A7sW*Uz3TS8_#PL4v+gmwcrz z%U4>j_sv*Aa@PW|@^;5wMuM1AmoTTU4|8hm3cQ=lC&_t#I0}sk(>ifaT_5-Kr7a>s z5voffRM#g$h1R@9(=zK12Ge~vvDUvFjy@Od%(8(Ix0cu$AWEw1qoiWAmZ!t<02jmV z%;wYUvw2yQT$IV~16)~JMlNnDvFAV>RoBN+#b_#<>tD+V!WX`xP1Plvs>`&g)V^dI z>AqIb-P36A#*nz`5^>dK5?8W7v9XgC9=jkUTy>ek6|eBpF*LeXU2?6uKG$kx?Z~*Z zc(k#*YR#}UxVfmjI!fcNrRL#posrS%5~J1SGFm1Ls8lQ7J2x*-ysCx$3IeveOkhhC zZFtSX{sR$NT_%ymD!aI1VLyRHtgcVQYJb3r_*Iwit1c720vi9`%U2HjJL3C|xtnyW zE>pK!D|frc@*80>(W&Z^Q`KcURqS3=acvh(pS0YVWeKV3GLb6LOR2_7;ziRgZqg93 z>Jnnr^&wX6*EN)>x+GI|nKBjY;?@%=A(s+!Az4&irbV?*3n6V-5uoZ4K-KjDR2#V2 zn3%|j>P9l6{y033vE>oXs4kgNU7s1Xne`|LLv;y;>iS?P4ruK9QTe?1z4yK0r0hP; zhm-Mar}kBLcBgrN&^v#yGaS!rLAaV$?ad!Z$DL?Nb;*+IMzW;JAtsgo<8(OBDS)#g zxcSX6q&WihsV?bLU7tR+YGv%c((S#9L5ZqM5>?kHQHje)3GDh`|LVEtrs&^PkB_v; zMQy4}+EkaRO$kb0J~c)07f+A4{Fvy-qUtg&s`bh*O&VxUb;+FS`pl{D&7Y6v{nL^A z&S3bV_}|mX;B)bhi}~f~`#=2tY3no1uO`#^qw?nU-{p@+!&BGU)Q@JUAmm-&P9<1 zMvuRq%|DOw*+rfgf3qvaBa5GYSF|+LJ{2+L<(rT17VQxH za5lM~7D2j8@o+wzkLs4}&e~EpZe>$ewYk;5@w{jpo6UCh{U?*_rYu?i;7$3TPIijc zxo(jiP4~aAFRv0eJv5vaofm3+lTrEi_rDkRU!Z4D_Y2~za(*OSfCI_CPW6#kj@{(R z>E`}OJYY?2)Pu%8@_MoIb8S@EP+JHYm3F+jqv(|sg*V>fv_ z%ah4@GQSwklIkf<+%F`>m+#zPGcKNq)6Ypi`Qgpehh+_t#Q+_Gx;qdF*4Qnc*`o3l zam+9J^W>~QPEPacjHhHcF20#3&!0Uxe);COc-V^uKvsSj1=nNXNY2LYBUyS^pN+1IN77Bc%|6c_xn_R0f8kzC$chTX-+J&H$*a0q)a&6Sq@XaQ ztp~JmhO@T{TCJ%FDJy~%A=I6Fy<0{p$yL zhx7;^9wEJc<-6^mYX{kd3|oZ*Px<8{vlVv$11emBq4f0 z=7Enq5M8|T)xR5-6&J7kv#_v`f58rZ5dfY1Or13qSee@orAVfkC?zkGRrEgr08v#FSe)+Wd$@Vxt%mI;y~F$P;z3=lCO z!@x%vZ1DJY)CveI@L2_nvdusBW*3v`yw|@PTvs$u(OSAXGN@NAEk-px_c}D6x*uKa z-RN`dUiCkZCjEhMVHUy$}yi@7LeZ*Zpd*&DKI4kUb(|b0(2CJQSd1W?WYw;bVMZh zgoNO$h`zad1Q0lPUyFrvlobe8V7dytP|D_`;|8)9jj@0K9?6{5% z1mn6k;(#F85@6u-3tCTHs1OiBz%&S$>Hj?08C31#WWQYhPG9ye`s2YU-%F~5R^N=^ zZN}&j5JSLJ2vo$w63VEf9bCo7v^8p+ zhh7(!DG2bJ`Vv{2eRM-Kmx#+`d{B(gif^fZmKEg9fA(I!>K(s+{pxkVnZpp=@`zSe zaLc}7yt;Bd&Ocq{XY+he1RU>#NmwGiJg0S2!3Jv}jpN+v;xp|6e(}Xe6yOO3b!pk7 z=}!A{NyD+P3%XrX7wylwMC>6kK)F z{Z~Gn>{O$x7;}Y9)}Rh$tIiI32E-Y(Ii9WMkATzdkSidqfIWGKu2#$#L!%TRl#@dITdY$OpJJ zlJ-V!;~4R1Cutu*qCKb+?ZGAw2M-gF4ZD{IE{u zhn!^IdJUs%@TY%W-#)vQl55!Gc?cbc!@A>e$muwIaW(D``VEJ5zu}NGqTO<|ds(=q()9y@f;e5SP&g(6j&WaiYIX9_=Rc>F_cc<*N99Ej9}dp_6e~cQOvQ zxn<`NGW}tl=?~jn3ia_~ILfhweOI)wjZIPF>C{6=--mVjKICe%qPgPcTGPR@x3=ug zHDcUbyiN*y%X^4K0vQRsVYFa&{NCJgcF`Y>V@({ZPQzAM;tIT8KtP<~M;NOPY78CX z7&^QOWI+tV`481WkfB2&Lx(qq%&$##g-QPWxLIYyR~{XQ4nYnb-bh{;$RdZt2?Uvk z4ml4U-iUwwK*UcD5)U0R9y;3`-m4B`4js}QI&F{e*GLRIiz%!J%dviVW>6h8Av%OY zbeOq4;u4_7rHGdt5R~YUDA8fgfAiyvkrYsv=nyf{X>FO7v`RO0qa|+?$u~-*rD_OA zOX7&T;8`M%F-*3#BOZ+I3ek3gv=D($L6bU*Kzxz-P(r9TK zMM90LU6Srxnp-bGXq(sN@@>f2xkve+G((f!)9Z739dhP~OsQ+xu#lD*l21cgEoGS2 zUWcfLg0y6id=8ShjFjRRZ$!$}y?6-~b`-K|2uVvK$!8=5hjDYu<9sSEJ*Kp!n&e}X zf=j=6z~%c06v9f1WF_UJmBJsL;5}gqi6uqGl8S^ZNek7G{Fam-H@~r-fRDrZ*+sHb zw1n~=GipkTI3?xtlvWMVmwT4(uXg=eo;*1@`nmVy#naxim(NbVadVBce3YNf#j}hG znI%QelJY@Ifq~$NXJ^p{)=i^3oV#>)`nJ?}>~bB>Z~#XLC%^tGjTaLzDNc&XI7#Ad zq=3O-vCOE5s~KbPU=FP(Mc9+_X-_L6JQT&}9n&p>k2ab^LQ0V#rF@7~)IdX5i7FJL z6cJI%XGBE_K-$ws!$}e1q z)gPz*tK{r-GL<*i=rAdQn3PXqS~ah?T=U6luFGLT^%lla21P^WEQ4QvO;)z!pAI_J zs|)wP#h;}iV;_NBC*^~kR)#EVvC9d!BBJ?&YD^R%1(^mGywrl3lgxs9xH<)u1HUS| z;N*i)lp-lg`KYKkGi)2rJ}68nBBqqjn2H-|aQZ=UN)b7weCAY~2&DN3y(vZDl=6vF zt13>$uQ*}(2h%*!Q_5#g1s1!Re_p)#sZ2lpky|Su#Rw*A`wIU#$ z@_Q~p_W^AyMYxsn=~jXFVUVBquSav?MhJ!Al_K#<`N*qP1?E5QcfYH@96bJ0M}NA# z#>rTFX><4vKo^|TH7e@XvubG4R2%u11FrTCnc zV9}=Andy3R^4<=jR*FgJm4Gb86tW~4wR((-A%OUd4$P_qVkxGGB`JFK z*pveoap5t;l7gj}3>K&G($*WvD@Ep&@}XDlx88_ZDblPIpR;1N-pg%X4pMUKVq!2j z3V|y{!j)nYSKWxqU?|XN!`8HMrq1$E9bUo}#2DPyLhVWsccqx#6{F(Uk@|_eDc*^ws zQ!mm!8JbRtP$$Jzoz^H}qce6k?_U*nUN)xqc9Tzp_H7NfFefSW=Vw#a6d0msjKQ%KggKyU?(my$We4MK+Z3;ZR@xer1J% zlp;b(`3$KqY|FAjUrG@$rF_EF23my1sjSOmS>q?-`YJAfeAfn`jlXCV#LX?HYXYW} zPng=k#l=iZf|OzsQrzZt$IVXO1FD|Wbw7Ww=lXGrNh~d2U4j^uB8^J5;iV&B^sp3xSjs12wck#mbft*8Qah|yWfu(#1R$y`O?fqPj-;XCB$4T*DnGGjncVOpm{4QF52!$*~M3(Xy zS;C0_I6NQZ=Slf={rL93{!3b5>{*bBrFq+4{W4mPSZF9$70z zu9fn^R;_nJH7Zn^6e`VBs5qCeaoAYh5R50|vwXqG4DdVkhQr1$K6p^-b-(=bi+E|c zM!HH9U8Q|=)duc{#zJW-RC`&oZX9-o<9g$eu#wP6QfVToG?%1WqwvBSsL`6zWKC(G zHMN0zo?@X=D%6+pHd!MvrHPo*K4OY@n)SPU-kavLtI2ql-)VsaC?6WlC{1RRW|~pv z{#|*(zOqK_NfY*@nb^}B1*|K5^SEc}3s#NLlP2g%`=F=xs}rJ5nouY0L!H7dX8n31 z=FzuE=m&@rF~q~COh?rLTN&wv=4>iEfFnU z*gHD&vycDK|Gc$gw6SD#7uJmKiWiM)B%?HuQJPCeW%rLrrFjmKCr!wc<|0pPl<;QX z|NI|1&5}PSTHO6dzDX0`q?vpZr|h%&^!jX`%!il7criaq<}-2GF^iGNq?sZUr|jk0 z(7iw#Pb0*n31ZSdh-m|j9cDGsmNZve;#|!7lqvTp^v08q)pX)~RxaO>zNggaFKP0Z zG}B*Nb}`oOmxXRQ)2JtD~t5tG%N)Dng(+xDGm81Z1IT%sv(k zLowPd8-%^0O^~+12q|fTl(Y|0+Q4PS1WhE8W|Byp%NhhGXmpP>xksAm9<4KA4B!$p zQb(GoBh93aIK$ff)75BrHk|iP|CLWCJ2*-aKd`7CX;P20Pd#e?fkn+olV+runi1#H zhI6^3$?5mVa8* z#q!T?(jjzF1L8%R@FMNQi&jlT9YkE#Q2cWL@^ln$WdmABnk*#Ew2&k*Mp)Z`B9bN% zNi#(xPT{4Q9$h3&E|T7=i=@#-(&Qp(pNkYY3|SnzU9{<)f4UuNZ~jyDUc7pJ+Z?BP1(nKg}CZWVwJl3e4n{8<^ zPm{%@nHG~;f1SA@N&mL} zCXIfRCcjDlhWsXtev>A@NpIC}(&#s7@|!f%Z-SS7Q&T&9a?ZZwRVO61_3N9svnb+9yc;1{wpTqBK!a+DAowX^jDLP?|U>?c<=@Zw%0I z(quSkrs2eC3>y1QZ!`*vb#5idm4<%!81Bdnw%!>bDD%Dq#iiJ!wps zi-}P(K1PY@uVQhF^3OkC<;@t%!%L*a$9zmUl40UVdS7*4v^A13C>$9Qjto;cTCa>W zl3DTaR1cT54Myz95O!pk*by%Zd`dp_N7uQy@R$}!Kr&kukPHe)h6E(T6_8k0w455P z9)#pEJ{~=2eu`1>MUPsR-lEd(xW-2qD#}TQ0 zugOmNR3(q4VPPI6Z^`()r6^(Dyl+K}t`Y5((JXH7Ua~kTZV|4ug+;!}5Z`2cd{dMd zu?Ja}Ut0GOcrpY$nMlBsv{0CKiDNQMj!Erz4%WY__0=qL!{GX=di3R^M&z0daZQHF zHLVwcw4aMClOdML_*kY5+B>?2f~9 zuf$IKvs~Izpp0ZlMlwtpDK%>x0WWSSFrN{LWPBu&w1_kWD=%<-o3M4lfrrh-9-6rfw5b$Jtz*GA@3G|!{c}|AuIkB#F zW4FU-BmyhSu&sC|b zKTF$R)SnFLPsXP|t*ThIy)~f*F(*TqlVM^`YZZ~kzc9_cFuRfRWSGhmujuvM zh`7v{x`=o(OyY@E<~!ztljzsSh^O|mAeu~uOeVuLnOK)|aVVb4Gs`3KinJr2H%FVvkj-R# zHq!>KET%qUn2e8M3Vu+_BMyrHe!Y}onGnm@;_gQ~kQnjRzcflrlH@uWrt8Ft(tUQS zHW1(YkMobc^XcT$z5KuG&o9bA_sW8Xzw}4<$&mYGnC=rhO!o<;;SJhOhHNLpw4G9G zcn@NKb~Peszsvsk`n-Quj9hcKpS1Dn8s3!R zuT|d(uYzbn8M2@Z(}H3}UVl~xzgRX>#kYu3dRx(rGUP@XpBokPwq8vq1J}*G`;IPt zBihZxZU>Q6hDlO|+{|UjQST%6M2ML(K4vP$eO&o~E?4#43_0-LVaJ9{DdRJxV%@vo zT!?a%AvwyhXvQ`7C++=7;2bGEF|@drQ zsVHmMMOVv^t7Vw3R@}O}NJ+6PE7Dtr=qDf^v3Ellm)R=D zWf0>sgmD=k#ucRnsitd5>6l#Q;~f~u!#F^!Lm=d32=X#M$SYQL@E?j+2OJAzHmG|U z(!C5*_u5Xs8Qm{K?w4V@U#zlAUpAxpWyt(8TQ$E7nqP*@FXJ=6qLTu2E?3BYdW60V zL0^UmeXTVS8gM?BLDI_*>1BMRSB%MbH!J;B*ytMFFGKE^VY*+UnP!|#zaAH5aPf$n zJA}XtL12anfw6CaOIe|}0JALtVa5l9#kvKzYc1uXv(aRhyYNC6U?DYTbiH*@TfzJG z-4;rrh2l`4EiQpzfda*)Xaba=L5l=;cUnquC%8j!D-Ok49D)XScPrYWee?akzu(L= z^UO1oKe9P{pE=ptv*+yYeO;eWYQDH)UaMT5_wjt@z9Tx3MFp0mSfdF%mLXI%UHB6( zNyRwf7L>Q9>+(-rSmsQEtsj0filbU!@o4uVU^6!xGA-O#Gvc`3>mJY#A z8^r_8QaXS2ydw@%nB9j!bG%v~I>nK)@S%8+x!<79fihB-c_^O5JXPt{!OgFMltw;v z9aVJRYjeeywc_uAX+vb&^?KNyz{kc(PlI{_M1SZMbCI*}3s|3eYef(xGl!yT=(to* z#Ye;cnY-LStJDD2=GSe8=$y&0d%aK}=@bu@HATf&!&7@HY&`vK!W?IRh(};2GY6t> za4SRUyY=*};*M&%-C?u~sGrqhfgs2icGRamdH)fTH$7%wx)G@Q}c04;57 z!Wf7G;c-2f9la|LquHVLU;v)fD!9S&egG5pO-5mr9j#UG3EmK~nX95(f$Hb$&ve`J z_0}lK;lLsz>EwAGWIIsJXj(P(Nk0!#FgO6*T5wVtZ(>TWgwo%E*r?0QNA)L30P zNeq%gxll|$W*b+9d&PbtAOgwodHpk=j|O)KIb|`aDZ5-PnmO;wH9!hAcSV zXpOk24Hn^>LPe7AK=q&N60Q}Hf_xwNKwFLYANE1Urmyz{=0>%VN5X?Zz9+g#k2q1- zb!Oy1SGQVOX%tB=+%HJ$mQW%OmNW)Dkg3%&QX9^8_$rT-ctwV_a!vL6bM;-KH@6zE zu;C$tF31!8o!5sH1@{ALJI?Z}HsbrZPt$T2s#u^r4}K%-vDLW2#mSesh8%&ldd2i9 z4+Ez)aj&^C13(Gs7(7*yvLpC#EcCZ~#QyR!XJ7d5%^-)w>S8|_x*e!~yDlNdZ|!?I zD}P7gPRi zvYjZBHTVKktG%_t4u(7-(eeo2%Hdk%j5@qKnRy*`6I!Jc;f`t}L<(zdtGsi+k$*37 zI?DdD&5Y{ot9447$>+0x&S`lDc5^)PT5*l?dKp2C;kd~mA*+4Sfipt@y3F3^<7~=O z7=0};80bEGSyWx%#Lc5}h#zZf?pHIny#Z`Q1>uCh!S5U{Clp-p&5@N6z>Ojmp+Kg? zvh5qLg(Or$&R1!|?+Nn8%44K$#Kr=iRp!fY4aGZ~>wO&Qjym$4ryZ?inefUVE;#A6 z^sdg90j6D6Tj~{;WIv%bVj2SyTTaX8*ohB%IU;7m7+wtD0PDEhV4!*nvwVIQLq)P^zknT8nQZby!?-GQ zzjj?4Z6?QjGH08lrgsM$(+%}ogktZ&S!tJE)<-c2VzJtwEEtP-Z~9v2+*_;aYOwU{ zRJgO*K^s2qM+TsYNfO4Eu)F*3Npg~d*^`<2JfOKEMJ)sdxtiYU?cQ+?vw61y@N*w~ zS!)&oD}2M!!uqQbt5$T}FiFwp>0&hQLFD*hjhQTWvE2teH+%a!fna`-5cV7T8aihR$lSEUke z-0>qU8&3WLRfON%B>)eX2dZ1|sn_M6C%nDZN!l`1Y)Sr-@2gP<1n4$Al|4AlI$bv$ zVzD^6{rYQ?z$*bJ@f{UYn#8P$y3ycN;cO*`e6r#lCa%P&yR|MBz6*Uo`i}A*Y$!6+ z`YR%^pN77V#pgQUYg(7ExW9*Wcr5=ne^Kl#pLS^vH`mFSnmHbIqfjZZ&TiC%5TS@L zFYk5^KM4vBZcZA)#I?-h+KoF3=9jfoQPZ(lWBx1nD4ZwfS2s zHT6Hro-rQY%LGg!$jey)J?TTd*n7C&mG(vYdS>rJN%k)n*4rOQP5v}Zy_)1!uglG< zHo?AsqoeYw58l4!u``J|T<{gngm?@xh9o~b_pSBR(3)$M(w1B!|LFR( zfw!KJbv{_GfR|la&8|k`;zWdY{^u-yuQ^-8UxQrXcygSUs&8d|3aDUv?z!f1MOAm& zkMhLcVGB06Ktl~Mr5g?3-Jf^Z5eGDF%nGL@NLRdu>blNw7=`l;E{;Q5hyj zR-y!wO%|yR+D4;W+#9npl9tm8a90bkR||lTxTgzjTw9bLv9i@*MIL@;Sm-5*3AH*W z$`?i!3(U#l`*ft{wIs*4B;PEyO7<}^b%|oeP-P8`FHDN$PVw$^Z}`f{ZMfW;Bq<9 z5h^Cj%FWEm4Hx#Z?r{0NzWhwHNk~j~or`&$3r^y3kXUU`rPba{)UFCvs{t$4fc@f^ zaM;Prc|rToLbbk@(g>HA-rAo18|&Y*dR$&NW%J1naWM~Z!A;y-zo!}C@2Lm+8YuZ1 z>~9=sfqb7Gy0GrQUD2*Yh4h6l@dgvE&4l4|#ovijylDP2x@&ZtfY#_Wm;&`PYC1hKzh|N|6$4-U1J%-)>{})}$oDIXB4V9b? zsTD``Tw5GG8juA&WJ+0v)B_VPTO4a)Yo7M54#(~h3N$*Kr_l9NC`(LZQZvVqdwz6s zd~`C%O_bur>-w1}kf9RDa6jQx;A1uqahzQ;$WCNh_8S)O|0Fkaj`lb;(>)91M-)hZv!^~k7s1EqO`{fT3fr)sK& zi5^n={*ValjRMH47)^gG9Ql{r%rCi@*h7*TLXt^Bl0ol9+ctfU+k6{W==+~X1LB2R z5vVo1=Z5sUQ}bM~abCChpk#Z^POw@hSg{kFO7eEcd-_rWc`f~joB0tp{E6oQLRbHQ z_cBfrQ!NLqmIGGI0sB39lmF2^OMg*OUX_bkmFv>WndIV!=(z}5O&7rK1OPYz)WdAf z*(%65n-IXJNsC|K;;%Sb4!&TyO>RKZ8_>eHjlXI$pg}9pz!fO%-L(I`{C7^~@0{>J zyF)(ia8?svcdz=5{dvQBnp#~epZ`qut`@QQ*sZssPACm7t8`C&p_406^a?cTVcVZ~ z-@8D{-}~O);{7G&!Nb&J;ic2QZkxq!|97a1)6l)f|K<3Yd72LdMHEt z3WE9yAfnL$Bf9lX0aIZK#{uyYD=@LIPD5mK&4}4%#K6d@DxmC4P0UH2&x3H09!SiB z`>_P9SOWG_S{nSGvRTyl9)?YGWI&PU0m$_L(6o_uzbbuG*gs#;Jzrou9j)fR$M$5e z8L`_uDL?u&dPG0{<7kS3viSB^l4Q!qg|1UaPtwo*`bz!!`!d^4u#nbJ>|FstPQl`3 z@-0KO=bFyFbI@2djr6hpzRM0nkiSSk#cb|D@OH#s3Pt5*>OA4(c;V!m$!1*R8=5X( z!@H@Ijd#Jbw{(tNmtS1sr12eIRL@8S>F+acK8fJ6e_mZH$)i6QxRys)Ok@qlvj*#Z zp2rBOgt95zZKcB*Fkn}`ebPDPo0>-noOSMfucw3Im__ zpr7ZUA$bO5J_9b{dQk{%OQ!>w(}D0gv+)Hojb13U7n%*~%|Iqn;7`0xHL+q+FIQYT z)<_tjyg&Vf0Pk3g(|`wPz<$fKlqO%1meB=f(FNiz<(xE|(;w{J)TQ+ZhBAT@3&hK9 zeMC0Y5d+Zp0cbXa;@-U+A|)k-c?hKgFXzmRl)9q$VM_e4{rrJ>ho*6A@BlTK5oT(# z3Xru2GTQ?$olN81eYEiDEV?|B@8@pi4%(76P8J4@fd0Skmqq6c?n>+I4b*x}ZsU^) z;Hl-FoM)X#pi4vp4XL#ggRC+qvoa^#$~xU=H&y{0rT~V0(B1WeohV!)=47 z^e7sF1sSTIx=W5}fCn_dutMF7m$-qJfG?JS7awf$u>#XzN@=h`^w9L~=cara`wP*^ zKG_Y>$g_wZ@uHa>*JwYl!Zy84r}qh0QbfF9JYKM1V9Ha>cNQ=n3mC>TN4fM&3I$|F z0hfy54Y-avcNG@L0snIUQBji@x;XcvqlC?l-L9q7zJ#yr8)XGA7vob^N4~1I&5xY5 z9cO{an5w;s$kS<8_{%S|%fYzIvA}lm?YEVh%tvv~cKiZWzKeFyS$hpdD|d{gj>cWI zNZygmNu31hVA-L3-;`GxOlho+=feTswqO&f`Pvh ze`AoXQdtFCQh%zA<3W(WoGW;$;Cp-jT0k(hrX00qgId%exFPX=A!04ZL+q{pzTY8X zy720j?a4ImZSQ&%fyrkokPa2E&YT=o`HjoYlh}o1{xgOJd_YAcTScU-RnHIn@yJ?y z&dNw&W%<(xn+<-;V18{me(mWe!@Ss%F}`F2$vxLeo&blZ)F2Zho02MV1=7 zAm}bATlx=8F#~a@WiFA>Gc!*v@r+>Q=$Y zFiRC3AwueVU;RRQ-k=wKj3oY6f!jaUjq2}4F{FB8X8KC3H(U`PR>HKg&2X3C*h_Hn zU6mS!)&Hm`w7KLixbca&aQlh+P`G_4U!i5n8ag@|N^XohqiM5euAO4~izgudD-h@k zlwJL&r`&1n*D%B5Jsd9ft=KLIb_VfX# zx2G7_9Eoc#F8f=Mk4w&+htZtJl=o|eid!OgO=%@ndw;3k)={QeGJS9gad65tPj^LI z5j*#%i}~nGCTDWK?6SXl#YeLS3=zDhut+0YyS@?fxM->fSKImq)f2slbrqlHmWtvX z-^EtXaUt7$wV&;;2M|=?LR+!(mKlQ{@|%f{O6}I;(zK~DrJ&3Yom_mh?$-5@i2;gsFVF9-MePUisK5&$J^fGZPF79)Pza zA?IpKbQQ&%ZeWcD5lt-J`{VPx0-FZMsXy6}%JeGYecD#QzkJ!z8r9)4XYS^QKbKpY z>$A0Mbs7Ce`~?HWcZ3%mlq$^N9pbxHEqR3j`8+zJ9l*#8w9oAkU5wnO_%OjY`tRe2; zTBNrm>7N&hr&}U_W||sBin0^@&$`l!2vLKK5s$aA_o==Jf$_s%$;mG8a;>KrUF;0N z;uclUH(QH|zW!gjkssU~687x|cgY*Jt;+7ScrB1IP*5?m?@{+0{#PX03s<5#!X%? zTFENXZt-QB8*lY+($txnmRV$PxWAaUTU)TLHqofoZ}a+d`FeAwrz7@1X`ryO<%Nz* z6~p_>zwnctjTvstUHjmDw|RLwVL~@`J*n0yNtZl6{d{F4T(fugzPng3Heb*o+9(^r z*vUY|iH}V}ePsIE&eU=(x~XN{=X4?>0Yt=sk6lA;r||noUWZ(Pf})>r)Nso5f*}^m zm@anNk}%NWMQ5obM2BuP2IKZ}*LAKf(IlxM{|eVkcHZ%)sMFGGY;j%8?$Y1GqMkS7 zXi2(k^zozV?a#YMY)s0!6|{R9Zl~02`gW=jM=+bC6WAk7SN`w}9pmGo{DBgg8JsSU zYg?6w9Pg?9BB_AoqAk_qh%8?MGOoHJx2qwS>EU)2JrNQ-?dAyvk8P*@1M=_oi-V>D zr5r}>hplOd3IzwA~ET2`>jh3od-_xDC%OcP~VZ0`@Azml{@PHhdTqo-~h#Hk$!P-LrxF53|e3i=}S z>F7L{?YO-_ItG4@SSKsHW(O-TonPOcy;&7@)|G3Y(%ftc&6tk8O^U6m%y{y>ow04I zsXZepnJ-4osHz{`63Lg(|L(^yS;&i@R`(uA({YRQ2Vc*m(A&W#_w*$DS}pq(gNCv- z&vDJ;t&Q3@-@~6>ht!N7syqsGnDN_NH)4Ol^63nvTN{6JtZ>k1K%lF(%rMrr?cvTk z<6``WWX5$O-hP{SSN17N_h5VDxvlQ!VbNvZwkOLYHRopsOJxz?)m5Ef0u_ViS&kzw zemSKKBRPP=l}Uv?Xg#sh*E75mAoFdfouP=mV86<6a@AjFbB?Spxt@8fPjopx=BqF= ze;YXRqR-ELQ2wU!Q}>dIel_GplHWlhytcH_8zBp1cJjTuaXXnqC1Cn+4APBU`{hKZ z@izT_Ad&Rwzs}3{y2WI#aN+#f&JmKzm4dAnJu$^M+Dqs>y_K{Dwgd&C3J8)g_ju`AxPs|aAz?)&$%PK*TE2MYR zX*}LHU3A_6*ad|--*{z>cH2l(ht!Z7bWDAnrQSi#Ft2aPEpNHm`F7|JjERVdafIY= zt-A1{A^Pb?(Q_0>K0kBIiRRB*p<0$GEd4IMGxM?W5xCv!e_HYbV00i`e#355t<^q} zCqSD>+A(7J)Bb_UxibLM0u*94{pXhf?q!DZUD_4k?l(yG-s0%D)7k;#%LnC;EvDf1 zrcBh1W*C0<`+eye^#V%)OE2@4sc&@v6g7?d!I^{RkIu}zy$a!lPVx$)=a3#s;+afz zr}{Ct*UdV)PO7slqb|`Uox|eyn4PeT2s&;dm;34OLpx#bbhopHodU^#*twpT&(={x z;dAF@>pq=(E~1v{BXj0&Yun@k$=nG~eeHw|)4hHOF#2&*yltk6G<3W9Ts#&Vva4ga zT{0gp{Va)^gfugASXfxZJ+Y6kdQZW2C2ZDs#>we=F_-?_>NMnyb_tS_)S2W>#*v7i zNcpaPlNM#i>)1Kx&WeZVb8FYM@Ml(@ivpPqMMJz53N)Tr9)JHhm@%cGdr2v~uR9s^j6)kR^G_@2Pn)N^;G3l*k!Byw1vaoP ziuhVnQXWh7cOh1*-;Reo9-V(ra4Wda^;Tu?<#U;oyx*So!kOuALLL{>&*E9$lpKku z`Di9i*%&pV?#>SP&xe1&+J7&V*;HNN{gkQQ8?s%An={V+gs9 zu1SQW@rC(FKUT$%;UxYU25qd$&pp+p6SI{ai&eCKB#A#pnuN4|@Mx_OkB3KxYE?&v zQcyhqvooPMHt0d(`gamG@KcNQ2wqWU7}xwD)x1?YVu_Xt?ySuw&%7`9wU9tv1y{Yc zEEjF*e@bJ6hO7;YhO78%wI^h6bnl4ga$u8X?UnCBEVe`@-j`o=wuf}eq>;Ztm+OS^ z_f>sw>dT7O(Q0Q*>bgli0GbmPmo`adk9^W<=S$g$EN0}IQu92k&P#|%JlWh}lfu^S z!SSs{IQU)+3$Q%VNa%uj3+X9m63m-hE$}#{yWW?1oG|}U$IH5ELang7V=IhP|HEf*)B?@Jd|9wmpf{XH+e*EE!BDfW58|GwHfH|Xx+1$HyQla1gN<7RT;EKc@3dtb(MC8>Y)hM1lTDNuf1q!H$$o$AQA%IPHK4J* z9C2%m5;@k8)eS!(GS`ASA!2&)INAUx9<4;+iH-EqRST9YMe!`Lom@=eo8Rm z26JE3f-FzPj0xfHg`)QaXXg)>mJiBf zUK-D>=wtbx<)pkY|jA<-!xuWEa*nK|&H)g(98-As(xWn|30{YDY2v>ag&9w*j z-&43evs=10M3;<=r(~RDp!yh!AJ|L+$R_TId)D4sM|S$XA;M)*5B!W!ePaC&Aax}l zcbo6~Th+6ttRXz43L!(UKunBmk|XjF_1}@K)Ub^h%d6;-QdJ;kLpJ3R1@u0iS#Qc* zt%~`VjY;^Rl^}l>*qk&*-=i5a`vtqIPs&yyP5|k<`0?Yf0xTh>P%^3ygCRtAIc`?3 zH|jX zx|;XTvaQ#E1~j2l``~oNCjP}xHUlNN6mtUToIeFZ(>?6E`A$}?56~iaAow* zx)+g!=rX;=jlu~{#4OLdgjHlpPy&C$MRwF%zc>1+YJoe%W3JF3VL`$MP{rTUM9vH&NUn!Dhz;T zB4XU;e-2Eglnz)zAxOm&TAmpC&t^{IoP#x3Hb1i@IB=}(!)>`s3M2ZC>-)>oIFd#< zUh|La8oosjiy8)#7vE}-{_!+XnUfrr&|JD^KcrMejs1x~zmGQ*Ug0JTZ_D_mDoDpt zppXECsFc!FzcK8ltssyyRU!rzqzoeHI^{@x&mx-cW?#^mDP1EkL27_P zxgNIWx;$F=esD*3r@{n;MOQF(rMrkOR;}fb_^aX*{mh1SSYel^WBMNKQWe{Y4?h#>jm1&Y~dh@W*P$?}Nzmon(P zJoU6O!0?A6>A|-@STq?W3c@hQ{n>#*W8@{&cI?UmiC1$PU!=+nV@ie5PfMtoIh5lQ z&6Tt=i1vd+#A^>G@`y>EeTF60u@6s{3O)Xyr&^|#gJ$|@l`T2tAM;2Spqz&=4~J&F znD4aKjcP@(7%K630i?*(X3*A?Mf`i}-eorkIX|TY@q*MFva&%=Ewn%RUmOUdbOBy2 z8WN<0r=q>I>MRx&p2*Up#7EAd)bbfH#kZSaQ&nj!}6;ktDN(fp3{Ag@_d_7(VWyk*-$R==xH> z@10tXU1hucx<+Z`+()(TT1&JKx%z(^NRP@3C;Ee|Ogi}!@Lu2wwJI4?etpF|Y}SoU z99l-^4#XvzfJj2{@GGtVYG{;nIV4~#!&`hG&K>Wry2dZ>*1LzT+cF9IPQo4TcO3ms z`K(-P|KlXCG1<#+WtvtJ)E>y7@WVoN=BBGfZ`37Ck;nnZ}tjlgM1SnqfOIx zd5`k@%#P~#Tj*s9!{{f(gKe=qsB3BFjOQ&v?3_a$4;rOyavvphyy|J$SG9O=$D>mo zX`NwoCH@a`aB_N!nY6WSc9{vW&HPoGSRdX+zw@{2iXZK893==KtZ!{v-Y$4<7css<*6LuX}2fS=+vT{?0=f|GOZyGnofS z3B9B)e5r_HeHHr~{lU|UW$me)0ur!%y;J5%+FI;qg>L6pzm3O+c^C;34kq_^d29^u zCwDN)5kL}f3jL^cKGC672uO_6LV1oDI|at-ObnUlz({v-&pmVX?UrfR_(Xm#ug(AzH?-w8nQm19=@y-v4TPp=@@ zHT;iZX@q9Hoy~0>2A z#AdCXR>yHPQ7Q0|kvEFOt{}BeQ;jjTmQ!R>bmpD&4{v3u>#O`b_aKmAGcq|o1p{qp$RDK|(%B9-6KV%B>>8ak9pJE8H50u++Qba{DKX9$ zpp0bF>0?;j6I?qb0+4R-E6y&nIw4s~fkK=;pp0wM={T%Hun?yLD5I5h3WJpu$+iTN zz8!2H-yc?&; zrZg>g_<;fWi_hWuG8>;wveD!JFsu4vR4zp_fYMtIbllp*`@k)@H zHdVGk{jV7$4l%n7ZsIAuM*Iwt_O|Q#h_b)~+8T|yQG%!wXNxO zf9K~J^8RmV558^B!QRiApEyt1Wu7D&Ki4o{!L-l>9W@*`3IyS|ZUdoz7B-cm|2X4B zvB}6GPN~#rEO&S+;;`T;FUii?vsgtc_j8%NF0%}K@ffAH2Z+wiQie#m<8RKF4of8} z1FHVgbUd`HEUkz+OWZtMaWC$XEMGf_>fC*}xufTRhbDp`THyg@fPkUODoonlHGX6u zjQN`aBgO=?7-5_T%}}Nis?^CnP2Q^xlA#pH0W)!dwG{lu=^`B7viPne@e>l(-?*$1 z@mV?XW|C6CQ*_9xni`Llcb0ufon?5c5?J6VX=EJ&%1+yQy6%t@CNNbYklBX4tB=25 zmTEmOGA6=WB8Gtg9vTc1r)Ho3O{D#4V2koaPl8ryXfu@#F9f5PcFB+^-}kXz7tGQD2_Tzr_CqSQ*dDw=#K_^>DH3luqqbf);nPG}?M` zkA$8p1_v>9k;P9(Xf8&Z;xNA$_zOf5)NQ0Z8W01;E#|LUNs`6l<0B_}nwV0O--!T8!#CckIK zU%upH!>1y_6kk1OyFJ!Cy}-$8fydH-x(TSb1j$I`-mOqjJY|8@ghq}sgum(Oep5>N z>S>{LX9PYe_w#6m3!vcFoH+WiejX`CmDgpX&M2hMH+&QM;O~rG-O)nClC*wm%`4BA zpE5<`6UzrHzIHOf^?v##FOGh^|L=$Vt6Lq+q)s{VleZqk4lo`kpLVBl2CO1eFi&8TCHQ;kaNxLKLE`w}cIB{f}@p>^%VXq21! zjloP?MGZk#5+#wKJ632q2x6~9)@b1Od^Hb?_AS*FNq;^F5~D;mw|`FHu*~mO^azhb zCMfZg7~`t2Oe{Ft==e5EiWC(a22Wv0q8m)fN|)LhjCFyhj3m;9uVxW2Xa~n~bjeoE zuY8KpNTe?v{99Z)-6BA74FKOEw$9XzuADq63fRHW#4RPwj*^Mrz&!1wF^&V7DlK?Y zzxu@KNM|jsCG1HZkaFy~jc1Si8qBO3Sgn(UGO=szsaN;}WB3kC_-Wnts~%Se_N2U= z@cX>v*M6dYrF_N^;p9a-(G=}@UaWiwR+N? z>bKz4Uc?y@k17cS?#H7ErteqPtiy%D0?UD|pam zc$#Jg2UY9+Y@P~Sv8YCGssy;Nk>tvbnk<>#4O6&vz*U0<7MBy|S^q1|6@@Ei)x>R< zj4c^Z5U_)B5;0!ZoUmx$_J`@p??+IIC3diV;$^dD8HIB>uXl2E9dTX_wi=A~12b^# z2%o&kU@-3;d?2kx+=ktG&eS%!rdSn*E&{4&KYz~X+k%kI9*kFoW8QpN!>4Fmp?f%Q zB0eQDe;>U0S^5(<&ta^3R}Xep0i0-D?75{AY0z?bak;b42nT1eVhMD8c2mWWJT3w>uB1GfO|QqKPKU`q2A@Z zG#y3B8-nb|BWgBfVU?83p?seHG}UZi9mJ)v+85d6=-7|3HB1VyY`Xd{KO*-M9(vKmotijfX(dv_H zI9hSag$%~az!~3bV3JhiSY!ro@JlpnWe&LYR%X-WBhUzDt3gl!pzzVY-nnJohi`bv zw(J;p)ema*KeopiKEUzvY9OIXWV03TVm!FqBT3lIUC`y_s3Bc97?ggGmmwn161qL}Jmsr?vj(0-iv6Rx;gqyL5D z%vPpb^K+;Rtg{(Nx%1q{eXH!z_-2inGpur;{u>UZi?Eu064;ZeMnf zL#f6IE>614)h$cQyA&*v*LfPcoy6>d0u5KVZClD{JFI07~aFfGHS$~t@FbhWpxHgfbi7s8Z(O$2CQ#x z=-J?S7?RvaB^_z%>1UF)6eR%gBqHjAGKQh382aC?sWbCi6ty;Hn54mm(#T~Z{-Ii@NpJZ92Fe3Ygo56Pf1lZPS#A^F z+$M+=@cX)tV0Ih4nJnp#3-S0)R8kY90i%VI18}TjUf8jN1rp)&8X5M79jN@rTjban z)tGt`9>nRnuLl?>VkLQ4r?v1=tpKrlk|N|+Fq$GQaEm;2=H;g=)|^4mm(tkpjCEME zFuK;ko8P4hyrBz^59wlU;mtLgw^hSqB{dkbT(PbidDzWhIJ$t~xMC5zjgRkufW}`u8KY)MTTGY!Y(4E; z<~E!@e<#bt&dh}2B&k)*ERrb~As|HvE8z+wmxH7qBjugxSqvxy2?_y%72cva+vjjl z7R9~``Z7m*bMFpB{$_Y~7JS5)Gl zN?}l?R0N5K|E;suMaKbxht_aA;lS&}nZ^F)OP)}y=O*b6@70kAXdVK}QqbL8<96`l zre~sJZoSll*s;|qydA344jsHmoW@g|C(6%3#OEMxunVrT@tNYF3~^A}u)1H3c>rg5 zfRlVljED)@NvTBUR@=H-rvGuKa%JE74O?B$+QrHFDD4fSb&#>mz5OZU8b>tQeLmtY ze{zR5EV{%2(HOb$pM?V1M^-PTF4>qb*|tjM_wEh!F~xN@=5@A9V);%Ilb63nD}Azp zn^EjNi4=ksDK8Xdm73W}7+?MwvuJ3xde zT%933h=|C{<(*TY*o*R&s6+Y~Q={81#bHE5(|_nPCKO8A2SwXw?06--e%6(JmpT+5o& z!<*EVn$!n-GN=2XIbE&lqTPhu_bS+#&?gv})Nb7uR2VGY6N5P8`(~h`5RGOq6=!M% zY^^K*p@iu>U^aG|5jR5x1dEoCuh>i&c9m5EA0U*jAc(F&96L-bVSW3L{b=E0nxK_~ z|C4(p;tn~v!&->GM)`#y)6j(4M zLI;T$W~l$8h3}S+aLq?l(44L;E!y**r9z{Cx#Dl)1$?3JTe_^PVXs_GzifMB}2DU$&QL4t$0;mKKjl?R&u zlu7|gq)Jo?tUG#SHd&cBS+^J@%E9x20-1RW3GoXFpryBJuhrW2$o#SpzFCty=eDbW zU#$xJDuWsxDdY}M9mAfR;RAVP6Iq!PS>dIktv?t0`t-B_?*bW9^0pG=W+grm047uwy{{K%DCHj<4wlI_y?gH!MN(RUxfx(r}Vri768c{UXu z#RQZo49XA&rB$r^QW~NdN0x^uAv&#u|E`=TZ=Y;bl-Df-Ze=#pqrOn-V@zj8&tlt8kS0NQ&yav4-1i zfD~y}$k17w&Y}P((UO=As}4nJOIBt}R=AAFB1?&X0hGH6kd~S$J5jqapS67V_?@1Q z;!-LCC(J7`Hfu8E0vl&foFn;b@0W5YnLm`oA6oc3KM5=4_qG+h>6DsdXs7!h67nEV z;`sMFO;|P}G#jCK=Qzk^pT}dIu#|9fm^GbVjGvnonUgj2?6TZ?ZKlIJ?qdc%Z+0Y4 zc4XLfxtinJ(a6W60fnOhU+YoKZqqMmDt3(wek$Rac>4JS;`szwX`faX&a&p4lv++I zv;@_-L~6_fY|7NZf!Q%QP*pBawU^9y8bI%+^W^Ri{`>4mq3of)YulXgH=lA}7JnRa zV%wo!J`2_c8gbHExJBHORnZK7yc?pIP@m zGsr^-jRQgj8qD)ij^|^8<|~X51RLWkw)0<-MshP)138iXIYaU|b`1w#9#rKXR4E4j zVN7#sX$QnpRj=l-`;&8b65@6eu0^wPMV{Xo5IE6%!;6DtM_S#~&2>pOvobcbo)3r- zd%tpeiV+B8MrtM`VR+E%n5e}mr4E}A8HGdIu~~*=WZs%Z6@$CXS+!! zHvH^AH|st(6VI~1QpMfoTz3W07S#^?qGfnbMgKmPa3D^gdsr;DqQheJnLEfN1ZxHPyDWE$PQ$+ZI;{8C` zhorB*)tN^0tIGAOQs7%K@s*%+a0 z5g(poUVp<<@N*)q9-Ycoj-}cozJTJtfC}*^)0z`=PZQ!!6Rsn(|AQ-z>%K9I)5%`7 zqQLeCJ@Kzm_!;An2FI$Jje9m2`fSiwbPUt51gV;7m$BCaq1OW`L!-jX$abZE4tKHu z5J>%gtX{(G5Y+<)r!MmR_)oK z0_LQ`AA=k>Tw{rd2XTo9eM84^_VEhkNif%kTX${$?1?1RW64y)NAs4ASe!YLz?>nA z$9Ajcru&S2tmp5=X}mh3pQ!$SjJC-4kWJK{4U*gWChyfE*Y3Rh8b%)>>LJYi$q za3QJckB&zfW2dQXEPyc-Kt$Dh)?QZx)%u>c-e@i}lavrB&B zr8Vne(Rq)(Nc&_`%C6YVhoDc%8u9f>`a^}3WrUPTpAG2sYmvD7zH`6ACOKHS$K;t?SIjzR ze}4%-7a@NpLay;=61C!J|JUK$4`rDj%KdQnIW}{1Pm145D@b?%a&cNNeCjE6duCKy zX4LNC$)kv^eyieri~M~Hpi$9XKh5EfsDmG)*4rT_>Vo)c;`k%j|Cm}Mep*_w99u9Q zTPXSf3`D4Wxf#sT$R$O|B}B=IVC&cf&l@a@&n)sWzr9RA@!zRRvae#~U&Qp7s%3Rq zEPQ#*Fz5AjZHs`_=wg#yLwR|QR(9LLNg}qY&dQ^CYnIw_e&x}0=}Qa6nlQ2=R3iOK z)*g}II~Ihy(&e0#6)m``YAaVaY+uJVX=m3svtL(1G%t73Q#e7u~_|8AiVMfqeHv znhN%Fy!imn+kA|=Ip4Z?5L4D9BXNLM8l62PQH|;2q_qV5e7IT z5U2EZ<#8eGN#G%;SuJ=ObQb+UMdpD@|6}jDGN(q$QrWZn-N68B?pxK{<6VoB=IepJ zTi5eD+CcOPaQfDcH&dMTSQ%|}Z^JL@@lHiNT?tB~gxctWyP`j>85tn|>2C1aj|7os zQ=<8q53Pb!waLqB6*FL0nu1Ex;!K&|rmJ_&Sz{~Ob>fPEgy!R`BNWo<{A@)hcxd7F zOe-t#V!O2uy>*vcW3+YFG92`Ji*_X#QSax*4IMZeFbSf<+aimFC|~}6**=sNkvdKD zFKXMabyl-(uP5G-f+$ZqY(oF<)s3fC|E;<)Y>cUHApd_=HySnauXnvbD2bQK1PS)p zk)8gNEx+-t6ZUNh@>_{91`=ekBS!0-+|tf!P*f^b5qRe_dHyb=bq}So%(kK>?yYg} zm5`ac`9`{Yumg>{L9n{qjjg*2sIbVs$wM3;2XXno#}b=pL6cket>qc%efe3Wcg44H z&YSSRZ69V?2S3DEXz)G0-`?H0dke_L1pZNpk;%)y-7WW4v__sw0so|61Rm2Z1{Bus zr3iYK^s*Gk6Oet*$(pe?ut55^9sb+*6pfRY=WbJ&iNUjTQ@sESo)290M|u4|&op|u zS@mOG2nKF*#Z|^{HsJg!-6Fmx_05^UuJHTmqRn;dA_Sx~B8$ymniWEc`oR~k7w$t1xR}^j-9`5ut$#du z*%-M;x)PR1%&fV$n<&JkfYIh)xUWMdG54O!erH#L?enr+*&V)}X93#BMyi8c`39iwim$BCm?+{){Z+M4 zNskfFhBSex^6nZVa=wD9ERJ?aYg1GDg6|*dwLU+;dkZV_zag&LVg}7}1UghtqoCGY z(WEi7!(~CRJV)bpv&TTZVWvU3IA)S( z2`zem{;B*2KgWF*>d!)p|K`YN47*28RgOOUJJF_jZvGoFv5dfu=X)M`SfCe)Dqjdq zW&-~tJdX$~2hd*31cJg2BttZqy5!m-sb2yZe)xYS@}g90E~uqSI`B_@fjxAzd*Ks` zbFnqVLW}E$$EqA61mgV>f=fQ(%+Ngq5aLNmY=w>_U`(h0r!^+W6Mv2soRAyBbp@bb z$wkYTV!||ept_v%VW~p0sB)k;jG`+Wak{_P>^`D%8INdQ_Cejwj%3pa>C3#vfm6jN z_&dkby}ClK5AAoNF%Dx?;g4LQ_koirxYvuShVUU6h%UYm zi3uTiCIkEpcD~!&pNlgVa1RToMwCcJNj}%XqX$T*f5#^>Q<9JRSf{IeN!1=`M#h&X z-gc*^tMiJKL5GEqjp>Mpo?W`~do0O~|x)-~@#-<}D0ljaPJt|sLpk)#bi;u}!J}Q|~&D~6!;sAoXkOB@= ze0pSQjb7&M3=kEW5E8BtBEZsche|AZ&W|!Nh!PG(oRlAKt$jmC8F0Z~4ui*h_*Q8jsGAEw*>ikK5a;LM?I$YW40H6EM+@#AOa0bqXi|F;U z71yvqJaQ3&h)fxLm-H*_zL&a+8?DK8p{w*TVT=81n@k7e0I;RS!F71%C0UnbJOlfH z^(IcG@j{1u>^F&5VWL04RLZ}PJ}|j}dr!Xzb^B`ao0v4inJTEh{{T0i(hELJ+W5yz z2l`U5;xqFJr}k7&;7|t-te!t}{XPA&-oTLGsYmd+l#CKnu8h!$MDDi`3R=}3%Inb( z17X!fde#2zq3Xy@Z5a-2G2>{&J-bR}VFG@SMArGh&`HhpswL2~@Xq2upn93gR}?%B z2|}O2ebWu2Z_Z$lk?)oX#pADpH~6gol$l~i$>i##U1npxbNRNG2BEEiBimg|;>Qc< z5)oDDURQ?#!My4`oAon4Ln=ycjDZ~5(V zBmC>Cwyq&XL;J^^z^89CYcpGMAW*m<9#L3~ULwqNaDH<|IYFSl4 zzCT9p!W@4BPJf0dOF`Exj|q)Pm{E6a*@Bs}BEBi@zxd_d8uv^rkbs}`AX+_QAu)lY8X<<-*5nU!puoAmo#Rro*tb@`NuIO+Pb-jfwA3ne%bZS-?yk)x^@3l!=la-%2WOkBrfTjlQ~riGMv!?mHF+P&k8|GG z75T2|)8HE_%WH8hdk(YtFVIFaTZ=%n-21eGs&5^3%N9uGkQv9toM$7oWl#`{Uj!sQ z87uh z7zfm*uB}e^rYm{PExE%tJm!}8;ROm1fzN~UK20s3+t2(1J%2rbm&ILYbW(|FUU+`4 z$zV24pM*Upvzj`qK!n;{(!2mx1$)#*=zvw`8O%dZ=VTVp{1FDUdxR z+ugGCWN#;JXdH%m%h8Nk=kOjpdVHjMiSKqbS~_%-L`*bJpx0d1tblbWP=M zak5XM`72lI#rvx8pyF3nJzgSOWVMD$fx_uOl2Np)V_SZfN;k-=fglyns@3i6(4wae zyNz5TgV9rD5^^u?Di1m)za>^QhY98%U0!AVxP^6K!mEs+=YH?TwO7sazgj|l8mS(H zBxbYy4om7Ryx1kOIcO~I!&T^gw}w@7bAf=J{wlO{9DUmz65ZtM+J*Eiv*!D4 zlaw$r8$_OzfIIJ0;M!obfcYGc{hqC{;o;^T95d`+g5%=JC3S&(hB{imXnW?4dmfdc zAeJ8>lW|K4+D{EG@e@UfD^qECh`pSaFaPeAueI*sKkYef<;`!;-`OJWM8Ko>?)=Zs zcWYC`LuH2Q5eDH?lc{&e3;tsxJW^9*ywaxL_Ztrg5fYi-@x7l$MyK#`Z|Rb6Jm9^R z$Xv(wCeNZZv*{Q5Y!RpmIKwjLHR+t0k`kpOr=1zP{+O{Zk4HC2GZS(7ImL!gySr(! zl9Sa+O-F$cW(PD1RLct5E6m=J?WS{SBy+ejqv;*;%`KTYdQ}O6xSU7p0`Ee;-jv7X7V0BBpY+iZwTS@TpDm(bvi@)0KBZ za7AF))AQqMgw&LHdBXj=0Mtw*#63W_XkTi}=a2pT?N5ybJo-bLIom7l8+W(g4;{k3 zo8j*h`!&VA-QL^8wDyvXjlu0<9(!V+92$^Y_C`p*0ja@>FpqD*rwX4+J!xC>T{hF}l@0U`zdiDnD~UB@MHsD6(3y>{kAoiHLvtm< z*U^df1&+##1fN?vaX+jp;Av;RzC7`II!M-Y{9+<=6P@`GL26x4?k0SH$nxQfg_`{% zRRasP44LoM(j1Z>PG@tqqkkHN8o7&fN8T=pa~zC(PSz*>3j3hI;VZG}_8OvZ7xz3~ zU4bL=!$qQ;sGTjAt}44-iPDKI=1TvJ*1y0rSf8~N+W)KI<-~`JB9c!fAbv1r)7Z}p zzOsjZ)FCn7i4ATJY4_^YFq_zmhv6>G1*DmDZwIDwiKLzWFuEx?z&@zE6@c(;h?dnM z%Bob3C7^dKRw?aDcwqe=1NdjhEi>Atd|J|!_c6^g41jYKy>7EzCD&Ubip9}$@$31UO5&M&zOLCX+Qwst2n9oB@awOd_O=AX zgvsG$PaS4VV7U@Yhx;;dUq|n7l?xsdr93AjJ(i&r`qtHZ`85PYroAt4`jeEPkko@7 zb5FPUN*W!vYz8a+5LNTi^$K+CeqDKe%*j$%J3Uk<_+vW-kIxmo%tkq7;q^=7$i(Lq zt8ql}wen+`!3ON|e(tYxZ)rSL%GiMWSIXkhvjzV>0l8LO6Hj$0s_&0x8=LS`^4@1f zR4q-;$vMPv7sDVn5O}g1rZ346qNVx8>kI;tHWA}23vo~IB8~_bOKox^E5NNcoS_+e zyb!6N>2*e1y7rWxNlT)sQWeGK+8jPHyw`m1?fC0Mo}#K?*)AwZ^fd=XR(nmneD;${ zshNArnBUJ_INgl0g_rWb%)PCyV{m!-^YYjk@>j*CGf@eBf+{GWa0|ErqT5QH^j*c- zI?y@drLE<6B{Q(7bu?9-V1A70O}U0>>CI+--z*Bz0*Fn3b<2BwaL&xS1jXZY<8A8; zwA^mo8mVD<$v@$3GN8hmT9=kwfiZ+2-l;aHxfU^VWZ(Yt4-HfBUj0%>*iYw~3<+DH z9$=VkM#h@C{}Xub#-OvF#u{c(XTv_eQ`?b zyIeER4i{+8riHUuOV$uAPGugE?s-P6hud6{V#=o7;nf>D{=$nuNEL0kNn~~VkEAb^ z_=1U7;H0bK9f7FGRi*n~JKpgDx6^hr-1lGTPmZ(#H;gwQUPUVGKJI$gO(SeDZ=1~= z@p*^4#Z-+*?n<%`HfcDoGF^b#nJMobXj zw~+2drMSme@dmYI_`}gha7fo>HL*Ia=nuf`4PIH;no^lPd7u12mMI6zkACWrKvPV?Jb^XnCCP;C1%3Yq ztUXCZ*e*k#tkOXkTe#(dN$%4>q4w6-zD;gI>Jq zXRJ7R*<~*0EzK*MAKD#KYaznWOpUn6EbVe<&x`@9VvD(M?n!-0!Q6yRBJ9POGvC11 z6GXM&WZs>h1o&OhOpi|;pFE_2@v4u7?fYFAf1)*YWEhijNIFy9@nLx+mZ)-$)A7Uc zkDh3O^Vi7#Xuci)c04Pf?4Kb_GsBzFC3vS1a{aI?QN|){v2-El)uC#>CkyS;FJ7(+ z@h5WJzh_ZzUN~PEXX&e*t4jN_WbYEZ?si0ahYgB9AHxUjgds|3yCoG+ST>(oBtK{} zJ(1RDQ8Wz+DhA(#c@t{UBXYn<)wopr9Xv%&Ka7k}na^^zOxKLFRy#a|MO`v6_L<&0 zfXkmnLefyCa0Vi2r0OfvXFT;JDRt@5Jq-#J51IKGq!Xd9^hh3>C%U=Soo&<>RrwB7 zt?)uRsl|dW>%7iyiW<3MOtQi=%%@+Gq~yc2r>WE#BH0Nxd!)5F^mK#zB-?ZAiZe86 zrHH7786$rZkjPPBVi6*8HO67<=n$iY{sh!s6{0Kx87)n)$q2G|lEVBE4kAV}*p>Yb zmo$|o;K^kmXB=T%3hk3JmnPuN&1Gfe+*kJXP$T1dXWrJO365dml}*H_);k3k+WJkq zvV3P@04GA}2$HKSkE+(F-Vx3pxzFJr_%SNyf&ps4EGBLo-^vuM@LM+<;+FvLXHU-5 zDFBhQS$F4%L)<2kjfq#>IRt^Z{x@<5uMn6gcLcGy{y_PUIDK>l3rTFy6W`)qf{!#z zLLekO@#X73si<%THASva4?XI$b($SozxeZhk2XZ5iQfqq}Ef zwVF8{x#1>iz@UP=q9;5gp!7&HSJt;gp>Juzrq^||W4w;^uUb-~dhp}52P;?*+KKpv z&!Q?ny>*iI@+;Uejt|SWsrv4yX3@yPxk`8%Viqa7I80n;M7+)!S=RdLKHMxxKo?!G z4;7XCbzvS!V#ggR^qOQS7<0%q*m$^yw||$HHm5hjor?D8ThAt)0K8W#dcfoJ<*X(c z8HBmCcmOwJ`p)b(1)rt`F%NI#{@_UizE2si3}uyo`6Y9VjEfjWU}{%AIS&PhA{yq( zUr{xsGdRWKYOBeVDubDY?dcsa1|KN~3}F2d-2Dwpd}2 zQJn#X_=aVnkBv`U3{Fr`*hQWH3P(`VYnZQiK0t zVYcXLhgZtswe8?6vk*EGCp5(wx(n`B>o%^Wn0P71_b#(!yAiFokR5u~Pri!%%O-MS z5;}gy5T6GgQd4BMz9V)o>oHy>B!k>$eWZCqBg+#&6^KJ%Ov)IN2kur=e2%$iDTtJV zS6FHsXS9D&hAu`k9LeysQz{#k&kKc$RYsc|q-;0vCQZL<34pamN5s)lZYF$M>|C-L zXOXl{RLNWzBs34PAeQ4DmK_RDdEKfPJ*yD4;!4%{ST;RbEkdogm!*)%d|2)FT>)u@`J88vd9)FJ7kM0 z*-Sa{Yjm#nGKuL>s8K2vM_=X$9MW<`6Gk&f$hf^pzo^P8`+ZEIKr`%e=zR+HKUFy; z;G$S3S2~Hh?Bb(r8ucE3AIF=nFnqE&%)|L^CFLGHEsH!*5%$J$y8y$WpnKd{a>Hc$HzMr-69n0)Ji8Ymt7+36+`2wzTEx&k-ZP!GEal` zCE3U zi9g2#YbJc6SNd}$@`vcAfWbRKl9Z6dIObt6iY1S$A{w+0PVmTYw4=7Ii{aOkU9_g| zvo}{6xN#R+eJk8I6X;l2(iiyRz5L=fOP{?RnZ!0Re{CPh_(PkJRDKD?^k+P$_~;8q zAC@Xm-4}6T<#Z~*nEMa-HszWfUSHhL{rn-1Dd7BD7Q)?+v?TzgnS@IHIqO`sh8-)I)wVrSxj%!=7}DCuD1mquq}MZE2V5zAQ!iB(X3bVlEG-M~Zn3`EmwR zKnJJ&RpU?`=8Zy)Om>9Ao2zr24kl;#$L^AlcwD(sb2yMV59gBKf>$ z1w$cIibRoa&^-}1zh9vv_(ylSO`Tr_5}7IGQJ+{$xu@`OCDqb@vK$8I3Y@&a{D2?J zqh1w9yX#H_PFaZWf-f~LZb>>tMbXO{FV{F;&;;j!)UxpK66BJ*2$zJg*8dEG{%#CO^MwYXqF zpQn~El`m&o$lMnV>zlT`TyB41xS2l$13wG@YZ0%<{-J~5gOg}U`!4BKDT}L9t%kg& z4A&x1Q!bNUy+F%dNzHgkJWcUmG#0H@ zLX!;BRVVVM;A*>Ink0;ZC|WLMO3_H3httG-S-ZX&GORzd=33JK=x&=b!UM0uL z*!(y%ARtMePm5JK|48bM7r^ha0H|2gR=u=Nr6lrIm#>4G2jj*&**_$7D0#j^Ho4;U zLxREp*Gm5BW*D*2GM(unbB8?Yy7VPKIMqomZ3<{9-=zPm!@toan;?v+#)@F_t_@yWlZH`l#c>$^!OXb?f)!Uj~ce8TpFn5P35cEX3Nyiru<@2 zwIwX(*ZBEpP2grkH@}cyO(R`SsY0VW<9*eAi@yk$5;<7OHn)&JAst36eo3iVSHQoZ zzG$sbzgC_@S|A6RQsjvA(EGAv*HiZwHQd^SMskTY4_iHhBC7R?*AKmV4It$UL)g`CtSFx(XST843L%}ku`VWIo%A1Uhi;XNw2ByYp^EI0Nbq_XEJy_q4DA!= z+)BwiMxU&0^Nm$uI)Qlzv&*&3SeYJ;l<@yBA^pA6jE@HGhqpO2KTks%hyGd zCA+u(g@iP!5D5Yc|N43!P>JEV@yp$FXDV)WthF9*cTPgROkOfupFwqe)PW2CK|;>{ z#ULR)&i@w@vdJ?mc00E7UWjUxiv}No-&1>QitNks8xcQLaQ!SHDb6TD%g%z!l zyvtY&XDDp@^s2*P#_xLlldBlVSN9ayy1x+ZY{gLNqIx5vWtrN$pjj?)uEi27lx6^W z2;TBuL<9X-32CC_8TrlCwjki{4&Bkw<|>UwItyn2X7HH*Gg$z7D`8PKEtUA<3hW)l zb4k7z^~&1QO3;V5`9_qwqcs&EVvRo>#)w2+?4Epzr@E`orizx4Lr&|Reji8dhWS@> zK_0f?c?{4iH|B(|AF``3Z_m=>&0?iDnSdj?)|xx53`L3lpFl`o3J-C{ak~nJZ)%gC zQ4pamvO6DFZHujG(f3??J#-k5tJBudnYBs`W~QH$<}&waWEejH(qc_u4XC{S{NlCQ zJl283xL6NM6Ajitn#cWyv%f$KCykuo+qi#ZTlb-U_FQbtQQrHfjz8pfEO|yEp3MI| z<~otplQZo#i1liWe4n?enCM0|)Vw1)7G@nm<=$T>!EW&dHIrc{LDCiz8)E6)LOo=rD8(C@95p ze=DSxc|+vf@#1l<=tLNaV&S!c1L-saB4L|yn`mZpb<2!?wmNN}kjHXM@hs~)b04&S z`nSK<1W1dqB@v7JxtuE?iv6|W(h^c;m9ivhc}CM7wF zq~x)&OHz~mHlAeo5vc^fqZd6MFZT|G|8-;hT4Us|*%!SJhb#9gBi>urR}nb^zL#z z_>u0yX-A1?j($U~@0A#DbnR^?-Z9J#7Eyq31>GNfyCztW1>UeU!Kacb;^|B=m?tLF z2)afB8~9n2w$|!6y$FW_R8wX$`~zd5b)B|PsMl*TMp%@8y4t?iYX^qh2!Gy5W>+3F zDT|lLVtO@B8hD-$`bcgg%Rqn|6ULt&8ISu;-`0pz;nwoQq%81}J2^?2y}@%e{KC?` zuXspu>xXqPVhOUgrd6c3YT*{515Ei~Q2jAJ&kDUZ)zNO#4><+gw1^YBZ0eanw+C;- zHR+h2_qGOtoE-F8_xi@VyQLZ!SO)=5D(vpAv{;XF!PBI^lD*H6{5f;kSdYI9Vwt&q zV6Ij3JKQ|A)Dj{1<01Pv`~@BJ!$gm3fT2^tMvU{TW(h?BFySYgMrwL`*AV|G)sM}g zM#A}_U{XYvF-Y%NWvo?r8!D# zykdya)}lwnWB0;8Gx0pt(E_(w+;NxCDmRB}k^G{m@%7hK+1DZ=pyBmSeT-jLI){IF zaC1Ix*K+N-@G=EB6n^=Ap;oH~yN~9PU#c;FtJZS!k7mK3F-!R|T&lJl{4X>JpH$IU z3!~olm*ymnorx(ud3?==l&4vn zBIlkxvR}x%8(WM9=Iu`bjhwQtg}#=X&#oE5m=v%7F!V@0kHufN4I9t( z`D_~z7Q2}s%5wOsZo|!Uu`~Yra}0QY@_n3fgF=z)#4NpbSjisFS~Xhm55vwH+RKC7 z6qOx>&X(6oURgxX@7{Nyofxy%uFxENJ|TBOl?^iv(&dLiH3FwsWB!=j9u>g1cASAM z?U>NE542ypj07B6=vy4;THT87L7{-@5qKYFZFV>zGa=iAn4>EYunXPxX_j^1RkoVf z;e3ApPytxar-1xS0u4yD>fC@L$%bP>FKWSYXxBc`jmeL>vd6#1n zvu1EP0tfQ)3~ll(eCTjf2ub7I)BLupaaSfrW8vzI+qfF)(B!X z1U)fW-t#h-J=Q`W1jJngU!K=oJ#=)#;`OsOL3w4gip3_S#b=|YeR3}eTZ5dhqwVqi z#Hl+)0|VS$Z|kla^R}I0Huj6bHc9IjPGz>AkJVWERcKHPLZ_=sT*Ua%Jz0i zeZOaD-?rnHeGr%I327TD`*C}U1**{ZRZJFo#_v+oAH6_%pglH2Q+?FQ_De*!r3LL6 zDXn{sBXY`qJm~=nI!j^9w1VVjKZnqm;u`ykCkE8+ym{8rv{%Z=e&ZChmRZ-&k-jPj zXwOSX*nrVuZaUebsMBM_Fqx?nb?s@WI$3O&gzPiQRrJ%09gEnmuH1F8z4n`RwA(FQ zI`E9~;KxRNn`}EKFOM-nA71Y=oMqAe$QU=h%YsdEj?uj->OmeX!E0Uzw&=wKZB9oB zDPQ8X;kaM`z9}0;L%cmrvEPIMMQ9Q63;@}ko-6QHv)7MjwCHYkq0ibUb=e_+pxYmD zd%bfJ&3$;tU4_{FB$NS#|8nud?r#Zg&*l-BJzeQ8yXW`HAj#*E`6D+NeL8kJA_!H^ zx;ykH&+C7Uedi;drWkhoZR1`v`weZ_8Lr^Gx5rz2zV2_*o~h74-?ZQ6rA9v+oi;7e zwR{}|h(Aq!giC7@{VM`2BXXs+PFEgj$>;d(MbJQ2VF03RaD{u2E zQ()?AUjVHwYzMEm`U@P7g%%mrHM>=>mblec!vboT#X?8T-!Bj7@v-iYK^D)eZVhyL zmT8%{MUDbsSf{~VtHvzsHxg=yUXlx18MH%vQ zBKWeQGpML<<@1=pTcZX!u2|#2qKSppCp{vHN1g1BNq)OETUE>#l50QpRS$x~C~(dzE(b}0l1q8oNF>Bb)6U>9r6dOC(vd$sI9mr{K-UEirz(O2On=o+yqUaT&6 zaibMz-t4z82_PudN=JxxuPBjmN2`)(rGpoj1-;6|@}QRJm6L;|77krbo_HYbLAxh? zyT?t_A^jTjYfxM0Q-`DOJj5DRRx+0xVz&_zK3*l8$2(wnu}$V^TZKAxzU6eWUWmln zaNJ73)`mVIU2_T2T`lDum4F3;Xt2E!vbpgNW|`%XN$v&=76Xo%)UBtop_bWkz-?Ob zrj&&Q7x=vb8N#k{ylkb3?`I=hI0{=-b`v@bI_`5)whmbNh237ZKaDxdp_xJg%X|_U z%&_se)tEzc`%$c~*5@+Tpd{-^N-|9peVo_6^ygq61A6jyMdl|M3%{pJEuXn63I;Wxiz>C@CR6?Y-%p;R6OU}jm@PYcFM5Y~n zF0@iotst`=YcLbr<4E++#DU!(|GkI#Bf-K(GGTTZ0{97*DHxh09jGG~26_ra)|#q!lxi^Sl>G40UB<=Kb-p8r3u;M^ zI&<}HV)1I$_1)$@P6;-+Lu=?Ewxx&MR_Ng^J;L+U{g}n8^Do$o(>|Bw8wch^u~J~0 zFb_$QsLrXW0(=AJ*aQ&1PM|sc2K5~Iadl>Ba-&Q__p%Gl!cq0OXV_$l{whnQkl$Yc z&&7e&DKmv@O{c$<70!dNz#bGCb1AKJ2E)N8%{x%e4kfcnW>xCtgVmgsqs(i$U+)!u zG`$ZiaUXEO7VP!1k@YXCe?Q}^8{3R5aVifNyKAz+Uc%Ox?`ke6@wJB0(+Cdbw zbuN?r?k)Ol2X0eIhg9pH$SFXcQsZIYRb)^kZnVL^NL^z`?Fzxqy}!&ic!#;ipFAi7 zu&*Y)Y#0Lo%Gxi0W39ohn717};*$vy?=3tZy;EExb+~1=bWw`3&SgU%K)^v2O9ozIUZ`k!?dc3^IW=ihu@i86+ip0oo1oth@c z82N2z|K|nAp&o90h;{GZ@jhFB=3~e!c$keKcUl2+?MlK1rN!t}lqn4jw7GPg*vsLg zPhxcjn3HqQ44Bqoq|BZI$S0wr|D@Qk^;I1@k)bwka6!$`#`=z}MQHA$HNx1ResWYTWQ(OT-7RP=zCjje zjV0bGF}7pjcc!Cmk-`E0__D(Z75Q_%$Z+yaJ}V11iz9JwKaEc{`}fVR$)8RI+?Ux5!JW?4^w>e^w^h#7&i6hbV z&)`u=Xvkx55y8Y5Q*Xespm=xEfMNWE^$+^M(Ug$wVzBS{?twXaZ!0%%cE2!wMP=%q zQC}pontF5E)8aapKbXEfZ*Wx&=r61NyQMPd>-a{WziWEgr?3uyvgXby%Ojse6?g=} zHv?7=HoPk(AG*{g@SYm56fk_33N7-WlR0MZe2f2>k5U3S3_$kc##jtGic4I}TwAs`;G1@}56}I7gZ_ zUY?1acvvcOhn{4N=K0|`y-+@wNr|suhl$Lc1gwrS5FfZR z2m$&2S*lSVScAN2AFAL7i9+c{)lFyGrq{;9|x}uSH zTIM-7*oe>EVT9iK{xG$=&)TbuHxZ&tqb(K;Z)qc$aOD;`K0K2n2+e2E17p6$#WxFJ zP;T_sHL6_o{P4HxaX)g+Mx8J3=a`_8^C1|M)5U(z?r1w%v#&{qm_OGc7oB=O_^mpy z&_;{4q5b~Ro>b&D{pMMi#glT%@V&jttdDNlEB6bxEnLP&Ap&s>Kfp-$+-mQm7>m;( zaidM^Gk>}moN4xlpkV-UD9GLZ32F=~{am)haie^6(==^~*o8!0GLoHsvnS*c*NIP! zMjihJMDB{g^)%4)^hEr7XQXs6m_Rb$|G8Rg6$AamK+w(n#h6#T-!(1__)u6j@+aeF zLQF>#St6L~EpJRB{`1QH;su%EFv?IRPA!t09U$jaU4{$TlXeDwBnh+3x+oiY z!bl<~9#8swn){c`@HR!L(b~wZYcka9J}=1U!XY!~GJf26g>ZJwkFF{qHR74LI`EE# zJ-=lTHTFgh6Wm8g{hm?Kjz^fv#YyV6sYTY7KM!~V`W=sWrts@X`T{tl^lS`3CZbh< z7gXXtA=K>aA5zkXx(hms1_l zsMGnalF-hn-9VV`q?h_*(YM(r#Bb;Jo_stt>^^JyNt*xbBL(0<4p~=J{Odq)o@@2i zcET6r{*zcjbr>Mg7kN0hq#RPwd;0MnKqrq3DQ-HQsS?b49DMhbAvX~k9!W8ZNGha! z0LlAZ`6x$yxJVupovYn8+%8zq@F-+Hd$X=qGF?7SslZ=IEC2W3`hziEkuu_b|(CkBr+{D+oG8Umuvi ziY{PS(5;cQwW#Fh(ODcY3^iJJ&0F#J)|+wlDg+;&A0YO&Y>M}2dMOEQ&#U;6I*Z#T zPXw_+*dK+CGlkPnto%=5Q?FABn;M#RT+G3dfc-LtSSB=^PjS3c zZ&}*AuR7_!*$%O)Ftb!3M#q9@jZ<;XY_>VP?3yy6k+r?T=VB=`aCsuv0!DhBS-;Ay zJuRz}dPNOg(=b|v-X7$(c+^exkB-|71SQqKo=7B&1ldW!=V4l@~3IA*qw ze!2U1-IJ0TrOWCSl&^9Fm{!L{gWMIp)CRWW3bvk?+mhx z7+*fEefwU&MND@8@@UnH`zQnUk-I*=q#&SB+k&`!@+Cums{M#l(fz6B~As&7cG%xrzcw-)URG!ed?~O!=GOKZ5~3N z!q2{v^=;F5WX)a3NnArvm|~1`Iv6f4bLIpY?{vqmmmyUkf)p%S{&F0C-bmZja#a_u z(gu{s`&uB^HKq6jLY9SEZU(ORQwPDHQ`m3R$q*?dL=>bklZr2@zLRJ4D)^UNX@@Zb z5Bw}Pu$`*l*Jw05P;+!SjFEYyK=h>`;PISO5ax-wLc*^CjJsQW??m|P%EPG!evKu& z0L%tw1)`>cw7;b0FTL&Uz4#FZ>DL_XT7e3TodpqV7&HBW7OD&NhvaJ&yE z!gy|mGGd3t#04kScj$Nu*vY1j19>S8G506izKZPmEv*Pkxr{K0>n?7g* zwuy8lXzhgCy7ux<6D0Ji(v&Ti^U(u1?0dWUO-<7yLL(R#ypClc&b>sMIA3iab@3BD zPDsp-fjF*4Z@!)C4xhN0vIwxPym%8nnDkLkTyjf%@@xw3V_UiXCj3jxH^*8S$!`skZ8)bt*je94&V8f?K$c z&&T+YR*Tyi^=no+wuM9d(}vSgV`c;T4?NTI{8V`ROee!xA0-R+`^1 zIV+-m^T_1D*@9GGOf!A6&3@gFDIJI6R`D*66tCXyxfcC;x-~8ZXQ;T95KttdEDZRh z3tsVxo3&N)!-~KT`c-Gw81*;t9|PSF>4iBb7>QtD2zdTwG*T$jr)y0zGw(cB-(iv+tBJ03t7322zN9}}Bjv(VY zdc;*|c${tbAU_!+v8&1gXITWWlIwUx4xE4iS zi&}0P^J{c0Z$d}Sq%rR)x|Q&GYUTufky%tEawu%B)7wA(Fv&V?kz|{#)$pa^`5E88 zuxFn2xLMLEShio{o1JFPK$w7P5|#Qjg7$on-^U_-H*VKkX>NFgz~K&G-!i?NcdTys zdj09VJ^v^_xz(a|>Jt(}{i=U~#Jk|~G)$hF@{Dg9ILhw72^(&wg@`Zf7kQhL=V98- zeIXgPoR0kltE3KZ7>2FW;e2C>&}4-Q^LkLU!Rv}Ql4ME=kis<1bh^cpLL3c2q;>jk zHik>$2;t5oax83&%&_ep<6pN*kH{#wFmRnGo!qT)47Jcx*`OY*P!pPF`e9q?+^xSf}fq;rT0n!3KrKvP4dF!Y$ zN^jL9C~MSFC)LT?4srJAA|ktQyI)+1=OgcbDr~kvowM*-b1jIs*|CGWBIu;>7CM~HRX68o zHSu!`Jy}^T7CLvnH7ffjqwBw_#>P=6w8U5X)S~W!qW@6#YND#uo1?T`Jb@K^NAT1aQX)zpb%3kD`CJmMe6g}d$uXQ=qy?be~2y?|q9nUrf8fL6ZKw3F0tEciUKpOREBB{frxoI8J>Ra$L#BoV!LMU@S7SE> zY8FS6X_G@R^y_<#z<7b)YEd;GNc2~`ALrioHTfTq z=lX*9OBAyl$({yr=c6Ew^jcSXXdd?+G@DBOhjOLk%`V^t%J@pSZ9gpZmjns$!(~;1b~lwyy~&LX*(6HPdyscZjqiXwjK2Mm7~Cb z*qF1m!^EpZNc+wkR@~NW>OzvC17#P)ZaB5+9qvX#dWh6C^%joGNAVtM2FLWfm;F^l z(%Vb_n!qHN$0_mnssp0*1JFi1&5qjd(J2XM9jPPKmsHMy9{8Xe=?AF2VI8g z+yse5gEVjz|s#kwU^5GlZ^JlAyjc_j>9L9N-#y{;mZ<*!^Sk#OU0VsDOXGcfTV4!2cnG`U9#b_O|qn3jU*! zw)3orPnWZaY-~a^Pww#PR`e=XO1t{gh&GhdaarW#!P5Rgr26(O00(BZ@=KZQU+Ux4 zJkZeKY&9(JO?-b}_r`t@Sk|FL(pe2e!J?#%E0a=e$3fvcoDqJWYdTo(FsqK?o)act z8B_MT*L%|$2Ylt*+?exUT0C1`=!&J_Z=TI|e{kV@SoR~!+iu;jiYj}TFSFD$x!Ub; z!{r}$Ev3lTTKrQyQyFDmOOQ%GoagIv*gv_)>(u4zlLu+3N`t8~1~U!Ul~v{R$5fw3 zgj|e@i{^vuo2SRdr{BQN>cc!_QQ~*=@Yu7E-I1#Q{4-0aQ)e&(PLTsNHw&~#aJlSY zwxPD~J~Qgi|*&!0C5=i}qL zJRjy$r_uTCb5PeA(GKMGZDDPT`Sv|w-r=x@Q;}t!bY1kzOX!i?DEjgexF;p_IoTak zTyA;k=T{T)^)35e5zI-Hd#_7KUKhpfTBq*~Y{&YHtyk5V4^!^!^4gO>9qa2Un-3Os zQSrSeyATmLx{ctQH`>*Ks}NdiP}lQ^faMjj@wHtd%?0TeH6?`TvDNkY7mB!Qk2A*) z1s8FW2s%$>!+OtVXM1_{zdMK=5-Da6WZF(%^BVsV+|!j*t{WFMJ1Tnz2>P?EHq35O zcD+3{sj}!U&DfjM?}$NdS+SQ-HhbRsnSq<=srr+bTnC^X`#m#!jn=;SHmW!;^w7ul z5>`{E)kJAo6(7OZ;M-L+)^$@tcWM8{X1!zLQ2eXFu?iQmL*&}qfrhTzkhW#JU`2;? zvQ^~!;

    KfGuw)q^{#KyA4ve#@%&{RlsDpAh;Fsh4=u*ayrLva&i9U?lKKv@4EGq zlu64G{F=ml+K2FD(DZJ@xpBbGH5Jz7)sfNCw{sRD+iDxxwq5x=7~Gb^+H0n+zj%4! z^?1B1d-ewSbDL29U-nhMQ;2~v{4tB0|Fp7Q53>Bc_5AyCh4psHmYLNu?$y=rD1%f> zuk*wE%(jZEhCfFW!{P*_xE`ZM|KeXL)L&ka1>rxbzYP2+u|jYsY7jnGK)ONhB@iQa zch5o3R4z(7P!h0gf^?UtgP=8YN&^e7Lvb}aE|R-HtBIVRo#j1Joo*=_jo3aN(+lZi zPKEjj9w0BGwxJ7zR*7JD_vLQG9&9082QH7x>z>4(8o@>Q3qH7^NML*G&C}1{1G~%-;V0DsR(~9v!@sfzEUn=BCO4v|A%1c%M<;s`Qun5P@g_^$7=Kh7I zc~FU>AzX|NauJP%7FF{Yk4Nez9<8Tp-uYr&R8G1ZDT?jHHTGxCJ*FcHM_KiIKUG=N z_}VEk+hFap%ljSJ=`Vt_lC9I9F}R|4j)5J4oW(2C1{y1w@h1*pvDNn~ToZuzr(}Z* zf0~s73p}80bT!X{W2^SfJ)P7(5bC_|+0%8)etlc%EVm!bj(OD|UQ!2HPKor3Jl*_W z=}ySOpT2us8bkkJo8f&d+CNn^zE5puL+@-E4>)0C|5@D==SIDXui{l(m`?8fa`>i3 z9antP;yvyNNDlyUkq7L@g(1vODZTuwB4BeE0n;BFNZ(ELYC|?x`|W-nU`YqUIq?Df zP1qb31PPWM;2h)N>^LKmJdSK{teT3Ex5YSHvLI^jcBkt0`s!YUUgKV7&2LV|W`jJg z-e35>qa;wEN2rjH%-l1S8TI!zTRlJD zADECR;gmjl@r2T4?RM7%9#|Q}hP#8bh&>839w>jOZFYYOIY2al!Sx2+u|p!FK4c<% z{s#5RVt?~uZhoR9QYb=lxUM!9VuJoezsbaBmM5^sWIf2vR4jZ8ldkU9@dGzhdR$f6 zuW~l}V&>E4SVqSMOs$+~#&D=ar{BtJH*i|dDi&JwI z1Z=AHqr{(M9fkySE8LMeh+t8JsOEr=@u{`T_QF`yx0G`&w~py%C*nikaJNPw^GZae z`A+*?^-y(nfe?Hz?V=%ZR%QQys!{JF_ZQU@apC$o8S^@1-&jzE3W;cjwYR$zD6*s7Z*ndn$85Bz5w45f24Eoh?{B`4KN zcHv`9*+)%?Uj5!0^gte@;1@7iR` zxwmCel693xynWy42IUi`UGEutsD|5XBh`WIJjIIh`mZmy6c+G$c_FdPqF7TxvJVJO zN1<(3g7sgz`pEM+(2az#-kgMsWrjm1ts*FtHY+{j4-`uk>n50e#45~&ENmjX++vdz zV7$RU8)jgC1zJ%l-QqC9x*by}$~YJ6@tZL2Gw-YywxrquwN#sxc)x6`*f29osth#d zt;dQ0iO0D5<~1?k_GO(fKw#Rsu}((tv^drLwuk0y3^uccwg&9-{;0_L!PTN<;%*_e z`;G9;x4;&?+V)l_q-@4ni#?M`zYWu_qqS`g|NA?A@GXZDO-5|{BF7V-Uf|sKWh{%r z=#EBgw%Z=O^x>BOv2m|PJ-AzklwTOp5}^VMHdf%c{mEWabLN`wnSh}7_z&T5=aXei zmkBdG$)?uafiaw@UvuLv|b2hOvyw5J>w*DhgWWd^DNt|(fs#MbFGh7iV7Q~pA;UG$C%Jbb&GR}8n zbDpY06A=>qHJOLHuOj@bXjP%%5?M-KpW%st#y@%T?p_s_NL4h7`QvWikH*C2ZwRXW za3wO7@oy(j5e-pQ7{>~vvD-m7*n;8x6E9{*Rj_R5|+`z&MHrC^=! z=i|7Q^G5Hh6VmMg(_D>t(WQ-CjeJxlRpAPTuR9vx;_yR_Jf?uI3Tz(Ld{Q8l?Hh>o zc90@wZX-81AN8xM0$L=M9m(I1B1|tcv+X~8Xm?e(|IN{@kBt3WmLWs^2*i!YPZG5e zvHNJBFT8**0}PeHhT@OVm_1?rwBLp;zN0~r0$!m8=qQoqzK<`qZo0lSpu&_ zhF8UJJZem@@nv+RZK&aVY*dX&S1OAA)9y@6Zx)(wfCA15-G7o&o*!MV{qEm`T;uV@ zWJc(z2cqAfj>Qgb(8JZ3Gy-sB?`85osD};qP>&{wFOB{=RqUr>nqTyOBkvs?r${RZ zd0o`sKHL>qIw<`#f|TLA(g?*V{tC&Dc)KdzN8+SCmXDa?G&V5Q$Kh{EN0m@<1piw5 zYy54kcEFeJ@9Q#8K+Ox^M^%MY+K)g$AU^%HRCIMI3+n1fUi?>8b7~+U4Bx5L#fdI= z+@2;Se@ISMfmxQFO}m~Abar%ieY92wk#xDdlo3J{<&(w9$cH*l!)`wT>yz}r~`(Aqb7;q$Yu&LRoR4+eBWYKZ5@tmNbK;_jFLdn z#m>(D9%n3(S=JXD?JC$ztqB2Jz$j^W7>n|UZIFxD4=CjdV<#gz$`A_Q3xgmqH#2$C zJ!-mqB^{BFkJ}KpJ40zBX)8*3OO$MQV~5Cz7+Q`Nrm9aOM=s^~S(HK!2dki27+>(6 zwXP_kT*CVTU-rMHa+4zIA-W9*BbpV*2#-Z=S&4P|C!q3JWvJz1wn!6GX_D1X2+- zlp1WD5xAegQ$!<4n`&Oal;vo!tqzjpjfzV(t&tTY{M0(B5fo)e*(z1ntGZdB_?RN+ zq*HpL;e%g@kE0f4t6*2Ylt)?+5v!`eH&Q8reCKg_VaorOB+O*&dd<6<eB-bPP-AC7kx%ODQkY(|;?*2pu3eBNf%ZWnE}1|=rb$jRL^mwd?h z662Mg!!VGXORSerJlOeAcK6jZ5x^^VzrwKCZu(>87j~j5tt^m=j$kj;>%fQ^CKP>9 zaYtij3eb_ew<`G{Q~}jS3sqGhh;mXn8c+JYv|HS%a zaklb(qwuaOyj!#neVtGC$Gbz-BKU!-8Td&~pZC|gkBYsYkC)9Lvk^BbOYidoSLeDh1k3BIi+WXnPNO~-vg(eZL{ z61@$f-?CDT0Tft4Kk55(|EdF#4l^s7gJFp}M-Y8}{uu^K>%_Wx<%uQHB%dFlpL4!) z;5jw=C$**0m60YeE6RW^XmqB#!I`4mneX;-eup}O0sQg~1QXM!mexUa+;|gP`p1e3 zN~9Dlia)_O0=j`FDJMR7?om0Pt?Qe(7xmJt9VCUi-dt(KXwlZu_B9NA=n~Kw}Q&J1n18*qLnpOPD5ZJ9v-{3&QcMm;=9?L$eNkJ zxtsJb^WXqhngQq{?}rWq%5q}XxYX4j0kZC`<;EM`(%<57S0nHEaxZ_K@~C$9Mi9(? za;s{k7+{;EI*#zrw(4)--qc+Rw?!H}5-tO@C5p@&WbcaK=G*~%2~3E>q?+aNRti!b ziTF0`zW4oM@UTv7<5oM3!e_j3)^c^~3m&Lf>W5h18YKi72-o>AQ68f9m_E>N$a4i& zof}i*BunoYkAKkDsZfERp$)VyL?pcUQ8Tn`!;Nd2hRSjBsXrHyxZzXO4iw<5z%^Vm zPL)(RMKrS$ZC%JV_aJ6X%EPWm3cay5KDkZ&b~~N#V_kUa7Js1xSnQ@Gh)sk5hUK~F z*p$o{Y6n*{a&i7mBYIl{_T8{+KE$>&N#;Ek3_rhF+vKrLGENvszpyJ(LT|i`-)P}0 z{xqb8Xm8d@?idwkCxj?#uq*q?Ophjh{iv@B!@Aey?Dh{odeTJ>#bc;Nt(iqj3_vwA zu4!8$Pqk1MIHORYfNPo|xkrk_r5KTVLv8V8MBb%Wk?K`NSk^A`fAgydF9J7&n?l8W4IA^Go{1vc=(7r{iv; z)S&{NTVd*768gjkwTeh)T_TN<*8%p=!y+FnuTr5z(=u7sG?Uy(LP>}&pT{5120ma| z*usx<6LISWh|52-KkprBu>~A{`SMu+S40@hfMJk}~tt?TSGAcADQfnNaeOo2%a*!9Cl?s?tkiHo^RKAGO zkGoRVx?dEcdh=Gjc;=WC4zthb_r*B<(sCd8N?#MtJR%cSQKD93 zT*%Dz(@8wFT45w`M!2y28IuIwEbRx!IN~5bgw2;MLrO*gkG3#1e&Msc5yDN6wL~}f z8_qoPhis!r{~~J9)b;d^w{`Z>>sZTp|bj6VWF0G;~JB);hPLK5p)RMu=V6$`0p<)|rJpUb4<*+f&~o zEX|XIq_D7(C|cH&q-N-9O$xnRPlhp0qE93vi--kJP$M_q61?QYgm!)s@{onKX&pCY zTsJSojmzCdS=ntOtNsqUjM_J?j}fi&beVHBK!5)2ODrZBfFl1$UVft|RA0fpsF`M~ z$H7{bUdqOInY@y;+^sg5+;S$Y@bB=x_AuOj?zk*5##85~xM2r)GM753AaZzG0U&=R z{n0~dnJ+A23UD?xFuh}HT^LOlQFl7n{nR0ZIyPo*XkF+vfckZ*N^Djx$)>=sbQal0 zz(Omrlv}Md=t};q!x!Y{mtl4BJm@Q@nR26}LDn1t{W_dBt#2FUL~_spdt+cuF&$yK zpKDm$?>P_XxzS{eR{aaAdt&VEIVx9hnqNn?EaXwuNGoPs z{j9MYP^D*-Vuc1T#-x~&Voy;Yl}d%(G999C4RD_QyjYG?IE|=wP|>SSYQm_at(qGbLzat#2zc$xnZARf*jCseXLI5T5kNK53#QE36<1C6W@K1C5 zH!?R6`kiIGzJb;f!nzhS>>vo!=4|4gS+Ti5REy051C-?-g(^O*IF5Nsm{?PVHVkWh z7}BxcDzA^LGsUm6(ldBN{k6<{jyv);N8Dw>ftVC)-=1QcxwjZ)G2P~|M2sd9*-}?> zNnQo1FaqM^8Y6MyzilnZhZo$#`z+&`ZRPszwr2f`M1K6(TwAsc!TqhaV)9!KvWH2(zs& z?#vN09>Hb@LA(FDE6elBNR#B|VI=)rda@oyCSefANH*d8R?*eP#lTO3n-QbzXw!8d z;XI7pVh-KG%_#9Z+qIn{;@)Q>xlDP9&5$3vMOqhnJOGg!{>iB| zm(k%=07c?eK7NlQ;vV85*-DFvvyH+&w@a;{bOAGyVTcApHc0BTF&34>tVKelo6$7> zd_)071am52GOAXylm#KTFo^3Xn>ed%_B0lwlOpC}1geCgNl702NogW|h*Axc0QTV* zG_E{L=#OBtf}qWR30t!x6iIpuG4RrDx*j7HlBoeBchKUSM=4Z6lAufsB6ri{GGc}P z4`?(>Vc7J2k{O7CI=m9pr1e=CI?7?TU(jg!>#-pc+(TbUOn=41g+{^et*4{Vj7A`r z0LA|%o2aT?if+G)M0Nv;wYZe?LZ3~8^aqLy_-zo&)0 z)DfolH>eRCoWen6&nm*Tx?$QZ+hz@#6P%Yf6=%&+KJN(_AsuZgr_p@ZVqfI)TQH{d z!(?5Y{^8y(mNe&}{B`pG21xS$6w6=maS4Qa!l_U{Dj|e&4qJ@|t9^Ur%nu;Rej%X$ zyP-)O$u2Gdy}&Usp@Z;tMTC;{_A1aaE4-0`di#AzsIKVrNk}#rNc-C{Obo-Kz0huo z`Ihy!*Z!PA2q2Dr*{;kEZ)){tVcsDa_C=~ zbxsApXq?}FR%V=z~`}LAtT~e?kf?!ltO(na#vrb;WR+@C#c#>IMwhbPgVi>1B-YV*o0K~ z>02;Ly_Go$XD!Ce(0?!oKUr0^!it%;^D24&{4=(vYa3xdDLsAIR}`qxbVn=B+t4KZ ztt}nhnL@oja_3uCtxdX``G)NAW2Dh*w<@$48lMfTtd*c0#ZCl4Wi(~Xv$Z5F#zgvv z=5yjeL%%r{sF=34)Rd#_Uga#zN)rFmIBGsd<4yH*nwzFpq-i57GK&Mi zCTZFRYn8p3yT+lEyS~T%E#@20H^w1x6-*IbkNcarRyhSD|8b>3-xd?(DfveXD2VTv1R zduF4b>qqFFGQYWO|ard?@@Nn(~NOrGQKap(pKIrN(S8HxMg~Kyg0!mnH!eIaDi5!!*r(e;Io)>*FQi#<~tV!c>ls!Pbh zA`bx-!I35vQ!8>w_(59WZlHeJ)&$BT6gwtB)jz^51{6UIOb*4z&{id!D8JRXO@QHE+Ois~&ziGnyuEqOk_A za?_~K@@uC4WWfomvlh6SX>_L&Q_n1brBwsG^5#Y?Ge`PPi|C1F5a7Og+q)*A_pg%K zOACBpFo0U|FPGxCF(ztLn572O1t?(J+@nP_W+*{ ziM5%)% z7?1Euma5trq;(SWnALuMHm?){db4H*oOVr$%=6s+^X4c07nL>Ps4sFMDN^wu9wG@O zykL;`Oa^VK#IUbg;=saR_CGryf1X%xQ94jsRgA@@fmv_mF(<{DhTUn9s83;}ph9hv zZWB2VQ7+wy(17wG$sk*Pv872^ z$E%_~C#}-3KJx!MLDM%^odV_yRq(L9D;KvB}(c zS?5%wU5wb{jP>i)&nVoFF#G9W%xd9V$f!x{O^MPMb;N#1T z)+~dK%oX{=Vk$(5(1R>g;3#drgvzR1>@65NTW3Tw^Pbg~s^{U0NjlIiS5I2(Xc{!!JEa3G+3ZE`G|eB>Fog`9I< z`DE-;cjlmiEMao2xfqgziYUQIB0A_($+uV*^#8BI8KDMP5Sa9g2{er~>9+@#27c%#)3J^?w-nEDi$)J6(d`U7 zClp;v_wA-sWV7jq7z8LU?fiN$m-VaFzm6muetKPBdw#8VbG3fAE;4Y2wMv)F$MToU zvV65X1YS`EZwP+Toj?-&9y149v{81N@v*CFZ^{3OI6ZPQwWW~BDZq+!|IudR*?D56 zg)5sxU0I>(ilpby~Y)Y#0Sfa0558M$yBM z7$r&yRg*{J>FIxe?gdtBhw+pExZgGE<7zQw-29E=&w%#F4mBB@W9?`;nU_$G|9!oJpQ4Z=#)O^EJ^%xR`d5Z|4X9JMD4s~XQAe8_R-+n8e6Pa7KkbG*#l7!j`C!AnbT~{TQdfcES z)yN$2cPK@cy4r#4K`>KmL}X0~pt=MWY^tU>SeVvbm?rmKuEboO&0{81?scl`Kwt5N zzVCG}AexQ%!V;F#{JAgDrjWU$g^S{~&p}x?)8S#&+wp83W@Dk@1|ak^n?PN!`MR6) zttI)ZhTh%Ny#Q08;!kTl4(qjf7qf@;G3-YE5SEbh_<~gqj$KiO7JQDB*QfQSfj;w? z5ESWVtoW0T&x2*;=Zr=DWxVf~5^gi1Rj-uDAGI)FQq&%_!XjMgv-qWI$iFccNz~x8 z@L{qE!m7ycm~L~PQp{dP0=t~$UgUb}2T&gOAtx+*^MjvSvMa+i{GW$C8Ja})2QsJ1 zx^z4|Juu7#-svcznFDj9e&^#o*4y|zw$F%E&UyAA@FsFnIGmw&M>M# zHA4M2;NXtkL$J~`RmzPajK%^aK`JZ4)XKcQ?iqB^BKIi*^5aAs|E z?9d;%X2iFD-8$ZRxUq@nc$}=+-rewQ`T7&mprWrY<|05hUcg_#wM{w`$D}NnS+}hH z+se`GvyOXP>bR7zf0p0v{K+cizLc5WlPS*pBzG+#`lRTiJo4IcVZ%u>e0=v;s)-><1EEtCxo z;?HH3`DI!-M$W(m$sK#46dxGN6mYau8qS;*Q6Do* z4c3CG8tOb_afzE@{(-7}HS@m@4IUl&z%}W^(c4oa4ckZ%D3C6U;G+bgq5M9EA_&5g zj~8C?-agZS8K(#oXxw0XMMm?Tb3%GYDFJLwU&1Y6s#%NZm$>r=`({cdare7lvY6j? zr-KxKd2yC|luvEg=4jIP;3Ypg=|zMh zz`;}zwV&h2XACf1A!^eGg>FI}r>l{BH)^8;I6on3pAB17#yZ2HW}DL}N26bguXh(7 zoU1!C<{or+-R*yFvZ6GP0yit^N+TPP>qd5SoLiDd8iJU{B|mtAGEeg{*LbHY{s)SHTE72TyvK5W-7bxBm2GL zUFpW&k}cg2&{-tld1cSP_yI1a((ss*EW+gUD7e&(qqc2CJc#Q$k##h*3u zV@pQj+c#dVdV2KE%9lq32Aj#*Ss}g6awr^Gfk_vqL!JOTfcv2-@0QiwS|YD^sSG7*n4>2Ia+X6NnlPXWCFznERcl)8DSVLgUQaVO#lialu>b zx%9!!bNX&+!^pm~Y>tiMd2X%BJ}X%Kk^ZB5FL?$##JQI+F#7>+%BKr%)zGbL#Z?)( z&tv0d&y*^F7{ldVpFTPU6Q1SGJe5Tcxi))|c@I8I6Xq8VELeAN3qF=+0FCLvsMv$E z+=1;?(Jo(iY1WiwEX&n3EEj!Zw1B^gAVaG1XHJWL6s&glivQp0Be(C(>z&J=220n* zCh}vJqPOB0#Lr^Tu4-9;!cBD$!PCPcOOtJ7zgaziiG4ZQniVB&6ll$=_~)Wnm+ELL z&dA@DBs9X7U52%Yw#AhxILXZlro^lnPJH4l+LnQPG98|35C+|M{@9w4xUbu}Img%! z4+-wxrBvT=W_A=n)n}!1T%6vsqAkDh`}A_v?&9X1njn$7=xp4Wk+`_DGVQl#^f{7q zm{g<$ z_OpW(rE0XGy^_FS@P3x)rgr!p6yY5#`JMKK^}sgXx61F%XYXjC@(IQP(Jek%9Bf!) zqebjh;n21{lKsnft?lUhj0U`4lJqEdz-$usDvM8BN~Mx3mN3%;ovq9G=62Psw`oStO05r)kDkDA`di?>N=j3t}1>AP$_ z7jeHb`wjj`7&!dbZb}%~*|IjZf>{cu{EGoF{8E|m9q}6XQ_La8!f(3dn2|jJSZHCyJGJ5_=_3=n5NpJ z2y>S}?NMm(;7kEmA~r;pL07oIYPZTxyFFX!={2V8uQ#7^o<5JCT?Tg9V1sRz3M*Ff zD3c1SWK7-!Io6B8YAynrH-vSL~)V&T%H)aDwH0=4ymonXCTRs7I@LubvvMu3eM* zS#V~Xu@1hg@I|j@Y^)C>>>0G)hG92P!{=WD<4b>HZ}~d8pz4cnD&HrIXh@^>dGNR( z>QnS6-{XsDj7mm`yTgc^dB2uj0xN8gBGX4H)qzzS1>ALWzoU!CEdnj6M*6}p<)~~T zP0d)QjzzurzX|V(&IS~a_+5%-`%?cKZueZOd)(O+zE6J4x0*lS#eG9ZvE>!5Dm#t; zJCBPU4AS`P#54c!yVEJP-g0(W-0f0swxmTuWcuOjfJIXH;!cXi3@1xJzv!!OZ=r*S zy^_PWZrAl4o7d=*klx$;_arS{g)|0OV?yTX!=-!unWB&7*}&xOZ2u;xxDNb zTSZFUBrO|7uU{I`lBF-#Whd)K6dlzleUe!DNy-UIEgs7&&SS(1gRt5xBnB+F5hkSK za^f|kbwi!`CLh2rAsL1$+FzHIfek0jl3p?@!gP|eMsg&9m!diCxPhvff0}J6h4*|T zlE|bTx~k%qe}_A`Z|h?{z1+;KoSketU`TkqQxQgzU^)DFh)g;KXT)Fi(pPsD7W!~A za~^j;4!6&&(`C;gvfHEVMJED66`*t_7^g4?7YXeEtCEW_;1nKih?RZo0{+3SkAnNQ zS2I1?PAQI;gSVovf<}r^OWSkGI|3|9gtQs6O-nT6Ynw6qGB4#k4&QpRM_Bf-o@~C= zI|1X*92Nkx%#5t7LcE(vnsP0#eGTCPEl`-i)tDyL5-@5Jb-TB-`Pf~|lH-$zixW!h zt{V4TuCDs|qfGmpMi}Mb)Ay6M^w_hPRzJ=Mw_wf&4#UPqp>me&+QyN7L6=`**9R-wmcTDB|3_T^hIU7rN?0H+1Xjg?rygE z?#0K4)huEZVe3*iLjGSmffk|XQ=$5apr7CK=8Z)KDRrx0cqu7zR;GGqz> zNu-P9PMkwfo^~6~A=JpW_7k9K> zUA}J9Dmt-wes+y-m-88LhC4E$^oGtKnmmMh$QOkm?HOl~l~cPk!Hq%ZInC~=e}59} z;NXFY#d@*ufTWCbWRA#7kuKcG$oGyGC$8Q^c3(sk^zQrJ+w< zf)bqmafevmeYXRG^6FXI@~opKl+IA)VUyHAO=~Cb_5M!W*V!cl)Bm-*e8t%CwVkUS zI$#K109;iM`;GvZaMy#T%BLhOeQ5QQ;L`5#t!_TDB8Xd1#-}QaSun{c=!?U>odE8+ zX_iDivPr?zG3k~=e?v0OKt4T@rtGdIYpT=E1wqm^0uAd0n{qv~?b`R@V@wpBir+7^ z?^LL%dM?Idy&TO9hhwetdSZUf%pB(0jrlR^viE1%saJo4Q73y9d;?Q4-KrA0s?^R4 z);hwdGwzceH60R2vV%-D!Wy`-SjLO$>p3+FcT`CSXN1nVs|IHNikVmCo4kw#i(Kix zl;4aD8K#D7!PMTm11Skp99XVnOj8`ahFx9{N>wM3A*1}q>{a!B+_AgPh6PDIkf|TL zSKBA^8Uz7u|4b1C+_V`=Gi>~8jCsd`KU~T2j^R>6!tM&W(LZ61!C(OGZPoZS9riT>z!k?_*5f$rEm&8TxnRC%3xTm75ux>Z%k^%A4v~&doXx&dME-fgz0HB23 zrc0G4kAtspSMxFEBX=I>>&@?hW!!-eky#pKxL-sT))%9X5PvQ`qWnI|JK65Y%f3C% zhJ*_6!u3a4A0!NO)VGfS|OH$sxsuqoa@;7V6i;eD5)}$Z7wr_ z@tDLY6gXjX<11j2s34jc38vMfDM-&|sLb0Kq#cN@*idz$3!w!7Wfi81n~in{Wc!Zo zP#;a;MHJBQO{SJ3o=k3S7Dgs=mQRiJGY#DL4q~T{KdzzreNmd|;%{&lg?_}tHczA( zN|tb(UD#x6?GXEZ`Z%$F^ zz4|NQ+YoI*{I0P3ZAGr{I*Ib7ofhVE@x*-X-8ZNJ9=m0t=>%Z~t2+|U?PWA(=oB|x z8UV;$@hy4r?1(uZErfdt-8!mJZ=F?J4o}89F>zY+T-}8O$rm7Z_r0v;=^^P({q>W> za9*`FfPGxTI_*G&fAvwp&;Uy+GtD`URtqF!nVUTEk9xv4R;QYMlpJf`qS!K5ee&PM z4m~mJ;Kqc+a3;&Tqpi2el7eXZaPYK6Z++?yUOYOx##wz~LFK07*ebdGjMz2|l@&ih z-wyv<*Cm%?f0c2#qAtk7Z)IXZJY&n;fr*iVl2kl3W(^KUz`F^F_ZhndrDOL~y+f(* z1n^j#8y}wf<5S;p;<1=(2KaBKefX_F`IiIFeGKtuDg#AbMWHiMx(a7&M`|EJz?#38 zIfNjzf-_J9AXlb75g2GHpZ!v1_~Rp z#Ql?=x7v4e)VG?q`n=b6(zp8RUFTtS##$o}a2%F6NF*^GnUGe9L5tu}!8MBl>*3+{ znZWZas5)vtqeUjL!{GvewBI+6Mfw=zpGchq`KdnCI2Il3{1Xy@ajpi}o4u^`Vy1Re z;}wV(Mha36ghfJ0@xHw&dj~W8VOP&Hh|*eh+KC`-g?G`BxP)91(Cql;!9Fa!0;)o* z76ED}B$Q`5;Dap^T4Xd6GuxD|Avyz*gX6YC9+%$6Kvn+i-V~{O51wW>B07|TfL*cN zGXywi@;Nh1;Azy8tbMa9c?n4wih&nzl1tl%{xf@30A-+-(8mOxO(EG(8^)k}S_XV? z3=gM}48MSYk;!pG*WD=*={GClI+zF%y-ZBr(FoWA70BnfMyehxseix7>_W?`?xg$E zBvInPa+SbtsYH{m2k#=E3>wzQv@!P898HJ z*^&AY=r^xPfJJ7ib!4g<&SE3(f@W@gg?_Oe9+%0iT#l}+TmxsL zu)Uoi5!Z%RZhw`6T^yh47QOnQ3CR{p)0_$gU&TKDSDl$#@J~`DejpxOf8Xz1m z-Pv*b+`w?lDATp*fXfTS)@Yu7^F>9jr zGpa;sMCFt}a{|f`%~OOJbm$Z`(S{hO5;gQ%fuClH;@dts(f2J06%TH~&K{hj#Zx~?tK=qeTYN~PJ`C3c(y>=dSQ{^nYr52;V;CTbYKfs4%)Xd#RjUzfsD~!2X*`-y zXlJ5-D+*H0#2si|dgLS3z2n}q0u!Y!DNA!r_Z+COfaD7;nCE>udMh2I{ z=a=TBlwwq5lP5LxoOSW-X>AfCawO~c`xv#ojnF)`KVR-%u!W;I7(PvFzxFIWbXQ0u3!OKF}_Pf2U?ZBXc++V;ZaL+X!BR*E@y_U z+-8U$I!34o;b&Cg>eXeYRGIiI^c|>WkqT%V+M`L^u#zTS5^x)M(?{u^isLWyqJDb( zx~dBhea`;m5^Lhk_#+El&RdS}v*7bI)P=g4zc(9QEl6RB8(xAuB!cC0E7j5`ouN8X4RHzZx?Nz_s$$47gCs3L1|iL zMmXIsu5fT%Z2?_{6m(TXaFrQe-I1@he}8rK!W<40Sph^=P!d_nOnAqpGtX-aOkD*~ zS0P1R)!(&XnJPf03QCzucS;#`yYp_^M#|l~>OBLdRN?6U0y7RL*F?8XX z7_BU~2F(2cXjwt4Wj+1T>jEBMva0P*Hfq?yJFuG-;ARD_n^n*sEW3wyU|%c1*9ux+ zOCMnIO}qmWTmb}END*9lp;$)|nB@v!xk8HNsy{EYmKC671*MiXe1@GaFRx@D@4!e_ z0Fo7yNR}?Tc+|9$cVI6oz{?6sFH0ZKg1x-&cG2$ZpXKi89hlk*ptgdN+A0xq&3k$W z#<~Kqu8_jI7EUKCS9J<+>K$1A3Xs2oQvNbTSds<^jD7{6UqOj}J-|LYfzhr2v@0ml zuKKsx2`q61NL(Q$an)Zd8QBUzwt^Db8fK!Vu2!CQKaFPM4hFra?=L%N{m}&7(H;GK z`*r)by?y&yh`=USfXNk7CfB07;^|L6>M|@+&)f#!F`kX8R#qK=k9~8-VcIKz_6l0s z%O2a@zQ3c`Xye}no9LRO<^BOcub>6JRMDCrajxsoyFyCuTEQdEB^cmVP=Z_fM||;P zP;C)C>4)45dgBe`t+8?O1<4hZB$qBW?nuRV_E7-UPO-VYC5F2K;I5E@yB6K+TLqV- zj;~^|?h-R#0Ss8sGGK-f%j|j|*!Bvry@J;EG6ay_Rbs6xKI&M9O?t0G}0lbCZAFYjAsSlSwV|uE%maQfhh&XvjXs}kixU_hi!^( z@feue3ZS+^irQMiZOb(hlvYquTDtR^KLedvKD3gEJWlFM4|Q<1ep z$zWChm=#iBR`%ztyYnK-O^aY@D?r)`DQPP^nz=3eCOdkYgWxg;mMf%KuJS>c8_xv} z0#`^0Tr0?UT;PCi1tq$rJfju$F}W8ea*IX8oyR;QWQo-qp+z=8!O z3#JRm+AU+(E5P*%Dc7t1B*o@dfVmZv=9Xsl_>}Xg3h*>p{j;(4u6m5CM>#xcd~MAC zC!6o=k2qso0T@?MVq6OSyn+jkerrEJ*x%WU_O+h zA2aq9fPDoe_O-gDz^ruzXk9_8b?HAaPu}-3aM2cnT`hoJEiKrkZ+wpU(PF-<1-`45 z;=A%%JxRm+)foH1p)u{YnD}ae_-ZMMFa5nux5}pZr2oWi{|RkZZX>+nJEh5uZlcl3 zg6)?tba^IBi;b-ojIEZ|*itn3+vV!2`{ky4G8o=I{m-QeRf{>U7C5e!mg6!6IybBJ z@OOI@!chpKP|lHBJ_uu#YO%f5g1yyB*;}>0I<%P1YJtvbY3Z!x&t9Q5&@C3TS`f2Z zS~2U}4WGZ(^b literal 303082 zcmYIubwCwwu(rY>r4HS3NJ;7LM!GwWG)N;2(ueL;58WjwUD7R`f^-W=NyE4LyZ3(n zfM~EF3;78PIfv^*0@3$(BcK+@{Elb6&wwyQ9Z_sR^cRTk{dM}bgkZ= zqhmWiCOl(u{C_+e+>?<94nBKk{AU>XbL8(~w*-5g`l{*C*Q|#+xC2=SO}k=G*el6( zkJGmb4XeY!nAi%# zsZh3;jVm!@#vFf4-!lA%p4r2rj`N=_SwE~1@!^E5{_~QJL|JmHmGDN4?vmFPhgG_H zt13BDqh@fUGNPiD8MP4E$26S{qE&t0p|?1mU%Wl-7Axcr56!b0l{kj057bIr)B8qN z5Su*h+ElFr`One=`Crt17C9XLFdn-1XUgq{|9udf_#%($P9Q`L`M!V$E42A?%s>0d zYt|UQ<777{OmfTX_x|Z$2 z|4t{}=@`FnZ=-vbtCOi{YVXY5$z`ufGl#$Oz$`q&BJjou*I8JfXWHLy=k^+Z`Ik%U zB$Y3`+(%sdEw#ATBJzeydu&S^J)ITD;Qc`5;i-dM{#0Xpd6lieCe3QlSXwkp8duL}$IAB3o zISeB%k?f~MdWxX(HE=QOWhAK$VG_TCLqGg^kX#gwW*L7l_~^YolrM0`U!8UaqYGST zT$|(^Zov3m-1esG%Z5F6mq_bo``AwmDJ%1XmRVDaL9^&1`_`-UW|?3#>tuf7=#KF^q_U#ckAHf17T9;4fVsR*wb_}m z&~PY@Q5<7V$(@2J+4=aX<8I*kNw%T=vQt0k(XkY~H{bcg>v8Xiqps{QNc8H&@5@h< z1`H!(X~8E%ER5wY-3M%nlBa?D@z;(uo$!G#zwEY+eCRuUOdgK>&iQLH0(T5<3WqNh z#p)CJQ}L3%o95sP?(sTPca5G9c78+wtG)GMNI&x!?Tkn{!2cr5p&0O(W+wJnB)sA0 zgM9IlD#SPk|2%&G)5$sauC8&;md{KdtBP7>YpSdi--1p3--145m@2qDKrr z&70~FuC_%!u5FDyRb{ZicMN5J+78uPa8CFHthWpHF}5-(GmYXL=hm`#$!MSY36ybY z38HQ&!+BIbTDmLv)}7z5!bhM&1th)pq57W8*1gn+qrPM{@aWOSgHhF(9gBwsIP#Z; z+sARy!@F0kD6=n}i_3DB@6IX5A_I@4J6n8LQ?WY>I|w)`f3Yi6)kPWJJSTj*%&yJNoA{4Akz6$%|9l7OycviY6Z3cR?n403Vb2X9xRQM{8pmG$5_ zsWvufTL5clsBQgs!^IeSMf+qD4TxbF4_X*gFp16*ljLJw&Q}%@I#KGcD5J3Ph_b+B z8CRCqN#EY96ThP6G#Ya=+_HV^C<{f9Qu!A9(NS*1@%z|YD`rg+945Bsq%^z2v|n*+)|S|pQ6MX#;^B6WD!|IHrsajEh=iv23utHf z=H*)^iCQL~k`a@|G~+td<2p!YzrC&gxLefFC(lsW0W`NKM+sQh(~m$Nh9{dzn` z|Es!P_k3D~pj)Y+Tl5FJ^2EG?-GMtVDlt{3z}xF{=P9DQNfK;|e*c3}fhi_=+th-I z(*B5|{edyH&ikg>ma~XiugE`8$qU5&Y+8@8o8*=qY7_UcYC&`p2PT8P#ZW42_8%wW z{!KSGn_HXCPXW_DB8}-K9|Go?ZMK9y4QL%6Ivkdm{p@V)I8U#r*x-mcIo{FY4M#AT zpVzhVQ8JEnPt+HZVxV^&N1yTSYnNzs%-kuBV=@U zbx}Dhd3J(&Gm9*C?bz#DdsFg3P&|yNe zT1|4(&)sd4G9%v(TaT&D?`zUw#L;%gP*sk~@cR4~&EPS^ zzOSKJX*yLRhmIGlng+=$Jfw9eqE+Sile5S8*y^B8nB@`y*HJbJE|tD)Tbc@?V%x{x z(FQ(?CN>44aJ+|ZudqQQsnM}M(wBaPMb#6U^P@~HK4$?1*W1VWInMY(i?oGV)f39| zvDU{QZk*n|Jh{5mm{E-f%@c$iW`mcHRO6YWjBgd(P4b$nPj!0Qi_A_qqQ%dsxS?Ix ziH}%ek65E@ua3_n49^e?za!>-N8~<;r5&RT-VB}|sk3xD33uq6W}=YkOni?W_8uE! zCC`p28Y>YOI}8_llplnkB=yDt(i$e?LoEX= zreYs5EHiweT>l}m9RRnc6EQooCFFM&%VBMIjF?*dPRW+{&Yx}zk!A~#Tgs_&lh%_G z)sr$)WB0)-=X+bJJ>PzZ6r*1l$e$YIZ!Y&ONnTQ9q#JA1)v2n0r)kU?g1xynC)DWM zPC0u`GxaNP;#VHY*msmXUFjNA`TGz#;R~FXH|k6`6S2uB-WrYNCh{0OB{Z5RdFm&5 zB$q!=tp-8~-_goaq03TbYg}|6r^ZNHTnxXyrsoz{6jqTwjBBQ^<5w7nlp2V%_V{QE zPF~MTT+bsRaXN^RVM+Rm75)`#Oo7ENzjUa6Ln9!+AM2ExQ|8F;09g>ij_HTRB^ zOz=g!KZYuV$xDUFXICr>VIjY$aP;hhdXh}_y7AQ(BqUNNgi$B(WK?+i;}~t&9MaV_ ztmM68EbOJt>!od{-=F;K^{r00I%Z|KslnQmxc>{*Z*~IzKbx|9^pD0^j4{J9jZX`t1#U`u~ zPKw>{75V?sRGYYrUU5N@4-v-=5ud`l@A>ug$$E_#?N%T4_WE@-OG46PeE4Jh*tjuX zmGp)n;f5d|cL@D>QGppO>xp=OUw?0ZVR_?JZpZ9a8b66Md9*fhv=(lOARzzxbUBeCPC(Pw&>E>!b&ts$FjpMOh{kcd+$%KyF=L0hzD59yh1R?}68bF*2*+Rc4bESJd@EkF$KhtM* z&CLu;D?1JgOddU2DW;SO>%VYNO+?3^nZwS*_xqxHsJ2bZpOMD5(?Cgsxj=_CJ4iDo zxGQa3BG-!v(io%W0@37?h7)`)#w6*+%rfE+!<HWGFX=@TXMOF^UKyj&nV@NV z7d4oYlH=E6cALdrPm?Qlp+!%Y}+-s5p|!e=ur(J{p677K=c@Szg7sM7#guc(cz& z9Q@@#Td&qh374Q$U0YkPO!9N5WN%eclQnXgcERT}#bbP81T_-W5MoZGWKN_AYOPzf zO=4JZraBU?29jZH`Mt#5V)3m|5KHz#&Q?vvnk46{yc4@VH~k2@_A8b*#W6UvA`61% z{L#mv9>Q%6%y_KR$uUUGuhLJsCQ)1cMhY>$neRTKS)RhBuT*>+nB_i_C@>S1em3rp zKD~NZ{056i0f(qm!FV9y7jZdKaye4OXTzH>%-TJlwO=<8mhKrIL2e%zYcW9Xu_FjW zBM5KJ=fE~1pD@1#s5FUh?EO(dW7{zZ1{nr3Oe*;yJNQKuwqRyQ(;{J%BPf<5sA#AC zT&awl#dw!stSBI#=)tVMUKZ=qsNlcaB(A?o{{vmyrDE<;eSnzwEmHDZB<3caL&d`? z2xA5}vQaRdQ84=3%c*nyOb;YnPoxNaJpeMeQYt~FjX~0Y3$X%HvI0^>qIR72tMVd! zW_ovY?TIqE;)6X~=&@7V^Ws3HSU89hYSD9GmBpDPERZgWmWDu}6KyLrD^Y2j3`SyB z&>pEvJAC6u)Q?dKv(Uy@(8Vt`*I--WYNC$l(x4vF$d!@@pDucfI(pGm&Y}}r%LRwY z1xJ(0dW6_h6Y?oWArLT>TfHo}Q-9vQ z7NR0<1WRxsOE7xP%#>uPB5v`^;NF+P(Iqps_vbYs-xM`9E?ToRRjL?UL#?zl(2_FxL9D^ipJl#&%;vUez*T6%CC+Ejh+FdZw0$^M z=e|Nm(vYiv@fyBG9*piWBP2dWEi$|sg2BJj0tj+i)N=n5n#!{$hC+J8t z=wv;|C9ZZ>)PkPGI^TX{5RRzV%#V{udF!Fv*Tn-#6o9Co!s2TLh`B+@+#u$Oi5MoV z9Z)a`DL5K`#?TdOeQ8c3{9vK~L&Kro+rxOub?;iTm^@3=U zp5ngYC!t&A??^jYYFF9ZAr`kob4!tX3mmWlF4#67hE@AJa~*r61OyIdhyvmp^Z5#G zLB0g>RLNbU9u|Y}gBkJ^1`429K7QyfBbZld8?xT6pDVVPlQoCL~yd(D_V7t{>2Ns-lJ>$+rmQnx_0n0uC_-P&q^?r?kH5=GDd;Em<4LEaIJMS}+cj@! zD-?>dlU1IIUf{HqomqgDNhxcFXGSx7+%LccrIg*mGHK#*9!~Ki45XCnfIrf4)(M2) zM!v(4j?4_h;w13cv(lp{?nmZ~!h~ioOK zS1P~8!Oq_;Gmm=ceni^U1$6XMgko?9Wm-PIA~-K8+UF9PeA~alm?WVb4)R?T9wxCy z;2Z)$BQhlbdBRmJ#nzGxFojlSTO?zr&`}jbZuU?ZZu&JHI9CJh>^7d>9F-W{9BY>2 z>BrFZM%qdFFYLjzh=@CS==>w?y1lTtG%havYKU8nenv0NbH+z1l4EPFdoPiipv{}S zQfrG;{QIUC#i{5EoxYVT^wSExd!4ZU2;E?0nS_|OS1BQs?LVtu*?ylHOdz$Z*G4F6 zVrwP&nzpFdLKUg8wVwMd5gu@#*yL$~iFfv14NY1w$E$|2^!RFQtR^IL@CdrYn8j)vK)V?nQGBNWRqwKU$EHpxTVFjKtA zio1UhjH(q?Ql^HY1ubl6k$$lHL zLI1S8JKXh&%~vVVOeb)2=4YVH6_};ba`zR1@IY$9>mWfRQAMhlc^mkNt1Ibv&UZFr za*qU82I?*mWuzU>ZP$v4U{_J)4c|<{YDV$jKDY(1yfOv_u84jLjj|gBlaTb^yox%v zVE&lk%2TpH*+%DEnL}PTH(A0I2$SisUQAexNZ9bnAF}Mi%u?o?YSyI>KF0zIh1qdp zQmOmHS>U{26*;6)^JAbwHqLY*nw?efjO2?Qbj~3HXtr_Qo8lQ_a4#JMW(NuJKw%5y z+3i+Js1e{#w52YNLKd>Fg&t$4EK?N^Jxnss*|WdDC4SLEN6nxpp_~HpNF16u4r>-y zb_>dkzH`6l#fiPOz`g9j$O|;A{0?2lPHCdDM!(v$*`E3ZJUt=(eR{f1Iyl>|NYP2h z$>A_3e%?!m03(rlMzERQ{gb&hC*pKQ=*JMIJ9a6HKqhb!5oX8r{+2gs;2HtT`WffY zGiWwOt~4vYMY$u9zrPMYj$3c{5`C?>GTvRmoBQL58jEi;!}OJoxcI$1l9G{4U&%r_ zxSUCM{C2uTpM4c!Fl&CaiNg;$~Zi73~Hbo$q2C z7W~NsR8Lc!KZv8OH3fJh#fy5NJX@>NrE{FIicCTi_I+eq-p8$4q0Q5c+bx<*8?SkS?dI!k5m*T8 z?`|idbE&7*Uk@+5$cB<0(e4UT$H^03^2*YDskSwGtTBW(dM+p5&h|~i1N~g7^O>L^ z1pQ|-eVdEp9cf6~Gg@?+m9WteRMkz77&-+FutCZC!4mG|Nes7(3yBl{c-r~0-DNw?WVfj_$mXg^}(_4uvgtPz$te=Fd5AK}bY-I?= zwznQyi{kB^_`@48arV0T!(+;#?D>1y z%eeV%@gK3+m9HX@CTF1$M3aF`Rj$FMhJD)N2E7k!LynJDoPj|N=vb=91lY!xRGB4| z_nR9l*Or7LkH<{jB3YpA1lE|JjiW?V=aWgJ;6dIBGOT)18HSu8H=#JZ^MvP zbnWB$k7kt-*8Spb*T!GhcMf=x#xRj}tj^~}eylVhwOgBe*Oq456YN|1ynoY?*+FFt z8$aVSC(^Ng;^i&YkkHm!4qRDOD+nyD8~Op-YmGUz#LraR6ER~AUC$qF9OK)u7x}Ne(cZE;%lWnDfcZ+EwA-$ev`J0s9*a*kAjFeaI^80VS73HpNHN%GsycYQzyHoD2pf=z8>0pC%LDr|){MYP1 zImX`I9c;R|5vTqj>5J_9wbJf3cJ;*JfuuKQXR(ri{&vHr*}vhX+)ZN;_mk89NDjMm z>-6gb^y)9uT&+~D_APaTktt3lU6-DQrZ&f9RN=QbafgTVA|KZ}YdnXBI4iyLLl}3) zwvWgwFnDL5kzHav26&4-Y26H5g5pEn6jln56NS(bUdw8XW|v-+W}GGHzU5oMo=e*J zSs$QvKwQd`rpd`t<{keqj%hOa!KTSxaU^~8&30u+Gs}R)Y}r|~k$0b4 zMYxw{;eUo8X>$I*w3x+E)ExT z4>>4|6@6P+Xu2;T$6~_-h^lP^P=Zz2D*KZeQ$>OT`Qu?WDycpfhgC}@(2GtA2=AEq z3Pqe!{L*sQ*GT5s@3q4dqH`|;7&9J;O^;GEPkpzm$eN)H6gE!Z zy9c_}4y$Nfx$%Ci?w8iGJA3;K>M0^>;Gb0kR~e{~d~BxCZRJM5pI%Ge>6x?@33y72 zUHm%u1&3@hM#^nvN^u$N8p>t`%JF39~KjDH(6J z*$5B+s2-*0y8CWbFQ2)NMy}7n_dUqwoyJ-&$Vu8%yM>8~0d6-{Rx zTaEsK81NTfgueZhR=1G>?POpVnl`ZOgG7Kh9P4DFma<7^jeTE>tdW`fNN_)J-xL!;cMQQS?nAmPV>wSbNTOw;y2e=j=b_8Wy;N@ndBHOwqm z`nktjuJBf$?8r$PukAFHzh-UDX1c!^m8%Y@A@}WiDdZZ~-u}@j(8uW(O)vYcN=a(r zU9Tra4-I^Gl!;vh6>M;Jn;mX8D$_@F*So*pSh4iyx=svg7Va*JzgXGwsdumB@<<3j zY($dydB`$MSfh44%!yss=k7ReS@FreQKFLuu|K?l24&t1^W}|_LFT%}=v)vWL!>gd-&4N3X z+-2dd>bA3Px#kLlSs)Ht_0@LbHZrx#*8LR?`W0bKFSp>DPjAxl{3=z-y%=YsHs{3l z@oLNfuc&tK_2ZASluAYlL2J~J^RB+t9_3-GrdRThaaV_$)aY3bukB3iqQ6in0Z{!Y z*7iE+4U3LX7B18ND@rSGijG&VGBjYO++XhKfuk@We?+iGKZ4;b_A@ zKI$AesTLj=%DMg{;`7rtP4zanGyU~O1*#4gVOg@6KLbcU8ncS+AfA8mk}nH1x?(ZA ztJL+-eMm<&WcvbAchf$o>QL9cQPsTN>qx$~#Tr0cPnd{pu-UpGXwI zr(~9YK8bBbZ!dHV>9FiN6&a5aZ6@^S1PC%f8Dd$^c>Mru)#)Y_IvY> z674?hgw<7=pPHxS#|*@u|Kp0Tg)dPbkWYBj>`E`f8Tk+K+9gI->ZsYs`;j|;A>!4S z-)@~VSkr4nby))#6&wD>QybW7S?hn41wA^Xk8$X0(SmyNa|Zv%kJ{U#_iLD+CO#Mi z_8vG%A^5}}<>(*b(IxhlJ5IC;bZL5dhRpT@f*CMZd97-%>sRyV^%sG^`1nk+#=r3^ zF?jp2wLROjWb2?>wRTAW(D8A%%O6;T=a-(_f0qP+8yX*NNu|BS~T~QosDM;?yO9E6W(wuX7iND!?ed!3VqSeb&;iQ@?%kUq< z%mk}LDZl;(Rq|hwUXpgSvIHM}Y^}HFB~CbwH@A{+Z#DG&=dvhaxG%J_<>TLjw_^ZADp|RaRYgl=_ zF!XJYspSJs*So(`UJHGAr?UAEI7lCN@aCx)I=p~`>$Hs8)YvKmN5W+@|q$=70U| z1`BQaQ{~Oubsej1=kBf3$p;4IV+uDt(;J*(VWZzay1)FOS9ablSUAyPk?=r%>^yFvznUqTZ+kKe-`9LG?v%m)x6c4>ryEMl{83LQwrvtkFIp{r z-8Mfj^1_wTDheR?(BCWLSlb^DH-$Zw)nw&wRVhPk|CQ+rEnh|wyuS>{{*M9gA%Dv> z7${Rfpi;cP^sTM*d2^An>cyO1JWwQ8{C2`k`foCU&UU6$_yJp$Dg{2d=>^_QFvpwS zG3dPYZ;eyBJRV{0bg(BVk@re@HTmC&z*2O)(?Zo#6`;v#+6jmuC0)$!0^Ckl7!V%Y zF>5bdKP3t)K*#e!jcY9O$VS_oF?zsYC=iHFRU^hZ#}Q- ze`FrF_hckO1d2b+wD#WwQb+2Y@%NmU-=)$@UIC%uYAk$Fy4ikH*J_6{W_HCGr7cCX zZ~t$JpxA@}jeF>CxT{MDXZ+S;N4^pjOfduRS~ z_T#xFGjS26<3iK_2fYuf;|qWM?n=yiMgpx4{qhtiIzR>q{({wpuzhj*vqVmj{21l;b~U#H6*PgzNleM&&m>eom-i#pldG}`Jb5jG}~JR>w(bKqWcar{!Xfve<#&3 zz!)20m7C7*rIVcy^M93Z&~Ut!B=Hvj!+!v@EsKo1I*!Zyol{p%aPIqUUxObr`&VSJ`~Eij=)ZGOfqu#6q~qrn>Bh;c zSq%?H+5Z_QG+Tlg)sWnlml(4)E=K^BDPYdrUI54f&^Aulgq6`JF!E33)Xz`7&;D!R z1P7`I(<|DHstLArrI%Oi`DV)S^_K4@M{&kz=TCDB_hNGmLxWV` z+C6bo(Z~I@O-B**V=DBjk#8-Pb?oO*lUeNX5qj;iVCoqQ`k6f0QY2(b)-kCQ=2uk5 zXh*RUJ_SlXv@vJszx+@C3{VyA1ViQ0pmKzLseA=Z4-yagN)M2jTQm%9scDJse5Gzk zOc+O)0S@xzTbfqV( zHLFdO6U2#b!i`=?P)98=M#xUo&Q83Z1OWz-6zP$os9rJ^EPJ=$zN-S!(Uj5AoC^C0 zJl?5=GH%`&bR?3ZF(+v=CtYixk$x&l8xOoaJgw+T;TK1_Qq#@B4vpD&yARAx;9GZo zS1W`uclvwEt6!_kIhRwhh%?G8j+3LVagU|%3D1sINy05z$qlzN`CLLV4lzxUIZg4t zd{lCga~Q5J;!#oznp9+-RJ@Ole^tqtE1*~;5JlCO6yd3!U8tGen=m!Vsw8PUrDUrq zF11NKr=|Y!tLDd;oV>5Nc{4SrZxc=!h_mDRFKv4I?t0AI4Y|zN z3VVc*>XlgPl^)7<)a=PhRSe5i4)os6J$G9vw~A@`O8>trVKiJwRf;TCiVwDNuVjj; zne6D9%BUp4h9IG2U7_UL$s{frQ_9(?K;(^N-Hqg1lam&Fj*=V3yjqeyRo#8n9k0m> zW1jT*C5#!yiW$c93Nfsd2aGL-iY;&p48_}0|e2K3ljt2Ys7ZUfUPeHk|giym#HTRBDjA#Rpw zZkB=bZ4J9&hc^KaRcntz8G?bQJzt0h`m~??*;PEa6SFFlvqo!1Gw0{%qp@!?4hcEL zlnQjH3QNrtHCAiz72Q|FO4U0x^E!6p{02Qo0>Pxj61{1{L8D)wZ2iponQAI$~*|w!T0N0NiO~uVlDNoHp)!_u8zlS=Sg-XK-%!+YR8k%&# z5mR%2Q20Ti!l%?#tHxXMFauKXk7&apg^JW&m5=GKX&Kpfg;J$xwCF5{YZ9Y$W#*z2 z)zo@xU+0y+#O2-Ao9T_tRsW2SmVPGEXn6I(lcS7K9&2TZph!6>wamzsQuU=at88>p z$3c=nkwzKM%e2Srl8sckyeT^ETV3*4EmDHlDNws7n@#u*<=jY`9Pph07|#c`gp9fL zNH0}We%d|BZ@p`NmWhmN z{apOl$cki?=oa-&5(Di}GM76a(KCBb6~Rc!mj|9!kWd_8VdTI^i3FY%jt#iNWvN8sHb17{=+* zI3~F;lU)Cv7kuf}1s&eMA^j5I0SO;u5|}h39|OM@xJRZW1@87yWU`bc;x^jbHPU+= zw_KQ8u80LzVHfr~a`YZx{-=aJ{s9P#naWrg?EYK2o!TwD33-^m zKNtL1ULWE~plI=s=mJjhXQo^p6jTQZslydfHr8O3h_as%x1-*vqYU(zujH$$LFL0&yfULAgedbR*#mVtq`qmm@X9G0|xMhq&e zgH+VvrD)ZX;2X5)XXwLtl9HtO;7_@*Pq`vpc!hF#fjBIZJ|Xm}lBctW0~-sW?VpxYm(;>aiGI?n3Etb9bg5iTgh+$U?fb^J}@Pl-WE3D6nx4JxMbXQ0So z;qXC3*->Dluglt8bSWc9TphlL^1T*kJ4^rw3ssWz1voqx77m!j0n9q$AW8akQ&)~8 z-PpG1f6tZ90N$V6Zks*>8y3S>9{7;3St^RM%V) zZmeYpBp(aE7Auu;A=p7i<{%jIEBLHe6h~f08!Sb|r1lH3OoNHCS5O@;fl{qyy+z7| zK*ls~iHH#q+V^|fJn+p)A_)3U9u&(vF*CH~4}ZYVK1 z7d0hU#2vSH+J1|U34xwzyf7@(lPn|dU?#Ivx>r>lzJ^u}#(#+({R%)$J%0pxdGJl6rMmvUqp^xLq0g1!o=Ue#6QKH(L*95<6mzPsP3QtC2N>TnIz%pbzlq|_9WU`k1!9a;q~v$(&s0UePX}&yUH?72bYRaw zIj$fyAtN;Lw@zd5c)HPfy3oJc=yyp@7PH5}(4_|vjz|osv7$@ad+8_OO`wfjn3R+V z!cmkwH4nNgDBA_JgctwqH3IPCDHRulBQ(`#Nt2cEj`2P)IVV!~E2Jgv;x+TPw#^>Y zlpP986EaK_a5N-#G)NsXPc8CSo4IenTD19zI6@MBawrOKsFM+Sk`TW#y1nN?h7d{M z5lQ%MASlF1HB*zn{}YC&Kk$u6wN-(1@mco5vn4#THBF4v6KcC&B-?HzTeYTVqz&xC z3Z!|@vvZ#>ar1nmzouc7z+;rS+W`$4;cSNvKi2Qo1=(%&L%=Q(=d~+pL}w4Ax7?$AnW(j!YeaR9{i1zKskH}dLRm%5$rgqh2Mw`d-CY+I+TB(hnJsMbTl+f6-I=5nISV0 z#U$K()2D7AO^YnQsxLVRARV#h_Blvofr@q(`vMTbSLLf=ybsy-xAnW(kBB95G6s3j zz@z3&GjdD~olC%^yY| z?cOtgm2Dt?pU0w7{q$EIW~1yoPDFiORR;;Vd^r!C;mvUY%nHwY0mbZ?M_h?DEU{68nHMjZzwIc#UY< zuC%#_iFB`0fJ)l!l2*}U!)F1rSaB@9=8<2dFK&1V&Hza6DM0e9XY<-yKwfX|P~-JC zYs&foOQ&Aw@%l40Wu-ul4>FMDSvTgjdx2|CUx(5X9y>5E&%@ELisbU*)r&g*XqTCd zYP@$g3!r!ko9Lv}QPaDJeja_@n^$}E7BX9o`hRHLIf9{`gH$mKA~>`#DHSJh-3 z`hGQKe@y+#+dFYFFfX9qzJ~YhT|l2G!pC6z8MNQcr5b&+|!dL%Ov&rrqH@XZ$*{b}d zprhtLW~7$22WDEcoqx11IWX(=_iM_gfRtTikcRupYy&0bBksx>=(g0+#T=xf^SGpy zCf>JH{&|V!w0Ag2CGBZRYg-)Cs^p6(D#8Q^VFE7kOzccK?73~obKCJ(&u$heSs&)L zZvkpQ#uQKuqoo}I<#@NT7a1*C55VxYW3&{9y9W{`w$lmei`wsEg+g}|?w=lt^qKewt-^vV~dQ(xmN2!iO(_YH?Aw z3fwE>TID5$ngl9%-sJ7J+_OxoJF+XiAOO%ozw}Dxfa(M(=se_=ln3rkz%CzXX0IaQ z2X_HGG5R}Hnpr`6&7)@IG#b#-Z-BpR9Px>z%-U0c5Bo%<;X3y;I;TKZuOA%6BlU-= zG+zRjr&2ZMJS;ooLDPWyJ_0}okxpDvD#wvyH{?5vRE3Yx^Y`sy@qY;$L`RJx!10A5 zX?F%9ZXFLcMconQN7!nG^?l2X$SZc&tH&jb4)(42y##zmgn*~<7!C|tjvz!Q@o zB~1e3;L=iG^r9w`hBHg)1FMAJJXdg|p3#7xOO4Asi;gVt=X_+cx(-7{MMc8_fC4S( zvaxBMa8-C@F+j|z>AnH6zFKQbj4BOIR7cEXoRM&+aSs@;bnwf626m&qh$T;yQ?+~% z)=P*gT8mVeg!deQ<~iWxv**C%%GHa3D$0pyOv|`|Ak~c&26ug)0V$b2=7)f!qyUs~ z5auJ*P8H-@BosV?C-6+Z335SfsOi1~$Z)?;()bxt$|ggCDyoItTZ>Z^K8TRVSodCl zFh3ASi25Q73x_oP>-$7o08+#E4y-cD5(=3>o*35LSdDioxU*Lg zc!~s+*bcQd)jSf0fQp6$5bXK2zKaaIgn}`U0HXJXe*>cp1EGr2J}*4Q=6ptD@k~mM z_?g{(Pxn(I`jfO;_!GcF=F&N!I1bJFJ72R{Y_Lb3N$Nc1?Up}viUr-vIMUdo={y2b z^mO>ED39@G;AYKVo8mf;`Io2NyVD_ai1>Nb#QVft032J1XEjv=X>tyX#d?HV<3)aN zz_=(72$l>ShPVgLax`XQr4(RQmxDoIsIoXda$o^e-LU&$*fnC3^P|MG{Mvm1j(%^3F_2(R7pf|Ffv3f7f3o9XwWF24<{RJ3U?M0ZkjoJfDA|)|;NYWYx{{6-S71nS^h2r=`5F2Bq>t%#; zur;>Cx_~HTKteE)P^{i{TpDDsBnD(0C)Bfv2lH?ywNylg2PT4tS=fd95*e(40a3$8 zbp0$7OydjW*A$Q_&+s+Cf_LzMNjGW~G8l{rL>pQ@0(>ZXa|4b-4Mqk($ApYagoYme znc>qx{n0SnOG}}F0?xyNjF%#2^yz^JWk9Sj5yTf*EkBMd!d7U!3h-N1?rkuC)gD9=4`DJnZ* z?@yUDZ#IlAIqBQU#|M7~GRwLE8uv857f7wCrm3ZdKqa@b^w)5S!74c5Y``Lez`xNG ziYEhK1Wjea6hdH$K)UFHc^Dwk)DV2hEi_pm-tABYU==sGGZW?#0$T%)1-jBRuYqq> zUNJGSmoQW<9G`yt$`A9b1xPkM`?kqiLI$IFt2N)Zq{($)xj-gugS9@&tkWm~_BCD9 zc`M%dLH^erYRoJcGYnM+$481lL7D-A4w1r_f#V(NUMzH`^7oG>Ln_=y zRBC!z3#O?g{{e(T)Zd?PvLeR~MT2zX%D`(u?2=$X5ZD!{T5^PeTo_LX%odbnLmJG( z1c6aQZ~*vZfG15RIuJFGQq+I%WrC>BdZ~UB;e!=%z{x;S(lzlhF`uep{y(n1GOVp9 z=$8V;Ex1d7;9A_FxD z%-n|w3?q@v+kT5WcfWL08y|}(rxX7B-MkdJVX^}rU>434Uy{6@HJR)HZ?sqg7MxWy zz$lzO-U|}LWEVWZI_;&b;L=w&v)1w6WH&s(Hk=Bf3qDkZC284ucuyxiEE+{-fKGTb zmz#=!6*B$+GDEaD5_$w3kNlaG>e}Ze_)?MLTUlcd43I~QH=vZrN80Ns%C9#DWs%Y$ z@<=0t)$u-mlmS-^?ho0!sP6llDH>B8k`r1D;0#1iMT=XaiXjh@W+L(Mpn|8y-z*kn z6eg3A`LTWa2u8*pK!*4E8Kp!Tu#L#m`xdP3_TNO(z}2ca;O%HZG(qo!8@r?kHN6Eb zs7LAqo%>I8+(G|?h3B95j_jk@?x1%a>VU?9Oj-fv_HM1~o3 za1s3a5E<3wdo=HRldz?C=~Co0$?SLphP1b`#CXFBbA*U!19=FD{~4`l6nFuBC?;y; zgAD+>H$2ja;Hjk0nT2gI&l8lCDw!OQfFJ%Z?7!?HKs{Pe4V)UbEqW246)k8;>Li9| zi%A6NKnt3YI?3dtjZcUsiALvwcZjK2OwWr51|tvTk-mWsqZo~a7XU;`ou1ytvy5X7 z&Coz-up>km7Uy+k>SvX zAssus2h1%>wq#^H0(9D2Rm6g}8#jjay@X^8JOUy(b8nZZnJ0$#(>}F*wR}lRbkbph z!ly?FF&N0`2u~#g!|gnIUcbK!8Hz;FF|2q2Wf+S64424YDEdI2FX9Y$jACd;5<&wL z1Kdi{AuK`|$YVx$`Q(sS{bB)ygvwhS=Ieg zgQyQ~^87$EIO!x?R(bIkp&46m8kl^gih1_F!vUnN(4}`mQj~<6CeZ|V0Z?Sca3B-` z-1lZ6&+R{JSuz>{KCuY*n2_i<(dbBc0YeBT*pTDOv^jen$|CqMe-X_3fj}g%49Y-W z65K`xULt{^r~`TTZ-V=PjYwcH{CfG#Onr1lXa+ZYVAW6|_M%jcn~;;rfAFI+D;m+$ za303XV)o)*#kX6&8dzfGkmRk&j`>i(O&2LH)6mK`+<^-)j#GZ`{n}98{_5}18DwtT zMCcdXK;D(Td;D(yZqqa;55k2U4XIXK32(Q1P+_W2Y#+yuXy{HM~tc6vf?PkNMSJrnncu zb+RSjqzk`}bVEnci}zOsB-Q}TfHxpZ3l~8&)?sSqh9G7oxV{rlLB;yp=(O8tNo7p9 z7rg}EZMUI(PCzGG&=P!j0b1;AG}35vZuoA)g73CSx&nAB^A@=PfEkZKgZ37gu%dl= z(Bta?R8D6Ab0C5wT73Jh{e^)2A<5X2ti&hHSTu3G02$m?h4->>%|RJ0PLGO{vx3Kh z#G{DvB0kaV{kp8^afCn1T&uwm$wPt$Zdw14?1@G^b#bogWPlwIt6 ze7nu*QbO2*u#6T79kq;FSFApPk(oRw+_7s`VX?j6kS@u+OIW- z-AP|R$aOYn7_$)_Z{9RRbgzFEEPn3RHzOIFcLN}I8;{$vtxm09KZ^%FKim~Bj~tDO z;f|U;9!%sv)c=JZJXDbz(F{K@&1$~b+7)8qRYdAQ6DB9|e?#yE%fld>PBp&Q!@4hRe-p-R z_>&S7sB2%@Lau)Y4r4XU^xXK0&W89k9(MIsH;R&ME)G6Uo9D4#ZnM$^QT#1Z7yny| z>&2z9{Bs{I1hy_oQk?e1Z#yLhagb{>&f$K)z4qy|0|d1i=BV{Hf?Oi z`_2mBz@4UZF3D4Q*y7s3iH(K>(a?_+^i+j*b50)gI_jy05HpI05R8N=Jv>IuL}1GV z5^X(4+(q5lph)Y~f!oW;`u@Mb{O6K%DirmogPlNfF&cHy1MvQC|#-5{6$9iy*##Ao0wCCb&{$&RlM*4X^Ao9`Et1?s?V#1waEX$chruzj>h`t`-2#lm!}x^mz0=??43YA22b=d zk$KtSSw00J1`9Lo2}iLBhci^y7k|o*;D_hzSKp^2A>Uh(`@{LMZpi@uC%*f;*8_0N zzuBF|!R%x8@L{gJG|89y)9mi9Kq9fA+kYd8iTUCoRAMi%;ez|eI_hrUtCRa5;|duV zx&(CUvjva6Az}eni(B(B+(dICoDTLt=BJvVVA$^PPxbuH`$Dgs<*WSQKs{gcUj!Xb zW)()<0YzC_=6AZAxOp_){+Ek=1H+r*kFe$JkW}@9M>|(D%I@GG9U-C)Uoy(q=lekl z&&?0pq++e-3E?#P;xA{zJ6n(GbrD^K3@M<1EYEeWzz2nkf8{$&Q`D~p(VI>B!|EH9 z#1gvsL=s|t56~Of>$&r`IXpyvc6f^B)q;Ay`m)ZYi?AI9`XREW>&PIs>wat2qtH2g%^8rB-dMVQ68O1pCW|I}FV{lj-q3 z^3S_J{#E`ry4OZx%}lO&oq?8O%+!k5?fkub#%MbSb2k-YFFyYVzqdr#3e-3vZpj8_ z;n1D&XDunU`8(qDuj}_=`MF?o22zs)QwwQ%3*XP@tl`N9$25qo`20BJ;I%+NhvB$d z{x$%DFAcZ1SIXcvP(Q zH{L;a&ldLo_FMnf9ka;soOWf5hxzPmdpv*9U~NE5$8ZZ;pXNBFFHq45IX(uTJ@&48 zcazq2Ww5+l>^kLyu#0@jJUEyQ%?9njokLt zzQ7nU&5N-;tvx*v?y6(dAj%9&LX|fOTpRhau4f=TmuP{F85@>d3WEy5bbwCPc%NJr zVGeExR4qA&Z;e)5r7tT2GjzqBg6kJo?vHK`_BwuR3rgyrxz^rDFb98oSTK)RFLn13 zE*$0<{kd~C)A}=~XNMTzdB%x*u3dC3?0d~DWDs&gdmmUAs8U56e>}=&*rW>*4bVbP z-qO54cnqe0oBWB)I*p)l4H)_Bj5mIDob8c4>~G;18i%uqnz7+ZB$^gwn|aye{>90_ z3Hp8$FfI=MKmr$uWlrqdHnqSD9EE|qD0c_1f2*<)n};y1ecJ{$I8 z`YX7*T{zfI>f~Tel-&$o7F}O^83@6TGfy{W+@kBM?BfHj%wCP|&N_S6Bw3grT*@Sm z9dO65CH4lN=1=sw?0S8P*r!GnI!QS%`#i6x3KQco-?P&Enmg?q26Hz5reU{DiE-nc zZf)xvYVdLVp+Q4#v%;U+`CfaXH!fWA`Ou73HJO5cjo<#~*wA_hab)d$^>}MEn`w{p zoZlkh0M$KsW>$`@o|qxSM+!GDlUD%w3NuO_ z)~QTGgoia^)}-VCmqP*JU&%M$j!s~9huwXgDU}DX?fRi`ty@dO}`HR zR7f=+WX|=V+XwdV^y$tvIzZ^PlbS;}^uqhd*tekI*SodPZnNc0@7JU+gnTb8x-vS= zv8KjOt{*7o&!Y~v|3#mb87I67vkOuV9qh}xNbp8=-n_rjV4A^>nw<1N?M+#>@9ey{ zz2Am*5B0{vE}a5{8%WclJo0fR$05R#SKE$$?q-3Y+&wSvTjL67ZtgP9MaFANfb_KJ z%$D@>8=N{m+vUFWY*PcS#dY`7qFHs2^x@3Rns){lgfqy?^eYt_s^SLqSeKDl{=ILZo;aj0>jI~8>qvC-Tfnf;ZPLVEjM zqe-{P-N&o`UcY42Y~khlzvntdTKW-a&qtTY*ZV(e6@*O|D^)Q_;_bX&*XQaj4mei| z@4a`f0_ntA*0#6p3gt}mOa-`tejpK1y)Ckw{|u?%Z5J95zb(X3mwNpBzSqA8E%*3> z+k4N1r~8)>m#tvG@&Yw6gr7~-4EbPi_jmnF+7HsyueO1MQ5;lERC(QS>b7}~8yotI zx74P6_w(7_pZNY@w;Q)nnIs-78tKkBv&G3HS|0p;qO&`z3Cmq$z#p_?=KW(L(tmXE z`_p{(!p^S?N1bcRcQGOys$Dv*hV$<^4<2HaBq7~=0){hv4Ak0{o>Y0Kpo5BWO@Hp& zka_pBqCw92TWRqfpI7E%@4SwuLz=q0=Zi(bUUT!8`|JDp<3_jI8Uz2^^;JPGbM&zx z5pjHK6YY2h$a+G^%i%oixbgPX5eBt1-S8zPJbTM!)&=;txYv6@3(rKnvU5#P^V_$4 z$Y@!xTydn{`w^E*O)aP*Eh!#+v%j43Q&J+B=;``)UY*OF2DQvn@1|*3J=XB@Hf*B3 zsp~0`WVjBoA=Wfc4wt;R+|ab0bGSpR$IxpOtV%ou8-8DPMd-h?{Qz~etU1M+=kmP=;`Qu zDvz@JWp=)A?!CLh$#tN=hVIzQ$kOZj>f+RB&&A1L_Ktqt#*6ilz&VlTtK=wjl_?R^ zCoc`KyBFJ-O^kH5R~-_~rXea`N}Xy|h2&=6h-_c7G(8l>A@`c5#X3XlO zw*`Ou)%W(_J@vP@lE#vGaN{dcEz-@@=ND%)QTzP1^nKrVR#aj3aQ};w$1T`wx8yrh zmmR4>q`G`(uNulQ^_O;ZmYMlioT({H4rpHd`3CUJ(zk3uy_@v!Xhls3i!JTo<`aJ4 zC=*lDmB~Myw&5*5;{5M=SFSV?PuGXDnmi8@qDFafiIYRInaeh$60Jhyd6dtKPus5n zF9r8!{Rghp`v=t?ccy=_?#9KYGM@s4@&YMRhfrSi-8$d*_5vjZKT3~1Trj*kGX1Ud zkq;Ee4#4QT0t`#saenvX>dNHG8NFIYT{Trie8;5H#Y1&-XNH=%{AmQfI{4IMCLn|GAHz;S+J|f%_HnWIaQKd1?%Z zV5xA>_bcS@+PlpT?RS!Uv9KE7nSMFg)OS_q`{$?`XFnRdE^q(TwZM%A|9@OzC1$2p z#=c7Vz)s1wCX&xFacX{EzPB9F z*Qt(6+$-9o3;ZBj%hiJ5u_?fS6ks><2r}AHU-I*)_o*xTiVrRjPs4Epvi4%?D}sl)z;( z5$s~Z>m1TWF6j@8XEo)?&*lod3KTM}4dNqkZVFc_XN@JsgV!qyM!XDBJ0aT8mS0Tu zYcH*_|I^1}GYY7I}M*n`{U43h_DsG>=r-zCFDc8t&`dBC` z6ASC$qPpMvrU_#gs6+Y&PueU@=m#RTx#oqt?|lBpf8PzmY^u^A7K-W&xC?WQ;0&vu zA+m3w_|wrEebRRuAPL59C7#)m{N0b`+K*S;TTUVmGZ!|wyF@$3iyx=f zW2unk$^%xN7F!T9A7E2BDJ_P6fa5%-jXB1llBUk;&ytDUYJ-~g8T#6V{DjkgN= zy~{3PSFj}2IBsdNIa@8V916m1zI1g?*r-rD&*Ue|oD_n-ONS2W1kR+Ub((|J*!d=P z##6E+)IaMUE!BGix5^ZRm;n`y2OraJx12q^GIPp*?LsV@3cZMtYb6n&wy{>o9EDliT9Kk; zJQln{EwzPZhMaF3s|k?QN3o%-89Hd|*p{YgQl@!VCNZR-Br498n_U}*t2M5Q;+U!H zm>oWf9WeRW7XwBErI6>XhMu*3O*k@&u zM-$UHmg z#Z_znu?I5jrk!ga%%-LBu!pjXG$ zTvNUAa$h~CqOlQN+7VQH>Cr*>f%6}2^|P|xqnM#uLi0ZUVHK>1au~D1rCV!VLfsql zD&VJYN9fZn+r#PAZu{|j^(nT=i_A@7A$C2Bh z@AAfu|3*6nkTcqSI&$c}{yUfNk1JOb@`_RGsyF04v01*oDunH-);hQiB;ruB>kQO} zj48_#w=eH+l47Unx#bhvRMu9kx0iIqcTKL*yrz$B_1O9GD~ZJW^sd{BY=R9FyF4%r zBx>=Trs*5y&To_6>Ega25(nyBw};sgdtM4YJcyZ-;zZt?^-_Oj@{h>->-{$W1^;O? zF^kSX%tl9iSNR%^efk)KRjq|&*~SlD)<03USaOER{p-y@wqjM3Duh~^#ox5Itj@O> zx{~{J&0t6~m)brnB{_e>MDaA@IXpT*Rju@;YFfjzhF3*RR;k8NQ@|iq`^ts8bB4%m zUP@{nikfY5OJCUj?KCkBbD7bgmhZ$6PXD0-83k^% zu#Gld+-vIp*;jeH1-fq24fYxGB<9rdi3Hb$g(;wtW|iT|+!^RSHkw zehPQknXp2qek(_ya-JiI9WJX1wfJt{?}^W}!C zkjVtAsflU-$E~#^#Z_fv zX0)*{FK%xnteL0E%;&+K*+~<3=|ggky8wQO+WT1=wU=u5ykN;qnnSD^z>QaD=HW1w zC$?6DM}2+vjj?~{ZgyEFm^Vqy{?oNg>)xltfVqr(XJk<$lBt4`A;_^4nU zUx4?M`pVB`6PpInnU_CwwubhaQK8n0UM(uE?qqHX55ug*R5cPbe*)y>bp!Frs+`{Oe@(k z?0mV{=)~Ea&50`iZf3v#WOSCh@V$s68CxUXQQ9AoAgkS6=M8$=O4ggNJbzDrUZqg*VJ{akxrQR; zs5SENr)2Mm%;If8`i5vl102kbBhJnIr1<|5@%~Jx9~A5Q)7@`zdIc{;wHeiWI34(d zn+EjI{7)1Nu=Gs*DP&^By-sAk(<=C|#hd=zy7(tSP*NrS0Gjzsdd^BFp)rBg6zRVm zK21r*$PuAtpO4D!Df(FJwUQo^BH@QSzW2$mrEGZ}{yyi@Ba_lbiHSy|kbz?H=_~6=!?BBIy4McdFS%Iw zCu$XEm$FuK*_(1{Eav1!wEq2+9=! zF_c8pQ1Lv``vQ?GHH?tvUD&C+&#x#1_{@U#7f2cyzUX@<0W{RvU~%A@%y zFp1a&M3_^NrH7h(a9VT8R1vBL8N4+;L)rrlw(}On@uFt`_Oy_hvhYqUA}%GL;T{;I z7X4*!7N3RNR^-kz3|@_V&c^0H3(T7+BRzM6e-r&0Z<53wt~MQS4%&isIOOHzm zF^jYP4Od*-b1cQJuisjlEK)Y(q7pNsS$YsZWr&_Sxu?a$oIG*5saF2ujtKdntWbp- z&9f;-7z7Jz!i{$Kn)@}6xAW=Nd7{*ObR?Pj&)_LmI#{%Acl+#PMq8@I#(a)UajUFF z)LfCS9$lPf@Sh$kTY})JRPsz-*nW>p!CjGd-f5uzA{$d8}z06v-`sQa}QVSxc zetRXX=KjzJdR4k>Ug(D9e}esse{DubID29u<JPU9W`A0?ozTt|x4A@7(8Z>EfFGxjz+f&q9+QtRy`pYOHB{ zIS{u)cNJM3Z3NP4?vb1dS35!PWs@_n_iearW9Sy+Ze5nTEeTe4dec45BSQf*5{z zhKr)q0_x@ML0D1y`K-w}K|e5Mi3FPro{9{2@k{w#P8xim6yEGucq-Cg@*ytrR_!T1j(4*1l7u<&=x*e!!X_ zR0%f;zc`Di(5!vc$HBNLX{Y0Y7n{wshfP#rGM%}Wy*zK%+(M0I17Dy_0iLXD<$ ziq*jiJuc%^Kgg=1$xsT)jS5sF|EiuiDl2yqhw6ntMb;RQ(k)`rcYu^RH|cAMU^|;6 zg4^TtGR=v^P2t3V(PLxkME{cZ#@7PFCi2r`0kL)CDq1K`QjciFJ%^s@o+k0SGwm zPFzR@DZSKa?Fr7eCIBbYZzo|59xhWHH+%zwO zVMCS{zeAOD0v*!uBQzIK1ImA!{t~S{K>9U1+2fdz-ZNOF3wO`H;J@9}!Q|KdxS682 z{D^Sfd?gE4aHP0(rD~Yz3{x8ivg!Kt9R&GA7t)8@#&rS<`Kb%)y9)t5mlxj`DUQ`u zj_o{-#S#4P7oxiS6Ho(jr~C;tF;=Janw0WnZF+YXksmJNB&Vj-_ss=jB|)+;?UiDJ zE|g|5Y2e{jgaRrB6#<;zZQFvP@Osu7U{Y0}h8T+DJ=D`ZyNO2zoFCD~LV+eD}QjjPVB08;AA#ol&v^MlwN+MPEyJJ}v44+rtUozLe@0Y>$>E$RpL7Br!GikpG| z@KJp{+w5~m%~p23P}%$nZkz9phAgMumRIX9LZ7xD|BA7Tg@&#eb5IdWXh__=8Pe+q zx7Iobhj_T)&xJRRei|Ez>@T3?SGj*jW~4L5T3Grf^*aDE+%&FI1gq7{LC2T1;XdywlLKm_&Sh|>_ZQEZ zh`gG+E&sLI$_^H9mO5Kf&j0mPZ;igttBJjK3wq;LTTCq zd8GcfcGt>e|JEuw0m;d9sXf?Nxq2+XAZN4q=!x2scV+NJaT=qG_=^rM+e?7X<)+mK zd!H`85`Tl2&EkKr)Sj%XH_)Ub%bSqI(bs_SM}bGd^8-cf0moPBZ;y8w@0N&B^wbWU zWlP8}va-yq`WMlxlKNSb9WNanEwFz&mIjrKOHMKEq`(|6&hj6?pZF~SKLwTDvD+=b zx`?RaQIKY5S@k0?yJh(|adSV?x@gZ$lbiNiFE*2T&eYFa%+9%G)v1&_Y&kee#4}07 zAJ2q3;yE}n#4~}^I`Qkrqf)9dk&LJE$OOvV%+>i@`T1Li=-Y;lErsWM7UtH-DO%+X zJ~2$N0Q8EZ^@^QZ$rlluYZJ#=kk^=jYs?hTp=qW&BHU7nlNR!gq50Fq)7RLj-145_=A>+uk^Itd#C4~q;B3n+GE9yelENWChM-zuYD%#MQJ@wu!~YnjtP?V=X^-VuIQf<-h*X+k5!%kk@=VooWAz_#q0tRw|)oDq%`-s&`brZnU!2fU=gVfffa39mP^!#qL7#`sWez{PMrJU`21jwGc~~5DREf$xk-cDe#VX z6Az&@8lf};jrns_Ji^_+UBh#RFy5gOkES}}XkB(Mb-zFa~U7^E?S*pJo2dz1OC}Eire^0I{LHk~k;ly}b@?sU- z$SRRK)~SD^LV1!@P=Z!il7YpzFbaVc%rUf0S2Q4NXsL#2MWqPJGO>V}SU_SivsKyi zj<6$iXeuErm5`uf4rHNd#mSpWD4m)bUo`g&=GRIgv`k5j&u$(YbSwd~^Z{8YNMbBE z0$UCCkvfL$B_0~36$OcbV^%=pjaQ)@MfES%@ni6}K9oNb!7^0-j`HgqHi{so5(41e z7pB?><}-fXzl@gC8j#ac<^FF!j!zGbZTrIp3FR{*(`UD>GsntJe`{zVYig-N@P~=C z_WNQze(uluHj5ZP!jT7Q;e)_i=mf2&8-{lRo(g2d0AJXKlGT!TH|gsX8DOv^da%Ta zyUdyCLjX0bX|HeTXl!k>k#r`Pa630O{(N_2B>whpbWCUHyu3+{vrAKs4ow+=uDqH|8fG8`;0+wXqe5(BQ{ykcVmTZWY$rHiOpFiIMg$`j32{tnaZJuuVyE2VbBfk8veq-~z}cI9{wZGemK+;<9oUAX z@UM(uA$GyfQ|WyrD)bgg1QtrG2r7MkaT-|s(64;kUz@ShcU$>9c}$6`l1L;y1Wb@^ z(q2^BbgrIYQ&Z-zwBob{$yp^aStXfs3<*qoZ{AqFT6|T<9c(g<$74{#W0;7b_5K-L z4lpl4H!sP&2Y#5XjmkHk?vVFQ2Kgr2_Qe{A_cgEl_VlX} z%Nq;Vl^6??JE&yYt7It|gIj6GyZHK2`Fd0N2+C4<3vTy%$_w^#!wQnSN@BW7GOrmo zS97{p(8y!dvZB?pl$`KSyv@kz6Apy=JaYNmbDQIjcXy-UuIqY&Bc)Xhbz@YFx{4bM zO{xH+y5(AZM?q!ZdWrXexcJp-oSZj+CIqOQ0|nRUw8GU&J9*F)CQO>1SDAoUc{NFM z70P`+ki}2#bhBWt)3Y0zq@5L$^Yx$c;*ZpIjgzvALs*=2?CVg zEo)=-mri5(X=nLrXN_ea`FJ;l$#0~BHd6O5%Zx}{)s_Yn==gx8d~~IJBrNlNF0f*S zUPk5A7R{n|bJzD}DWI~H7M|SuW9N7d)yhKV!CfiEfcd(N!}SeR=0*b3P}%SU0M zk9(OtYBx#3q|DyP-;!z7v(Wt@McHiEr7Q8xAhl-DL<#?ohI))QWAjj`b<@0aRu|sE z-k|mK7d~3rI336AnYposyVA3Uaxv{j_;8GI@I0}iYBd@1US zu|hZERO{1-b1R-Z=o@IZ$Le+zE0Mox}^~SR@HVG*T6ARs zbmezS8tYs^bmK|{<8X#P06gRG@4VJ(#v{jgJh|={yTfh-7tk+#4ZRv>8-z7GUq0gu zkSwcbEvc^z1+R488zssK`z2PQ!U~$>QRg%7_QGlQm?DLbi=dauzeJ*iQ8bI2)Z z3Zvkc@d3)36ZFoHlJ)1&8o)0>`X7s!_LRlJ1X}KRO$?* zR&7U)v}abcXP%IKe^|`-{AU?R*jT{VP{5b+c7AfmF*Uoii-DE=F7Uq1(euzvK`Rxc zmD-YAG;j+Cx+{S$sV(lsIoYi_k2^F50lSM{Q9j7z)OL(B9>ck}n+43yt&p%wSI__-|kL^;WXlANhZi24qo zR^{8)EL_wafF!AoPM@IzXcBUuIvc~5$Q%>)I_rD)+3(nxM@XCgTAAQl`CXxYE{X`U zsRN>^1L!a0j#Plm%3Eh3yoeTCg#cUSorA$?M^af*bo)$1`;5Sx?i~xm*J{4x>gITp zA7fdFyLt{#JqL=P%FRuNRZfO$ee6QsoF{W=^)txzGpeEAL@)x@8FLhiW@L+IRPl91 zDXMAR_l~-NU=r6DdSpi?_cFeecY~gvJ@&CTjhsZ`g&s@!2)O1aKNZHHeVsx6I-{CI zSm*bP^>tn`dqy^UMsLdwFVD zqUlhi=>Upn#aPv+%f*Vd_};~D+SNrZXX06#tXCSNSDM+(nt;TtxLRH6+KxOVUCk{> zJO0fUT+6VLwMd+v&_XHae{~;qMEUiP+OD+&)Y<{Wq;dp`u!VWIlW!YjZ5d>t4?|>7 zOTyKKWh$QOD|G|BPn7B7eVfgqV16#E4>H zBz3{%93CQUWHuC9ANR)g<;nj^J)JvL=?$Q(IsRg=ayxtY%cz4R0QpQ9%S$H^_}Kx3 zt_p?tQO)^yYpxhR>^kUUNQ1Maz**?{DI)e}`b@lhmsCHCli15**vm4ld173RIgP7{ zx2V#~@z~4I;cXTTb$~fM#xiuqvP@>4ggyO$1$ad>GgZA!{~Q>-m@0vo>gtxIkG(i* zrd3vk)yfd%aiI7xzoW&9lpF6vL<)?Uq-53PH_Pk*%dF}LLs8>F0kD7+0Ra+jotPPjVs?{P-*Sr=|e<+Rj|uG z87SU2B*oBtwA#M4z6liS4(#jn{YY}K`hGVna)2Mx*`(9u;cQLYxIo|X$=xI?Fw^}xel-LBc0}=49I)p z>bv%CcOCwBJj;)Cy$doRCpEY8)E#`S=!zdn8XxHhek?qEQ=>zil|d|vG_fGJa+x=A ze=i*=QOV%ip*z1O62$(6aiS4lT6Rgcu0nU?4R9E!*&;!GK+);wVB7(;5D*MW$Q2%PARXex$(5 zvi>$&WV8?_x;ya-o?Q{k%Rh|i3C&fMmdAA`SvzNnO>R4*60<@Bf>(Cy%c-wtoD8^t zKw|uR_T8{4QW7y!L(}9h$g)L|5we(VihRQ=Be;uf(k>l`csvetmNPP(pzlqwJu)RF zk+Mpd&Z&IELub&*bG$Z3I`?@Q3jK-c_{K&T&o3Qk|I}LR0tG_ve#Pf5ZgRRMcroOBF+i{!rh*oS#N^+tj7#Yf|@bZM;r?w<9JJY4ifU8$J_O&QR9ew#4$Dw@kE36RKf3Wq+ShbXaOxr7cS%wQb=~qM zTx2EUwb{_QkI7K{jPrZjw5cm6n-&?tj+yzpQP%qlD=xs07{8IdnQknCSb(tZ2v}jyLCNoksmF(bz{?icKa6esR z(38zmwdaFVG-Y#=kUd>WI0!b?fx~@hFZAo4*L48Kzt-!gMDW>x?#-+Wi2M7Cd)m)b zk7Yr>g~XLrM5fC{8E73`3bV}9VZohWM8-_}2EzWr#eZXeu@wB_2e~?zM*~uZ8r~*H zGi?1yh}N`I%E(x;xg|;IBj(2}3^pu(#c;emV*F7K>!LLV9GyBf5kBHOvT>?txDY70 z;Nxy^TyCQ_EN9T-4RBb?tO?nwJPI|g$$;A;Rnv@%RuYwGe@eeG9mIZcrh~1@fV$N% zr2vanEAT`F{Fd0tpQ5%h5iOC(&X~@B1k^v6eJC{V2)ue8`^l9D5tp_EAsE{u)eHLr zsmUsSMrdI=GxHDgILQy4fcMC600qSOQXJNZa|}G5npE zs@vniPPA{C2=J}ngCY%;C%GEoO(&0KRZaSlgl@P)8avg0Dzc3C<|Ex3xSqB6u4ea@ zJX%XdwK-`-cIWz5MNln0Q{3ClJzf5 za`xuJUdmfvg`K+x4{tXfAz=#6Fd2B2@O}I-^XlA}BRnNby5v3?5DWXXp#G9_xgZ(>COQH!?;8te_8Q>A{&M05mwtB#Jh7OHDP1In zFO}|yjbTpzw`|Z4cR5GeQ4(0Y45%)4b^){_XoWSopLRE%M%1CjrLhzJhlm&56#A&R zH+Y8j7XuxB`^GfJMUtOyqWcWGr@dqn`q4jl#F9%gStPtl(V+Ivm%VmI^*7&AqKyjU zD}LOtG@Ijz{I7ptfk19{H)?U?Bj+vpURsh79YN*%5L4ynif;qc7@3qDABumaq0;NJ zF;wZ<7dxVJr0thRFJYiJ5c$hEjl@ClYKQ;^Y?sIj9uq3`1J-g8BM_$y_Nb2QU3STb z`tQ80Pc7V+@@O*Q3mj~!xt!i|Y8CtS z37-}V9S~LnL^PBWNcvW6oQ)pJ5<&T!i!e4xj|lLcwQ;&C;)@El>YttnEbAkZVjBn7 zovVXsX<^DSk?IFWchWiYw8O8*`|=TZRnfFM00Nmo*yL^yHrE1^vVh$_d9iG8n|#Dv zWpsr$AVp-)-F#H&UsQ;h$;P+#YuUZ2hQycK5%Ucl-3~d%4}SC|`f{>$kc{i9NuLrR zgQlEp5hR0wb@HhhQnTmnBxFYIM8ghc3e8fpul)Tb?UMVd%Qm-W8y_cu_n)pB)WnO1 zPK6birekfT%M}awEivwtD@;1wDg-oNPTr3{V44+Lb2=Wo>*@@kzK>;h&D|b>(mQ ze0;Tw2{pRC3XuZi(^$VC*!G3ib_UX%s0_8PtXNg_NU@fJ=FGBlJHVq12vwC+ozxMf zpg`O-P!YyDOaJNeOSet#cL^M=B;v``5wjEUgxjdpZ*%}}DuAF+h+UIPq;W(3 zkitDbX;B$d;TjPOX>DcJ%k~fLl0yrDpuG^fZ>x87S&UYXBacQ5c;FGo3`zsg7r#-> zICr5rXaJ@QfFNwv5f?RG-H5r0=n73h3i&tQsw#oG3ZRq#v$C3A&i$LhIecPPFt||Y z%;Yt6gR>-N*+N5R-`4+`SO{+o3JZa= zfPH*&s;Vgi=^obXcfm{yL5q zPJx$&sY`C(0`iT~#gHTb5rCc*%v+TD)!cIx%vjNp8!Tj&8MzY$M=IxRR4LJDhDpH3EyQ*m`{VCRc2Kbw(x$D_51(`OeZ*zIF0{0(C)q&FPZ1a2qqmF!1YK{D z4&_PqY`g%#7NCrioazAa@Y2}S4y&lEy(A?)^)cEW1Z|Yaz0hQwo`*tmJxv_%4-ue% z4T{)KTIK_sjfO$cc8J`0%&-JazM!!3y0-&4%g0J528qf5jqO0Nx16e;KE<+|6o$g@ zJxKHz5l@>5rTc12PIDT+yGpSXK{OjUtkopQ%^3gvwVv$X@6jWr7?B!8B6_mP+kO}@hr5Q4wz7Mkx`j!syGV|DkIZ0cQ|*&zEZP9gG9btX za##vuXk~sexf5wPWsVt0hhzj+61S+FzHg&X(iuQj;#pZRNXt&Y-D|gG6xj5n4$sKIlVodzHMzW!4)8^A8z*Boc^?na+R`Jh zLNe;VpEUxko#h5rAQ?3r@^MQAr?FnQ+<${4I9{-R_#Psl8v_6>K#*mu<+BK;Aj#tY z(Dl}FO-JwFzl6x>Zh;M$z(#DOh;%bTx?^;=gn-0AI;2L6ba$7)MuUPN5`wgZC?FCd z-uryM_xJI*e}DY`+u6>}wzKP;^M0S}yq>S8!RJ?%|8q=Dcdq_3=`>ATGd+yi+(JlU zTlt5d&LnAES|2@iFa-I!Q!;}vkCiUFxZW{Cdf~wZcU4L$JW%&102dd{7Jcb9oXl=2 z`N5#M#(X>V_R?3z6(PR=gjqSOjP0XCx}6A&pF!Jumm7CItIxR!~r%iTz08mlO>P`&eZRS)%)NQ=?vd;#yN&mo0S$>nG-YVFgzcrG=(A zb@FXHilg$UT&s>AKZJR)y*(*=TL$bIX&emHvQXsNNDmiKWt=iGj)P(O%Jz$pJ{JWP z#D;4<^1E*?ONlkL{2+++m!?5lheff~fLZeMESc84FyWPt7Nb@icUe;Lt{TEk<3t1* zB~+S_smaB!^KWnWrWW1B3YgAX7HAE$-$pAVq?m-i^fh*K9YH{!j4}3MxQ)n?!>;1y zYCS13ZEOieKw6Lub;g5HpSRDlOxL>#<0J^v$Qh_vp~#jY$xlz{*MPiGkgkb6K@4Cf zi8CcppYG6!A zmt>&zfjZKRNjBsytr&()7>ew#*EzlL5l~q|`pyh~5Vxo`La^WOzp&`NwcGaXnsJ!q zJ&aO6#Yn4sFh#s+MFXU0vrjzo(X3w4p{{o|jmyDFeXZyqCs;<{XyE+*^*Ga}BW!2} z30_P3fpWW0NXl$M^E$vX^ggY7<3#r=yru}<7Bql|fb3oQXvsa^DG@=WVA$q}&434Jo6~POKlQ*4Rf;84P0aOf z`;tXDs-}<_k75u}clLhf=Jc3=W)2B@ixmgum6oe`*{XQ=@IoJdZdvspDV;WpszyGs zZeXMlUwu(|;u`az9sS0wnY?H3n?y`&LR|Cj>+6s6KSsX(s;VP;^7QQ4uZLXi0$^8j z_tFjzR`~5?=!@pd!`4pDWZq7+t|yFk7yPq{x?tlL+QISh!EhfIF`fS|eBV0>(TPTT z!ZHpLT)D;MN&d$gTcgts{>L8HHw&xK{u|F-qXv2dc~Mo`7u z9PzaS4e+%4@hWs$#|ZnX<@xuT@c8J5ZDxVQS}yC>E(j6j^Uk&L=N@rw*1rXEnn zq|NfW$z&B~9+3GocS}H*f9jidw457^wr$kKaBO9W$;Aye_X!F1sMng#m?VNPAaTSI z@mRC{S8ya@A(l`o(c?|)L-xtIbOZx!F0>wGLL6kM2)k(Im+^mlD zGxHJeb?D?0Ob~RNz^!}yWe&3n&~uo4UstdV5b zBg)1p00o=jetis9B9)>#tm-Erabj*n6T|Ok30nj3c#9@H!|6l;2uRkFpaKpzQt9xx}a|DxJ`6rDNohmiPDSOh0i zWnpLi@9g-tw&Zjw23jEQrw&UBelSz|K4d|boS4qRKr0LFI30PurmA}o$HTB{f=nSl z?)jM*)QtX#Y$g{1>(fbV zbjYB^-z{1iMy_uV@CRdeg0RPbP>|sYRYQICu^8JOe=O!8!J|OX$+&5tReJA*%&o=C zXNxvF$Q)hH_zC(|G|mI@as6{HZwUCSkvoBBJb89r9ErMIJsPmE)y~JzSN|f^^4t-Z z-ZzztFhbm`|4j5@B{;gYi)MkpL%x3PNwaBIbhC5!zD}Qgj7=^2ol!Hnd;5hy*T1}c zx173n+uzafE4<(w#cD8%(R7)u`t5)}a&_t=7B<|9jB>&vg0e9W_hTfvov=!?3AsDa zl!N&?jsp|eTr(2v1$EhBR)SNHMiBdTSj1c0XI*ZluIO~tq2s5v z(1PrDXnd+Ge#fXr_>8n&#OG3MkR-E^-}I1p>6dnrdz&V(A>7ws)9kWv8$3;3`z>+v z>^8oMUIbts)$13=;0BC^fXR%fG2W+z-t4DwD+z#hdXZ=5Ul^r%Ln4G$`sifMj@#%O^TJu8+ zKgkXgi$#$qntm3x*0NPl*`3Ma7!XhG`t8-#LAJ+?VM#QtgINni`;1RKLdeBQF|1bE zb&`E&=v0y724c2vB6G$`+r_6E~pr$lTcZ!xEb0C2@@xU9ZA=!Bi0)*lFD zM33zf3dTh{CNNam!)P5|2Mp8{a2`W}pG}8Rh0QgVPKj@V8;iPMZt5)V@9OE%|33KQ z#Xd*WtVs2(v@z@~t6Piuw3Bag`~j;Aw;N@Rxz{IJ&oy%zsd(>p)K^ykZA13Nt0!H6 z6SXm!txq(=^*o5RysKQXMOVcY6*XhAf4nrAG+n!-5XOJEPb9#sh$UArirc+tH1uKme8W>H=!3_kQJ}tAACrCRKPg)h*O^_ds!*w(XNL@H>u;hNSwI;-=HB5p%bIRj`TN8OyqURM(4Issts zX~5@otqGNcr;dQl85-90x^rA1-4Ou973SSv(dz)trf9Zuc*MhVtF~MuS=xJE94p@K zdTU-}EIe6wf-L4K`t0P0xUQbmNPCq{MJdpH`k{kIQr$_ifiT?}0Gy*?rO|S>rEd`Y zGTzPEW+aX52uBsllx2#^bjapmos^UnMk%$U;#}jCt3Cx!1xYpLbJ`04$IXz@bpd<%tKDA+Ph9|;A8Eic zT5$J`|7;;wH-V%Cfc|E~N|k)0VMYN-qNV%TDT$52&_7$%qGljn0pJ_6VZs`p<1uHz zkgsI%{>M4_!ctFUxto}Alv)QW%^iTtaLD2SCLfmYwh2u=0L?2j;99MdBtK9BQzuH; z6F|E?8Yq{S0_qb02AL0|I;%4WVLuqMg&%U7;EL@&)9kyIBZ(6lEU&26v#I(7Y=>8+ zUo&<*T3O$Ftrnsg_bXdi-K$rXjyo<$llU}SnA*$sbGWUdlz;j~Hr0`UZOi(K3BMRs zd(H>kXMG=anRKJ5c*ioQ5;8;6S}X>_jPRgdX}Sk>)oX{;S*&dJ4f-VGYklp;5EY&8 zH2fJ?aRKvMBBSRY=Lxbe^G;&2HPPj?BcX7C!tA)Zs7fL`f2LOu?E{$ zD&ia}DnVQPO{ukDc{U3L$u3lU^mbd@QSbw$0UlJSCVIRxe>+BW4fI0*xNeTz?hkmm zj%Vuu7+RrWt@Fs)f0$OCO{Fi;3|my%f2fkUT;TI{=sh1kcO8$Ci6$B))+K&rrdn?L zC~AQQznTY;X2wd&YWr#b|EZBedQwT8mXl2-Bw%|sFDd?{5F~eIs<6|FQkQYFYgmw5 zfFpBx5ZTPNPXk{j+^cp1Jj0FT3&bOKuY`j$I=r_ZX%s4X5dL`>%Y9~0)Eo_dDGx%J zWz64YGRmM8RpkiCaIIkGoDm?X{7ccFV~cu=AZtTS$(;uUhK*@fjcaSh6=r)cyYvo{ z$jIlJDTubC)b(-G(?bT7~C+1PaVw%LR*`MDy zuCAR)=m`cNd&Sw@$tAU5MtRS-s+OMWpkDJ3@@Ts2!iBWEDE$mV6w-MRbf){lON4Vs zKna!xY=(gB<1Y(d0@H-DsjQ*4XV|`V)z7;!gs;bGK)A{@%S&C!!paP$8qk)^3DD}0 z2a0cgT<>jqIfBL1xOI$f)0S^&L=P-o_qXc##w#`I2iY_f(A}+fW{9ANzkzx?f#sMV z8r`>odu?lDGD->e8Zz%$@G-u_3ipRxf5Fus$)bsc>>|6Q%zM?-d$MQ(AP#z+k^;XZE%tG4JmKdXF4K!rFGrvaaA6V^x!CQ=%Fl;Ue!r8P(xoFu5w!eOwf{L$CJ)y6G*cR%6KdFEH z4d%KG8#7F}s?7X}YxW<;TP?4Ji%3zXE{-EivSqig&VYuT-bRFlOVXRUA{veTv zGRi=MxOyQrZRKw}Y%!vC<=Y&`-m3*kETgeXv0c6mi(FUDLTv3}+s&EHQ?6@CNZ!}G zeyQ}0vw=U~AM+s_^oA|U#itDeJNN7C=IXoU9w~>qZx-<1P*sMy+djd=sDyiMsq@duJtJuN$@1BT@*$ zLUxQRwub0&Zpw|4anCDt`( zn%MDWh>gN5r97!bvS}Ql4#-jTSh0I0u`Sji>`hY{15p;Y*sIqIE(mgB%WU|Z16d{W zc2#0DiVr!hH;gVvB$@tc84GQh#@bQ*@|Q`UpP$Il|Gnlp9n_-MsOwR9)7 zc*Y3m<5)ET64`JcJGQCXr7Qw^2RP5kd)`SxDou}juo4ahg7obynlVVbPahj=2t;_T zs;(`WdMS&h0n)zN^L%Zz3Prf7kxM10&DvXJDt~9Baa*4`wQ*P%B(D6P=*Vo;pQG)Mnl@=A-q-`n@|SBlm64+p;J}%o;w4E(gCQra9nuc-;`>v9jpG zN@!M2*rt&y2k90Hf4|Dv$j@VCIJsjOuo|o@6|b2E?>3mmJNPk8K3t<0Wmt|dF_c~I zRFqH~(uj}Bg7cZs4E9O|M5onda+>ndzQ&%aNgc@P8fm<#%LGhnph=e`9`^ctW>gL} z(zvS2jDLR?_n?21X(k(w=YnmqFvy%Qqm!qv@+xlx9we=@N4JNQvETw&a6rFMnP?gi z_caR+uqw2U$p=k9cwQU3as_)NlYS4Z;~9H|$r-I6zOM-&$zFM5lXCYg&H1KNd%h!y zX`dEE%%BN?X0N1 z9q^}DxV;1)(Wgme(*!^r^v1gQ+EOz})E;WaOJ&2W?bdca_uUp5$nlzL=(c16c-*#M z;nr5S;ly%8A5༻m_w~5Brrc3~Z-}4fSRfaziEQqzH%n9M*Do<>Qas^t4~rh&rNRI zeZGcFFJ^rC;?W~PILgm~aDUR>TTtkcpoI>4CbO#J*stek3@`{|~iToHG>_2^q|C$E>rAzYS$3xdx zbW4)312e5Yc(bI##PVVy>U~;ZHuVpv-PvppL4{)+Y>L<}8wPVMP~Cj73{?ysrP2CT*o1c14Ts}i(noZpTwF6D9m_U=$)flJZ1hbdFAq#~bJE##)#ZhH1 z6Wcy9^;O_BQITt!CL;73o%gJwH8v^~w6mP@AbCaqXy>H^=HH~rZKDxH+f8$~YniOt zg85lDoHfhMywKX;PaJ1;mtK%X{TR}k-il%{ik$QVB4UGTlYScIl6&ob!xKzn_A1Nf zTIA=dF&r&7gFyq$I21DtRd{QY5?fqtaaU}a!cj&J7S8mgPklV5e-T=+iC9k=k5TDn zQNQ8e#;=ibcc+t4&~&h9qpLhOGB&c5y0N-{a1xind{znH(s2;KTUg@KHu5lF&uU~D zd*TCE{A8$7S35o0vjX&a?VIHBqnGxPNSTd;($J(kUEM!1%mi7kDKo4U&MI=0P5ns3 z-pK(oJK1#%RSD{~9uuz&B{nr{W9ZqP^1vBF}!SQVz z5cjevp2&v>tL{6*eV8OJ$%0Xv(F9sDDpKKkLlR;a)hd~-$*4?~nnleHvD<1!8bzw8YOfMwh&t1Y9B0#Iw17vhJ$l7b*uJIg~Max8j`3i znQ7;+-8vrtr#Zj`2p664sFDw$!BeSPqF74!4vq@<@t?m2L?my`9611I{if;I6eL&jle!UdjyZbG5~HBfR6kAYt~pR0?Ovbs*(^7? zemBXZ*Hho==oxaU@F5{?wC+v1+XybtYL{ECQ_ymyK)Be9N5_0FdY&MXF!f1s=FG)i zi^HR_GC^zK<%x||s2Y+eH<4FO76O9WH8LWsDbswhi4%Lt7yC$DQjGX>)@h_ASzv*9 zWZGmFbrxh>zuSxnDn>1qs%y^7(T;Wb$nb)e!p~O8&jGbJ+2t(w(r=UXH%p&wFuW|p zLFr-=Z6L&9QWTX$^bS%xGaoEF#)Gs ziuYSM??3KZ$rZ1idBew^#=v~m2j2>IKol8Inivkk{B^m4%%v6mja9xiB*mY+mRw$r z7;cN`!p%afxV1{UOqhccWIW34i+5qz;?e5vxf-;qU_X8~8Mm7SGqqx)^kP#mm%fxh z3omlE;r`7R?LN2-bVov5$DwTmXU~83j>h~?M`d&^+7fVSLAdgaM$24$SUv}2k;2TF zZE>NgQk#r59@!aL{P_jbC&Ka)dMC;q^S?0QFBMCm;`a=-ugW(@F0V%>t_tIYZZ>^= z&YHYMtm{&=Q%H|c;4NRZEInIB%ew#~~m=aplSTpp?r{E?0;clv< zt$UV^aq8Wbi?mtcQ~u0=(AToOgOY4GKjBmFGn-&|!A|OQ1mtCmsWOD_V2)#B;QB5y zej5AjMmOnXqEuGU*cyC&27RCS|Ahei|GyC6G8_cBO6va~0$gN78FE1Ih1B48eYG)U z;LkqNecnbebaE;~;pKXg#nqng^Jd-xQLR%OF)OVa+rh9lgXTAE*GFpYcc&bQZ|2E( zjxLL*1@qhn7bUE6{&{-qVsK}!b1%C8^+*;!AQBO`%5pIZ6fTc+HpObl zHpTvj1U$rDp7+)S%v(Ue@drmUyq!Yc-nknh_J7cSQFNe0Z~*RnPCY~6r0g#P>7^zk<~h8q0_3Wa8(?8DIsl~>&@3n17$~wmYAA_vBby!#EXg$f(e2yDRF+q@^A1@Ufw)Ysc&+V#5C{h34iu=@%Dt$WKq;v&u^pD9&k$D%OL+S>t7Pa>5n0@ zd5agM_2*}Jllb~hEVz)}(W)E-@_ zIU|t=k9m@&-O+^8}dSOQGOl78BnyHn-4Ox<+(90I-+^6F^ zGLhjlZ{Ml#{@l+v9g{9hx{b%?=f;V0zKtYzZo-mFrtP{s`UrKrUI~?N!t)__HzCkr z_x!X$8FG1NuYkS!>)$cHJ9LjQ5B&hKgEvOH`HAN>C2{Dx9rmiOT1%!f7OI7a2~lUe zFIhoSlQV%2++Z@iA|1Z(NxjHPDk5`14;qXA?w@|W-Y&)}vH*w)a_x96eak5t#t^)Xf^AlBg2#;48rFe=41adi7H zlDTYZ@wz4|KHKi{>{7b|a{iP@TZk$}&Yh5zWoS7$>hkJGta;DMQwCaq-I)l1gw~MtDBQ7mp$dJR$;9_ubaXTx4en+bS&^$ zv%hwrY{!X+Ro>ZC`?JSVOUtd{fuGA^1<;i6Be_U`(7Q6ywq}YE;f5)6hS|~m)(h6p z`C;$wrwPb8u4d&_iT;6}T=kK>n;YPRmL$a;wgT3NJg=Grijt^x^ zlWqUXI}3f|qCXQkx-$O^VbeBwt3!X&f&X{*vaxBsX!5(q;_oMGgTpj0YMMIfKa05M z=byV|@e78n0KrW1cKD>9kwtpgjj`hN%NLpPRb&t2PXL9^w}cg2(cJQn}0 zo{;@SYqEL~6tj{O({QFlkaK+Ad(ZIDx)D|HBTOh0)2au=`ma#p3j`U=YEML} z1byzIneL?!=5C4I1H(t7c?L4$TI_#N>edMy)Sw4(lJ5v9ye*oPDYid$sM@dR$a3}Z z^i6W0L-B|_XQfNpLKPgS{cS?5gY(~9;cfD4`M;9%lUY9?uBq*}JXuvLyGMN=Er&Py zdi{T8C*$YTFgX++*e1d@_+sUYI~jn0kjdukJ|TrvV-JWwLJbe0d(Z2Tv%j8A2vXTQ z+5M{AC+{VwJzhPU?s9*l>zB;xy+^XzNZ0XRnr+eY5nlDNvEK5fP?jM9qkhXA z^eXd#(@1J?8sp&6)SJ}WRZfk(wKcg>H#vSij7JEF&e{>FC$bbBkRdG4ElI6|nf3z#;+x7iPKG>&^ zse#f|esGfH#(LMN3-q{4%y{?$*#FJ=K>20P<&a_Hr3irmOUk1Z3gAJsE=K`#Z>^#y z<65;90l8kQ{OvwikAV8YJQurKV=tzZJ25*WYQ2%Z{_;OKEfyR!M}ebJO-t(=JxB4g zr%G|Z;(+t##RZ}uyMqe2=O>Ymp=N^eIq}9K!Xa|hwd_%_1NRo|fhRBKDf!7J&aOeD?t=!Z!ElDYE!ikQ+&%^-5(( zobUnlNZFW$bd}C>aBBbm7Ac)=Z5A{4GDq#}Sg3`VxE9Nc69kDB_gR zddo%NHV^eufGqkN+l%vqpKpxLh^Kt$E}mn6k>a(>j^bU*9dFkEmRK)FWG-gH z!4-AM<$46qHr+IEH`2I-islXarPaei${da|x-O#PI-*P%z`-`PxZ;y5wUtp~`^!B! zkOk+u|BWzjplOU1*9wAq6#?6Hq-mUSyBm6S4|Ip1{)d3!Ig622vf|ZoluP{mNN(nw zOzOZtxaQM%^Quf#xk?mkU;a2~yYA(#F@5DW-+={r| z3iJoj_>X&r{)x!pPZhaa}iu86%m@q#QE|*ux11aSp;qz#|8F$Y!rdPXOgoS*dLO$?e zQvP^^u*LLI*Wkf4xRbBv3J3Tjy*I9;PpGVq;Lkfb{dgII$JyhE_a-QOW>gX?eF+Ox z8O;NY=OOhz*|+}7H~gu=6{N3F*2y>A$%j*voOCYbio9K+YhIzF{R9piHC><{tcV+| zz-7?~2=vn9Ss3FMB;tgpj?4`vaVgh+@KzoYw6wxR4DvJEsRj$sOw{(ElddJB+r8O2chvADA$F@SMw3%@Xu-NY*kt(* z8)O8H~rK1AN&{bKqXQcCsK)i^Vq2S&FR-RDK#Mx7P0I!--L4B&wdkMS9DExG5{4>0;u;Z;`S@t-bBpcGFbu||-KOtPhmVXwi^ z=||S#d;!4H#*0yJg}lF@9R&3* z0tR!kb-JYHM`iN8&E)&f^c88S&!V*F+GTRTc(k_F29{s=0Edwfh9ckp`pdn+rsyN} zBTM|`b%RibBZ<&?5q4^+HTS8KzKoym8`n=*9`N1M&rdU@5<%KbqS&1`J_Y^Hm5iS_ zpZO%~X=6kk6e~O~%3JLS#&z@wb@j!g@;@2OHbyyq(N>{BLr>)tY+A8fN! zF8-lh47e_@#b@#PnzF79AiV;eB&toC51N{LX$dt}HqR-`v7mq&tLf^aboCLjEMvEO z)l(Oif=8Mb;_5B|r7S#ci>AshQ3*|A%57p;OubJi^nt>4Qq4DOtAf1)CLYid9c+n? zwr7vFq6cg2#SEocp#!eaWz6l#8D$AAfl{=nQ?+1`?qna!gCSc>bf>t=?<&kKE(JuX z0PYD??l`86n;oapGF<$AZEN4Rt3>#kRAr5ttvbY{jTzPj~0|U{`Yzb9! zIiML=s%OYf)EDO&+s!h%- zP0l0qjPltbi!w?ME(#7VVE#l}a;Yc#mFaoq@p~bH+o8~c1^A@r6Bi83%Q77rJxL{sU)13Ve zuhUb=W+|?59@RK69=fRg!zR$uUe!Gd?2f}2)JpZGSaJnv&<1IU4C$}2R$(FCYU%Sz z>GOyLgTN%3WHhf9ns)}H)a<2WVF2mM8TAe@C|MB!k#qnxBzzTN`C44o8no6LBG-Dy z`E-qb!9EkazKe{$Hq|**HH4M(2ub=SO<7Z*Z>^|Lt!Re%;+IYJowD17)8V zD$D=T9Su5m&mL2`Th?a~nWD^HqRd^uYYBcvE-$=4``R@2k-XDkk`s8em*og=-Tyk@Na4CK|M<;9Is)5ASCfih->s20)47E#8`#k+NKMWy9q2;uhYOWn{eK|kog z<&4DHFY0U4yereZiTCrv`d>#_VrkYkZ1g)k)swK5+i8R4@q^{Lw*ryT;HTmpjb3^K z|8oo9{o*IFLR7caP=sM^@9+*KO}BYomwDdAm)A~7yLd4dW}hc|GeCWXb^6;NxEdGp zS(oT(muSWqPvAt~+DROT29rEol{{EnJ)psgCCj zQNqrP^D}Vm-L78wXBHFT48thzwwDtJ+5cT_YgQLl`73qJix1QLmDGp+!uIvVMekyc z{o$d57CN6knIm*k|7lyPadB?dh;G)jksI@PZ~I0)8_m(#J}{NZoff{6NTowZ6K*x6 z!+*UBPT#5vgUW2^^?>{s=+SD%dFnl{zvzYh z^f8j2`Ew~K`*p-)W4TL^;}7q=()2t6$*?geU~oJrdw0705$9kg+ZPsoyOq39N~LZF zOm9;FtJn6c4j&lCN!O z+hSq>r9!ybjh(lBJbZYy9GoIZ(i=L21n;}FYJ|&JgbQz+0M0Y0f-QkK&9h)5+mY+^**aNyDUs|FB&9i^(uIoH-Kx zmW!utqIzr%^che9?7S$XF&(1D)Z#v=a6cWvr{jM~;{VXYyRChu zb=n0Bae%04l0~VYtfIW_Z@Z87!eq-6fd3;JN5r9hKY*Up*nK1!sG(O>N{vCWljeSd zF}}3)s-j5OVxY;#K@=vWyE*B(2yV@;ZSE7mPCOOhbho)+N>q^-i8+^o@1dqx`nmcf_L^^4YCS`-7#eSsal4`xix z?0-7-AkWs~{TO^7J0<0keqSsSJiE2Yz)VFGyUL!vR{;M@vU}O@Wc5UMGUD@ny62#> z7=(gZ&QoSF^nalWqb_#)!);W2j=*Qr3amJ3fPgvy(`&2(C@}`wg1%Hu{@j?>WDO+! z6VU%`i&g{Z+o`bS83R4Z=84DyS`Ons*xmaxq-^UVZgPLuIDbUFwfk|dKg=tfum255 ziOg7ysUab!mm$PC0>TzT+M6`tuBo<63O;Ug?n^VB#%(|8DczRP+v%L zKMU-h@?tLrLh@@slMwDq948 zraxw&@q^mK$CzZ|qZupkl~_r0+nP-R#XD73Ow`(%)6`kr?7r@L0tIDAs2Le(1flj@ z!z-VmVaIVdB!CP06ztYnTLE5PMnD*+OF0c1-R;R^R z!dM2AZ~a7K48>}Xe#PO)2XpjrYRmKi=I_u&*&VkS%o0g%XuUXtkzIe>jVvx-&^h!U z8u&|z-2Ol2cRWl&OU%dK%_NSM@_!Lg=bIJ{fVht&fJ%C}j~Uw!lBp&2snW0i%C+8e za17pTUiETVhf7?op2}jVDK3(maBPHH>}ffUbUZS|RtAffFK`FyLAc9|#+6+UKC!Q% z-Ai7ihT!Zdg17CiyDM8SfoI(cTYfPXGK?D@=dPn7=T~J9sramb&-xSuv57xoU;KR; z$JUr8X$8#LUR;0fk{u!0nC5L&LcZVbk$EX)o}t)gtmfSKA@(;7%QvCNO6$gIeT^SR z|In;J!;g7KP$wi$OL}p_{t%jCNZV=m^OnA)Vv2W=d zzMDx@nYSRUHU&Pzg|Jv{a*QDxMCdhh^SPnB$p)ZW#l0j9Tt{H~4k z&th+MOv?`T=o5f=Eec@H#O=k{ekb+Poxs9aVhjl&jvgLq0uB6+C;4K}zLw+2+<$$^ zYXhw5dLvym(6wpt-CJF!H;t(?*KZzqg%A8P&^9W@TD{q#S>v}Ku9vj3kbi8@n2V<` zt&7yrt%&!ahc6p>NaJX4AzD624_Ji%B?m=YOdS2ps%6>t&M`INk>0kI@B&?Ri2%J37umIKak|!6KE(c zS8bQ5D0-e*oKhKMoFkplsK*%s;r@mD-@O1sRUL*TUVmic4oLuu^uEt5Lm3NGxw%Fl z+_A>ac0t{yf`xOyB?xx|ZtV;4VC7hz$v?pDla2y@(y!dZjljko-J|KBXC^YN+Nv2d z!VH0w1_4naF^H<1@#>41{hUJn^{_!HKYx<@MZ7k^4E#?H#tM;-`i#dhFMQ0t5QmC! zNN9HGSPjUqv&n|t+%zk$sUCp;`!e1}M}PtJC;abuINFl(@W;Tu~0Z6A+1Q4r|0#b0yDrav# z7q>)K{8Q&zskmZ%Fq4u34%;J|qW_O}$MH8G`zG3(Y6faQKW&g2=+F_&T>W3=)dQSC z1Dmw7*OVhbQTdBWG)VFlZ%;wJoF3$07CxE7`f2M%n<{fsO4ut;2p%o@9}!r zA8A?H+!wt>(h3@8N||kOn(7%(4p~~cP*uu=&l0<+#0DM=qaOmf1wd+M7*yFsa5>{% z`-xOe3!A1MBpgI7#grc1C;cupTG>LbxC7j-Ct>F=0+tA#hN=lfS4_|I7xY}@#A7?~PeZwUgE;vg z9$CvqlP;)>N*rS%u@D376#3=5sR}V=A~8DyY}2+Nwjrf^2J-nBT};a3_u7JWMpD*7xR6qz#Qe@828O8J^2Ltbl)i3G7P5rg@`A5 z*JdiR=`3P(uZ+o}#^>doeBL&G7;fnyF%G@1u;_O6Y07%dly-%bmn@|ziyH{r|ti~L= z%W=8%KDnl391R5!-zPeBKxGIh!3b04+n+l8RTO5HBq~!T`z5na`scUbuzlXyp z**rCeby``)1q-CVvbf3;JwRCYGd^bs_SaPP_lqh;=Q`DwSNm9C$A{9J0o^((UspQ1 z(6`~r;)ljg$-cq;Z#H`;bPL(Agc09t)05dh<(AGIf*2dqgczu;p)IG_z84p=DS|fa z^7mTCi8xn1j#ZgVm4tDRxz4G?D8(nV3h!o#4Dk&@8+{J-4w?4Il|&NVMMYG{rjOoC z2l5*umNmVaX5%$-+{SjEJRufKBz9$hl{n_A4v*d{>JqhZ%AR)AN87Z;y>q6fO#=U% z4}S8%#ff?j7wq4YY`gux-}7;x-kb!18=%J|`P9IAD9FqdQ4QU0KRQDx6kRw4#uI?^UXt3v{nKMv#LXo~x=oAx0S{ZGx zW`Mc_bvmx)YQ)zHKX(OAQzf~UH~{y5#AI5;+=;|$49gMr^9wr8oHfFD6ClO?w+ZxnW?Gz3m8EFL1iW6t^u#| zHH?DDy;87|2m%r|a9($_PqB|Wp*~Oj$h8KUpjuSq8$xb9Q*xCraW4sRUbBIDx`Zk) zRscHkg*z!Srn)j+NFV~nmB58Z#yO238;zr``A(QeC-wK@>IgNnct*_>e`$0ZGn}a& z8rAyh5mFFDfE4telN2;a42j?+^x2M1-8%4+MsES*xFBd4bbt*^Aqj=^g9MNW5uc=^|n!KGt3$b=Bqor1od0xz#rh zsd6wdY}+H%Pyj|YEEN~J7{Ata@XKWxWh)%JFFv4({v?KqjB zXMrZTN)~uaGDB}S>AUx}7k$Ydr)G(UAzgX1z;CpNEJ)WLCjs#vOhBF5Oym&ZQi^@+ zTD4T1z6@2v;9F2@CaE^65(G7okXzEmp_UPf$@)L7xj4yde0lVx7hTU1r)HE!U?h4X z?!4LTyKY@XwIvRz-Tcz-TNg{5tx+0=@#vXhBS&582R53&dgfoU*OD<==`v)I!Ls(D zb*F;macYD(xoovK!=ANf-%V>Hy3FG-f%_myeiHU@L2b2EO4s#jDQ!KOa^yW>c_<~- z9wdT9AT{qDn4P5u=EMK0o90!pEHdIe-@F}i!b0aKEAuxh#hkMcZz6l%bpPQXKVi;F zhg0o6+6IynWQ4)#@1#SW%u2(i)7R(P;QZN^vXoM?iH5-)GSyY+U;2w#b>Qr3@96AV zsTjMT04JIi+|w*1wnwO?MqSTJV~vEDc&E?v+q`m7^a?u$$SBJ@5gwV1Oby^=MbyQdW#jBM(yUjNdwjVOi{AUl{|wzHU0q?~GrOmw4D^ zbZWh0jW#s*Mf6=qr2?x?Xq*!Qyk%C)ymrypgAwIT2TfW=HU<^l(cRF181)!mU^x;PfWFdQ zEGNbQ*0rY%b0Fn6BCm|Vp&-N)Wozv2HUGOL=fR(MF)A}Dd+GSKVOo4{+#xW{PXzME1cd*6I37MXXb7B#EVB^1nOTT& zx`{~Q&_=Q`;OdRi#iM!8a?P;BswJ)uN>i|KQzPjrAp0U#Cxx4+$WwxqU&g28eZ6Su zA8m}dr{G}HiV>54=WbmLasoO)`^v@s{biej&*$2}O=R%@I=J2?e83JI>W)A`0tDhJ z4P4t8IRp4M_gupL?8*k+c%MM*F#-S~> z;eFEmp8LzX-lNmgi{cd2RQ9K%z|V*7@49ulztwacwkhHr|=p=$&2%ToZ|mpda;zu&O1QrCh>X#l^!&&tf|1)C!T6q4Pf(eX4@CyBN~Vn zhlUSPygBC5;|Ndt_(^wz!}dtfw~ccll!f__6>+PkwnF zHH5ArMM1wNrhs0c#&%r!FUa_(yG_?K2xHF#LH_zp;xB`mn2v_4eYuzPKeX+4tUn2Q z#rMQob{B~Xkp_;2wB0(GXj|+~0`yp&mz}%@gpN8Hq}i#e?o81#!|0`Z*o|5=dX$b3fM#>2e*QZdFR; zAC|`$@8`6I27_;i1f=Ql&P+{wM*geryjMuF6VW&krQkyds8f9>5(SB(G3DtTgJAi* zdv`1w>!;&)zm@dN{+CeWMP3*JXq&RSGCXkXcegc{y>#v3LJ~t)o1$ROogl;D22YT| zvN7kLLc&#IfctTFEa7xDDGK147`lD?R=!l}E*)S{)#BURWlsvG!{0fW!7bodZU_M` z=;Y_bZ63qyj6Fumw?zqC4}0B7Q~sJA8>j|EZZ@M*DmuUnxkSRGPYePOM5%y!#oP zXPC!!BUGaW0RIjSj;Eh;`LTe)6bwPI7#=ywN zSlnz}msMkIv?RpR$t^_6F)^$$$}xrhJ#Esc26L_9B&d7<9WsKs&8eSTkB7q6DB1Pc zd?cYy{g#aZLwB?<2+hzXMqA-6Boc#=cgXZVM16EgQ|@nFUUza}+L%)E+v9gA`z~<_d$oD(Vw#Km6E6|nI z1R3)%1QMdID#1$s!N5+QGixl+T2e8yf23Q?cCdvE7Q{ej5(k8c&tx#N*S78(7;`wz>+vJv%F zl8)lH*)a(+W6=B8O$k`qbjb)AHb`n8Ph`^>;oW)2qCLLNb|S)1Mekv>^3<>@Lzsw# z`(gyl(HWhsqn>TB8@zvkysds1df|G{J7l5)XLNU2RbF zjHD!7xixe2TY$6 zKOaTi3@x_@mz2f+2Bi~ncnKEIX4fu^11C(PAhQwn?ew1j;*^rHlh|t1hlKb3svqrZ zqd}>X*r-|b!1+Ht!Vg(#fd4^}6cR725LInFU(bx_IQ_`RGJd|^Um77=cqU(HjI4H` zu}!aXnbGDqTJfg)q09}(PXLT2J)NF?Rls&j#@=T$1CPVg8|eo>0V3RzxjtEC6!JkV zzGFDeM;2IGS$oP^Ug4ttSQ2WhV$UXgHBY4PV*;c^ z^C;Gt#IOqvEJ44zMe{}o15l9|3U#X!7WJrNrqMz?IwYb&6p+%#YupWd_7Nw}j@AkB z`Zr3%tMSu4Vo!0}{F7w4o|JA~Xe9q}tvItJp`H|5ZRilq4!_rT9PDgeWo(&b>wj@2&d+tY*}(Js07w1WMz(u!H3to0Un#n&e0pP1^FsqKw-Gmh z?J!u}GE>ax*lbM-@p)}pDBR+mM0x8S!&S#$qV?A24c8OL;u91lfba`gL-^r_s79xu znM*+LCl#c3RWf!Ud(GB@BXN?1q>zD>b7S9ItE$I(9)AEzlDenIcoaPy}swe?ypIaGd{^CmgrWfd2XV0CcN1X+r7DKCpeAlgVB8CB| zNlaYXN}o)V}%k-9?mOj6pY#)itUR=l)Er2mtoSFF1L=CK#se6O5e8zXkHad{xbGx z=l563y~=|ze|@j{ESRbz^s_%2Q6ChQg!8?{ zoLk_(`l-zg-6qe<>upS>p>u#{-FEFp05l6H4T{ajStEG`CkpJ_r4Jnf*r&8*qDn}e z;|6ci3!r9&oM&f#P<=bHWscDI5%?;ZhDk-kNiAaxmfjuG&WefW_!*ni7W&x-jVRHp z;C@X}{PGlcdyO8rZX`mge)*xapI<8|*O>Bv^&jfFh~jR}J!&TaH4w_Rfsrw12XWM#`+qHJJSsm?C?+U{KGUN-0h%W}RlJhoZlKs_oMxBL zx2;OOBSGgIBCqQ3P+l{jyalG1e)hoUeYv%l_p{~UtQN3sBa!!vEA>PVoXs9hV4Xl5 zMj=&jAX@GtF2iu_L6kfDYrO!pntLSOq-sqqE-gY>L9-)Nac?Jfo@A3V=6l2;0Cfh+ z#U1ddyzaOl9)AMGUg0#Wed^gQM$k0Q$|P#iTp(!^CL(w>BZe{OvB7(`-0&2l_QQ3t zgXhp?rP=mS#kHLli$m38Jjixn=w^FpmmeBl+rlA-@c-5yuy1`~Nml;ISPEGeuy*WD zMBeR(_U#6j)Vu1z=M~K*uGB8QfXuqeKH6XlQd>h8g^f+mLXQBfvILH|mj@r(aTEUK@RT=#DmZh|7>!nHj_Pq1pfB5cyQl zV{+~*2c(P&3tpY6_K(cv{2Bo<#@Ru!7dXsZPrOwOTL?5A#gr)GPjDHQDl`9p@YI(g z%%EJvo^5Z%Cnjv(bvYOKX|_4yinx5qf5yq?FuOd2JJ@SVgQw_$gyeOCf(uIXuI6ET z_u4b^-N#n{d_=vUZx8$om_GavfecmykSAOG=xIWXG3%S(?IK3<%?s`287}F0r2*UI zp|hyVA2j|t_e{^64hEw@x#< z2~qkJBG1F9(YFB$?F2a7ww|c)e1NlG;^9%LhCvYLBm8Dpmwy7rB3OXS8hyJkq;hab z5#^*X;l$iPiE<~tg!@%r(-_&R#)m?2(Ks98&l|sG2N*H$c?Xz8y=Y5(;a!3mbTC97 zy~Z;`%O^%NlS(x1@wG-XYOy7;+Km}cL?=3~x@<9n#)*S|-Eeq!tbrH#`p+`|?0TZ` zyq|6YQQ^!|C`2s*pn;$~)E=T$m6+|{8GpD9;~#o3PaT68+ACLn%*x|En9~^S5-XqD zRPf0v87U>g6BSGB@YI2;c%T(f=m-o23P^SSq_WD|`HG2Uxj{P}C zO4xSrZh7LM9y27vBGCDUAfCCW0TgTpV{1;Hy=F&u<>vfZxgBdKNc(R>ndv!u9b>)C z*UvwIeW!^%u=ghRtAD^#mGg=y5a(4gE()84WS76do&3x$Wk~B}ZHf?f8e2o|kfXe! zK~z_5Vvt1%rtW^bs{hGw1OApJbN3jCboF<#W+g0w6@aFbyzFeTcJN}56c8zxyzKo& zWauR_G#}TTtpORD?-~TLV_g_-g5c+RpMg2%0tQoIP=*EIP{4EW_Afs|3SCbLzjjuR8gGRo6HFb%M*l+3 z_I2C|Ra>4Rjtg4@&VVPLu{tDzFnQV9jAQH1m-KU%EPd*CZ1h;V!@EI${*2x1DTT1| zw1dFDFkqn$G83KZI_wLjiwW~q2Z-UcEan9H3$7*ND2b=UIHUg$fp+}gB-|6$hN+Iw zWIzZ@UMEQED=cf$1eC896Y-GbyB+9IA@Nf`DosYHY8G$&{g)$px|UDa?$v+I?RE*m z^=EmvePIHX3ylr)#Unt%m&VL5+d!mU0Q;T2h!R2P9l0K-<_b0W6$eCf?+N zuv{*j0H%hi@X(NsHf*Qr`?dgLIWly$_z1~FS7I3#Qj7>8{2Uq_b*4Ss@A^wfe z$mUVES*aIwo=!&IzDw5e5se)^0gL&983X|#)4l_3(S=$zaVZ#xaN!&|nqOspK+A$*4h;edx7;s9BE}cfeyD>3n?{V^Z z7`USjy69Kdv}<^GXXW)Iun zGS|G{?vC<#F;&c?%EwZo&a@PoH!PZ4ynD<;ECu5URX#bYdih-;81Hc+bG3Gg`q2p`2WCE=*E?BK%mKT+}Hy!r7FL=2@y z*zSj(3Hb2iGCjszSC)+x57qbzSD|*p-zm4O@H>} zuHaDj%=-5=EOt_j7!PyrXrO29L!x|-oQ1!A;_qK+tB#s#U_}f6Wc=RKhd<|@O2+Z@ zNjLzOow@?}%K1dxe+v(#Y$X_a$T1f1sIoCb^U^U~K*U=GwOGy|#yZGhX$Vg`#+Ev9 zcRmlPsO>`dDQ|&{g-qnIeIk=n_-WJVzrL;aQvl*zC=aQx&BDQN-q4R0DBQ!k*tGws zU;K%>l_7?xy0@!)e{Y`sjL!gmXTj#FHj?S!MpB*dIp|&nBX_hPd)cGiC`=(YI!-DT zlX+IQJ#(hy0pm`Z_#&K#^sDv4oF_5(J5LX~g+RI5jrxmEQp7HyJf!jwX0r%y_;6q9 z3s5jm9*Tv4Qk*-Q1=3Hm{!LKt(fs7auR6YuRO(E$d20Q1=pJMkY9$e5iQGeyZKl;7 zW>0RWd0qJqcD>tg<-gPRsaZ;6IDE&ligpu$(i*B#Oe3jJvWZK&GAoB`?8%`>SW_EL zGE<#dWFNyik{1HH&hZ^NFD9GZE|iy2mkZ5{R%Eh0fNCnosVCy(Gu3fN!FBLLKUknp z4%?qo7p8^kvoWGl45NxBE_F$RBIa+OV%z|fQNf?{qJw0J@f2n&@~D0?(bB0~O5?5> z%StAy%Q5AThVj5)l0eAodWOy+hi7oR~3@MD=|%i%=dZt9-{7;dg4p1ymL?l1Q*i zL1r07a175YQj5%>7-1b^I^_P(!zn0qf=SFbny_4~C3)hSSRRgtVnD9swYuCdl zV`lBK-G=8?EmWq~{Rt{wOg>KE*Lb4GgXAc|g*M`ep5utEdpqLKZ zzbG^sLFY;4LGq#u`$0Oj+qF|s)`iiNKw_e?*^+W9e`eZSkYxzx$!Be~W7OQlC2S=V zo9AHXg6K_!RLmcACe$m4**B>Q#N6>b9C#%f-y|E=8TAC3Sdy0pj`*> zN1uoTV7ltVbxo`OpOo!KGP&z1d2;DUrl`qr>a7LPRINxjm@Ow-_cL+An_WG5LrW%9tYK6#q@YNOEa2>-TJ+%z zi@Jm&{ll7Zq>=q$Uw)F7)K`met zmnDwlcMk-s7Qv_Gf2(9yiv*B*7P%Q6($W^GMrU-y#MkBDDN^PN1OzW%JE)Pi#JNj| z9n!)JRez<4;~CA=#9dGIi!UwiDVt=Xp#@vqqa+{lcJr9n_)g0!0JEvM0~qKEH3%dH zfZ2;&0UV_LWl=(-D)$jlhj=W76S4^RQX15dLp+Q^r;u*yCNmSyN;ZXWhj?!ao$|X@!4{IKbgsY+xgRY? z8u;b|*OBBi2en_|_(U=T*J#M?yf2TDBVjB@e5#Tez-(up01lNxjqj3Kz-(`x08-UL zzweT$$iZ?2kfK=XT;UhAT}NI{H>n$w(ObMrAdo?JdN+MQV+?; z&M@i&H}KfyZ1JPWE==wPo<~%sNCHATuhE{To4QRhG+|sVcFM@)t=U4z3-+#1OPv(O75BP*`VLimAR9sy?QQCrDfo$i7MC4FHc{r;eto$iC_333xSfE%I`t zo`~Q}X4{-PBbp4djSMXTK`6343o z+76CR73a3R&*ZXPhCpIR4(|sG5Ao6qH_+1M*m#&iQBn_AsCd^P7$A##nWRI%yy4r` zF8Nttwi<7MYB8}UZkwggyYyQHWTVtVC)%0chIVnhGmPWFPP}p8fquy6H1U@<_du#K zomrC5$!j#J87nDk;W?7N(Q7nbzW$GYVCm(*hZtNlK=vEDBWR!Vn?`X@Bw^+O1hL&=RCm?v_TCCfmG9j7VexEk2P}MrE15>%q%|>z(nEjdeN#!$d zCg44;&Am*)A#Ws~i5)K`4qt%O&7!Uz$rAg36^(wJ)`UaeMU7 zWo?KL2Cm(`O!?tT1iuKB=zmx83`J_DrH!hhP_-V}llE1^K6eCiY*~d9eKYQ*?1MRn zcp=Ce86ua%&cRD;zHl9BgzVFZc8;)b>KaXcrfJI>zCgG;aUCgv>@)k~Q-UOua&``1 zfT|ivVtlRqsp+eb^EB~pyL$oeu~UM#T5&;qPbxutMy%0C)bPSb+k9d%hPM6VF*9@x zt=@N956*s3f8Kv_?^QA~xSKorgBFm1jD1h#KIKVgCPO2o2x|y$Dh}?fX0S~mp0f-b zqj}!WjwSU(G#CY5Pg>|}e2nKS2iP7zE}TMLXP!a}tHm6IlIB&`@|K@^(#p*&wbNT- z_a444J%vd;EoU2PpF^w!N{dKJOKj)NdmP|eWOI|UTE}2UY|`9qp-~rfd6KkJTji6` zZ?xKEbJ%iP@AEMo>Ruz%G3hlMaD980*mQd5Zs~4?NMrjL1Z33b@_wN?hAg}C425gJ z*Y|S1sd4x^J8wKPWBHa+=adqvkv>}5P0lEW>*tgFEVflN-?m>))q4|DTLD-y*&Xrs zI6v#X@*x%&zMX2$>!sG`GuNEs87|mFHC%DepZ_zRDXHX>2<(fef4aejQg zg{V=wlXFA(&nHceB$H5phK6QK6-0OJiTw;8T& z$Pf^I0KhTgoUjv|;jE!GlUD83S51x1^867|VLxc2JHm_y@3lWopO*^$`ozj4<#28- z#xn}tU)vtZ650*J{ElV!y|Koxu_cY{&)x{#|DVr*sM~wedy4sc$DM!nW2>5wKa@2| zm_t~0LyeL_ecJPqr5IHfEbR_xvg^MvUw*KAY4s||`&4&-Vb5OwR7Lt%ul}#p@|+(J zYSOK}`mIaYR4V!D)*jW0VhSf%!@z1(rSRi%t#R0y*2`mKDwUR=u$1tI6y8sgf7seQ zqFMYF%>M>*4R08=N!;H2I{-J{&rl|B%o|s22xGhrnW0Iiz#tPgls@RyKS(X7{+9l| z9AzQQtVUX0`Yd1nEVY38oAjAgnVz#Snd)x8;B-*2%4>U68o?a|>kD=1fqeY|2lKoW z$(-J`;9}}wb@pKa(fCCr46Qv=^1c05=-DDi{vv~^g9#S?#9)3{n|wnX?~<(O*Rf-` z1<#1D>G@g0Ty~Tuhys=$_9)-*$jhzpr(i}Sas7Go32{;!&m`lK*CoS%Ms~*JDCinh zJkFegO8-roV%w8eFXG7j8=4OIBWLUiCL-1rVFgNvLY+G1a2&uSjncl_K9)8jU)*!{DSip7cW%C)@8R2`rNvAWi50qZn(O*erqR+aU zD?`8f{_>ceW+y>3X8?2ShuxMX4-}qxhrn!)v1_;JO>7pkG=q;=+7J5yrTKUC`H{`^ zVh`=-s2r`W4DA^4I%i!rY$D7JA#@1^eRhww-4kZvVvbCfhOC8{Rdn+-HPwumLqOXh zB-0UhWe&TqfKW!&n?9UMsEjtDtk10^ zq++yyI!BQ`N8tA7A`Vgp8-TVA^;0RU=?`}H7KNAyWjjQ}ROVkZR$d1MPkn$u!l@>w zuc)(CA#`k{K6l%uVjH-d0DedRPuk&gz~g((?U3%>* z8#@?}v?p_}$Ki`P(vUJ;Lhi|07iMYIV99%@!|rNUR52VVUH#Bt%1f*}nz1$_Zqb>$ z`=mdVI>;J!GBnqFR&s~0F(@L?t`y6MSwdAWl0}w z-x>UT3Oo8^H&=I2=~+u(Lh_46E59re(`c`nzJ;u_vlee@F|;kPNcDG~ZF8|L(UU!D z`pf+ev=S0)R;~OBd_0Fa2Zv(Y^AgRmA`nnKN#js=!GOK=TN8+XU1{lDd%RT%+S~B2 zf^cs0OG#QR%-+AeA{^iwEk<{BYb*Rl9V-mlC4h*Nz_7M}>)&Iyrtujn+v=p2O+Q{+ zj=VPHoD~*ruHRDD_v;mNp96@j#Asm-CYMqhM4>I&TJ6p6bKrt~Xm3dOZ|tsGx>#ATeaua%)J8DWeyt zi}DOZAzaPg&mOJ=Z0jz3wkaWj!BUtiJo_QYM~AWUGzj=pTZHwWgTL^w>cV^0jn1cu zfA|J#aor?8VJUHJ#sge>^Yy^^kS5ulc+4z`XT1)W0up>SEsbjYgkY`gcb*$U@ZVWY zYcz8&%t}Z?VJTE>-$Q6E9{s~!s2-iT*BS*jaq}I@*D_QN;t7*yJY3*`v#dO>!ReXFJSH$J3_|k!k;-Qgd%(8Il(rkQ8Q*4 z1e_)O=i*KPB(*gTX~f5?*AkjFYEQ7Gs@IH}1OY>lSD|MEN~hcTCWEJuK703=_{pW}x>1om+YJp(T19VZ z0dvu82y^oW-hZ}Pf1UaL1-Z|n`zaw38)I@NQ6H?zu7*qkZ&r?zI|=Xn8+FClT6@m} zo}GCDt)_9FoLhu^gv7*%@yU0$ucn6LeX@G~-+WIl#RR(h%qU-*j1<_1r`D{~L%JuU z$*ZG7{wm0xZ8K`{2D@cl(#e72{c~2w^W($RZ}UGES?~6Op04&M{B@&Gul%*Xr^fC) zCLA(-<$EYA^N0Ih52)@;9sQnS`X?klM44zp_M>QL&RfW*nr-^#F@CE2QYS@h(ZcvK zsmZD1tLb!ho@xNo_QviMCA5q)!QUtO0O2H{EqcGh^3TwHV6QgHMqd8I!oMU5U-OPH zc>tSD;n|GCPSGXzjZLkkOvu^s_R}v;Rl+;xq}UG3C<++G_4GS9QSonsIt*R^n+e&j zJXD=q^H<=D5y35tj+P7~Hgra14N=_~9Xx%t4##>;?%L>xW3G;8QVGJXMq=>7nFRN7 z?n=i6{IMt`gl1ERdmWixy$W*WV>+(+gJ{q3h9To!!sX3}e>7tql8P+E7xmX1yr`Gq zEI#LT+7zoFvPSn!2zPF*$~HH5vks}-Hz|qE`WfpsFTCWtcZTSgI$JR?xC1Y^DanWY zgMQ~Jv5OK2YHG2elj$>b=o-`+Rgj*(^4ex&f;z|^lon|HTBCN@cW@VKlHDg_;FMT z(M~EP*IRLGKl|Lx^f)SaWN9eee-CVTB>-dj`*rQfG-H0Up#SUZ$%ttL*MDMC{+pJr6>rZUh}s+Ag$N;F;F-| zC^gEiyB_zqyg5msF>qjHZg5D`@Crs?BJql@9+k+!W@x@?JaHw~@~t|b@g36Z%CHrd zWU!$x-7lW;fvDF_Fu|oW(G%d{2Xjp*x*G-xk)OQb&wEl+ZF*-^>(!P4OI0E}L8Rg- zXLb})Y^^h%`19O|&8aVLFaGL`xt!TPLvaeE5WPEIA^J+%7Wg-NKoa{`F(V&2N>rn? zm=Otb4CWD@Yz_}ekEE{!-yIIjXd#1gdoO-LO+w_mzrJgq=v_Cvu=?;1IGU|)`#f88 z-huuszx++I-I{Wy5psC6HPHQCeC@Vb{PM>0Y0LQv<`{Sva5W-%HPY$y)OtDp;#&c` z`bt=_pIwT=hV>5smV{m4UH#o2!0y=k*vqdn=FPJ5N=4(?{AoBVDxX8evVgW;Y*m|j zq&6jtvC(-W(No#MuW%H}?a1k(A6-0DxQ%e}OB9fIFvx%PWlRm#Bc_7Y5({J}8Eu0% z+xX_FdwI_JLL6%Op_x|cA-8c&?OQhjWgr8^xO?HCckf*Zf@-S%jqS<{0^PPBappHq zF$lMkp`0yug18eJDn;6=5NV$tYhkogRT#?Kwxe*4`x>LGUM_8tg9|Vve15>QMD@Uh zqG~G_;BBvSer}=fKS+5to}2Dwf3weJZxBGiHeva;mxt1*e4>tEYC1YzT`RsNbq-^6 z+^BcicO^xUmKD z-0G0G!vcdEr^)$$liDr@7B9zMXxfUb8%YZ;RG(FttyJ2r98AYYK^G?H_)ZgOuKhP)%E>)k^n1$se+(Cs=o^b#9>V9&Kpiq>?S+|zH zS*mub+Y*l(Lpu&>SY8+5vcVGif=gZ_?Y;jUtKFTt9XW2xLr2oTV*=%~n|wkaEAsb# z|C#}}4IhqlFF6aR?S^;jub0a2j862mI{qpo-4_#F{_@iNu%W6{zKtfFW6;bvmezTk zfFY7-ck++W=!nZl%lGd|F9ONnj~0LyNjoTI4j}3P}~OoYk^+@ z+LzstH;0oB!i}x&jm>I1@&-2>av$|~d#C1@>K|q9{#?$q_kuaxCa@psSGBP1;bsG# zo#O(gWGgeIz3~_8I($6_-oLOY_Ay0WiHt&UjmM>RuDCe&w+uLAl)b%^RH`luM0PYn zN9@p&vq!JT23?uQ^tk<4*Fl}huXq1^#V}5^Nar*e3P)EEFzW1W^Jm;MIriPrZAsbB zKDZlVp(McaBjuyoa+m#Z6-@EYDpMX);nUh$Z(EDJX@~RT<{MG>C#Oer2>;;LD- zNl&;+xKFBzi1hcr-<)TRgh$iey)pGFnf`{h<8zMY9=oPM_v+IRg+7;EFp$CDh5Nk6 zauU`KtsA;EZzE}Yu(-);)S{k4opg|4ObF z>QenQM$4oK&)~EC_H#;>uhGsL&RO!(CGXh69y;>dnfIepV(x>vebW$^JuhQ?6q)58 zp9eXvlfTIjHt%!vmS95vqty2~z@QvybFEz|8BNzH7VcesvUzUj#h_CjPZ+LCS z2oyf9z3gp!S(tf!_L zQ;hk1J^>lo!4MEyg)^?ZNjI%7o;J5U(PC9~=8ibo>ujvn;)FxjCzAw6-#fuIZQCxw zPFu~^J$oUje7F>%=-1i7;Wr_3V1EjrtJY%`;?1M?6Q)sMZ`*z0OjsCO5J#<<@t59o zi$GygRoCc_u!d!(9$e1hZJ40@9_CdK>6W(gmHlz?`0kNr)z;3IrN*$!!N>pWCYwL{ zX*ta%CDd(sAKBdzJFVtEc-l9e+o(_pxDZSeaU$~ zV?>#Db9%j*cT;H(-Oz`G^?a`$oyuR1rYMOSgPae_ok|{S3m6~077MrghHZ|bv+H5n z@Tij0Z-Hr^pB<%NqOM#kLHuXVX~gC-c!(obXD>x8v5b^S)811YzMt3YMO0Lu30kkA z?XMQh>EYK%X{TP@dn1hL{B`WaYQp6cw7}j|Q;B-R9{k2`yIn|}FXf59HoKjA6bX~r z+Owr@?D%$EW%KmgmoDtjACFXU87c6YWN3mzY}=juV7MOObu=3t=m}Hz(&6Ce=qWkt zHZuQG&aI}+pxlSP{+ft1aNB56K5W0B!^y+$kF34l}_A7%io-?h4|^f zp7Y2SypFi0K)7E?gSki?esB>4@&~wQ{o?1?EjimUGai`fzB`GzTDSC#Df2!`_f8?Y z@Nd^x9eeOPI`&FwI{W>b%Im5&^S+XNUrR)>BE5n=uxT(Hv6kJj5CN~vSsoQy|MpdLeHta z-Rzl7oCvOmlBhM^CsfsIk<&Oet*40eG~ zx%N= zcYPzfhWuj%u<0Pk=f%sW#F*y2TQa%3!*g&gE}wdB5 zV2G}{f!;SaFTf~Tz>sH&>j#r=2~tVL>4MWRW`pVG>B^3oA4SNJV*3JH#!B9)PP@vx|PG9`yngr5LxJ;s9^HT_n29!+)8NpYU<6-!S)E zL^$hS*QeH1!qHP&ngq30WpEhmOwHFG{z)!1_*Nt3 zn?&QERC`h8_;smXYA}grIH}gG(ot`(UJ50d=4~=qsu~`R#WX3?2m;mTA8B;dXyzI-pWd^+1KDr}Q1;zZS(HO(v3?q%)TJ|>)!Old6X znoQ%4G{Mx7W%5^r%$O8*hkP~x`&4fHiMZ1IpEL+yFEldiZtP^0ss65zN`%rRLuI)04GRuZ6-Z!8vv&rfQ+1thu@8+Ast3c!S2iq1!ez%dOAjsfc(@Q zB9~w(la(B#_;blZ`onLhUF|1b>v}WfRzq(um6rXEeYg3~Rt-a3#3h(Ca~{{tt{6uW zqQwrcDKGS*ZuLrE2hHz&cID6Ky_01Quv>h{&l&z*`M7&Ck<~#a%6*X6;df_yrLoNs zS*zO2Zn5L=N&Lc9B-;IPYyo8X3M+jZR!)ee`XfPfXT@GKvZtjFY*?oR#3Fro>Q zf1Ar*Tw_!WDYcT_{@3I-+M&A~vcEVizIc5~^ZTOh&i%xd8IblC(OFA2QMi9PeR191 zB#PE;95rY>jAX<3K058ps0WfHwjVz<{kzKsg>dgsB|^cqZFI4}hCkY4G=OFJ-~PD$ zX4)gg#AWg28~6O=zcGvtB^D`Z*eiggP2=EJAF;xz!Fv$O14v+*sEoNN|Dt4;ZXFL6uJrm?rVpmF;CaxZ`I-_KoK^>{S|gvYANG|jCWzKyggo}X#@Qq z)?0OGZjh?T>h93Jz@E9so|(a_td%i8z6=&w21_+$A5SO=?(g>2pW{Xg371PwW=Kx9 ztgT=E$Vrw;LamoZrMLWc=*T}@pB4vzhXYuN&=pzDomc3cmg$`qAR#>KIlH;DtsaD4 zExD(fyk~Lw9B18UVAF%72CkRN#uRad&kw?;`(V>R4uX8t1|Ql+_Ze;41SPx#CEip` z_TS0N(A)sxr2$d(xelW;Bdly4QoB$sn_w*)j`GrWqCZJp?GudcAdjy?fxO-xkM~7T zPGd^Qo(^r75?+^*+e>Yr>TsE@5!P3`P<@+VeH+qQ+oC73JMFYv?dAR^SG$G3L^%R- zLC1=AFiK0ca6)6Yh9O^0?NF+AE{dJ_MIX4YeR&IQcJdb28fvpVz| zobVjWM zd40dL98r^nt^b3rw~C6ZiMmBU2*HCB0t5)|4vo9JHSX?i!GpVdSrTpMWINpKnq z?r=E&xc5HXan9RbYgFw~FIBttTyxDS;7R~d2F)t3g@vuXI-gsZdiA;}lC#TVv&*h$ zsN`_Mz{6ALvB3O@N@-Ooc34$$h}EN2(4z(K$-3inv*7&*O0mEy<_y4`CkK0U%$8#j;3-sJQu~#r+%SS!+ExccPZSU zoQ%=L)xIJh*S^SE4}~2k4aG%tf>CDf8h>vRnrF`lCXue^IdnrWK7~)!`YI#mcTl3F zN+?W-ZYCWC!eoY{wY|yU@RA1|vv%}vihV!6W^a@Otx$r^(mR{~ zJ)x=!#8RKbvP5FG7ia##DqB^cjb0p9(WhDL8)o`mI9xn#GAAEhA%`&sZ}LPIDZ@@l zHLY?NpL2FocX%dL4fwU_Y4Pe<_1xG=U9^m%VlhX-Ze2Q6jDTdgTIv7O&6!`O%_@Q= znJPnu-Iz)y1}W`JqQ#szyEPSf$hw>3FFCk4(&A(F6_a}D&4C&ENFPB)$w=4KgoLFtK|ND@31fmc5%-IYQVA3i?q*#!tUa?@`bR)`I!x=stHn&83z0j4cATuOte5O4B(;qn?L8gvUBh| z<-bUSYP*!Ra1j*tJY%`kK{nG-&V+>0DY|`B8T3EA5jT zmPFRg$@fm6o^K5?`E^PL$|eh!WWuVaf1R@`;4PesnkEpTRme}V2vXGt(cAx^ViPUm zz>YN`QtFGJtE#J7tW;xYXzMUmCBU`-?0g&o>98`c>GS>4O4fyC9Lc#scos>9tQpf| zpgDQlO1V#UB#T}>2ui+2tmBv>C7E#Q=^k?PEQKndSsJit(OjOxlzA_8f!d@twz_*Rm!?WwfK!?_{mV~oBV{C`g$#v+nLFjJ>{EXN6h z&Cy;E?heS0Ei*(%Hu>&IuCEwqZC`X0!m6nTn?c?+)Mm=IY{i_JGnJh93m{Z$1*)2* z1=R8q#^x1KIY#*=&Q-_wj_=^fW0xbp)}CP(fA_|z+81`w+xJTuZ2_8;i+jy=+AQg> znxoN5(dJ$a%(3If@^L1z>@vEC238J>Z~JAFF6?2Qs)5aqJOH7x1NM81eT48Hf$?uc z*{H^fVUaxUw&Viib{#)K(Q+FI=qyn%68+gj<`RLL|22q!lAfk;o^6Pfvg#xdgEVYZOza&IbszG8oi_Ri3IUrmZHxM~y?N?{d(m!dU} z$WVqRb)49VGx`L}fM?xSO+(XFQ){gZb);xEd4?#GrQ2(b;iIkvVNTtfD z)+b?0ZJLtitsFw#TCxXuBKTMN@?*i!0MwYBWYWv=kfAc7_`pP8HgUmB@xA1W z-rBFDF)&V3e=tjE#8gv|WK{S__{s3hBcjg-SYRp~oaMSOD2h=rRjI_KZ?{A9zkIOE*+>a(!U^?Iv6RCQX|T!i zxsNXGv^eb@cac_?hp#8iM~ftA&uLi-5>d=WnShPfE$s@0@Tt^d6Uj)lO5>JrS?nqX zBMJ@#a5<=fid1mCl;|Jk@VRwwn33(@#B)(em8e4aDN(3v_ag-HMf2nl{bU2ks20g> z-Cdb2lgADGl9!n+QqrHnImBKr39)QLl9?EUsr=&aKmBdZi$m+2U%Ba-Ke?yEhNf0_ zL6#j~(johHm(TB>D=*$BO54%=85vVD1#Ec|1)ZEDS(CV20aSN|12CUdfTajgm9ee0 z!tU&Ge^U1^sz+C^519>LSY9qyqu1-0%l$Q`59e3UgtTA1r0R0JAO4oN(W6QUz?o#` z1Zf!#;f4*;tG38XFFtK(t|S}2vDUJDhs8p$5dFULK1Gi@nj8|9i9vVgRa<|cFR$%! z^Ul-VwYbh1`bp<%Mt)4_InPVsuXKhUC$`IC@uFvTKjq79XJCFM3*(w4k% zt~6tDVh?`vyxlsu6s(oByssnEK!X^w@6~6Dqh?}SZfXE;Ue zkc>w}Q+D~7*ySVLCG|!Nb1ed-D7!Fmz#z`*&%_7o%}Z-LZP;LqEYd14OHHeTLOK9b zjo8aJ?6~GK?!58ggasLug33Eo3 z?Y>jN<@VrsCIUO4KtIRAnuyhDk#R)8EdRc0%S*7)$i^syI&;v3(&xDE((J1%)oIwq z;opb6W*>G67;IjDaDGy$s%n4vkbRNAygh+c=Q*`J%EgNY&Sve&RyAYC&;vK zLDow!FRiIyTdJM&-_`OfAY&8T?s8C9Q6$uaqlcF;2RP$X5>Vo0stLz1up7^5D1*t5 zWfz7B7^GO)>o=UXEc5qu@!6=#YbS1Oju);6W2{(Y7!eBnq40x)+K1f$1{c=h5#q15 zo)B-=Q6KHYj@#UAO?>n;Z>Opp4fRu^PY;*3%`Ka}?s~Ixrw`EA<)(y+qM~aFI95?J z?WoKeB}Ucn{ch*BYdl9EZkXLu+FphaB>x6k4QbsN7 zMFubG9SFqJ#uIpW=&e)4c}v(s@lAPoJwJS){LEmRl}^a?9(+n=+l3e}QD#q?pqz67Bvzvfn*1jx0p; z*B!i5@@maD%=D3Y9m2kIVY_U+;knZu_2Xat`8cso`sB1JXBPaB2b{zHa1Vy;dTf;a zpt3|vW|x<*T^9VD!!4$mZOrT3y-T2OKAul#ITp)K%BA=+MXX{u{)5soB8i<;mT4TA zm?!$kd!C4p$s;zEjl}9YUMk^qerTh^Ie_AbebSjE<+ePo=C%sU3lctVGobXD~6nd zMC+D);HLu&I6Q#jIfR#E=QZzV+(#6!lZKtkd6^^qzk|lxB(_!>o41HDaS5n|8js}1 z3QyRZ&z^+}VTa75jdG9z-H#2q)_q@@0c7%^;>FAajr2E#eD9*k(G_WyHY@{6(Vv@m zR|EK1?qLzU^Pg0xeF<$ZkO2VsNpznR^YK}4`da^h7?T`D|lK|4h;+Mrd%_jmYF2 zf)6;5g?UqVdGFshZeIAjBI1o2R)@Sl=Vw9FmkE1r(jJcnCjT1S*M{9y{)o^V{Wx{; zT{-KtVv49TsEdFhj)5VH(MLrg*L_3OeT&fPorGxf;cJEz1Q^eN}aXGz0bC<|^iGNEhp>io-Tg2sb3e9aI^>y0K-%g(v@)=;K z{uEQ{l%~D&<@&w5{JeoK{#%XalBzS{$28QY0q9^6GV0o$R{hJ7 zsD)rHTdnGu-ka)qUSO`*Fvv!y6-!K}eSPLD%`k}6ZYH&0z3Z&WwH&!Mu8FJSa3>qG zLNaM4jc}H0>RN8<68u%;*qI)X#$>IVLck~!3!vb15IFT*=1T!!TvHXq07BT12_u$= zZK`n}=Mp8-AXt-DVhpBcyT^|=8rpkH2&zYY?^k<|O&8%x2Cx6F;$Fkp%{T%?`!&swfvk`enn^jFb?29vYf5`RE3-EjyU)tr6^bL4%2`0CEcK-P1D#&f6m3E8egzH}!tgn^CrpK$k4F5yX+T99-e)URj&8*0xq`yyX*38f^N-dv_(Cr8%7J~Q07mE z{p#c(mDnbvS=LTEv6HTiw(W58tdxkKPLi?|Bi?NF8M;$1*eK++l*wr#b!YOnymJ3? zUJ%U_az@ML=4`n_n#<(kSvCj7}-Sx811$XifEyu5$>}KNGr@pq~Ui0+( zry)JxK5&Og=1~^Su*LQ=eX&FTa1li$jBU-O)SY3o?_rvUVAh99V9a1eSZ4kp_Ov(c zA;t*T)uOm$Nc@>5vmZbMFmswcV+L$EJbtPD479nU=b#_wY%uF(PnFJJnXP_ByxXpLyRM2~ zeNEn%vepb;0#Vw6!>U`D_x!w~-9VJQ;IO0SUIRMADaEZ=MWw^HL{{AxGOk(jI*Uln zCQ^el6t85MMNT;==u3s|xYGEnb=1(J0WX))s~Cl{|)OqgX+ z^yQu!Cm`Ue>~FM?Kx{0^JZ*skAf)paQ?mzAxerg<-I}ut=tl|QnCcAaUB!4>lCr8& z^kwfnh;D!}nWI9P4r6E+guQt@auL*>RtwH_9HL^<<{up0CjNQ3UjVyqOtXmU{2Y%jJK)hGd;O zg7I<%1H5h~A@i?eC_e}s4Lu)QH|e=vyBs|qNu9^T{&iJI=>=)r8wQ3un69YfU44j?K_um@ip&dQ z4Gq@BXCYWeR-UlDThdtr7*66+^+lUVr{7jxzDFjmTX{kOTiONBEKgX2iTHnGJ*a=0 zo|c4uVpb(!l(Uu>G>-pMNa+M={5{M^eY!p4d-g^9*$F68U1;7A^%wuSbzr2$%UeiA zs5?b*vB<}2T%eiH8J#@5@d#b#3gJxgwZCSP%2^;>jD0o{|H#7xUb0oscoMh8H{F_( zzwoY277w5Om#jvBBxk+Orn|s%A{sL~xYakihz@{Xg`qa2l26W76?__=gJ?-4VC&fNgidME;jUB zB_b6R^&c9pxD;~XGlDV(5nV(aj`+Pcu6Q_dA^B$rr7DIddMZ~QW^v7MBF1V2Q)2AV zx~3`V?(y8wUp8Akb!|CkpvXc2ib}ZQm|BV0CrD!8ktqC*(2&|k(`1~PI9?KFUqVO- zTp>9uBouLI^TO@lv!i74_^Fvv4Sm5QYHP48Dw?^3RAV8^cobjl(0^icquP8wPPEpG z+J=?Gql(CfA)z>dddt{7hBwDczLmiKKfr@REg)6-P|a6I}?uDvqqaa zumz4pc&~owj|IQ5p-}RQ6BCifGllT`lXf6}k&+54Lcx#Y^FO!SdS20Z^icm)FT(Kb z^G}>{F7fNJsLtLw34fK?!n8ePZ%M!~>A+Rc`@_IAqQQ-Hr19Oay=?z-@o~#r-`;%% z%kj5+gbuGLqdsEGDWiutX_3i5B2q;fQ?bt5Ab)D1&+*s?sp;OOjsD+R$lU&^n06l% z%C*AtgWF<2e8f#Dx%YhN5qR@1;;iB7;!ExJr@pgaXO@I0rC{`nKQuc>alXoUS0bK1 zIBne`7atT&UY6H=Y%?jMh9ah+IR7wTRi>&ws6Ny;2)=?mcp(&Zj#)4-pAR}lQdsxCum$Tgg3rcup} zqfx>u=1VMM- z3-3%ISqq?!(<>)uS_o~Q)lV_^IQqrwBCJ0KlX~+v8tUcED%kgpam)T@?^(NPPyOBK z_S4&8+Uo0KyzH}AvoMi%K9gCXKkX~ONq!uQGTwmjd&84gvnY{v0h3v%Kj|w!Sz#Q8 z3ZAIA&$@DBr^w5*O;tdw0Aq%~452%zee=bim!+pznF;YklTNCZg@%Q>88;XcMXI%h z2CI3XQbL;`f9=1EbxT=tB@)=mxc}5gVSz&Pzu|6yQr?xO#}(rUR7ZupE-FNm5@)7H zLDd!HOA8HJ^Jt&24W|#+BKB-_+&Sj2+*;5NAE4E%5Bgu^srKFawgjCU652u9KP{t2eKz;ymk1hH(L zcEIaCtg>x){_mpOi}Qmq$CkJv^Vest+ySB8Ej%~@qQKnqreC>j=YAbt(rS*uB7O6T z+sA^@+nF&oZql~Ag`As;*5F>iz>nHv#AP>uKOlRGsn}GXUd60{JHI~X_hs_(_4|?7 z^hGQBdfQF(c8zM4fE-w?ytoLZHnp8=$ug&C!@YPX=+=LJ%2I;m>yhYdhK|2H%E|c_ z&KA(lYPfzI6GRr&BCrBi2&b}e-tkvl!YL}qlNK7J=eE>d9N$me+(T-&r=C~&pC(3G z$sfz&_VfG$@7d8dr4`&6IB%nS@|^i4n=4NOHE_3P&Rm-`chH20{o@Mw2x{X{HQUq% zZ>OI-1r#II+~Q_!6=!XGv5#8Xba|!V0Mu}RZCcp%dBz;_Q4sbh=)S)Jnb4{}FpQvG zF3V3;sz)fk3oEvpR<&WV@ibfokl_Hi^ zuNqSG+2GyCJd{BqFB+Ddj;4@#`+O|%-&EwkDeVx;r`lso02GsxE_Rc2OC+JFA~U%n zvq>I|#)l|4H9F~XQabWa680~A(Dxp2b~iYC-(Hq^yIsUMj?Pk%&T?9n$MiW#kPBlE z(dz)t>wsa5o%c7#$sCVr9*;`iqhk5YSej`gTRDq zpNA};hcy2&J^0s?x`L2Uu7J;_#lvp0p~pK*4*4e#_9xIqHp~}6dCgJUNA*~86chgI znSr0BK5>$L?9_c9FWp{UcI6<*<-yPOLJuo*vZ*$BunDtk|F?KIn^*VCGEUq|QQT?^ z0h6GoR-NScf+rtVF%M?37dqUr;)Ta|NlY=&MGEQJnZsz{SLcuP_lkcGd7l5-!;Wb2 zG4CBhs;2*bScY)dk^?xmX|ud75AG*T7crmC0`%>*iETR2z;zxl%(j@?HNumffUr+MO#v&*`NoFq(A zquB4M^Ow)iywRq4rA21Pbi8CC|I~l%%*>Y8`-8k7h}WYNo8aAMs(*V%9{=}Ll(Vbg ztZOI9PN8% z5!CPX^VR7k$xA_pZlA`N?e72N@T%v=SC|-mldOD46pHSmse0c#n%nmJ`v(sKZsUm`E*_rq9gJMnx)%d{J3D=w zG;jCy{0ub>+X8%fnWZMLZr0^VY;OP5|I9~c=X_XF8dl$a6?3QsHhS5nGA3n!E-8J2gUgs?0^2f_VbUWlR5>34HOsU0@Ywt$iMO^dbrx}u06>br<9;0=HQm_820%eTw!_K=3Ch%nH>g(z8 z>D9ci@0&;FS=A@tDaksiwPr25@wS zI;s%!gq=qk<8~aLwrixt8$u(r?eH!BlAdNXuTkZ0^W=hLp)H;PzIwgqX?;x$I3fTx|4DB zR@}lo!&WWwe&n)~Gg7*S6E@=?fS1Eh7vDw%c<`l}$LVK~=RUR02od0wA7b zNw4&iQteY`M25X0W;6}cVDF|}%8eH##%ysHGN)rmcZ9@LRoN^Y;SspD|P z$H>Js?>uND!*B6M^5^!FD2$Y8yK}t6T;8pkaRU>Z%-fY^PEz<7IamC#`ghuWrK`gE z^!a1f*CVO|nji3Vp5<|4r-?Q zrh~PCRjuP#-_5=-?YaHa+pDGf^-Xt_SplZqOqxEd;Paq(;;ufG4Oa}h6%kW2D&FdO zA4(R|Ae;_03S+W;PqfS8D^umjrxPDoCX8d}Fj82?$WV=;!cYG;e;W`E@4NJ>{KGHQ z)l5y=zGLal=WLiwT4{|gm-bxda&}lBC5=SWT(A;hY|c%i>RjO?Ob1&nGBjI#UAFrh z8*7ePL1$7nli+2@f!>rA-@ZKIv&adowE4$2ge(HpVv;(=4rxcMTkjxkO@e-$k9W37r4X%Tx6+Toy#I> z8iW&j0&u7>^}Qsi_bBT3(YCGimcO68fP&0G0mtVrrq3XeK^u2qH50H(aijN6 zcxk>jd@ec8cA%MNV-)yYNtafhm|#<3q*rdBmz0SqboK1b`5mj3(1j5<7-cai+TmUj zp^x}(Ayh?!Q$;*bn76dhxd7xWqbTfdT;~#7znGv~0jF0EyU}_GYUvo0p^@J#-Zt2rs6+9F}?&eja3cOL~ra%7PKn|6D_9R^9&S=+k;{)&womtmX-O%O6&Sfhf z)MJtDpQ}w@qMpAmQ_>g{k6_sVMPk*386Vw$F{{q`q*%M?+YyfxS^(!`)aRNN_eU2H(6t|YVZ}ASXS#;b}0>M4aL}Ggvw^vXANp^hgQt9Xb=|-m=<)J4jgRy zV(D6dg~6U5Rh0g;JDmqrlAig|>~1r-1QVRV+ktXDt#X}=dho!~$Dt5qR1jp8DAgRU z;HM=V0}T(I2tT{~PmH*T&ZL0MBoSd{W`kps_566!{z<@3OF9M`aaJ6&vV@;ETU&VW zYooJ<=A1ud?oJ!kkxu>j>3gF9?jD8=7ol&wUA(O zs}rH%63NYG{y~!vB0@#?o#T|Q=9c_CDtbH83Pyb=cMu#3G6&W%0Bac({`|a;0DTFD zs}%W4C-T4dA2#_{tRh~M0ydL%hqzl+LS9sY zGM2}x_%-EvE04+&Wpm4lOP4Qw(@JZ>y+F=lqek`sMl~(f!7#&8j?Dtj+B}j&53WEV#JbWj+mxw;!}??Z*rRQs(~yNY}QE4~us! z^cy2oi#}yHlRDIlGnRHN*2LN$W)TmqJ9R9v;He$#NF=Tei3Q0e_LqnvYPz9T$vSNn z#{J9}rjtudEfLkyaGS*b`1CfTr{Hi>4!hp zcnd6K&>`ij>Ul+ZV&<9qxciUR{F3#NJ`H<3?9(z|IwR12Quq&9fLp`tsmJQkOi&h=JU}D6y5cW{m{8OGXq0 zmfO*qv;s*=EWOt(%M<2Q&8%seN{7#DcwHiv)0rLqMBJKWOzdAjN4U_ccHpG%^U7P% zp4p`rik`?}-j!smrBgg;iA!XD@%K4%WS8QIDV3vEPJpVKxzkcD-AcP7U=eT4NS2kY zy11QJ<(`5|Plk6_`E{p9@ow*@51OJo&BQq=t~EjL{qruj!E>@-kb9UUjM7b_^s}9~ z(z!JXEZz~iA{~8aF3%3ouv4S!1isHQCIr%`nHPt*i-14@RDaeX8lX%{Z0F3lzekDSPV9397m06 zcN9P1-lOP9+*9VNvLKbtC;I@op}VTMR<*i6_}Jpu&R-cGBkD+1QXw8haY8< z-O7iqG>I1gmHwqSd0Rspvzfjo+cj6`Eig+`-xhT}9B4@FilY%kS$<^PPU$LLZPj{|tw4WZApv;7M zezNm^MF*u3u4?i#vDjw^Y8vyp&(`6$J3nCW+Kt-1Rb&JYgV?gk2oyu@+Q*Du!)@>C zB#Dp)h9U4Bu5@rSw-^qt4p{-jl6a)bM~k$uCqU_Hx$BWtv=fYS-=gBf&Qi;Zxu;QT!a{ri_g zVMk;`G0~yyL)xDr;e6(c(2x*Ueo|S)xSBk*5?1NEUGG!yB#1Wmd%}#`-XSej{<0rz z_%iwZ&E7A%JhC(;R((OQS%?6~j!)E$0PfCx65Nloa+UE9QSgd{AWfFAT_w^-KPoFdn}PhcfSj0Jh>&_sinPH!U?pEqOHvg7PG(?q)RD0H{Z74vXyC}r2lhRtj}j+AJq&P z-e2R*QL#RZ`<6u(s}RcF`o`zEu!wVML$_CTR_rSEMFBIsRFoK0?JC6Rx!h5dT8b#A zM#^}GaG@NG%L-#8(YS7I2o16U>v^+EH&3 zN11@cS&6WQ%{I4MSncaJiOI}B7;HI+q|Y&%#G)3UAM8XyQ>~2LCtZh0C7Z-L79fU? zwN8aFelVY|E{T&YK+^0)WZ)3z&C@&L{|lURJ2Qj#nwg&7^mt|LM;kLe8J>LEaDj3& zIQ+8r_wuKQlgpnO(}itkEk76A6T_;RgF3)+D4QXzk5;=L?f#8scqMo9Q`ISpN=*OE zq6rVka#izs)eiruqpSBF{poRVxvVMqgP6)z<+vGNEu*ZMm7?EKhoNYi(X zWTvf{9v^UT?Az)4-0m&;f5LMFHJ1ZEtOz^*KRgG)Og;R%7W$PsKA=s@ACwZ^X0H7@ z-isR_aCo05$gjdB?Hx2~#gT}Ut| zy~y0_$zDT1tr8)8_>*5oMSojwQ(fnwS0Iz{G>IF6btFr{ASJ zyIJ6GT35*#;Yn`&aYt63pMiU0mcH%vZCO(lxIyJPcKOy2bf)h2^2GSK{dy@>%fuuQ z>Kp~ntboP z!)r^Wc!O@iN~SyLQhEzXn8aB=4P-CK?V5H8!SGc(&$WU;F1q$DpF{1W4_`@%N^_BN z_0<1{Xup5`VB4H=7;042M-FbhO-ozq@dDa5RF6R~WUhbp)wJ9;N$B}-)nB?BC(LwA zw+2SGF`6hEd6rLIWzAnzKQT9!3Hb~0dtXBLuMY<=;{1Q!75e?+duboHah4Xqxm`od z;7b8-#+&Jq{dB&W%t9rb9Y6%=H3DE2zg`Q`MEyBV##4&Vts`rvh1X!sNCx9d_ zeLpm>s7DBtS4Rh@-dE%AN|qZv;w1(G$a7)#K%fK^y@1VAa-!V0H1gwOc0sziCNfR> zHVMZrdS!a*>TLT|Piv!fe2%7ix3To#*i>yJF>hHm|24JGE$hq@C~1tPgM+iN})gF#A6Z&+{j>Z5qxmJSiu<<;mEJ z#Es)VQRHN>dTFKV)(+Mfig23q!w(xu=?`8L(EEEoIOk9m_O@iIzx45#N55(vEH731%PV^28jSI|L`=G8Bs^Zt{ zK079uG(Om;VD}z$VECEd2Z}~O<&!1n=xIY@pyqS0si`u5k*y#(Y0g8`%dC{v^k~2? zeN|Kh_nQW5lfsQX&>=YiZxhR@@;(OgK(&)a>x&{9>(}+I#-Xq?QLNK%s#ml zJk+|_Z|pb@({Fdxn5pN{c4xmacGh0dlZv$&p}+hOQRJqTNDL5+HlK)e}Q!U0(+) zatv`?ez8IVU>?*#E=HS^eM%JlZQ*O0p~k-ji9WIsMJ z_!u!GuE!o~yQSY<3H09;?7hWQ^!5_|N`;eUZBiC_DjBda#dI+*EKWeyxi)0Ou5ND- zk=4-u;H=w5AB)_`-mxz4(KVwBFJq6@l9>;dZ2EF;%o)Zt>QZ+j> z!nF;)wdb1w%bQx=>-*v>-RT^L1yy?HINLR>)z-&nWw{o6tIrp&tv3vnopwq-BohzT zVA~yWfBblT?1vLM%Ng83$zc1BMt19YQhKbWDPS6T*7@k`+>+P?g-@moGyBD#lV{c! zi|EnS`H#yrf#B=;e$`*k8H3j6Ie%|=idYmZ=D$<&S($jtvHIWq&rg(Qdh3F`Zfzb; zhqH<_KRjD5&^bVnRu;(M%>m3-bT-D-33;7N&-SWOuf7qzI?C)b%Ww`>XR6#}VTnu( z^V$Liw1MrRZ{hDf{5aB6;^eO8X3jL=Zw^FJ|C51)P`JkK2{QYQ^@WhJE0}E+gl*b9 z`$xREc{sCza-$3fL>M#c%}P_JPU&BDL5o?BzxT1f^9ko!&FlM!`67Cqv|-kkzw zn?s(^WA6&(SPJgsS6s)uw^~Og$|f$R5SC{wD~o?6aPZ8LO7hxwL&jkY*Gk$vGQZ;W zJ0w*pEk9s6x6w9m`F{l?m0H&icJ) zQEN`N?F@yzv0u)}zh>g~(=|l;NbY6JxLTM@$HS?AhawOPUCvkgPKEi~xYZdvm3O^P zdR7Ho8rJ2)^%^K(_PjLl1En`ZM8oBe7z+-9&xhxEEn)cKD%k$BnGaD2uRb2?A1VD0 zSb!u$7kt<61B{28)Y=m<<&X{gVYfE&pxBE? z3>?yQT~>Vu5xAW=^j8enHeBot4TLZiTB!|<6p4r}4N`C24Gm*#uJ5&+L%2!ph3J;I z|9mxKg-7PEr3px?3R`iaTDzR@tGsU@;N(yWEb}K^ zEY!}{cW<)1EIH@OsB5_%4(a`ws5;vDvQivp!9E_py-X;3*VGjJ^d+q6Q(u-)=lLuA zr&f>O8MU4W3{|e@TEn>v&URKtwrDZOfkb2|pYGrSc|yIP3kQnf>(beG{?9nPaB9h}ka_G_V631W{b>8(xM zCi4MX8dV{^ z-}-C-YFg!A*X{X_zt%bwn(jU4@L5-$kh1FOifdaMou5oCDus5~tTf-r{g9`S@v-Ol zpESke$%CeIT{u%JS%xgDc_kBG%10Y3kxZ$oJm{m#k?We5NdK{5vplh$De1Q!n|ZTu zFeGXmDlJXRR*Zw4xWnOh%bU?=xO@@#7^mw0z^a)HC?6;tWWsULTz!wLEY$@|h>`OP)JkX=AOt#HE=mD?ODM(X z$j2d7j;avG?NRU57~`S6%ErNVgUEP|;pOnPiotXlRC;^S>p|RtMk?{p%*+SX|`H za_aTZUNrjMgy$Ic>CwA(z5IJK6VZ^b@}46bQlHYX+%GC!h=hY|B3DWK9~_|(4}#l& zTNkg>QJ0Ty0OtK?nuL5+Gi6#P(M18YW3B&a=_J0UA{ztOiL=hP45;l%4)l{MfDxrh zEp-A3(dfJTR|J7}%5nX$IgZM=zJVKB}K?lB%+av?UqkIHx%B-eze^x;HkOW}rj)(Dj#ctw)}0p?{tqa@j66Y)zjtZ=At zyklwy$_Mb5J_DobYM5)v@ba15?b+!+9|R&pX-hzR8yS`GKo=wnP<9 zjkZ*NSeF9v4r`fA9zZ6XAe$&%l0kthGz<4Bs9&<=*}cN&0M7kl7sjj{hX)viq|$$0 zzu?Jpr55!$?xy!gmaSv9C?MJF* z&r?hW)b!UFdUBMbRfi-h67Uw^y9p{4qqL}TU2;5l>cXs&$y#JWSEvrc<|iS(5OW*G zW^DC*> zFaFDO?|WzN+?jVKf1G{JN#^XGb@r^i*8YB0b|2d)IYJzZ)w!VOIky9oke6Vhx5cf! zupBtMfNeAqPF46%vy9*si7Yk#u$I;j9!^|`_tv3A<;2nhcEWIBYH+qa8#(Ta5n%q* zG!BbBW{NOCfwV8vTUMvo3yBh+gzU$VM7upHO%a|{ps@$qPj`DDzPf%mq}96hMWtJf zI-ggM4wcc2vF(~NT5%?El9}t<*836I81B3^eK(H-USVgBLEFt;Y{nh)=y|kwBhf9B z@BFsoBzbLh{l8;6mq5RVFAv5yTa*bgDZoCJXyW2!{w`Aq<2fP#eZJl?v7ds#ARrMb z{~GG5+!sPxEnwf6Dr}@G4&w^CehHzuW>>$16P~D9{K7*h#eo6+$Sg9Qkb5>#NHz{| zlr1y!esg8OB$nfXpbNX0;jzX-a;ban;m?+ujA@DN#=j4_z){a^Dp?LXrh;)K*lyCa zaQ7%^b@FoU`-i{mqx~6e$7)^a=8W$a`Pfb-2CT5MAlZ(f3!g^8Uc@(K>nZfASUt(O zatF{QW9lk!RlDo5yh`0cQ8nQ*2@|z1T}F~RWSKlwzx)@rhX7uH-_LM_e#$Bc=t)(l zNhP$`a(B*<`d&a>0*;wvW_B=<56DrFWmZKHm&nVdRt3#zcKYr@i}6apk&~w6pPQTa zU%|DqRXFKc3jHlwr|l%|>+?K^{1?`SOO!^zh;5{NHXvj8x@86>#=Cl3Qchz{$ftKW z=heVZF*(7+t(lDmROsf3e;ec+4N-Yx&ywdE;~N(+aq7@Um9IInr@WH5?KS5nc6~la zQ*wWT;+O7xSTk^^46R78h?90X0}-fHrstC|z-QgG(~G|5vc_>_ zVYK<>?FDe^CVCgu^{_0tHcOVEn+oJs6{_I0jm_pJ@0UJjA}@(W^Fg?|*LqI&zOe@k z%WA0tI7_k$QUhl)Et<|G?rH(7w) zan-hVT7%+Mz|LNtt?SHf)%o{;>Gv~2bd!Gt&fr?;5!W;Ib@pET$|ayqFO$HN2258K zGU6VH$Mx~nYJRqKr;uJSBDbrG@GQxiOk>)%1Dh7RmY|v^A**o{o@i0YcpC7Js!-v} z8Opwrl-kKY1ACywOkt48nV#2RTA`6Ie#Aipv#R#uAbC^?tCl#daf%ko}(;=LbIcI(9 z33C&{XMF_4#`YgFSzrLEF}>Maw@6-wi19W^b`Z|KXy!YSR|OtNVQBSc4#*qQJxCaRgKoF zXpu!Ub}0&|0;o!|EOqn4*~yB9W3{unl-v;kUMkkjErmoSC^VjhQ58Py;!@%iuJ{1Sv066u&A#{TFj$P@7#&JG+2$G@|JBPOYR`VYC#D+l>4O zw(5@=mn-t*@OjiB#E5W|;{wRuof3(3Qx0O!Jkojt5L`O4_Gik>w@+ zGOWG`Ipl31QIA?M=aR`bNO7O+du>m#(Kv;|AN6Z+_@_xs+W$yfOWo_cl!aFi_jHHqmealO&$-Tx;}Oqso&z~Q$K%Mb>b z?~x{%E*6kU?5oNgk2-%qDr5>=%&dmOzJ<&eFG;6 zePXk&eHQZy#ZoX}3Yi4~bZN=_i(K9I1TLzFO(TGNV4(_*;N+c#EglKl1djD6>qOu& zSg51yh#-S7T03YGDYct?(|9O?o)PfEF;jsUs?k`SR!>FSK0BZNtxa0N|4;DLPTFxY zQbU?DsUQ`or5Y_$F=V%I?%28VUDT93n~JxVLjBL&yR|Jzic(+95>K4e1sc;H(cpAO zM&QzI6kQrHQB_Ec8~owqo;(p}sA3XQ7B}T-m1IL)2#V062FlIMy^wm2%Po(UW<{#| z@hSk+CKS1|!t}}}CL08C_&lP8vM5|tHL~E# zFJ*j-GFEt4Dzogcz_W@61`_;J&8UAIy_@;3qb2;mOfy};V*Ejny^3ba8GJm=s0a=K zX`X+6fbftw_1jO77_WtXc%E!ADtQ7Xr-bkX9}gUCXaE@q;ObFBKmbdQ)JRyKtS^fA z8!YoLe3$7ZPIUV7Aa?mqxYdoSnQ@FJZe4-Fl=OKZW9yH1$yT5~0cyTpGFhXgHgArj z+!Pm(f+#iL^0dW(ygrJ!5++v#E&51lh+&_;y>76LPYRBTVFR$hBPPHNtZ$X0>R5Yw z5+^OlGU-v=AfC!UV`*Z?OlphKMsOw;Kv+!6vHM&tG=1vY2{d1f_3Lh>tP8q;D%6Gz zae^SlX@0J6Qwp0CQB`(z+~ex;3y+VfT_JxRIN^1Ktm5>csPxhNQO zZ))T}S>09hn(dUL?4*k1-^{%c(QU#OXfM?fhD%+_-Y3=>{AYr0W9z_-i(!Tt1jC^Q zIl)x^)fjZ#=t%3&IZ9I{|1<8UQ!Yxjijyh?ob~ zQkVRV)HEA}_dJVP{zvi}NWLQ@Qs@r>^=TCT6fHNy#aFqQ^kinWApzdP|0pZB)_Z;Z zPQ7P@oGIi|R==qbQnN(kBk02DV|;1{6FxIcgXf4Q@IkQW)TPvY_Qwgxx>LoRAB+D! zUo`w2oFzYP7*d~DIN15@O7EM&yN+)a40Ie4s4m11h0$bWfc3Y z+oIq0Zn%FX>tUhnYGo8G<9X7ov!B z!YcnS1$Rxk-IPS`%TTf*Ozy3=>HOizZX&uqF*itoJd0SbasPseEEYdjA&QGMi!kk= zB-}|j7C%cN%AORRsU0Y9Gas+f2=NLmP7l)pg4h7mrI6{8YqaT0=878mRB z{FS2KumVm$vdEw02Uj}L_9f$6sQ@FGOYrt=)0|(17%Kf8BKC#J{hs)`i$5@yop9?X zx-TEYPTd2?2dKfZvV4&VrEq2)lz=+B2Gb-nC5vhlF?+8<>hlg>;=;Eu6+sZBzg+&d z#sYU=cou^7>dfjPDDY$^p(67eYwvlYcmzu)g}^*1x{H?DkG-zKaro4Vz!YsV$vdU$ zp=5m+slDP$fM-*~cFP+^&Gsh&g8b_RuCO6dP;6lF#S{1Uy;^KfVdK1@O^U2!6E@TF zRG?c#9KI~tJjmVCO#@!K+awEv6lkb{_I;!E z&9eE>*eLP!czgu^I^AN9P0eNc`kREeDa>Dn1p14llK4v%NaOK!c-HAw8O-}-5JSme zSSFA}ItH9=AgDzLVk4w3eLcOQ7-pQz%sV8|#H5dXB{ot(tq_IJEFTq%@7^q2QXXzQ zP7m5d-zkx*6$UoN9xX6|4e^2?%_*=>hFS;n441z*J$2x4HU0bN$SiX5QnKe#vgq=JG$8uYnZ9GV^41WU#xtQRqVN($!zX#B z!fnKo<`kp57qr}6R0IQS*E1{HNAD9-=%F|8!U-x=et2PAt?2kjBd)7qnFCA>5DK#>N z=P5kbDk7V#{YqNL&L++aHC=9NS0b-o;aYSAJ_P<-o*?>Z9`m&4K=~`2U|ux^%cwORtCNhL&@qB@#qd+GX(epMJ81an=_5~Ek9_^oe$!=C$K#?B8vKn=+ zqSTbTaYT$Tb9ewwVW06(u5W*|ZoZmNo?~NN9r9OQ9DFr>J z8euAdm{v;n4G{(A%CGaO$qbt|QY;EyF17Sj0wbu&YVu)c^U+x1OM6_*_<~e+t>Gw{ z3Iz-$A7dPKqp(sQK=!(@*@83kYa86$dWhTSE_>QOB##v|Jr?X<>Rc30Z1_J-FKRwT zGUhr?RU^_89-Y*;(u$Wl5#L$3ZE(}-A-bOj1%)xS(?4*IU=^V~kKiNfZVt8I2%9iX zNe#)OO&Hjto*7l~SfQ+&!&9Lyf)qI{!V6WbLXpnGBY`p{|8aeKEiC;oIu{ z7kcaawZg|)M%Rb$)&0sY_xwlIova-U6E^jmAfwWe>5Yq+C^)-33PiwubkQ<*sk2Y$ zWE}iUO)&Ih0i0b61(Icd5LTQdXH-b%VOC3z3AV6&Ef!5+qe1p-{~4nVduCwIJ+XsgS;g7r)=ca zer=JaNI=|k1baBjg8(R-JK-a|2TAt?j?83Hsb{QA*@28eSv+&FJ=a-WFi?#RL68FJ zdA{PIX^?dP3aKr5e~X5=0Q?v>+u!jo-cw3L}Es=;u&dN7%$^<{Cna^(eMD)J_pL!t zaA6zzU6p|(BBhK;X`1=LNV#Qm(9KFu+r zn{O!kdq*LShXtBW%r&Bbe0_4GiKmMy!nQ$$*F%VgPpK&USC&FQ!%`CJ`;?4;wCphg z%$2Z|sCor?BOpOPj-0rs@*@iV2+Mjv?7vX``bWyhBcEp~Xm7l8G|yi2Gh9)4n3TpQ z%Z`jy{Bf63PmXh#l+318OSh-l)n6oy4g^i4;u?e@u}GAE9=_fzpmWzsM9B(f^Bt7Z zEodela11u)|5&b6nY^TS$}hYW%rI!L^OKH(U|$`uzj4cw*|8P|R~l{%6l z!ab<8HC-+6_Z(MNDr zAC%xS`|{ctz}6%BJDk-LB^X-5$Ll1~)R!A4ABsx(zA1;P)Afs|}bzGVBTj9wii!bDq>m&yFT2TbYG-KZzt0S7N~{NMb_)QxrZ zFzt+e?}aG!__sem`0qLO{2~)*PGY_PE=+zEm2$k<(g|Qyc$_Dp+8_?_h>#QmUcyM% zvm|2#32`};k_>=`1&0Ksm} zL|kbv``=0i7e+s*q6t%3v4`F1IhE?X%DkpN7TO$$|BJBwDF19Y1#_zfPdBg5P!=jQ zP)M<*67ONkt4eGcSR2`kiHW2GB%`PQC1)#d4)Cxbd&R?Z!x(9?o_sn$$T|e7m?KE| zibFXYvEiUWPecFZ=^Qg^GX~~i3Xi=lUrM6h(6aYH3X9cDPOnCOe2rkuMWJ*3V{3`| z4$5^Xl3$ydmO4p*>T)5m$t+WqcY7g4rm<0^$XUIixy)>s$Yn54r!5uSs;UmGI8J1To@icpa`Y#zeU6Sc7IjxMk&@Y-rg*CuSyuLMRF>}66U-ov) zM}~P%I!ThzEjeL>MkUCOMeMTIg_1 z`PkfoxHM(#?8WLEO@}5`S5U4wYN3NO{=XWs#bfcv5yILgd7stZE5hQ50+KUEWHLa*aLKRQG&4v_rxh)6yClq6hy z%48YVP}5~vJ~MrVc^^wS!+99Uzv-YT)Z3DSQdDT9V>afCu>yd<3=fm&3UT)sCR*|gMto^g03J+u zL{xc%Rh<&UW&)DZS+&yu+G)`-+z)Z6+xdUG3sMP(Q`4OhiSJuEGkQ>hV^Xf;=BVR-7p50^RLwD@T{;Xd9nJ#%2MkOmd*;!H-mohdFiKK2j9WDb0O zw)iLotn+@4toA6XJ|%W$cj|1(;jW8()+8{>QqrjX)M@$yO`2_xptqH%vNJb_GdGdF z&JXj?BozDR4zCPD``d2O0xMl?x~_*{;rZHtRexU1g{(r|G=y%NP|4@FZdZL(jY9IV z+#Ipo?^Jcss5n8juPNN0%?rf`CWA2!D{>Dia_u$US^iccTj^^uD5c{T6H$q|6}h_* zFZ*_MD0P1*YdC9+Z0GmQ?%!<<(~k~#cC~Ga`xliB6EN*Kj*j=RQjfQ#9zdaf+(=uW z&zyTV0gMA>BhBh>ETqTw{NsL_f1@VsLoAC;>WWS1iXlp&Nzf^!;3~L7kA!kAH%Bh_ zyLDYS)1q=+Z$Q^iv^Zt}%|8A1<48L7d01;E-RIn0EqBZmLYr~;FbY1Lm7cmk4z+rk z@^Lu!<8T&CH{<1}T$uDy4?nqfRdn_jqQb(Z8X0@N1N88cTgrR>C_fC~9wnd% z0HwW8sgQpt{h%RvxV@$_yHzBShLA{mzg!VhzF2b=3datm&UdQFbyUL*OZIM8QQcBd z-GV?>&jhOysG~Y&M7{^CyYq(Wh=uBi0dh(E+~4pkANN%coI~*S#?U!eYp=GWj|nY8 z18nM8dSh(muMh8+J_&m0i@EEIAsT4@)>i(Ur!4kQL-?l&%~Zw|06hC~thcbNw;)t% z==cza68TFG@|W*E8>%h;^>}xtH92At>ieqPyQO~VZSL!GonoK$#VYjuRGL)j!&-JTf2*LceNL;}{jX@FF*nf!G-dE|VFmH! z^;98K8iEP^6cx)1CJ{v*VMV9JWaI(M!DBbgVjdb|?izkE@8dqsg+QmfMkmyUQEJ2T z=99Aqw4|NP87)s-5(S_d0#Jsq6w=7dI!u>DQm6(glmVX1QkeaA(&BWKx zmc4zORywodT+`w=n>6UDb6)Z!?ssB;2T7?pY5ZxjAsMxK&hl(P`s6pVjAF}Fgk@?p zRXvKw?RulE$;qL~N#rLtc{TD=)O-Lx=>b_Rl^X5= z5BDggo8BoWy3Wu2m!FGzbek0EEb9=%cYW{Ew>U56AT4GuEv9q3i_R2D%S>}{Omh$w zN=f`75|B(;MMU2*C>3i-CZjQw09+|QmA@&T_x_tOykeGI?9|oH@n~*tWda`hz zdoR4qdX)=Q)@RLT5%XgTnuv*Jg(YmJ4Fq5VAw-?;GMaIT$$7oWcD>1rDtk14QjwQi zp7%!KqAnnGG=XyR=*dK0?s(oCl7;tYiH!M#{26EF;#kOFkD}mH;){keLX7$R++X=` z`X1PhhzH8BXK<5!a5Gm`E>ZIJKabk6Anp-2o6OViu+1<_UwQK-1P> zYO9)F_DrZ#f-3eF9flj`;xTWdsls;I4G70HG1PkDcNS@8>|4xF^-2?`_gdM{0KK)3 zsQltvbRAzcr4Lq8U1U;uWd8fvI+^@3ru;IT>o>SZUrWxp3T3Lxn5xTg>?Ls*BzUC{ z{P4j3XT{?>$>TZ#kqkOZ9hHjccCSuyuZ{qH9v|A8Lsd%g90&M z*zGQ&H>T31o@cvXs@Q)Ur)z88Zcqtfor=Jwv3f(K~iMR<%Ve zt{bg@DuVMR$M#<2I5>b=d)QQ#Al+NGh9u5Fnv<=tij?13VYojt*IhK^e#v;g#q)TJ zR|=Ra2|dIx>q4~nS?JHjzgB0xgA(6C1=c7v$h@K%rr!QY>ib3p*^ZoAzrDCOT8&;; zvOZ$lE3t&~o6+#nzbIURCa*vv&eI%k^i_0*N_XBoVS|iYy0PtIN!*yzL7EiR=gYMab~dv z$(hFypOQ-2xWE71&`g%ZNbJpp_k#a}?GIL0P^m239Iy1e$MN*u<{%SWJtGW~ z5oX_ZF7Y(NPEFQMjYQ7mhVg=F5K24uuD1Wu}+Y9-9w6XVrKmBZ~a^xoZ zNHJ-1T$^i1o2w-ekM;Y0B^$CEUEyN;&rCeW&n;2RQhB&OUTNc7Pm4*_&`DLG7V7lH?c#3jG2N4P)7V}FLr zuBgHp%kb`_<}sCx>0($&YwinFKBf^O%n-rSmo4z3RHXf>P}i}}f)XT1A%_gIz;^tk zQB_&NE|UzFNe1afs=W{`iv%`oY#Vvjjs+hAP25)_r@^w*V3Hz@2zT^q#V`IB`ls>~ z80@5n%8&TztgDjl6Ii?QuLHhx{xY%Dq~QX}km|-I7u2&)DqDOve7cqz_B%BUx9mw+ z-d#~opo)uXx2H~9XrN=@H-T!%Z}|KdH`6abJqK?SS;TmB=AIGJQv z=WP^JvYREGR5&Q5RadtcKP z)ZiJAqTrOKw1i|@LgK6ed+Pc+o|Fo~HR2Q|V;i+Ikt(8G(0yR_J2q!_TkayYIASvv z7aLEa54$lqh%j*G_b|&-h9_z8uvBBMZK&|6{Q` zG}#@>2GT$#^aLvAf>UCIjM91$UkQZBuh|rbI8v_E^Z8ugNDr_$JzHmgw#NPpz`sjk z^-_z2ONE0gQ#=;S%7n5$ZS^#>J%*P{&I#qx--Jnk2*XGB-wNG-Am^l7oPs}inpavT z5hg>2V(LqYarNU|&bk?6WHJIV)x*BCsri39!?uIt53x}TsFPlQB2ungSCuXE3mIC3dv63X+yDOBY- zb0qQ+1G9+bshr|-W?k63sm7sb{1_tYh=0j3vDtopf;5_gQ)i2%j#m1z3#cMq5R(b) zd!yoKjjw-Pe}8Bj`rw%&t3pZAd~$Ppwq-Ne-zba>)qHmT523-qTbhqp62mMmk0 zu|CCAehzU%Pg>1B&)x3&m!EL6K7}ehhu9$1@I@s;qemuA`a-rm?>cXGP7cm>E=Cr& z`Ztp-z*1+YXqdEA)uO04KcmLL;6vCn5#<>o8Zm#}jS7A2RSfaI6|0hJZMvwP*;%L^ zEAPE~X+!iP<7G+i!=4s-w0=k$z0!R(y|lqhzrfG>+U zh^{>n_&;*p<{h+Lx5H|Gv0+yu8!gvezRtM{K+APIU-x`<{Z{ih=~TPtyD&B&9ep=A z({J-NSI^$syep?|&!`@JzmxR9385b^X`(mI7QB^Ty985JHOpTp)S^~?qNz91qk}uH z8S^Wsj=cq~aO?+6)WiLrZy;zSFVH7hG7D0FqfC)y;hWjTuSo<8{Z7?EUsyI@rvL2p ze+hOe?f*xxOZ7N=dQ#?;8gzAYi+w@B7LPIT_Yg;F)b;~+6nG{CQu#XFRe9t9COn$> z9|jxO|7Ebn)gFZy-C8ZJBrZ%H&<>%46HPcToT?wHezuj+cpEgmrvzu8znlLX zO({)e(RFt{GgW-Bc7KpD_wx-UbZn>L+O5+^Gmy&tU?s6vYQrjG%}3&&MuYHa&dE8< zLvMNhL2{@6)Kgem+IN4jp=X6bX{~WOznl+sQJVNpo43DDA#3-2=Xl)6S)(|kaV{l& zdz)zoqlqqd?Sqe%HS_JbYLH!F=VLE+Yef30eC2UfuaEwf$VJWyzd2!7$mM1$(nq7psNcpCyiFY3)TcRn<9gDF`_qxDpGoGhtce~GIZ$EAg+jkvK|-zh zgGqXYdTaEA$`D;+Tb`YJhx6vyJO0GGl^E8HA^O>VoRcVQ` zBJ^A3y9wtNBm;j$0b z7W;86d+PBkg|A%QpDwx-Nqv9ldf0c!eB2M-o@4#f-1F_D+EycUjOWJ$FR9fn6Un55 zSOX{au}YT(#K5dxy7Qc(^KrD}zN)itU(Lk-JG0ItT@ zNT60)QmUfV9r=!EY@eZ`VSPBax4;W;&i4iWi>Gnq66KcI4d%+t&wCOM%D&VOW|6M+ z7*>X>dI`Mrs#{$0meOk%EtNqE$^eVA>3_iKm){b5%NsU^J9tN^dY`WlSfvqg*OPqy z@&)07vu~r-`cbP1A1vx=%wXXxB{Qc$ z6&Wo=G?_yKCDr?hL;jOk)Oc2^3Mm^YEaxR$MD#gC{I>1zm)(z zFaef?Df*5($8523S9Pr^d`qN!L8<)LKus;ZilMH3xRG6Wko?Wz7+Q*=Jo}zwQc#*= zt$>E^2PxgRueGIb?k_%B&SJ;AY8?{T?h;&n;V&x-&`uaI3vYBzzAcz3ndl)QoSi5D z(G+sibR@aeF+5M}#nJ2ig~Gv(x6~r|sD+D~!s?k{ABEQC4i7!2JwD$srA?XX~*)DP_!L7pMH{xOB#*`14Ng9-YdXN`&DejDov} zWH~rQ@5ejFhlPWt8!zcfzVa@SoL*!+Ep5}QA!i%gHyXsaN(Ho$LbHnDQ_V)dz9q=T zI-h06etfTTOB>>nI%b%Wv&Wwr9G#z2BD~<1NfaSz{+jlU-{PC?4W=Etslbq#igC}7 zi(}zM3$MhakN_jfbN{==$F?GHNPhEP1iP{iNs_a?jg$hY{gcARL3b2y`;DXAtJiOH zI%#a@b~yc0C4b5MTbRAd^aSA7W7AG*FK#mc4)6C24dlZ^sLjSGx*kKKM{C~}J+XM= zO1ml_MlM1mh*Qs$**Z=4X76FzOC;xAfb&Jw9w*~N=S>M8h2a(F%yH-SwmC2;hh7qA z9ew8<9nNg?v4Qm$*c^Tw36_$;R1Ig`LjG`YPQ_9Z9dd^D3k?qWQ`{NMc?S=b(rOpj z*S#t&+scQaj>I6l$NjyztW^+Y2FCuM4myZRf2Lf0y7{v()R&Xx>$)4>n5W z!#E8?F;%0VG-n3DaT4-|^%30Z0x!~sT&ns#q{OIsb9fR{Zr0LY)2VFhRz?_oW>b_d z%ndo9x(%tm{d*u=+GqB9R;@5AGih+@GE&OkT={mBn!thH>3@?GUtP za3k5clUefh257i+S=hBB$@WV2d@ir7%^?q*97!-c@sv+2y_OQGcFI zU~#@`A6iS1DJ6j$n3M1Dozs?p%62u!j>gzIM$i!yWkeq}^>0SOGk{C+r(&hLs;x8X zJfjuxL#dL$#rAO2t+LzGuF1`_M&x7GE6|x=S{8w=?coo$FxyRQ&nBzkD(x(V&k#w- zm6ylgYTEX9DNtRnJZ&3E3OG-* z@$R}&y!$uonbRzJTFs#d*Ccc!d1rNIM^NiW4MPiNZWF(mPfCd8jXvHuUIgB+{%@Us zW$~P{Ykk*oTmVHByAypzaN?Uk!JyL4?8?fvHu#l6^!4EJzI=y8{uATkzg?|9wevLo zoGTiA6vfTXC6=0VOZAa|7M;k0+Q&h3d3t8OZk%}^xA&&NMUF3C&oq#ss}>Qg-mwsV zP}5O<#`Njq`sB2UD`F-6OAD~6&dcQI!-%xn&o{I+6e1?RW4Fl4NZ!4P%0znN3wwPF zTH+w8gp9dph1(|jAm)DI`OXWMXeFl^aS=6xL63Ja7aD^SPUGU;zVCkW|5~D(z6}lR z_z9ayunoD*5dhYN(^DfJtE{s_=x*GNO=KE6DJyS@Sr^kXJ~8n@T;B^?3_ojV7XDUC z`+>kLejzFlA7M(QW9_)PJVzc_wmRg`kzN;!o3;ryV#&cBV6=xF}o;;UmsP^1&? zuKVSq8Ih|0g&W2pgWS#H#;DHuS$vFd%eJ@fo1SiSJoWZw6A=vL@_o9xaEqpu?dr1K z?)-Mx{C(xM=}Gnk%SmS5sA>G*d93Ygo!_&Pgc~|k)43Sx0WVzxfw{!OCla7w~wvPY`=0tTxhQ$m25#Sv|_yXu2Jz@fp6Fq zmw*2F5341l=Ctdm_V>iZ-JQ@8%a>^EuU#1s(gW7r+3yKW4|^>{%4gSqbiB$9@^6a| zzJy302_4a`J)1NYewqD3I&YU|<}4iH!A-!?t&eb73+xPH`PO^?H~6xKhreND>#mkD zWK>DdyPD87h+^P{bP**-Jz2Y)@0WjB4>RJ)$01Q1Gj=YuyY73}C);}`DTyHotCI-J zpE%zfSN!02v+9y_teRijIr=*RvIU1fCZ4jp_{B+beN0yq^<(=L4qfK#*!_5*jz;P> zVZ+<5T{}~bp8R&vnZFR+a?y*GDm^^(IZEI z7Eq_GJP5d1Z~9xbox@=O)!>4F03Mb49Hh?E#rB6FiA_{?^O*F83n{qwUTb>eTfS>P zxLH4BAc3{2Se142s8I^Onq)Gux#b{9WCqjpVkUCT5I8ur#sbIj;!Bw=U*yrd4p4NT@tZgEsODH%qnYY zeeY;fCJbngZoOFSKWq=)>ql@NU>>gn)qeUVHLXOdoiFtqN#rV6&3W!<7JXFOG1!<| zEYlRRVCY)Cdrj`?6f9AdS6s4H3DEt(PiPwbLf^PkT-NW(g<$E1IOxvas3yG~APH_5 z=~l*8(45@2#7vqx{obOt6@XjSMn0C|Y9JVNPjyVZ>lSa88SE&o`Hd{ovxrHNBmf+7 zB4155b1243S-MPiaS;Dh=ls>Qs`k%LliP)-e%j`_roju2XY&_}E#1nC^O!BMC9fI* zWUa>+SZtieKP50Gte45W4%%NC8K>u(RCPYqZ!VplNzm=rSN=E~Y(rb8ugJ2+{4 zQ5@*s#Z@u*&RfnKjm~3c$aC5e!&<&zsl>n8z4 z_gj}WoW+cS7Rh5b*Eh7E)NPBm{=&ra5A?3=!#HBd`j7lh#sLa|k=78eiLR+>EL};d zY4OGUysp4gTVKwk7a*Gn+u^WQT6FQ-i(H>KIc5^F>l}rcAcqOt=`f?AtM3ArfkzKU z4mxX(QGGe2ak(qO|;5|)DE!vdbZ@(A5)nzzJ**ff%vl;wY-wn;@e+; z-h6P9vTL~hV3c7%Y`3uJ|3oZgeESZgfsUUQZ%tkDgRYdF&h>|k;mRD~aW$JHa#J=3 zj{PllsXFK|)M>TvFM+RN$wnn;Ymw^d(2sBtAtK+bEK1F(7c-%{%gL*M*N#o3Y3ODx zkj%=G5&k#ZGiPf#2GWdRSM#CaaFLfpzD7o*7C(R&7_i^6Iic9!@R#-_pTzo%16MF4 zPC$wF=ebi)RxwNFWae92@9n?!%yO8|HPe+6Cw;77ttk3qZ6VptbU(XW!|xl%somi(`w`bXTU`g0H{o3o zonLNuAG+sk%c&Q6qoKZ(4RuF!bmdIBe$mw1G$*#s36#Lv-DzQ!Q%GM+HjR>Zfp16r znZnH*w*9DWlQQ~yBM!w-G~uSA(#tHG^d3`fUhgD+$zI5tGId<=T&(N&9iJbktc~A;&ec}n*W6D(fI&3ccQwXnQTY5Jw9uiMJW<(A0vkAWxp|W%`UShPv4fm&+`05katE zzzP~NJ>KzIJX=?@E!JW2tf(-0nVb06s_bp={!HvU{uO*|4{mPtirb4Hw;BJ2;^R_S z22=#;Se$1z z1ClTD7b+wH$jl=W{#-S;y#+6wRiW!n@9}fU`b&C*Ff%yLXi$w*@oC-JviOgj0 zxal|&1OUpBnO+^f$|C-)y3AR~AqW&ATwzk#|B1m?^DRPmNPX{-nNX2UkqwTQrP3Z4 zBY&fk5`>idmvYB^RMS6|5S?(FF^Mg{2`BRd$Ke9Wv7_&K3%DEBwraXfk0M+%L{?NN z-S?C6T3HoWQr5$i!@dskDssaSB4>xvQ$&e#P$Mun!Z18(Hia(MK&H?}nYO|roCvS>a0m{b01&r;pYxf)qyGdbr zP!YT@zWc51dW_)4N+!cqi32lvIj(<&%)~x^&i9Q{yJmT&suIV^*58=yt9=uE1tP&H zJ%}>w0`B{PvnXYTB`9=+w3XxR>GejBoe`CCTPh^)k(p!K&A=6vQBj^cHRF6o<+&56 zq&PUPfUQ3j&cGfRxnUfGg43R=#s#wXW2IxIl(y&z2m(5ga+grk#S#>OEKrdJftLa? zam|zsxe{)J#90E#;aPp?O4YbS9MVb2tXzjy6yDI~aL2B7Pt$yp^dW_%TSX9;)f{Vd ztp8sIHrbw1oG)wtd4g|3Z5zVrvc};b+CdPp6_bl6)8XBlbwYE`OHxdbnQkO!Ls6@V zm+JA1I;<|}Yz`E%f|DNI+1JW~1t-G=b1Sg1 z=9qzB7=I2d4qIr8pfR902(iG#Q;ox6?-x$}y!fp-Obw5KT`>m!mRof>J4SM1PLJQy z!@YH9@k~n128D#YQ=4Smt+JJ1C?Oh5rw6;sXS< zDFBcpupF}1|Hsx_hqV!P?Ylr}akt_gq-b!8CwOouP~5$^d!e{PAp~~{v}kcH!HT;> z@#3yUetF;TJLfv*I_JO4p1G2l$=)-2?e(ntQHjA2>I)}dCSsf@RzMt4s7M&vATJlK zNYGadC7ljomTSz5e_u@T=S1grsv}EiE({`eAsePh@T(Y#nJT)yfEqlmv|hhDS5}Q? zOpqfAgT$x<`m{4+5aj6;AyH2%!TC;eEiq3|&A@Don6gjWYDO7qR-1&Pfdd&HNb&q> z43tW)uB^V$Nov{zphB=F4 z>NYpxVF@xajtXQe9fW6}XJuIB)NhyM^PUpc zBl@>yHJ@q}JDcWL;#8eY>IJWTn;X?2OI~`y#$xD_W)r2#iiwjpib)0vo@M>>d=S32 zCKLNNaPgG=@c=i1w-(u+!eFAvjFSGyX{5G!>ZH1-Os0%)sL90j4Zo!!&~()-9W3ev zmQzeFDuyO$HVJ<6$U#(>=@}-|)DsaX$JlY4FLi$M+6H1UD95BR_gSVh#hZvL#-P2n z>I5o7HA0^roul1_Nud>+V3P5j2}q`>?-hOG8*$-mrOIlO9=$0 zP$}&Ij;MlzWX&<(2}GvCsq6r5Oc=l*-Ez521tQntOgKT=`LFX>xqXFHkK)WJjV9jo zhUmna=*05qBaY#>-NtETv2HE%BL#_nMo*rOlGfZ8?jr7-(BfB;0VfKP%|%9eDDXu7 z4SCUUTG>35-x%{8RZe@B|33Zx`x-C4A_btM7^z+2J5s3(nv#P=-Zwo&VC8e2!AVk1tOFXe;t*lo(eN^C$CXD!}X* z&T*Zt99Ss?m{cfItnC$6KXM)e@MWe@>G$!&XZ~4c$~`C$1r~#@CUIGY`8DNWtc=u! zaSVXr6B+3rY6s{xWBf64FfijNalBz!yy{dB?S(Atj$w2=w)N-vM>5LM&$i+5{5^6o z49aK<+P%-V@Ob_WIaoBMr$YO*rlD!|4l)(m_asjOY*6ejzWN0 z1(t$qr?mX*q0nYXU3aSZon7eq1Dodf;B{hTJ|K1vNkgH`Q7c(vGgV z)&$KTGMIum4|y(~AS50D+szdIRAt1Sq{MiLzy(sQW*5ZeWr05^5>*ywR%s@)cvSyD z%j6g>7%5h?o`Pg55;}bT_j(kdVx4LYQ_1dECZcXthOIDArC9$) zoRrTKMUvVWU3oEv_7p_@KksW6+DrCmB~d2!Ye|tX^b`Q9VkCaCk?L5!VX-3D6n#t7 zWIKXXqk+4(v$H*2lbuGk<1zGFrtntS4mE)vSssQ#MY5X@V*gqy(-6mMzMKV3{QhU^rg zlu-07>}H|LKtn#Q)bWelf3Fu*HI-g-)x+4+w(vgtUMg3SXuKFCrd7vdCY99PIx)y= zw+Z!#vWUTz6;+bTP)r>z&g9Z^U9e&KqL`@%7)2DW3Dk;b|1Skf{^yT}Kc|OL@5!~e z_aU%vd?aWIylO7MidOCG?_E`ul6D)hj>FuJ|HU!D*!a&;nu8L5y%&UvuWq>e^Z5h6UD(Lwh6A2)NPf}-5IbFi5EA3t|$ghL9V08KL2(69u_Zb z0)15cJO#n1Xyqr*0S9(M0z2i3F5gM=kmbFDTv&?Pm7c>Lo;mj_FiJ#}D~VZROb^hK-;F{tR zB2}JdU8wom!L3a~@rQ&WSy7@S*O-YenK9h=7cy#r7A#uzT&6iF_aGF0V0m8){^Xon z$vzj`=j)j&o6SjOo+MwANkdZ21P*MxcyKgAAPj%**lzD(U9+h?q*)(mJ+_h>oK$+c z=1|(ib}~yEu&UXml<{lj{>F3bmkA7PjJa9!`}m~4;~_$$k~{XJbl7HkZ%Y==CC6XN zPp$>CgPfxfuGz87n)m^YR7nYxGtf2dP`>dK6<7S)S#t`@+B;p`zjX8K44`zqaKV<* z`)X~j({9V4x_0NG`5Vi|0ba?!p#zK7-8mGOSshy`dKme?ypQ{@QiLDqN|gA%va2FB zT_tbyJc-Ukxqq?1cdOu^{5f7kT0*mSl>NvcyC+cpA!5er-;gn*ux70lr)5 ze|1wGuAiK>ymyLObmed2&oqG9eL7!S5Atfx4OPeh6f5&3bLm6RDXAt-r?$QAO4s|c z+%ve$=$1+_j;A0El?DcVPVgf&+l=Qb+YGq|Wum2$=|ZE6(YLlhVn#wMDZ%rB<`Nd=UGU<-}HS`6rwpd`n$FASN0WJn~q z4ou$&s+JW0_q=oVceZjP%Vb-_GzgFYaTlq3?m!A-&7@BoanY!2k45EnD*Odtw`X`y zjkShS&5c-GOgBb<^OYC$8@j=6k+a0riHhAgsZJ?rqbL(*2&Ly532&~UPH@5bWfJj+ zo9J`brhM}yCF9D|_bij!!%bT}*yRltOBZflHH3X<874z)(=30gPk^|DQ|4i0>ZDfOujPytnowdwoJ&%y* z`W+p}c}$hG>qwHYwag||82!92!8db(H#LenRS=Vp_nR4@ID(ggIhaeHZ6t}$YqU&_)0V%HK9pF z6gLq=r?9TNh&XkgVpar3f;x9ExZ|$U+yC;$?$e<)N|*J=F3ir4ukgFpJ|&^@fj^T2 zF#54-a)U8Y7bLoW>{|1vpBsg>WC-*0Zg=0AZHn_}tkXe1Mx*dSFsp=xk5pE82Ls7B zJF!#$A!Z2Q6QKlHW`9G--MX=-kq_s*_7y0pxj_jT7$U|`i46oRK-5o}_{~34lLbG1 zjNsrTs%t2eUs`>$IQ5J*$_d&{H-j0}ynzPT#&4(7yAAUUedpp_5fyCN8H&6Ze8o(g zmp^PZxC4Y_R4UtUt|3oTely&yuP}V0!v$i`P%L&6Z|8O*wPv4chA_mxYs=Hg*yxpQ z8F}1xy5zcBbPOsIx(gJ91-uRXXjx>{7+_#M%PNqSGyCEvn432Bhv#c@uayig**oEl zn}D#Jbb9~c@T2d~-0H;**cu-JU^~}oxZEwb6Tq5pvjGw{og(D^F{nI4t|S_>g#%=m zZsw*xE9F12&Vj$A8*%imx1ky_@9Tf`W~8fBIeyDU)DmEZ-v$gfA_sWQa&p;~%JltC zGPjb6nZ*@F8PSI8Wa8`o92VVr^PL^^;VXu|&Wh+(>`n~RCoYAD@25?qQz$fVoY+Bv zU(J@Z4{9Vyrt&4M6!L(OKqY-#Onn@*n|#xwjnhh#gV)D>tsaho&%2cSX7bj*@%gNv zBWYG7n?-*D1g>Rc>KxyEV*|~knQ3a}{GhSJ;$2S0vw})!myxcy1?-@arP3{`N7#XC zVVw%vjs0}zmQg-H$fn}dO>>378z&Y}W2)JbY7PaL$^G}hzI1!62I2pS@AtIWAeA>dvFDy5ieteKeyhx^g zW!FIKibEwvZhA1u&JtRhOzt8yu7RoFx3Nr=T14;;7*0YC_%L&fk|IdJM~#61ncyP^ zvs0vAPyp{N0jni6KdJrvR6eybYR;mQQDu-vfZq6Uqg)=B4<8+fib@W^XR;3rT(HPW zR7`cG>um^a6)+K9lA0O7Kd_J~S9>YK3HQU676+hSA9*x{b|%o941@8khqv65~l>^#+&&GK3TuIa>Vu(+^zQ$eDmK%#luCg z`*}fiS1T>Pirn8u}xg{sUvMB zghL66h&Q7UY~Q?w9vr;0tzIL4uLRVI+l;3_@8{{uGQOnwC=gLa(c55;+8d+sSc5`9 z35tq0V-Rd_EMs^3q+ZI)H2t;|!e}30IVR`Qk1uQi{R8O|p%ftpWyfK-0z38`W8LDI zMfxMQ-y)RsLraBZ7DKVM^xSft8AZOwq8ozXSj#wOU_WpOYE0B93+yK(w*Xl}Qi4d+ zCz?oc2)$59f08RN#o^fT1@^zP@`MwJ#0_eI18sg8FrX+KQfVX*><}Y7YR{J{CK@j| zHeE2W%ko_wMxgU$IgMm}`11VSQE!MfXfv<+rM#8FNQJQ=zi@i-!Xzkn->rynjqQ>i z(8+PIVL#Xf~TS*ah$mifu4IM;L-AL6%M#Ah*-Sqrf#HTYMe0(Vs4iL?5}(+)D6fBDX3 zWO6<)$?>0r;)~4n)vV#<^Wn7+d|q%DjAFq-6u0quHV8J_yZP>oJ1rYe`nPU${y!c_ zX|l-uDM%KXDA;^&)rk{pwtIIZP8wl6Q`N1PL8+v@7 zTGaLh{Ifcz?Y1?fw1A}0nONq7zKC)%Gb|x3aHF@=+y#yl|J(N!u+ZD;$Hf!TO7IZIu8XhcTg5yZvn; zsf-~Gv_fS1nNgz;K&XSzhl|O6jKQ&E%O>ba$NV;Rj$Fu=K0!<=qqR-lYwHmtAaQKx z7@{4+%-#q5mPTVH8;cpk{JIZFLX1(haH3O@*wxG@#n_jUY@R8nl;~F|i`hr`#T-Pe z^pb;2!IBPgQu9AgJKk~R@cXqkZOsP7ou^@SlT-O@oFRon1e193){Ll z@!BUb2K|vooS2Fil9KASjFH%gm5F0;G+3W*QEc<{>eL(uB^DQ%kO=|l=tPtZknPoO zd*#cCmmP7O*Ga%yFd`zh(xfVX{;L$59*sb?069|;mP%H_HKIglyj9V%b8tcj^UNy6 zCSf==N~y>%Wk+=GMd`>8@>mEVB~Wo;9DSgE5&UQyauCJr36GdbzB4Y^)qFT0<#8v_ zFb9E$#@b#JD|19M3o@l&&2oZ6rAh6GlpCUPCIRnH$tHMeEujlZW>djkA-2)X4e*GG z6eDr2d`0sirds+`rcU|4d%noWgvwsgR!hu%2#cjuwG}ecC5A#cFggWsqD9I2QH4hD|(@HWOJ>=;m4fbPM9_Lu7yG^qlM)5b<|hAUrLVbRhE|@y50tg zeS2=(8aisuJ3)FPR1S*Xd0-Y-rOh`sSLCjRbTFA;xLi_2`M*L{<_Kj@$4I{t2@FAr zW)6i%pr$OgO6HMhuqnD4YTYjliD1&31}`t4SQw3IiH?V_0z*N8@MMY2<_Cpf5K3fj6r&p4RXq7Gy|g=KF=8he zPQb9)9HkJ3EIpc&CJB%W0`xin^B|TGy-3EYUf$XS7U(EfRD} zVb=wcSu{_BbV-3hgrP#hXsUo>h=G(tHYLE|Mc-t+cV_7& zaBQ)OpNS(s60rrOJj_#Dqok|fh(a804O;lMYz(I37pUNq%Ir-Z*^mK7^5DAahD0X> z;ARZ&CH+U4#7oHqcdW@HGdEUpvvm{(3K|YBC`{6GNE)SwKIgMtonZN92NB=mKsyIl zTp;efRhM2DoydJS@|zJ@(UiYP8w118Br8F%`-BbG#*WCOH(`p2#kgcCq6~ZBAKpF! z+U&>c>X$CXzRgLywI%ltCnqY1f@P0wcj40U$$~)dvgFo-k^KP^yhjxd$v@Dy7?&=P zks^@PRKRDsNXDYxFL4Raml%aq3F^2R=sR!KO16|dM5tP*xRQqn-s*Bas4|xO32TZQ zDqJskQuKi3H6tyQs7(|oq-T4R4>q6`@(>CUVsASIU*SSAs?>|W+>!a)8wwXL^g~6r zRGX)!_s9dq3Ybw?Y;@n;277n@`fPT&i3XWGUHW)Ee0$hAzA(QSsD8e`&%4dcFuwEA zGm$8|yx6b|IO0qAkNvy0Ne2Qw)VKL(yW0eLs%xv}VS8?_>qDMHm;Ev3)7QGlFT-Co z5mdc$yszw?zj3wR_$}|**H+Q+)&Kt#AarNV-rmuEc;S%OiFDE6T9(*mLW;|F2(I z6Nlu7j4kuYn-DZKysVd5Nxwf`TknfoLsd?%KD?aoA6$$Y&t|w^2O0&gKA-QmQ*jPY zJM#sW&xZAGhDwag{4wbA&VM+et&m6%?PCY5hkgjYt3V6?e>=c02d;TFHFVgoMhY4Q zUDAqG`|XXYw%jA=n2F8Dl+}k_BFmL2pe+1HnU!EeBSY(9eF5R@`MBYV+i}2kp5#N3 zOB#xA=jesqt`{w4nJZmwlb!fz+$S$df6=x_e%ib)qYu81xm{AY^}$`DG*6^&=z3p-Vzux-h#s9VZ3D1i2^WN%>-L1Ro-(MD={v~DY65I-H?GJ5Nv@!+u zZN5}I42LxZ4RSazi`6yaRoU&j&wqa$uUx#i?NqB?(tl~IDmnYRB+(o+Mp53}mMZ8C zy!EOGla72nzMh?KGaH;5czdx&wr=BppuU`!r|a!|$vxE`9vuzTg3T~F5?BJ3`Z8^a z_9`&jeWozI-KVU_!2TjnhBNli>6zHe(~En>Z;P{Tl40bPH-}qnDj#&l2cN&>1=8w! zeSDCV_Y;?rD5NeJDRjDjxKI;!|3WElm&f9sWs|Y{bDBW6cgWE%S7*Ogbb-$V*LdNR zf>Oi3)Rz0y=}*DbBPC8>;$)Y_GTX%38gv#!2eljeQuQt3-I=(5W0`1u@5I2%qWt95 zxaX|IJN4zgj2(!z9!_y+e&$}S#h!K&JQ@`Ae9?#3OPlwoNp?ml^m^tNHvF{q5P2#f zxmujv^`vrFj?9)Km;oHFcip_s(@AXRT+krO3xq+e zS^O)8L~l=iUJI6#5l@L8hu}DcsCX#pvfz(R|Bnfh17NdMe~E9nNoUhN%<2>D_+)!}N0Zu0($W|wY$JVP{Ge{F-jA;F zx7u~a0D-}b%Q~l1o7G9{==`bLI=QuoKDte`iv{O#rPZg(od#mH!7){|laZ46mV&?* zj87@PH`iN7FSsVpi+DKJ{9=AjM=vx#UqxK&7QAn6Vm5g4&MLEx?+l(slSbYro)KG64u5pzjqWJx-ky>W~&ri?rIaesF5aK7o;a+{#1#R1m7 zJHiB~N$wi>N&AMlK|Zrh_TJsneB~=7E2YIhgB7*N)W`^!3)#LLP{ zQ)}$j?aQpU^75;zy6f>*YcDGg89|466p!wQ>yk~+waYK#--CO09UY&tj6T@-@%lFV zynook?G6s74ym&678K_kuM-+K!J?esdhYZB6}G#If4css@}Jc@jOE!aK}oaN=H-jG zoEKrB;CRmT%SxiIz_X__bAIZ)udzF4RS)hFT6vFNKg|+T0Uz?RIE}3-yVhq*#if^f z(Vm_gDC$n_DQSzYgS$$4K&}=oZ4VD!Tg_QlcgsnYL6>t|(AD+30|tl27X=|v7way;!G_m*u-adF87jwRZu)qXoxi}afa&CAxeRXq#IN>FOu_}r$$p|h-ei=3MhMZoT_t7rLk>WOjX`^R6DAC|;U zRI8qwnp~Rn&H>=ZdixHueKpCK^_R9Hrw?sZ{k2V6t`xdlk(ZNK9$vhT=`0SOEykg@ zVR`n&?(8&sHMjasEo#{!tbXq4i_1UYIN_Pmt*P0;RDzUbd7Zu&(`N%V+!56YL4NlK zqi6S%u}4|d$MZ1>{lPyfP{p!Ls<;X}0J$t(reb)F^5nI>bUg`Ni@pXou4{yjNdM48 zoG}`sJY%o0R+vcnURL%#)N(uL>3RIJbiUsFWPbT=(q_!Q+(0!DCud{P(xbCES4c>( z!KpdrS=W{G>h8OFUyoTHv)a~eu&0CRa)yB4^?~VpqW1N>)Ops|M9BXLDQRo?`mzF#y*cZtCpPPN&2hK47zu-)o^l>)vdG-qY^ zj{3PAS==+Hl(aF(hBH>nNSU5$c*GXC`wwN*U9+nmH%$Yhmz)0)P)h`QUOk2j|} zA!}TLmKUI@EjcGdY%=jHe0Jk`KMRp%#<#^-{Bq-|-wQXuqU}}ne&TcZs^FS&P zxu}SW&~Xj0kgY#B>n79U@4-)=F}(0Z1(1<+Y4`CawOKOYr&O;of(G?abi z=%p%BQBvHWHz4o|@XzZ~S+c9VleHt#^leg8Z%DSj*avE=i>+sW9OrQPF3DUIN9@49 z1s&X1G40gq+aptWg*+SX4$xUoF&dSC8p%=Rmt94eGDQT1@B5iSUl2~9`t}9%sm1As zxmlA|w`s908slqc9?dV^gQhvBWAQc_w0Z6LYr(JMz%gD-nmkx4*ti}K|4t7AQz~mh zq!lJ{WiWT)ttZbPOY#k#?z!jvXAj=-=GY^@N-d;@5|5aZezD}*_>t--lKcGlJT!Z8 zoVC~nRN3V)P19;9%Kj|!yY|ruZ(o%B?K1K4Lg}A)rz5{SEj*)e4jT>3R&BT8$$vjn*M}I>=K4kUm*d{@<+SFB+8IsMF9f2Txi#h z-8bYpp7G}k(Fw@g%hFlSXn_#a1_H0FzYA4`G$iy)i_%$^XzfhPd)fm?Zh!Mf3tk!H z>fFTYp;JgzP&IsW>t6BY^mF_e@RnO`&AO64%STEuWLv~GbuT1CY_&(KX2Km<(Vu(m zMIy<$G4F0H5qNKivA>Jl`A>G|xv@g?+S zxvyz)_6jk!%wRuXr5-iujtbq@n_b$^s^1YVFup|+vqwWp^m!EmO?tBVDpZm|vHc|P zv=$5>{>MuIUIipw(Een5A-MI`2U-(INJ@TQc`hG4PJCF9WO1T%Bi+^yFrF|6HRz?1 zDw@1am)xoZfjMy%e+ok`trg(BCSy z45%7X7dE;otn{0~oIXv-6;!w?R3SbuZv8d)i&Su=N~v{)0&XV-_5-UnF1DO)2=Q(T0k`yf06wC>0D?}0s=^=Dw5e_WusIq;u z)2%gXmv1F=an=(`%TntCog@M^2!A50ecxdt72gTw(KkwQ!pj=f@IfSzDHEZK@fIZd zLtv+n4-S(tvL8!C>E12)su|KA?*^*|W-VgdI3-c;A`cEMJ&>H?ix<=bv!-L-b#NEO{wZ z*taCxo34t(9s>MOdv>OZKvyHYgb;K+Er{9o^&e>RQt)!N(xU!TzXOBQY~q}bB~}OL zAN!7enws%v@zoElBSFK1X0%2`36bbdTJ%4iZjGjYzRK_u3(wAC7+3is)x=$>W&fN0 zc8pkZ?ibe7Q!m_Angzfx~`LRJqpA83|_EXo1^vwK$#h*3}9e&oA#)*j* z=o4&&e~DxB4?F&~cxk72O9}%RE>&wM+Fqhp@e;nEFKKbuow_5MNf{EZH~clp&}Viq*2(j}r&ypQ zEKaR{cH{mycy$F5e2m`@0D&<{*uJpCiEnPD4B}Bvf}nxd!`~%|{5f1qrSc0fqa!+~ zV=ptg)!$R7nOiKC4>xj+G!A3L4))+GMaGnaNa}FCb6H%rrEUr^HzE};;dM=7p223ph|QR|>9?yjd<2w`DU%;#ytvpE`bytH}s810?hX(I`zwssNLwpR9d>=8@m&(QA#L@Q@qk=HnE?Noy z^P|xqfZk%dDpJvXIeMVBT!3K@+Sl|C#ss30u1LaZ z^j#XR$nw%i3txv|31K8aauPBtOMasVQUaNn7$(`iV&cl6e4!v&`m}NdC2a_MtpU+K zq49Uyxr}p!bEUHk6Fv!fR7^CTR}22*4tqd}Nr6Q0+ z0F|<)y{=y)BG7QqE)Xq`qSl6Z*C?YRD0nwaAJln`q{rw#oes1-)^&R*K=RE+Ls$I> z>}(7jiPcSX)nBTrJs8l+2VZGNOLhO%6`g#e9sa5UEc$2nUCt$Ewa0@lF2ebWOoRYW zyBN`_XjwbiODwFwNF;0_F+)ff7pFLTrq|zE!Uj)BMx|tJ^UW(l+kGB&>aO{?xmofa z8={0MAl|5`?4|fnb_!Qw=mk2mHsp29ycsJnB!)_=FB~ZoZOOT%Sh;u=#&ddhC-#x6 zMBtQ!Jv0U?)#riYoBS~T(hq}rz*I<#BO<4Oe7zBR z{JmFpRgK`Z4BBbZ1OO~Gg%#&9Osnx~bbV6!RE>1Rg?DhTv5;c&VjLiDp$RxtU3?k|vEF$BdBOZHhl#%++@HoJfOnZU7_kIXA2OOcQ18WN47!e=?5fM#F# z$}^&t>K)M()k=b|D-Z=bO^m40y6|99&~~p{04?9rFNS_e!_Uop;N0dZ{Vz zJr#Gv^SWn8+sEu8e#{UUsuVRLQWNsReQ4@et`!57ext0ataRF&vuib1pI6wA&t1tF9#j&)?O+M~o*pS6HZ<9o_qAf*{_9>fQ1enxKOw^afFl8o+!2TDyCpshX zNf&kw^-D{OWNPc>>@(!tx3}Q6T?FhK`HknE4vUMJ`1qsZNQF;jD$LO*G^qeEs2)kz z8-#KzK8%oZXqwdXI+NRbUp#h;wOX9=~5OtX*>S>Uled549!l*hqzJ>(b5_reZyP z=`X~MbdS+bfUFTD3ci<(WIMh|TA2o)?BlmIb*PCPeP0GWs}cp5fgW?35fw7UY>4@G zy76m;H9Lk={=D`>7ZUK1_Wa*9JGWE*^^Vk2SuuntKFmeVv&weC4tV4-ShIYdAQTVJ z2AHcxMzt`#U)xo*)>Z#J&D67>gxcikdMq_eAqAGU`nD8BQl%w?YR ziKbeM!^il|Y+A{V;@rHzvz+lWnScYxtxS$$R+L=~6(6cohbo1?xi z8u8#~%_UWc1{}JNZ_#hdk}yF!d_UB;W9+Uq%lNZ#zc(+p{eIr>{6*a_i{7&|T6CKJ z0D|9tjr!r1hPHpYX~z;+>HpQ*JL0NUZXS~APzw4%zE>E%z*R{=H;tOKk1v(}25()D z;!`ZsoY8d*wn^f@zGV#oQF9m-FSQ#yMM~PB(7|M;rPG`v9-EK-o2h8=XXfd^tpVS^ z!FCs29)mAS*V{M`#;^eH(W?$cg*zPfSb`bnFek2`W zty~ZNzD&tXD_P`TGSo7~u~*T1=WCpsNH**y(f(Ftz-Gr>UoGoYz{2L`6{Sga|D4U# z305t;ir!aTGo58?*yt)HR&kh3aT))lmMB;a!vLL+eIEC$;eq}IRqILntH?>7;ppBh z_tbotfTlK#m3_3hyfvH&VQC}qxtyP zSjs;Q-30HV>33c?w6Zyg>`E6F@uwziHi&r&g5N8pQkP_U&8)TwmW=j-6(rKEAJkWc zzRndnzdYX!mHV}dENY=vuI8;B)@vuqnJA@lmw-BFY*@|pXurZq{P5Hv8`)fI3ELU{s1IFMKgs##bJ?s0AU-*e+$wO0cOFKa7?0QMOZ%#M| zHDO&Lu4BbHI>Sd8J}0$I1Nb;yBD1KlL~(K|nwZn92!CKI++rU;q0e^azkF#Ph#8al zeo_>(FMk*8(+WF`M7YH7=iwC586_Q*fGXxss$T`u zohf#&(_Q`Ri5tQt1ccX}UuURKt-H*Wm+7~9a3 zSkseO-t$!QZ!F{J>WFEdITo5pKQh9@TmRyk!GUQP5zgO>$P5_O5oE35wAw}(@)NmD zN(?Adz47D&wPs@MTmQ-s7F`8j$$_WdV+`P;=4Ijsr2oN5q-+ZJ5SXVkvyS57qyOb7 zf9my?cnCY%GJ-ATTDV`@cm$u@TBdy={SB_R_vM|Vpovp#du<0}?`lfrx>43!;;xWS z_~d-yapVACI_<@=f?rAuIVU5DbrdEagdH;V80&>akP{U@4ZuM!-~p*a&1B3{LJrAK z4JFL1yHMWuF-};E9!IkF_}q_8M6s2Pya51)eSp%x8{zq0Lo-05;788Tft`A_Db~Zh zBx$R@4=nZ|FP)k#*_ldB6wIK{8V+~-v6k@-+uksOpNnX!*{c>}m9z|mJ7wZGF*ot{ z4>w)^p7EpuE#(#VSPlLG(uW;lEwbCPpxFy z=l7O!W}ONTxz%zd{{`J`&*DkG_*`wOm~hv;4e!J5F$bW=29g_yVlSCR9Ptp<^`_*V zzaPIMT`ZF$KAT$@rz!WJ+#`^GRh*caByscQ2!l5&nf%uv1fB6va*;vOI*OK$KFE<} zh%}TJ)D6WzwwSW?Z<1z4*iR&p6AnTY=$3zqTj4YDp{8WwD*!%O6z;qO|Hh`b0)(f@ zrn2LmDpST{WIggu$4WNlDh;MP55!hIth4&JRVcU^bJbsL`P5!nVajD>q@EAiiv0L- zb#wrvR8gzHpY=HC+8fASyn={XMZz-aM@OzIGIav&~X0}UC{;iK2(l&--m`QDeU+zP|kw^y9`4=cyW!eLbT z0FNw>^!V^#_LfCwx8*s0_xm#_{L~p2^x?%R2MUyI{(WR`it>_k=0m?_9p%bL-_IHS z;ir{NFv*&UkW66GqRG?7ea7UDq5;5}HpZUFe;@foXq z)T1Ti#Z_9kbmJJlfsKr#k@I*Z9sRh(omJz`V?|s5jdb%EzM+kb%PQ_>rFj_6SiM<2 z9R&$XLQ7OF;zxfp2`}S0y}f90k_1Xnl@fT^$V{xBY*va~EFigR%RzE6czxTjT#OS` zEw*~4-)i^)!28Esop_h$zz5XL?pP{`Ubj2V*LSxI#zc`;@LO`y^^Dee!!h}3*(Y#F z4ojebG;NGoN_Yg4OfM?>`>~IGj>jOii6j8y%O*{*BX4C9rlK2%1`ynvmQG)2= zU*Wh}u5n47femNj=Sz z@O_e_!UA|rA*(2$tz1)wVCK`mo(L!I<}UGylwKT9I;AO>aIj` zADXAQ$j4z-ors1Veu~}W9r1eI)2CZ6ZFs{xAc*&4dz;gq#?#J$&12$+b^WIXkMa;$ z4*lrZRsJHgi8wfHEJ@nN%YMRh>0z0JZSBD#2z6m+e1S^n_jB{??9{ECCHM@R-p9HO zod!qYB~*}svCSrGmG8aTErUVA7KY~eh^lsb)_b%fh8{CCHec&9rM2&5dS%ZM=_R!@?b_XTodr@#9C}EsOOt4>6wQwZFFFr*p+~{!P!(wN396y3tYiInZmCHDY0W z(i9W;IJSEHrcKss;?Ytb8uRXC{xL2q@{jpu=V4P=@7>6;t)xM9`4~f=pAt_Ai1@=X zVEBOM*z*oq+zCQ7TM$*gEwUNEI2%j!2Yil{;PgSsVWyXr(7KNAbb3sW90Wmv;Jd&C z64Y3+Jm%c-2%k=Fm)AWEn>HBd_4IJ=CrlalFQ;p$oWyf@m+Jhu3B~44Zjc}7>Ck1iI%DG>o2{ASTwEndyCCUZWb;~03Rn6J4;-m~DbHRfQtlm& za&Pj5-{mp~j04ZbJ$YOLN2LtH&p4!g(lItX9n3e$ZDU1qnW@JkJj7g=zwk|vT8SwG zb5)qO6e+)ur?I}zimFRZR8KCi2hS{m!PLwd?vmfd+C+Wdi*bz)2(1Nw_0lh2(APZT z(5lr!`*Px39+Q;AJU9lVZ~Nrr=zRNdMx$muz*)@6S!YX7Rv$jC4^SO&cp5r)l%V1s zj@3ClP2Al(eR=q+>xvCsP$;j56eN)MJ_McsB2tH%v$@pdhcy~y#yel`2WVdc@2>9a z?ZFpMsX}VS8wI*HLzVTAYE{BDo!L`tSgOZQ)=GD;R&s-DBpsa2PBOHJ=oAmp;hBA( z(Ep7?mC8=GuZ~SjUJi+lFE(z+gM|H_tnVKG_Tf1{>jVfC>e(n()kA7kCum2w=c}F# z9|{X(tHuaF*ktPE4w*te_vBnm(7+FW3u79Vm`Vh3Kq}F$};492NjMHYS@6lt8?%Fp4izS{8TFI;j@eQ zx-5=#Yn!uroB2W6KR)dsDCOcl6+zcp*O1j3@k(9s;$*WFz}Z+tciZ6LV;PM;)t#VY z{Eu8dpY!d3BG2%P6HEayWs2M#dmoIpO3^jTRT3q?bSClPuU8A_IpgW|_RYZDD9VKB z95M0X>np$0oTRCG@V-8vq-;)G|6&b;2sq@O&bE$l7K`U~6z^(3e^kHLtDGXP-0zMr zi$1u$wT;&dQnrWy+>Zfw+QJ!=;w_R-#`>>Rc5|#?-j6(6r;a0g@O6Da@cc{jt3?sz zqim}>cl*HAlFoV!k9ww7{nEd4C83mC34Y&q&U8(52Dp2vOyXI}dbiYu>y(VP_I>&M z!?c7j-Y~E>>Ju(IDmcbs|D=hUDPYI^nf*X}HN8Cxn)bQ>mb0NqNDr_FE;|l7Dw7s; z(wME1Tf~hTs(ohVtxR382ALbwv5sD|a#ts;f6a@?D7yb^e!4$AFW*}dZlyj9n32%_L|lJx%i^%jjw@$*d{KXSd{tR6UZ!=n!~>24;%=9+;xP7Y|kSJ5pm{O>5= zPjVshOFR{FBes1>G2kb0-Q3b+JMqB@t4HWt!bWHC)0A8m1-H_6Eydq|ykkZ-Y-4|8 z5q(JWjP$CfT32czhO$pP7ys==?+*-)>s zK-{;b)#X&IX?+SgdvNQm(#MJ0r*FPjbxf!6q8inMy<^sF^z8BZNF#X^`!g(Y?d!tg zlndDaN%Jftb}3AiH!Y3tT7ilN8J4cLS>_~$RjUQLRwK&wV6mT4b_u&y(labnw!9%l zH*b#w6*egvz)X1=NcU?fM+P0?1pW8vrjFM}o!AuZ=uEWq4XU8-*M!T4hqVF8Hhf%7 z9>t0bjB-1npik(bKt;(63{+c%bxG`Q-fwIfbOaM&1`UR1`!W>ciC9)rqB_@{jx|em z&wh*|4f}4om#q%Nd&>{`17I2KR166N<4Y^sxfT{%1KuK+n+{#ydG@~nR35>a1dNlj zHrBdz^$x?6%O`(rEh<`Y#YV$TdB{Trw4ef=VlsvMVZXQ|Lw zM>TJ^GGl&sqQlUI#4thp0#m#@ADMD~ZKPu_ifcvD(1ojTKq&)}$vPmUnT(XzQI#@# zAg~*C5p{|B(!{>wX3N*&4bdz9@$Y6zIhVXMkkz46>Twh&04jN{X>inRVL^8+Oopoy zi^4KQ`wJmP?0;}>EqjN?5-n~oA+IwPKK3;2?uZ)vU<|&wFT1=}uRm`3U`7~!!OYYx z*KSN(7CB(bhiM(#Wpb}_euu_FEpB`1gUO$wtW&bukm7r^k=jmy#?*3i4`=5m)EYs@ zSPHeD;sX8kq?@|2(bgA*F*)R}j1~g8b)?$Eg2(Hgo5BfFr=vJt(6m*})D$$5h@@ni z(NPzsPlNg3B546YH7Tlg>?Z>co7U@{LUZVFtt-_~#hrp=_?KjwmQlLzmHm(q%oAog z&tydlZAT3z!l}b9H-Q|bW-zW~`S+$#ch4YUyh%9zh8of(Z8i&I$0IAD`6E10Wx@Yj zHIu;wGo4cn%Z*37J-f#UVz^`q4b@m^NY#4Unf}#_J8yuB^SA@%P?G_L2ResyVm(xH zQpV5JaUR3&0%mQbkb}c|mP)BFV>m4^u-nJ(dZMXcPHWy; zcfwu5M=9*iNp*NX1ZVbZtCSD1q%8NB5vq=5)GWSTMa|GDBdQ z9}5pv$nHz#Vm2wFD^#SrD41?we(r^P_~9e2_pvw?V|~;oAYldv>|6sUO}O3HdzA1&<~4KqZk< zuMcuTU{3n?f8Sy@#A&n9#D~TbwxMaU+SO+{gQ=ep@;adM>#ks*O2rRi3&3~F`mx8X z1a-}?LrU;@%TW0fSE|ONpxJXkEr*;=+6Plph4F689F`6qKUGnLa$%! zfK9KPyLWfX`3KBmipn3`^kY|9hdi2fkhcbZ)pwot!y<6>Vue|UZW;tbDIKXx1mJ2( z3Hr^*ptBcd?!rvrfqOSgHe3Sa*&UU2Hz|teOGgYFB4Wg^Rd2xOS;*d0x8J2kjtBOD zYlxWuThu(0n(ey8pHUnesAQhzn-B5}liX|4hX?h<$Z$(fV;G9|M?bg~o14z|U&HgS zz51dSsXm~>aFRK-`Xnj3@3?3h)kwN4*t!BHVIzo zBhNTQo9`{xY*kaycSu)OQInm0%;ZXQl<53ULZPo0D2JY8&ZW}vt6B^)cS2w+n1&GP z=?Y#hUnoZD&m`ScijCwON%8w^_pWo=AtylW`E-7aVM8q7@-gQAi+Kvo;s~c{X@q5S zXUtFgt<)c+y~?rw7=}V}?=uOWOHC8~Nu7sErMeZ&jfoLUl(+IpA>kk#na)yaQlt{? z%N){KKM+pXh6Z&k93DsQ=hzX!;)sHEcp41&6M8vMi21To2M0`>AP(Ek6@f>9es0eG zE{+;PlQ6<5L%#%SprDPwVzttO%OJ(GIrPFOPN0{QhkT$?dJ%Ka@7<9%b)^cmZN@T0 z;ShjJGe9xH6?MlD`;qD#zJ0LdaP~NOb!dO1-lrqzF5^9d)3GCYu2vUXHEgN3lS+D_ z$kxwJXB^!Au>TPsXIHc?-C)=X^ikDd49D6vgu4}cGU?gi9=TJWz+Xu8{d$)PsgFNL zU*bEcB%Frx*g^AP%LSv)k+O`@w!D%+L5V>`Mj|;XY)4}b`2>}$1{4~@!=;eaej3O(Mqx}^FY0Yq=Ke7o+#WU**s3;&Xpge-PaF|Is3HBP z&4yrvn!ys_Eq*kb-~pBVi(lH#Qd+vrZ9B_xfNKqv%$j#n$1u~1<@iLHT{ z?L7WLO^z^qC!x``U#}J0KH0y;&76DgCryUtT*J|k2`tYP_cf(^;OxWxGxFrwE4+Ce ze=LUlk}H*EWiw6e%3d`^)FOvVgSb}e2VKL?(4{K0RbNSGHiB!T_u zG>1m9?yxo8>G`&(lY2ZieRs;OA=kpf(87Y%W7+B4caFxQPrS5>%+s-PcI7#2V(PC zz)C7tdqUxt6v&s9@R0f)sY&}IX4Rn;Gyas`rGZ}zr!Uc@(E6;MdSTk!o36t|8s`)| z=ag{o`fP{VNmc4G1?n*=+;oe^;&Qb2kjKD4Z*L|8!x0>+F;uFtbQIk{@AI-|GG~EH zbAbzU0SLv>-$4>oZo47mX zIW%4!(BTwle+rbUiAAt#qBi0_qX$90Nte8C!n0$6N^X~hVV4Dq(|X#E>@XIK!n0^L zS-{Lnz|_izJ#Fdc?-)spPn>&w2f-S6S$h0y2n0%%#q!v)ZtOwhVN503l!l-H7?Ubk ztZx3jGwciP_l2_j{q#U2SN4ga>=TxR;SX8En9{Kxl?cuqMt3N!JCrJ4k&C=N3-(b1 zS=xCVOto62oG`L+f?7C1!ER%u>xRVYf{aoWpBN}UVLj;del!Z|b$0u0)0#!m5N^C$ zQ{b8maZL_S`eaHvBSev3o|RXgg{V~AeZ@(JLzW!AU$(aPkQP4tV^qp2X=k#V@MXv$ z=e}u3TG~uw5>V*ddBTZ-gPP2(P`1C)C3?H%M?PJa^`|T=QufAYiUuPY4rO&#qrF zl0a!mpx~vlDL-=C!YrG@ECmvojjNklf{m+v66g-BY~#N&)WR&3LSbpbo1iHg{Ukj7 zr0~Up?6oTtJSYMllqyZWVRS1yy8lj?o)Rwl5?iO?2-X?w0~sHA_QUNQ=V!_bkvP=o zqC#O>vXjUEI@hmCP96K$y*CXU9RZF?mEaVr{+Ft`%mJ3RK!;M9%e(fePtO(I2_H%d z97qbN6O7*UmavCx zLU&N1x$}6V(|DsJc%yhelAN9IOBh{4F6UxZ=1Kesl{Zo#BQXSeG(rgDpAlefn(Tk@ zN#~LCVr1}Q#A=lq;TteKD*Tk(qJ8pmYFFKf(O){58BMDCS72mNfH55<*We(Yh-FC7A|xmkPuW}byY#%Q zv^-%PJis(QC4Lefeo|@4cbkqcYA;?llSTcVaJ!6futpgh9Gy*oIA(DelEV3^Tx_-i-$TgXO9*^G0j;y=y+9x@kox0Xqenz( zFIPz~*N<&|Cj@M=kwa+v(48IV4i&rgUMF0lfIxzPPsI3=Va@qAgkVeb{XlkBf3`5~ z>2Zg$xHtoYID<06J}jNG^~bv`VVtjcvkWG1G#&KHAq%U=c-89+rA?63Lg(I(yd?!&w(IDv!OdDB#a1U~);5CgUG3_&UR?Uq%$Zj7WWtZi%U? zm7L`p7J?i14*9i16(U2L+CuYtM{X4~xurGZg^)Hq%rT-HrXU7Oy5+=`bxq;u)eB?X zBiJ4&VB^iK(`UrSWkSJal8hftQJf`Te7#iwM0^K?d< zwzu6-$wO0%M^g*Yz;^l4+m$a)SVT!!WYR-f{uBo16ZhRa?)!k>>N=x+Z=5ThansUfP2GhDx@+ z0hb1q-B^H_>*kTF#gnRq?8LKM1Z#f_l$QvU$GMd9{BvYNO~+Y;5=qtWJ6j|UD53-u zq2yC0#_n|(Jf4ue@Z%y@P$8C6$;e|Y-Hto^v6LE6QmbK8tA$|WxR9(&S|X~1-hH_r zSWZCT*%N7jx=1cW34z)8|a@Pk!80=h{Z^~L?x zAFg;J=@Hd|o1tENOKO+(p#oVZkngCOWx)k}92MeAMU+cLC?oV+^hRPc;g|5y=}G$# zYU$hveb#_MakyeixMF$fJlK3CN_K}(7iDtP2RIEJkefojn?R@$GKc@9{TDc7yv*cS zAU9J)Ia6ekNZ&Rq!=!W_kpT$F08q_IuMVzQsVoc``@hiyt6>MLg%AQ<2>H(5{{P@u zFISLfZuXa%p}t3i*vYYQ$c2lD!uc0YF&`bahB2(qn9tL3_d=MJ%1(|i_BTtZvVn#`0P1@dKY-0BxpkBK3mF!~&mltQEKa^9QDYRcE?~D9Z-mHRP)~unz zk>G(58#U2eGLsj%tPZjX0?V7+=jUBzEPuVKwn#6{DITBa_JPaUB7+Xru|wtCpWe^y zmJhXUqy*7TSc3fCi_bN$)9`O(8x(UG4uat@jaOyuROj1@uB^(lqr;=yIORR4jc!h0 z=7H2ta?+1j*QO;%8;?FYhwVXSZG?xAinLK*@-3`NOq8zHG{cEX%9niaU!?2|j%STG zPPTpxZEtqItGlJS+S%Jy;fww+2gi18tG6)=H^!MKngMPr6n?yWV%2PH_0X!(sw?Jh zwZzH)o1MxrAbDx0uAMP59p3v`9Urz#n`EU1Y|j#Q{z7_I428Cy23FSd zFJEA;*?EGo`ZoW_ zt?Sd*XtxI5R2y5T0F)z;lqk2BT=jpzD^3PgH4r4Z3Fw*Jvz>vi8?AMP%esrIk021C zb)XaN-rQV9EW|#vj3QgSQ9y8UYs!clOuLp*k%7S z8N1eI!7x>RujdOg9FwwvXa;(ngxZTX-(r|9ui!3o1@k;O*3|`Ar=GW!(^)u%-5Ugl z08iWSl}@2o&=pOvv6#~trme1(L3QE0;I3J=9=ndaQD93WS591W;5k?`lZfES=4V{% z97E)!I*;GV!TXlu~=vmBg#@=M+3vYwF+S7DdM@c#6)suuqN+ ze+CV$kLD~6CXkkrwU$JWs7b18r*ZWQ@S7H=S=ef)(ew)to91n9FAwhxA8fq^Dv4Vi zRrCYg#8xiONaJuwqy5Ky6^SOd=YhPUxs$ua z-d2E0LKPf%D~w>~*mWc#oxZOi!VqS{h?NEMje+os%bkIlpb*{hK zk%xfD9U^WgL?32n#iLF$cwhoqzpq z*XP?gM0sZw>gzk_&(0z@oQKrVG!(w+%J+~9n{`y`=YBHGtyE^3#81)71AQ2m{Lq1- zvv)Y#=yt=jWgvlB>WV&YhyG~td(oJQbirH~sbUnHd6d$r>{md`u6%UtYU;iKGM6K9 zA2X&#Kb1zG#A@IH;ya%dJDv~_&-JTG_yAEEuT&WjzEEb1L6D_Myz!%C@khd#0=e)K zueN|lvuz?Ne$oC6bd5wRjRaHsF5rtun`r8qK z(gK?N@Mz{J(G==mqwx4XCV#ynB5iah?=ti^*8-a?sdtPzt#ZkthWd193iP#-)?PgLG3`! zWmA+_yfh_MSmcV<$3!Y*sI^o$`cc=%^-;^ub%awo5)eiiIIu z`H=XtN7oH^hCBfy?+5+{i7&Rtv=ZabYGd$po+SxioZvSfmki->nw;SY9an~AehDBy z{?E}U5|nUe9S)?}4Wig|Em-?2+rv`0zOBl}E8jFvF;MmPyCbU-d9qWpM(2)W_7YyC za$Y&_)aa#Qw;jwG@s(VX1i!wF^;5;Io9I zJ3I{sY7Kj8L9Vy_;q^FrZD`Y?d(`4N)X(=WC)+Z;Hb4o&S~xp9Z!pHZ>Nk^vvca6c z0P@!L6rt*DcS70NEY-eW!e@NsraR{e^o`EV)M{^VUc(sCi;`g~qn9b8m2p?Bf2vFs zSnpu1FJ(8T5J}IP+TDh(M8h-(-33HRQm>BfRC6A+cgSs0Psl`GUX3Y8J14tv!cdk{ zD)d95^ovj~jNhJLaw`V+?kZ}ZFHepSpB=BzOm4af*f-|bCt{Xc>ZeC8?SSe2xP!<7 z>1f91M@HvcR}A}U*sek-z zxeZdc6%u;xM_INKxQPvcw{O%NO+N-+`>` zYY<9$EZd)qiODZhYZ7!d(ydhFvP9+p?pz6!a&&WTHBdHaD6dqNLztWsz8RvQ(r%eud zE1=qvLS7hpv<+aE3TxU+zsbD$Mq$~}kxR+GG%|Z6eY7FpC&rrXgixq| zsiSgWu4zLfj7?8e77yR}LVDBmyPB7ytPu%+E3aS4A0ovAPkdKaHx^b0*HynC`4U%072^&Q%Um-#!u?fLzw1ae~HXIL$ zmqjh(>esF1x$pa}k!Lv+RG6hDPEL=336WD+R@T(T8pBCZqGDUI_}uI`>dY44lQwf1 zT2KORaT*xlT(#6?_mQVULKu`lUYzEy(L988@F4fUVoC5ErvD~}i8m{HDOFe|U(3g{ z9p`MOog9FVGBbjx0x>_U*s+h9((+KjW)X^u8hD_b|IdqNnAScw6I=#B-RAJ`;E~te zhz(ad%zW=FW*J~RJn}KL075;Zz^PQ~gcIrP2UbPkEstMp2wov~!yy7Qhj5$}71T*` zD&W9~5mt#io?@A)Q1aW)cLZl_#do5_3Q_U20~(2sop-8yYW*;5h;x7Y-NilIy26>u zPAtGjE((?We`@L^xUU(#dm=p-nAJgoW!1V_z?wi~k+i?st~;4FXc)9IC@?UCd`ASY zdf2^d53QVFBHD%gioVlRy8(wiPHK^)QDRFZFhJGA`%QDwdY(s;sijSAr<}lpPNpLf z?Ey3`v0B4^UzRS_kOVLVMU^vo*f+WNf6YpyR#pfVFMgFnXQW{&NYEITO?-!aiHsN$ z3s8__mL^jmCVa~KYLGx(Bk$5fy<*8FE2ty>MLvPQsAWf`l-JW=rR9g8$`_JG!@mQD zX?RK5)VLeBX{`}dYEMP*z^=;5gNl(xXmtC68WKlMR)vgGEpJa_|#GTtf{;>ZU7?b zs7UPp#!026<2LV$t{9^My|;>Zy*!RyQJNhNdjSv&4F$l28wG$cR;Wn^VWG)mG1Y|w z@F@P1gvUZlJbdeYDtih_E%4*J*U;Di!i0CEn>z{aPTY1j%e5Z+&SVC+PwIYmi zY`(d-i1#OyGT!lM2NLanzT#&{ME#+}R|~d)4_ktn&;&Nxs~31m4AlpVA4TU`elY4p zn8Z_a%5#q733vOcN4f*Qal}&-$#dG~v9T6~?mlwVtbeVFb)U!3kkeoOKuKC8kEsS0 zEK__c#^`5}Rf{)MlgNTU9>SaFSvd~qL7<9x2O*6Vk5Yhx9-VNFUr06Gm0E9flahB{ z${4&}?mX0=g)1AqoL|Msv9CwCkxPn4(NYc+e?48dV{zP&-JI}%D((7VuQf|H6DaX4 zhbYoN(W@)*gu~K>)*ktVp1o}b2=J_=slNhd-))`o875y`y*%@67#NZ8KiqxtXKpQf z9SbFJfUW!JX|>luL_x_YN~(e6khZhHq-bn3Ix3l@_$@uj=j@CxAjUPPti+M~MUr*F zr~BsafGAOhVN|Be5C8$-@FYbJQ$7K?sD)DHPCu~FE8xM}#W-p*j(T6tr8u{pgpDke zX0vekT$QT7^i7rDOeCs-9DmE#lM77_B8M|tD9IdW0q9~(?Tc$h@2M$?zIbRj3{zf@ z-CcT#n=uIHh@(!IyPCl^XBM8)8ZY-!RL|Ia$vMhb8#-}2c!Hq>z zQy9{4Ui zDy%magcL^fs)9e1!hV29W= zQ=wGVI9r=mOv(>>McHr`qLJ!3h>w7t)2U)|cT#ZzWV(OEhMqy){jx0drA!u27J^!s zP7iM8ZQ{F|HV!0yz1}Mfq7V(ZQmof;uX`qJ)+@pZnhxo?vzi@%Z#A-uoN{=j_-QJ`)~;CZu2{it z{he-I=G$651#A;+zV@tcdo=AoZP8^@@<44Xk~EPXtNg-qef+e^9v9Y1ZZtVWV3|y` zu4un!(_jSDWzVqfJnwB&MV4Ca#n7+jd7ayol@XVRubX!d6$i4RO>tE1j4oo${{ zrx3Mj8vHAaU`1B>rutbra(As!+U=$EkV5Ci>J0bVYJbJ%(h)e@?9;!I*7mR9Y!Egh#l}u6 zOgD)Y-r6pQZGi7S-_?5nvxcDuC`9B+=y8~w!ur${=X^zLIk8Q~DaxLa^WGlwA@yyMJphZSfXqIC7IgSL~!0cR*d=~p9A|qHpzF1 zjNg=GaKVYB&tA326!VlycJaHF64S_U+0XyX+2}OouQaJnlg}uY%;UtYWL!gm8~9NI zuYuM1t?!?uTJM1-8MHz2S1(kjBJo>5lU-U{`K#i5+R{zKIosdpir4YGvr;c2nbaah zk>oS}z7Z}BD-#;^5rIhDET&Q!kr*B%?egJY89&%2hPumtJPeY;SChgv)c2QF{W!I{k0A zFk~)rYb8u_Xv*Zn^9t@Mog8rOD@0`mzKy^hU}SYMTW1){*$q)Nk6pj#_Hc zBSi7igivK?z=V+m2#%gloAYD2K^5Qm{YIh4g-`F(90`uQ_=03-d4&wx;oW)c3uXsr-aT#e6sCL2I6UN$;<{8 zSZ5~~&h)d{(zk2ybny{^Xex?OHD|yY<@$K#3(jou1Fk@0UhSBBA50fIrItjiEzk?O z>3F5Zr-S&PfPj#rC!EuPt2&WCsDJsVEoXMP4&uiEWbtpu0cc3HC#LakGyMVw*n3H| zS+pYPy-FGX=qExlD+cfQ)I(e$^sNfq&=M!5{-cc=jJVQA?>0H-gy!h(O1|N{`Z!c4 z=H^i7{!n zK!vF}gjYQvFxa8)6jgyyi8g6BQ6<+@h|x?n;}_$^K*8e%W)y!CJt>IWrR?x@|4ahT zhfzs53G+f_3-*Liep_1oeY5KPq7#%;ASS5;!ec3x`laE{|0G?442>Y}d1mh+I?W9~)@Aoj4oocho*6KrBJLM|z8|f*!=EN-YxtE?Z~G#Q zZF_5gc->sc@N4>FKNgeek3rnEl}<{l`{CN3G#i#I+`=^11*l?+QHN%zNIwbYwYk~B zmj~MTi#l#_o|~Rp&);*@1xp$!;?)#Ob!csv_x*g&aFqAwWM;?nAb#a06df<&V5Z;Q zmVUM|*p%AUFr$TSVyA6f;-akk6!nUW$RNY^3oL}*kAGo>s3RO^q#kSDmhluIQBHmR zJQ+I%(-Z6(t{5xw4`OO^;dwO7cxIcpZhsVcPO}?1ngQ2Dd)*g$4v`>qpuabwNAQkJ zU8IH`0z1*uVXy;VI^9KwzdYTsSrr`eK|}@J;D}dH)8sEb9;VV#mm^0cCJre;nyH$J zs>IxiJx$>+!q8&I#pux=j3Gorlqgmx2;5-oswpyLq@V0ke^X8MjGsyBK`btQgBWne zVPDz%5V|bdKWJf9DjBxmJv0jc#zq22=B_k7_qQdNv`l(W6wsKzL0v2RKm#y+C*3PK7tEQimyz}<=$#!{WP z73mB-1KODMYM1TkvuC*d*xhUMl*g7Rw_M=G=xI;eQ|YuZ>~YI94(;w{hTYFI$LWY?$v|*rRs^U?O@2I9KiFDPg6uK(@EMnr;Iw_a2m^-Wh34)R*ti2Cw`|jC;LeJt2Cq^4dKgsm6YA%=ew2pn8{JN z9y4n#o*fY{oc0uH*P`)24J~c$083Fas~kky&?CNm<)|_-&cs9W^qAf{2;7najwORH z?=Ifst%~WY!u!*rh!%Bxe`hx&fK@i&*XO8lK@U`%M}p~;B}T9)6J;(S-T&|kWjpc1 zAcUG&xq)VNkBcOflM#_HiP}u1A>(!L;+lc{eo7fYUIT_7U3yjAYwG1|z0Us-AOwldwWUl%mQYsA1v8>|GWE8mZcrzOgErHz%A~1k zv+(`vUIUC4W**Pne^L!oX+vti&6z0T@U!@wa+`gELOQVKz~)|x-`b1)VIuT z=?|S*JN&<`fPI6gGB-|Fbf=|XOU1vBVXa1E3p88y(Wk;e6mgWQkAWvOK`}k7i2qWk zzw56_I$)KO^#t7T-ST`r;v&?KvT^VrSwc-;i^O0>3`?OV*1O)ElCKx4%_$b2Qj->m zzVjw=^kn#357^g@DziqU!!h+_*sTYg>qZS*PuKn9^78bA+!D&RpiXu+CjznP)% zmHa|B8w{P*!A07koy>?v$<)4@hrqKhny!jONR@!Eno%fP9?{c|FOEDBT-=CKnrL~< zG9eWmV zkV{x*p8B7oXO0n;2T^+5ANv5Qv?lml&lf3v{oSKDjg<`~K zsd-3PF$YQU*BCVo-l!y%HQt*FQ>GtMOuzF1IN^0;BGf?TPCFg6Of@txlMJw!5H*}n zx#bp~t2km9K;`Or6*9)Jq8KSEV50ZJbH1>Q>hT?CK8R^e3=M15BSIA&|5|TU! zkBaG0KJ=kKgFU~Nrno0zMp}-UG4lKYm-vG^aR`$Vpu|R(<5TS5ToRHU2(P?c6#0RN zw-}hFmSF>$b{;puP&5aD;OUAZlK{@*VzFVxoXo}VlV_wgDi)65GgXPl8I^#A`wMbG zl#s!}BqVbXUJR2&?h^%;#SCHc%vX>tGqcPT)$@GYU|JFq7^KcwzOKz-!y;!JUkFr< zJ-oZ^pU3`R9X8F@=bje=4#%j=j~+_o21)()lOyaS)It4Jm~{@5P$?$ zbJWZ`nFDzh4eo45wd#^HSlr`Uj)K#X7enMHpo`GQw3HcfMOzBiMlZHql^fn8C39|2 zFj4V{6^u@pk453*n>bjOgrot2s4{_Yr>#3|SwObf#X#L8YAYNMXSWy`CX9k4`e?Nz zS~DS8;%GHuX(pwQ#rq1^0&7a<=AdBC;*miB-Ou6KH6VQn5L-P14E7lLMncV2B`#~r zMI<9QZsR-Q2^uBdEh5!q*qrt>8(p3Rms14xZjjpk0NaYg&~NDlJNBZ;KGrq0%EdjU zGZwi~S%z^@kU?NFQU(ZO%j~MwB{F}HwMAGw^Ht538bk-k#_zggHTD=a>ztX@DWA#H zuq{v*|KPJSCCO-70Z%?dDYWx=q_&l3T$0p9q)P>ztT+}8?d`7!nE+$6iru} zQhHMp)vaO6G00-qDkUi0WxseK!wNu}XP9k!ZG7bKMpMmRV0i)WOXOHdMrZ``Vz&Yw ztVbw!C{7+*c|MUtcIxNNYA;?^r8eH2A0KwFMz+kZTy*JgiZ3T_yP+*@)lQ>IejeSq zDczYLpo-k`-AsF#rN*zK*$&mYpGWUzqc2@v!XXF#ZRxSraSH_7x({;=tT)CkE+R&n zQ}oK+&(ITN^2|g{!_%`0A*b8xv76oPDg)zG%NxE-#+<-bCNYiFZQr$Z#nMvcjJL|5 z>pA}+g9VST6EcCU-2q*l{*Z+ms6l|Smhr-dsB!YPlE8yt0z4Br*5#0Ee8iSL_Yq8U zop1gp+?`f3q!qui+ux5S-?^HgxsqAIjgj2BBvaRq;Iv(TnWVl8BQvbyJ~2~Yc5nO3+jJI?_=wA;f9-QihLNFjVqvu0`~X$d4n_0cY_!bfar^Afl0(Ye zhM_jWL7PD*J40y)>G}7>lkU@Uqz2MJ-PDn-x^&ZZgS^OxZ$*#W$q)9s^E@uEoJ0&8 zoe!@r0aqMH#1(dqO3}%ERdzzVn&g>B7xb-!Q;;jJ)~eHR1+HvuV-^U7v9Orm!){gE zVx?a$ftc^O9Yx*NSJ~r(r~QZW0N*Hc!i!#sILVV>l`LI>po~d&tLAw+TPq5-l=*a{ zsT_liAC=^xKJSO3KZ?9HD2ut29397a28dvyeiYenh!b$xJzq3AdM~CPQo(<;!JQd& zZ2_;Y9>A^c*UfS!*;QW^WIJPXyly-*8Rck z&VyHtQQZ3L_FnxoyA|k9(2MrgLqe*x7*MQ#oKTZK%?Xt42pVabe0+6Z?+AF=f?}RZZ zcJ`?e={3L48#L1z4>KE<{hHyGB|?eHx=_o)y#ca~IP^)6yO5cj-d885;u9KJ;60h>B2_SpJ+RTLyW<*no(#ilZWWf?8tlS2=k2!) z7IAv~cRaloCYJ?P5UAR>nQl5nTWV%}2`~H%1Av&Pp>DhLzVG&bc1O&vUcu1tV0yYSN>?{ zHETu>rTpcn))3ycSx&u3JDsbaZ79hqCW0iVi|I$>d3Vj4FU7a|JA=;o?{he%>;I-G2*|T&M z_0Xd)X68w%dAbo)y`AF}7ARAS`%6PuQkq-$kN-;4beZ8NO@eT_U@TeZ9 z1ZyWTKIp{2#3hQc>B9DdMN$~~@AbN1IEZ!4D` zZe`OgCYN!hvkcke?T#UtCl?s_%{cL|Ppv#TtkCAHw$q;jNB=c8ee1mfO3 z6_NHM8-L7b=lL5yw?Or%Z_sa|VaSgO!>qY%RcgAzst|^~oOv9}x??lL>Fz^|z`f@LcwRJj2M7 zj7KR&oVGT@F6+Yd1+*|gY>efPH@EWQ*lcq$12n*NCWG6lXyr%CJmJ|1s=nW&=j|%r zDK|f>uirxG-9rdWkG9>v4&Fh(vZBw^uU2Gy?81FM@a0~l{-W3KTd!7LSGIVc`eN5z z+tp^*`#zHIy@7fCC*tkJzkgt90vA6dwcsF1kOC+XBmcfC=bwxxa7ph$ps>xU|@{P9vQvHNrV)^?Y(1EKpPDG&FYz}l*|!rcgs z?#h~wgIV@hk9JmkQ)IY#uSN5@<^h{C!&n`8Jq{GNQAUBoV`x{h~ zO0|v8#hnz0&9O*DVR!tYte*pfvTjqByZbK1*WebHl3Hq++S4=4xP!d9EIg>_-|{P zPp0A{z#&xU&91SCmfV6@LCQgk=Vok3zT`>Pyth5CdH)jp$n)zPv&)-C0CQT+ua3Jo zA_WrX3a+l~zpZIPh-)cgR=Z_x@R^mkcUl-@9irXG`Y7zDq4S;n%_|a{ayCdR;c!i| zbf-T?$G$D0|6^4(mDAV?D=V`4O2Tl6^gFDq|3&4=pRIo-zt^d(e?rA}YOROe@FJ}A z*9MbI`>Yd{+mt{>`7gI}=k1wwW4O&u8B=@Jjmd&=Z`A)gH3Blj)QsU`v@0)$lplyu z&iK$)Vjew7=(>>5{I-Lei9@qxBS~ULw;HCk^ao z5?0sIAFs&92%K&%#|+V8ICpdtI*`B>ZHapx6>eUDHH&=9k0g&G8>pAgAMI9A9gI^F zbioHRRCaG~fo)%>0OqaO5-NdAtVGjQFTP{X9?mKjGZ~F4$;&8}6Vm-rkhb(;6a=C9 zSU@E?xgtVCvu2{UPgyr83Pojl)Tl)m`bYh54)vD$T7gxrzd`g*aeUi24JVbBM?HGx z8Km;}ER@wn@1#+4v1Q1jbcq#x8kke-<5n(`R~~$QEgQ7ASr~@)>IWVap5EENnrNl{ z+az*wYKe!Vqw`MzxL}u%^HyBxpHK)Lnm1L)$3ks5<+l2qmn{jCRw8>CliwwSu z4JcB%GXTFOu)ZHnq2$tU_}BUZW^qELY(|(~O{^HxGjNK)%y+=BG{ZlI!3_ToO;LeNNZZ2pUbi5{X^g7Z;$&g?cPEK@39<-iZl9ua<}>RM`vLvX;J_MFuU6U zno|?(JE$UVLsed<1H!bp5 zwnlVQ!U#0~$&#hp5o;o1xRCU4j1tSK`iFroVxQM|6q*#uHD2EI!!tMHqBMvr&;vMN9^WnhN|_KLvY^j5NaG|7}1 z_8$M=-lj(k0>=XQGuR+=;QB*R!xeNx*%1}TaW%1;Nk)W0 z0jNxNVv`rZ-xtgBT=O2J)FONgP&hU{RMEc%cQLG@j!9HNs$s=$QUl@2g{+`~KJi|D z@;)XJzz@LAVy84+_QLae@)pPsAkI1xHob2hH*KL*uplb*3`j9cG;O9-FefT>RrV|z zllMZ`E`&9jzWEkTvpxE9VC{5K)1@mJXTjUUiU?JQtKR|9Az+z(=CgRXG#@|frK}m! zvP;Y9wL7fn#q_-Cp@-S|bQAHBIZ2afyfivFd*PQ#AJf45CBaXmzimY|uo$^Q-HbB+ zf%xT6+!6(oV^b zPWIagpCeq;#y;czyOu{L>;Y~Z0(U#6$z{hs_n3AabdfeNy66ATN6o%i9eV;C4@;+D zsnc>QRQx~Lu$*Gi;&+#r-R~1h94$&LZgt$8=XfJ;_0|Z*VQQg^YEm`lNQ;2Ro@zWV zc>{Y%^~gMMyqCeH><`w^qPNcmxf{QLyUo*J?(rWigG>zVqtqk2!SVQphan6a!~E*D zS>RN&o%0LkRl+z5j^nr7=NHi&Ep5H-luDYEMO^C9S!&xktdCkr#>4f5AjPY2Y69jFqpRl(VVeEw!`?PNIqKPa7)8 zYC#u_#1W8ynM_nK4>~=+4og0LSo1iWYO=vG=d}#z)=z_}#%JVTi?M*{T|_J2WD<(a z4rmjY*kfgZfu^8xs@=N&bA~Oh?N8ZcVNX|XNXXL9q_jT%Xk{U&63prBi17Y_z>YY^NfgvS~e4FUkg| zT7y`&R($#61-OZ5)4}Fi1(6%H`omE5mCTZ4lbtYnO?!wsb|yH?Xi_n@QRodAAfG08 zhaBG2<-YQ~?-H(Y@~LM1DH5{k^I!KlSq6C9FwOLq>u`8-;b6ImMX2ggY;|lVEk`3w zflD2fSt9MJ)g89c-JFWMphoHX$xFD!^H+gY#z=VE2z~5ZFiItjkZFQa$Zvkt%6NtK zN#I;t1;7;?U!vdI@Reh=3O_9stfA7(X>pz~yI%JGk9%E0`pfa9dhDjLT$VoJp3bt2$zB;X+7t-7fP6DYbq=JFU_F#r~ zINTnjj-86}TuKfD(+h~N^#Ia|0LO};P2yP{<=6@QuQkF>1~a_Suc`s z)fFO3$cZqV&UBjclqGE2>2JtHk`jSzM9Abb4!L~0r30n5QMw*;aZ8%+yHwbzYI!+} zwUiGVme36+;64?0R&J5xDM}F_LwzbwdBvvwFWiL)Mo-?)n1V}+QC#F@_n%UqGRZib zIxO5pwdMP<9?7E`A{-2S*uF%pE#My|gL~xrG_Up6KF$%Ot>CB^lfyJeLl0QU`yD@HCJ7ku{OV_UU{+`I?K=>UCPCPj zsbL#}4A=EZ|B5jX-j4MtgkF%=U`3G zxDW2Y>mBn}^|pERqjeCX)>NV_;ZVRmmW{*PM2MM0x*a?H- zVaOi-aj0j+RppgM^^A}Lf7u}7O2}F5rO~4V*G`YG8o150;2)&qNPQ0ts zlfSC^pGi7hXV*ggtf6Y0m%_K%rCG@HU zftjifDhw|4ypoiY)ECi3vw6o(!Kn?ZN;HAd)X!d^Hwk@Jl)S466Loq& zp6lYji-CBM^EJd#Pq0q*#ua|e=?sqnaNr?QK-e#=KpspHIcr74QHsPUc4gcs-oJ6l zk&r!HKA%YH38EcJF-Zl>E(DPQj2r1^6v6~BrYA5!;P8RSrq{X$_L8wLRDttslU$)i z6S^^-?0D8GpkT#}>EX@ajbmlU$>PU`cBX0o{t{%vI9u@FjvkRz?DuNdFN@^|8i-~S zskfBT<#b_bc2qSCeB((Ox}pmqi6x!lx@|q!`X!+-ps2!bNkzVX z9M+-|gTz35Hwe!*wK!6lBBjfV^I?lS zHkMjJDS?>OcT{1V9;+padQLIHjQ~ho@yHzg*27*`ErO?{;)7mzvf&)iV1pXP+9^yUH9=(VbPBvP=M)UG{>!g`rN zCm*C!;}V4>O0bv=RE;C)LeK6#-WKA6+fo`P+q zrXTQ82Xo*&^?KLvOV-{Kz%OG&3^fhy&gqdoObq}ksX$U}A6u6%SIrhFIzuM#xQ*3(agKwTogx1zx}t z%yQXo?KI~>U*VA#bU#(AODpms`6CICYzR!p=hqiSBPzd$J-Zt&0sd2C5)@x>yd(A*4#1ob|*#wu%@l|gd zZj>|n9c#99LooHk&Ni(q27ljFHd(*h+#fRzU(Ei~a_%h+cJF!=xFqgDBx9pgfq+8mdiJDq zUQ{qOaQCB)qN;JzB$?gl&>y>9pVMa+HrCx1XAqA&UZFP`V^>5vo~?AoKgPO3eH!t| z)vjfVqHN^a60k{2LdC{EP&}C&iW};ONafCwC;SwCjGG+J)eT;~Df=$#X29BD*ssh0<4~rK8HcwQPqYp&053>QzhTSFA_X z9f)N=do48pcL_3wg6C~n&3jDRsC3<65eZ+h2rRzfmgMbEcD$DZ#t{(!Z1V!vb%T6THWsql@ZC}3M(uB7~tgPQ+@m*RDX?mwyMj}=0_pAdib z0n@#K<0H!>h;mNSWx z;>Nm9ioYgcR+u%Aj%%+H#0d$l(QrxHcR>Y;0T(~6|2-J7UbmxsGNQC91OBIo+4GzV5L&VM!bK%UH+5(y8cn)i0=2dt7K8pi;*|KXX%M15xA}(%98eagopft z6lRRk{eJap{~*7Z>PqlYW;K|6HRU2+$(NGMi$+MZB!X*FE{m7nZ{xrB0}845MQXQ* zVkJo%Q>MuxQrBV$*!R3-LAJbB_|V(!mfvC{v`gbo8RBh6cBN`j1|{(tK!K*9>}Pcg zw$!f0`bKzv7NZT`DuYNtsoV*$_Ii^NC5x1Ek+i;k6@qu+WN$=W zm$cd@9Lm&i3`;PJG=ZDElMVZ8;Bx28gm=OO(R1kyQZZ?$C9+#$5_8|~FHJTkWyU0s zwpfA-ft<^WvVnsX{8wsJ%OAaT0RSoy@s=pDImKKTf{DU`ow&xaUShJ1D6u2O+(Cll z56uVPnuLjty%jB=1L!AVwiUmA1Zt7Evd4<0(igMr4H=uw7EnJ#^ovu;aA==L2g^3J zfwA#RD(NYs6rwkbPZSt&*|n(=Rk%0M;knz1m3x=s%P9fa=Bk;%?q>UT z34==AV>(LgYwg1V|DH!IUwH#A-ho) z+b&$y2zjly*C5i+)Qe-~kXxz0y7b&O7x%I6IZ208FN9TnCy|rpwo__Rt|jqhK#pLq zWU5{jMq5tp=(l~_wsSU3u|pE$%9s@EfG56}Ai|DlUtxl8YE;L?UJ*@W@^wQ+bgqTg z(~ndHDo8PQ*g_ly%T+uM6O54rv@eRx(PeJk_4~5<{?mgW&G+lfMV?;9RQ$JURN^3C z$gKsuT=;281l=SI!|#-I`$77MXF!y&1u13<%XI+)PaCsG0)N})jg_Fw1ZOrx76SX` z-v3P_piM0^hb0ZS7%m;X&(-=hG(U&ZOqsvXb_3NP#9O~a>Fr_u*604odmJQFR&{R#@Js|!8J<4@`O zo>8{7VwI(p1*;U1(T+Dj^TDDTypjceD0=N_&!{drq#5`=~k_uQm! z(z$Q6FMJ=UNJVXz)Nu|{=Wt}FvVIa2}2k@_LAgyOe#pYvd#Oi*x}cR zx{kkZ)^)Zg6Xo|F`;*D0I&|z7`rk|1*OvUVPM@Ed1pK1+oJ3%XFEocAXh zW797fboS^APG+W7uxSg$kh%*za_8A&*Y+pEVr-VbQDKv?%lND@mVoc~Mwi&qq}8FPZ+UucIb8$y3R&T54o0 zReU=M6R-N!`&OBk6qIohulLua^;MtiH}kjhtnq|-Z{3DpxY~XcON}Y!a+XtF+&Jwf zVgOWPaKZcxZa;&w>4guS*Bbl*Z>%%Zi^8 zS@C2h8?3ix|k(+YC$g6;>;HmD5H4cneasXN-uXyX~M5Nd+Nh-{^q*z%zu>g`Xhcu zwc{J9dC$LRIJjxxh?mAs8!6^c8;s6!iJB&9x}r+OfZ4^ki`#wFs8dTcQ z;CI~x6iMc;3bkUuFFUNyUfBYB;f%J>{is^9Hd?S3@yZBYu+F``d+%sKI4*TPu53xj{;~L9vXo z{FD7p!CUbtE*hDtj2-=cDd1xM)h0HbSxU7*m1X~Px)FNyt$7p|Eut!e*r;EcDFA+V z8llObV$7FWv-1VmPeVOem7xJoeHWCZZp#-~W#Cg~P-Qr?EgWS5YgEaMRLQ&%tNP6o zQA(e#0Z7*f%bB*r2yi{etU z9@KwiM0{kV5nb-G-96LXWL`FMb&&9W<6TR&(|F+o`aR+k0?MZV=L3Ewenx!B9C5JL zclQy<|FV?*WhsoqUF{EuJoX-k(S7e_=?dl>p6V5EsetlLA_m_@*sxnE%B@rm4jsKl zHV$(3Kfs9};5(%Qv)}i}iAt#>; zUke3hVh3hYHbRYkBn&GKsm?49$((1#C{ilz&da~|2aW#lhZFn5cRn>0JCf`R<DCefM!;P%e-;%ZcqkoO(62T6Kn+Iq={g|0?#hapE@7iq~tvnj6zA3!baoC z(`22zhqLV0`S8~H&iQn2buxp3`5Nk_;K|_H-;lBUMD>+kl4Mlg2FmtM=6Jyy$b;F~*CxsX8+z~t3 z>9QJUjhMAil3fQMUI!o7g7*B;U)i9q;=pPxz6vcqea9WjkA_C8o-P^oiF|m8d|c*Q z86+*A1~;-(Xq-%4G!$Jl;$IkMqrL)GHSqTgG+t)&s?MHeSKT(Se(GYV|06!=KK13< z?fL%J^={Ll>Yw|o9q9wo`1fVhIb|7xV)_O>bR#A=PX@1GSY%U# zJHLtyQSOwGPOKZJP)3r;pEscJJh%V@wkCTbk?(9x*4fDT2D(Ao|eLb`IzKnaI%@$ z>jv4mOJTy5nuxPeV8{cuM3#Y2mO*hNc%SKHl#Wzu;bPC7>_=bXt+e0(sqny7t8gU9XVlAe|#FiJw>3$^o|NKAZF-WwDT z!*nC16Jq|axf}^{oRhChsjo^i2A}GKxB_~vC57u2QP5JDHBq;D33uCw_g8a|y`A#D z`_H}BpZ~bNq_;w2S)q|zlstwmHCm08eEre^8=H`+6Z<9s@g)+xQ9Xs&K7DtmSOjdf ziO$kd#6!x_R>~1J6#w8>mJLa_+u+05;Nuk0z4Nd)dQZZn$3U;gFo7uM>GtRlC6RZ; zl6Qn%@j=`F(Cw*-GP~lZQWo|Qr5X$@UtRjVn?iF46rW~HJ!NPu^tOhsWnJDlg&qfa z9_+t;{30TMitTKzumM|KO`Z%U^_5T>jBOja`<9AOR+ zXz(jLQGN|ab`3|EegY*Q#wEk(9Bd&twh&HiL&Y`f%hB>G@2!lmHqL3U<3(sA#PFJwoWwFiTIR>6pPMq;dmk1v?8c8fu+1?j*G**7A4!pdQZzK#2Ym7 zjEbwaqJX7F(y>U=5!R`$v4Hw9u~T5CfH!tm|0ei2@KEK?D-|;M;Q}CPrsHUNM08Ky zaRphRg_tOyCG_Fs;6q z!k(Jrikc%#wJPLjiIsVvLdmRpp5FAFx>4e^JSIBv%-VB0muZB@=CGG87>QcUH--8Z<7rSKAg)&qq5P+E^4lO zd80!Xs1XCN5rh86o9WJ1{F;vJnvO8D9jf!+!Yr8pmQ3Jw#Y4!UX&hQ14vl=C!7OtZ zo5I8{__s*T5q6I0?fM~y^awN-0*%Bn%5Io%4c5R@de&tcDjG@tRb8y z2KTYZC%jh%3=`SKR(Lb&@>X7O+aL(3+{Tf_VSdNjg2M0lj;mz-ruI~Pyh1H{bal! z2X_8EO!`L+|7vq}2!`MUV_eMeReR0`0h@JmfaKZo=G_g&Fs;dq-LvnV&)rmPyG+Bw z9vfW=Tva{|L8>MOWmxc8NG-ntzMw-ZjJ;JIUQKiIKD8W;=s~Md!(FT&$+Q4;{)i?K zw)}uCZrmX=hC#FUx}(HiFFr7vXrI-5n*%$Qs(iMrk(lb2F|*{(+Z8c0VL7jISQK0R zc}(SH-!_Spn+crY4_=%Td#jti>0Nj)b93E46fCe=y;=VzBZ#_H0DcZpY;&PFxlqnY%M&AV*Q!VT^XW5}5TXLG)6sy}2f}c-E)&^VzouRd z6MPL56{Gg8`I%Qiw=xI$trv+Kcw=20gkGWut9la4`lPMk3Bjpb4Y{WP%iZoHG&0sC zpelHAo4wc41mDs`C33XYC2NVUb@|F|U1B7}1R-rTFn_R`))rfnx8FcbI%>YFPn z(UKq<*r&;4Vqn`S0!r-Hl-5WFrkgUPm@=gH6?35k3UYeUh+Z_3Ig38O?0)%QTS{b9 zCXl7Ziz7G~{%;K2mk}~7&8JF-UMs)*Qo-C@kzb*#pN5nTfc}6Pk->}(IExAQCkv|{9;yq+ zth-*Hu5BGU*Z=tzbnbU{l3my(9nx7a@SsT2hYEf3av(XNg4w@fsay%TXna~}{AJTS zJf`lTe*@A(gdV1ry<>t%3SV_*eI5zCnFD0Dn4^`1?T5WdgAxzC{5 zE+><^tIXFe%UjJdfizXHRdpxgH~NXjYK&oB9w$dJhTjX5j2* zP??oK)KMfoUq?J&mz(C>!wSE7?>eb9@)%j}X=RwyiJ!DSC2cp#vddcnd1!zD4I&8}b_32;`K{WDw zf2T4@+NIC|0wI7vF7@^A$&n7%d<55gmp^rrIIoXF<-M-jLL=`pZufXpu6%^QRR~7w zUjyp!q@{hGy9(d8nSQ@@e5O-4 zDs^QlHSuHh-{P6Y&CX|AVJLwxlqbQg@7v98r>zo{Knco&Nynz~i`)KT`x;8{8p?yV zINOU15i|XVR{V#K2bmn^v0*M9LPxBi<8iZtpN(%QH<~dm`UW98#Uy^Xn2@=c94K`J zN%^kzcH$g$_!a)?Ppt2JM)q|S^5epU?84-r={s4-nJ)_g3VI2!wo`p1>%T!kpn7KW z;(&A;sT3Qj)VtzCnpfW1b9sT^KoQXATXs_V8ct}1b?$q$l&v;hXZ*PF?iH#JYjg@Z35CBcF{fKerC3R&?(K{R*wGPNj$`ei!)#3+>!pOtGjYl@ z)1TGeMwxpL7E|d`lWdXga-vpBu^k!Fti#Ie%~1XEOqQTzY51c@MH6^ zT(`Ac2d|;Sz4y&V4Xw5676atg7f8PF|Ct#I{k?B9F80B*?Hm`!R0_*f3W!3pda1PO zV&{BEM|?-e-x*`V0Rp{Vg{j|4)je%PneESgLwA2e$8Q)Xc??unUp`Ln#c0lbL3e*a z$76`PQg`BaFYKrOH8Ja&q{Lt2NI$WJ0ou^oAL>8Z=bDSdIDkJ+?>wd{85Frvg1 z&5p>u(YWyEKF4_b5FR%Z76S}Q&{@U&ttx-Z7)W-k{klm|Qgy>xRvn+`oHDxK@!t93 zWS7~(NXpbmYNEKbjSEpdG4oge$)3xSajCk&z z`~ElX!|4gjL;AK%bN%0*ANxZ3nK=5HRPm6GL1^g8=*!2m#C7$|!22hotv5Xf6s)a< z$iLOhE7kdgHo}yWg`Q8Z?(Ltezhe{cRK0XJ9!t%m7d&IPS%+OiH0-aYkMl?@PZWQm z!!+Rep~F38!DAIozv?l(+Fi0C_a_V;a}IDQ0UUbSXzu%&kX3kK2~M^IKUiz&0d2m+ zwKatjm_m7a%-ic(uKkkS))8*&Fr#Xv(6$zoKwAM(QGP#F$Da{@a%h9lU?$FB=B+|q zZ#}9L+fM1VLaNHQ6*%o{0S>zaC4zD@tAihHSqMLHDb zGROADj*+(8kD}YJknlp)A}3b6fmy2|-zD;Vu55J_@XS_f0>If)sXEg1orMu8&O(!J zCzWC+l}f_-(m`&`33al1*F&zOw*m8|7vj9iqcEG{fstZCP&r@J>}C(krtPdD|He^6Ezaf|ptVGf`${~I-q`G1xx zjp=YiI-H`Q`5@xICo(PL#0}%b#W7_!!5)x?NH`)APC?U5b}Tj17{+GPs+iq$>|{8q zdN`CgV*e$~K|-?r#q8oQM_?|Pq>Kiuj0Pqoa8dJ8@;peJ>VN@J52pwd5B}_%$Gt>~ z^|F>7qcbID zRnP^MZ{Ou=ap%gFp4M^!%$dAK|_b<0gR`f2@|>hC4Hnpe58>h*-!qJ@4#G(#aw&z*Cjk@gBiyS56dlv zT<;b7szR{Ledbp!TQL(h*m<(%<9GCPu*#}_044fTYUQr$pk=({^Y<-g#R!{;&Y6!E$NI|x%NDn|LhQjqF2=k>e}s&3NGhJ&6GibV+xO)*UpZ3xRH zlO<}Kix7uX)HXij`S=qV&gvtJ>srIE;c&lPnL`dmkVBE7^zL@r%e=Fy^WPjC*laDC z74e}+5z}M>dOFpHZ^Xsx%Fj^yCpH(uyV(C(;`vzOrLOIG?|VmB)nZ%L_H4SHcU`oi zp2Gpp;eV$Z$vQS|B4VnsqpN#(EQPZl;eVhe_ykML*Ah2P^6;l+_o(IFdK4}kfD8Z2 z*>GcdH&h#9ItWo1gjBqkUHL0@x%822&x&TnipJ=$N-0`Lec(x7FWiRKv=5@t2dMzj zazyP1!ZxxY7XWD=%Pp)9NX49S-2Y;Y1PjKBGj)U*tWl~O{^>(OxTy7a_pE0gs)=vH zq=O%B_HHL$$#>nn3sYLvAZ#~QoUY~N`Y*bbl=Sn)yFuWd; zV`xKR+Zj_3RreN>XqnR}nA5-}Asauhj^}sTMu)?MZx-j}+sbh?P4U!B@$`FcaLaM% z%utQQpm)l$EZVz&Tt3GuoiWG<8Cd6z$ZLqY*gWzE{}|S$GI8^1A}-GBmy#8hD19na zXpB{8OmWRGzP10AY|RvJ#S{u9eSq9R7 zZiP1Hc-oAJ*VhYHh5zlST3qfLcEg_ze`j1hOnSO4leM-(5uw}i0aSlI9@ ziUyP#UzpN`Y|?!__Fa9?W_Uk?Xl&N5^-T@yg-dRe(=g(#47Di$ssMnlLTzuo_MB=0 zLqK_Aq%O2eclJ^>SW-3YXuC9>`pc;Y`{y-S&uiEx?En~JAw(k+9Ki&qSQb*D-3uh8 z^JVWL1_8PEU3cp72JjfM8X^f1`k+!-iWBdbmdz1(P$YlOU@z0(`Je#fS)4D2=;ZTf z{$ZK~lE(D3P%K&~vSE&`v>X}Hh>d8BBuolh{QxTKCobwI1_=bVVLlHK7Yz`D#JNuo z#!UCre68>~YuFj>tU&AdNT`6RHQvNYF*BOJ#V?|?4!fi-k~biLC@*ZoR{$@h`e@$b z{=02|1{{z9|NE(#P_fZ?9b3r^Pr)pP99`T6uQd-foDuYvuyENI%*(g5Og8y>?0YV{ z#GypuN`vJ}W26QRxoZEHWuxUvqks`Ls+FSkd`9$Z<$mNP4~ZPjaN;)-V>J@9A^Vd) zV4x*!lp&4W2guRUi|@5&e&X$>{PHcF;bkEX?}CHsNjVMi*bQUI-!J@9F7iG(DEyf0 z_fA5SZP5^K&M;=|LqfWn1q0iYH+yY@*w2kACiq_LEuA3GE3wZiBdc^v@0SPLjIeo) z^%N_~0IN)2+dn+@%2M6<;7M?hy_WcDJ&+X5smlKCwrRuZbtv@d;e*&E?@ABJm62j! zIj?GW=*3G3n_*2;X|zXQY)%d%wy<~!r6Dkz;XQTXo5n6p?%7(2(;Cvo7vi`vZfeFA z^sjTTE9^dMGPg&M$CJ@GyfyM!lkSt4q422Um?#7Fje3N}(N{8J8;F;HjH~Kj>nUmJ zkwz3T8W2^H0b1fF{cozfD!&HKm&^AmI#Y!?Z)BwB4~m4Wt%M1VW9K*-BUQz~!LVM#%+6hRdT*paF^4HksaSbhK;_JI zL+tj)QAfFYK-(E#u4>bnK}6H**1kis z5?Qgf7_9?oGAy{v!R1S1L)Az;HY#l;_S{%lF&}^D4S0h1%{eZM>5=fQ8199u+RH+} z2j(9a|2@7FYpQm^W9!gU^7$AGql3I?0TRnel*HPqk;cawDF`k_CKFY1P#7qIIJk7; z?n#MkS=6ym6|l_UdJg^(0#gu1!qEpWhfo z)pKjx;Je4_pXV&ItN)a51b5~>g>!{y)^Wr(#$q{;h6%yXz=v$=iU0kuGj}I!o*h?p zR~`c%D71#lF5X@9`8V`Z^~(~Zw8YA}Ru{s254$Zp&fgAd6ThNFEi+Os3;5=)+o|vC z@}E2-8_U1 z?&3Yx<7{Y`vt$Zt=o*vCkz%>Npa_)unTd+$bgGm}zb6Oh>0dH$;0 zy7~KG3EZ3(Mr==U@FaZMZv_Kb(;gWsfoznehcSc??Mq@qJ&Q`AX(T#sPd$BKPrrFP zGD_a~S{(Nj)A02-vPW&r5w_xBVt6wSIjJhvp;RCK3Oem)XOdw7Z#+QX8t12K@cUw#tprXeLF? zSU++zaG_CN95>ue?X0|tXI0T#`>8}}tgQxVe3?-z#mB{29m1vGz2)a`hq~;1?eKLm z$X$UrHjG!|x-K-+HkxIooV@CbK4Yi)g`FOba! ze8D#PPp={t7L$-|9Ok!BGt6$1H#0WlO58T!qfPL?%46?L1}63PUVx*LHC z?=ju|z>YLHJ87hnBgaswSW5W`b7uVE_wdss3+@ILaoo3VYSR@NVNYqx)xO;YoEKyl&Cu|+PV@d>nC z9u{oYaWX2lR_=uDvndtsM2d%7LA$-Xl4Dn%d|6*&+1*LwKhuVFAarLl>}}i$yJl0i z+>fc=ji=c=xf2f0rVM&a7}`pfv{^^Bh=biM?8kq}T`1Lfk}57TQhuow1Ppkp`6}bF zx~u(bvfSVhlg&|5q2Yp7cRj z*EqAtM}$t|zg0s&o6dL$<#sf$C$dj@{w$s9H!oZt!V~J)TP`PB9^L0iiX=c^M2_}qGE#S3d`97khC_v@qp`uv*^ z|MC+ei|bJ8UtO6IxMerp*6ccxvrSH!sfKbf0)=wFp$1jLH%2{`c|Eh*g}Aiz@*S_~ zbgrpeLT@Y^qUc`#oz}2(=K@|8(_9BaP`>|>pB`G3M-yATh(Dvdz1Klq70|1dk84=C z#4petelhQiGwc`%H9T!0b?>AQXtT=Hsm*GEQ+*U#4zs8l9og0SeQa*JJ?-nd`%Itm ziQ01&C1}C(r=A7nXuC79x&2!IownwHd}NgID=H=FCk#^6FZ_v{nq%G%Mori!pRyJc zPx1{-W;qr=_A@k!)y`Fo!G|kXC*i)JW3H>kr@t2yYJ=VT^K~Mc3$TmNXj1$$;KSQ2 zYKzkBAe$tyx!N4R8(j1S5weTU;l{v}sx05H-s5X|l}!y@B?pyf6-7Z+t;bB6y>-&7 zUjdRHB4)`UZm0}Hbf&;M3~yMD9JUwx_4N;TRK^sYUdvO3j9%=tcM}M{a*HC5R>UAu zcydM3R>xUkeiUm4-|$QrvltoXJ4a^)gASDA@Ba75?Yqsrtj!zuKd!mnjfK0JhCP`A zf8{!MN7X8?yW@UoE@>D4_hekB8X?JlYyFzFHE%1L1z0XwnA6aJ^)kd_2>$cERibH`4(&Fxx0HGB3BEcPkLvWWuX>lkn!QCB#yA&_3f#U82 zmz#6Wy}$0inc1^uW$pdVWPkR&wu$~MftEhs`6Cu~87vl+KUo{;bwQ+doiS?<34iCY z4~j;doXH6y^%p&rF58>XN88_|zA3Z)dC6#i;eL~s7E@w7fRxe4n8GRklKP^=)*tDh z8~7St(cT9ekwBg=UKzm8kr!6_iVJ#1V^DUO%fBt3xzberitYvV`@l4qYCs)pCnz?o z!A(vttbRUu2i^{8Z<&2TBa|{((>}0{FMM)543J zQ!*k{g;jNg2hd4qKTe__KCmpm$Bwi1RaX||<*nn557%{(2_nx^RZ-PZ2`ME$%oLk_ z><$`GRwYdd`0IMME<9bJXsc*zOQ)?VobjpvR8S8h0 zNh;1IG)nf98z2%aV znraG9qhw1~DoE7o4jnYetk}o-tDmdj(Y*fguCSu=WPVIAS#^b5XC)*>qg|;rSryK$ z0}n|jJuJHFtS{M(cqTM`&)LVC0r)9g^E1uDkMk0K>^{Wb*w?(tT@d?wUhzdVp@}Kk zW`bMOv*g1U_#+%&ukUr1cVC;K`BYMuIUCs$TTq@dXEZY*dEgj6{=P!EGSG3+(wl2h%ws;`ZuNk zpG*C1eT5bZg(GK7$3@yt#%AF*IXqs9?4RMS=-H-{uQL!i18Hqv?e5-~HpwIBP$$(H zi`7c`f11R1;~owR`NDCU(TsTwwS2HpSrph3<8>qJwRoDmgl;poM}KoOR)NO1IsNC+ zG$y$ob#p8+DCANf-tsQX+xnU>wSQiB)*K&p747{j+cW(okJOyTDkvtcFOH?HW>a4C z@*11?vN5p+TrS0IIp5s!dz;lls_4OP<3XQo2Fy`{U#{Gau7=FL5+H7?Bu8;FudNv4lMUEF8|13Ke_bZhPZ+JP^+8^O*`rPXA z@ZjxP7l|X21W9bVUBNm+ewKgTvuK%=DE62%R?3ZntuX{IZ30xAmnNO^pD1^;0$-~9 zWh=<}&EsDZZ>oSkX~veU4?yAXS%=T@8F{{*9JpHTT%i4`r~EQCc81G5HOC2b@wC|I zQRdz!H1YZ}axQrWK1X-7qNuyk_@U|?RKG)L$)$2(Mt1EGx09AFSSyiO7=!fm5vX&u zux3@J${}0zq{DVoie};}xWKjD&08={qbO6b?$e*-b{^dOn*c7BlB9T9i18eR_i>CA zSAmX2fi9TmJ?s7D4TdbjV_2e+5!G*aMP zyk9{E?wob!r&bh%-GHtOm)*_BW>=!jSp#_V9pKF+69Z{NPB3%tl-RolIx<~(OVNlk%{BNC71v% z1y*%-s1aIdJ1T;X?ZZxc*Xum&7I+NYrw*to|Iz?9=iitIFr+fx24~lRw>E7!m&4ik zO0-(FyswvIz;*U->Nm&GqeV<|)!n|zTPbKu>fHMP=XLoTlM&dcY9r5!L`nl;FToFi zxjS)A)|r^u{v!{Hdy5KWy={qa!X=N9$?_qcTd>mG@ zT`{&?-K>T?Nyjot7c8%{+=_K_oXdkePEY^tq5Xt<@#9FVJYV1r(yAW<0lyNm*G$b3Z*hEZoUa2M)t3hhZn2&?ovC*`Nrbga{%K z-%-0lnX@6l$Oy3dWAm}HZX#uzF6i*|%*xOs=_6Au3Hy^u!^f;^sx~!v* zM}$SMRu@wo>Kac9CA-24Vf4P9ist>EjsZIZ1QT8jvcCK}sZvbQk;3$)!t}wHshR9A zckYblJ9h(nchLz7OmbiStlkcS1eFpcloEle*&IVLyfj^TfJVH)QyHG7%X3WNvq*jV zQhj=FPlO)~_xle7W*7pK()B9n@RU?)@ z=;o+jW2Nfu8Ey+bOAEdCiT)hGwB5&^17ySrTJ65Zy}#^Sy$;;G4vbpI^1j383sVvp zOs^bFKVkG5CT#$J98Bw?C(}~W)KdBe5gt?v18Y&#Ewgaj6x8ZiDt*gqrC3=NbWX2y zPS2e12o(Ehk`L?Nz#Q7ZWQv_#wKL(@iS(r}^`-Z|MLaia0)(ekhNqoyx?-g5ZsEIj z5xRCs&HWs8)^X!ioYw+ChMQcvwr3pFChzittD40lA@rpX`rrh;Q+sp&hrh=b&Rtf{ z0fpl(!Q(z^2U5JmxMK7yV)Vh-GLAz4~7^v!Mte^Xgx1qb+{>jv!N7B~#j`VrL%;?}A!wX+`|cfUZsv zvKA&X9z{(aMf~vwkkWTm6IN{cU=FgpDnRM=XEG&4O(n%|!hqYEZy0Yy0?{Tgu_iE? zq@|R&-Eqq7{{V~z0HU5AqzD+!+TQ|-)=V~DDD*AZfK0Z}j$*RQY zh`ZLxs zk7&k^Nc@R)9~!)9v=RteL67#?$4BWsd_fj0jN5wds%&3FZTa6N9+o6iCM_Tqd-5`3s!Rd5uK^7V^;OQIP| zBJqL<{N_pCU~^J|g_O#LluuUH!k{}KD5VmV^6Azh@CW(2UL;x$CRPq6RrpNSrlE#; zzZlVs7!e5X@L7c;8JdD7n!+`9?T@xW2Tg7xE$&s5k#~zzWwV=B-R4*gy8!p(O84ZG zRY;E;a5Xz%JsNXA8Z%oepCWw{#Zz>g<20J*6gBM!_Us5r&oi61%$M%*132|wN-+?r zGZ2Yqh5w#mD|z-X{;nk;CmFLO88h2V@=pOA4v4g+E48HyuGjjn#q^H9FbjB{q>Otd z8vasBm`GiiNE{j7CV2fhNQsO=L6boNKa0mRfivP||2LwUZ$#o^5$O_zRiDU36tqPY z2p?*XvYhUcCdS8er^jiOrS_wi;&CJBSR?2{cs?jE2?thwA{SE77E&NQ<&p7QF?GXA zW*volUMfde@_Jq$IUB~_7s~jmjk0&?nCxcSOk~?k1XW8kc2nBKyWz>#_GtmvV6|(o zix8-CEG~4Ji~i?u{ulAy0mc(p;}RwS{+VcHe}drZN2zFHBsP5+HhmEnS*M4{zdhit zw8Mm~Lkv^zI6Kfv%+i;BGf$B7un80o?B6@QyoABSr{kcIy5VOybPEffa4NOR_O-QBDc8u%%^N(0+LUb)xVvUA4 zWZzau4mby^orC2XLlJm3fo^IO&zEvvF3}L!$KpXbN9`)e+!VCk6k?X@C=?r2Cs=;a z$zW?o9T(<`CCkVq%Md~&eWj+a0;qR0%_g$VCW2BNNXQT#L4=U`Xy-XD%Xuyt)1k9R zGW*?NlZjB17^X;qxdVzsa+x5~*aXs8asBY$O6)_CxniL*a-lL*jFQs16{O$^qpn;? zS8f#M`eqmIc+qc?lNeA3^MO63-Da5cGj_}8?7L_!xZW>Pxvar#GHQ(svv)=sZPG!T zF$tS7;t9-azB8w!ZPHTPG3whf;%Q;&kdtuh-9I`LgE}z`P-Il7wA4h5`b3Pl46~oR zs=jNmB5OTi0*$OD`PUw}Gy9N!F14Nvvz|q?-zm*;}ZbCnv`>c|fE4wAqV zDPXP`t=`C?A}jUW7*KR5zDCC)I!1O3Np=hE=*I zLR$CA(6{oMFcEcb_+OqiMsmC7`$d||kkK3vpX@T4{5hpJ4NstlE) z#E`{Z!pTv=p8vV3!(fp_DGfnYXxyMXpN?*L0HNcXGM5sX@v^-Hd_mcQDeWd%!d<2X zBez%gqbS~+*|bv2XRe@r*q3RAz`Yw*M^cw$=vDcMG;e~}pJ zPg~|s>+?z-ijjF(DMGRu0zkaNGLxZ9A{MUt(qjP3PpHjLph?kw;0wh~pk+;<4bdcN zRd)8w7*Q00fd$#{|55-|5^7aY=A?CTX|E(}mT7l)Pmzn;w4<* zAEQPdmYUm)|16`~HTuh9n)}-p!miG$+}VaiKok<0@(?**$FhE+Tr1d zSE=vYCP}OQB+yXl1fI-Ovq#p`metdSEU3F+Z3@?qDMrIf6KJZn5!p6)R_87Ci|x%6 zWArt)vypxw0=)5#!s@-(3^FSE*(vmyLpe%_9m5|%0cuT;jaDrzHg11zEgjf zVg4?Y{j5)u^|~Xw@sKmboe_w5E*B_6MbIbBE9u~T&0%@NA+yo_dbK7j$K;oc^)H$1 z_v#2G%P6;2)vmG+bUs$^1P3oO>)oJ;V?Ct`HWIi~&bzckSv!(hDX(@)`*{K3XL7$~ zC`DbbRafI&hERuMB;HJW+kebDD3=+|VJiI}VrM?Yf~;8tFjB+34s}QSH1_j<(~PZv z?mR9I5>X}RkMoP>Ip$DUZ}te0dPjFPTA~bAq70R8pWM9nLWuK-){@Sb)e-IL2Sx_i zL2cSmK;2)O@vk4b5}x<7Fyi{svHH@5Tx*r%aeSVO9?6X#p;6}BCu9+nERfWxk|*rt z8hq~ZsvA3)G>g`05DrES^XBAsTJ{fTyPd;4z1Bs~sgZtjA%em$O44PrJ^N(H>dcxy zX53I_e zftDBSn>KRPSj+{dJ09>r4tXSMCq0G92Sb$S--RGk?12k+)#{S^4-r02O#K|HGaRbo z-KBCT_b@J(0D0Tr8P1?I$4{J)&zze-dT_Zi6aj`w)rLuD{zk($&g*8a!`<9_LPXPZ z9wdtCKS#LF?weYjc5Ze5RFHAWYjMdd4^&Rp_G?)VI<&>Pw7ng_*&{Jqe0C|otN;j3 ztPW13qSCJozfFqICmWX28kQsAtdK53p;T3Ik$Ei0yuvAsg1|XtAb2`dFOxnj;rC)<+IS`2PeG~9(s)z zJIL7=$J_UI{M|lzXAsiE6?4BEPtx(Rk3PKMvCWHkv#K zt`Y=e&L@M*Yr*AjmZ}+KDD2CV9N+Rlh#6xL-UNW zk%~^SZK0@(UA;CR$eM}En|T|py??_3fFNQlL#6Y_M<*x^2Vsshd=OebiMTncBW%Q2 zIREB%o528^(AU-D+!4yFX9Y+r6u{n<=SKL7S(^OMft(G9}W{l z4!rp{Gi?U5Z9;>qk={(HvUYX65>qofW$aKpi7!t3?`#G?*o0bDju#Qf9=A3)ZOafp zFA@}fZe7J#+}j6JSYriTktfail$?Yu9kKE2L-OdkA*O?X=Jc^(e(Ji>v=~N(i3AbCV&T$TH&s%sKZIwel zrNoomFS-&ZvGSI{Xa6QnAnh4eD|xdRu(M9vpd~jkfE}#b4tCaPd*Q5MaTz1AMCmZUn zO5+YoaV|@7V-6;-cAaq+0V>lnuNP(X02{FC4cJ*UboebQs37ro0Xk^j{*uD%9AAYT zaY;`81a!4ZK_cSD+!n7uDIzJ{?r$O8R+}AmgI#um7|n+=c{|YJGPF8ItU5-jshQ6` zh#YTojFEiW((){+d*j1kyTMSqP=+R#KS6p$v zf~h#-sW_!?CI`Rk=1ckc%~bbC_SV}{9?I|CV-9XSTQO|h8QosIL>kmwyqp{~3uS;s z<2nnLxe8kT`)^1GUWCN23t{altffw6WKLx)w!iF8_t|@AKKQ{r)GBp+a>?!)eqP1F zC$m8+v(Vrq&WYEEe>woND-);OTGb z30}+{E4kcRGxIQgVHsUm{F}GkY!Q?G| z5SwZOo2ptOc*ye?`d*<3sQ4&T$_-l3 zA5us!DddOTvT?qY%-3oFWszmdYh}tS`*TUIxs;4=A?PkW>8qMW94;TOpy@w(=oIlf zv&}+7Q^qlPDQ)EKw)Yn|9jg|Sz!{4@8NLqYo)liifj@E?!*Us!V*19&GmzhZP3$IU zN+~Fl^ZHV);^a*dRmrDhb6H-HU87EhDlJl|vMr_QJsbQ`nS5(!g9>}$h`-FvpLijk zc_n^M@%UJVre%h|`nSJ2WY(+9T|P4k4nN^J!nYbEv+P9;CYLTcm zOQA}!ychbh_&P{VH9<~QoGl{#MRSP#UmnOfkA(PS;1THV%%5&e%#$E1#QqkCL|awd zqU@gn)6ea`Q!C!bcZXHu4zqDCvv0@sOiUpl7j+lO(c&wMc>n@Etb~!OoaD1$4eR-% zWNQ=9$j$7$kM}Fu@dZn18Op>y{2=$O{2AoMDT{UNELGZ;AAGC*B|A%@#q}GXtumj2 z`20J7{i6HfC)))o+mzs1%Ptc5yBLrcF+|ZQt6t+Yn#lgU^>Hq!DBOKc=*q1 zVa+NfxWvUn2aGUS68=%QUShdlVwq7va_i^~PH@2sMATXa8B8V^OoDt5E7@7<)+;Ud zD=jm+N!%@{ZE8x$H57C-6z+6+w-9~M`d^B_#Xg#*mPt1{0BBO`X;LnuEifFO*O|a9 ztzniKwtX(oVH8Vf6q#wCCP$-IN5v;1UGvLa^FtPr$%KUTdk#IUq&OzkIVQzBOXYrh zWklNb4O!46x#n`)=5Z^;jWW!4IElrFNWH)s7-S440ZxkVglEKikXYHp94a`(9Keo9 zA8B&Qk@7l7d7|l>@JFt_??g(q-RYJ?>6TPpebU@rp`wQk<_k^cDLd%|UFL}p4A3MA zXj1K39y!bIG{ywDk4*tp-O&&Hx;@|zul)(LB5g3P64I)oAeb6opBhi+ zsE(L0l-iw=u?AaagC&IKf;7wW$vb3qI%J8SGg}7fJpRV}fa{sZ>X{d^Lrgywygyx= zV`N!kWSRY|cYxacHt2_`WtgcYRg45?I>O88H?wUtvx0c}hUNIm=;(rId96e_4?*J| z39TLMQUR2zxX>81|xS35Qh?7&Ykv9z?d+?7sH@0d&O zwzM2V9jB7`qBW9#*>6y`nGQ3i-+ar>Y;T#-QAa8^Eo_%nOfD*?BPvJqvdqqC&DUBa zwu{V0PRB-$sESn^v^9BL%OSNqp}ssJ?!ipMF34#E^amJ?20I6u<4SE!sBcZECGSTG zH?3FdEmZ5J47!d_hM#_zf8JdCvYChY0N7C(jOJ#E1V#Xbal-^&C)U4C%%{># z%U)_Fd7*C$EKR5{O~|j-PJ6L!@KRB@-X`I)N(*Br5kQkrPm^#Nt%>1NxBEqN;j88X zhS9iz?Q;3hG`&~F?icNaui7cEEsInU{^jPRQbGL_3H=k|6eT)Iih89=W0$S@H$MMh z3K%^TBs~-2_+be$>`*@PCs~~*S)vDKZKm-R8(>p>eN#N$-v2BtPG(=jGTQ)UVHh4Y zy8;>uK#i0g-8=$*s)MZk{X+GHV)c|lZO)1C8~w@X;@bFP9_3==T!MSYj_CZ__&v&%#Dxx$5nTg1y7ZfJsBL28pFV6>FtD zaj(6}I`SfFl|1!a*$}GfRn*AyVihd4Jn>A~G~Bg1a#t%z$3sq9Ppv}uOe+J|vhOpB zn`zJw@g%EcAg;O69A@T&>QK|vgf`W^FWH?{Oxdvo({#%f7gYP9(iA%>;mi<>Y zn?F9diYMLVz*St^hAB5R;mGUU$l7>qOJ<~uPA3Mh4TZ(tJKZAQ29=D?UJ4Li5=IIz zQ{76mEbg@xfq~1*F*F5oQ|7uq>aybXo<31AKzDVkQxw|7d>j`V=#g23W|~LxM>gb( zI{YpY5e%pYTiKROnd=}$RzA6K6i*qe72)Lo{|Nn^^3PYnQpf{Ygffq-wZbvz{OwlU zXQ9oFL|7^qxw5R%@hYOliei2TM+GJ-c{91PMRdfLfz@!!%%UIQJdzUGB28jO%JW^9 z4;FjZ>P5&hl?*5`fL#!0YUw=(!PMwV$cey)yH*jhS|uZ~4qE+0c?)*mo6{+(gR5k; z64Q^ouKA)Gv>?k`7q3!O_Gmy|5DAahhBDK7>P)9in!txeYgNK5^2EhUbmE$4U-*$& z>{V(OL8?@!!ceftNASNmlOcmV(Bs~-R<58XSyq?$+rkpD(H9EjTTFGs;60P_otiHi za;jqau&9=z%!7l}Caas0seS{3YHl~J6PD?z)e05V6T~0i*isU;Gw*)WD9S5Wp>mm~ zl`b&TNK_Q0J#(+ahGnDx3DvD=OQ-0KUYd>fA52YU)u_ms=YfFC9MN-5s;W}6vSsD* zx6Z6)gs4sH8w<6g!dHIp~@!AT^v{u^2Useitf44eFEy|YF#}n4EDy9>d z=jY?r#cNwJ)2isC3I!Nc2z01h`J>j^MmfOTjh@_`xo%Wl*10}6P5FJRo?}btl&2Qs z^w1tYwO!(^C+$IlW|2#kN_JSUH}yfXc(rz)7v({rRuQ;HB|BxhKYS|q_y@TGb6uOd z>_r`D)tNvFAzRiIPdHtMrbz1Wx_pXImofey)o*Z6QbY=nM8k@;JkG*FBBQd+_5+p6 zAF@Q|IyMbi=f=k!Ze`W}RoSxcctY}Wr8yx1Tn#Jo^0*y)@=6bTvhpdQF5~nnmCf)V z-pnqpW+Zc-qb_*>q<`nFQwcOr+$YTO3mSc>0JetJ`|`L!dl&ZQtCfC?@4FfH1ngm=K3lE`<|FpLJgBHnKfl+mD&{ zR!8-j0(PnJjZ%oVsjoEyH}0QaiU889#HK9ctEVuC?Yp zK9|rAznS;QAYEPUkFHT+HqR3W$lYi8S56Vst1#Q-i5rDQn}rvB#%+q%c4p4Y)_FiP zDiVX{B`nK^TqJzBn0@aQS2o3@!>Bxu;xZk%;B&C{D8p4s?D9Y^Vek2#?ge@02z4!K z0>a1>Rb5$I;w1y%sfsv)(gi8n0A}QX*3_r5|G?^N42&ize?(BB68Lc1=BrJ2?IL8Y zN_GLQ(mBX{8>p#nRfYNjKwPkht~&O*b!HC=2G~)Zd#sWo!gujL4djf>bt>wzan%+c z2R!D2q-qY%YEN7XLRRIpt~%S#w2NNWs!(NugO7$_M)E#a;vp;t@&MX#E*-|``Rt7~ z5hW^XMYVX%>tx5!qM!9Dl(jAeBU~bLt!^qAMbMd{)0T&x~%S71CT|MiLnK&$`b##qUx#{ODE;oV=;z)7-1+%+{-V!i`wo_0i;J zK_(kv?6?7sG^`L6Q`^4eX4rrIn^dq|@<4@Q3yWkG>g!QCr;b{q^iqoSHw}+71Blfx zu30W$%BKQ!8HqQTDD=fTkNkie>Q)0~ak6$UuP5GX1gt+k(g4aA2wi*K(95UZ=rSt* z%Qme{e=I2t$Tr?Kr&3%t{n^4bT#>PsL0wj&>NUp9MRMda{LX;iZ6E0lN{*Kr z!MQD@Q0AS?M|-74{*t-wjk+wj@^y0Z*!a@Ou&$({K2-m{KY179*T&YA!jMUx8bw%& zjtd@qegwtaeb*vWH+WwnJ{Q{$RZHu#Vl0c3wp5-JQ(}J}iy)_Cu9H`nHLcD)07dLN zR>?-zf9qhWS3L4aU!vKK3!`h0B@o57DeWGq zA0%62s_6ks(v-ix!VsC63gNA*QYrDdLi0XWz^+jIVYfCsz)D$QwZLnEgad;uv1vABG7N7|> zt12E20wYDfB>>)n%@~V^rIg7{Gg+Lji-ylswP<|bfHwxLs+L6LXF%WNLH3lJs0_j& zi$?rSL$ME@Sa$nq)v$jF7nTMDg)n}ft4eGf5e30jjn~R&qUHj}VSnxK=fWr(WYI=J zH;UOrYfPNqB>pVqq7s(?RARiR93l&4s(A}WA;lR`3;bi<4<5n8w9B7b(&hKLp!?k-V+?5*5KbM zR{!o`>0~@XS~;8OO6z{QP2V>6dHleI4|3(acf$lZgxoT_JT!kg4?+H4ZCjA_ddb;< zji;UZ+8_G;>E77=-HnU2DYCOnKa+1hTxI(PC1ax%9_eBC+*ueNDVU#CZsxyipp}8- zUPU`z_}a~Wr0({q*Jj~s%kbK{dr}Zt@djz>CQXB7e9V1n9-x47yKb1{Wc{n-g3aTt zuQwC_e#0EwJZ?9SCkM7}cXPc(S{W#3{RBA2lqXLQPH&Bcm@`sdXg(45E$bvsKW(5g z3LZ8R=Pz`A9uNbVZllP6HgX^-XA5p1-Dke8CA`JEDoO;61cCN3}X0W-Y$qGw^F`aFL?= zucYlbO42rZQF88r@$vl9EZK%+VAB~gV^u2*H&uUnScf*^l@=DQ_-qpKB;5oy-o8Xi zE|g2tuw4jvv}yY4DpZv74~+Nb>@DC+oJB33@Agu8Tp}#bZ208%j>}7|o%PC>6Ju5N zaSKf*E@jtBFUlRSA$oLSL#9r`dh{d6O9^plREpdf$}w#&Vl?cS(c z4qFVmQ7m*ms^C7V1^-~BM%$O37toBm^-{LGNoQZq<}$Vcv(<7-2Biwv$~l#U($S&G zT|w$_M0)LF|ABy0!w*r*`zh?PVFx+~gLv3@^VzzE`siYv-hi36OH8ew#p~Tej^)!! zsYVG*4O#}d9z>ie#(An>WiVy(s(*4rWuu(;NsBJ|*q&u0@ZX5EG1s-dN2gC)chtzq zUwPeAdCWFn7ZvkoRd^}UBe(nqWlG8)T*FLNKFk+QT<}I+g}$WgFZh9HfV~lcOEwpv)hKC*mHOHJo$L;$>(Lhq3ap@LdoF{CMG%Sm{Rhd40bI5!v4SP@Yb z@>b~lvHQ4fb%g)4)h+6Z($^M;y)2}nRAv@h`8HrhyxYrSO=m}uz)4A<*y<#I{wlrk zDqYxD51T#Ary>+@uCc$uYE^=Dm-nzc?GDxAJoCcx63n@7^S5AyPeLJTrSx@$TaeM^ z$?2k|JE`2#j5MyGE^LX863pzLyyq1^7=fq1^So0i;V(RSjJv(8 zm3uLK@(moopFee#7q{O0=+o5LpcuJ;p=xLFtey3zTV4-;9@Q8oX&)W-hhF`mX3;TKFB9YJVb1-7~S{FFW-4ha2p z@J)O`4yPIZZ%h)`hf05;wgu3 zn?J3YiKbC)rQ56V8nJ&`QT)=18W{04ETLSH6baJI{KdcLZ|ms|yTA`9{y4e6Yij!I zjomEji)yhQQkVRVuUM8V{GCm^=_{P1_gTgmf@jy4>z|J(tfjd2;v|RmM24T^w3Of; z6p0~}rQCMpIWlxk69AP)xGv49Y^S1QlZ`?#uF~E5bi;jbpt)#^JNW$LpJ}UGlMV~s zN5M(?`3Z!?Ugj6#Q<65*bYbJgbI$1nHNYbi0=G+6Dhg`209;bDEL>Rl3@0GL${}2r zDDr`wx#rmx4{MU^xG=Xhe;@b4<`a9aqU^^#X1l+I0$prEQ^M{7q8f>#>;1!-r+q?| ztavV}>1?9h-D2_ht}CC9TDyVyf4^(sNiKr|E>w($Vfc3163yCInYyTIqx)`c6B$ObWjNOkh=qa!jFGd z(5s{r1*P~XtlPR95>c#?2#NU&zFW5z*>R}bGx`O_Xi>(qnG{>f4NAm0-|K6>>_`{x zA@{m%X;QBH+3FE2cwSjoS<-?4_ZHZ=4|@o*qdfA-mKW0KK$3$q_~(Lo~IhU4i; z+1dATzoQ=5rr?6h84%(2$N#~>yLsJSs`Bt30@bT`IwMfYiEF7t_QX2H)-?YLn8r_j zlg7?&$NyZ;@dU(I85RM>gZZTWJ6Ij@OZMSv@xneJUta|Ldau7|jO1;Ka7*%kfOt0# zp>K`P{^MH~e^vkc)b0GiUWrAMI|!> zx9vEt0DNdT1r&&;GkVRJIfh8XYn9yxvVmkTMnNI0f&3^g&XRq}8F^esMB^ef6uda!VI;(1e!VzD8HT}S*#ylD{F;9HgEQ9S5l{EPkS${h>kKT9m zTnzCdUp4sd$mboL@(knXXANsOg7{YhW4QcoGu`~qN0Ed;Vyx8zG86vDtfP-kDUSLI z^R_XoQ*S@B;+efTNZ{-tH`(~^XSK9SRCAxX8!z;AJKQI~lGTtuChLgWsrViB{@v&l z$A-L7aEBd>*ph}M?lrHmxj6G#QJ11WBK%haDGt4`9nyY|a{uugJY%=UvmrBz*ryP0 zAa##mvo*>752ZC~Aj=4Xzllh)U!uf%`gWE38Pd^~>yTC7gcp6a3*Ar z1ae=KC)?9d$erS|rn7O@C<(H~&ip(5Ec9?Jz0o14zI-|^I5n#hd*(BJ*r1yP=S5Mu z=BwKx@#c)A0PKFyD{Dh6=qQNW74|;6cyj$C?dk!S34ikE2|%jOy|ECCl`XQq;)Eno zN|1CQN9usDW8Sduh+Pcg>S=?PdT4ZT!~wD_ctTyC>OIvn!E`rhW}$9LsouFVP3 zp^;t)z4AfFD;4?3s1lL?K$9&np{X|!FUr5U!b#T5SX=qtG<=aR{j3YIh;y5>Lh9)*7e`)YbjA>FuqY?dLc{V;1+ zdi)`g7dw=qb$$V{4ewFyM*XBynoAPuxEC^Zb7HQTm(1 zCl!h%5b&2j`kyZW(r8FcOpZh9j!OdZr2@I{M|pp1*$=Frt%F`TQ;Kf*+zOSWd>_*xVkzL=VcZ&p>hp#E&V)Lh-ej-0U zGM8I_Iewkd+U@&J-%efX3K^5aJYzRK;`6P8E$Ug46h0(U z!8^D90oPmSdo$8R?tk8aW9LTO9kyf~N7P@g2%_C7QA)u2&;L?WVG55NLih+w;IB0| z2|CVRXAE^i35wZnS`}V2<8;_XJ!_D{-%R&id?tVPn!^K~U~{$ZIcIv1in$j~bNj2q ztn%$U%2~b>_dvW2K*vKA)>~=8E~&%63DF@oJqRq!Nx+K(vej;p$h4SCZ zeFMkyJnG;C#ddzbEt_c@H>-SMtCxuTkyT0s`g>ukRMyl(+|eG1ht~RM$u&ycQ(Tm} zlYUsg8@)KhzBw$<{H#M=zN$ue0!GiL6i=a&erx>ClWRz85TT7x3q5u(Qd!dvD3oeX zdn#{N$euF!o{@4_TA>q^>^9)Fc|tvJ`<%be5Ftk@xm2?-oX{XG!)45MtPat&`$C@KXvdw`Sy_) zeCFtx++78u7b`4=vXb9vslAhi{b4V4>%WH)fY|A3{r(z+{j<@xaAUux#vwLVm;BC5 z9b73NZug>{vm*~T^Sx-CSwlo;>>)04gzj8v_~_d-`z#DL56@5*8IcX4cX3`XnLv#D zHtBEt{G-UOIAWmq*t|HFd26aY+peCGW&laYsU8cY*s!Dvl-@M|QQZ4sBZC(0vR(Rm zshl6Y814Q4`EoWOwxQfM-?sTjIGG0NqC%r3`_0wlnVVCVw`G2y&EU<}ZeqIF&ds9eL9<4I-V9jDQ}`RS86Zi&o?kg zgdq804C%g&j3R1@>z;^Z!-4{(l&2EEiz)AZ-2<2JBk_K$?LKX--m$aDOLtJ9y2y#y9i!h=2M4jbArDwo#;{-P_A83tCPJFJY2#VxWNL z!?e7tmr>3fzm1Og%yI4lt>Hi)Y5SzzQ0~FKQ6DTz%OZF8Uolgs!K;qH& z>zCf1RnqA`ZYe^rk(k@&{XL*wV#(F!MqDD=vWM+mg%n{%WURpqq`E<#Z+6mULN_Pm z#y|IVJ^sdeYns>Lk@G$MO6$#|gU{26W5>rXn{RlPc2DI>fPg6Su0w;j z<_C{TlQ+Ew^-VM|@&tJk4^PB>Iw>P63;fhqKz7mbL42_!jC*7LZS1%^pb;nO&8h&d zEsVmvB`4x<=?kmzvTh>{iv=;Ov9a}pSiZiJvYh)9)2JD zf&1czw<#1aY$zREE8d+mdl6El&(6M5O8qSH##c}xU;pH7b;EQraQc;^F6#oL{Si#) zo~j}uszEc(*>E+OPH7Qrdi3**;pWXs)O5y1Ml3y8k4*yk6r;DA3eLaO`;x)m0daIT zjVV?^u%(rJAQyNR6+mhuV8VPdyka6Lm_zz`lHxQ83%e12_BM4ZkalHDe9DCN`VDql z`)LCfb~Ap#$McDft3RsVsB*kcECVA1v&+1-CQ}5s=?-ECDx~UW(%Pfa(g&GwWa_4= zi&!4r&nLm2`z{4;D>x3|{>j|q1ix2%+BEyV$H$V4EK7<=?^H>GiP^79ZGKdry(O8I zjPi5+yoeJNX4Y=xya>xEdEU6DTocLg-n*e?1D9%@wz<-H7H$X+GL4TdjkR|7Ekt`} z?Or73F1Xnrju-Ew*(s;jAqRY1kZ(o=%KCX`Jp2`!An|NL*{q)dsctQf6T@G zJxgf-En7fd-X;n9(R9EbX{j46n_J#A`();Qi7xBjx?lA+X4E3M!&={HfZ3s!nKgd> zviOZhVc(E}5t7;E)H-AO9lPJp>58`AiU(*?-otK%#3|R)*3}08G zbF*@A`pE0_U0#C<0BUay+zcQ+$EgwRmeV!*$?V{7?NAJ4`DCtc+0sQ!(r`NiuSVU3DjBea8Rd}lfUm&<7Cz9IjL*cLEX*47Ebt2?~3wIyR*Sf6jjWElhFWJ@~ z;a(8QmZ#Gu9Zgp`U6;lEhbU4+SBlO`%%bMiQ~K;q)M5yk*DJ%A{^9#?{y#RG+oqd4 zZ<5FCDBShu(s`8olNXbFto@A`E1|UZJ$-Cj)e#ny$G1^oOy{uEmRTgF_JAmz+pM2y z<6{PrGU)n#>^AB!?PJ>`+EK#g=rQCW$b<7jWM9Nn^NG{jhArkv3;j$a?8~3ir!gvg zsDLZMADi>--fH0F{(LMFd3~{PvFG0T_yi%BzIe&w!-hFe#G=+)nOQU>{Ne}OEZ4{j zv3#~?y9UO=mBnHU{)cyXJGm{TkE8?V8Eurpem<8EI|ViHu{OWU%lXS9=t-wtr|j^j zuCvIgQOW(d&ixFjm9&SGHCkW0GOpjl*v2f+qVb@1jj^3WH3lnmg6|p3UJ=Z={81e@ zvVKV))P5+8m69wL7*Ce$t@(X+_2>w+VgkO^30m zST_G))Oy_{W|Wxi*u4U#XI4u< z!uxHsJsFD+PShIenNI5FMRyhuB-|Oc+MTv%x~&Q`s_C7!P)T3WC+AgSGAM0Vbmg{g zbBYOiu^$pLIKSmzKNl^$>GY z&!2F%uGbpw5NG34=|OMYsg9us$QfjN-TQ zI8-gRr%;9+h>mo2vsdsk*dhEU;S_Vr5iP$2#L!G8M+C0XdUJLZQMtWvyRs-3nk?v2 z_wt;g@uS<-!reufA0nM*>seiU3Er=pZaZ>N5v9P3NU7_!NX`Ck@A@$n``ah71f3JE zXwAk(MAYxN0Mg{Z{EOqtYibsz-3rmDs_ei84hmb!&#?v5;EC_tBXeThdxk+D>pwPN zpz(03$A60npM4osEaWXx-b7j8OnUppi~~t;_;w| zhPu(fX`%RSkqsY;3mMjW4Zc+34ZZ(gB{^`@0F9qjd13%tzsh< zv+oa)-Qo=WB8kTMKA|_1gNp6mvwR?)ixu4SO|;ckLJ!9x)SlJpW_Wxfr^cd6aa41L zW>;5qbeHf?mmqfmYwkk@iPnwW#m?!vsfXasfy4Sv$l~MOpMxEd3VgOZ0mh9B+*_Y3 z`@0tABl>OXKSQ3UDqRm>$ptG@>p|I$@@>6ss|o6uZ6)ZAMChG^_iv+Oh+V`=Lq+sL zHY0Lg^|0L zUD>O=A>(VVwh;j}IS)}T_4T;**dN~-Q66oBVUHBLV`6KbshI411*s+~lbvx@+;N|u zZC0D#7VV$jcmB0#J|J26yu1_NF|Zzxa6qE%xr~|6LAb&E*%({vIHqOs&ESWC@`G=Z z0-ZLW-KDBmqQw<~#aY=&fvwXAB*!u0G_?8Z?)*(urfU8EV?=lxtH~-94VDrq*dp%da-;~e4v9I8YMBaSTlK%Wmu<&4Ja2zpc=H&fv(p*Aj$bXsik=_}> zkfvoBU%i30WyoKFikNxO*Q0i>xQlA@$6FJ0WjBh#ehEA5*TlcM%TK0te7KJP>w9x> zdOFt^!G-pBVEsPKs*A_&$1j2#rf_>la|JIj^|53=Si$TnIifs^$F7rH`bem2c0D4X z{Z8Tth_kBFpZG3*gI>+bx4apDbygghP(+0H@fl;YE672VE4`^wQ0M>jN_7i0iJ4-2 zH-xWlPuud%Pa)ev)*+}HRWtwTEUbi0~)(dp8Wr}uUU;UY$g*0Fa=dz{Lb2$|gwC$No7?J!Dx zV}2=4R#Pu)y(v3wb~4CdB;z9^+HwyWft9Eei_hG84QS3~an-L17~;YmGKll~3ne(Yn3l{$OEKmB z8c&F3{IK3(9|T3zJZyJh9Hr1XtSKwzFJj0~c-TLUOn3y9Axf(w6|+dK)n=uk8q2F$ z^B5a-zm^@;G7!unlGfBOk2n-3N;i>@v;Z@>)-slI|5wKJ)Tvw7y0MKf(M|pQ^bngv zUOOZS#oUqG7|eNlNO{LISFKiUmiPZQVt(}=*r&u`mEtddSX+;XfwysB-J!G(6w1dmnoG z7IV@J^P(PwaIi4U_&ZmP=n8Vi=|UG~g=oF}RHR(!QZbUt2c&l#QYha#<}mSF>co`% z0m~bJKu65N9$8i1E|Pu_^&Y#_T6vex)*2~Bhz^nr+cskj-a3+5Iut<(PVy*_5|ymL6U;GxyB@SN6~TvFu@+O-jqY?Sjl4+@$&g(tw1JGgKFh}NchERMhD|Z?E1qu_b-$3S(PPpY?(H`Heg#+i4+JECm;EHpEyN^AMI`>k&P0`s zL`>^I^icEzV=$NxF)j1L%qpn~&rv4Z{_Baj@?a909M*{(iU&xNlSrmRDHji;l~`0~ zEe2swiGZZZq2Y`4U>I#8uawrfO+=ITPd-hpva71WSOI&T-TMct4rA3fE-wQ#!{aD6 zmcgT`Gl2Gh1LrFdOVN~C|MW(C53bd+{G+kNOt8)m6mIL_-`O*~VNC8<1>p3lEYqgT zb&opZJYag60IILohjSa6hwKPtengh9bd@%@_L{|aWLcu06P8Pmt3Dy=2}rpvkdcej zac;bf$J4&?y_iEGRI?bQHN51mW|Gt)lKBuvAl&L{s-PTL%oGXx;Fg8&%|?^iBwM)7 zm}D3u8tQq7_yQ{?7zL&?iWWnhEE%`Y|oGefif$aZ`663w44B8Io# zCir)uvvuDJ@lg`M0gwS9+A79mfDLCzhco|%gV`^x`W8qO_@($~BAJKw)I0$H%yyG8 zdot;etYhn^JSFw^+Vq0qO8Ykbx+XJj8zxD9BAMA(cc)ct0z`DubOr7y6heVxoq#q= zs#Qy*3*POyi3byuB+*Bt)wm!rl8eL`I&M}bNfIJ)o!Fwm1l{8=u9^my;3t{uYZ}?Nuag{PoZ-h-*l>$kaBK0!-^|1EDY0PPq z0`Zw5CG{c@ayVsuR+`_$wiEo?)b*P^3UtZhQHsE&v3KpdbD&R!aNT<^O*gdib)q=h+ zbgJK*b!;dd>OPHpwDZN3>_Jh#XUL@*6Blli3)u(xW-OJ73RnHLdY2QCLv1(~bOI1> zVw=3J-=g3$HZ1Ae1!yI*@sbg>LM_G=5%xjlX>Y_vMztwoOpr#or1-yM422n#@T`J* zPXRJ*Rnqw<2+o;k4vPP}YBta%fGy2Hy$`e2w$x4+(&q0KkqSV5p`;cU7B_wIzH0?^ zG`<^R73nh@)tS;bfGd5#KX%Ao)BM1G^a@`JS$A@vF@(W;fxfo|vn{8t%Bm`x-zLm< zHmxb)wc5n>`TArjZ{w-gNSw1F7$nt~EQ1=8IDUq8ERs4?y?1uR#FGFD8cCL+VFMz& z?~%v93mLT~X^`Gq`}c*)1n+W&m3n*BA)RW~eXv$2d^l_!49l2Jmb8U1lq~FS)9m~U zC!js8Nc}>;)MUK+SeK*G^GhP4?5uK00_U*!WsdPcuXV6F4dsI(z?S2E#|=q~Kk++6 zh`Etsa4jgRgVZm8_VuYqyZK%oFlPv`;rvt7UI<*ioj1dpJvO-)-lD)wPQQj2O9^v} z_5o6i0Sa7y7`tz8W@-J|cZMS-*qjV!N1QKrTntLwIsLCFY8`CjTWY4&oA6HXAoMuB4D5MeeyxmtFlG5@Et(Z1dz=IaqYoSt-yb)@i-T^WVL;S$DaY5HH{4o zVP;jR4ubsb1*#(-2gpd7-zWw@fTE6c7j-qmgt;)Y(}7=%@grJW4YdW??w&0A6_K_< zQK3r%&i^ISN)VhOw1W$;Lb(6;J^hl6Ci($D#qr0bnQWK;K$|GG_enh0L8u5$*>j#k zF;jd9twAW8V{gKy(&>*(Ly=Jg5OQRSKl!H`H1ouQ5Qmdx$f^`Wf38%|3^);+Vy3=2|asJIz*Aew&H{3l2AV+_ z!ey0tRpd!_^#D%nkiiD;<5x2>MWk3z6!+rxV}RaJa=tmFFnYn{6~9vlV955zrRL%M z)hq%UEDiF*BcW&UAHnC-1Z05!Sd?No3wI08J@OfKC+fOQvh!$w5G#_!i&?9$M(iDU zv_V0Y$y$|_BPz7+rR~l@{pnEckCa)=I?Lgzu_N4;6x4fKfjPLB^ZH6^}l1 zV?A@c8+McDs%0sGDIv$giSo$`G`KNmS!7GhWu|#lhUGy*$uc{Ufb$&Ah1)?mkh|)3 z+{0Mu@&NDJlmLPh35=oxFsojz388K>z|wD#7J-qjA(8D3UhGG6hip zpQcckUWa)n2?R+d2uh}gvPsdm)$(nZ`KloVd|dfzJ6kzoshV7LMDXs@EMCBIq&72VWeTuTWsQnaz>+4LQx@=^wc zVy78Z&nr0}-uf#O*=>v6cH9nnn+MELO|}ug%re6MCZOEkgZIO(tAq78uOe@G`4H_6 z1tB_FhJ}^ZRYK5gA`GNc1T0sdEt5kI_N`J z7G15uVt+Uil@${y^%_&_`FrKS5e&r*Zf631s1mu7i=m{g&B<4Q z)NS##>Wq0!MHDm&l(;{y5~m^LbP$#O+&Ib`*l4#3D)NCp-A-bSqt{F>}$K5 z&AO-qXU$YZxZOHa+gkOD@N=AzIX4vuF+N#Fh*ia^sx5PS2NMQ^TT(YqE}sh5CgejP zg-i>lw+G>o6AXbG$rw;KY(h?gqKRKsL4IIUIVch%C@Pki!=2K7_QZ7rk0xDPtpuo^ zT8R4HD6Gf(uv(&S{LL%z)(*BF3}~*t-ng|9mJyjODFdM;TnMPc5>)|EG5>MN#uG-w zYElL)GySp1LSmAPgS${%O_>2dM15nz{E%{OtBjsz0}9UoN-8B|@KhL=S(}AGg8P6` zXqv5La7C)qrl_4aY1&tyg7Pf00BRZHTvHowY(FdoX&iFT!t6f3Mu3W^E*U8U4R(c( zdFHGkt9L%e&m8-{eALs6Cw;hKHB6{FDTN=D10o@oSe+_ZhRm{VIS-jyq={+6wzdi} zHt#NHzgRD1z`{@D)x&C-Q5RDfKB)fXw?4`Ey(!Io@UyI+8-_#%B{X9({_2b_LGrek zm`o$uMqx(7%sq$%t&kW&JsLyCav;LQ+X=%A4PBz)DasT?s4!_DhgnPW&B7mca!#W=UYEhBzRa+|1|h4$XqC zS{D4XkXSvYa1UTGtdo(V(F*}HFq6QLL|qMk2c~Jre5h3XJ&C}>QSv{H=r4BXlMVU} z9vj-ru^Ogw;6n0+!|fpwd=?hj;(Uelv$DZ@5}g9#a<%C4_v(KI^2jJ!`dMH|#85(Y zmIsD!(zeT3O&VBwVA+o)|Eew+Y?iTzG_fMVvcOXB%|&A~I96Jq#CLwa=P`ePQ)&&t zSsB$GdcO>|3Op@N{O$Cw&_2rADu^Rd{+aU zsYvP2d&A1!CnsBX>raD8T_mK{#27l!EP7E=lT&@S2b48^Lkww1go=c+>?*^3GKKxK zsYrj|H-Qa$vQ|nOql-1jwog=dTdQ(nuSRvOi*?PmKUbH5xYIIDz4JB&3+X{lZ&ZWs zBRDVdTb*#U$DzZVw@9Q%(@r$5LK*{u{xvbVYpTR)KoG8g!=M!oUTP}mLv&FsA*VnIn{C@E;u&#y$G8;D~K4s0SO|8dliPFyoK7(s}ByVeoGjztSKis@B5v^)soq+e7%JA-)h%_~^ z%E9|ZrJjzwhx-vz+s4-B`p_WulE_A_MYB~lhdd-~b*xYpS>nPDndP@A&)q);)nG_0 zQ1t?q_nb2(*5+7HMAVXUVl4%%lb_C0$e2)dP&rl*RE@?EEAeuyqT!w{4z$*g$%RvC|7S#1k6isZu+WZ}hzXF-zlPA5;)uXhjcdhS8)2pqB=Ak_GC6X|3FrlLH0V zP`{@Bwbdc~weYjRd%nIN{j?#hq_hXEk%^EEVYvs=i)jX5yp88fygZttBSuJR;cIi1-@V zXK7~&=B_7R=shA3zT30-0}XO5@txIv4VloZ*Pzn_=b5^V_E{=vg7Yh238m&|nmyhg z(|G%yWg`n;_;c0-woC)fJth##L8u`ZHJnwJm*eM|!ri@{K*if%i z|IX;brGc5V$ywTo*UtHeyT#00wI@`k8oYKkm26T(EV5}QvqnMzGFcU=BL zK3DG7yDJm48!xG1KNGasQCZU%D)pMH3*%BOI294oOCk+*TDRKicX%;~(-<`L26qj_ zeEHvu&7=jmm=IG-{A$TMo~rczD^&S<{kyoQ<0#krit?blwxOt`Z)R3To^2=a>cQKP zI!4dPC61627bBgC!H_UKYqbH>p9x^iKu@$|-0$ZxClKDkFKO@zx7R{PNd`?XXL{U!ZUUWTre7z zzF=FZuhRT2_51uVcUQC&K7jVTbU!Pf~(7a ztCliMk%oq=NF=~s^GM;nxZE{sYHVBRm0EGehUWi0_s4intG7o|fd3udu^xphyYfN< z(C_2lg7A}lxaq3uCyBLtEA`-K^&h= z%4fg*`F;3(8hnD42Q+5W`|`awhCkgYbAA_nnw~;`BYn}(JUzk?f3?Yn?{EDt&)}dw zw?t}sRz|F9$t)mFn;n-mjj2*^&^gRq@UIwG%GX*szJInVvT&5BUVZDQndQk@Q!CrT z%mof9ceV&csx7@=5f(R_<7Nbk$dM&}bc=|aE}z(qZ3*g{RlCf)4zpoR5gRUNv1?1B zftRcAPCnW?H8xL=F|>HCKJT|Uza`4r={cV#`#u|JV$0y4N{U~Hx&PK@xoy_e(6-Qd z0o30zGjJ|4)o|EiO;$G>sB6n$EE~0Eh`shEkU~_OBAZp&wGzI(#U*$niBQQ;SYAjq zed_+P{)%TKb@D0GI<^dYB>U^Tn|aUwb{=P%mL#73&aF(eo>XD^Xj62tDqmO57IGPASQtZ*xk{qC zw9*kSwcXBz4)3fba=XPS|I7W0{o3?hO~oZYA0$pii-r<`S)sWHb0e!1O4_#hmHbJS zg;pAQ4X3|a)WuF$uirZ^O;yD3w?rke;f|&@qHXDPH8C=o{`=bI4Wa}$@ML2Ys%t1_&dCEc!@q}G;1 z75Q!d0$KSif|f0V+Jc2yKSC;6Al!|Dbvy_+pe~3Ij2j7KV$gVw!?1V*4Z$w)iZn-8Bn#JYf=YGz6){ z4@>J+nI=4szgJZR@I?IXT`VRGE($DOM)H)M)llQ^0&j!Oz(N`tLSNz+J}+P9h_l>K+0AJZ?R}9WCJ_8FeXb4S7l($xTXdB{A zG6oRFlnjRoZ!8T@QOv1P*sv%U7qC=hsFvAh-CzCXrYJ#-o0Z{@=AMBQG<`esnRq-z z7MF8ow^VEkMTbUt&fbnt_-IhP11nz_V|Y1pns-0)j|v}kz<2@5V3jEPkZ=6UYA zH$ys6wO^hMuO3XWDf_d~m^*^8x#O|T!%~6>o0U<60xD(w9QYsCw%+4L!#|_}^YoaG z^8+nr=XaNtcn@~a)YT#Xz^>g1RIsIG_~ytC@tAh`AKeP&ZB!o#g)j5zRSpvJ3kryW zPn9Br`P3qp0Yu&|XORIxo-Fp`)-<);Cbd1`vb{*>pD{TCfJNUMmLQtWiU(G_@}Su< z+SVsEPsFQ)mzi}<&xe+ZBWRF+Bh)L#!s zu4J220&X*f8G&$XlW*Ih-OQHe*vi9BLDsbblTEx-DNJ-(kgV zOS#=v=_CK*L#$^zo6m2XH#^AA4UedA&{82p+NGR`8*@sRT*!uR%_Edb8G$xUE)jBZqV`C7LLw?&~LjVKJ(No{u<%D*~}XGnT%!w zdCV_C?%`45iH0FX!yeR%0|mpU@T%tT!q?_eRFow@Id3d{&0@dyvx+V#BF-;@VNjC{ zMC2uA`rQ%}$%6^x!AU|#fP%TQWxowC| z>VmVg{=02C#0UmBW$>;&wSUpOkRCy$9W8`GNpAuyc0b|0Rfjf5?QNOSL{rk$PD%nw zWRlAj1AoM=e<80LIxqUqkjm3_{+$Orq9J#1HQ9IE)IafW*uafSl^{*fAV|%#jpzj)Z$O6b^1#Pz`%ErcI<*||&T zxJ$%?z}%h=2I0!3#7d>}*1V^2&8-o-vFs&*>?PtKqsX^%@z?~d3_}ogpcVBR5g99G z)af5gQ#EL-<{uI4qQS+)EXDKk^weMA@IeJIi-Ii>6_c`iBEo%eBmNtzh!B_wra=eO zpe<;wQ#pzdz;Kuvh}OW0);Q9HWe~P_1UQPCmu0BH7kE%VR}E9n29H4%o@^LWHVm*` zoKL)5u=^gpPy_jmjcm=PEqaTmN_!x3smhgU_!CEy*M!M-LGMzx}Gg{Z*rIMkXp}eSW6{S49)* z`Zd&#ji$3=h)xrWP7{if*?|(d%IX1Ion*rJO=;E$Mr{Oxl9hvRf2{i)J6ypRsqU@j zJ7Clua0x*5nu_t%AkiF|6&0EFhFr}I)9GCA5lFa|Wiy_yyHxmeNJtCQw2tf(=p zH~LzSXE71T`@<2~oTmR7y6g<0m-&ZqPnAXjCl`$mA;OZ#*uM zDj421$rH*bzB%YW7Vca|>{JGe6y@QKy-&jpQ3VI8f(d;YfPJUQX3b#KW-zEwnfJIx zFrKHBn7b4f$>WAuF9w58c5vr~b>HeEC$GzRiRe(bQexLqSUI2idynv%soTv3$J{dl zzW<-~suvV8nsVQVm!f_iy3wA)i@x_CoLVd>>HG-4vt|*pqhf(C!rFEc!kd~5tI(4# zaoAj&*qRPn*%n78(*}=~N2eOCerY9Nzo*Tgs@lly_P;+F@d@DlSHD$@dZAm9@IBgJ z?}a)8>C8MZAr;_PEv|@kMj!Yk6_CpIsgpwFT>=H^t)y5>y+(b#Mq!xj*qX05Ma2k; z4i<_I6jV0Qxzd}qhz2QP_tU_%laZQKJ5Apl9lVHQthrP-d`LqT|YA_`A zL8($Yp54NM71e?D##u8qY2TaZc3(`?Xp^tGtJ9ueP|A=)stU?ztL^rk&IX5SKpWhv zU4dWwOHkpbSvXmfjP-KucyH~vuR96f``@;xc33%P39QHotXE!IlTPi3P^$b;gecK* zjrcN0`IRM!gdWky?V*X&+lD^TF{|aq@!rPq$TSj=#MK`&<`tX}9r8dOa>C|9tDWo$ zD_JwYMx`P$YuXi@DqZq&U2^sALMGA@uCHbUY{&#`jKO+v&RL3W_@64A-&L^+Cg24> zuc7m$IsJCN-yZ3yRuaXQdcEV4z2lKcY01}dBeb8|jdPzLTI}0?2DE$OIp<1`ru^d` zADy%9d-;1ZBG~Yi`^3U>%feEIHYRJ&`SbGdc<=Cd zr+cSpEX zjHC4?sX->G>d%#UNlmKaoIiTCEX7MJ?|6c7vb4xEv@)lQMF#Pv$xF+5^UHZ@Wrx8Q=;o7EQDkO}TG5-X|hv?O^0~ zaM8GOD3kl0zEkU=Q64~RUpg0~;SLsb2P5n*<6LoG#l{i0L=d+Wzo>Y?$0=vC4{Q_?uF zNXC%5yleWw?GHorhuvQk1!jHUz;#iba5H@FUtbg%Xi-ONQJ4D`=WS2OZ306yfx*iW zG-B!xh3Yn(&wVE;EPE*|Wfsc~{!2(wBd@S9j>|P$7}gzC)*4ACW(E;Aji}s&9aZ$S z7q8Ye)!7@KN{Wt0{vzZkyLIs(QPi|(QPf-31#rgG!4ET2zR8A}E*u!m%b+DAdL;Vg zy7P$DJl%E@-?A6qQpP`W`PV!p^_9i&g&Nw0np|jv4G*ngtHbEoFnM?+Z(t>T%yQ0?}d7f!TA@aFXvU{R=peg_H8c4ZGHxFKyXDnlRZf z(QQ)O6sY5B2b$q5T*d31U{hBV18H(S>C9=0omSKyoqVtSI)8~A->nu5GRkoT%JInM zL?I5X01l+ZP~M-RyoF3~xb9k99p2{{-Yyp=8<(rz8(f=$SOsiL#Lk)pe44dz+yQCw zUTJbdn#u=(##RTBmSEocVBSKKd5*z#i&b{|0CdICs;Wc5mxf_kg1!7$7IZhoPy?Cz z=aiu5l>3vsml%u|U*39O-n{(*`)tSYDNo*wSZOFGrx(J*NAaJ`Lce})yW2f|G=2K0 zwaa{JFVTdfDNe2?PM-Sr4*|V>`MNPTBJx?r`B>ojn6EEBpRhw`AUFqyB_~$qkBsA+ z`oNT+z?3AEY~%3N2C0-FsgxuficdsN9zUsDEk`cUZxP<<*z&5`@>W7q#Bq-6S1}B` z0!zlq*_9(O?(lkcch_HX*BQ2w(SIn(xmk%6_u~@i3fEik7E((KFP7dp)R|ke^gK6` zC(6I^{$2l0&VpCcf|r3pdaU74%1deNqvY5}8EEN96&4XMIRP(uYGT1!U+Icn9l1N= zNTU*3qmo>zC5AKYt^vJ`4dp5?`7$s0LfRh!(blUV`%E0W%#)N~yyPvGy!Doi3N4eT zu03P?J~osSyyT<2`apdvkFCllZX?Iit17?U50B9donphXghH8+>CpI#7&tM^wT3 zZZ_(~Nxlbo6;52|-V^Glf@7saGKAd?zc?9w$=mJkxl4Q6o}dzC7Zze~pEkpcHgOFZyHd2neSfwkBUfrR6c%keM8knfy2j!{{h#w_4BaoA9=} z;Pu7e9g&3MNkTV}6Tf88k5c)t3VX78!2?u5NyB9XxiOzW^y##-fdTUoVKD3zq%6BvMoR`t2Rp$VVvN zNBCva>=9KxVWUPDhp;YXT_szZ(BCK4L?0>S$NQGqE&9sC>88U7VODjmB51!ND7rgO18q+K@K{mw=aYvB!o{XYlnGMZK0+(Aaop1LTG_g zNWU8{9qb(-6u^%V6qG_0n6ieRjUwg~TRU?6xk=M%QvjukMYxysbz6CbDjlZn#FBHYFzJR|$3 zq4PlXMoz*8!9A;H8n1mFma-~!6aW8&&h6j-N9fEElzGx)AGe`8u{jm?w`6-v zaNqapdSbIIW$I=Qa_{f0E?)cU#G9ik`2W~eiEBLTX8134RKGBP?|PoFm=mb|TIQjB zEbQ~J?|tR0Q(HID_>iSctonToMq4@I-0iU1GdIUP^|~P8{i(;|L!n4-seVV=rue3D z&)D(9m)ah#s=8yxJh;-NG}||4G>A9>{oX=YLFV#XChZ5myR1s*kj47(it0m4zb5;K zpMpy!o&%Jb5qs!f_EDn_68qXvy~M$pRN1EwbIKKX`Yn66_llGlMYn(rC)$7Y;>m(l5(Pm5cs*v9*^CYL>QF=@FtWb#HnDbxX zhNrf##zv0GMKSUV3-r-@w5^A8F|vP8I_LIQ?9%2pjhL-SSC0IIh4=RZy=(2i3;bA( zVU75IE1e7eZ>94j&OEYC1BnbMQBQD&PI(Zm_E~pc0>V!O;KNs5M}TIY&PH zA=93V4=NP!^#_+#>jKEO#mShximy9YOgJykIO~j;ONW1Q7O!zIQ=>(2alxAkz)s<8 zJ7TaC+j4^I?);Khlyxbq(Chh(&;EK@^YZ8U*Wj_AX?ud>H~eFkm+!4HQ+djuIy~cN zAFKNEk9`a@n-sbArmbS}^@-|X!P;VZuIl*4bI6L`3^l*+=dO9ZZd|n0HlBnY9#@V9 zxs1E1x}WyT&VLvSc244pM+TMCD*As!ONhp0e~fBAVs;f(?8--9y!w}R1!tN)AFTZL z?a+5bXRDH68ewygCthIGTOhL4wKyOE8doB-xiOsDc8PwyUY}4Wk#ynLo$6)uF`_r_ zL&o-GIQ5$J#Sco~>cyhkM9SWvr0NPsOZ)jx=O@)g?$Cs_=}oNTCC+7T4b234k;nc> z(LuZzq{rt{dV!8<#N}~y_9d;eo~*7Y$dW&)g~n=Q))O8GrbIPga<9!!oo2mLKA5B= zh7rNrwY}z<3ZE@A2n!mKK7VB3NLt}w z3pS9x0Fdb+?iwJ>1>p9v8JqUSICd+ZTLbFMf=Y9^DKz(5!G`Do86PX)`M_m;12mJhoiE#etD>MF^t^Ehrn?>D+WGlI*d;@zAf$E ze{8XjP)QDi?7)qB+0!m-QiV_G<+Vu{C)DncnW+A5Y2$g)<5Y(fIN+_(n;zhX>-P0B zkZn?AY;;z8%3`zIT-I0%o2HZ0=>?&(_1v&ta~@Y7adJ3LpGtt4A$ie3pBnlLi`hV9lckuRuC#AO`xjcvY!jk-U?V6&^0hT~Z5VX|d)t;X8V>7ezoZzPBwlw_WAJBE}qR3ibAcN;sZ9&Z9R?6`8aK9{E^aI2MJZ(I`E`?r7z<~c?&uL`QK@(V4ev0Gb z4A{HAxcxccs<`lLgv1NeTb;)z$qqKILk!1Q0-m2g^u~k}|%^(nJ z3g3x~Gc&Q+Y#H_`q`H+w*}{!C3$WO{9q!t?z0S$FEQDgO(mcA09Slu~EtLEAzYO)9 z#`v6bZsW$7eK+59AIi?f^kHM^Lg%rQI#~_MATruQQ}d)WUk=M?!)y>D3E8N3>5AaC zqgPs!YBLDz^tjA9%{w9K3!obo#TY>AAAAn!EE(t;yTt3S52|;3-P&;c(j~}khkLS0 z{*R7QeA_6%Y|dme_j`6$=L#i?fDBxkww8l?!PHxiUhjy#<%hiG=kPgD5GDLM&~Fv7 z2{}}hntEkl^o%<06Tu1b$tp_*^;ZY>>3 z|Bh)dU;2=4@!@ZVgro@7*4-vPC!%cV>-GNV?{96oDDXi;awK9m%`)9yWomoNdmIL&6;Iw*1JsZ`tfDnBK)$ z1UvZ4ilv8SzQ-1ka)C08zQoFUdutIa`{fyFL%>Drg{2S5L2l%TU9lJUypsqyM~l~m zarZ8*y~5dsHzC?C+Us-7tCSrNQZLo~L8%moN^x`!T~yA-6e@2w;^JaNSOkOHy!gZ> zE*>e;U7Z|JoWCDzFqdK4ZDaI0p*UL{DBUdH^iIYh9Lf<0TAcw*eOTaizq`s7qg-zm zq~E(OG40+1!6{c?S~5&B@pKHrFzFBJRi~a1(fBW|HqLX-k)J+mX;yL7;N#kAN$_`n zO{k>MvbNEYj+JI(KX69*Clrje_tS)b-N5{=n6hTp{GEJYE@Qbbp4jS^MvOKUB71y( zhtN9X;o^ttEeum9l$pLU8AoIpvR*>EEewXBIZ*GdS|QJGF}Ee(){6GenywRfivBZ0 zzVQeW@&t%EH2C7BPAGap!I9f)c>ZD=!dn~eWFv(6yBG`!bCz9G{CNKrn^=-6P)YGS zms{kzF!F}tSeb+65mFf=A7x$8_`dtBC{#YA9+$nQ6w0()JJ!3-?^w9YQ&%MbWl;)V`GjIiTj_Oam9!d|e&s3<34k%87{fFyRAH(_H+M&?B?Jrxdw-(AuN_ghW&gw?5WEh!3S`woB zgfdeO5w)BB!SO+_jIehOqfm7Y{@glv+}bEGC~ftH#~}>L5s+l%6Tg=?Z1~6+*hnZd z!Nd{+cE8%)A6vD5rskZPGgCd?)7AYPc>?-opI@)7_+;cB>!;`P zBM}cLn*v-mMRq)JB%9tV8+#t2AV5-R_r%{7*1B*soMCGC{EtqCgEz_9cmJ|RLEuZF zS!AGGH^R>>Yn5gxC<9+6o4b=%4QbDQL(B3&(GiI>*m(%-wDkMCQHJaxZ-;RIO#LM( zYjK$GRc{b=c>dY+Lfggh&V9@2;?nZspFjyxo6NkZ1H0DTPBZ`UH#a>ItSwH$5ku(p ziR_{aMHM$g|KsYhmUR7qFERD@e0bTfC%t?h+4}3xkK+4*ko|)BUh~G!3cF?vfiL~^ zE9Wm4Q_H^qOe&C)lG|U0I~)G@Rjc#g4@o>}K+DD^4-dC`vd8K6ez{<4+9AMdYxi60 zm!Nv*+V%DnX`z2+iR%+hXIYic(@*Ej7lshlRG_Bm?N!~m_Q>@$V;&jb3@VV*%qMA@ z?pIbsw3NVTqnCWn=9FI;MjVKwGfw{wa029^`f0W)(|0(V4;|fwGD+1t&3=7HojEZ^ z{SJXZ4Wdx%&~Qz6LX^QIG`w(w;F-b3cChZjGb( zX2iq!y5OybUh{VLRMpY)>GRL>3-^B`7@Wi9mxzMHvvLTrqf>Acinnj|CTJ`ZufXQh z3AaS5>`I*Q$jd{Lmk*!WDei1V99+01g_G6G^mCsvd*|wng!HCXHz2bQH|}Wif#6(G zhHaL&_T})MlS)^%K|=H?Fayuri!V#iz%asmADn1k^%)j^dTpt%@fmNp@v&cP(Odqo zt3Mw#0WQt90m?``J*}(wFvA>}W#OKec-%AYv>`11Kj4d%Ffe?v-SYnhUucVH{Rh5y z_IoG;!x!!Qn^uIhcN6zJF6z`4C{@y_cgjQoNYodD>Ee9WvJ_cxM(QsW;?3)|ReW6a^@~p( z?z=KFZops`(6V_JEA21KDVw$)SN(AMZ;o%k7&V^`HlK-(HkwHw&F)@1_a?CFlGFgj zP3q{pn?&ll+#yAMVyI*Er=#Eo74AIcjeDw|26sPI>SQ@f(nvH*R(2=IQA7W1{(LH& z^wM*=Yc>oE=sHA8h;B7;k7$m)T`Ae*qnz<94ld6#NxN^##`iieP#y6x8jd=9yxPq> z*^vjFZx2Ywz5Ws8^2)6Whm#LX;Ayj3O;G*w(qY~pl$)Pz(DAnYso}t3Jb1+FX&qsI zGLc<$8@_BkkCrA9eLr-MIoqfOMnND^%o?J2=OhV>@!m@_6pNC_TZl?>B2QH>wD%$0 zT`Ww-e_vKleRy+u-0lQ}j&J8YMy?;Wtj=>D-hu2LI+Gr{j>K##2s5cUwH$vORC8Wr{0n~2I8e3 z-k&3SZ@l$+J^D5B_8fo~h+1R082?Ofn*iO7cu}@^vI!SIokPALy4eY#L~-22M99{w z`1*7xDMNmpH1D0((6#zYsGnh&BG1wcuzHvLtg~XB^J9w^UfmFF z1Jt8?Igh()E!_OP$E9;$$!%9z6)$n$@06IbjGJ!Z?6ka(hiOCB@(jT(+A=9LdrvwE zrXd+QYHB-cUTl4~E|MaAc$S*S1#y#J;$VI3TXifa+)lsV7}skN^8)SGE+GHP!~V6| zYJ1jd&QUv&E#bgXYh8)J8Jke{0%~;QTQ@zLy?eTFmEZ+DA5d-@n>gAFW*H{t?>h+* zY}!;kI`O7d(!g!^1l-!&bvCAXb`1+jlqdv{A5!k+W#pas2$f}FUAJ0v;{e6p@{l(g z2I$vO*HvhS@H9!v7JG)Dv3Nfc&7pm+UKpp1?H@)&3JHgKvhi@wZ%%U?#Ux14c(ciI zDRB+iachS{wt4LiL1%hyt3yJ_CEO5DnW#D8&IIGw&W}uXvpp+BMvg+i0pAIl56w(X z`s@AV`N)nz6#5+;lJ&3a{7l!5 z*IS)5f5|l)>G(t4@GCE3NeQ&gVg0%Bp1p43pkV5pA<78sRDoY9hkaRlJQCI!O?G~} z=^GVdYm*W){QG3^=KTj=lrlf-IjDem_Zvt>((~(30~@t2IdbL(Gei&fJ41 zTSt3Enara1FW#0rS=8g}elCZ9FGK0YK6VMx8K}q70?BM>a>g{Ohy!_ zfdZs4xE{B1w8RSV{Df*XezUh09+1m=8;ez`ytgCYfbeQ1y$iR~9+12|g4gZmDbIz= zZfTicvzU=)O?TB!*G*jbeP01JH6LVfZ#|dcLyx@69DnCuRV{++pxHz+A<#Z4{Cr&5 zN>>=B=n>DCj2}^#fY~onav;+m=s-F zkTQP6<82Gy!iSCuU2Q|;%bked`_zNfKEW0+`&BB#&hhmJUwV`#X?k(g{Emz2d-c;4 z0p2V0>6FyFeOl_Z2^*gwlbKYzb4x4Ji6zm`J?y`}TTm}r!Y*uo^p`8jh6H`SuRf+Z zvMaY{G#HxE1b^Xl^AiHZEX5;x{s{F0UcG}lNFV>X0?#J0mk@JbkXo{*9)41*p^9o) ztf_jZSLv_M^7DB&JesF0=f-^{%b9|vGLTypqJP}_iH0U1ObS2D`!w+uFs6R5NRs-Y z^TXhi2mUd;yYcdxQt;gf2Te_w^vm!l5<&6wfU&!xp=YtYKOz!jYp%-Iyc|@ly*(Fp z1Mjd^*Z}`6#5kT_Ky~MX+28J9B~y5)7%B)C9#T{TbHC^ntuyGF=)HSqX=4kGf6-uH z#{x~QZf!31lEII06D3&qwkg_2^lFMJ)6FUDKbAsDK0?RQy0^BQ+_oJH7gS;WO)Jv| zc0Z?4g@M_JLv6F`uFP4j*smTOYvW2I@cGf=cY-m?lQ2AwQ)|D!&U%oY#u|0L=2x+N z@{OCJ7}lH0t%ZV?dZ3}AskWRiB%_kY9E4giyKl{12ufO@0}fTMo-E`v!cEWOeMh;; z+=VEsAC;lxmi&wkq0fHh!^F>wD=;tTL*b=E|DKeZKv#6VowT%9eRuD)p7Ttd50T)7 z*au}1(W2gVA7{v16-HPBdK`o_t3GA%)#b?cK>kExEh*_mzOAF^gbu>P=&-!Zis7zL z*_)*23+=!11PLNZt&fK*p)9&?=)k$Xzz@f(RZ0LIhaK4$MrCmw4Wc>^FW>i2NC>O| z9_MI6EHfIoExE5dYPDtag58~amkj(pOZ^ZHp&}i)o$~xnp4x)P5wx$QPXAbaz0y#A z*YrcAV?zrw!d+*HlhM zB%jR$Rpn%*`xT-YubhYR3Ba;}3$!fAgqb=u=FwVH3n)_FlkH5C=SywmVeYDhM zM@RQtM4~Sz(J2DHsi$;Nm(Vb*h|`tbe%8 z>2$Tbd^XhO(h1nybb4i#+SrJdWggbIW8pOhgftZ}cp4NK#z7v|>ILZOz;P`^y9#lt z;V<_qa!bk{)-%&+%)xlAF==kEmyJK*WPJmuDMYjs*n*E5e|(dLNTsGo)xKzbw%Z)5 z@>amAs_?Z6l^#usUq09v_u#W=ne-o}rl{3ZuzYtVs5zvDxWkAQX93r#F7V$4KgU4* z{>6(go5|adc5&YdN9C_wB5by-I8@u#_maFyXyWyV!`U&1$b}EZ!{qRHRQfYUs4;!0 zBLMpJg+qMVZ^wwl2`EB+s2Bjc%yAo`yK2^MU{p8&1lk|VF3HAWjGRFYFa{#1Ua!9eOe&VeICo+iXuSqgQy{x!s`&ONn z7oPPYc-7n7K3gODlDTw-;p-AAZHXK9*(Fr`3ZP@cuW&&$Y8R(!Mv8MUfhIn_$I)nq zsnMs1TOC0Df@|=vS)9tdyp7R3obh8l1e+N$A}M6=m-YIghizMOwd7{E+r!^6P1}tw zx5>zbW%(W(S~Lrw-?kiPwseqZcYYuC9-| zZZ-@G)yJzfrG}`-h~;49UMUK)rwvGFOeN$4WansvN?Rqiwo6LVYRgaAa_|3ga^fJ+ z2WW8bPW(zBV%Ag#?%z3h}jzA~aC z)}FY1pOeWGQwXi!jb6W@Rakabl$lM-PagX=30YNZ1b)*m^&v;H@>w(o6gy?u{qN$& zRiX@N4;3)J8WeHAusfZH?lBq|&_l~l7TW4v>-(Is#KBU*4tL}k$gU7J{=2wnDZ=>| zen>sr-fWCm2!;-K`Pt7MV4JbocVBk!2v+5qX;-X<{I)xTn3fRIFJm9j*NEmuhdvTq z7PVFRHN`B8mvCd5_;RQ7Yh@o{Z5HY`nn9J(6 z7h7k9A#YJ+K(}b?DZGA@uB!nP{asB{E?hov(%rcy1CHp4W!NPz2E@o%e;t?e8^+CIM zh*lZ#y!11%ho<@th6$qKhoFvgk=rR=z(NjtsI&nmY*!GkAbJrgEi8y4@oe-vJ`PG4e_Iv zp-V2LLZb@sVscPaH0Ytm{!S;2nPBgmy(5+d0VYlg44NE8UhmvEctfh0S^xexcuqH? z0yoZzXqO^R6%tB_Rn^_Y7%JTrw`^#7Z{LcTLK#|14Y?8*($CzBt@QqOcayKZ_pOZo zq-)(XbBNhSr{%$ahKk~we5~tF%oJk`qi>;0c$j>M<-rPl41+Q~*m%O=7Mp~5W7xUF zR>+9Yq&;jP!nr?gAWHk0XT#`O_PSvR?H$i%!i4@;HJ6AzF5bij`uF_P>z9{bQ&m#v z>vEwZw1|805#mA;KzIx(M)DO!ZE0$n94a&=HVjDhdf&@pT+S?CkLEx5}NF$AztpD)R&RlrJ= z!;=Rv>H=kJ4u<_$Gfk*w5m^?V$5=kEN!Q5iymGwtyDsnsS(fOBKiT~pC21tm>M5Zt?VM}BrvJ`*=-?dF#Os9B$O%7O&afk z$FarLr;aW_eSDknfY5$yQPhUiey@N3zPu>~>~`bz0MDfDTJ-oJyd`)POOh4{s9q{B znAt3WFjYaLgX=Nb;r>1HRCl8i8K^lbFD3AWI@LtB8@G>_v)AdVYQtOs4sKMvePNq8 zp;n7aXLYnaGur6vtj_*L_1+0+T*<49f+@$9_+Tal>f1K9;@$aMO<))w>gsduf!`Rl zlERD>@A()d@}$^;yR-{QOP>EWmDeBDj)#-v?%jjYz1(H@Ees^%_`6Vf&l{!UfQV#x z%PKh%SbkK!Xg~8fp)8B+f8IKFlS8YTKK$iX72uT5PKz615FaNh7_Bsmqe>ll+w#pC z_@bE#Y=9;S4EiN{K7Q9q2gFd37^ix<( z<=nU8%1Zv}jf#jQj}b_7j0qmOrD1ChA2+j#pLl|w*8||}(oLY}YegH^$Kt1F`_fx0 zIG>nUFU8L~PN>O3k#C2C)|K_d$>3AK^mPm&*(xThK+$8xr^pT0AXC+|s%70_oL6Qm!-Q&b zB(%+1QVIxuxhBZV`nk0_TcFgspvKXEjEhHsEpE3T`OBgaM2ZQOFJgpm`2LxT^+z@# z4WL$-ZA6-CwtM2H;U>UcVI%ADaDoMr83;(rVIPs^!!-DS59T7%(v$Nuj*F$EF;hxW zixXxTkuHc6^v{l-^!EA>;Cod4in8_ph{zhhwb(kLb>{hB?16*f`|huJzt^@+uakWL50bh1Y_`e0G57h)L9LPFUz=Lv6VTQ+X~Zm6PeJp3 zZp2zFZv3R%=Z$$WS$I};MM1rQ7R#(Yj9|V=CX!uo_y31IF#a>T)AfhVuJl5~VR6H5 z;8YBUL~hv&lp9la4z-S%7DXe~{`L473>1Y31|!B6R1UyVVAJ-qt!+9KmrUzyybNx? zelV+XU~D+md1Sn76f|Qd77e_caxvi(w$hbo@*`lgm9V9K|K&s?&jKG`qL&@}9z^$f z)Azy2mHn`OSc3a*_qHQb>-yjK*Rbe5r%g2LR}J0OaYrh6{yowM@=ZPd)#kuE*gTV} ze#pKgCc4}Y7uY@EQ*$M$js^<3x)#Wfkabn@Bdn&(jfW zbv$-t?d=+x*BzupA>y*mc$es9Ll2Y$<*pl>4*u=Wb=JAv2WAz!>)i)qx7}H>DSq-a zekhz2;P9!azkFkHzEgO(Qt$Oag4O#KA@Vr@2UB5_e3RcR`K@5u$6)EFkrYj`X1T)JaQ*oFA?OVid-x^*pPP9gW$b9@Qgg_ zbfEr3+v1R1AHVxL-qdvuN84TqIg9nPdtN0GaDl9Hn&FCq%Q=ZfpRcU_vT#zmA{zC~ z{HCnBSFDe*pO^$TW*wntmus;Q(4V$`3U%(YXWyi%z$1XJCbF{5T3H^D0cIf2;$qi} zG5+6bozSEpz2au)i&+om*h@H}zQ+=v(CItR<|kY}+LX`5BQUX_W+Z9jbEcy3)9q7t z=rH=R+vw8ArJ3X9&D>(yN8t1Q`t5P(c9V3<2P`aiQz*r)<-6%;4;0Dddax{L-)Xl=BFAS86>y-a2F9 zI%Pr4`t$cg-Q*H~fS4zh#S^17xaprZU(Fi4fS)f<56+BrzP$Y>_JL2BeB-S z-^}2GF=&v7S5sARyRS+&Kd}PK;=L2D)&=7?$MEL@T&0WpjfThQL)v!RwrW?ObCUB; zUID)2t`+`}Eb#%?N7M(!HsJYr*Ajo-=Eq@M7KEVMo2$uGuQ8K|qoUsrYuR|kK-9`K znNP4oMmNn<>`wo53KiAA!uf(RZ&9cDQA9mL-9`(q2n<-&ErJ% zvmWFHBWX3@_b;S+gG*9@9VCOk65tf|`cnh3*G2>vmymT*^#b9u=BN7G?JC`8k=?=a zl*jMB`5Mv-0>jv|V!j2DI&R_&$sH=3hjgOgsfW_l?ygjT%L(u5V2obdLr<|%PW!y1nemTf$>@<`(=iD`)H`kFlh&>7)#a%^YyH>E|+KC%p-Nmp-#iVrl3d5AnM1rBzIQ@z&>77yTy zo3aeu$yaYAirGeBLp@`a*8ac|<|^toxh||XL!IaDgu~Aiv2>|gq*LSjfJ4y)&%>4< zh6x3WBlK=_4L2q9L-{L)U$s%^ZxL#`eJ#v2lp6LSRaj! z1{|M_C`%rd(%4}#w&Aj2vfpfMDf2Zr?DaFdwo)I`(O)}!G~7QUTz{??RFC&0n9ykK5r1_PsS5j@30WgWDHL%vpWC%D#ZPgPAv;5mMjHT~ou)3ti4-40xMf+3 z45-y_?RQBLFIWr4-G29a42%Exv_3GXMMkOB=k4d3A}`9!JYdsX*+O4Ul(M=NFcyR? zKPSET&ka@jye(Ydo-?t%0gEJ6`tD%y?|(WHEJju9^LBAfU0>fJx>PU0WiM5MjMEP> zPeTC-s2PUs4&K&Tw?9$N1s}s?NA@2#7*{|x)t&=f3l=K5G((vyhHr5f*sEJntBL$J zw^1$ffI5_?U4{K<{&6#p3WU!bGcO9fntWum<{3$a?m z(UMh&uMRRt(_OoWY&RfnH%dF)i!E$Fr2nJe%^Zz(b<>;|Fg5qH#sq6%*wAAAwBZs2 z`w9~*nR5sa&fuCnt0A$I!$Q{n;P?^hSPe~VWx=O-L~(6NP;bsxc4N8JM|8+WI6g<(W=V)euSZ0=O@24# z0&bI1GUS^kmaFKk2x%a8USt&XpZUdI+j5d}D1;OIsaHJeJ4B-~d&NQx5=)_XI&dVz ztWOOShOccDT@<4I_N~2q*j3g(UznxFoGam_dlRJE@_3ZqM>O66x+{1ZU0tS3l0i?F zvG=S;Ksi9YD7VD(Kc}POrx)d?$6ckbse)`uFc2o2#1E1C+9iy5oF%#yPq7p4K%U+4 zn4qQc6&7K=Acfe7AW|b{xd36MAVtu~#6tQ;mIH>Do`RPichq8CTl!0{LfEjviSo3< zmt}>pEd>U&bs6v804-VxJ=%RJe*1Kh`L=z;^ne1i>w=K$f|O2OK1(T1*Vcd*T8R$Y zfwMUk#XaW&K9rLA(TN&I8EUd{l@UAe6YH znA5wq`W}Fps3TnbrWOFhB!R#*U}7{8z4F1G60jY-p>6}?xf{NE`nH8LX=MZwc48Xn z|B0xEY?ma$mqa0u1ddg~tCOV^>o=j_F`=iSE8j4P3kwl}M6bcZ^cz^cKvL`(kPyE! zL?=fx-w>*!ea=ZjCf5$5(+&$ADJw2>8_40N#Y%Fhtw{sQ_9G>H@*aF5xwA{gBvQmB zI^TEKrf7QOCG!uylIC z%UDgK0$z0UoP9h!T>2!3MWDo7sfLYYm(kwbguqwgsve6bx4NhEW@%RNK9NLz$LcG@ znl8k`WEmj5@sT2Bf!BQh1wHu2h<8WfG4R}zjUB2#04yNL-=*G4Fvci;3b*2}ATNJ*ET3I`@o z{7G;SDIj3EpVSXAtZWv&N}#w&FwQH+P&XfvmJrXD@1Prik(|ej<>KfP-xQ33_lcGa zOQ48IFm@<7ImR2#r38LQ7ykYYQDxjhTi!(PhnbfOX^cQ2xJY8kS!r7Q_U=}F&}8lH zLaiM9=Fx#fv|J1Q{*JtRHO46v(e}`&#NB*n`7g(y_xH=x`9zd2Z8j7J^f)(VS&XfW zV4uoUmy{E~4q>IDq0dUx8IU`idtis3S>K!G^YLID>Ln5$qX~<=2`ju7+fv}nJWGz# zP;&KFqM_3PQMoN~QQ9a*L=UhJ<;cl}5q_w~Qpq|@mXho+-QoZH-c}Kt6@k1c*;urb zfU|MaMxa{ch38^K2$Mtv(?FmJC-^*tNg{)30LJthWfRHuMWw$< z6p%#0nq(YTn-Z5?{I9AVbU{)_Lq}u`nYBRBd}lH}W@T z2GPrdqcWtybH}KqgP#SJu?2;(1r2(*Z8$FOG8E9+yp%eAiR8D5g@v(&1&wUDZ3|BF z(wF^?)*6Bzx@ktbE3m6CH=9TtJFOhstqn+1jSt9}`5|CHx*$5+lyQwI-v7Jrp6G!; z2ca0{zAWaxY&)G{uLJHyCpA%UFsy}%w}r8{1H zs2&c;9u7>1g}ufkNr)60h!iuZ9=AmuJ2)oa5!0sgLH|R>SF>e#eXBE<3)uYqY{O7o zbcbFJ`(BQCBpT42-o_p)(Nx#R;`w^o&nMW{LA)<$6msn7KOzAVFn$(Leik$c5uYiX zj7tq;U!`=;WY92+5HX8VQ&>A^ry&JLEU5!{vG<}ZcA_k3T;+-!A&UJ?zR8<>o1hB6 z?oZ~!E(o^B3$~yUWU}Gb)T@qtEDU`tOzo)lpx9B698zJr4^mAUijo8>oUu%p_#BI4 zuuW(k4^Y3}OtZ%P?m_bv{*i|GCEh~weEm&8VEt?ESJ5605pa8<22~~7;?Z{s5qAnx z(O4?ecmG<7J6VW2ShixO;E+b_nYC9 zg<*`@evDbUB&~W41g~%8-5i+D)VjnHE{~I={TGGKx9ZcX@+9_T=dzgRvfPTV9;{m} z>FL(@>rZ^BtzAOthbChUlFjlNtm{OyR`c*|HLe#_hAaw>x$R5cWL9#RR&wk=ev+)f zAvDBD7KKU{rE;+Oq0I0gr5dND7^jV3{hsS1SCPY1k!z1J7GWkbz!It*>JQIT9$@V^ zC6627h#hGNmuot~r%b%!DW7`#Lj5vmrVl9AXWG{peT4Jy>dUaeJz#37`njr3C4N#O zxt2<^mTI;$X|nRhe_|;Aaw8E;4*laF2WCK#ZpJIlN1pDA%Z+JpF0{xT2WH+uv32cP z64s0CofD%6_r>Fel&)f7+YeviC(eof>Jg`S52Aufi@Zt;8tX{&$$`2&e%gyPGlxZj zP5}v}G#aHeGyj>CHgusC5MWbE=}>=Ur5wSx)M_I+Ik0FrGtaP5u;u+4M6b|_mj*0#P&i0~zr|6Gz?5*bGUTt}){Y%ZMfs%KrG@&62>-e@kB@w>aguIM1P~D@oIp ziys3Q$&A#5mAKFS+q|9w5hAy^%6{O+`=nX_HSgh zs9G#2S}bUKE3@Wi*ts#5IMA0Gz$qDTsf75y)9`+;3~1?&r4k}qq#;KJ9{@yFH*eSB0;g&z2gG`rITtHBmg;AK5v(pj8FVE}>k+0?dJUF=p zhJjK9@;trXZnBM$d?#Z=%vU4?ZWjitVh4UvFAg5w!+tYOV>Mj~qQ_(;$41x3yZ+k{ zPI>^GYh=dy!(l88Yrq3`!Q-xblgj?WhkLwz~ zwic5Pfw01|>7NOiZw5K82RY)o7qUFRc#k)N>Qd!@*VrMso2I#$rj0PhmuN|F1evb# z^PP~qGb}>sb6k&c#2XGyixO;;4ai{*$hFg%l|#AT+GT~P2|JC6bIbzrQk8o4gOvE% z7J&QZ5S^UU;Bn+agY|xK2F!fe&|kjHKo;8jY*1Wz?gkVuYHofWM^Ek0W*<$vy)@vx zZb*C{&u?XN{(d<&0lhe_5oSeJxhlAxEscB6kt=>;CJp`1%)z^ZSMv@H5l9>-EISiSHdW8y)t3y?&PcZqSul z^*U=Q=7VkmTmd*5ssjf&T*>c*-vrrp}viHhL z`$?Y{eH+r@oISq#@YU)|vju2x9{lwvN9uDWfmDX}{A|QzmX*c}tnylp#2X4P(?TogNXj4kLGQoMdhh?Ycft$o zozT*OE&KuSb0DsAIQ=$$pJMP(G;Lvv*Lf;+`0ULyrda;W{W@L#e&`85BJT!Hy}g%odx`m%~_7oX)*lF#!N&j!z{oh#=@+T3|527rh? zZ;tz5%A{VwPzeQAa0(BA3PnmUdjWH}hC0w1&y_j>A+}Mx0(lpNL-VlaklAtIl>5z% z+5!(ZAbtP5_v3m5=~`0zmzItU{$MOq#NoLeYigD|@{y=m)Au=6lEG>qQqyzEp2yr| z0g}?g_q=~3g)L+a@IfGza3E5UzEQnK-yeI1J_Ikw0iA)P+>9aj1l#qu#YwIw|WHIQWGyZ?mA!n)I}R^HjigS(9ymO4lCm=UzKFw zdGt_zZE_9L^KN1dGEc%<`d3MVIKW=2dK}yhE!}bZ?DZjGb%`fr7@N2~m zcSh9^sbl_bIESEg@HJqk{|ihEnh%(&Y}-s-@2+_LMy<}i*|K**`^!FDwwMwIZhRnl z^A#+1FL^(*{SPr7T=M#<-jVB(i;>mc5;+z03*@~ZG(f)uk_E_?>@8r46mS=8bT&#J zo+SYkXqLP(^>I_Hl1*0^7&BgTdp)_@+ApFWL%@d278^#zy%x&}d4IclJF>M^XtRwD zXAFz)TwLdt@&sNG6Q6e;k?a#lYr^qRK>4-skWEy7z2feFxBCHvfwsJr>Eh!#Ch7M2 z09`)0-4K!?glNaKQ4luC9{wP8PCrFZk_9~B0R;XSy>+w?lS2kT z-~m2h#iW0$#TMb%z4`(ET(dOLwz>at27ELq{k#Qv48)M>c=rarm z8r#O|Ao6eMakK~m+dB#zq?qJF{zvElw?HG7$H8KI-n4ZP(O7{OsxQ1TWeCBxzobCe zGbE{44Lt7Y599-QBE)Y5dLeMY+gpdrf(D_!34ah=AA8FYxB!s=f-xCN0Mg&9AT5#t zcC-w?5i{u>xUs?5USR|{8o%5uU#FFl7yd7@gQGw0PNo8hY9$-S zUnZw)!E{`e+oKD%QkC<|(@hVHKeYoMDJG$jZjF4d!!3)0Lf|O`SRqj(0gQH5;;u%0 z#BO7wtGJX~eorWJ9b$s9L0S0MDB`Ymy~J+raW!OsACv8%L6ht49)p(<+#D{ z)gO}R5l;C5q!a|cNN`*Bmu}zcj;A|&6YZ#tLV@Z}?O)yscWrhhWKlftBewKKe=E5^XmO6S$g#zVLvod6SLWAtCf?MsBKQ}HH+5v z0F@iPbBw*#qz++UJ9xZ8`e6>m2VVUwACtLXTL!Do3A3aa+j_bd1FUxYpp1MU5!u-(+pERyI&{1xbMV&N}mS!rx zp?B{Y@9o4+;)R!SpTEIMpm(@gA5*g7#7eNTleC{dWH!xya(m=Lw61qw^o+YGM4zYy zP@KQ1GIn<f-n)f#|%vzKj0y?{)7pA8L*mW}UvAD6{L* zv(SxO1BwB&xR*~6ukEeb7AV+xq^U4i%x9&Kon1IiPGwVfE&Jk+ zK_bmWl0RVl?%wD`y=>k@utX`3W=tpmmz_%ssg3Gv4eEJ#)u<4xg&PxrcJ{We5tyUt zMO8SSu>E=Z_F(vVveKL&zlv6DDXP+`6fR;&CDd~ z4ZB1FfS=!FTSB59Tnv}EFD%Uh{T&&VG{0mK{MqsmTmdepBN~hcE8WnHDevQUMB-!t zCOU^2xV4?yIHrXh*Gzg#6&LqDi@(S@`fxU&oIYKtKN?-`&42Vx^{uACAt`+RY&sGi z-myp0foBb}t{I&(Kj+l8WJoCKjhiXfov!ZwAh`d+Ew~#*+Ocwe(Y4~^Zs$PPMPXTY zbO*EvKQ|tDJ06%W?}W|`K~9R-Xg3A?e8vJ@o!noKIoNTV4WErTfjs#l|7dm|J26#- zzxk9k%?ULvVGE173bxi*8x;=h|E6Qe3>vvIo$hFKb>`$__NLpkK*mYkpzJKX&^?wq zRF~4Jy*s6o*0&0*ab{;GJVg2PF~hA@%9p%hhAI6UhOk0cUje0W-Ob&MUjfS}L1UX! ztJ8zFveYUDGJ7rUEx%#D@c!e_s`=nlx=V|I$*Xej<1vq*d8XI4X2tows-kHJSRgNx zR`KVZyEUci4z6lsR5Mo`IjI%EdlcSP9d1(x!4;BgUAK2nBF0as{@e1Lv=CbZIcZ>_ zzMka~#b9EhqC3+RcU&kd(=>UqE@A<+8ajc~uF_;*KTs8U&#QU&R*~crdHR!tX=%U0 zaIV*1|LjGAm}$wm`t-q7exY+?_i~glZioMww9wQ6IjMWW(e;**{Pg^7T|d6D-Vc1- zuPc8nc&yDEaai%05{y_9;no&s1ox5gGCxY2=SDk;o)?a8EnK*ng$T+Y)x-k@8#|iJ zT~4eS9s0=0!VaNx`6Aq1!qN(4oY4o@bC=Ry}U?HpPo;2YUa>h@h~S| znbQ6Ya7tTLy8WItC<^yN`ttYqSgC`Fkjd}emGkmOe%6TkzYGm7ZPF}kLDSh`&GG>f z)$=+Tu2O(9)PmcNKgL=sTe_qkn$7PlwPY?r`#Z$5CeHscLi%am>YH*!i&fVfwy*=J zNY9?;{?2>o`g3}r@oJg)l}}aI+)UHFKA$hL_PK_Uozv9p!K8}T2u!hV{Ful4bdQ;y z=iROv(a7B*)lYi1^O;K3&?yWNYgOlzh|d2qnZ-$G>Bd3MslB>l#0a}l`n0~;$* zBRm{fmitBuIwZR>$&5c%;VD*65jyrR7-HGTzl49OcXx^+Zjm1oNPTef4x6`;U_Fl}P3&ymMcM^(d@4 z<%92PCp1d2DsKh~W_KIr(1f+C9Z%-ywi6MG6q8Zrxs8-z$7ZjxGlSIp4+_=a78L83 zTV;HSFKlj zr7?!@RjH0v*J|F&I?gKXJl!^W8uWZ$-a3x@d6V0{^1Vp~Q=fk>Hm>7OYuoTJPu&ho zEXAwkxEj=bmD1YDW{IFK=8f92tT`3*+OB2^*e>QQ%w6OP)8&0a<~kAzzKzdUgU9=e z>go7jNrzeOyI?PL!HbczUHE8#u0ZzC?2xxrocG;V^`|0Mn!-5SM^pue-#_OQe*Y=# zXD*|*xd!D3*PrTD&r-;nh++S6aAfy*V5&oI?{C5wi_ldwU)v!cd~P!eR2gR3Sk_8h z%d6YNc`Qj@;PFL}(1S1GdkZt}+qtQGD{$!Be;N?>W@l!f)xVB+&w z;>G<7JBUE_GBIcDV(tTo$M651)0~;lp~n;{{C!Q3b&qe^CsbVoSHRr5#fUHx>>fyM z1;AGuxcZ!toWEB$dk)b~+nPSnYoKI4W=wAPIdbIbwf?U8Dq4ZwcFDW`H|SBTT_3!H zGxuo8A=wB}D7LKqs{`RVK0*R$2-dRPM$}=>5jv=dmO6j0in+)|xXkUl5hUxB1;t4I z38n}M{vv)oOnsIWZN9!fO4v|XppicR{qTr6I-tRTOm<>gMJ`0@H|_5Wvd9J$i58TB zedoD2d+(SmmbkI=U$SY-WoS#eAxpV>!zi}f=BE^kxkp%>?!XwDD0&!AItouZ+!ZmV zE;VtdpMm#EfU4j}gjLmh4f~2FeQY!M>9I^*i^3MsgJ6oIUGPft1) z%_Cz2lyzL|*iJklsML5faFWA9eGuXxBDK)z5F?a_0L;^SL%&34No!4@5r}@gMW5XL z%zFP^zbX4YaiT3uavS2^j6HO4|1z~!mH0a1Z`NybkLHsX;*+Nb zkr1P^?h3nl+u|>w7e-+a<^ZYcU()a+;0s@H(oup6n8%e22`!VaRy6@B3q!Jc;|A7> zQ)071FXLmeKEy=1-$WTeCyOQ@;O-66NJr5~hg)VE1a(flt``!*fg{0#v%gatBB8hc z&2wK+VV~2SP~vNY#HXSgSYPk6c%*7FklmVlx}WNyx`{dED$VoOC+dzVLT_eFKMd~g1c|r zQL&mpF)e{UBhi`y*bvigEzJUv=f_jeggfLK^sC6)nxMbug}moM^%@q4<{nZFhJS%^ zM|7hMFTs_lz{N&*Fpk#8eJ^Ep-qea|qD6jTQ|^U3d^7A1`#u3JYKWz5IG1m1s8;u{ z)@Y-SOb**PM%+B816QI47dzz1c=1@Y$PsPV_acmrWi-fL+nKP!HI30mDa1j!-$5CW z60SAK?+4Ktp3H45G&1?66cAPe7#(m%XQWtvLvT?RcTx8H2T;lV7lhs<0lU)#6M>92 zm=`jb2eqv=+7RLHv}JgbgEo>EGLomKl!PtIwyKO=#7!9>fgUK)O2=f3e+m!3DBIiH z=ws*0iYvi^yWiIuf{ncz93&)oD=8SQeNhs#n}@KM2NkPl_V9x>VGtIb8a8(v}RR(l~Ye|9x#)2C` zp;}Qm9V9epU-Lu0=Ii~!v$Z}eKGLz)RIV*KAr5KEH%?u?SMS38A9THURFgsX@2dz( z1SO&ODnUTOPz32Mln`1V^deP2q$nMvm(W27(t8WNccg|Uh=3r7^xiv2KY4%WoV(t; z?z;bEt(i=oB+ty=&y@Z7?)toKVix}J=lp}g$$H7=EI!%pIX!1|82<1|{y}WIp1Aoi zMF_LCJjh1ANuA#eM71AD<%X?6!5Uug<4>=aRU5&VlBLvO{j{rQlck@*KjTQd<(rsa z&+%)N9VU9er4pGRHkfy+3EfhB`9uR~o{KWi#q+nrjfuNw7EzCTN&z~JVJo!I4O$A6 z5&!oT6SZDWRtIv3LjsX!4K2gi!t6s*2XYpNga{9|#Hwn%N|;?2rqPpZQz-mED0~E` zQYv9U*@QO-DD3am!0*%W7E%2K1)#oZ^nBCs{`bTjm((_ml~Do2q|kKl4R?a#Dkxp& z2O!6p9G6dmsG#QKV|~GYvIr1WbIXsJmZLp|?J(V_4`kB?sA-L!X$|<#rv@8!ko`!pO8ZZPR6Km26*Q z@KFf){ZR6F;T|1GQj8p994m928EM#wYGJPm8t2uPJ^o-z1G4RK8HZzWn5XbLm*4*{p`HwHmIlmG-(8zEiWOT`;?&7yM6vb#i5 zcF8i9kmG5|?R#;S4ScadGNY72u&bJBhg$Y2y1mczQY}o~2P`Pu( z9hPAW65J8zQoC0&7aawG@3Dkm`TW&adE+>+ah%mrcuG3RxkQd_3{DGjkZ+xD7YGOy z@DCLr6Vp<&wdn}BW>&do-d%bm$W+OUr$~mU*aDQ=Ce{VsC9t(aRYbE2aRnnPe9Hq{zqRzY*;7`AaxIsO&5_3 zm2tm8TQGBh;rs1yV;~|AfXLH}Wxa~H7RuNM3$>Y^dR@$)t?#pBTkVl!9kcMIhZgfNtJJM-FpQBdzJMkg@3#)@T8iXaOdtUkj00$Lx`DYvz&o*vChe z4+rE^`sGv9UfY)QNwYO7k~J!}bU=r3xir|u@Y%+As7FP*Y4Jfecpw`p6pCRIemP$L zLGT;>w66Kj`naLfMPcG*9tD*)op^qdb_P_lVb)UGg+~07&Q-|eFC|-}sU5~<- z)M~aFKQm-|3Xo0UjK^bO{JPRpT$JB%0UW!J=bYHHKMMCz6EDltc!=jMaNoO@Xkpwt z!JnQ{g`RPD>7bNii5DqXMPrA06!(9fe0n|A7q0*$5sv2^=~J#K&l= z^;T*;B>gA=`X~?|tEu)8gW8xU49QJ?ML)Oj8f3`~Q6PgT@Q1w_ekv&Px@*}Q%or;4 z>uioBBU0zGcA6k*SilgK`pt9AQt#&?$XcOAO03}PVe}B<{wO;LuE1|9QYvk<>+{_S%w*`(w1E2VFuk*N6Bxg@ zee>WDp`a%JmtlBi&(ZnmMhK`s7to(;B$a{e8d=`eCwooj)&5Sp=ghk6%$lnH9R*R` z9hYud+D6#Cy?j~>I4#C?(L2bTmjZahy67c9Hs7sBKM|g>t8>_&)Ay_(#)|Lr79mem zAh0(V(3@-YDr0S#Id9)OXMaQLgkfKp@QqlCu$TxiG&Cc1Z>b{d*kPKGdfc`$!_Zi@ zJZ>pBY$?}>JafWQWH`H80O2X1;VBS5rl}@RoYIRB_3LL;>1Q04J3GMVfjkgutEuT! z_bv;@h0i-P4(A;o;8*BVd1+NM8!M0*EAStRh*iZYv+vsH$Cc%VmE|VerF#Y_<02*G z?HGnFwqFTlmK7Lj1OQIIsvE(ABigEqwTquO%jaxcgN;H9t*dU!GN6k3;B_cnjY{j3 zQupm-d=dTq_Az)=ETc*+<8aW)f#4HoS1J7%uzrlym?zE`H+gdgomvN+T2qxOyf722 zc0Zr%ZaL4m-eb6sNcku62YY@vncGl9SaABjxa5BuiP1)87T4d!05l-*ZFNsg;B#h` z=gh-$_Ybw`H1A(58F-GEfz>e==uj6Z|e5{Vhs=DL-5T-!x2sO!-&Qu>6ZS@QXMrvoQDZPZE3Q z+-|%=4>o=Ppn1v9bFBI(jb0yy;7*KsYPD(<&0jF-o-741kHPVAPl0?Y5fs%}5Y-q@ ztNJmO2q9n$A27zF_)~<}83@b+0P~Fem^E$>%3w^5KeKryPs;N~#lH9o#Q6%uUymoR z2jjQ5ONYmR!(*%v-dl=|t>;v{zmE=iL)%cgM=XUX?9+C!r?M$A;1t|_^xoRws3Rp@ z9>rfC<)I#-EycfliML}-_4ZwvHr{8-PM2Dua<&>$`QMeK_4fw8!?JkU8l$bcTz*B{ zMmv{-@^S%rxyj7wo_rGF`L9raAwhp3@D)|@C&Bey%%A#zpZXe;M5AUN2P!hiDl#m~ zY?Y2`Q|E0`=WHfP38XibCH?Yd@_!h z#h4u=r~*u)db@<%x_Zv9xC-(OAtx(NX#AKhJ)B z)o8K?qRa_V=7v)AK3}oZP3Bb}9w&#Dkswn2r08X(=)3Wko?V)z#QXv?lk@>e`d)bm zyF6=sPiD1iYZsd0F@H?LScNxcPdsW*9Pg^BK!YKWnu=nXigN0-PieTmu{B3Y~=P5I14hCg^c>!oJxr3OO^Lj07Klw~(3<<}xu)*?*#OsMg`ZckW|%nX65 zrZ(D856qM3lW5J9S7jeTd#JjfeR~yB*RNGga(&G6XVsv%I$7+O-X0U>=b~F1qW#+% zH~y6CRo{j|-w2cVCjsWf{^pTH^vi|CH+FE!FJG9c28tti9L;?7E&nJieU4&`l@jPB z$kB5#>E(5L&S-@VTX+Z%3?UTkg%$zW+z5}_q@|)*q@ot_Y`2topGd|c%uxvQq=XdL z8@GI=y11|BRqjQjHKb*|uWSSb1!4z7qtWVuAz{U)k*|rTDg)s3=zrYS;{oe!macnAqOfb<5(fQVk=9=c>K7Li0O%i`rw zIole6JI`9*>IPGtPfe{3JLXucQ}pNj#*DfPkDL_{t(g_EsTDC9fBazy3(@nPiH)2Y zrWl3gsO!w`QP-2qyK`58oA1Bl9dcRctFAwaZn=(p`t)-*JpJ((TjDrd;&?4K^>Im) zIp&gHU`g*QJwf8>{Af^^UCsO(P|LxJta_r5&0AQ*|f)JrcbY zA@Q~UbuY9Ygcq_O?z8VIvi+av+NAy5iaX?i*?%H=j;#Jf_bN}W@MbLgt7g0s=?xyW zu@j>_Pyeb-eGkaf*Xa1Bv+lB?@G&(LP@wNs_M6ryC8DG8LOt0uG^3sUQQ)-avjb|@ z18T5;VMaXy1gT_Rh&IJ@b0=Gh0`L(oLhu(MJcKd2wipr_a10AL2GFw-_c)j_O;HRC z414D)oJz2Q0FAnlx%V}8h+fa>9zXbla68R6`?s6pedWn2Uc-{x2h8nzMI&xoIBUN* z6ar_Ig)??r9Q}%iOeH^gBOW3w9x||r;i%P;J8=n`fWS+iIv9Qc!an=O#GK!Kdq#CZaAOL6;Et zFB0DdiirJ>j+1Q+PbFL=&mN916|8tx8);9De@Fg%iTajCE!~SH)W4%_6&34rd)7;Y z&&u}#I7-#X261Hm5@#A0$>^nEW++|Dww%L2Fdc_YUmcy>i!ftDOb8mOhs>j>BY+qE zjr|J44n1Bx{JSO1ZDD#&1j}s}kU5sdFHW6kpGR~c06c^c-V1$uIrf^hI*GU{i8vnH zGlL@f%7bOhyZZT%M;|z2K{#WPG*uw4_JGiu58s*(E=A@*+Di2M312EPB$YUR8aKn< zgc2hY^5QM4%t= znJn;GcM!AF%Gn|ZEj}F$9vuyMswlbfved$ zYsjATj8eT99b;bZ2QK$FQY)13ONkD*J!9MG2X6E?N-3DpaK8tx=?1E^$*Qw;htN7b zI~SQ^UhD@h_E!QFT<{aasM&I!gXJ`aGW88gQ}PDJ;Lf zl9L^ToVAc@>n$1EJx=gF#10-a!Fbm`u1L=b7Dns@un~}n_v1c-TYw7WB`M1;35n&= z=#JoOaN)`7`AI~`FWg(cm0@vd5%dZkoF z6kpqmD@5icQ7bty%a0ut8@T)JHTr%!^~il;P?{3z(AGlRmRqZP1#Re$Vkg(tII*5~ zLCpSqNovdaG)TYtsu+QF<=M+H&Me#hOUYKi35IL#bP1G+J`k3t)r1QaBq^CMwW;um z5r=nR6u@+w0O~6b`ocQcwt0U~GB#nXj|Z4D1aXJ4m7=lW5cV{Jmn8h=@UW zwAc(>HmH!jWYs5o-+84cD?FK)tAgfm7##tEP>`8%S+N#8!=<IC1jyO-7n-7k?`2!Bmf3sHXHug zC$ptNyu(o(?()PbRF8cW3~%Q;_*^TP-zM zSPCBrG2lC3@#n&m7s}+nJDOS8V|)IF8x57M%{v1lDafd~t^BKKy~m|hk?^$QBrK-c zr1eO8{jydl**MZ+uhuE+5pZ+-;Zc#t-roaV`)*4z~B^=qSn@FhjfD8eN#F&yvuu3N!G{pe%t{1XQgd$He!ht`UA!VZDvf;&2|q@59;q3xCzIDUgO9B)i%S z%%$x3X|LS}7(_uv$nEN1*@fEkEtX0|!e5k3VXO7A4KWYgV{WJr^ZpyfNk5TQL`JI^ ze32NwX6}?4EvI^c6nQ@+{9Z{Cpc1d~`3z|r-MQC3HUjWjc(lljD#{i;3=(m&)A^mc zs#lsqx9_E$r-GGB4L7RAAZy5PQ%=pqn%e-b-QoW*Ne7x$M3NL*!}q8XP?_NXNecc$ z&26tpXt)-f95V%t({J+sXDsT+A$_N^Q8*RsqrZxeyrCQ%(~wWogbU+pK9Rz>D1hmF zohfGE(lGvn^OS^6tfK%UG4IakbKB3Cm*Ym()Qo2N5swyCAf2gZ;8x54r}PMXqaZ2F zehD6S7cJ+g3128k0@xR`)wpxyaIo8HUKdRjP*N&x7n)HM-weBWj z0AJHc-GZb_IE3oE*7B%2?Ho%YC-{Zt5S9;;Ay~ET5J&T~d+1)ulO_-7|M;pTWxL|+ zFTY5c^EknZnmYjkf(`)S5II>Ar>lSRqzwRwi%_@Vbd^q=O3V_I3Kn{R(hdidk@Jtj z22{1#FuJycvDxHgvYb|Y30niY$pH)d@+ggPKrZIp2ho0 zQ8GNthn#;?fkED}(K+mF8Mi~B<9pmFElZDp3+E+;$u3#@2?;qW^9#r8ljl9d$|;2> zCp_!0FFW5Orh!2q31(nf&Qb3}s=Xgt&0BkRK;}<0{>qU1U(LXd82^=?P6lAT@DCXa zO?ZF7RIuISVsk%keta=3zI(WlUm-J>;sb?e5?DF!aHF0=^p$)K`YmOy|U3Gyi7AZ2`qepOd)I)&|$7=Q=6!!N_H^{z^FqsvdzF0TsRjw z5U|wdXPoAz4k05%s%a;q0C?G?crxs8W^xB%ri+jK(pFkBLq$OYk+!b-0^vA)po~vz zDiIAg@K^#gkci8)I%`Ym<==R~SO#g1I6KcD&1EV&z?WoFR(^IKzHwUK*Q7x_?D$47 z!=LPoYds;&-N)lwu7Q{Lv|q%R;aMQOKR8Pl9(YZu#SSI_(VV7;WRb&eRRnbgN52^i zg-v*+2X}c^dge=bsSw~@5cCfYh#%6*}cpVW;^?lpUm9W1FI9Bpqw+Co-D&-=r6 z#H4)#w?)Y5aPfNmW;MS#+l&2|W|y4!fJ@C+INCPi_tzPa>brX?qr0SZxZ9MylJZCF z2$}My^}XT%&v<1U8cL#ShzS}%f8i9p(Q<7)`38mq#nC`duEm_fsjmPZf)s#EA!&dr zJA4Bd1$sxIU)t#;TRY=d^{jp}>k+styyA7k2ZNC{+FdXz z0!B!MZgkYxcBnOoLM)s$19I|7Wt7=@YJYv5pWv6C(~@b$^k7pjyP7@0s8krC5c-vq z<_^OfPZPTV0{tC3O_|V<;C{nmX88wlg|H-NuIPX>S?Tl6Ig{_G4~t5*o<>DG7?b-( z0gc5$jz|EN4*D=cf<6R){cL7qo1!g1VILcf&!P>GE+qx`z;c}Y90AE%00@Q@93Rfs zD)3h3L`!A^6BL#Kty9RUaL8qO*wx)#X}tojN~%yDmoFX!}_)u zl7PvsA}wYjg9h0Zfp5{k4lYx?(r2C_Q_rX&z;G_poFd__2qA#{{hl~j5dBRPa2FhXK6hstmMqKekz7Tr3b+O^^1-UO~cE|zJ^mN+T5zq)l0S1gC24AHL!ka*PVpJ(y~`Z}W>`)gq+8}zGWZSNaA z`URjN8raBX8c;&p7X?<#grOwRuQoMLW0E)2GoUcB){XKoVf3poO_GS06eQ__owxxl zR(xCZuySd`D~u7>R)a+Og;6021tSEZ8-W_bnQp+_1mHENQ)ec%%m9f<|0ft~J)zNE zmAL8gwu3{X0@Iaw>ceJ@&m1J(p*pc=9+P*>;`_`4oGf27yV&1M2>UCi^LC|>1_-jl zb;;I^*%Z4ty1tSI@Uk2JBbD881Y{~|!B9mBj$tt3>9%-qTvh^5nsbpfftvM-U4>Pe zlO+Jr_3XKzdpas9FX)vLfGoa;_GgPye0K?JWEJOuWx-Wv$?sXFmX;CUr)bHr$owE` zWk7sYk4F59A(`7e@uiusf2q9Mo#($Ds#VJhXv$a@1ch0B*|v-^<*y4*jWDdh#Tu^; zV_g?3uaR>5$}b9n2F$)-gm1LUhNU)x`ai%>GYPMnREoQKOU`hMeRoZngMuJ{!xuuv zg%gxvVNj!LSj6@UXR82@!vFPb`s_9>x4SX>%~GN8e}z54zDMN$>`58zM*I4)vO!uh zgqWV-*vriLh*0O^pbf3C2-QYOAX^^#U zSVRbx?VhfhJAZSt?b05Vk`5rQoD{rSJkVmYqQ%~WfhDCC*UjIsrgE{oMs`_fivO79 z{a8%8q{R+bozUO+0jZ&Z8C<4Im`S(uh-bw?idukpxrv2Y-s(J3GbMI-;x8)S^9btV zpjTP|GFghfz4Lz-=NoxfYX@jws7Ls9al$_&XS~TN`}|!2ssskmLGw8w7qz@UIlF)S zcYQG7bkVl-eed=#JA8S{*<_#bj$Z0rl*s$Bi*xt&bXH1k_7~cNJ!YH|-J|=q{7@}z zSW)S(;K9di4R-(mXpS~auIv}|*HOHYJFQY&8Jg69+ocM(z&NS(i2=_ez~v~j0_sDzoLhK7jujoV=dm!eQr9avgEe$Of_*|3}z zPurEbXVoqIq%2{>fHVFZ_KT-+h6sgn)LulR9ws7nmBXcy?us0v!>Lh$pgJ8?bDk%< zA`jE%1eGDEMhDf*Dy}ZcH<6s9B?xd^aY!TL;%6Pmo6EARP`F#~s{R%`^V=yzd% zCM--6&3BTzb*AgDyXtA%Z}QY9P7rzwG4iwo_F7uX+;FM=fhE7 zK^+%Nn~V37-*Q4a5n!_a42-F#VQ)D>xDx0;1EW!vPZwrUnV|HLUktXZGoFsOv{Xg& zbAW7@+j8t%?Ly;H0Tr}+RDjEw2n&IM_R*ws+?Gpi_{9&W9-_`+fPFOIp)qcocjn%v zG3RI-0z6w%_5GEFOMcH5EV;B?kTN7saUK@-4b8V{5H%5;hnj)`s?g0qgW>ix7Bz16 z4DGEYo3i6o;wC*#C){5aiinb`gS@@N!8aKJDXco&?B&{nE4InB6&Hw#5c;wNVSUc{ zT%mGXk8Yob0EkzU^OEKzIuST%-9qO-P4tK8uXCBXWH6 z;g?hjt{69kNgY^eMZ&=4*q?|={l9n}qVavM(tXPGl?em)iBPt~b&p-YNn7i}epV&` zo_GcYfuO&^ShpC@JTl3qz<^ig1UGg=FTpnE#7zql*k zY#m&xPph$ef#Ncr7S4OK8FBTW!os%Ed`-r%--XXkD!`vHl{mYcL4RyAA~xM_dDl{` zjeF_n84t8i_A}um`-glNsz@L=udH5?061N;Gre=ae`w6Pi0hQOlIS6`Zd5ed-53+G zK5_l>9%(&-)h_=<*W``NK+GLsI}G51u3peN|BkdA_;U}IBF25nOV|Me_@SHc>26!f z=k+(h!W?iGr5%H3q8Mj@CT-xd{8-}N8nLC#=C)u~H3}dNuaEiU(O1>gA>ED=U;gG}q|BBw88Qme7ou%S!t~fWot8{a|9>1lt$syt^ zN0=Gr^Yo&n1g|*vDw)L#ZH1LETHHR`1=w{uX}glxSTrdM&h=FXUB09)x^)+$by&Hh zkFL*cN>5R9_$5koULGS>mf)_Bi6~snwzzi{1T0Hn#@TBQJ5bjy;U_LJ9=FS3wXi%! zQj9K587li**}60#qIc=nw~rSzOM?EliCMVT#i!Ke_r$p&RR}7w5)Yk&rHzBAcHaKj zFf@pa`xB(fN9`N4EVH(}ROt{wkA4iVFkOtj%$q=BkS+~NB_9>uwnn;iNK#4UE1hJb zPjwRSVp)c`*piTI0eWQvG#35EgD4~#qKBk^_jY%zvC1r-I9ZzpQpQI$zU2$AQVQ`d zjr^yZ91(N6N|kDXY8@o>K$lT?tm@c(VQJ)Ib40G;>3G=lm%e_J?$hNNf357)s~A#Q z9QhWROr*VvQR3NCJ#^oW(?PRjaj{7udkM54yMOhGRQd3=Eb)s58~wOKqR-4fRsCms zr)WzhxWqjaYFaW8hVX_|7 zQ%(cL=P9&_6V21HdlF+9MqH&!V_L-rrc};xK@Iym-3Qh1Q9-_Ix^M1DMQY1amkkAv z9zDt`?a&!E&Z^IStZu1xoKc}cBh$zi;AqK1_?v6B3jzEpK;qh{0M?O*mq&hI@g&AG z3u!EmbTp!&`aR)3=nxWA9!Y3K6aRBU>sCADd3mI|Aq^R}u6L)57+^>PYUBg^msI^N zBla+$IjrZSaws{(6)^fV8g+bB$Ox8%m;PTKhxo)e>L(KwvMbJU^}md*t`lr+27xUt z6?+F!k!Z+(Zu-B)k3JYO*$$+7Dl515OB6vrBKwgv z@rKyUtm(j%wjuYN%Ker9kS&>aGN&8QkR;+v_bd3Q4q)y#7YE+rC(KA|9}dK6x`}g{ z+|R)z{4(%M{AN8oLrb0xbj502#s_!y=z>@n8ieNhq=6A*pW`CdH*L(5VRPnU+t6AI zPz3}hKJ@QT7({WRo01U2kNo>lgD4QXiCQB-mpkTu-chzMJGs`Hj5J`S<{px+5?1zV zER8ScjU_xqlf&m9qbBVgOB^Q~t7h*rzKOV3*4Lqi`H_tZZ=rcJkh?&&zB)3;XO_BT8>KayFQhOD|r z!{*{FC)T*x0+^Nn66Q1yh;P*33c`%ArgHzvwBNZER=X3C@V@afa`*)H<; z%4NUl1V9QWe;38SgRdFziZZzVjd$;gNo&DgU-$h``ELqGjdVN~Kx7 zY+(}f6(`%7=9-zL;A=dp+|B1A`%lWfU1a7}or{K`p_gN%a3C`pB*pdVex8`n+)yRl z^WD2;2CwPK|9}iX%7*^7qEy&J@bNPS4Hq!?3XW#qx`)_Q)5UN8J9F0GVJoqytqXfo z7`$XA8g}@gs)UcKh08D95FYuG+9xQS zkW$8*>4$)`zfq1AkqgE&WP9uyltSrn=SXGL4>V-ckbX3u%A|j35QWA0B*S5}>O0iJ zAYmsO0y0b++gu9CX3y{>2BNCa5E=uQ(gdTdd04(2m0D$KB;fnfpD}NXca-W}uRX2s zEG^;ciBq>o-f{j1y!Cedql2hiG~|u`lW!5s&$-#uwR;IHA&Ckun#=sf8}xuEG-OoQ zLBIau$XJ{s)5CJN5vzM7v($63*&)}uw97b{9!_h~RAKn2 zQo{rF>*J8VDR*;MdvCSywZ=QGg{O;vymSW3KKrF!-3$} za5+Q7dO5#F|N6_i!^Jj*>-1VeBXb!V-!w>`)BoN)N9 z0Ao}^`MlT0di(f@n@M_<>h3H;Yo}-5>TYQG{CwW%ybwM7@70EHEz#=8WR&Vv_hyZx zFMXN{Z)WQzuxFK z>iPetsP&5ei=rNuXL)NQ%k%%Cs6F;V3vOy0*k;GJl(@Ze4B~8k-@jiu%Jlhaz*=q6 zqH-3ewQ2d_oL3_pB%m0k=;`j3x~Le%VJq9-SkEjzP|fjrtk;GB}aOuh=h#C@qQgj zNFFZWdoylNiRKG2Mnl6j)1^(TZz5V8movL9otw}9+?aCwX=@G-&s04^>Q5H#_B;D& z>bZc4f-iN&0qo#13QfQ%6)uw4?t$_5TRG3K{>Gz-#-C z3dNI<|2ID^gyW}$=aGdiQes7Ag?wSL4+O7Ty6Crp4w>ZwkuRt>f+YS&;We)H6* zU%bil(!TMNO(w5Jbyrh~h)Xcuo3dD!lf66V3a>&5ylzOTNKi1RHAvq>SRaJxB(McO zF+Ef@7dMyqh|LV{%28u2B=6-e1G=tt-pD>OHij`;ph~yo5o* z+XzBD9zVaB$O~{>co@e^5nJ(sk*+U3#T#xECqxhT=4#_-78fqpihVyg;0IJWSDj_T z?u^iP!!eLXaPgTN#T8Mnu-q3h$_ve?_L81Vmcj!(hV4sC>77Q&WmQq8?d1dXNyJRm zTWQIO<40WUg$sRFsFwtimTCMXv-Wn8HT35z?Yxm*m0OwNw?=|@)s63z8BgC%NK)Li z*xshbcvj|QKE5DNpffif!1>;|pNRmierc{!LfjL&_g}uI07Q z)#mV5!mLdU{k^7mwY}C4k7xmNJBz%XyQU5#$q8`NX=_oCVzGK?8Yeo@*aG{T8UwBj zO6Qs~BG`!gYe&M0VrkO=`lLJWf!C9YS~&y zjS;RqN#~k33f?zU;M`vbaoN*a+bjM^^<9?-iAh>`UsO4Z{JqCkAhy$S>B{BchHUum zFgd4!`XKagIGYf%=_XRSF~PD4QDQn{S+s$i#!)}>cXQm(cG;oIcdJg zf6NnRn{SjqHl#Bgs!+@BTh+s5%@trZA=M%~&GnH2_J}7OmY_#5=#qCF%xgLUp|4ZymL@fjaL)+EwF%82l437RG3{eexAYg3B2#l7}#%Q-c0M)E>AV^T4e8>F4|UBKt-v zmlvF>ML%SuKjc3p0d#5T6l1?*p3B-}xVn?Cb15GzI(L zPuxLZ%S+z6P52~nKp(kQd~mGT9c-)j5Xcu9Lk7D4Zyjk<@yVltww)&<$O_E-pyN|Nd{PrBeg3WKL*V)cos5RzlU70eM0?0V-tJ(0JrjR! zPSk{|)*ktq;W}MieP?PNx5MPqPaUbyGMtN=JC}5GkZ+1D3HZ%g=72rN#lRLP)eC(C z%2zQQSm9(gU6STrcs1_lzDnBg8{g7WE$MdF7wjo{?W;jM(dJ2>mA@R7DY@KHvo zrbqSDni{ny1Hohd9NStMrQLSh-PFH>$2%*1O}~16D}NyOlfltAebB=tsSH4!qK=AZ$C6y>#VNx$(X)npd=cJFMf zIQ@2?(0>li_|1CkU8+j!@D~SihW^cwS)m-6os84sV%BD8DB5YniZStp@RcI9UcNxs zYoI?ycm$PZ`?)`Pi*||_j5LVR>&n;HHU67(xul(>AbvP4RaYs{2(9ZZd!^<@9+6nE zb?dbooQ2ev{@X>mL^%O$NYW`C=-zG2C&0ceeQvLz!Z_tEbxvU&xLj^6ngyaY5DJjeGr)or&yF7zvl5f34Oh8%$g&x?NBuWxA$ zcnAR+asUk;IF7;;kzISZZ*p_^+=T6Tu19Epwfy&s1IqOd=$cJLevfw5LPYRON;(E6 ze`rF)3sy=4S_rd_97tDAoJ&uRMPCkNAV&}o(ZBx|1k6DJbMRPXnBP(xxj7UpM?nkg zrySVt-mFr3b zZX{27PA<+YhtNF7kUk!V6ONNe{#Isy;K9j3@B|`L)`ZGGdl9WlBi8gb9N~@}gIG~e zIF8jYq8wFDATn9PsTBX5PI^*C^jTGM#w$Bs&ZRygY%01KAB^eRm?MnNF?1$Z3*KE< ztw!(P5R7S(FKQ-4WRglnEoFV4H!m~i3lyIR6VczkL1nJXrv6pikOfrX?kdHI2d0ax zC4Xf(+&EGA#UOzhDE#FU)!4cm!ulM%QSJZ1`g+439Ao2Ry}fvUINiz^_GA^?uH_55wjT-WDad&=EikVVZ!+<#^DW$0A2Dp-2@^m zYk~n6v!{qm<#Vb)?5DRMf|i!Pe5F6)qviZq9AUdufjbw?FbYwpf@nZLQnz8$flga?d-aL)4p))BRJv1{ zI-^)|+Z=W3n;15(>$a|^Vm_KLYduQ0b7J^+756aq7KzZVS&C$|4_rt3pQ;wq!bxtA z1I}L(SjgYj;pfdX(U402NH!PpHg?IgWG|v5#25Mgf8=%k8Enq*Nxak^8cbE#Y|GwiVx@vKEI=47OwrS^R zU@p`MwMzLnjNee@+L7#jJHFT1Iajhr;t+EOPJe3OzWcE7!Ng%InSI|LE?2|W!NtgI zZrk0d>z%b4txwgJmyj?g(dED4#|_f%59U7C_XHhx?Gb!?crG#C|K4hfp-1-5E9G!+ zugdf7)V6gFFWzPjU#}XDbVmE%hu{y>kL#}2P%~w%VYBhv?CEs&Y{xEk>4psLZx&r8 zNQ5~m&T$dqB*vbZ;OVw8y0j!wk&EG{4evbrpTE63y;XAC|Gnv7r(#_P|#}TT~!h2(dno<0w zMAU$Qw0kVQ&L^SKS?{ZB3yi;+)tR(y_vChy-KjrS37K%KJ4$7-uekE#KUv%O`Au;3 zevGpjvqV-7LPy0Wkc?la*Fl2$brww1D%<8JZPZKkO>J+`alk~8R^(tQlp}{+Fi6&*q)7Wl@5k7soKB#ysSm}t~(oVK4$+ohR zW@^{-f9^M^pNuSHQO#?qFlJ=j&AdL*7ZC*l)elQb&RkSD5M$pR5^-O`rLP0}z?S&( zJm+djotE1kvoMKtXrb)ZE?yB7()CadZWwAd*!(+%5caY-76~&m<(XLJ`~FdOcqj+g zKX{|}(7SvkuB*3eJ?oaV+@6@MuX-bNKPJ-twZqI0c_#Mwl-*?i`HUAbNm2u4|#x73;1jz-M03S z+YRIRRj+~Wl0l%O^=%t3`iigQ^XjedzDju?uh;B)%cBwO0E6y7WtaA$>Ul>{M-I&A z(*uZ>otNU|I+YB)u%lV+_zW0jwDM9$08S{ z&V&~`9+zEP5tghL8Aek*QFO@t(BE{mHL+-d4IL)#@+*D(fX|p3xJ64_i?hCiJH6FA z{*1ed5oSHlifPFr!vaV7KMU70=wkhniWc)N>1S; z4;gI&#~pN3+lN10W}gvSFAK3P?9ZUv9r)=;-G}=3X5urwg&w<+Fs{9Zm*0*$!mSU?!!utu0IzZou{9sos^L} zJT=*syfZledeg1b!g&6Q!SOnM@DSIuwjK7e{Y?O2mL~KbuIaxrK8{eyeFo=qpU=xR z9?bX~S}aoQPET*#oR3l&Q1?ZU#6R`ah~KJo%pEF~51S?*JWppJ#1laRe|n_hpcPf0 zng<$Eh2eN2+aC7`KeCMbOJ!*i;HCF9-H^CbjZ6P~I_fs5C3w&)M6O;&ATdJ!^H^~e z&!G$dL2eh`7Jc=UPZ_VOFpN#^pT^~N zLHCV0!e7Q-tXWG?rB-y_$ZY)^9$+1G_;F-jPo<4WoE)fF+LVfs484YM`qB@~l6^cX zS%+s;WIni;jNhU9g5U?kz&pIQYx>*1ygR37ZX-Q$`|vE^%)q5yXPpIIN{9tLiE?|bu6^&Q@R?@jE*D{%k8xduG`T_bQL zO<42lRX@vI_7WaRe5lvCSmP`0b$lI_@A(A`7*u#AD*QXNG@IE0kGt*KPLz+7LYfpE z@#UXxeVZbS_orI7R<{H17#=0MnE`4?kdH>wzlis910{WILj}D>k*}f#u{PIBrJory zZ{7c$Wi=55urOsaqaz5K)(8+$Qc3Lo(##N6G!f|q_GQ?5XvMD28+%(N<{$(p7}4}9 z;k_{_PCj3cw7)}Ep9mco5AdXl38*`14 zzKG~( zh=}=D#CNpa>BZDH5AMGSSt@=~X5_7ZZ-kU6)qkh#XtaGL8DM~v>o@M+&djv@^(^dO zR18E78xY>7y`BcGr@CC?n}$Bv7lIa-{f6Fuw=)p=&3>ftDt}rL%ig5n!#!D*-lnxp zUDC*1{KV-hn4jEUGv33e?!(a1SD(>_d(W}yts9WLJ!!UHX1KK=`D-DKP+_myO>thH zunbA1$xl2p#dMX*%`b+|-Cufqv?WTydGE?_LMbfr)9i;YkI%estncaBE@JugeB-h0 z#MVywc@ExsJ7CJ`0siIto%}FpH`g3(&Yq{?NIw$Tbo-8dr5S-lQjpyE2;K59Vo+T|1b$m6N7<1`cz5G}V@=h>llSD*QS(saOW!6kMv zX!0&nP}$o!GEk^@Ta;urLfQs0v-#rHt{bV~eE%mFPs4vW)nYYpPOP@oI7)Ev>q@bU zzIcm6O5;X(Vp@BKLXQ&#&K84Sfd4{9eCUlaPDatgX{9o zk9$&%b4k(ru9Ne?jW!rxH)((76E1|@7h4H0@92qSP`Nvss*lHg6Zt_=|=4I6Wj2siAH`xgI7ToKI-yVYc4O~5Uq0r?qZaw^`Nwo8<9z$tI5G}Q~l%H$2I3Q zxvYn2SI4v^4>tjZr(Bg(s>J728?NIw!*#)T4xSP0@l7(Lsi(WlA_rS>ax5->!$w-_ zy}{V_ykcChia#5gm4#1Lu2;J-DnPNvaF}D>7!#v9qhaR;TzIocykyIGeXXAmxqP2% z7L24md^dGU&V**~2NPc0U4-Jcp%(trDiZSxG4NNtnfX+ARg@o~-1=e&4i%VQ=9)|U zJCXW8iA?VvUV(FPi24Qc0_)55vGi<1>+}R|i=v;4twS^P8V|W;XvJ<(YgSakQCx1_ zzclRcSew;>0FS9>BsUj%{CZC(Mz<$kOI~Vasb^QP8|mZFBe&=OC7M1b6>~lc7Z70g zH6u>`F>(6u;tm|hRX^u+&zhl@zh5%T$I|FZJ?~n(U(zx)?2)&%S;H$hvU8tGpMxDV zptLglQ$^cO{D-&i5N$9SuOf(%$>Hg;p1yUgX{H@d&$aGHPCr$02Vgu!Q{c$@lFfUEig{NXH0myx=Sm$lC zQ!jBUsdL*_|Ec*XbFnqmD+6>t)5+v5+r_wDDjc3VVE^tLgkRGZrVM8*Evy<={1F!6 zpQ1b!U&&$0L^8r00#u*fxXN5FM3pyNt5(bP59P)hk1ompsNe_IK-Y0y9lvXq#Xf*g z2lBDE_cjbY=I90{(rx!~t;Iugg9HsiiGOUJUhO?&oMw zX#8eCO+%wW^TgQD&at7p@I1W}xOA(+V2&B-!NHRepIxdGjj2A`81gepYQv2i3WDDP zDSUx2;4^crhrjkjH!gV#n;zII>}IubqMvsA3}a82Q0lFY@kPT2b9ax$q%RtPDv2$2 zsS@RwIxgnm6-s|7JH zV3;VdS)79HWnH|<+|bEf-2%W$M+R}Kwz(iH=a6@`pt3}N9L->yljHAcp}}2;u#{Zg zS=tkBTh^;X-?pad)L(cA;@HPAj35GcT)-58H&10E(fhJ)FR~T-q0h_yNGn44&c;}6 z3ud)`xw11Hk1I4A+vfhuVykGrKE0KimZN;?vm^AG^^gy3?2Vofej3sHweHEXPCcUF zQM00SRTSr=Zg&+>-*>Bq`iiR`>{aP$9)V1i?BYs_M4u7ed}ecsCZivMC+Q?-=@6U1 zDMH7Nv~R0B4Zj;G@Onq=UN)uCKjkO%@3+a0))KbMvSTSWvsYvWb5s;v6!#4?%e94z zq~pHMUTD6vURzMMR!dZnC*&ty|3h?&6k_2eTK!doCmn`$P|L}xEN*N`rE@{5rC@HPL%)Av~gr2sb z6?z1np0h_w{pS1+?XL<*?ssp*Ft?pC2WiUk5PbP`QN)dd6lYja+-8fQ_1uK~?Z{6= zgCD(ac-UIpV6mI3pE8T2Dhs093US_9y$Zw;M_C6WmC?mfep677L~n*o3kFn61|Hes zp4znZYkQcnvFX=Q=B;dSaKnC`Tf4!nEzhPN1FAj) d9OfYX#eV1;?I#8ooWwecu zT)uKnbExGP)s-CnwOnO~#^PP!J5*7@id`_)FPN@iiOXB&Cb>=%22x6!)CO{1AEeFG!ck+Gg?hhag>j!GXls!LXZSvTFT8v9=~e27Dm`w_k4Vn!1!9{1S&saBJ*h|WNNVx9 zV0Ok%6-)*WyLw^YVbH81eh*o6i5t-b!iAx`%Hd(Zj9I`7q!nc9(W<;bq72!h45V+0PV*?$Jck9^ln+O{GEW}AobLZ8 z)9k?2LV?4YjVu&#HpR+r&9Yn8vQyR)s2JY(4~(C=a~~vCmH;SA z06W3>I`4sPVE7X*s*V^Z*A8bZ@`Oj^f~YJ{*m{FyrvQ>=4Or7O@8YvSJdR~&u9nI*;l8^He? zJYIRxJj{GU(x==Wfwsy2^b5V4rJ_dF!~Du!SO~qp|3QPQ`sd<3pQrq_?MZHID=e%P zrgy=j)N*7lYmc3i-r}jS{o1qc$9U+`c+k-}&}QcK)ZiU2c2y%+Wn&FwsMbl*`Fkq* zo=(cHPKxYG(Wli9zGEyKiCe^`gf`nd+M41&a+tj1#`{jkyHCeKQ5xQQCu!ifzCbaf zdoMQYz;{DD5I(ADnTv6Wi*ZmksR6_DkpG*E7y2n!|B6@}{_X30LdX*$*MFjKyx90_jpk^H>S&2n^u@Q=JZMcin6p(uk8ck;3l2DwcDuvIVaW+V z%A=yULRquIrDD3FQrSs>>?ANjOF+^03ml?@z}Oe3NYKv-v1;aGuFU&%O9_8VF@Hd1tXbq( zCMlREDe`32o~+E2+HF!8$pDOGFh?J4JPmGF%*VX2k9mz372LUhErLQV141oHC2U&o zKcOPHP!KiP^Z=p?ayda%tYE1@C}0rkYSa^y1pc@;PR?$e!e%@ljF0W`QlPE&Vjy{1 zhG0ShiSUVoZi1cmK4uN3WKcdMiZMQXcI@Sf7XT!`Jt_R!CYy_7D@BIo8w;bHRZ45f zMz9Z=MsVNg1`M((46+TGhB$^acuW%PoLbQaTG9ks0^XHG9sO<+LG!Uh^|2)VSA41~ z8o3Kp*aaSmxglLq*vQjlZ{g(0dMQx7dBkB{F82Jyu~^O?4YxicXVVuXQHeBL9-8lP zO?=%}e69CqcXvH>38r^gW|*x3HvEk+%cpyOZ!aRLlmC68epsIM!dc>A9H^}k=n?5j zdH(WY$il`^{r@hHch1spt-|zUmG$O>_pRgx_Ewuj8uv1#Cf+WkE+6Hd6q7f}uOl1G zXKJw0$XN?k7&t(dB9}GI#M>TJ_5}J!`dy5_ZDBELuEE|Q28k&B9or%3l82M&cbNBt zBwhpRY&N&MTwfjQ=|w8?PBydAJwI(f>>VyYd!HU2a*OSrV^QbnVOFkwG8GxdXM7zq zY6#k#3*f=N2as^r8=lv(N?EB}Jt@>CSgzM3kq`oDwC^ebc`U7PYBe>CA>8g|*cv9{~e zb}?0LaZ>&ZNm#t;h*~s>AjL2X(w+cLYMX3GUNwqAw*q;|lf-3O+CHyHAK8SbRURU*Vyf?K!`X*JxMee*s2(_0kjy8Rv7fL^Zzdh#vfIZgsI6%mL&LjGCAk$rNE8h<) zwh?WZG5LCa%~H{yukBWi?D@2t?7OIIZd-<2CVM>HBB{;ozw2$teKRCyu z?0B>^S+4jfzQ5jl_!5x97ch^&f6)8ljD}~0if2XY_s?x-6kn|XORYe!pmW=fD45Z3 zQ8GsCD1gX^x?BL0brOwr66kL9ucOUP?@M|N%kQT1z9xqgO}_jA_F4?fV{}Zd@D$DP zd4!7Y2{xXVK3Q$?lfx&<^z`g6S9RVQ%ayF=)sDp&PFDkge;yxgM~pffqWq%f(VcBf zq3R6K%tE+i_(hlX){~L`7Yj)*~*k2AZukFh7zI|~(RA2Q2Kj?S)8_~qF*FqxZW*ru*J&z4uk0`mWAeDJf z^Fs5UKir+iy=&bZPEI_c2(x*)|M1pgw=|YHX5(I(;SfocNL)+;vv-n6hN$h>>}y{5KPmdkT$v3Rtk0 zM9@IBs7kn~3SZ3|dIiMfnnL560%q;;8}5*Y!BRqDDU!^k`1Q#6-?6EK<5Fs~L8yLR zPE~H<4dQ|H@I)b}bgo>^92HO?iaU^4Ff zL4W@H85*6E%$ZB;*v)sCcRnjZRK^l-`V@786iQ~AN^YD=PP$NY+TKm&K8fc(+0dSI zfC<7;5y$-|9tk05!~!wHtQcq-KWvA9XGKz{wA$c8`P)pApGX$2Ry}AU6mY~OaYZE~ zu^I1R-GI>d+(GZTfr}RBm46QjIV40!3#dm69Q~!b4!-C(x(S;YY>kc)I!reBC5kt6xMqdsQge}{_Fzxg4fvkuD)la z(wf54nri4PiX^QN{gi7D%QlPNurinT5e> z;4+_u7{7^b>2Rk0Ge|@IJ6h{40EgQ=8?Va>v&%}CZ2B^_;GA>e5l|JozSI7f38S$z zq@lD2Vf*+2O5a^i-dRsh+Is0`l8v`zg}G&=OFwg&LXTEQj#@`fTH(?HurkqACEwZs z)_@S~1N@KD#jR|8A>7>|+&~_i^Xc6T-Y)_^9g+Aw@)C*Mz@o#G4l<)=iA}8ynvo}; z2;}adB5t7SQObYL_@7OW$gx=_9giGAn0?eycJASodZAa`L08u*zZxXQ)~T# zWk>Qd6!C;?FokTU13q3QPSX|Kfyg<;{_eT(yu{f9Uxro1%O^lRHsFY1B z8F{5Bc_lS@r501T1u~TL0z!G}LGYzJgs*%18(%kyEoq1f8ZnP`@M~T$ zoGk%agJX$G$4rEWe50YHVraHsFO*fx#LGN!OFVJo#`p#rDA9z>;DyXour+sRU=ldu z;ydC(LOt7*VfL}%A+ab%Hn`X(IvXKQ)aaZNbIqc{rPRWuTG*M>6U3ifr}12;x%|?- zbH_O(hRDT+QfjlnLUhv7at%n*qAs(t(s3T^eTpku7ddKIO0A!fw}QZ(mT?t1Nj!J6 zC31ddquOPh!(%#+Z()ULVWs(X;x5nIRg$8+?o-huUeRO;y4t?wLhM(o(63h0a#XgH zb)PaP@iHg9ZoO0jy;Q`#RI1g5_k`+NXr%6jaqskuf2Gt`h@WsDE9JMiXL&b&cF2P7xmGmpNH>?w2(JfPs{&TxUjr`j+8AhMa}qji7iaE2D)7?MG9QkeUtjfIeu*3iC^YD1?*v5O5>HU81x4M${9N|*9 z>b;ImWYY5m+-qj+>1e_3WiWO6k?hTysk6XvVvYEzDL+(SO~4yrS6Js>`A2?0_35~H zF^D-O>g;|*x*o#7HT5TE~o&L znO-bimStJe_UmsYt5fqo6|0<>vh6ek6+zzfnY*-?MDNmGi=t`b_^)!l@dA!Th^5{%A-#LM}o|e^b1-~=Z`cE4Eq+R6&PROLuM7unw_KXy*w;9weR8^8~ zwd?4Q9_9Kn!rsx~KsDQqbO(H~CB^z#MSZ$%V)y&^8z>|e%FAp9>lqf?G$RyicS}?* zM(;`G`w9cn)V@Cb`=`e1b7mwCWvR63YDh$0t8KBZ7e>_g)4dzbh*`xWI6YkSZAD!%UlmQhhi>L(4H~{aZ>_X$|jGHSc9gh|)ba zciRsNJrj>P&`_jYV`||Lk;u{iEP!|z^#EZD+hLN{%&}J3Xo+&%zb4L9Bga3TGcY8F zs`cFKR_ks^a+^06rp7w!0aagU$nig{zNY)h$Y1@H^ui#q8946vC$wOEY)z_bPjgnp zbBMndqF&N2wrvIT>)ONkX2>qBMtdzLr$ATV#o+muCBlN_btnT<&sx5Q-Fc4+i2Xd6 zzhk9+G|sre=f=oCxH?j@UG?Q4Bgz}0F3mFesiqR+rR{Zzk~)~Nj(X|Q zW0kj@;z>`~E${m%!b+T^A_qOm2Bzs9!3i#BXy|2`>hXS&Yoe^i(Un2Gdhe6xL5)a; zlvy+F;d-QC60_M6M=su2w?7?oTrqcA9LF0qoK4tC43$ZDp zUrnz%oaBn~oQc1OjJ;ig$k>FE7W9m(8Sj0r`)3#y9Iwi|$C#>1Z8n~8-99c;6yZ!P z)gSco#OUNCdwFlq!i$GYU)TG0e!Ra%-kq$*ZEogna9HW#(Agu$?4K9c1Dd|FTS;a6 z@*+chlO+xM7{R2q7cKfdDhfrD&cs$_^KgTkOO9!071{jaY|hZAR&`=*?n1>0wY)vL z+R*}I1wf){6C;O)ZR{`mnBY!-0hp7V1~&}UV1)^RME!QI>-eSem|N_nLQ*?-c~hz^ z_AgTvv{wYXcngEb+!c?9W7`u}j>hdX>zVz28moAmEvV3`dpGP7Lk=vd%~g@tfNk-= zZPrwfMI@AI%ROJloKz&k3Bz%QqxwJTO~n?2ibfYY#7&Od5KO2@;+R->Hj^)a-QM73om?BkZ8R_?BTOvXs}L1E}SzQPhGmARzYk`#Z>e#YyB zU|IE}B}LW|j|u(j=4;{lU4(+#Pf_mHJ!E<`XF>PS)r~ye;1USfN|M?!P{JV1uWPl_ z$@~63O#|+vf5c}02NGgQZmYG_^dBm&-3iFTU}3d9_)*I=G6nwF zNrrSq*C9?y9yIRHWUWzFGSp0NhI8WbJRib=D0OA6_bWZy z^L1{G)p=VeVi(wJt?{vZsQKB(F0}F{y671?lNLc;hktUa1m~CK1qzSxqHOM9&=T*Wevi6`GMN^JgB34uhyBZqW)`6Nb+ zk*UHbdcA>F6M@9&BL{CAlL53e^L(d_4`t^iA~gu{L1rNHI>N0!u(9=NS*|S$?4^&q8*O}gr?be{*(3+yg`~_mOt0sG#SHYOsf0hj7O-t4O;_|2Yw-rmm z!-(}$>Q(%TXGgVh6yM9Wz8a6vR%Q{gFR9LX$QZJ>$p@$S7lf{^-2Fi}2 zvmjPj{bc!+31r1Qj7zZg4+1;U5Ljko`{y zTFvF7=EJhW{>s8gn9r+WEg^qHA*45Dd>84j6>X@zbMc5Rx|SP%lTgcH>wy7I2u#}G zF3kHLo-PsiP-9U|087HQ^1tQ$g$&p|xoVfl>T>%pr!xDaPqf;6s9Db5`Z>3CCNB`!2|nNdNV(W5{C?67;pC z;rWVH$>%O#vl3l*DNUpIBH&~ArJY@wP2`{<7fuQJol++;18F&Zh1JH>(A19aL&Nj> zC<%J2un)rw`Xl4F$OLTb&Bm}0dGF9( zr<>EGm1kfg=?6ykxCHFD&3dA;&ysI!FW0G}&|)%kF|%@Y(dgE`-Wzh@hvkNb&r}sNZD5HD$uF#f?kAGI3OqNXNkZ^B;0a zStpQc0FhG+k$((PQV{I~HW)0+c@y@_4x4`Ni#$(*Nn-!6;ka4Ja4gn!Vfaw?Ambgy zm55zUT~7U7@A3HzYm>Am>vgo!RaAHh#Rn{uo7aD&!V9Fr!?=xwYfHoXQ4^dPXg@HB zeP93_gcjnYzZo75XGql>2xMrmMgzY){+NvOLp@vtkWI;SlQM{88k_=8R z7<~9y^55sJY!RV;Tw$jyBLA!e2wE+{!Bj%3#DC8-HcsDO4SDtI%!ZbS;S`n0=M7}1 z(K)1KcODzg@mTY1aau@Z&ilLj#RFfP0?!qgA81p;wey`COAi0F9J`h>D*D*>*~uv} zY+p*h2ztpFdPJ_oY3V>=_Bschx&?c~^h ze)mG}b~XAlHrPCY!-^MrAaa+Z2X%SzhlDEi{ngn_Hcig6wm%oMlN7eQ?uD(!y&025}*7#Uiudh#Y@z- zuA+>ohR>>oW96q%0zV4Bl%`~TrSWKCk`saPGw6?D zBIsV}TjlHSuqebQxcBiSyJ}a*mbXB88H2 zvAx%~BiG5{A?4#Zy=T;tZL(wxh)o$G=E_-NqyxEgf>UKqiV}x}W&(|Ng40^|baL1) zReDKH`mJ>__HNIW=d@SOIoI{PZiN5T+r|6sSt|GrSJ-0I`xv^V7}lj2NcqCC-c-I5 z(2>kHT}cqjm0{?VVE{-M>Aj?66r!Z!lEdegW3T+?LaTd)MIHYdp8^(20fX++N0A)# zGfM0y&>SWhJLNZXrFLPX7Kbdyy-*96EjatmqN#0EHyY!z9Gkc&{iT1f0Cd4HRP^el z6g7%GKB{~pnPzJbm8KIdK@|~oRRScIEdUX+D0cT7+I+PE zB7%OLCZ4v+iPI+00FsQw8uzh*LfO=5^7!eLWSA#k) zLCd-kFvI|A3wsBgD1Lcr(;-KPjxWi0ypgXm4kSCj@KuuEqQfyd+sPpLl zjF7s40&bw-&faxD*0=r##$4kATw?=V@%n&KHjrq9R9rG3E*Ts*h<4_=@QpUjk|xcP zbZrnxf})n(PX_EKyM7x{KLSgY!3~ZEG)4p&4Y&eEx%@|Ku!HLQThLd|*R1rpIw!e0 zCTpE%s`HYe+)=yZw$aSo3e4O?riICh-;)=~ zlPyx97Ab!via!~0C&Whw?(LbWernXW^2Q6v!wShuX5&g{w8kn1x`zgv_BW+jT16L6B0rbpna|M2<_->fyizSg>H@^+TXH_%$=%BmO(L= z0Wp?12BBTJpR}CXImMv-h zEoqSXbu636L^pC#!<4Uv^XRB1p>7lJmF^@5w(J}umNW~BQgMKFqz8u{=EaO>xkZ1l zKiNTD9lM}rZcO)k9UqL#;=H{Q`=dWbRT!p(p}%BnZ)uWYCBeIZVO_u)v&zW{)WJ55 zK?OFU48)X=6l-uU(iH?zn}vkPy*p3)q|EWS#PPVUlLjtsE^2npCyu1;xJEK@oAO&o z(;rlIvxDHGRPOtw&$0U6ZR$^>%T?ZLRLpO}tNYhtAEt4s4N|BKQm}40nsZ}}l@_rp zI!sI}AilXCmf0SbfGPPbbK>##r8ZqGWEI5WILMe(9Lq8y5Cl{J0f$VTM5Cie1wJP0 zq(G5%4~s?r8FPqfZxYMX#hgsK{oi1f`V0HV9~&=+dH(&Z zx%m;Rpy66uBMkkh04YbMoud9IPxw*($EhX`?62$ex2ChjT(`@}7g#i*ljA{?7Vv-`j(`Z7e%&EP-IAMR3L*h0Xg<+46+h@;~tPqT!M3 zXjGu2ZR4htl^!Itv`qeoqu&0S#9L&=SS{8tEZL!qA9bCljud3xVp(qe-o}1#U!H-v zkizAJx!q1`2IRnc6yV97jPaagA$sZHNv_Aa)>(s1N&0lIl zhAF#-^OCQ08qHGnB}?$J^02V-l4aOrS=Z;RQ@yaVPUuvj;OtKFLzxo%mw8w(^Yq9n zwlkSyR$*bQFg>(#7hx@`V0pq|c{sf;&Z(1twe7xlZhP=f_(b)9-w841<~Z8sIFKr7 zx5b!vj;-jFZ3CTTQf7Z#Vt*W@LYffp%6I7N$0WeVB=A|ozKl$zyn98KltmK2A_*)8 z=hH61Zp)9Ig@w(+lDmN-Q(|k^TyYItu?<}D-3V=4w>}s3cW>`9r1pOU{`+rh5)x2Q z7sS@V!s=kjH7spmcmq)xDSkRBSjfQvSN(c1B{4q^8dv{-(&elu{;hsBQfVj zv#Kn?FNI;1!jdgYwZ)IdOtd~R$P+TibINMr0<~z(ENRRv0Spkcx5GJ+f(f*nFmHeT z;LV$(`dw>5u&@wVG8eO79tN-IE;m*nESao?A2p6p`xV`{PeSs9 zLh_t@S_*Fj@03xEEdhA{dG}_~T6J4kc3M~hq#!vY$=6v45`kXK;$F;MnRsMaD`nv%2cL1bKoyOO|W(M(QhOSKols&Iu~92}V`feEahw8=?fbV);0t`8b692(=raK^cDziNhDZ3XjkC?{d}OWg}ay?KkLh zsldk#D8cbB!67symYEBg3&k+f2r<+M!GfP@)QR$Bi!LToFD4qTm!V3*{EM;2&y3ZrWK;B6%y8OCCn_@mq^{0Xe3sa)uO!1hlQ^ef~OV& zDd4#L5il&}loOzs>7W_{$uY)+bS#nkMPU@Gg%qfT$d?jWgaTDsh@*RfE_ZC@W>?DGsZ$?4ZxSgc5<8_E96cvrp)|EplH`6zko`)_20>E6P) z?cV#sROh%`o~`^w2+Fet2{$2*@nuCY_?{9K`D!Y`_DHp$NIhVu+fBd^HQfW+WsU z4qB5W--NzfhrR>$mUOuI9mmUiHzcu~xG6^w#&011VkSr@KuHB1g*+PFm*4v1+Fy>X+Wx z%<3!j%ayQ{KQlCFP)F)^=vES>HYc&DGe9nomQ9?Nt&7&5?k%NPZY6nKJ5FpnPCS~r zczZwi@-vV4&bGH2Wu43UayfLIihK}{e2{I-5QjKijU9SbZqC2S=zMhTb@}y`G#Yys zZ7BN%^l0EV-_3=a|B`-!v+pHm_e)ODM>6qX0X2_L@RSVtO4QxAVf$uK)pGLJGF#&I zGJL?UZbx>En>}?da((Y8pl4Tgv5#rwp3Bqu-&|i3;%VJw9RyX<0AA7nTcd8;R9xov z81~$RUCL}+=|22wn(i5V@SW**rf=+qS?Gotl%gCA&ECm5bzvpb=%>OT#KRwC3p4am zYl&`?dEk(E-~g>_Y|wuTTm_1+0=v-M5DG5tY?xadXj>d0dJWuLhqp-5@k>bpp29B@ zuUP}&IR0=P!bQZW8TH4Mi~J>}MsRh#ZI#Sb=L~NLVVFTks6mMA!`ay3`Rk#G+x%yF zlFn9~j#eDPD`K{C!l^gr=3^&>2Lo(c2GKF3VScRQeym++Ufh}gZyTXNEJVKP`EK3w z9blz6#7o|_j(>Kv==kjsD=EB@o44ug5pu&Se#6>@@a3-Xl~)L~HOdWrmmT_!RPqpe zu5))ij0>!rTiJ`;Y{mKl*6piQ)5)!@exKci^QS8U`vV}}-UxewnBgn5 zUZwE@QQ0;8givLWE!G&P^eErUw!n_F-+YMqoK0odCyXE5Fj?s! zWi^F^QLQTTnN#93r!N289Sd<)FHU7IPLj}c15B(0N?igqGDfWToH66Q17p4eL;EVo z&(vOOEzZ|=Pef%Tt{R45y()H$-aLN_Ct?#PV(ZHFlLgN2oRlMtM|e=unbgeeW=k{ zXNt~;P;Aa1Y)+6anTd-k>-neKDDlN4>cu3Z^;Rn~qe4>g+$8GUBuDC&6yIcNjwEW1 zB*)ms>06HI8y4{!mW@t(_HHJnk|i&LOc$o@haSBP$C?Y3=O?GsR(IdMbHV6Qp!g_o zBf#}<(--yZmBm)il}uhI<~C;REz*x?NDX0OqSSB_^>C7rQ!BYwr?g=bwPBJGDx9pR zluT>i^2OVVsq1dQ+YdCcEjaOqh-p)P7T3Xs>(~VUldwe5Oc_DeuFap0iODQC!Ai$V zNAFoDmS$+VaL z*lB1lfnd3tWOMrLl`Y1Ag@Mm6^X~e77#gGbBG8_YxTJDCxtqN6?odn!7Cs3lzLD^r z;8ZVb>1Qc^O^|a1RQ8qip%=j?3T6PG=3r1DI|li;Y|d*xim|!+ZoDzFQv>$3HeeZ4Qs2@Pu-|_BF84=B>AxW zFg$s%Y}@sVah-9e4FWVsavo(Bw&GpibJJ!{+@k^;H7C?ya&@ddrno(1oo*Ox{d8BA z)NtLH+lS34WjysMEa`6dD6EMXUZ4|M7=7|tpa0LoXH1R500;D$y_F2ctgg=#8iU=A z+!n7#*9b$Hz{U;Gyw%pu$bABIdnGoGe~RPb`1{0!lT2W-7NY08g-1URH)gSxKRq%S zkT4t)&cBAJk=~TwOlW-&5)a|Y-K-&-o%cIrvij_?&BlPg#g!V9WGK4qC=JE{Kgel# z(;JX?gkTxeU6(z+7ctuJQ$+7(j-}CdcCYd&II9f$Rgax;@)F^6V1nj}KtpzjVR>(b z%=B$9-sXU!(FI~mqS%z3MmSJ*nju2OBB4Mu>h)NyZ*Z5FbJs)Jie@puQweJeey z7M6s*>=4&RKqy-T27sav2xtbj=33Io#O6QHa* zL;%dsaq~{JODL~)G8=Ux#AO1HSCH#|-}T4(LCndn5zzsZc3XR6oByzUR=d^=c>z*> z(ksl{g@pY=j!{huaWp|>6|=!8I?sW#>!ZOwMB+u7Al1rQN#gr;N<@q}3E?khuw$Q>%b6FE zxRn-YvT9b6MW;AW!bS@;TQwWZa_$!Men89p{IE-_@O%j^;)Tlyd)%NgO)>%)r&V1) zG~n?H?k0ty4Z^8`{{8A11lLx*;O+|nz zv~X`pt}b_7@09^@ypus2ilhyS!oq*n2q;`giwqHOf#9n`z=%gf)z%>8EcWp;A$U1Q4Qq-v&WmL zi?>=)wJ>Iw2#`%$_NSg?1{7!w2Bom$Haspe z4C<*$H|vg~5Y94#1BOxtLc|5NK<-u0u+M~QWRdp+KmVP5lS-1Mt%AzZoKG2_X3_jd zM{?R@46rY0Bo5T9gjN`{6Ef9J2ON{(o3K+O4;Yt(M91=5nnobH$sl?Wl|9%^CYynX z?pF{!uL^Dw=U$o1@UVU4!$cqFw7->Z;|XENaTINyZXRxHu&AUX_VdY}aaW)I?*gO1 zxayYCl`_>7{t`7xyD{)Z$>qQP#0+)3M`FS|fGb9i-kSFP$J;erU-4{t00 zQr->}`TOSn6+y^lnb6v33?f`_>DlEYPx<1gCzt?v8iS@DxAc{lPvh006paS#j>t#x zH6*7iJ;1>6h)=BDIKU6d?bG})2Sd#!rF)?{i00>rLCOjEaUH}EcbjyUCS&T4=thMk zGqV)}BsW?b0k=sXQ?hpGtTYF6Lu9%4Siq$oriC=J%z!w}LE13K3(SdGE-431&}sz~ z>y5R;49yp2fD`i2FGs1XJ#|why88It4GS;8aT)$65oUmo=HTY9%81*aHAXEKbG?go zQw1K$^C!Y#7yD6pTW?vmpNg}~_e3iT-b8Oklga=fVIUHCpJ}n;yx^jcWZqlnRj3!v zm5qNzHPq0&65EwTO6kN6dov5sEeg@2;1c-@bEA>rf`nO+z(c`IXhSLcZTO$knF0J- zgSqijG3Dfa#`VIG8u#t7ErL>J@OVEtg|aiOn+lSQ!_nineYLE=5+$-(x3;unxze?s z!%4S}{4G)J5(YACAFe&k&2%~8?%HxS%)^aDM??m+=~SF;!r5=4#5f(cXuyZqOtYcO3O%kmmm~LIGn=v~7RihJfDEYfL*5J>JY`)Fs2|CM) zGAq(oS+(0P@SZeUQ81miR(Ed*H}NM54b$&Bu9{~E%&D~OX$s4ci{H5AgZzIcJYSTQ z*JU!*V2rm!=`<=>XFi!*wX5hYjo{45Q>|p0VZnz9bC66hEA8hA?v1zN$MSIoNc?uN z(d4lI&gAF|+7t$v4sA*A+Q2~pU09VnOcM%JUbf7c&%aly1VH(cVORSUvtL~p1B$N(g3M5oYVc|B=Jz`V&V5dpIg~a~^ zHbU)hdZ^XBN~!WKEKeg}In*K@7H%pn^6%COM{_j6TI(kS*+piXSQ?x$s*_-6-7Kg| zM=}9Aqo&Ym#&06}d>LI}cEX>8^wCUu>*R*|_QT-=)q$}lSY+=s44tYGGOv_>RR<2g zw%&i>mDtvj{GY*wh~y{_qwT@o#lfCzDo7h*b2r7@c-wYg;_d=AsCng!l=B;)R0`!o zI%u2x{gbDxYy~0TI4W|}AZ_1yf=G7Z>(D2F=|I}ui1-_e8&*pfGs^AkPsKS8Qg5lb ziD@geySLJAc2h7Kc}OnAlGx_Oz{M=rk^{U-p_WLlRI_IpjGmfu!zF0FlmUf%&`bY2|;UR9vI=YwSnShSY)QtvlIV! z3`4>qRrUzu!U)Dh1i$1YFu?@1Gk!C~-1ee*7-OCF5`sQNCN%-B`lml{V)$3jbp`w7 zsgy$bkzAH0HFaJr0<~dz#w6o^2(7?IIsI+wRTTdXlL$Y9ji5i<)Ca~2jPb^m2$R4@ z@WHg7BiOeZrJ~lwXLC+(c~V3 zC7J+JS!p0nqZPzQl2Togw+Y5RL%IKWYU2PQCdyX9lE@_l@s@NkMbs4qTBu+pllFo2 z)5MHB8a>>$s0Y#$jt3_eMAAQti*-IY?ChKmYcYOck_JA1lU39TDAGK=9_tv*{k8Dw zrt^4m(I__WLkni5BBntS*P6O_)Dgz^NAD)73Ux`n(!jy`^S85S zF^#(!<&;NXkkStyxZjPoMc~nPHxv4QW`ey<7GDz5`0})xyrg-@+0rVx-lv zWvBb5x!&z@Q_RS>ANo%b^9)e88J41rPDI7V@X?5vh#Rdpa1)s(ki#5d7aqs_bL z6ed{Q{e%z`80jcjt5pFgjNxD#*clTIn!_=}!Iweehl7oB2YOpXEeJItyMFP@tM}vk z4dh7PW!nW>`eF{WJD`QJSd?oHJ-&_$0;&L1^V3 z9Vj(pgvMD+u&dM(6%7yx{sXvcj1Y8R7X8&CkKb%hL!ENE>dBGe`lbEfn5CUcL+6+) zgX1?l?0F6pg7fkF!4;{y7FY?<{SzZT8lsZ_KI_9bGxK{zlu{RYD)9ic(Q?<`pzC*dIG5kt*L1C2mP$Db}%|4BG%em?A@j(7+UmH$T?W|{9gisJQ& zSZYM>-@cM)vrbOKbIS8!^Ygc?!mP%#@b0R77_RPy0aRulxTdL3RM1r|Va?PJ|5TUw z!-AD4(k%WqnbMr0S;aE9%9aqBs{9k5RNu=;ryy$xXLN_T)gC+M@%G;q|J=-?CGnNI z=c+t`Ba(0(jG!N7q|8aLVlI-z^A-F0wl>kh%yQ#xEyhEa4S&GRbF{R4G+retjI{Dg z9A2Z0au_<6ct4cr z{&Uawd(N2r-x4+2d!^J>-muIo)u1MgfRVWiwXmyeE?eN(Ms^>lq#Jf25BBzO9aqm4gYcGsKvmnzAz0mDaE@ zsNU&YTdnd(*Vb-!GSqy6h~z=@a%r$_Q(AU*B<$p%JZK$%$WvH@tLNGY5Y*o4)uUAj= zyxP2KeD60p?k5CgK)Q;shQwi0>th2HZ5!6=SvV-79EiNyh`gMnDC1!#$4X4%Gh5cR z1vsc9>bYT6miG1m2z}m&Fc+RzmoIIpl$zK8roFNH(}sQl3AI+jnn6MxZBbp?kGLgg z;r>9JU{Xl|NqE^r9YvP<#4vd21@D@KpkiDgk`Rjn5kIaq=2@%Dtt6aAXLY!g;x6*t z7r1L2%KOfD?T|))1ZJAo9?HuAQo=%foHFOyikr2G3ZkVZ3w^CP)NIvbaI(8HM@8ju zhuXwdvtk^(hW_A7R`>`!CoLaRLP4ZqB9Z%G1VPx(pS%a^Crcmo?UYj;0yA0~ZK!{& z!YIRNPryve+WYGn+?Vvs8BgEEGIbosytddY%YVGP+YDP$h;u;_9)J-wqmxbChwsB# zY7;-2u@WIP~m^=ri-zbIE(mqNhk= zZFAP@Q8?(}mz+0iE0YYijv{g0Zy5=qa0m%LH7&seoQz=PvkldLT?V}r2UD=lzHt%y zZ$_=cBjPhl)-@miMa#RG0xs(kcP&{HGW+MFum3n^UYqUpF6A&w?>$nn`oiKGkc74z zTa(k|BrUIKj(U4AHOkW1tL&rUQ0{8c z-CC?(Bviu2`^$Y4o}lGAu&-b0ZmdQSOW3gb0f7{%%=}6TFk&yU{m@OY;nDO$6MzRB(pTo|o$KH| zBePMrOtG^kjg1vM?hr)s(5dE?=1XfTr8?L1e&2f6ewfwq2A30?E6%of`N`A}98&mT z!HfIPG%T?`kp=j)FxsH+ zmlje=t>fv)k%*}r;8Y4TL_%*62lf(K^d(>>HSHmwjd9seROY3&;_I5kVLEGw2f2p{ z>sdb>WFMIze7Lg9EfcM!__{iAkf8Kpb~oWM^s*{(*N8QN2Bh>7Ys#EUrb0_m4|tj6 zLPKI17@le=t^(Rj8tc=w*I34^1if&OL?ln|BkMOz5+y7)WKFj5D=NI=B^gRBMc%64 zGS96=gNOzVSmWB^WOLTkQ7=>(o${qO74@YdF^eN!X?RzpP}+wY8iHR*gemL@|7OC6 zQ#xfz5JNmW6Qkykw9}uss`r(XF{iwpqBddb4P;v(aT;6F_0*C zJyu`=Hm+lcDsdaf40CA+vn7c;Th~PziCy$jTn6>ro7@_<25?q%!3$}KtEuHbe|Al- zt+-N+F(}V&_@%ToWdFyD6#m>`1h7W{Ub>vIj*f&|8M2DTH-VZZ6q0pNe+vXG6e;d_ zS1edv_D#)_Jb@0*&XA|kFKvaTW>uB10W_jUI_OdmHTHc}B+o$%EDVJJ-KLLw2@2GHfYc z-tbEa(T2cEs4a)=GwI($DbgHos59+kfWz0*<$P*lZ6R4KY(d%_^Un}w39u)06j97l zD)aBAzV%w;w!e*QfPyTQa!AUnjSGi0$!i*+#`Xx<6*A_<|Ei<+TE7zWcJ|+B^FEMvLOC8VY*D{{H4;=k|!f53f#B0V#d;>;1<3s)eBOd=p>H}S8g6n@F@#K!Qb-oI)1hXBBSuvDeRMTLl} zh2nN;QTSCuA>^gSGmp4&fPfGf5Jn`QYl+;5MCf#r{lQhxqKK=4La>IP3hr0&jq^;Z z-$*)W$gY+};*75Iy-pJ|y#0md`LWv^0rN)Eo}7-R_YIkR^Oha&By?u~EYYYjGSK7a zrzYwg*}F2Nch8aP&5m*ZKh%3)MyTdC{pUfn8e7VUXg$MFSq&YQENdy9>hMZRrJb9xRHu;=~ zz8WfNjDRs}h)@i2t37l81@pGi!_#H#8Oo}$b{?iCh~EC86dQ0R4U@;oWsLx&b6K#R za?_kxS4V~EzQg_Q_U}r|nBmdR@?GEYV1<^5vtRGnP|7{{!{6}9dYO^vW#{YstuzWK z5H5BI*f!~h;_$`~o+CSD7Le;0bz8J2)@ghZmTEu`7%{BcO`%|KJI*w|<5dCvm6h zv^|sMU7CC^_kL+IrgyvrcTJa~s}TzFR;n;DvF+pubU~mU45d_6n30k9qXYs^n;_dS zI~xBAa1?ti*xw@So*M?+R7TDkP$V4nsX7KFgX1fa9p*eAHKV1q&mijLCTR3u5U@!y z!?n3Yk{WwEf$>XWscm2?sEi!EpL}*8+v6%S7K?`@paPrJbfICtu=mQO69qGPYxVbq z@ELfg(#e7uBDMN^L$?-~tbZvo9I!J?YxX0){2?SLztr)}G7tSX1l+hf5*UJy4hyr7 zcPJ)1pgCUM0wzCqyZ4;}+7C63M8NvBHk`+Cn~f+Od!Qfz z@XD#Bi2>0wBZ_C;P!MfdX6P>8*zKF4#Fahgw$DC)T2m5Je{Ajhbler(%{)AhLB-t+ zL-Z02Hwjl~Ah+jqY9!rs3Ut3T;8doDpc?lCkk>?VnNpBRfo2Zg7jD8iEt1+6U9}p8 zfA?|u?V3;|i}u4c+ZHC;iLAgTIsIu%N4v>kBuH*;qx+=}PdQ?dhSJqdphn-H=#1pW zWG^%)4A38ve-MbQIIQmY_(RNFa#>5ZtvYg$YU;k1+wEqSSL^c;t{;Np*)SAT1^d1x ziQ+?LQPK{M(_ZUI@J^&2n3&C?0~NB!YSN z&)My5jgL+RGELGrrv8Xtv|&9Mm#AW7I9l~Htj-SI>tQ^F;vC_Oknk3=AlvC$P2Q!HBG4xGnzJo{&L60 zGO6R29GFL=v*w{QEtyg?yyfrio=3y6<}m_Fkb$!BQ7Trwi$w>KuuHKB4t<-0E3->o z=WEU1VtotkQN-2!D!uct@RW+N5EcvU|EHnAUfbyBQb13_@!9d<<5|p|al9nepph+o zNPX%iS1^4p5%%9N%?o+d1R3%@vIF!i zPozFm6`R`T#Mh^)K|5X;Z!Ai92r+U_JzQAQ{Gl5Uh@O|N(MlgMwuNX%a<;wl&x`t2 z&F|Ph4;v+y+8;uDL#%loA_q^1xUc3v`#BGLB=0OEMTQf;61;Ucj;K$y;qEx}VMov4 zGwPX#*`y5Z^H4v~^4X$&t;a%{-bVdFjw*Io5&ZB$;9<(L!yEJ_;2oQ3P<lYA%NLLM`Gk&m`;lNzz&rX;3fINOA; z)t(0X@FQ`(zs0{FJFd|BnNDBI7+KYs6Oqe{mA#$T%2C>TEO;oj9E-2V8QnKZ0d zR*@Yh_&kbvc%5$$StHMt&qP&c|6BOz=tQ_-i*0CKK#4e@z9IAtNTBFh*AOfg)3WL;rvDw z2}@NshN26Or#*wauHV=#L)HhKx!Ow_4!*SJ&-e9Zawx-Y#N3l~17sLJ`aCrU(N^Ae zIi49t^E;WSQP3*Q-iiTc__&cy@<`^X(9Eoy()E**FPz@&{;{ptO+9U%A|x7A;w<{; zlSbb$Cp0d-oi99uo0`7KQWd7V`qkz9e~|(;$`So^X~I?t2lxheF^=Vi;oSkZ|CTv=C!dA@@u~ z=m;;@?V%`;>i_LSyas%Tm`$Y)LNJEcXG^@UwW$yK(M3%+Gw$xoMKl8bp%-rg*7p9` zb}$~PA8lT27JoTkZmy%4>HdT(Sc@3 zG3oN&`EC1oJaGoTM>dz8g~Vj~L{irG)o;6LKV60yNO)sdK~p@ODqR>8<b${x2_uY$RrXJh+-+ycEDve&_S=&ZZ zjqJn(df57DO~bE*+LzYbYrS0 zjqfL;UiKen3O#sfO1d4O zD5Gd!XX15OXqw3VJ$X`>+n7G_ycj*YP_LdkJf4q!39MQ_da6y|h^eGc0F?dvz_)iw z;Rk8nKu%7f9*t85#ewYUF8ZdbQ!7`0j=DM75L|XElVZ5{`P%pFKd9KM13)o+G-R#0 z8oK=>=sQ<=7jpgBU$FASUzcgKDdO$&><^7BFOqz@YVTgz4JX2e+?$0I{pg9Agw_W# z^OvicomZSb8yLq~D7%nH50ec|k(|wiF(9{)PsF-}uK22Avh!gx&p*uH#NUh7~Lw+$Zx7^W$`7;H>Y5 zX^i>*!El2NQ|Q!oSqxRuQe}<*14AF5XgmGIeb&!v9qym(Z%Ga@#E($)mQXspJN=KI z7kPax_4q-ytyyJ@;)1uzk7qGjNqd!5^rW{d_OntAhe3d@+e;|$mS`#~;O3B4pMA|DvZglg-_XH-`?k#Po(!~R$jfzs|g5U zs1PP%A4_g`Pm8ygI`s<-H;-RW*PF%s%KRuq^knd%L)%9|CE;viq4Pd=x;S~mfcqIq^GVOvcXT-+EFOYm{!e z$;%B1Ni6F}UI!;pA?LL}pSff&o7Jh`FBqyiEJ%B~buFj2MmJqh`Gos@U`B1jL3sn? z7OUxJ~EmM6Ks6$BCFLuf1@|#0-m<*U&omp)=U=H5&{wpbjhq;^=GDWLVZvfMf+WRtE>;u z1)tiO9!|FBJ)bp-+0WnQw+5h}KemajP=-ACOa)+|ydn9I9Ku$?Fx}!N!>7;iBzCh= z_T=lv=eeVOXD@bq`^2cEV^#fVh-k@wDta;mTvoSFsat22Pn>Q_hz!c&heoo0zP}$s zDjzhD#H^m4iXO~|pX81@RlltUH9b}Sek3b2Ie2da|2qCnKah2M_SN?a*+Q!DWltl8&=v1Fa+GTR?%(;KVid_RO7KG?l^lzD zz}C}6keNx=UcWzwC-c&-9{GYxzg_G{5M1Y@K z+$vi#RMB=cDvsxBKZi(t`fUfv=6}ZWT!(3dn+o+5&1z7N)Mik%jp*bWrN~bw9;a^u zit3FqElRg-J>5YvZ~l9?aU~~5e~c$aqvFu>oF|S6a zgD#ORncR{^xm(Jy;*NN8o<%+nV#^1WHYl?JM1ks;o=D z$hnxk%A*dL-5P^?fpNO;zRLUlM;iXF0H?y_}@3yCFk%dtaPtbAG|8v2N?E;vmnNPp?Hko7eDR`9$XFr6|(c$7Y4C5a1iz^{?=$ zoU|1zJRnTmKf0q4p*qsU3!Y|xaXV^DRq@6G4ao4*w{9ftHC+v&a; z_8CGP>FM?Ex%GdKW!)|NAVd1qr|YJL%?57{_cg1(;y4m4kzfn(wsxz78$OEKp_g7) z&12p#;Tag(whc2pYjtLwC*AMnu>L!ZnAlfJ#%xq`aq0LxJxka%gu~YUsl$9a{^WS{ z0ya1F!w`|wIh10bAv{s8j2y;U2A8&J_j}Kp4z?m1jjQ+a`XIB;-#nvvDxlONPhPc*RA6DXH%b!rc*@vqkguJ;WrZ->T>GdOISQC ztPaj6F{^8HI2V3R~3810t zwN|UsC)S<*&=A%R#Li z;0b$`D4&R(p_+^)S;3+@*Tx|ATMo7<`?E!L5sEXk)0Zdn%jkmGMWh;gjYY7|zRy;| zwxl1Pi@IvoR|R*<$lP<7#r=F=mVQ215+w7$QL=B(jl*XZ*2G&A#OL8A)Fk--Q}WW= zV7cS0p>X6puS?l_U0;{rM58nC+=2lAJ4vt*0|_<-3Wq;RUAH^GBW0tNk&16b$*pd- zHjnw2QyLt*u}3eVSSf9ksb7P<5Z;lY`5#ED(QL4j<@P5^y9Z-x3QbB(DBjY4Vt^>8 zdomtI(vGWYGMvctcbmZq&BcXfzYV~#*4w+3WUU1rUe)5IsT)?PXI7h6#(vs7A=79% z)4$4pe40EmT!D#UL6~Zyn*nGv}bsKcXTWrrM~*^`htvqMV*tPa9*z!gDcIb5R|w@P9yQ z0CG~oqlnBWH%Y8w+i@J;hIi3Xd&S#K&0QSN3GIpL>=PqA7!s>$aB6=B(`RY5T*TSr zV%p}W*rW@>mC&VQWNoPW0v8;D|InOt>a6WA+lG^I3i9VHvXE`}*9xipZB9o25XI7q zgF#J~?MR#u)svBo2d3nV9R7v6C6o;ocIX}MwA zcXfU8^zjfmR;8YfBAc=eIhn`yL0nI z>*-T-CtG^FVA%4%bZLOiul=}V`N8AlW@0(w9%btGH(XLivM#P@LU18};P~upc|yUF zaF}F5QU=vIHl;IWkhr>b;>*MNUxjRWuv*}PrSYFg3o#j=S+TOw{$_gHZ2H9)B&BAX zYc*zt^p&nL2FDMl`==PCp;lNVYgctz+451f?OvADGyvGdiJw8I1ha8Q=E5~`VbPdl zOm$I%WU;YWczoc?`g;2Bxz!x8RLB$-079Z!!#X0Nic?Q&~$&_Vgxd4!ez!-BNS64yJmgXDv3r zF|U%{4xD7Xi=*6kUhLM;eWd?7h&9d^K-WZ!^5**+*$xs)6Q96cPn8cHTdDS8VJFXS z4Sy493+^nwB##Q2Is}p8hJmJ*ogFB{a;;o3u!C&`0@lDq4MDOge?6w3K1$C#yi&Jl z$9LIz%Doq(HN~m*QgyI%xERCs_$-rLv(zZtsA@z@nPVx_(Uo>UMVezPBl7IzcG2?e z@AOE%p{P=51Bo!nIbO@A|C?$T8Ig&gbM#&PuGczVdUaF~L!yX`;GK|e;4&w0AI-wH zOZBG@e>l2N7IZx}bqPbtHOzx~{+G**<5QoJ+y5VOf2sMfpTbD3iF^*@a(PvejlZ!z zIBRxNl=ayy;&{EfQ7*PqB18|XE2yl#){-u9D*OwVEQ z)jWQGdoW_t*>>`(k-EQx@cy>>&nul9nS3d2FV~nzE}a+kSI_26G1X2Rt`;g?zU=)Nv3jVO0`5w(97<~@If=%TF%{qCfQIhWYWo+y+D+x+n&h)|dIk%83 zuLnC(4j-DmcWKBAZe@scXQ-!_vQ=3VHGP_W*Z3z@%$1N}(1O(BB~XH}KA!j>b+SCL zvbmD5e%P!Gq(odBC`;*IO>pN#yZ@QaWD=cgjj3qURSxARq%RifdpRzf6Fn=rhsqnb zio0(EzMw@wsds#5tI}bDHP6yy9ZWgr8%H-e-`hJne%AcLEM_7nsL;#YfK<;*91SdS5Yqft>~w-%c?`)bOf!K_}YqW(iA zsxTzPqC~}T%Paa!faXjtG?UUBz5C=0MTCF9l+G5N`1^!xp=_>3s>6TbguBBVXsN09l7~xoG~C9d;epa#@LibXajjvc>=x&CwV~YC)Ss~q?}Rmu5HD21G@op#W42kAPHC}pU*Ws~Cr`;EJ2yT%U z;RFvptW{v%Xs7ND)VHj$`))@*vPAa6DyXa7b)l*-_I$cyHfZZ09gjL3yLzZ6%rU}9 z$GGTLk)!NRz0p3XCL6Md`u7+9uDMu8F{ad!qV0vNJpZk&@MS(dk+J*u;?2t#v(Wd&uW+U)1Lz)VQiGNY`q)++9OMQ1 zK<{AYc(P}ICmA2Avg9r>WE+|t=%A|J;t3<`C+uZ}!&p@Cpcf)j zGBC3}HM$gef>e3#329t(Q&kzyp+al|xo~p1A@q0Whriq!8CJBP+T6VO9$cqmKa^m} zk^~CCAsula6Iv<3A2!-G+dM*P>P5dSO=cl0-5MiQCk%yuqU65Jp=Tu{Ew1J+LY{-w zmr7@h+r-PV7!Fc3XGf$2NxI{RC*p{SV$|f|)q&)^_!I!+Nq%G{jTTRV;H5&dySz0_ zS#^K|js}54oCu`afE9V!#zXx<=gSVU!}nsgiwWOe3>vW4{JAYOPwv*^3p%8iIi=sq zAq$)QGsIkxek}v}{ilb+VGlqxl4>qm3p+G1ylsF(Y z;ly3x#OWHF3=h*$<^|NKQN#pM#8j4>g}sOsO}tB=UMSoqg+LCk%?R>)H;PmAp5dWT zDr1M zM+(;gPB!7RIPuI;Bb5ro)wq(6!(A5W}S zbXC^#tE7KCePFy3ccR8YGW2Y|*43bAaJAdDog*eRy^n(6E$DGC9@7*qZ3>4lPGO^O ze7#%_O2sjEnXo5XQfNMXZ*-|QlzjhxqL1?CX^#~MP87KPKA_sR*>c8zC(iy(oPgd3 z)FF8jJm!Ty=B4~A^xiq>kL2{vB#z4@Ci<)Pp%;Ba_qQxZ!+X|>+VIkn-GUNi%OM6E zQqnAu-XhT$o-5d`p~D`LPg?iNEFYgMKa?v!C6v`K=kbp6`7?h7R*-TyU9-C(=Or{l zfM?6YxqZqKcdaD$Fc0%6FU6+NlOA$-u+Crf_rtJZHJMDUjacinoPcU;-}5?l75PAT zU?3a@BL2`ypT}0Gnn&Hy1EM3AN=u~wmS}vQmltkXO1{*StlH>!;Uff>aF%LR_Gaxv zgDJQuJvQSXX%3M*_TBYA3sVh`RSh5fHW{9UaDVc0>JZI^4}YpapHmNC1u#~X@kJDM z#+c3O;Xi;;MSRiP5j}xeeyCV}3JP2FF8oc{H&&VNtbL5idl_ZTvt$(Ta9Vh{LR<+m z{jIzM_0EPK5>KAlt3K<^-r=8lS2Y8{S4XPDd2No!W$`*P!HhB8jL!kjqI0fP4W3MX ze(%;(7E8+ZDZV-&3))|pxOx99P;kW$B1HqDkV0G6Wd*IW;c4~0n-WRklig3EKTI-q zszjp%nl};*`_4^-#b??3HVuH(Z$o!zFTA%Gm_tZ`!bt*IY$QD{(%7l$^1aT+z6u+? zpoy^&D;cg5_`lpQ=c=>;lKvCYiJ-PO8R!!GHZTfD8-qhUHBxZ>UIEFw$I6_@iwfoh zDv`^%-cdNjUE@bD9*bg<_1Do9TAgr(3GD9@K9>XsUq_SVb;HBvjrTt>aT=pJ3b<`r zTdrGMf(%Ose{w~!a455Ij7VFa$xgS@YB3lp5g97+-01v`Y#JxC%0pP@AS}r^O3w~8 zqC(k~L)nic^~$+h)fsveiFy=U$u$-aHU1XOl~b;1rmbquqjzG*F11igbY0}cZ>0Ox zq3Qf@?1-SxKUZ;gwkgccNwm&M*gth@tdkbev0lxnU+l`i*hfqaZU&CiuS(*4^22=c zQ!m-YNW2pa_;RXwv#WWDqWV;fU4}}n6h0g9P1f>G)bb`|_Nipo2wbKvb`0CbXgzZ- zkRF(XNs`L>ePV5;EY?gb(o9om|6iDt7U?>`I7DLZKqWu(C$w=guyGRBmLwkWeXxac zPcv;7*s{~gss6hX(|wZJdZm`GBeLi&X{R<7*hL_0fV)%mXo>?t1l!K8dO~*N2mC;!VL^y2XqVySTKF|Eo;bwEDIMMQbFC!%;!(pK zz*HsUduzt!eP?v->gi$3*}VK;k?g&$FExyF1^>y8&{l+`B;1=v*_&r%Gu=_`!R>cv z+GXF}8wEs~JR(hjjpyFn(E4cC=d4CxZ`p_CoWOR#ZFyKdet~xrX}ONH1T{vkyuOr3 zXvnkYN)N{8QO4&P2}~Izd8r>-5NBNwW?hh~$I~pi%ugAHNDBo%5xl`p%Qqp zCy&3uel`cNJ<4(Ap3jmro2E6HrVTO;qk@L`Kel|2vn>d-Ezq~A<nnIHT zY&AOM9Bnl$&^tx--fTf1WxpauDNVnWtfzrzyNGWuTRn zIH=Gb$5fa?Q<#FuQ_3mddGv;(M}6W`{=_$eUV1h$e@(eQ&V)l*ZJkzSofe@_G~N@C z2)5WPw_Go`gxE)Mb~Zl945fjF(zfB#`$~}dPE55aG_@(%cb%)M@9>*(bRuN{)n&!E z*;?z|*N06xXqh%(nWpf*^s~bii~4w|%v7Mv6bwu$R9TuTi5`W}N5e-%a-qM)VK%xyw9K zNq^Do&NPVxAJcwzN5K& zTlb=vzW|n2CKV1|O#p}pOTGK|02pYGc6%%wH1e>NRBz(=3II`3Y8iKXLP`JIX-X{P zG)&_(1^iOx4SnXgS1#NF9`1=TwZD03m0(0lFdl8=zs|AYp+1o;z*Ynscs$fM7zqYv zG*xk&*EdSd_u(WSCTZ>feU55_RVv${Lhd?8?8xW!H)T$xs18q3l4SBb4CbYV5S?9; zFi1hFGf;=9k$*l?09P2cr^A0!fc2&z^&eL#2I>;V2eFmFRy^6s6wqXfS$sdEqDB|Y zy4L**&3{#Z9runD3Z`lDrfEv_CM@)Lj`;EgSn>sP;!q+1a|^&Yr4FktHg=KLGkEp6 z({-AY<}jQq$HC#8hh?&tccPa!9i$;gx7Q-hmI7h}{9;{cufD|XkC)91a}Oq zP4=!$LSB+d377n&UeS&5YP@%q`2=dekrPe^2`9U*HK#B&Hy{r^>G4M5y7I%i@|$rh zGRj{3e7_IWy#A+tySe0eVSVzx*t}9~PlK-ILl?7C3$J4fZ`M@bN3&{!00R zJagKA^OD0uqvKAs(!zckzjTN@d9iTSasKw^26aw5ZB{#NaMaT@Fi*A$393Sx`Pb9< z(H6%w=7%-rr?!=EKZ~ct(oMqzEOWC~gtWy375P{d040n=RNN_`%&lJLXDJbJxIp51 zaxrDgKgDlJe*ZX>|8b1;+Mg-Jd(>@bee&DnP~PMiVYHXfHG3+Jn%hKgofYRw25}{u z`8PANK~iQIEQ5n2q?75Sla1(G7_tB9Xawv+q;?@a(r%8@WN8`!O%SOjNKd~D(@_De zR6-}2P6xo{wDi(L(x%xK8oZye{o3mP6=?LslG%$U4$=Bu4h zNQ0_vVx4k)%}J!t$XxNu@L4*7Ik$d3X*3~{In^`{t9M`Atn4GJO?~a+&8~lT_$5f# zq|n&_^pqa|7w;qXF&3r=NO^imd0-8*4E-PENqMA!=QXpry&ndMd3uR?U+>&%Ry z6!f7K5D6PO=BPO)(@+XyU?f$B40S_Ry;c1~%liwT_m@MqQ9Yzx*hw7^-i52ug`12G zYBS8*k&7=+))l_24t&L<=dBeWko|(&D45GAI0DNAufc6HTjDU8?l9TNxO4wVyqHeP zESb(M*^#@I($||0a~g^^4TV%qQ@%08BdozCsELe-W%BTTn5BZ9h;}YV;57&f6ie=o zV5T7Set-#3J^FIbtoYBNFSX0aZ^coqDaf=Uif6;+>^pxV0-V88&fuOrlT_*{z2!oQ z?@4sulZ*hxcRiig9j^1n5)#JFCC@JpfF>S&#)P$8w#(*k_<*M8Ed;9x~>!deN$Hfm5*KWRR2L9{qPZ1+?AM#2G zo@oW6Xa(c^F#f>zE@AL!WW+)^14Y6J?gY!D%>D_w2OwXSZ~5rlH?<~Yzn><60(9=4S#X=yCz!XR5p|AyiJkMoZ&&6HKjl==S z5)t=bRNlbVYs$Ce!xCAf5?MBKq#s116Xipp(xFg@Wa4!kd>?^-Xo`7gn)0d8EG9k_ z0S!bzVPK*$qGj&ied1N$Alwc!C(`Y zvNhMr?ltD1sh)g+ivcEm>>z&ZVAEF^A$ulO<(kZ3hAFQidnb2`V68Gu9(K+hBXNRJ zPReSBXcL8mb3C1M{8~M-Y*M`-N_@$Cn>Jd~6xNH0r!b)m3jLhI`}-rZEP zk`)@;O-KE&-XJM&P|qfh#FcXS!nl`UZc;UrPcA)Z^id&kz#ZD_4u$kjm0a?VoG8>T z_glPZRtauW>FPv!O8TBWI9XFKVZiE`>!9oo2Gp_pHxXkVc)6k@5cpv<^tK}+vK zL|#;;A`#*wNir4W+|wHah4~P7mKN6PGVZ+@g=PH9uT*C%u1BZf^otFiQzforC2oRO{o^vv3nQ)IPg=oP zJyvahBPB+Y=th%_oGRA)Q9)>$6sVdMpr(>wZ=7^b>Z5Di$uiuDGTa2SzKq z_&Ri3L-<=mT&$Y(<&;OQ=CM(T&?p2@y&h+5=E2n6>V4ws*^H01@UPKXc-Ci3${zP6 zW+o!#6dbpFw%_1ii@9RRgG-KCgh&zRh%+mt0zp2c35$xaBk9(WYlMxG&y#xiXL&*o zpn(Tam|n8@aID_{#ne}aMHw~mzPrTI9V-efi*%zPv4pg;gwmaY(jXzYz|svOB1=dr zf^@`nOOqvL(6c`}2%P=?`VLoVnjd?7#41=~1p}pv2{4;sb zMRX8Nyg>f|WPVD(I5Q8OHWjI;x8_V&f8^B=n^-_k`;5u;pVdou0-jTe?``lY={zL=pO_bvFX0^ zc@>-Zg`QTO&#toC@adcXkfrprW;j@)nzVkV*u*?~T2)=3A^aoxz zh%sctc=$M<>kn|ekm1jI*ruqdkIX2Z>g;v+@rF-@Odkm?o(gLQKd})KK_@7p6T?xj`M1=Oco~m~aTJ2|aR4)Ak9^;Hw=WI1@ zl`%bJK@ldZf#xN3HI8i7L!yc>z2E=yrfbh3syA?7r=oW0s%q2*-?$UMI=WuI=)<`h zQq#$7dQ&8~#9G0m)3iESUTeSq;9pBqpsVY$#F@YQKY#Pii(VsgeF12Mf1Yw2jy@JLpM?u!Bv^@H)?O)sK&aAu$LX)+W48_V_ZIt%UEWald>dR`E zpy1@A#;`%A!=gjPdYG>!x99}qkJ#hiUo{3a|JN@Xldozr>rZ5;1| z?3&9ZcK#@8PT-@>T?qHSjO44%XZ*(ijx{3iF)vONdE`Z#*MO4ux|Gs2=x>;At59IA zYC%~BUP_&%Fbg@e@STXj2OvtAGR07Tj+umM3)%7(6#Uu|GLt}UDGS4*;NSsgXH^QD zW)v26sWf1KcU^wAe`Cm&kG_-#9Y@g#2d8YEV!BC0ga;s&7%lv8|4tmCJ^=ZM(Xx$_ znW<2Sr8)+&t`Pmw!{&7nf=xEBqbB{JQ9N*&0)|if7+H>0ayY zYf6S!i2`gdrQ|>Mx>xL`0OIoguh(6nv8#B{{>h+<$n(2UvxIeFu#@+Z{< z!&70P9|C;T!naI)A3y)%k*2v^{Xm=cocg#A$OW z-*r@I%OBi&u8Qx;+e8NW*ap~HUt&9sqLBPb2`|~mbbrsrfDCUyiL12KMw~7tkst|n z!1$xq=NIlM%Wfb84m|4T@~8@)h$@gJe0d3s97O>ogy9~$?Mviz{8?(P@Q1cC_XT9n zkLhK_)EiA0*q+R%yySpeF?^)t=g;bEt5jQ@UaG2*4+R;?0+lFUSj^*Pk$5?b`zqdY z-&fI6W61Oc)Myp2vX2X1#PU05F)e}vTCO8YEj^CHdlL6T($?bUQ0jWoLA1`C;kvT3 z$AA7>!&&V7PgcgcAQ_>^gaI0PsnkP9Zk%Usa^tsolcg~{<$_);bI`~a zFx+g*sxdV|1}j_uSZW7R5RPB{@;JU_M10c{9+y2%Qx~(nA~DH zrrbRh_NpUz%4vI$vIPLiBA9)<33bPXnXH2$T$I zd3!2ZR)k}C00!LbB4QO(oP3VSE5mw$OkdU4zethwliNdk=zw=TFmNh&K!GOf)oouY zp7}km;@?Jh??Q8Omr$hr^&^@MbulGmzr*9;CilWbKfnL5xrGyToXp;{#mQp%^ zXFgiZKDX{Y1T&ZXYNF+1@ZVR6J{OX}X8+9DhEKX`#R zdh($LA{heR^%?Ay&fS%i9pBJu#qg;imKnn_&{KNt99?I61$?L^J>bEc4gZ=})|;E* zr**b&zcWS`k`D$n2y{nu-wMQd(OEtR(Q_(uixjRTy%OzGCqSo=6uc>%px}aF?$HC1 zyd#NuGZsFr_X+?B?VxzPntm@vWDp4&Ouxacz2e1KLseIQR$0;a>$d}8xI6(6L=s8G z{V3q#hVD@f_97oR&;U{Y8S7{}eN$flaBWxma=B;LyhcjS+R_)VQb+#2wAf)ZvuHUM z^pj_V`ja=6Xt_72i)X|t!<$L8+!KW28EH-FVO!o?UREI^GbaIl&}p}-lWQB#MFxS? zLBK~auVoZ)-5_U;KLIDq7a@?hA&GpL&uQ+?PPisQfVCmqG46v&AWcN>PO?f-|po-(lJlu++1okWaQz7t^J zbbvBWqfn?h#yS)nOHBf>(@}{i;P=^3#X^9VA@Q8bo7cp( zgy#kho@L{)-l_fO&hZLur2@jnf|&;*?}*ktV_c2}WA6}1Wjwnk9l==A0j=C4)Un?6 zKwOkEh$;rmToKs_G}TVeTR0ho>c@DkK1uO^(4dDlQU#UAgW=mfuJWWyYke4dI$)R^ zb`+atXc!*UxaonC(NI-xN+BUV?oIiJ%kkM=+;<%gv=Z8})_n#Pab1y2J%hRua zr6fU1NimXiz-!!sBVtW0)8pwWwG~0sVq+bixIf!NG(X+DUWLI~24>85Wjehh%R(4f z)V!d{uJb*_HXE%*2=|)4C;FVChD5y5>lK?tWKYW-hVkR!scjx8F&#j|4TA@9|NUkV zuOVUvZM~ljsL6v8@mKs9%AiIvQjUD=P-Z$niW`<2A|W{Oba(uyXL=tcRL+ZMfcrke zxXs;Y&5=+Nv@q_{T`{+nM>IbON=pZDa>J~H)1ZcwTC0LcUzlomMw1?NM#sG%OD2S> zcK^dA=j4;(CV2=+q$eyoX{+WGC}eKXLFYUM$%la957jQjU8(2RN^7uTi;5sD&f`&$ z%jK6p?j=QmVYCEFqST$!?!RDl`UqYxA^3&U+s@LTTBl@T*VDHI~lx$!@17bueK!jvpK!S`_=!Mh&K z!EADD@&O9WD-m~jw#42!yWWq$?9hUzxjw)5&plfrR5=Sp?+_REWD+ubbkD1aTcJ|) zS3qBdDiu(6GS1%ZW$XGIioPX|nqp;VoXWR}!+)=(cK`CB$R|hGN44zzP^Bx1FU|r^ zxKSHv!9HB~J$z=I^o!qMXNjYJFh5W6AHa=x{8nM%JX9%wveV+UvLf-GHCl@Z$a+U~ zuxQFxQ-l+EfL5>s!juT9x|L)8GbK0-O+XT52#aQ%Lopr)DJwg>iaGI8V}FCm2+6|$CK9jg95cZlOKWYS zj%;mJvdU`M=-<6tqJzsB`~#AxhwR@P zy*)T_zsW&1xJ9Y#et~23=)gtX_ba1W*yvly@~EIHY>8H5*1W-oN^A>J3e1@Wx4QW4 z;RBn78IaE^$Y>5J6b~8c5kJ+e#72s@mHaD~aGbGY$(Wt>Q zq+IS_c5G(g)Rwx`y?G~dyxvpN7`73d3-3nwB$~KvSj*}ULlon(DEBJUPtWa+WA84C z%yHq@X{m)?*L@Pc88MFS2C}FCSvKm0(Sfd+TwZI8?64i{k(o3>^>UZ{z%g;qIxUT_ z>_gS!MR`TCOJdLwEe)I8VDWldWEhRG92@nqqLZbVv*26Rap(NauQH@W9aM^F1vJh@ ziALDjaqz>$Bp@0(8n(v?Xn8UbDsFt3wi-UTCILs_bK?_ftAzr+&8*ep2oXYVd@^md z4nXX|vzBihuk%nn3{U(r30Ehn8GD2K?tAR6UPUR>k343hW>z}ZY4S+nceb~#(zdfV&mD7j)hz*ta1*8sco;-F*GdsPPR%8g@f%&DQPvUAVQUAYPNJy zn!lWd)T~+w)No!+C-$I%;q%d0Ga@)qbNu@%*Xa1Haz>x@O*3BA1Ja8Ps@Jg!3(zp7 zcviFh^FJ0kGyZ%$4VUh@Ywz}n1=*G20Ih@ccOF=B&lWw{;qFHMRWWE*_%kfm zXK-t?arJD&pZ&&#E>s~Bdz;S(H+b_$!puZ-%iO0QsrSUc3Nt7=e=c)!8u)WE;ZM9> z`%XW?>uB$Kd8=hp{_J%2A)o48xBJx-uMhiUxq%-wt5W{>GbL1}r-=SzrW|Fw4st<|>A!OjBls^JhLP?&!N%=>Q`1s5N zQodxp@G%waKb+sZNB6J4r6#XAx69bYQsls8E-PMtep0f(vFfIQ@6UOll=0^ferEsu zIx~YG8!AF`rR+=l0wMU|RV>TLxe-mfI=g-29Z_1?JitZ%mXwvK5PR{SnJ&Rg+Q!#LFs?weF za-a34W6u0>p>HZ?b{Zu8X6OOYi|H5f&abw&>R&%h4>XD`a}~9By+C?XP)i3kHQuAN zA6hJme=U(JacPiJnIt&csd{PZE1QjK9H`yBcl}QGheiI-PG7G}m-^R@?D#7})d0Ve zfVgi!)6EiDh5-)nZzUvR9q(ypztY?gHT7n@QdfN8347xm+aWh$FF~F4r|}Vq4>J26 z>8uYPKHFdU!6n^z?;3F}GVOGlvI{hST89km5UdKmSUZZ0pw!McTbuUYn)oN2Nx|h) zss639VcJx7b9Kei_rb;-?iJp~E`U2naP*ZlP^e#@({mL(6ZvjbG%l7nz! z6obz`!E1e>O5tfj?Kf!H0EvB zWqeE;{_KovYaK&&4V9Gu8Ki%_X|IYkBV>K(!cWTN^N#HuJQMV!LPrf%hUK22r8sG} zQKT({q^y!jB2k_ZdO!ic>S0xxQ_t#Gckv%a%6T_*N&$8O$qrB1&8-?E+Eqtds6rih`gjoM2QhC+vDsVg1pOlXBQRF!w6>Ca#ts1_u zF(+Lxj;v<*9Mk6!tRvf!F?X%ar_$Q=X#1+&`VSOmj3HWG zZ>OBUGM+JrBg)is&&C}9{N&eVS5S)yfNYR~ZlD}-Em|y+)OVae%GuF{r&%R*+VHn|suo5D6 zc2%eOur4W6plbKBb4&eZJW!O>F(DZBkFD_NivKvU4DEY#$_Tht_ z?y>umJ-_h`xlhLxP0f@_T8iR*855u0d-QJ+TMNft))r-G}3G zZm-!j$e*mO2UXy!6g+Yn|7+b^q<^jKO8F1hgm$}W?JA_~b?EH9SFbIjmL78{ut9aLxNKK?5HzPT$p7`=RJaIMK$zG|@Zgfjm(a1!40!>TSjoXcC@ zf9O2N`@6?xh=1n`V}nNO%IZ=XqrpeN)Ct~4&!pOu>b4qMXzN-CXLn7yB$-a+4mFTq{0*eC5@xH@|IrfHXRyO;)Qs?+MK=Fb}B!r*-mzPqwU9(Z5z8nW z-BOYqFSK@KF)eXjxwc{L(mrh5X|>6v*C`p$upRJQV6@X)Yuv!;B3hj>$0IR~)(v$! z;s5E6S%6v#9aUpfLn&qyBs>WzmsR?vRpapDmD!9S6F?gT5Gk#IL`cv8PT1s%ovzykjaS$uUjp^-Q0aGyG)_f2XE zan{jzI1H8u*`Z9lq8%Bg6{iUoh_lqV|L!;5-w3sTB5t$!hL*o67Xl)yS@8^z%6K6t z^s-{dh46rVG=%UBD2s^PjxtI2|KFUMoD<_6?CM|p51sl_$dDT#dCJ6L#R@+S(aND+ z%gZ31JJ5N&6&83M7jk3%`}uE!l$9CW66s zdDsGo+FhQEoA1eS-`AJw2g0&M8;_OVybBuEC!l=wNIN|89UD$D0?OlX;E~c7@}GnD zB<8^@l02)DY`>v1FfKdeh!qK*RSC8}5jLBY;I9lB_b%1D43@3jk3JT?C4RpBS$8|M zU;=+R*>0d)NAJkcMP|2fnVN%WZ(jM|(vE*wWc_6zCV)*w>#2;^OFtIQ>Q{94yp4Yk z(%0HgXMK&CJro^Al2me<2-18$d{THwthbyx+7`Wt*e+U@AfOQol!~6r_{T0VQ6q4W zKzsl63C}5UMYMEo<5l*o>J%Kx={0qpV|!RvkCtF zMSZTyz79*ql^c^PWQK0`j0&?24j6*T>5xc{ZqC~5i4gznG)xh6Gi&JB5(%cG7eT3dO8(NAkvs<}>$ifItv&~1 znDoWftf|X0#!>TzUb~E!`uZE zoP;i(=4W37!K3r|3-kDi`xBoLT?^X4NQ_eBXT~K;>1a zfx~beQ=N9{XNY4pXt5f!N^VSF^y13!XrRfQ=w!~w@@md!>3k?m0w?f}(=)W18QbdU zc|bz>H~FAd7!YSBjHiq|JUIMo`QZ5^ye zpSL3KGrD?VY-adgM?+T$qt$$4pGn^&b91|UDP)Qtgk2B@tq4C>ig<=HDw`Sh-|XkP zKTE*>8cji~(x{Cx%$K_Uw2wbwzwn-z z8ME^&`vUx+3tzqqKT&k8d$*I5zXW}UR%ytP7H_+vaBhabw2;T;t5IjR41MU;^n*x? z&LEig!!{B!gy>`Z_sHF`9f>4=D1$at z$JOQ1&PcU~56P>TD}*PI zz$8+;)sCEOZidY^zI7Lj(c=X4ISZ;Q2|vDOl?{(4&W+X01t9Q+sdw}H;ZsN7SD4n{|YL~i5BJb#EA4ccgNe*9WYP0q!*W_SGNTAHB->? z-O+BtzeB5H`s#&Hne|i(Fp~mXZZ=N0uu(_>lu}?18lcD9yQtG#Z*EpEl27qpKi}M^ zKd#3I8t@ZGlnWs=vVma{wV61^4)~G8vo~gBQT9uAK*(O~OnlzQ}Hs@%ycXyhws zlw#@EZTJ0)Y`g{^Y;!~XIM99^kyAySzul#Y2rYC9O98!vE zG3p!ulEc%MH`up5-SZ;HVo~@!x>rSvG|}Su18UT|u#YbTZ6Q9aFf{&&@__ihi1~cd zK+PRe&hjt#)Pl)~A9uSnu)-8i0m`RTLE7YG{OmJ++fsM#)^iGzJ_X30QoYh9k6oXM zARyn+3XTkfKiq45y?*{D@LzMC$K|-K_vQLY%mZ_&QKNi{Y1{w4c0V5|YhoUl{xU8Y zE>jP@^@u9x3J$>?mED@9kTB_?<|F+0PkoQ3w$`n~lSs+9QhMCrb?_1anxnbYl%an- z&u9J!UAa;W2W&R^y}tVPZ~eE$^xwKER>m7P^MI*|DK`PkY?GmXeEl@&{* z{1Agz|8O^ge~O+Y>6{kpef{=i@eU6^QcRhBq8dg_KI_N$1|nwK)$42wf0Z!aBC^cv@GjF;Z_`_k z!c)uZpo1%5TxCLTYVd(oEXe~KcM+3bg4*}$wtQk0<+1lpy*1^AN3Cid*8U;>ooXkm zwaEVc;v>lJv%iuOV^LqDFPP6=FaOLVitY<%sXKWGoEXcVLWIbzZgSe~eIqe+l@h4M zSk+{_tQcF`)KB>ngI)oHdO2v`%{T=Vr^-usM1`_HJucGwl^e6a>r5^+tSez`7xP4F z{%%5@n4F*;TRm36qnH0aQ&Zt@*Rj5h8Rj)j@e#MHBli zvshgZP~i$q;?o=2A|d=gp2c(WPduVNe4a@7+JNz10q^#3{E81IOzChV?~o!Zho=zn z;bO^(cW%c7aU6%S4u}g^_d|BZmnx<4 zc4L1t@MvRAVbFT1;GYzXo@N8Q9zl95TZYQ`$EBmi7DOmn)RoWPxVhe7j%KQc&=x>H7>HKQQ0gz$)x@pY4OBc_4Du~cd5ZKRN!_B`Az$K;sbUAh@5qa zIbP)xW9fDCgB9zcMA8iQlpe`%ESaZ9Fcrpnw4g`SMlK=Y#~k1B<<+{lYv^8fKF1L5 zv`+EMPz7YaLgTK&aIZdXz7VhCFXg4bQ04Y~UzV}p>PF`97?0x_Tx1PrTSbp3#Qoq1 zK6;ski>6E&imKtcuc4P}f(MDFaMr>gO4IA|cVOn;@t=tUGZJzpoL^vaCb=+bkE3dV zx6jrc^!Hh{x>rw~rq^!{s93$XtdHK4u5cKrnv1@MdKI6)E~MnCt2BP79|Y*%ALAO1 z_3wB}dBJHA;p#BltuV)T`p}zVTShy>6yDkU{&n)!`mN;GiP9$f_7@pofT54WI)}d= z!J=1M`q#N#IpYx^(8uvB*NH-%!%>)joNKL}<|_+2$sv|=AhW5v#G4G)6tKg+R4tOb1?Q6!D!XteI*|<@Rqb82bWAi*fs;e~a zy5u`1ffr_ftGbN<>{nAb>RV9nj(xn?y=VY&5uk1oI!9J^}A4orN z8>mLXG3U?Beq1S+^zS+wCAIN+)Ci#{!so_$$)Y?!G^<;%XE#+Jzcl@l+w-FjN7Mtp z9#QYOzBlQRVpdkby}caoGnk-;gx?Ihzlx3fHA7KM`7r}LTV{1XNndB0E+FcahG<(8 z{)D(ZKW-1FH5^A1tkM{1<8%47G;OzBzuqrf=(th5>Kr5H_m}tfh_dC1rd9P{3HF3D z0f+ZQRQ;;XcpZeb0&9Nd%b+V840B zbkL@sfYYX4z6)m={#?@?y*o9?+UwC1oqys@yB5FAc9Yo=7C&c`o?no~U2Zk&{r$#4 z=v)uXctm9j1h;S1d_VGDiNEF**tdwcf5E=P$k;REM*dY0yW$ar6#V8`6pHXs{}hz^ z$E?rCBcVhh?D)>Yn|h^q#_>W=ZZqC>mc9~~7PY0e4$UTpsxmB88GcraEAu&&p@BIWWDe9}3>2 zLG1=p-Y-RxrwYC5`x~d1RxO5Cv)j4%Dru7ajE(HxZ*7~Zy2F8TAp^*@=&}$d+g{i2$m#Ex>9m{^c@FK*pIhttKA&(c0D<8}GS?2^xm0L7Z#PUs(?d z*mrXl&!OpFKT)d)AEnF;!f>pC)dx5#I@0bKim$FAcq}xwnKVy?H3kUMFhzM$haUGs zqz%o;Ag@6bYg-GJYY*Z)ax1L$+#fv=mKh-M!>E6bpia_0eLk9Zvo@T}zVjx+-AZtw z%@i&eJ9VX>#zM*`k2Qtk$NoII4CQovTNU2zN3tN4Li86dj*{hi;QXfe9rgrgb0L-X z_G&)Y8&q?r3#vF-{=g#&zYGWYF8qJ3w&G1aQ)gV2u{*e#ROX8*)*DBz3V@go6)bn6bmv@RWI52F;^a5 zXfCMTWXe45$Vc>$*d*kz0W-M@F6$pZY?u=Nm}qs&GS}b8*BD7icH#lrSfvRvfB5x) z?GA300kyY=ltJgKG`A7~WLrf|ahoNsgqI!gkufP2rNwxpx zr+(&Rx9o>mT?O^`vseCreq=NlC>`=rht&DLkDxYZf&D*kN`LW;b zQHQ{HB4dw-9r57{FVmOIUwewAG(-3Md@-79picv%KYMF!mT1#h-xWKV04a*6tAPXO zpF9lLvU&nC0zdeR{WC;KPwqk+nL}n*?(#xiiVUoN>=gf^w@36b_hoJL|1&HVy4;t3 z%W8jQBo|oA(vNxjh-EF;7pr_6Y5K7F{O(_;4vSKIXv`XjVUXSWr<0$4LYq^ITQm5f zSc004V{2KmhtpwGYj>vu45eykhsfh zng4eOIm?!D0;CVJS5Cj7SiO#|lCHgPNtF(Pi6;gIy*d%r9mFe0Qw{y5>^wf> zi^*66Ne;5VA7z>{5Whc%&{52pP}%%z*YJmjiU57GJUQZrXB z2d%d62SvPcVHuf2zz5?NwCXox`dM`@%@`dBu^hBP(z?Ogtx<{Ydpc0hA zZkZH#_G@{5LFzuNS(1SnwsIIH10?DgeX+I~={j3WZbDponN-PODsnxDcb5Lurp4&6 zI&3QXHL%d;t1CFSr^u)8f$j9wH8s6Xr0*9VSwO(aOWSs*;)^k>YoLCdmFAeHBG|XP zI1~xkU)X%gX~2U1_}Qo7Tc4yuHXbEJ22{Oi^KX(Y4&xz9JO<$F)NCG}TDuWE$cSS! z#X9w-+W`ADp%n@39|Ww~S82&)8*(N?=6VeLUZY-gCKuH!^*3}2s$Qdh;uwlF4l8s` znO0aVaEy6Tq`Y`(dBJ8jIFWg$1J2)qHaL!aBi7~Xs^&I%fqkp`b-gKIe~!FOZ$sea z{ZnqlJ$K1Dmhci^z~nfxTr9kM%PV21;MD2(gzgzzDiw8f9~kiw-Sj_QaP|t=cs(o;**A^uYtsI zUN}0pM)+^^30MC~>qe={K#cTxpG33GTpFZKEFsc_T_SS%TKq(sWV0bm-^H{0LY(pd z=YxN`4h)*~x#Fuydl-_*UjIQX;7qZ1cXU#WBji(=*T23py4B%N_c&bzy)fMCpl3s) z)T_01nk|C)sChmwlZGEMU)obiskRZ!6+_=fy^|@p_^{uPJyFs{Ll|D>wP{~$)v+f+ zn(yp&GR5%@Vqw}>D)W=ovp-L_obX~0WX;C_YJC&y(+FXh*N{WnXXVFBy{z3WreN?_ z%#4d5_G6(sK`=iqlX;pDOa0~1-9M=P$H8v{+p1r`pAJ9J?kgdH9Q-RwwMrzu!9WI{Y; zv{WY_Jjh6wwj#@fKoMo+WGtid86e>2kYmtG1M$^-2}JSD*FYEbbrFhTynC6d9gAYp zc0$q!+S3Iq-b{!tB0;S)PYHMcZ2{|e3j(Qi@rRAzFG(U8e)g< z;_8fKn}77=j9J&Uh2ELAHA%U)llj~Sg$FI;_|5hq-}W;s|#zytRzvT0b3w-5{C zzDnlv%LZ*WE}tNCQVBgJw4WsYrhE(S9+Rdl@L@^x>waz0#PS^{e1uq7#R;?gxjy4v z6nQm__bXHN{_gb2fF=hbe9sq{KlU7Hn!gx-%7Iur@x|hNCZlOE zSfPP0ytS{JUxC#yR5n?8YR=8>^O1`ZC z=^Iu>B7Zd1l@bwKtLkZ`5%IoFaWlPvH?z~B77qd z{cNol1bed8DpPwzJDj|}*NI|X-d&bl8sY7=d!a`nF2j(yOs$Sxv2se)3Dy6M5HSp) z$kJLlFv9n)*2B#pnnh_Vo29mPO@d~Y&ELC}pFfToYx;yIjY9rB4$57pI#*kcfSofh_9GN}^-{^uT)u3h{yR;8jhMi-sFn#& z^tnjXFoY&c>;9oghC!Kl%#uHH?l`D!oi^(24~M{#v1%i_eVdC+$^)4!qCd-TovU<5 zx-Vo{58ldBw{-h->G}$X4MRw>v_2pF++F9T3O~FAmXD)^Wfc@!X47!<-k{Kzmr58` z|J+jvjzihCt4r+Zag?cCL*rJ>Z1fveJis3Su9N`S@VKf#B{Hu3*B=v)6hQArOCn@=EGpVbX|d z-zGDg67krgoA$=l3`gx`Q%*g$h+w`s|IdJ3BaqmfvUX^|D#4*F=e;X=i4(8T_OfEw z@9qOd)`bXJ>HuhU=gU)(n-R!Gj#enEczK!A@PFg`?zLs;gQWXp(kCGA4IQh9K`{r3 zcZbbjCedvb|5*MLkkN)tVwk7%AgT4yJ9GMl^W#`OQl6f_#qi}V zFFDJgbhwpn4rPHtRwS=&-RpWa2hXu6Xqwa4Mh0&z?k4*>oVt~T(U zJxm-E|AjokiI=YYHZ19xpIBWwcTdC<&4f#|>;cH1ne{+~bG5(m5>?xy`{c?g^$e2a zxGpEI*}QjGoIn!>$ZUK^v!LpDj@0VC^sOYwJ9QOU3qt?qX%nZHNdAzM4E(n@zd5bE zUn3>ri}L$5@ePlV?h4>OVI|NuER`xoED`b|8BT)uH@16%?R2d7M7h=ouCSyhUO%v( zN(C&T*_6WaSwwjEAAX(*ORDd3Xb*D~(_{dsH)yGY@QV&dYKan#MYe_^V_8~Cx77EZ zsV|tCxO)H{xLvek^RR(>C-&M_cw!h*oTb%qRrAPAq-hx9hjZZbnnBZJk;Y+&cUGCr zxqr!k7^}@+6!zv)YT!>i+dWy%!%O+4V-vQ+$4LA&rba7V1O_wA6@1AQD^?n9Gm}YK zEn}fN>&TqFX49NWiITDCp0o+-6J3{_R48^q4;(+~`N7GcIjZGL{P58yEDFJT@uoRG z;rlMqnd_xn;X|Ke{N*DQcJ)%qlx4Q-G*RXrlCx?t6D=Gq)%_p<(fL`1Rqbtae08^X zl=P9v(_zSm%reEz8aW(_AWr4XGMjbkSYx{oCxqu1dTAy?kI3>(Gevke(|P+7Da={F zqVwC@izwOf#Y>*!Z-!u3mF=s0QtVchs9 z|9hJGhm<3)^L?50qUNBoLQLB_Uf3|#^9%l~qSJA#R&hUi{W$84?A-u{_Lq(6os(og zIut0iWwVG@9oIM>DYg;Guu}OoQ{+qrgonEO$S&-mnD^o>KRk8_z4Vej*hVq8#3wVY zQnzIJ*QU@};eVnelFEwAey#j<*8F+sV|Q8f5(>^;ni@B#>)m5uFc5wmM7~Zt?dJWd z-s){gl$$KoA_`7Dl>f-5-_z>-t>soa<=CSvHUFy3#4GS0=Hddt=QzskyWO6fMu!Jc zop@HHBYW)yTw}7w^oFzRIdKn;F3j<0g&$h^C zib*)==W|@33qg>3kW@rOKFYU z?3!0~bm^FigU-EF{GIA(2(oJ-zy^?d?tGt^EC(a)Nzp?L8yim2M(rfRNC5z2oE=hl zr`Sqhr^Jc?n#lkl1hU&kmAGCylk;J-s{#2}Ao>pzJzcwnx8LwH>}4jzv0riZ8%%>& zS1))k3D}*EEA~KU0k#T{40=$2ZPG?$D<7XPnuM~3nI=#{YPZh7i_8C9wVY3Nz$&A@s>V73`+JQy}!OZi; z{+r!BmB70fK@>){cQ?D8DuF56pm>e0_kT^_IaFqC2Lul31&}e50#XcAIW|^Y2QxYW zND@*s9Rt-9t3jtZx-311PUdaQEj@6}2divJyE80CtqzxO0K-4WOf;`12i!_FuL%UI z=kvb!8vgcYU8a>0K8=C=efOUTK8sGaXWrjie?g{7(2?^?XTDP$kDk^D`|$xM`tnMy zsh8!#C!pmzFxH(w>Rw7cDRLRmI;>rvB)|Fqkxs{h#xDZX0lq*>oAoDi4 zy4o$>5`Fm`bbzbbv-p-8VM<$J2}bh5+CIOe%=vUG5Su~*2+>m=KHn7=pU?sxIj(=Zi_Y3(IzCDS2atJhQ(zhk|gh;O4IQj>}B1lfVm{ z1X3>VnGNE)#k$xD(5fVnZ*ZBzJMM9-cMjA*)CqJ3pNY1Ynff0bB!Y1l^ie@?OxKz8 zPH-Ld!ZYfj3pIJq&*ObgO)wH&0PROGjGsWMji%G}w4p5YAoG3WH6On~ha~@&yd6oT zEoa%c?%EIaPTTZnaF!tma7af*t#$8foFdDb7y;IiB=QGm^yVBUqE`d-4p$3VPdpwp z9q)^orUR;YV4~@`0vK@){_c#wskb*3hIkn~u(s4Rjaogq7vPHjRXtJ>Yn&(tq1w(% zrp4LU9ui<*kwj*2rtPj4kp&zLGurEYP~4G^2*OojegZR(yqYXhh3?Y>jP-OG z2ZWrxbKYULk<|fE`RG1-_+>@K>P(+LUzZdC+KZ&X@T*FuyGBRb|6%N{quLCy98-*cWH2UheC08mjVHbySo)BUZhx|^ya(2?|kQ+Kkiz0t^6@F z@4Pefj%8-={X83;p#-i3g9rqOv=dlyq9OFL%c_dCU%gVMg(m^oSRxna&K#RzY3cxu zV#y)()$Ro)7EoOaFgQ~gg(n?I_Fcr+xxj5C{&JI~|9!R&0S5RtDd3QmHYgWt3?}f# zb;kxAlM?2?Lt@=D7{+a|;R~dMdaB)@oY1i6B&+HrO|T<=7c-&%Sk@Flckvd?jro&q z(%_cKi4+zJ5yN&VG35l&;11XkhfLW-)|FF>5E3~tG`J6TL|N%joC^4k6mZT;`vd82 zk=LvmV^~8nMDz^8YgUe)gv2hs@m91wF#%7J0&Sc|u` zryA&c_KcWOrOV5fqUspYm$$aW6Z$@0N|^CJKklLF1V4D^9UUS^3bG!#csTgDMK>rG z3irj1Y%9HOB1FxR0tko70M6@EMR4TWM!>PlD&%ggpD#odQ7N#7L6yz9SS$bc0Vl6iNHJH3`H1VyMJSB zS@y&47^&Gu*GQMj;|i5IPFgx_FsfNM?N-P1D^3{Jv9Y3m>!3tfB-_>7flXMFfN6Fm zoH!+G+D!KbJVpvkV`YG48n#ydX(J@bkfP-Yl>s8RWBV~YCZ149Q|w4k2~(Qu0Qz;h z)HZi${HO^w^fN2yS^a+bshIFTiPabBMH#31wmd$ppx^2W^4!g30^lxEpbu+NVY>eG z%LkQHYrOvq+lUI&sL{H}^vkL|z$ff-cuB=6!sD>lubA*&i7vHv9wE7=A6&0YXPPd> z=20HFZ&=+cR7~ikl#gFJ-@RxGSH}btt6`|EMlPB{)G=j>)Z}Gg*0CKjKOItDFJ@hq z#qY}n*yIUid?5wCVP!~4E~pz&o|eXakByQ`O1z^uVOMolyJwT!TK9)Sgu}EKB&4no zLVr2&S^Nbz--6{bz9}8(>VpCUjeslM7NRX6Nf|2hov1qYQcJy(E66cXziXgdlI=Tx z5#c8Vy2P+~n?`eLbxhHsgkk9dfk&}+TG2pW(V8CxX2cP173kmzQV`6M_(QL}TXjhl zQS3l3 zk6esLCk6lO9%JVG&ra<7o_aHpdq!!dbc{SUN<1m?r2@a>f-Rrj^9WG_R=&mW%uu#u z!opN3N%l~grlhsv4`b&ziJ}xv`p9!b0;b82wmQaYmJ0d%?rk?dL{9Euv5AM&Nj6PCeC@X_{#wRX& zkls<)5kI&vOG;88R7O*yvkL=dOkcRada!7HG_QCCTH*3c6P> z3+8U_35Z%zqN_`lqB5{%J}Cv4lLFOQ=jl?Heck&qu zhi3itiIZ=*X`axptRQg>g&%y*%rC+;%wwFeQFcg^2;Y@l)2EJXiJ&~SjM@&31^9?e zbywLdtDJ` z=SyvmJgrb+{e_-6B{X!)P{1e>qE}UGUkv1HkTSIh6_!hLr#SZ)Uu8)qDA=Ds;Pp)$ zUXjHj^|IK33uMQ-MrYL)HjZM{aVi*~uz*m&Uu^g3+FFP)Daqf(A0VcPP)R}@cTjyT z=R4CrUCfYrHFU)+Zdq{D8CRdcNfA=?T5J2mg1F2wKThAO+FhlS;oUX- zBl)qH)!Eb=s1FC|w{Dqq{F%jMP(0PEHvW2w=!MS#jL7N7=5XnbuH3Ta3VnjbVdrb%ai4bVL-3;~wY4d`zLClGr%zMRm9P)N{R3dBLH= z!praWsOLJR@;pO@eJBjhDXt&Mx7LhO03X42a0u7b3xo0uL*A7onAOL`+VylG{-cAg)}Tg=C%%C~cox4d$UCQR1ZR zbzpfoQHisx_E@r=w32`QZy`?5ivqVJ73V&Jl*fkJ&M`hNa3$mzJkS90K#;o6(JeBBMufuFJBT9Tl zE^3%#3wRgHBg6r8(v<;)3-HXk=*PS@C4wU$5X>0s)(`r@-X=sB-4MvHXw&v;4r&bq zBo8htgALwr!chc=!DRs`(Gi4o=q0XaNHZKjodO1c&rW}>^ol+PCmKLOe&l3!sxUF( z2o>f4y6IYAQ4I=UD^ns1r21t`VVgr_OWD&{v z$ija|xhZgOrX7sFYrbo0e`oOdBfs$^b1?VcCw7${o_Tg)nNCr#57FO>YO%5RZHjy) zzOs^cQ4wz3J-aP!i!pDEiJZPcAVZazu?es;l!UvNZvf}7b+Q-I+jd@P^g!|gWQC6@ z)@W)XbwPnBy7c^X_5RSXnz1^SRRLRhMKwvNheaQjj z*Oie8zFaSpAZnZ^*zJcP!ewRrGRkSZEqmrHMFN|_)22j3cyg{m*%oHoIv_-C1m+Wr zz#K_!2gW8xA?1Kb^^RlI&!~`G_d>RVWo5)OJ}kBJc=qGgV}fCcadfwz{AmgYAd=Ct z!c7?y-SKk@IOc#8=*2LED!wWe3h(+6k5)B`po)%IhZfeW`3i@b1Ecu}M; z4$t;51QHkXb#WvzDzqMs22QXbB2u)XE7zDq&fMNn-06l0Oin)K(D^x@lSi-yIZ6o! z1UBk1cL%NI02=Gb?4>pfpY$Q>G2!M!WI}Q@xdX?;EqI-r7`}ALo80MIx0ipSc2+hq zNk$>GDY7zBFLrFYuPncXhxb|%!N(www((z>Km4uk99lM;TUVlXEQt_f5UOwE%R0UU z*vhY`M<7%=cAb~sU-`7`ha3hvcl8$F^VBO~knr8gb+uS^Oi$Qk7I=I1XAv~jM<~21 zeEd|}i98zPBU_fBxEmSHw+l!jVW;I~@aL0tW|B7nu+mO0Z;>McIe=QimyoToNRUh~a7t z>_&GOE@3o)mYfI$rm_~B2I67n0KU_e*$aVkwl8)0B?VwgaugvB zNKpSv-ASaa4>O_{0-=nVZg|})$|Jx5w9zdp3|rydboz?=KO;&u#>p{a_D2`=8@VuP z8ets+T1YC6XgDwV5sSIUpV)^2!h<+jq)PTv^ zBNx$Zu2!n+BypiDk+y4zn4l;C8rhMW+8P{@Q`Fl*=!uF#{{xpvpi<3z&>>u1`gyIV-4*;u_Aho=CA+E#MME5MG8am ztBTLzfk=l@u@I{1h@5{D2P^&~Tl;peoylpm|Fu01laY<{M!_vfk96fsuzZC3VhS*w6#Cs&;jnYo4I!+5>>9D0f5!(yMaJjs_G_3ZwFiiibYdss6rh zwNR(s((^NA3y49{f&waFkUS-~_1kmeIA|anI#5f6Nll>sQk?ap)e}_i{Qx{SYUHpS z$!nyFTOWz^rjcW-k+n1%!Zuh`4pz{BCh{+gdmJF6wB=w)^?H1U=HR+4(?VjN(aAmm zi7ME<25uSBp@h#59hJ|1v{env>d+F&0m;CqNK%%W!}V8!RWMvlTyR-NM4*k;u0NKD z=el{D2Ch?S2BxQtl?d`!pbvM7io|5rzh1?z1douSCb2R>GLaW4yvmGkq^RDki;3y0 z1eF=hq^P#6i}h(9B--`pDDtd}&MC`g?%f%dcV}u9we{v~X&eZS0h#fnE$6khf*7be zD|(T-iVT}TBax#(xd-PhOM9m!)QW8Yp&1pa!Z@Q?W!Jv9X2qTJPh(5S*VDsiMx@d5DgtCCymb#ayaDw=-do+(@gdLCl9+ z%X$)=obrFqg3Se#dLci{zYauf;^*@>yTw%D4&p51xX5Ll56HHmGJuDr!(NhZII36_u1 zp;=X^T(9b<8~J=WThAty0VP8EEYJ~z<~?v;awHJ~}73!5`xVDn-aLTNy_O7l@e4mUCig_!Jw z_Jc?!FYHhQce+#;!yoqkg;u_gxyO#E!D+gmk3& zwx&w4q(EI=8cXGBrq<<=#PiPH0?Si>?SIb(cT$#vfWwYu=h~*Cjk#}sum$a4-I}<5 z)u#&5p-s{>(HM2bvM!XMO#7GcyUyqGMPrZCf++|B>NUN zZWZ#aEE^atonFAr!Edt8fqFw!M>eLbl2torjtzJMayqdpMX!x6@~E+)=V_{-DGAhl z$*wfh*Tiiq)0L05kIaf$eK!YWC*vI?6esxx%@r;*h^c5w{_WTz&Ir?>v7V9w5 z1jgn%yWJjM{K6FZ_M*&be|DVe$2qrsQcocmxdtvriS7{Wk7pLI`KktPQ)z~huZ^P+ zY*7QZsx)KN2ZBG;B~Wg()2rEGs)P{@MM3Tinko#E&Y-?$QR?6V7(jMFMlFR#?Awn% z0m4!uN#uC*mocHQ=4!!SYU1*jWheyOz}|RjNB*aisE~>VJx2650|1vOciPgNaW*J| z6&cZOFzS>=B+Rk%8uiXPfpz(#{;7R zQOQW&sELY7`-aQ&K-kb_G*x6|ykpyTkiu{uAR}^N6l7(#)ek3nW~Wd0FHgj{lk$9k z5|J!8@R`%0DIr&v%nQNBYJRl-A{bn8KsbYR&BLJ}s8<~dFNP_bvX*=R6O*Abur0nV z@JK2%<))6sbYIjY&LXKWXs+PT*F27pfjxK1sYZK!e^$#=Bz+MWPd@4Vmgw|#m^hV#TID+ z>;uAe#J0;Os_09~C%e?qgb8Udh_#|y5<0^DwrvOkDnojX(MRsAUAqBJ=^HWVD|yKh z=pG=%VKI1G8A{YOKThHB-?7WWf^=AnaTH1yseu%CIp%izDIxqp8G4ZpdweRsym9gn zoUoHe!8MFRX(K&>D~rSfGpa~Y^^iMos(uV`KY1GiSoI0P8RfoSuz?KPAplW|xU`Rf z0Cw_ie;D!R&w#=f>YIK2D0dvNC^WKnj)4uAdDktg++n5X1&8CGYdf>YZ<&f(x5ejMo9k9hlmK{%IS4a-Vbfv1WYMfZI{ z@J$mnIkC!5Mfha$;h`v~Fv|7Wa1Lmv4=7p5{IEfT!E`k5Ly1|>PS+--UHy7jGQ>Ux zA;%UoB!pk)dU7g6XwD3C3KHeE<-=!K9t7F>jSuvKl6{G3?-yMTkYlEjI=yz-4g=#UdGH;y>8H--;o@cf`thxjwj`=%^5)UqN2tk#Rp8 zAHi@fY%eja#3gemdPWf%_%s=?%uE;LzZ#2@v7HR)Wu77OTa8D_Xio;XBKypfnw1lw zmIKNYj>NC%H&V8v=S0ABKmZXeqPjT;1qA#H2=E4rD8ZbSVfd$M3b`rp9T4;-L;+#_ zhQTxwHBGg^eC3pu!SoUcQZ104K4s%X9A<*1`6BVf`r}YIi_kJSlK}=ybPbmO)qoet z06r!(XQ}Y@s-4oJE-6;Uqu;BOOq06%P&E zoCL68q$|*_3IirHpakm?0~#4*c$7Qy0gc+krqv9>i=+5bC~2JAl?=k&qx6he8Kp^p z_lz@_n&Xgu*hP7)42p&hab69B@bTz*A*wbfypBN_Q#pF(tvF_(C`zFLv1BWQu-n*V zFltx>1He+zO)c#<81r z${?(U#V$1di%X)&WL1Hf=PLt>xMIO>@@a?5^xX zsGMqjRCo*+P+AlU%%kn3H(n35Xi^=Gm(iOYfu0l!`r|WJR1f8G3Ijq?$?q8><4j;f z&_ah0YeuYTC1OamjArQzRusiVp0>Z3^eV)X84NNZSOZQy%J~8R&QwK2fa1%vSbpFqq%bRSg2biV<+4%?%M*ZeH3HrVOzpfG-1GgS^*b z_6=!O8-P-A7(t{YK9myxyHWt|C5EU_TSLVL;fWvsJ=P1Jz8%JlDp}Z}0&qG}27_uv zfRU~jHwgr0h-5^^T4Lew2hb{VpeV#FLZBuLDBTJLyU`gOf=zYUkw^4c)AC8$hxF@u z3x#4~@BOiq`6P9S+1xCbl<~neNdQAex;`zBjy<>@J64@GF_rDWYEjpr z!n!SjM8!f8KAdzI!C^AwgNok70QjWn22UH(cO*25F&&XGh^^)#>YKI7<%lH`V3)PD z%r?l~uL$nV#IVjc;M=HHaWo%G-Xi#xm1%5wV6Lq`Eb(jU^oqT+y90)8t)a&Ex-6#I z=slFW+3EJ}>Wf86Om>V64|CW{=wr-Wj$_ z&vjUxUr5WS^YN9B`;8}I&yWdVk)(#`6*Oj4sVULh%rdeaHN3M(g!VoIi<=smObdv4 zAj!r18MHP)CN>m$nBM6CsIcknyxV)t4tY>x6D5g^>ZMGvSNy0|;^%HAivnU^WiRqd z>)^7H%(A_4;W|s6wr*QicR~RolGKQqdd{;Q<6?pTL`FE}zAtHIuux-4sI&>3xw4-X zHX5wbcPrW2Kn}Gb_ht9w4?k^J542aUBDY~_!fgVIuI!49@9gykLSN5fv@%&ZFj}~I zC}%tOR%2xvV7;K)>Wjd+t8S_33x4ZYc9dsuL`$_dYvWhOnrFbeUD#l__q8@M%OEm~ z@e9tQHrV>D>hQYKaMiBiL3E})|F=UQft@S19mo&EZ*eCrVDfKSPTr|bM3Gz*QQ2eacu9<&!WNk6rc?#d)7kWFPf&|kG1w+l zPv*k*$AQj|TYhdE)wWIaI9|p*-JJL}* zN@om;j?EyP|IS|aeN1?C-yxH0H4^)+YDbV#M+7)s8;1p1{Sh|X5hTeF*D+ITs+XT@ z{ySIM_c#S->jxnXwYko`*-m-1_F)MVjru%wXe9?lf16rzU0xE;32FL_*PE}n-AyDf z`?7*UQ-l0fStzVkReSrCdi9Ij?FjJhy^*t5cdol`wp*K)`;?GqagV!d?>&ak%G(G` z+az-Bq>{oG(Z!k2Iwm_aMmu439EtExN2gM{B+Yfi0+7_=Gqn%@35E{HmGOvOgBL@1 zszMSJtgJ;8=9_q`n$(8$R^BE=*!&>Z`cXn(etNnsr8(DBHp@@NHNe8wo0@fG%3MVYeZf&PH#TzGu!Ya3o@J=fSfzM{i#=-rp;;(Pfy zO^NApg<%|<A0iGLr1DgFOHY1ww>{x>a~u#1D~Or_)hA6hmo zX!6r>yo(*eG)cU?p84~G&0Zci*GEsBqavFqiWQ;klzxY`PptAV@$)Ft4}RCL-jto7 zwtM~i`mb^v5K{2|g<@625(?j?T$IUZ7ge=qu84f&L;Aq|AExB|r%bHlxyHHZHpUdy^S3~)xD zth`?0zRE`$QSYN#@|u41*ZISfm}tuOch~_vlaEp*XKcPbsmpgSru1rJ-rLo0UgXWM zktex0i`>5~A6ObeBFQE{A5f+s48My<*D`Of#^27Zxj5K| zpEdg_x8JMcT7L*XUQWz8I|%slY9;z(J`YB7p^{4U#W=}9jt76qV$hhK+na3F7=3~% z4l`qGdF4fWs`q^K8keWU2WcJ_<{O%sL@zU=N@IDf{Zz!twIcg%$^{h5N%!yf3Oqer z?!&B^jIl#Q)s$D&eFsg_FlLONE|1D+8T+)$? zO5MrUmyrx9UIuIzHC5V|KWtjSC4c>f{0W8>TJ{x~^P3EGmhC@1NFhmLv#_&bDhC;X0ZmZe{3jaW?cbyms^VpI;kaA0=qIy|0fi4yQ(O(vQ%@#ZZQrsT;ijOYYKItu-at zWMo&*BDq)cV(LOH$1R$(Mtbckjn5Vy8$C#Zp=7rYGTgtzB4OJ=CzgLLnoko=nATuY zUjw$AO?{rAi@{P!($mO8?yZT&7kGyOC`Fz5Mv$5 zEhO!^x))2xQfjZpOA*J7n_}MPO1d?Z*T3Wh7>vcu1fioWc@~@My-yzDR@WSNaxbQ% zl-o9`E6z9*5&!uFV1$3kf-m{4=z&Bk>a-Vk8)p$ARSCG{Ht)bhO=4=z9r zkR}PxUmCospSCF zqB&=heYgMhfmCOAqfy%Io`LWyq|MHIZ@wCu^9|1yaq!%!zME}T zKeqcPW(?iC_c;r!*O{sWI6CLoDJQ0XXFoYj6U!-ft9+IGORUN>9rx`d7e313c|&@f zo)(y#Myo`gEA@Ah0{JA!(HC0__^q+t7~^MfyoZbt5~{N&=$>+7lJf!gc_q>N719AE zbxm9UVom9$A0R5pa|`_Q@dG`Hjwwt;scRzs825V#A3C$9Y%G~pZvn?lL5sIKW&bOc z7SU7>IsY7PEtHZ~4KKG@C;2ONb9F5>Hf2pV9QvNHvI?+P8m-nEb>DGa{{gC+Jbl!^ ztFB%f;}2CFW>qcTjTu{lhEZ|-o@gflvh58a?W+f)8{|4yf_o%Ex5s$=aaFbMX8!E=XU!;|f7fS4JM5EvwB05kWY z`R=RpF?jgM zJ2#*!fMO_MhE>&a6e?WSdUFY8It33h!3UW*c9viN1;=~Ljqx<90-98H3tH^|Xl2uA zPwHh*!BVmTY1wrk*R|gaQ_LK3q~q=+01uM1VTbHnZt*GuM>F#Mg^Xn~($4Ct{4aTq zG-qjp;#Nag@F6Va-)*X;rm*Ed+e6;K>4Ol)_4N|-hf9xaX>=skGmj*V)-C%sU75fm z9Cy(hv52L--qAtw>ISXEm3F*_1W-$ocIa-9i)fJHNM zTC&=i9pnHGbLwQe*8E<74R&bAZVP?z1OmMJh*4_KR}LU)mwCM)Q4~y3v&g{K3BLzF zCLIrdgcJdTs2Nr$hIkqM2D{=nDh`SHZEee6qg%;a3G6YE%FQCY70SFEW8WGAgfj5w zBFQ>35MVJBN-;C6A{{~Bg0wehy0OKt4!!$`#cQo@n)QuFDRP%O-isKBfa{pyb<7-e zx35KmQxEJX_1@@k^LV`nc)!<``epCcq|i7(;THn%Q{S@LMo)7CTw*CRbmIx0i?~$FQ0IvFrtHSQp&GylSsf1S^J`N)+jlE^ntgU}QJmhIMRIw?OB{YX$b#s(U^C;u!K7*6 z;I$m7FOweBq?6=uE*6d*wAM#W2+5i==0|+Q3(_>n;5Dj>Jg&30kVf=vWUcVtGcKgr zjEMNoItl>UTV_t3@8LA|LxrpR>kDV=x5;6`y_Op<=DH+siAg1iNz>GV?jG|M_!s?q zt$}r*P{xeyFm3{s^O%iZ)3+!VZ_Thc+jb_?_7KacUnl^&YPt{{2alRF*0_2KAtFFS zUR?L9h*m#=`_uXUi`l@fVCgKy7XF(Tq}cUY!(SjrdOf23Ip zj}9z0mT@?y5Jx0wlKwXs`L}+fM_a4w$^jb9z_tRFDg~qSQzG(2;9v9bbHltF~Cd zz@*a|nlOb%`_&d}xYSv}I!DQTO*hd68a9Q7i%jdkgX{ELzt&qd3GsybOribGwZ-bX zgKO-55Fr@t7x&&y7OUSnm|G}a2>OJB|FBF)L)k$8Y*+}i(*($^5dD5~VZp2y47LoQ z9?gB(0dD#U{4~`JT3zG+cV4JbTk6KQ{Ksz8zYA2A{STZoRtw{PMly z?1+WcLMW&+0gmIL*?Hb~<<5#Bvz$NsV3 zXuQWY@bk~rgRO2iA-*u$`}&JNXMvN$$n z%4%&AMRPOvN_w$biwIqgQh=u`XYWRvoS8dFJKHvLLA!ao^}p}w8;gDzE88vwn=fJ| zM*kU4%9-qiXP7&>7T5LM1V*Z9@+Pi5&7@&mH$dm z-}pJqRZ))83>`5qeCXET%_^Qd-S_-DSa^C+JdQos|6BHX*lB!HeJ>7d`a2cR%y) zO`fZ%ZpZ}uTv4Oz{dS+-nvT0C^)_?%my8~||IN)ns4R{SeTU9Ee#i>??08TSeXeC{ zx~h~IjR2U*{wXSmd)lw`3hZwCvcXxDT)}E=v1_M}o@ZZJ93$b~#9Cl+IpJs_)Zbg~ z_fH{5cKLsi?dPUJk?hjXC+8mL7JQlYoLBsIWL!Cl&yN@qV&)EY`De{8t`kZr;$D-a z1PoNgPRokuU;jtw<9Zu5W$}~n5@$jBOV6fJTsYs)3$39yUsS$48KlLrJsSI|$W!Ig zvsiMF$cY>kxb6Mrb+^)a=Yiw_l;w7x7Zkcea^%=*1_e9}yb!9LH0c?ZCq!av&C(u< zi(kd(j>WNKeEl!N{oyCS{}AruNB!S~`@Y|B0iur|j`f&w)5rtbuwIRFj*ZX0Gali? zu#C4n|HSP2)bEwGyOksHu7QRW71sWRvWVtqPPT;c$8}$CcJrOSo!c0rOXR*wNJk$E-M>1A0D!w9lIK@cjuCyM;=>ieLfm;mTi#fRs`k@q*SZ= zU7NXC&JNyG1}X)g9WK$#M%o?DdGdnnn`#SH0*>4yqHBg5R|HiaZMXl;28g({HutKo zb)xTco;4TR3{=Hg>)^HNtlnfW18kPAH2tW?-oG|ERLd;$D|_h499)b#Q8wq~^t5~F zo4~a}%g^7gjiQtF)E0hlNq0R9G5GV_Y1s4mGTyf^H3mQ)q;v#41dvOam#a~WTI%PV4_c(bB zCJ4FsC_8Lyh2uW0?GO37-O5eX8@u2&McFcbc9yZ5?nmqyU4AXagMrmug?4UJ@1}(_ z2PtxM`WaQsuCu6LJ!a2elMT zr52-;Mr3ic5`Q^FiTJEI{C<_Vty#v?dL)ba0b76IuqlV_2ae*lIPr!%gUWSFY3##C ze~+sOZic`|1-GR{@JkcR&UcBjPG@qwprzPDhgbEccbyV<&#Mw0_eQUMZdb-81^Ih8*fPFslhNVFP+b9oCRS`3@T4s{^l-JN^>+`-NfSS7oWg5Ah`Dwy+R4oJh{Q z+K?VjoVJ{TgM03tKW26l0FNZwzVd;I&3Q!kB^!eKCf0Xd7cDc&z zAOCe3%IIVgdESx4`Ob%cfL@A_^5YteW=t?e1JTUbVW50^A4X3(W|v}zXlCdzP#hn( z;xgDik>9>0+SsRGlM7eIG35ct9l@TUXO)u$a^sCKUzLk+;Zgi;YT^w6hOo&p9s8Kd zpjf~C9giYP^|982cXSiswn}cTDNWlcEZ@{4ZFh7MXBV&Z%q2ds0hZDZ9XPG0-oHUJ zYHx43>MrFiyJoCDOCN;`vRNnti>xdX!?a!5!Pg87TPW zkV|OgN0se|QYY!NhOPyj`xa}T zj$R&VL8Y#m_ayKgeoBzyXdg(U?&CP!MV=ogbLMJcRCD0R_SxDNqB2rCQAC}yk%~CH zjK}xW2gl*espAB#tj`3xptbeNcm|G;vls4}@ntU3g@)rOy4@x6RI|T=nvCu_K!0?~ zZC4O&sM3#H7ak{XU8{Uw3P+sLb&N@KaEK4D{AsOhXPf&}6z3!xaUMp9Gk3|m&#D8i zA-84|+X>_GqsKJFEa)WoF4b9yhSnb@KZ>OjaOm($Kvkx#()*;sB63_ z0*+kT-gFBD)r$^x-j-?#kD$H&;QqunZ+q`d5H}PZYuwA|X_uT570FvOW!f~)*N(h7 z27!!R_*?ChwT=Yw^P*K=zc8K*GpHevA=ywj3iIVlrv$E65wB&D))N}__icRAo|foq z5+(i$5<6138~)(Iv!4IgFk>?JKQufMl) za*V%F=X4W|dxN^~f#+S*M!sftpC6LM{=D;1KQ$F@ELiqRsG{ybq(@s;!La@sHGj5x>w5M;FK>AhA&)HhjNg$r3qCxY( zwi; zmW2*GLD|-@*)rXiO@4h1rITOJ%kS8K295iO2Ri;Ebb1V*-gvH`Sc_tKd)4whzU-ZV zSn|hgJC{DJd0cMce^H+t;;TV-BWlkm1>6Eaw$TamJ5j#ZWS6ujAanvS+pdrqpXzo| z_^62Qg$YrX0x>t-Y1dq$ZHye4ACP6iG275(4r@@L{Jz)Uf3tMG98THsEkvCInqWb; zl?dN<5X<(vBLf1jemKK?=Lwva(E(g(SXL{yUp z!s}cjH%y@UAO|X<4g>j?k_&M&&iGfvHdWQwEyacQ_4fN&x`nn{UYy70fZ{iJ%1yGd zWmKVt+BxohEnII%a&9u1*aka!+9FEKfBoF|Lds&(1ohTx3m;;?Unmm31>45fzl z8xDesUEBh(41t8m=r-@I+1PD&IfcNqg=|*Q2xJ21y2Bw5#TbZbEERqM%bpM*I$=ua z48h;9TyOBce|<)zs}}f+(GAXhO`X5^B40wM%P%XS;e!Gj&mU#Lqw?Xl$)I@olJSG& zxoaeQa|Q+z0F%j0hKC)$JpE|JJ&@G|$YUZk^swsi?ft14ZI712>yz{j+8&$YN;7x# z)%59|?wFjh&eewVb>#0VIJChy@W>Q+VJbC*vGzK$Vlwabx!YY$Ea@ghr*E=#~o=BTW}-g6(EE_@S%L? z%a_i5@u)NA(Mm4R!@tto_k|xNk3XNjxcNs?g+p%XQ2`5_9VXKDk#N_k25`#%Hl)=1 z_uuxCVn_dMe$>DZc0gUbAWU=fHe2dFrLvzQ67i zk?0J}a1O$ZEu^Z_*-=}VMPPS#RCr?$l@EtNcZtk<0{0VTvf? z-y~+V!0-;dv#}XI=hD?h$zh5(<^N-@yXuYG{8&y4 z#yu!Q4a~F#=2-_RsPg%tzxKiaYRrI4XF!S3a-T7Iw`*OXH9NWrfwoK$rj4`(G%__U z0auGt1iE##=KcCO2;R30Y0VvHkYXA+A#OZz+wVmGr4Kj-Nx^PHdlfxJHcm^pxv)M{W07q z3EcUGenh8i2Pc)%Uay9JT@Z=54^IBjdyR`hB8fqwDXKeUf64L6DhLZ6gasi(LOCq~ zWnbMn;dR8|2GPwt7F!U;v`j^rCfUe&`@b92RhC%1bL&e}MgW%3nrW~u?9olTp zXQ7O#GzpHJhmCy;QGPcP9LBsMP@9 zx>zUfoNgC5LOFzxD!N!M?i}g^O86q=ZW$aYSDXbOXQc647T8A?@%`K>-Pci(qQF1( zGS)=koTgjsBE~d3Iv5AKSR;-vlhHLn_1$x>1AcGYmelZ30=m- zHa!CGseS37P&+4X<(t@1qN6}2%VMVcA$bp8z*$b<#VTpu9Ojzv_R{|(gCKYQlMK4w zI$M72WV@^g-v=VP^Gct-10(@efj_pG(XKfMZzP1Nf5C1#c9MSYzUEX|&Chx1yG~y- z+T+@xw`h`k@kjRmG<?4lTSw}xQp5j$&PLX7kh9U2GQIL6>Az*9void@L}o%+|6du2{*%7z zz(rdk=6{uuTtHmq}*}J z8?g;{%x1T5v(5?iPwG804)&(G{g$1PsL-i^=PF56iz8!hOM8GIw02hirclq6|0o;3 z*XM1;W+=>y6Fecte?01ZW>;RKXBg%NKb(I&#rVD6`Uy?wW_7L=4oDMGviitj{QR&; zX6H$<0h1tZ6^-v;}$s2%Y8Ak%qT9f6znzY*0X9b6MXoI(mUIXP7^kb*8@eR-8nr6eq8s~2u!f58hazUeO+!{yd zgLipW4?Dhf7+v7-taf=qIwmUC4c+77C!&tt$O(Rr|JF?&ey`7B3K1g`6Qj=wmJP(x z=O%_6vd!O?1<3vNZm&$0IR197&m*j}fxVnQ{I92O;8$B34C7)bZfogdke9DzD12lC z%t=qo2S;q%7?q5V!IeojzwDbI6J<9Q^cvG*UW5)8uw#`X9mXxy3d-TXV9t{W7pR&HQ@)_!1We}8k zJ>dAxV9$LSy-A|WXR}qu8*=V=@3o(sOnFATeikpL6eI-h`GjFT8uJ%WmUwid zO;(d`yZ8^py!|Ot)Ln3N=h_YP(;6#hI9OcoB%Y}ai5*0%3krfRW(8>cQX)51^)Rq-L6?_G@N^37L5u~9&;Iq+6|!hDQ0E67;B~MOmIP~M)4i`?Da#?a(#GX6kOj*}hiaVG zR=n9_WuR1OQBx;xXCHg1W2K>FXi<}8m~%S7<4`Mwq$nU%j<88`JJYo{oxVyrWS;X_ z%bQYWj2UT-KwpiTX*mb956!4Kxsh)KD)p+tSVB+-d+^2UrE=a)2L^}9Q2`uRRwP08`QUl(PGc@eM zPavOF^NzU(eK$|cqx^IjQ38VvaX3-I$PEoOZw7(>K&@650dtiIxOl?2XzWDg#2fWb zA^Yx$w|RPUnI#5YDOU`QYUXWy{byC%j%QtTby!C}aRcNfWm2c~r5NCpzBmqn{TZ{L zIT~FmR}6(}CJR5rxIqSrjR$;Qn%s@!A;^0j{EYIJJIYHz2fkh-_<`)MvD(vk!D%F) z$;g6=m^W%zp%>lekBQ)Y9Azt=luYos^e>-#ePy&DedU4&ePJK?NJY}UrscYXL(K6! zF(<0pO62@%vr8)vU*634e`CSS&FGnVVrEn<)W_}zwEU-EwYh=@+i_II0fbL4(Flu! zBG{u|5F;tDcRw(N?F~WX7oo%Ei3wS3nS$b zD#}hf#5;v_T;Ds?#XB**Ke##b8ZeHrV$E28j_6~7OndR9B+$cDNw+jS4%5Thn+WNj zT?rj@bN}{!hzbRR%ZLRn_*c+{gN?LjBQ(%0_=0txVO^0YvgJEa^A-MFIr+27^?0bI|U}n)z|~GM_PzTDsVi%q**xRM&}1lrI%LG^?)i3+s8V6U?9#?{#Fen#j3!fZ2dv0bRs!

    )8od*b0McUqX%)gSzs197s6SzF-w}NoSJ{1)zDOG>qRhVwAQh{CZU8Hk2~x zU==cll^iT7)&vXgyCrBWm8lYZUe|gPES&iUyf)z6pmf*NautlPFbujX_oP>+J=IpI_H-|s`o{c}$%!$BPCZI_<{9~dt5GeQa`g`?l5mRxcpUm?(VgDe7qOST zYJ~us>ncdjKe%$s%sv?7)nd0*K&Kuf(>N_|2U%?9Pz;nBF$lV$o^{IGksG~(q(n&N zG*~rrY)4uP?BCx%)JO%=j5sv$6AvM%)5fI{HzO!AED0=%A#l^ABma;oH~Bl$=fRBr+ieQem0R3A3x(fBEg>k7h!Q zq{6ZsEKizdeL{ga-Cd5DvVJU@RE)|KO*`kmJca?&2 zk_w9#l@X-RSHNfj8Tpp-4_Pk)abufi9u92F>s}t3lGz}^-xV_%Hx{T8c?+#0A(LWvg0iqOHm0C2iw&@+8CU&Fta8+L(A7Z64m=wYe~|ewmm-G&-D1X zmK0qF+wSV`UZrFPNsb+9o!yKZ$g~`svCF5L7+*4Ded`S>t5#YVNU~!?tO(83R)5On z3-2Qm%Vn6p`N|6|Iq6_1%EBy}@QlSHX`Rp#r^iROgq{Xb)PxwFQEPQgU)o|LO7VKpQRr=C{nAGu2!=)nKb376=zH~f{cxLH9- z#DH87_?B!-tieaD3P+k9y_BCl9gt_RCSs9rrVeqd9x`5E#AQdDVK_zXZv|vgAzo$QpmUP#vS-Sd=Qt? zr&fx*6IU$R(qK8#r@L~wn*sXmx>HvyvC?31(kRYy_BQOtjBsE~aHQT*Xf~R6LOG(# zD!vYOw>CzH(Xn=h932hdDH-2>XZ(uqSqiZ0?*-e930B}LHa0KcT{{o7&ze_N}88N~UxJB7BgP;T+K?Z0b{+4r2o!55_WsqV! z{Tp%mulR=Mht|=3Xg>;JXnN(FknMMk!pkZb!;=lZXMWYNL4al*$Zh=s5@9<7ul8;} zVhTUk^T3u%!GN3|w8U#}`AyYIld{w<#V-8$Y+XG?AYcQogo=7``5C-Ny(qIkJC`s~< z0;Nn^G_ZtWQ!5V2V`fy~R#d`fyf~7OO}tAiU(#SeX%uj!1QbZ-dugx-X_P|6D@m|v zS2Qp;G_fL8dMis}7pTox@M|3eCAP30JLimb>^JNe@}L*;$bPB~(LR@@_5QICtV0!|Uo}K3f1k^mZ=1zQ z2FzIoB}w(iVh0%^dhs{n;%`|v%lr5QkcHn+3cumNEf0%@;t~ZbD?n%|guuF*)Eu>_ z9+NSbOM_KNqe#nNdBm+#1S~TIEOnyEq~u)No06u0k*5%|W@TF;^HLhQe~VB48=Shn zqd4%J47`M_P?X@xMGz`9_FH1?FC=rb#)83ZxjhRxY=80~e{#25GE%0UOD?Q347h%b zC=D<1%^F0q@NdlFV%3Qx#WQGfKhT1Hpw%*mfiMk85Rr+$Reqhqzgo?z>>N)^nhGFj zlKowAW|Tug3qnCt3rC5$HKX-WzG7WJ=g`SM?Lb5`sSDP606QX!q%WX^u4A{xE5*gW zAPc%6i!>^roOMz~kh@0>x<}8rh%|6sA(URS}FLfx;C$H7x z96iP5+i#a|S!oZq0zWyqjCA6`^x}yhT(WOcFG58a^v|Y5jiw&OepUBF^Ex{e@1qJgjqcsF!QVItnvM$hk(4)hve0V z)z^8C0k!o}>{lB&4P@{GFchMYI`y4J|G|rP%uzCRv3WRjkIRt*@2m=2**aHF+oF57w z{&%t`mJ2l5Bhm9elRcHE|2qSMP=7&shp;mRywQa76p3`671672i9 z{v4TON`0JUeifFun3%drU(1m0?3PvqPBG5H>!?*!*pneCC;%tA}iTwd|o$CQbme+swnkmY@F%s;@z){z&NE0Upm z?$E^WL|o45e6m%wh0v}WLzf^_7gF{$XF+FQ~Vf>{-BCQnACD~0dNIF8~`PUXY# zYlWxFwrky}3*W=#m}XfTO&Y~}2NsPw=D-Y90vEI?G-e#Y~|tOb*GyNL?{KfOl3W9}@#?dM2+Ju(y0`^}uM<)^1*&%^eFIE(yc z!1ebssutR>1@v`Bo!8ry=FudOhG$HW=*1u-{#8!W#yqB!Y^k=D+1sn$tcxiE3+uDE zDGiU#@PlzNLkC0B8vpLpVhml+(5KJvaar&W6U%DGI?n6@7H{V$zfO=MW-8{|JUfnq zn(CL&hfW#S2x3)J$6KfLpUSJ!f#Y~}W$?%Mu7ecA6;8+*2s!&SG|VR}@G^9zvC{ja zD*%UPDih%%R<{Toe5yx@>(Co#xn$tB13#OH2?P?DQ{)HUyuH)hemLD2)fm=>K3rBE z@h6lD5^Cy!M<*iV>*nnd(-_qYUwY;le7?ZoM^Z(bB5TEWqe(l-CwhX**heQ=b7_@PBm2hNzMe__7R%?ltVpjAtOky#JvML?i$ z`94qDh$}_)=7$88)H$Y6Z z`+CYOpj#=I7x|zTaHfx6@Zr~a2G6$Dk3wYhih?TOJVteqeSdU1(~yf-ZRRn9Wzie# zEGYC&G8lmJnz9>}edGvV@YJO9P4QNQspb)FifAa}#ha6#Te)d64t!`XhZzc%ScnJu z?+Pqtd+yiM@$F^Cb~R^t{Yt@P;u-vcr4h{8U*V0F6rK>;zav`Q`~ZNLX%V?U4vW7q z1mbTJ0!u4f2f{`_Z+E}-o4nk-Uhm?SF7gZoFq5+(Co;c)G*5ExS` zVhetIBq8vtctVP|76rpwXb86=_~?0W>VX5NgaPM@97jaUi~L(q3II%h*1SyJ0mL0m zDMAEE`u`FChDI$EmJYRbSmjrSKgH|FHf1I0|3MN2dxkA?^#$;c13-odc@N?f3P+pf@oz0k*`JvHI{2%N%i`G2O@rHO}_~gYwvn0u`zhn)P z`2w~A-93C>-%f8oOnLB_kHBdlZfC5rZ5nHt}T6^EeyUGtYqQynb7} z7ky{Tte9n;rU*z%PLU}1t5i2%dHI_sFl?EoQb^1$ZjrgqzOZPrLi?wYT+J1C9=G0p zzMj=pi1kf)?pmHo^w||oDod&ru5}rPtSK~<(8pj*5s_1Odgmcm8$&xsKOR7ekP)97 zCz0b7Xv!lnYRRz)>%PFyypwd#9MF;Ny+8C%9mPv%PKv& zU_AO?rm^eb3-L(JLj*c1g**Ac!JlYwM9eM~k+}{LiE6|t55h+t{>Mlh;fG*kk`d!; z%U~j`P*(T^IOU(`Y5$*F5Zs4mY&k$vJCa!>u-U~2Kywu@w3MQUpN6pMy_#3$gh+^A}nTmy#^)P&Jo z-Yby^INq6iMnA*<>*dCrZ*N`c^;*@9$fOvJQXD^Scjxj`He*o`>A2|#S^Lc8^OASN znEW@`**uGn4iPYO5>knfASJ?IW%sfB1c7q3X@skbWkQz47DkCzY#|<&rn5xu=4Ez^ zm_E4&Yg!zCdKdg#LVSPI(}#i>_d~Mo*V_}ohT99i~g^{9yfu2pYY!yHcHZ4H6kN1Ee6haOHS}=Q0(=nlwJ4@3zN96&G?NbqNFp1(MuvMB% z)S7=qE4x?fKM@RTJY$Q7q^E|Yqd?72;PW#5`iBUSba-(f*OZh=QJP7Sz#S;Zd$N1P`NWMCZ>sjXF_QR; zQ3ZMTzZ+|iV zMekhFHkLvZ(cL-+9=-0be%;wR#So-2s~5s+g)!QXVnfZ8BjzaNJ$;S6AK07c>UD}> z9bk0!Yn}?w=2SpaRh^2Z---od8>(+s-golVm9kSSi&K!AMCpB(0VDNO{s$shd*v5k zZEvJ2ewcREd=3GC?S!V*b*CVbsWMvvCx_~)VUEcd6v?WR1jbY(ESn22OJR7OgFgV9 z$S;v=hSe)xYl&_bHOp&hc<*?wVOyF(z#x}FO^RGruEgX(@d|4xG#dN@!4evSc>;|k z%J#>~Q*^W$e9X7FS9`>^wp!HMhw1_Yi~0z_+?k27SYSXT@X}KsweGI3nA&Gw@aFJo zIIwjV)ZUQ80octKi%z{*%|633hQ$?CSYG&@UG~A z0=aq&>)mPjb5%Zu!CK({4cLBj$@4?$O3bbFx^@dy=dm|oC1 zgvaagt2^-Y5p<|bSsl-i9G2odVX%8mQk?VYPh{58Y7t6uFwpDS8_U_AV1gwv{*!JK zOuXf{<297c=L%ba0+Yz@=*tk15T^&kE+0OZ@emM!O zeIM9dr)sLWdM(r%*L}t-A%ZL;!mL<=KJa_eOC*x}Lzg9GUuj4qwDz8|eRJa@iPf|E z8PnH$!7cGeAJ6Xm*s_s>NGk6aJ%RD}NDNl?t%SC*lan#3KD+OQyMu!aN|oG@pRZSU z;(agg%Jna}ac*ZYY`5#gDr_HKfi7QPc~vxNp~WxnVYz1n1^I^oPEjYAR!azi0Rb84 z5(WhMFK>cwakw>!2ryF8%nHFM9@~DNO&j zh8tCOYsA&7WVZ5g=Sjh!o-pbrePw z&YrmjG41wthN;|g46Cnq=5x2P-5#Yz{w)pvcq}nTO0b>W0sg}#oCx$gWnb;j&OZro z;@-skw_J1Q+#pb^4;WYyrrWe>a*h{C2fbTM%Ro)Mzl24Iq>uA%gCFVi1VfgVy=QW~ zpB7-Cv`dwHwN>KnoHFZei)#Uya&7DTeKxyD)!{k5Ao6u@0n~nrad;Reb}5mZ0wj)? zJ=KAF(#!2k&SKwE!k34j?{pjrE2Zy-UNq{TA0dA1|5ow$T*?`kL2@WDz?}?3k^>(K zqx(99V9vXc%eB*IrIcj*t{JVs#=>UnWAT?-3DGn+EKaBWUGQP<<{QD!1=M5m;qNJ3 z0C{bYfevb3i=j+suh`@h4H-e7r@mTW_^Zmvr&)@w_$EjbyGDy{hNYkM97OK+<6v*oL7Py9@jG(+|bLuskm77SsvkyoNW$_SG2;J_x%1d3ChC)qVJKW$&9~)1) z4_o&ueTgixel(Y}rVyF8oOcZSECQlX$1r zznSaX{R@ije+>_Yc@HAKgGbjd2EZ$TGO%qM2k%(gtUYl$7m3P~l>@UH zeuSNklakXTnT7%MH=HP^Z{7E<44|35e!19l?CGU_y5qd9D76lcY?i^Pcfc9+s}@pS-I1A zyh5dMP6V)@z66PetWH7EIL6l%H6fM^9xEo4zMbOGvCWLqW=gP{$zLvh`yE$js5n0c zmy69ga6wEFxS~d(_Obw6#f+vsnAKq|*4xm3g1s$2Ey*DH|IGoX?u`Vr5FFxk(xR{a zDNo9cI%S$mssfy?iDAvw!?k(Hf!yq@8Q+(grvlY36y&B$8`)rwx8u}V7w3o%Xm)n< zD@Y(&BS*sntZU?qCprI(s^DOEi&185Vm4y4z7;*uha)r?Db@rUlvL_u*gM_@bz%8rbUNZ0l8HNkT!F<6F5$= zEFI&KnA!)zCmo3Yb>aj0)2e8Q?##HxpQF*6-;o3qyKa8$46CcKHW*6|L?9Sh^{6H* ze?QK<-!ja~OOBN_@|Xlxy`XesV0{KjjSa2Z(h^DW!|AxX!~l z%bt8`%aZhGRo;WN+{BH`@Flb_eRokC;ehw8L>(Q+CB(op{chfmQqO=7LEp`MDTYF- zf4un?v+mh5Fsqg40p5mYFG4n9AMrlK9s50>i$zP5?!|;&&L5z)R>s3nf$yiLq~i{Y zZ=rWmXD^n;!N%RA4|luFJ1E!zFkq>tF*W^UYm!>CVChsAv~M8KvsR9QI^D3~j;P-u z$S>%7f4aQQ#iQ4)6|W}>)-MU2*9(~YuwcPYpqB%R@@TVOV6N9F)Yq0dG*kGh zx6FKZPnqAc$m3Zo!mM7fMb^ZyWynYgT^>uIOlX_gcPkTTz$~mLuKZ3rJGWCoMtQzo z_df$u-a}Qs>7ArZ_kKe^duM#yyUG(x$R(UPI)Q+@kLRI0>=&coOjipl2u2%8NqDVq6m6NQJlZ-h#iD4TStvldX2DeaCvQ$%& z_PyM#fjI^oF1e~CwQ6_;0O6sKLEIxF(<5VdhQat(8yka9Jdl&vl9$RBzCyj=9oV zh_fF8%-q3wc8I$*v*ssP{&}<G}~3)>EbB_pGvdY zyFWSL*<^tnU_0&^MOVtU+mIyOBi=c-=PeSI_Lp7VO5-V`VKeVIDjdt2e5TDQgwgVEWe zMZ=u`3_I`Qs+)4C{SEi1Ks?YL3bRoz=1}_wExQQ~>T`zCT7*(q4V78-^70FQ^#uC) zxZQ=vo%idg2@|-fMX-l1w?P$JA??pzsef~BnItv5hg|id7sEIjz&s8vz=^?KEDYiK zSH!cqn#`@5Vc0-!GaeBQFoJtC!enpwseTJ1`v?Pi8*|#&P=|ezfA<@e`V9F$SLa6*T8|!S` zTaZAmJ_BcNcEu|3BZqPwLWK1NU-v*@g(~wx&!BkZC6Ecar1iIn?acFc`62nj4O4Me z2AdQZ>o&KS9eC6U^)?RW#My_I%>i$cQir#(0l(G{5?4y=^ri%Ld|btaFt(g($k9N> zyn*roEGi&enJR+_*_zFRqhzd_)FGcj?^O@~js9bnXH_d)sM+y0g9+jCop+f!!#-Xc z=FyDts@)p~D_+)1Nei3_{mpes)bREaXf*FEAneb`ldUI~wMSc~i?thr2!;?>R3u7F%@^LryseDzqcj;aDRP=U9a zXII*p9bMVXd6e!EoLmXLwRfwo3(Pp;s?z4OhEiosTMey|ZY0Mujx83t9XOEW(Qm71 z%d}!63vz|Z0y0VphKxJ)FyU66IC?sD%VaHcS(-3ex8_5-ruD+*Jk4@+PP#!nq|a(M z;$of2xM6!0;xwhD*iE`{={^LsnEFH*?dLF3nM!l86!svE`Gi@jn2FY8 zYoau8Yy4uP?4kM+vOIKp`fLDAAs?g2f)sAxy9*Sq@q>@XCA`?n%Vzm zpdP%Rrjwd1M+S2O*E}68Rdx@@2HeQ04$q|)kMz^iHM0!O3!vfMkzYjuhOo*6+Pq#} z1KL0l^~wk9T+k9t>dDz7gIm+Om)wOcaQ+DE#D^tO*tGd(8mlScK$(Y@ky}%j2yhQE zSC5Gtb39jujk~B#dEoKob#KX9PiO`x1@IA6l%iWQXH^v7m&+b^O4*jncZe3XJd`!Y zF$G+4pOgz4ejMG_oZuJm-pncl@&;`A_V9%GcrotKf1TmychB~H{->W*ZaI5#@KDSd zG3GdzH^k|f+ee-IHZkIy;O$k>@=$s1^ayeS%xd3c46&W{S3U~AX#@OR9*;jSK>Z#U z&iI|lR1F`)j)UB#Z#6xH$< z-J8QfZlF4MIN@e>KB%*HyPT8%@NkB+*oHaRC9{L1_;sG!cR@fv)Vr4Pd0FG>*1+UX z3#9Pp;sKS$KNDUS1OfcB7ej5)-)nk*2e>`aEVf`G&sO!mUhItkD*ae38zuAm0$mGz zw&yI%9rHNLPpX=@K@GEov!NK#qj>!I`@;O2se+3MNw2c}%RRWoCd|3Dst6A^XFs1J zzC`4c{YxeON{}+fF+T7t5C18Zt-J#UR8P3a+bO6IFxuhf;}y`Xb$a^>5&Wma*Ffjb zJA-HN=DtAJJuMoIt9oyJG*{_K3A4B{w7FPtK@v_QdPVqplpkk**Utz#V^O?l)k>H@ zPBJJHuiZWhU=LFrJ<^Am?$C;{^Z^~Myz*CfQ=MZZJysobGcDn{pc+5k>lih5I!&$t zwFHnP1xMz1kqN=$t?Dqs3fp~qgDm5czHwKruB2H$?VcN`>3{vPPnC7LJi04SmjW#d ze?Z)%=^Y(}WHBoh5sx?YT~xZw`r9GSyJOZ(hI zg|3Ue0~Y@R==LsA!=vNb)keD2dx1GJ`{|ahp@()nSB9HAzT;87E?vHa4whBM^&@A_ zV;zcazS&W|7+!^sxQ@W;&k_k($;_&|azmhouRO!GM{5U8OYs#Y8Q2zJWG$yy^qODL zUd7C#xqP^6%3qtXBCWL)&ZtgaA=VsoyAMk++@G*(q=z_-c_QkjrgU9Yz0WZd&8!qZfLd^YPMkf{13 z?UTlT!8L1qyg6G^aKB*?=||zmJiP$bv1QMyj&$=ZU; z0s=6w1}dDnWC;?oOBo*9wx78vwhlB|>g~&RO=maxo%m_%(DLrHohZ(39Hj7{jRXLm zZ6JqOTuRj4;#~bo6~O&cC8{!C7ba%rFgCx>B$D?L*Mh6jMNF?zNmw^6Hc+AJ(OV^>8-g0GEsVU+O_#T4 zWih_BQwU+ca)?zsuO_xmT@Nq-+rT?X)(jTnbNMp)NiV|9pQX;BS1sU|ax6I5u9||X z3R}(wTu)A%dx1%`D#Nt(lWk(q#lX%KVE0E6D@vL^cZMg91+C#+E-KTYqkv}ux5NsXOZev_j&=k$0X>zMnW;lpZY#NL>CKwM)7jc-&$Mw zDjaCjlqT zAH5$!s?JtkOgB4$A#jPE@CyDHikoa099*3GB68YcGFjVp;o=cl2J1n4V$xJ)lA}d| z(u&`9yx_&~^Y4x>I%02FKllt?-cc~JOt&Cuy7e|Hod|4OT>)ZhgYoR48JF}y)4MFK zSsU$ALZK=`p&TcbfFCV{&>eBH!|c=}>{gq?CtLl!rLV{!A+nlC~howjdC>&asH0VW*>E z>#VzWN6f2V^L@Qk;9Khe8>BE`JUHeP@LAGb3M4iYx(7R~S^kI}bVH6XPUQ6zsY77**saCM(o4v4)n zM_waHP1miCdwP~zW=2fMb9e)7J=6ol1?Yimb>F$yk+GL15lM$Kx-O;bW{Cf(=QP+0 z17<0U&+L7CwYP3_1FHH81^D(6M@X*)Hb=6?Flsj?HirecJfP$1zFO*Wbw3YKW7wsR zv9=^}8GKPzE$}=MIUBO9^W!#xY2e!!32cR)7Znacf4SoS4;)e(g&pF$K2ueo9Cn>m4bi_jtAFfljC}&^o^1OPCnPzleKhMn&4L1etG_>g;_h&KK8gF<$WO0gUNJ0$sRXe8W0W`rP!^2S-|Bb?9_zT$}Fb!P}<3drQSM z)GL|2w_wQ+P|~W+O<{Io99t7uRJ2i#gAx=howd@qZE}&kcWsz*V^PT9CcD%i=-0D2 z^Xs^ob~tQPq?|rrB9UPoWSxN3m1BK{GNxvSomwKcV__eUN!FyXY-nltE`5o6gi@ds zPBuAw1a&VW9cAI%4}KE1cW)T^$W8ymP0lFRoXQa)Wi_N?CAuF1-jSqkiGu+!SR03l zk6{~K)|~o`yZ8y>5ve|{ZLl8d_KntCwOF0ypwK2+D5p7XAI z+4dQS#ieSBRcgqJw3$ zOf=`Iy9(aV$JBVtIwoO=lVOO{(etZ6(pyc-Y=mMJfxtM@!cYIKfg?^N6R)TV+u{ZE5sVXJ*<>$Q4*3;WDL@7!Ut=-Q!ce6@Lw>?%(7Do%IF zU~$9Gl)S^4rsGbtNtuvLJ5E+RPIr^q&>TYIMAby^2fTU%LnH$mFg_`Dv@~^eg;CFY z>%9Y*vAtLDVskQ@|JiTAER(25S*k~w;N2w?Qo=w}%Fy7}HOU{8?~^qdh%BdQTVM83 zVCTo1Z@>hjX$^Go;-x|jdi)?leKlyG1;Tw?qXR9m>Z!iwXzR3&fOfIztl!p1!S0Ig zkh}%(7?e=`J7KmC`=1E*{BOK>JiBJEh^HJD6i9#QVcHJdIy>dL z`})lH4|f_$K&&U9d*9gUv!rWste|T6}0?o)ZB#C z`hjW~eSbf`eBz)UJnO%&)<4%;n-h=MqT!%0`t}Er-g7t_vp0uvY}Li9meDj9{-m^c z9SGP|2fBEMeX)2*KD)F`P{m!l*q4O_{o`Q6I;nUpu*Y&BClJZ0DlP0G$~~)^Jcn@y zqGY@Zi+{6c6S#h@VKbT)G^nckEEnVk3NAOSy}Tz@ij4O7wAlBQ=PGeBx+Fj*u8G=B zW%;h!n}mT5-LTM|j!a(sJ>Khx2EMh=fn$rxZ&_}Y@Oz~@z^85p&Z-;W_j_j1p)GH1|4oQv`u_Jn2Y+_0vSKnE zhsnN7WDIVGnT4=e%B<;b!yjbQ*_F@AYFtyx0eoq|9s)BPcoU~e58Yd2jIJLeid8KI zFs&sQ#vWWbn_CKo<2O2f-p<@Ps)SPO52QTKFF_pUOuP;xW{v%gfh2MTJ=sx8rNmoA6v0VlwXU)^_ zVr?5|9>AeBSL990OQPo#NWnc|I~5XN0|V+$>r!5Bj*D8g?!`Z8y(KBqUoX**G=|Xs2k2mp|5aq0Tlf?A6xk`o04a&&@(HKt`!GcL$-6v z{h%|yid;`~&L?a^BA7g>@d9LI(hY_eYnIH_jcPATtlH+!h~iKQez$kz2$;eVOdVcq zH9={_+UI^xegoO>H$p$p9bSHoK=$>ts!?^i*J}BH-mN?Ku=(@Xwq1#g#Zhjyk2#z; z*T?GiZYUY825w)G=c{O~WpZG6)D|w)o(~Co81fEg5Q%aRss|hpwS%9Wh*QNb8D<1- z+t)+25ixIDO)yZ=5!u>}!Q8E~wr0fa4G`;h3d3H7@37hwhdb20;Ce0(7TO&|F5e6) zBvR#89YpnefGW&qq}6RJ=L{YJxzw(qx5T^Os)jGzmYHLQu7&sCx+#&>D&UK*g{kc* zS-dYc%{hq{n4U1{cG%91284^RofWIF@PA(DzaWTmBiSPlPu^I zrP%$GQ69qr97;b^>~+;_|M1+@V(|FY$UE8^+96YhdFG<+$l|qFvD^)*k(2hx%5$s5 zFWZ`d>u>PV-$d{?q6svP>{DAC-9|{IBAzE!3k7F5JL_+8BcoyKkN`gaN{+1gy(TiTQ%b^ z-UuQ0(+U(FTeT7Z*;hN2^nPUCGXGsk^%%_8)ZK*RQX&VNYC zIq)nTE5@l!&@mGR`$S&S#RI-`u_V`o<3L@9>Ktc&?Qua)TPjcgyyW(SJtEk--+6=A z!v93*o~RDawoaZ}X?N`ZnT%M6m>_)nqrD<`WGk3cW5Ly^=(Q!W9u>%U=`qNc>1ocK zV5gX_-n1z{mSeBp-4SEW=COhtV{e-k41GxS+#P>{p$awUQLZAXYGbd~ZJbVMS5uCf zvLa+r3w_}&LVzS?$HZ8}aEiL}K(F`_60eliLRSR2YR)hPlSjNW4Oj9Ay|Q7=9b=-L zA>eg$w-UL$O=5d~;`#A09*vOHnq$MNrB{wORdA}`#GV=FH1CI~8kQqPiHGWlM|SBo z5=@PA{p;$lK-O}G@%>y@N}n&%@J~ZcCHMzp7nFvwcx9Gk{;*LC}@;uAiP^{iGo0RMjBl_D_YfLfQlbGhE!^nx}!1gK+OT4gC#| zb{$^X$Q_^9;-4>ey+1$B)G2Yb_z5#Or90&=c<-t`JsJ?56(dpsX#@K)JpX4|$<!^vCjF%%VSR?<8Hs!FVCypZu0+5&ViGaTHf0p`7L1zc~Z$P zsL$TZt@`2civ#%

    cEfwLjZ6BenVDr2V(0%N{pRQ2&#sermaN?0s*(mV()58_esy z7eyKN)ZXlg+n}1b>UzQ1&rTgnKfg?~*>h4mj4j!u3y=oRlmAo@zVWM^t0Cg-}>n6wttU6 zN1)~XJA3u^?f+SO_upr+|2xU=>HG63`={Ow0S;#HeYjZpQR)A7<^N@Tj>3zSm2dU4 te`5c4mrHhjod5de*Dt?*`SnXxmF?bnWO9GyfBE&Fd8hR800s{O1^~^Puvh>9 diff --git a/fuzz/summary.txt b/fuzz/summary.txt index 8516bf3723aa..298c8377379f 100644 --- a/fuzz/summary.txt +++ b/fuzz/summary.txt @@ -1,51 +1,57 @@ Filename Regions Missed Regions Cover Functions Missed Functions Executed Lines Missed Lines Cover --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -fuzz/prng.c 31 0 100.00% 2 0 100.00% 49 0 100.00% -fuzz/udev.c 103 5 95.15% 17 1 94.12% 141 7 95.04% -fuzz/uniform_random.c 7 1 85.71% 1 0 100.00% 23 1 95.65% +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ +fuzz/clock.c 24 1 95.83% 4 0 100.00% 35 0 100.00% +fuzz/prng.c 31 0 100.00% 2 0 100.00% 35 0 100.00% +fuzz/udev.c 103 1 99.03% 17 0 100.00% 126 3 97.62% +fuzz/uniform_random.c 7 1 85.71% 1 0 100.00% 12 1 91.67% fuzz/wrap.c 6 0 100.00% 1 0 100.00% 7 0 100.00% -openbsd-compat/explicit_bzero.c 4 0 100.00% 1 0 100.00% 13 0 100.00% +openbsd-compat/explicit_bzero.c 4 0 100.00% 1 0 100.00% 7 0 100.00% openbsd-compat/freezero.c 4 0 100.00% 1 0 100.00% 6 0 100.00% -openbsd-compat/recallocarray.c 41 7 82.93% 1 0 100.00% 49 7 85.71% -openbsd-compat/strlcat.c 12 1 91.67% 1 0 100.00% 25 1 96.00% -openbsd-compat/timingsafe_bcmp.c 4 0 100.00% 1 0 100.00% 8 0 100.00% -src/aes256.c 115 4 96.52% 8 0 100.00% 175 14 92.00% -src/assert.c 616 46 92.53% 59 3 94.92% 924 64 93.07% -src/authkey.c 44 0 100.00% 5 0 100.00% 75 0 100.00% -src/bio.c 419 20 95.23% 49 2 95.92% 660 22 96.67% -src/blob.c 53 3 94.34% 10 0 100.00% 96 7 92.71% -src/buf.c 8 1 87.50% 2 0 100.00% 20 1 95.00% -src/cbor.c 986 17 98.28% 53 0 100.00% 1426 37 97.41% -src/compress.c 34 4 88.24% 3 0 100.00% 30 3 90.00% -src/config.c 94 1 98.94% 10 0 100.00% 146 3 97.95% -src/cred.c 581 38 93.46% 63 2 96.83% 872 48 94.50% -src/credman.c 382 10 97.38% 40 0 100.00% 614 15 97.56% -src/dev.c 414 74 82.13% 43 6 86.05% 556 106 80.94% -src/ecdh.c 117 2 98.29% 4 0 100.00% 161 5 96.89% -src/eddsa.c 54 0 100.00% 8 0 100.00% 77 0 100.00% +openbsd-compat/recallocarray.c 41 7 82.93% 1 0 100.00% 36 7 80.56% +openbsd-compat/strlcat.c 12 1 91.67% 1 0 100.00% 21 1 95.24% +openbsd-compat/timingsafe_bcmp.c 4 0 100.00% 1 0 100.00% 7 0 100.00% +src/aes256.c 115 4 96.52% 8 0 100.00% 157 14 91.08% +src/assert.c 563 40 92.90% 56 3 94.64% 694 40 94.24% +src/authkey.c 44 0 100.00% 5 0 100.00% 59 0 100.00% +src/bio.c 419 20 95.23% 49 2 95.92% 559 21 96.24% +src/blob.c 53 2 96.23% 10 0 100.00% 83 4 95.18% +src/buf.c 8 1 87.50% 2 0 100.00% 16 1 93.75% +src/cbor.c 1047 28 97.33% 54 0 100.00% 1237 54 95.63% +src/compress.c 34 4 88.24% 3 0 100.00% 28 3 89.29% +src/config.c 108 0 100.00% 11 0 100.00% 151 0 100.00% +src/cred.c 632 34 94.62% 69 2 97.10% 830 36 95.66% +src/credman.c 382 10 97.38% 40 0 100.00% 518 15 97.10% +src/dev.c 420 78 81.43% 44 6 86.36% 488 102 79.10% +src/ecdh.c 117 2 98.29% 4 0 100.00% 146 5 96.58% +src/eddsa.c 80 3 96.25% 10 0 100.00% 106 8 92.45% src/err.c 122 10 91.80% 1 0 100.00% 126 10 92.06% -src/es256.c 280 0 100.00% 16 0 100.00% 394 0 100.00% -src/hid.c 60 0 100.00% 12 0 100.00% 134 0 100.00% -src/hid_linux.c 173 68 60.69% 14 7 50.00% 303 123 59.41% -src/hid_unix.c 30 20 33.33% 2 0 100.00% 52 28 46.15% -src/info.c 198 0 100.00% 44 0 100.00% 405 0 100.00% -src/io.c 158 7 95.57% 10 0 100.00% 228 11 95.18% -src/iso7816.c 18 1 94.44% 5 0 100.00% 42 0 100.00% -src/largeblob.c 513 19 96.30% 30 0 100.00% 759 43 94.33% -src/log.c 39 5 87.18% 7 1 85.71% 73 4 94.52% -src/netlink.c 327 15 95.41% 40 0 100.00% 565 35 93.81% -src/nfc_linux.c 304 123 59.54% 23 10 56.52% 520 199 61.73% -src/pin.c 403 3 99.26% 26 0 100.00% 583 3 99.49% -src/random.c 6 1 83.33% 1 0 100.00% 8 1 87.50% -src/reset.c 24 0 100.00% 3 0 100.00% 27 0 100.00% -src/rs256.c 102 4 96.08% 8 0 100.00% 138 6 95.65% -src/u2f.c 473 6 98.73% 15 0 100.00% 742 9 98.79% +src/es256.c 306 5 98.37% 19 0 100.00% 358 7 98.04% +src/hid.c 60 0 100.00% 12 0 100.00% 114 0 100.00% +src/hid_linux.c 173 68 60.69% 14 7 50.00% 250 104 58.40% +src/hid_unix.c 28 20 28.57% 2 0 100.00% 43 24 44.19% +src/info.c 184 0 100.00% 39 0 100.00% 316 0 100.00% +src/io.c 182 7 96.15% 13 0 100.00% 221 11 95.02% +src/iso7816.c 18 1 94.44% 5 0 100.00% 38 0 100.00% +src/largeblob.c 513 21 95.91% 30 0 100.00% 684 47 93.13% +src/log.c 39 5 87.18% 7 1 85.71% 63 4 93.65% +src/netlink.c 328 14 95.73% 40 0 100.00% 498 32 93.57% +src/nfc_linux.c 327 73 77.68% 23 5 78.26% 458 124 72.93% +src/pin.c 403 3 99.26% 26 0 100.00% 495 3 99.39% +src/random.c 6 1 83.33% 1 0 100.00% 6 1 83.33% +src/reset.c 24 0 100.00% 3 0 100.00% 23 0 100.00% +src/rs1.c 25 1 96.00% 3 0 100.00% 39 3 92.31% +src/rs256.c 141 8 94.33% 13 0 100.00% 172 10 94.19% +src/time.c 43 3 93.02% 3 0 100.00% 43 1 97.67% +src/tpm.c 76 0 100.00% 7 0 100.00% 138 0 100.00% +src/types.c 25 0 100.00% 6 0 100.00% 46 0 100.00% +src/u2f.c 528 4 99.24% 17 0 100.00% 685 12 98.25% Files which contain no functions: openbsd-compat/openbsd-compat.h 0 0 - 0 0 - 0 0 - +openbsd-compat/time.h 0 0 - 0 0 - 0 0 - src/extern.h 0 0 - 0 0 - 0 0 - src/fido.h 0 0 - 0 0 - 0 0 - src/fido/err.h 0 0 - 0 0 - 0 0 - src/fido/param.h 0 0 - 0 0 - 0 0 - --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -TOTAL 7359 516 92.99% 640 32 95.00% 11252 813 92.77% +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ +TOTAL 7809 481 93.84% 679 26 96.17% 10180 708 93.05% diff --git a/fuzz/wrap.c b/fuzz/wrap.c index 5b91a64dbf4b..8d7be6bb6247 100644 --- a/fuzz/wrap.c +++ b/fuzz/wrap.c @@ -4,6 +4,9 @@ * license that can be found in the LICENSE file. */ +#include +#include + #include #include #include @@ -50,6 +53,14 @@ WRAP(void *, 1 ) +WRAP(void *, + realloc, + (void *ptr, size_t size), + NULL, + (ptr, size), + 1 +) + WRAP(char *, strdup, (const char *s), @@ -83,32 +94,6 @@ WRAP(EVP_CIPHER_CTX *, 1 ) -WRAP(int, - EVP_EncryptInit_ex, - (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, - const unsigned char *key, const unsigned char *iv), - 0, - (ctx, type, impl, key, iv), - 1 -) - -WRAP(int, - EVP_CIPHER_CTX_set_padding, - (EVP_CIPHER_CTX *x, int padding), - 0, - (x, padding), - 1 -) - -WRAP(int, - EVP_EncryptUpdate, - (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl), - 0, - (ctx, out, outl, in, inl), - 1 -) - WRAP(int, EVP_CipherInit, (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, @@ -118,48 +103,6 @@ WRAP(int, 1 ) -WRAP(int, - EVP_DecryptInit_ex, - (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, - const unsigned char *key, const unsigned char *iv), - 0, - (ctx, type, impl, key, iv), - 1 -) - -WRAP(int, - EVP_DecryptUpdate, - (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl), - 0, - (ctx, out, outl, in, inl), - 1 -) - -WRAP(int, - SHA256_Init, - (SHA256_CTX *c), - 0, - (c), - 1 -) - -WRAP(int, - SHA256_Update, - (SHA256_CTX *c, const void *data, size_t len), - 0, - (c, data, len), - 1 -) - -WRAP(int, - SHA256_Final, - (unsigned char *md, SHA256_CTX *c), - 0, - (md, c), - 1 -) - WRAP(RSA *, EVP_PKEY_get0_RSA, (EVP_PKEY *pkey), @@ -201,6 +144,30 @@ WRAP(int, 1 ) +WRAP(int, + EVP_DigestInit_ex, + (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl), + 0, + (ctx, type, impl), + 1 +) + +WRAP(int, + EVP_DigestUpdate, + (EVP_MD_CTX *ctx, const void *data, size_t count), + 0, + (ctx, data, count), + 1 +) + +WRAP(int, + EVP_DigestFinal_ex, + (EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize), + 0, + (ctx, md, isize), + 1 +) + WRAP(BIGNUM *, BN_bin2bn, (const unsigned char *s, int len, BIGNUM *ret), @@ -241,6 +208,14 @@ WRAP(BIGNUM *, 1 ) +WRAP(RSA *, + RSA_new, + (void), + NULL, + (), + 1 +) + WRAP(int, RSA_set0_key, (RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d), @@ -249,6 +224,14 @@ WRAP(int, 1 ) +WRAP(int, + RSA_pkey_ctx_ctrl, + (EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2), + -1, + (ctx, optype, cmd, p1, p2), + 1 +) + WRAP(EC_KEY *, EC_KEY_new_by_curve_name, (int nid), @@ -385,6 +368,30 @@ WRAP(int, 1 ) +WRAP(int, + EVP_PKEY_verify_init, + (EVP_PKEY_CTX *ctx), + 0, + (ctx), + 1 +) + +WRAP(int, + EVP_PKEY_CTX_ctrl, + (EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2), + -1, + (ctx, keytype, optype, cmd, p1, p2), + 1 +) + +WRAP(const EVP_MD *, + EVP_sha1, + (void), + NULL, + (), + 1 +) + WRAP(const EVP_MD *, EVP_sha256, (void), @@ -393,6 +400,22 @@ WRAP(const EVP_MD *, 1 ) +WRAP(const EVP_CIPHER *, + EVP_aes_256_cbc, + (void), + NULL, + (), + 1 +) + +WRAP(const EVP_CIPHER *, + EVP_aes_256_gcm, + (void), + NULL, + (), + 1 +) + WRAP(unsigned char *, HMAC, (const EVP_MD *evp_md, const void *key, int key_len, @@ -436,6 +459,14 @@ WRAP(int, 1 ) +WRAP(unsigned char *, + SHA1, + (const unsigned char *d, size_t n, unsigned char *md), + NULL, + (d, n, md), + 1 +) + WRAP(unsigned char *, SHA256, (const unsigned char *d, size_t n, unsigned char *md), @@ -500,6 +531,14 @@ WRAP(cbor_item_t *, 1 ) +WRAP(cbor_item_t *, + cbor_build_uint16, + (uint16_t value), + NULL, + (value), + 1 +) + WRAP(cbor_item_t *, cbor_build_uint32, (uint32_t value), @@ -508,6 +547,14 @@ WRAP(cbor_item_t *, 1 ) +WRAP(cbor_item_t *, + cbor_build_uint64, + (uint64_t value), + NULL, + (value), + 1 +) + WRAP(struct cbor_pair *, cbor_map_handle, (const cbor_item_t *item), @@ -556,6 +603,14 @@ WRAP(cbor_item_t *, 1 ) +WRAP(cbor_item_t *, + cbor_new_definite_bytestring, + (void), + NULL, + (), + 1 +) + WRAP(size_t, cbor_serialize_alloc, (const cbor_item_t *item, cbor_mutable_data *buffer, @@ -567,16 +622,16 @@ WRAP(size_t, WRAP(int, fido_tx, - (fido_dev_t *d, uint8_t cmd, const void *buf, size_t count), + (fido_dev_t *d, uint8_t cmd, const void *buf, size_t count, int *ms), -1, - (d, cmd, buf, count), + (d, cmd, buf, count, ms), 1 ) WRAP(int, - usleep, - (unsigned int usec), + bind, + (int sockfd, const struct sockaddr *addr, socklen_t addrlen), -1, - (usec), + (sockfd, addr, addrlen), 1 ) diff --git a/fuzz/wrapped.sym b/fuzz/wrapped.sym index de4f24ae0355..0e9d34627f86 100644 --- a/fuzz/wrapped.sym +++ b/fuzz/wrapped.sym @@ -1,3 +1,4 @@ +bind BN_bin2bn BN_bn2bin BN_CTX_get @@ -11,31 +12,36 @@ cbor_build_bytestring cbor_build_negint16 cbor_build_negint8 cbor_build_string +cbor_build_uint16 cbor_build_uint32 +cbor_build_uint64 cbor_build_uint8 cbor_load cbor_map_add cbor_map_handle cbor_new_definite_array +cbor_new_definite_bytestring cbor_new_definite_map cbor_serialize_alloc +clock_gettime EC_KEY_get0_group EC_KEY_get0_private_key EC_KEY_new_by_curve_name EC_POINT_get_affine_coordinates_GFp EC_POINT_new +EVP_aes_256_cbc +EVP_aes_256_gcm EVP_Cipher EVP_CIPHER_CTX_ctrl EVP_CIPHER_CTX_new -EVP_CIPHER_CTX_set_padding EVP_CipherInit -EVP_DecryptInit_ex -EVP_DecryptUpdate +EVP_DigestFinal_ex +EVP_DigestInit_ex +EVP_DigestUpdate EVP_DigestVerifyInit -EVP_EncryptInit_ex -EVP_EncryptUpdate EVP_MD_CTX_new EVP_PKEY_assign +EVP_PKEY_CTX_ctrl EVP_PKEY_CTX_new EVP_PKEY_CTX_new_id EVP_PKEY_derive @@ -50,6 +56,8 @@ EVP_PKEY_new EVP_PKEY_new_raw_public_key EVP_PKEY_paramgen EVP_PKEY_paramgen_init +EVP_PKEY_verify_init +EVP_sha1 EVP_sha256 fido_tx HMAC @@ -59,11 +67,12 @@ HMAC_Init_ex HMAC_Update ioctl malloc +realloc +RSA_new +RSA_pkey_ctx_ctrl RSA_set0_key +SHA1 SHA256 -SHA256_Final -SHA256_Init -SHA256_Update strdup udev_device_get_devnode udev_device_get_parent_with_subsystem_devtype diff --git a/man/CMakeLists.txt b/man/CMakeLists.txt index ad9f339e6f9b..3e50c50d37a0 100644 --- a/man/CMakeLists.txt +++ b/man/CMakeLists.txt @@ -48,6 +48,7 @@ list(APPEND MAN_ALIAS eddsa_pk_new eddsa_pk_to_EVP_PKEY es256_pk_new es256_pk_free es256_pk_new es256_pk_from_EC_KEY + es256_pk_new es256_pk_from_EVP_PKEY es256_pk_new es256_pk_from_ptr es256_pk_new es256_pk_to_EVP_PKEY fido_assert_new fido_assert_authdata_len @@ -129,6 +130,10 @@ list(APPEND MAN_ALIAS fido_cbor_info_new fido_cbor_info_versions_len fido_cbor_info_new fido_cbor_info_versions_ptr fido_cbor_info_new fido_dev_get_cbor_info + fido_cred_new fido_cred_aaguid_len + fido_cred_new fido_cred_aaguid_ptr + fido_cred_new fido_cred_attstmt_len + fido_cred_new fido_cred_attstmt_ptr fido_cred_new fido_cred_authdata_len fido_cred_new fido_cred_authdata_ptr fido_cred_new fido_cred_authdata_raw_len @@ -137,26 +142,25 @@ list(APPEND MAN_ALIAS fido_cred_new fido_cred_clientdata_hash_ptr fido_cred_new fido_cred_display_name fido_cred_new fido_cred_flags - fido_cred_new fido_cred_sigcount fido_cred_new fido_cred_fmt fido_cred_new fido_cred_free fido_cred_new fido_cred_id_len fido_cred_new fido_cred_id_ptr - fido_cred_new fido_cred_aaguid_len - fido_cred_new fido_cred_aaguid_ptr fido_cred_new fido_cred_largeblob_key_len fido_cred_new fido_cred_largeblob_key_ptr + fido_cred_new fido_cred_pin_minlen fido_cred_new fido_cred_prot fido_cred_new fido_cred_pubkey_len fido_cred_new fido_cred_pubkey_ptr fido_cred_new fido_cred_rp_id fido_cred_new fido_cred_rp_name + fido_cred_new fido_cred_sigcount fido_cred_new fido_cred_sig_len fido_cred_new fido_cred_sig_ptr fido_cred_new fido_cred_type - fido_cred_new fido_cred_user_name fido_cred_new fido_cred_user_id_len fido_cred_new fido_cred_user_id_ptr + fido_cred_new fido_cred_user_name fido_cred_new fido_cred_x5c_len fido_cred_new fido_cred_x5c_ptr fido_credman_metadata_new fido_credman_del_dev_rk @@ -178,6 +182,7 @@ list(APPEND MAN_ALIAS fido_credman_metadata_new fido_credman_rp_name fido_credman_metadata_new fido_credman_rp_new fido_credman_metadata_new fido_credman_set_dev_rk + fido_cred_set_authdata fido_cred_set_attstmt fido_cred_set_authdata fido_cred_set_authdata_raw fido_cred_set_authdata fido_cred_set_blob fido_cred_set_authdata fido_cred_set_clientdata @@ -185,6 +190,7 @@ list(APPEND MAN_ALIAS fido_cred_set_authdata fido_cred_set_extensions fido_cred_set_authdata fido_cred_set_fmt fido_cred_set_authdata fido_cred_set_id + fido_cred_set_authdata fido_cred_set_pin_minlen fido_cred_set_authdata fido_cred_set_prot fido_cred_set_authdata fido_cred_set_rk fido_cred_set_authdata fido_cred_set_rp @@ -196,6 +202,7 @@ list(APPEND MAN_ALIAS fido_dev_enable_entattest fido_dev_toggle_always_uv fido_dev_enable_entattest fido_dev_force_pin_change fido_dev_enable_entattest fido_dev_set_pin_minlen + fido_dev_enable_entattest fido_dev_set_pin_minlen_rpid fido_dev_get_touch_begin fido_dev_get_touch_status fido_dev_info_manifest fido_dev_info_free fido_dev_info_manifest fido_dev_info_manufacturer_string @@ -227,12 +234,14 @@ list(APPEND MAN_ALIAS fido_dev_set_pin fido_dev_get_uv_retry_count fido_dev_set_pin fido_dev_reset fido_dev_set_io_functions fido_dev_set_sigmask + fido_dev_set_io_functions fido_dev_set_timeout fido_dev_largeblob_get fido_dev_largeblob_set fido_dev_largeblob_get fido_dev_largeblob_remove fido_dev_largeblob_get fido_dev_largeblob_get_array fido_dev_largeblob_get fido_dev_largeblob_set_array rs256_pk_new rs256_pk_free rs256_pk_new rs256_pk_from_ptr + rs256_pk_new rs256_pk_from_EVP_PKEY rs256_pk_new rs256_pk_from_RSA rs256_pk_new rs256_pk_to_EVP_PKEY ) diff --git a/man/es256_pk_new.3 b/man/es256_pk_new.3 index 54439cd300cf..6c1bac0f57f9 100644 --- a/man/es256_pk_new.3 +++ b/man/es256_pk_new.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. .\" Use of this source code is governed by a BSD-style .\" license that can be found in the LICENSE file. .\" @@ -9,6 +9,7 @@ .Nm es256_pk_new , .Nm es256_pk_free , .Nm es256_pk_from_EC_KEY , +.Nm es256_pk_from_EVP_KEY , .Nm es256_pk_from_ptr , .Nm es256_pk_to_EVP_PKEY .Nd FIDO 2 COSE ES256 API @@ -22,6 +23,8 @@ .Ft int .Fn es256_pk_from_EC_KEY "es256_pk_t *pk" "const EC_KEY *ec" .Ft int +.Fn es256_pk_from_EVP_PKEY "es256_pk_t *pk" "const EVP_PKEY *pkey" +.Ft int .Fn es256_pk_from_ptr "es256_pk_t *pk" "const void *ptr" "size_t len" .Ft EVP_PKEY * .Fn es256_pk_to_EVP_PKEY "const es256_pk_t *pk" @@ -79,6 +82,16 @@ No references to are kept. .Pp The +.Fn es256_pk_from_EVP_KEY +function fills +.Fa pk +with the contents of +.Fa pkey . +No references to +.Fa pkey +are kept. +.Pp +The .Fn es256_pk_from_ptr function fills .Fa pk @@ -110,7 +123,8 @@ If an error occurs, returns NULL. .Sh RETURN VALUES The -.Fn es256_pk_from_EC_KEY +.Fn es256_pk_from_EC_KEY , +.Fn es256_pk_from_EVP_KEY , and .Fn es256_pk_from_ptr functions return diff --git a/man/fido2-token.1 b/man/fido2-token.1 index 43f1c0ea48b7..fd82c23cffb7 100644 --- a/man/fido2-token.1 +++ b/man/fido2-token.1 @@ -82,6 +82,7 @@ .Op Fl d .Fl i Ar template_id .Fl n Ar template_name +.Ar device .Nm .Fl S .Op Fl d @@ -112,6 +113,11 @@ .Fl p Ar display_name .Ar device .Nm +.Fl S +.Fl m +.Ar rp_id +.Ar device +.Nm .Fl V .Sh DESCRIPTION .Nm @@ -340,6 +346,12 @@ Sets the minimum PIN length of to .Ar pin_length . The user will be prompted for the PIN. +.It Fl S Fl m Ar rp_id Ar device +Sets the list of relying party IDs that are allowed to retrieve +the minimum PIN length of +.Ar device . +Multiple IDs may be specified, separated by commas. +The user will be prompted for the PIN. .It Fl S Fl u Ar device Enables the FIDO 2.1 .Dq user verification always diff --git a/man/fido_cred_new.3 b/man/fido_cred_new.3 index 8cecf5f29850..d779cb2c659d 100644 --- a/man/fido_cred_new.3 +++ b/man/fido_cred_new.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. .\" Use of this source code is governed by a BSD-style .\" license that can be found in the LICENSE file. .\" @@ -8,6 +8,7 @@ .Sh NAME .Nm fido_cred_new , .Nm fido_cred_free , +.Nm fido_cred_pin_minlen , .Nm fido_cred_prot , .Nm fido_cred_fmt , .Nm fido_cred_rp_id , @@ -24,6 +25,7 @@ .Nm fido_cred_sig_ptr , .Nm fido_cred_user_id_ptr , .Nm fido_cred_x5c_ptr , +.Nm fido_cred_attstmt_ptr , .Nm fido_cred_authdata_len , .Nm fido_cred_authdata_raw_len , .Nm fido_cred_clientdata_hash_len , @@ -34,6 +36,7 @@ .Nm fido_cred_sig_len , .Nm fido_cred_user_id_len , .Nm fido_cred_x5c_len , +.Nm fido_cred_attstmt_len , .Nm fido_cred_type , .Nm fido_cred_flags , .Nm fido_cred_sigcount @@ -44,8 +47,10 @@ .Fn fido_cred_new "void" .Ft void .Fn fido_cred_free "fido_cred_t **cred_p" +.Ft size_t +.Fn fido_cred_pin_minlen "const fido_cred_t *cred" .Ft int -.Fn fido_cred_prot "fido_cred_t *cred" +.Fn fido_cred_prot "const fido_cred_t *cred" .Ft const char * .Fn fido_cred_fmt "const fido_cred_t *cred" .Ft const char * @@ -76,6 +81,8 @@ .Fn fido_cred_user_id_ptr "const fido_cred_t *cred" .Ft const unsigned char * .Fn fido_cred_x5c_ptr "const fido_cred_t *cred" +.Ft const unsigned char * +.Fn fido_cred_attstmt_ptr "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_authdata_len "const fido_cred_t *cred" .Ft size_t @@ -96,6 +103,8 @@ .Fn fido_cred_user_id_len "const fido_cred_t *cred" .Ft size_t .Fn fido_cred_x5c_len "const fido_cred_t *cred" +.Ft size_t +.Fn fido_cred_attstmt_len "const fido_cred_t *cred" .Ft int .Fn fido_cred_type "const fido_cred_t *cred" .Ft uint8_t @@ -146,13 +155,35 @@ may be NULL, in which case .Fn fido_cred_free is a NOP. .Pp -The +If the FIDO 2.1 +.Dv FIDO_EXT_MINPINLEN +extension is enabled on +.Fa cred , +then the +.Fn fido_cred_pin_minlen +function returns the minimum PIN length of +.Fa cred . +Otherwise, +.Fn fido_cred_pin_minlen +returns zero. +See +.Xr fido_cred_set_pin_minlen 3 +on how to enable this extension. +.Pp +If the FIDO 2.1 +.Dv FIDO_EXT_CRED_PROTECT +extension is enabled on +.Fa cred , +then the .Fn fido_cred_prot function returns the protection of .Fa cred . +Otherwise, +.Fn fido_cred_prot +returns zero. See .Xr fido_cred_set_prot 3 -for the values understood by +for the protection policies understood by .Em libfido2 . .Pp The @@ -186,12 +217,14 @@ The .Fn fido_cred_pubkey_ptr , .Fn fido_cred_sig_ptr , .Fn fido_cred_user_id_ptr , +.Fn fido_cred_x5c_ptr , and -.Fn fido_cred_x5c_ptr +.Fn fido_cred_attstmt_ptr functions return pointers to the CBOR-encoded and raw authenticator data, client data hash, ID, authenticator attestation GUID, .Dq largeBlobKey , -public key, signature, user ID, and x509 certificate parts of +public key, signature, user ID, x509 certificate, and attestation +statement parts of .Fa cred , or NULL if the respective entry is not set. .Pp @@ -205,8 +238,9 @@ The corresponding length can be obtained by .Fn fido_cred_pubkey_len , .Fn fido_cred_sig_len , .Fn fido_cred_user_id_len , +.Fn fido_cred_x5c_len , and -.Fn fido_cred_x5c_len . +.Fn fido_cred_attstmt_len . .Pp The authenticator data, x509 certificate, and signature parts of a credential are typically passed to a FIDO 2 server for verification. @@ -251,6 +285,8 @@ qualifier is invoked. .Sh SEE ALSO .Xr fido_cred_exclude 3 , .Xr fido_cred_set_authdata 3 , +.Xr fido_cred_set_pin_minlen 3 , +.Xr fido_cred_set_prot 3 , .Xr fido_cred_verify 3 , .Xr fido_credman_metadata_new 3 , .Xr fido_dev_largeblob_get 3 , diff --git a/man/fido_cred_set_authdata.3 b/man/fido_cred_set_authdata.3 index 91e1edbaf810..7bae51f43674 100644 --- a/man/fido_cred_set_authdata.3 +++ b/man/fido_cred_set_authdata.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. .\" Use of this source code is governed by a BSD-style .\" license that can be found in the LICENSE file. .\" @@ -8,6 +8,7 @@ .Sh NAME .Nm fido_cred_set_authdata , .Nm fido_cred_set_authdata_raw , +.Nm fido_cred_set_attstmt , .Nm fido_cred_set_x509 , .Nm fido_cred_set_sig , .Nm fido_cred_set_id , @@ -17,6 +18,7 @@ .Nm fido_cred_set_user , .Nm fido_cred_set_extensions , .Nm fido_cred_set_blob , +.Nm fido_cred_set_pin_minlen , .Nm fido_cred_set_prot , .Nm fido_cred_set_rk , .Nm fido_cred_set_uv , @@ -37,6 +39,8 @@ typedef enum { .Ft int .Fn fido_cred_set_authdata_raw "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" .Ft int +.Fn fido_cred_set_attstmt "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" +.Ft int .Fn fido_cred_set_x509 "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" .Ft int .Fn fido_cred_set_sig "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" @@ -55,6 +59,8 @@ typedef enum { .Ft int .Fn fido_cred_set_blob "fido_cred_t *cred" "const unsigned char *ptr" "size_t len" .Ft int +.Fn fido_cred_set_pin_minlen "fido_cred_t *cred" "size_t len" +.Ft int .Fn fido_cred_set_prot "fido_cred_t *cred" "int prot" .Ft int .Fn fido_cred_set_rk "fido_cred_t *cred" "fido_opt_t rk" @@ -80,13 +86,15 @@ of its constituent parts, please refer to the Web Authentication .Pp The .Fn fido_cred_set_authdata , +.Fn fido_cred_set_attstmt , .Fn fido_cred_set_x509 , .Fn fido_cred_set_sig , .Fn fido_cred_set_id , and .Fn fido_cred_set_clientdata_hash -functions set the authenticator data, attestation certificate, -signature, id, and client data hash parts of +functions set the authenticator data, attestation statement, +attestation certificate, attestation signature, id, and client +data hash parts of .Fa cred to .Fa ptr , @@ -98,13 +106,13 @@ bytes. A copy of .Fa ptr is made, and no references to the passed pointer are kept. +.Pp The authenticator data passed to .Fn fido_cred_set_authdata must be a CBOR-encoded byte string, as obtained from .Fn fido_cred_authdata_ptr . Alternatively, a raw binary blob may be passed to .Fn fido_cred_set_authdata_raw . -.Pp An application calling .Fn fido_cred_set_authdata does not need to call @@ -112,6 +120,20 @@ does not need to call The latter is meant to be used in contexts where the credential's authenticator data is not available. .Pp +The attestation statement passed to +.Fn fido_cred_set_attstmt +must be a CBOR-encoded map, as obtained from +.Fn fido_cred_attstmt_ptr . +An application calling +.Fn fido_cred_set_attstmt +does not need to call +.Fn fido_cred_set_x509 +or +.Fn fido_cred_set_sig . +The latter two are meant to be used in contexts where the +credential's complete attestation statement is not available or +required. +.Pp The .Fn fido_cred_set_clientdata function allows an application to set the client data hash of @@ -183,6 +205,7 @@ At the moment, only the .Dv FIDO_EXT_CRED_BLOB , .Dv FIDO_EXT_CRED_PROTECT , .Dv FIDO_EXT_HMAC_SECRET , +.Dv FIDO_EXT_MINPINLEN , and .Dv FIDO_EXT_LARGEBLOB_KEY extensions are supported. @@ -205,8 +228,32 @@ which must be bytes long. .Pp The +.Fn fido_cred_set_pin_minlen +function enables the FIDO 2.1 +.Dv FIDO_EXT_MINPINLEN +extension on +.Fa cred +and sets the expected minimum PIN length of +.Fa cred +to +.Fa len , +where +.Fa len +is greater than zero. +If +.Fa len +is zero, the +.Dv FIDO_EXT_MINPINLEN +extension is disabled on +.Fa cred . +.Pp +The .Fn fido_cred_set_prot -function sets the protection of +function enables the FIDO 2.1 +.Dv FIDO_EXT_CRED_PROTECT +extension on +.Fa cred +and sets the protection of .Fa cred to the scalar .Fa prot . diff --git a/man/fido_cred_verify.3 b/man/fido_cred_verify.3 index 6b720f2132ea..ec95e134572e 100644 --- a/man/fido_cred_verify.3 +++ b/man/fido_cred_verify.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. .\" Use of this source code is governed by a BSD-style .\" license that can be found in the LICENSE file. .\" @@ -29,8 +29,8 @@ A brief description follows: The .Fn fido_cred_verify function verifies whether the client data hash, relying party ID, -credential ID, type, and resident/discoverable key and user verification -attributes of +credential ID, type, protection policy, minimum PIN length, and +resident/discoverable key and user verification attributes of .Fa cred have been attested by the holder of the private counterpart of the public key contained in the credential's x509 certificate. @@ -40,14 +40,14 @@ Please note that the x509 certificate itself is not verified. The attestation statement formats supported by .Fn fido_cred_verify are -.Em packed +.Em packed , +.Em fido-u2f , and -.Em fido-u2f . +.Em tpm . The attestation type implemented by .Fn fido_cred_verify is .Em Basic Attestation . -The attestation key pair is assumed to be of the type ES256. Other attestation formats and types are not supported. .Sh RETURN VALUES The error codes returned by diff --git a/man/fido_dev_enable_entattest.3 b/man/fido_dev_enable_entattest.3 index 7cb766d41d0c..17962d3d35d5 100644 --- a/man/fido_dev_enable_entattest.3 +++ b/man/fido_dev_enable_entattest.3 @@ -9,7 +9,8 @@ .Nm fido_dev_enable_entattest , .Nm fido_dev_toggle_always_uv , .Nm fido_dev_force_pin_change , -.Nm fido_dev_set_pin_minlen +.Nm fido_dev_set_pin_minlen , +.Nm fido_dev_set_pin_minlen_rpid .Nd FIDO 2.1 configuration authenticator API .Sh SYNOPSIS .In fido.h @@ -22,6 +23,8 @@ .Fn fido_dev_force_pin_change "fido_dev_t *dev" "const char *pin" .Ft int .Fn fido_dev_set_pin_minlen "fido_dev_t *dev" "size_t len" "const char *pin" +.Ft int +.Fn fido_dev_set_pin_minlen_rpid "fido_dev_t *dev" "const char * const *rpid" "size_t n" "const char *pin" .Sh DESCRIPTION The functions described in this page allow configuration of a FIDO 2.1 authenticator. @@ -77,6 +80,24 @@ to .Fa len . Minimum PIN lengths may only be increased. .Pp +The +.Fn fido_dev_set_pin_minlen_rpid +function sets the list of relying party identifiers +.Pq RP IDs +that are allowed to obtain the minimum PIN length of +.Fa dev +through the FIDO 2.1 +.Dv FIDO_EXT_MINPINLEN +extension. +The list of RP identifiers is denoted by +.Fa rpid , +a vector of +.Fa n +NUL-terminated UTF-8 strings. +A copy of +.Fa rpid +is made, and no reference to it or its contents is kept. +.Pp Configuration settings are reflected in the payload returned by the authenticator in response to a .Xr fido_dev_get_cbor_info 3 @@ -86,13 +107,15 @@ The error codes returned by .Fn fido_dev_enable_entattest , .Fn fido_dev_toggle_always_uv , .Fn fido_dev_force_pin_change , +.Fn fido_dev_set_pin_minlen , and -.Fn fido_dev_set_pin_minlen +.Fn fido_dev_set_pin_minlen_rpid are defined in .In fido/err.h . On success, .Dv FIDO_OK is returned. .Sh SEE ALSO +.Xr fido_cred_pin_minlen 3 , .Xr fido_dev_get_cbor_info 3 , .Xr fido_dev_reset 3 diff --git a/man/fido_dev_info_manifest.3 b/man/fido_dev_info_manifest.3 index 22519e29b9fa..76e399cec319 100644 --- a/man/fido_dev_info_manifest.3 +++ b/man/fido_dev_info_manifest.3 @@ -112,11 +112,21 @@ The .Fn fido_dev_info_manufacturer_string function returns the manufacturer string of .Fa di . +If +.Fa di +does not have an associated manufacturer string, +.Fn fido_dev_info_manufacturer_string +returns an empty string. .Pp The .Fn fido_dev_info_product_string function returns the product string of .Fa di . +If +.Fa di +does not have an associated product string, +.Fn fido_dev_info_product_string +returns an empty string. .Pp An example of how to use the functions described in this document can be found in the diff --git a/man/fido_dev_set_io_functions.3 b/man/fido_dev_set_io_functions.3 index 231ae2411be8..52081f126e78 100644 --- a/man/fido_dev_set_io_functions.3 +++ b/man/fido_dev_set_io_functions.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. .\" Use of this source code is governed by a BSD-style .\" license that can be found in the LICENSE file. .\" @@ -7,7 +7,8 @@ .Os .Sh NAME .Nm fido_dev_set_io_functions , -.Nm fido_dev_set_sigmask +.Nm fido_dev_set_sigmask , +.Nm fido_dev_set_timeout .Nd FIDO 2 device I/O interface .Sh SYNOPSIS .In fido.h @@ -34,6 +35,8 @@ typedef sigset_t fido_sigset_t; .Fn fido_dev_set_io_functions "fido_dev_t *dev" "const fido_dev_io_t *io" .Ft int .Fn fido_dev_set_sigmask "fido_dev_t *dev" "const fido_sigset_t *sigmask" +.Ft int +.Fn fido_dev_set_timeout "fido_dev_t *dev" "int ms" .Sh DESCRIPTION The .Fn fido_dev_set_io_functions @@ -122,11 +125,35 @@ No references to .Fa sigmask are held by .Fn fido_dev_set_sigmask . +.Pp +The +.Fn fido_dev_set_timeout +function informs +.Em libfido2 +not to block for more than +.Fa ms +milliseconds while communicating with +.Fa dev . +If a timeout occurs, the corresponding +.Em fido_dev_* +function will fail with +.Dv FIDO_ERR_RX . +If +.Fa ms +is -1, +then +.Em libfido2 +may block indefinitely. +This is the default behaviour. +When using the Windows Hello backend, +.Fa ms +is used as a guidance and may be overwritten by the platform. .Sh RETURN VALUES On success, -.Fn fido_dev_set_io_functions +.Fn fido_dev_set_io_functions , +.Fn fido_dev_set_sigmask , and -.Fn fido_dev_set_sigmask +.Fn fido_dev_set_timeout return .Dv FIDO_OK . On error, a different error code defined in diff --git a/man/rs256_pk_new.3 b/man/rs256_pk_new.3 index 4ad0ebe936f3..ad33ee66ba7b 100644 --- a/man/rs256_pk_new.3 +++ b/man/rs256_pk_new.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2018 Yubico AB. All rights reserved. +.\" Copyright (c) 2018-2021 Yubico AB. All rights reserved. .\" Use of this source code is governed by a BSD-style .\" license that can be found in the LICENSE file. .\" @@ -8,6 +8,7 @@ .Sh NAME .Nm rs256_pk_new , .Nm rs256_pk_free , +.Nm rs256_pk_from_EVP_PKEY , .Nm rs256_pk_from_RSA , .Nm rs256_pk_from_ptr , .Nm rs256_pk_to_EVP_PKEY @@ -20,6 +21,8 @@ .Ft void .Fn rs256_pk_free "rs256_pk_t **pkp" .Ft int +.Fn rs256_pk_from_EVP_PKEY "rs256_pk_t *pk" "const EVP_PKEY *pkey" +.Ft int .Fn rs256_pk_from_RSA "rs256_pk_t *pk" "const RSA *rsa" .Ft int .Fn rs256_pk_from_ptr "rs256_pk_t *pk" "const void *ptr" "size_t len" @@ -69,6 +72,16 @@ may be NULL, in which case is a NOP. .Pp The +.Fn rs256_pk_from_EVP_PKEY +function fills +.Fa pk +with the contents of +.Fa pkey . +No references to +.Fa pkey +are kept. +.Pp +The .Fn rs256_pk_from_RSA function fills .Fa pk @@ -106,7 +119,8 @@ If an error occurs, returns NULL. .Sh RETURN VALUES The -.Fn rs256_pk_from_RSA +.Fn rs256_pk_from_EVP_PKEY , +.Fn rs256_pk_from_RSA , and .Fn rs256_pk_from_ptr functions return diff --git a/openbsd-compat/hkdf.c b/openbsd-compat/hkdf.c deleted file mode 100644 index 745b420f3747..000000000000 --- a/openbsd-compat/hkdf.c +++ /dev/null @@ -1,124 +0,0 @@ -/* $OpenBSD: hkdf.c,v 1.4 2019/11/21 20:02:20 tim Exp $ */ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "openbsd-compat.h" -#include "fido.h" - -#if OPENSSL_VERSION_NUMBER < 0x10100000L - -#include -#include - -#include -#include - -#define CRYPTOerror(r) CRYPTOerr(ERR_LIB_CRYPTO, (r)) - -/* https://tools.ietf.org/html/rfc5869#section-2 */ -int -HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, - const uint8_t *secret, size_t secret_len, const uint8_t *salt, - size_t salt_len, const uint8_t *info, size_t info_len) -{ - uint8_t prk[EVP_MAX_MD_SIZE]; - size_t prk_len; - - if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt, - salt_len)) - return 0; - if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info, - info_len)) - return 0; - - return 1; -} - -/* https://tools.ietf.org/html/rfc5869#section-2.2 */ -int -HKDF_extract(uint8_t *out_key, size_t *out_len, - const EVP_MD *digest, const uint8_t *secret, size_t secret_len, - const uint8_t *salt, size_t salt_len) -{ - unsigned int len; - - /* - * If salt is not given, HashLength zeros are used. However, HMAC does - * that internally already so we can ignore it. - */ - if (salt_len > INT_MAX || HMAC(digest, salt, (int)salt_len, secret, - secret_len, out_key, &len) == NULL) { - CRYPTOerror(ERR_R_CRYPTO_LIB); - return 0; - } - *out_len = len; - return 1; -} - -/* https://tools.ietf.org/html/rfc5869#section-2.3 */ -int -HKDF_expand(uint8_t *out_key, size_t out_len, - const EVP_MD *digest, const uint8_t *prk, size_t prk_len, - const uint8_t *info, size_t info_len) -{ - const size_t digest_len = EVP_MD_size(digest); - uint8_t previous[EVP_MAX_MD_SIZE]; - size_t n, done = 0; - unsigned int i; - int ret = 0; - HMAC_CTX hmac; - - /* Expand key material to desired length. */ - n = (out_len + digest_len - 1) / digest_len; - if (out_len + digest_len < out_len || n > 255 || prk_len > INT_MAX) { - CRYPTOerror(EVP_R_TOO_LARGE); - return 0; - } - - HMAC_CTX_init(&hmac); - if (!HMAC_Init_ex(&hmac, prk, (int)prk_len, digest, NULL)) - goto out; - - for (i = 0; i < n; i++) { - uint8_t ctr = i + 1; - size_t todo; - - if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) || - !HMAC_Update(&hmac, previous, digest_len))) - goto out; - - if (!HMAC_Update(&hmac, info, info_len) || - !HMAC_Update(&hmac, &ctr, 1) || - !HMAC_Final(&hmac, previous, NULL)) - goto out; - - todo = digest_len; - if (done + todo > out_len) - todo = out_len - done; - - memcpy(out_key + done, previous, todo); - done += todo; - } - - ret = 1; - - out: - HMAC_CTX_cleanup(&hmac); - explicit_bzero(previous, sizeof(previous)); - if (ret != 1) - CRYPTOerror(ERR_R_CRYPTO_LIB); - return ret; -} -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ diff --git a/openbsd-compat/hkdf.h b/openbsd-compat/hkdf.h deleted file mode 100644 index 34450f9dd7f0..000000000000 --- a/openbsd-compat/hkdf.h +++ /dev/null @@ -1,65 +0,0 @@ -/* $OpenBSD: hkdf.h,v 1.2 2018/04/03 13:33:53 tb Exp $ */ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#ifndef OPENSSL_HEADER_HKDF_H -#define OPENSSL_HEADER_HKDF_H - -#include - -#if defined(__cplusplus) -extern "C" { -#endif - -/* - * HKDF computes HKDF (as specified by RFC 5869) of initial keying - * material |secret| with |salt| and |info| using |digest|, and - * outputs |out_len| bytes to |out_key|. It returns one on success and - * zero on error. - * - * HKDF is an Extract-and-Expand algorithm. It does not do any key - * stretching, and as such, is not suited to be used alone to generate - * a key from a password. - */ - -int HKDF(uint8_t *out_key, size_t out_len, const struct env_md_st *digest, - const uint8_t *secret, size_t secret_len, const uint8_t *salt, - size_t salt_len, const uint8_t *info, size_t info_len); - -/* - * HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from - * initial keying material |secret| and salt |salt| using |digest|, - * and outputs |out_len| bytes to |out_key|. The maximum output size - * is |EVP_MAX_MD_SIZE|. It returns one on success and zero on error. - */ -int HKDF_extract(uint8_t *out_key, size_t *out_len, - const struct env_md_st *digest, const uint8_t *secret, - size_t secret_len, const uint8_t *salt, size_t salt_len); - -/* - * HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of - * length |out_len| from the PRK |prk| and info |info| using |digest|, - * and outputs the result to |out_key|. It returns one on success and - * zero on error. - */ -int HKDF_expand(uint8_t *out_key, size_t out_len, - const EVP_MD *digest, const uint8_t *prk, size_t prk_len, - const uint8_t *info, size_t info_len); - - -#if defined(__cplusplus) -} /* extern C */ -#endif - -#endif /* OPENSSL_HEADER_HKDF_H */ diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index 1be3aa295051..dc9acec4c0a8 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -20,6 +20,7 @@ #define be16toh(x) OSSwapBigToHostInt16((x)) #define htobe16(x) OSSwapHostToBigInt16((x)) #define be32toh(x) OSSwapBigToHostInt32((x)) +#define htobe32(x) OSSwapHostToBigInt32((x)) #define htole32(x) OSSwapHostToLittleInt32((x)) #define htole64(x) OSSwapHostToLittleInt64((x)) #endif /* __APPLE__ && !HAVE_ENDIAN_H */ @@ -33,11 +34,12 @@ #define be16toh(x) ntohs((x)) #define htobe16(x) htons((x)) #define be32toh(x) ntohl((x)) +#define htobe32(x) htonl((x)) uint32_t htole32(uint32_t); uint64_t htole64(uint64_t); #endif /* _WIN32 && !HAVE_ENDIAN_H */ -#if defined(__FreeBSD__) && !defined(HAVE_ENDIAN_H) +#if (defined(__FreeBSD__) || defined(__MidnightBSD__)) && !defined(HAVE_ENDIAN_H) #include #endif @@ -52,6 +54,10 @@ size_t strlcat(char *, const char *, size_t); size_t strlcpy(char *, const char *, size_t); #endif +#if !defined(HAVE_STRSEP) +char *strsep(char **, const char *); +#endif + #if !defined(HAVE_RECALLOCARRAY) void *recallocarray(void *, size_t, size_t, size_t); #endif @@ -80,13 +86,6 @@ int timingsafe_bcmp(const void *, const void *, size_t); #include -#if OPENSSL_VERSION_NUMBER < 0x10100000L -#include -#include "hkdf.h" -#define EVP_PKEY_get0_EC_KEY(x) ((x)->pkey.ec) -#define EVP_PKEY_get0_RSA(x) ((x)->pkey.rsa) -#endif - #if !defined(HAVE_ERR_H) #include "err.h" #else diff --git a/openbsd-compat/strsep.c b/openbsd-compat/strsep.c new file mode 100644 index 000000000000..578668c8ac7b --- /dev/null +++ b/openbsd-compat/strsep.c @@ -0,0 +1,79 @@ +/* $OpenBSD: strsep.c,v 1.6 2005/08/08 08:05:37 espie Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */ + +#include "openbsd-compat.h" + +#if !defined(HAVE_STRSEP) + +#include +#include + +/* + * Get next token from string *stringp, where tokens are possibly-empty + * strings separated by characters from delim. + * + * Writes NULs into the string at *stringp to end tokens. + * delim need not remain constant from call to call. + * On return, *stringp points past the last NUL written (if there might + * be further tokens), or is NULL (if there are definitely no more tokens). + * + * If *stringp is NULL, strsep returns NULL. + */ +char * +strsep(char **stringp, const char *delim) +{ + char *s; + const char *spanp; + int c, sc; + char *tok; + + if ((s = *stringp) == NULL) + return (NULL); + for (tok = s;;) { + c = *s++; + spanp = delim; + do { + if ((sc = *spanp++) == c) { + if (c == 0) + s = NULL; + else + s[-1] = 0; + *stringp = s; + return (tok); + } + } while (sc != 0); + } + /* NOTREACHED */ +} + +#endif /* !defined(HAVE_STRSEP) */ diff --git a/regress/CMakeLists.txt b/regress/CMakeLists.txt index 0314c38f7161..c550b3141822 100644 --- a/regress/CMakeLists.txt +++ b/regress/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2018 Yubico AB. All rights reserved. +# Copyright (c) 2018-2021 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. @@ -7,10 +7,14 @@ add_custom_target(regress ALL) macro(add_regress_test NAME SOURCES) add_executable(${NAME} ${SOURCES}) target_link_libraries(${NAME} fido2_shared) - add_custom_command(TARGET regress POST_BUILD COMMAND ${NAME} - DEPENDS ${NAME}) + add_test(${NAME} ${NAME}) + add_dependencies(regress ${NAME}) endmacro() +add_custom_command(TARGET regress POST_BUILD + COMMAND ${CMAKE_CTEST_COMMAND} --output-on-failure + WORKING_DIRECTORY ${CMAKE_BINARY_DIR}) + add_regress_test(regress_cred cred.c) add_regress_test(regress_assert assert.c) add_regress_test(regress_dev dev.c) diff --git a/regress/assert.c b/regress/assert.c index dfaf50662c76..23d666a61173 100644 --- a/regress/assert.c +++ b/regress/assert.c @@ -1,9 +1,11 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ +#define _FIDO_INTERNAL + #include #include #include @@ -24,6 +26,42 @@ static const unsigned char es256_pk[64] = { 0x64, 0x1a, 0x1d, 0xf8, 0xbe, 0x14, 0x90, 0x8a, }; +static const unsigned char rs256_pk[259] = { + 0x9e, 0x54, 0x78, 0xb2, 0x51, 0xbe, 0x19, 0x7c, + 0xcb, 0x1a, 0x9a, 0xc3, 0x49, 0x2a, 0x2f, 0xfd, + 0x99, 0x64, 0x76, 0xc6, 0xdb, 0xca, 0x38, 0x3f, + 0xb0, 0x6a, 0xc9, 0xc0, 0x07, 0x9f, 0x5c, 0x4d, + 0xfc, 0xd1, 0x01, 0x7f, 0x69, 0x65, 0xab, 0x9c, + 0x2a, 0xc2, 0x95, 0xd9, 0x44, 0xf3, 0xea, 0x94, + 0x6b, 0x25, 0x66, 0x54, 0x81, 0xee, 0x24, 0x1d, + 0xe1, 0x7d, 0x7f, 0xbe, 0xea, 0x76, 0x90, 0x5c, + 0xbf, 0x59, 0x22, 0xd3, 0xa0, 0x68, 0x1a, 0x65, + 0x8b, 0x2f, 0xb6, 0xa8, 0x30, 0x2d, 0x26, 0x81, + 0xfa, 0x9e, 0x59, 0xec, 0x2f, 0xee, 0x59, 0x39, + 0xe2, 0x79, 0x19, 0x54, 0x54, 0xdf, 0x24, 0x83, + 0xee, 0x61, 0x5a, 0x66, 0x24, 0x2b, 0x7b, 0xfb, + 0x82, 0x66, 0xe4, 0x85, 0x18, 0x20, 0x76, 0xe5, + 0x4a, 0xb6, 0xcb, 0xec, 0x43, 0xbe, 0xfd, 0xb0, + 0x8f, 0xfd, 0x2f, 0x69, 0xda, 0x06, 0x9c, 0x09, + 0x68, 0x7a, 0x94, 0x6c, 0xb7, 0x51, 0x6d, 0x4c, + 0xf7, 0x13, 0xe8, 0xd5, 0x22, 0x6b, 0x1e, 0xba, + 0xb9, 0x85, 0xe8, 0x5f, 0xa1, 0x66, 0xe3, 0x20, + 0x75, 0x30, 0x11, 0xb5, 0xa3, 0xc3, 0xb0, 0x72, + 0x08, 0xff, 0xa3, 0xbb, 0xf1, 0x32, 0x0b, 0x06, + 0xc4, 0x12, 0xa3, 0x49, 0x30, 0x19, 0xb9, 0xfe, + 0x69, 0x0c, 0xd6, 0xe1, 0x58, 0x36, 0xe6, 0x41, + 0x22, 0x41, 0xbf, 0x96, 0x50, 0x35, 0x56, 0x0d, + 0x92, 0x8c, 0x34, 0xea, 0x28, 0x91, 0x88, 0x9e, + 0x8a, 0xaa, 0x36, 0xd0, 0x0f, 0xbe, 0x16, 0xde, + 0x9d, 0x5f, 0x7b, 0xda, 0x52, 0xf7, 0xf1, 0xb6, + 0x28, 0x10, 0x05, 0x8f, 0xb9, 0x19, 0x7a, 0xcf, + 0x18, 0x9b, 0x40, 0xcd, 0xff, 0x78, 0xea, 0x61, + 0x24, 0x3b, 0x80, 0x68, 0x04, 0x9b, 0x40, 0x07, + 0x98, 0xd4, 0x94, 0xd1, 0x18, 0x44, 0xa5, 0xed, + 0xee, 0x18, 0xc2, 0x25, 0x52, 0x66, 0x42, 0xdf, + 0x01, 0x00, 0x01, +}; + static const unsigned char cdh[32] = { 0xec, 0x8d, 0x8f, 0x78, 0x42, 0x4a, 0x2b, 0xb7, 0x82, 0x34, 0xaa, 0xca, 0x07, 0xa1, 0xf6, 0x56, @@ -397,7 +435,7 @@ junk_cdh(void) junk = malloc(sizeof(cdh)); assert(junk != NULL); memcpy(junk, cdh, sizeof(cdh)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; a = alloc_assert(); pk = alloc_es256_pk(); @@ -448,7 +486,7 @@ junk_authdata(void) junk = malloc(sizeof(authdata)); assert(junk != NULL); memcpy(junk, authdata, sizeof(authdata)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; a = alloc_assert(); assert(fido_assert_set_count(a, 1) == FIDO_OK); @@ -468,7 +506,7 @@ junk_sig(void) junk = malloc(sizeof(sig)); assert(junk != NULL); memcpy(junk, sig, sizeof(sig)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; a = alloc_assert(); pk = alloc_es256_pk(); @@ -531,6 +569,46 @@ bad_cbor_serialize(void) free_assert(a); } +/* rs256 <-> EVP_PKEY transformations */ +static void +rs256_PKEY(void) +{ + rs256_pk_t *pk1, *pk2; + EVP_PKEY *pkey; + + pk1 = alloc_rs256_pk(); + pk2 = alloc_rs256_pk(); + + assert(rs256_pk_from_ptr(pk1, rs256_pk, sizeof(rs256_pk)) == FIDO_OK); + assert((pkey = rs256_pk_to_EVP_PKEY(pk1)) != NULL); + assert(rs256_pk_from_EVP_PKEY(pk2, pkey) == FIDO_OK); + assert(memcmp(pk1, pk2, sizeof(*pk1)) == 0); + + free_rs256_pk(pk1); + free_rs256_pk(pk2); + EVP_PKEY_free(pkey); +} + +/* es256 <-> EVP_PKEY transformations */ +static void +es256_PKEY(void) +{ + es256_pk_t *pk1, *pk2; + EVP_PKEY *pkey; + + pk1 = alloc_es256_pk(); + pk2 = alloc_es256_pk(); + + assert(es256_pk_from_ptr(pk1, es256_pk, sizeof(es256_pk)) == FIDO_OK); + assert((pkey = es256_pk_to_EVP_PKEY(pk1)) != NULL); + assert(es256_pk_from_EVP_PKEY(pk2, pkey) == FIDO_OK); + assert(memcmp(pk1, pk2, sizeof(*pk1)) == 0); + + free_es256_pk(pk1); + free_es256_pk(pk2); + EVP_PKEY_free(pkey); +} + int main(void) { @@ -548,6 +626,8 @@ main(void) junk_sig(); wrong_options(); bad_cbor_serialize(); + rs256_PKEY(); + es256_PKEY(); exit(0); } diff --git a/regress/cred.c b/regress/cred.c index 01df1ef9320d..b0df1481636a 100644 --- a/regress/cred.c +++ b/regress/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -102,6 +102,55 @@ static const unsigned char authdata_unsorted_keys[198] = { 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, }; +const unsigned char authdata_tpm[362] = { + 0x59, 0x01, 0x67, 0x49, 0x96, 0x0d, 0xe5, 0x88, + 0x0e, 0x8c, 0x68, 0x74, 0x34, 0x17, 0x0f, 0x64, + 0x76, 0x60, 0x5b, 0x8f, 0xe4, 0xae, 0xb9, 0xa2, + 0x86, 0x32, 0xc7, 0x99, 0x5c, 0xf3, 0xba, 0x83, + 0x1d, 0x97, 0x63, 0x45, 0x00, 0x00, 0x00, 0x00, + 0x08, 0x98, 0x70, 0x58, 0xca, 0xdc, 0x4b, 0x81, + 0xb6, 0xe1, 0x30, 0xde, 0x50, 0xdc, 0xbe, 0x96, + 0x00, 0x20, 0x89, 0x99, 0x6d, 0x5a, 0x00, 0x29, + 0xe5, 0x3e, 0x6a, 0x1c, 0x72, 0x6d, 0x71, 0x4a, + 0x4f, 0x03, 0x9b, 0x68, 0x17, 0xdb, 0x29, 0x1a, + 0x6b, 0x02, 0x6c, 0x26, 0xf9, 0xbd, 0xc3, 0x0e, + 0x38, 0x1a, 0xa4, 0x01, 0x03, 0x03, 0x39, 0x01, + 0x00, 0x20, 0x59, 0x01, 0x00, 0xc5, 0xb6, 0x9c, + 0x06, 0x1d, 0xcf, 0xb9, 0xf2, 0x5e, 0x99, 0x7d, + 0x6d, 0x73, 0xd8, 0x36, 0xc1, 0x4a, 0x90, 0x05, + 0x4d, 0x82, 0x57, 0xc1, 0xb6, 0x6a, 0xd1, 0x43, + 0x03, 0x85, 0xf8, 0x52, 0x4f, 0xd2, 0x27, 0x91, + 0x0b, 0xb5, 0x93, 0xa0, 0x68, 0xf8, 0x80, 0x1b, + 0xaa, 0x65, 0x97, 0x45, 0x11, 0x86, 0x34, 0xd6, + 0x67, 0xf8, 0xd5, 0x12, 0x79, 0x84, 0xee, 0x70, + 0x99, 0x00, 0x63, 0xa8, 0xb4, 0x43, 0x0b, 0x4c, + 0x57, 0x4a, 0xd6, 0x9b, 0x75, 0x63, 0x8a, 0x46, + 0x57, 0xdb, 0x14, 0xc8, 0x71, 0xd1, 0xb3, 0x07, + 0x68, 0x58, 0xbc, 0x55, 0x84, 0x80, 0x2a, 0xd2, + 0x36, 0x9f, 0xc1, 0x64, 0xa0, 0x11, 0x4b, 0xc9, + 0x32, 0x31, 0x3a, 0xd6, 0x87, 0x26, 0x1a, 0x3a, + 0x78, 0x3d, 0x89, 0xdb, 0x00, 0x28, 0x3b, 0xae, + 0x2b, 0x1b, 0x56, 0xe2, 0x8c, 0x4c, 0x63, 0xac, + 0x6e, 0x6c, 0xf7, 0xb5, 0x7d, 0x4d, 0x0b, 0x9f, + 0x06, 0xa0, 0x10, 0x35, 0x38, 0x20, 0x4d, 0xcc, + 0x07, 0xd7, 0x00, 0x4e, 0x86, 0xba, 0xfe, 0x8b, + 0xe4, 0x3f, 0x4a, 0xd6, 0xca, 0xbf, 0x67, 0x40, + 0x1a, 0xa4, 0xda, 0x82, 0x52, 0x15, 0xb8, 0x14, + 0x3a, 0x7c, 0xa9, 0x02, 0xc1, 0x01, 0x69, 0xc6, + 0x51, 0xd4, 0xbc, 0x1f, 0x95, 0xb2, 0xee, 0x1f, + 0xdd, 0xb5, 0x73, 0x16, 0x5e, 0x29, 0x3f, 0x47, + 0xac, 0x65, 0xfb, 0x63, 0x5c, 0xb9, 0xc8, 0x13, + 0x2d, 0xec, 0x85, 0xde, 0x71, 0x0d, 0x84, 0x93, + 0x74, 0x76, 0x91, 0xdd, 0x1d, 0x6d, 0x3d, 0xc7, + 0x36, 0x19, 0x19, 0x86, 0xde, 0x7c, 0xca, 0xd6, + 0xc6, 0x65, 0x7e, 0x4b, 0x24, 0x9c, 0xce, 0x92, + 0x6b, 0x1c, 0xe0, 0xa0, 0xa9, 0x6c, 0xc3, 0xed, + 0x4f, 0x2a, 0x54, 0x07, 0x00, 0x32, 0x5e, 0x1b, + 0x94, 0x37, 0xcd, 0xe2, 0x32, 0xa8, 0xd5, 0x2c, + 0xfb, 0x03, 0x9d, 0x79, 0xdf, 0x21, 0x43, 0x01, + 0x00, 0x01 +}; + static const unsigned char x509[742] = { 0x30, 0x82, 0x02, 0xe2, 0x30, 0x81, 0xcb, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, @@ -221,6 +270,42 @@ const unsigned char pubkey[64] = { 0xfe, 0x5d, 0xe1, 0x30, 0xfc, 0x2b, 0x1e, 0xd2, }; +const unsigned char pubkey_tpm[259] = { + 0xc5, 0xb6, 0x9c, 0x06, 0x1d, 0xcf, 0xb9, 0xf2, + 0x5e, 0x99, 0x7d, 0x6d, 0x73, 0xd8, 0x36, 0xc1, + 0x4a, 0x90, 0x05, 0x4d, 0x82, 0x57, 0xc1, 0xb6, + 0x6a, 0xd1, 0x43, 0x03, 0x85, 0xf8, 0x52, 0x4f, + 0xd2, 0x27, 0x91, 0x0b, 0xb5, 0x93, 0xa0, 0x68, + 0xf8, 0x80, 0x1b, 0xaa, 0x65, 0x97, 0x45, 0x11, + 0x86, 0x34, 0xd6, 0x67, 0xf8, 0xd5, 0x12, 0x79, + 0x84, 0xee, 0x70, 0x99, 0x00, 0x63, 0xa8, 0xb4, + 0x43, 0x0b, 0x4c, 0x57, 0x4a, 0xd6, 0x9b, 0x75, + 0x63, 0x8a, 0x46, 0x57, 0xdb, 0x14, 0xc8, 0x71, + 0xd1, 0xb3, 0x07, 0x68, 0x58, 0xbc, 0x55, 0x84, + 0x80, 0x2a, 0xd2, 0x36, 0x9f, 0xc1, 0x64, 0xa0, + 0x11, 0x4b, 0xc9, 0x32, 0x31, 0x3a, 0xd6, 0x87, + 0x26, 0x1a, 0x3a, 0x78, 0x3d, 0x89, 0xdb, 0x00, + 0x28, 0x3b, 0xae, 0x2b, 0x1b, 0x56, 0xe2, 0x8c, + 0x4c, 0x63, 0xac, 0x6e, 0x6c, 0xf7, 0xb5, 0x7d, + 0x4d, 0x0b, 0x9f, 0x06, 0xa0, 0x10, 0x35, 0x38, + 0x20, 0x4d, 0xcc, 0x07, 0xd7, 0x00, 0x4e, 0x86, + 0xba, 0xfe, 0x8b, 0xe4, 0x3f, 0x4a, 0xd6, 0xca, + 0xbf, 0x67, 0x40, 0x1a, 0xa4, 0xda, 0x82, 0x52, + 0x15, 0xb8, 0x14, 0x3a, 0x7c, 0xa9, 0x02, 0xc1, + 0x01, 0x69, 0xc6, 0x51, 0xd4, 0xbc, 0x1f, 0x95, + 0xb2, 0xee, 0x1f, 0xdd, 0xb5, 0x73, 0x16, 0x5e, + 0x29, 0x3f, 0x47, 0xac, 0x65, 0xfb, 0x63, 0x5c, + 0xb9, 0xc8, 0x13, 0x2d, 0xec, 0x85, 0xde, 0x71, + 0x0d, 0x84, 0x93, 0x74, 0x76, 0x91, 0xdd, 0x1d, + 0x6d, 0x3d, 0xc7, 0x36, 0x19, 0x19, 0x86, 0xde, + 0x7c, 0xca, 0xd6, 0xc6, 0x65, 0x7e, 0x4b, 0x24, + 0x9c, 0xce, 0x92, 0x6b, 0x1c, 0xe0, 0xa0, 0xa9, + 0x6c, 0xc3, 0xed, 0x4f, 0x2a, 0x54, 0x07, 0x00, + 0x32, 0x5e, 0x1b, 0x94, 0x37, 0xcd, 0xe2, 0x32, + 0xa8, 0xd5, 0x2c, 0xfb, 0x03, 0x9d, 0x79, 0xdf, + 0x01, 0x00, 0x01, +}; + const unsigned char id[64] = { 0x53, 0xfb, 0xdf, 0xaa, 0xce, 0x63, 0xde, 0xc5, 0xfe, 0x47, 0xe6, 0x52, 0xeb, 0xf3, 0x5d, 0x53, @@ -232,16 +317,539 @@ const unsigned char id[64] = { 0x34, 0xe3, 0x83, 0xe7, 0xd1, 0xbd, 0x9f, 0x25, }; +const unsigned char id_tpm[32] = { + 0x89, 0x99, 0x6d, 0x5a, 0x00, 0x29, 0xe5, 0x3e, + 0x6a, 0x1c, 0x72, 0x6d, 0x71, 0x4a, 0x4f, 0x03, + 0x9b, 0x68, 0x17, 0xdb, 0x29, 0x1a, 0x6b, 0x02, + 0x6c, 0x26, 0xf9, 0xbd, 0xc3, 0x0e, 0x38, 0x1a +}; + +const unsigned char attstmt_tpm[4034] = { + 0xa6, 0x63, 0x61, 0x6c, 0x67, 0x39, 0xff, 0xfe, + 0x63, 0x73, 0x69, 0x67, 0x59, 0x01, 0x00, 0x1c, + 0x09, 0x0d, 0x35, 0x97, 0x22, 0xfc, 0xfe, 0xc0, + 0x58, 0x49, 0x9e, 0xd4, 0x7e, 0x6a, 0x7d, 0xdb, + 0x6d, 0x20, 0x95, 0x5c, 0x0b, 0xd0, 0xd5, 0x72, + 0x4f, 0x15, 0x22, 0x38, 0x97, 0xb2, 0x4b, 0xd0, + 0xef, 0x31, 0x7c, 0xf2, 0x42, 0x19, 0x41, 0xa1, + 0xe2, 0xc5, 0xca, 0xc6, 0x74, 0x95, 0xcf, 0xf9, + 0x41, 0x75, 0x0b, 0x56, 0x39, 0x82, 0x78, 0xf6, + 0x59, 0xf1, 0x09, 0x96, 0x9e, 0x38, 0x7f, 0x14, + 0x9b, 0xf5, 0x36, 0xbb, 0x92, 0x32, 0xc4, 0x64, + 0xe8, 0xff, 0xb4, 0xc7, 0xcf, 0xcd, 0x17, 0x48, + 0x0f, 0x83, 0xd9, 0x44, 0x03, 0x35, 0x26, 0xad, + 0x01, 0xb7, 0x57, 0x06, 0xb3, 0x9c, 0xa0, 0x6e, + 0x2f, 0x58, 0xcb, 0x5c, 0xaa, 0x7c, 0xea, 0x7e, + 0x3f, 0xbc, 0x76, 0xc9, 0x0e, 0x52, 0x39, 0x81, + 0xa9, 0x9e, 0x37, 0x14, 0x1f, 0x50, 0x6a, 0x4f, + 0xd7, 0xfc, 0xd4, 0xfa, 0xf2, 0x18, 0x60, 0xd5, + 0xc3, 0x57, 0x7d, 0x6d, 0x05, 0x28, 0x25, 0xc3, + 0xde, 0x86, 0x85, 0x06, 0x71, 0xfb, 0x84, 0xa2, + 0x07, 0xb6, 0x77, 0xc9, 0x68, 0x41, 0x53, 0x32, + 0x4c, 0xa8, 0x4b, 0xf7, 0x08, 0x84, 0x62, 0x6c, + 0x8a, 0xb6, 0xcf, 0xc1, 0xde, 0x6b, 0x61, 0xc8, + 0xdd, 0xc0, 0x13, 0x70, 0x22, 0x28, 0xe1, 0x0f, + 0x46, 0x02, 0xc6, 0xb1, 0xfa, 0x30, 0xcb, 0xec, + 0xd1, 0x82, 0xfa, 0x51, 0xcb, 0x71, 0x5e, 0x1f, + 0x1b, 0x5f, 0xe0, 0xb0, 0x02, 0x8a, 0x7c, 0x78, + 0xd1, 0xb7, 0x4d, 0x56, 0xb0, 0x92, 0x3e, 0xda, + 0xc7, 0xb1, 0x74, 0xcf, 0x6a, 0x40, 0xeb, 0x98, + 0x1c, 0x2e, 0xf2, 0x86, 0x76, 0xf8, 0x2e, 0x6a, + 0x9f, 0x77, 0x51, 0x64, 0xce, 0xdc, 0x12, 0x85, + 0x84, 0x6b, 0x01, 0xc8, 0xeb, 0xbc, 0x57, 0x6c, + 0x32, 0x26, 0xcb, 0xb2, 0x84, 0x02, 0x2a, 0x33, + 0x15, 0xd9, 0xe3, 0x15, 0xfc, 0x3a, 0x24, 0x63, + 0x76, 0x65, 0x72, 0x63, 0x32, 0x2e, 0x30, 0x63, + 0x78, 0x35, 0x63, 0x82, 0x59, 0x05, 0xc4, 0x30, + 0x82, 0x05, 0xc0, 0x30, 0x82, 0x03, 0xa8, 0xa0, + 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x78, 0xd9, + 0xa8, 0xb2, 0x64, 0xf9, 0x4d, 0x28, 0x82, 0xc0, + 0xd3, 0x1b, 0x40, 0x3c, 0xc8, 0xd9, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x41, 0x31, + 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53, 0x54, + 0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44, 0x2d, + 0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34, 0x41, + 0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37, 0x41, + 0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30, 0x30, + 0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31, 0x41, + 0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36, 0x30, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x37, + 0x31, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, + 0x5a, 0x17, 0x0d, 0x32, 0x35, 0x30, 0x33, 0x32, + 0x31, 0x32, 0x30, 0x32, 0x39, 0x31, 0x35, 0x5a, + 0x30, 0x00, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xca, 0xbe, 0x77, 0x9f, 0x45, + 0x97, 0x17, 0x8d, 0x01, 0xe1, 0x18, 0xcc, 0xf0, + 0xb5, 0xed, 0x9a, 0xb7, 0x36, 0xac, 0x05, 0x26, + 0xbe, 0x35, 0xd9, 0x5c, 0x00, 0x5c, 0x5d, 0x8b, + 0x6f, 0x2a, 0xb8, 0xf6, 0x02, 0x4f, 0x33, 0xfe, + 0x84, 0x45, 0x4c, 0x4f, 0x7a, 0xdb, 0xa9, 0x6a, + 0x62, 0x0f, 0x19, 0x35, 0x5d, 0xd2, 0x34, 0x1a, + 0x9d, 0x73, 0x55, 0xe5, 0x3e, 0x04, 0xa2, 0xd6, + 0xbe, 0xe7, 0x5a, 0xb9, 0x16, 0x6c, 0x55, 0x18, + 0xa8, 0x4b, 0xb2, 0x37, 0xb9, 0xa3, 0x87, 0xfc, + 0x76, 0xa8, 0x55, 0xc9, 0xe7, 0x30, 0xe5, 0x0e, + 0x3c, 0x7b, 0x74, 0xd2, 0x1e, 0xa8, 0x05, 0xd5, + 0xe2, 0xe3, 0xcb, 0xaf, 0x63, 0x33, 0x12, 0xaa, + 0xfd, 0x31, 0x32, 0x71, 0x4f, 0x41, 0x96, 0x05, + 0xb5, 0x69, 0x73, 0x45, 0xbe, 0x6f, 0x90, 0xd9, + 0x10, 0x36, 0xaf, 0x7a, 0x1c, 0xf1, 0x6d, 0x14, + 0xb0, 0x1e, 0xbb, 0xae, 0x1c, 0x35, 0xec, 0x1c, + 0xb5, 0x0e, 0xf6, 0x33, 0x98, 0x13, 0x4e, 0x44, + 0x7b, 0x5c, 0x97, 0x47, 0xed, 0x4f, 0xfe, 0xbd, + 0x08, 0xd2, 0xa9, 0xc6, 0xbe, 0x8c, 0x04, 0x9e, + 0xdc, 0x3d, 0xbe, 0x98, 0xe9, 0x2a, 0xb1, 0xf4, + 0xfa, 0x45, 0xf9, 0xc8, 0x9a, 0x55, 0x85, 0x26, + 0xfc, 0x5f, 0xad, 0x00, 0x8b, 0xc8, 0x41, 0xf2, + 0x86, 0x4e, 0xba, 0x55, 0x1c, 0xb2, 0x89, 0xe8, + 0x85, 0x6e, 0x1e, 0x02, 0x9f, 0x55, 0x70, 0xbe, + 0xfd, 0xe7, 0x9f, 0xba, 0x59, 0xa0, 0x2e, 0x9a, + 0x74, 0x11, 0xe7, 0xad, 0xa9, 0xc7, 0x7b, 0x58, + 0xc4, 0x16, 0xd3, 0x35, 0xcb, 0x61, 0x00, 0xec, + 0x36, 0x4a, 0xa3, 0x51, 0xa3, 0xdd, 0x61, 0xb6, + 0xd6, 0x29, 0xcb, 0x76, 0xe1, 0xab, 0x51, 0x3a, + 0xe8, 0xbf, 0xdb, 0x09, 0x4a, 0x39, 0x96, 0xd9, + 0xac, 0x8f, 0x6c, 0x62, 0xe0, 0x03, 0x23, 0x24, + 0xbe, 0xd4, 0x83, 0x02, 0x03, 0x01, 0x00, 0x01, + 0xa3, 0x82, 0x01, 0xf3, 0x30, 0x82, 0x01, 0xef, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, + 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x07, 0x80, + 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, 0x30, 0x6d, + 0x06, 0x03, 0x55, 0x1d, 0x20, 0x01, 0x01, 0xff, + 0x04, 0x63, 0x30, 0x61, 0x30, 0x5f, 0x06, 0x09, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, + 0x1f, 0x30, 0x52, 0x30, 0x50, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x02, 0x02, 0x30, + 0x44, 0x1e, 0x42, 0x00, 0x54, 0x00, 0x43, 0x00, + 0x50, 0x00, 0x41, 0x00, 0x20, 0x00, 0x20, 0x00, + 0x54, 0x00, 0x72, 0x00, 0x75, 0x00, 0x73, 0x00, + 0x74, 0x00, 0x65, 0x00, 0x64, 0x00, 0x20, 0x00, + 0x20, 0x00, 0x50, 0x00, 0x6c, 0x00, 0x61, 0x00, + 0x74, 0x00, 0x66, 0x00, 0x6f, 0x00, 0x72, 0x00, + 0x6d, 0x00, 0x20, 0x00, 0x20, 0x00, 0x49, 0x00, + 0x64, 0x00, 0x65, 0x00, 0x6e, 0x00, 0x74, 0x00, + 0x69, 0x00, 0x74, 0x00, 0x79, 0x30, 0x10, 0x06, + 0x03, 0x55, 0x1d, 0x25, 0x04, 0x09, 0x30, 0x07, + 0x06, 0x05, 0x67, 0x81, 0x05, 0x08, 0x03, 0x30, + 0x59, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x01, 0x01, + 0xff, 0x04, 0x4f, 0x30, 0x4d, 0xa4, 0x4b, 0x30, + 0x49, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05, 0x67, + 0x81, 0x05, 0x02, 0x01, 0x0c, 0x0b, 0x69, 0x64, + 0x3a, 0x35, 0x33, 0x35, 0x34, 0x34, 0x44, 0x32, + 0x30, 0x31, 0x17, 0x30, 0x15, 0x06, 0x05, 0x67, + 0x81, 0x05, 0x02, 0x02, 0x0c, 0x0c, 0x53, 0x54, + 0x33, 0x33, 0x48, 0x54, 0x50, 0x48, 0x41, 0x48, + 0x42, 0x34, 0x31, 0x16, 0x30, 0x14, 0x06, 0x05, + 0x67, 0x81, 0x05, 0x02, 0x03, 0x0c, 0x0b, 0x69, + 0x64, 0x3a, 0x30, 0x30, 0x34, 0x39, 0x30, 0x30, + 0x30, 0x34, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb8, + 0x5f, 0xd5, 0x67, 0xca, 0x92, 0xc4, 0x0e, 0xcf, + 0x0c, 0xd8, 0x1f, 0x6d, 0x3f, 0x03, 0x55, 0x6f, + 0x38, 0xa6, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd4, 0x04, + 0x64, 0xfc, 0x6e, 0x50, 0x0a, 0x56, 0x48, 0x0f, + 0x05, 0xa9, 0x00, 0xb7, 0x1d, 0x5e, 0x57, 0x08, + 0xd5, 0xdc, 0x30, 0x81, 0xb2, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, + 0x81, 0xa5, 0x30, 0x81, 0xa2, 0x30, 0x81, 0x9f, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x30, 0x02, 0x86, 0x81, 0x92, 0x68, 0x74, 0x74, + 0x70, 0x3a, 0x2f, 0x2f, 0x61, 0x7a, 0x63, 0x73, + 0x70, 0x72, 0x6f, 0x64, 0x65, 0x75, 0x73, 0x61, + 0x69, 0x6b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x73, + 0x68, 0x2e, 0x62, 0x6c, 0x6f, 0x62, 0x2e, 0x63, + 0x6f, 0x72, 0x65, 0x2e, 0x77, 0x69, 0x6e, 0x64, + 0x6f, 0x77, 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x2f, + 0x65, 0x75, 0x73, 0x2d, 0x73, 0x74, 0x6d, 0x2d, + 0x6b, 0x65, 0x79, 0x69, 0x64, 0x2d, 0x31, 0x61, + 0x64, 0x62, 0x39, 0x39, 0x34, 0x61, 0x62, 0x35, + 0x38, 0x62, 0x65, 0x35, 0x37, 0x61, 0x30, 0x63, + 0x63, 0x39, 0x62, 0x39, 0x30, 0x30, 0x65, 0x37, + 0x38, 0x35, 0x31, 0x65, 0x31, 0x61, 0x34, 0x33, + 0x63, 0x30, 0x38, 0x36, 0x36, 0x30, 0x2f, 0x61, + 0x62, 0x64, 0x36, 0x31, 0x35, 0x66, 0x32, 0x2d, + 0x31, 0x35, 0x38, 0x61, 0x2d, 0x34, 0x35, 0x38, + 0x65, 0x2d, 0x61, 0x31, 0x35, 0x35, 0x2d, 0x37, + 0x63, 0x34, 0x63, 0x38, 0x63, 0x62, 0x31, 0x33, + 0x63, 0x36, 0x35, 0x2e, 0x63, 0x65, 0x72, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x02, 0x01, 0x00, 0xa2, 0x10, 0xc5, 0xbf, 0x41, + 0xa6, 0xba, 0x8c, 0x72, 0xca, 0x0f, 0x3e, 0x5e, + 0x7f, 0xe2, 0xcb, 0x60, 0xb8, 0x3f, 0xfb, 0xde, + 0x03, 0xe2, 0xfe, 0x20, 0x29, 0xdf, 0x11, 0xf5, + 0xb0, 0x50, 0x6d, 0x32, 0xe8, 0x1b, 0x05, 0xad, + 0x6b, 0x60, 0xb5, 0xed, 0xf3, 0xa4, 0x4a, 0xea, + 0x09, 0xe5, 0x65, 0x7e, 0xe0, 0xd5, 0x3a, 0x6a, + 0xdb, 0x64, 0xb7, 0x07, 0x8f, 0xa1, 0x63, 0xb3, + 0x89, 0x8a, 0xac, 0x49, 0x97, 0xa0, 0x9a, 0xa3, + 0xd3, 0x3a, 0xc2, 0x13, 0xb2, 0xbb, 0xab, 0x0d, + 0xf2, 0x35, 0xc5, 0x03, 0xde, 0x1c, 0xad, 0x6a, + 0x03, 0x0a, 0x4c, 0xe1, 0x37, 0x8f, 0xbc, 0x13, + 0xc0, 0x9a, 0x17, 0xd4, 0x2e, 0x36, 0x17, 0x51, + 0x12, 0xb0, 0x79, 0xbf, 0x9b, 0xb3, 0xb0, 0x74, + 0x25, 0x81, 0x7e, 0x21, 0x31, 0xb7, 0xc2, 0x5e, + 0xfb, 0x36, 0xab, 0xf3, 0x7a, 0x5f, 0xa4, 0x5e, + 0x8f, 0x0c, 0xbd, 0xcf, 0xf5, 0x50, 0xe7, 0x0c, + 0x51, 0x55, 0x48, 0xe6, 0x15, 0xb6, 0xd4, 0xaf, + 0x95, 0x72, 0x56, 0x94, 0xf7, 0x0e, 0xd6, 0x90, + 0xe3, 0xd3, 0x5d, 0xbd, 0x93, 0xa1, 0xbd, 0x6c, + 0xe4, 0xf2, 0x39, 0x4d, 0x54, 0x74, 0xcf, 0xf5, + 0xeb, 0x70, 0xdb, 0x4f, 0x52, 0xcd, 0x39, 0x8f, + 0x11, 0x54, 0x28, 0x06, 0x29, 0x8f, 0x23, 0xde, + 0x9e, 0x2f, 0x7b, 0xb6, 0x5f, 0xa3, 0x89, 0x04, + 0x99, 0x0a, 0xf1, 0x2d, 0xf9, 0x66, 0xd3, 0x13, + 0x45, 0xbd, 0x6c, 0x22, 0x57, 0xf5, 0xb1, 0xb9, + 0xdf, 0x5b, 0x7b, 0x1a, 0x3a, 0xdd, 0x6b, 0xc7, + 0x35, 0x88, 0xed, 0xc4, 0x09, 0x70, 0x4e, 0x5f, + 0xb5, 0x3e, 0xd1, 0x0b, 0xd0, 0xca, 0xef, 0x0b, + 0xe9, 0x8b, 0x6f, 0xc3, 0x16, 0xc3, 0x3d, 0x79, + 0x06, 0xef, 0x81, 0xf0, 0x60, 0x0b, 0x32, 0xe3, + 0x86, 0x6b, 0x92, 0x38, 0x90, 0x62, 0xed, 0x84, + 0x3a, 0xb7, 0x45, 0x43, 0x2e, 0xd0, 0x3a, 0x71, + 0x9e, 0x80, 0xcc, 0x9c, 0xac, 0x27, 0x10, 0x91, + 0xb7, 0xb2, 0xbd, 0x41, 0x40, 0xa7, 0xb7, 0xcf, + 0xe7, 0x38, 0xca, 0x68, 0xdd, 0x62, 0x09, 0xff, + 0x68, 0xce, 0xba, 0xe2, 0x07, 0x49, 0x09, 0xe7, + 0x1f, 0xdf, 0xe6, 0x26, 0xe5, 0x0f, 0xa9, 0xbf, + 0x2a, 0x5b, 0x67, 0x92, 0xa1, 0x10, 0x53, 0xb2, + 0x7a, 0x07, 0x29, 0x9d, 0xfd, 0x6d, 0xb6, 0x3b, + 0x45, 0xc1, 0x94, 0xcb, 0x1c, 0xc3, 0xce, 0xf6, + 0x8a, 0x1a, 0x81, 0x66, 0xb0, 0xa5, 0x14, 0xc7, + 0x9e, 0x1f, 0x6e, 0xb6, 0xff, 0x8b, 0x90, 0x87, + 0x3a, 0x3f, 0xa8, 0xc2, 0x2d, 0x8f, 0x6f, 0xdb, + 0xb4, 0xc4, 0x14, 0x3c, 0x1d, 0x12, 0x1d, 0x6d, + 0xcf, 0xa6, 0x04, 0x6a, 0xa8, 0x13, 0x5e, 0xf2, + 0x5e, 0x77, 0x80, 0x6b, 0x85, 0x83, 0xfe, 0xbb, + 0xeb, 0x70, 0xcb, 0x5f, 0xe4, 0x95, 0xaa, 0x0f, + 0x61, 0x36, 0x7c, 0xbb, 0x22, 0x1e, 0xba, 0x98, + 0x43, 0x52, 0x33, 0xae, 0xed, 0x5d, 0x10, 0x2c, + 0xb3, 0xa9, 0x31, 0x8e, 0x60, 0x54, 0xaf, 0x40, + 0x6d, 0x2e, 0x18, 0xc2, 0x6a, 0xf4, 0x7b, 0x9a, + 0x73, 0x0f, 0x58, 0x69, 0x23, 0xbb, 0xc4, 0x84, + 0x53, 0x30, 0xe2, 0xd6, 0x1e, 0x10, 0xc1, 0xec, + 0x82, 0x13, 0xab, 0x53, 0x86, 0xa2, 0xb9, 0xda, + 0xbb, 0x3a, 0xa2, 0xbe, 0xb0, 0x10, 0x99, 0x0e, + 0xe5, 0x9c, 0xc9, 0xf1, 0xce, 0x76, 0x46, 0xea, + 0x86, 0xaa, 0x36, 0x83, 0x99, 0x09, 0x9b, 0x30, + 0xd3, 0x26, 0xc7, 0xdf, 0x66, 0xc7, 0xf0, 0xdd, + 0x08, 0x09, 0x15, 0x15, 0x21, 0x49, 0x46, 0xd8, + 0x8a, 0x66, 0xca, 0x62, 0x9c, 0x79, 0x1d, 0x81, + 0xea, 0x5d, 0x82, 0xb0, 0xa6, 0x6b, 0x5c, 0xf5, + 0xb8, 0x8c, 0xf6, 0x16, 0x01, 0x2c, 0xf8, 0x27, + 0xf8, 0xcf, 0x88, 0xfe, 0xf3, 0xa4, 0xfc, 0x17, + 0x97, 0xe7, 0x07, 0x59, 0x06, 0xef, 0x30, 0x82, + 0x06, 0xeb, 0x30, 0x82, 0x04, 0xd3, 0xa0, 0x03, + 0x02, 0x01, 0x02, 0x02, 0x13, 0x33, 0x00, 0x00, + 0x02, 0x39, 0xf9, 0xbb, 0x6a, 0x1d, 0x49, 0x64, + 0x47, 0x7f, 0x00, 0x00, 0x00, 0x00, 0x02, 0x39, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, + 0x81, 0x8c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x13, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x52, + 0x65, 0x64, 0x6d, 0x6f, 0x6e, 0x64, 0x31, 0x1e, + 0x30, 0x1c, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, + 0x15, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, + 0x66, 0x74, 0x20, 0x43, 0x6f, 0x72, 0x70, 0x6f, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x31, 0x36, + 0x30, 0x34, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, + 0x2d, 0x4d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, + 0x66, 0x74, 0x20, 0x54, 0x50, 0x4d, 0x20, 0x52, + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x20, 0x32, 0x30, 0x31, 0x34, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x33, 0x32, 0x31, + 0x32, 0x30, 0x32, 0x39, 0x31, 0x35, 0x5a, 0x17, + 0x0d, 0x32, 0x35, 0x30, 0x33, 0x32, 0x31, 0x32, + 0x30, 0x32, 0x39, 0x31, 0x35, 0x5a, 0x30, 0x41, + 0x31, 0x3f, 0x30, 0x3d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x13, 0x36, 0x45, 0x55, 0x53, 0x2d, 0x53, + 0x54, 0x4d, 0x2d, 0x4b, 0x45, 0x59, 0x49, 0x44, + 0x2d, 0x31, 0x41, 0x44, 0x42, 0x39, 0x39, 0x34, + 0x41, 0x42, 0x35, 0x38, 0x42, 0x45, 0x35, 0x37, + 0x41, 0x30, 0x43, 0x43, 0x39, 0x42, 0x39, 0x30, + 0x30, 0x45, 0x37, 0x38, 0x35, 0x31, 0x45, 0x31, + 0x41, 0x34, 0x33, 0x43, 0x30, 0x38, 0x36, 0x36, + 0x30, 0x30, 0x82, 0x02, 0x22, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x02, 0x0f, + 0x00, 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, + 0x01, 0x00, 0xdb, 0xe2, 0x23, 0xf9, 0x86, 0x8f, + 0xa9, 0x71, 0x9f, 0x8b, 0xf9, 0x7c, 0xe9, 0x45, + 0x2d, 0x59, 0x56, 0x5e, 0x96, 0xf4, 0xdd, 0x9a, + 0x12, 0xcd, 0x90, 0x1a, 0x0c, 0xb5, 0x03, 0xbf, + 0x09, 0xbe, 0xbf, 0xf7, 0x55, 0x52, 0xe8, 0x39, + 0x4c, 0xbe, 0x2a, 0x28, 0x88, 0x78, 0x39, 0xa7, + 0xcb, 0xf9, 0x4c, 0x55, 0xd2, 0x31, 0x96, 0x3b, + 0x48, 0xa2, 0xf3, 0xf6, 0xd3, 0x1a, 0x81, 0x7f, + 0x90, 0x62, 0xab, 0xec, 0x5a, 0xc7, 0xa0, 0x7f, + 0x81, 0x32, 0x27, 0x9b, 0x29, 0x75, 0x7d, 0x1e, + 0x96, 0xc5, 0xfa, 0x0e, 0x7c, 0xe0, 0x60, 0x96, + 0x7a, 0xca, 0x94, 0xba, 0xe6, 0xb2, 0x69, 0xdd, + 0xc4, 0x7d, 0xbb, 0xd3, 0xc4, 0xb4, 0x6e, 0x00, + 0x86, 0x1f, 0x9d, 0x25, 0xe8, 0xae, 0xc7, 0x10, + 0x84, 0xdc, 0xc0, 0x34, 0x24, 0x6e, 0xf7, 0xfc, + 0xdd, 0x3d, 0x32, 0x7a, 0x43, 0x96, 0xd6, 0xc8, + 0x7b, 0xf4, 0x9b, 0x3d, 0xa7, 0x1e, 0xba, 0x4d, + 0xd0, 0x3b, 0x3d, 0x84, 0x9a, 0xd1, 0x25, 0x22, + 0x5d, 0x00, 0x44, 0xb0, 0x59, 0xb7, 0x40, 0xc5, + 0xa3, 0x53, 0x53, 0xaf, 0x8f, 0x9e, 0xfd, 0x8f, + 0x1e, 0x02, 0xd3, 0x4f, 0xf7, 0x09, 0xce, 0xc5, + 0xc6, 0x71, 0x5c, 0xe9, 0xe8, 0x7a, 0xb5, 0x6b, + 0xa4, 0xbf, 0x0b, 0xd9, 0xb6, 0xfa, 0x24, 0xb0, + 0xcd, 0x52, 0x22, 0x1d, 0x7e, 0xe8, 0x15, 0x2f, + 0x1e, 0x5e, 0xa2, 0xec, 0xd3, 0xa8, 0x02, 0x77, + 0xb9, 0x55, 0x9a, 0xcf, 0xcc, 0xd7, 0x08, 0x20, + 0xa5, 0xda, 0x39, 0x9a, 0x30, 0x76, 0x90, 0x37, + 0xa7, 0x60, 0xdf, 0x18, 0x12, 0x65, 0x17, 0xaa, + 0xdd, 0x48, 0xd5, 0x12, 0x1d, 0x4c, 0x83, 0x5d, + 0x81, 0x07, 0x1d, 0x18, 0x81, 0x40, 0x55, 0x60, + 0x8f, 0xa3, 0x6b, 0x34, 0x1e, 0xd5, 0xe6, 0xcf, + 0x52, 0x73, 0x77, 0x4a, 0x50, 0x4f, 0x1b, 0x0f, + 0x39, 0xc3, 0x0d, 0x16, 0xf9, 0xbb, 0x4c, 0x77, + 0xf6, 0x4e, 0xac, 0x9c, 0xfe, 0xe8, 0xbb, 0x52, + 0xa5, 0x0a, 0x0e, 0x9b, 0xf0, 0x0d, 0xef, 0xfb, + 0x6f, 0x89, 0x34, 0x7d, 0x47, 0xec, 0x14, 0x6a, + 0xf4, 0x0a, 0xe1, 0x60, 0x44, 0x73, 0x7b, 0xa0, + 0xab, 0x5b, 0x8c, 0x43, 0xa6, 0x05, 0x42, 0x61, + 0x46, 0xaa, 0x1c, 0xf5, 0xec, 0x2c, 0x86, 0x85, + 0x21, 0x99, 0xdf, 0x45, 0x8e, 0xf4, 0xd1, 0x1e, + 0xfb, 0xcd, 0x9b, 0x94, 0x32, 0xe0, 0xa0, 0xcc, + 0x4f, 0xad, 0xae, 0x44, 0x8b, 0x86, 0x27, 0x91, + 0xfe, 0x60, 0x9f, 0xf2, 0x63, 0x30, 0x6c, 0x5d, + 0x8d, 0xbc, 0xab, 0xd4, 0xf5, 0xa2, 0xb2, 0x74, + 0xe8, 0xd4, 0x95, 0xf2, 0xd6, 0x03, 0x8b, 0xc9, + 0xa3, 0x52, 0xe7, 0x63, 0x05, 0x64, 0x50, 0xe5, + 0x0a, 0x6a, 0xa0, 0x6c, 0x50, 0xcd, 0x37, 0x98, + 0xa8, 0x87, 0x02, 0x38, 0x5b, 0x6c, 0x02, 0x69, + 0x3d, 0x1f, 0x95, 0x74, 0x4d, 0x46, 0x76, 0x2a, + 0x9d, 0x62, 0xd4, 0xc7, 0x1b, 0xf9, 0x31, 0xa6, + 0x51, 0xee, 0x7b, 0xc8, 0xe4, 0x6e, 0x3a, 0xcf, + 0x4f, 0x4f, 0x49, 0x8a, 0xf5, 0x4f, 0x25, 0x93, + 0x23, 0x02, 0xef, 0x79, 0xa6, 0x27, 0xbe, 0x5a, + 0xe7, 0x74, 0xb7, 0xd7, 0xa8, 0xc1, 0xae, 0x55, + 0x88, 0xa4, 0xc7, 0x4d, 0xb7, 0x62, 0xf0, 0xf9, + 0x5b, 0xbf, 0x47, 0x5b, 0xfe, 0xcc, 0x0b, 0x89, + 0x19, 0x65, 0x4b, 0x6f, 0xdf, 0x4f, 0x7d, 0x4d, + 0x96, 0x42, 0x0d, 0x2a, 0xa1, 0xbd, 0x3e, 0x70, + 0x92, 0xba, 0xc8, 0x59, 0xd5, 0x1d, 0x3a, 0x98, + 0x53, 0x75, 0xa6, 0x32, 0xc8, 0x72, 0x03, 0x46, + 0x5f, 0x5c, 0x13, 0xa4, 0xdb, 0xc7, 0x55, 0x35, + 0x22, 0x0d, 0xc6, 0x17, 0x85, 0xbd, 0x46, 0x4b, + 0xfa, 0x1e, 0x49, 0xc2, 0xfe, 0x1e, 0xf9, 0x62, + 0x89, 0x56, 0x84, 0xdf, 0xa0, 0xfb, 0xfd, 0x93, + 0xa4, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, + 0x82, 0x01, 0x8e, 0x30, 0x82, 0x01, 0x8a, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, + 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, + 0x1b, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x14, + 0x30, 0x12, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x82, 0x37, 0x15, 0x24, 0x06, 0x05, 0x67, + 0x81, 0x05, 0x08, 0x03, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x1d, 0x20, 0x04, 0x0f, 0x30, 0x0d, 0x30, + 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, 0x01, + 0x82, 0x37, 0x15, 0x1f, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, + 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0xb8, 0x5f, 0xd5, 0x67, 0xca, + 0x92, 0xc4, 0x0e, 0xcf, 0x0c, 0xd8, 0x1f, 0x6d, + 0x3f, 0x03, 0x55, 0x6f, 0x38, 0xa6, 0x51, 0x30, + 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x7a, 0x8c, 0x0a, 0xce, + 0x2f, 0x48, 0x62, 0x17, 0xe2, 0x94, 0xd1, 0xae, + 0x55, 0xc1, 0x52, 0xec, 0x71, 0x74, 0xa4, 0x56, + 0x30, 0x70, 0x06, 0x03, 0x55, 0x1d, 0x1f, 0x04, + 0x69, 0x30, 0x67, 0x30, 0x65, 0xa0, 0x63, 0xa0, + 0x61, 0x86, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x3a, + 0x2f, 0x2f, 0x77, 0x77, 0x77, 0x2e, 0x6d, 0x69, + 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x2e, + 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6b, 0x69, 0x6f, + 0x70, 0x73, 0x2f, 0x63, 0x72, 0x6c, 0x2f, 0x4d, + 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, + 0x25, 0x32, 0x30, 0x54, 0x50, 0x4d, 0x25, 0x32, + 0x30, 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32, 0x30, + 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x25, 0x32, 0x30, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x25, + 0x32, 0x30, 0x32, 0x30, 0x31, 0x34, 0x2e, 0x63, + 0x72, 0x6c, 0x30, 0x7d, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x71, + 0x30, 0x6f, 0x30, 0x6d, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x30, 0x02, 0x86, 0x61, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x77, + 0x77, 0x77, 0x2e, 0x6d, 0x69, 0x63, 0x72, 0x6f, + 0x73, 0x6f, 0x66, 0x74, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x70, 0x6b, 0x69, 0x6f, 0x70, 0x73, 0x2f, + 0x63, 0x65, 0x72, 0x74, 0x73, 0x2f, 0x4d, 0x69, + 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66, 0x74, 0x25, + 0x32, 0x30, 0x54, 0x50, 0x4d, 0x25, 0x32, 0x30, + 0x52, 0x6f, 0x6f, 0x74, 0x25, 0x32, 0x30, 0x43, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x25, 0x32, 0x30, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x25, 0x32, + 0x30, 0x32, 0x30, 0x31, 0x34, 0x2e, 0x63, 0x72, + 0x74, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x02, 0x01, 0x00, 0x41, 0xaa, 0xfe, + 0x28, 0x6c, 0xf7, 0x6b, 0x53, 0xde, 0x77, 0xc0, + 0x80, 0x50, 0x94, 0xd9, 0xdb, 0x46, 0x8e, 0x6a, + 0x93, 0xa9, 0x10, 0x37, 0x27, 0x1f, 0xf5, 0x70, + 0xf1, 0xa8, 0xcf, 0xa1, 0x45, 0x86, 0x2a, 0xdd, + 0x8f, 0xb8, 0xb5, 0xc1, 0xe6, 0xcf, 0x8a, 0xfa, + 0x32, 0xa1, 0x4b, 0xb7, 0xa4, 0xbf, 0x0a, 0x48, + 0xcb, 0x42, 0x63, 0x71, 0xc1, 0x96, 0xb9, 0x3a, + 0x37, 0x84, 0x0e, 0x24, 0x39, 0xeb, 0x58, 0xce, + 0x3d, 0xb7, 0xa9, 0x44, 0x92, 0x59, 0xb9, 0xff, + 0xdb, 0x18, 0xbe, 0x6a, 0x5e, 0xe7, 0xce, 0xef, + 0xb8, 0x40, 0x53, 0xaf, 0xc1, 0x9b, 0xfb, 0x42, + 0x99, 0x7e, 0x9d, 0x05, 0x2b, 0x71, 0x0a, 0x7a, + 0x7a, 0x44, 0xd1, 0x31, 0xca, 0xf0, 0x5f, 0x74, + 0x85, 0xa9, 0xe2, 0xbc, 0xc8, 0x0c, 0xad, 0x57, + 0xd1, 0xe9, 0x48, 0x90, 0x88, 0x57, 0x86, 0xd7, + 0xc5, 0xc9, 0xe6, 0xb2, 0x5e, 0x5f, 0x13, 0xdc, + 0x10, 0x7f, 0xdf, 0x63, 0x8a, 0xd5, 0x9e, 0x90, + 0xc2, 0x75, 0x53, 0x1e, 0x68, 0x17, 0x2b, 0x03, + 0x29, 0x15, 0x03, 0xc5, 0x8c, 0x66, 0x3e, 0xae, + 0xbd, 0x4a, 0x32, 0x7e, 0x59, 0x89, 0x0b, 0x84, + 0xc2, 0xd9, 0x90, 0xfa, 0x02, 0x22, 0x90, 0x8d, + 0x9c, 0xb6, 0x0c, 0x4d, 0xe1, 0x28, 0x76, 0xd7, + 0x82, 0xc3, 0x36, 0xc2, 0xa3, 0x2a, 0x52, 0xe5, + 0xfe, 0x3c, 0x8f, 0xe3, 0x4b, 0xda, 0x6a, 0xdb, + 0xc0, 0x7a, 0x3c, 0x57, 0xfa, 0x85, 0x8f, 0xfb, + 0x62, 0xc3, 0xa1, 0x38, 0xce, 0x84, 0xf2, 0xba, + 0x12, 0xf4, 0x30, 0x2a, 0x4a, 0x94, 0xa9, 0x35, + 0x2c, 0x7d, 0x11, 0xc7, 0x68, 0x1f, 0x47, 0xaa, + 0x57, 0x43, 0x06, 0x70, 0x79, 0x8c, 0xb6, 0x3b, + 0x5d, 0x57, 0xf3, 0xf3, 0xc0, 0x2c, 0xc5, 0xde, + 0x41, 0x99, 0xf6, 0xdd, 0x55, 0x8a, 0xe4, 0x13, + 0xca, 0xc9, 0xec, 0x69, 0x93, 0x13, 0x48, 0xf0, + 0x5f, 0xda, 0x2e, 0xfd, 0xfb, 0xa9, 0x1b, 0x92, + 0xde, 0x49, 0x71, 0x37, 0x8c, 0x3f, 0xc2, 0x08, + 0x0a, 0x83, 0x25, 0xf1, 0x6e, 0x0a, 0xe3, 0x55, + 0x85, 0x96, 0x9a, 0x2d, 0xa2, 0xc0, 0xa1, 0xee, + 0xfe, 0x23, 0x3b, 0x69, 0x22, 0x03, 0xfd, 0xcc, + 0x8a, 0xdd, 0xb4, 0x53, 0x8d, 0x84, 0xa6, 0xac, + 0xe0, 0x1e, 0x07, 0xe5, 0xd7, 0xf9, 0xcb, 0xb9, + 0xe3, 0x9a, 0xb7, 0x84, 0x70, 0xa1, 0x93, 0xd6, + 0x02, 0x1e, 0xfe, 0xdb, 0x28, 0x7c, 0xf7, 0xd4, + 0x62, 0x6f, 0x80, 0x75, 0xc8, 0xd8, 0x35, 0x26, + 0x0c, 0xcb, 0x84, 0xed, 0xbb, 0x95, 0xdf, 0x7f, + 0xd5, 0xbb, 0x00, 0x96, 0x97, 0x32, 0xe7, 0xba, + 0xe8, 0x29, 0xb5, 0x1a, 0x51, 0x81, 0xbb, 0x04, + 0xd1, 0x21, 0x76, 0x34, 0x6d, 0x1e, 0x93, 0x96, + 0x1f, 0x96, 0x53, 0x5f, 0x5c, 0x9e, 0xf3, 0x9d, + 0x82, 0x1c, 0x39, 0x36, 0x59, 0xae, 0xc9, 0x3c, + 0x53, 0x4a, 0x67, 0x65, 0x6e, 0xbf, 0xa6, 0xac, + 0x3e, 0xda, 0xb2, 0xa7, 0x63, 0x07, 0x17, 0xe1, + 0x5b, 0xda, 0x6a, 0x31, 0x9f, 0xfb, 0xb4, 0xea, + 0xa1, 0x97, 0x08, 0x6e, 0xb2, 0x68, 0xf3, 0x72, + 0x76, 0x99, 0xe8, 0x00, 0x46, 0x88, 0x26, 0xe1, + 0x3c, 0x07, 0x2b, 0x78, 0x49, 0xda, 0x79, 0x3a, + 0xbd, 0x6f, 0xca, 0x5c, 0xa0, 0xa8, 0xed, 0x34, + 0xcc, 0xdb, 0x13, 0xe2, 0x51, 0x9b, 0x3d, 0x03, + 0xac, 0xc7, 0xf6, 0x32, 0xe1, 0x11, 0x5d, 0xe1, + 0xc5, 0xfd, 0x9e, 0x7a, 0xcd, 0x06, 0xb9, 0xe6, + 0xfc, 0xe0, 0x03, 0x31, 0xf4, 0x4a, 0xa9, 0x3b, + 0x79, 0x01, 0xb0, 0x64, 0x68, 0x9f, 0x6e, 0x76, + 0xa1, 0xcc, 0xec, 0x17, 0x41, 0x9d, 0xd4, 0x5b, + 0x4e, 0x9d, 0xe5, 0x46, 0xd4, 0x6b, 0x60, 0x2a, + 0x23, 0xb5, 0x7a, 0x89, 0x7c, 0x27, 0x96, 0x65, + 0x97, 0x56, 0xec, 0x98, 0xe3, 0x67, 0x70, 0x75, + 0x62, 0x41, 0x72, 0x65, 0x61, 0x59, 0x01, 0x36, + 0x00, 0x01, 0x00, 0x0b, 0x00, 0x06, 0x04, 0x72, + 0x00, 0x20, 0x9d, 0xff, 0xcb, 0xf3, 0x6c, 0x38, + 0x3a, 0xe6, 0x99, 0xfb, 0x98, 0x68, 0xdc, 0x6d, + 0xcb, 0x89, 0xd7, 0x15, 0x38, 0x84, 0xbe, 0x28, + 0x03, 0x92, 0x2c, 0x12, 0x41, 0x58, 0xbf, 0xad, + 0x22, 0xae, 0x00, 0x10, 0x00, 0x10, 0x08, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xc5, 0xb6, + 0x9c, 0x06, 0x1d, 0xcf, 0xb9, 0xf2, 0x5e, 0x99, + 0x7d, 0x6d, 0x73, 0xd8, 0x36, 0xc1, 0x4a, 0x90, + 0x05, 0x4d, 0x82, 0x57, 0xc1, 0xb6, 0x6a, 0xd1, + 0x43, 0x03, 0x85, 0xf8, 0x52, 0x4f, 0xd2, 0x27, + 0x91, 0x0b, 0xb5, 0x93, 0xa0, 0x68, 0xf8, 0x80, + 0x1b, 0xaa, 0x65, 0x97, 0x45, 0x11, 0x86, 0x34, + 0xd6, 0x67, 0xf8, 0xd5, 0x12, 0x79, 0x84, 0xee, + 0x70, 0x99, 0x00, 0x63, 0xa8, 0xb4, 0x43, 0x0b, + 0x4c, 0x57, 0x4a, 0xd6, 0x9b, 0x75, 0x63, 0x8a, + 0x46, 0x57, 0xdb, 0x14, 0xc8, 0x71, 0xd1, 0xb3, + 0x07, 0x68, 0x58, 0xbc, 0x55, 0x84, 0x80, 0x2a, + 0xd2, 0x36, 0x9f, 0xc1, 0x64, 0xa0, 0x11, 0x4b, + 0xc9, 0x32, 0x31, 0x3a, 0xd6, 0x87, 0x26, 0x1a, + 0x3a, 0x78, 0x3d, 0x89, 0xdb, 0x00, 0x28, 0x3b, + 0xae, 0x2b, 0x1b, 0x56, 0xe2, 0x8c, 0x4c, 0x63, + 0xac, 0x6e, 0x6c, 0xf7, 0xb5, 0x7d, 0x4d, 0x0b, + 0x9f, 0x06, 0xa0, 0x10, 0x35, 0x38, 0x20, 0x4d, + 0xcc, 0x07, 0xd7, 0x00, 0x4e, 0x86, 0xba, 0xfe, + 0x8b, 0xe4, 0x3f, 0x4a, 0xd6, 0xca, 0xbf, 0x67, + 0x40, 0x1a, 0xa4, 0xda, 0x82, 0x52, 0x15, 0xb8, + 0x14, 0x3a, 0x7c, 0xa9, 0x02, 0xc1, 0x01, 0x69, + 0xc6, 0x51, 0xd4, 0xbc, 0x1f, 0x95, 0xb2, 0xee, + 0x1f, 0xdd, 0xb5, 0x73, 0x16, 0x5e, 0x29, 0x3f, + 0x47, 0xac, 0x65, 0xfb, 0x63, 0x5c, 0xb9, 0xc8, + 0x13, 0x2d, 0xec, 0x85, 0xde, 0x71, 0x0d, 0x84, + 0x93, 0x74, 0x76, 0x91, 0xdd, 0x1d, 0x6d, 0x3d, + 0xc7, 0x36, 0x19, 0x19, 0x86, 0xde, 0x7c, 0xca, + 0xd6, 0xc6, 0x65, 0x7e, 0x4b, 0x24, 0x9c, 0xce, + 0x92, 0x6b, 0x1c, 0xe0, 0xa0, 0xa9, 0x6c, 0xc3, + 0xed, 0x4f, 0x2a, 0x54, 0x07, 0x00, 0x32, 0x5e, + 0x1b, 0x94, 0x37, 0xcd, 0xe2, 0x32, 0xa8, 0xd5, + 0x2c, 0xfb, 0x03, 0x9d, 0x79, 0xdf, 0x68, 0x63, + 0x65, 0x72, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x58, + 0xa1, 0xff, 0x54, 0x43, 0x47, 0x80, 0x17, 0x00, + 0x22, 0x00, 0x0b, 0xdb, 0x1f, 0x74, 0x21, 0x4f, + 0xa9, 0x0d, 0x90, 0x64, 0xa2, 0x33, 0xbe, 0x3f, + 0xf1, 0x95, 0xb0, 0x4e, 0x3f, 0x02, 0xdc, 0xad, + 0xb0, 0x05, 0x13, 0xe6, 0x32, 0x5f, 0xed, 0x90, + 0x2c, 0xad, 0xc0, 0x00, 0x14, 0x58, 0x52, 0x07, + 0x5d, 0x64, 0x6c, 0x1f, 0xd1, 0x13, 0x7f, 0xc3, + 0x74, 0xf6, 0x4b, 0xe3, 0xa0, 0x2e, 0xb7, 0x71, + 0xda, 0x00, 0x00, 0x00, 0x00, 0x29, 0x3c, 0x64, + 0xdf, 0x95, 0x38, 0xba, 0x73, 0xe3, 0x57, 0x61, + 0xa0, 0x01, 0x24, 0x01, 0x08, 0xc9, 0xd6, 0xea, + 0x60, 0xe4, 0x00, 0x22, 0x00, 0x0b, 0xe1, 0x86, + 0xbb, 0x79, 0x27, 0xe5, 0x01, 0x19, 0x90, 0xb3, + 0xe9, 0x08, 0xb0, 0xee, 0xfa, 0x3a, 0x67, 0xa9, + 0xf3, 0xc8, 0x9e, 0x03, 0x41, 0x07, 0x75, 0x60, + 0xbc, 0x94, 0x0c, 0x2a, 0xb7, 0xad, 0x00, 0x22, + 0x00, 0x0b, 0x35, 0xb1, 0x72, 0xd6, 0x3c, 0xe9, + 0x85, 0xe8, 0x66, 0xed, 0x10, 0x7a, 0x5c, 0xa3, + 0xe6, 0xd9, 0x4d, 0xf0, 0x52, 0x69, 0x26, 0x14, + 0xb4, 0x36, 0x7e, 0xad, 0x76, 0x9e, 0x58, 0x68, + 0x3e, 0x91 +}; + /* * Security Key By Yubico * 5.1.X * f8a011f3-8c0a-4d15-8006-17111f9edc7d -*/ + */ const unsigned char aaguid[16] = { 0xf8, 0xa0, 0x11, 0xf3, 0x8c, 0x0a, 0x4d, 0x15, 0x80, 0x06, 0x17, 0x11, 0x1f, 0x9e, 0xdc, 0x7d, }; +/* + * Windows Hello by Microsoft + */ +const unsigned char aaguid_tpm[16] = { + 0x08, 0x98, 0x70, 0x58, 0xca, 0xdc, 0x4b, 0x81, + 0xb6, 0xe1, 0x30, 0xde, 0x50, 0xdc, 0xbe, 0x96, +}; + const char rp_id[] = "localhost"; const char rp_name[] = "sweet home localhost"; @@ -606,7 +1214,7 @@ junk_cdh(void) junk = malloc(sizeof(cdh)); assert(junk != NULL); memcpy(junk, cdh, sizeof(cdh)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; c = alloc_cred(); assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); @@ -708,7 +1316,7 @@ junk_authdata(void) junk = malloc(sizeof(authdata)); assert(junk != NULL); memcpy(junk, authdata, sizeof(authdata)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; unset = calloc(1, sizeof(aaguid)); assert(unset != NULL); @@ -749,7 +1357,7 @@ junk_sig(void) junk = malloc(sizeof(sig)); assert(junk != NULL); memcpy(junk, sig, sizeof(sig)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; c = alloc_cred(); assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); @@ -781,7 +1389,7 @@ junk_x509(void) junk = malloc(sizeof(x509)); assert(junk != NULL); memcpy(junk, x509, sizeof(x509)); - junk[0] = ~junk[0]; + junk[0] = (unsigned char)~junk[0]; c = alloc_cred(); assert(fido_cred_set_type(c, COSE_ES256) == FIDO_OK); @@ -954,6 +1562,31 @@ fmt_none(void) free_cred(c); } +static void +valid_tpm_cred(void) +{ + fido_cred_t *c; + + c = alloc_cred(); + assert(fido_cred_set_type(c, COSE_RS256) == FIDO_OK); + assert(fido_cred_set_clientdata(c, cdh, sizeof(cdh)) == FIDO_OK); + assert(fido_cred_set_rp(c, rp_id, rp_name) == FIDO_OK); + assert(fido_cred_set_authdata(c, authdata_tpm, sizeof(authdata_tpm)) == FIDO_OK); + assert(fido_cred_set_rk(c, FIDO_OPT_FALSE) == FIDO_OK); + assert(fido_cred_set_uv(c, FIDO_OPT_TRUE) == FIDO_OK); + assert(fido_cred_set_fmt(c, "tpm") == FIDO_OK); + assert(fido_cred_set_attstmt(c, attstmt_tpm, sizeof(attstmt_tpm)) == FIDO_OK); + assert(fido_cred_verify(c) == FIDO_OK); + assert(fido_cred_prot(c) == 0); + assert(fido_cred_pubkey_len(c) == sizeof(pubkey_tpm)); + assert(memcmp(fido_cred_pubkey_ptr(c), pubkey_tpm, sizeof(pubkey_tpm)) == 0); + assert(fido_cred_id_len(c) == sizeof(id_tpm)); + assert(memcmp(fido_cred_id_ptr(c), id_tpm, sizeof(id_tpm)) == 0); + assert(fido_cred_aaguid_len(c) == sizeof(aaguid_tpm)); + assert(memcmp(fido_cred_aaguid_ptr(c), aaguid_tpm, sizeof(aaguid_tpm)) == 0); + free_cred(c); +} + int main(void) { @@ -983,6 +1616,7 @@ main(void) wrong_credprot(); raw_authdata(); fmt_none(); + valid_tpm_cred(); exit(0); } diff --git a/regress/dev.c b/regress/dev.c index 35061aabbb64..a5dc8d6e4529 100644 --- a/regress/dev.c +++ b/regress/dev.c @@ -1,12 +1,14 @@ /* - * Copyright (c) 2019 Yubico AB. All rights reserved. + * Copyright (c) 2019-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ #include +#include #include #include +#include #include "../fuzz/wiredata_fido2.h" @@ -17,6 +19,7 @@ static uint8_t ctap_nonce[8]; static uint8_t *wiredata_ptr; static size_t wiredata_len; static int initialised; +static long interval_ms; static void * dummy_open(const char *path) @@ -35,9 +38,9 @@ dummy_close(void *handle) static int dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) { - size_t n; - - (void)ms; + struct timespec tv; + size_t n; + long d; assert(handle == FAKE_DEV_HANDLE); assert(ptr != NULL); @@ -52,6 +55,21 @@ dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) initialised = 1; } + if (ms >= 0 && ms < interval_ms) + d = ms; + else + d = interval_ms; + + if (d) { + tv.tv_sec = d / 1000; + tv.tv_nsec = (d % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + + if (d != interval_ms) + return (-1); /* timeout */ + if (wiredata_len < len) n = wiredata_len; else @@ -67,6 +85,8 @@ dummy_read(void *handle, unsigned char *ptr, size_t len, int ms) static int dummy_write(void *handle, const unsigned char *ptr, size_t len) { + struct timespec tv; + assert(handle == FAKE_DEV_HANDLE); assert(ptr != NULL); assert(len == REPORT_LEN); @@ -74,6 +94,13 @@ dummy_write(void *handle, const unsigned char *ptr, size_t len) if (!initialised) memcpy(&ctap_nonce, &ptr[8], sizeof(ctap_nonce)); + if (interval_ms) { + tv.tv_sec = interval_ms / 1000; + tv.tv_nsec = (interval_ms % 1000) * 1000000; + if (nanosleep(&tv, NULL) == -1) + err(1, "nanosleep"); + } + return ((int)len); } @@ -153,6 +180,7 @@ reopen(void) wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); wiredata_clear(&wiredata); } @@ -177,6 +205,34 @@ double_open(void) assert(fido_dev_open(dev, "dummy") == FIDO_OK); assert(fido_dev_open(dev, "dummy") == FIDO_ERR_INVALID_ARGUMENT); assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); + wiredata_clear(&wiredata); +} + +static void +double_close(void) +{ + const uint8_t cbor_info_data[] = { WIREDATA_CTAP_CBOR_INFO }; + uint8_t *wiredata; + fido_dev_t *dev = NULL; + fido_dev_io_t io; + + memset(&io, 0, sizeof(io)); + + io.open = dummy_open; + io.close = dummy_close; + io.read = dummy_read; + io.write = dummy_write; + + wiredata = wiredata_setup(cbor_info_data, sizeof(cbor_info_data)); + assert((dev = fido_dev_new()) != NULL); + assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + assert(fido_dev_close(dev) == FIDO_OK); + assert(fido_dev_close(dev) == FIDO_ERR_INVALID_ARGUMENT); + fido_dev_free(&dev); wiredata_clear(&wiredata); } @@ -215,6 +271,7 @@ is_fido2(void) assert(fido_dev_is_fido2(dev) == true); assert(fido_dev_supports_pin(dev) == false); assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); wiredata_clear(&wiredata); } @@ -248,9 +305,94 @@ has_pin(void) assert(fido_dev_reset(dev) == FIDO_OK); assert(fido_dev_has_pin(dev) == false); assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); wiredata_clear(&wiredata); } +static void +timeout_rx(void) +{ + const uint8_t timeout_rx_data[] = { + WIREDATA_CTAP_CBOR_INFO, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_CBOR_STATUS + }; + uint8_t *wiredata; + fido_dev_t *dev = NULL; + fido_dev_io_t io; + + memset(&io, 0, sizeof(io)); + + io.open = dummy_open; + io.close = dummy_close; + io.read = dummy_read; + io.write = dummy_write; + + wiredata = wiredata_setup(timeout_rx_data, sizeof(timeout_rx_data)); + assert((dev = fido_dev_new()) != NULL); + assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + assert(fido_dev_set_timeout(dev, 3 * 1000) == FIDO_OK); + interval_ms = 1000; + assert(fido_dev_reset(dev) == FIDO_ERR_RX); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); + wiredata_clear(&wiredata); + interval_ms = 0; +} + +static void +timeout_ok(void) +{ + const uint8_t timeout_ok_data[] = { + WIREDATA_CTAP_CBOR_INFO, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_KEEPALIVE, + WIREDATA_CTAP_CBOR_STATUS + }; + uint8_t *wiredata; + fido_dev_t *dev = NULL; + fido_dev_io_t io; + + memset(&io, 0, sizeof(io)); + + io.open = dummy_open; + io.close = dummy_close; + io.read = dummy_read; + io.write = dummy_write; + + wiredata = wiredata_setup(timeout_ok_data, sizeof(timeout_ok_data)); + assert((dev = fido_dev_new()) != NULL); + assert(fido_dev_set_io_functions(dev, &io) == FIDO_OK); + assert(fido_dev_open(dev, "dummy") == FIDO_OK); + assert(fido_dev_set_timeout(dev, 30 * 1000) == FIDO_OK); + interval_ms = 1000; + assert(fido_dev_reset(dev) == FIDO_OK); + assert(fido_dev_close(dev) == FIDO_OK); + fido_dev_free(&dev); + wiredata_clear(&wiredata); + interval_ms = 0; +} + +static void +timeout_misc(void) +{ + fido_dev_t *dev; + + assert((dev = fido_dev_new()) != NULL); + assert(fido_dev_set_timeout(dev, -2) == FIDO_ERR_INVALID_ARGUMENT); + assert(fido_dev_set_timeout(dev, 3 * 1000) == FIDO_OK); + assert(fido_dev_set_timeout(dev, -1) == FIDO_OK); + fido_dev_free(&dev); +} + int main(void) { @@ -259,8 +401,12 @@ main(void) open_iff_ok(); reopen(); double_open(); + double_close(); is_fido2(); has_pin(); + timeout_rx(); + timeout_ok(); + timeout_misc(); exit(0); } diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f9efd3f234ed..bd14a62f0c99 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2018 Yubico AB. All rights reserved. +# Copyright (c) 2018-2021 Yubico AB. All rights reserved. # Use of this source code is governed by a BSD-style # license that can be found in the LICENSE file. @@ -30,11 +30,16 @@ list(APPEND FIDO_SOURCES pin.c random.c reset.c + rs1.c rs256.c + time.c + tpm.c + types.c u2f.c ) if(FUZZ) + list(APPEND FIDO_SOURCES ../fuzz/clock.c) list(APPEND FIDO_SOURCES ../fuzz/prng.c) list(APPEND FIDO_SOURCES ../fuzz/uniform_random.c) list(APPEND FIDO_SOURCES ../fuzz/udev.c) @@ -62,7 +67,8 @@ elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD") list(APPEND FIDO_SOURCES hid_netbsd.c hid_unix.c) elseif(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") list(APPEND FIDO_SOURCES hid_openbsd.c hid_unix.c) -elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") +elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD") list(APPEND FIDO_SOURCES hid_freebsd.c hid_unix.c) else() message(FATAL_ERROR "please define a hid backend for your platform") @@ -75,11 +81,11 @@ endif() list(APPEND COMPAT_SOURCES ../openbsd-compat/bsd-getpagesize.c + ../openbsd-compat/clock_gettime.c ../openbsd-compat/endian_win32.c ../openbsd-compat/explicit_bzero.c ../openbsd-compat/explicit_bzero_win32.c ../openbsd-compat/freezero.c - ../openbsd-compat/hkdf.c ../openbsd-compat/recallocarray.c ../openbsd-compat/strlcat.c ../openbsd-compat/timingsafe_bcmp.c @@ -87,9 +93,6 @@ list(APPEND COMPAT_SOURCES if(WIN32) list(APPEND BASE_LIBRARIES wsock32 ws2_32 bcrypt setupapi hid) - if(USE_WINHELLO) - list(APPEND BASE_LIBRARIES webauthn) - endif() elseif(APPLE) list(APPEND BASE_LIBRARIES "-framework CoreFoundation" "-framework IOKit") endif() diff --git a/src/assert.c b/src/assert.c index b36f8e324660..949af919d25e 100644 --- a/src/assert.c +++ b/src/assert.c @@ -4,7 +4,6 @@ * license that can be found in the LICENSE file. */ -#include #include #include "fido.h" @@ -79,7 +78,7 @@ parse_assert_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg) static int fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert, - const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin) + const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, int *ms) { fido_blob_t f; fido_opt_t uv = assert->uv; @@ -127,7 +126,7 @@ fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert, if (pin != NULL || (uv == FIDO_OPT_TRUE && fido_dev_supports_permissions(dev))) { if ((r = cbor_add_uv_params(dev, cmd, &assert->cdh, pk, ecdh, - pin, assert->rp_id, &argv[5], &argv[6])) != FIDO_OK) { + pin, assert->rp_id, &argv[5], &argv[6], ms)) != FIDO_OK) { fido_log_debug("%s: cbor_add_uv_params", __func__); goto fail; } @@ -144,7 +143,7 @@ fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert, /* frame and transmit */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -159,7 +158,7 @@ fido_dev_get_assert_tx(fido_dev_t *dev, fido_assert_t *assert, } static int -fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms) +fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -200,11 +199,11 @@ fido_dev_get_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms) } static int -fido_get_next_assert_tx(fido_dev_t *dev) +fido_get_next_assert_tx(fido_dev_t *dev, int *ms) { const unsigned char cbor[] = { CTAP_CBOR_NEXT_ASSERT }; - if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor)) < 0) { + if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); return (FIDO_ERR_TX); } @@ -213,7 +212,7 @@ fido_get_next_assert_tx(fido_dev_t *dev) } static int -fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms) +fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -243,16 +242,17 @@ fido_get_next_assert_rx(fido_dev_t *dev, fido_assert_t *assert, int ms) static int fido_dev_get_assert_wait(fido_dev_t *dev, fido_assert_t *assert, - const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, int ms) + const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, int *ms) { int r; - if ((r = fido_dev_get_assert_tx(dev, assert, pk, ecdh, pin)) != FIDO_OK || + if ((r = fido_dev_get_assert_tx(dev, assert, pk, ecdh, pin, + ms)) != FIDO_OK || (r = fido_dev_get_assert_rx(dev, assert, ms)) != FIDO_OK) return (r); while (assert->stmt_len < assert->stmt_cnt) { - if ((r = fido_get_next_assert_tx(dev)) != FIDO_OK || + if ((r = fido_get_next_assert_tx(dev, ms)) != FIDO_OK || (r = fido_get_next_assert_rx(dev, assert, ms)) != FIDO_OK) return (r); assert->stmt_len++; @@ -286,11 +286,12 @@ fido_dev_get_assert(fido_dev_t *dev, fido_assert_t *assert, const char *pin) { fido_blob_t *ecdh = NULL; es256_pk_t *pk = NULL; + int ms = dev->timeout_ms; int r; #ifdef USE_WINHELLO if (dev->flags & FIDO_DEV_WINHELLO) - return (fido_winhello_get_assert(dev, assert, pin)); + return (fido_winhello_get_assert(dev, assert, pin, ms)); #endif if (assert->rp_id == NULL || assert->cdh.ptr == NULL) { @@ -302,19 +303,19 @@ fido_dev_get_assert(fido_dev_t *dev, fido_assert_t *assert, const char *pin) if (fido_dev_is_fido2(dev) == false) { if (pin != NULL || assert->ext.mask != 0) return (FIDO_ERR_UNSUPPORTED_OPTION); - return (u2f_authenticate(dev, assert, -1)); + return (u2f_authenticate(dev, assert, &ms)); } if (pin != NULL || (assert->uv == FIDO_OPT_TRUE && fido_dev_supports_permissions(dev)) || (assert->ext.mask & FIDO_EXT_HMAC_SECRET)) { - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, &ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } } - r = fido_dev_get_assert_wait(dev, assert, pk, ecdh, pin, -1); + r = fido_dev_get_assert_wait(dev, assert, pk, ecdh, pin, &ms); if (r == FIDO_OK && (assert->ext.mask & FIDO_EXT_HMAC_SECRET)) if (decrypt_hmac_secrets(dev, assert, ecdh) < 0) { fido_log_debug("%s: decrypt_hmac_secrets", __func__); @@ -372,7 +373,8 @@ fido_get_signed_hash(int cose_alg, fido_blob_t *dgst, unsigned char *authdata_ptr = NULL; size_t authdata_len; struct cbor_load_result cbor; - SHA256_CTX ctx; + const EVP_MD *md = NULL; + EVP_MD_CTX *ctx = NULL; int ok = -1; if ((item = cbor_load(authdata_cbor->ptr, authdata_cbor->len, @@ -386,10 +388,13 @@ fido_get_signed_hash(int cose_alg, fido_blob_t *dgst, authdata_len = cbor_bytestring_length(item); if (cose_alg != COSE_EDDSA) { - if (dgst->len < SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 || - SHA256_Update(&ctx, authdata_ptr, authdata_len) == 0 || - SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 || - SHA256_Final(dgst->ptr, &ctx) == 0) { + if (dgst->len < SHA256_DIGEST_LENGTH || + (md = EVP_sha256()) == NULL || + (ctx = EVP_MD_CTX_new()) == NULL || + EVP_DigestInit_ex(ctx, md, NULL) != 1 || + EVP_DigestUpdate(ctx, authdata_ptr, authdata_len) != 1 || + EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 || + EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) { fido_log_debug("%s: sha256", __func__); goto fail; } @@ -411,122 +416,7 @@ fido_get_signed_hash(int cose_alg, fido_blob_t *dgst, if (item != NULL) cbor_decref(&item); - return (ok); -} - -int -fido_verify_sig_es256(const fido_blob_t *dgst, const es256_pk_t *pk, - const fido_blob_t *sig) -{ - EVP_PKEY *pkey = NULL; - EC_KEY *ec = NULL; - int ok = -1; - - /* ECDSA_verify needs ints */ - if (dgst->len > INT_MAX || sig->len > INT_MAX) { - fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, - dgst->len, sig->len); - return (-1); - } - - if ((pkey = es256_pk_to_EVP_PKEY(pk)) == NULL || - (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { - fido_log_debug("%s: pk -> ec", __func__); - goto fail; - } - - if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr, - (int)sig->len, ec) != 1) { - fido_log_debug("%s: ECDSA_verify", __func__); - goto fail; - } - - ok = 0; -fail: - if (pkey != NULL) - EVP_PKEY_free(pkey); - - return (ok); -} - -int -fido_verify_sig_rs256(const fido_blob_t *dgst, const rs256_pk_t *pk, - const fido_blob_t *sig) -{ - EVP_PKEY *pkey = NULL; - RSA *rsa = NULL; - int ok = -1; - - /* RSA_verify needs unsigned ints */ - if (dgst->len > UINT_MAX || sig->len > UINT_MAX) { - fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, - dgst->len, sig->len); - return (-1); - } - - if ((pkey = rs256_pk_to_EVP_PKEY(pk)) == NULL || - (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) { - fido_log_debug("%s: pk -> ec", __func__); - goto fail; - } - - if (RSA_verify(NID_sha256, dgst->ptr, (unsigned int)dgst->len, sig->ptr, - (unsigned int)sig->len, rsa) != 1) { - fido_log_debug("%s: RSA_verify", __func__); - goto fail; - } - - ok = 0; -fail: - if (pkey != NULL) - EVP_PKEY_free(pkey); - - return (ok); -} - -int -fido_verify_sig_eddsa(const fido_blob_t *dgst, const eddsa_pk_t *pk, - const fido_blob_t *sig) -{ - EVP_PKEY *pkey = NULL; - EVP_MD_CTX *mdctx = NULL; - int ok = -1; - - /* EVP_DigestVerify needs ints */ - if (dgst->len > INT_MAX || sig->len > INT_MAX) { - fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, - dgst->len, sig->len); - return (-1); - } - - if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL) { - fido_log_debug("%s: pk -> pkey", __func__); - goto fail; - } - - if ((mdctx = EVP_MD_CTX_new()) == NULL) { - fido_log_debug("%s: EVP_MD_CTX_new", __func__); - goto fail; - } - - if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) { - fido_log_debug("%s: EVP_DigestVerifyInit", __func__); - goto fail; - } - - if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr, - dgst->len) != 1) { - fido_log_debug("%s: EVP_DigestVerify", __func__); - goto fail; - } - - ok = 0; -fail: - if (mdctx != NULL) - EVP_MD_CTX_free(mdctx); - - if (pkey != NULL) - EVP_PKEY_free(pkey); + EVP_MD_CTX_free(ctx); return (ok); } @@ -589,13 +479,13 @@ fido_assert_verify(const fido_assert_t *assert, size_t idx, int cose_alg, switch (cose_alg) { case COSE_ES256: - ok = fido_verify_sig_es256(&dgst, pk, &stmt->sig); + ok = es256_pk_verify_sig(&dgst, pk, &stmt->sig); break; case COSE_RS256: - ok = fido_verify_sig_rs256(&dgst, pk, &stmt->sig); + ok = rs256_pk_verify_sig(&dgst, pk, &stmt->sig); break; case COSE_EDDSA: - ok = fido_verify_sig_eddsa(&dgst, pk, &stmt->sig); + ok = eddsa_pk_verify_sig(&dgst, pk, &stmt->sig); break; default: fido_log_debug("%s: unsupported cose_alg %d", __func__, diff --git a/src/authkey.c b/src/authkey.c index c3474ccafc01..33e0a8d44bd2 100644 --- a/src/authkey.c +++ b/src/authkey.c @@ -22,7 +22,7 @@ parse_authkey(const cbor_item_t *key, const cbor_item_t *val, void *arg) } static int -fido_dev_authkey_tx(fido_dev_t *dev) +fido_dev_authkey_tx(fido_dev_t *dev, int *ms) { fido_blob_t f; cbor_item_t *argv[2]; @@ -43,7 +43,7 @@ fido_dev_authkey_tx(fido_dev_t *dev) /* frame and transmit */ if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), - &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -58,13 +58,13 @@ fido_dev_authkey_tx(fido_dev_t *dev) } static int -fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int ms) +fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; fido_log_debug("%s: dev=%p, authkey=%p, ms=%d", __func__, (void *)dev, - (void *)authkey, ms); + (void *)authkey, *ms); memset(authkey, 0, sizeof(*authkey)); @@ -79,11 +79,11 @@ fido_dev_authkey_rx(fido_dev_t *dev, es256_pk_t *authkey, int ms) } static int -fido_dev_authkey_wait(fido_dev_t *dev, es256_pk_t *authkey, int ms) +fido_dev_authkey_wait(fido_dev_t *dev, es256_pk_t *authkey, int *ms) { int r; - if ((r = fido_dev_authkey_tx(dev)) != FIDO_OK || + if ((r = fido_dev_authkey_tx(dev, ms)) != FIDO_OK || (r = fido_dev_authkey_rx(dev, authkey, ms)) != FIDO_OK) return (r); @@ -91,7 +91,7 @@ fido_dev_authkey_wait(fido_dev_t *dev, es256_pk_t *authkey, int ms) } int -fido_dev_authkey(fido_dev_t *dev, es256_pk_t *authkey) +fido_dev_authkey(fido_dev_t *dev, es256_pk_t *authkey, int *ms) { - return (fido_dev_authkey_wait(dev, authkey, -1)); + return (fido_dev_authkey_wait(dev, authkey, ms)); } diff --git a/src/bio.c b/src/bio.c index 06bc32eea7ed..4ddc93749cc3 100644 --- a/src/bio.c +++ b/src/bio.c @@ -58,7 +58,7 @@ bio_prepare_hmac(uint8_t cmd, cbor_item_t **argv, size_t argc, static int bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc, - const char *pin, const fido_blob_t *token) + const char *pin, const fido_blob_t *token, int *ms) { cbor_item_t *argv[5]; es256_pk_t *pk = NULL; @@ -90,12 +90,12 @@ bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc, /* pinProtocol, pinAuth */ if (pin) { - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } if ((r = cbor_add_uv_params(dev, cmd, &hmac, pk, ecdh, pin, - NULL, &argv[4], &argv[3])) != FIDO_OK) { + NULL, &argv[4], &argv[3], ms)) != FIDO_OK) { fido_log_debug("%s: cbor_add_uv_params", __func__); goto fail; } @@ -109,7 +109,7 @@ bio_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **sub_argv, size_t sub_argc, /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -231,7 +231,7 @@ bio_parse_template_array(const cbor_item_t *key, const cbor_item_t *val, } static int -bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int ms) +bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -256,11 +256,11 @@ bio_rx_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, int ms) static int bio_get_template_array_wait(fido_dev_t *dev, fido_bio_template_array_t *ta, - const char *pin, int ms) + const char *pin, int *ms) { int r; - if ((r = bio_tx(dev, CMD_ENUM, NULL, 0, pin, NULL)) != FIDO_OK || + if ((r = bio_tx(dev, CMD_ENUM, NULL, 0, pin, NULL, ms)) != FIDO_OK || (r = bio_rx_template_array(dev, ta, ms)) != FIDO_OK) return (r); @@ -271,15 +271,17 @@ int fido_bio_dev_get_template_array(fido_dev_t *dev, fido_bio_template_array_t *ta, const char *pin) { + int ms = dev->timeout_ms; + if (pin == NULL) return (FIDO_ERR_INVALID_ARGUMENT); - return (bio_get_template_array_wait(dev, ta, pin, -1)); + return (bio_get_template_array_wait(dev, ta, pin, &ms)); } static int bio_set_template_name_wait(fido_dev_t *dev, const fido_bio_template_t *t, - const char *pin, int ms) + const char *pin, int *ms) { cbor_item_t *argv[2]; int r = FIDO_ERR_INTERNAL; @@ -292,7 +294,8 @@ bio_set_template_name_wait(fido_dev_t *dev, const fido_bio_template_t *t, goto fail; } - if ((r = bio_tx(dev, CMD_SET_NAME, argv, 2, pin, NULL)) != FIDO_OK || + if ((r = bio_tx(dev, CMD_SET_NAME, argv, 2, pin, NULL, + ms)) != FIDO_OK || (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { fido_log_debug("%s: tx/rx", __func__); goto fail; @@ -309,10 +312,12 @@ int fido_bio_dev_set_template_name(fido_dev_t *dev, const fido_bio_template_t *t, const char *pin) { + int ms = dev->timeout_ms; + if (pin == NULL || t->name == NULL) return (FIDO_ERR_INVALID_ARGUMENT); - return (bio_set_template_name_wait(dev, t, pin, -1)); + return (bio_set_template_name_wait(dev, t, pin, &ms)); } static void @@ -378,7 +383,7 @@ bio_parse_template_id(const cbor_item_t *key, const cbor_item_t *val, static int bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t, - fido_bio_enroll_t *e, int ms) + fido_bio_enroll_t *e, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -411,7 +416,7 @@ bio_rx_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t, static int bio_enroll_begin_wait(fido_dev_t *dev, fido_bio_template_t *t, - fido_bio_enroll_t *e, uint32_t timo_ms, int ms) + fido_bio_enroll_t *e, uint32_t timo_ms, int *ms) { cbor_item_t *argv[3]; const uint8_t cmd = CMD_ENROLL_BEGIN; @@ -424,7 +429,7 @@ bio_enroll_begin_wait(fido_dev_t *dev, fido_bio_template_t *t, goto fail; } - if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token)) != FIDO_OK || + if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token, ms)) != FIDO_OK || (r = bio_rx_enroll_begin(dev, t, e, ms)) != FIDO_OK) { fido_log_debug("%s: tx/rx", __func__); goto fail; @@ -444,6 +449,7 @@ fido_bio_dev_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t, es256_pk_t *pk = NULL; fido_blob_t *ecdh = NULL; fido_blob_t *token = NULL; + int ms = dev->timeout_ms; int r; if (pin == NULL || e->token != NULL) @@ -454,13 +460,13 @@ fido_bio_dev_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t, goto fail; } - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, &ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } if ((r = fido_dev_get_uv_token(dev, CTAP_CBOR_BIO_ENROLL_PRE, pin, ecdh, - pk, NULL, token)) != FIDO_OK) { + pk, NULL, token, &ms)) != FIDO_OK) { fido_log_debug("%s: fido_dev_get_uv_token", __func__); goto fail; } @@ -475,11 +481,11 @@ fido_bio_dev_enroll_begin(fido_dev_t *dev, fido_bio_template_t *t, if (r != FIDO_OK) return (r); - return (bio_enroll_begin_wait(dev, t, e, timo_ms, -1)); + return (bio_enroll_begin_wait(dev, t, e, timo_ms, &ms)); } static int -bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int ms) +bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -505,7 +511,7 @@ bio_rx_enroll_continue(fido_dev_t *dev, fido_bio_enroll_t *e, int ms) static int bio_enroll_continue_wait(fido_dev_t *dev, const fido_bio_template_t *t, - fido_bio_enroll_t *e, uint32_t timo_ms, int ms) + fido_bio_enroll_t *e, uint32_t timo_ms, int *ms) { cbor_item_t *argv[3]; const uint8_t cmd = CMD_ENROLL_NEXT; @@ -519,7 +525,7 @@ bio_enroll_continue_wait(fido_dev_t *dev, const fido_bio_template_t *t, goto fail; } - if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token)) != FIDO_OK || + if ((r = bio_tx(dev, cmd, argv, 3, NULL, e->token, ms)) != FIDO_OK || (r = bio_rx_enroll_continue(dev, e, ms)) != FIDO_OK) { fido_log_debug("%s: tx/rx", __func__); goto fail; @@ -536,19 +542,21 @@ int fido_bio_dev_enroll_continue(fido_dev_t *dev, const fido_bio_template_t *t, fido_bio_enroll_t *e, uint32_t timo_ms) { + int ms = dev->timeout_ms; + if (e->token == NULL) return (FIDO_ERR_INVALID_ARGUMENT); - return (bio_enroll_continue_wait(dev, t, e, timo_ms, -1)); + return (bio_enroll_continue_wait(dev, t, e, timo_ms, &ms)); } static int -bio_enroll_cancel_wait(fido_dev_t *dev, int ms) +bio_enroll_cancel_wait(fido_dev_t *dev, int *ms) { const uint8_t cmd = CMD_ENROLL_CANCEL; int r; - if ((r = bio_tx(dev, cmd, NULL, 0, NULL, NULL)) != FIDO_OK || + if ((r = bio_tx(dev, cmd, NULL, 0, NULL, NULL, ms)) != FIDO_OK || (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { fido_log_debug("%s: tx/rx", __func__); return (r); @@ -560,12 +568,14 @@ bio_enroll_cancel_wait(fido_dev_t *dev, int ms) int fido_bio_dev_enroll_cancel(fido_dev_t *dev) { - return (bio_enroll_cancel_wait(dev, -1)); + int ms = dev->timeout_ms; + + return (bio_enroll_cancel_wait(dev, &ms)); } static int bio_enroll_remove_wait(fido_dev_t *dev, const fido_bio_template_t *t, - const char *pin, int ms) + const char *pin, int *ms) { cbor_item_t *argv[1]; const uint8_t cmd = CMD_ENROLL_REMOVE; @@ -578,7 +588,7 @@ bio_enroll_remove_wait(fido_dev_t *dev, const fido_bio_template_t *t, goto fail; } - if ((r = bio_tx(dev, cmd, argv, 1, pin, NULL)) != FIDO_OK || + if ((r = bio_tx(dev, cmd, argv, 1, pin, NULL, ms)) != FIDO_OK || (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { fido_log_debug("%s: tx/rx", __func__); goto fail; @@ -595,7 +605,9 @@ int fido_bio_dev_enroll_remove(fido_dev_t *dev, const fido_bio_template_t *t, const char *pin) { - return (bio_enroll_remove_wait(dev, t, pin, -1)); + int ms = dev->timeout_ms; + + return (bio_enroll_remove_wait(dev, t, pin, &ms)); } static void @@ -640,7 +652,7 @@ bio_parse_info(const cbor_item_t *key, const cbor_item_t *val, void *arg) } static int -bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int ms) +bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -664,11 +676,12 @@ bio_rx_info(fido_dev_t *dev, fido_bio_info_t *i, int ms) } static int -bio_get_info_wait(fido_dev_t *dev, fido_bio_info_t *i, int ms) +bio_get_info_wait(fido_dev_t *dev, fido_bio_info_t *i, int *ms) { int r; - if ((r = bio_tx(dev, CMD_GET_INFO, NULL, 0, NULL, NULL)) != FIDO_OK || + if ((r = bio_tx(dev, CMD_GET_INFO, NULL, 0, NULL, NULL, + ms)) != FIDO_OK || (r = bio_rx_info(dev, i, ms)) != FIDO_OK) { fido_log_debug("%s: tx/rx", __func__); return (r); @@ -680,7 +693,9 @@ bio_get_info_wait(fido_dev_t *dev, fido_bio_info_t *i, int ms) int fido_bio_dev_get_info(fido_dev_t *dev, fido_bio_info_t *i) { - return (bio_get_info_wait(dev, i, -1)); + int ms = dev->timeout_ms; + + return (bio_get_info_wait(dev, i, &ms)); } const char * diff --git a/src/cbor.c b/src/cbor.c index 5c1b11583e7b..7935e5017dcf 100644 --- a/src/cbor.c +++ b/src/cbor.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -560,6 +560,32 @@ cbor_encode_pubkey_list(const fido_blob_array_t *list) return (NULL); } +cbor_item_t * +cbor_encode_str_array(const fido_str_array_t *a) +{ + cbor_item_t *array = NULL; + cbor_item_t *entry = NULL; + + if ((array = cbor_new_definite_array(a->len)) == NULL) + goto fail; + + for (size_t i = 0; i < a->len; i++) { + if ((entry = cbor_build_string(a->ptr[i])) == NULL || + cbor_array_push(array, entry) == false) + goto fail; + cbor_decref(&entry); + } + + return (array); +fail: + if (entry != NULL) + cbor_decref(&entry); + if (array != NULL) + cbor_decref(&array); + + return (NULL); +} + static int cbor_encode_largeblob_key_ext(cbor_item_t *map) { @@ -584,6 +610,8 @@ cbor_encode_cred_ext(const fido_cred_ext_t *ext, const fido_blob_t *blob) size++; if (ext->mask & FIDO_EXT_LARGEBLOB_KEY) size++; + if (ext->mask & FIDO_EXT_MINPINLEN) + size++; if (size == 0 || (item = cbor_new_definite_map(size)) == NULL) return (NULL); @@ -615,6 +643,12 @@ cbor_encode_cred_ext(const fido_cred_ext_t *ext, const fido_blob_t *blob) return (NULL); } } + if (ext->mask & FIDO_EXT_MINPINLEN) { + if (cbor_add_bool(item, "minPinLength", FIDO_OPT_TRUE) < 0) { + cbor_decref(&item); + return (NULL); + } + } return (item); } @@ -706,11 +740,7 @@ cbor_encode_change_pin_auth(const fido_dev_t *dev, const fido_blob_t *secret, unsigned int dgst_len; cbor_item_t *item = NULL; const EVP_MD *md = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX ctx; -#else HMAC_CTX *ctx = NULL; -#endif fido_blob_t key; uint8_t prot; size_t outlen; @@ -726,19 +756,6 @@ cbor_encode_change_pin_auth(const fido_dev_t *dev, const fido_blob_t *secret, if (prot == CTAP_PIN_PROTOCOL2 && key.len > 32) key.len = 32; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_init(&ctx); - - if ((md = EVP_sha256()) == NULL || - HMAC_Init_ex(&ctx, key.ptr, (int)key.len, md, NULL) == 0 || - HMAC_Update(&ctx, new_pin_enc->ptr, new_pin_enc->len) == 0 || - HMAC_Update(&ctx, pin_hash_enc->ptr, pin_hash_enc->len) == 0 || - HMAC_Final(&ctx, dgst, &dgst_len) == 0 || - dgst_len != SHA256_DIGEST_LENGTH) { - fido_log_debug("%s: HMAC", __func__); - goto fail; - } -#else if ((ctx = HMAC_CTX_new()) == NULL || (md = EVP_sha256()) == NULL || HMAC_Init_ex(ctx, key.ptr, (int)key.len, md, NULL) == 0 || @@ -749,7 +766,6 @@ cbor_encode_change_pin_auth(const fido_dev_t *dev, const fido_blob_t *secret, fido_log_debug("%s: HMAC", __func__); goto fail; } -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ outlen = (prot == CTAP_PIN_PROTOCOL1) ? 16 : dgst_len; @@ -759,10 +775,7 @@ cbor_encode_change_pin_auth(const fido_dev_t *dev, const fido_blob_t *secret, } fail: -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - if (ctx != NULL) - HMAC_CTX_free(ctx); -#endif + HMAC_CTX_free(ctx); return (item); } @@ -775,6 +788,7 @@ cbor_encode_hmac_secret_param(const fido_dev_t *dev, cbor_item_t *item, cbor_item_t *argv[4]; struct cbor_pair pair; fido_blob_t *enc = NULL; + uint8_t prot; int r; memset(argv, 0, sizeof(argv)); @@ -801,11 +815,17 @@ cbor_encode_hmac_secret_param(const fido_dev_t *dev, cbor_item_t *item, goto fail; } + if ((prot = fido_dev_get_pin_protocol(dev)) == 0) { + fido_log_debug("%s: fido_dev_get_pin_protocol", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } + /* XXX not pin, but salt */ if ((argv[0] = es256_pk_encode(pk, 1)) == NULL || (argv[1] = fido_blob_encode(enc)) == NULL || (argv[2] = cbor_encode_pin_auth(dev, ecdh, enc)) == NULL || - (argv[3] = cbor_encode_pin_opt(dev)) == NULL) { + (prot != 1 && (argv[3] = cbor_build_uint8(prot)) == NULL)) { fido_log_debug("%s: cbor encode", __func__); r = FIDO_ERR_INTERNAL; goto fail; @@ -896,7 +916,7 @@ cbor_decode_fmt(const cbor_item_t *item, char **fmt) } if (strcmp(type, "packed") && strcmp(type, "fido-u2f") && - strcmp(type, "none")) { + strcmp(type, "none") && strcmp(type, "tpm")) { fido_log_debug("%s: type=%s", __func__, type); free(type); return (-1); @@ -1141,6 +1161,14 @@ decode_cred_extension(const cbor_item_t *key, const cbor_item_t *val, void *arg) } if (cbor_ctrl_value(val) == CBOR_CTRL_TRUE) authdata_ext->mask |= FIDO_EXT_CRED_BLOB; + } else if (strcmp(type, "minPinLength") == 0) { + if (cbor_isa_uint(val) == false || + cbor_int_get_width(val) != CBOR_INT_8) { + fido_log_debug("%s: cbor type", __func__); + goto out; + } + authdata_ext->mask |= FIDO_EXT_MINPINLEN; + authdata_ext->minpinlen = cbor_get_uint8(val); } ok = 0; @@ -1365,7 +1393,6 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg) { fido_attstmt_t *attstmt = arg; char *name = NULL; - int cose_alg = 0; int ok = -1; if (cbor_string_copy(key, &name) < 0) { @@ -1380,10 +1407,11 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg) fido_log_debug("%s: alg", __func__); goto out; } - if ((cose_alg = -(int)cbor_get_int(val) - 1) != COSE_ES256 && - cose_alg != COSE_RS256 && cose_alg != COSE_EDDSA) { - fido_log_debug("%s: unsupported cose_alg=%d", __func__, - cose_alg); + attstmt->alg = -(int)cbor_get_int(val) - 1; + if (attstmt->alg != COSE_ES256 && attstmt->alg != COSE_RS256 && + attstmt->alg != COSE_EDDSA && attstmt->alg != COSE_RS1) { + fido_log_debug("%s: unsupported attstmt->alg=%d", + __func__, attstmt->alg); goto out; } } else if (!strcmp(name, "sig")) { @@ -1398,6 +1426,16 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg) fido_log_debug("%s: x5c", __func__); goto out; } + } else if (!strcmp(name, "certInfo")) { + if (fido_blob_decode(val, &attstmt->certinfo) < 0) { + fido_log_debug("%s: certinfo", __func__); + goto out; + } + } else if (!strcmp(name, "pubArea")) { + if (fido_blob_decode(val, &attstmt->pubarea) < 0) { + fido_log_debug("%s: pubarea", __func__); + goto out; + } } ok = 0; @@ -1410,6 +1448,8 @@ decode_attstmt_entry(const cbor_item_t *key, const cbor_item_t *val, void *arg) int cbor_decode_attstmt(const cbor_item_t *item, fido_attstmt_t *attstmt) { + size_t alloc_len; + if (cbor_isa_map(item) == false || cbor_map_is_definite(item) == false || cbor_map_iter(item, attstmt, decode_attstmt_entry) < 0) { @@ -1417,6 +1457,13 @@ cbor_decode_attstmt(const cbor_item_t *item, fido_attstmt_t *attstmt) return (-1); } + if (attstmt->cbor.ptr != NULL || + (attstmt->cbor.len = cbor_serialize_alloc(item, + &attstmt->cbor.ptr, &alloc_len)) == 0) { + fido_log_debug("%s: cbor_serialize_alloc", __func__); + return (-1); + } + return (0); } diff --git a/src/config.c b/src/config.c index 0dda16163bc8..2baaab0fd62c 100644 --- a/src/config.c +++ b/src/config.c @@ -39,7 +39,7 @@ config_prepare_hmac(uint8_t subcmd, const cbor_item_t *item, fido_blob_t *hmac) static int config_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **paramv, size_t paramc, - const char *pin) + const char *pin, int *ms) { cbor_item_t *argv[4]; es256_pk_t *pk = NULL; @@ -68,12 +68,12 @@ config_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **paramv, size_t paramc, fido_log_debug("%s: config_prepare_hmac", __func__); goto fail; } - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } if ((r = cbor_add_uv_params(dev, cmd, &hmac, pk, ecdh, pin, - NULL, &argv[3], &argv[2])) != FIDO_OK) { + NULL, &argv[3], &argv[2], ms)) != FIDO_OK) { fido_log_debug("%s: cbor_add_uv_params", __func__); goto fail; } @@ -81,7 +81,7 @@ config_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **paramv, size_t paramc, /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -99,11 +99,12 @@ config_tx(fido_dev_t *dev, uint8_t subcmd, cbor_item_t **paramv, size_t paramc, } static int -config_enable_entattest_wait(fido_dev_t *dev, const char *pin, int ms) +config_enable_entattest_wait(fido_dev_t *dev, const char *pin, int *ms) { int r; - if ((r = config_tx(dev, CMD_ENABLE_ENTATTEST, NULL, 0, pin)) != FIDO_OK) + if ((r = config_tx(dev, CMD_ENABLE_ENTATTEST, NULL, 0, pin, + ms)) != FIDO_OK) return r; return fido_rx_cbor_status(dev, ms); @@ -112,15 +113,18 @@ config_enable_entattest_wait(fido_dev_t *dev, const char *pin, int ms) int fido_dev_enable_entattest(fido_dev_t *dev, const char *pin) { - return (config_enable_entattest_wait(dev, pin, -1)); + int ms = dev->timeout_ms; + + return (config_enable_entattest_wait(dev, pin, &ms)); } static int -config_toggle_always_uv_wait(fido_dev_t *dev, const char *pin, int ms) +config_toggle_always_uv_wait(fido_dev_t *dev, const char *pin, int *ms) { int r; - if ((r = config_tx(dev, CMD_TOGGLE_ALWAYS_UV, NULL, 0, pin)) != FIDO_OK) + if ((r = config_tx(dev, CMD_TOGGLE_ALWAYS_UV, NULL, 0, pin, + ms)) != FIDO_OK) return r; return (fido_rx_cbor_status(dev, ms)); @@ -129,18 +133,21 @@ config_toggle_always_uv_wait(fido_dev_t *dev, const char *pin, int ms) int fido_dev_toggle_always_uv(fido_dev_t *dev, const char *pin) { - return config_toggle_always_uv_wait(dev, pin, -1); + int ms = dev->timeout_ms; + + return config_toggle_always_uv_wait(dev, pin, &ms); } static int -config_pin_minlen_tx(fido_dev_t *dev, size_t len, bool force, const char *pin) +config_pin_minlen_tx(fido_dev_t *dev, size_t len, bool force, + const fido_str_array_t *rpid, const char *pin, int *ms) { cbor_item_t *argv[3]; int r; memset(argv, 0, sizeof(argv)); - if ((!len && !force) || len > UINT8_MAX) { + if ((rpid == NULL && len == 0 && !force) || len > UINT8_MAX) { r = FIDO_ERR_INVALID_ARGUMENT; goto fail; } @@ -149,13 +156,18 @@ config_pin_minlen_tx(fido_dev_t *dev, size_t len, bool force, const char *pin) r = FIDO_ERR_INTERNAL; goto fail; } + if (rpid != NULL && (argv[1] = cbor_encode_str_array(rpid)) == NULL) { + fido_log_debug("%s: cbor_encode_str_array", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } if (force && (argv[2] = cbor_build_bool(true)) == NULL) { fido_log_debug("%s: cbor_build_bool", __func__); r = FIDO_ERR_INTERNAL; goto fail; } if ((r = config_tx(dev, CMD_SET_PIN_MINLEN, argv, nitems(argv), - pin)) != FIDO_OK) { + pin, ms)) != FIDO_OK) { fido_log_debug("%s: config_tx", __func__); goto fail; } @@ -167,12 +179,13 @@ config_pin_minlen_tx(fido_dev_t *dev, size_t len, bool force, const char *pin) } static int -config_pin_minlen(fido_dev_t *dev, size_t len, bool force, const char *pin, - int ms) +config_pin_minlen(fido_dev_t *dev, size_t len, bool force, + const fido_str_array_t *rpid, const char *pin, int *ms) { int r; - if ((r = config_pin_minlen_tx(dev, len, force, pin)) != FIDO_OK) + if ((r = config_pin_minlen_tx(dev, len, force, rpid, pin, + ms)) != FIDO_OK) return r; return fido_rx_cbor_status(dev, ms); @@ -181,11 +194,36 @@ config_pin_minlen(fido_dev_t *dev, size_t len, bool force, const char *pin, int fido_dev_set_pin_minlen(fido_dev_t *dev, size_t len, const char *pin) { - return config_pin_minlen(dev, len, false, pin, -1); + int ms = dev->timeout_ms; + + return config_pin_minlen(dev, len, false, NULL, pin, &ms); } int fido_dev_force_pin_change(fido_dev_t *dev, const char *pin) { - return config_pin_minlen(dev, 0, true, pin, -1); + int ms = dev->timeout_ms; + + return config_pin_minlen(dev, 0, true, NULL, pin, &ms); +} + +int +fido_dev_set_pin_minlen_rpid(fido_dev_t *dev, const char * const *rpid, + size_t n, const char *pin) +{ + fido_str_array_t sa; + int ms = dev->timeout_ms; + int r; + + memset(&sa, 0, sizeof(sa)); + if (fido_str_array_pack(&sa, rpid, n) < 0) { + fido_log_debug("%s: fido_str_array_pack", __func__); + r = FIDO_ERR_INTERNAL; + goto fail; + } + r = config_pin_minlen(dev, 0, false, &sa, pin, &ms); +fail: + fido_str_array_free(&sa); + + return r; } diff --git a/src/cred.c b/src/cred.c index 5e65b08293b1..6da502c8d90a 100644 --- a/src/cred.c +++ b/src/cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -10,6 +10,10 @@ #include "fido.h" #include "fido/es256.h" +#ifndef FIDO_MAXMSG_CRED +#define FIDO_MAXMSG_CRED 4096 +#endif + static int parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg) { @@ -43,7 +47,8 @@ parse_makecred_reply(const cbor_item_t *key, const cbor_item_t *val, void *arg) } static int -fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin) +fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin, + int *ms) { fido_blob_t f; fido_blob_t *ecdh = NULL; @@ -92,12 +97,12 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin) /* user verification */ if (pin != NULL || (uv == FIDO_OPT_TRUE && fido_dev_supports_permissions(dev))) { - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } if ((r = cbor_add_uv_params(dev, cmd, &cred->cdh, pk, ecdh, - pin, cred->rp.id, &argv[7], &argv[8])) != FIDO_OK) { + pin, cred->rp.id, &argv[7], &argv[8], ms)) != FIDO_OK) { fido_log_debug("%s: cbor_add_uv_params", __func__); goto fail; } @@ -114,7 +119,7 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin) /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -131,42 +136,55 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin) } static int -fido_dev_make_cred_rx(fido_dev_t *dev, fido_cred_t *cred, int ms) +fido_dev_make_cred_rx(fido_dev_t *dev, fido_cred_t *cred, int *ms) { - unsigned char reply[FIDO_MAXMSG]; - int reply_len; - int r; + unsigned char *reply; + int reply_len; + int r; fido_cred_reset_rx(cred); - if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, &reply, sizeof(reply), + if ((reply = malloc(FIDO_MAXMSG_CRED)) == NULL) { + r = FIDO_ERR_INTERNAL; + goto fail; + } + + if ((reply_len = fido_rx(dev, CTAP_CMD_CBOR, reply, FIDO_MAXMSG_CRED, ms)) < 0) { fido_log_debug("%s: fido_rx", __func__); - return (FIDO_ERR_RX); + r = FIDO_ERR_RX; + goto fail; } if ((r = cbor_parse_reply(reply, (size_t)reply_len, cred, parse_makecred_reply)) != FIDO_OK) { fido_log_debug("%s: parse_makecred_reply", __func__); - return (r); + goto fail; } if (cred->fmt == NULL || fido_blob_is_empty(&cred->authdata_cbor) || fido_blob_is_empty(&cred->attcred.id)) { - fido_cred_reset_rx(cred); - return (FIDO_ERR_INVALID_CBOR); + r = FIDO_ERR_INVALID_CBOR; + goto fail; } - return (FIDO_OK); + r = FIDO_OK; +fail: + free(reply); + + if (r != FIDO_OK) + fido_cred_reset_rx(cred); + + return (r); } static int fido_dev_make_cred_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin, - int ms) + int *ms) { int r; - if ((r = fido_dev_make_cred_tx(dev, cred, pin)) != FIDO_OK || + if ((r = fido_dev_make_cred_tx(dev, cred, pin, ms)) != FIDO_OK || (r = fido_dev_make_cred_rx(dev, cred, ms)) != FIDO_OK) return (r); @@ -176,18 +194,20 @@ fido_dev_make_cred_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin, int fido_dev_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin) { + int ms = dev->timeout_ms; + #ifdef USE_WINHELLO if (dev->flags & FIDO_DEV_WINHELLO) - return (fido_winhello_make_cred(dev, cred, pin)); + return (fido_winhello_make_cred(dev, cred, pin, ms)); #endif if (fido_dev_is_fido2(dev) == false) { if (pin != NULL || cred->rk == FIDO_OPT_TRUE || cred->ext.mask != 0) return (FIDO_ERR_UNSUPPORTED_OPTION); - return (u2f_register(dev, cred, -1)); + return (u2f_register(dev, cred, &ms)); } - return (fido_dev_make_cred_wait(dev, cred, pin, -1)); + return (fido_dev_make_cred_wait(dev, cred, pin, &ms)); } static int @@ -225,66 +245,81 @@ get_signed_hash_u2f(fido_blob_t *dgst, const unsigned char *rp_id, size_t rp_id_len, const fido_blob_t *clientdata, const fido_blob_t *id, const es256_pk_t *pk) { - const uint8_t zero = 0; - const uint8_t four = 4; /* uncompressed point */ - SHA256_CTX ctx; - - if (dgst->len != SHA256_DIGEST_LENGTH || SHA256_Init(&ctx) == 0 || - SHA256_Update(&ctx, &zero, sizeof(zero)) == 0 || - SHA256_Update(&ctx, rp_id, rp_id_len) == 0 || - SHA256_Update(&ctx, clientdata->ptr, clientdata->len) == 0 || - SHA256_Update(&ctx, id->ptr, id->len) == 0 || - SHA256_Update(&ctx, &four, sizeof(four)) == 0 || - SHA256_Update(&ctx, pk->x, sizeof(pk->x)) == 0 || - SHA256_Update(&ctx, pk->y, sizeof(pk->y)) == 0 || - SHA256_Final(dgst->ptr, &ctx) == 0) { - fido_log_debug("%s: sha256", __func__); - return (-1); - } - - return (0); -} - -static int -verify_sig(const fido_blob_t *dgst, const fido_blob_t *x5c, - const fido_blob_t *sig) -{ - BIO *rawcert = NULL; - X509 *cert = NULL; - EVP_PKEY *pkey = NULL; - EC_KEY *ec; + const uint8_t zero = 0; + const uint8_t four = 4; /* uncompressed point */ + const EVP_MD *md = NULL; + EVP_MD_CTX *ctx = NULL; int ok = -1; - /* openssl needs ints */ - if (dgst->len > INT_MAX || x5c->len > INT_MAX || sig->len > INT_MAX) { - fido_log_debug("%s: dgst->len=%zu, x5c->len=%zu, sig->len=%zu", - __func__, dgst->len, x5c->len, sig->len); - return (-1); - } - - /* fetch key from x509 */ - if ((rawcert = BIO_new_mem_buf(x5c->ptr, (int)x5c->len)) == NULL || - (cert = d2i_X509_bio(rawcert, NULL)) == NULL || - (pkey = X509_get_pubkey(cert)) == NULL || - (ec = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) { - fido_log_debug("%s: x509 key", __func__); - goto fail; - } - - if (ECDSA_verify(0, dgst->ptr, (int)dgst->len, sig->ptr, - (int)sig->len, ec) != 1) { - fido_log_debug("%s: ECDSA_verify", __func__); + if (dgst->len != SHA256_DIGEST_LENGTH || + (md = EVP_sha256()) == NULL || + (ctx = EVP_MD_CTX_new()) == NULL || + EVP_DigestInit_ex(ctx, md, NULL) != 1 || + EVP_DigestUpdate(ctx, &zero, sizeof(zero)) != 1 || + EVP_DigestUpdate(ctx, rp_id, rp_id_len) != 1 || + EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 || + EVP_DigestUpdate(ctx, id->ptr, id->len) != 1 || + EVP_DigestUpdate(ctx, &four, sizeof(four)) != 1 || + EVP_DigestUpdate(ctx, pk->x, sizeof(pk->x)) != 1 || + EVP_DigestUpdate(ctx, pk->y, sizeof(pk->y)) != 1 || + EVP_DigestFinal_ex(ctx, dgst->ptr, NULL) != 1) { + fido_log_debug("%s: sha256", __func__); goto fail; } ok = 0; fail: - if (rawcert != NULL) - BIO_free(rawcert); - if (cert != NULL) - X509_free(cert); - if (pkey != NULL) - EVP_PKEY_free(pkey); + EVP_MD_CTX_free(ctx); + + return (ok); +} + +static int +verify_attstmt(const fido_blob_t *dgst, const fido_attstmt_t *attstmt) +{ + BIO *rawcert = NULL; + X509 *cert = NULL; + EVP_PKEY *pkey = NULL; + int ok = -1; + + /* openssl needs ints */ + if (attstmt->x5c.len > INT_MAX) { + fido_log_debug("%s: x5c.len=%zu", __func__, attstmt->x5c.len); + return (-1); + } + + /* fetch key from x509 */ + if ((rawcert = BIO_new_mem_buf(attstmt->x5c.ptr, + (int)attstmt->x5c.len)) == NULL || + (cert = d2i_X509_bio(rawcert, NULL)) == NULL || + (pkey = X509_get_pubkey(cert)) == NULL) { + fido_log_debug("%s: x509 key", __func__); + goto fail; + } + + switch (attstmt->alg) { + case COSE_UNSPEC: + case COSE_ES256: + ok = es256_verify_sig(dgst, pkey, &attstmt->sig); + break; + case COSE_RS256: + ok = rs256_verify_sig(dgst, pkey, &attstmt->sig); + break; + case COSE_RS1: + ok = rs1_verify_sig(dgst, pkey, &attstmt->sig); + break; + case COSE_EDDSA: + ok = eddsa_verify_sig(dgst, pkey, &attstmt->sig); + break; + default: + fido_log_debug("%s: unknown alg %d", __func__, attstmt->alg); + break; + } + +fail: + BIO_free(rawcert); + X509_free(cert); + EVP_PKEY_free(pkey); return (ok); } @@ -348,14 +383,21 @@ fido_cred_verify(const fido_cred_t *cred) r = FIDO_ERR_INTERNAL; goto out; } + } else if (!strcmp(cred->fmt, "tpm")) { + if (fido_get_signed_hash_tpm(&dgst, &cred->cdh, + &cred->authdata_raw, &cred->attstmt, &cred->attcred) < 0) { + fido_log_debug("%s: fido_get_signed_hash_tpm", __func__); + r = FIDO_ERR_INTERNAL; + goto out; + } } else { fido_log_debug("%s: unknown fmt %s", __func__, cred->fmt); r = FIDO_ERR_INVALID_ARGUMENT; goto out; } - if (verify_sig(&dgst, &cred->attstmt.x5c, &cred->attstmt.sig) < 0) { - fido_log_debug("%s: verify_sig", __func__); + if (verify_attstmt(&dgst, &cred->attstmt) < 0) { + fido_log_debug("%s: verify_attstmt", __func__); r = FIDO_ERR_INVALID_SIG; goto out; } @@ -435,15 +477,15 @@ fido_cred_verify_self(const fido_cred_t *cred) switch (cred->attcred.type) { case COSE_ES256: - ok = fido_verify_sig_es256(&dgst, &cred->attcred.pubkey.es256, + ok = es256_pk_verify_sig(&dgst, &cred->attcred.pubkey.es256, &cred->attstmt.sig); break; case COSE_RS256: - ok = fido_verify_sig_rs256(&dgst, &cred->attcred.pubkey.rs256, + ok = rs256_pk_verify_sig(&dgst, &cred->attcred.pubkey.rs256, &cred->attstmt.sig); break; case COSE_EDDSA: - ok = fido_verify_sig_eddsa(&dgst, &cred->attcred.pubkey.eddsa, + ok = eddsa_pk_verify_sig(&dgst, &cred->attcred.pubkey.eddsa, &cred->attstmt.sig); break; default: @@ -482,6 +524,18 @@ fido_cred_clean_authdata(fido_cred_t *cred) memset(&cred->attcred, 0, sizeof(cred->attcred)); } +static void +fido_cred_clean_attstmt(fido_attstmt_t *attstmt) +{ + fido_blob_reset(&attstmt->certinfo); + fido_blob_reset(&attstmt->pubarea); + fido_blob_reset(&attstmt->cbor); + fido_blob_reset(&attstmt->x5c); + fido_blob_reset(&attstmt->sig); + + memset(attstmt, 0, sizeof(*attstmt)); +} + void fido_cred_reset_tx(fido_cred_t *cred) { @@ -513,8 +567,7 @@ fido_cred_reset_rx(fido_cred_t *cred) free(cred->fmt); cred->fmt = NULL; fido_cred_clean_authdata(cred); - fido_blob_reset(&cred->attstmt.x5c); - fido_blob_reset(&cred->attstmt.sig); + fido_cred_clean_attstmt(&cred->attstmt); fido_blob_reset(&cred->largeblob_key); } @@ -568,7 +621,6 @@ fido_cred_set_authdata(fido_cred_t *cred, const unsigned char *ptr, size_t len) fido_cred_clean_authdata(cred); return (r); - } int @@ -610,7 +662,6 @@ fido_cred_set_authdata_raw(fido_cred_t *cred, const unsigned char *ptr, fido_cred_clean_authdata(cred); return (r); - } int @@ -640,6 +691,39 @@ fido_cred_set_sig(fido_cred_t *cred, const unsigned char *ptr, size_t len) return (FIDO_OK); } +int +fido_cred_set_attstmt(fido_cred_t *cred, const unsigned char *ptr, size_t len) +{ + cbor_item_t *item = NULL; + struct cbor_load_result cbor; + int r = FIDO_ERR_INVALID_ARGUMENT; + + fido_cred_clean_attstmt(&cred->attstmt); + + if (ptr == NULL || len == 0) + goto fail; + + if ((item = cbor_load(ptr, len, &cbor)) == NULL) { + fido_log_debug("%s: cbor_load", __func__); + goto fail; + } + + if (cbor_decode_attstmt(item, &cred->attstmt) < 0) { + fido_log_debug("%s: cbor_decode_attstmt", __func__); + goto fail; + } + + r = FIDO_OK; +fail: + if (item != NULL) + cbor_decref(&item); + + if (r != FIDO_OK) + fido_cred_clean_attstmt(&cred->attstmt); + + return (r); +} + int fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len) { @@ -833,6 +917,19 @@ fido_cred_set_prot(fido_cred_t *cred, int prot) return (FIDO_OK); } +int +fido_cred_set_pin_minlen(fido_cred_t *cred, size_t len) +{ + if (len == 0) + cred->ext.mask &= ~FIDO_EXT_MINPINLEN; + else + cred->ext.mask |= FIDO_EXT_MINPINLEN; + + cred->ext.minpinlen = len; + + return (FIDO_OK); +} + int fido_cred_set_blob(fido_cred_t *cred, const unsigned char *ptr, size_t len) { @@ -856,7 +953,7 @@ fido_cred_set_fmt(fido_cred_t *cred, const char *fmt) return (FIDO_ERR_INVALID_ARGUMENT); if (strcmp(fmt, "packed") && strcmp(fmt, "fido-u2f") && - strcmp(fmt, "none")) + strcmp(fmt, "none") && strcmp(fmt, "tpm")) return (FIDO_ERR_INVALID_ARGUMENT); if ((cred->fmt = strdup(fmt)) == NULL) @@ -955,6 +1052,18 @@ fido_cred_authdata_raw_len(const fido_cred_t *cred) return (cred->authdata_raw.len); } +const unsigned char * +fido_cred_attstmt_ptr(const fido_cred_t *cred) +{ + return (cred->attstmt.cbor.ptr); +} + +size_t +fido_cred_attstmt_len(const fido_cred_t *cred) +{ + return (cred->attstmt.cbor.len); +} + const unsigned char * fido_cred_pubkey_ptr(const fido_cred_t *cred) { @@ -1031,6 +1140,12 @@ fido_cred_prot(const fido_cred_t *cred) return (cred->ext.prot); } +size_t +fido_cred_pin_minlen(const fido_cred_t *cred) +{ + return (cred->ext.minpinlen); +} + const char * fido_cred_fmt(const fido_cred_t *cred) { diff --git a/src/credman.c b/src/credman.c index e48ca4543b10..8d2649a144f2 100644 --- a/src/credman.c +++ b/src/credman.c @@ -112,7 +112,7 @@ credman_prepare_hmac(uint8_t cmd, const void *body, cbor_item_t **param, static int credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin, - const char *rp_id, fido_opt_t uv) + const char *rp_id, fido_opt_t uv, int *ms) { fido_blob_t f; fido_blob_t *ecdh = NULL; @@ -144,12 +144,12 @@ credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin, fido_log_debug("%s: credman_prepare_hmac", __func__); goto fail; } - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } if ((r = cbor_add_uv_params(dev, cmd, &hmac, pk, ecdh, pin, - rp_id, &argv[3], &argv[2])) != FIDO_OK) { + rp_id, &argv[3], &argv[2], ms)) != FIDO_OK) { fido_log_debug("%s: cbor_add_uv_params", __func__); goto fail; } @@ -157,7 +157,7 @@ credman_tx(fido_dev_t *dev, uint8_t subcmd, const void *param, const char *pin, /* framing and transmission */ if (cbor_build_frame(cmd, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -198,7 +198,7 @@ credman_parse_metadata(const cbor_item_t *key, const cbor_item_t *val, } static int -credman_rx_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, int ms) +credman_rx_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -223,12 +223,12 @@ credman_rx_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, int ms) static int credman_get_metadata_wait(fido_dev_t *dev, fido_credman_metadata_t *metadata, - const char *pin, int ms) + const char *pin, int *ms) { int r; if ((r = credman_tx(dev, CMD_CRED_METADATA, NULL, pin, NULL, - FIDO_OPT_TRUE)) != FIDO_OK || + FIDO_OPT_TRUE, ms)) != FIDO_OK || (r = credman_rx_metadata(dev, metadata, ms)) != FIDO_OK) return (r); @@ -239,7 +239,9 @@ int fido_credman_get_dev_metadata(fido_dev_t *dev, fido_credman_metadata_t *metadata, const char *pin) { - return (credman_get_metadata_wait(dev, metadata, pin, -1)); + int ms = dev->timeout_ms; + + return (credman_get_metadata_wait(dev, metadata, pin, &ms)); } static int @@ -321,7 +323,7 @@ credman_parse_rk_count(const cbor_item_t *key, const cbor_item_t *val, } static int -credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms) +credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -360,7 +362,7 @@ credman_rx_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms) } static int -credman_rx_next_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms) +credman_rx_next_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -390,7 +392,7 @@ credman_rx_next_rk(fido_dev_t *dev, fido_credman_rk_t *rk, int ms) static int credman_get_rk_wait(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk, - const char *pin, int ms) + const char *pin, int *ms) { fido_blob_t rp_dgst; uint8_t dgst[SHA256_DIGEST_LENGTH]; @@ -405,13 +407,13 @@ credman_get_rk_wait(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk, rp_dgst.len = sizeof(dgst); if ((r = credman_tx(dev, CMD_RK_BEGIN, &rp_dgst, pin, rp_id, - FIDO_OPT_TRUE)) != FIDO_OK || + FIDO_OPT_TRUE, ms)) != FIDO_OK || (r = credman_rx_rk(dev, rk, ms)) != FIDO_OK) return (r); while (rk->n_rx < rk->n_alloc) { if ((r = credman_tx(dev, CMD_RK_NEXT, NULL, NULL, NULL, - FIDO_OPT_FALSE)) != FIDO_OK || + FIDO_OPT_FALSE, ms)) != FIDO_OK || (r = credman_rx_next_rk(dev, rk, ms)) != FIDO_OK) return (r); rk->n_rx++; @@ -424,12 +426,14 @@ int fido_credman_get_dev_rk(fido_dev_t *dev, const char *rp_id, fido_credman_rk_t *rk, const char *pin) { - return (credman_get_rk_wait(dev, rp_id, rk, pin, -1)); + int ms = dev->timeout_ms; + + return (credman_get_rk_wait(dev, rp_id, rk, pin, &ms)); } static int credman_del_rk_wait(fido_dev_t *dev, const unsigned char *cred_id, - size_t cred_id_len, const char *pin, int ms) + size_t cred_id_len, const char *pin, int *ms) { fido_blob_t cred; int r; @@ -440,7 +444,7 @@ credman_del_rk_wait(fido_dev_t *dev, const unsigned char *cred_id, return (FIDO_ERR_INVALID_ARGUMENT); if ((r = credman_tx(dev, CMD_DELETE_CRED, &cred, pin, NULL, - FIDO_OPT_TRUE)) != FIDO_OK || + FIDO_OPT_TRUE, ms)) != FIDO_OK || (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) goto fail; @@ -455,7 +459,9 @@ int fido_credman_del_dev_rk(fido_dev_t *dev, const unsigned char *cred_id, size_t cred_id_len, const char *pin) { - return (credman_del_rk_wait(dev, cred_id, cred_id_len, pin, -1)); + int ms = dev->timeout_ms; + + return (credman_del_rk_wait(dev, cred_id, cred_id_len, pin, &ms)); } static int @@ -526,7 +532,7 @@ credman_parse_rp_count(const cbor_item_t *key, const cbor_item_t *val, } static int -credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms) +credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -565,7 +571,7 @@ credman_rx_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms) } static int -credman_rx_next_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms) +credman_rx_next_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -595,18 +601,18 @@ credman_rx_next_rp(fido_dev_t *dev, fido_credman_rp_t *rp, int ms) static int credman_get_rp_wait(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin, - int ms) + int *ms) { int r; if ((r = credman_tx(dev, CMD_RP_BEGIN, NULL, pin, NULL, - FIDO_OPT_TRUE)) != FIDO_OK || + FIDO_OPT_TRUE, ms)) != FIDO_OK || (r = credman_rx_rp(dev, rp, ms)) != FIDO_OK) return (r); while (rp->n_rx < rp->n_alloc) { if ((r = credman_tx(dev, CMD_RP_NEXT, NULL, NULL, NULL, - FIDO_OPT_FALSE)) != FIDO_OK || + FIDO_OPT_FALSE, ms)) != FIDO_OK || (r = credman_rx_next_rp(dev, rp, ms)) != FIDO_OK) return (r); rp->n_rx++; @@ -618,17 +624,19 @@ credman_get_rp_wait(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin, int fido_credman_get_dev_rp(fido_dev_t *dev, fido_credman_rp_t *rp, const char *pin) { - return (credman_get_rp_wait(dev, rp, pin, -1)); + int ms = dev->timeout_ms; + + return (credman_get_rp_wait(dev, rp, pin, &ms)); } static int credman_set_dev_rk_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin, - int ms) + int *ms) { int r; if ((r = credman_tx(dev, CMD_UPDATE_CRED, cred, pin, NULL, - FIDO_OPT_TRUE)) != FIDO_OK || + FIDO_OPT_TRUE, ms)) != FIDO_OK || (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) return (r); @@ -638,7 +646,9 @@ credman_set_dev_rk_wait(fido_dev_t *dev, fido_cred_t *cred, const char *pin, int fido_credman_set_dev_rk(fido_dev_t *dev, fido_cred_t *cred, const char *pin) { - return (credman_set_dev_rk_wait(dev, cred, pin, -1)); + int ms = dev->timeout_ms; + + return (credman_set_dev_rk_wait(dev, cred, pin, &ms)); } fido_credman_rk_t * diff --git a/src/dev.c b/src/dev.c index a003854f89d2..0c3cf64a462b 100644 --- a/src/dev.c +++ b/src/dev.c @@ -106,7 +106,7 @@ fido_dev_set_flags(fido_dev_t *dev, const fido_cbor_info_t *info) } static int -fido_dev_open_tx(fido_dev_t *dev, const char *path) +fido_dev_open_tx(fido_dev_t *dev, const char *path, int *ms) { int r; @@ -161,7 +161,8 @@ fido_dev_open_tx(fido_dev_t *dev, const char *path) goto fail; } - if (fido_tx(dev, CTAP_CMD_INIT, &dev->nonce, sizeof(dev->nonce)) < 0) { + if (fido_tx(dev, CTAP_CMD_INIT, &dev->nonce, sizeof(dev->nonce), + ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -176,7 +177,7 @@ fido_dev_open_tx(fido_dev_t *dev, const char *path) } static int -fido_dev_open_rx(fido_dev_t *dev, int ms) +fido_dev_open_rx(fido_dev_t *dev, int *ms) { fido_cbor_info_t *info = NULL; int reply_len; @@ -241,7 +242,7 @@ fido_dev_open_rx(fido_dev_t *dev, int ms) } static int -fido_dev_open_wait(fido_dev_t *dev, const char *path, int ms) +fido_dev_open_wait(fido_dev_t *dev, const char *path, int *ms) { int r; @@ -249,7 +250,7 @@ fido_dev_open_wait(fido_dev_t *dev, const char *path, int ms) if (strcmp(path, FIDO_WINHELLO_PATH) == 0) return (fido_winhello_open(dev)); #endif - if ((r = fido_dev_open_tx(dev, path)) != FIDO_OK || + if ((r = fido_dev_open_tx(dev, path, ms)) != FIDO_OK || (r = fido_dev_open_rx(dev, ms)) != FIDO_OK) return (r); @@ -331,24 +332,21 @@ fido_dev_info_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) int fido_dev_open_with_info(fido_dev_t *dev) { + int ms = dev->timeout_ms; + if (dev->path == NULL) return (FIDO_ERR_INVALID_ARGUMENT); - return (fido_dev_open_wait(dev, dev->path, -1)); + return (fido_dev_open_wait(dev, dev->path, &ms)); } int fido_dev_open(fido_dev_t *dev, const char *path) { + int ms = dev->timeout_ms; + #ifdef NFC_LINUX - /* - * this is a hack to get existing applications up and running with nfc; - * it will *NOT* be part of a libfido2 release. to support nfc in your - * application, please change it to use fido_dev_open_with_info(). - */ - if (strncmp(path, "/sys", strlen("/sys")) == 0 && strlen(path) > 4 && - path[strlen(path) - 4] == 'n' && path[strlen(path) - 3] == 'f' && - path[strlen(path) - 2] == 'c') { + if (strncmp(path, FIDO_NFC_PREFIX, strlen(FIDO_NFC_PREFIX)) == 0) { dev->io_own = true; dev->io = (fido_dev_io_t) { fido_nfc_open, @@ -363,7 +361,7 @@ fido_dev_open(fido_dev_t *dev, const char *path) } #endif - return (fido_dev_open_wait(dev, path, -1)); + return (fido_dev_open_wait(dev, path, &ms)); } int @@ -386,26 +384,31 @@ fido_dev_close(fido_dev_t *dev) int fido_dev_set_sigmask(fido_dev_t *dev, const fido_sigset_t *sigmask) { - if (dev->io_own || dev->io_handle == NULL || sigmask == NULL) + if (dev->io_handle == NULL || sigmask == NULL) return (FIDO_ERR_INVALID_ARGUMENT); #ifdef NFC_LINUX - if (dev->transport.rx == fido_nfc_rx) + if (dev->transport.rx == fido_nfc_rx && dev->io.read == fido_nfc_read) return (fido_nfc_set_sigmask(dev->io_handle, sigmask)); #endif - return (fido_hid_set_sigmask(dev->io_handle, sigmask)); + if (dev->transport.rx == NULL && dev->io.read == fido_hid_read) + return (fido_hid_set_sigmask(dev->io_handle, sigmask)); + + return (FIDO_ERR_INVALID_ARGUMENT); } int fido_dev_cancel(fido_dev_t *dev) { + int ms = dev->timeout_ms; + #ifdef USE_WINHELLO if (dev->flags & FIDO_DEV_WINHELLO) return (fido_winhello_cancel(dev)); #endif if (fido_dev_is_fido2(dev) == false) return (FIDO_ERR_INVALID_ARGUMENT); - if (fido_tx(dev, CTAP_CMD_CANCEL, NULL, 0) < 0) + if (fido_tx(dev, CTAP_CMD_CANCEL, NULL, 0, &ms) < 0) return (FIDO_ERR_TX); return (FIDO_OK); @@ -421,6 +424,7 @@ fido_dev_get_touch_begin(fido_dev_t *dev) unsigned char cdh[SHA256_DIGEST_LENGTH]; fido_rp_t rp; fido_user_t user; + int ms = dev->timeout_ms; int r = FIDO_ERR_INTERNAL; memset(&f, 0, sizeof(f)); @@ -430,7 +434,7 @@ fido_dev_get_touch_begin(fido_dev_t *dev) memset(&user, 0, sizeof(user)); if (fido_dev_is_fido2(dev) == false) - return (u2f_get_touch_begin(dev)); + return (u2f_get_touch_begin(dev, &ms)); if (SHA256((const void *)clientdata, strlen(clientdata), cdh) != cdh) { fido_log_debug("%s: sha256", __func__); @@ -465,7 +469,7 @@ fido_dev_get_touch_begin(fido_dev_t *dev) } if (cbor_build_frame(CTAP_CBOR_MAKECRED, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, &ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -490,9 +494,9 @@ fido_dev_get_touch_status(fido_dev_t *dev, int *touched, int ms) *touched = 0; if (fido_dev_is_fido2(dev) == false) - return (u2f_get_touch_status(dev, touched, ms)); + return (u2f_get_touch_status(dev, touched, &ms)); - switch ((r = fido_rx_cbor_status(dev, ms))) { + switch ((r = fido_rx_cbor_status(dev, &ms))) { case FIDO_ERR_PIN_AUTH_INVALID: case FIDO_ERR_PIN_INVALID: case FIDO_ERR_PIN_NOT_SET: @@ -562,6 +566,7 @@ fido_dev_new(void) return (NULL); dev->cid = CTAP_CID_BROADCAST; + dev->timeout_ms = -1; dev->io = (fido_dev_io_t) { &fido_hid_open, &fido_hid_close, @@ -593,6 +598,7 @@ fido_dev_new_with_info(const fido_dev_info_t *di) dev->io_own = di->transport.tx != NULL || di->transport.rx != NULL; dev->transport = di->transport; dev->cid = CTAP_CID_BROADCAST; + dev->timeout_ms = -1; if ((dev->path = strdup(di->path)) == NULL) { fido_log_debug("%s: strdup", __func__); @@ -730,3 +736,14 @@ fido_dev_maxmsgsize(const fido_dev_t *dev) { return (dev->maxmsgsize); } + +int +fido_dev_set_timeout(fido_dev_t *dev, int ms) +{ + if (ms < -1) + return (FIDO_ERR_INVALID_ARGUMENT); + + dev->timeout_ms = ms; + + return (FIDO_OK); +} diff --git a/src/ecdh.c b/src/ecdh.c index 3ea47ae6457e..9c4f2b99e1a9 100644 --- a/src/ecdh.c +++ b/src/ecdh.c @@ -8,14 +8,14 @@ #include #if defined(LIBRESSL_VERSION_NUMBER) #include -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L +#else #include #endif #include "fido.h" #include "fido/es256.h" -#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L +#if defined(LIBRESSL_VERSION_NUMBER) static int hkdf_sha256(uint8_t *key, const char *info, const fido_blob_t *secret) { @@ -56,7 +56,7 @@ hkdf_sha256(uint8_t *key, char *info, fido_blob_t *secret) EVP_PKEY_CTX_set_hkdf_md(ctx, md) < 1 || EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)) < 1 || EVP_PKEY_CTX_set1_hkdf_key(ctx, secret->ptr, (int)secret->len) < 1 || - EVP_PKEY_CTX_add1_hkdf_info(ctx, info, (int)strlen(info)) < 1) { + EVP_PKEY_CTX_add1_hkdf_info(ctx, (void *)info, (int)strlen(info)) < 1) { fido_log_debug("%s: EVP_PKEY_CTX", __func__); goto fail; } @@ -74,7 +74,7 @@ hkdf_sha256(uint8_t *key, char *info, fido_blob_t *secret) return ok; } -#endif /* defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L */ +#endif /* defined(LIBRESSL_VERSION_NUMBER) */ static int kdf(uint8_t prot, fido_blob_t *key, /* const */ fido_blob_t *secret) @@ -164,7 +164,7 @@ do_ecdh(const fido_dev_t *dev, const es256_sk_t *sk, const es256_pk_t *pk, } int -fido_do_ecdh(fido_dev_t *dev, es256_pk_t **pk, fido_blob_t **ecdh) +fido_do_ecdh(fido_dev_t *dev, es256_pk_t **pk, fido_blob_t **ecdh, int *ms) { es256_sk_t *sk = NULL; /* our private key */ es256_pk_t *ak = NULL; /* authenticator's public key */ @@ -182,7 +182,7 @@ fido_do_ecdh(fido_dev_t *dev, es256_pk_t **pk, fido_blob_t **ecdh) goto fail; } if ((ak = es256_pk_new()) == NULL || - fido_dev_authkey(dev, ak) != FIDO_OK) { + fido_dev_authkey(dev, ak, ms) != FIDO_OK) { fido_log_debug("%s: fido_dev_authkey", __func__); r = FIDO_ERR_INTERNAL; goto fail; diff --git a/src/eddsa.c b/src/eddsa.c index 89b84c5a6bd4..d228149ebf4d 100644 --- a/src/eddsa.c +++ b/src/eddsa.c @@ -10,7 +10,7 @@ #include "fido.h" #include "fido/eddsa.h" -#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L +#if defined(LIBRESSL_VERSION_NUMBER) EVP_PKEY * EVP_PKEY_new_raw_public_key(int type, ENGINE *e, const unsigned char *key, size_t keylen) @@ -52,23 +52,7 @@ EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen, return (0); } -#endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */ - -#if OPENSSL_VERSION_NUMBER < 0x10100000L -EVP_MD_CTX * -EVP_MD_CTX_new(void) -{ - fido_log_debug("%s: unimplemented", __func__); - - return (NULL); -} - -void -EVP_MD_CTX_free(EVP_MD_CTX *ctx) -{ - (void)ctx; -} -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +#endif /* LIBRESSL_VERSION_NUMBER */ static int decode_coord(const cbor_item_t *item, void *xy, size_t xy_len) @@ -170,3 +154,65 @@ eddsa_pk_from_EVP_PKEY(eddsa_pk_t *pk, const EVP_PKEY *pkey) return (FIDO_OK); } + +int +eddsa_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, + const fido_blob_t *sig) +{ + EVP_MD_CTX *mdctx = NULL; + int ok = -1; + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_ED25519) { + fido_log_debug("%s: EVP_PKEY_base_id", __func__); + goto fail; + } + + /* EVP_DigestVerify needs ints */ + if (dgst->len > INT_MAX || sig->len > INT_MAX) { + fido_log_debug("%s: dgst->len=%zu, sig->len=%zu", __func__, + dgst->len, sig->len); + return (-1); + } + + if ((mdctx = EVP_MD_CTX_new()) == NULL) { + fido_log_debug("%s: EVP_MD_CTX_new", __func__); + goto fail; + } + + if (EVP_DigestVerifyInit(mdctx, NULL, NULL, NULL, pkey) != 1) { + fido_log_debug("%s: EVP_DigestVerifyInit", __func__); + goto fail; + } + + if (EVP_DigestVerify(mdctx, sig->ptr, sig->len, dgst->ptr, + dgst->len) != 1) { + fido_log_debug("%s: EVP_DigestVerify", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_MD_CTX_free(mdctx); + + return (ok); +} + +int +eddsa_pk_verify_sig(const fido_blob_t *dgst, const eddsa_pk_t *pk, + const fido_blob_t *sig) +{ + EVP_PKEY *pkey; + int ok = -1; + + if ((pkey = eddsa_pk_to_EVP_PKEY(pk)) == NULL || + eddsa_verify_sig(dgst, pkey, sig) < 0) { + fido_log_debug("%s: eddsa_verify_sig", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_PKEY_free(pkey); + + return (ok); +} diff --git a/src/es256.c b/src/es256.c index 9cdb48e4832d..eb4cc63525aa 100644 --- a/src/es256.c +++ b/src/es256.c @@ -1,10 +1,11 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ #include +#include #include #include "fido.h" @@ -362,6 +363,18 @@ es256_pk_from_EC_KEY(es256_pk_t *pk, const EC_KEY *ec) return (ok); } +int +es256_pk_from_EVP_PKEY(es256_pk_t *pk, const EVP_PKEY *pkey) +{ + EC_KEY *ec; + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC || + (ec = EVP_PKEY_get0(pkey)) == NULL) + return (FIDO_ERR_INVALID_ARGUMENT); + + return (es256_pk_from_EC_KEY(pk, ec)); +} + EVP_PKEY * es256_sk_to_EVP_PKEY(const es256_sk_t *k) { @@ -451,3 +464,50 @@ es256_derive_pk(const es256_sk_t *sk, es256_pk_t *pk) return (ok); } + +int +es256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, + const fido_blob_t *sig) +{ + EVP_PKEY_CTX *pctx = NULL; + int ok = -1; + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + fido_log_debug("%s: EVP_PKEY_base_id", __func__); + goto fail; + } + + if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || + EVP_PKEY_verify_init(pctx) != 1 || + EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr, + dgst->len) != 1) { + fido_log_debug("%s: EVP_PKEY_verify", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_PKEY_CTX_free(pctx); + + return (ok); +} + +int +es256_pk_verify_sig(const fido_blob_t *dgst, const es256_pk_t *pk, + const fido_blob_t *sig) +{ + EVP_PKEY *pkey; + int ok = -1; + + if ((pkey = es256_pk_to_EVP_PKEY(pk)) == NULL || + es256_verify_sig(dgst, pkey, sig) < 0) { + fido_log_debug("%s: es256_verify_sig", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_PKEY_free(pkey); + + return (ok); +} diff --git a/src/export.gnu b/src/export.gnu index 40dc7915e6e2..2a8ad24b4c3c 100644 --- a/src/export.gnu +++ b/src/export.gnu @@ -7,6 +7,7 @@ eddsa_pk_to_EVP_PKEY; es256_pk_free; es256_pk_from_EC_KEY; + es256_pk_from_EVP_PKEY; es256_pk_from_ptr; es256_pk_new; es256_pk_to_EVP_PKEY; @@ -99,6 +100,8 @@ fido_cbor_info_transports_ptr; fido_cbor_info_versions_len; fido_cbor_info_versions_ptr; + fido_cred_attstmt_len; + fido_cred_attstmt_ptr; fido_cred_authdata_len; fido_cred_authdata_ptr; fido_cred_authdata_raw_len; @@ -138,11 +141,13 @@ fido_credman_rp_new; fido_credman_set_dev_rk; fido_cred_new; + fido_cred_pin_minlen; fido_cred_prot; fido_cred_pubkey_len; fido_cred_pubkey_ptr; fido_cred_rp_id; fido_cred_rp_name; + fido_cred_set_attstmt; fido_cred_set_authdata; fido_cred_set_authdata_raw; fido_cred_set_blob; @@ -152,6 +157,7 @@ fido_cred_set_fmt; fido_cred_set_id; fido_cred_set_options; + fido_cred_set_pin_minlen; fido_cred_set_prot; fido_cred_set_rk; fido_cred_set_rp; @@ -208,7 +214,9 @@ fido_dev_set_io_functions; fido_dev_set_pin; fido_dev_set_pin_minlen; + fido_dev_set_pin_minlen_rpid; fido_dev_set_sigmask; + fido_dev_set_timeout; fido_dev_set_transport_functions; fido_dev_supports_cred_prot; fido_dev_supports_credman; @@ -226,6 +234,7 @@ fido_strerr; rs256_pk_free; rs256_pk_from_ptr; + rs256_pk_from_EVP_PKEY; rs256_pk_from_RSA; rs256_pk_new; rs256_pk_to_EVP_PKEY; diff --git a/src/export.llvm b/src/export.llvm index 8d3810f92ce9..e163afecedce 100644 --- a/src/export.llvm +++ b/src/export.llvm @@ -5,6 +5,7 @@ _eddsa_pk_new _eddsa_pk_to_EVP_PKEY _es256_pk_free _es256_pk_from_EC_KEY +_es256_pk_from_EVP_PKEY _es256_pk_from_ptr _es256_pk_new _es256_pk_to_EVP_PKEY @@ -97,6 +98,8 @@ _fido_cbor_info_transports_len _fido_cbor_info_transports_ptr _fido_cbor_info_versions_len _fido_cbor_info_versions_ptr +_fido_cred_attstmt_len +_fido_cred_attstmt_ptr _fido_cred_authdata_len _fido_cred_authdata_ptr _fido_cred_authdata_raw_len @@ -136,11 +139,13 @@ _fido_credman_rp_name _fido_credman_rp_new _fido_credman_set_dev_rk _fido_cred_new +_fido_cred_pin_minlen _fido_cred_prot _fido_cred_pubkey_len _fido_cred_pubkey_ptr _fido_cred_rp_id _fido_cred_rp_name +_fido_cred_set_attstmt _fido_cred_set_authdata _fido_cred_set_authdata_raw _fido_cred_set_blob @@ -150,6 +155,7 @@ _fido_cred_set_extensions _fido_cred_set_fmt _fido_cred_set_id _fido_cred_set_options +_fido_cred_set_pin_minlen _fido_cred_set_prot _fido_cred_set_rk _fido_cred_set_rp @@ -206,7 +212,9 @@ _fido_dev_reset _fido_dev_set_io_functions _fido_dev_set_pin _fido_dev_set_pin_minlen +_fido_dev_set_pin_minlen_rpid _fido_dev_set_sigmask +_fido_dev_set_timeout _fido_dev_set_transport_functions _fido_dev_supports_cred_prot _fido_dev_supports_credman @@ -224,6 +232,7 @@ _fido_set_log_handler _fido_strerr _rs256_pk_free _rs256_pk_from_ptr +_rs256_pk_from_EVP_PKEY _rs256_pk_from_RSA _rs256_pk_new _rs256_pk_to_EVP_PKEY diff --git a/src/export.msvc b/src/export.msvc index ca4971dec2d1..9fc24e335e8d 100644 --- a/src/export.msvc +++ b/src/export.msvc @@ -6,6 +6,7 @@ eddsa_pk_new eddsa_pk_to_EVP_PKEY es256_pk_free es256_pk_from_EC_KEY +es256_pk_from_EVP_PKEY es256_pk_from_ptr es256_pk_new es256_pk_to_EVP_PKEY @@ -98,6 +99,8 @@ fido_cbor_info_transports_len fido_cbor_info_transports_ptr fido_cbor_info_versions_len fido_cbor_info_versions_ptr +fido_cred_attstmt_len +fido_cred_attstmt_ptr fido_cred_authdata_len fido_cred_authdata_ptr fido_cred_authdata_raw_len @@ -137,11 +140,13 @@ fido_credman_rp_name fido_credman_rp_new fido_credman_set_dev_rk fido_cred_new +fido_cred_pin_minlen fido_cred_prot fido_cred_pubkey_len fido_cred_pubkey_ptr fido_cred_rp_id fido_cred_rp_name +fido_cred_set_attstmt fido_cred_set_authdata fido_cred_set_authdata_raw fido_cred_set_blob @@ -151,6 +156,7 @@ fido_cred_set_extensions fido_cred_set_fmt fido_cred_set_id fido_cred_set_options +fido_cred_set_pin_minlen fido_cred_set_prot fido_cred_set_rk fido_cred_set_rp @@ -207,7 +213,9 @@ fido_dev_reset fido_dev_set_io_functions fido_dev_set_pin fido_dev_set_pin_minlen +fido_dev_set_pin_minlen_rpid fido_dev_set_sigmask +fido_dev_set_timeout fido_dev_set_transport_functions fido_dev_supports_cred_prot fido_dev_supports_credman @@ -225,6 +233,7 @@ fido_set_log_handler fido_strerr rs256_pk_free rs256_pk_from_ptr +rs256_pk_from_EVP_PKEY rs256_pk_from_RSA rs256_pk_new rs256_pk_to_EVP_PKEY diff --git a/src/extern.h b/src/extern.h index 3be33236f2b1..dc6bddd7b912 100644 --- a/src/extern.h +++ b/src/extern.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -51,6 +51,7 @@ cbor_item_t *cbor_encode_pubkey(const fido_blob_t *); cbor_item_t *cbor_encode_pubkey_list(const fido_blob_array_t *); cbor_item_t *cbor_encode_pubkey_param(int); cbor_item_t *cbor_encode_rp_entity(const fido_rp_t *); +cbor_item_t *cbor_encode_str_array(const fido_str_array_t *); cbor_item_t *cbor_encode_user_entity(const fido_user_t *); cbor_item_t *es256_pk_encode(const es256_pk_t *, int); @@ -86,7 +87,7 @@ int cbor_parse_reply(const unsigned char *, size_t, void *, int(*)(const cbor_item_t *, const cbor_item_t *, void *)); int cbor_add_uv_params(fido_dev_t *, uint8_t, const fido_blob_t *, const es256_pk_t *, const fido_blob_t *, const char *, const char *, - cbor_item_t **, cbor_item_t **); + cbor_item_t **, cbor_item_t **, int *); void cbor_vector_free(cbor_item_t **, size_t); int cbor_array_append(cbor_item_t **, cbor_item_t *); int cbor_array_drop(cbor_item_t **, size_t); @@ -130,14 +131,14 @@ int fido_winhello_manifest(fido_dev_info_t *, size_t, size_t *); int fido_winhello_open(fido_dev_t *); int fido_winhello_close(fido_dev_t *); int fido_winhello_cancel(fido_dev_t *); -int fido_winhello_get_assert(fido_dev_t *, fido_assert_t *, const char *); +int fido_winhello_get_assert(fido_dev_t *, fido_assert_t *, const char *, int); int fido_winhello_get_cbor_info(fido_dev_t *, fido_cbor_info_t *); -int fido_winhello_make_cred(fido_dev_t *, fido_cred_t *, const char *); +int fido_winhello_make_cred(fido_dev_t *, fido_cred_t *, const char *, int); /* generic i/o */ -int fido_rx_cbor_status(fido_dev_t *, int); -int fido_rx(fido_dev_t *, uint8_t, void *, size_t, int); -int fido_tx(fido_dev_t *, uint8_t, const void *, size_t); +int fido_rx_cbor_status(fido_dev_t *, int *); +int fido_rx(fido_dev_t *, uint8_t, void *, size_t, int *); +int fido_tx(fido_dev_t *, uint8_t, const void *, size_t, int *); /* log */ #ifdef FIDO_NO_DIAGNOSTIC @@ -163,21 +164,30 @@ void fido_log_error(int, const char *, ...); #endif /* FIDO_NO_DIAGNOSTIC */ /* u2f */ -int u2f_register(fido_dev_t *, fido_cred_t *, int); -int u2f_authenticate(fido_dev_t *, fido_assert_t *, int); -int u2f_get_touch_begin(fido_dev_t *); -int u2f_get_touch_status(fido_dev_t *, int *, int); +int u2f_register(fido_dev_t *, fido_cred_t *, int *); +int u2f_authenticate(fido_dev_t *, fido_assert_t *, int *); +int u2f_get_touch_begin(fido_dev_t *, int *); +int u2f_get_touch_status(fido_dev_t *, int *, int *); /* unexposed fido ops */ uint8_t fido_dev_get_pin_protocol(const fido_dev_t *); -int fido_dev_authkey(fido_dev_t *, es256_pk_t *); -int fido_dev_get_cbor_info_wait(fido_dev_t *, fido_cbor_info_t *, int); +int fido_dev_authkey(fido_dev_t *, es256_pk_t *, int *); +int fido_dev_get_cbor_info_wait(fido_dev_t *, fido_cbor_info_t *, int *); int fido_dev_get_uv_token(fido_dev_t *, uint8_t, const char *, - const fido_blob_t *, const es256_pk_t *, const char *, fido_blob_t *); + const fido_blob_t *, const es256_pk_t *, const char *, fido_blob_t *, + int *); uint64_t fido_dev_maxmsgsize(const fido_dev_t *); -int fido_do_ecdh(fido_dev_t *, es256_pk_t **, fido_blob_t **); +int fido_do_ecdh(fido_dev_t *, es256_pk_t **, fido_blob_t **, int *); bool fido_dev_supports_permissions(const fido_dev_t *); +/* types */ +void fido_algo_array_free(fido_algo_array_t *); +void fido_byte_array_free(fido_byte_array_t *); +void fido_opt_array_free(fido_opt_array_t *); +void fido_str_array_free(fido_str_array_t *); +void fido_algo_free(fido_algo_t *); +int fido_str_array_pack(fido_str_array_t *, const char * const *, size_t); + /* misc */ void fido_assert_reset_rx(fido_assert_t *); void fido_assert_reset_tx(fido_assert_t *); @@ -189,16 +199,24 @@ int fido_check_flags(uint8_t, fido_opt_t, fido_opt_t); int fido_check_rp_id(const char *, const unsigned char *); int fido_get_random(void *, size_t); int fido_sha256(fido_blob_t *, const u_char *, size_t); +int fido_time_now(struct timespec *); +int fido_time_delta(const struct timespec *, int *); /* crypto */ -int fido_verify_sig_es256(const fido_blob_t *, const es256_pk_t *, +int es256_verify_sig(const fido_blob_t *, EVP_PKEY *, const fido_blob_t *); +int rs256_verify_sig(const fido_blob_t *, EVP_PKEY *, const fido_blob_t *); +int eddsa_verify_sig(const fido_blob_t *, EVP_PKEY *, const fido_blob_t *); +int rs1_verify_sig(const fido_blob_t *, EVP_PKEY *, const fido_blob_t *); +int es256_pk_verify_sig(const fido_blob_t *, const es256_pk_t *, const fido_blob_t *); -int fido_verify_sig_rs256(const fido_blob_t *, const rs256_pk_t *, +int rs256_pk_verify_sig(const fido_blob_t *, const rs256_pk_t *, const fido_blob_t *); -int fido_verify_sig_eddsa(const fido_blob_t *, const eddsa_pk_t *, +int eddsa_pk_verify_sig(const fido_blob_t *, const eddsa_pk_t *, const fido_blob_t *); int fido_get_signed_hash(int, fido_blob_t *, const fido_blob_t *, const fido_blob_t *); +int fido_get_signed_hash_tpm(fido_blob_t *, const fido_blob_t *, + const fido_blob_t *, const fido_attstmt_t *, const fido_attcred_t *); /* device manifest functions */ int fido_hid_manifest(fido_dev_info_t *, size_t, size_t *); @@ -232,6 +250,7 @@ uint32_t uniform_random(uint32_t); #define FIDO_DUMMY_USER_NAME "dummy" #define FIDO_DUMMY_USER_ID 1 #define FIDO_WINHELLO_PATH "windows://hello" +#define FIDO_NFC_PREFIX "nfc:" #ifdef __cplusplus } /* extern "C" */ diff --git a/src/fido.h b/src/fido.h index d5446516f972..51bdb526d3f0 100644 --- a/src/fido.h +++ b/src/fido.h @@ -86,16 +86,17 @@ const char *fido_dev_info_product_string(const fido_dev_info_t *); const fido_dev_info_t *fido_dev_info_ptr(const fido_dev_info_t *, size_t); const uint8_t *fido_cbor_info_protocols_ptr(const fido_cbor_info_t *); const unsigned char *fido_cbor_info_aaguid_ptr(const fido_cbor_info_t *); +const unsigned char *fido_cred_aaguid_ptr(const fido_cred_t *); +const unsigned char *fido_cred_attstmt_ptr(const fido_cred_t *); const unsigned char *fido_cred_authdata_ptr(const fido_cred_t *); const unsigned char *fido_cred_authdata_raw_ptr(const fido_cred_t *); const unsigned char *fido_cred_clientdata_hash_ptr(const fido_cred_t *); const unsigned char *fido_cred_id_ptr(const fido_cred_t *); -const unsigned char *fido_cred_aaguid_ptr(const fido_cred_t *); -const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *); +const unsigned char *fido_cred_largeblob_key_ptr(const fido_cred_t *); const unsigned char *fido_cred_pubkey_ptr(const fido_cred_t *); const unsigned char *fido_cred_sig_ptr(const fido_cred_t *); +const unsigned char *fido_cred_user_id_ptr(const fido_cred_t *); const unsigned char *fido_cred_x5c_ptr(const fido_cred_t *); -const unsigned char *fido_cred_largeblob_key_ptr(const fido_cred_t *); int fido_assert_allow_cred(fido_assert_t *, const unsigned char *, size_t); int fido_assert_set_authdata(fido_assert_t *, size_t, const unsigned char *, @@ -119,6 +120,7 @@ int fido_assert_verify(const fido_assert_t *, size_t, int, const void *); int fido_cbor_info_algorithm_cose(const fido_cbor_info_t *, size_t); int fido_cred_exclude(fido_cred_t *, const unsigned char *, size_t); int fido_cred_prot(const fido_cred_t *); +int fido_cred_set_attstmt(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_authdata(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_authdata_raw(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_blob(fido_cred_t *, const unsigned char *, size_t); @@ -128,6 +130,7 @@ int fido_cred_set_extensions(fido_cred_t *, int); int fido_cred_set_fmt(fido_cred_t *, const char *); int fido_cred_set_id(fido_cred_t *, const unsigned char *, size_t); int fido_cred_set_options(fido_cred_t *, bool, bool); +int fido_cred_set_pin_minlen(fido_cred_t *, size_t); int fido_cred_set_prot(fido_cred_t *, int); int fido_cred_set_rk(fido_cred_t *, fido_opt_t); int fido_cred_set_rp(fido_cred_t *, const char *, const char *); @@ -157,6 +160,7 @@ int fido_dev_reset(fido_dev_t *); int fido_dev_set_io_functions(fido_dev_t *, const fido_dev_io_t *); int fido_dev_set_pin(fido_dev_t *, const char *, const char *); int fido_dev_set_transport_functions(fido_dev_t *, const fido_dev_transport_t *); +int fido_dev_set_timeout(fido_dev_t *, int); size_t fido_assert_authdata_len(const fido_assert_t *, size_t); size_t fido_assert_clientdata_hash_len(const fido_assert_t *); @@ -174,16 +178,18 @@ size_t fido_cbor_info_options_len(const fido_cbor_info_t *); size_t fido_cbor_info_protocols_len(const fido_cbor_info_t *); size_t fido_cbor_info_transports_len(const fido_cbor_info_t *); size_t fido_cbor_info_versions_len(const fido_cbor_info_t *); +size_t fido_cred_aaguid_len(const fido_cred_t *); +size_t fido_cred_attstmt_len(const fido_cred_t *); size_t fido_cred_authdata_len(const fido_cred_t *); size_t fido_cred_authdata_raw_len(const fido_cred_t *); size_t fido_cred_clientdata_hash_len(const fido_cred_t *); size_t fido_cred_id_len(const fido_cred_t *); -size_t fido_cred_aaguid_len(const fido_cred_t *); -size_t fido_cred_user_id_len(const fido_cred_t *); +size_t fido_cred_largeblob_key_len(const fido_cred_t *); +size_t fido_cred_pin_minlen(const fido_cred_t *); size_t fido_cred_pubkey_len(const fido_cred_t *); size_t fido_cred_sig_len(const fido_cred_t *); +size_t fido_cred_user_id_len(const fido_cred_t *); size_t fido_cred_x5c_len(const fido_cred_t *); -size_t fido_cred_largeblob_key_len(const fido_cred_t *); uint8_t fido_assert_flags(const fido_assert_t *, size_t); uint32_t fido_assert_sigcount(const fido_assert_t *, size_t); diff --git a/src/fido/config.h b/src/fido/config.h index 869927df914b..d8134a3c7b6c 100644 --- a/src/fido/config.h +++ b/src/fido/config.h @@ -26,6 +26,8 @@ int fido_dev_enable_entattest(fido_dev_t *, const char *); int fido_dev_force_pin_change(fido_dev_t *, const char *); int fido_dev_toggle_always_uv(fido_dev_t *, const char *); int fido_dev_set_pin_minlen(fido_dev_t *, size_t, const char *); +int fido_dev_set_pin_minlen_rpid(fido_dev_t *, const char * const *, size_t, + const char *); #ifdef __cplusplus } /* extern "C" */ diff --git a/src/fido/eddsa.h b/src/fido/eddsa.h index 4a810179b6fa..083721cc3d3f 100644 --- a/src/fido/eddsa.h +++ b/src/fido/eddsa.h @@ -31,19 +31,14 @@ int eddsa_pk_from_ptr(eddsa_pk_t *, const void *, size_t); #ifdef _FIDO_INTERNAL -#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10101000L +#if defined(LIBRESSL_VERSION_NUMBER) #define EVP_PKEY_ED25519 EVP_PKEY_NONE int EVP_PKEY_get_raw_public_key(const EVP_PKEY *, unsigned char *, size_t *); EVP_PKEY *EVP_PKEY_new_raw_public_key(int, ENGINE *, const unsigned char *, size_t); int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t, const unsigned char *, size_t); -#endif /* LIBRESSL_VERSION_NUMBER || OPENSSL_VERSION_NUMBER < 0x10101000L */ - -#if OPENSSL_VERSION_NUMBER < 0x10100000L -EVP_MD_CTX *EVP_MD_CTX_new(void); -void EVP_MD_CTX_free(EVP_MD_CTX *); -#endif +#endif /* LIBRESSL_VERSION_NUMBER */ #endif /* _FIDO_INTERNAL */ diff --git a/src/fido/es256.h b/src/fido/es256.h index 80f4db39c7b0..683494dadfe2 100644 --- a/src/fido/es256.h +++ b/src/fido/es256.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -27,6 +27,7 @@ void es256_pk_free(es256_pk_t **); EVP_PKEY *es256_pk_to_EVP_PKEY(const es256_pk_t *); int es256_pk_from_EC_KEY(es256_pk_t *, const EC_KEY *); +int es256_pk_from_EVP_PKEY(es256_pk_t *, const EVP_PKEY *); int es256_pk_from_ptr(es256_pk_t *, const void *, size_t); #ifdef _FIDO_INTERNAL diff --git a/src/fido/param.h b/src/fido/param.h index 025bb57dd81c..7c6db98cfd5d 100644 --- a/src/fido/param.h +++ b/src/fido/param.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -82,10 +82,12 @@ #define FIDO_CAP_NMSG 0x08 /* if set, device doesn't support CTAP_CMD_MSG */ /* Supported COSE algorithms. */ +#define COSE_UNSPEC 0 #define COSE_ES256 -7 #define COSE_EDDSA -8 #define COSE_ECDH_ES256 -25 #define COSE_RS256 -257 +#define COSE_RS1 -65535 /* Supported COSE types. */ #define COSE_KTY_OKP 1 @@ -101,6 +103,7 @@ #define FIDO_EXT_CRED_PROTECT 0x02 #define FIDO_EXT_LARGEBLOB_KEY 0x04 #define FIDO_EXT_CRED_BLOB 0x08 +#define FIDO_EXT_MINPINLEN 0x10 /* Supported credential protection policies. */ #define FIDO_CRED_PROT_UV_OPTIONAL 0x01 @@ -111,7 +114,8 @@ #define FIDO_EXT_ASSERT_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_LARGEBLOB_KEY| \ FIDO_EXT_CRED_BLOB) #define FIDO_EXT_CRED_MASK (FIDO_EXT_HMAC_SECRET|FIDO_EXT_CRED_PROTECT| \ - FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB) + FIDO_EXT_LARGEBLOB_KEY|FIDO_EXT_CRED_BLOB| \ + FIDO_EXT_MINPINLEN) #endif /* _FIDO_INTERNAL */ #endif /* !_FIDO_PARAM_H */ diff --git a/src/fido/rs256.h b/src/fido/rs256.h index 2b08d59980c1..039816191783 100644 --- a/src/fido/rs256.h +++ b/src/fido/rs256.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -26,6 +26,7 @@ rs256_pk_t *rs256_pk_new(void); void rs256_pk_free(rs256_pk_t **); EVP_PKEY *rs256_pk_to_EVP_PKEY(const rs256_pk_t *); +int rs256_pk_from_EVP_PKEY(rs256_pk_t *, const EVP_PKEY *); int rs256_pk_from_RSA(rs256_pk_t *, const RSA *); int rs256_pk_from_ptr(rs256_pk_t *, const void *, size_t); diff --git a/src/fido/types.h b/src/fido/types.h index 00b6058c7e13..92f55d979fdc 100644 --- a/src/fido/types.h +++ b/src/fido/types.h @@ -107,8 +107,12 @@ typedef struct fido_attcred { } fido_attcred_t; typedef struct fido_attstmt { - fido_blob_t x5c; /* attestation certificate */ - fido_blob_t sig; /* attestation signature */ + fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */ + fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */ + fido_blob_t cbor; /* cbor-encoded attestation statement */ + fido_blob_t x5c; /* attestation certificate */ + fido_blob_t sig; /* attestation signature */ + int alg; /* attestation algorithm (cose) */ } fido_attstmt_t; typedef struct fido_rp { @@ -124,8 +128,9 @@ typedef struct fido_user { } fido_user_t; typedef struct fido_cred_ext { - int mask; /* enabled extensions */ - int prot; /* protection policy */ + int mask; /* enabled extensions */ + int prot; /* protection policy */ + size_t minpinlen; /* minimum pin length */ } fido_cred_ext_t; typedef struct fido_cred { @@ -260,6 +265,7 @@ typedef struct fido_dev { int flags; /* internal flags; see FIDO_DEV_* */ fido_dev_transport_t transport; /* transport functions */ uint64_t maxmsgsize; /* max message size */ + int timeout_ms; /* read timeout in ms */ } fido_dev_t; #else diff --git a/src/hid_freebsd.c b/src/hid_freebsd.c index 86c1854e9c8c..5aefe69c1bec 100644 --- a/src/hid_freebsd.c +++ b/src/hid_freebsd.c @@ -14,6 +14,12 @@ #include "fido.h" +#if defined(__MidnightBSD__) +#define UHID_VENDOR "MidnightBSD" +#else +#define UHID_VENDOR "FreeBSD" +#endif + #define MAX_UHID 64 struct hid_freebsd { @@ -66,7 +72,7 @@ copy_info(fido_dev_info_t *di, const char *path) if (ioctl(fd, IOCTL_REQ(USB_GET_DEVICEINFO), &udi) == -1) { fido_log_error(errno, "%s: ioctl", __func__); - strlcpy(udi.udi_vendor, "FreeBSD", sizeof(udi.udi_vendor)); + strlcpy(udi.udi_vendor, UHID_VENDOR, sizeof(udi.udi_vendor)); strlcpy(udi.udi_product, "uhid(4)", sizeof(udi.udi_product)); udi.udi_vendorNo = 0x0b5d; /* stolen from PCI_VENDOR_OPENBSD */ } diff --git a/src/hid_linux.c b/src/hid_linux.c index c622880a2594..c4ce4fd578a6 100644 --- a/src/hid_linux.c +++ b/src/hid_linux.c @@ -160,9 +160,9 @@ copy_info(fido_dev_info_t *di, struct udev *udev, di->path = strdup(path); if ((di->manufacturer = get_usb_attr(dev, "manufacturer")) == NULL) - di->manufacturer = strdup("unknown"); + di->manufacturer = strdup(""); if ((di->product = get_usb_attr(dev, "product")) == NULL) - di->product = strdup("unknown"); + di->product = strdup(""); if (di->path == NULL || di->manufacturer == NULL || di->product == NULL) goto fail; diff --git a/src/hid_openbsd.c b/src/hid_openbsd.c index fbf10fd11ab9..d3d3bff0fc8b 100644 --- a/src/hid_openbsd.c +++ b/src/hid_openbsd.c @@ -23,6 +23,8 @@ struct hid_openbsd { int fd; size_t report_in_len; size_t report_out_len; + sigset_t sigmask; + const sigset_t *sigmaskp; }; int @@ -185,10 +187,12 @@ fido_hid_close(void *handle) int fido_hid_set_sigmask(void *handle, const fido_sigset_t *sigmask) { - (void)handle; - (void)sigmask; + struct hid_openbsd *ctx = handle; - return (FIDO_ERR_INTERNAL); + ctx->sigmask = *sigmask; + ctx->sigmaskp = &ctx->sigmask; + + return (FIDO_OK); } int @@ -197,14 +201,17 @@ fido_hid_read(void *handle, unsigned char *buf, size_t len, int ms) struct hid_openbsd *ctx = (struct hid_openbsd *)handle; ssize_t r; - (void)ms; /* XXX */ - if (len != ctx->report_in_len) { fido_log_debug("%s: invalid len: got %zu, want %zu", __func__, len, ctx->report_in_len); return (-1); } + if (fido_hid_unix_wait(ctx->fd, ms, ctx->sigmaskp) < 0) { + fido_log_debug("%s: fd not ready", __func__); + return (-1); + } + if ((r = read(ctx->fd, buf, len)) == -1) { fido_log_error(errno, "%s: read", __func__); return (-1); diff --git a/src/hid_osx.c b/src/hid_osx.c index e9866658a4eb..1f8b37a65597 100644 --- a/src/hid_osx.c +++ b/src/hid_osx.c @@ -11,6 +11,7 @@ #include #include +#include #include #include #include @@ -18,6 +19,10 @@ #include "fido.h" +#if __MAC_OS_X_VERSION_MIN_REQUIRED < 120000 +#define kIOMainPortDefault kIOMasterPortDefault +#endif + struct hid_osx { IOHIDDeviceRef ref; CFStringRef loop_id; @@ -131,23 +136,18 @@ get_str(IOHIDDeviceRef dev, char **manufacturer, char **product) *manufacturer = NULL; *product = NULL; - if (get_utf8(dev, CFSTR(kIOHIDManufacturerKey), buf, sizeof(buf)) < 0) { - fido_log_debug("%s: get_utf8 manufacturer", __func__); - goto fail; - } + if (get_utf8(dev, CFSTR(kIOHIDManufacturerKey), buf, sizeof(buf)) < 0) + *manufacturer = strdup(""); + else + *manufacturer = strdup(buf); - if ((*manufacturer = strdup(buf)) == NULL) { - fido_log_debug("%s: strdup manufacturer", __func__); - goto fail; - } + if (get_utf8(dev, CFSTR(kIOHIDProductKey), buf, sizeof(buf)) < 0) + *product = strdup(""); + else + *product = strdup(buf); - if (get_utf8(dev, CFSTR(kIOHIDProductKey), buf, sizeof(buf)) < 0) { - fido_log_debug("%s: get_utf8 product", __func__); - goto fail; - } - - if ((*product = strdup(buf)) == NULL) { - fido_log_debug("%s: strdup product", __func__); + if (*manufacturer == NULL || *product == NULL) { + fido_log_debug("%s: strdup", __func__); goto fail; } @@ -398,7 +398,7 @@ fido_hid_open(const char *path) goto fail; } - if ((entry = IORegistryEntryFromPath(kIOMasterPortDefault, + if ((entry = IORegistryEntryFromPath(kIOMainPortDefault, path)) == MACH_PORT_NULL) { fido_log_debug("%s: IORegistryEntryFromPath", __func__); goto fail; diff --git a/src/hid_unix.c b/src/hid_unix.c index 4b2aff9d67f6..946b2dc3b65f 100644 --- a/src/hid_unix.c +++ b/src/hid_unix.c @@ -58,8 +58,7 @@ fido_hid_unix_wait(int fd, int ms, const fido_sigset_t *sigmask) pfd.fd = fd; #ifdef FIDO_FUZZ - if (ms < 0) - return (0); + return (0); #endif if (ms > -1) { ts.tv_sec = ms / 1000; diff --git a/src/hid_win.c b/src/hid_win.c index 455cf8bae835..c29ef70253d7 100644 --- a/src/hid_win.c +++ b/src/hid_win.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019 Yubico AB. All rights reserved. + * Copyright (c) 2019-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -103,7 +103,7 @@ get_report_len(HANDLE dev, int dir, size_t *report_len) } static int -get_int(HANDLE dev, int16_t *vendor_id, int16_t *product_id) +get_id(HANDLE dev, int16_t *vendor_id, int16_t *product_id) { HIDD_ATTRIBUTES attr; @@ -121,14 +121,13 @@ get_int(HANDLE dev, int16_t *vendor_id, int16_t *product_id) } static int -get_str(HANDLE dev, char **manufacturer, char **product) +get_manufacturer(HANDLE dev, char **manufacturer) { wchar_t buf[512]; int utf8_len; int ok = -1; *manufacturer = NULL; - *product = NULL; if (HidD_GetManufacturerString(dev, &buf, sizeof(buf)) == false) { fido_log_debug("%s: HidD_GetManufacturerString", __func__); @@ -152,6 +151,25 @@ get_str(HANDLE dev, char **manufacturer, char **product) goto fail; } + ok = 0; +fail: + if (ok < 0) { + free(*manufacturer); + *manufacturer = NULL; + } + + return (ok); +} + +static int +get_product(HANDLE dev, char **product) +{ + wchar_t buf[512]; + int utf8_len; + int ok = -1; + + *product = NULL; + if (HidD_GetProductString(dev, &buf, sizeof(buf)) == false) { fido_log_debug("%s: HidD_GetProductString", __func__); goto fail; @@ -177,9 +195,7 @@ get_str(HANDLE dev, char **manufacturer, char **product) ok = 0; fail: if (ok < 0) { - free(*manufacturer); free(*product); - *manufacturer = NULL; *product = NULL; } @@ -313,9 +329,23 @@ copy_info(fido_dev_info_t *di, HDEVINFO devinfo, DWORD idx, goto fail; } - if (get_int(dev, &di->vendor_id, &di->product_id) < 0 || - get_str(dev, &di->manufacturer, &di->product) < 0) { - fido_log_debug("%s: get_int/get_str", __func__); + if (get_id(dev, &di->vendor_id, &di->product_id) < 0) { + fido_log_debug("%s: get_id", __func__); + goto fail; + } + + if (get_manufacturer(dev, &di->manufacturer) < 0) { + fido_log_debug("%s: get_manufacturer", __func__); + di->manufacturer = strdup(""); + } + + if (get_product(dev, &di->product) < 0) { + fido_log_debug("%s: get_product", __func__); + di->product = strdup(""); + } + + if (di->manufacturer == NULL || di->product == NULL) { + fido_log_debug("%s: manufacturer/product", __func__); goto fail; } diff --git a/src/info.c b/src/info.c index 57bc8de44063..167a1d30ecaa 100644 --- a/src/info.c +++ b/src/info.c @@ -186,14 +186,6 @@ decode_algorithm_entry(const cbor_item_t *key, const cbor_item_t *val, return (ok); } -static void -free_algo(fido_algo_t *a) -{ - free(a->type); - a->type = NULL; - a->cose = 0; -} - static int decode_algorithm(const cbor_item_t *item, void *arg) { @@ -210,7 +202,7 @@ decode_algorithm(const cbor_item_t *item, void *arg) if (cbor_map_iter(item, &aa->ptr[i], decode_algorithm_entry) < 0) { fido_log_debug("%s: decode_algorithm_entry", __func__); - free_algo(&aa->ptr[i]); + fido_algo_free(&aa->ptr[i]); return (-1); } @@ -287,13 +279,13 @@ parse_reply_element(const cbor_item_t *key, const cbor_item_t *val, void *arg) } static int -fido_dev_get_cbor_info_tx(fido_dev_t *dev) +fido_dev_get_cbor_info_tx(fido_dev_t *dev, int *ms) { const unsigned char cbor[] = { CTAP_CBOR_GETINFO }; fido_log_debug("%s: dev=%p", __func__, (void *)dev); - if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor)) < 0) { + if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); return (FIDO_ERR_TX); } @@ -302,13 +294,13 @@ fido_dev_get_cbor_info_tx(fido_dev_t *dev) } static int -fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int ms) +fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; fido_log_debug("%s: dev=%p, ci=%p, ms=%d", __func__, (void *)dev, - (void *)ci, ms); + (void *)ci, *ms); fido_cbor_info_reset(ci); @@ -323,7 +315,7 @@ fido_dev_get_cbor_info_rx(fido_dev_t *dev, fido_cbor_info_t *ci, int ms) } int -fido_dev_get_cbor_info_wait(fido_dev_t *dev, fido_cbor_info_t *ci, int ms) +fido_dev_get_cbor_info_wait(fido_dev_t *dev, fido_cbor_info_t *ci, int *ms) { int r; @@ -331,7 +323,7 @@ fido_dev_get_cbor_info_wait(fido_dev_t *dev, fido_cbor_info_t *ci, int ms) if (dev->flags & FIDO_DEV_WINHELLO) return (fido_winhello_get_cbor_info(dev, ci)); #endif - if ((r = fido_dev_get_cbor_info_tx(dev)) != FIDO_OK || + if ((r = fido_dev_get_cbor_info_tx(dev, ms)) != FIDO_OK || (r = fido_dev_get_cbor_info_rx(dev, ci, ms)) != FIDO_OK) return (r); @@ -341,7 +333,9 @@ fido_dev_get_cbor_info_wait(fido_dev_t *dev, fido_cbor_info_t *ci, int ms) int fido_dev_get_cbor_info(fido_dev_t *dev, fido_cbor_info_t *ci) { - return (fido_dev_get_cbor_info_wait(dev, ci, -1)); + int ms = dev->timeout_ms; + + return (fido_dev_get_cbor_info_wait(dev, ci, &ms)); } /* @@ -354,58 +348,15 @@ fido_cbor_info_new(void) return (calloc(1, sizeof(fido_cbor_info_t))); } -static void -free_str_array(fido_str_array_t *sa) -{ - for (size_t i = 0; i < sa->len; i++) - free(sa->ptr[i]); - - free(sa->ptr); - sa->ptr = NULL; - sa->len = 0; -} - -static void -free_opt_array(fido_opt_array_t *oa) -{ - for (size_t i = 0; i < oa->len; i++) - free(oa->name[i]); - - free(oa->name); - free(oa->value); - oa->name = NULL; - oa->value = NULL; -} - -static void -free_byte_array(fido_byte_array_t *ba) -{ - free(ba->ptr); - - ba->ptr = NULL; - ba->len = 0; -} - -static void -free_algo_array(fido_algo_array_t *aa) -{ - for (size_t i = 0; i < aa->len; i++) - free_algo(&aa->ptr[i]); - - free(aa->ptr); - aa->ptr = NULL; - aa->len = 0; -} - void fido_cbor_info_reset(fido_cbor_info_t *ci) { - free_str_array(&ci->versions); - free_str_array(&ci->extensions); - free_str_array(&ci->transports); - free_opt_array(&ci->options); - free_byte_array(&ci->protocols); - free_algo_array(&ci->algorithms); + fido_str_array_free(&ci->versions); + fido_str_array_free(&ci->extensions); + fido_str_array_free(&ci->transports); + fido_opt_array_free(&ci->options); + fido_byte_array_free(&ci->protocols); + fido_algo_array_free(&ci->algorithms); } void diff --git a/src/io.c b/src/io.c index e2594203efb0..70f777fb49a0 100644 --- a/src/io.c +++ b/src/io.c @@ -30,7 +30,24 @@ struct frame { #endif static int -tx_empty(fido_dev_t *d, uint8_t cmd) +tx_pkt(fido_dev_t *d, const void *pkt, size_t len, int *ms) +{ + struct timespec ts; + int n; + + if (fido_time_now(&ts) != 0) + return (-1); + + n = d->io.write(d->io_handle, pkt, len); + + if (fido_time_delta(&ts, ms) != 0) + return (-1); + + return (n); +} + +static int +tx_empty(fido_dev_t *d, uint8_t cmd, int *ms) { struct frame *fp; unsigned char pkt[sizeof(*fp) + 1]; @@ -42,15 +59,15 @@ tx_empty(fido_dev_t *d, uint8_t cmd) fp->cid = d->cid; fp->body.init.cmd = CTAP_FRAME_INIT | cmd; - if (len > sizeof(pkt) || (n = d->io.write(d->io_handle, pkt, - len)) < 0 || (size_t)n != len) + if (len > sizeof(pkt) || (n = tx_pkt(d, pkt, len, ms)) < 0 || + (size_t)n != len) return (-1); return (0); } static size_t -tx_preamble(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count) +tx_preamble(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count, int *ms) { struct frame *fp; unsigned char pkt[sizeof(*fp) + 1]; @@ -69,15 +86,15 @@ tx_preamble(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count) count = MIN(count, d->tx_len - CTAP_INIT_HEADER_LEN); memcpy(&fp->body.init.data, buf, count); - if (len > sizeof(pkt) || (n = d->io.write(d->io_handle, pkt, - len)) < 0 || (size_t)n != len) + if (len > sizeof(pkt) || (n = tx_pkt(d, pkt, len, ms)) < 0 || + (size_t)n != len) return (0); return (count); } static size_t -tx_frame(fido_dev_t *d, uint8_t seq, const void *buf, size_t count) +tx_frame(fido_dev_t *d, uint8_t seq, const void *buf, size_t count, int *ms) { struct frame *fp; unsigned char pkt[sizeof(*fp) + 1]; @@ -94,19 +111,19 @@ tx_frame(fido_dev_t *d, uint8_t seq, const void *buf, size_t count) count = MIN(count, d->tx_len - CTAP_CONT_HEADER_LEN); memcpy(&fp->body.cont.data, buf, count); - if (len > sizeof(pkt) || (n = d->io.write(d->io_handle, pkt, - len)) < 0 || (size_t)n != len) + if (len > sizeof(pkt) || (n = tx_pkt(d, pkt, len, ms)) < 0 || + (size_t)n != len) return (0); return (count); } static int -tx(fido_dev_t *d, uint8_t cmd, const unsigned char *buf, size_t count) +tx(fido_dev_t *d, uint8_t cmd, const unsigned char *buf, size_t count, int *ms) { size_t n, sent; - if ((sent = tx_preamble(d, cmd, buf, count)) == 0) { + if ((sent = tx_preamble(d, cmd, buf, count, ms)) == 0) { fido_log_debug("%s: tx_preamble", __func__); return (-1); } @@ -116,7 +133,8 @@ tx(fido_dev_t *d, uint8_t cmd, const unsigned char *buf, size_t count) fido_log_debug("%s: seq & 0x80", __func__); return (-1); } - if ((n = tx_frame(d, seq++, buf + sent, count - sent)) == 0) { + if ((n = tx_frame(d, seq++, buf + sent, count - sent, + ms)) == 0) { fido_log_debug("%s: tx_frame", __func__); return (-1); } @@ -125,38 +143,59 @@ tx(fido_dev_t *d, uint8_t cmd, const unsigned char *buf, size_t count) return (0); } +static int +transport_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count, int *ms) +{ + struct timespec ts; + int n; + + if (fido_time_now(&ts) != 0) + return (-1); + + n = d->transport.tx(d, cmd, buf, count); + + if (fido_time_delta(&ts, ms) != 0) + return (-1); + + return (n); +} + int -fido_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count) +fido_tx(fido_dev_t *d, uint8_t cmd, const void *buf, size_t count, int *ms) { fido_log_debug("%s: dev=%p, cmd=0x%02x", __func__, (void *)d, cmd); fido_log_xxd(buf, count, "%s", __func__); if (d->transport.tx != NULL) - return (d->transport.tx(d, cmd, buf, count)); + return (transport_tx(d, cmd, buf, count, ms)); if (d->io_handle == NULL || d->io.write == NULL || count > UINT16_MAX) { fido_log_debug("%s: invalid argument", __func__); return (-1); } - return (count == 0 ? tx_empty(d, cmd) : tx(d, cmd, buf, count)); + return (count == 0 ? tx_empty(d, cmd, ms) : tx(d, cmd, buf, count, ms)); } static int -rx_frame(fido_dev_t *d, struct frame *fp, int ms) +rx_frame(fido_dev_t *d, struct frame *fp, int *ms) { + struct timespec ts; int n; memset(fp, 0, sizeof(*fp)); - if (d->rx_len > sizeof(*fp) || (n = d->io.read(d->io_handle, - (unsigned char *)fp, d->rx_len, ms)) < 0 || (size_t)n != d->rx_len) + if (fido_time_now(&ts) != 0) return (-1); - return (0); + if (d->rx_len > sizeof(*fp) || (n = d->io.read(d->io_handle, + (unsigned char *)fp, d->rx_len, *ms)) < 0 || (size_t)n != d->rx_len) + return (-1); + + return (fido_time_delta(&ts, ms)); } static int -rx_preamble(fido_dev_t *d, uint8_t cmd, struct frame *fp, int ms) +rx_preamble(fido_dev_t *d, uint8_t cmd, struct frame *fp, int *ms) { do { if (rx_frame(d, fp, ms) < 0) @@ -185,7 +224,7 @@ rx_preamble(fido_dev_t *d, uint8_t cmd, struct frame *fp, int ms) } static int -rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) +rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int *ms) { struct frame f; size_t r, payload_len, init_data_len, cont_data_len; @@ -252,16 +291,33 @@ rx(fido_dev_t *d, uint8_t cmd, unsigned char *buf, size_t count, int ms) return ((int)r); } +static int +transport_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int *ms) +{ + struct timespec ts; + int n; + + if (fido_time_now(&ts) != 0) + return (-1); + + n = d->transport.rx(d, cmd, buf, count, *ms); + + if (fido_time_delta(&ts, ms) != 0) + return (-1); + + return (n); +} + int -fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int ms) +fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int *ms) { int n; fido_log_debug("%s: dev=%p, cmd=0x%02x, ms=%d", __func__, (void *)d, - cmd, ms); + cmd, *ms); if (d->transport.rx != NULL) - return (d->transport.rx(d, cmd, buf, count, ms)); + return (transport_rx(d, cmd, buf, count, ms)); if (d->io_handle == NULL || d->io.read == NULL || count > UINT16_MAX) { fido_log_debug("%s: invalid argument", __func__); return (-1); @@ -273,7 +329,7 @@ fido_rx(fido_dev_t *d, uint8_t cmd, void *buf, size_t count, int ms) } int -fido_rx_cbor_status(fido_dev_t *d, int ms) +fido_rx_cbor_status(fido_dev_t *d, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; diff --git a/src/iso7816.c b/src/iso7816.c index a11aae3e99d1..a4902277c6d8 100644 --- a/src/iso7816.c +++ b/src/iso7816.c @@ -59,6 +59,6 @@ iso7816_ptr(const iso7816_apdu_t *apdu) size_t iso7816_len(const iso7816_apdu_t *apdu) { - return apdu->alloc_len - sizeof(apdu->alloc_len) - - sizeof(apdu->payload_len) - sizeof(apdu->payload_ptr); + return apdu->alloc_len - offsetof(iso7816_apdu_t, header) - + (sizeof(iso7816_apdu_t) - offsetof(iso7816_apdu_t, payload)); } diff --git a/src/iso7816.h b/src/iso7816.h index 5f5363a63a56..9bfad1fbab9d 100644 --- a/src/iso7816.h +++ b/src/iso7816.h @@ -27,14 +27,13 @@ struct iso7816_header { uint8_t lc3; }) -PACKED_TYPE(iso7816_apdu_t, -struct iso7816_apdu { +typedef struct iso7816_apdu { size_t alloc_len; uint16_t payload_len; uint8_t *payload_ptr; iso7816_header_t header; uint8_t payload[]; -}) +} iso7816_apdu_t; const unsigned char *iso7816_ptr(const iso7816_apdu_t *); int iso7816_add(iso7816_apdu_t *, const void *, size_t); diff --git a/src/largeblob.c b/src/largeblob.c index fa453f5de33a..c8173170766d 100644 --- a/src/largeblob.c +++ b/src/largeblob.c @@ -153,7 +153,7 @@ largeblob_seal(largeblob_t *blob, const fido_blob_t *body, } static int -largeblob_get_tx(fido_dev_t *dev, size_t offset, size_t count) +largeblob_get_tx(fido_dev_t *dev, size_t offset, size_t count, int *ms) { fido_blob_t f; cbor_item_t *argv[3]; @@ -169,7 +169,7 @@ largeblob_get_tx(fido_dev_t *dev, size_t offset, size_t count) goto fail; } if (cbor_build_frame(CTAP_CBOR_LARGEBLOB, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -198,7 +198,7 @@ parse_largeblob_reply(const cbor_item_t *key, const cbor_item_t *val, } static int -largeblob_get_rx(fido_dev_t *dev, fido_blob_t **chunk, int ms) +largeblob_get_rx(fido_dev_t *dev, fido_blob_t **chunk, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len, r; @@ -419,7 +419,7 @@ largeblob_array_check(const fido_blob_t *array) } static int -largeblob_get_array(fido_dev_t *dev, cbor_item_t **item) +largeblob_get_array(fido_dev_t *dev, cbor_item_t **item, int *ms) { fido_blob_t *array, *chunk = NULL; size_t n; @@ -432,8 +432,8 @@ largeblob_get_array(fido_dev_t *dev, cbor_item_t **item) return FIDO_ERR_INTERNAL; do { fido_blob_free(&chunk); - if ((r = largeblob_get_tx(dev, array->len, n)) != FIDO_OK || - (r = largeblob_get_rx(dev, &chunk, -1)) != FIDO_OK) { + if ((r = largeblob_get_tx(dev, array->len, n, ms)) != FIDO_OK || + (r = largeblob_get_rx(dev, &chunk, ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_get_wait %zu/%zu", __func__, array->len, n); goto fail; @@ -491,7 +491,7 @@ prepare_hmac(size_t offset, const u_char *data, size_t len, fido_blob_t *hmac) static int largeblob_set_tx(fido_dev_t *dev, const fido_blob_t *token, const u_char *chunk, - size_t chunk_len, size_t offset, size_t totalsiz) + size_t chunk_len, size_t offset, size_t totalsiz, int *ms) { fido_blob_t *hmac = NULL, f; cbor_item_t *argv[6]; @@ -518,7 +518,7 @@ largeblob_set_tx(fido_dev_t *dev, const fido_blob_t *token, const u_char *chunk, } } if (cbor_build_frame(CTAP_CBOR_LARGEBLOB, argv, nitems(argv), &f) < 0 || - fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -534,7 +534,8 @@ largeblob_set_tx(fido_dev_t *dev, const fido_blob_t *token, const u_char *chunk, } static int -largeblob_get_uv_token(fido_dev_t *dev, const char *pin, fido_blob_t **token) +largeblob_get_uv_token(fido_dev_t *dev, const char *pin, fido_blob_t **token, + int *ms) { es256_pk_t *pk = NULL; fido_blob_t *ecdh = NULL; @@ -542,12 +543,12 @@ largeblob_get_uv_token(fido_dev_t *dev, const char *pin, fido_blob_t **token) if ((*token = fido_blob_new()) == NULL) return FIDO_ERR_INTERNAL; - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } if ((r = fido_dev_get_uv_token(dev, CTAP_CBOR_LARGEBLOB, pin, ecdh, pk, - NULL, *token)) != FIDO_OK) { + NULL, *token, ms)) != FIDO_OK) { fido_log_debug("%s: fido_dev_get_uv_token", __func__); goto fail; } @@ -564,7 +565,8 @@ largeblob_get_uv_token(fido_dev_t *dev, const char *pin, fido_blob_t **token) } static int -largeblob_set_array(fido_dev_t *dev, const cbor_item_t *item, const char *pin) +largeblob_set_array(fido_dev_t *dev, const cbor_item_t *item, const char *pin, + int *ms) { unsigned char dgst[SHA256_DIGEST_LENGTH]; fido_blob_t cbor, *token = NULL; @@ -600,7 +602,8 @@ largeblob_set_array(fido_dev_t *dev, const cbor_item_t *item, const char *pin) } totalsize = cbor.len + sizeof(dgst) - 16; /* the first 16 bytes only */ if (pin != NULL || fido_dev_supports_permissions(dev)) { - if ((r = largeblob_get_uv_token(dev, pin, &token)) != FIDO_OK) { + if ((r = largeblob_get_uv_token(dev, pin, &token, + ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_get_uv_token", __func__); goto fail; } @@ -609,15 +612,15 @@ largeblob_set_array(fido_dev_t *dev, const cbor_item_t *item, const char *pin) if ((chunklen = cbor.len - offset) > maxchunklen) chunklen = maxchunklen; if ((r = largeblob_set_tx(dev, token, cbor.ptr + offset, - chunklen, offset, totalsize)) != FIDO_OK || - (r = fido_rx_cbor_status(dev, -1)) != FIDO_OK) { + chunklen, offset, totalsize, ms)) != FIDO_OK || + (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { fido_log_debug("%s: body", __func__); goto fail; } } if ((r = largeblob_set_tx(dev, token, dgst, sizeof(dgst) - 16, cbor.len, - totalsize)) != FIDO_OK || - (r = fido_rx_cbor_status(dev, -1)) != FIDO_OK) { + totalsize, ms)) != FIDO_OK || + (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) { fido_log_debug("%s: dgst", __func__); goto fail; } @@ -632,13 +635,13 @@ largeblob_set_array(fido_dev_t *dev, const cbor_item_t *item, const char *pin) static int largeblob_add(fido_dev_t *dev, const fido_blob_t *key, cbor_item_t *item, - const char *pin) + const char *pin, int *ms) { cbor_item_t *array = NULL; size_t idx; int r; - if ((r = largeblob_get_array(dev, &array)) != FIDO_OK) { + if ((r = largeblob_get_array(dev, &array, ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_get_array", __func__); goto fail; } @@ -661,7 +664,7 @@ largeblob_add(fido_dev_t *dev, const fido_blob_t *key, cbor_item_t *item, goto fail; } - if ((r = largeblob_set_array(dev, array, pin)) != FIDO_OK) { + if ((r = largeblob_set_array(dev, array, pin, ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_set_array", __func__); goto fail; } @@ -675,13 +678,14 @@ largeblob_add(fido_dev_t *dev, const fido_blob_t *key, cbor_item_t *item, } static int -largeblob_drop(fido_dev_t *dev, const fido_blob_t *key, const char *pin) +largeblob_drop(fido_dev_t *dev, const fido_blob_t *key, const char *pin, + int *ms) { cbor_item_t *array = NULL; size_t idx; int r; - if ((r = largeblob_get_array(dev, &array)) != FIDO_OK) { + if ((r = largeblob_get_array(dev, &array, ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_get_array", __func__); goto fail; } @@ -694,7 +698,7 @@ largeblob_drop(fido_dev_t *dev, const fido_blob_t *key, const char *pin) r = FIDO_ERR_INTERNAL; goto fail; } - if ((r = largeblob_set_array(dev, array, pin)) != FIDO_OK) { + if ((r = largeblob_set_array(dev, array, pin, ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_set_array", __func__); goto fail; } @@ -713,6 +717,7 @@ fido_dev_largeblob_get(fido_dev_t *dev, const unsigned char *key_ptr, { cbor_item_t *item = NULL; fido_blob_t key, body; + int ms = dev->timeout_ms; int r; memset(&key, 0, sizeof(key)); @@ -733,7 +738,7 @@ fido_dev_largeblob_get(fido_dev_t *dev, const unsigned char *key_ptr, fido_log_debug("%s: fido_blob_set", __func__); return FIDO_ERR_INTERNAL; } - if ((r = largeblob_get_array(dev, &item)) != FIDO_OK) { + if ((r = largeblob_get_array(dev, &item, &ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_get_array", __func__); goto fail; } @@ -759,6 +764,7 @@ fido_dev_largeblob_set(fido_dev_t *dev, const unsigned char *key_ptr, { cbor_item_t *item = NULL; fido_blob_t key, body; + int ms = dev->timeout_ms; int r; memset(&key, 0, sizeof(key)); @@ -784,7 +790,7 @@ fido_dev_largeblob_set(fido_dev_t *dev, const unsigned char *key_ptr, r = FIDO_ERR_INTERNAL; goto fail; } - if ((r = largeblob_add(dev, &key, item, pin)) != FIDO_OK) + if ((r = largeblob_add(dev, &key, item, pin, &ms)) != FIDO_OK) fido_log_debug("%s: largeblob_add", __func__); fail: if (item != NULL) @@ -801,6 +807,7 @@ fido_dev_largeblob_remove(fido_dev_t *dev, const unsigned char *key_ptr, size_t key_len, const char *pin) { fido_blob_t key; + int ms = dev->timeout_ms; int r; memset(&key, 0, sizeof(key)); @@ -813,7 +820,7 @@ fido_dev_largeblob_remove(fido_dev_t *dev, const unsigned char *key_ptr, fido_log_debug("%s: fido_blob_set", __func__); return FIDO_ERR_INTERNAL; } - if ((r = largeblob_drop(dev, &key, pin)) != FIDO_OK) + if ((r = largeblob_drop(dev, &key, pin, &ms)) != FIDO_OK) fido_log_debug("%s: largeblob_drop", __func__); fido_blob_reset(&key); @@ -827,6 +834,7 @@ fido_dev_largeblob_get_array(fido_dev_t *dev, unsigned char **cbor_ptr, { cbor_item_t *item = NULL; fido_blob_t cbor; + int ms = dev->timeout_ms; int r; memset(&cbor, 0, sizeof(cbor)); @@ -838,7 +846,7 @@ fido_dev_largeblob_get_array(fido_dev_t *dev, unsigned char **cbor_ptr, } *cbor_ptr = NULL; *cbor_len = 0; - if ((r = largeblob_get_array(dev, &item)) != FIDO_OK) { + if ((r = largeblob_get_array(dev, &item, &ms)) != FIDO_OK) { fido_log_debug("%s: largeblob_get_array", __func__); return r; } @@ -861,6 +869,7 @@ fido_dev_largeblob_set_array(fido_dev_t *dev, const unsigned char *cbor_ptr, { cbor_item_t *item = NULL; struct cbor_load_result cbor_result; + int ms = dev->timeout_ms; int r; if (cbor_ptr == NULL || cbor_len == 0) { @@ -872,7 +881,7 @@ fido_dev_largeblob_set_array(fido_dev_t *dev, const unsigned char *cbor_ptr, fido_log_debug("%s: cbor_load", __func__); return FIDO_ERR_INVALID_ARGUMENT; } - if ((r = largeblob_set_array(dev, item, pin)) != FIDO_OK) + if ((r = largeblob_set_array(dev, item, pin, &ms)) != FIDO_OK) fido_log_debug("%s: largeblob_set_array", __func__); cbor_decref(&item); diff --git a/src/netlink.c b/src/netlink.c index 6fd9f63cb937..8f14e2c3bac3 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -30,6 +30,8 @@ static ssize_t (*fuzz_write)(int, const void *, size_t); #define SOL_NETLINK 270 #endif +#define NETLINK_POLL_MS 100 + /* XXX avoid signed NLA_ALIGNTO */ #undef NLA_HDRLEN #define NLA_HDRLEN NLMSG_ALIGN(sizeof(struct nlattr)) @@ -694,7 +696,7 @@ fido_nl_get_nfc_target(fido_nl_t *nl, uint32_t dev, uint32_t *target) return (-1); } #endif - r = nlmsg_rx(nl->fd, reply, sizeof(reply), -1); + r = nlmsg_rx(nl->fd, reply, sizeof(reply), NETLINK_POLL_MS); #ifndef FIDO_FUZZ if (setsockopt(nl->fd, SOL_NETLINK, NETLINK_DROP_MEMBERSHIP, &nl->nfc_mcastgrp, sizeof(nl->nfc_mcastgrp)) == -1) { diff --git a/src/nfc_linux.c b/src/nfc_linux.c index dea9f3f98fd0..d5f9ec048052 100644 --- a/src/nfc_linux.c +++ b/src/nfc_linux.c @@ -13,6 +13,8 @@ #include #include #include +#include +#include #include #include "fido.h" @@ -218,16 +220,23 @@ tx_get_response(fido_dev_t *d, uint8_t count) } static int -rx_apdu(fido_dev_t *d, uint8_t sw[2], unsigned char **buf, size_t *count, int ms) +rx_apdu(fido_dev_t *d, uint8_t sw[2], unsigned char **buf, size_t *count, int *ms) { uint8_t f[256 + 2]; + struct timespec ts; int n, ok = -1; - if ((n = d->io.read(d->io_handle, f, sizeof(f), ms)) < 2) { + if (fido_time_now(&ts) != 0) + goto fail; + + if ((n = d->io.read(d->io_handle, f, sizeof(f), *ms)) < 2) { fido_log_debug("%s: read", __func__); goto fail; } + if (fido_time_delta(&ts, ms) != 0) + goto fail; + if (fido_buf_write(buf, count, f, (size_t)(n - 2)) < 0) { fido_log_debug("%s: fido_buf_write", __func__); goto fail; @@ -248,14 +257,14 @@ rx_msg(fido_dev_t *d, unsigned char *buf, size_t count, int ms) uint8_t sw[2]; const size_t bufsiz = count; - if (rx_apdu(d, sw, &buf, &count, ms) < 0) { + if (rx_apdu(d, sw, &buf, &count, &ms) < 0) { fido_log_debug("%s: preamble", __func__); return (-1); } while (sw[0] == SW1_MORE_DATA) if (tx_get_response(d, sw[1]) < 0 || - rx_apdu(d, sw, &buf, &count, ms) < 0) { + rx_apdu(d, sw, &buf, &count, &ms) < 0) { fido_log_debug("%s: chain", __func__); return (-1); } @@ -347,6 +356,7 @@ copy_info(fido_dev_info_t *di, struct udev *udev, const char *name; char *str; struct udev_device *dev = NULL; + void *ctx = NULL; int id, ok = -1; memset(di, 0, sizeof(*di)); @@ -354,27 +364,35 @@ copy_info(fido_dev_info_t *di, struct udev *udev, if ((name = udev_list_entry_get_name(udev_entry)) == NULL || (dev = udev_device_new_from_syspath(udev, name)) == NULL) goto fail; - - if ((di->path = strdup(name)) == NULL || - (di->manufacturer = get_usb_attr(dev, "manufacturer")) == NULL || - (di->product = get_usb_attr(dev, "product")) == NULL) + if (asprintf(&di->path, "%s/%s", FIDO_NFC_PREFIX, name) == -1) + goto fail; + if ((di->manufacturer = get_usb_attr(dev, "manufacturer")) == NULL) + di->manufacturer = strdup(""); + if ((di->product = get_usb_attr(dev, "product")) == NULL) + di->product = strdup(""); + if (di->manufacturer == NULL || di->product == NULL) goto fail; - /* XXX assumes USB for vendor/product info */ if ((str = get_usb_attr(dev, "idVendor")) != NULL && (id = to_int(str, 16)) > 0 && id <= UINT16_MAX) di->vendor_id = (int16_t)id; free(str); - if ((str = get_usb_attr(dev, "idProduct")) != NULL && (id = to_int(str, 16)) > 0 && id <= UINT16_MAX) di->product_id = (int16_t)id; free(str); + if ((ctx = fido_nfc_open(di->path)) == NULL) { + fido_log_debug("%s: fido_nfc_open", __func__); + goto fail; + } + ok = 0; fail: if (dev != NULL) udev_device_unref(dev); + if (ctx != NULL) + fido_nfc_close(ctx); if (ok < 0) { free(di->path); @@ -532,7 +550,11 @@ fido_nfc_open(const char *path) struct nfc_linux *ctx = NULL; int idx; - if ((idx = sysnum_from_syspath(path)) < 0 || + if (strncmp(path, FIDO_NFC_PREFIX, strlen(FIDO_NFC_PREFIX)) != 0) { + fido_log_debug("%s: bad prefix", __func__); + goto fail; + } + if ((idx = sysnum_from_syspath(path + strlen(FIDO_NFC_PREFIX))) < 0 || (ctx = nfc_new((uint32_t)idx)) == NULL) { fido_log_debug("%s: nfc_new", __func__); goto fail; diff --git a/src/pin.c b/src/pin.c index d3104e0ca6ec..30eeb086a6ef 100644 --- a/src/pin.c +++ b/src/pin.c @@ -146,7 +146,7 @@ encode_uv_permission(uint8_t cmd) static int ctap20_uv_token_tx(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, - const es256_pk_t *pk) + const es256_pk_t *pk, int *ms) { fido_blob_t f; fido_blob_t *p = NULL; @@ -185,7 +185,7 @@ ctap20_uv_token_tx(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, } if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), - &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -203,7 +203,7 @@ ctap20_uv_token_tx(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, static int ctap21_uv_token_tx(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, - const es256_pk_t *pk, uint8_t cmd, const char *rpid) + const es256_pk_t *pk, uint8_t cmd, const char *rpid, int *ms) { fido_blob_t f; fido_blob_t *p = NULL; @@ -248,7 +248,7 @@ ctap21_uv_token_tx(fido_dev_t *dev, const char *pin, const fido_blob_t *ecdh, } if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), - &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -281,7 +281,7 @@ parse_uv_token(const cbor_item_t *key, const cbor_item_t *val, void *arg) static int uv_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh, fido_blob_t *token, - int ms) + int *ms) { fido_blob_t *aes_token = NULL; unsigned char reply[FIDO_MAXMSG]; @@ -322,16 +322,16 @@ uv_token_rx(fido_dev_t *dev, const fido_blob_t *ecdh, fido_blob_t *token, static int uv_token_wait(fido_dev_t *dev, uint8_t cmd, const char *pin, const fido_blob_t *ecdh, const es256_pk_t *pk, const char *rpid, - fido_blob_t *token, int ms) + fido_blob_t *token, int *ms) { int r; if (ecdh == NULL || pk == NULL) return (FIDO_ERR_INVALID_ARGUMENT); if (fido_dev_supports_permissions(dev)) - r = ctap21_uv_token_tx(dev, pin, ecdh, pk, cmd, rpid); + r = ctap21_uv_token_tx(dev, pin, ecdh, pk, cmd, rpid, ms); else - r = ctap20_uv_token_tx(dev, pin, ecdh, pk); + r = ctap20_uv_token_tx(dev, pin, ecdh, pk, ms); if (r != FIDO_OK) return (r); @@ -341,13 +341,14 @@ uv_token_wait(fido_dev_t *dev, uint8_t cmd, const char *pin, int fido_dev_get_uv_token(fido_dev_t *dev, uint8_t cmd, const char *pin, const fido_blob_t *ecdh, const es256_pk_t *pk, const char *rpid, - fido_blob_t *token) + fido_blob_t *token, int *ms) { - return (uv_token_wait(dev, cmd, pin, ecdh, pk, rpid, token, -1)); + return (uv_token_wait(dev, cmd, pin, ecdh, pk, rpid, token, ms)); } static int -fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin) +fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin, + int *ms) { fido_blob_t f; fido_blob_t *ppine = NULL; @@ -368,7 +369,7 @@ fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin) goto fail; } - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } @@ -397,7 +398,7 @@ fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin) } if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), - &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -418,7 +419,7 @@ fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin) } static int -fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin) +fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin, int *ms) { fido_blob_t f; fido_blob_t *ppine = NULL; @@ -430,7 +431,7 @@ fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin) memset(&f, 0, sizeof(f)); memset(argv, 0, sizeof(argv)); - if ((r = fido_do_ecdh(dev, &pk, &ecdh)) != FIDO_OK) { + if ((r = fido_do_ecdh(dev, &pk, &ecdh, ms)) != FIDO_OK) { fido_log_debug("%s: fido_do_ecdh", __func__); goto fail; } @@ -451,7 +452,7 @@ fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin) } if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), - &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -470,17 +471,18 @@ fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin) static int fido_dev_set_pin_wait(fido_dev_t *dev, const char *pin, const char *oldpin, - int ms) + int *ms) { int r; if (oldpin != NULL) { - if ((r = fido_dev_change_pin_tx(dev, pin, oldpin)) != FIDO_OK) { + if ((r = fido_dev_change_pin_tx(dev, pin, oldpin, + ms)) != FIDO_OK) { fido_log_debug("%s: fido_dev_change_pin_tx", __func__); return (r); } } else { - if ((r = fido_dev_set_pin_tx(dev, pin)) != FIDO_OK) { + if ((r = fido_dev_set_pin_tx(dev, pin, ms)) != FIDO_OK) { fido_log_debug("%s: fido_dev_set_pin_tx", __func__); return (r); } @@ -502,7 +504,9 @@ fido_dev_set_pin_wait(fido_dev_t *dev, const char *pin, const char *oldpin, int fido_dev_set_pin(fido_dev_t *dev, const char *pin, const char *oldpin) { - return (fido_dev_set_pin_wait(dev, pin, oldpin, -1)); + int ms = dev->timeout_ms; + + return (fido_dev_set_pin_wait(dev, pin, oldpin, &ms)); } static int @@ -542,7 +546,7 @@ parse_uv_retry_count(const cbor_item_t *key, const cbor_item_t *val, void *arg) } static int -fido_dev_get_retry_count_tx(fido_dev_t *dev, uint8_t subcmd) +fido_dev_get_retry_count_tx(fido_dev_t *dev, uint8_t subcmd, int *ms) { fido_blob_t f; cbor_item_t *argv[2]; @@ -558,7 +562,7 @@ fido_dev_get_retry_count_tx(fido_dev_t *dev, uint8_t subcmd) } if (cbor_build_frame(CTAP_CBOR_CLIENT_PIN, argv, nitems(argv), - &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len) < 0) { + &f) < 0 || fido_tx(dev, CTAP_CMD_CBOR, f.ptr, f.len, ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -573,7 +577,7 @@ fido_dev_get_retry_count_tx(fido_dev_t *dev, uint8_t subcmd) } static int -fido_dev_get_pin_retry_count_rx(fido_dev_t *dev, int *retries, int ms) +fido_dev_get_pin_retry_count_rx(fido_dev_t *dev, int *retries, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -597,11 +601,11 @@ fido_dev_get_pin_retry_count_rx(fido_dev_t *dev, int *retries, int ms) } static int -fido_dev_get_pin_retry_count_wait(fido_dev_t *dev, int *retries, int ms) +fido_dev_get_pin_retry_count_wait(fido_dev_t *dev, int *retries, int *ms) { int r; - if ((r = fido_dev_get_retry_count_tx(dev, 1)) != FIDO_OK || + if ((r = fido_dev_get_retry_count_tx(dev, 1, ms)) != FIDO_OK || (r = fido_dev_get_pin_retry_count_rx(dev, retries, ms)) != FIDO_OK) return (r); @@ -611,11 +615,13 @@ fido_dev_get_pin_retry_count_wait(fido_dev_t *dev, int *retries, int ms) int fido_dev_get_retry_count(fido_dev_t *dev, int *retries) { - return (fido_dev_get_pin_retry_count_wait(dev, retries, -1)); + int ms = dev->timeout_ms; + + return (fido_dev_get_pin_retry_count_wait(dev, retries, &ms)); } static int -fido_dev_get_uv_retry_count_rx(fido_dev_t *dev, int *retries, int ms) +fido_dev_get_uv_retry_count_rx(fido_dev_t *dev, int *retries, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -639,11 +645,11 @@ fido_dev_get_uv_retry_count_rx(fido_dev_t *dev, int *retries, int ms) } static int -fido_dev_get_uv_retry_count_wait(fido_dev_t *dev, int *retries, int ms) +fido_dev_get_uv_retry_count_wait(fido_dev_t *dev, int *retries, int *ms) { int r; - if ((r = fido_dev_get_retry_count_tx(dev, 7)) != FIDO_OK || + if ((r = fido_dev_get_retry_count_tx(dev, 7, ms)) != FIDO_OK || (r = fido_dev_get_uv_retry_count_rx(dev, retries, ms)) != FIDO_OK) return (r); @@ -653,13 +659,15 @@ fido_dev_get_uv_retry_count_wait(fido_dev_t *dev, int *retries, int ms) int fido_dev_get_uv_retry_count(fido_dev_t *dev, int *retries) { - return (fido_dev_get_uv_retry_count_wait(dev, retries, -1)); + int ms = dev->timeout_ms; + + return (fido_dev_get_uv_retry_count_wait(dev, retries, &ms)); } int cbor_add_uv_params(fido_dev_t *dev, uint8_t cmd, const fido_blob_t *hmac_data, const es256_pk_t *pk, const fido_blob_t *ecdh, const char *pin, - const char *rpid, cbor_item_t **auth, cbor_item_t **opt) + const char *rpid, cbor_item_t **auth, cbor_item_t **opt, int *ms) { fido_blob_t *token = NULL; int r; @@ -670,7 +678,7 @@ cbor_add_uv_params(fido_dev_t *dev, uint8_t cmd, const fido_blob_t *hmac_data, } if ((r = fido_dev_get_uv_token(dev, cmd, pin, ecdh, pk, rpid, - token)) != FIDO_OK) { + token, ms)) != FIDO_OK) { fido_log_debug("%s: fido_dev_get_uv_token", __func__); goto fail; } diff --git a/src/reset.c b/src/reset.c index 11380cea0904..c5fe6dfe7ac1 100644 --- a/src/reset.c +++ b/src/reset.c @@ -7,11 +7,11 @@ #include "fido.h" static int -fido_dev_reset_tx(fido_dev_t *dev) +fido_dev_reset_tx(fido_dev_t *dev, int *ms) { const unsigned char cbor[] = { CTAP_CBOR_RESET }; - if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor)) < 0) { + if (fido_tx(dev, CTAP_CMD_CBOR, cbor, sizeof(cbor), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); return (FIDO_ERR_TX); } @@ -20,11 +20,11 @@ fido_dev_reset_tx(fido_dev_t *dev) } static int -fido_dev_reset_wait(fido_dev_t *dev, int ms) +fido_dev_reset_wait(fido_dev_t *dev, int *ms) { int r; - if ((r = fido_dev_reset_tx(dev)) != FIDO_OK || + if ((r = fido_dev_reset_tx(dev, ms)) != FIDO_OK || (r = fido_rx_cbor_status(dev, ms)) != FIDO_OK) return (r); @@ -39,5 +39,7 @@ fido_dev_reset_wait(fido_dev_t *dev, int ms) int fido_dev_reset(fido_dev_t *dev) { - return (fido_dev_reset_wait(dev, -1)); + int ms = dev->timeout_ms; + + return (fido_dev_reset_wait(dev, &ms)); } diff --git a/src/rs1.c b/src/rs1.c new file mode 100644 index 000000000000..37aa9f073bed --- /dev/null +++ b/src/rs1.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2021 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + */ + +#include +#include + +#include "fido.h" + +#if defined(LIBRESSL_VERSION_NUMBER) +static EVP_MD * +rs1_get_EVP_MD(void) +{ + const EVP_MD *from; + EVP_MD *to = NULL; + + if ((from = EVP_sha1()) != NULL && (to = malloc(sizeof(*to))) != NULL) + memcpy(to, from, sizeof(*to)); + + return (to); +} + +static void +rs1_free_EVP_MD(EVP_MD *md) +{ + freezero(md, sizeof(*md)); +} +#elif OPENSSL_VERSION_NUMBER >= 0x30000000 +static EVP_MD * +rs1_get_EVP_MD(void) +{ + return (EVP_MD_fetch(NULL, "SHA-1", NULL)); +} + +static void +rs1_free_EVP_MD(EVP_MD *md) +{ + EVP_MD_free(md); +} +#else +static EVP_MD * +rs1_get_EVP_MD(void) +{ + const EVP_MD *md; + + if ((md = EVP_sha1()) == NULL) + return (NULL); + + return (EVP_MD_meth_dup(md)); +} + +static void +rs1_free_EVP_MD(EVP_MD *md) +{ + EVP_MD_meth_free(md); +} +#endif /* LIBRESSL_VERSION_NUMBER */ + +int +rs1_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, + const fido_blob_t *sig) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_MD *md = NULL; + int ok = -1; + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + fido_log_debug("%s: EVP_PKEY_base_id", __func__); + goto fail; + } + + if ((md = rs1_get_EVP_MD()) == NULL) { + fido_log_debug("%s: rs1_get_EVP_MD", __func__); + goto fail; + } + + if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || + EVP_PKEY_verify_init(pctx) != 1 || + EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) != 1 || + EVP_PKEY_CTX_set_signature_md(pctx, md) != 1) { + fido_log_debug("%s: EVP_PKEY_CTX", __func__); + goto fail; + } + + if (EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr, + dgst->len) != 1) { + fido_log_debug("%s: EVP_PKEY_verify", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_PKEY_CTX_free(pctx); + rs1_free_EVP_MD(md); + + return (ok); +} diff --git a/src/rs256.c b/src/rs256.c index c6d87a3ea22c..29fcedbdee20 100644 --- a/src/rs256.c +++ b/src/rs256.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -11,31 +11,54 @@ #include "fido.h" #include "fido/rs256.h" -#if OPENSSL_VERSION_NUMBER < 0x10100000L -static int -RSA_bits(const RSA *r) +#if defined(LIBRESSL_VERSION_NUMBER) +static EVP_MD * +rs256_get_EVP_MD(void) { - return (BN_num_bits(r->n)); -} + const EVP_MD *from; + EVP_MD *to = NULL; -static int -RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -{ - r->n = n; - r->e = e; - r->d = d; + if ((from = EVP_sha256()) != NULL && (to = malloc(sizeof(*to))) != NULL) + memcpy(to, from, sizeof(*to)); - return (1); + return (to); } static void -RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +rs256_free_EVP_MD(EVP_MD *md) { - *n = r->n; - *e = r->e; - *d = r->d; + freezero(md, sizeof(*md)); } -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ +#elif OPENSSL_VERSION_NUMBER >= 0x30000000 +static EVP_MD * +rs256_get_EVP_MD(void) +{ + return (EVP_MD_fetch(NULL, "SHA2-256", NULL)); +} + +static void +rs256_free_EVP_MD(EVP_MD *md) +{ + EVP_MD_free(md); +} +#else +static EVP_MD * +rs256_get_EVP_MD(void) +{ + const EVP_MD *md; + + if ((md = EVP_sha256()) == NULL) + return (NULL); + + return (EVP_MD_meth_dup(md)); +} + +static void +rs256_free_EVP_MD(EVP_MD *md) +{ + EVP_MD_meth_free(md); +} +#endif /* LIBRESSL_VERSION_NUMBER */ static int decode_bignum(const cbor_item_t *item, void *ptr, size_t len) @@ -198,3 +221,75 @@ rs256_pk_from_RSA(rs256_pk_t *pk, const RSA *rsa) return (FIDO_OK); } + +int +rs256_pk_from_EVP_PKEY(rs256_pk_t *pk, const EVP_PKEY *pkey) +{ + RSA *rsa; + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA || + (rsa = EVP_PKEY_get0(pkey)) == NULL) + return (FIDO_ERR_INVALID_ARGUMENT); + + return (rs256_pk_from_RSA(pk, rsa)); +} + +int +rs256_verify_sig(const fido_blob_t *dgst, EVP_PKEY *pkey, + const fido_blob_t *sig) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_MD *md = NULL; + int ok = -1; + + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + fido_log_debug("%s: EVP_PKEY_base_id", __func__); + goto fail; + } + + if ((md = rs256_get_EVP_MD()) == NULL) { + fido_log_debug("%s: rs256_get_EVP_MD", __func__); + goto fail; + } + + if ((pctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL || + EVP_PKEY_verify_init(pctx) != 1 || + EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PADDING) != 1 || + EVP_PKEY_CTX_set_signature_md(pctx, md) != 1) { + fido_log_debug("%s: EVP_PKEY_CTX", __func__); + goto fail; + } + + if (EVP_PKEY_verify(pctx, sig->ptr, sig->len, dgst->ptr, + dgst->len) != 1) { + fido_log_debug("%s: EVP_PKEY_verify", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_PKEY_CTX_free(pctx); + rs256_free_EVP_MD(md); + + return (ok); +} + +int +rs256_pk_verify_sig(const fido_blob_t *dgst, const rs256_pk_t *pk, + const fido_blob_t *sig) +{ + EVP_PKEY *pkey; + int ok = -1; + + if ((pkey = rs256_pk_to_EVP_PKEY(pk)) == NULL || + rs256_verify_sig(dgst, pkey, sig) < 0) { + fido_log_debug("%s: rs256_verify_sig", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_PKEY_free(pkey); + + return (ok); +} diff --git a/src/time.c b/src/time.c new file mode 100644 index 000000000000..b82b61874498 --- /dev/null +++ b/src/time.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2021 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + */ + +#include +#include "fido.h" + +static int +timespec_to_ms(const struct timespec *ts) +{ + int64_t x, y; + + if (ts->tv_sec < 0 || ts->tv_nsec < 0 || + ts->tv_nsec >= 1000000000LL) + return -1; + + if ((uint64_t)ts->tv_sec >= INT64_MAX / 1000LL) + return -1; + + x = ts->tv_sec * 1000LL; + y = ts->tv_nsec / 1000000LL; + + if (INT64_MAX - x < y || x + y > INT_MAX) + return -1; + + return (int)(x + y); +} + +int +fido_time_now(struct timespec *ts_now) +{ + if (clock_gettime(CLOCK_MONOTONIC, ts_now) != 0) { + fido_log_error(errno, "%s: clock_gettime", __func__); + return -1; + } + + return 0; +} + +int +fido_time_delta(const struct timespec *ts_start, int *ms_remain) +{ + struct timespec ts_end, ts_delta; + int ms; + + if (*ms_remain < 0) + return 0; + + if (clock_gettime(CLOCK_MONOTONIC, &ts_end) != 0) { + fido_log_error(errno, "%s: clock_gettime", __func__); + return -1; + } + + if (timespeccmp(&ts_end, ts_start, <)) { + fido_log_debug("%s: timespeccmp", __func__); + return -1; + } + + timespecsub(&ts_end, ts_start, &ts_delta); + + if ((ms = timespec_to_ms(&ts_delta)) < 0) { + fido_log_debug("%s: timespec_to_ms", __func__); + return -1; + } + + if (ms > *ms_remain) + ms = *ms_remain; + + *ms_remain -= ms; + + return 0; +} diff --git a/src/tpm.c b/src/tpm.c new file mode 100644 index 000000000000..74620a5e4865 --- /dev/null +++ b/src/tpm.c @@ -0,0 +1,286 @@ +/* + * Copyright (c) 2021 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + */ + +/* + * Trusted Platform Module (TPM) 2.0 attestation support. Documentation + * references are relative to revision 01.38 of the TPM 2.0 specification. + */ + +#include + +#include "packed.h" +#include "fido.h" + +/* Part 1, 4.89: TPM_GENERATED_VALUE */ +#define TPM_MAGIC 0xff544347 + +/* Part 2, 6.3: TPM_ALG_ID */ +#define TPM_ALG_RSA 0x0001 +#define TPM_ALG_SHA256 0x000b +#define TPM_ALG_NULL 0x0010 + +/* Part 2, 6.9: TPM_ST_ATTEST_CERTIFY */ +#define TPM_ST_CERTIFY 0x8017 + +/* Part 2, 8.3: TPMA_OBJECT */ +#define TPMA_RESERVED 0xfff8f309 /* reserved bits; must be zero */ +#define TPMA_FIXED 0x00000002 /* object has fixed hierarchy */ +#define TPMA_CLEAR 0x00000004 /* object persists */ +#define TPMA_FIXED_P 0x00000010 /* object has fixed parent */ +#define TPMA_SENSITIVE 0x00000020 /* data originates within tpm */ +#define TPMA_SIGN 0x00020000 /* object may sign */ + +/* Part 2, 10.4.2: TPM2B_DIGEST */ +PACKED_TYPE(tpm_sha256_digest_t, +struct tpm_sha256_digest { + uint16_t size; /* sizeof(body) */ + uint8_t body[32]; +}) + +/* Part 2, 10.4.3: TPM2B_DATA */ +PACKED_TYPE(tpm_sha1_data_t, +struct tpm_sha1_data { + uint16_t size; /* sizeof(body */ + uint8_t body[20]; +}) + +/* Part 2, 10.5.3: TPM2B_NAME */ +PACKED_TYPE(tpm_sha256_name_t, +struct tpm_sha256_name { + uint16_t size; /* sizeof(alg) + sizeof(body) */ + uint16_t alg; /* TPM_ALG_SHA256 */ + uint8_t body[32]; +}) + +/* Part 2, 10.11.1: TPMS_CLOCK_INFO */ +PACKED_TYPE(tpm_clock_info_t, +struct tpm_clock_info { + uint64_t timestamp_ms; + uint32_t reset_count; /* obfuscated by tpm */ + uint32_t restart_count; /* obfuscated by tpm */ + uint8_t safe; /* 1 if timestamp_ms is current */ +}) + +/* Part 2, 10.12.8 TPMS_ATTEST */ +PACKED_TYPE(tpm_sha1_attest_t, +struct tpm_sha1_attest { + uint32_t magic; /* TPM_MAGIC */ + uint16_t type; /* TPM_ST_ATTEST_CERTIFY */ + tpm_sha256_name_t signer; /* full tpm path of signing key */ + tpm_sha1_data_t data; /* signed sha1 */ + tpm_clock_info_t clock; + uint64_t fwversion; /* obfuscated by tpm */ + tpm_sha256_name_t name; /* sha256 of tpm_rsa2048_pubarea_t */ + tpm_sha256_name_t qual_name; /* full tpm path of attested key */ +}) + +/* Part 2, 11.2.4.5: TPM2B_PUBLIC_KEY_RSA */ +PACKED_TYPE(tpm_rsa2048_key_t, +struct tpm_rsa2048_key { + uint16_t size; /* sizeof(body) */ + uint8_t body[256]; +}) + +/* Part 2, 12.2.3.5: TPMS_RSA_PARMS */ +PACKED_TYPE(tpm_rsa2048_param_t, +struct tpm_rsa2048_param { + uint16_t symmetric; /* TPM_ALG_NULL */ + uint16_t scheme; /* TPM_ALG_NULL */ + uint16_t keybits; /* 2048 */ + uint32_t exponent; /* zero (meaning 2^16 + 1) */ +}) + +/* Part 2, 12.2.4: TPMT_PUBLIC */ +PACKED_TYPE(tpm_rsa2048_pubarea_t, +struct tpm_rsa2048_pubarea { + uint16_t alg; /* TPM_ALG_RSA */ + uint16_t hash; /* TPM_ALG_SHA256 */ + uint32_t attr; + tpm_sha256_digest_t policy; /* must be present? */ + tpm_rsa2048_param_t param; + tpm_rsa2048_key_t key; +}) + +static int +get_signed_sha1(tpm_sha1_data_t *dgst, const fido_blob_t *authdata, + const fido_blob_t *clientdata) +{ + const EVP_MD *md = NULL; + EVP_MD_CTX *ctx = NULL; + int ok = -1; + + if ((dgst->size = sizeof(dgst->body)) != SHA_DIGEST_LENGTH || + (md = EVP_sha1()) == NULL || + (ctx = EVP_MD_CTX_new()) == NULL || + EVP_DigestInit_ex(ctx, md, NULL) != 1 || + EVP_DigestUpdate(ctx, authdata->ptr, authdata->len) != 1 || + EVP_DigestUpdate(ctx, clientdata->ptr, clientdata->len) != 1 || + EVP_DigestFinal_ex(ctx, dgst->body, NULL) != 1) { + fido_log_debug("%s: sha1", __func__); + goto fail; + } + + ok = 0; +fail: + EVP_MD_CTX_free(ctx); + + return (ok); +} + +static int +get_signed_name(tpm_sha256_name_t *name, const fido_blob_t *pubarea) +{ + name->alg = TPM_ALG_SHA256; + name->size = sizeof(name->alg) + sizeof(name->body); + if (sizeof(name->body) != SHA256_DIGEST_LENGTH || + SHA256(pubarea->ptr, pubarea->len, name->body) != name->body) { + fido_log_debug("%s: sha256", __func__); + return -1; + } + + return 0; +} + +static void +bswap_rsa2048_pubarea(tpm_rsa2048_pubarea_t *x) +{ + x->alg = htobe16(x->alg); + x->hash = htobe16(x->hash); + x->attr = htobe32(x->attr); + x->policy.size = htobe16(x->policy.size); + x->param.symmetric = htobe16(x->param.symmetric); + x->param.scheme = htobe16(x->param.scheme); + x->param.keybits = htobe16(x->param.keybits); + x->key.size = htobe16(x->key.size); +} + +static void +bswap_sha1_certinfo(tpm_sha1_attest_t *x) +{ + x->magic = htobe32(x->magic); + x->type = htobe16(x->type); + x->signer.size = htobe16(x->signer.size); + x->data.size = htobe16(x->data.size); + x->name.alg = htobe16(x->name.alg); + x->name.size = htobe16(x->name.size); +} + +static int +check_rsa2048_pubarea(const fido_blob_t *buf, const rs256_pk_t *pk) +{ + const tpm_rsa2048_pubarea_t *actual; + tpm_rsa2048_pubarea_t expected; + int ok; + + if (buf->len != sizeof(*actual)) { + fido_log_debug("%s: buf->len=%zu", __func__, buf->len); + return -1; + } + actual = (const void *)buf->ptr; + + memset(&expected, 0, sizeof(expected)); + expected.alg = TPM_ALG_RSA; + expected.hash = TPM_ALG_SHA256; + expected.attr = be32toh(actual->attr); + expected.attr &= ~(TPMA_RESERVED|TPMA_CLEAR); + expected.attr |= (TPMA_FIXED|TPMA_FIXED_P|TPMA_SENSITIVE|TPMA_SIGN); + expected.policy = actual->policy; + expected.policy.size = sizeof(expected.policy.body); + expected.param.symmetric = TPM_ALG_NULL; + expected.param.scheme = TPM_ALG_NULL; + expected.param.keybits = 2048; + expected.param.exponent = 0; /* meaning 2^16+1 */ + expected.key.size = sizeof(expected.key.body); + memcpy(&expected.key.body, &pk->n, sizeof(expected.key.body)); + bswap_rsa2048_pubarea(&expected); + + ok = timingsafe_bcmp(&expected, actual, sizeof(expected)); + explicit_bzero(&expected, sizeof(expected)); + + return ok != 0 ? -1 : 0; +} + +static int +check_sha1_certinfo(const fido_blob_t *buf, const fido_blob_t *clientdata_hash, + const fido_blob_t *authdata_raw, const fido_blob_t *pubarea) +{ + const tpm_sha1_attest_t *actual; + tpm_sha1_attest_t expected; + tpm_sha1_data_t signed_data; + tpm_sha256_name_t signed_name; + int ok = -1; + + memset(&signed_data, 0, sizeof(signed_data)); + memset(&signed_name, 0, sizeof(signed_name)); + + if (get_signed_sha1(&signed_data, authdata_raw, clientdata_hash) < 0 || + get_signed_name(&signed_name, pubarea) < 0) { + fido_log_debug("%s: get_signed_sha1/name", __func__); + goto fail; + } + if (buf->len != sizeof(*actual)) { + fido_log_debug("%s: buf->len=%zu", __func__, buf->len); + goto fail; + } + actual = (const void *)buf->ptr; + + memset(&expected, 0, sizeof(expected)); + expected.magic = TPM_MAGIC; + expected.type = TPM_ST_CERTIFY; + expected.signer = actual->signer; + expected.signer.size = sizeof(expected.signer.alg) + + sizeof(expected.signer.body); + expected.data = signed_data; + expected.clock = actual->clock; + expected.clock.safe = 1; + expected.fwversion = actual->fwversion; + expected.name = signed_name; + expected.qual_name = actual->qual_name; + bswap_sha1_certinfo(&expected); + + ok = timingsafe_bcmp(&expected, actual, sizeof(expected)); +fail: + explicit_bzero(&expected, sizeof(expected)); + explicit_bzero(&signed_data, sizeof(signed_data)); + explicit_bzero(&signed_name, sizeof(signed_name)); + + return ok != 0 ? -1 : 0; +} + +int +fido_get_signed_hash_tpm(fido_blob_t *dgst, const fido_blob_t *clientdata_hash, + const fido_blob_t *authdata_raw, const fido_attstmt_t *attstmt, + const fido_attcred_t *attcred) +{ + const fido_blob_t *pubarea = &attstmt->pubarea; + const fido_blob_t *certinfo = &attstmt->certinfo; + + if (attstmt->alg != COSE_RS1 || attcred->type != COSE_RS256) { + fido_log_debug("%s: unsupported alg %d, type %d", __func__, + attstmt->alg, attcred->type); + return -1; + } + + if (check_rsa2048_pubarea(pubarea, &attcred->pubkey.rs256) < 0) { + fido_log_debug("%s: check_rsa2048_pubarea", __func__); + return -1; + } + + if (check_sha1_certinfo(certinfo, clientdata_hash, authdata_raw, + pubarea) < 0) { + fido_log_debug("%s: check_sha1_certinfo", __func__); + return -1; + } + + if (dgst->len < SHA_DIGEST_LENGTH || + SHA1(certinfo->ptr, certinfo->len, dgst->ptr) != dgst->ptr) { + fido_log_debug("%s: sha1", __func__); + return -1; + } + dgst->len = SHA_DIGEST_LENGTH; + + return 0; +} diff --git a/src/types.c b/src/types.c new file mode 100644 index 000000000000..54c0ca582865 --- /dev/null +++ b/src/types.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. + * Use of this source code is governed by a BSD-style + * license that can be found in the LICENSE file. + */ + +#include "fido.h" + +void +fido_str_array_free(fido_str_array_t *sa) +{ + for (size_t i = 0; i < sa->len; i++) + free(sa->ptr[i]); + + free(sa->ptr); + sa->ptr = NULL; + sa->len = 0; +} + +void +fido_opt_array_free(fido_opt_array_t *oa) +{ + for (size_t i = 0; i < oa->len; i++) + free(oa->name[i]); + + free(oa->name); + free(oa->value); + oa->name = NULL; + oa->value = NULL; +} + +void +fido_byte_array_free(fido_byte_array_t *ba) +{ + free(ba->ptr); + + ba->ptr = NULL; + ba->len = 0; +} + +void +fido_algo_free(fido_algo_t *a) +{ + free(a->type); + a->type = NULL; + a->cose = 0; +} + +void +fido_algo_array_free(fido_algo_array_t *aa) +{ + for (size_t i = 0; i < aa->len; i++) + fido_algo_free(&aa->ptr[i]); + + free(aa->ptr); + aa->ptr = NULL; + aa->len = 0; +} + +int +fido_str_array_pack(fido_str_array_t *sa, const char * const *v, size_t n) +{ + if ((sa->ptr = calloc(n, sizeof(char *))) == NULL) { + fido_log_debug("%s: calloc", __func__); + return -1; + } + for (size_t i = 0; i < n; i++) { + if ((sa->ptr[i] = strdup(v[i])) == NULL) { + fido_log_debug("%s: strdup", __func__); + return -1; + } + sa->len++; + } + + return 0; +} diff --git a/src/u2f.c b/src/u2f.c index c5fbe0cfbb6c..6ebfcc7bb848 100644 --- a/src/u2f.c +++ b/src/u2f.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018 Yubico AB. All rights reserved. + * Copyright (c) 2018-2021 Yubico AB. All rights reserved. * Use of this source code is governed by a BSD-style * license that can be found in the LICENSE file. */ @@ -10,10 +10,13 @@ #ifdef HAVE_UNISTD_H #include #endif +#include #include "fido.h" #include "fido/es256.h" +#define U2F_PACE_MS (100) + #if defined(_MSC_VER) static int usleep(unsigned int usec) @@ -24,6 +27,28 @@ usleep(unsigned int usec) } #endif +static int +delay_ms(unsigned int ms, int *ms_remain) +{ + if (*ms_remain > -1 && (unsigned int)*ms_remain < ms) + ms = (unsigned int)*ms_remain; + + if (ms > UINT_MAX / 1000) { + fido_log_debug("%s: ms=%u", __func__, ms); + return (-1); + } + + if (usleep(ms * 1000) < 0) { + fido_log_error(errno, "%s: usleep", __func__); + return (-1); + } + + if (*ms_remain > -1) + *ms_remain -= (int)ms; + + return (0); +} + static int sig_get(fido_blob_t *sig, const unsigned char **buf, size_t *len) { @@ -115,7 +140,7 @@ authdata_fake(const char *rp_id, uint8_t flags, uint32_t sigcount, /* TODO: use u2f_get_touch_begin & u2f_get_touch_status instead */ static int -send_dummy_register(fido_dev_t *dev, int ms) +send_dummy_register(fido_dev_t *dev, int *ms) { iso7816_apdu_t *apdu = NULL; unsigned char challenge[SHA256_DIGEST_LENGTH]; @@ -123,10 +148,6 @@ send_dummy_register(fido_dev_t *dev, int ms) unsigned char reply[FIDO_MAXMSG]; int r; -#ifdef FIDO_FUZZ - ms = 0; /* XXX */ -#endif - /* dummy challenge & application */ memset(&challenge, 0xff, sizeof(challenge)); memset(&application, 0xff, sizeof(application)); @@ -142,7 +163,7 @@ send_dummy_register(fido_dev_t *dev, int ms) do { if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu), - iso7816_len(apdu)) < 0) { + iso7816_len(apdu), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -152,8 +173,8 @@ send_dummy_register(fido_dev_t *dev, int ms) r = FIDO_ERR_RX; goto fail; } - if (usleep((unsigned)(ms == -1 ? 100 : ms) * 1000) < 0) { - fido_log_debug("%s: usleep", __func__); + if (delay_ms(U2F_PACE_MS, ms) != 0) { + fido_log_debug("%s: delay_ms", __func__); r = FIDO_ERR_RX; goto fail; } @@ -168,7 +189,7 @@ send_dummy_register(fido_dev_t *dev, int ms) static int key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id, - int *found, int ms) + int *found, int *ms) { iso7816_apdu_t *apdu = NULL; unsigned char challenge[SHA256_DIGEST_LENGTH]; @@ -208,7 +229,7 @@ key_lookup(fido_dev_t *dev, const char *rp_id, const fido_blob_t *key_id, } if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu), - iso7816_len(apdu)) < 0) { + iso7816_len(apdu), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -274,7 +295,7 @@ parse_auth_reply(fido_blob_t *sig, fido_blob_t *ad, const char *rp_id, static int do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, - const fido_blob_t *key_id, fido_blob_t *sig, fido_blob_t *ad, int ms) + const fido_blob_t *key_id, fido_blob_t *sig, fido_blob_t *ad, int *ms) { iso7816_apdu_t *apdu = NULL; unsigned char rp_id_hash[SHA256_DIGEST_LENGTH]; @@ -284,7 +305,7 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, int r; #ifdef FIDO_FUZZ - ms = 0; /* XXX */ + *ms = 0; /* XXX */ #endif if (cdh->len != SHA256_DIGEST_LENGTH || key_id->len > UINT8_MAX || @@ -317,7 +338,7 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, do { if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu), - iso7816_len(apdu)) < 0) { + iso7816_len(apdu), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -328,8 +349,8 @@ do_auth(fido_dev_t *dev, const fido_blob_t *cdh, const char *rp_id, r = FIDO_ERR_RX; goto fail; } - if (usleep((unsigned)(ms == -1 ? 100 : ms) * 1000) < 0) { - fido_log_debug("%s: usleep", __func__); + if (delay_ms(U2F_PACE_MS, ms) != 0) { + fido_log_debug("%s: delay_ms", __func__); r = FIDO_ERR_RX; goto fail; } @@ -390,6 +411,71 @@ cbor_blob_from_ec_point(const uint8_t *ec_point, size_t ec_point_len, return (ok); } +static int +encode_cred_attstmt(int cose_alg, const fido_blob_t *x5c, + const fido_blob_t *sig, fido_blob_t *out) +{ + cbor_item_t *item = NULL; + cbor_item_t *x5c_cbor = NULL; + const uint8_t alg_cbor = (uint8_t)(-cose_alg - 1); + struct cbor_pair kv[3]; + size_t alloc_len; + int ok = -1; + + memset(&kv, 0, sizeof(kv)); + memset(out, 0, sizeof(*out)); + + if ((item = cbor_new_definite_map(3)) == NULL) { + fido_log_debug("%s: cbor_new_definite_map", __func__); + goto fail; + } + + if ((kv[0].key = cbor_build_string("alg")) == NULL || + (kv[0].value = cbor_build_negint8(alg_cbor)) == NULL || + !cbor_map_add(item, kv[0])) { + fido_log_debug("%s: alg", __func__); + goto fail; + } + + if ((kv[1].key = cbor_build_string("sig")) == NULL || + (kv[1].value = fido_blob_encode(sig)) == NULL || + !cbor_map_add(item, kv[1])) { + fido_log_debug("%s: sig", __func__); + goto fail; + } + + if ((kv[2].key = cbor_build_string("x5c")) == NULL || + (kv[2].value = cbor_new_definite_array(1)) == NULL || + (x5c_cbor = fido_blob_encode(x5c)) == NULL || + !cbor_array_push(kv[2].value, x5c_cbor) || + !cbor_map_add(item, kv[2])) { + fido_log_debug("%s: x5c", __func__); + goto fail; + } + + if ((out->len = cbor_serialize_alloc(item, &out->ptr, + &alloc_len)) == 0) { + fido_log_debug("%s: cbor_serialize_alloc", __func__); + goto fail; + } + + ok = 0; +fail: + if (item != NULL) + cbor_decref(&item); + if (x5c_cbor != NULL) + cbor_decref(&x5c_cbor); + + for (size_t i = 0; i < nitems(kv); i++) { + if (kv[i].key) + cbor_decref(&kv[i].key); + if (kv[i].value) + cbor_decref(&kv[i].value); + } + + return (ok); +} + static int encode_cred_authdata(const char *rp_id, const uint8_t *kh, uint8_t kh_len, const uint8_t *pubkey, size_t pubkey_len, fido_blob_t *out) @@ -476,6 +562,7 @@ parse_register_reply(fido_cred_t *cred, const unsigned char *reply, size_t len) fido_blob_t x5c; fido_blob_t sig; fido_blob_t ad; + fido_blob_t stmt; uint8_t dummy; uint8_t pubkey[65]; uint8_t kh_len = 0; @@ -485,6 +572,7 @@ parse_register_reply(fido_cred_t *cred, const unsigned char *reply, size_t len) memset(&x5c, 0, sizeof(x5c)); memset(&sig, 0, sizeof(sig)); memset(&ad, 0, sizeof(ad)); + memset(&stmt, 0, sizeof(stmt)); r = FIDO_ERR_RX; /* status word */ @@ -518,6 +606,12 @@ parse_register_reply(fido_cred_t *cred, const unsigned char *reply, size_t len) goto fail; } + /* attstmt */ + if (encode_cred_attstmt(COSE_ES256, &x5c, &sig, &stmt) < 0) { + fido_log_debug("%s: encode_cred_attstmt", __func__); + goto fail; + } + /* authdata */ if (encode_cred_authdata(cred->rp.id, kh, kh_len, pubkey, sizeof(pubkey), &ad) < 0) { @@ -527,8 +621,7 @@ parse_register_reply(fido_cred_t *cred, const unsigned char *reply, size_t len) if (fido_cred_set_fmt(cred, "fido-u2f") != FIDO_OK || fido_cred_set_authdata(cred, ad.ptr, ad.len) != FIDO_OK || - fido_cred_set_x509(cred, x5c.ptr, x5c.len) != FIDO_OK || - fido_cred_set_sig(cred, sig.ptr, sig.len) != FIDO_OK) { + fido_cred_set_attstmt(cred, stmt.ptr, stmt.len) != FIDO_OK) { fido_log_debug("%s: fido_cred_set", __func__); r = FIDO_ERR_INTERNAL; goto fail; @@ -540,12 +633,13 @@ parse_register_reply(fido_cred_t *cred, const unsigned char *reply, size_t len) fido_blob_reset(&x5c); fido_blob_reset(&sig); fido_blob_reset(&ad); + fido_blob_reset(&stmt); return (r); } int -u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) +u2f_register(fido_dev_t *dev, fido_cred_t *cred, int *ms) { iso7816_apdu_t *apdu = NULL; unsigned char rp_id_hash[SHA256_DIGEST_LENGTH]; @@ -554,10 +648,6 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) int found; int r; -#ifdef FIDO_FUZZ - ms = 0; /* XXX */ -#endif - if (cred->rk == FIDO_OPT_TRUE || cred->uv == FIDO_OPT_TRUE) { fido_log_debug("%s: rk=%d, uv=%d", __func__, cred->rk, cred->uv); @@ -606,7 +696,7 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) do { if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu), - iso7816_len(apdu)) < 0) { + iso7816_len(apdu), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -617,8 +707,8 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) r = FIDO_ERR_RX; goto fail; } - if (usleep((unsigned)(ms == -1 ? 100 : ms) * 1000) < 0) { - fido_log_debug("%s: usleep", __func__); + if (delay_ms(U2F_PACE_MS, ms) != 0) { + fido_log_debug("%s: delay_ms", __func__); r = FIDO_ERR_RX; goto fail; } @@ -637,7 +727,7 @@ u2f_register(fido_dev_t *dev, fido_cred_t *cred, int ms) static int u2f_authenticate_single(fido_dev_t *dev, const fido_blob_t *key_id, - fido_assert_t *fa, size_t idx, int ms) + fido_assert_t *fa, size_t idx, int *ms) { fido_blob_t sig; fido_blob_t ad; @@ -692,7 +782,7 @@ u2f_authenticate_single(fido_dev_t *dev, const fido_blob_t *key_id, } int -u2f_authenticate(fido_dev_t *dev, fido_assert_t *fa, int ms) +u2f_authenticate(fido_dev_t *dev, fido_assert_t *fa, int *ms) { size_t nfound = 0; size_t nauth_ok = 0; @@ -739,7 +829,7 @@ u2f_authenticate(fido_dev_t *dev, fido_assert_t *fa, int ms) } int -u2f_get_touch_begin(fido_dev_t *dev) +u2f_get_touch_begin(fido_dev_t *dev, int *ms) { iso7816_apdu_t *apdu = NULL; const char *clientdata = FIDO_DUMMY_CLIENTDATA; @@ -769,12 +859,12 @@ u2f_get_touch_begin(fido_dev_t *dev) } if (dev->attr.flags & FIDO_CAP_WINK) { - fido_tx(dev, CTAP_CMD_WINK, NULL, 0); - fido_rx(dev, CTAP_CMD_WINK, &reply, sizeof(reply), 200); + fido_tx(dev, CTAP_CMD_WINK, NULL, 0, ms); + fido_rx(dev, CTAP_CMD_WINK, &reply, sizeof(reply), ms); } if (fido_tx(dev, CTAP_CMD_MSG, iso7816_ptr(apdu), - iso7816_len(apdu)) < 0) { + iso7816_len(apdu), ms) < 0) { fido_log_debug("%s: fido_tx", __func__); r = FIDO_ERR_TX; goto fail; @@ -788,7 +878,7 @@ u2f_get_touch_begin(fido_dev_t *dev) } int -u2f_get_touch_status(fido_dev_t *dev, int *touched, int ms) +u2f_get_touch_status(fido_dev_t *dev, int *touched, int *ms) { unsigned char reply[FIDO_MAXMSG]; int reply_len; @@ -802,7 +892,7 @@ u2f_get_touch_status(fido_dev_t *dev, int *touched, int ms) switch ((reply[reply_len - 2] << 8) | reply[reply_len - 1]) { case SW_CONDITIONS_NOT_SATISFIED: - if ((r = u2f_get_touch_begin(dev)) != FIDO_OK) { + if ((r = u2f_get_touch_begin(dev, ms)) != FIDO_OK) { fido_log_debug("%s: u2f_get_touch_begin", __func__); return (r); } diff --git a/src/webauthn.h b/src/webauthn.h new file mode 100644 index 000000000000..5fbdd6faa927 --- /dev/null +++ b/src/webauthn.h @@ -0,0 +1,839 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the MIT License. + +#ifndef __WEBAUTHN_H_ +#define __WEBAUTHN_H_ + +#pragma once + +#include + +#pragma region Desktop Family or OneCore Family +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP | WINAPI_PARTITION_SYSTEM) + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef WINAPI +#define WINAPI __stdcall +#endif + +#ifndef INITGUID +#define INITGUID +#include +#undef INITGUID +#else +#include +#endif + +//+------------------------------------------------------------------------------------------ +// API Version Information. +// Caller should check for WebAuthNGetApiVersionNumber to check the presence of relevant APIs +// and features for their usage. +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_API_VERSION_1 1 +// WEBAUTHN_API_VERSION_1 : Baseline Version +// Data Structures and their sub versions: +// - WEBAUTHN_RP_ENTITY_INFORMATION : 1 +// - WEBAUTHN_USER_ENTITY_INFORMATION : 1 +// - WEBAUTHN_CLIENT_DATA : 1 +// - WEBAUTHN_COSE_CREDENTIAL_PARAMETER : 1 +// - WEBAUTHN_COSE_CREDENTIAL_PARAMETERS : Not Applicable +// - WEBAUTHN_CREDENTIAL : 1 +// - WEBAUTHN_CREDENTIALS : Not Applicable +// - WEBAUTHN_CREDENTIAL_EX : 1 +// - WEBAUTHN_CREDENTIAL_LIST : Not Applicable +// - WEBAUTHN_EXTENSION : Not Applicable +// - WEBAUTHN_EXTENSIONS : Not Applicable +// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 3 +// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 4 +// - WEBAUTHN_COMMON_ATTESTATION : 1 +// - WEBAUTHN_CREDENTIAL_ATTESTATION : 3 +// - WEBAUTHN_ASSERTION : 1 +// Extensions: +// - WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET +// APIs: +// - WebAuthNGetApiVersionNumber +// - WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable +// - WebAuthNAuthenticatorMakeCredential +// - WebAuthNAuthenticatorGetAssertion +// - WebAuthNFreeCredentialAttestation +// - WebAuthNFreeAssertion +// - WebAuthNGetCancellationId +// - WebAuthNCancelCurrentOperation +// - WebAuthNGetErrorName +// - WebAuthNGetW3CExceptionDOMError + +#define WEBAUTHN_API_VERSION_2 2 +// WEBAUTHN_API_VERSION_2 : Delta From WEBAUTHN_API_VERSION_1 +// Added Extensions: +// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT +// + +#define WEBAUTHN_API_VERSION_3 3 +// WEBAUTHN_API_VERSION_3 : Delta From WEBAUTHN_API_VERSION_2 +// Data Structures and their sub versions: +// - WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS : 4 +// - WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS : 5 +// - WEBAUTHN_CREDENTIAL_ATTESTATION : 4 +// - WEBAUTHN_ASSERTION : 2 +// Added Extensions: +// - WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB +// - WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH +// + +#define WEBAUTHN_API_CURRENT_VERSION WEBAUTHN_API_VERSION_3 + +//+------------------------------------------------------------------------------------------ +// Information about an RP Entity +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_RP_ENTITY_INFORMATION { + // Version of this structure, to allow for modifications in the future. + // This field is required and should be set to CURRENT_VERSION above. + DWORD dwVersion; + + // Identifier for the RP. This field is required. + PCWSTR pwszId; + + // Contains the friendly name of the Relying Party, such as "Acme Corporation", "Widgets Inc" or "Awesome Site". + // This field is required. + PCWSTR pwszName; + + // Optional URL pointing to RP's logo. + PCWSTR pwszIcon; +} WEBAUTHN_RP_ENTITY_INFORMATION, *PWEBAUTHN_RP_ENTITY_INFORMATION; +typedef const WEBAUTHN_RP_ENTITY_INFORMATION *PCWEBAUTHN_RP_ENTITY_INFORMATION; + +//+------------------------------------------------------------------------------------------ +// Information about an User Entity +//------------------------------------------------------------------------------------------- +#define WEBAUTHN_MAX_USER_ID_LENGTH 64 + +#define WEBAUTHN_USER_ENTITY_INFORMATION_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_USER_ENTITY_INFORMATION { + // Version of this structure, to allow for modifications in the future. + // This field is required and should be set to CURRENT_VERSION above. + DWORD dwVersion; + + // Identifier for the User. This field is required. + DWORD cbId; + _Field_size_bytes_(cbId) + PBYTE pbId; + + // Contains a detailed name for this account, such as "john.p.smith@example.com". + PCWSTR pwszName; + + // Optional URL that can be used to retrieve an image containing the user's current avatar, + // or a data URI that contains the image data. + PCWSTR pwszIcon; + + // For User: Contains the friendly name associated with the user account by the Relying Party, such as "John P. Smith". + PCWSTR pwszDisplayName; +} WEBAUTHN_USER_ENTITY_INFORMATION, *PWEBAUTHN_USER_ENTITY_INFORMATION; +typedef const WEBAUTHN_USER_ENTITY_INFORMATION *PCWEBAUTHN_USER_ENTITY_INFORMATION; + +//+------------------------------------------------------------------------------------------ +// Information about client data. +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_HASH_ALGORITHM_SHA_256 L"SHA-256" +#define WEBAUTHN_HASH_ALGORITHM_SHA_384 L"SHA-384" +#define WEBAUTHN_HASH_ALGORITHM_SHA_512 L"SHA-512" + +#define WEBAUTHN_CLIENT_DATA_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_CLIENT_DATA { + // Version of this structure, to allow for modifications in the future. + // This field is required and should be set to CURRENT_VERSION above. + DWORD dwVersion; + + // Size of the pbClientDataJSON field. + DWORD cbClientDataJSON; + // UTF-8 encoded JSON serialization of the client data. + _Field_size_bytes_(cbClientDataJSON) + PBYTE pbClientDataJSON; + + // Hash algorithm ID used to hash the pbClientDataJSON field. + LPCWSTR pwszHashAlgId; +} WEBAUTHN_CLIENT_DATA, *PWEBAUTHN_CLIENT_DATA; +typedef const WEBAUTHN_CLIENT_DATA *PCWEBAUTHN_CLIENT_DATA; + +//+------------------------------------------------------------------------------------------ +// Information about credential parameters. +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_CREDENTIAL_TYPE_PUBLIC_KEY L"public-key" + +#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256 -7 +#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P384_WITH_SHA384 -35 +#define WEBAUTHN_COSE_ALGORITHM_ECDSA_P521_WITH_SHA512 -36 + +#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA256 -257 +#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA384 -258 +#define WEBAUTHN_COSE_ALGORITHM_RSASSA_PKCS1_V1_5_WITH_SHA512 -259 + +#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA256 -37 +#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA384 -38 +#define WEBAUTHN_COSE_ALGORITHM_RSA_PSS_WITH_SHA512 -39 + +#define WEBAUTHN_COSE_CREDENTIAL_PARAMETER_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETER { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Well-known credential type specifying a credential to create. + LPCWSTR pwszCredentialType; + + // Well-known COSE algorithm specifying the algorithm to use for the credential. + LONG lAlg; +} WEBAUTHN_COSE_CREDENTIAL_PARAMETER, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETER; +typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETER *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETER; + +typedef struct _WEBAUTHN_COSE_CREDENTIAL_PARAMETERS { + DWORD cCredentialParameters; + _Field_size_(cCredentialParameters) + PWEBAUTHN_COSE_CREDENTIAL_PARAMETER pCredentialParameters; +} WEBAUTHN_COSE_CREDENTIAL_PARAMETERS, *PWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; +typedef const WEBAUTHN_COSE_CREDENTIAL_PARAMETERS *PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS; + +//+------------------------------------------------------------------------------------------ +// Information about credential. +//------------------------------------------------------------------------------------------- +#define WEBAUTHN_CREDENTIAL_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_CREDENTIAL { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Size of pbID. + DWORD cbId; + // Unique ID for this particular credential. + _Field_size_bytes_(cbId) + PBYTE pbId; + + // Well-known credential type specifying what this particular credential is. + LPCWSTR pwszCredentialType; +} WEBAUTHN_CREDENTIAL, *PWEBAUTHN_CREDENTIAL; +typedef const WEBAUTHN_CREDENTIAL *PCWEBAUTHN_CREDENTIAL; + +typedef struct _WEBAUTHN_CREDENTIALS { + DWORD cCredentials; + _Field_size_(cCredentials) + PWEBAUTHN_CREDENTIAL pCredentials; +} WEBAUTHN_CREDENTIALS, *PWEBAUTHN_CREDENTIALS; +typedef const WEBAUTHN_CREDENTIALS *PCWEBAUTHN_CREDENTIALS; + +//+------------------------------------------------------------------------------------------ +// Information about credential with extra information, such as, dwTransports +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_CTAP_TRANSPORT_USB 0x00000001 +#define WEBAUTHN_CTAP_TRANSPORT_NFC 0x00000002 +#define WEBAUTHN_CTAP_TRANSPORT_BLE 0x00000004 +#define WEBAUTHN_CTAP_TRANSPORT_TEST 0x00000008 +#define WEBAUTHN_CTAP_TRANSPORT_INTERNAL 0x00000010 +#define WEBAUTHN_CTAP_TRANSPORT_FLAGS_MASK 0x0000001F + +#define WEBAUTHN_CREDENTIAL_EX_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_CREDENTIAL_EX { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Size of pbID. + DWORD cbId; + // Unique ID for this particular credential. + _Field_size_bytes_(cbId) + PBYTE pbId; + + // Well-known credential type specifying what this particular credential is. + LPCWSTR pwszCredentialType; + + // Transports. 0 implies no transport restrictions. + DWORD dwTransports; +} WEBAUTHN_CREDENTIAL_EX, *PWEBAUTHN_CREDENTIAL_EX; +typedef const WEBAUTHN_CREDENTIAL_EX *PCWEBAUTHN_CREDENTIAL_EX; + +//+------------------------------------------------------------------------------------------ +// Information about credential list with extra information +//------------------------------------------------------------------------------------------- + +typedef struct _WEBAUTHN_CREDENTIAL_LIST { + DWORD cCredentials; + _Field_size_(cCredentials) + PWEBAUTHN_CREDENTIAL_EX *ppCredentials; +} WEBAUTHN_CREDENTIAL_LIST, *PWEBAUTHN_CREDENTIAL_LIST; +typedef const WEBAUTHN_CREDENTIAL_LIST *PCWEBAUTHN_CREDENTIAL_LIST; + +//+------------------------------------------------------------------------------------------ +// Hmac-Secret extension +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET L"hmac-secret" +// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_HMAC_SECRET +// MakeCredential Input Type: BOOL. +// - pvExtension must point to a BOOL with the value TRUE. +// - cbExtension must contain the sizeof(BOOL). +// MakeCredential Output Type: BOOL. +// - pvExtension will point to a BOOL with the value TRUE if credential +// was successfully created with HMAC_SECRET. +// - cbExtension will contain the sizeof(BOOL). +// GetAssertion Input Type: Not Supported +// GetAssertion Output Type: Not Supported + +//+------------------------------------------------------------------------------------------ +// credProtect extension +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_USER_VERIFICATION_ANY 0 +#define WEBAUTHN_USER_VERIFICATION_OPTIONAL 1 +#define WEBAUTHN_USER_VERIFICATION_OPTIONAL_WITH_CREDENTIAL_ID_LIST 2 +#define WEBAUTHN_USER_VERIFICATION_REQUIRED 3 + +typedef struct _WEBAUTHN_CRED_PROTECT_EXTENSION_IN { + // One of the above WEBAUTHN_USER_VERIFICATION_* values + DWORD dwCredProtect; + // Set the following to TRUE to require authenticator support for the credProtect extension + BOOL bRequireCredProtect; +} WEBAUTHN_CRED_PROTECT_EXTENSION_IN, *PWEBAUTHN_CRED_PROTECT_EXTENSION_IN; +typedef const WEBAUTHN_CRED_PROTECT_EXTENSION_IN *PCWEBAUTHN_CRED_PROTECT_EXTENSION_IN; + + +#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT L"credProtect" +// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_PROTECT +// MakeCredential Input Type: WEBAUTHN_CRED_PROTECT_EXTENSION_IN. +// - pvExtension must point to a WEBAUTHN_CRED_PROTECT_EXTENSION_IN struct +// - cbExtension will contain the sizeof(WEBAUTHN_CRED_PROTECT_EXTENSION_IN). +// MakeCredential Output Type: DWORD. +// - pvExtension will point to a DWORD with one of the above WEBAUTHN_USER_VERIFICATION_* values +// if credential was successfully created with CRED_PROTECT. +// - cbExtension will contain the sizeof(DWORD). +// GetAssertion Input Type: Not Supported +// GetAssertion Output Type: Not Supported + +//+------------------------------------------------------------------------------------------ +// credBlob extension +//------------------------------------------------------------------------------------------- + +typedef struct _WEBAUTHN_CRED_BLOB_EXTENSION { + // Size of pbCredBlob. + DWORD cbCredBlob; + _Field_size_bytes_(cbCredBlob) + PBYTE pbCredBlob; +} WEBAUTHN_CRED_BLOB_EXTENSION, *PWEBAUTHN_CRED_BLOB_EXTENSION; +typedef const WEBAUTHN_CRED_BLOB_EXTENSION *PCWEBAUTHN_CRED_BLOB_EXTENSION; + + +#define WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB L"credBlob" +// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_CRED_BLOB +// MakeCredential Input Type: WEBAUTHN_CRED_BLOB_EXTENSION. +// - pvExtension must point to a WEBAUTHN_CRED_BLOB_EXTENSION struct +// - cbExtension must contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). +// MakeCredential Output Type: BOOL. +// - pvExtension will point to a BOOL with the value TRUE if credBlob was successfully created +// - cbExtension will contain the sizeof(BOOL). +// GetAssertion Input Type: BOOL. +// - pvExtension must point to a BOOL with the value TRUE to request the credBlob. +// - cbExtension must contain the sizeof(BOOL). +// GetAssertion Output Type: WEBAUTHN_CRED_BLOB_EXTENSION. +// - pvExtension will point to a WEBAUTHN_CRED_BLOB_EXTENSION struct if the authenticator +// returns the credBlob in the signed extensions +// - cbExtension will contain the sizeof(WEBAUTHN_CRED_BLOB_EXTENSION). + +//+------------------------------------------------------------------------------------------ +// minPinLength extension +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH L"minPinLength" +// Below type definitions is for WEBAUTHN_EXTENSIONS_IDENTIFIER_MIN_PIN_LENGTH +// MakeCredential Input Type: BOOL. +// - pvExtension must point to a BOOL with the value TRUE to request the minPinLength. +// - cbExtension must contain the sizeof(BOOL). +// MakeCredential Output Type: DWORD. +// - pvExtension will point to a DWORD with the minimum pin length if returned by the authenticator +// - cbExtension will contain the sizeof(DWORD). +// GetAssertion Input Type: Not Supported +// GetAssertion Output Type: Not Supported + +//+------------------------------------------------------------------------------------------ +// Information about Extensions. +//------------------------------------------------------------------------------------------- +typedef struct _WEBAUTHN_EXTENSION { + LPCWSTR pwszExtensionIdentifier; + DWORD cbExtension; + PVOID pvExtension; +} WEBAUTHN_EXTENSION, *PWEBAUTHN_EXTENSION; +typedef const WEBAUTHN_EXTENSION *PCWEBAUTHN_EXTENSION; + +typedef struct _WEBAUTHN_EXTENSIONS { + DWORD cExtensions; + _Field_size_(cExtensions) + PWEBAUTHN_EXTENSION pExtensions; +} WEBAUTHN_EXTENSIONS, *PWEBAUTHN_EXTENSIONS; +typedef const WEBAUTHN_EXTENSIONS *PCWEBAUTHN_EXTENSIONS; + +//+------------------------------------------------------------------------------------------ +// Options. +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY 0 +#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM 1 +#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM 2 +#define WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM_U2F_V2 3 + +#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_ANY 0 +#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED 1 +#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED 2 +#define WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED 3 + +#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY 0 +#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE 1 +#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT 2 +#define WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT 3 + +#define WEBAUTHN_ENTERPRISE_ATTESTATION_NONE 0 +#define WEBAUTHN_ENTERPRISE_ATTESTATION_VENDOR_FACILITATED 1 +#define WEBAUTHN_ENTERPRISE_ATTESTATION_PLATFORM_MANAGED 2 + +#define WEBAUTHN_LARGE_BLOB_SUPPORT_NONE 0 +#define WEBAUTHN_LARGE_BLOB_SUPPORT_REQUIRED 1 +#define WEBAUTHN_LARGE_BLOB_SUPPORT_PREFERRED 2 + +#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1 1 +#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 2 +#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 3 +#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 4 +#define WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 + +typedef struct _WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Time that the operation is expected to complete within. + // This is used as guidance, and can be overridden by the platform. + DWORD dwTimeoutMilliseconds; + + // Credentials used for exclusion. + WEBAUTHN_CREDENTIALS CredentialList; + + // Optional extensions to parse when performing the operation. + WEBAUTHN_EXTENSIONS Extensions; + + // Optional. Platform vs Cross-Platform Authenticators. + DWORD dwAuthenticatorAttachment; + + // Optional. Require key to be resident or not. Defaulting to FALSE. + BOOL bRequireResidentKey; + + // User Verification Requirement. + DWORD dwUserVerificationRequirement; + + // Attestation Conveyance Preference. + DWORD dwAttestationConveyancePreference; + + // Reserved for future Use + DWORD dwFlags; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_2 + // + + // Cancellation Id - Optional - See WebAuthNGetCancellationId + GUID *pCancellationId; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_3 + // + + // Exclude Credential List. If present, "CredentialList" will be ignored. + PWEBAUTHN_CREDENTIAL_LIST pExcludeCredentialList; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_4 + // + + // Enterprise Attestation + DWORD dwEnterpriseAttestation; + + // Large Blob Support: none, required or preferred + // + // NTE_INVALID_PARAMETER when large blob required or preferred and + // both bRequireResidentKey and bPreferResidentKey are set to FALSE. + DWORD dwLargeBlobSupport; + + // Optional. Prefer key to be resident. Defaulting to FALSE. When TRUE, + // overrides the above bRequireResidentKey. + BOOL bPreferResidentKey; + +} WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; +typedef const WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS; + +#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_NONE 0 +#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_GET 1 +#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_SET 2 +#define WEBAUTHN_CRED_LARGE_BLOB_OPERATION_DELETE 3 + +#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1 1 +#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 2 +#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 3 +#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 4 +#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 5 +#define WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_CURRENT_VERSION WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 + +typedef struct _WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Time that the operation is expected to complete within. + // This is used as guidance, and can be overridden by the platform. + DWORD dwTimeoutMilliseconds; + + // Allowed Credentials List. + WEBAUTHN_CREDENTIALS CredentialList; + + // Optional extensions to parse when performing the operation. + WEBAUTHN_EXTENSIONS Extensions; + + // Optional. Platform vs Cross-Platform Authenticators. + DWORD dwAuthenticatorAttachment; + + // User Verification Requirement. + DWORD dwUserVerificationRequirement; + + // Reserved for future Use + DWORD dwFlags; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_2 + // + + // Optional identifier for the U2F AppId. Converted to UTF8 before being hashed. Not lower cased. + PCWSTR pwszU2fAppId; + + // If the following is non-NULL, then, set to TRUE if the above pwszU2fAppid was used instead of + // PCWSTR pwszRpId; + BOOL *pbU2fAppId; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_3 + // + + // Cancellation Id - Optional - See WebAuthNGetCancellationId + GUID *pCancellationId; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_4 + // + + // Allow Credential List. If present, "CredentialList" will be ignored. + PWEBAUTHN_CREDENTIAL_LIST pAllowCredentialList; + + // + // The following fields have been added in WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_5 + // + + DWORD dwCredLargeBlobOperation; + + // Size of pbCredLargeBlob + DWORD cbCredLargeBlob; + _Field_size_bytes_(cbCredLargeBlob) + PBYTE pbCredLargeBlob; +} WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, *PWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; +typedef const WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS; + + +//+------------------------------------------------------------------------------------------ +// Attestation Info. +// +//------------------------------------------------------------------------------------------- +#define WEBAUTHN_ATTESTATION_DECODE_NONE 0 +#define WEBAUTHN_ATTESTATION_DECODE_COMMON 1 +// WEBAUTHN_ATTESTATION_DECODE_COMMON supports format types +// L"packed" +// L"fido-u2f" + +#define WEBAUTHN_ATTESTATION_VER_TPM_2_0 L"2.0" + +typedef struct _WEBAUTHN_X5C { + // Length of X.509 encoded certificate + DWORD cbData; + // X.509 encoded certificate bytes + _Field_size_bytes_(cbData) + PBYTE pbData; +} WEBAUTHN_X5C, *PWEBAUTHN_X5C; + +// Supports either Self or Full Basic Attestation + +// Note, new fields will be added to the following data structure to +// support additional attestation format types, such as, TPM. +// When fields are added, the dwVersion will be incremented. +// +// Therefore, your code must make the following check: +// "if (dwVersion >= WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION)" + +#define WEBAUTHN_COMMON_ATTESTATION_CURRENT_VERSION 1 + +typedef struct _WEBAUTHN_COMMON_ATTESTATION { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Hash and Padding Algorithm + // + // The following won't be set for "fido-u2f" which assumes "ES256". + PCWSTR pwszAlg; + LONG lAlg; // COSE algorithm + + // Signature that was generated for this attestation. + DWORD cbSignature; + _Field_size_bytes_(cbSignature) + PBYTE pbSignature; + + // Following is set for Full Basic Attestation. If not, set then, this is Self Attestation. + // Array of X.509 DER encoded certificates. The first certificate is the signer, leaf certificate. + DWORD cX5c; + _Field_size_(cX5c) + PWEBAUTHN_X5C pX5c; + + // Following are also set for tpm + PCWSTR pwszVer; // L"2.0" + DWORD cbCertInfo; + _Field_size_bytes_(cbCertInfo) + PBYTE pbCertInfo; + DWORD cbPubArea; + _Field_size_bytes_(cbPubArea) + PBYTE pbPubArea; +} WEBAUTHN_COMMON_ATTESTATION, *PWEBAUTHN_COMMON_ATTESTATION; +typedef const WEBAUTHN_COMMON_ATTESTATION *PCWEBAUTHN_COMMON_ATTESTATION; + +#define WEBAUTHN_ATTESTATION_TYPE_PACKED L"packed" +#define WEBAUTHN_ATTESTATION_TYPE_U2F L"fido-u2f" +#define WEBAUTHN_ATTESTATION_TYPE_TPM L"tpm" +#define WEBAUTHN_ATTESTATION_TYPE_NONE L"none" + +#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_1 1 +#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 2 +#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 3 +#define WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 4 +#define WEBAUTHN_CREDENTIAL_ATTESTATION_CURRENT_VERSION WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 + +typedef struct _WEBAUTHN_CREDENTIAL_ATTESTATION { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Attestation format type + PCWSTR pwszFormatType; + + // Size of cbAuthenticatorData. + DWORD cbAuthenticatorData; + // Authenticator data that was created for this credential. + _Field_size_bytes_(cbAuthenticatorData) + PBYTE pbAuthenticatorData; + + // Size of CBOR encoded attestation information + //0 => encoded as CBOR null value. + DWORD cbAttestation; + //Encoded CBOR attestation information + _Field_size_bytes_(cbAttestation) + PBYTE pbAttestation; + + DWORD dwAttestationDecodeType; + // Following depends on the dwAttestationDecodeType + // WEBAUTHN_ATTESTATION_DECODE_NONE + // NULL - not able to decode the CBOR attestation information + // WEBAUTHN_ATTESTATION_DECODE_COMMON + // PWEBAUTHN_COMMON_ATTESTATION; + PVOID pvAttestationDecode; + + // The CBOR encoded Attestation Object to be returned to the RP. + DWORD cbAttestationObject; + _Field_size_bytes_(cbAttestationObject) + PBYTE pbAttestationObject; + + // The CredentialId bytes extracted from the Authenticator Data. + // Used by Edge to return to the RP. + DWORD cbCredentialId; + _Field_size_bytes_(cbCredentialId) + PBYTE pbCredentialId; + + // + // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_2 + // + + WEBAUTHN_EXTENSIONS Extensions; + + // + // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_3 + // + + // One of the WEBAUTHN_CTAP_TRANSPORT_* bits will be set corresponding to + // the transport that was used. + DWORD dwUsedTransport; + + // + // Following fields have been added in WEBAUTHN_CREDENTIAL_ATTESTATION_VERSION_4 + // + + BOOL bEpAtt; + BOOL bLargeBlobSupported; + BOOL bResidentKey; + +} WEBAUTHN_CREDENTIAL_ATTESTATION, *PWEBAUTHN_CREDENTIAL_ATTESTATION; +typedef const WEBAUTHN_CREDENTIAL_ATTESTATION *PCWEBAUTHN_CREDENTIAL_ATTESTATION; + + +//+------------------------------------------------------------------------------------------ +// authenticatorGetAssertion output. +//------------------------------------------------------------------------------------------- + +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NONE 0 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_SUCCESS 1 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_SUPPORTED 2 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_DATA 3 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_INVALID_PARAMETER 4 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_NOT_FOUND 5 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_MULTIPLE_CREDENTIALS 6 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_LACK_OF_SPACE 7 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_PLATFORM_ERROR 8 +#define WEBAUTHN_CRED_LARGE_BLOB_STATUS_AUTHENTICATOR_ERROR 9 + +#define WEBAUTHN_ASSERTION_VERSION_1 1 +#define WEBAUTHN_ASSERTION_VERSION_2 2 +#define WEBAUTHN_ASSERTION_CURRENT_VERSION WEBAUTHN_ASSERTION_VERSION_2 + +typedef struct _WEBAUTHN_ASSERTION { + // Version of this structure, to allow for modifications in the future. + DWORD dwVersion; + + // Size of cbAuthenticatorData. + DWORD cbAuthenticatorData; + // Authenticator data that was created for this assertion. + _Field_size_bytes_(cbAuthenticatorData) + PBYTE pbAuthenticatorData; + + // Size of pbSignature. + DWORD cbSignature; + // Signature that was generated for this assertion. + _Field_size_bytes_(cbSignature) + PBYTE pbSignature; + + // Credential that was used for this assertion. + WEBAUTHN_CREDENTIAL Credential; + + // Size of User Id + DWORD cbUserId; + // UserId + _Field_size_bytes_(cbUserId) + PBYTE pbUserId; + + // + // Following fields have been added in WEBAUTHN_ASSERTION_VERSION_2 + // + + WEBAUTHN_EXTENSIONS Extensions; + + // Size of pbCredLargeBlob + DWORD cbCredLargeBlob; + _Field_size_bytes_(cbCredLargeBlob) + PBYTE pbCredLargeBlob; + + DWORD dwCredLargeBlobStatus; + +} WEBAUTHN_ASSERTION, *PWEBAUTHN_ASSERTION; +typedef const WEBAUTHN_ASSERTION *PCWEBAUTHN_ASSERTION; + +//+------------------------------------------------------------------------------------------ +// APIs. +//------------------------------------------------------------------------------------------- + +DWORD +WINAPI +WebAuthNGetApiVersionNumber(); + +HRESULT +WINAPI +WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable( + _Out_ BOOL *pbIsUserVerifyingPlatformAuthenticatorAvailable); + + +HRESULT +WINAPI +WebAuthNAuthenticatorMakeCredential( + _In_ HWND hWnd, + _In_ PCWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation, + _In_ PCWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation, + _In_ PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS pPubKeyCredParams, + _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, + _In_opt_ PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS pWebAuthNMakeCredentialOptions, + _Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_ATTESTATION *ppWebAuthNCredentialAttestation); + + +HRESULT +WINAPI +WebAuthNAuthenticatorGetAssertion( + _In_ HWND hWnd, + _In_ LPCWSTR pwszRpId, + _In_ PCWEBAUTHN_CLIENT_DATA pWebAuthNClientData, + _In_opt_ PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS pWebAuthNGetAssertionOptions, + _Outptr_result_maybenull_ PWEBAUTHN_ASSERTION *ppWebAuthNAssertion); + +void +WINAPI +WebAuthNFreeCredentialAttestation( + _In_opt_ PWEBAUTHN_CREDENTIAL_ATTESTATION pWebAuthNCredentialAttestation); + +void +WINAPI +WebAuthNFreeAssertion( + _In_ PWEBAUTHN_ASSERTION pWebAuthNAssertion); + +HRESULT +WINAPI +WebAuthNGetCancellationId( + _Out_ GUID* pCancellationId); + +HRESULT +WINAPI +WebAuthNCancelCurrentOperation( + _In_ const GUID* pCancellationId); + +// +// Returns the following Error Names: +// L"Success" - S_OK +// L"InvalidStateError" - NTE_EXISTS +// L"ConstraintError" - HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED), +// NTE_NOT_SUPPORTED, +// NTE_TOKEN_KEYSET_STORAGE_FULL +// L"NotSupportedError" - NTE_INVALID_PARAMETER +// L"NotAllowedError" - NTE_DEVICE_NOT_FOUND, +// NTE_NOT_FOUND, +// HRESULT_FROM_WIN32(ERROR_CANCELLED), +// NTE_USER_CANCELLED, +// HRESULT_FROM_WIN32(ERROR_TIMEOUT) +// L"UnknownError" - All other hr values +// +PCWSTR +WINAPI +WebAuthNGetErrorName( + _In_ HRESULT hr); + +HRESULT +WINAPI +WebAuthNGetW3CExceptionDOMError( + _In_ HRESULT hr); + + +#ifdef __cplusplus +} // Balance extern "C" above +#endif + +#endif // WINAPI_FAMILY_PARTITION +#pragma endregion + +#endif // __WEBAUTHN_H_ diff --git a/src/winhello.c b/src/winhello.c index 0fe5b4cfe4c7..4797ac58281e 100644 --- a/src/winhello.c +++ b/src/winhello.c @@ -8,9 +8,9 @@ #include #include -#include #include "fido.h" +#include "webauthn.h" #define MAXCHARS 128 #define MAXCREDS 128 @@ -40,6 +40,87 @@ struct winhello_cred { wchar_t *display_name; }; +static TLS BOOL webauthn_loaded; +static TLS HMODULE webauthn_handle; +static TLS DWORD (*webauthn_get_api_version)(void); +static TLS PCWSTR (*webauthn_strerr)(HRESULT); +static TLS HRESULT (*webauthn_get_assert)(HWND, LPCWSTR, + PCWEBAUTHN_CLIENT_DATA, + PCWEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS, + PWEBAUTHN_ASSERTION *); +static TLS HRESULT (*webauthn_make_cred)(HWND, + PCWEBAUTHN_RP_ENTITY_INFORMATION, + PCWEBAUTHN_USER_ENTITY_INFORMATION, + PCWEBAUTHN_COSE_CREDENTIAL_PARAMETERS, + PCWEBAUTHN_CLIENT_DATA, + PCWEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS, + PWEBAUTHN_CREDENTIAL_ATTESTATION *); +static TLS void (*webauthn_free_assert)(PWEBAUTHN_ASSERTION); +static TLS void (*webauthn_free_attest)(PWEBAUTHN_CREDENTIAL_ATTESTATION); + +static int +webauthn_load(void) +{ + if (webauthn_loaded || webauthn_handle != NULL) { + fido_log_debug("%s: already loaded", __func__); + return -1; + } + if ((webauthn_handle = LoadLibrary("webauthn.dll")) == NULL) { + fido_log_debug("%s: LoadLibrary", __func__); + return -1; + } + + if ((webauthn_get_api_version = (void *)GetProcAddress(webauthn_handle, + "WebAuthNGetApiVersionNumber")) == NULL) { + fido_log_debug("%s: WebAuthNGetApiVersionNumber", __func__); + goto fail; + } + if ((webauthn_strerr = (void *)GetProcAddress(webauthn_handle, + "WebAuthNGetErrorName")) == NULL) { + fido_log_debug("%s: WebAuthNGetErrorName", __func__); + goto fail; + } + if ((webauthn_get_assert = (void *)GetProcAddress(webauthn_handle, + "WebAuthNAuthenticatorGetAssertion")) == NULL) { + fido_log_debug("%s: WebAuthNAuthenticatorGetAssertion", + __func__); + goto fail; + } + if ((webauthn_make_cred = (void *)GetProcAddress(webauthn_handle, + "WebAuthNAuthenticatorMakeCredential")) == NULL) { + fido_log_debug("%s: WebAuthNAuthenticatorMakeCredential", + __func__); + goto fail; + } + if ((webauthn_free_assert = (void *)GetProcAddress(webauthn_handle, + "WebAuthNFreeAssertion")) == NULL) { + fido_log_debug("%s: WebAuthNFreeAssertion", __func__); + goto fail; + } + if ((webauthn_free_attest = (void *)GetProcAddress(webauthn_handle, + "WebAuthNFreeCredentialAttestation")) == NULL) { + fido_log_debug("%s: WebAuthNFreeCredentialAttestation", + __func__); + goto fail; + } + + webauthn_loaded = true; + + return 0; +fail: + fido_log_debug("%s: GetProcAddress", __func__); + webauthn_get_api_version = NULL; + webauthn_strerr = NULL; + webauthn_get_assert = NULL; + webauthn_make_cred = NULL; + webauthn_free_assert = NULL; + webauthn_free_attest = NULL; + FreeLibrary(webauthn_handle); + webauthn_handle = NULL; + + return -1; +} + static wchar_t * to_utf16(const char *utf8) { @@ -97,24 +178,6 @@ to_utf8(const wchar_t *utf16) return utf8; } -static int -to_fido_str_array(fido_str_array_t *sa, const char **v, size_t n) -{ - if ((sa->ptr = calloc(n, sizeof(char *))) == NULL) { - fido_log_debug("%s: calloc", __func__); - return -1; - } - for (size_t i = 0; i < n; i++) { - if ((sa->ptr[i] = strdup(v[i])) == NULL) { - fido_log_debug("%s: strdup", __func__); - return -1; - } - sa->len++; - } - - return 0; -} - static int to_fido(HRESULT hr) { @@ -210,7 +273,7 @@ set_uv(DWORD *out, fido_opt_t uv, const char *pin) static int pack_rp(wchar_t **id, wchar_t **name, WEBAUTHN_RP_ENTITY_INFORMATION *out, - fido_rp_t *in) + const fido_rp_t *in) { /* keep non-const copies of pwsz* for free() */ out->dwVersion = WEBAUTHN_RP_ENTITY_INFORMATION_CURRENT_VERSION; @@ -227,7 +290,7 @@ pack_rp(wchar_t **id, wchar_t **name, WEBAUTHN_RP_ENTITY_INFORMATION *out, static int pack_user(wchar_t **name, wchar_t **icon, wchar_t **display_name, - WEBAUTHN_USER_ENTITY_INFORMATION *out, fido_user_t *in) + WEBAUTHN_USER_ENTITY_INFORMATION *out, const fido_user_t *in) { if (in->id.ptr == NULL || in->id.len > ULONG_MAX) { fido_log_debug("%s: id", __func__); @@ -287,7 +350,7 @@ pack_cose(WEBAUTHN_COSE_CREDENTIAL_PARAMETER *alg, } static int -pack_cred_ext(WEBAUTHN_EXTENSIONS *out, fido_cred_ext_t *in) +pack_cred_ext(WEBAUTHN_EXTENSIONS *out, const fido_cred_ext_t *in) { WEBAUTHN_EXTENSION *e; WEBAUTHN_CRED_PROTECT_EXTENSION_IN *p; @@ -342,94 +405,7 @@ pack_cred_ext(WEBAUTHN_EXTENSIONS *out, fido_cred_ext_t *in) } static int -unpack_fmt(fido_cred_t *cred, WEBAUTHN_CREDENTIAL_ATTESTATION *att) -{ - char *fmt; - int r; - - if ((fmt = to_utf8(att->pwszFormatType)) == NULL) { - fido_log_debug("%s: fmt", __func__); - return -1; - } - r = fido_cred_set_fmt(cred, fmt); - free(fmt); - fmt = NULL; - if (r != FIDO_OK) { - fido_log_debug("%s: fido_cred_set_fmt: %s", __func__, - fido_strerr(r)); - return -1; - } - - return 0; -} - -static int -unpack_cred_authdata(fido_cred_t *cred, WEBAUTHN_CREDENTIAL_ATTESTATION *att) -{ - int r; - - if (att->cbAuthenticatorData > SIZE_MAX) { - fido_log_debug("%s: cbAuthenticatorData", __func__); - return -1; - } - if ((r = fido_cred_set_authdata_raw(cred, att->pbAuthenticatorData, - (size_t)att->cbAuthenticatorData)) != FIDO_OK) { - fido_log_debug("%s: fido_cred_set_authdata_raw: %s", __func__, - fido_strerr(r)); - return -1; - } - - return 0; -} - -static int -unpack_cred_sig(fido_cred_t *cred, WEBAUTHN_COMMON_ATTESTATION *attr) -{ - int r; - - if (attr->cbSignature > SIZE_MAX) { - fido_log_debug("%s: cbSignature", __func__); - return -1; - } - if ((r = fido_cred_set_sig(cred, attr->pbSignature, - (size_t)attr->cbSignature)) != FIDO_OK) { - fido_log_debug("%s: fido_cred_set_sig: %s", __func__, - fido_strerr(r)); - return -1; - } - - return 0; -} - -static int -unpack_x5c(fido_cred_t *cred, WEBAUTHN_COMMON_ATTESTATION *attr) -{ - int r; - - fido_log_debug("%s: %u cert(s)", __func__, attr->cX5c); - - if (attr->cX5c == 0) - return 0; /* self-attestation */ - if (attr->lAlg != WEBAUTHN_COSE_ALGORITHM_ECDSA_P256_WITH_SHA256) { - fido_log_debug("%s: lAlg %d", __func__, attr->lAlg); - return -1; - } - if (attr->pX5c[0].cbData > SIZE_MAX) { - fido_log_debug("%s: cbData", __func__); - return -1; - } - if ((r = fido_cred_set_x509(cred, attr->pX5c[0].pbData, - (size_t)attr->pX5c[0].cbData)) != FIDO_OK) { - fido_log_debug("%s: fido_cred_set_x509: %s", __func__, - fido_strerr(r)); - return -1; - } - - return 0; -} - -static int -unpack_assert_authdata(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) +unpack_assert_authdata(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa) { int r; @@ -448,7 +424,7 @@ unpack_assert_authdata(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) } static int -unpack_assert_sig(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) +unpack_assert_sig(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa) { int r; @@ -467,7 +443,7 @@ unpack_assert_sig(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) } static int -unpack_cred_id(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) +unpack_cred_id(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa) { if (wa->Credential.cbId > SIZE_MAX) { fido_log_debug("%s: Credential.cbId", __func__); @@ -483,7 +459,7 @@ unpack_cred_id(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) } static int -unpack_user_id(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) +unpack_user_id(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa) { if (wa->cbUserId == 0) return 0; /* user id absent */ @@ -501,8 +477,8 @@ unpack_user_id(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) } static int -translate_fido_assert(struct winhello_assert *ctx, fido_assert_t *assert, - const char *pin) +translate_fido_assert(struct winhello_assert *ctx, const fido_assert_t *assert, + const char *pin, int ms) { WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS *opt; @@ -527,7 +503,7 @@ translate_fido_assert(struct winhello_assert *ctx, fido_assert_t *assert, /* options */ opt = &ctx->opt; opt->dwVersion = WEBAUTHN_AUTHENTICATOR_GET_ASSERTION_OPTIONS_VERSION_1; - opt->dwTimeoutMilliseconds = MAXMSEC; + opt->dwTimeoutMilliseconds = ms < 0 ? MAXMSEC : (DWORD)ms; if (pack_credlist(&opt->CredentialList, &assert->allow_list) < 0) { fido_log_debug("%s: pack_credlist", __func__); return FIDO_ERR_INTERNAL; @@ -541,7 +517,7 @@ translate_fido_assert(struct winhello_assert *ctx, fido_assert_t *assert, } static int -translate_winhello_assert(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) +translate_winhello_assert(fido_assert_t *assert, const WEBAUTHN_ASSERTION *wa) { int r; @@ -575,8 +551,8 @@ translate_winhello_assert(fido_assert_t *assert, WEBAUTHN_ASSERTION *wa) } static int -translate_fido_cred(struct winhello_cred *ctx, fido_cred_t *cred, - const char *pin) +translate_fido_cred(struct winhello_cred *ctx, const fido_cred_t *cred, + const char *pin, int ms) { WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS *opt; @@ -600,7 +576,9 @@ translate_fido_cred(struct winhello_cred *ctx, fido_cred_t *cred, /* options */ opt = &ctx->opt; opt->dwVersion = WEBAUTHN_AUTHENTICATOR_MAKE_CREDENTIAL_OPTIONS_VERSION_1; - opt->dwTimeoutMilliseconds = MAXMSEC; + opt->dwTimeoutMilliseconds = ms < 0 ? MAXMSEC : (DWORD)ms; + opt->dwAttestationConveyancePreference = + WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT; if (pack_credlist(&opt->CredentialList, &cred->excl) < 0) { fido_log_debug("%s: pack_credlist", __func__); return FIDO_ERR_INTERNAL; @@ -609,7 +587,8 @@ translate_fido_cred(struct winhello_cred *ctx, fido_cred_t *cred, fido_log_debug("%s: pack_cred_ext", __func__); return FIDO_ERR_UNSUPPORTED_EXTENSION; } - if (set_uv(&opt->dwUserVerificationRequirement, cred->uv, pin) < 0) { + if (set_uv(&opt->dwUserVerificationRequirement, (cred->ext.mask & + FIDO_EXT_CRED_PROTECT) ? FIDO_OPT_TRUE : cred->uv, pin) < 0) { fido_log_debug("%s: set_uv", __func__); return FIDO_ERR_INTERNAL; } @@ -621,67 +600,94 @@ translate_fido_cred(struct winhello_cred *ctx, fido_cred_t *cred, } static int -translate_winhello_cred(fido_cred_t *cred, WEBAUTHN_CREDENTIAL_ATTESTATION *att) +decode_attobj(const cbor_item_t *key, const cbor_item_t *val, void *arg) { - if (unpack_fmt(cred, att) < 0) { - fido_log_debug("%s: unpack_fmt", __func__); - return FIDO_ERR_INTERNAL; - } - if (unpack_cred_authdata(cred, att) < 0) { - fido_log_debug("%s: unpack_cred_authdata", __func__); - return FIDO_ERR_INTERNAL; + fido_cred_t *cred = arg; + char *name = NULL; + int ok = -1; + + if (cbor_string_copy(key, &name) < 0) { + fido_log_debug("%s: cbor type", __func__); + ok = 0; /* ignore */ + goto fail; } - switch (att->dwAttestationDecodeType) { - case WEBAUTHN_ATTESTATION_DECODE_NONE: - if (att->pvAttestationDecode != NULL) { - fido_log_debug("%s: pvAttestationDecode", __func__); - return FIDO_ERR_INTERNAL; + if (!strcmp(name, "fmt")) { + if (cbor_decode_fmt(val, &cred->fmt) < 0) { + fido_log_debug("%s: cbor_decode_fmt", __func__); + goto fail; } - break; - case WEBAUTHN_ATTESTATION_DECODE_COMMON: - if (att->pvAttestationDecode == NULL) { - fido_log_debug("%s: pvAttestationDecode", __func__); - return FIDO_ERR_INTERNAL; + } else if (!strcmp(name, "attStmt")) { + if (cbor_decode_attstmt(val, &cred->attstmt) < 0) { + fido_log_debug("%s: cbor_decode_attstmt", __func__); + goto fail; } - if (unpack_cred_sig(cred, att->pvAttestationDecode) < 0) { - fido_log_debug("%s: unpack_cred_sig", __func__); - return FIDO_ERR_INTERNAL; + } else if (!strcmp(name, "authData")) { + if (cbor_decode_cred_authdata(val, cred->type, + &cred->authdata_cbor, &cred->authdata, &cred->attcred, + &cred->authdata_ext) < 0) { + fido_log_debug("%s: cbor_decode_cred_authdata", + __func__); + goto fail; } - if (unpack_x5c(cred, att->pvAttestationDecode) < 0) { - fido_log_debug("%s: unpack_x5c", __func__); - return FIDO_ERR_INTERNAL; - } - break; - default: - fido_log_debug("%s: dwAttestationDecodeType: %u", __func__, - att->dwAttestationDecodeType); - return FIDO_ERR_INTERNAL; } - return FIDO_OK; + ok = 0; +fail: + free(name); + + return (ok); } static int -winhello_manifest(BOOL *present) +translate_winhello_cred(fido_cred_t *cred, const WEBAUTHN_CREDENTIAL_ATTESTATION *att) +{ + + cbor_item_t *item = NULL; + struct cbor_load_result cbor; + int r = FIDO_ERR_INTERNAL; + + if (att->pbAttestationObject == NULL || + att->cbAttestationObject > SIZE_MAX) { + fido_log_debug("%s: pbAttestationObject", __func__); + goto fail; + } + if ((item = cbor_load(att->pbAttestationObject, + (size_t)att->cbAttestationObject, &cbor)) == NULL) { + fido_log_debug("%s: cbor_load", __func__); + goto fail; + } + if (cbor_isa_map(item) == false || + cbor_map_is_definite(item) == false || + cbor_map_iter(item, cred, decode_attobj) < 0) { + fido_log_debug("%s: cbor type", __func__); + goto fail; + } + + r = FIDO_OK; +fail: + if (item != NULL) + cbor_decref(&item); + + return r; +} + +static int +winhello_manifest(void) { DWORD n; - HRESULT hr; - int r = FIDO_OK; - if ((n = WebAuthNGetApiVersionNumber()) < 1) { + if (!webauthn_loaded && webauthn_load() < 0) { + fido_log_debug("%s: webauthn_load", __func__); + return FIDO_ERR_INTERNAL; + } + if ((n = webauthn_get_api_version()) < 1) { fido_log_debug("%s: unsupported api %u", __func__, n); return FIDO_ERR_INTERNAL; } fido_log_debug("%s: api version %u", __func__, n); - hr = WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable(present); - if (hr != S_OK) { - r = to_fido(hr); - fido_log_debug("%s: %ls -> %s", __func__, - WebAuthNGetErrorName(hr), fido_strerr(r)); - } - return r; + return FIDO_OK; } static int @@ -690,12 +696,11 @@ winhello_get_assert(HWND w, struct winhello_assert *ctx) HRESULT hr; int r = FIDO_OK; - hr = WebAuthNAuthenticatorGetAssertion(w, ctx->rp_id, &ctx->cd, - &ctx->opt, &ctx->assert); - if (hr != S_OK) { + if ((hr = webauthn_get_assert(w, ctx->rp_id, &ctx->cd, &ctx->opt, + &ctx->assert)) != S_OK) { r = to_fido(hr); - fido_log_debug("%s: %ls -> %s", __func__, - WebAuthNGetErrorName(hr), fido_strerr(r)); + fido_log_debug("%s: %ls -> %s", __func__, webauthn_strerr(hr), + fido_strerr(r)); } return r; @@ -707,12 +712,11 @@ winhello_make_cred(HWND w, struct winhello_cred *ctx) HRESULT hr; int r = FIDO_OK; - hr = WebAuthNAuthenticatorMakeCredential(w, &ctx->rp, &ctx->user, - &ctx->cose, &ctx->cd, &ctx->opt, &ctx->att); - if (hr != S_OK) { + if ((hr = webauthn_make_cred(w, &ctx->rp, &ctx->user, &ctx->cose, + &ctx->cd, &ctx->opt, &ctx->att)) != S_OK) { r = to_fido(hr); - fido_log_debug("%s: %ls -> %s", __func__, - WebAuthNGetErrorName(hr), fido_strerr(r)); + fido_log_debug("%s: %ls -> %s", __func__, webauthn_strerr(hr), + fido_strerr(r)); } return r; @@ -724,7 +728,7 @@ winhello_assert_free(struct winhello_assert *ctx) if (ctx == NULL) return; if (ctx->assert != NULL) - WebAuthNFreeAssertion(ctx->assert); + webauthn_free_assert(ctx->assert); free(ctx->rp_id); free(ctx->opt.CredentialList.pCredentials); @@ -737,7 +741,7 @@ winhello_cred_free(struct winhello_cred *ctx) if (ctx == NULL) return; if (ctx->att != NULL) - WebAuthNFreeCredentialAttestation(ctx->att); + webauthn_free_attest(ctx->att); free(ctx->rp_id); free(ctx->rp_name); @@ -758,7 +762,6 @@ int fido_winhello_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) { int r; - BOOL present; fido_dev_info_t *di; if (ilen == 0) { @@ -767,14 +770,10 @@ fido_winhello_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) if (devlist == NULL) { return FIDO_ERR_INVALID_ARGUMENT; } - if ((r = winhello_manifest(&present)) != FIDO_OK) { + if ((r = winhello_manifest()) != FIDO_OK) { fido_log_debug("%s: winhello_manifest", __func__); return r; } - if (present == false) { - fido_log_debug("%s: not present", __func__); - return FIDO_OK; - } di = &devlist[*olen]; memset(di, 0, sizeof(*di)); @@ -799,9 +798,12 @@ fido_winhello_manifest(fido_dev_info_t *devlist, size_t ilen, size_t *olen) int fido_winhello_open(fido_dev_t *dev) { + if (!webauthn_loaded && webauthn_load() < 0) { + fido_log_debug("%s: webauthn_load", __func__); + return FIDO_ERR_INTERNAL; + } if (dev->flags != 0) return FIDO_ERR_INVALID_ARGUMENT; - dev->attr.flags = FIDO_CAP_CBOR | FIDO_CAP_WINK; dev->flags = FIDO_DEV_WINHELLO | FIDO_DEV_CRED_PROT | FIDO_DEV_PIN_SET; @@ -826,7 +828,7 @@ fido_winhello_cancel(fido_dev_t *dev) int fido_winhello_get_assert(fido_dev_t *dev, fido_assert_t *assert, - const char *pin) + const char *pin, int ms) { HWND w; struct winhello_assert *ctx; @@ -834,6 +836,8 @@ fido_winhello_get_assert(fido_dev_t *dev, fido_assert_t *assert, (void)dev; + fido_assert_reset_rx(assert); + if ((ctx = calloc(1, sizeof(*ctx))) == NULL) { fido_log_debug("%s: calloc", __func__); goto fail; @@ -842,7 +846,7 @@ fido_winhello_get_assert(fido_dev_t *dev, fido_assert_t *assert, fido_log_debug("%s: GetForegroundWindow", __func__); goto fail; } - if ((r = translate_fido_assert(ctx, assert, pin)) != FIDO_OK) { + if ((r = translate_fido_assert(ctx, assert, pin, ms)) != FIDO_OK) { fido_log_debug("%s: translate_fido_assert", __func__); goto fail; } @@ -873,10 +877,10 @@ fido_winhello_get_cbor_info(fido_dev_t *dev, fido_cbor_info_t *ci) fido_cbor_info_reset(ci); - if (to_fido_str_array(&ci->versions, v, nitems(v)) < 0 || - to_fido_str_array(&ci->extensions, e, nitems(e)) < 0 || - to_fido_str_array(&ci->transports, t, nitems(t)) < 0) { - fido_log_debug("%s: to_fido_str_array", __func__); + if (fido_str_array_pack(&ci->versions, v, nitems(v)) < 0 || + fido_str_array_pack(&ci->extensions, e, nitems(e)) < 0 || + fido_str_array_pack(&ci->transports, t, nitems(t)) < 0) { + fido_log_debug("%s: fido_str_array_pack", __func__); return FIDO_ERR_INTERNAL; } if ((ci->options.name = calloc(nitems(o), sizeof(char *))) == NULL || @@ -897,7 +901,8 @@ fido_winhello_get_cbor_info(fido_dev_t *dev, fido_cbor_info_t *ci) } int -fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin) +fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin, + int ms) { HWND w; struct winhello_cred *ctx; @@ -905,6 +910,8 @@ fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin) (void)dev; + fido_cred_reset_rx(cred); + if ((ctx = calloc(1, sizeof(*ctx))) == NULL) { fido_log_debug("%s: calloc", __func__); goto fail; @@ -913,7 +920,7 @@ fido_winhello_make_cred(fido_dev_t *dev, fido_cred_t *cred, const char *pin) fido_log_debug("%s: GetForegroundWindow", __func__); goto fail; } - if ((r = translate_fido_cred(ctx, cred, pin)) != FIDO_OK) { + if ((r = translate_fido_cred(ctx, cred, pin, ms)) != FIDO_OK) { fido_log_debug("%s: translate_fido_cred", __func__); goto fail; } diff --git a/tools/CMakeLists.txt b/tools/CMakeLists.txt index b1dde9949c4f..f37aa1d87c97 100644 --- a/tools/CMakeLists.txt +++ b/tools/CMakeLists.txt @@ -3,10 +3,13 @@ # license that can be found in the LICENSE file. list(APPEND COMPAT_SOURCES + ../openbsd-compat/bsd-getpagesize.c ../openbsd-compat/explicit_bzero.c ../openbsd-compat/freezero.c + ../openbsd-compat/recallocarray.c ../openbsd-compat/strlcat.c ../openbsd-compat/strlcpy.c + ../openbsd-compat/strsep.c ) if(WIN32 AND NOT CYGWIN AND NOT MSYS) diff --git a/tools/config.c b/tools/config.c index 17dfe4457902..3eea4c9b6cf6 100644 --- a/tools/config.c +++ b/tools/config.c @@ -147,3 +147,51 @@ config_force_pin_change(char *path) exit(ok); } + +int +config_pin_minlen_rpid(char *path, const char *rpids) +{ + fido_dev_t *dev; + char *otmp, *tmp, *cp; + char *pin = NULL, **rpid = NULL; + int r, ok = 1; + size_t n; + + if ((tmp = strdup(rpids)) == NULL) + err(1, "strdup"); + otmp = tmp; + for (n = 0; (cp = strsep(&tmp, ",")) != NULL; n++) { + if (n == SIZE_MAX || (rpid = recallocarray(rpid, n, n + 1, + sizeof(*rpid))) == NULL) + err(1, "recallocarray"); + if ((rpid[n] = strdup(cp)) == NULL) + err(1, "strdup"); + if (*rpid[n] == '\0') + errx(1, "empty rpid"); + } + free(otmp); + if (rpid == NULL || n == 0) + errx(1, "could not parse rp_id"); + dev = open_dev(path); + if ((r = fido_dev_set_pin_minlen_rpid(dev, (const char * const *)rpid, + n, NULL)) != FIDO_OK && should_retry_with_pin(dev, r)) { + if ((pin = get_pin(path)) == NULL) + goto out; + r = fido_dev_set_pin_minlen_rpid(dev, (const char * const *)rpid, + n, pin); + freezero(pin, PINBUF_LEN); + pin = NULL; + } + if (r != FIDO_OK) { + warnx("fido_dev_set_pin_minlen_rpid: %s (0x%x)", + fido_strerr(r), r); + goto out; + } + + ok = 0; +out: + fido_dev_close(dev); + fido_dev_free(&dev); + + exit(ok); +} diff --git a/tools/extern.h b/tools/extern.h index 207c35894f8b..8b25dadd45ac 100644 --- a/tools/extern.h +++ b/tools/extern.h @@ -20,7 +20,7 @@ struct blob { size_t len; }; -#define TOKEN_OPT "CDGILPRSVabcdefi:k:l:n:p:ru" +#define TOKEN_OPT "CDGILPRSVabcdefi:k:l:m:n:p:ru" #define FLAG_DEBUG 0x01 #define FLAG_QUIET 0x02 @@ -62,6 +62,7 @@ int config_always_uv(char *, int); int config_entattest(char *); int config_force_pin_change(char *); int config_pin_minlen(char *, const char *); +int config_pin_minlen_rpid(char *, const char *); int cose_type(const char *, int *); int cred_make(int, char **); int cred_verify(int, char **); diff --git a/tools/fido2-token.c b/tools/fido2-token.c index c1539b8bc08e..e6d9f9f96381 100644 --- a/tools/fido2-token.c +++ b/tools/fido2-token.c @@ -28,6 +28,7 @@ usage(void) " fido2-token -S [-adefu] [-l pin_length] [-i template_id -n template_name] device\n" " fido2-token -Sb [-k key_path] [-i cred_id -n rp_id] blob_path device\n" " fido2-token -Sc -i cred_id -k user_id -n name -p display_name device\n" +" fido2-token -Sm rp_id device\n" " fido2-token -V\n" ); @@ -59,6 +60,7 @@ main(int argc, char **argv) case 'i': case 'k': case 'l': + case 'm': case 'n': case 'p': case 'r': diff --git a/tools/token.c b/tools/token.c index 4dcc2fea6dbd..3d165623fdbf 100644 --- a/tools/token.c +++ b/tools/token.c @@ -352,6 +352,7 @@ token_set(int argc, char **argv, char *path) char *len = NULL; char *display_name = NULL; char *name = NULL; + char *rpid = NULL; int blob = 0; int cred = 0; int ch; @@ -391,6 +392,9 @@ token_set(int argc, char **argv, char *path) case 'p': display_name = optarg; break; + case 'm': + rpid = optarg; + break; case 'n': name = optarg; break; @@ -440,6 +444,8 @@ token_set(int argc, char **argv, char *path) if (len) return (config_pin_minlen(path, len)); + if (rpid) + return (config_pin_minlen_rpid(path, rpid)); if (force) return (config_force_pin_change(path)); if (uv) diff --git a/windows/build.ps1 b/windows/build.ps1 index 55aac9d96bc5..87d0c31e5311 100644 --- a/windows/build.ps1 +++ b/windows/build.ps1 @@ -1,140 +1,136 @@ +# Copyright (c) 2021 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + param( [string]$CMakePath = "C:\Program Files\CMake\bin\cmake.exe", [string]$GitPath = "C:\Program Files\Git\bin\git.exe", [string]$SevenZPath = "C:\Program Files\7-Zip\7z.exe", [string]$GPGPath = "C:\Program Files (x86)\GnuPG\bin\gpg.exe", [string]$WinSDK = "", + [string]$Config = "Release", + [string]$Arch = "x64", + [string]$Type = "dynamic", [string]$Fido2Flags = "" ) -$ErrorActionPreference = "Continue" - +$ErrorActionPreference = "Stop" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -# LibreSSL coordinates. -New-Variable -Name 'LIBRESSL_URL' ` - -Value 'https://fastly.cdn.openbsd.org/pub/OpenBSD/LibreSSL' -Option Constant -New-Variable -Name 'LIBRESSL' -Value 'libressl-3.2.5' -Option Constant +. "$PSScriptRoot\const.ps1" -# libcbor coordinates. -New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.8.0' -Option Constant -New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.8.0' -Option Constant -New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' ` - -Option Constant +Function ExitOnError() { + if ($LastExitCode -ne 0) { + throw "A command exited with status $LastExitCode" + } +} -# zlib coordinates. -New-Variable -Name 'ZLIB' -Value 'zlib-1.2.11' -Option Constant -New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.2.11' -Option Constant -New-Variable -Name 'ZLIB_GIT' -Value 'https://github.com/madler/zlib' ` - -Option Constant - -# Work directories. -New-Variable -Name 'BUILD' -Value "$PSScriptRoot\..\build" -Option Constant -New-Variable -Name 'OUTPUT' -Value "$PSScriptRoot\..\output" -Option Constant - -# Find CMake. -$CMake = $(Get-Command cmake -ErrorAction Ignore | Select-Object -ExpandProperty Source) -if([string]::IsNullOrEmpty($CMake)) { - $CMake = $CMakePath +Function GitClone(${REPO}, ${BRANCH}, ${DIR}) { + Write-Host "Cloning ${REPO}..." + & $Git -c advice.detachedHead=false clone --quiet --depth=1 ` + --branch "${BRANCH}" "${REPO}" "${DIR}" + Write-Host "${REPO}'s ${BRANCH} HEAD is:" + & $Git -C "${DIR}" show -s HEAD } # Find Git. -$Git = $(Get-Command git -ErrorAction Ignore | Select-Object -ExpandProperty Source) -if([string]::IsNullOrEmpty($Git)) { +$Git = $(Get-Command git -ErrorAction Ignore | ` + Select-Object -ExpandProperty Source) +if ([string]::IsNullOrEmpty($Git)) { $Git = $GitPath } +if (-Not (Test-Path $Git)) { + throw "Unable to find Git at $Git" +} + +# Find CMake. +$CMake = $(Get-Command cmake -ErrorAction Ignore | ` + Select-Object -ExpandProperty Source) +if ([string]::IsNullOrEmpty($CMake)) { + $CMake = $CMakePath +} +if (-Not (Test-Path $CMake)) { + throw "Unable to find CMake at $CMake" +} # Find 7z. -$SevenZ = $(Get-Command 7z -ErrorAction Ignore | Select-Object -ExpandProperty Source) -if([string]::IsNullOrEmpty($SevenZ)) { +$SevenZ = $(Get-Command 7z -ErrorAction Ignore | ` + Select-Object -ExpandProperty Source) +if ([string]::IsNullOrEmpty($SevenZ)) { $SevenZ = $SevenZPath } +if (-Not (Test-Path $SevenZ)) { + throw "Unable to find 7z at $SevenZ" +} # Find GPG. -$GPG = $(Get-Command gpg -ErrorAction Ignore | Select-Object -ExpandProperty Source) -if([string]::IsNullOrEmpty($GPG)) { +$GPG = $(Get-Command gpg -ErrorAction Ignore | ` + Select-Object -ExpandProperty Source) +if ([string]::IsNullOrEmpty($GPG)) { $GPG = $GPGPath } +if (-Not (Test-Path $GPG)) { + throw "Unable to find GPG at $GPG" +} # Override CMAKE_SYSTEM_VERSION if $WinSDK is set. -if(-Not ([string]::IsNullOrEmpty($WinSDK))) { +if (-Not ([string]::IsNullOrEmpty($WinSDK))) { $CMAKE_SYSTEM_VERSION = "-DCMAKE_SYSTEM_VERSION='$WinSDK'" } else { $CMAKE_SYSTEM_VERSION = '' } -if(-Not (Test-Path $CMake)) { - throw "Unable to find CMake at $CMake" -} - -if(-Not (Test-Path $Git)) { - throw "Unable to find Git at $Git" -} - -if(-Not (Test-Path $SevenZ)) { - throw "Unable to find 7z at $SevenZ" -} - -if(-Not (Test-Path $GPG)) { - throw "Unable to find GPG at $GPG" -} - +Write-Host "WinSDK: $WinSDK" +Write-Host "Config: $Config" +Write-Host "Arch: $Arch" +Write-Host "Type: $Type" Write-Host "Git: $Git" Write-Host "CMake: $CMake" Write-Host "7z: $SevenZ" Write-Host "GPG: $GPG" -New-Item -Type Directory ${BUILD} -New-Item -Type Directory ${BUILD}\32 -New-Item -Type Directory ${BUILD}\32\dynamic -New-Item -Type Directory ${BUILD}\32\static -New-Item -Type Directory ${BUILD}\64 -New-Item -Type Directory ${BUILD}\64\dynamic -New-Item -Type Directory ${BUILD}\64\static -New-Item -Type Directory ${OUTPUT} -New-Item -Type Directory ${OUTPUT}\pkg\Win64\Release\v142\dynamic -New-Item -Type Directory ${OUTPUT}\pkg\Win32\Release\v142\dynamic -New-Item -Type Directory ${OUTPUT}\pkg\Win64\Release\v142\static -New-Item -Type Directory ${OUTPUT}\pkg\Win32\Release\v142\static +# Create build directories. +New-Item -Type Directory "${BUILD}" -Force +New-Item -Type Directory "${BUILD}\${Arch}" -Force +New-Item -Type Directory "${BUILD}\${Arch}\${Type}" -Force +New-Item -Type Directory "${STAGE}\${LIBRESSL}" -Force +New-Item -Type Directory "${STAGE}\${LIBCBOR}" -Force +New-Item -Type Directory "${STAGE}\${ZLIB}" -Force +# Create output directories. +New-Item -Type Directory "${OUTPUT}" -Force +New-Item -Type Directory "${OUTPUT}\${Arch}" -Force +New-Item -Type Directory "${OUTPUT}\${Arch}\${Type}" -force + +# Fetch and verify dependencies. Push-Location ${BUILD} - try { - if (Test-Path .\${LIBRESSL}) { - Remove-Item .\${LIBRESSL} -Recurse -ErrorAction Stop - } + if (-Not (Test-Path .\${LIBRESSL})) { + if (-Not (Test-Path .\${LIBRESSL}.tar.gz -PathType leaf)) { + Invoke-WebRequest ${LIBRESSL_URL}/${LIBRESSL}.tar.gz ` + -OutFile .\${LIBRESSL}.tar.gz + } + if (-Not (Test-Path .\${LIBRESSL}.tar.gz.asc -PathType leaf)) { + Invoke-WebRequest ${LIBRESSL_URL}/${LIBRESSL}.tar.gz.asc ` + -OutFile .\${LIBRESSL}.tar.gz.asc + } - if(-Not (Test-Path .\${LIBRESSL}.tar.gz -PathType leaf)) { - Invoke-WebRequest ${LIBRESSL_URL}/${LIBRESSL}.tar.gz ` - -OutFile .\${LIBRESSL}.tar.gz + Copy-Item "$PSScriptRoot\libressl.gpg" -Destination "${BUILD}" + & $GPG --list-keys + & $GPG --quiet --no-default-keyring --keyring ./libressl.gpg ` + --verify .\${LIBRESSL}.tar.gz.asc .\${LIBRESSL}.tar.gz + if ($LastExitCode -ne 0) { + throw "GPG signature verification failed" + } + & $SevenZ e .\${LIBRESSL}.tar.gz + & $SevenZ x .\${LIBRESSL}.tar + Remove-Item -Force .\${LIBRESSL}.tar } - if(-Not (Test-Path .\${LIBRESSL}.tar.gz.asc -PathType leaf)) { - Invoke-WebRequest ${LIBRESSL_URL}/${LIBRESSL}.tar.gz.asc ` - -OutFile .\${LIBRESSL}.tar.gz.asc + if (-Not (Test-Path .\${LIBCBOR})) { + GitClone "${LIBCBOR_GIT}" "${LIBCBOR_BRANCH}" ".\${LIBCBOR}" } - - Copy-Item "$PSScriptRoot\libressl.gpg" -Destination "${BUILD}" - & $GPG --list-keys - & $GPG -v --no-default-keyring --keyring ./libressl.gpg ` - --verify .\${LIBRESSL}.tar.gz.asc .\${LIBRESSL}.tar.gz - if ($LastExitCode -ne 0) { - throw "GPG signature verification failed" - } - - & $SevenZ e .\${LIBRESSL}.tar.gz - & $SevenZ x .\${LIBRESSL}.tar - Remove-Item -Force .\${LIBRESSL}.tar - - if(-Not (Test-Path .\${LIBCBOR})) { - Write-Host "Cloning ${LIBCBOR}..." - & $Git clone --branch ${LIBCBOR_BRANCH} ${LIBCBOR_GIT} ` - .\${LIBCBOR} - } - - if(-Not (Test-Path .\${ZLIB})) { - Write-Host "Cloning ${ZLIB}..." - & $Git clone --branch ${ZLIB_BRANCH} ${ZLIB_GIT} ` - .\${ZLIB} + if (-Not (Test-Path .\${ZLIB})) { + GitClone "${ZLIB_GIT}" "${ZLIB_BRANCH}" ".\${ZLIB}" } } catch { throw "Failed to fetch and verify dependencies" @@ -142,131 +138,103 @@ try { Pop-Location } -Function Build(${OUTPUT}, ${GENERATOR}, ${ARCH}, ${SHARED}, ${FLAGS}) { - if (-Not (Test-Path .\${LIBRESSL})) { - New-Item -Type Directory .\${LIBRESSL} -ErrorAction Stop - } - - Push-Location .\${LIBRESSL} - & $CMake ..\..\..\${LIBRESSL} -G "${GENERATOR}" -A "${ARCH}" ` - -DBUILD_SHARED_LIBS="${SHARED}" -DLIBRESSL_TESTS=OFF ` - -DCMAKE_C_FLAGS_RELEASE="${FLAGS} /Zi /guard:cf /sdl" ` - -DCMAKE_INSTALL_PREFIX="${OUTPUT}" "${CMAKE_SYSTEM_VERSION}" - & $CMake --build . --config Release --verbose - & $CMake --build . --config Release --target install --verbose +# Build LibreSSL. +Push-Location ${STAGE}\${LIBRESSL} +try { + & $CMake ..\..\..\${LIBRESSL} -A "${Arch}" ` + -DBUILD_SHARED_LIBS="${SHARED}" -DLIBRESSL_TESTS=OFF ` + -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` + -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + ExitOnError + & $CMake --build . --config ${Config} --verbose; ExitOnError + & $CMake --build . --config ${Config} --target install --verbose; ` + ExitOnError +} catch { + throw "Failed to build LibreSSL" +} finally { Pop-Location +} - if (-Not (Test-Path .\${LIBCBOR})) { - New-Item -Type Directory .\${LIBCBOR} -ErrorAction Stop - } - - Push-Location .\${LIBCBOR} - & $CMake ..\..\..\${LIBCBOR} -G "${GENERATOR}" -A "${ARCH}" ` - -DBUILD_SHARED_LIBS="${SHARED}" ` - -DCMAKE_C_FLAGS_RELEASE="${FLAGS} /Zi /guard:cf /sdl" ` - -DCMAKE_INSTALL_PREFIX="${OUTPUT}" "${CMAKE_SYSTEM_VERSION}" - & $CMake --build . --config Release --verbose - & $CMake --build . --config Release --target install --verbose +# Build libcbor. +Push-Location ${STAGE}\${LIBCBOR} +try { + & $CMake ..\..\..\${LIBCBOR} -A "${Arch}" ` + -DWITH_EXAMPLES=OFF ` + -DBUILD_SHARED_LIBS="${SHARED}" ` + -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` + -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + ExitOnError + & $CMake --build . --config ${Config} --verbose; ExitOnError + & $CMake --build . --config ${Config} --target install --verbose; ` + ExitOnError +} catch { + throw "Failed to build libcbor" +} finally { Pop-Location +} - if(-Not (Test-Path .\${ZLIB})) { - New-Item -Type Directory .\${ZLIB} -ErrorAction Stop +# Build zlib. +Push-Location ${STAGE}\${ZLIB} +try { + & $CMake ..\..\..\${ZLIB} -A "${Arch}" ` + -DBUILD_SHARED_LIBS="${SHARED}" ` + -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG}" ` + -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE}" ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + ExitOnError + & $CMake --build . --config ${Config} --verbose; ExitOnError + & $CMake --build . --config ${Config} --target install --verbose; ` + ExitOnError + # Patch up zlib's resulting names when built with --config Debug. + if ("${Config}" -eq "Debug") { + if ("${Type}" -eq "Dynamic") { + Copy-Item "${PREFIX}/lib/zlibd.lib" ` + -Destination "${PREFIX}/lib/zlib.lib" -Force + Copy-Item "${PREFIX}/bin/zlibd1.dll" ` + -Destination "${PREFIX}/bin/zlib1.dll" -Force + } else { + Copy-Item "${PREFIX}/lib/zlibstaticd.lib" ` + -Destination "${PREFIX}/lib/zlib.lib" -Force + } } - - Push-Location .\${ZLIB} - & $CMake ..\..\..\${ZLIB} -G "${GENERATOR}" -A "${ARCH}" ` - -DBUILD_SHARED_LIBS="${SHARED}" ` - -DCMAKE_C_FLAGS_RELEASE="${FLAGS} /Zi /guard:cf /sdl" ` - -DCMAKE_INSTALL_PREFIX="${OUTPUT}" "${CMAKE_SYSTEM_VERSION}" - & $CMake --build . --config Release --verbose - & $CMake --build . --config Release --target install --verbose +} catch { + throw "Failed to build zlib" +} finally { Pop-Location +} - & $CMake ..\..\.. -G "${GENERATOR}" -A "${ARCH}" ` - -DBUILD_SHARED_LIBS="${SHARED}" ` - -DCBOR_INCLUDE_DIRS="${OUTPUT}\include" ` - -DCBOR_LIBRARY_DIRS="${OUTPUT}\lib" ` - -DZLIB_INCLUDE_DIRS="${OUTPUT}\include" ` - -DZLIB_LIBRARY_DIRS="${OUTPUT}\lib" ` - -DCRYPTO_INCLUDE_DIRS="${OUTPUT}\include" ` - -DCRYPTO_LIBRARY_DIRS="${OUTPUT}\lib" ` - -DCMAKE_C_FLAGS_RELEASE="${FLAGS} /Zi /guard:cf /sdl ${Fido2Flags}" ` - -DCMAKE_INSTALL_PREFIX="${OUTPUT}" "${CMAKE_SYSTEM_VERSION}" - & $CMake --build . --config Release --verbose - & $CMake --build . --config Release --target install --verbose +# Build libfido2. +Push-Location ${STAGE} +try { + & $CMake ..\..\.. -A "${Arch}" ` + -DCMAKE_BUILD_TYPE="${Config}" ` + -DBUILD_SHARED_LIBS="${SHARED}" ` + -DCBOR_INCLUDE_DIRS="${PREFIX}\include" ` + -DCBOR_LIBRARY_DIRS="${PREFIX}\lib" ` + -DCBOR_BIN_DIRS="${PREFIX}\bin" ` + -DZLIB_INCLUDE_DIRS="${PREFIX}\include" ` + -DZLIB_LIBRARY_DIRS="${PREFIX}\lib" ` + -DZLIB_BIN_DIRS="${PREFIX}\bin" ` + -DCRYPTO_INCLUDE_DIRS="${PREFIX}\include" ` + -DCRYPTO_LIBRARY_DIRS="${PREFIX}\lib" ` + -DCRYPTO_BIN_DIRS="${PREFIX}\bin" ` + -DCMAKE_C_FLAGS_DEBUG="${CFLAGS_DEBUG} ${Fido2Flags}" ` + -DCMAKE_C_FLAGS_RELEASE="${CFLAGS_RELEASE} ${Fido2Flags}" ` + -DCMAKE_INSTALL_PREFIX="${PREFIX}" "${CMAKE_SYSTEM_VERSION}"; ` + ExitOnError + & $CMake --build . --config ${Config} --verbose; ExitOnError + & $CMake --build . --config ${Config} --target install --verbose; ` + ExitOnError + # Copy DLLs. if ("${SHARED}" -eq "ON") { - "cbor.dll", "crypto-46.dll", "zlib1.dll" | %{ Copy-Item "${OUTPUT}\bin\$_" ` - -Destination "examples\Release" } + "cbor.dll", "crypto-46.dll", "zlib1.dll" | ` + %{ Copy-Item "${PREFIX}\bin\$_" ` + -Destination "examples\${Config}" } } +} catch { + throw "Failed to build libfido2" +} finally { + Pop-Location } - -Function Package-Headers() { - Copy-Item "${OUTPUT}\64\dynamic\include" -Destination "${OUTPUT}\pkg" ` - -Recurse -ErrorAction Stop -} - -Function Package-Dynamic(${SRC}, ${DEST}) { - Copy-Item "${SRC}\bin\cbor.dll" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\lib\cbor.lib" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\bin\zlib1.dll" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\lib\zlib.lib" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\bin\crypto-46.dll" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\lib\crypto-46.lib" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\bin\fido2.dll" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}\lib\fido2.lib" "${DEST}" -ErrorAction Stop -} - -Function Package-Static(${SRC}, ${DEST}) { - Copy-Item "${SRC}/lib/cbor.lib" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}/lib/zlib.lib" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}/lib/crypto-46.lib" "${DEST}" -ErrorAction Stop - Copy-Item "${SRC}/lib/fido2_static.lib" "${DEST}/fido2.lib" ` - -ErrorAction Stop -} - -Function Package-PDBs(${SRC}, ${DEST}) { - Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto.dir\Release\vc142.pdb" ` - "${DEST}\crypto-46.pdb" -ErrorAction Stop - Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\Release\vc142.pdb" ` - "${DEST}\cbor.pdb" -ErrorAction Stop - Copy-Item "${SRC}\${ZLIB}\zlib.dir\Release\vc142.pdb" ` - "${DEST}\zlib.pdb" -ErrorAction Stop - Copy-Item "${SRC}\src\fido2_shared.dir\Release\vc142.pdb" ` - "${DEST}\fido2.pdb" -ErrorAction Stop -} - -Function Package-Tools(${SRC}, ${DEST}) { - Copy-Item "${SRC}\tools\Release\fido2-assert.exe" ` - "${DEST}\fido2-assert.exe" -ErrorAction stop - Copy-Item "${SRC}\tools\Release\fido2-cred.exe" ` - "${DEST}\fido2-cred.exe" -ErrorAction stop - Copy-Item "${SRC}\tools\Release\fido2-token.exe" ` - "${DEST}\fido2-token.exe" -ErrorAction stop -} - -Push-Location ${BUILD}\64\dynamic -Build ${OUTPUT}\64\dynamic "Visual Studio 16 2019" "x64" "ON" "/MD" -Pop-Location -Push-Location ${BUILD}\32\dynamic -Build ${OUTPUT}\32\dynamic "Visual Studio 16 2019" "Win32" "ON" "/MD" -Pop-Location - -Push-Location ${BUILD}\64\static -Build ${OUTPUT}\64\static "Visual Studio 16 2019" "x64" "OFF" "/MT" -Pop-Location -Push-Location ${BUILD}\32\static -Build ${OUTPUT}\32\static "Visual Studio 16 2019" "Win32" "OFF" "/MT" -Pop-Location - -Package-Headers - -Package-Dynamic ${OUTPUT}\64\dynamic ${OUTPUT}\pkg\Win64\Release\v142\dynamic -Package-PDBs ${BUILD}\64\dynamic ${OUTPUT}\pkg\Win64\Release\v142\dynamic -Package-Tools ${BUILD}\64\dynamic ${OUTPUT}\pkg\Win64\Release\v142\dynamic - -Package-Dynamic ${OUTPUT}\32\dynamic ${OUTPUT}\pkg\Win32\Release\v142\dynamic -Package-PDBs ${BUILD}\32\dynamic ${OUTPUT}\pkg\Win32\Release\v142\dynamic -Package-Tools ${BUILD}\32\dynamic ${OUTPUT}\pkg\Win32\Release\v142\dynamic - -Package-Static ${OUTPUT}\64\static ${OUTPUT}\pkg\Win64\Release\v142\static -Package-Static ${OUTPUT}\32\static ${OUTPUT}\pkg\Win32\Release\v142\static diff --git a/windows/const.ps1 b/windows/const.ps1 new file mode 100644 index 000000000000..6d2a8189d362 --- /dev/null +++ b/windows/const.ps1 @@ -0,0 +1,42 @@ +# Copyright (c) 2021 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +# LibreSSL coordinates. +New-Variable -Name 'LIBRESSL_URL' ` + -Value 'https://fastly.cdn.openbsd.org/pub/OpenBSD/LibreSSL' ` + -Option Constant +New-Variable -Name 'LIBRESSL' -Value 'libressl-3.3.4' -Option Constant + +# libcbor coordinates. +New-Variable -Name 'LIBCBOR' -Value 'libcbor-0.8.0' -Option Constant +New-Variable -Name 'LIBCBOR_BRANCH' -Value 'v0.8.0' -Option Constant +New-Variable -Name 'LIBCBOR_GIT' -Value 'https://github.com/pjk/libcbor' ` + -Option Constant + +# zlib coordinates. +New-Variable -Name 'ZLIB' -Value 'zlib-1.2.11' -Option Constant +New-Variable -Name 'ZLIB_BRANCH' -Value 'v1.2.11' -Option Constant +New-Variable -Name 'ZLIB_GIT' -Value 'https://github.com/madler/zlib' ` + -Option Constant + +# Work directories. +New-Variable -Name 'BUILD' -Value "$PSScriptRoot\..\build" -Option Constant +New-Variable -Name 'OUTPUT' -Value "$PSScriptRoot\..\output" -Option Constant + +# Prefixes. +New-Variable -Name 'STAGE' -Value "${BUILD}\${Arch}\${Type}" -Option Constant +New-Variable -Name 'PREFIX' -Value "${OUTPUT}\${Arch}\${Type}" -Option Constant + +# Build flags. +if ("${Type}" -eq "dynamic") { + New-Variable -Name 'RUNTIME' -Value '/MD' -Option Constant + New-Variable -Name 'SHARED' -Value 'ON' -Option Constant +} else { + New-Variable -Name 'RUNTIME' -Value '/MT' -Option Constant + New-Variable -Name 'SHARED' -Value 'OFF' -Option Constant +} +New-Variable -Name 'CFLAGS_DEBUG' -Value "${RUNTIME}d /Zi /guard:cf /sdl" ` + -Option Constant +New-Variable -Name 'CFLAGS_RELEASE' -Value "${RUNTIME} /Zi /guard:cf /sdl" ` + -Option Constant diff --git a/windows/release.ps1 b/windows/release.ps1 new file mode 100644 index 000000000000..32e88e256274 --- /dev/null +++ b/windows/release.ps1 @@ -0,0 +1,84 @@ +# Copyright (c) 2021 Yubico AB. All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +$ErrorActionPreference = "Stop" +$Architectures = @('x64', 'Win32', 'ARM64', 'ARM') +$InstallPrefixes = @('Win64', 'Win32', 'ARM64', 'ARM') +$Types = @('dynamic', 'static') +$Config = 'Release' +$LibCrypto = '46' +$SDK = '142' + +. "$PSScriptRoot\const.ps1" + +foreach ($Arch in $Architectures) { + foreach ($Type in $Types) { + ./build.ps1 -Arch ${Arch} -Type ${Type} -Config ${Config} + } +} + +foreach ($InstallPrefix in $InstallPrefixes) { + foreach ($Type in $Types) { + New-Item -Type Directory ` + "${OUTPUT}/pkg/${InstallPrefix}/${Config}/v${SDK}/${Type}" + } +} + +Function Package-Headers() { + Copy-Item "${OUTPUT}\x64\dynamic\include" -Destination "${OUTPUT}\pkg" ` + -Recurse -ErrorAction Stop +} + +Function Package-Dynamic(${SRC}, ${DEST}) { + Copy-Item "${SRC}\bin\cbor.dll" "${DEST}" + Copy-Item "${SRC}\lib\cbor.lib" "${DEST}" + Copy-Item "${SRC}\bin\zlib1.dll" "${DEST}" + Copy-Item "${SRC}\lib\zlib.lib" "${DEST}" + Copy-Item "${SRC}\bin\crypto-${LibCrypto}.dll" "${DEST}" + Copy-Item "${SRC}\lib\crypto-${LibCrypto}.lib" "${DEST}" + Copy-Item "${SRC}\bin\fido2.dll" "${DEST}" + Copy-Item "${SRC}\lib\fido2.lib" "${DEST}" +} + +Function Package-Static(${SRC}, ${DEST}) { + Copy-Item "${SRC}/lib/cbor.lib" "${DEST}" + Copy-Item "${SRC}/lib/zlib.lib" "${DEST}" + Copy-Item "${SRC}/lib/crypto-${LibCrypto}.lib" "${DEST}" + Copy-Item "${SRC}/lib/fido2_static.lib" "${DEST}/fido2.lib" +} + +Function Package-PDBs(${SRC}, ${DEST}) { + Copy-Item "${SRC}\${LIBRESSL}\crypto\crypto.dir\${Config}\vc${SDK}.pdb" ` + "${DEST}\crypto-${LibCrypto}.pdb" + Copy-Item "${SRC}\${LIBCBOR}\src\cbor.dir\${Config}\vc${SDK}.pdb" ` + "${DEST}\cbor.pdb" + Copy-Item "${SRC}\${ZLIB}\zlib.dir\${Config}\vc${SDK}.pdb" ` + "${DEST}\zlib.pdb" + Copy-Item "${SRC}\src\fido2_shared.dir\${Config}\vc${SDK}.pdb" ` + "${DEST}\fido2.pdb" +} + +Function Package-Tools(${SRC}, ${DEST}) { + Copy-Item "${SRC}\tools\${Config}\fido2-assert.exe" ` + "${DEST}\fido2-assert.exe" + Copy-Item "${SRC}\tools\${Config}\fido2-cred.exe" ` + "${DEST}\fido2-cred.exe" + Copy-Item "${SRC}\tools\${Config}\fido2-token.exe" ` + "${DEST}\fido2-token.exe" +} + +Package-Headers + +for ($i = 0; $i -lt $Architectures.Length; $i++) { + $Arch = $Architectures[$i] + $InstallPrefix = $InstallPrefixes[$i] + Package-Dynamic "${OUTPUT}\${Arch}\dynamic" ` + "${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\dynamic" + Package-PDBs "${BUILD}\${Arch}\dynamic" ` + "${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\dynamic" + Package-Tools "${BUILD}\${Arch}\dynamic" ` + "${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\dynamic" + Package-Static "${OUTPUT}\${Arch}\static" ` + "${OUTPUT}\pkg\${InstallPrefix}\${Config}\v${SDK}\static" +}