From 22539d5ed9c58704bf7cec65bb26d5428020add7 Mon Sep 17 00:00:00 2001 From: Danny Kopping Date: Mon, 2 Sep 2024 16:10:54 +0200 Subject: [PATCH 1/3] Minor fixups, added troubleshooting (#14519) (cherry picked from commit 66c806060543720b6063db9b6183d7e3dda53bbd) --- docs/admin/notifications.md | 23 ++++++++++++++++------ docs/images/admin/notification-states.png | Bin 36747 -> 72571 bytes 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/docs/admin/notifications.md b/docs/admin/notifications.md index e4cd9a27b5f53..d4297fac455d8 100644 --- a/docs/admin/notifications.md +++ b/docs/admin/notifications.md @@ -77,9 +77,9 @@ can only be delivered to one method, and this method is configured globally with [`CODER_NOTIFICATIONS_METHOD`](https://coder.com/docs/reference/cli/server#--notifications-method) (default: `smtp`). -Enterprise customers can configured which method to use for each of the -supported [Events](#events); see the [Preferences](#preferences) section below -for more details. +Enterprise customers can configure which method to use for each of the supported +[Events](#events); see the [Preferences](#preferences) section below for more +details. ## SMTP (Email) @@ -93,7 +93,7 @@ existing one. | :------: | --------------------------------- | ------------------------------------- | ----------- | ----------------------------------------- | ------------- | | ✔️ | `--notifications-email-from` | `CODER_NOTIFICATIONS_EMAIL_FROM` | `string` | The sender's address to use. | | | ✔️ | `--notifications-email-smarthost` | `CODER_NOTIFICATIONS_EMAIL_SMARTHOST` | `host:port` | The SMTP relay to send messages through. | localhost:587 | -| -️ | `--notifications-email-hello` | `CODER_NOTIFICATIONS_EMAIL_HELLO` | `string` | The hostname identifying the SMTP server. | localhost | +| ✔️ | `--notifications-email-hello` | `CODER_NOTIFICATIONS_EMAIL_HELLO` | `string` | The hostname identifying the SMTP server. | localhost | **Authentication Settings:** @@ -252,6 +252,18 @@ To pause sending notifications, execute To resume sending notifications, execute [`coder notifications resume`](https://coder.com/docs/reference/cli/notifications_resume). +## Troubleshooting + +If notifications are not being delivered, use the following methods to +troubleshoot: + +1. Ensure notifications are being added to the `notification_messages` table +2. Review any error messages in the `status_reason` column, should an error have + occurred +3. Review the logs (search for the term `notifications`) for diagnostic + information
_If you do not see any relevant logs, set + `CODER_VERBOSE=true` or `--verbose` to output debug logs_ + ## Internals The notification system is built to operate concurrently in a single- or @@ -288,5 +300,4 @@ messages._ - after `CODER_NOTIFICATIONS_MAX_SEND_ATTEMPTS` is exceeded, it transitions to `permanent_failure` -Diagnostic messages will be saved in the `notification_messages` table and will -be logged, in the case of failure. +See [Troubleshooting](#troubleshooting) above for more details. diff --git a/docs/images/admin/notification-states.png b/docs/images/admin/notification-states.png index cdd3de7ff0f9114fb32e3511c6cc4f92b730a0ce..f2fa0960bb876445085189d80a691b324729e22c 100644 GIT binary patch literal 72571 zcmeFZc_5VS_dhvTUbp9YdV2rfzkk2WAD{k-`?}}4&N2y(vX2fC4MKD zx0I8Usai5sW5%yf4Ci;H7e*-CWtk+3CJKL;Z#2)hZz`0h`i*^9W+T#g2l)UQFj)L7 zHC<@sCm1yj_Sa9!Tl!ZPlh*KStSohC2MIzy1c|R@t~|IXz$dlx!|mPG0?-fIn^yU( zJa~Wie>VBQDHH9lhtlxp9TMD64hCkBz?B3oZR_VtYOoHRE-9EuF&V9XQ!^UK%UPD; z4F@hc=r5{E1!Cr9LouB=aOXjkbxc@m%48t(#ms!}U`juw*&z{*o-ozi0k(R+vXd2# z>@wQ_2A^Mo+>*O&(oKnxlmLr!8-PlbeaRFYPFbD~T$0`}cAo`bX2I=ifP!elfqIN= zofg%2eP+fmit{79#~o5JpkE#jM-_)}3{-@tk`XdkL-26K3p{@2CTg=VKEqgETDJdQ z5x&H!TE>X_{MwSSx^pooXss zesd%&ac%qZVnruJX^`u_YJuvtg$uKYeAR%xnSL%VUUK05)=)LB{n_)ZKexxRes!Dg(h?2}WZnF88zgedaR<@p0Up1rsd+Wn zrtAg8P)8A69Xi#S%(nUS^&MKA>(J|UEpq?ydT4Q23vKR+Tg_4Ln}1L<0biamGT)uk z4quu}o7e?$YYB0CPqS*~*O8aqj$b#(-y8;yVdV1=^%I%!Wepywif6gw+c*=w%&uyu zE{zQLoB(fV7jK2+XZg_$v!h|0`D2^W9~UF{5jC7}B+9!DtIodBvJTqN5Ns&tHgrPt zT?<~a<+HC0BodGM6Ix9P+rWBRJmAy%`poLcl;p&Kgw-=>T6l6|%5=a2=U+v6ZQPuHq)7WVt== zLuvTUyT0wk8nFXCjy3tY*?4UPt4R)E`FZnBPrI07jusX(GcRZ4m#5@MZI@?lC6*N5uY z6cRFJb;!kCP)OozAK+4u%t*1XCKpA_Bi@7CfRq1r>?YD!^bt+yNCD|;0qw|fmmU7EQyjqW*RBB?l3X4j zRt{JLAQ6waQl1NW zFJ-wzh!*ge`_?Z9Y^5CtkkEtRRNog7K`1zmoBAr#BR;Z)bEXe2Jea}R3|^T5aGvB8 zk6|0NPwPiUULP-VA+=5YYG`ja(lUq);qIOcrtxxrKD;?Pli%DjxgUIF1fZ_A=|WGP zX=)Z@aep?F{R8DVGxB{jXK5@a>F45f3%U>9guOYgPLkjl%_ac15OkPNDk$5%*;h1` z&X~Ma+tCz@NDGlGI~bCEQG|1@Pd*fV-Z@Y{UUN*ehXCF486XmChq`Yjp^wY#Y97tp zhcE8lkkuMnVyoiX_oF0`hD@heg7+?hK%v!SGS1CtJXrbYiJEJ*xc0?Q6m_Ce^P~b; zzXcrU$l-BnZ|mAL4%ypw$JIAg_RVoUC3spuIt2yZXoYrAmRtPQnbpGxoJItOpD`K9 zVFWI7v&@+oTN8#dcxf#}4(eM0ciD+PDI%Mfv|d1jbE(hhKi9t-x2W73o#@HWk6JG< zTP+}@G@16$2pLXx0$XeWDo|G6c2gd4Z^bo zvQ5TbL1fM0$>fqmT4g%r_opAhjATFv0fQ9)-D_1|<)d~E$`q0$A>r<+Za)X8gu&?0 zop0hxFa)dv0RUA?a$3vucnP^mZFPtdouIUEKn)DmD-5I~&aV*&E zKv<9$MDYKiBh|+Tg5iefO!Iaov#+#={Q@$d-;8;8u~5XeWnRm2pWDQAOFrGMx4?0< z*fx-SZ1|I4KD`DCM1S+f$OQ1BwKO1VVgpKk9uYAJq~8!||2Pte4+eG`#wll1O;5y}|# zmz$psB%%Pqdc|m=ZF(zREC>B*g~a2>6dC36q$-4PW+Il|Q^2?{)P}BFQp4T(d3MmJ zxbKdB4&PFvV#^Wh*whckX%S(PPPJ7cVSr`rO-}YT0H8Q3ADayiU{5Zr-QF7T)}ReR0wflS@T3BPeNOl>+R97ZHY@Pcs?#jbDPn22r^qyb&k$_Edw0FoiAuT1KdvfPdiPl6RH9*5ZIrKI-8nbX9yP z!{GFgY<9`pmg)I4E#4tg&h6<`gC5@pYX<~{c73Vm{EA&O*E(4fyhXUuuhMQl?`F@B zN{!N6m%N_c{lm;UB>SaL>HUaTKXxR@|)=-78}^@j5#R1=5BR;8{T=p5|x8_!DV z?j+$qs&rck@zyc%nhUqQo`EXJ>-yTQ>UH$o12_!#<$nDZg7J)$dx21 zP0n`P%Ddz=_u_@Nq!VwA(e=zi)@<#!_5JnQc{!C9yuEYyDOy0OxDK&8o%?8xuZ!kh zCsclwxbfA$HaU1>_1xOwy4>7KKX;NtVnDCoqW3aWsHf6|tF`!%$Pze_NNb$E{&;D; zYH7Spp>koW!I}EjP;f56J{uvTB{s)P#GChB_1A>Mk#Tg=l||;>$@^pMKeZw*69#{} zr)*B=Z6{nR6oWey7RuC!nm&{*6UglU)HT>`8;Bbf)3^26Ln^}cGCqNQb2mg-A`<5} zDu!FlI(CKMzho>u<9v4sLU;&k@z(y>pWMk-Yq3X?Q*uegXtay0oWZue`%F0u{M|Ss z^a?7=NhXs8`E?Fe2Oly{eHCW99TPAdCK=i@)yZ3<|F5EAj`J@bN{f5B#KH$236(^+ zS~+p2^&?&tL3r4s@HAkq2A;~mF|a*@Jk7*b%b?}1;>y=YyQf-pgl=*Xn^Is^zU`@P zY#x`BW)K+QJU{holyb;eO`H<@2eqDS<~W>5msP)LQFCuvZu>9){PJSL%r<~^#__@; zcd9{NK6IX4Tt$BTRUsT(^Jr6#Li(^`6b!yY&dN;9(8r0lFhgbp6e}M%#gomcxGe5| zTwpP3JX_X9LizR;H3-HbAF@M(ZDv96^YlYC#ncB1u_e}Mf`H(kn4x25zfLVH>XQ^7 zFL7xm%^6!V^-VS(b>;}ekvC-qM>Zqw`FdiHh_-jnZ&ax^Ek@K$F9TS0YV^xV&K@Gh7uv^~haE`4A#*Ge4a;r@QApI?l{)cX@f>h887Nf@ zP4D*dBx6YqTai9Tzc*)p%9E?TQv3KjK%9FqUf7u-!Kh)=N$sV>39&9hITcgqM>Q?E z^%DQN<65S4yK=Xcv7h|)&;_4FgiCM7<4Kl4cHm+S{5CP_zUQ&*{eIc zN#-SPc3yFR!X4PjbWwYPHAu{Fweej1ky|hH?J5Vp@sHb=5m;8$D!>wty7;%L&ieGJ{ z(YZF&eYm;l`r(ZoH9}f_C5ckl#jg`KAa)M|Rq$gsl#{Win<*RjwP}_5oI@o7$D$eX z;n+o|u1v>1qiNA2-zNV_W@=8AZ=ptVye2LP0!b6`aI~gZ^NHabCq)*<``lYx$ojUp zS(DxpjDFcddsOQwNG zE?&z5sl|4XsBF}~zm6qpHIp$ju25XKglkgnzF{ZQ`-Ge7D`br$XN7WE-&Y%{(69>i zz(4$T1}N?w%bZ2j5=(}VMn^3Ae4Lk;c%vX{ZswPr8G5NN=h%n9EZ5?$5a1{_R=GA- z1ccYE1c0573dhk>kv0~&=>?To6NO4dmIcpND`}oZgr{K!>uQyaaQnqUZGq9YY;1Vhc) z4kfRNAN9QN6{a+S#4$pL#2yg*CzV6YN~Fah50e#VmkKcLw)gBC{cWc{Pia|3Jmj>t zPjKEw=MSgq1aFRH_msLjfc#~fwQF~_bqaUyWO#{fI_F~GirB~?qr3J+olC4bn=j?R zkN%^yTtr?=&F$DxAKHhRY5nZm&qf`O&Uvv2qnU7C1!gfcR>grBR3cAXddz+2$Jlsf z6=x1}b%iQ*00kS(wFo0mm6mhQi~^0hUH1)K`R&@)d_CSA`^wF zJHsIH2fYBO(*Ld;wWv8dtBfvsJ17b=p$Iw47Xg|>Mb6GfPx%7K3&r{LV{t3ukq!pe zbq@1wG`UUF*daAEc4@1)kR&p0hbGUe>}Q@+9t(Gul zaYPnVj{$#G4`LI9aiJv|_^&Qi5uT;d$$~9J^eH&tDH|ZVeusu@3X;Ox5kv zwLGrY?K8FBMTFSYmbh?3t?@-?|3Kx)#N3&UuKhhsoqoy=3`s_1-ZsAwme;K?IVXp&XDNUwQvq+Z3Wy;Bnl{_q$j7NEN^0l|1VO zMg<*~_DKlEX=pY*#jDyva?l?QG~4G())5UT1_$j&cb_Vjbl@@O0r0rzbDkv!GRuKSqEVERf6@@^@WN27R$Tz z!tU-=^?H!*@smHKZ9!iJm#MuB`wAsyjZrmX?6ADf3>KDDZ7i z&oX0wsuXIM#>-t;<_$+W4Dv1LK>Llr`J}F`0!_Cwqn`ldWWYG>M>&IjR?(rwz###9 zQbp?8u@wnb0_vo{w8)npK591Sq2|WCDEo*o%TD#+Xe#FA!s2H}?#Voa%ym7qV+pMr zkuscM8-ZM2oW8o~=Q$hWF)q0cu;H2B{1m?&_LnZSf+ls4-9)`5q0Y@8kybUT4S=OAZvbQDG{8f+ojrDkZz1e*O#b=lb z%;uLPINcTWc{Xm-Qk|A@9DCN|*wE#Y^|+A36Kd=8-O%;@1G?sWe1hIwfMiq#YMIAQThBFQv<-&rNV^}rxp;49 z*{np{gYq;Xw`RXmx8BVT-`Zi_>fNe9`^I2B27GLzK456)bj|1U6 zE*b4&Io8Q$Sn`ccgQC?-(TJ3cYywdIV{Op&Ri6c=wzwOEGL%?~)v}kYs-%WbN$yNz zOQ5fb%8n!njk5l85O|9T1L1}DFE5b3JNDv)lmadk?u_!HQ`+ZpJLkT4j`@HVDP#jR zpq1yw&zoD+Z;K0t>z8|1QP-c3Ev^Wkj7O^T`Wq8(4Dx-6OcRFWJOJ`3RX(|jnX#GL zw+?LpAuRYDn|eJ*v#A%p*7LXK-+nBlpkJv5%EH&)1NgqZT`Or}vF+FBbPK-l`u7Ie zt108?N=1nc+RH1fxPj~F=uaidynCHte}9_;w$ zX9sNo5AXGi_E3b1Kq*-!9NgI1XM#et{}Gg0}s2Dx|1E za%D5!jst+zH#)(VcEg3r=+sHyo#0z;f^TrNsXLGxt1v&1uC{MmXTxe;#Z1DhB)4o$lq$c zVlBq2e3CMr#kv_;OxKrPy*LkGtS!HV5G7Z&Q15)C`r`E9cP*nxTg-l$FNNLKi3bcT z)D04mg#AmB&?XxlB5l0Rumgv|cni=7X$mwF!7)sXS8<{Au4f2tmO8&-2Qoe&;HwE_ zc8B>F3%hMLz$AeK(8jIuxmLUIDO&5C;$+}K0+-T!)rU%OK*vloQII=ot{2$o38H>a zppHpMevMi`+GG;nHaz$sh=04c_9mIB>qMb7sE4iA^btX!gpI({Y_12lum z%G#2vd|>Z^yWVJ-8^*1fh8uB_ebn^~r><-x?`Mf|p{vE#fj7p0`(I(^$IjVy{q_pt zjug=Tc7Dh)HO)DPAS3qx`+o^e>^K=D7zF%L^+#bvigX2B!{@yS#nvYGaA+wj42T*+ zhu`$;*krPh-jsU$WVbY5D36#h5PUB87|1zO*0olzGP3} zstW44QL&Sa_52>&_yU+xej{%@K#i)vm0ad*iI(!|zgv$SsJ<)UxH!k^i3%TmB9m}7 zc(defvkD(f5#biC_DN_rtH&YnX2em;E^*PjOZSD4XW@a17>jZ*7q4B9t^+ z^2TC6h*)s>Qs>LPp{qnttP)*I2N3{J!T5&|MX^PreSI^i<2Dv?ZhU`xCgq|gNR^#0 zq=iZ#vZ;z~_+2O3)QXe!@Tm%@`WvXv1P&z@35w=NDiCBZl1o;uy4S=(m)H~T_Ffu~ zWd1mK-v!_W2*oH<*@`NHox3<5v0xCJ_)7n z!}h53y=|sCerUb`28ED&-)P)po&mh%g zn&+P;)Yfy5DI*T_W*K3s&FuZ+(p0j&iM#&I-V}$W}0V2{H!p3hEMq z)wXMy_f0o32SO2)FZCjuW?}FH7owg|R&pmNSgD|Tm*O#D=~}v9!dL{AYLu9u*~}a! zq#%HWb%1co@V&lV`2hlx){wz1%8m!M89`k~-&lR2@%zYmTX&>B>XqXtVU@lv!_qb}L&DH@ReKbtV2NeE{kn`_m zq~DzpSjY4xdz$)zGKYlzr`jnMIBw>W-*CKlo4!2ZRjOfpOsEi4yhiPe=1{OXGa4*Z zG|R`h@j7}^5oBO(MX6>s?@kP{NocfYz#Ma+&FSc*v6Wz8XSzv`!eC#c{_Dx^4|7B?6( z*^{5f3aC>Kt9nyXkD&OVR1%s&c^ERRi{<7*8ZVJQICioXIUt}a8;HR4sKOQwR14Xl z`H&M7g1Q8JL84zeyB-w7@s`^$1!Y5Cwc}$Y3A;4?3JP05b0VL<=j|=`#%DVf^XQt< z2(*n;VnXxsmlx7KPA*S_Br%0$Mwj9^?k$>;bcwy0D#SWL0T!R`B6?PgWj0$jyMM3S zY4#WDW7!jJ!D56bB~p6`Wr6;!t?lEtpSr;PnJ34oo#Q6EB!nyc7E{e0 zy;oIv>*;P8NF|L?&#s#1Py@9{h(0WXkb)CEV%A!c+KD+M+%<^HMxr0zvX!(oS={}! z85)y=*p3Ch{k&z7tJ6acNOI4Ir!_X#^R;U6FZP=Z(jIM+IKOOD0}9NWZD zMnef^@I2R)k-H>zo)2lCWXf?u+Vn9%nV`9TCS}3<3NQX1Wo8C(e)w+(Gg4x9)xJkx z)^dQy9Kg3jp{k=pC`b;#Fw+WYpb&Ik5wGL|Msy>>_5uzsNMDSA@A`v~k_ zC-cQ;zf@zm#I0~)tBf}Ydt>4t)ZcQZyAvh7m5PFC$T}Fjp+kwdUB~yq;?Urpfa=0h zqc~HIt8sL)@w-i|lc!jvsKm$bF$wY&%u{&9!9fcV{H2Y|GYVME%1c|i72Ymhi%2|F znZu$gl&dw%-}CW|@H+DPGFeMww!^rm^o&o~&0E)tyleYuPVbwW!}i}z=Mu-C2yLgS z)p5le#;*`Ng!{Q%%GG7v7@Bzf)Ok#t88WS;?^54*Cktau^Q@&BO>Ap1>60QJ49Ix1 zu<3r(AvovKu4JE3L3jC;sV)eA)NVJ|;8XBg$hN19ma4hS3qAWy?FV6Es=yVcV-)!P z8_nd_^sK#`d%)X0v6A0^RV}DHl@t)fzQtbu5Jq!9{X8doC-Mi}?kF-)p;}Y~d6Qh zL>aJ#if#un=!@eQaV;oaECxGET5VbE+7$LZatw67_FFzpAMii8dM@F*&!spcjDM!L zEoiS%za0$NBBIqRfhV#uTFl9j+dw&eB_cuGS!$7!J&MS8U~oZtC76eS`Ma-Z=ygn& zyYd=DU|fC<%+{Jq5R1&X-sOpLKJxu?AJU57-?M4KOR;NET$HE<+;5gkrxOylFyp*z z_{6-6MbVu986N5$HhdV#`Sw~?e-LFJLt~HiPSR_!m-?2MxQv#1C6k)@i|d)4H$Bsz zI@J=3*Qb**_Ld=t#A1UOylK^okD%yTpE*Ca)BzeXE5s&+Cia6pX_AR@t!IcYArHrCQ9hFp01O&)_!T};?2RA zgXEXaqK(oUX0A}V>9ilM8iq#WUx?U`_DwO)r3awcb0rw8hQj=UxgJrAd`fqwb>vDs zy$cqW0V~7>PBW=(vQTRD#6XWZiVLP_6%$Vt&aqn@8&BQ zT~CE-(;Ol~1fH;6+D9E-#q)Ba0uNJIa5P(Qc8rFz8B<_x{I2EYX1l^sL!pTL~A)PhU)TwBVV<6yeXdJqp~K* z4~ii|Lpovb>-8>}3!aBwUJsIQUZNWX;iEh1-kbHQfJ>hZRvPpass-`g54Ee-KtILt zzYLxZ_f#Nrs+RmL0MdfuG0M>r;3>9`RJ3$>65gFzMtHv>KE^2e-3Pz;Q?tBDeIvLt za5!l!`tvc2PG7lwP50mQX;*1ZjePFPbUE!*iZ=P7yD;rp|HUCh)z^9v;&y55Y_L7HJR7(3 zOR!?68&KUv5GI+4t4ED@!~(2+hao>D3Sl{uP4#V{4zv;y^*;S|lVZj3lC9Lry@gQ& zH8x-uKn>v)OZ9bYqZM=r;>)K1)&yS6Q%fcs{v5zk?KJ=138T8w>8aZ!`y=J7E!0|8 zZ`g5z%Q2PYTY4nndXV6a!TE6&T4>|%oA1c4nK4s)Uxrq%6TeazChWN}dMf~wx>=X2n?JY7FqL1&F(1#{pq10uh9SWWkcWL&nWkBh2G1b=_TpzG# zc*Wh?y2nYKOi|De4k*bl$;!D^>BFM6{n#X-@~X&Gz+d?@d+4;_9G6j5<&gm5?`Ae5 zM~#0G#L$*%Rc4pptEGNW%@!{TX;}Rbgg9WBM4n}{or4#WOGm||4^%8rM7zTobj{73 zoT1aJ=4b>FD4GnNPfhPWz7&y;0#^7}4yL& za+8wWWM65%5^}r1A{d&|C;3@QN!w3d4cwyCRVEkq#GC-e20HX-RW(n12W+g(S5?>0 zVAXB|UDnBp>E?;ti+VwLPJxeWr;u9A^`i^4lCjw^c*s##{7yOxc@^L8(QWPh+P+r{ zl&Mm9gR`?m0lwuh+X`=*Dysh3*D&GXA~dzK4P$sZ$hP#(O-KK7u59*6fBiQLK33%v z8qX<*aMdqtF1Kq;Ozm%!)V8Pn9Cf4yb0r3NH9UCA6V8Q}dYBt+9rHe-wL~oUqj+ox zAM#4zE2X!06gukFdW45UQ0WaV55~4C=Q@7{@stHg`XakvrvAxh=AMZ7LkUi1paHw% z{h)<%vYU}`Wf&M07#7JVq71-j#aOZMsW=DBg^GwV@t-Wl?R{aKlzD^4&}0NVXK9Ob zMg5qdeD3m4Q>^}AI$!0&$&1hAb>~Xt(^;BvkAd|*NuVKF3~0oszIN8E@V3cd<>aW& z3lZ6?O6<^^@lRWPx%6U(?%W)7472HPrMh*3o;lqPvi~13vr>xvfqrk6iK^8X_ke`# z8jS{e2v)sm;{7s430A#Qdlz)KY|_lyPc=R(RHytac5f6y$L+zFF{F%iwJA}l&M9<| zL9No__S3+?TT|F2pxJWfTd$vsp6gF8vG<+r8zdZ&8onzi^`&09McD?W+)Ct1!Aq1l zwgtB?6`|d&;*30(Q*VP$9c|ap?Xx9FO2@s2+49)BtT{qFYSzNEYR^`VrxCYqJUgIO z=bwn{)*Mv7Emm>9{eUB_hXkdC#PCqQ{-0a>1<}Va3bhOUO}KPEWMjNKVneg$69v4+ z)Y+my<0Ggx#XXD;sdVP$btLt`jyEWK|(A$-C4m?I#xAiTW|H1U_vnx2v=vW1?te-k|Iq) zaTBWE=|l6F>(iS~v@#Ikrq_chPJbU(ohWuO=s@=J=Z72G0m`1ob3Di-Lh*f`#5&fS z#;z<&EMPeSL%>>W(27t_m+QQ;odl+tqUm}Lpu!AcR+&{MW2q-C5kcdQJ5eqShgBYw z5P-TTiMv=j(ICzG+O>^wu9iG!*Y^0W@VyKYSNgL>K|K>BS!A$VQs@sia zVJVi6zRlP7PB(G(@_Tw>-7hp|hQaN#Tr-~L3WrF$636K+!G{f4^oMgWnXV-KaL6?{ zzK|>2l`aO)8U8AhIN^CBIsE7(w`4MRqfs2%6N{z^S`3QUjfXhxYG6R~Og*Y&pqvDG z@{#NAQURHT6z;Tqcp9Xs>$>9CCk{2I@W@N4Ki{Hp}>222!HCJR%9;7h8Yc52Y$1$zYgF1kDT z65c@L&Y)h@y5CUU$wSR!#7(-A(OW39(u&v!(}{%%Nr%8%fO-B!C%@M6FO#hO4v@<# zk_;L+85I2DCg|2WQY&##1JF52(ZNtVzl7;*9ISnEV{zs|p*)`E+ zo^sY4()F_@M3LwpH7DKo8{`&DWGkr}UZ`Eu4evG z(W+UiIF=TfiXw)A>wo2#p9hY#{qxA(kUro%`mae>w)piAIIF{I0EfS8aMHCsT1#jA z(8O$A|3uEnXJ|d~&-Ln^!&c8JepqAaO07blbAYrLpy2kKG`mTt)CKBH)W?hl8^8U4 zyf1$g3~P?D?<+Rz=MXB3gsHZ+)ArEkq4DT{ShJhx>~s=m;o4KPMkg*+eJK(+mIoBz zpQ7He3r)UrxnO9UfHi`qqwPt2V!nSA2gM#`6YQK9Xmg^WFfFe>GLWk7fj^}BDB6sJ z8yw0CovUPibpXP7X7z_~HYy5}CB`e!lo)6T{J&PEQH+?5#|)@^E$%)j3GJ=&=iX1? zp_QuiUP791KRkis1F;6R&wjH;dnjt_TFWUMr+h2oYn5Czw*UnjN6qv0Wtrz6(Bw|! zJC1dH7%dymZm8!IKsYqV%?!n&RWfY|Y9yo;aBK&l;>N7SN*u6mdbkB0Y7U%g5$@pM zWr>XfoD1QV0r&d(x} zt1KZb(#G$Q#5RiWaC}!3C_3#UA)$!`2!bA!Ks`}ORiF35{SM7wCPpv`>){>*2cuk7 z4)5S6?z|JJ3X{_8jViQ|+%^d!qM6aOMEe24q3f3J6QD_Oeg)Db(eFnY%CSn0mq!cf z(Xy8gDHzYE6r$tfg${|D0!3BIWcvg)V0 z`bypN6-JFOqjE_1Wq%h| z)7>$#N0D#5s@O8sLWS;=&=;UKf)Qh#A2ZSJKsA^31lyoK9%-|-_h=Dp8BCqMzHS+4@C^PBo2540St(xps05mj`l>Qi?x&Ra+^h{KV#~g zWaY|hm@2PU#B=ObbEyo_>tka48XGU=Qn0lgsJ-qYkfgqj$-{r8J5wr3J^P|uEXhc# zPT!_$A3?1u7<7?fVj!q|l%&|aZ!7fA^jny*vi^5(lv8)rI5RmpD|CTSR2<)`RJs@Ujz`WsKjJbW!{sv;FK z9O@o|&G6+75*~MJMsYol1tx1g84jE*9c}}@USe2;_>`+E1&R*VIeY=fhIbjxP|Zd_ zNqbqbaNc6@LE!MV8vT z-V_g~;Vh~Ga4MAtv%ABMkkO!y`AUUIV1C{Z$}}Ta9c<3=d$wiRRMJx9Q$?9=;1#W? z`DM^NXCDkZO&vu4n($@!Xtua}5s-$vh^z0r-1{UZfjWLlCfkJlky8( ztM{C!T9Inm8KDM6&F<%}#~#djRupjje%^yg!GeBnsTMdhL=e(KAkc+t_!bMIrwMmp z+VkHWU^&l;n^G^IL-hVgprvSvKfH|}Y21H7?h!1YA>!zv@idfRr}*lLh_qyFG?+kr zL2OQGQQKNAd$w!*XO}@*Zti!|Bgtw9lF{VIwbc~Y_$#!v{rRuu9(0}^zXEbS@fUR0 zn$34Q9lYF}Kr_bdqLxWjs=AH(v{a#^Qn6)~rWZGC!hH`Fwbc~H$UbQoI8-vT)2Z79 z{b|HXxLN@Ad>6k@(w9s#!k)EMi53;?O<2%WL<O|!^kt!j4 z_-Sy)-8l{0Ofz(Oqit|E(bC90(JAaU`IuY7_Em?sUxAn3jEN*u0@5!U-5FK%evlb}R4O)UWJN?E3VFXNT70L3FuRUmi$Sb$iFfF0UoMnD236 zW3`DdaEb@sE#=|i7`^@F(s7>Qd*V2h)E6yYnjB99k&WZ__sbn z*DYpSyM5eB^o4^Rdzmsja=)XlkFEz?=s$U$&hk-i_@z+D^-GgpfGEg3n?eDq&sMzN5-4>-~Dabr;@3lk1V!|IVjV@{Kg0S;s8rL~!lzgC>@JT1wCTS-A_i zEyM*c0UvBf>F3%Dc6sWBPd-yVHg4{xmyTGkr_)`2+^v#$ew%9F7&YJ`ZQ4^QSWAv% z&bkc`qS3Ww+zkRv?ott@eEwy1C#|Eyx=Sd@lR3hd4QjTHIm2v^FcgZlET>B@$|h&b>;*~Dr@EeNY8B|N zC*3T4@bx7FW`n!QNFxmjBvCimwr8SH|?IYx25E3I#wIB5`}w$-Ilx%wVh5MP{+5GS89Ii+0?H{Ui^4d z&1TRK-Ra2-2Rpl&Pvhdgn3!fkzQx89 zAr;^cjl47C_X!;-)R9&XDy}&l`rMOLrX=K3mUKAsnE8}sHA(uex}siw>boxowr_N_ z*z7G)I%A#+3jp2o7so>ryhx<&TS&9YM&4!-E-;4Sz;!`p9tdq-?Wwq>_WFW!E-4&P z-cig($#!&7$)%I(hx@{ANc=22E}4U=&?Cq0i}9wqIE=5zJGVr@rx;E@lLf{CcN}UD zl`O`^{ib@A?z3pI2Mi8eLy3W#D+OQ>s#T`N@ z$z;nczSaT%e&*JPNsbqWZu@P!)y-t?Jy@kZR}Qk>i>7P)>4&!E?fekqsN^bVmsj58 zzlzBo>0^H`@|bXWe9v|Dcdz*U`VptcN(PdCwmC%e`xtcFMc%adXngqa;k~nT;b~xG zdzzLfAEgek^}=?IcA|}n7<}KY=xo&O^Wr>myhNqqhB~i(UkV}R@WGF*3FhsRkdPpF z6*aG6)=f$2?+wby&JJ@{jH6O0RCemz6M=uIT|W_?z-wyn7Jah5zY2b7;I#m3%h-Cp z3du)h(!JJ`9{XLt{CxCv(!X)^r+SdLKtK4_t1n#Q93-DWd&f>T_XH* z;2VK@-;S@YR#sMiQ8szd0&#&-i7PJ-y#h4aX-pWaMT!lpNeSw4g|8{i{)^z=4gH04 z$<_&uho6D)Rd1|!!2Km(Maie)Qx}U3u|ORTDtU?;ZQ|Yp(;Y9W9C{70YFmHyLTXIV zBbRn4HW8>juu6b^uCScpU#>cRb?$o4#0ENZKiC4p&N(>Y==k#VKc0z=N{MN;%yuB(jXOHWXy9X8sC` z#k${n>FuFWNdGyvcQ&df506G7o#cbO;hg?Y_bDouUG#X@f@gtZkA7|kCH>RAjvWP- zX_^27m269RX5I{ni)?#=rmHFeGpLJ}DDoKa+{))~#kl01&AouoP?M+@ZNN72&S;k% z@-H};WsL?YfsJIWI*lCh!FKRpPQRnEF2mV?@4{ziZ>@H+yMQ=-d3S2krM_c^eHT@KHuH|Gx2;*dzOcnL_S7n- z_$a;kq?})NZ$P@+(Ty%5Qsr+FdL7{+_fmVa-wRzns?_@(x(%n}SZBox!xKNxqP-$Oqvo!s>3V%ZBeTVdOJykKaQH~RL-ntSD; z@A&6{H*-Dcs%4)(EOw_jya@?iC*k`bGGgS>D@(aagN>Hf*72rV)~T*!0h|S4)axHT9qDmnX@;R#O}-2Pj)nZcvr=HpVJx!(cFBr5HB5MB=S7%rK{^C`$jqM z`A~%sqN+H+#f?QflVhO9eoVi3nXjUjC1s)-Kc=gL?W5l)Z>eKSNq|83TQ!9)?JX|; z-EaM*`})%92K{UzM(($3*gd^NPUtfyBr@CQCU9skJz(&#=Mhfb*}lK_G=(?^pI%?r zr*`?$CE;hA4Mnbwq7NHO7RT!+pEC~4+p)SST*fG@qgdz4L%&IO?dG2253lc0U)!W~ z*yIx%q-Yi2i&Qj=J{uKhrN*39{$_zoDeY5!YbEWgoL52^?tXzZPP!Gz_>o&fvN@al zjeN#jXZ>vvpEAVhQ|!+#qd(txSjP4eStQ{Za&C_83URkBUOJZ=x4zr(b5_-|$eGof z_V%F$ofBceOA;O)ExJi9_|oB!?Tm+F5jFeElI3q>ud!$3)Ry|#FX>3p8teszyrw)> z!WAYD=2V{a{k+A)td-zY3wfatf>-XJ3IqBJ~Z!p-|{i87Cxfp44_mi>} z-ouZZBXmtV{*7H+rDAze|=72bg&>DeY3OtFM_J??asg z`MBjvTq^OZTPCkS)UrwN;m7qdBCZ*Mg{rsGPjsjs?#$7y50wzr&?6ietMNdH^(J34 zZGUwuP-GQx-lBF7FtUX3h4a(#PTyjzxQ8tt2H;0oo)@l|nmYIk-Lgyvb+h9+jrM}e z;-icRnJ2$_U~-F*Dnhol{fC0!3ifY-zt=u&eIiJ(?A{eVjpsr!-@YvEKZU~)Ol8ik z0)J*;UocGSV35LK+L{4wygCPpY}!D`{PGM8f2vh}bHSP*P2PpF7xU-9L)h*UtC-q+ zSI|9DtC*fx4#?GD?{r{7`$Aw+^KTD@7hKFJAIZ3d^e+x*`>kZKNIBb0{Bz%SPXD>L z|M$gdSEihWhWQ5J^4W0Re*j*CJ2QRv;94Gm*m3njQg;F+1^lyDmo;*eZQl5UyrFP zs4dk(yEMK5FP5bFpQqwK&r``&09ZDGqqMjFBgp46iGlMjTPkfUKQA(1L46SRywv_J zw`djjfGyRGK0*uFa<>GU=j07D7gMh0OPwsKH!tSc{n}mE!8d7 zA3MP7Fm3-wVY}dQ-tn4PC=`Ifrhq|2rE;=h!w!ciEcei~ySSr58+*h|2}Kdjtpocr*p&UU(V!+$S* zZ!`H+M@_&9uF$vd{=cNRLZpXOnK-4daP=Qc5a}UR=U(Uk_opDz>!?8|YyNBLx!mGU zx~t}YJ^wPytK1~FD5c@^6J%v8whkCrx!Y5^q4B${=9HB&17ITkxzWG3ek!%aVvE%r zUCXC-MHHa?@cWXESeD9_Ff)3J+W%|Gxu;CJglU=UcORJDU&X7x^=sV+EjQH?X6y-v zH~+Qds6hf$gl0$4{)<2h3)eNG0Rn3_aiE)mYD(b06}8%9l&G;mZV|aqkoaF4`V7Wv ztr5l1A|QSd8C_R=1NHYu!UDc9F%&A;AgK9&G56;2P`>Zq@TgQsD=D&+KG7n{8d=&< z*$PSaWM`0l9TD}ZkT&}k*_UJ)j3p{m_H8i6nstn^jlmf1=dr%u$8{oL*TK1)`Aju81{Wt3y+Prj8bY_N*k4@<+cC#FpqU^$%0PMzJ%|K>qf*b_t?iq5I_y>6MuNDPTnvYRLef1aO^4sS zhpA1~o!S~Go@?i1W?Je`j<0s#eahY8S4!Y@J=u|y-*?P#iC6Y<w$FZK~&b09TJl9uoY7F{WDubDP(SQUtOI@Y-)FZB=?1@&C7{Lb9@zca3a zd;&|Ud*wg7hpZZn|L(Xyx+j5Ey9ItJFo?{eztrpO?jgWUk8RDupBx%!wIm1sW(8%e zs$@qZ3Iy;=qF-!D#-m59!$%o#00CD8;E3RL$G8QtIN>J*G@`w(1j z$gP>SI&E$HPiK`HaVm0>te`hlzjj!)1fn(;{Rg);NcHg6gtoLNi|71;#s06DB^$-R zPxh7hIPR}f^jv90PG(E*s(#f}WN_@5qxjB6BlFU-CMvAes>NO!?40d4Z2wVZ62AFzYQL;)jUOTN#<@AGCJ#wi<>A-f%X(f#Tt8;8n{ z!~J}U{{4-Kii3NOUi`i^)v?RyI{>1az<*VDaLDyqTe2aL%BrS!Q6xb$m4@MD#ONy> z{#Q_&lWpe6N|W}Vv1+8#pHGGCT

_iN>rv!zgjl>UbQZ0O?XvS%RBh_R5z>wh)|& z=lb~yL9m6*@ji&ERI0M^ep7O%orL!}e!jd4yvq{xvqc5vb#h4aFD)6kEsa&{-e8`v zMg2>N0$5OI^EeZgo0qp7Xz(r!YB^Y<^-+2B3lD_PmvjL{Bg&7?h!P0E|Hw0dL0)UJ zMds|;)(e1J&nF_cT3&FT4aCzMdo3yV;Q=KxxEx|UQnpw3f0dSuU)*}b)WZAhD*^_0 z?hFSP3(HrpHaRv{`p^RLzKHTbSeOCpf&sf8N}+3u1OgQO7mARxd@Z_tC&S^^8##|z z&nqIg^mKJ~=gRdQ`bKz>mW>TyU<54Rp0$E3Q}Q?Vze{h7!3pnvNSo;$4K5Nk8aA9u zZ;7LZAsrz9@H1WBUl{Fj7}EX!u^a)u`q<%T0?&=g9)IF$|LDqq1{QmaX|Y(ePyG&f zWC3jA^WMN8XCb5FKEa2ajDSg&v?E(!PcR#o_i>mK7EKJqGX{XBBL-shcM&DNW98r% z4}2jaQVREWWdR9fQCfz`PUae!@a~vf%ir2a(H(PRh%<^xDn&Mp@Y!Z74J$13KcAU; z7>WFdgPY0M3v?{lne)ggme>=w3?^$Bs_HV5FGO)f?%g#f?@eWTT~o2j)-+J*)ATAD zv3D5SFux+L${dB7KOP|Z*ChS;^o_}PP;^%erFs);A{wA;10Egt8VQ;Nk#NMV5Z(=c zs~-OEuSEp}!hQe$%@0kKAq56(etq-3yt0p=$Y^>m-`D{{g^8}SDsNAzUlh`avle$A zxt_0a7qF-n(AHS}+O?qG5{Fo*nS~vNGP_=WC&!nT2!3c9B974heL^RiV!2KWA*=jx z^y}stzFJBpoKLdeI5EEgJLo&wbp?Gd_d!>8e)he*rC)L{{vP0;V_)%|ol(#B@y7rb zEDB1k%tBtt6D^6cFla2DMu{!7YVl5HTX2LrYXn|+X=zG3AAPAkIGiX7g)Q3j_uMaE z+An*~ef3dK&CAQnP1v>uHP2m?)4|cR?&VoB^a>q%MmD`8af8Dvlr~G``L8KfQ@ahu zH#b@~i+b1A9(>IW>aXx#{gP{9Qsp`P-h%^4VJSKPycB@nZ7VI&czrmk_K0-S%|PY$ z58rl=*vHFxH2cV3Ex$6-9r^REkPqgpg>y(vZNqKqYEbvu$ukEV8a@Wzv=uVtpLW{zKf`>N@hVpH6`ya3K!umKsM)8P$kJ9RU$TlQu zQgv)y{rE>^-N904!Ml92errWs?cc8?M=?PEVNy)^dKeeY>-OYpsA_xkxDglb9=1Bt zp8ys@h3|H?mJ_KbD=VvS+V)q>-BmZ0tv7z5MWYnNVVT0`wyoqL(FrQ4=*Qu&>D34k(Seb@lKFERjgD%PLt56BS4>%82jO&cp5}W?#2(gVK&Ahzoy^^ zZ>$lX9}uiqJ1<|Cj30dOy>8;a(Ocn7{nhX77glaJp|J=o03WJRJaMx%(!}4U#F23L z@;--&skcJo?Ig;*_{D>Wx_?(vv14vlLLze--SheQMWb71SR?z}7W+OJh;lj*(2-}3 z+&wZ;awz!gay6$gj_#=a*$VIRZF5;z$AxQ3?Zy)W$PdPru(sE(vGNiZbUHU@&Hqi~ zzWaQ#8=JXFZXI+Vt_?2nW=*AXld5N>mauAOCZ}TP1AD6oZ_n>(rpm-CVyg5+-%Hwc z7Zta;s-w&N)kkLEGAh#4W5(Q^(tK+dXv>0L?wR)3Y-PDI4ltUXt%Xy&p z>);#=%UKxBauiRpg}Ltg)kJ9bT_GjKJc7o_EDxsfpwI-@t-$J*rt!8FP`)bD<$?{8 zvfb=%7u#68dZhAD#)7g$sgD7gg4#1fjeGO8FF`rx5f69SX!pyV_ZlbMy3~+Q@vlMt~H2g3h5pp_WF|>Cf+NU5L*ms;%6FU%NEz8Nf=2+Fq-Z6o-=RMMs_cMRt7Rf!WDj^vp_pCzMFhnq!Gc0=+ z>d7bEB;*4(_@L#AcAcqk>RZOz+L~z=YiI@w*Leqf`&XT@kOQX~-k@9T^6d+Od_HUI zjKd_?j=p`=GTwX7`hV!!8Jp~%TE(Tb7xOZVpk&x~4+A&y3jb+SEQ!Dn$}~3j=;Nj) zE^9L?T_!Xf`LB1}>mjI8feTOsduF)X(^s|CzYBx zS%r7Jc=4j73hQ`((rxeNdF?bc8y__XZA{^}(dF8)*K4;0W4rL)^8Ky)e$(jm!WJk{w10hq#KQc^lN0aht2wlf1fh>S3hwf90+g8vtt`eVun;VhUQS$lK*%AU*s(0g}A3iEWD-Z}rE zT%qvHS!EIg8!l`@&o)nn0TX!yFH~%n^lAT3cAFWmFwO*=*&pa1Sg~J)+V9lE{#dqr zcQ((Se`_D9r;l`Vs;8Ubbtfmf4@kH6f#0Gh#51kPY@C^v(#lfBI5K?=8+PtNk?>v7 zt|D$Jk29>;{xQDoF)qd~x;SdTf-_B8H!3};o2YTV=x{)#5wFUuT~1O*{HdRNgGMiF z+_++MKcVSFP7GZkCsDmLhlh(CJTmJ(;v43?jjSTiI$?kNEKMFbjbF66>{7Qr>rwr3T|SS2kE6Jk1-dh@ z%(^edJ3O1)%AkA_DnTjmaNj^b6Xh1OiL?{bkp9YIv!g(cyW>2h{qd?!*n}oNa{L+l zgL1n$MD~t#{~ILN;*vEa_Y-BDVoolf=8u4#$u9&Gr8*81-2iG|BrN4QE8ftDt(@@c;j?=Ucaf6v>?2P$-o znBNoc2UOg7JYF18H!_dZyLZo<;N-UC(m-^i`2>Lb^X5Ik4F(T^c+f_=3;Y0X7_lZ> z?Mmtyz-;<~$NhaMq-5L^%XQODB`MJk9cFJJI6^NuG*@4|37-Mj#c5!E{onv+(NK`r~28kG=f7tA#CG*{7DKfL9i3P#nQ_**GF>;J1QetDow z3N3D@hFzWCTp^i=e<6{SOL6MKvoSmC;?K%+V&e(Qn^oRpFQ$k%Xtd`%TU{kbuC{x? zLo2ZVE4?Bmr~%`o4x`UHDM~~w6+yNBxirCkr+io+&z?`CAwT*w?ptb_M4(^9*yjR- zIQ#3_ceb`KPj2^YN+!=Vcv4j=eh;a`TwM0%o_UpdxM>OT&?Dk?vCy}wnt1KU&c z5*LtYeciHzqqLXsTMw1bb_7SkygoTcTF49VC-K{jNQeZ(K{;fO4K+!pl^8gJq-@>(J;7 z-cT{W-=?6J$~nVh?R^d#|9$?yFGSIs5&sb1c8tuM{PlAGhjBHJ?X#H8-zI7<+S*P* zUH}FdZ>e5Cc-n)e;=Md$^S~t0r;PAslQFpI0DS;(J+#fvpKl|`&~HF`z`yse^I&iS z3iBNW!li8|g3QXUdgCez*&N5u25>RoGs9h|$U;C3j(~ce8YP?#2ro2|TlD(m zS46NiSSF=TrS?l5te?>G+42g0g5*(}aS2Ve>6y?_{2NbMl^FxtN#?1{$fC>C7pn(x zKGJthB${50+v~-bE@LR*9{R|MTQ$y2_xxue51A^2C%=$Nncm48-S9Cp^65tn#J}w6 zGQRNcU*$@IgJgV={6Pug^LG2v6b+&RTQQgK%{NeSHp0mkk=2j`LWyA(TBU^<`}590bU;>7G8ekc-ZQ^2J(yS=R=;w<6O0 znqB$r#&iFG<^=zb(sdI{R!g?@fu#_q#4gHj{#^;K(*A0%@6+G^V>QsJU~4sQiY~GX zUjNKCwYK&aT2+=G#814&4bF=0M3lWgpkm-79h(PP-iJ#{c)EqK^Kxe{4sH15Ye-3i z8kMq#KHcof_aEzuFx=+p9ON$2m{kpWkK4h~aUwDiv;1F2^ATk1N;B|r3Cf1$7UbXv zR+qb>-5jA>1=vqh2m57bOJ>%1*^By<+N6*ihJQ&B|8hw?Gm>Qp>+DcHjt%2^lTNs& z>LN>^N>^3MIFp`+?BkzpT1?EWQj5A!LytYl`4v|mdG&r%7p42Hn%QSueDksNyRSgS zx3m#8^85zwtWKu9mQVNgsdjg!3*!CBGZXK9f-Xw9P3z?6eWzYZy);RF?6*M}13mUS zM`rs9X1yNs>gg{GgJe=Ei=^@bPaDm6KREOw*NTqEF!U&n9=VwhIksGQV_tH2)gZZk z4LXbSWTs?x^t)et)bLtWPCj9S55GYQd4l8h5BnmBm>iROa{7U$AGjyuR^=*t2yQ0d!fh&CSLD{>Hd@VOO*O(aQr1H*o z$LoYxBbAhU#Cmz}r3`Ft*v`2a>A}2wd=npYJ`dZnA!YXR=0~MwqKQ#yhKWwXnWvg( z0`%tWG?`A6YZ*Y>mehnWHrf%lZ$qVF+NbMK#v`6#&dXjZf3m}`b4|JPGIB1T)86b! zlsl+W?Y_KttAC@pNEICiZqR&^N#9fH(=7jykcC9}{7{5eS#olX?_ABU2-&qTEJ;`i zh&22=#@#D{6)f8${k|HI>Jb+`9^tyr7W|gvHn~!4q@o;lr0rfh1OqjLMOvgkH{bSc z^HnTe)r#J_Oc{1LCLqEYRCOy2*#%9TpGA-oXW2h9^sy%&}+5Kp?Q&G}&BDtnqrg z&DP^d_v_|ewGMF(_OISeiD5RT(%(5$L%@BXrnp4Gtls`bUZ)Oj%J*nw`TZw6@?sgf zpRe{pt)Jfd(H&=f zn|axXK4oS7@;MiK)eTqWub<@gndm(QWR-fKMzGM%=}bSBvo6TwAsgWN@0MTD`^$>| zU%4#eSO_7WjF(Z!UlL!RTP&!|bUB&Va-8wvl&)#DH`Nx&uio!xst7ca_C4(Lv<&fq z#YOP>KGgP`oU%BD`K=Jfh%~PBW=^g&P<-o3m`2jH zkg|Q_f~p4ou4>fBLq5`93r=UaZO;%fD7pTtB~dZ)V#Wbxc~_v^LA+Dy*E8kJz78|tr$yLg zlcPNjL@iO?;NWQEU0DB~Q(daYZKS-2s%4S`Wa~`-dynpEE;;oq2*r4TUAMCmJG78VGC;ndZEy5z1@1HN_0wP7LR!$sIGksQvM)Ako z)3@2cS2JR{F1`$0pUAJ)TrwIhVY8W2&AKzPIghW73DwoT5)XNC6*Oy(3HJO7PPy2` zhe3RsRcYDyv^j}8 zyp)rdCk5^F7k?GrSzUXopQ6v1ar*ham9g%rbIhvlNvZq$ay#@{QFgYrf%UgI8-v|C zO~kF5mwr9|WWt&;$Z>MoYf7wLB+W+qNcxa2+4ahs>(w4136cIslOi_O@|Br!ZeKX- zogd8n)j$PDfsnO-@8tNKF#3xZtoa&eoR{p*FO|j=Ds)}Vk4AKL%XYuKNiR~`HY6H5 z`!5g!?u@XOah<>a`f-F#?6^Gs(n!|(vq6+?#crh36qHX7$%Uo3ix!D%wN)kH7dzMI zmIozU%F*1D^m~L1Pr!HDHZQBm7H&$(=XGnxfGarFmhw!G4~mh9z}(gx{2!IVKs-XMcrsMmbRyk7oSxdLhL~m5U zGMtdom)%3Zw?HdO&c_2N0f&S%qCli$fYKBVSXa+6RKU#t^|M_ljvfE!+yGE=1xfND z<7prHI*6J3Dt8LZ)N2e_tN&dFNxuMOtC3)@rOAR!DEchXZJ&Gi!p{U0krgm+32GJr zmx!v`)62A;xVb(dm2X^mQO<)R9`r1X8V1miEnpE!Yd?&;zq)13-+cW1ecQdf=nDYh z5eyK$=Ahl$k1@4uG`8jri+{CaKAEvAJgRLp&9i<#JUoI#QCp>&=k+Ry%i$CU7@0WaVf*K5SM2Zxjc>;6)S%G0^@awGXWKnd(NpP_ z<)&@HuaH_=>zzS%`dfWma-W1`V))aPaDI6)11#m@wUF?|zTHs4nzlwcYPVK-PMzuK zDTQ-5}(TmJ6m9j71QG)9W$*Fm<#I&O$<4U{op;%_%DVu;?$ zFF(ti08q}THcssdDL`IDrkBDX1fqA${9CJ3!|&9IM2r}Y))`xH=u8t2WxdUg4ZPl2 zq-JO%CV||y*P)u;?7NkZ;wg%c{Gm;l>Suk-(C17zSnzqFV)*Vlioz{s`LOSX;XaTZ z?erE&3Z|W42f0D5Fl3ymhg)Ey)Wv~kiLp1et(dE00OsX&vZ8a6_7iY1Qe^^A99-Q! zc>;O3i%a$Iap3>CfG`J zST;*zJh3=@o;b2e0Khedazsv^eJGuN#I20BWh9cs)G2 zB_W?ewg&%#3@&V9f|34}^FZ4o&m>&qr}OGBU2)9tuZpHndAr$<0?&zsR^dqfmz`hX zvL{h9@e;Id4PLlHQ%HMUSMly;=>TT#!iq&h)V#L-cet$YP9lY8?k2#~p_II)IyU7B zJ$r3khDXL!OFe~$bkwPy+30-Mwa=uruX4_k< z*cid%AIArb%Pg;5V17n8H7GG{Y-WGsMle_B$0ek*i0IPZ-iwbH2hXvyvyW%zS1nvMbd`6km=Dp1MvnwL zTsAt9))&bw(wueU0cm-bb{LvM(2PGnC;j==n?|TVH^K@712Ag8xCqB5wg4kHDgtQ` zR^V>R%N*sq40miXOd{?AD9+_+4_$L1otW-!IR`T`d{v+cK8n=z`uH{Q>-<`8>;Xqv zE#Y!+XLol@x@O`A1JACj=$Y@8N&ki;HkGn;Gy+JjF*Fu?f-(sIk49{Xz6)10D3`fD zkiI{FLHLW55MqECK_DVZ&aFk~SkE~QlpkUtgHDt1SEf+%8iKT@CaHB*|kAGG^nV56}uEdMF|m0sy2{YD{a2l<<0xtGu8US8(KP^(x$3T;lA(2i%|9fxR$S`I)6Rbm}+?_>)U zohCDoQ(Ukc8oHC_{oCDzGTTwsvWug^*mr9Z0-q6Ornpu8J6R8olmUdMnbRK(Jh~{~B zc$;VH;(R(I&;$eKcap)atc{;69Hk#H@~DA3q2-H=6dEfdBJ)JiedgWPNNx1rHI_|l z>f^t^=A7+0c zf=?DA3uz=Ez-%R7@8yj?V2swp;hcW55%aPA7k=N%6L<6=O%-385)4o|Uwgw)5?{se zdW@rLd^WCK`6(XQI^Y0S<24I1T!gt0v(R*Ui-Z?)hg}q=B)^{1uR1kW`$9w-9YfVs zj0*Qzru8LP?EjilSoEBw0>CiTnej-mZ zQ9+!(k58;{{5&gqZ#gn5n6>A-D02YiVq}#MT7Zpz*QadJ(Oa z)Mlb-^SEO*|7h`cc;e>jXP-pV19*A*-WV9Kgx6{Lr@Y80IHiT*CYpDY z^P#lpT!II)wrOvoetL79Js<;vCZ);a5uZfNO%zzzWZI7^oJV5tLbQzSyCJUae zkWx~B{nc3?CeEfk9FZvWQ;9Eg!$~eg6TBz#dJF9Gqb1z#?eD`mFo6x&!gl)`-!jeJ~iPW|eJ8INEG%U%XEvNKd7dQZnqZj?EwXc+7*2_Q!$?`Z+ds zOLnPKg@<=&2bLlGFbv@pORFJP_Q1XS!*F1&y4Gt^Zan_G)7};YB>;>nrjoiV==8w> z@BC-@y~5xHzuV5}%g8FPGpstuc-0-4_n=3Yt->~04-1#IK@^cF_Igcbq3Y37I*7}` zQCPJ-Bx>v|J~}OJF+ypgD_d{8HNxC-JTCZexS}L>JV2#vb(tl1{0&-LTfaPGx0HC$ZaBiF!!Wc;Ev3{Cb8+}Nq<$55`CAac6py<~6_QeMO zXmfkYv|ey1z2ah0Cp$0}5T`RHCPn%#W_66qWkDxJzryuB;xZ!2MRg|vgO111n1#w* zxXw{QTMO?bD$MdWa{A7--dP0qNL97NcQ#PJz*bEYs10#3fq$v;DRbC_)5FxWcKNpL)7$*!NEzVEA?RGh)W7CM#2|)lB$N}wHUP#z;PjS$ z$<4h82mE4(FaXU{dNFg)fdx{9m&;z!T1Y3{Tg3+^0JnJ#6sDM{s`FFgEy&xhZ<{;ybP&AVYL3QI14C|5P zNewQilFUm{thpYWHO6vDhOqzhYZ)pg;^xb>LwFs{1cgvvN`IM8OXqB#d7Wm08JMMK z_`|4x#}H+oRB|~v{irB&Dh?5X^T_>)zPx3zTG?^Me}GXalXSlD;p{P5G31yv2Zjb>!BlfMGqEq`656Jk*LHWZ`nTeusOmPHrw2 z==^*wj7QordRm0g1g^0$Pf|bZ+3GyRnY$?1^2%L-H>${#(+r=Msvyf>MVHbDDkh$w zQ-rw?ZRL6*>uvKy3kLBtty_kY&710`b87-UW*e?D8Zk3ZZ{@QGRKvC|P;$}oP2W$8 zH|3RkgVV-npy5aBHPt}L);t^nH)6Dy8I|-7IV~?hjyrw%sVT~Y>YZeanHKtv$#!)5 zDja-p*=PCkZV?XQDq?OrelL71jZZj7v4TL8 zi{KV(*}`!>eJT_K(pLv(r36P+-BRM_QKCb<{`zwlBP{4 z_lqp^T6F(|n?=Cqpm=IL%)(o$7Lf5+k@4c>Fk&*9$1eIJ=Ok>xdSdAiqmsVW5ut&reGi^;{d9vZJeeeW}y$FCor~L23We%$EHN$O9y*>T~7C zlh+@&lh~91$FAic5*lM_TSA83B9!afo_*kvM&iMktte`{fHdqr{(^7kb?r*8*fJmo zED%@VM#YW_X~qWMz83?I7YU-pq_c244k9Edr-f4MpJxCFt;M%<4>!6yCtnIE2cbLI zkgJL$v_?;=E)#8Z$1M8g{jWfN}(FxHe5=0-*#-sOW z9FeY4_}3L^VV_7HExUFKE^EYJ;$hjp)Uk%#o+W*@Mjw9v+2ZZ{`C(K$I(qVcA^O|C z@!B81BPi{Wq9)AM5($zX5vv)y>{4N1#H~0E=6SEiLE4NQ!gRRxTaJI};(PIl=e9*(oImjYgZlsx@HqR4ANVJl6ofC)ehuIMYw@=O`&&KC`m-QiV5NBI>e+d4?U%JLq-~K|3)3%kroPpM2u$(_`>qXZUHbuPjWvu&| zFlq#5kdP0OEv!J15*CF?8DI^9Vn>k}vJVs`vhb@CeJ3u@(;0+BBr!U&yiBhQ^s?B; zXS@5bRxI z!#)0C^C#-2B|WTsNN8p`nEvUvUK6wxQQORa=Hr0kK+?x=&cDJx5P|fD6p{sn>Fk$= zle?mqXS`2iZYTRuq}#=ddcDE0-RE1~uAohlpov_IJ+bPg7x4+S}&dg8vNJ|-k4WO`%=ga%7#I4#iaf4**%=f>lojOPVD?qr-aw{byuty7+Kmm94m<+^$=Dm@WqxTJs)> z7wtz^9=c>AL+~9y;<&8@3(RpD84U7sHcquA`5Q?vN7Z|SOxGHJN%Ay;B%I)C1L;Ka zmXK_P@DQXH(#x`=G)KQ|YySA@Ciq$Oh!|H$8j9SI>{1CHx;(pJc4Gtq2> zsN{LlavK-oF{KUn{A~EK0EC-INNyU*_EG#-qVao`Y(PQmkMvNOv_N=RY9@e3T5MST z5nX3l==!5?D6N_RjWqTnBSUigP+XKvCz5h{98Zr?eCh^54#bpoOVi>FcH5I& zVfR&QRpi%V5F0AUF4U-*@Bbps#rh5n7?QCAj9ot9l8l9dx@)Bjtd)|V&LA8;=-@QF zhLP{j(Xak#SmrJNn8}yqp1o>zJ9ib`lUN~TL^Rm!<5fC*N+a6rfq_9&f*&2I5t(I! zmwwa{2d|Qd6duR}ozSk{G@bJ@C+J}Wgy|I&0dUolR!RpiIU{<&ePXs!VE?rAoDXQh zRxy5eirsjl$wQ4e*+VQulM2rR>k_{0o%-W6N6bj^Sx$bp&3@la1`P<7S(|z$KJcnE zpB9Ay|LwqA^Q%5K={NBmSw_@2vyM#a4d4EYC?)qg^(f2f+?>BO*D=uc!b}hxG9Ql^-;U_dDa7N1PvZ0z74<)VI*UZ-S?ZFOh_4=d7fHRV zB4wc@M7IAi9gAVVVp^2zjs>}SzLttdiDTLxyOb9|G^6OZ+&I(g@p%TLju2P=`%_@M zuXwty|FMD9&q=d()4KT~nYMX^Wk3_MLZB$5`ThD@?6e`>%!IlL0R!sYS zRnFTN>VNhOUPXFHutO^p)L;JcFHX>FC-RIPSOU|M1%2&CO^yP(GZxwh-a6ud9*j<;+w0w$x&;=$FJaJkTn=}nKuyMMWM;-2Oh14X_f7&1aX*l2l{cpauf4W_{;Cr@& z!Sq@YqUv4H?Db-Cad8@;3hW6bP0%U4eh;r~XZEfnNWg6W=OO63EBkdJH3kQ3#L1R5 zZW70|4lIHuNH;b@N=6p>!0y0utMl4>)k%P+8+%o85;jl`{P5BeB(+PY15?ddU$*=J zk3Tdk#tb6K#B6OJZTnv3g?cbkd_m$HzlG(l><@k6d0Li`e}kz>m`CEASI(8R30^*9id+Y~G9L%3Go z>-S&}*V>N~#dtBx#v|hBei;g7>|EsBxk#z8oU=48CSMyuxtkqff({t-iUpml>}okeN?mVQ~i0v4F z$(6MVw_H$a(~$)ZM%#_`C);-gwuMa}!d`xF*!QmR?iBK4OTc2M6qf0~%SRa>|Gb=E zTrBAs2TcUM-3(dd$bN5K%@$zIg487$!173`tE)qxKWsZoPh094RRW7p-(YfMy6db9(8Hm0aBT6J2hPXgbsXRkf>p|o zG==zoB%}B7TG257ne^wx?OdM+cjc!Lh0tDS%8E`~eQJmF)~BYuLu0c z4tC!Auwl2|pvm_HqcZAbua)o~I`z-`Kby#Q-7U^Mwfi%Kr9fg;5{rWL#pnA)%B2MD zM*F->$-(f9xoJW8;q8~i%^&+cxdp3~Pt~_tAYg6A-EPGRq?vRV6QrWx-}2 zAfvtX-akrAzA%G-yBLX36>l{_+WtyZ7Z`Xrmf(*z1;F05ht$f$7t!aFqPBU8tbJm8 z+6rr^kS&2*SJH)mk@Wat#LSgH=hoHLnGW1j4^6ow*5&{6%|AdA0TkU9Uk{l+yGtVr`_D=lTys4)%*188ZtcmAYvS6yWWmNEBjU%c(xTY2@Uy>jipY*SLeK^+&V@rVsKv2+|!{&C6Rqv z#o-#`n8F7>Y+hcoTD&ZD{)?Xyl}|{>4|Cw1=yRk-hKciH&CdJ9gIpCuv;ih(9B~g5M zkYC=L!z<67$A{0Ce(axAKMz{(d(x%bd5PqkRQ)q+8aes-((nlbTe-w`tL%jQW+viV z^4y|sqSf%RMOo<{tfR^2!M+b`w_4nwg_AMea8eTQk*A_^SyyUj>aa3K*o@eiWz zPYCzr&n@0>xnjrn$w%bm`arwKjTP+N<=Yc``?`VU8|Zf%Z&emoE#MC(jb$~5B7NmE zb!6-|D5r%fGR-IYXdzcj$Y^@h!?c&Dp;a32>44o_AK{S7s&j*jYc}|!ffalO3RoH9 z5#E`TCnO2=H^<;(XO`ceA224o4wMgmh?XOOay)U|>R$Kjj(n~)q`pk4ob5ViY^8MnVi$qmz)JVy`%)B(M){_2< zv9%{?&fopyIm>Yl4(_D~e-&4A$eiBoO6px&{}O#hPy^9W4EvJeq9RY~KLk`&TH2}m zJzc~+^}*BV*O{@8(3Lt%Wd};&tJ}$X=a;>HKrO6tK?fM29o?t8Hh_os-6t>Euti^% z-kYG4*t;Yg7Nj_J=P2rZbq;d;IF<_TZ-u1mUZ)BUug1Bw+N z9#f2f^N?v{0))2irW*zIcq$2>F3qvN^a0(o=JhUlu^=%$eSg2EQ2Bw6Ze)_d8v7zT zt!ME=^GyX+>{9HcY<#LlJm=Z3FfZ7?>yzDJw$2(2`bYANZ`9x`lY4$?-u^nC7I``Xg zzS5sA8=pANy3Zjc=XuUo9N|OyZvKUg`nW`o6T9!AfriKlo5NoxM6v^SIutIC z2Y9EiQqa861lo)bfU4os5-9_3{Vy$8^UM=m-aD24lDNW4uZ?`fK>C2eB$JlCQAlZhcswQsm;2g2Ad^sknGW~*)^Y% zk1YI=m(5mrPWI(U4Y?SsZu?crPAMb(y*F2{tnKG1F?T9j7nQ{IBbYDC_I2N|(D!H9 z7~{&va6C*E>;dJq;k zhOZ?keG8l{aHG0vJBrgMaUoXoR7uw>D-6ld!7zz^gxI_C^S+MO%!zBU7SF=w=}Jk| zocdW#Rhu&E{qkx0*IUw3>ohKrNQdWkd{r7}A85$!qwd5%o}}T+=YJpjAlCYJ*ILy^ z=B{dmnF}JiX)Mz{_X@Xp67P4sWns--K)-(89bRJLU|uDS>rSZ_i{kuhchs$-RVs(9 zXy;{5`EiDHoAAy=iZ{C`VQGiviW;NNpVtE@=9tBLOWtZ%`!ATqYd?xuhYG!=Nc~yn zYlSTeu?lzoY`;$+=;L?ysrWkD8R_--snS)Vl%>UWXY=LlqjHYxUFG#L*Pw@yiOj(K_u2UC7AUQBI$z8?h%syz;2Q^fgJ-RpDa{=YNY z?)WW*XzZNJJqP5}m}l0$nuAAl9nZdB4QT`K^5c}B-iwkP-+DfM@NVq&u1e3U+g?1j)|gW;A$d3}cVasQZIJNMw?UBgly9Yy zS>QfZqy@Kr%dU9+(Z#;U%&}Gdzxs9+F;;jkKdD#w_vyXL>bzC zmN(J2@*?T?Gre*a%iqN_<-^g^{a2tRB25}&-+k%M@l^I*#ryh>_r);J_1$A!>I$iP z62e`Wn7qFu+`@<&{Be1)u=Y`b^wAejE4V3_J6l+X2$hx*vSH--`&Mgw8-;EuZ7tWH z6y&BS^?jg^W}}rS)1K$Pbt6X=D?FHAoTJRNmZWJM+4y-IBOl?B&@K1UUY>z2=}*Ki z5gA&y*NjUvy50XN(a0uobwZMCQoMsNF+RkUzVFxz@EMKZ!;?C)A#?*re!EF>6`fl7 zv$NjnAH|K{>gydzSXXnDC@a?9Nb$j;-DyNx`aAw3{4inb8?PEyG-N~G4 zAoMYCwQ_?2UwnrSb7$y(yS-AEWI^iP(sX-3(-jQb_jX-t>c;;j_{J--dk(s^;tLjS zy8@c}HonyE{Jj(BRr8$PDYaK_S6?y@&$7#xtB%zUD+}i=(lYG~IC&l+Nba_xj|nsG z-nn)rDjYldytz~QJ`e&_3GWgI7UU(#pE*aW-@=~+pX^AzeL~w-Hpau7j!P`lUo3}S zP%lIoYnJqU$uax1jd~vI#)uk>-~Bd7cKb?>i*m2shZCULMw< zk>$TTrotr&b3&M;Y<+ga(k^1~nx<8c&632EeDf(^j_I|?abw>U72|M%a0@<7J75im9+{J+P!9$q+}Y*eGHzh`K#&5m(QdZ`ihFN8zfiL z1qAKvb$)jjKk>kdXdYGgV?$lIBbTFkkMgjkDoUH(#00H~)7{=p*{*LM>%*!>mf*In z`2clH4(k;!oliVxrqweOyt!F_&~~;Xl(sGH#4z9 z{;Yheg_lIfYqX>Uy31CEY&~27|vXeI@Wpg zE8e;3&8J@lm4`@;%ctTN=(peF4_5~NOiS*%+4kw%qS(r+yXlVv?mk$2Oqd?tJ1AaeU$ZCzu3!53j4)d z`bG)a8cLayLb#r+)xGCV@Rx1r#(U<+gxBGUF|^Ss?~*+B3Y>%2uesyl6p@);o)aV0 zkyfM^iHRb1T>(_OQns}80~ z^+s)1cA<72W%Bi5s>q1^5T7n#r?u*Qwa|NqWXeFv#^SHt>}u7=EP|a{6szK?J*5`F z5kg!TxY!b;f76UH{=L5&Yb05fyZ6cZ^_`Oe_>u(LCI7O*62X?{-@CM7W32lf6w%H}$$OE8-|FI!S*FJ- zO3|I}%71n!OYmJZ_angel-)=${vw^QUQlqz?6H;=iW2T&k*^;J3ezoLoHuf2{ejV; ztd8JZ$VmK5{_?S2Pw}aKA?b%D$8-AY%dM@d8y>&pHV#|Rf<8`&U@C8+2K|sdDMEis zlL&yNWWlCDW=lzM+sb%o?g?MVQ+HAZ@oek2Kl^%}-53kEZOt;%)v=yg9h;**V5v-= zxu4p^9sh)(#)G&Y@7m7%DOmqK{>vYqGha=vcpz!YP|%VHpowm<6C$pf@N6sMUPwQx zSoCsITIX{z*;ro8PqZrMb(+15;g+#E&Hd=rb(EuGN4Tbmr5`hE!qWHP_~r#sE8e|3 z<`}sR1-<*4%mxciNO=}9eOb0p6m1Dh$z}Zf(8YVoz-{N;hUY}O$j3Z$A0o*f++p^` z-*P1nN~#h@STLgAzPZ4o6RAdT>sjr!_$)0&bu^f5x!p9W{D!xqYSIe;;&fQ~|6=dU z|Dj(0zXt~;lNM6e_M|kDDBCDWB@JZ>F*=f+lARf}PzjZgeJf-)wydKRMV2ubObl5D zgR#t*F=obnP3Lny-*di?`wzH(xPLq6@o3(z_w~MBuj{ouU(YAXsby}>8M47jLzxWT z1I_Qyi+?Q63orU=dA6$!DZzam%OxM*T^c{?3D^(vZ#+gu?}sh5WeMe_BKqXW!&O=i z;+q2=g89CZOb^@8>*1-$0--{Z@N=QXtZ@IgCmtivAY{|ys@jubLx;u92Q&aBuV-GY zM33p_i1w>D2vv&uk6w&z9i?+cG+}VGPa=KNSsG-mAT32fciSktigN8o(F#T%!{OLQmao1G7 z;Edb_HuOcQOzo7h?7B3Q^sx{e1%BoND1*{6!A-a_9C;HKJr{Wsz*sZ3^X!5RIQXTe z96x-@9lOX@MYE?1FWxj13q1U^)lzmnOk>x9vFOmQ80NJF=Y(9 zZEbrOHEB{h^XTjbI_w(HQ|QNZ1cu!oxhJO6j$__V34WV$dMY5kUU@M8 zRH!E->3yet(2@Q`RQ@?i2f}rY`e#g;eoRT~rcr_6Z4B*UbIuLPQ-Hwo9wYm; zg!|6|;cJpvO2|g7e1eOPNX)#}g@(Pj@lXobCW^@DipQPlo33Q}G{xoAix;TM%Xndp z^cT|VCs=jj+MW`dN84}x=i~%>vr<$;NoC{oJU1S#mTvYrvC%$%bNkXwn(-g0Gak}m zmN6KZRYl(Iv%Sf^@sXdAr-$6NPY?9%#j)q^skx}Gb#?FVXe@iTbVUy~S$MI8JC&dp zWrCFv+57n>!}45KNQGtlR8Y=`%-LpZ`QN#oncBqmhTb37vP0IF@bm@=A*VGI^>RB_ zwY%}h^_5cCpDXLSgCK?7F;5Faiy^B;<=tiu$8HS!WPcA?0E4z!0nWGVtPR#*&Sw@$ z3!;Cn{@&VMP?g!OqvdU1BOJzp)&jxB)c@?E&md3{ZPw_)&Ik8O_l21A0{m(WNZI5$ z9j7;RBtrylk#E)+x&Cn9IPtpBb{zdwYJPn6X3+z5|2CJucG`BR=I)1;fstoEIns}~ z>I`Z>&exv2kIOup!WaB;dnO6!cBjj->O8hmthzf%TPa?nO=00GC~Bd!Y;9&fHMx5J zf9*MI-Y2^U!u|XNk%bxKF^5G7X@|lNsQyd}oDEau<%^UCR#V8j8q=;e%- z0;z+It%+hhiYQ5=V=lXoF0MrBb2KSW-l6k0n`E0qVM-C6Z&?W^pUWqVbQ+La8Gndk z_<4EN{OJT3MMs%xY!jRbjU&o@hYP6T1tn8#?-RLnvz=M>wYUDNI%x zNegm@o4lQ5MCg+6)DRI<%+&k&BXg2tWo+M^5BAndQg^)fhl;fq%pY_O+KGxNEPL2q zSW=iQQ9JgAp3HJsPz5o(`Q$*M^pvlZd=ur&T(z}(yM{;Pu*IW7%B0DoqpnZ4DMhpl)95R|lNMm}rR-YgL&p{u zswR(SUHNuk)@VU*NXtcBUE1?Z$&&2jTxD=G913OFV-3xXugA-i)FY*)8iif@w_W94 zOiZYR$ED^(yH`5B#C?D??vX8L$MT!w=y8<|cW|sFZF|iqNF&xvTaB3ZStnFdoA3I> zK#@jO1SWy5noMRqGrx@i+w4jHeJ$knTbgf6(I*e_^ms!t$JHNHyhJJXeItOxULud~eX z$=H@Y3i(4#TGOudIiLLzY%tz6whOgk6-7BJ{%>_F2J)NEOHrlIbWno6MK# zF;3DhRkkP&ICZr}Lo=$}3YgfO$|TfaLcl+yXi~s`V>%>*UP37_Zxua?X%v4uQ>z3k z?WIY%9Cdxc{C)G9#dHiMd~QsXXo?K?zu`GoIFAgukvPko(MoORRG!axKmg4<=~?39 zDe8dZqq+Uf8iUDqhBi<&X7s#7&b2N(SOgW#oB zSN4HqKx|C!?12u|+hfp2+_69{?v83IFnMQxX-!gnF7vtVU%pm8$p2Rb@U^w>j;3ld z=OHDwP>t=BcjK@mnrGYx$xbl)m%UHG*anxzSJaCO5^M4kQVONsyQFFz0UPFV(TPLx>)x5@ zP{N@N(`4z%PO`h!pqdV6ijm!bb$Qx80U3ajY6@X5t%0!qF=PZj(*K-)eauCMskzEI zSTJTG2%3-p;RJE`Q0*m4ejr*>Tinb70DOp@F)tSOAcd*pw{chNs4;CCMJ^CnplG{% z>1umWfmXQe87WUSSN2F2?DUs!1r&|Kba1so zgh1!Kn|zT3-v=E<5*v>xQYz{}*!%RtICm{P$JUEX=?jB20)pY+%d+|&WO)R3k)q^d z6G7*ZSvO^XsGju`&SlR|u-CTmYTDv)K30hkTk+4tz@iZmqy%3uk47D2Mtl{&1pJ|i zxd|^=fzuxUdV)~XYHCSt!zi_u@hPt`woPc!3$!iI`_MO4JsbsGaEHO*!2M-Fsg?^( z1#OMPK)54jwjDGI@ME6rm+GwKN|(O;@EMx9uXV9{Bjr#TfVg;LfPHwQy+Bj>4j`q| zqpNw2$S6HhcW8SP9 zFM!f*l1?5FZQvB%EZc7bckE2L3`dN!C@Z%9V^4;Vm;#4eU_eMit@z;$oWBjI*>H~6K+nt)h|M))T=Mve zEKtQIq)v>viO*U+Xa(hBE8{J(4g3d{lDQ4uGd;9*rgI_SbUz3*WiJDr=QM7-Jc?#g zo6h4}bA}mnrmDC=Vpke1i4uc%=~7Pg;+Ln(-PVqk)T@{l&)*Eev(?-NUM@tkP7D<@ zs3f>*R8?4%w0cf^K7ChJKnJN90JtDU(*xNLzBQuOdt4=v(Icfm!*2peqFqxm{lHC{42AKMyXB}|MLo>F4Gw;K_ z1WQ5RGb(526VFxBY#%j&wA`?ymsbnq>N69*sAUTc10h$L4huI33_WZmdE(Y3AXB!d zLk}E;+GiPyxRCJoRC9~G4CU%Uznz>M%P_ZoKYRxi-T*X&4yES&SY7mvV6(Tdh~;%DXPE zK*dXmwP<-vdeJtUmF09L(0{x}=}K0I)doyEr`1~W;2*n9d3cj^U{+T&)YY^00N8ZT z*Ri?R3>;ET)j}=A%&igoij*v1W*awsPl?no)KMEVXF%ZFw}pV%$t~VS(rW228Eml`asPfUBeb2{gPrhjb`zcc^dHuOjQl&bmhj3Q7%6r*aj8dUZ*!JI1D%8 z?w><6I0d2%I4zl1SGM4N6+^{noJz4-2EnhVD)lt%$9qFt`NiE@o zc58PV5@k?q{TF%6L9kd#o=Dgtt~OK~DG7_7eM+67L|noxs)*d+7;9vujr&?bW5*~= z<=z+=jFl`u+tStkd!sf|PhYDpIUt2^93)F*+P3;8n@pbtZsq+ePxroFMXjrEBtLJdV&I>z zqOh{QDxn0w@6sD1@Ut0Xer`4WB_l@L!*B6eibWOw_V7Yqs2=s&YqJF)GwbMCho5xtg?q^|`E~bV+4mH(t!*`eSHk z-}q3%dO|4(Rwz9uN(M@Cpz*~NhhOw9$n>L~$Lw#9H&8!3N1haH$hy}j)Vj)8BpK1( zJx-4>^9@>5H>CZtLmn|M@v~^?NIWxsxqYh!F(oMazR~JY_Q!nVSgOK>_xC zk)&O8@y8|hJYX5`iu>yh7P!Np1mSHLV{>%2$N8L(gV^5Ad8isviUIlXx>wigJ31Y# zeZEvOfZcu*1#_VHS54}-oVO@J4&O2svo1QYzQ=N(FAieMZr5^uI{k=L2pNef@eI1? zxP;hTkxv~QdyZ+@&JeGSV2M~XlQ@3u(g>1boig@^ zt{G{;wM=#s8}hCRE*7oIYAe~1-?OA@TM1iu5Ve0CJ{8vmzvgbY5sZ=|<#9bkhx+6R zYaL+1vIXM8r%UO&8m%(jV*+#$=TCX&@mpCc*$C- zE@wKo|FH;A10HV^WJ5?1#lSwHAHQzMrETa~A<=0a%*-onwzjp!=U}#0d8kqdIGQ!#YjyZ3EVRe zkm#~~hyHz#zIhfmD6IjZ*VwKTwpWVT^BpDu!@!z?wk>}$GryNW|FcCU7%}E6z-*NZ zI-Vce{IKu~5eNw}i>o8P686r5o`! zlKPFw7QR8H>X7F&(dzZbsAryW4oX?klPl|a^1=-g+WY>@1!I~wO>^VGo(HVwz8_%) ztcQ9Wo))smGyJ!ce4ARg`mO=c?V}YH3#?y3Y+?4au(%M*yl`geqzFgcSK|F%VkeJ{ zPJC>SI3n9?3K z#}rF$01F#Smd6vr=VG*$FX<&hBMNo{&eu6VvD!4Fro$dF2l6@p;!$=OXp=_4cf3=rgJ22YXKdw?V2OG_>Y) z>p7%f$jd68EDs^*(>ew+-4D8woLa;jx2)Cv8FVnx z)_8`Z@CN>1>Z+bLJUS2uLHE473|+x(I{-p)59V>?0y#6`>X1g(8Y?ht3J&0F(^UO6 z$=<42!IH(HlJrGC&Gh}5zJv3(x$HG4onE)5kwu?trCXFN7~48nM&`M$v32t8NL|g# zl#ZAK8-PuEY9x4vJ2G&eC$l=OwiHhmBqw!Z%QJv!sc*ql!9XuA;L^X1GvioD&;zfT zo^+5?i7~Xc#Sz}SK>%22B0O+M_$y`pV_+6a0ko)o7gOA6RX{c{l>+6`x(1-34W+bgO2K}D+PDw z$#v+wxK-(5R&mw$nCcDT>xQ$;_$?@9t#Xm^mTuoXk6u{ykyvonzAH!#C*dx6x|ncarjW!Adb77_waQf)L=x=$Z>COskhxbGt-wvKc7tSyd3@t8dJ1aboB_{exAE&Wk?I zI{t*_J5;~dT>Z-Oc~d29f5f~tX{+EzpbhHGvUXw03J##HqDnj|F5k8xTU{N4jJpe{ zX_bYn&%C!><%bd;ezVE`3*a%G7Plcxw^U8r9Br&u z(ALfyw|bi(FCv-;0&iVSZ}fHP>+Yz^L#jV#-WNs zxL%ny*NrZoum1*xY+kRb(l#P>`YBwYTpb^Z7=KoE4jThb#q^sj7}E1S9&zjTJ@CJI zSKQm`JJ0%5tv^o_n7>gv`*ggW58Ro%?Z%J5K^rMOWJ%v^zQgarx-n%{_A~8g1xHFtgzc0;WvCf}K+b$GQC5u~2^gc$1o-{EHF?FYnHfvc z3MbWXbm~1*tCf6HeS7T6+*g&Tjb-dO4pKi9iBPj?0*@Vd+i^Kh1bsIPfUEk zJ8yz}ayk7t;k|QjoSl5TrzO8jw3vBiktEG?`0~ z7{CF>cMzf7a0WU`I*Z<~=n7P4kTaiepRwiNoKXk%y*UQbn36RnV7v>AZD9aMCEQ!5 zr@OeZ-s8V3(e?TYV2Sc*+I^|d2$Y+-scqk0;YC2{cm=@3BS~%v9+=pv@X11I`aYmO~6paOC= z6+~442YXu;CD$=dCm<2znmgZL(>#HW-(`|82JlIGuc?y2Eu0gj6=ktNel-dDJVsq7 zHAs2)^Q9YDFU$(e->)#}k9bubfbE`)%f!yCJJ}{h^bdl}J9fCvPu<pacjSoQ6FB zyE!Mhf2l3*7=H8&+nhCg`0CqjMjIf0&!HGlj`sF>C-G42*{rO!=@r$3DehM(>J?bJ zYe_@DvQ47jKkUVDFKF-@Dk#!3z5=&lo_ zJ?l?aZ~+LC1R}jxV0=a?fZD(a@9zV87I=&bxMRxB$truZ%i8ltFH+3XDU|B+!r^F$ z+^}xzfz)yD!XBM>sO#j-vO(pYaE;=}9A#H|F>klh^+I@K5I_$gVgxjNLjXeTyMa9F zjhwVMy8mn!fiaZYm}>7k=%b+FF)MYU)kSv8>C_y8#!BmF;H#lU20=PK-ec5Sk23u9 z`b1oSMtXSdYTzYczt)0_R^f|#SX#)14-a(nN_=|ethP1)#UNdmndg0=e&$C41<(9* zTSxi!0-`)}-tB6DuMfW%o6GQ0$XLZcx9xGJD0*uGv0GKKqo-2dN=@9Z1=ak6sKlH8 zdz^NiekdO_SLUSi37no3wbvZ)_z`uU0;H3biDjO;`%p#Reb=L3Y-+uoRbv!`^~^Hg zaVhW{AuIdJZ7ZfI0jzmcUSZ3}k^}&=ft4#MTq@n@*PxSzuV)YSS7*8ukj%tyK6cgu zAw-CCYM-0*Q7N52#I$L~6>?fi?MbIyvz!aM)duJ4E|0`USdxtPJxjOsK7hc#8I)s} zowJu%XYd6K9cHT`eJtyM$jil~&kooP|Ju#&xn&NuGgIU}(@alFBYU~sL>5=}0gR%K zd7B#)`{sHw-r6|GDjIibkgYXfGf9`}KC!q2$FlUXt`c;Ok`gj6*Y%Wjyw4mRABimn zz;`k?Hyte%7gYOf$E+*IF;%jg2+aMR$H&Re|6~^Haw+0*7Cb7yD1bQDi@Hp2#6WZI zZk5y8-O(K37O<~|yO8VNBDC0}ct-s65Igt|uuvuG(tdEEWCsjD8oyyK*?Lx~xapaN zy>owS6==2hYW4_nc7BR7f%5~UzV+~&l4GHsRZ0q9szUHlkd0xbI_^C6ma5w}cY)O) zA)Qdz{$qAv1D^)^#}6LvD<^ejzYq}KdSS(_g>+|;q(rUmQ_D|wNCMSNJ2+)=tl1=0 zO9Q<&5)Eov#O+P?2R|@sNg){K;y`?*bQ7ii=WI^Oq$adN6IItbr${j-oYOB>cYA6> zOL0mlBJ%rdL+!{bKOc1I`|#U14%TXD+(F3%PK;Axc7IV7q--d?U_ zknTxQXzI(x2a4L9%cpM774n=m+BEbAjXAB6<*N4CJvSVLSpu;zIW&c;BE!WhU1Z1&(kM? z2w%+9d!KC3oHfBl2JRW+6%!>hH#~f6`XX;pE@R7WunyJ2I6oS_(tTF*@mO~7)10*d zsy$`OtTo?4IHZvl;p`oi^Pm!|(^IC#9v&%8@YpiS31&yh8WJ8= z6=N^zhk!I*c>?4zFG2f*m};NB%)7IAs3DGO=LZ1K-~Mjj{$Oo7e>uIkd??=WiJMgU zU{`J-K-OobmXH$=QFhkF&Tch<&8&Mi6+f!dq-v@Fo?pa?W8WEAKiq$GdD{D!EsYu+;06r zL26DaWQ26kVsA2?_B=XUqzJHpBPlc=neu`{J<{g$RB9=H`t1jZRqAFo=4pdvBK;5h zZg)VR%yuD9Ru?sm>|Sbr#0952<5R!8CLT!B8d9<_|J~1E&!WP8r}^o-Dt%5Lc2-!~ zmn@~L^S1c2@M4Fp=v{$}QGzb*!CkhbX{hRpCt`HB8t7=H4x1KctKbapN=N{W-VPF> zY_9thOUE+PyOf7s4p>jftdef39@@qBoD-OD3df*7zTVI7kdRMdf|}=yK*%Hgxh;#& zAB%~g++?2!cl5s!yNL04eLB0l{aU(TtR5}xj}6sx3M-_dZy2yuy^+2B481cqXXzf4 zA=|~joxs`%iB}UbJrbFk;{qwMk5|Ii3?N8X>+l4hAH|rhoF&bIo##(A$TU%&<(jW7 zlkbqq|$k?fB-wN*vGI;0^Bs-MR7E)cfPl{I&qs|W=S7o%@rw1=N=>Nwb zu060XNJta*P0Hu17t1V9d+wYwJVVjAYhf8-Wv&_3iI9qJC$!_+`RWIfsZ!@#6V{g& z%5763xgcHMi}Bp}r1}_1`-#Z|N{D~&gp;#`@rT^_B9dDQ`7W$ou{na=!S65qYY1Yt zuQ1i10CEp#%t7gW0>|D+Ku1w9TWG@VcGM$W+iW6PfO%K_N^mo>H`Kiam{a>-d$48K zai_N}jL!_}(QiSbHVEZuMy0y=GIJ7?V<=A=eQl*w_P&wWEYI$MD3xp&X<1|4#Nb#R zcKzQaSbEQ`qjlN?(#}O_;W9*Zo}V)_D9&Nt_m9Qhmup|mks9`Dz-Q{mDZ*7AeGpr+ zwe?i4`}@E4!6t&&9#oAA@5QYR66k^2p@iDW1a~cX0PixX!RLpM0UkRcCE^ z<}Ta<%}0*sG;B)Nmc|93HMz;3(McHufbseA0%ciGy6c_&1rft@6?^fx>{k3XG{CHy z>{0$ndpH_NQp>0`O4C6duA#(;>H9!>vlGC@n&T>cqQmyZ?g7>;N`kwfS9MprrfqTT zHs~kt)uu*-_blP9bncnolxv$68AW+&94ipEz=h{CCBJ@Xlv>cAaq#d(qfr3l6zQ?$ z@1pU7Jcn>k1#N{isDL^pceA>E$B|S0*B~%oTL%Cu$-1#2U6BQ8?K%|`!skBN1rnv3 zAO5Pn8i}JCVGMDdC#=;}=wEIkTY7rvlTc}VbgGVM)ufq#|GKTnu=fhSst4?be0h7Z z9_|c{>o5@?a@Mt*0_;O_+J*Bt7Xs3d;YCX{Q-j7sDJBAHwzuJ_5u`v(MS*ZUN6hG2 zwf@!_J``h^uxMFiJ4(FzpStrsew~5uuL<^zZ5UsWoqF%o?)c^D_B=XW zW8raNRiO*SGiIr%Gt3gi?>AcKvMAj>W$r+{5vQsGBrfvMU>rZt3)gw-#h7P^#Rg4| z1$gp8uO@J2lO}!)GVt9GK2Nk}dD)%0n#B5I%xrX^L{CJ(8&vWIGHihnM9#bCmnEQT zCWH164f5N=-SqpmHx-1rk~1aWv7D7i*^0C;@wS^rIX5{SQa|-Ur?+qS$h_N@s)XB{ zi1TVmr?0*yomkA*plQbkP3kD$j$}OXgPXniYuI+L7|R z3g%)rH2~t2;Y(wA^S4i|YRj!sS5bRx0n$IB7bJzzIiA1+YNCF4RBkPwo;e({a@O@} zRX$&Ef5(E|M*)AONE^6DKSgkO^??->_H+b*l=l+KBNK8zkw;L%*(w?Mv>@~(cu^O6 zQl5;iBh3m@GIq^PAZKvAE->P8k*jougI-nE?50uFrG(R8A|3R6%b;}dhF{e_nvobn zux8=KqO`qEj@I334!QIOHkg^(X_US1ft#%0a$_`@Iki4ymrU`^xK?f#Nqb9pHh=GCc;5Y!8I;Y1PJw<@t1qIH;ZJ zs5_^~{pbYHs9O^P#4gI>*BvNdPSy=-{1`{prqQ=10$C3E#%s+JOpP$@T;2#=XV@>~ zi4wm8rbc}HaDO#r8Gxs-X}a940P!pENyiAW^O9WSI>l~9Q!5_CFV)_T~wWH023NZF7t-% zm^%$LrMEh$z~*|ZhGQAS?w?lut1%A+O-fxTlk}@JVxa$HZKo>EP41I>BJy)aQX$Q) z5j(TS(%B3*y2r!2Sd(Mi!}Bdx&u_K0^^6zo)xJ6ubiH>8){~ zH{@XeiFp<8_vi-Mv<^F%HsA~IyALa1)T}zDdd_RPL8t=vY#vR2eTUWwE0*;xEOupS z#0;ACXSQLYzgu~7!|O_JfT4nB`eZ}5DNL)H&OTfG?W{3P^>LA72=#blYn|D|UBN(r zV-C#`M=SoJ9XNNUImGU!Qwn2SBLWp{Zn`z2JWwgr;!&r%BIoUx$d9=*?Z1Lz;-G`i z^N)pE#2_{0<6L)dw{B%L#`7BFy)(d1ehPEiKsNBB;Lv zEJI%Om)#^=VN*cS712(6IHi$WGR{j{UAP+5cA#D>t%KO8!r##zvjCf`2XU4iaNUdY z=-)C?&cC{!tQ)d&i(mm@JkO>a)>dx5^t&Oz0U&wZ8yn1(g4mr$5V^OfV-ZTv+rl*F z2mS06g5}pozW|dY)2$#d7dKYR3n^2PieRxDCe3XOyMi4U2@?wltnvOaDYzL4FQ$3G zGNz4j1p=e=7ezM4PHQU2EUKFYBRtw;(vJtKHNeYuo%tA zl@sq_HEDHYhzUQ}?j1JH$gJgtho@-zov@PoKGgq(L_5oCoEoHO`xFGMC)+2LY!qg( zV@1RIQ>%pG@ukz%r7L+mTr39VFjahqrEtx8FKc97{@_M1-N@vuaRlIH6n#RC z&AA!_YNIi>qN86K7uvEfBKtpPn4PcMKPx)gMqc z!$LVa5Lvfqts3=wIw3e5CZDTg_;K*hjk^(3-?xmeObbO-A+X0)zzz1J^z*8}xKW9F z2cdmD=uZ6m`&5+f8v|^$JQxYev+)V?pGtHTQ7V{a(iQ(3#gBWX6`sUK${;yq-NK7m z$qxd;eBuGGO25Wm*?j4=Poz#eqa{Iwuf88q@SuU;bDf(}2&tbwt4w)TU1-Y=gBKh2 zuZD90!B56Zy@-)3k8tnXkx$z~eccCZQ3}E7D-(E=v!P@70x*hI9T#%cHRGir6j#`i z%4|A&>|M!um{{eC8TAPANGWW>W!H7r-LL8|mU4@|;6`>ql$o+Xq?}XmeN7}O_TzDB zTh(mHyzQG+c?MfC67o+ZTNn!yM9xNT`{MU|7ZyAMn^T7)p8htzuO zkPVX(QxPikyQ26ApF)<@pGOLgWH?EG6A9NUf`KlCmAuX$A}uR{4`&(X2pm8h8Q{$_ zA(vsMogxOG8ThEpg0g5U`d*NuvBOHnE6cT=HtluaV%eUL{qRF8F@IcZ*)kS@)snOl{BTW0$E5kqxrpPgL@>sH!zI?qmL!L;|i z?{)h=*k^`sZI?P=JGX@23I(4{Z{+kN51r|OKoFZ`VkaBY-%p=4ZXOz-_8$+G#L7J% z>D8x#$xP#KUkv0B&A2X|x;H=lDZ}8v^(Fa~fCJYB8y6B&?g=~_T1~?oJ1y6D69coJ zKO%C6?o=N*JzM7Vq`dJO7N;!BvXPKumN`dW56utN4SV+aalP&6e0PT&vFXIhp4!38 zWQ8H$^79kM2C#0tuN*h08wJ=jpn69Xx{XUq+%NpMMNteo7?X|f+>MD@{AiR%BGu-} zL)ju>rR0_k`sDBhgrk#X2 zZ-mhx*i>dIX` z4&)JFaBkX*H@Z*E#txP~o(91fL_~U}=}TrQZ2=boe4olLo$@W#jntJ5pA9 z!3x?6th2o!2SCcBfEZtLxoQd5DQ$_L?;WS>mH_TEis%KFCJ=rE_yW0-n?}AU9Tk|vZwopyI-^spnZPn0k^K6e*qrEV_VcB zeKhy1K8L~`ehC)YwD&uZt-YFRi>6SrHh7PiPm;@F9PDU`n@-Ev2qK>v%um53Hpx-ysqmC zXTSI&!0ylGJ`3b~;ul&Xg135}T+TmMuhj4E@8gvBDulh(2iDPA67t}I7yHWx@1UDC zfkt3M>yC!X`>e}CtafXzhTQ>NC*OJPO%+I)EogIl2|VRE|7@N)yZFlBj4;1GSa#l5 z&l2gl6itSSRP71dS{23C(E%_AUMpMQ=!i5046)d^TJ+7Gevr_x3g%iI`04Mn7WxY0 zwW3cGAEaGDd`5!WiOOv8dbSr0dnBFZ@sq)TpGmmow~}gd76Rcs{QY&$Lqevztxfj) z^~;yw4t;mz*Sw~$fy1;XOM%c10E7MwGOq=>nX(<)d(cd;A=9GBc4u5RR%`XkPg*sXhL8LXOcj_U zWZK~G(}7W*4WpvwSW zK&ZDJ2w@zVM6HWmbeIfbgn4F&<4LWvlkpg^yY${>Vk_{a*#ybVXdW^s%pwHnSS3PbF+ z@ecKG6hCkHn9mQ;%mB1}a9XAl>q|Vr_Z@Z;6hN~9PrneDPxzmm*9C~e^Wj-D0=$+e zN46^k1z($oRvS!0Afh7w-1E@hRoS{d&vPO;ON~q4Es&@Y01=aI}ncoBKw~t2n(%hLxt){1MSAD+ILt#j^IfYFq`%ojMM@L1yO$bufHtC9!nE`-Gya7%ybG2 zO}oyVh(+K@F03B`zyI)mF}%D(x_6mYZV28-c#asN%t`Gp3_7GJ0I_=seC&U>k?+n> z$l^9VoOhYSG33>d^y(3v_*<(5uD~%I$`En5ce}V%j-qT<(R98 zkOUZ(t+Fq2ctjdNCO-nYi1`hANZ=D+tt9w85GoByeQ^=X5#E0_S*8@EFxzuDzp#eD5*i?KdbY|HGz?zfD@$ zrq@4U-wE80tV7>0jqbF>-aoYu=#(7#*ILAVH$EDKhi4_OGUxJS=*efvAG}fN@Q{5q z4!sS$=RW<{Qr;~8d@V8ao&B>$ES87HS2SqU?^257_WuB`0Ko&+*pR@5z&kCWJO$t1 zcLdKVK;F-zQJ#V4f6qLHy8)+Wp%DrPWv$vYe*-F zeLY=0#KbiEEk6^!vDSqntrP~2O?q?W(3JU!+=Pw8z#JiKU=%{bVjT;p@Lj=wrU-;} z0w}fdci<3nj?fJgxG6u;435cJDZowl?TOJQsLlpEa^iQq!v`Eu5JUDUH~vtH;nxHQ z+zl7~P8EgQfF|9&O!Jk$K#xkQN05B!EKB-GP(qt6qJlu`zA9-A#@*6I#j( zuQD@6GnamT1HVh`7Ep$TI_+vAI!9`?0R<;@XP>QZyP6(s{o^9wfef{p<9*)Oq#xZ! z6G8O@_PY2Zt7U@u?8Xc$C^{49x+xq?u_!+eP}CzrVgc%3!KLB5dTWZ95WuHJ*0r1X zecSSAS31+NFVm*eCnhsr-Q{Dq7+Lqwt6UjrP8xuCxkGsK>SUoMU$8j}j(|V{&y_#0 zGKWwp>uN_se}C}gnN#Uk5j5VN>qQ-i$X-5o7v_7AjaseG#rv%CA|YOArOFdMAPWeZ zY@!M<>jTkfaN|9%e~>IT>h7pak`q+c0w=N8h11e8^PRhB?Rn%kq$b#SZHt`E?%@FH zqwntxL#`1B6|Ig2c<{~p*=NnGJciTKkXR75{um8Q3xR~%IwEsi<~0}Z25t=|Gr#9u z{m2Iu1%qagO4gEt#Ub8!DuM}Xtk+SLzhEhO5#X}Z>I0^MIoSH&cUOgi4Lc0DNrQnt zIF9r<(~%b{JlNYU&0E<*W5i*o_9}<@qQ+z`1B9$3Et+{Pnnse}m_uecgO1sW(&vMS<8N+YR6@cukbGLm^R_d<`DTpn~f_{c?Cz#k5XUvjV%D7B?Fkz(CemeypwYB_FT=d=bRCDiELpo`6$a0g8ZXlgb(6WbO~~< z3l8pHMX#+iJY+Y|gf*ss|4R>E9el6)*doRssiW}xmZ-x%Z(&G=Ovs7JdJ)L(KZ-O^ z_XVVO^YB9&E<@wx5iO6>wdl|Cg13Q6{pL*&NZw&;N_+Py@D8nKw@usf{@p^HMRg7z zdj{|LIvE{;Fdd;d}OIW>15n|C8)(A6Ml zpWgpXh}x(F9^T1-yd%p4&(D0Yci!lC#Jzi0_CjrllR^?OD5*F`IZ&S5Q4cP^7vK}? zcz3?%{qvV|nu}B2XS);lcJKLPaoW=2mXH1NI{byvLOtUg?I|yq;$<)sk+8-~X;#cz zrXw-CPFSgUFJ+HxP}JO>&t_;22NN5?d7^uuM7~cXG2Xr$y(?$w6jY`~>jg*_`c=a3Y}j zjpc=_=-@#!+>%JsXbqdF_9=Etnh|jm*FWr6v^+fVxb@nfUgJf6`jp+gcyD?$oCR`) zHc4BLGj<_h^8GunuqdP9y$Rytw|r+js&R|tiGwR?R^qbhklyillk8ZVI+D`>Rfjd5 z4OkZs;JBM1sjFaKOHC%GGYtg`0Q>{f1A=z?Cf#diR*Opik2#o61%*nz?<5b4zp zc@~3&LCZ%&dvAg8&-rSSoNPTGXl1-r-Zw8;GLBnK1%mPtp)QAw5=ZXE+Jq&LHXwHI zjMBLT`@SK1a+dv`P;RArt6%DUowbSB3Zu~&u{@97Jd^L%o(*xuq#L;;BXm%6o)bra z6AF>DnUB(5#|tchs{U(v&a?sUlN5N3DD{!Iyvg;M`ZQ5>^ytw^3paQZ zP^)Jl(}x)&K~&>SC5&dKy;LZ-{Lena8J!ZfCL{G>aaqZ39qr4DEz%^Y-bY6&cUm37 z;sdYNKNqkCFR%!P&0~@5Uy`_UQjm)e!<$5+s6iJuj%xVwDR>Z9sex}AmfMcu8igRk zml}}GK24SC!`o#E5L!%73)|T##6r4BUd%W>oipe7J@J%dkB>I_du}#~f7%CpQ!8rP z*<`ukfGYo>MBj_8Cm>%RUo5iy;seqkgY`WS?_cK1+6IvP_RyCh(Zp`Ct%r=#-48r z(0;Doq5|DRAo1?b6YP%lsF{qXG3iUK4y3){7jU~&C$|0r4i2OWCR=P(eWm_SL?4!LcHq$ zOUe7zQV_Mu$dVv59h-4ic@h}-sMyGUu*2`Jr-%;WDzRphX7Rsn;4?&@7H*VE>A6*+^G)m4RA>H%+#hl{i?!uZa+4eG_ zBe|}@8iHG~ix>(=c;p3oXGQ`LD>?>Hj*8mTwtmAtIKDlQ+D{eEBxqdaSX>A1j6WcZ z1RK?`QMw+}e#40AU!a1_Y6hZ|{gdZX+Q( z4xu$hC0D&$|5&`n;l^|VNp$oImhhB%5xcp&ou}LcE;}ClHG>z(HvsQ8?fJ*z0f4ID zfZW1{2j{B>!O-u3hyt=O?nMY(1^le!|Nr#=g>8DYuuj@Qs{p<9J00z?BPH&`Nk5WK zA8XjXMArZiN$2mBI=|fhA{*&AFtX~M0YeV(mF)gwv4zDs{D%LCnV%sR295(dBj>r1zzYhv))-v1np z<@>U{sOjIQ12CE*efrFBq)?BgpI{O>YJL=nT|1mlDh7_RWbD*J17jrIOKJq9Bw?WO ziraGWSJEp==m@Cm(9{91n1)aE!B7M2eqgNmnxWV^O#5pKHIJ)Y&IUWZf^V!n%wzG9 zJbUl#67POHoUHD7O}Yu-Tw`*a3F$B!7iPV%d~j)IO1PiSUvKVR@T&gqghoa+2!lCM z5FIrc@+E$M8qfgneh-LIw6D8LOE$_(3t3mYIS*U|y42hHJ`i8*IrV?q`}T0Cx9|V= zP)R~15us912^EpsD3#+V6q4)Y$SwEW$7QBED2Yy;T++CtkV5X)F>@%6FylTn7}s0| zGa7?o#{Bk7=X;*d_xt?*`Tg^Ip5OEQ{@{7Mz2AH9wf0(juf5k=ul1bE!f~}Y^?nVT zIxI4dL;lY}7hd_nA2h&~;SGAg|FxpzEl0saX!u-fl;3(HH2)a2q z5m6d|_&4OO$2S$jJN^zf^aGaPx-2ZxTbu9)cnXRI%=`)hVJ>lrpvTU0$eGUU{KzAn zbOJahS%C%DSMxb3!9i#l)NsrK7qKm|69-J7Byj1IRAglXp(q0-tyD_J5nc#ttVGPF zn?Bg;y2|@O^!_u0eUShbV3M-QM7%Hu3F%@evbtSKWVnvlt6~Kn5&(ufKAj=EP6kEf zd2xtG5Gbbgy;*Rzqa`kX6;aIu@icex2`_D&(o~{0S(B4hPvx=x)bTG*W~W&J=gSOC zzZ244uzTPfOC7fvAsQ}Il@a5Y5>9D|Y6Xdtn3bR(J?>q%-r8wxtSnwrjb8VxRiR<@ z(+Qyf(BOKMSKrr{Mr~)k`adrFtvj`)oH89j(XiRfeAm(*dt`EY7ski(6>9$M)9 zOxGQNrXWf^ZrVk(o^h#yMcKgB{5C3mjF<|j`I7wl_%0NCqEoL)ar8}w-x#eJyJDw- zDK9HJ=ku+X&Y60b;uJq8=^2Iy_#!FFsF@=(7pPl8hXPtGu)rC66tx0MkHJTvyI=eQ6{6|Q!phhGC zfN#Ih8VOSzwy6-kONjy@{XI(z4qaz~hniszkVQQ$^NuMcDwqdC5ss(ByWi#)X(|7Q z!U=?FuFne}PLhd_w!7YRSxFN?Sx0dN+&7F z;8*HN6`pgqho-vjRQq@gUOYd&{zM2M4%UB+!#N@<8yZ1w^^Tb1(SxM}o^!WsY-u1S9}w!R#rBl5MuTG zr(u_Pc*xupI*K!my27v+Ty0pzPQK5}kXa|c2N?>+^5I7q+H%U1?7rgYm%KIAYTwKO z1Gn~6kHJgMZe_to*4Y5`Z8|nN1VdfFd?+u|I4f8)YJJ&5KKZNtsTW1MrM^GDF+;zT zDc492wp86t(QuSv?yy&L!TOkvVRraPDYEvs#GI#Wh3kTY(9pfMQ=Zy1sx7k7@X&Ka zZUJw7zUdAX2PR$&L^+fOC1BK@FKQI->^}eepWXhwtiT$ufh(p=2shNu!Ntkig)eBQ zt(aw{NF9?8=}>b2AN?;g<3t;SL*ahWhqlyAXGFXyb+e+N+|r2FYOsxs6VFx|r6a7$ zY_B|N9y8+eD zUdn@04xbJ>nyVE#4ez@5BsOn}N+bzq=8Xi&2pA^)y)o-;-k?5DXcm?2c1A`{7|^Ef zxEk0nDww^pc%nIgfh3YjSvuC9$}rI<2SaR^2ZGk>V)xN|D(Z@s^WS{;sY)*prGez{ z`_Y!npdR|g^&({X5TPtFssdbmXVsbs(XEO1Z?v5LBCmUjY1hxPYVq#Sifr&Z@PxoL zrbO$?<(e@VEh~nM>(7dvNkNgz6ibrqrtUYVFFKT&fUv%viHX{9pF9$KzC_0l^8_jF z6?v;r9P@&G#$EqQ-l1W3WVzn@$Q-ti@seO(>ComK@!h=;erh#>hD|XjD$eTNhRYrr zxe9Q$O5`~Ha-Hv?=zOOaRP;ycO~>h3q!Bqgmw`32hVNwdit+ZfK1n?Fz+94-%=%?5 z@s}bqsgjAo(cdoU8Sla8fa}|wli&p*SH!+IBTkhKGI*JkZcFS6(r=?2t6)1qMv#z4K%$bHP7^Q_>PUpVa;?!;`9uH zm=~)1pElE%8Kuj&K0OeJHx%Yy|4wqhdE4oGpr(9AVI6#8b+_o&+tgFwWLsb`AcqU#eQ4B`j-AYBqc<%vqvwrr)oAiltfzj-<@KY7)ogpz$Qe^!^y(=xP~JtP9a+Q!giA zX~BiQK4OcluqJA)FG%dPrP9Dj^Xc~-N>6{=oUr4{s}eITQmzwp+ZT-1c?^*KNgmP4 zvZ9tVR9+(6a#gKBn5cqF5?p7|t*=XWbe^(}`L7~qJcrfGysL!0%^K8FPVdmIAGqW_ zG5v%HPs)|le7&%2t90i&@tnQ6{)~4G=c9TNa^Kcn4S5#ZrFsXdP^+SfrfQ;P!BNHj z3cpv$xL~(44aynqGUk=@)8Ax;!$nO+)ppH!3|Ama9IahtMhf@Z+T1X1s(S&eAI_`~ zS+#Z?V(GX71FbLk47wO8=DnKwTat|dn)KuvXF1vL0JVCK`p9=L87U(KqWH;A9I4GI zRd1a93JE4)(QJ-Y6Yp&T*g$$dX~;8VT22ZHM5kla=3N*Hub{qS+(!#Lc5vbY7eose zWWT+zD`cFBW$0wRfJK&3A#O(IM>ECbqA&JQDd30$7E2odn`>R$xC<=k6Ry2Rbn`6lxyGO!kt;^goSM=hLM zq1oz>sF3liPtVEzPW=sUZvVTlna57uQz=NX0us)#A$W1C!;O`|z8*ZmGKn>K4|{;< z)b23@gD2IN_t1+E5Zj9*pzjr3%gt#O%DBcD{&<{igj zG2WRPq15i>7&b9n`_yVTKWBKAHPh4rJ8l7F46zw2h%%>R*d+38{nZGmgl(CJOe-wr z4WN?(0)aUt*MfYPne`X+|5Z$Y;y_a)^bK?>QaT3KLtYc!JnaD$7HG#QAo$g2T0Nu? zrANZyzgQ+2fY{o--?=YwpS!G*MTmGU95V6NV4`+ew&k+m8ZcmY z_5t|qlW#ebjWMy|Ze8jJqrbhOIwXA}hYyF4eT-b~S}NO%5ybuq?Cg^wc!|rD+wd*r z|3*4K_S$%r6cNt((P<=pnV|yC$1{Gxfc4D7)>y5}6S>ovHlhEnL(S?H!EN0lpBn4q z&zU^|;kcJZqRn(+Y=EG1CS@>*Thy||DNn{d`!vz_?O^?kb~^GO^plIn;urcNP1V>D8O+j3e-2bJuM0FeLQLKyqz1^_#&J~jj^)B-#s5l zFdk1Gg$5|4@i*nJ+3`*z_83?_q0XK7`f;Ms8@hwJ+Ti-b$bZjdGOf@E4u1(7|Me5r z6Ob6Ei&i-6cD1R#JbF1)*X#p;{lhtdpaqW&m#U>$To_T`C2OT z!WC|_yhlct!ld@ULy>gUdZc}Ax`+i{jwW)Vw8X9SQ?Z73LlK-Nh0R?ZWgwFwtM-qb zqYT3R1$oPP7Vhtoo)h1+ivUWBe%w^Id*-`|jydhZ;NK!ff)Ar@);zgIfmw*Wj)Bnc zdmTafxFn0}XTT;A)Y*rxsuufXv?ZQ$Lcy{x@yk zf%h5a?HK?Rq^o(>Ux>bWN{r{#4*wOT_haI)Vcju zAk48?(|!dYG4k#2u&$bjFY%IH*Di%K$&C8Boj?9H^E{6Tu1WHcJ}@AN*D5a`s3t&? z=G>z3U{}^d_2;~}2J1L(I| z*6Ds*m!n_Rf-@AUhPOyniI3)8OW)Tg41y4;LqCl?S%5%7J8*0I^t*p1O%YwC7Tgnl zaatFS4bnkNkwq+;-miH+IZ?a$R<XnMspOfasya_$I1L=N zaSV3_NXXYMj%~Mb86tRr!{T*JmbFW1`?MW**__*}PLpU!(qcz|Simlg;FI0-qCiKJ zw%FAw>Y+cqqHUABC;=^UqHX1Or@rQ!eF|<%j;#f_^}&lDtaRsJA|Ek0nkelUoqwZ=)5oN(|#22C! zAMY=6luEQrOlO%n*jd- zvvF6FcZ;DYiPzE<>JPsP;-5z-dg4KZvipY8uR2cD64JNQsYA4-VoIdMHNRQ6@cv+v zE~Zjp<5t|$@^9PbdcneT)~($mpD{ky2U2Bs1y?%N!Rkl!?@+xs?;k!YmYT7%(>LQ# zKJaHB17m}0sTUEEKQ7cIGS)Y;GXA}70bs;RS5rIv-&h!Rj}%%P^&~P2S_nQ-j-4M; zp8CzqO)1-%z2wf>;NlIcJSNH)A*ZJcE%H(2*=!;B+64`_e1L`spfTWGA4uuq(%?d^ z%fk3+_)|-F>Yt*G3p$^r1jn`(%-SidaH(MU33Y&{D zNtI`DKCQeH;JMxnF1c>iuV!w2bb|W?&Jx*oq3fH>gYE|x-u`-{=y-`?m%pgymhIBv zXz8M(TR-l)r2K5l9s%itholy33||h|+3&9XMPba=so#=x5k(QtY&~1H61fWIJJ2n2 zFoH;pBi%SdIy>DSN{l9kqC#sQ$}2eZP=Bx4vZh|NI;XrPOxiIG7OhIg2RuD)Ek9y2)J z_$hOL%lo2C!NV$3#S+BhX8x20y=c_#sh(*K5~R?rwtc(=KuOwGJ6(EH1xMDWH3R|o zzj((v0;E80l@`nlV=oc@2tA}k+(U1 z?9}XvcPB}$eV^17R=c)p@aBPCnY(+apDC7l#mo9V=Mo_W@Tr62lokl7x zrNBwEgOqMEfBS9H`5A&|bk2DKL?H$e4akgL6}!&X9j?x+nmy{)o>wK_6ie4W5|%4h zUioM{8MT~KgfbQXBD)e`$*M3jV*7Rva$NTZwL~}+Tc`T8=)Ns$Ys^mCH26V!ynQcB z3G3vZI%2>7CvaJLq2ha&{+lAxQRw$)yWcACD&(VLw-oP`7`m^-)AbF#8&P z{);bw75)iAZ`VXV{-4y+_9>+{vZ)~`%_ zX)jpOnP)MlC(>7H41ArC`Ap^2(*-%-Z@>Vsb?8skgc#hZ^!9 zsXgnS-a8((r)w%Xm|DB3uMjxy-_CZ$CVrf8SEcmnoy{2E=8F0I?s zW@%Gw*B8uH!UWwI(;16c9U%u}2X5w(gjppxk`#2>OItt1^pVdmks;>+AeSBKNv4{D zHDlUn|MFQg6`|*-gdjI3@^xdmzV+XZ;7+x}i`N`K2NL|WzHN)*T-*#_-FOrICov(= zdX)&OjoI@0|FN$_@lQ2#@ zwdwSm{#2TowpB61MwIOFpW15WhW0CPTDm_rB~GJhdVN{|cZ%K}<*z<0fA;K+ z1FK7V5+v>#e{^fN&-y3d+NI`3&J6_tJq`Q)u#7?BpNtfyH%TabR}J}{QATmMOM)-! zm{62|8}43icrOIBPzi4tiZ#p7`WTH^wu}PbrbF=k0(#eu;w?=C*!0hFU7rb-ufsI^ zw{_6=w%8##{VfsB(}c#vW#wbx0|x^Y@l7*Z!sb*tL+U$V4I^8^JkG(Q&uj^M^(#8> z`Ifb@$KpBXm;3Ew4w9?K(__hcm9zUKx70c=Q&@P z$$mQ}B(7&s{dz<`V!3Pnixi?=o>G6_9=TW()8>3kKrg{}2sUzVSE}FtpjFQz_~$?6 zZ#VqU#tr*~>FPQ#`FvfN{Htr|%$=}|+&!c3kANrODd3@Cuo75%h3PN;S!R#m1+A6% z#APl150->w&4CRT1Bv&7pZ`XxxD|MkBQbivmM0rq)>?OsdY*t~{JLlKeu2cObC7_Z zMd<%_&}L|%IWu&eo5ZNnKf9v|xF7{j{Z z@aC`Uvf51TXqfF!q-JHVxa~e48{jiJV3}h}{_r8wA==--34WTHnPDg-b z=WMtw|G@?ge#XqP=3X#p*lo4Dtyue;XnrBU*sg5;#2_G?q$%ii`=vs~7d`-<$0Cet znE^^5S30d~3moEL3^71%yWiOy*dGK+!8k}igB@F#P~e7z0MN*O?TVR`C`aig^x!ZT zFK$oE1_?e=BQB72CBSa)Uz0T8xTCJ~n&0StZ=BrrgveeRgv$vjw}8@pfD-_{PBL1_ z!X0enLGzgz13D`D+eVI>Chy(miZ-d8EBIhH(UV+A-Z3Gio+_eRTh26y4<3cDlq5-x zxI@+z0Nkj5Etngtu&?=C*7=NqA9twO#lP9CE~n`4AS{JGb?hnNv#l3tctj?0f=&p! zy)E_6i6nT#*$vK{DVx2`s<-{gmHNX-HQ<7}7PBg2C>h24fLLgc=2FYJmFh*Xj-}8x zHCp?Fq$qTd-tGEI@4;>)78gOq#89>Zc{g{Jiy9IhAh|oY#?nw zA8m>W5RoR-v^8`I+om`nJ;(HgERL2ew~MG97=+g_iXwKn$aLz7vq!TDpYa1yzqD*^ zo+zqYyo)91A_iW{1r7_x8%nAG`Kq{cGr>ANbHGlz4ehqxvsKBRXs{Yd z#VTwFl$bwD6i--`$XvU`^X}mow)FNuHD$I~mN2kN{RX#6xdUtfTk%ccN6pt*ozJX~w;<@yAM~#V8InX7w=s$R+PO z;Oy0P>CNphzth5DnZyL_^e9@JSJ;3S0&athr^2Y;gX(YlcLlv!s0V)9Leet+{=>mi z5jEBNmCn5adKLa(J>A`8we&{@M`N_N%!6BApQwY|q^nXNmqcx>6a`E#M$o)4M|9+J z&@~(1kJ`9JtTYUSieLxK=a*2yEX&Pz3P@Z3ZW(oy%dpEk3XD7&0%6oEVoJbTN4(q}&7OP8+To z`)j^Ekf4@ef)C@g=1IAIz(u)Kat0OSkb+mg0c`a$RQ+^jX>sJj>&DcrS2G8c9z{I_ zj=~&uC-v7Y=L|;f>dkuXymka{X<8yiu4z;KdNY#x%6qDhvQ4_K?WV&^FzFPx%(dR7 znA6*p5eF8d#$8#g4}0$boi7|wDYyaQm`Syu0K3+yvit%-E4Tx)lYDG@&S z+2G>*$oPrT811%1s2p+mOarTT`|6=#{ceR{%B@GP zCBPu`mEEJT)SCi&R$%uB$eCa}f)}HWNGt)Kvd{1K* zROPj*MEx@cZGkON&)+NJ{|wL=4c(R*+`RB}^b?oD9znYg9mej2UKK=%0n!SL_;m1_ zJ}-R!pJ6`V4#R7BqFCN!p+3M3z>_<24p44u2L(Iag|N85r}mcxNbM4&F8U2-u&IUJ znR$ zMHhmF`3$Zgeby9_N9UGq>RP4nU&^qhLmIXbt(yOGf~XP(y=wn)*20lD5_QS;2SQno zBU^X&9peqw@grWSmxR6tu8m`Pd@&TgdVIdihaE+z?|My>0FSzo}%< zvRoQR3>Zkft_$VHP8katI+j;C{@Ze|#274Jq>Pg7#Nz=vr|x0w{us#WrH^DUe;(=F z$8^XlO``ZBhbLpu`NMjU^`8_2TUF6H{`CAZsTj9Q9RK#Rf7P`I$UR_eklXEZ;H6Fj z+iIWPy?oi~j2i@^c_Ui)Pp55GnLNg+Kha*s>2Fy4E_A!$)~ei`Id8zy&%kT#Qf*lm z&hk4m+A|JQez7Lj!5@FZ!3U2(Pt}iUohm$X@dw`Sc2bAkwi?&f;P;}w&F!a?k=@v!K-Sf1bh%rNucj0#Z#WYOQC1?82|E^rmoLtlkkk>xZ>a2PeUCq#c502 z!d0;j{^wUMaJEao=^37Vt7NCy(6r2N;l#xRA&=ysn*C)X&g*=-B=`QMui*1J42?9w zS!jkd1@YN-!Yn~3U%YJOz8+6Hv#z+sFD*z^$Lm2a4%G`{`5$U(_PknhYY}YE)Tpm& z8C^!=e|{=sm>`sjnyvQwxb+5)HHJ-}z1!203wBS!zN?DTlG9;sd{xnKzzr_-CkjbB z=p^r;;l26996vKNA9g`_^pTTSy$B7T_48rBUr40E-+5Jn9y()k(!j(A(viFZUX)LD zYt&UY<8=e+3;)1t>>jy)hCjNUcTx|k-GT*oovfE_K?i`<1x)GVgW|o`#WTK@x)$5` zjg&|q`P+DO&*Xg*@F9z@6c+K$59)&_@1GH-;otI`YEKXGHaAK=D4t-yVTuoW9k5qS zJ(D*u=$KpOK}w?QgZ=8tWyAMR@H@#*SV`#9$ar_CLnZv+(Rx8^{`6be_WvQYJ}Wu= zFvksDz@LhI$+mt7+gLZaXeh~3EU5RDtJiIv_GKrjk^3ijiUoQ6c_Fz_*saw_KXpN@ zH;pH&h7+Qt-cN0RSe$Cq?cBmA+_FU_JU`c|%P~x7?kZ1o(K&JHN7c48hB0^0-u%~F z%j$otu-K)V7Z2^svk3xSl?i~Ppp_fJk1{iPCq>>Y1puy}sk`LMFd zwATI8uQP}JCu$pUDcLq*Qo}Ge{wx`arX4jWCxLLLM%>eMx|q5QZ$2TJ-%@RVG z+`d}sh9mAB=5U~$KM9Bh1Vly;%3QB-I$Yl}zZxL4meyE@6GxBz9M|PspXA7oNg12= z5}%2ZOHmGO#O3(KMqT{S&;Ngk#T?BXX_))Y*z%6?UXG##Z+PcFsE&*Y?UK74$sci+ zqQYd4db&-XtJmQhTE`o!QZn`jv(i>*+8oRd8Z^OIODL-1p%3mLV#@Z%!j#>W$9>i> zl4#DUM?=~}fZFhRr_P^t>sLn+{lcb-| zQ!C6t$|=Mja*Q;!eZFTC*tN8#k6hJy!K?i39cmvu*w%j)nar;4zh*wX+(ir=9mU-N zTvOOsr#Fe0IYu~r1!?8A{t6EtO=FU1oQA72lEY*~{B|0|;P2c}b5VTRB%`e=L9vli zy;3=kZQ?p^UwF9IY9CknL=9nEO-y@hN^CD@UoEBs#llbWbp~Ib->AZh#LH_oa#>Pl ztsx81CA<18QEN>KJGjZnwLh-KY?w3SY1vWX#WP^MRu6f?4PE_w#H}^&bi}}Ru8ryD zu?-@E{bpBp69A3REVL~8WTl1}rK-C!;8F&xcmsQYco{-1ta2;HZ6e3cITJ@x z%5oANEy6x_dJV7cf*TjpRci%*ngNhivwGR2v1o^9d*XJA*ZGv*R)o`YEMpNRDX zBc%Ybz2d=!ck(IwqE>)*-_k@Un~So@%0A%^`|_&x^Os1 zN2I~0ayyPYn(o-e=B!ePJg>pUI|`TDADJt%n>*}ov*u820pvnxr zs~&w&lo~x8OmY%JwSJkUac6o;k)7L;IUhd>k{@XCGoh5I(6JTHrH@3)CWw8a)^fpDIbEQNaXNByz6gga*=H9&;IQuRoWYMMd`B6vM zCNH9!dgOySybSAKci|Bo>f`UXkmXUgDsh=AM3fK0<^YabRHrk>{#Zsh;efK>Rr6c{ zF=>^72mqHggM5wCa}5|fAGe~i+L7dUe8~ORM?$ImeGE#K*pCFA^F?)_}YE@#Io+vU8gPc{>(Yr z9X}kW&1`Q{#US}Fwq@qJ74InA=o420ApQv)5DJrj63-otOWK#gRsIoRpkJc`P4Sm> z^pz*{*MuGB6*&5@u#T^T(PvVi}b zh+CZG*J;OVr?K3>gfPkt0Pey}1Fitu1C+!0@MqWT?or zyXW?7CL?qW#|>4Arvb5+XiHIbw5z6FpEUpc3gH($U8MgXA52W9yxxDVcA7)QaUzuB z6?B5~CECn&X5U`CssP+@bvmn3hZ;EA&I}3i4&qky`cGwO_9$L8NSVo49ZGb>C~tx= z?1tbUeIXhs9wf^3C~2Ooke;7oK`1gNR4PLRV)9QA(9_ODTHw>g@ZF6J=Sbk7#dt(_ zXp;86Syv|*Y|Im)z*#Mu8bGKU9d8VTfpW9FO&7gCav_0H+qjk}r>oPYr^oEIjQM2n z2&hjLHJVq^i{QeZ=NgJ(X-b~3 zhZ20u^_ji%B-~~&iG!N*n%CvKGgmj_b;uw!>sQe>2-%AK?tX8DesQxO+?uG zY+e~C)>Z1C&e>QE9i}NJ={tpaLvyCQ-4IIsa(>#eSMqBUh+Y-BfYn#r1U}xjo1jJ+ zs0&-K*`|*r2rIqrw5vUaLIE)}3u$*ZQ`S2NF^}@BMrh~g_ux>lMgaKcWK7h`U<`hQ z7%zFU6tVduC1yj1`^HoxN!Sp}-_;<&+UZPr<=+{*lx}upzOG2Q^}r3tNDMjlr46c% zehcd58_1CQ@Akg-i0v~zapDTTmsf5nZh~441aKAd91B7R2mMeR(NCfEH?(Q26= z<*)f4I9#qj0{Ur0L+Zv-4nejn_=ib%ghtj<<~ia9GoM$);cRtX_Q=@$yA(uQKP3>c zQgJp#(pSVV@F!6&A-$(FiHV$cDG{z1K8P=(z=-{6EdjgQkk4iay@$UTLy(04-*|wa zUk~y*2pNKV55P%~5qY1#E%8#AdG^@UaY<8*W;_V0j E3jiE3CIA2c literal 36747 zcmb5VcUV(h(=Lwk07?-R1VJe_s)&*Vqy`=Zq=eqPN)1w!qO^pfq6nhWLl+2yjx-4n zL{w@Bp-LB#5<-(u3?bxf)bqaQT-SH~O8$afX3bhNYu3y?_kM0-S-;~BG|Fvk(U%<2&b<%(tkZTVEMwc8;@mba2&0tXKxq(7g`S`H~%WZ0Bm0dE8`ggQD5B7fjOqNSU`*MbP z2IV_ayAS_)GvjeuM<81EZECl>5@K_am`x-9RqmPZ_fOBK&q5JCd;s`bW?j``ACv=49mIlG`8rjC1~12#N?zZ&CYm zU1H&J+f25w9^$xYtk|DR7r*GwYU7^k|2v(|x=a46-E}gB0L|tNA5q@)zw_jj;GD&*Hz5_^u4~vgB1Gvy!dUc>L+O(gtw>l3VmSH z8Q1TBzlXH`b2Gdsb+l=$=ZC`pk-$aU>rzvzCGg1mRAr0&xi2b-+uP`-K=;<$#HSIo zm7N~vDKukzlk!(~1|MyErO|n9s`(uB?|3=tPT)U_l4I2B{%0=gxhL75T#?Ib=r?5h z^QOdcIh3`v^%=VVUqudU4E)te!t5&GrUyTxqW?+M9WlyBBMETZe?<-cXP8LhKfm7$ z|M!x#H2J%cM9ujB^w@80WOfGr8jt-S$p0{+qVKm4Ph7z%yQJSDnV4821z~^w{6AIv z5vSBR{67uy|52C!KE{%F^pE%_x>M8XrT;JLb$Ti_PW(TQs|jQkXeF@$%p`N>})zz4Qt6YDc5tVWkl?7J^eN+?a^RLtz&|iqZ z9EO$@KYNTp>D2q{_@6$+{%|t=x)}*Vjo14y(gga1bn6Lc=q`U`Fx`2FWbBKi=k8r4 zn3WU2%aj!rief9_?>=~S9F!dYL!dj<~J= zIIfb=$)x`05#M=Wf_^3r)z+*`e^im+*fa>4MTYc1eI4Ve(OJu{w}T1ahjR*|zvx?6 zucc-?*exY*@A6E}3t@+#vVX)FF)1025AFUu$1&}-@$tvqhbsN@p@!9N-I=Q)P3@NP z+z#tOg*wVpOLgCTSr}*ks`CcCqR;u31j{>#kp;z|8=1leZicjOJH5%6%dnXn8pl*L2I36wR5slm7;_EUW zqMdn?ot2R_pAGtR?-{cesP2F7PZp*;0o&7m_C)yMaAK^?-+-om=!5$gJ}sW#@8mG$ zV~I^OU(U4o2rHiS{#s=0ygNbZ^103NcV8GW>82AeU#9QB>;9Nx7fg~QY5ey+IV}(``x7^OhJZtj@9ke7_USV# z<8@C$wii!$d=cy!!3L1m(Q#+m*tpLgsc>vjo2d01@hzC9Uy)mjubRNbQ4{zYwl&YNSQj+C)ipvp~;}2IR1iZgi-u~6Ayv9kmO2IGc{nbfZHj$fg#4>Y6|N?Gk5hPfj}0 z)?uuT8+tZvwJ-OEGj^E1v#`)WO|~`gPzw3>A;L7)wP~wZK5zvEp;BsFP!%?#-}ZMu z{td{y;gN#)-JsgXa!=sN#cOim8l9n1&G1?{_33&mHh?m6E}^)l&TCu?&40z}xI^uO zIi2z6!`dJeF}B_TGMlLqw4p;bk6Xw|aZr-P^Z#dIc?aExn|7w2r6tT9Y*`%1j4NMu zYcAIHh-}m1+goF%E92VeA(e-3+>UVE0n@h(GUYBcfi7I=2U`x*Ta*c=O}}&LPN()*!S#Q6A7KZLE(K$Ed4b;{gk#%;&He)Z*pM_?r*0c=&kZ!$9|{f*S@{-x;5A) zO(&r<@ilo6V~WVyr_;3i(W#@M%T?_k?XmvPWB)0M2m(U|ZakXY8qwDOVPIQM0TFKQ zBH;gwf*>d$YI9cDRh^%Be}A?k80>Cb3m-C2G;sXS?tN8CH1o<~U3%R)-sEBWsfkKW ztP3CycZjNwFZ=c7Xv|1US-$Mi`*K`&iG~rY@m3Do-Bi4rhhco}xn&ri&jNYW@yhh& zx&Pb4U~YQph>+C=>NG^ch;fMdJcC8BA{!k$Uu_EFqb+d$i7DTWgkxO?(69?IWB{kv zSk2Lg2iswVkrX2-8O^VCS3Y0K)vBJ=YUVo zRl4RE3~eu}@bqQJf=Ty%Oz_rvNd-=j1PWgN5OIs*K#z8vgYL~FHfc1Vt4BviTWb7_ zCVQ;-|JgI)a;ZLxX@N1&SV0OY zs7{Z2tZs>6tJf%g6KW%0{Y7X^hP8gJd!67+nF?KJa9-8H**4yQBlZSx(9XIpAfre; z>4<@vzQOTwV|#n?znNS3$@bVD*`7~>i9uBabM#$wv%KmTHPqOG%f6i2Y5Z5IXT;bi z_9g6rs_;~$@!GUE4>NHC-An^F)0f@nDKAw+w)e&y`ToS`TSubX7}@Zyo>w)XyK<9i z@n080&_Qytt|rCJJ5wQydD)a_-jrjZ92j=Y)99k&jsIh8rjB1+S&e=AD(d4?|y{Vb#say=q$&CVw&_CYb7zq%kf+K@pIzh3vRAwSLJw!lWHlb{oB)i%YKopiB$w?x(oY@V?6a`xczOK z;Wg``JHKYGTu=+TvSOsl$VlR~IMxdp0teJ?T)R*a8(P4BB6nhbz|ba$nnyzJx%@tt zb7B*KOr{p|JS|EG9fjtGz37opaU<0O4oPdFyTrt-RzL7|SAFog5Z5WShJC*QnQ?P- zMl5Gnm|eJVVKzGWM6Qjuv@-LGUjeMeCmRWpQQ*2dJNjYXK6id(f8+NIjMzInJ2CF9 z2qBJ5$9DvL?!+Odx^#g>k775{0tJ)E7VhK_i27MuB%AoenTb7iTPk0^%J>_(wZDxG0R5g zjfSYrJue?;U*avN>0z8>#UZD?Ig^Pq5S#X)5_ zaBzt`E3;0yapWVj%Y)4kBS8An=XQ#P@WA%`F{wFV#P^ujBv$DP#_C_&d=8Hca6v%3ftuuQRli~Xey2tzm-~hy~6*1|S?D2(j17}SY(s3jH+gFJs1`Xl{{x z*{$pz4lKlpP`DkI9kxB1{sU?8Z)o7^grX#1kc_M>L>`noMnrmGA#K$(O##m}_cAyH zoM=mraKK&U^XUelur2#wROx?D)Ql$3<#mS^Gs$DSLg6rd>4C*m7fjZ=5whe)H%}kvDe7_A zcOMgZm$vK?u@TeUfM*2_T^!!b32W(aWM$_ErKNA^qfI@b-1%2_4GkL&;pxHA544RC z?VB1|)McM(^2&Jq+DWA1fvj-3sKX9J7I3fu&CVraT|21tKL3Ch=VOzm)XvaPpftEz z$eb>T^WTLd#3!h2_^3|*+7usp@Sf~QXtR?wD%;)DK^uPH+QfWOfmm};*pi2HAx;Qk{3%MU#h`1RpC1qzb1-Zc*vB)vrP?0 zXA%b=g3dzUZKerua+-M)^)5(r?~H{_OxAqBF@`pA9?xMrZ>T-MZd{c8U8nlm6bY2F zq##Ycd9==7rtN)H11zx4l>nF6W%TmN%*x6%irI z-Pq31mf_JSSXl>kZfZ%?$8X7*`slSlm6d5{{~9k8I7bk-BW4{hr=E4zaNeDoaINef zO6)az!dR1TKB%?i7@yTEwLs4V@Wq^c|5WuA5x4D%guCdTN!I8KxfAGmx$I(U=@aTf z%`4Gvb=9gf@>8%N*KlOp4fM`3O&=uSb(yXUg(k|}5rBmcXht3F3@x4?P;*;IBh;cl z0}|dpED0QR{9OcgF}a?Xt!G+4%CYO3y6-y8{nZT`$Lg8AK&9s1yF0RXe!vwflymhJ zwZ^R{6Mo`E*9wJ-kf=AThifR0`W2$IG`3R?0!=utHvQ-29C9lEk1%+4Bkaa9jd`2e zfx zdw8)T`Ae!Gso;6b?{wyqIz8!f_>#K~e7CEnwLdtus%ezK;fr+w=Yn~*5yvD{z%-bo?b53Khp`Y@8?6)JV!_JjXmjeXcARJxHwN;9Ch1zla}coo<}1MpH&*=p<_Jc8?IotuhSZjBrQK^3x~5( z^aHllQMgSGkvAy)*d;D4o-XC>v-_AyX2?pz1VOES6~Dq!Vce7rHvdUE@R!8Xii(QR zYNok!kmy=MOM2kg&eV3$i){X!ivWC-5xe`*lh+57V>sp)Qbtm4)V4^+${jfayvVD} z_t?${?xxXsY#DgZ zE%qxAIO1hG9`zl5`8;>x+?GPROb9Gv-FFC<+lnS( zDl#h%fSIZX&9WWI9kA5W`m(mOJW8oy;SDaKr-d2RlA`PHjc%AiWu^QzPJ|Qxxegi} zw18x}%G1&UOBx^B)O=mL5k;r%FuH)nHgZ*@W%$9(i>#`Y|CLZQr_GAAE4Y94)g#M$ zO?eK~to$?sLIyRVdp|F550*DCb6eU&ItbA*#;5V;59J*- zs&V(fA1CLn<(Et9Hkxw8d|l8)I535q09MO2-5RI#l7n`#87hs|FZf0?vk<$qc^R7@ z6Cu-K6j|(#H#mfY*}os%`Hr#&${crCDP&eBRsyNJ?FMRewR+9xD_vnwZEb^ch$&IY z8SEIgH6%3I_|Wki+k;y2V9+JtIG!kmrDOJ+9%0LZw=|Gg`gRI^Qzt=u&7tnzXk%+l z%V4?c1E9+F@tVYLk!xyd+H@O%>g`0jg3tb2ug1UudO+f(&Yn_-=G|FKt+=u81Zf#; z(}OuRptMJPHe4I4^&CUP(qCFOuGH<>w3L)L%zyS6KtGZ98Qu5{)Zc2&Kj+hF{6mV@ zGvyZZ!>AP1ou1d2<*%55`ZyGLG-$#8VG>sE^xA1dZSqJ3R0*;7i&MegiW~r+#?kdv z9an*3@b(oL;Vsu0`Lh&?)+w#(TRB=hIX^lM^0}SqSyv_gG@NCbo2#p9_ww?x-(C|F zlVm&y<+_P029*BhBx-p)&zk;HnH2!ekQJi+*$RQnUspUh_?l+W()PZs6i>YGWxMz5 zE6MRtHR=p2*B7bgFOv_s?W+S<#N(kqKk*`kTyz$)kcjw8ddYhMi+#CddQgET79j;i z1Q!-&XEg(`Mtq4`nNnXtr!(sL^|4&j!cpv$u5^r_uab+=14xQo3JfKWHv?HC8~XFz z+pUgMwW=$J$&ZQpFaYPl+;D*Q-VQVrzE<{*Dx>wb?#AI1S-NlV#>X_f~p z*HG+&wfZ%p(DX13uOKYgq8*l~NGE>@e?61!$ z4r8<=VqX22JoErxupFzuKl^1RRo=@cd7fKH$v-MH&nJpJxWDw?ES+D)va5tTVi)2C zh3$|>d_E^inr@G6IF?vf+2Y(P9A22|75VwlC^OwrY!yTVmQHM#Y6_wp^%!0rr45A+ zLIcIq)P^qire3?7-5UWHbQG3z_PR>oQkVpbR$#~}V<}Y1LQACC9L3NaqsmZH{ZATOr|W(R`3K+Si*_*I5k{5*(1620zH@5z0+ZTc*0<%CQhu;*0B znlH;3dy|Wa!{UG&W_KKKsP_U~m~eD)uz_+`=EB_^(al~#$WwO*O1p5n^P&A|yPV?r zDmnSCap34kDwizS-Sn^_^}2VhOEA^BOq)$ZSt{kC53rBbW{BKk+v=$% z^bTQJInTa_e+WM$4b&6PvtQ!corl4W8uh3nOLnnmA@J%AX(I(n3Wj=$pjsdO(i#t{ zwa1I7y7pLfGs50!nU43X!O!4`gNjLMZ!iy8A9eKQdb%(rTA~4r?;IJd>d~Lyp#}t@ zd(Ayhd)(^1C;OeB4vP05_=vWbEhKjA%d^)P6gZ1 z$c4K&gG2K$-%RJf2yp3WsRs!{yj2_qexhWG1Hb314;^-%D`NnSGf3u8O@AiQ3^wy_ zuA3n?@O`5wS*up?F5cID48jP|SS8(JJ^xOXBLgy7WmW=1KBk z#GV#k+lacu^01ieC~G{Ny-h+Uc4d38#gDqsRfU#94uRnHw*{kS3A1e0Trw;%dp z3VT|sy2U*dIwYYqdlClU$9xzyl)aocn&(E)Y@NGoMexyG7HRp>lQCQp)>j2fy?)=V zX$m8bj9-uaD#1mk>rMkk9T5egTCoO|!DRlF4|q zm6j>qCaHYvugg_+`KjcQP!-q|5HTN@Zd1{li;8HRA6@lvdjmni$I3$EYws!Qkckh& z?tovg#)_$rUI2k8V@-&R#$~^kBtw8s5dNod?hjq11u1C+4rrACJ{4we zK3<4xLcZVVN)hoIbf@)LSK|_hrT(ofuf@_jlQp&i%+*?0tz2%Pjb)ABTtgYur$@wW z-kp3m_rhsE2PpKn;`||rZZ=bfJEyna+>#aF8~gf5YXH)@kbQeACBUOR zjZPAT>D0cJI<8}HyrPWR}8a^)+5naN1vlN?I0NE3bj zG;gCZ%w9xVhxxE%JgYph2ILjy5PBaYa+z6#cih7wX{fs?| zW8c2zgRpAw<-QttPh_{!z>mYujMGto0VR^ezn&$^Jj7~IUMjDheJki1_m7}Hw=fc% z@U4aSh}3JMe;$LC#x%u9X^AyM!Kdv|a1pPxvq(D7V|m`&y!&b_KyB(9QMz zjj$;V8(yrw;`7d>k3Nlt$4-W3Y6~>8aPZ?WBk;s zfei$C}cY@CLIVDbY&)!A%J-(sJ+fG-KC z4GA~oSY7Do;}x-regOb zEA7P>C15RmOL0#HF{X48%D&WW2&7;rbfsed@V^kXT@IeP*OI2FNOv8yNq5IDm4Slp zrV|&my@wm_Yf-XLkZ8#dBciHuoHo(hhV21ZEz^FSN7k-(*Kx8+$L04YB8P68ELgDG zM3qbUH0}F6k45)H!7BrVT=r{V3QB8R3R9`jt1q>{LqR6iM)(qt6|nL@d+BpY(%g@# z99tA>vW)Yz-AF3M&ntI}mu&ulg}rkz${U8$l(OaOrMj`+-pBI+e-D!yva=X*q!qum zHqRqzUEQ9Go&Wy%#Way>Lh)ZI*`A(c`{T3bC76gX|6Z3(GfI&SJZ%#2T>-PCGxUNN zTAB9moI90maJoaq%v<;Ro?)>D*wsK4M=4~wcynY1HqsSKfLeo7I3uiK6|8P`sUD)VO)_;Mx+i)`RVcAB0UU5A-9rZ`#p71@AxpwTu45moT;3?ROMyKfd@%J-xCxt2_i z=Sgbn>#V9@+hueZy0B)DOu63d-?>4PVlHkq*|W*bIVk|s8G+Tl6$ERMYsn8KzV;aR zZwJ^z9BF7j%q9?zB*z*=fJS*b(BV@lZbg{oCAodV^)Za$gJyF_hik-aSzXj!zMBU+ z*EsWLyH6@@@XMN<&%>xC$vse77_+3WJm017wlDsOMJLVOP;yiXw6Awcd)1rYl)ZXQ zR|&dHK9OWD^ui%$k)b>b=pyS`qgH0wP13xT&v5=cai|{bYnZ=RSkRoCa$ZS{9u{Zo zu=C8uph%|_y>(K1y0(1SYwRW`Cc)u|hb`6PFYbT<@~Ze%hNSEDX>jd2V22DoIaI6D zu~T+(@)~*1d+m0h>mR-w7((fj&9!iu^@SuYO;4p4C-q#dWgi$U@x%}>p9G52S4m0c zt+De*Lij@O1S?WE^`l~w+NBb&vAQtFDEcpoZuM1Ep*VzWp5R!k zV#KwhgKUlbBjwxm&|mAww3*P>8d=~(5J0LisoPyeJrM`wEE1n`)kD0;{0RXH6UPJ8 zGy5;c&XaUtLqlMD*n5b?uny%KO7k$#n0|ZPwK|1#*Yqw@m`UBN$9?Ky;1l-A<5C`z z56ESAv*FYGMX2sw%JGdYGW#hMl>oZ#2h89&M~M91r`Y+^rY}j}z`y{Eb{pzouTOqg zU5z9Wn8Uv_1LTM29X&lwA7bYZ4_FQO>`?*iOH#waVmQ>)5FlN}hyYFfi`}b}jXvN! zDj!|p5R>R!rAX1-HgiBc!0)*PAVN$ADNXz7qv(>oAmHWCUAZ@+_XiNKaG(S#bYF!@ zLJ?5K==gHO{akwa+ErCDu#7;~B_}6`C_>Bc$?~f&`9k2?Cpp$qk?ldH$Q*m$H4i0S^Q}CZmf*)-VHuUIM@*y2W)c zl+{V%?)+j&4md7?Z%ZVYb@Fo{Bd!&m+OZ34;` zSUjbJwGqt*gk`4>r&jHWq_{#wA+Wr|LHl^H&q8lzN&}ebmdtWibKh?!oCG`gWt6HP z3a|nb6E!s=bRzagBQR77TZ{Zxs9rgn8F57{{j`le3gL&D*ejMnSadYZ}dbxbU!QG<=cO~UO zAhz_;Cc=R?bZ9d(r;YBF2;gN;Gabp<1n}4JHy`y~y$1XbR#Nv6K+&SE33D79T5kAe zG%oB>v2$5B&iZwA(D$W`Hbii)=Tt;ta1Yd|&~}WxKx^kkeu1!XFy;K~ zhK7^o^(#d~Yv2{-6^ini8jk6K`$8DxQ*l+Wk&&^K?k5H6yKgZC$tcP{scQ99EQt1oohn7Vju1 zeSVc>Zf`yJ(ih;E1yUCdF`bM$Sc`-9z}XO1p+8Rt1?zs9k@hYMj5#M=qO`N8J5%oW zu4NP0_ZP)@+3lS*rgVX2%Xwev))%oejbuz8@HB5-!}d(jNKaDeGrTt}l80O@7WLvP z$=MuC&$s~srBVM^kVNHUezoj3KM>0R8n-Pw^$|wJ7)Qo_LKdlijs+@|YnG^L z!{|f~A5J`TAn7^)ps!XKRo!`L_71!H^vu(GkMV6_lL3-8GW@P=tR;bF6i!L2E&4F$ znhjjw61-PT{}v^^=l|Hmc-x&0bi-LB6b{-l;Y59|+h9|@(=apPEvHFr33;fZWy(-n z;#2^@Ve0~Qp2pXD4nKAjQdmvgG&Ai^mif(OE8mO$)gDE>9M<7}3_#!PwY0RX#;WeN z?*Kr|b)}$C98m~=Xt;nl{xO62pmsphTb{KLOdybTQ93ZC-D|O?nRLXbE>J9F=hQ&8}!BoC{^@YrrZzN6K-gZk{ zu9`Lmu2}AEezz!fgB34l%RYoo9kc>gXo5&JCDl_q6fa7$j3Z7CKF9~1B%wSjRtjnL z+JvkZdqD-(Znwd?DpAD8{px-0052wV_Bc%qKw-~sJ$A$Trv1GkoIEv`UVH@?#S^X_TO4)#JU!6TzNFr%P2g+ zgd68(;|&q-HKM9?EAH=1-WVyhr#%M|G%?Ql8vi#Kp3SdkpB>_j>y3^SK|1JQ-p8W5 zzUj%fG<~rIo4(PNlF>5ViS4bQ7^Gab&;>&Be-S+hEC9fafRXt5^ zGeTL`+EF`G$`$t$#2V=;5QEbN^kCZwHc~89msY6}_`uL9kZrM!6^78se7LJcQL&ZtZ zwJ~xzhhfI`YZ=Wxj?O|L*IrJ`7W#HVGGo@O{>i{RA-)tzPL`Pw0J%DWyCte(T{D#e zv?RR%c$3O}V{>`P^EJEz;Ph?dmxfB9p+W24Amu@?;GiU^gr(jEiX=}l>I|gX%(U;^ zji;rxTcIICkdda-doz{lV84~ITE;rkC?o5DGj@Ra`T+Fu>0;~BG6nyYt&s&rj`S<; z)f*L4%_;8Cy|96Otc#haa&S*-*%<|Il{%O1kcspiC7P-QEF$3MF@*q{6Z@ zG<^SG(kiUs2g+tU?B{0}8$;SlAvaRf=q}E}&(WN5Z3rpKG+TU6JYvUC$VMXo*gAqKG@rq(bma%6H0NzvNB<%8=D?4^f_8vPXh z+k~hPwQt3yZD8suM1YP^v}4FhEoYf_ZF4K#w$hz=LMR$nqEkOy@J`%gDvDd}del?N}tywO_~-;$^oo;?!(JD`mGl{w?@;-+ew~PAV zGUDg=&pu>9iR>)mNB@ zB#A#l>P=z;^aes9trq-z0WL(u;`IQSQoyQ;c5$!^+sd7nOP}j{x z-vl(Q?QVPQ(UB5MSvfJ?W@&z zjmzH&zJ_v1u+pMn3bRnTVEzs+0VV&k!vgg6l7@WLS9oxLzD^nn=@ut=WB#D}Vk*^W zdpdiO#bvc!Gved&Xf^jB^4Cn2oX+lTi#~cN&{3L{AF?xprj9*jw9SKWe|*fza+du( zuk&Iwyf;IUZDJ27)bt19lMdUk2-S~sW43QVdtQrnA->i4j5*GYaHnnCMm!tFgz|_P zOb8r3emTcd*zMnCobp(K=SUFja^JHdGqdq7&>?o`5zW{tmQOZQ0{D4+dJ9_pXYF&I zhri)`*-cXQAfg5e3M+B4c}jBOh^*CT?9(laNu|lA&|5HRRd+C?*`L(^u+|Z8QwPagw;fAcK z+5BYa!-_vGxU!d;bCx^aaxRK#ex)03Yekwo}I}JmJjjdEs#6 zqTfCCR{=QJo{Y4z2d6kwImiM)A0xzT^J~?3@D8c^rq~Ud)1mbTe>d9mtcvm{QC&}0 z(}7+#4jrQI!Tx^hye5HPfK|Yy-a+U^k4yA1Ay=vRtTd&0ApP(j31uK^LOpwqxcu&= zyiZ}q;x6DfJ**j_*M|Vs^i1$PsUeSU6x2r@hWG`&wP!}E8a&Us@J8U*q*N4E+@Ap# zn51x>fe02-J5|oyl^n*2N$u=YIn}1$sx~H;PfJe{T35)QU+U-K$O`&o%e202zOT(C zvx7nRsR5Y*@k>ED8>M##)rx4(<^e8urwYegNn`7{0B%o*Qc5wo#KrmisgOk_@@W_O z*)q!ISg}Mm;5QDnK;8o|HGT&7Un8d`;_mSi$z%Dc;nE;4jVrvC2e#vIa* z{Km{P_uJSuG95h`uEaf50Tp{+3XhAbH7cGnUO!b5Uv-$!5mfWdbl|fKxHc}w?kXvt zX6SnR)3Xz2@czPs*BWSAvI_np*zjJ}lrdvK`W@QPEgT)Wt3 zILaoGAS#px=bZE}b&KQmV!R2$DFMgNxB14g>Kw^ehu#GF4q(~##FB#V=dLs?+*n7H z{#<|(?v0gNC-0_7!FG&&N3Hq;UX32Xl@4|bmE{@Fewl>`kp*v>zFl}G?b({5_Xa+? zdFRG-LXi9ylhQDl*(z|G%10i(2TXLkkP(u-X%D+hWd zP}D(8|0bRGPLM2|d?(Yg`IEWVqpL6%Yg$E$aMf_o?@S(GDqPTh89Qhoe6?C&aAw4j zdkx>yLnuU-CE$;{<`-&T^n-I}cBrIj%$dhIXR?W?c!X^G#*}tDw$v&9tR4B7gxG0Z z&y8ZEzzTW7z};8&i>eLSr&bx=j#^8%SEuBc+OJB`zezL$pGm|U;Q(w=qdI$)Z3ix# zKc)_KG%CK<$6dW`2rZXuv(ff_JTY($6)at@P-y&eC1glVB7U6UjN7|#YJHhg0!%V(-=7#e4-gKfIOdI= z=1~mYs>9cYY5?fM0;cia@Xu?X%NEt zvQ!>M+g^S;E2;ZaW#vqmPiJ?#xglrAMZdk3ts4Q#&smps(10Bgsx5)&5{ z-@4}7)c5LLjqge5d5#kgmWSJXvBGN?I7uhD(@^>imN+Xyy%pigq^V6ID5BVU(BC&m zs4%t;v38N}(DAH+N-VFIwv0=c7ZSm{iv{!jq6yd)w&+)ue!)f;xGxL|1lU(NVI7Jk z>}A~U{5Kj6@teSGeQ3WHZ=7EVom!Oc7qZ`3H(bD zlWy4FUgU8<6@Gj2I2U9p@O;@kP=(%L@*lVPXHKGAO^yPx+~ZFrnP z^znla9ONy_r%vH?UVMiRkVC%dG|Q<_^TlQlg&Gs`osfDf2`^ibf4#&L0M!W_P697n z)d$;+x;0B85{UPPn}YHM3d{3i)Ai%v4R&~Euyw<(P1uttk7DzIVC^^oo>4@p=W!Tt zVg-*D1<)W9OUU9);Oi8`IbyZ(Kx;~A>jMEV#{|ipE`A_(tc@0kQC1Q4Yta`K4DtCc zKQ`01t-6yFHs9*({Og+$;XX1-e_EuhQ$v#?R)3h*mINY*m#qP@w`BF)+zu@hn-aY= zAn2L-yM6`WdPRVt_4^ATI3K;qV9B%rF^Nq;wRlg}kS^wtE}9naCs(`SWAwW}bv@dp zW?aGk`u;3;d8lMWhjbeMPOnA{<$YCfq_nSD^_VO};|)KKC2XtfW#Rr@U&y;150M_n-Te9))v1^CM#TWF11^XdDs5t0z?Kxf=EZ z*!0zp2qTK8346EumoW#U-E)>%^YN^na2fR%pK$WEv z_Rq>5-Cj)PSH@A@FXI&~2}cKmw?f{M9*umk1VTTVLADvVP7+SJmfQ*3yf;`=p0um0 zD<^-&u_g?Lp3tkx^7)x%U!H7Dc$nlj(*LhXi%xCd5&8S(T*2q_NW1LaqS}oWCslzo z<3GmR)s=23IT84PR>2?jzoS2Z|v2c`t)VGx4bQR}!! zar!OkSH=lY$mCJAA9MsC`}@Jzo;cnGUcjuKEJpCB^E<@#Ig~1kHh)0t%}R?4D5C$D zw}cn6SGdrPD1HU^NYnMNp*$xI+5LGX{@EciLU=MQ=^bnUe+;h>ANtO|@m~d0Rb63@ zCgl2VxnJHlGdye5xUMsMe&lHw|6;MB@73&GVW~dum#oq(JIW4~^QwOZKhC zvSLwsesjHC7iVK%dv@8FXqndXE3pZxXg|FP(JY_9=zCow%7G(cPJGcZidW z@SnQ@^sZt2=4mmfjKuuzy*cbF9i_M*45X_0^XW>fPN=RX8@cx+D}tcp*#0F-sEmGI zTAfqtnWZT5u*iYULGDYFTRU-?3HtF_^i~(JZ(Oo5S223lp4k!DxT`I?QS|wtCd(16 zs5y6~G`G8#KaY*voO6iT3VpG&-0xGqdu2ZE$8Lacw#&xW+t08Cp@k|Z#})Sx>pA_A zo772;iwf^wCiYZ+0J0XyuXi@-uI7CN#v~|Uy{`+qxU%^ z|5!9<1xi)wc;7xL!`-o_2?PxeDHD0ba$Im-!#4J_zK7U*;w|Ieqmv9H?i&lhSUieneqKr_4cDd3^}J-2Gl9Kk zUG{Cyi?BOC;xXS7CYPtgVDGPCbSBO@_f}~Q49fcpLB5x+>LoE3DCSw4xky>4r}b3n zEOld2xRhjz!|s16s?5?@bxA?FFA3z|HM1T@u&|{*-!3%{E~V>jhN|-9H2^jx3>uoW zizQ%OB9XQLK1TzJOD}*Lw?+yrX(-iV4AS2kH<{-Nc>2o3m6j}I*_#ZAH$2yFyM9XAiMY%xuG z(bV!a*pxg1xgX^3;A}P&Z47whEpk7dyiugTgnNh#dDBxZiaMDzWVKVtOKw_H@epV( zwa{Z~)*q;`IsVCZ!TK~zf^hLJ7~s+=${mSE)jK@sy!5)}#fsnhx7Hce#)sOhOU7Ji z`ntAObO1#>RzzefJAsE!YS60}*b%NoiH!V34*j>*hpJNkS=87f_BiotJO<|AW6th(zM_IDd zOkfo!Qb)EL3SIGg572TYA#DP8ChrO!HQUME=t`B6@MBK9_y-J=R3DP}&mP?h9ih9y zE7vTH6M>_xAhD;46qFz0*p8+@q#x&?2;{#upd8+mHM?8Vs#}9d5>F8yt`-~K*ZG-M z0i3HYeU?AyYsFdG`{7b=8b$DZq0Ntee!nZIYPN9GW6ZMb2JAF_F4AO#bqh2YIQZCJ z_G}a*ByCafpQIkYn{#?QPqNsgqU0P}8F~8Kqo-j%w;{$2DQ{J$PpUR%jGFMQI$?Wr z9WIlU77HTwt4)Gx5N^d=_Od+whKqaT&(A%}X7c4QeH4;k8{- zku#v5h!mM18tb~GM-Lln8WRaPb!qtbp7~!~eRW)vP4~WvfP$1X2nZ-4C9sq<5`rKg zNJ>a|Bi#}rAt@{=-Hmi3y);XQA|M@0E%}?}dEWQ^et!S0GWR`mpE*9Hc8r}Vx3=@l=&91kGN|EeRPmo7q#5y(kRXC9?pn6io0p>VZc0KqwrEi`%X zp>XJ*QYI#=m&cEwD*%QR3*Fy39PoL6dfu0tP+q|*xXN)>A_P>vb+>#^HSE-%5@8h| z0YEMk8-T`Q%-<2?^T8~Or`;+88k!SzaqRb8l9CW{05^ZkX~Jb&eap50z=BHe6Gj@l zQ>98#)qOQ^O0KnbpU?__!)avvPJO|_qqd{dn*7S`mTxB@8jam){0YEFF?;cFR1Lo- zs)I{6AojCs%>c@C-^zANJ5t1+I6*;qUGl45IRZC@{eU?AmHig2R|$F;Apl+7g#;|5 zj!4kfyniKCROHBbM4Zg-CT#G7v7o(7N}6FUIz0e<=B z%^N8XF~u_deP#a8%@k=%iG+DViVYuh!nuNzC;}Zs_5AG-P0XN9FJF`zlTU) z#y>jyMvcImU$Acb9zVZEwe^-{+_0@pO_=0S0dnhN*!E(X*v)J3M-s`*3Ckt&*4}lQ zsmyDS_y>sp_CTmU#s*)Gx`ORY08-gUal|6gPd3m{V9yK#;U?!?^wuZfsG z90N^{CHB4UgoO%BhnGGgk}@4Rv&b3aHS3afE*}vwx2~N?+#FK?X!`y}aT1gyjEs#h z+aZ0_?Yjxe7F$EXf65Rpr711KInw|ytDj24Q=%?6?H6m{OGQx+{&5UWL%fA+P8G-~ zb@LZ_g-fK;^Q~lfg`*(s&Q>DB1IAcOiMq>1n*TWxXB0|Ai8J^CZ~jC92FmkK;mzu8 zU6^R53(t#i9Im0oVisKtRUYV#{kN~A20)SkA1l0>5|UG|yr{?EDaaJE#JcZ?qe!ch zpD0Z_tD&(^v9L?QjhCZP`}B~WzP_`lbt&vq5pJG?wU_&4wu{Zsk5`Uc-8OO`KYn}) zETH+Mbdf8-=(gBrlv6R?8PGp2d%XKP{NnFWKy+J)l+JmZp#G$B^tuqLaC_hBop3WC z4g%eL{HWkVOA`kwAC1zjt?x5^hbhp$GsI(_GE0@Ak`dbTtt6Bt9M!V)H6{K>SAI8x z14SxPx;GV2mA_7tlY4(h4%00FgR0!u^X3CrhA^3m^MtgguL@D6lL1ZP*5EB}=95I+ zjqB$?k94_s<@w5M>x@TD$tH~+_Ywb|BWRd;N2-jvw%fuEs%4BQ2fU*%K8KUTmLoti zp0Ya>JQ}RiPjVb^>gR8meS_-#R5w*bxH+-}g6)>9X`aN(LrBz!UyF zWo;<<;5D#wZc$NDgvHy}IDA=jyFl~bqB$+JifRKN$}qRwU{6G!&jVJFo!QrPV8r=I zuuJ6xMwD&SOS&ai0LT`%_*o8~Ut|hDz|;1H&!%DGV`FdlSQwks#-+4CsR7lFi0@gj z8bddVpYjvP%Wn1Ym=JjziBChujb)3J)7_CLe_b26R30lUGn-M^H zu2A%0C{rBuwTa!-zIcV}nfVc-cmZ|h z{Q~Fu8VbriFQb7kuEmwZa(o@0~2mhk&dmg zb-1}ewY<{!6k;2f#ql+2s7K$*yuT7olYWp7Smjs2!doPXUFV2l^Zc^?Nj(OXzI#LM z_~TUM&ZG0j;j~COdE-zert#VFo0;=IU@MgHH%J895ImDM0Kr!Gaa;1s zrV?~M+W=Y$;Oa^vg{${`iixREsjm%>08gCw;X>pd@{J+{g z@hf+%g8xH6$e2=-WrlOgxlH77W_ktVGTMM-DtU;0|7WQlHj#kaX7fD4W}y+;xvVG@ zrCPZ}%%bM`9OM;Y<@177Padn(?T%Eg(TUnZhyzEg=CXS4ZU@Asrc(b{Mj8N(RVhk_ zncQ;e8tN=c5@&%z>5uE)CGo0Uy1fC~`?P!^mqo{+=RUeh&NS|3;pBt1Gpzv{@8vPwd6c-4n zaV6^7!D-JMgwW@R9`FOqhM0_za?0WoNb%04d6cgj+u?w85Fy3=!B}=AV&s8IJoy>A z_d-RUW~J$FnyAm!rnfs?cEyO*Y{|S+4WJEdguR^ss+`eFuaNAqIvVVkf!2@|_PWDS zZ@{xyFb+bX;TWw9$pq$B7(m#*T9RP}>Y`=@xrYEVVo3%GYo;Qo1e@`AVP8xjX>P~U zbtw9a5)X@(bT!)`Q^Bz$GT>}%yQYP;&YZ_ubpdH^ZhIG@kj6I%&)nQR zc%oAc%56G$8+`$KGUqr1)BE9x^q67fNvv9WfubFpIQCnJ2F#8+HCj*nM}GL4!4=Ru z7ae%LZ&FN#P>Q_m{z;1h3c=J-(Y>K5P~F0nGOaP1m%ZWtTQHd&h4 z#70Vk#dyN{Za+$GsNG%S__Q~DUaiSJYrTx>WY!{sd|(k|w<6Zcou!dgi1=2jvERJi zU&B>f5Z8RwMR{(SdVqr>-$1J^MMrp)V{R0Z;TF~N$1;)RmCh(>8qnSzOrX$&Z4{5C zX2*5yM!6Q3<2EySgXcQM%`ferY|MMeR&>Yon88snGgOVu+)fyUz^hcke{(^j2PXl! z1h0PGb%gGQtpKRups=F0EgMk_OBsa~aF6g28_Meb*wW5Rs4I zVAH7j+XL7QWOaB?O(E4`$1>;D;7sL0!D|tF{rr5n=vLc#bJ z-~voK-kT9I;uD`V{b(x}EmjsdW4bV))lhL^s;ibf;*4(|*&40hY;1h&u&bgd%wyQu z6O}}q-e+ae3~lZcv!KEX%fe=_|LcYxfHh9^RUk9p_nowYIaD1bi;+{`g8)sRymfbC ziwT>SysF62(|3rTHIE}LtG1o*!5fn_nMe@A?MVPbNO!yRjwHGQR_FU+6nQPvIPV5o z_8N66vc7?Pu{w#edgYskbBEq?$LsyAojWsvREwhNxtquNTM6PNRYkaZ-65XJ=P-+; z7A85|o^^4vyAFClRj(#qF&GX#C@3w+skVjg`n#ZyVP!baVI5beVbNV0sw&x@d&&FN zw$McT8|d&QK1_VNoy1MrOIF$T!v_jKQb{b+cMcpJiX#!~m+yPBad9Jc)Rq4W?Qu2J zB$r-^vmZIy0CLOZ`zCf(B8ii(YjWacEIwMLC3XH@u$Xl?_SfwG_)CSA^<$xzaRd8L zfM3CjmvKsDjFmPy*faAjvmol3iFtFK^)x(+(kflu5tq9#C{I$}cF%Zk+2)nQtg54X zoQuoiM&m4J3$tP7X7k7SdPP-s=Sa(DmO_ir#j%|Uut_d;3Q`EtamyfA(9w<~=ONg+ z7~pnvTFejYDXMqIbhfOvSk|t#xr~U5GyLe8*7fYQjkZZnL_ra6IikSiV25IJ;m1Lp zxXCcN3HRTIYK~`XTDlwtPA&YEk1SIF#L_FI_)vK9H%yc&bDhSr=scg53l zzhILU3mFG9E1emHcsT##OWQf(bRgRDi(44LM590t!m`mxbyYZ0)&6})O?EMEbxmbB zYx@NvS6}6P#s81w+ty-V0Sz?LVomcZ>wI3-Zu+r52Tb==Ql-NwBPXlw?CK+=5?K-( zQN)0g$=xii05jMN*aKWueCB0pd3CXT>w?t|^xZZn1sU77bHa5)F#afjFHm=%;#> zS7f{z5H+X}=WqA3ke-dZDGlqzN~@fwJ7ycg1(fUH)rvWDW-q{`;31AoPPBh(ozKk_ z4Q+jv_8_JOSC-*5!Z-**RlHtwJh2nW0j5p_+*O$Y_c#3r#y90ImiDi`yV(gP! zYSqEsB8=$zTz9b8jqkh*$S^KYD?Ey67kW?-=axAQ+B_5XZquBB{AcAR+^=ZdSb2G(#IH{mbbjb89-;tTeEy6SSQo1qLiHxu>YHCl_U+0|M@_$?|`?(pErj{6`-X{v!ZW63b~B{oo2H&xlwF9>UMdu?&BZp%Xs%n?_oOjoF zk}f4+dh?z~)$bCOTVC<}bmo8_-jP6L#=Vn0sUPKeSY`{E7cOBqy|RB*E{zwV7C$3` z{BsQE{j&9Ep=BL6mNi4#qh)irY|Smcuo&Z#KhmU4F-L;t#WMDg0WH^nx^d#K{XXA*zI- z$l(V`k*|vao7VEM90&kntt}Wzy-R0uJo3{K*)tpI_M<}EGCj>aq;q{lP{MnfN18m3*jN@058P2+B-)MB=fMy zRKNMA`%yE?NA=J36|b!b!8XThuvg|O7V)rvZsep?;T$Qe=%O33&+{O0;9v9OVPX1j zGOX)HGy>WRG4_0XT1vmk2Vw^uE~~S$9Qsxs-3V#7%b9u7pC2IEAdN+K zzeawf3D=4=I2CnqLrWUh`2)NvbR4alto9J~B6TBu1%s6q)W+VBVmMwOp{H9qLv0`7 zoKGD2b&FSkoN9bY^YP4wk3KDhLN{4PFNF*fOE+BRI5pOIrmo)_zd8S*|Eryk$LobO zcjB6ChiVcR%pRFFaOHu?}3KbDm-6GT*NZzpUugn)jbYRR=?)ByB}j(Q>&IR;L0)={m9eo0P| zUW<4C#I72>Z9OS2y9S)81} zQsZ$JH~`zr*mts6`y^3|GOv;08QgxT9wPVH&G(##LwEY zCR+w$<+EusgbaGDzNW$<@3hyhTb6&6I*vxB^Jk57P~DahJSZQ zjDQ7Gk|?6E!6Q7gQxuCVJkTQT8ZofdI_J?a=P=i{vyHg)OdT3%RQb`|;+Ez{iTTm~ zBo1!&mQ~Vz1B-%8_gkRlarYk)lDC@r29+YXb{+n_mWuqaAP*7DxbOErC=e~y2u2&{ zO&$!WBhk(a%fIeyGpbQ!_U22@A#v-BU}-L*;rNTBE$V}`Jq%?#V*K4);FJlgIDhc= zmq;cv{ElO@ICb~#0aCz`x6TWK6t>fP2*vk)1AWdr`Ny&@(B-NNlH-YUMGc|!{JV7g z%?L(%?p1LdS=x3@nsmRun(=~Nz{1w<8V^ExK{a=Rztd2^eLQPgAx*VLWzq&+tf?tA zW6C7&UHf&?1y$5VKrJS=783*Qt}xX~buWDuHtX=T8yyo;Sui8V6~A)E#KQ$ zx}yOxi=@N_*>j`^LY&gaP$Wcu;V^>w(N1Mhzhb!sWSS%9k{jkk`zeIM2qN`f zJky*cEbH$i@w)edNqji)||k~ueJcZ znz|#k2EBY$)p9e)G$SE;&2_@M#61G*9<$I|32AQLBeBJ1nu(VEF1l*Tx5&>t4n^6< zY&0_dM>~bDq#dXBe)S7rF(-xA!?aj3`1O?{Q-!(Dj&@ttx`J@l63>@4!D}zQuOUPW zFQ7N?eXLgPKjOI{PnsbC@|$>AOg3L8r8GD(bA4}AZT@{oV)f7>qF(;plg!@c04x8w zLd7)XYIA7b4B+q}t}v;mMv6U7#tTcEJ{Hu8QWINB6EalZu7b;xN`#n6@<8cI_)i)U z(j!)K<=VTL$nj$0`e;63n29sDUdp{|{@q5BRm)c^EVy|*cEjnVJ0SIQ_-b?Q z*!7jI7ebUA)@rnad-u-TjTORs%&=%PNQm-MC4DLMbFgXOJW7Zc@6lT{nC_lq%)tBk zl2)>aHk0{Nh}^-!!BxneJyVl<{EV$vuV0^|A51@B!bJBETJcQKAL3S#<*cTydfQuwi(5MkI`Ya}GOYjdl_E}#~m;!bA6 z$r7Cw_}-;NvZoT0+5JmO6NJ5E8b8lcjVtc{9yPblJ=zSa2~>M=?`G>VZ4Gjb1>!Se z{%LC)_RdSHQ%n}Z$DDmxdh=b_H{S)y9o>854E(3F7tL)?J|USjeO&CZ(%2kFAF1b> z>2kyM9IC|{;;0tCEAt`4QlA|FrSoqi%U@t&B`N7Agk2!D9b1@a{4b45Q5Dju>AO6b z6U<2jooz2C=6CE(RFadlE)k;g8bD)$L=?y6n#FaBv23TQrZ0tWT=%Ie%7D+NXg*&? zgSSgMwfgxh*-hQ&;XCQr3#WMb7j24wC^TK;K;k^6ZhIZGl0OWeZ3g1)nQ(R~cWEn{zM)58DhZ!TIOptCV6 z;=^e(yPq^)H+xTVQp^%R%zIV%%{>C`^gU%lq#zoF=?=pGV&RtkFA?shjN6EL8VZ{m z6ZubFQkq!^Z^e;#auH3zElCM5LrWBfcnp%$_(%OF1CsnK7zj?=akBAqn= zJ0u4`BO?Y1b*D8rbz$u{HZro?3V)}uNW(gd!x;(catJVq&fy~SZLFUZQoE%-_xDqHnTR` zt@{L`c86{Hjx*zjhfXzd9WG!8e*HW$oM$glOQH}pCi3#K1klj7kK?x?AOpbfSOP0{ zQ%riCTTdiC+t(G+hlB%T+*Ucu?>;aw{L6OZV=vnL{N`rlL6J}V&UY~}48-JkPwvw` zWA8!uNYMVd&B~W05a8>Uq;(k!(hT$pF_P>dJ&*LcCQ&1wfa7t*c{ex z5T|V5iAc2SSALU~ALWc0-zHbRFUKj-ITF{q3p=ygF$vYJtdWP5fh}B%rTD*@2Ivjd zY^*t7xM_=W)5PUc>r^|BhVdbE(@ty#2c<00M8(zkn;Lo7zPfo=ZRYa?I+B$1U-!sI zN==tjaf;YWiBlo2=|8=CrBOfr!rJNWhnSIGZAFVm;pi~;2K}S<*hXO!_eRUDzIMOU zp(;hs%S>$8bqxNUC+s*E4n6JTA6&k=OhNpLfd=6`wFaoUoigp3`E# zRT%&++?O_Zdj-8ps}7ulmS`)Y5a-?H%}4PF_w9JQ*oUYB;P6 zYDwlDyI_^*q>p6978=V=4Y!QbxzmJ=@WKMXmwIw>SUy^3q zHa2TE7`VNRmMc^)#b{P|f0nigz2>3)jYY0NYd}e^urB#DlleClxk7#s_#x>ZmV;j& z5tieW5j{e*4}Pe^!4EpH!iH$bNUOY1?llW_1wWoy_L^ZuJqAw{frT$64{Yxm!H>9V zu(rGkq0V$e602*3Q}8^CrG+P^6L3CRU4jv++?5Yfq9MYe_`OZ?k6eqh@@5n^3^Zf zc)5&eo}*gjp2#R`V6+T0au}gH2&`Gf$W)r{u*e=!Ldt#+lW2|QD%Jof#B?6yJuEkr z$Omx>crcBpK42=fEyM#O_JxpSCZ?vc1EVpAbeh47)rXpqeP;3D7v3#AAc={=dN<2| zDjX2UA!4AR*FN)3XyV_v)rc{Wa{>jbwK#ch9Y^PHkfq2CvFZV}JPIjP_;A zb*ay^xWVPw5j;;hGXj!gHkB9k?rWNDwaxsDR+D?R<3JFO8pz5RkvudbkAa~+$GaGy zj_RK5Cz)>6)fQ3*q&z^?O@BU}{PF4n`Oz_ZAnbuigg-=_1ApDaIO||9n zlq!S~zl?-cLw{}ExU|_~%~nLY83@uNk~<{O^h^)_^s2dQLA?e-iCK!e6reAy&RI{PG(d-bNcwl?3N*v$5!``Gm;!hX_tbB?J5t_aBN!=+ss>pQ*n1K zsOLKvTLM+4nzVcUrQm)gxYVU-YVA2{bfmlrV=(;Hb+TBaE19~|!LW*0OY<14pD}x} zSg$~7c|>VDRo)uT2GW6UM_vBNIoo!xrVg>G&VToT%El3 zVVn@Hk74&ncwO1CpFyf1833}Z97E3RSngfAVL$60jeA!xl@{2|-BqqPZ2V2nX4iuv zEe@T-`*?r3dlsG8wy5#)c(&MO!MkA~Y&CvdwGa@D)F_Gk3*MF5h+ZtaoV0a?AA2m> zUJV?sAD3TP!-jsxh2?~}(D6XS!aaR|*2-{qRP+n(HX7=oHZn$k?p?TZlAFXrrnz0x>wT={uyN7{LJFOtLZcRX^xzefw;Ge0o01Pc8hZOcc< zOGh8rW=UlbE|u03?=%o;JW7&0@CX9=4)O0tkt@Ir*roKj#xzyhAGm@P$i%X{vo)nD zewy6BFa&m0oN>=OAS6?B5S|p`3@6aP`F0AXU`Ei&`YNg8wEy#1MH?>dkc1xQ%*-q` zm|325^81U-56khQ^|`sIle%pR*lUi4tsYKRqUXBu$^0V=CgC*UxiuIu7}0CsPMW@j zRhTFX_gI1FdbX7AA`y&ar~$@g#j076)no4|G3ZBsYP6t`bb7k{k#@jKPB;2gXMYA# zw<=Pqv1iyeAov^u+tt_@5{yHs_J<5NtIeNgxq>g{Qg-pD?Un-fKVva`6)3wjpM>L0 zCDI6f+%mJ}R(s>8d`SILrN^-TE@shv(n&c&OND)CQQIFhUK^RW7+(%W%7D&?uCyB8 ze7EU*Cu*C}`~_v-gP@17y-jdbH%cmxF4ZKF<{r0w*t<*q2F!?0BuyYlr_{vIMA-SK zP{pc*!3SH!*fH`g`#DJwck2ZG#S;vQZ;hRP8dQiGAqg4GEF559pgiseb?w@6f*Qx!CtE=|Ehz89@J1aiMrA5IuPAP;U&|jV;R6w96 z{df^({fn>*Hstw%-~qLz9BQe|=7D-DbzQvT?ucrt8|3<$h?h91C6G$UUJ_XEEn6OM zAn+w8k~8=>8Y8^5?p*F!K-{rND^&fXn_W$Rhna)qZf>f3-%jdJe(7@Qk$Js%>9Gq1 zx=Y~>)Qb73Cye2zf99;sJkA@>j2#m@5+j9jF_LFJ<$Jvl-Ld~!!|xONJ?`DNHZ-wH z=wZ=VqQAlzlAPKy7?Kb8ds&Ela( zrTH$J6;6A?n$5TBk*wY<`-L*^ruim+1q;2OYljib%Kx7c!Wn)xzp~ot3hQp;r*>WP zqazoJrMvGCYYoYL!}ige3G9ySW0yIh5TgYr3c}L;``Q1s0_Lb)8b#&ak_em23hw(q zx{TwnGzH~p$bjWrfyWp_Upmd+LK>{z_K8S&zO~sAjR%uGZdDs(_c6FPW(mA<3$N2r z&JaSLB%m*CzFG#{Z~u*Xcn+na+0&m|$Js_PYPOZ?UDM#n z>?XWV+|UK_VY+ur+&!FP8e@Gnq&72^Lqd*o(lG(qiIWkXX3}T>n@eolR?aAG%DAbM z9@wQQ9!wc^cr@08dpr@3Fi^P{QDV~k@t+TU6_ztwY6`BIk{T6A$FanKjp#SI@vGj> z%xYI;0%<)tMW|MJu_df9R>Clss>eHYasgX)J4mS$0r zpQhIc&Nc#V`gcs3z1|!0j+lS#^a9KmW+cbV9AdRZzPr>+&-;Sx`K6W8ei#)X5;rt> z7%XHT$94WFFd8*m%UMFqgA#W6({XCd{mteYkrA8$0Tp$#-+yb>Zhj-O6zHL#f!3W* zeM-aIf!!vLe22lZ?bQl_Zq>JL@>)%m_1H%-#f})cu)zo2$4*7~&x#tXDHPN~>}H#W zlvqo-!WDw%A$$?k{bp~YF8;UX(la__aUS=2-X31B>kUFa{Z~6_2&UTieQZzeFPRdzSfeK6@ma zqo%su<uO(kghyFnw-V^IVF{$UaI>6lNBplNqUUxSJDYymqbJcY^aN@8#6+v z3j!swbV6!s#Q*sy+$qH_QVA#y`Z;YbO1F*1o|n>w_`9PjdzKcT8glNKD9X z@yn4Xwblnu06HoYq zDX^a{G$((@B6~{g{XVmoc2gjlrnG-@4}Pk=GiSr9Z>MyhH~8q-~tv% z3EL{1{QeSC(4=CZv$02LN5nI?{b%)Pr&cqsOt$fb2{umrB)<&9BIUWQv=#;n4CUKI zIJJU9Ief=)SxV9|244uF(h($sNC|;$>=w~3j~zT?h+FBh*H6J0Y?j*QV&v)qU;G6V zjDh<+TR(Zg2o4?(>A<~y4B$t^!~7AUM63xXUT7zU$lyzI3)LCd*nf9PIn&WucK_$Z z$n9XSs?CdIs6dk@?{U6m7i}++A{sw+x4+Ru>MQCQBS^oDm5EiCa%rPVoGRr1oGQud z_?0k{oXXb;F}V>tg{pNG!V+8Ms&5I$HE#A~s3$!WOi@oF9;pBCNy2bxl~6X+IhFBY zCbR6#sp%ou$c8u@L9z+|eKfn`=0FHm`py?z(9zE~>n0cUttL2Y-h2MS&9dbfEiHsO zQ!`td%JOeUn9iyx0Ub4YGrwW?yXp>7%1|1;r_Kdx}s(Dlr~U2A?0T_1v`Nrku?brv>%R@imlW8_YI^)`!Q?_%aULc1=r;-4r(O7i0FkLKkT zZbZ zRy?BkCdk55TRn>h!W!=V7kc*zY|Ai0d6Z44qq3GKnpC2jsgLEH^ZU+2HWq)x5*g@L%lCK!5!m&-;EVjr3$ZqncD3(Cef?TnPzL{so`h`|aK06<+tI>_0HLsA z_sBA`W%A8nwm}WUt4I*F>Uv773$ap`UTRCU^?@H>aR$RK=w-iy5Sv)x(4Unwyo4j0 zHwF&ByjHK}?hzP`SF~Gp6|w$3>*;I%kQwtMLWqD(uJ_!vZ{s4-|lF6!Lk-`fijg(P7yF92ifFNBEXBQ*GcH_*&^*!2$4_W)qG=GQszc7rh zIp#$uHf|>JxP4hGg<&VG@0W1OYM(QdOwBm7_fh%qTq}Z5ZTs#?uEYciu)qiLO>HAn z)5TQ;QkMsW_kU-hunF+r%A8+8U|tdjc>O(4ju;J$X3241Ur26x`qDF0SQV7&Bzc|) z1GzRCPGX7H-Hy-h(CiD&`O2{aOnt=!R%4^PqLFfB>3F3*#`9w@N5X1Qi%r> z{=GRv6d)wa2#A(iceB5t;=4C(N|&!;<>1)$ya5yL-;+};L)4=8QMjF6b z*zprc?%uh5G(mLpN=|*QAxTY}8#qMyc5p|~bR!C-LbY_H7Z9PZF^y}F;*C>Gb_gXx z^4fM!M8D`~kM!NVG~-e1EY$9eQ=&Yrq&!GAI}xDR<>25jlX!mf=gxfeu7fqELSe#t zcUMvWM_0hi%6cJuXUfpK#fQp&ifYySrsehr;?rBYu_NBC6<_KUL1Tl!Z7_ZJOupa` zM5j0ZTS)mT{Sh3~xFQa~B>?vVc4S2&k))4X6#}l%V3O&D*3|Sj)%Ha+Ha3c8%uUdo zL06t93^)!Le!|aa_Z6E&o4Hq+7`gHs?hfs~>57oiHqBc~UC;+!K?m^Gi;IiJMDPd6 zz^5!Mg%AA~U)^mJN`R@C$#;GvM)3dBR4ah<6}0NVk#w^lUh9;cE{Jmr18t!~fk4A% z63oLgR=WMU_QM=7!@!$Po0ltk)+c9(9Hw^1Sv~kQH#gUk*nOY&)2p(8)jE;1Qoi8% zt~0)2t)j(9F|9EG1AuzyQhgJxuoQj=xWz_BPrZ`T$u>HUg4DpW#+>U)$@@WSrUS~nt%>nJ$|TS>*2k- zSLOh&!KVuqUuwn@Z^VorDr3fiOnFYjt9AaAJ~7p z*LE^Fj6G}?QBsOz3&hX3W*@ zcKd5FMM)vCr5}*YyCcJ6N;C<5^{)i`h4et75R2oTc@Gni;+Us4YCeK;T4`?Ft z0j5&LRUTl&5G>5KlTY`X?(nt3YYA}uQv(+c1Ojj_KCOKGtCKdy=)^xxP>*}|#f=T+ zCv?&A@yFO?J^l6^R%kf5B4s+5+s8C1-yHmg)?c~_I%NZA|F?GhIaUr|8v{LpImzzx zWH&L*vvl6)#nCg3Wn!GN_{=5`5n}(1DRzr*C4+Sn?dKg^F7PW*P z!Msfem2g!%bNhG29MdJOTufDTA9-*dzDA%Hy=S~(m$jttHyouMy?jq1mR=56S?vZN z8(gB9(PFN(eKeip+i-}GLulQ2_e*{yg7f}#-(h_8AZiG7_|W7IrC8TCUk4#xvm5HF6&1Ky7!cFi$$>pBKel{iTPm^KEe>0<8}rGW-vXNkwDKF;PA z_U>`i#r;je^7m_w)Q#ak_gxH|2+k*Rv$HST8*@;VePVjb`o27o9ZSb~>ivVjGI5PJ zZ4UR-wkmyt{HO3Vc7oo1S1-FJPv#byCExRhb+N0rDAP*1`MV-WJCin)v_&3Z-<7!t zA`$cW{?a>Fuq|ooV7S=+sC32hUYJ9DnAmLuW7|Q*SlHMN_uvfYU!~glbLRyzfq-CZsa&Ulg6M?8(}}2cW&ZN4@)5QCC*TVh;Ji54^mALe0I51A*zQberIMMX@G{rkAna_dZ zptpm62lp?=s-Ory7iuH`f0LXOdl~9~P{;IWQu1~^4%WblfmhhjI{g_%yt#L7?~bC9 zja}0EP$fegPr+0(alcmb7d-P8h~CQ(GvC$7Yv&6W%kyOOPz-$!u0yOtk=Rv7Xr;s8 zD_#XX3}Gq4`_7#{4Y=p37EA0mCZz4dhg($yjqQ#*Rp70^$`TIPUKz#|F=cPIO&=kVi|_t}83sJ6SynWMcDd^}C)5R1(f3gwZO{!E+^&(j&_+=?|k8 z$$c$lTg?Yw;BRh&dkY8u4nZkzHY{KO-bFvH{NArTW!od+S*A&geYDll#jJZ!c17%T zYco*8<{m%&-kX3kg9geUwq5QMTUflpFTs_ZX&+49aF4zIz0?-qBWSlI)&VZCIhn1o zT@;=w@!L%PK&}1|DE{6V6lg88sL&|z!m@sdyf_h$|A+YI z#bE0T!tyQ5>Q;A!qt7>o34FRYQ%xQxw)%J34Pqq8LS_RP9Ph<*=+|}aKCtS%zc!s5 zMZcXh`hMwjtxSZXevI_ddvx<_qvCiZ#R!Jw08rL(@qn$Er=uRfK6_d~?;M)fZK@#L z$J?*-@C)Z*%P++pv15?@PMLMPs_g{Pjt&kbZMM@7Hv$$NnS6ZyvN2)K>U}`+#9}v5 z*{$YL4KgeYvk9qZvZ8i1z#k$gq1+Kw*a6BZt9MqHss9objae}ulcSskMssJaNUJg;7Y%_tM>^H&(Zq?SQEG{U>oM8J4K2weIPpgy|Gcq65R9* zPZtj;>g<%XTnBstkP?F}0ajY>)9hA4>h0p%6h4f-+I-NyjrVymkA#L!>@uL`C!Lva z71bGhE$nM@gjZoYxrnI|+(yH8U{Ow?=$|74e(odQSy*px9o>{w4R$;pGUc`&NqcMK znu|qmvoEf=;Kdt|lJvSA`6@E($Co1uD;rH+uVa0#1~A!b4h#L|TlH?I81Onj*5o!B zD6@bUnFCTlzs2m2;)xhBlcOr!EZW?$h;_L}K9}83uDpxa5a3917TIt)yDq;rpTF5` z?%2X6neLOdz7wyk!|AGoy3hrfDuDd;0a7z6Hu?&el6Nbl?a%_; zkf{dJV-+Xa)c4L*n&Mf4tB&T!$HyI~RN;>lSVP=s(DHDot?0SH&Bz zVqS?Z33S=Chfba?><$Fiqsz71kD2>_7u=_|=>zAN&bGvXp(i&32OPsN^oyS+eap$s zot&>Qe(m>x8n10{JJ9?hAEb~`1H{xXiLXmF3VW}T07=6XFX#6JhJ)${Z7e~cvaT2oj;TKuOQKf|=` zi}$Clv)889U?-3NZApgz5>KLriT?DUU_ILdLsQ(H4s&@Z#Qg2Rd-u5HWGlWD9l*nI z22R~kJE*zie1Jgs1aIO69oL$~ROj#f6L0|iO?)eD$VF|~$mW%zqOHXa<8!Eb2ju^) zZpzG=nf}Q}z?*E7*d{0CrU5r+y?N|6J+XV*i>$cO}0!r!m-#M%d=}f9Ar0{+3pbi*(xp~ zyQ|pRk^f{4r1n*GVP$Cha6RqT#)ir}oAdA6WdjehEweupwKXd;_x84}v&{4Ju9pBO zPA-_uv3Td6v9I#qM&ONhc9(rXJv&gq1Ri|ov5}o$?vMS96Nh*1+<6VSyLc_|B)6zH zyLXnn3@U$jrq;rZ`7cB Date: Tue, 3 Sep 2024 09:09:38 +0400 Subject: [PATCH 2/3] fix: allow posting licenses that will be valid in future (#14491) (cherry picked from commit 5bd5801286f9bef81836a335d3805528c46d0604) --- .../coderd/coderdenttest/coderdenttest.go | 9 +++- enterprise/coderd/license/license.go | 41 +++++++++++++++- enterprise/coderd/licenses.go | 32 +++++-------- enterprise/coderd/licenses_test.go | 48 +++++++++++++++++++ 4 files changed, 106 insertions(+), 24 deletions(-) diff --git a/enterprise/coderd/coderdenttest/coderdenttest.go b/enterprise/coderd/coderdenttest/coderdenttest.go index f5bfd05529fdd..1248781d483e4 100644 --- a/enterprise/coderd/coderdenttest/coderdenttest.go +++ b/enterprise/coderd/coderdenttest/coderdenttest.go @@ -174,6 +174,10 @@ type LicenseOptions struct { // ExpiresAt is the time at which the license will hard expire. // ExpiresAt should always be greater then GraceAt. ExpiresAt time.Time + // NotBefore is the time at which the license becomes valid. If set to the + // zero value, the `nbf` claim on the license is set to 1 minute in the + // past. + NotBefore time.Time Features license.Features } @@ -233,13 +237,16 @@ func GenerateLicense(t *testing.T, options LicenseOptions) string { if options.GraceAt.IsZero() { options.GraceAt = time.Now().Add(time.Hour) } + if options.NotBefore.IsZero() { + options.NotBefore = time.Now().Add(-time.Minute) + } c := &license.Claims{ RegisteredClaims: jwt.RegisteredClaims{ ID: uuid.NewString(), Issuer: "test@testing.test", ExpiresAt: jwt.NewNumericDate(options.ExpiresAt), - NotBefore: jwt.NewNumericDate(time.Now().Add(-time.Minute)), + NotBefore: jwt.NewNumericDate(options.NotBefore), IssuedAt: jwt.NewNumericDate(time.Now().Add(-time.Minute)), }, LicenseExpires: jwt.NewNumericDate(options.GraceAt), diff --git a/enterprise/coderd/license/license.go b/enterprise/coderd/license/license.go index fdb177d753eae..f81606afd66fd 100644 --- a/enterprise/coderd/license/license.go +++ b/enterprise/coderd/license/license.go @@ -287,6 +287,8 @@ var ( ErrInvalidVersion = xerrors.New("license must be version 3") ErrMissingKeyID = xerrors.Errorf("JOSE header must contain %s", HeaderKeyID) ErrMissingLicenseExpires = xerrors.New("license missing license_expires") + ErrMissingExp = xerrors.New("exp claim missing or not parsable") + ErrMultipleIssues = xerrors.New("license has multiple issues; contact support") ) type Features map[codersdk.FeatureName]int64 @@ -336,7 +338,7 @@ func ParseRaw(l string, keys map[string]ed25519.PublicKey) (jwt.MapClaims, error return nil, xerrors.New("unable to parse Claims") } -// ParseClaims validates a database.License record, and if valid, returns the claims. If +// ParseClaims validates a raw JWT, and if valid, returns the claims. If // unparsable or invalid, it returns an error func ParseClaims(rawJWT string, keys map[string]ed25519.PublicKey) (*Claims, error) { tok, err := jwt.ParseWithClaims( @@ -348,18 +350,53 @@ func ParseClaims(rawJWT string, keys map[string]ed25519.PublicKey) (*Claims, err if err != nil { return nil, err } - if claims, ok := tok.Claims.(*Claims); ok && tok.Valid { + return validateClaims(tok) +} + +func validateClaims(tok *jwt.Token) (*Claims, error) { + if claims, ok := tok.Claims.(*Claims); ok { if claims.Version != uint64(CurrentVersion) { return nil, ErrInvalidVersion } if claims.LicenseExpires == nil { return nil, ErrMissingLicenseExpires } + if claims.ExpiresAt == nil { + return nil, ErrMissingExp + } return claims, nil } return nil, xerrors.New("unable to parse Claims") } +// ParseClaimsIgnoreNbf validates a raw JWT, but ignores `nbf` claim. If otherwise valid, it returns +// the claims. If unparsable or invalid, it returns an error. Ignoring the `nbf` (not before) is +// useful to determine if a JWT _will_ become valid at any point now or in the future. +func ParseClaimsIgnoreNbf(rawJWT string, keys map[string]ed25519.PublicKey) (*Claims, error) { + tok, err := jwt.ParseWithClaims( + rawJWT, + &Claims{}, + keyFunc(keys), + jwt.WithValidMethods(ValidMethods), + ) + var vErr *jwt.ValidationError + if xerrors.As(err, &vErr) { + // zero out the NotValidYet error to check if there were other problems + vErr.Errors = vErr.Errors & (^jwt.ValidationErrorNotValidYet) + if vErr.Errors != 0 { + // There are other errors besides not being valid yet. We _could_ go + // through all the jwt.ValidationError bits and try to work out the + // correct error, but if we get here something very strange is + // going on so let's just return a generic error that says to get in + // touch with our support team. + return nil, ErrMultipleIssues + } + } else if err != nil { + return nil, err + } + return validateClaims(tok) +} + func keyFunc(keys map[string]ed25519.PublicKey) func(*jwt.Token) (interface{}, error) { return func(j *jwt.Token) (interface{}, error) { keyID, ok := j.Header[HeaderKeyID].(string) diff --git a/enterprise/coderd/licenses.go b/enterprise/coderd/licenses.go index b3f38a8ca5f8d..8e713886555a5 100644 --- a/enterprise/coderd/licenses.go +++ b/enterprise/coderd/licenses.go @@ -86,25 +86,7 @@ func (api *API) postLicense(rw http.ResponseWriter, r *http.Request) { return } - rawClaims, err := license.ParseRaw(addLicense.License, api.LicenseKeys) - if err != nil { - httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ - Message: "Invalid license", - Detail: err.Error(), - }) - return - } - exp, ok := rawClaims["exp"].(float64) - if !ok { - httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ - Message: "Invalid license", - Detail: "exp claim missing or not parsable", - }) - return - } - expTime := time.Unix(int64(exp), 0) - - claims, err := license.ParseClaims(addLicense.License, api.LicenseKeys) + claims, err := license.ParseClaimsIgnoreNbf(addLicense.License, api.LicenseKeys) if err != nil { httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ Message: "Invalid license", @@ -134,7 +116,7 @@ func (api *API) postLicense(rw http.ResponseWriter, r *http.Request) { dl, err := api.Database.InsertLicense(ctx, database.InsertLicenseParams{ UploadedAt: dbtime.Now(), JWT: addLicense.License, - Exp: expTime, + Exp: claims.ExpiresAt.Time, UUID: id, }) if err != nil { @@ -160,7 +142,15 @@ func (api *API) postLicense(rw http.ResponseWriter, r *http.Request) { // don't fail the HTTP request, since we did write it successfully to the database } - httpapi.Write(ctx, rw, http.StatusCreated, convertLicense(dl, rawClaims)) + c, err := decodeClaims(dl) + if err != nil { + httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ + Message: "Failed to decode database response", + Detail: err.Error(), + }) + return + } + httpapi.Write(ctx, rw, http.StatusCreated, convertLicense(dl, c)) } // postRefreshEntitlements forces an `updateEntitlements` call and publishes diff --git a/enterprise/coderd/licenses_test.go b/enterprise/coderd/licenses_test.go index c2f7d83fbbd6b..bbd6ef717fe8e 100644 --- a/enterprise/coderd/licenses_test.go +++ b/enterprise/coderd/licenses_test.go @@ -4,6 +4,7 @@ import ( "context" "net/http" "testing" + "time" "github.com/google/uuid" "github.com/stretchr/testify/assert" @@ -82,6 +83,53 @@ func TestPostLicense(t *testing.T) { t.Error("expected to get error status 400") } }) + + // Test a license that isn't yet valid, but will be in the future. We should allow this so that + // operators can upload a license ahead of time. + t.Run("NotYet", func(t *testing.T) { + t.Parallel() + client, _ := coderdenttest.New(t, &coderdenttest.Options{DontAddLicense: true}) + respLic := coderdenttest.AddLicense(t, client, coderdenttest.LicenseOptions{ + AccountType: license.AccountTypeSalesforce, + AccountID: "testing", + Features: license.Features{ + codersdk.FeatureAuditLog: 1, + }, + NotBefore: time.Now().Add(time.Hour), + GraceAt: time.Now().Add(2 * time.Hour), + ExpiresAt: time.Now().Add(3 * time.Hour), + }) + assert.GreaterOrEqual(t, respLic.ID, int32(0)) + // just a couple spot checks for sanity + assert.Equal(t, "testing", respLic.Claims["account_id"]) + features, err := respLic.FeaturesClaims() + require.NoError(t, err) + assert.EqualValues(t, 1, features[codersdk.FeatureAuditLog]) + }) + + // Test we still reject a license that isn't valid yet, but has other issues (e.g. expired + // before it starts). + t.Run("NotEver", func(t *testing.T) { + t.Parallel() + client, _ := coderdenttest.New(t, &coderdenttest.Options{DontAddLicense: true}) + lic := coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{ + AccountType: license.AccountTypeSalesforce, + AccountID: "testing", + Features: license.Features{ + codersdk.FeatureAuditLog: 1, + }, + NotBefore: time.Now().Add(time.Hour), + GraceAt: time.Now().Add(2 * time.Hour), + ExpiresAt: time.Now().Add(-time.Hour), + }) + _, err := client.AddLicense(context.Background(), codersdk.AddLicenseRequest{ + License: lic, + }) + errResp := &codersdk.Error{} + require.ErrorAs(t, err, &errResp) + require.Equal(t, http.StatusBadRequest, errResp.StatusCode()) + require.Contains(t, errResp.Detail, license.ErrMultipleIssues.Error()) + }) } func TestGetLicense(t *testing.T) { From e4958f1c569507c8d0aa22a8d0d5a2dcec329c70 Mon Sep 17 00:00:00 2001 From: Spike Curtis Date: Tue, 3 Sep 2024 09:22:46 +0400 Subject: [PATCH 3/3] fix: stop reporting future licenses as errors (#14492) (cherry picked from commit 4eac2acede8ce87fb0af8dba39ef056bd0ec238e) --- .../coderd/coderdenttest/coderdenttest.go | 7 +++++++ enterprise/coderd/license/license.go | 7 +++++++ enterprise/coderd/license/license_test.go | 19 +++++++++++++++++++ 3 files changed, 33 insertions(+) diff --git a/enterprise/coderd/coderdenttest/coderdenttest.go b/enterprise/coderd/coderdenttest/coderdenttest.go index 1248781d483e4..d4a75451e003b 100644 --- a/enterprise/coderd/coderdenttest/coderdenttest.go +++ b/enterprise/coderd/coderdenttest/coderdenttest.go @@ -199,6 +199,13 @@ func (opts *LicenseOptions) Valid(now time.Time) *LicenseOptions { return opts } +func (opts *LicenseOptions) FutureTerm(now time.Time) *LicenseOptions { + opts.NotBefore = now.Add(time.Hour * 24) + opts.ExpiresAt = now.Add(time.Hour * 24 * 60) + opts.GraceAt = now.Add(time.Hour * 24 * 53) + return opts +} + func (opts *LicenseOptions) UserLimit(limit int64) *LicenseOptions { return opts.Feature(codersdk.FeatureUserLimit, limit) } diff --git a/enterprise/coderd/license/license.go b/enterprise/coderd/license/license.go index f81606afd66fd..6f0e827eb3320 100644 --- a/enterprise/coderd/license/license.go +++ b/enterprise/coderd/license/license.go @@ -100,6 +100,13 @@ func LicensesEntitlements( // 'Entitlements' group as a whole. for _, license := range licenses { claims, err := ParseClaims(license.JWT, keys) + var vErr *jwt.ValidationError + if xerrors.As(err, &vErr) && vErr.Is(jwt.ErrTokenNotValidYet) { + // The license isn't valid yet. We don't consider any entitlements contained in it, but + // it's also not an error. Just skip it silently. This can happen if an administrator + // uploads a license for a new term that hasn't started yet. + continue + } if err != nil { entitlements.Errors = append(entitlements.Errors, fmt.Sprintf("Invalid license (%s) parsing claims: %s", license.UUID.String(), err.Error())) diff --git a/enterprise/coderd/license/license_test.go b/enterprise/coderd/license/license_test.go index db914170a34f2..8e5e3e0a567f3 100644 --- a/enterprise/coderd/license/license_test.go +++ b/enterprise/coderd/license/license_test.go @@ -826,6 +826,25 @@ func TestLicenseEntitlements(t *testing.T) { assert.True(t, entitlements.Features[codersdk.FeatureCustomRoles].Enabled, "custom-roles enabled for premium") }, }, + { + Name: "CurrentAndFuture", + Licenses: []*coderdenttest.LicenseOptions{ + enterpriseLicense().UserLimit(100), + premiumLicense().UserLimit(200).FutureTerm(time.Now()), + }, + Enablements: defaultEnablements, + AssertEntitlements: func(t *testing.T, entitlements codersdk.Entitlements) { + assertEnterpriseFeatures(t, entitlements) + assertNoErrors(t, entitlements) + assertNoWarnings(t, entitlements) + userFeature := entitlements.Features[codersdk.FeatureUserLimit] + assert.Equalf(t, int64(100), *userFeature.Limit, "user limit") + assert.Equal(t, codersdk.EntitlementNotEntitled, + entitlements.Features[codersdk.FeatureMultipleOrganizations].Entitlement) + assert.Equal(t, codersdk.EntitlementNotEntitled, + entitlements.Features[codersdk.FeatureCustomRoles].Entitlement) + }, + }, } for _, tc := range testCases {