From fad36ba35d996bddc06379130a5b1f7dca6b36b6 Mon Sep 17 00:00:00 2001 From: JesseBot Date: Sun, 29 Oct 2023 10:43:49 +0100 Subject: [PATCH] Upgrade PostgreSQL subchart to `12.12.10` and update OIDC config to better match homeserver.yaml `oidc_providers` list (#474) * upgrade postgresql and change to current synapse OIDC standards * make sure oidc is false by default, was only true during testing * add some more notes for OIDC and status * fix painful dyslexia typos of odic to oidc * upgrade postgresql in Chart.lock and charts directory * lint the values.yaml * update the fullname templating for postgresql to use postgresql.v1.primary.fullname instead of postgresql.primary.fullname --- README.md | 14 +- charts/matrix/Chart.lock | 6 +- charts/matrix/Chart.yaml | 4 +- charts/matrix/README.md | 51 +++--- charts/matrix/charts/postgresql-12.12.10.tgz | Bin 0 -> 62562 bytes charts/matrix/charts/postgresql-12.8.2.tgz | Bin 60886 -> 0 bytes charts/matrix/templates/_helpers.tpl | 11 -- .../matrix/templates/synapse/_homeserver.yaml | 87 +--------- .../matrix/templates/synapse/deployment.yaml | 67 ++++---- .../templates/synapse/oidc-config-secret.yaml | 28 ---- charts/matrix/values.yaml | 148 ++++++++---------- 11 files changed, 146 insertions(+), 270 deletions(-) create mode 100644 charts/matrix/charts/postgresql-12.12.10.tgz delete mode 100644 charts/matrix/charts/postgresql-12.8.2.tgz delete mode 100644 charts/matrix/templates/synapse/oidc-config-secret.yaml diff --git a/README.md b/README.md index 0b774d3a..d800ca96 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,7 @@ helm repo add matrix https://jessebot.github.io/matrix-chart helm install my-release-name matrix --values values.yaml ``` - -## Current Features +## Current Features ✨ - Latest version of [Synapse](https://github.com/matrix-org/synapse) (the official homeserver edition of matrix) - Ingress definitions for federated Synapse (Matrix homeserver) and Element (frontend and CMS for matrix) @@ -22,22 +21,25 @@ helm install my-release-name matrix --values values.yaml ### Optional Features - Use (existing) Kubernetes Secrets for confidential data, such as passwords -- Use OIDC configs for SSO +- Use OIDC configs for SSO (see synapse [docs](https://github.com/matrix-org/synapse/blob/747416e94cd8f137b9173c132f7c44ea1c59534d/docs/openid.md) for more info) - Latest version of [Element](https://element.io/) - [Bitnami PostgreSQL subchart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) to deploy a cluster - needs some work to standardize though, so we also support external postgresql servers - [Coturn TURN server subchart](https://github.com/jessebot/coturn-chart) for VoIP calls -- Use s3 to store stuff :D +- Use [s3 to store stuff](https://github.com/matrix-org/synapse-s3-storage-provider/tree/main) #### ⚠️ Optional Features (Untested Since Fork) These features still need to be tested, but are technically baked into the chart: + - Choice of lightweight Exim relay or external mail server for email notifications - [Half-Shot/matrix-appservice-discord](https://github.com/Half-Shot/matrix-appservice-discord) Discord bridge - [matrix-org/matrix-appservice-irc](https://github.com/matrix-org/matrix-appservice-irc) IRC bridge - [tulir/mautrix-whatsapp](https://github.com/tulir/mautrix-whatsapp) WhatsApp bridge - ## Status + +Working on full stability, but always happy to receive GitHub Issues or PRs 💙 + This chart is now maintained mostly by me, @jessebot, but I'd love contributors as well! My goal is to provide regular updates using dependabot (maybe renovatebot soon) and provide some level of basic security from a k8s perspective. The aim as of right now has been removing any plaintext secrets and allowing for existing PVCs. I'm also trying to standardize the chart more by following predictable values.yaml patterns. -Note: I may stop supporting this if a larger entity maintains a better matrix chart (e.g. Bitnami releases a matrix helm chart), as then I'll just write PRs directly to them. At that time I'll put in a note in this README before publically archiving the repo. +Note: I may stop supporting this if a larger entity maintains a better matrix chart (e.g. Bitnami releases a matrix helm chart), as then I'll just write PRs directly to them. At that time I'll put in a note in this README before publically archiving the repo. As of right now though, in October 2023, there are no other actively maintained matrix helm charts for matrix that meet all my needs or are regularly updated to justify creating PRs. diff --git a/charts/matrix/Chart.lock b/charts/matrix/Chart.lock index 11e1d034..191a8ca3 100644 --- a/charts/matrix/Chart.lock +++ b/charts/matrix/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 12.8.2 + version: 12.12.10 - name: coturn repository: https://jessebot.github.io/coturn-chart version: 4.2.1 -digest: sha256:985196577925eac88439aaad965d1f040d249087c95f8438614a051651efd6ac -generated: "2023-08-11T11:05:27.126156044Z" +digest: sha256:0cf269ad4d55165ccfe045bf081dff19db8439916ee853bc7199419c2603d189 +generated: "2023-10-29T10:22:45.281145835+01:00" diff --git a/charts/matrix/Chart.yaml b/charts/matrix/Chart.yaml index 84f1afd5..46b23389 100644 --- a/charts/matrix/Chart.yaml +++ b/charts/matrix/Chart.yaml @@ -8,7 +8,7 @@ sources: type: application -version: 4.6.3 +version: 4.7.0 # renovate: image=matrixdotorg/synapse appVersion: v1.95.0 @@ -20,7 +20,7 @@ maintainers: dependencies: - name: postgresql - version: 12.8.2 + version: 12.12.10 repository: oci://registry-1.docker.io/bitnamicharts condition: postgresql.enabled - name: coturn diff --git a/charts/matrix/README.md b/charts/matrix/README.md index 6b35db65..bf3d8320 100644 --- a/charts/matrix/README.md +++ b/charts/matrix/README.md @@ -1,6 +1,6 @@ # matrix -![Version: 4.6.3](https://img.shields.io/badge/Version-4.6.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.95.0](https://img.shields.io/badge/AppVersion-v1.95.0-informational?style=flat-square) +![Version: 4.7.0](https://img.shields.io/badge/Version-4.7.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.95.0](https://img.shields.io/badge/AppVersion-v1.95.0-informational?style=flat-square) A Helm chart to deploy a Matrix homeserver stack into Kubernetes @@ -21,7 +21,7 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes | Repository | Name | Version | |------------|------|---------| | https://jessebot.github.io/coturn-chart | coturn | 4.2.1 | -| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.8.2 | +| oci://registry-1.docker.io/bitnamicharts | postgresql | 12.12.10 | ## Values @@ -231,30 +231,29 @@ A Helm chart to deploy a Matrix homeserver stack into Kubernetes | matrix.logging.rootLogLevel | string | `"WARNING"` | Root log level is the default log level for log outputs that don't have more specific settings. | | matrix.logging.sqlLogLevel | string | `"WARNING"` | beware: increasing this to DEBUG will make synapse log sensitive information such as access tokens. | | matrix.logging.synapseLogLevel | string | `"WARNING"` | The log level for the synapse server | -| matrix.oidc_config.authorization_endpoint | string | `"https://accounts.example.com/oauth2/auth"` | oauth2 authorization endpoint. Required if provider discovery disabled. | -| matrix.oidc_config.client_auth_method | string | `"client_secret_post"` | auth method to use when exchanging the token. Valid values are: 'client_secret_basic' (default), 'client_secret_post' and 'none'. | -| matrix.oidc_config.client_id | string | `"provided-by-your-issuer"` | oauth2 client id to use. Required if 'enabled' is true. | -| matrix.oidc_config.client_secret | string | `"provided-by-your-issuer"` | oauth2 client secret to use. Required if 'enabled' is true. | -| matrix.oidc_config.discover | bool | `true` | set to false to disable use of the OIDC discovery mechanism to discover endpoints. | -| matrix.oidc_config.enabled | bool | `false` | set to true to enable authorization against an OpenID Connect server | -| matrix.oidc_config.existingSecret | string | `""` | existing secret to use for the OIDC config | -| matrix.oidc_config.issuer | string | `"https://accounts.example.com/"` | OIDC issuer. Used to validate tokens and (if discovery is enabled) to discover the provider's endpoints. Required if 'enabled' is true. | -| matrix.oidc_config.jwks_uri | string | `"https://accounts.example.com/.well-known/jwks.json"` | URI where to fetch the JWKS. Required if discovery is disabled and the "openid" scope is used. | -| matrix.oidc_config.scopes | list | `["openid","profile"]` | list of scopes to request. should normally include the "openid" scope. Defaults to ["openid"]. | -| matrix.oidc_config.secretKeys.authorization_endpoint | string | `"authorization_endpoint"` | key in secret with the authorization_endpoint if discovery is disabled | -| matrix.oidc_config.secretKeys.client_id | string | `"client_id"` | key in secret with the client_id | -| matrix.oidc_config.secretKeys.client_secret | string | `"client_secret"` | key in secret with the client_secret | -| matrix.oidc_config.secretKeys.issuer | string | `"issuer"` | key in secret with the issuer | -| matrix.oidc_config.secretKeys.jwks_uri | string | `"jwks_uri"` | key in secret with the if discovery is disabled and openid is scope | -| matrix.oidc_config.secretKeys.token_endpoint | string | `"token_endpoint"` | key in secret with the token_endpoint if discovery is disabled | -| matrix.oidc_config.secretKeys.userinfo_endpoint | string | `"userinfo_endpoint"` | key in secret with the userinfo_endpoint if discovery is disabled | -| matrix.oidc_config.skip_verification | bool | `false` | | -| matrix.oidc_config.token_endpoint | string | `"https://accounts.example.com/oauth2/token"` | the oauth2 token endpoint. Required if provider discovery is disabled. | -| matrix.oidc_config.user_mapping_provider.config.display_name_template | string | `""` | | -| matrix.oidc_config.user_mapping_provider.config.localpart_template | string | `""` | | -| matrix.oidc_config.user_mapping_provider.config.subject_claim | string | `""` | name of the claim containing a unique identifier for user. Defaults to `sub`, which OpenID Connect compliant providers should provide. | -| matrix.oidc_config.user_mapping_provider.module | string | `""` | The custom module's class. Uncomment to use a custom module. Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers for information on implementing a custom mapping provider. example: module: mapping_provider.OidcMappingProvider | -| matrix.oidc_config.userinfo_endpoint | string | `"https://accounts.example.com/userinfo"` | the OIDC userinfo endpoint. Required if discovery is disabled and the "openid" scope is not requested. | +| matrix.oidc.enabled | bool | `false` | set to true to enable authorization against an OpenID Connect server | +| matrix.oidc.existingSecret | string | `""` | existing secret to use for the OIDC config | +| matrix.oidc.providers | list | `[{"authorization_endpoint":"https://accounts.example.com/oauth2/auth","backchannel_logout_enabled":true,"client_auth_method":"client_secret_post","client_id":"provided-by-your-issuer","client_secret":"provided-by-your-issuer","discover":true,"idp_brand":"","idp_id":"","idp_name":"","issuer":"https://accounts.example.com/","scopes":["openid","profile"],"skip_verification":false,"token_endpoint":"https://accounts.example.com/oauth2/token","user_mapping_provider":{"config":{"display_name_template":"","localpart_template":"","picture_template":"{{ user.data.profile_image_url }}","subject_claim":""}},"userinfo_endpoint":"https://accounts.example.com/userinfo"}]` | each of these will be templated under oidc_providers in homeserver.yaml ref: https://matrix-org.github.io/synapse/latest/openid.html?search= | +| matrix.oidc.providers[0] | object | `{"authorization_endpoint":"https://accounts.example.com/oauth2/auth","backchannel_logout_enabled":true,"client_auth_method":"client_secret_post","client_id":"provided-by-your-issuer","client_secret":"provided-by-your-issuer","discover":true,"idp_brand":"","idp_id":"","idp_name":"","issuer":"https://accounts.example.com/","scopes":["openid","profile"],"skip_verification":false,"token_endpoint":"https://accounts.example.com/oauth2/token","user_mapping_provider":{"config":{"display_name_template":"","localpart_template":"","picture_template":"{{ user.data.profile_image_url }}","subject_claim":""}},"userinfo_endpoint":"https://accounts.example.com/userinfo"}` | id of your identity provider, e.g. dex | +| matrix.oidc.providers[0].authorization_endpoint | string | `"https://accounts.example.com/oauth2/auth"` | oauth2 authorization endpoint. Required if provider discovery disabled. | +| matrix.oidc.providers[0].client_auth_method | string | `"client_secret_post"` | auth method to use when exchanging the token. Valid values are: 'client_secret_basic' (default), 'client_secret_post' and 'none'. | +| matrix.oidc.providers[0].client_id | string | `"provided-by-your-issuer"` | oauth2 client id to use. Required if 'enabled' is true. | +| matrix.oidc.providers[0].client_secret | string | `"provided-by-your-issuer"` | oauth2 client secret to use. Required if 'enabled' is true. | +| matrix.oidc.providers[0].discover | bool | `true` | turn off discovery by setting this to false | +| matrix.oidc.providers[0].idp_brand | string | `""` | optional styling hint for clients | +| matrix.oidc.providers[0].idp_name | string | `""` | human readable comment of your identity provider, e.g. "My Dex Server" | +| matrix.oidc.providers[0].issuer | string | `"https://accounts.example.com/"` | OIDC issuer. Used to validate tokens and (if discovery is enabled) to discover the provider's endpoints. Required if 'enabled' is true. | +| matrix.oidc.providers[0].scopes | list | `["openid","profile"]` | list of scopes to request. should normally include the "openid" scope. Defaults to ["openid"]. | +| matrix.oidc.providers[0].token_endpoint | string | `"https://accounts.example.com/oauth2/token"` | the oauth2 token endpoint. Required if provider discovery is disabled. | +| matrix.oidc.providers[0].user_mapping_provider.config | object | `{"display_name_template":"","localpart_template":"","picture_template":"{{ user.data.profile_image_url }}","subject_claim":""}` | The custom module's class. Uncomment to use a custom module. Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers for information on implementing a custom mapping provider. example: module: mapping_provider.OidcMappingProvider Custom configuration values for the module. This section will be passed as a Python dictionary to the user mapping provider module's `parse_config` method. The examples below are intended for the default provider: they should be changed if using a custom provider. | +| matrix.oidc.providers[0].user_mapping_provider.config.subject_claim | string | `""` | name of the claim containing a unique identifier for user. Defaults to `sub`, which OpenID Connect compliant providers should provide. | +| matrix.oidc.providers[0].userinfo_endpoint | string | `"https://accounts.example.com/userinfo"` | the OIDC userinfo endpoint. Required if discovery is disabled and the "openid" scope is not requested. | +| matrix.oidc.secretKeys.authorization_endpoint | string | `""` | key in secret with the authorization_endpoint if discovery is disabled | +| matrix.oidc.secretKeys.client_id | string | `"client_id"` | key in secret with the client_id | +| matrix.oidc.secretKeys.client_secret | string | `"client_secret"` | key in secret with the client_secret | +| matrix.oidc.secretKeys.issuer | string | `"issuer"` | key in secret with the issuer | +| matrix.oidc.secretKeys.token_endpoint | string | `""` | key in secret with the token_endpoint if discovery is disabled | +| matrix.oidc.secretKeys.userinfo_endpoint | string | `""` | key in secret with the userinfo_endpoint if discovery is disabled | | matrix.presence | bool | `true` | Set to false to disable presence (online/offline indicators) | | matrix.registration.allowGuests | bool | `false` | Allow users to join rooms as a guest | | matrix.registration.autoJoinRooms | list | `[]` | Rooms to automatically join all new users to | diff --git a/charts/matrix/charts/postgresql-12.12.10.tgz b/charts/matrix/charts/postgresql-12.12.10.tgz new file mode 100644 index 0000000000000000000000000000000000000000..89bcc970ab5e6df5463d6a1d3c8af850698efe6b GIT binary patch literal 62562 zcmV)HK)t^oiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%dKEQ6$vsZ_I z0tZ{Bqx2_X9MV4>Y>X@4xv%60MiJqVV-m6c4gfynXh!I=4~`*+6UfjG0C)jsi1op5 zI{*OSfe0>89}woTISNBrs4MkBK>S-oyO{JQm`8Add!}Ch@X!m;1jEQXJoM>C?*VZ$$#SGey>N- z3^Pub-eI>urZ46z+W~;XnH)S1=r3Lh@y-x%)cx4~xDz1eQygk80%;(8OcEHH0mV$zatHG0S8(a4{MW`pJDVYL0sSF(+ zb;bVwG|aWt&|2hW}#71sY3&%UkykMZ*`E0VSB9Ez1Oz%#^n zAFw$*dhxP9LFnbt;j_QKIyjgfJUe>v?5{764ujy?U#9Rdcy;ub7t^CxuO@#zeDUg) z|KbILM=uYazc_mFJb3o(FGnv>urosuqL8DY4?0H&N6);2zj{YU*N3nA2Z#L^2i@n- z{_^70%fBAJ_&=R*%BuFqn*Vn&Ob~m34M6SuKRSGMaP%ra|6e|P@ooM;#?KQlB=M5s z*_^wU#}hCf9sjp?rVL&0G(Zu@Q;cXI3`T?D+Y@Q>?mT${{x?IuFl@k^kW63*Vo2cv zaYUK;ItmeFXdgs`Bf#g713t$L+~Y6=RP z1UpK?aEyG4ILkpcFaeXFrIKX;N=qA33KcSdy0fnOEe}ukMVR=Dr6J}gv{auj-~u`1 z+AYD~|5-+{Fr(oN4MWIMYR7h&FzH7^jWdoS4&IY6S)g6EXAs!{G+V4~liXnykY*LS zFyZs`?-687*wi5XMPL_0+c8x-00s*ji7}^O*9Z;+A4&mz*lS0CfF=e52o_4D5cmn> zWT6mo0(^=fM@5vTXOo<7lSjP9Y^zV2X|C z>uD>cE8Bni6iNL8Lsq23h5TW!+m0ZG@F%onT`4+-??0hsO5H750vv6F$Qo=P_PXFQ z3YP+A0Pg1~0v}p2@q^fmGsIW#u#lxk>u(O(@6cUqcl~I+F2}jG&dYy9y}ou<*_usv4&nZAW!g*2>sSxz%ZFNfY!s=FU)Vl3a5~)ll8JO(sY?0KuiPbbd-Eh(?Gb zW;RKpl~q;Z$$*G)O&gCn74pl8Kq^EuTxK?u+Ou_~ZPA@3VJH_ijuvq!6}+^#jK@hX zJQPXWOybxRWZ1}ZbQpjow1`iw=@4l0uyUxhckGx5Vr_;E)d!%y2uM!VzG>MFi4Q{y zBKpWFJVtRymS7<4EwwUn3bk{SiGBpC!ae45hdsMUSe9b9DNVMtE0SdvXlZI$-H?1Z zgA)`oFbDz=s$V$)FbpLIg%JgSBJHk|ow6GC!Kcp!n1jq`F9BOV{I<|75C+9b1ScT^ z0fw`PFphn&AOQkeRv3pIO_PuzE}&$!&Pjk=Q``O4MG|gM1%FqN8&fhtdQ&hFb(m@c zqd=KRWU&yxn+jUk0u-h8s7BKVQy4N-N00$F)c82;WIxmx6L9-oB zU4S`XVaYLqJf|`zVTA)V;~_NrYeN*wcC?By>hm$0!X#9B`{^LOhfDTUbRZjj%)nEj zr5S&^4^YTtFJ$%8=>_20;6gh|hY$yzyoU4p2`WhW4Js6nTQV zIGTB?%*@qn5c|N!rBGeQ>JTkl0%rQCy#QiW%J1K`L%c-GV-F6-0klnIg>Q?b$5_qXX>WQAH&UrD#caS5`41G_*Klun3acCBRcpZ;LT;{A8 ztFhuVL1I{!BmwtQ8bf?5x2+5zy@KOtO6WqaWq?E=B(roRq&S-u;mH#)NcddX_R1K| zIjS61l^vC(db;+w>XD zK1@QPm5hT0Guh6y6Kn$dQp}2^uIZiXg40Q%uPn4p5NJg7WQMj-=N9 zDg!pRHO%*LHJ{X)J*(}}N?xjTUb|b_97t=w`Oe`NnQFT}{q9IcNxQx*yh&?S;i(pp zJhJt8Sc0m&@7waib*mh!`+0BVzBJN5RB_}(IxDg6x2PUtIYE;cOetBYNvcTef@@&` zD>4`ISOSKO7%Q1crrx3@_z(s#PIc=C!OpYe!ANjVZw0!lPIrQ%;3jTEPo5aHs$vFw z$n=W3Q{gqqjl)AaAB!HQ27gjDZQJ$}ZjrPH^69NX;ZD&XR`i9X;b=zCc1qo1&etl( zm{o3rE3O5m)oUCg2F^(mamRlt-4#>$5l4(87zoxSOfU>a07ZA0l4yY<4(=euV%As- zhXdWRq6`t#pJR@Eo={{n+bQ4uz&MNo7?KEm0EB`MR_8uQ4~kvC53=e4)s>|^jghK? zsGdA=6{!V8j-HKIV6o7;R*ChY%a)Nprz9c?8GVS-IZ?70XSg*l7`R9l6GX*GQd1<) zRi$E^!#m_qYy$)rgrhzfN{5lqfit0P3EN1=%0s1mmAXwxW*(MdrZjV0ilsdyGpVu4U>#%TSA!!7 zXR82=XOerOBLb4!QnXTfQidj|s$#>5BIb^79@r3aC|XMf>E9J3U8m4i_2C>x=ZG;l z6PjH8BB=<`9SY@+cMd7aywlPqEn(6bj?jprDgFqqjqhKGwSq>)D?v8BsDPyY%G05{d zQx63;_5q@lP=z65i-u%%&740-`?0XhXog5rGUv;d4RjE*sCs-dx;hySu1}6t^@N7t zR4Zn&3fw724FuCfEL8g-R-Qv)vOLu-@Kdu^=aDl+?+^v2BLIVdiVZKJQhk|?jUq?Z z>gF5E(=nk-gc_C0N0e_P_gQKb04D_iN^GnnC@Mp9%si7@MM;e`tEPl5%=9_F5S4@( zUg%OXb%DZoEtq-6i_PKj#frQaje^Kwe*rFzg4N;TC};sU-J+}kKEAJ%8r3UsMF=-c zLo;*GfP~$YPH4$)To8Iizi2FtMsGIU)&2mggGF6odnNH%`C;a(@osOzdfSPS~B%DTk_1>%FoXL{*|U zKytnWMD2{k_x~xG4jl(*0kl6y3uJt+a`VhS7>Hu9#$|luYNNr_9L5X;D5l7V90mX1 z|NH+GSjR(V)MzE=tU6$fQb#Z+dTS4^&&B{nK3>A3LI5zw8)L>9#aNjhYR6Y%c~% z59vSDj4^*m;kW*X?@b$bc%4!;Jf=vpRsX?5y@jkfuQV%xQqJ$L&eW8RB!87`2vw*? z=G{a#PlV1Mt6?)|f;=>O0Kr_$ z3v7<<#TH|}01LDrbSW3_AD6&bXzGwnZWvP=J^;JYaYY!zlW?hrHQPt%-51+aXuyYF zfbM#1zK|38!^`LAAL@<;6iQEVWtsB1hZ#!{>peewS=TzF(*9MqefILjbHPnEU#Or` zcR!vM=Z!72i1|{8%bolzR~6H#yu(Lvx)2&r@bhQL82%SJ!)D7boqn0Rfk1rLoYaPs zz{(f#RBZ|M&RTvDRkcMXD*#{Yp;@ZzQKu~dO$Trk&hUlP_>vt zHGpcr@H9KNEutxr7(tNTlboX+mbfJ6kh|{dGENj>797h4^=lj=X(tS`Hgby_S*NOY z#Y#v&p=BwsTeK_%Xw|QTIUHml2h}9Hi<32VEBcbJB0Z^bWWoTY=+>HHPCBifgAhFKOylmRFP z7+PEzQM`b3nTzR(RjE7Ebz!$~?xjCu=W4rXW(xPg0x}t}5+WFgf4kjoszCMSQdPAS znWKQp2$!*ZZY{YL0XX^v`8u|4D8HY>cnxvxJ-q78?zzYA;}1syc#=I%yb1Dzb&CRTO3A{L$4H(uGd;0}%J>#dnU?_)G-hloVMe1= zoH(u4mkxuyg_x8Q+9(YLLbI-&MwkbaMt!hJl#z-ZlhJ1qnFr}CS%?KPy$UAF^H;G< zpVe0tmuklvD#}%8l?^hxlt5>!BzQjuHzW0D7z(RB3+U6~9idqdjeE$Vf>RhVs8+#{ z%xv^|z|Ewnlot#fV+l~m2AP_U>W>D3p)zpl8VG8|qDcfG2Qu0TObFqou{Pb6@vfSr ze*>^s-UysG>Pwf+O+pp;P zHy=jep3qwWLlVs@J138{8yH>2f!vLo%I?cW*9c{9lBB_4Vx#&I`O>pEN9B^8h9k6? zy2fu?f!7YxYlpWO0%kNV0^0U5cQ>B0)K1M#B__zk#Ye#;{U8=c<@M0lJ{0IoH07EG zd`cKIb(}+8=|E9?kX)@fp3MQggE-U~Z8Yq^kwk%xkXoYC$k`J6Ck`1ru)}C0Ss^+b9*gD*l>#M_0dAvk;EpGkyTVXC<&k>Nn zWRVFf%vR&nu1g0;8{qQP>RQSmT^+c*sx0AE_+0_8I+4x}3wNEdN8w3y_a0KF?-j}M zREuX>bd9>76G+i1FPnUYA{@I#9>0w^_(I$Ct(0ys{+8&l6AncL`M8)V8^PU5v)wzXBFnw1nursd#BvU z^}(|PwKUj#?}I~C>N2knUdYmX|NG#jG6QoR=!3)3Zl~g2DzNU?^&~cjVKtF;8@GYq zD734CY$3L*18pg|s{?K+x+Q?+Jpj9OCETr!ar`cCQ?gDJUKDOtf#_i0_RWRGYD)EMRiu|P?qPK+H zvNGpiK>^53lR8^QIe+;CO$kL}rwXTH%c^P5)_NORMpFqklO(~MEh?K<9?ZA2WvxrX zK3T+xye+FUFZ3#w2K~9K@W@?mTBwn?Vo}xFZs40vb#=gjLL|#jV4@JVipYNGN-K7xj!uKgBx_Nf=!2sdFVC?q^W#Jm94ySR2V&!xP|TNN2gK1wzKwkf z(=cTb`pC;iJC;gKR@Ar)tD>RJw`pqzGi7fmNn)V>dwQI*IVRQx(|ofk^Fc!sn)l!^ z-7V^=`1`Rht>3`JOl`DcXC+vgL<4m}S^mf3YT9HCfE5F^3CIf)$>`oO;=n1`5V&-o zjwrsvA)28R=0lYLTq3IcxFJ%8e4#u?luU7mx_lX{fYh?`4N>_pR^DBVST~>~mWYa_ z_iIqxJI<<6}o^J1$BXr^n`N{68sVsV& zrN8pP;OwlFt8>EmAjFU%=lIaLV`CC96KEhSDIhf}!Y7fBV$OOxAs6!^#P12c#nG$> zgTO-(rx?kjX`wz4_dS7tdH0yl<*%N`)iVQR5n1VE6Ll^WCOZ>~q+L^BWkNB!rWkJs zcCD*j8u*?~h(=Nt=<`ox>QAshzJXNUvmAxru7Ag<1Nl zQrD)P!pizR-zQ6)Qa@%cbydY0dDh$)DWr9sNWs)0vdP!j@(HL0@QngBaW#2+tA~|DDYs!aav-t$?1P}JeOc7$1S;KZ8RfDb$rW;o!@Vw!9*Hb! z#sjJ=hsB~JyJKbutB&7{l$h?-txiD6^dimk)p~+B4vpf}Xqedg;z8xQuwSnT_jM3N z)mRp?rO0DO%%95PNS9>YrgFIwfX66AJ|`4hq(V@;-mlD2%l{(v36lr~Q*Di6$f%^1 zlQ6vrer^5!2!k(n6I>2-Mnp=yMOUTBauSn}%$DPrA{Y!w#5ff&MNiZhpgsZno9LNb z{nB0lrfNYI7PBNt78L>)B$^q=s~5=BtE>x7%9ErjGOyb5Ls-ZmfdT6YzKZ{Nrca)t z$@4SHdryjG-jv7{k!5_V;7KJHV~UB~&V`UM8F?_$B|zoIx3bJ2=+7HX?*hO|Yelb? zh)T5Y7?Q~WLyl+!IRfeDefd}b=rB&`ZD*xqe=>Is7DMUjA+;PcizMVY4w08)%63x@ zZIwOXh%Rs><@61OJ{md4C+RUtx&0L(6sXJ%8VUk40Ys)4UU6y_MXC41BF-aIS4`^Y zuIz0R2auyNr;wxBvS4)>JIdZQF63^H z96~TGyuBw1p{IL?vmhI{H+{=6y0SZ_d>?j6rG}OfE9&0fxw=|cl2lWLwS-v3qro7+ z`tiCuyI~uDw0)B>kGVdiO4VG4yjsd~w;L@?mE51%ZuCm)l8*^-i@OFL*6< zpOgI4peV$siPb}A5zVfDf$aUo?0fFh$V#NDa=d00(md@ZPTG3rk#ZN0^mWSZgF z{8+=(Dmb@c(`lkkM-5QhzDnR;U$EX6D5P{Uap=NARxe}980(lY4i3C$N3UMK`i}9{Fa_z*yd*16hIGbLhlHa|DABF=hscm0jLQoAzZxn@HR)m6F8%=r-jFnsoo+ha?F+eJO)_Q%uo448z_NiWsNZ=bi>5c6p*JhJjwm z?0ND8RP{EU>K-^e=&Ju6^p2ia$(Yktt&|PYCKflLz)$4zm{aEFxm89W`ObL(_!70TE681fT&ok~xkGj?A6VW*)N!Q~MSm+EJFjetq0>)n0_%;<3fWRUu{3XhrZ_^uzVq^?a>e~G zyXZfxHu}kvj@Kz`*6Hkn`#JXK=D{Tff~9=NSzU`1YDMif4ZI}MRDfM85_C_j78+HQ zgyBAjNCBPPF9OUm%_ff@x7FmGRB-F zrAJCxLPc9u=3lQBLW`L?_LJ`fRK4q#uGadfD3dgaMaP8LYc!1GK3FV;b?dIp&S6ti z$Hc@}mZpit7Q-*qf!YYzu(QgwOJk7>YH_(jqD-Z?$=+4krbjsK8CMeO3%njRcneE2 zSM*8pQtI^PripnqZ3~Ne#t^+)q$KI*wbTUD{2M!uu@zVLEc$Lu^28E4_MxEgeV(2P zn!`Ixs9I;O_e4}qIkV~+8pXaHGeA+0_$aW+&5-oP$U_`$O7bxZ5wE3LZ6n2Y53#HR zIa&h+CQqw|o)TM?7fYT}k|lJ`Hc383WS=;SS-GA3 z02!wrJ3~Naf3}n+psZ)ji2^FA+E%uJ7GzcA3vft#%%lMh;x8a`K*qwaJ$Hb^*|if0 zl<}i2nr-C~s6nwoGJzVX8)X!zfxB^9fg0F<_}l_Hn_}$*1FK2&L**H$L$XP-fjYRG zWgMu3ym{JzI_Q7=+yhSU*GxdLnp{6b9)fBF>n9_qhPg>bf@-LnrX{F`{D;p?;M$On zpP--w|6^w5r4hz~R+~*$kRs{h?DDf(V5M0Y|#cT+*y|2iJ;CgM_ z#S6QFmO5!`vIgWA+t#@eYP(dO9U+fzjT8w@nCp@x6wp`R{dZXT@0%;3I9_!L6LL)Z zmNKE_$mk1Bn&2K_H)l?$@7QDKPH3V&mp~y${FjwNp{Xy$JPM`V`EoNUxT{-JI)$78 z^(~=7NkWB!$h66-upwhN%&Xv#+%mbs!-&G#=@oKa_?BZ~{TvIfsj*g~g?iJlG1Y>5 zu<+I9TX1D^)uaoq4foZgU2rYq*WGL)kKx5&)k@Nm=g4CQS6@)I-^#e0)14Yjgdm#4u}foo)H zaA(6-(>0WW{)%!ol+yq8CvGV1))$byp_HzbU9u}DaVSOmEt5k7gZ^#PIW&sPx10`J z%IQ!gcdI6LsMQU%sU1ow_?F*c^ZX8N82j&*!OJ`F(oTo0CkxK<=1Gejkp&C)|u^XZR}Bcif*+e{R3l`5M*WU7dA9&SHhM5eRX$r!OZm0w2Mi1p}x zCN0!!QIPnPDG>AV?N5@F|IYArr$# zljfnDg3^Z;3qd^AmX+8|srkDEvjkEYafDb3L%@wGnNhgN;9v$K!T|&`e~n!Wj%tdZ%j>CtWK<1(X?4sCjZs`RY>qYpa&JAhc>u7NK&lTa$g zOS_k<5f$nxZ)3i+uOgu8@lGKQQShH+!ro$GtSry)0`nT=X?Gb+@OE8>un=s(G%r!?-$ zNGfjtX}J1mru+&}*)F_z4M-BCD9MfppR%$WL9I-l74HN+VTeobaQ=(*ghJ20dQq>a zR=wnt@AD=IDn@CWDD100Er!dvOtLOs1cS>cTnZ4cafsNGakK!Z%)Jx?FlQ*7N;}9t zJy{W3nqZrVLi6wIDW)*_tF&-9u`_Z?~;|OuH%-<+qdC&|tR| zd=ib#DqM44sr-IY*$t)2J4)?tDX9bsMUipaop>^Ym}ePk-&ivm0Ry!Y~A$=Z6SJ!1M6blY4OnJavM0hoKjX z1zH{^Q8DX1@7IKIgfFtEE2}SM2rrSE}#XB5*byaFY)J`*XGiAX6VVTV&%rYMJVpbn^SiLi>=>+-04#S27-i&-yxWzaG|%!fW$h!xeLw^ zywkAIBIZlg16@x-P`L@DWX>Vw&Q{y%oJ->>y=&nRx2%Y~8+<)S`1W1l+jfR)mtq@d zcz!5K{n{-C!u4z0ZtcPWUD1hM>cws|`gLCHhH*Fjb==u)I%=t1fjX~hYmXvZVaSfu zx{)(MURLHDi`KUKTk7Z-F>e z!z>oA0C9*zW}!}hb&ew(&#At=t=A*RfhsEwg23Dtmws`Ky zPHUyi)rMIYT+b0p%`{_2$c)9D0B!6p)wSr9u%{WoZVMWvi=>9SSY{Ago32qxm%OXh zHN&LQS7zDD1#K2MX&s$OGWuYV((G86g@%@$Y-6za&=$7cBt1Gijb>CVkylBW2_;sA zvMlenc8A5T+12+1)uJo*hOa4ECy^VWX zI)_FiV82`Ul-p-2y-TXo0sW<|9s zC_z+E2QCUVYIzJrg`nG+#L3oFWmT9ho;#R5Ia8e?klrt;=85?!gdOC*r(Hwo%@(I` zHd)13)EddM&ww}9Wb&$MmU;UjlvxeE5312}U3)~OR@39{Yql+Pb7kdL)4{bgT)q#s zlB>q`P1EHt55E>oSGgszWGq0@a!8^`?S|MjInnnvjCMnL@P^dXGFSk)CCVw zAa;q$y{4{9>;v@CN3n8%9AAvVuDs6m;@MuEiEoqFEax=It}~*7xeAU^Brn>U4ysEH zs*7DG9K|P#7;>qOWps=5#A;q-u`mK^CC_p@fnrEG%8OV2l2=}|v|w@K#N5>gRlP_x z3zWH1mJ=pt%d7*OMu;x34B%%a`{vW!4b`khUwl@60t-YR4CgSKDfuDy@;!$r05f?4 ztNlK4K4@*1?I{;fOmM`-Uz~ua+1Zyq8h;8%q*5&i#V05%qIU$c@VU6=+r3j0!=J0` zNvm|A#rD5Qiwr^UQZ&Pi(`Am+y1o}%qazyt)1W2vm@q7zZtdZlCao}VIBN}B)ZN94 zMZ#4m7MwA8?TaFxEEe(wo4r;@13W{Fx5lfh>+4VVa0%EP9=&+khp^l2cEKn_kRhQy zgxq3F%JY?`hipBCuH~k4MRfP-ahRoYdQ$ry)_>Y-`yC|E5MBL4ynG$T% z*aAV?zZFoJHY+B=wtQ_is;3pHn$?vgby!L6BRkv_Oi36ZDx-x-gtU*oAzW%FJsuI( zjy#S+A-ON%PFq-&>|G;v%Uw`6f?pB3wM7gja;r39^LFr*1uoSkPcFgQnAO;d5wg-1 z*Ca4rD?71mIbQNPqF_`o7BzqL8QqWSh$%C=hEo6PHAg*zq3?sHr%@*#V?^-+MI45E zJNd+6y1K3{bd+`1R$k!l2~u+S`$fZSM=lczH}uuLgIpYny3N=sOug+}UxrwX(WZ5v zid^&6{nk~>SDHsa{3Qm1Oifn?I(kl>U=4lR>d^_@5FOun%3>S^zkcl%8`iLPe zb(5wQGZ{d(51;~s8AuNY^?9R;SX?Yfq#Rt`X%dFAvXenBeT6cYbSp=VZ1VnNvLdwIG zFa&=33j>4EX_{QIrUPj-UUm0Zx(Qtz)2e*UqQkQH3{Vm(b(L#rUAvh;-w3Oo@>imf zkPGq4k7lxqB^6VXBYQj&EV(E2Ry}e$fquVMWF;PI`xLHz91PX2T!2b5+h&hZQnMx3 zW)_UG)RXy?P)5iA$e9IJoitIL{QC~kNxsI+5MT;I%u*K9bW@&xGD8Q&uW~;|Z53p; z#57!6mstZ7v)GKw&vPVoxG*_X3A7{SwF?LQJh-|zy?E0vep6SRVv2lYQd?;q?hd<0 zhd_E~gpxCYwOMEdrA_-A{3@We`ALJi2xbRya?TU8kUSZmp5*vcqSvscPuya zxuXIBh-Wv(&uy(oG9;`II^&bGli@W8x&f5w4#8k72X7w?2jdg)^V^dP0l|kHhGf>A zLzY6jNw0D2rp@=k)8XaC#mVsc=^nVwHMS_ZVfbHGvpsNfHa-Cd;N;?1P$0hEOqOEp zcztzwUI7Hi#86ajo+a(VmckL(eQHd_gQxo-{o_#lVfg!W&sx$KIhJLv`2J4LyPhza zBC&He`0?bdlm8kZ=2IN&*S77q)(y=a7f067N=$DC@7|m=U>f6p6)*`-NXY5q*{*!# zbET%Mr2P>1$*Qk^k1Ezwzz|wl^ewzzinl6pXz9!1Cg0`g&CSVwk1nsSPp)o`Psf8F z&rWWRPhJn+on7CYpIl#^4#z2n&Aa2mxNdlOyuRbkW73cEaMvoA^hz{Z%g4Po?sZ$d znO|w_zUr|mT2SudYDa)_Ic^p@U6Or9DT!D<*H^(+1sS5CF0MCI1Ten>^xQ0dlkV`zwHM{&ar@;6MJW z{ifq; znk@B(Pi;A3%`w9hCtpdM?D6@&+Gqah6`I0hA(=dJB0~_o05h4dQTE%2Ac_JRp=}do zhYFbM87Vj!qT^E-+y2#Jl~_Km)cN!YbQKS~^;6;VXYC)i2)~pWM6$R9eTles0_r*q z^HA5yhcV^wTp1NBjR(0InZa&1=DCSk20D!aa&-2uzRb`&Vw)yrJ^-qaOR z=dmdWCn9y-V(!+?4@)iAVK-bp>=ZL6N(7yWuoH|&BWd$ zB$M6(%C|j^iJ!;-GWEi0jJu2ANtxstBHMRMQEKd3^RG%rqk1Q`gsdg=Ge-d`e{A9b zyX6qszHj7Oyc)+yUb3?HHk8sp0hlZ;X}8I%Ohi@1b92+rnmjmS z97e^I1x>6r=j}3W5bJS@P;UWol;!&`4#E?wEU!yIi!|94-J(d6ET8PSQok!Vr&7Uj z9Li^)nLP1gCa06pD>iNmQpwfW3iPV@$|B<2E@?puj%JAE`A`7co}xL42-S(!O`wHc zW+g7w=aAV{E1L#Z+m#gRFJvNH6`~*2B~cw3$RV8}o;_BjV)>xjMf^f0I@~d`7do3d zgC&b+G^x_l`d5j{sW?FBN zL3b!7Mt$f)wYqwuwo1lQmPBKd!brb=Yj>_{*>!8>mtB}=QO8Szm;?xPO5>F~pt~n5)6bv>p1nLc0RI6FZM;*lJRC0UqOj~vCqs9LO7q^Qm}4J? z_V62d`fK2^?$*f9+4gIHZ3%*cey7b6?5N zryT$~->EV0^g&0MBmG`ajJ~HOfzVk`{raS{FRJrpj6_}K>riFcb90?O_$0MS$IiH# zmRju@r#PC)_NpB7P=2tqngb)PIVE(_QRi1_nWdZsjDgN2a;H5;AFPzG!Vvpl>B|qw zH2A!)=}!2(j9#n1F1>?<&r!sU_I36!^+cDjO_nQjO7lTRl{numq9%ld2xe$p%Jkvc zKRRZf|Dyw7u)vY9V5r+D&p??HSmxT%DVDX}Pywu~?yTKohW2GXT8>PHm^49dNc>xU z8AZmV7m2W#loo%^YNV(~ny4zaw^)OEsPQSne-N|5Js z_+RPuxr~CkfiUcAP3e6z{_FZXGcrdnhh#Kd|R_8^I z1*-pF(5$d@_`5Ahifu->78l7NlhkSfBYlg=0P0ru$|;}YAV5*B0|0d75~liKmM{mP z9Co>6xl689<#QAJwx>_m<>iA(&hNnE9s6HnR#*@CwXrU$Oaq4hwWg34p7$FIP_5WT zQ4~lUq{BiSO*W`LW6% z-mI>)V|b(Oi-mYq`yk8JSVaMjIGW`(T1tU@)-wh1r7tmsv?-e`H0z996;JXbDiiw* z(-_TK!=RAu&P@?#-Z;pz+X)NeDxcY|X>~C^=tpK)rcTnuCk+MBaYrpg-tEzj`2Xj2 zK3vQHXHK?Q@8a_MWZdN+`F4Cv4gSAZM=ze|{eOoChu{2vkMT2nJGi^uVgc+D1VbupH4#^S);Lm^F+4=Oz6K1}NTM96oMTBwepOYXvyZrol=Q;%>HrW$| zq6`p@K-Lf}WY+aT80s5IU=Ht)ZlNCi31s-D$($p8PhpZfMDHo)97Qt!X@6(OdJ9cb zn>z>Maj2c^+P(n00rt6B5~{jpFn9Eg(+>D<5Bvrq90h`V&qbdBfON*TidF!u#kuoF zzgiXw^-FY0p2-rRkH}9rj%Jc2x5)(gJOneuRSnO}PJD%+=%d?icKZAIGw?zHV-H?#mBu>Ru6}LMb?%bkfCfP9Ia}D(;v}9fB+BFpXgqFhAkY0!PYDVnJ?8J2G z0w|E~el?|F7yarmDCJ6LZ_k}jp5cmsaH2I>{|Bjab|b>UE}{=|Ac+JCd zDyfD`llyINPr@q>f!n5V*obEF8cJ+3OKL!DNj0Ni0HgSwqF zeOJWos9AlmuRXa_5{BentYXI(D)9$XuNH`&;7F(^YGSGNdm{YR&ukF0p3dG~sK@rX`t8 z6F{K5CUOOntBdXD%pd}qM0zBZ%??JF zG`3oR>Lk&m+tG695%3Emk=RTA(D~F2Acx&gpDJ4CHDU*JKY#w*0l$F>Wa#B{;01dQ z_bb`)>66270i>EQUoc0+;?;^FdR^RxD1G{r-ixxt>g!@BFl%Ra24$_-jZ(Jb`$poh$OC9hJ?N;zSvlH<=5VK!H;CXYx z>Xygybqjd!KpRm9USODA0Y5z)RdA~baVuK$HVu2sgadf-N-KUU6sd{)^-015jPX}C zc2PEo{{viHUZ3>A=~Qkat@n+xJ(;>@B=&Io^7SemYCDHqwlQ0@&YBy;4#3vNP(AJ} z2tbrdn}hut_Vojz^3Yj6z;b#FtczV{Tw3IS`uzDb2nbSEwA?gw>NTV^WJ}(!v9_iq z>XY?Tt4$NdK<9!4Xr#s?N4Oa+nR3XCjb8FDE{{)cPDiX2u?~6`BVXOT6Zj&{lFyy=s^`k{Z?A5t5}z!k z-zn4j_T>Lgvm1Dx?D}_U-@kBGUQo^A@3uYrohi0#7M=1sn>1$x20y|OMn0mgCXQBU z94z1xaG|dtn4){Iz)`}j%i1%A9F$1AUHqTQ1FBsd1?VF%nk2M1YF?`Y2YXTwv^?ms z7TfF2cIR!z7bD;+xiY@?$-Qa!zhDh8G`H|uuA633i0*k)Lhm6B+RY4h=l52g9joxU zztW)mk8Mtn!=qQ-gYH51@Cz69jkhHEsbO{eE9+2UD{ouxsWSi$^=y(

VQk(m zIE~DeL5B7L2?H>CKU9Rs<3P$$H4CBJ=;^b7zyu`U5*(`P*|8X-%p%AJrkHanCsE_}6_Waf1%Y6LDt5?sz z#eY1;&!?czcOpL-nJ-{IoOd)-( z2{W)eSxPmjkL`qJ72ET@uIi-FWGYKQvjEmWDZeS?W#blwt_ zUHwh5M=(bGiWlQ#I>jGB$IA$m3$=~B*WD_JbSPI>-eJZT$!Fp`NU$4T-K47Ii|IqAneZX8l0s(n}^kBMkO1Ly@z8_ zi6}l6w`>X9h+`E;^6PNz3h{)h!!Z^8T6~a5KyT`rK6y|$3c5yqWu}r2{*ixO5yJD< zWk50H zWBD)?IF-Q68%6rbC6zL!mB?D}HZ^rMwyWA57JtfsNmq=^WuSpCd+ReMU3X#m?an5C zWU+l-G5Db(RL!(;ER9v#l$t6|#6_`srFl}z4Eus}JBDQ5kM;~nv6S0=9k9#eur&}X zpwRdW9p0>ltr~VEN8jXwT2#nL<4R{omb7PHF7R;^7Un=TF>)QuZSYhAYGFRMA02DM z;iV&Wi)K0A6}Ot4%Nbw$MJCCBW)J?J!eJ_g z0gThDsWuPfhY5~?o5Dz^pW=JLT3ZpwN!?lnSe`BC$%@9^n0@%(YCq<_9gux!xzVp} zUc2YdhrConcpzpuPTH@Can32j2HZ1tSjnk^lm1Y@EO`#qiBIdJ0tI9N<4W&fbfsnvc?sN)T-coMv;28IUgnDzE2XBKO+ZJkKR&pofUF~LnV`v>R62=)lj3z1QIbF$2^gMNd9T)8fmgJuTJA@T zj?X2?HR()N)a3$7FzM>nIUeNc&s9z_t+bX_0cp9Cisqhf{LlvC_1RcGho!chLbIJ6 z4@Pzpg$DM@?I#bJ*|rufy;~dwrz}mZ=x$tj$o8BqcHwK2j?bf!8nTEZUy^RKHxSV5 zwR)Kk%EWNDQS#YisYBIhQ(u_}eluLJ5*aJteow{7%S=Y`>;^MI)3V*IhTp)i3E@cJ zZs-IPLB*xn|lWO{**VjFE+&X zZP?t4vDPNnmc6Yov7RA<#ShMu&L``p#U@P2u2?v?kIaSUTrgIbqL?tu30*2y{vCKz zH_MbAXugPh-E>Vr0r)5Q?Kj<|q`F(R>;_0Sp@(D<;}8KDhQM4i063B-NF|Yrx1sYt55!BL^{beJSL{NjPEJ^0%Q3aSXNdww_Q9^%Q-9cIpT8?IE%zq z5XCI625OQpWrdw02SmkR2#!GKA5q7u>RCy9(z;$Ql<^Rg5UAYz@{YYs%>)8@(I!Hw3=lq- zFaOG0IqJHsXuF!URF7iC*2;As=bhJ1t%QbqH4Cq>Z4ov8~IMWIA^@rjJW{viNRZ()Xf@)moUYc$~ZidJ5=J!3Jw>1M& z_tJDsLhLVlF$p}T(@uE0?1>mCLh-+FG*e|5vG%cgF%%ne{d66o>Y7QT+D_NglD&dh zpkczv8x$cb9Rg*BeAOx@Xka}7!?)oVHU!ippzjDm@Khyw6vV3sELm1VUObeRd<0S} z+@@CGd~I6(){?~U*(%4!Wt_f6%aypD53krZ!*6Z)j?<%@**|Ie*JJokX!*E29}ZR& z@WF$MxDOj7ygf_utQ`(g&aTg`tF!i;x;m?5lTX6}F>Cg$1kwtQBq5JJMe@EK4B2+# zIIcsM59P=$K}Atp8?ef8K#H)`{f%U;?>6@7*2l+~O$cgCQl+f0D`0 z0&y5X4*NUm#pnLYS$({C79@)phT)F$XmojUl+5R|qqNC)`ibb0h_);V`vOsU2?|(A z*qQj-xfP^2XXc&;oH=d;Q2k!J9e&jX+7p;QD_wG#SAFZM_eW%YPECs%7X`MH_QneC z0wsy(K}n)^pDbb$p@_@ppEH(9CRq2nHdJ&=~n73iQxc ze5|FW4&Em_kJB$?a;;ZWl{(f8Xh{@x4hiR>hC7&YL|@|wvw4=}2!M(Tb%Zy<{NyH~ z0)RWziyvFZnx99|HHSwa7m?jw>Ey!Ji_<#=`6$yo-<1N>T`>Xqj0{cpQoA;;gCeeK znTtq(#wbKSC)90cf7$Gjkvf#?GYn*xnwiZwZyR<%_9K~H2hB>UTWlyssYDH{lao08 z=$aMT4~p*kPC?ea(VKVUldIgvPpuP@gWQiCvVNMis|2o{R;;9DE(d%?hbl(0iuQyd z6X-3r)vVacutTSSdwqI#QbS?Wre5Dc=&gKrro5Y_9LomKAPmA&R?CSFJdU#U8gVuhNlD^2ZT-!}p3cXQl zSe~{FU<-#~DY7cPQu4t`?{C*t8C@$4W|b*D2h0OHv1idr`k+@m4)8|eEH(y{ws3USJQU`pH!tPps`gys0S>OAy6X+!w_cW*M&xR%}II(K@Np%MU>M zHZ1UxsGn~cLAUTz=l_rI{EdD8e`@sqA3QreI?Vb1Up{;B;+y~fF@Cn}|F;hmb7ug~ zX<{3tr4HO|_kZg6AC;-0Z^r;%#W8?;VPP#NeuETI#7IJYWLrvjHz};RM|)Ynee>J<~{RO2avVdBIE$(cIys}CC4r5!KZT)DBHAgBWSQ% z?F=ft87!!X6uqHTiz7w9CWvKwK@Gaqwg~^Lpo@x$HFRY^ge*%;n3{8b^`1w!Y?X2F zn@RSy{gm2&=p(1l6Uyi@?7xGfS1|eW4dT&nwHC z+IW2AE*(Oc(W`Is|1o|ZaQ~;J zNSR`#$&hk2q?}zPA!6MCMayA&b(LL{laDenSJyc`5wsvMXVyz! zwT@ws=Jf({e}2}?K&#$Xc=%G0sPyXfGB(D)2Tr7r>;RyorC+v(T4%PTyAhe5) zFJ?FM2{b*}UI$9>weQ7Oxq^NB+2p5o{m-SqTh|b1SpN^7zdXwA{|{fhIQq8!KgQ4R zvi_H3!rO`+u$9!6-wc8;!XO}bh*BJ&2Uz6Gvntk-_=jB?YxTdIw{PuLph^Efd-*J< z|DPQk9DdXPkMZ+>{@?N}isgx6D>5x^V^P>33**YwBEUXdv|k1ui<{v@n4FL z-vRnnRWmeFeMlB_@;A5$8$`ll`Zx9cKtHYYKiljgK-2lp%fr0>KR9~+P5(d2&jaQE z$?N_q?LO8|>HoXy_6Apu?tW$PbZgvMw+ULW=M@3fB}R1av7MY1T^j3m|RhO$$&PPpP%Y{Q_p&T690i zL|ko@e&0E|BCQWKeQV#ydgz(k^3D00$@CpXFxaZq;=D|{j_I7 z|ER&B5nvx$gw__H2fZP)BK|-6#hE|IPp$t)yZ;s>!ko~x9Y78KpXbjD=Rb!BFTUOX zeUzWy@%&#)*SVIiilZVed^nnQeL@kD3r#P7fTV$JAq7;y^J3orEb+iJ^eB3iOi>lc zzut^dg~P6|&S_MA!ed6~7c!AdQ((+rb!RZ;Egb`bIYyNfGj`{1&j75Th~+nkZ7jiU zntE9$H+5HKqKBd&COFCt&*HLEt`eiIf=M{yh~8y4vH>t9Z3eyAy0D>XM+WmLjL|h- zAd>K`u~XcJpb9u^Qbmy*ZTZ4#+SDrCa9X#(T4Ale+_-D1_^Pafg-;LD%_0R4*4a6U z2-Q(>>ndZ!A7V4`$XQ?wRbQ_$UpN776}e{m z{U{M@Wyrp=NHy&hW_@rd_W^Q6ZJU3c-TB=)fHB!g-(~>{$IEE6}d0A&xW>g zv#kU%F8EgSuXHGlY4&*hqwtBT3_&!M@-n3{IYdgyE z)4C5fzO3A9n|{s-;!!kqLdNVcel~$Xjs|c zbTllmMC|13r~><4Kqr-qdQ@;E20&iCORMeexezKVIsvmO)3PU03Xu$KzEJN^S*Xf# zlnm21s_o-HyS%Uy+_1~V=+{2*Nxby(uOK$QY+b}r{?>KfOV<@J8sEOIm=)>MId1Lj zMV&eqRMvRKhsK|PpAiU1^pwlTdN4%*3XOS(Lo`D{_7FM15#V#ofDajJ?oHL3qV3-8 zte)-FZ;g{4oZ@H(c56CasoQ804VXMA+}i^k zm~hf5qVwnEJ^~+b0KDWwU;g_B{097l11|s_&;j1`=tHTAYW1e!G4=Ad$rb7n$Sr#G z`E$RFq`C)_H|;~&6W)v408`+_tHADwncL)_l?|NSnZtAKlwApzPoilx`AV<9QhNO> zq<@N|U=?t{TL`TX^Eo&K-U5C!zw6!zyKkKyd7_~wU(6SK$Z5wS+4qk4vVSB?6i^_(vQ{%9JY?X0f-VCnV3nq4)+yeshP z)ho~o&|Qzs7i*%cd98gz`|fvHb6SYi>btAa$7QnUs!>+bBTw?pgOjb?+8+Z6zJv$L56)Ib?aCgpAQheq_304kB*1VM5yr89PJ)UlY&P#3oet#?X_%GAs#Ob3=^!Xj+ow5?VHIMxz;|KD zZ0WbsTr2QW*i7B(sL`+$+~68BL?h@%5XllktC@-Ha};u5T{ho&R`pRY_d)o&5Ir z-d~=*J3qNOK5a%iFjM>DfsoJ59>BDwBn&n6KXVHL2iWu)vWaPHmY=8Bw;6tR%aP;@3{H z5c8u*{0S|u(6soqIcQk5FGR%IKeuRE2cd)kE7;X_Y#E%LUH*J?az48LTPu1_y7 zZq6@{tND=H#4Ln&!YE!q#)T>0L_tey)S;wyrExTb#f^9RKIVfiKQ@(*r(>*MZcEdY zb>wSOHkB+{O^HNV@*4|cmn|cIPDw-(HYAG$=Ac8S)50-Jfve-cT@2q|U0z(i8{Z5s z&(BY<>t|Iv+-;}O#k+Hd0zJm#mC#4YVw_Q6^5m_k;tHe<&)$u%Pp)nTqtVU9;CwZX zz&QQgjkB$#;R!gE&#JZAk?IH7icXD^uAE++ULXH>Gq`%w%-Ayct8ucP;A~F(3`4Q$ zZAtvkgR@mO{Z-hu*_EWkCM+d?JiIy`U90U#D^Y5JXg%g@y|WV4^}Dtj-Wz1A+8SfE z9=GY&s>Z|lK+fs6m*eZ!-7z@y-){-yZSkz)9jib$BD7MSR&wy{cra@6q@7$0empz5 zDO4>rp_YhsKqn%Z@e~FyZnBtigXT0TuWI=#W$lE9`2yU+ODH;Z^X}@bvSU7hA!1e@ zxz^a)nk$Bi@yXTu7NalGF+}g0Rf>TugsUCgxJHI5=^nm4X`!hU-ToYvFLE`T9@)}5 z1Z}hVF~nV;RV-wk!&VNYN|s)oygvQ!mQ1B+ia)N*)_1R4V_?a24Gdy$cyoNQqUei_ z;qgVWEQng;J-s+y122w(0$v;iK~$+A)I|*Kx-K-lG0V>0UVX**ey_E>$-aHLdk)bj z&-8l}`5&JQu7+=K2G`fs8moL984`Q`8^}2=`!L{~;z_c?JW-UqK0Ujx(Vn%mOmWCj zDK)RvmyKLHPe5J?Rj;v?>Z*Q;wIf8@t*|X(N-XNG&&E>Yom}Zv>SlO4dV6xUHnBn_ zB083<*bv8aL@W0W732(0uCD8y6ZPS4CG(^L(@!UV+XPYd&OJ9AKB9a$c#T68m23p7 z*f3a|wm}6O+6N{1G+dS3tFyJ~y*k_2>G}i=k^u8Yy>j_R8vd3A z1)|~Q#l^|+`thNzPekz8oJ}t@md&|7W|O9^%;)PNSQ(H$UHl} zIB9ESm0{Uv_nrd0#tZZ>61C;+_38P^|GB(aL1t0}Tc9_dN#Q;tvo_HfZwBvj`CQ^oHrzaQJH|M7pH|Hng@!-u#+ezVv z7)AUXN9Tw!I76$<#PQp~)yc6C@UzRo@y*%kk5_}M(-x>RwK$$bih>bEA%Vdeo=`|} zH4PPB5t*0gB)WSKX~8+Tjc6wae#@w*`T(<%YmqjR;d$+6mDZ;aP*pU_TkvamUL0uO zJcM6r$46Be6Y9aP=D=&}t{_uw7uKh-9B$>X6$*2&vH)w6a6k4+V`G6GP&-=r6&HtR z_Wk@ek&0E}u`(=V%pv7TJfdWhzbIgR*;1rt5#tu(9c?-*LVGvv$!=*NFmrlh{5yN? zRR#K(Wi`vBq~tO#sJxJ?zIcA2aD%gW1yc|Q;@J&m6v1E#ym$6n6J zdcZ^Fy0a?$%kIulQQ>ByJ$%_x^4f~y?~|^pf|w9bk-zjq^p=oYmS1Z1x9v=b9I8z& zW;I^RE^%Gx02t;|9CJ1_-h+mERSqUKyFHoYNmtFuopT|X__v69DB^S}pV9I(mY}zR z`@yBO$^lVHucurS>ycg3wx0NMXOfl5TxV)2sf8KG(X5d8ysE3#z3N=j^6IXxn&(FT zXT8x|DPY*@OX*Q^tNY<5G#t#GfKbYja0qC4YfY1O@zzI;JYvvhPk_1Eu1>zHnk&mZK z06_|7*D+qwVoN*ELNbA&wUc+N?p0q(YID!-cyK+q8DGA;8lK#|yE?5rx;2-iQolq0 z`=Iwd`@b0r7bHMG1el3#OJb_i2kJLXWQ4AuYR_Wm7HvDbQ=`Fn{8d~<&J$fm@0WVl zYwerJrD9ljx3INKuTGfKW%7Xn2TI{@7C2CI*j(~bwE3w%YA!5-%3ruB)3Mt*Z+4aW zW1KhFVBEr@^!Vq^Wti9U6LLQu6aNS}@XtXGrCY14Uea}qeYG0P&g7qf*-fGjV_Gqx;STL0brvnQV z;AGJU=V(D_ZHkNxC&T|jXIPlhIlCG;A_*N`|`4YgeUpj5!cOyeMUxdxDv^ z<*F01oy$XC6xFJtY68B?I%sxBwi~GB32X)JITheKNSjVn?fzaNQGiLLPM2H~+O$v% zyPu=z7=?(Vp#I#k4z~rwus{@zeHd;ER>81F#K_-W*3LXMuZ>p^z!<+52uRcicZZt$ zw>S#=U{r>9$4op9#c*Y!R5FAuPQ79I1M^n#c0!=4aJG68y8W_aqY2fU(^ex@vi%N) zE4*%9=!^YiKKTFHd;9LjZDdb){?@0!swdla#*%DzyL+zp=I$!CllYF?t+m|A%=YB8 zAQF-gQv?Hmb}Mn7&;A^|ks!raiBj8+app|g6baym0t!`yLKT3HgBW{9+_ZW_p+7~% z!y12@WRM*>tFvtHs|~D}V?(KV+8@SGn;&4S#Z@OvtWqcR>|aB~(gqO52{lLVg$^J1 zx6C`WRh&(h@_GyDuF0(4nXRq0+EN|Tqttag$l?s_RWfBy1Z zHdZVH95);a9%x4!QE@kgtb5@?htGgOWREn94< zY5`)mPS?!6NSzfQvj94pOJ5-mL58}Q=5dlQ7j69NHx=g&Qa4sU^?8;2xoutG5MNy^ z?f41Z^R;1~FbKLg;TTaLam2cq^c*q|h>v`J3^c%2Qrv2RLKBd2(TG-~Elnjm*qgK#ql=gCjTea30AQSM9 zXr>+OuV$PF?6}vPVm=GUV)T3QbhQ7884D5X9sT{yo5PlpMie!n7tCO44s+rm3OVY8 zzP!%WLB1=!rjAqocZRV x-zBAytSHwSn|L8%-%e!`$$Y!;ho1F` zveaEce~Oq1YMb|aA;`Rs|?$#GF{?fVcVG%tkDDICz06?^;0tz*W%VI^Qted41na} z_)aAjXmPZ<>#o|u^K}Du%nUnXw)wqqW@S|pS7D!`)>v0reegri9!ks1P%?F;YlG}! zO+!efscF?-%R2I`A3lBkFh~C*bHryTWHj{9+A3g){&%>4nAZQ^zTSVf|8J!2I~_Yhl|oD&~&La{&XI)ox3Sw$~WF$alCN;FN)E2Jh_reK;YZ5fJY2@pS9 zBbD6LYmAlVH15@9s|_g1e_i&3Sb?3!?sKWlGUr%heXTOTff6JcI_8v;Fi44S)u*2H zN(eo)E|Q!{A*(KSnS4HO|8th?{htL**nLeY+y4)aUZ?i|ql3e@&-?#2N|XElUjr8O zZz1;NdD-zdV27dkEutr69zcpf`#%r5hew@#+sRpTI0puBj6KXTVseYn`@afD(9sM^ z3mD0EBHe-oU56s5_FG$o2&9>;cY82K97cizaZQ8~WkzdIc6gx1>BqRQ1{B|74^5GK z3?|THsFk`1)&VagH~W|7iMlco{h8^@8~th=p5xak`9+?{izhR}_$A_Zgx zC&>qc^V9eN4gJ2%*RFagcHm?1@=84I`-_)SpS{3-_&NXgFbF&}M?Qz%_m*^_Uws!c zE?-yOrpm6`GQOX4>>q=J$dzvnKOciPM@O%YS^!L#tgor+%%#XHLb$wPwO}00%}_iG z77w~)?*D?Kz0}>lIb2yLDB1rHUcWs``Trg4@4tE8|F=;Z*8lS}u|wD7#MZm?(p^(? zqbc(!IlA?jy-iy;sZ#S+UwJJ`5+8Lf<8sxb*w{-nYk}~QZU2VA1Bih+S%Xp{1&A-r*>r>^%vuBe|rT z6LIqQe_t8B)#1rn5UKqiIc}~K|xuBU(EetSNXsJpy(ERlA#nxge(#&pg4Eb2sV>K!miWC%zt zgr+*a6xu8Cb1H&c*_^5BYu;4n^J3Jzt{1pyZK5SdacQkRknyuSyxPd6G8c4~#re{l zrNvhqRs*Jkg@;z0*6ok3-H93(CLX2TF<<`IYMl1JUPl2amH+qmm*W5IKimJdQoi8% zkDg%f^aNYeOjvSHV3=sE){XQW0e#I&11a>|y)=+&{Lx<;=sa>2Bj37bNc0OC%aK#n zn7@kbZ`ofaHf@%WZRA{Iw@!1qPEL$a+SQibx%UoVM))w;nP3IlYF=ZJ(>80N&|DjmwHXT@GoBuS3_sbyWZ9yWBB zrl8dv;qcAc(A49rEPzWtZ3gCY4>ksNMtnjqQek_ohgD`)W*v$C|8I|8y*f;v|GznSzW=+G(y;trNp?3&$W9SyOB>5sEG?0{ zjyd0+!a2r#E7stql!7v&eZw+-!od7^CHoaz7ZS*~;_C zbE7=S9k?tnjlEDZWBR6qghZ=h;6jduoI;MK+8ZMIEHhPFQ60rWcpl(+4|_a^Jw}4i zT}>scSc|2Cl0*(wc~d#&L0^wxrrOyk!RrGuU(V-r28#oXaM;Pw4(r{Id{z3yE1Xbgp#>f*SnxC=20T? zKbyhBqc<#^*E=7oG^kBpFiEwsTH31A13Py}5k4LF$sGpBNhxJ3o~Ptjzk+tCH;}&L zh)tzDm0tSo1aC;7O68}U!zmhso~QDo$(<*+hk0W;BaHVw3>iu&snNsrP62b9${E(b zS68}|B1*!qP%;q9E3u*eM~zhMd?NdP)SqZIh!s@WN&Sfs_ygj`NlEx3C|Z@e&H+UX zaaoz->usT|K(}3O>&Q>2B3C}g8|k}M@5cJ?6BkwPym+}%@9kPu*L7sQ8?>nY$qib> z0$0_K)cbjWYpo+u`?AM?{j|aLlxVDBhM;5mC-*<=VS_O2rW!{P5RXh3!$3SfAwJ_2 zVxK24<-F1;!n|%Yj5nZ|P|O!69%M{xg_d7O`lo!AuAr7$yvW~>#{9Yu# zUdpRgZyq2z$G)6n-&5$I0isxjc_F@Q&xNAb@_Smb_Ii|zqtKkFDYBfYktJVH6E=~Q zzNE@HJH0JISDA!~;3s+GV!f37QbtHA`s#devNTLWg|fW}>|DA#c9u&O1!f?KBJWH@ zukG$8Ysh^u;Xarg!-D*vOKDVhb96Sb_na6fDrO(y+0U2Mwl%>oy8#{phXf0m@z+jH zE5+g>iF>&X`AI6bu&zkR*BJrKbL!{@(d${M^orNaO4;*sYN(Y$U+1iGiT{$zB!ZYC z0Id*3Ao7`0scbL<4rHhzuIS@Zj<5n($g8}VH&hxFv1LNvO*%++KyQrw9-F0}c94^L za-aAc04D%FJ`Z|wzV^NbJreNV7;_)aanCxgQopA^p3R91-t6xeXUaZ7l>b8toJlBZ zy1o+{CQIWf&D|}^Tzoo!e0FSs$gHS57k9e8qH##t4s9Fqz(M> zM{0CeW?v-!8iCG#w-fUP4w>UZMDF7si)W`wsBk3GWp-zFsV zrEu}@FUvjv_zdZkfezIxxpP&@Oe*t+tjfOtr>MH{3xBZogr!|RZ|QZez}vTPLC;0E zJvN)K*qp8HEH|`{SolS@stOaVK8m8f>B~&I6)@!U@RcR^+`6|&`f`=5dTXE^HCJ6T zTbdi0JzAkNtEz_i`jjB@>cXc{Fj86tNNP+C$W2xH$ii`U1^S0-9m%aFXT=meuEW8j zkz8imw(gn5*sJxRfT=$gojM0>O>cudb6}I+2B|h0@iqXlRV#5}G(F^XwEOzH{Q8>v zV>Pd(Fu52`eZn|)-VrxvSsP2iT1Q){hIE~|XUBQ_Q9e0Tea&|~vza>GZh!(p8)$U+ zrFzlS*vrZq?(cE~>kK*aZ?o;M-=1Gz_TQaVp=+3^2fd>XvJy8d+e;oY}qSGk>wT|e_K*jI1w z$M+W>-kp6qJuh#rf(Vq;ZdE}jSC)!8{{3nHx?kGUcqC3Cho_hpbu2>yc>($%pCO;? z3kO+Xbb3qs3PQ9;$!wM~Ev5DIZpo;?kk9mt8R&YnT2=a0$j|^Xc1Nfy^Cy(i{nMa7 z9RBqF>h#lh=ND(W!)byLfJ+-PzTr;n~%XXIGz2&Ido7U9H^NfT9VaLqu;8J;A{YQC35l6x}&F zySgrBGR0>z6{d)8=^tnRTBo7>6__H2gD5}g3zq9wST1H5`YZRXpEC^A&E*dD>UQ_) zV&(o`U97#i3x(UoysW1e@4uI9s1nPAqQ=XLjzYcWPS1xcwRnn|Q{L#3JfXk7z&;vKG{K)McJt!=@=UUv^M6+Fqt!}1Lrh+` zukjrHM*ON{dwu@y?Ek&LtTAVz1{&yZFqM=0f=sK}|Gw{kI6c1>-LBYMtNMDKEpGkO zN&mXPN-s_zhhBbXUV!&pY%675Ik`ALyS)DN?)>u8yR+f2|NU9jMd5fD`TQOB-yz1} z6xCUY!yo!rXQyIapB6mQMN1%Iw#}rbW--ja8sJtJ0 z=HLDZ>5{PDn58|@NJWc#@i9l9JFwl-$-DA*)NR`(v;MM>Uv&&m-Yw67DD`iqa^M%< zJSwic8jGlfUUXP#BWw0HyYgJ3EI{{_}!;!e=XJktgCLGYkq=YYkVDGDU_i+@?E+){(&V|~aHiE~zU;6I3 zW3g1e$(O3FUMLsg!h2nXx(Z;-6AueoODJCA{Ts9>e?3y4Vg}I$of$YdeB0gc?spGT ze&H1tcxs9_MgnX9U2i-E0XIITZQD<}$uX_O-OIV<1-?Z-Vl0DQdiGC^^UGwzO)<)#q&E~)m`aX>7(xv=`#uH~Q}==W3etAca7ImKiy)GV^U54;Hl8z^1hQL&2<;SF+G>Cm0gv2Jtkv$W4xxJ1+}~ zyq!~xqBa|#^Orcw$ZUHhQVUvspFwD)mTs2(+cMA=w%Wi9_%deM?A9OZB>0n<>ndm@ zR*=_()=|(;p`)y6xytG1N@nQgk87#F7HbcI%1ood-7(Zs69N(xGO-*YU`6$0I?-d*l#f540$ zS2ugh`|hWh9)sVj0IrkgJC}Qva;~yTX>{qYnEANqUR!2%soi=6F0|0+Sm&dmO@Npq z7l-p>@D9xhT~s?2VE8w5fyK6++5@5=5?WV<57%d?mW6pkOf}I$ea4zGV=IR_&VTVU zW*qy|6A$8f<{U^Kh(zCV1w?+AoDhz96fJfh687a@`W0|yBYFNk%u^PD;)3?b-=3042F0#bfDKr-KrvsN@j}Q z#^0H2X;B98bQV33MVhK7WJ^ggRaqtdWQEjcISp6JK2(zn*=>2LG|Mdx$KNLzy~=5wWv^UgoW%?rN|D|EI)1vL@wS>>btc6M zNkU8cHAF0}J~B?IIj}50I>x_cUOB6LfW4Gb%1ZyanbBk=iKVi~vQx6r>rv}E9%OM^ zFst42o`JSHifX5hrZP5ti^A4FzjS8p$59IMzu!6?ldN~W1n|ZA-}he~y?L{g|NYg$ zbN=^jl;6Kl{&zc#`|W{A#;y)*S5Cy9nP0kIGWG^?49Bj@R%+))lA$kU`~AK6%BDF0 zkCt(@6y>@{zi&EW`ikAl%#yvL!dWA2`jRB^0(@XdWqFEg0oVu7b+P<6CxFiofDR9# z2ZC_yVK%!Y{0c#L(RW>n7}Hjm7hr;s=Ylcv$Q>9X2Zpk8WY>L%Jx@p^0T?6fPlX&4 zAV;Vxj1V7;LoU8Z)Q1@uQ*wi3#~7I-aI2Ob17rgJ5ly&b{nd=~fF1XGQ_N@KSd4xz zo|X1LF=HWOy`#Usd2`qTaXQ~F^nw{oO=X??5p_aeUSH@S-wlXLzo?_z8A+Hg0(1;c zypVB3&j&4`80&u@gG=HIcrp#w9rQVXo(BTrGL>%&fgy(+O+s&oxETEzyp@B9sUV6P zZbJv;f(fCrHt{8cH%JVL_&4D*M8P1wTOgZ2x5x)$G$B;hxp+yDT$qbJz_5^5#6wx1 zYL-t516^(_Bw zqdY13Zz)dM6O#RwMZIOos8GsUvi)sMzFR}ATg5WDvV>RK}gI^wlMCk=TygdYI5>85qvHrf@RBPKIxMW@VY5CD%mWQOb(& zWGXThTf6XU&-zXo`>vorMQm3C&ilO_bKaK^2JZPF3#5>K>p(jn6ay-(D3Z9V;*P|1 zGa)URy{y-9W4RqJ{GK71y~rf{HxgjtVRmaeaxvhSkrT3!X__wp&2Ra0D#eXLt|QD*hV4?TN~ExSgQi7wCN zWoK)eU#d@JtBG2MnP+|UG3%qxWxFL?|0f=5NcaCsx&D86uyp=&bolo9{AVkrVf{a1 znPcd59g3jRBb0i7MLd*H{B7YuGeZXkaEv|7v8g5gKuZqA)&X6Q)chZ*K_E4jIR`ZB ztH${aROq1IIbHz4Cp_$Ppf64wNHX2FD6?uU;`Fd6H~~zFu*dGZRGjU0WSlo z3cqY+dW*>4U32wYzKRi3FW(|MwqFbxO4cH$TKq!wsavRwh=n4D+4^~9=gYXVym@d~ zG!OKZb~c}23|#a+~&{jLdXmBDdRC?<%`wn>-!9nkQEuk#rK%tD>`O(W%AIzp_wwgk z2{&%*85yiU4eii!l|r%`(&i1S()NaW=+(vQ94{~N%Cr9Vkn}g@=kz{+zlNw~sG8P{2#LH-3^0Gm;PJ9j~glgyTh__|C?KH7B03e>E@F(_) za^$Ih+EELX#IEfYR{d!z$-WNh4Rr6Y^rr9q=j!a4k&3?(~kXh~LwQly$I^V3sOhbwj z@lfJ{IqpScfBY5uKVOOe?^(etml{w5l|K^83qHZMH@|#!uoyv)=N0_Cf>&I@$tbQB z7Gk+9AeKThyl`Uu$G=q&CkhwzSJqPgDix77?x?+xi`#y_KK~~!Ire|K{GmD;S^F5E z^!#`KD1HC`)$3>fudS2~o&P2e*Q}G^qI+NF^sdhJuYyy&$0QqA0QEo$zZzU>=xSWq z-^7Kkm3s4_u5t-|T!ueQ&a!KAgZyN;ycE=e@1D+HnaTgT$2tw30hh&pd2{q?$^U2n z+5cxNrD6VGY#hEep-LmRAX!#yju#xu3hL=lp5X?%q#njKIZ)IvMgB?O?m@?aZSd;N zQS_eqIEzDOnw<67nA}0)4dnQntZgOgjJkhwO6Cyz@?FC)6F)=;9_n=b2OSJWbDhg{ zFSC!-Ga}#UE{jrqZRp<`Hf6j;>x~Jo?eJM#@uTiu@s-`p7*I590TH>{&BJtU9qQS2+x_ z8N;KK=pK=^Cl#y5W08qR<^xV&^Q`6_V-rsuu(ow=?X-7_oKjsmjS^CwG8uWSyOa-T ztuCm4Wp&{nXpzwa2R1kcsxK*h8%Kb(h@*t*^Udc+>j2%jZGs>;JFy0{jRmCLsgor)R9y4Ji2q zIlR@yE`mMv9wom#Mm^A4|5s=I(|2dxx!ZIbh3o&-o5NSH4pZy@@a=Q_&+U}|{2!f8 z2f!fcD6vaBCl3Gb1?Y7CtJQj8Khd1P1>*(yR-N>;TGsD7#{tn_5fPIdp6!S$F^iR%DI}Vu#9)>>O1DMC$ zXhJB$Qy<)*1=|C^5bU!(aEs9$+XI~9=@d~WD`kR_xFDd!L2gI|XKQ_Ye=Fo-bO*@9 zg8cK&jPu~Q*SovBv%Rtio$j_;*A%*F4(Sa$)|`<{xKN*^RwQ^QW?6&Q1=llVqBjaw z$)k$ET!oECt_f*KCKE(OU7}uc=c}4{vH~$A(8q{LJ_|x-Vj0eXOOSFm!Slcqqq+ca zGQl2Je3(!nUl7WWXt~>Jy?6nxFaFo*RjV}`jU3`L;-Quh4FL8Thn@%Ki;mVC0CDhf zuSd}oGfo$sgRV=Q8$^X1sgDAk8Kj)q=ZB-wNVanBb4uLMk(UEoa{T1WU`z;SoWg(s z2tKBXk%~@fGA>1_1zC?%gnB}K$wP-sH&+P}20;p-c+z#zZEshuJ!@dZ98w6>I8A_n3r zH*!>noOTvFz`j^xn!^7ZT+;>ksLV^CA4G0e-~@8$k!jpF4O5N<@;Rab#SHE4$$^g_ z0HnjLl8ISZS@o(ZJ)lS?&}En-)@pUE(5K*_d+;BBYjqUHSKY(zzW8hKqdMUh3M-<9 z&6rgg3Z2Yb$TjXyC}f<5(yv-iZMjm+WRc_6YF(3P35lm_vP%M~)vP9nRH8@m8XFyN zb|nf{WKuV)DZp$Z5{1_qF0&Z)NSGX{j-7`}ak!5INZ}lbiSqN#iy-=A7ce9zh2)b= zRulgU_zZG0iA}A@1#U>ya7*l}nO5t+z}H`2@f zKF*_0XnyLsG7*UU*(QdyN;2r8KZ@U99%72- zxmnBc%uxjMPjG1_p|HCpJ9SEINUQ;1h)?8L}U6*8k-pZOTv*LfJ~lZ230jH zLl&Ew;;=??Uzcu=p4SBfHH8JaVaTPRt>f&vM3P+ZOYw9Pf4%_UOK)jw>a<$-Kx*5o zm3wfCm_uK^GIEs2col4FL zWEH@0)QuBy<#G>3?e+*P!ykm6r|he&!U&|{N5GX4OBr9qnuR`ql){HHBKKhQ@#hqL zoqy!SgRBa4V8b6;-%7b?5ao9QD#6nZ+uby%>LrW%Ww+)shU6YZE}#OlVBnUos=Qz* zJ?Ov=xkZ#>7cnr(u6(P5Qw6^9{41CVdfO1tq0UFB;Bo@A^U4zNsM;?$8!AyhpXzZn zOVqD82*DSjdfe}F_{PdmllqZyq5ynU^%t4}Rp6T(fodbj90U!YOn`aW@O-V)NiGg6##l{c}!C6?RLK`{DNE3qb2w^Xd$$k21cQ%S!3x|`uPm`m1&0=V2F2DgP*#C zI9jIuM&PHLZ3=x|_}MpqN1KM9)9m`APy*i$m|zE#O*4Rd8{!+M@k$E+s>irI$MuI1|0l(FLHjgp;zujy`^CUnxECdNk5EjczLAxD{Z zM~T;moNDW00I67S-U67J2{K)_fN^95JJR|vhgh11m#l2NdA%_;rF&%eM!ZwKC+mz& z!Xsy7zitso2YUwEsjPt#x7_uJ1HF;zjSS0tDve;NdDE9lp_C#xh5Ecl9xE%G*|Mo~ z2i-z1lr|}$S4P8?!BvcwmmV9-F()~1`mU=zfJ6_BwN3Q|xp7d(RmbM{Kk|BGx#EoM z-q_yDjdm%gH!g-#pD>P{cf^g-Jc}LgOhssnUjTFBBCsQ~X;Csp+HN;SCa9+?t&QBW zW11KA3UHCX8}()aJzL(+>W!{O^yWm@$Vt4ML{H)q9b;-{I=dG`yvEpkY%>p`pslA* zR&OAkDq4wIJY}2dis=pZRcQY9&+-0cOBS`ZvgH;YrwQ|+mgT+N{;`I=^|4x4A8IKa zPqoOU5wuH7jlc;R__0`hA8--;)f_%9je3GI0b!VveA;AE#(cDSAWyE`gVC}NK_uPA zl;Ln%Vm8m942M&&gXi;*tE883%B0T?%)Ej89Y3Ca|~g(+l|g&eZqA<+erA>19$=$ z;(JQoi-aOkkD<pe$=;_Kz`Tg3$9+2DKX8Ond}Xu=x!_c%tPVjLs*QgbyfU$WJYb z6lIFfLGQsZKn|WPY_e$Q{_S9ST4h;Vw|}&_85)PhJB>w|36QS?bu9+483|>=Y*0@J z`*W9N?cDxRP$nl*>9QaP`i$YJ4`3YMOeZ|gJUQ-y_k4!v9cE}xdO>jnpyMDG8ym)+ z5F5=IBxdUL@lR6j!HCl^=a@34OoM0nU2rZhM7UyYWuD$i|78=U?oV6FC4dIq44zAk zQjszZdO$p{nQEmXWtwx&crF!7MaozQ*B^2iTYPk`4s~MJ`#;mZ-CVf`BQc1d!c1{1 zi!ymaKn6EUljoU{)hHF$%w~P9x_J`dUV58Tm%s{UixIf7o&w_a0880B48VkvxstzC z*VJVW-Oag-5(7O(%&C~VeQ<*oV3Y_bJQ6cY#y`ePCxvsn>YZeS;==xvm;nbe z)U8UHt+;_L`}9=tV|uFP9*mYkgvU;2S(MqFhuSk`>>?W^>MS&y=x?mH^VB z>8(=$qiGs4e1|=hW!1a~??~wLgrB1Hv5{d8#8_9(1_}iD66q*h(&`E?fA{j1r%O z?1aqcm?s?ShKK{}4e5)6x%7_eg1+aGJLGEn^D!6^Ux;4Hl=%q;fw!>!zN45U@waxK zlM)%3Oe$VSdJ5&f2=EeR{BS;uhhB%E)2!_tT!!;8qJm%PZ}c@`DLKyIElSYMt`}Sq zj*h{JbiWfq=2RLCgjNK7(S<19U9``g2-Z1z!n@5q813gy#3jnW_)`64+6-_Xd7fHt zN$=V&_`uL4^pxesy@kFbogCx07~*1&e?DQe$~_p(7oV)LOn9{_CsXZW`Ff|8uEd?!oBj^{d0e^BEWOu1BUn5XK8m0`9>DnF7bdLeiS)cb`|m%B9Mgrl!mZ z@qHC~BGVN>IcjUlcx2kaGKLY2y|(!bi65jGy?JDhz0{!0DP~Rqah51ULe8FPvvR3Q znPA!%|Ggl&ZW@X*NlFMR#Icfe9RPji$ZzHv(GxCJESgEm=s-sqYew!f>Q_wSCMm-Zz0GhGNY->d z0MK$3_ z@BDF1R>%R00^~=2%~BwfYe*hdP6(YF9q05?yfnuCpWRhvsZ^v43nz6b1A}M6tXnEl zW(*l}{SwMt5yH(_qp7(hk05nsk+>$Q)J$-SCtj*j2K#O)Wlk^EDZkoNT^!@%L)Zjy}dxn!1F zl=%*OJXfo^*Pf_qTaj-X7c;r>t8mfk_rJ+i1VcVUJ~v0s&m~c+QpTB~!h21|cZL)7 z1sfT%2o^TnOy{3;sYn^_u`&ydpp2B0X(<1zUI*6~Lx6mTE}kO=)hiXPGafa0V%I z2NZb(x)*p%A;s|#+C5OegFw9iJo5(Fkul{u42fyakt;KPJfF@K7culxc?6T?L@p@9 zW^)zxzGS0`P65z7;EPjC!L9sEYBxO>-S*gQp1uhX5cfev(|6*@BX^c}inPBJn0B!YBE}IF; zz>t&gk&omqk;~1@8$yL7b0}0u&szY7yh(@2#MhE)4x$`Sgns$#!dXzNQ6`{hg6L45 zfSurAhG>@W%uh2UWn8UdDg%u8*=|3-<=1N7%P_K-cfqNicF`J3Jy__J_6}lzb-Y-*v zK9}NBLYZ`c`T@mrNEgke-Tab4>+|Bfua`>mOGbOoYg*gc6!E$xf$Fk{$`1FWD~dyL z?Vzc7xCiEt$>_lzg0A>)x7%IE$`f}yBgm_Plt@5a4cmRzyp{=65|t^h7J&UocL~d~6O)DUd zp3TajVDL@nxHy4blcOYNeCYBh|K}|>;&k+fEF(!49o`ih+ znC`*oDD%ceKBNi6UP#gPj3PE8UiPB82j8jJ05|V#3)DRry{QR_g);3;8Kj|l?TbJ< zD1}53ba6eF7jeAgx7%QOl{j7sQWch0#PL!nn=X~sQVLQPmY2!#HjE{PRL=2IkgBk} zY>u}TOsi0-3d_smcv}EfiQ}apRbhE~9B(_2$~hk6kn%97A>zdx&;E8RB3@UpmPn8mKs`UOe*@Kn)r_tky-w?)1hcOD$RbopiW#SrA zY9rbLrW%lj)|{ze^wN+LGi@70ss_o!6XYx$5B)&MP1RGtjN{9ty;a&;l|Mg99XOBC zgir(s1#rSqvyD>qd@DVuoop}MQXD&bsLhNuaNqF+PAIP1>Qyda%_ z3`xF@T%g|H7Nola4UEWr2ToZRvSnGD5RJ#PKeLZXI?72 z#$v1fQ1%*q-hwM-B}F|0(u93aNtl1Aeh=jD;QTZqPC&L35=zQ=`^&p++IdY)i|VwB zs1$RzZPBX|m2x4`(C_EvlopR|BE{G?T-KwKgp@f0GbY})Fy&?Wr~&Dc_*aCaQ|rt7 zr1tMygSOtpgPuq31{B|74^7b-bD*bv^%SJM-!}@clA@jqi6O@!b0NS@u!p*Q5txc} zHlyX=H&3j4FuDqTp{brK`EgVSk^=)c#vbMvv93!=yrdMQrQf$P`|iQ$W4nKG(f+x> z19?Um?|T@s%#>_7_1aE0#s8Pa5eeasgFidY2~qFg2ppsol6vZiFt?P#X!m*Om^OPK~4 znQ)a6at4!*oYk(82r6-02Ub2LpX1I(aowBeMUZ^rq9h($_Nfj@)RQI?5H&T5sS=ek zAl;w>TS_4$$uH!6;wXY;H9S?zs*uz;6WsZLCz{cw%&i$U_d#$)J)|?`1@i;;puERFxoc;+cF@)uo5)_@k{uDxY|q1jHlL z#W0`muS&{`L^$}2C0qZjfQF8Pc4pVPIhZ4rXf`qZBHJlTF3iMH3$0c)! zebxnMVm(5ADG~y1lIK){6i`g0=I24imQsu6KpN z=pkAS4lqV90DS;Gj;Jq2FREn^pzgE_+Kdx=({4O!Vk<^D&h^BhX#Y&JEc9B#4R*b5* z@49xcbshHMm{tYX>i?>cgsgTFb)}+Kn}Q_j*aDtf6K_D=VSt?VC!VgTnOT+%shmA9 zL~pT!Dsk_q-hYH+M18~&14H$F^ZYue>5D9KnJ*DI9^2_hwjZvj#T8BarUvgnyt?~p@|9T0s32nClWnc)mU*F%gM0yb%( ztOcot)wPnf)lA4{OD*=`5$JvkJ?J~7q`C(e1iE0X-v;LcfF}_K$tN%aqYJCXS~mA$ zNY$x?K1)TxyH*in2gJipjzJ=J5>O#vlzWRnCT(5xc5`_#VvbjEWR^vxq3q)o^s`du z>aCU{#-xuL`cVNGu$?m`Ypv z!oYp|A5Xwgy{rwcIl&L)($YY`2qY+PQoJK>v1LU; z>Z@xP;_Wn`1~Du{`q;ig(EW*Gj^6tYQr<-QRKmYi(QK1cx>BCV+ktftMt}c4BhgVl zm8vNi%gTk6gBs$~g{AhsRMGk79$dtyWm`j|o306oRXYt7GM;+T%9CjCP^L-_l+6?D z$SfrC3|C0!DEsuNT1>BckOY5HibaVEsBgvy>PViZHKxs%dXTspQ7JiGA@KkcUul9V zNhubHVsdD1K+T6BkY6gMp*i}{Itf@EQn~Y5B}hWA8#+*D8X%Wf zGGq`b;K)5!Z^Z`G5OFa9DRM&x)wu_74@OsrL!1uqxf-NX-7hAbk5$ybqII(w7u5V4y$M{6#VgK$)qLpULPa2rYr8S}V*D#a=_@q6<>K0E zpuUyxtwyiyMeAFYXw`8&p^$wETu&%&Ujo;rg7?KUt>H_*`9{V9T#q_}UjeR19mcN! z*Q1W*SAgqL2lOkz^{AuzrR3fXh4$MBL#)mZpHO_iB3zF-$X^kz#~kUe2-jl{_g94L zF~|H%;M!2&zs-n;#WvS`T#q~YUp}tK9Re^P*W-=@n2+mm2LsH<^|&JfChZ$fCoEtF zt|t*2Fay_<2oRXkznX~>n6VLWAWmR)TpJA)*tpcO3a$;r3)}>*{CI(7xEcx?xCs%l zFlb-`*At2yScdDdh7U}gJ3N^fg4J+6zCeOCa6PJMf;DhGs*r-!a6P`bg4J+6zTkq@ za6P^Vg9%*gh8c{difsfMtbPvr1!4_mjY`E6=j!Y02?ZQX>R%g;I=BXD@^DquQ<@Gv zm|AZQm+H7S6o0U3Lal;pV?hX;2Uic*I*|wy^KRp@2&?-?ts9Oog=@nB2@As!CjDU7 zj7gaEOxtu+!s_%|H!xue*M>tAu7#^sbizzr8;eg^!%wft5QVADtN9>>)%ju5aSAsJ ztvarzgB5NZSH*ewgd!Fu_peQbE!>DCRh=I`q1c7VdDu_@!=&7?sSt+MajhH0Fvhcu zIEIB$42y8p4rQ2)Yg54ttMmCU9?vl2I4M6yTh03^UnrGI9DCl)*>6$2eB5e z?SwaM1XTTbxQ!TxP0_0&-*`fS4l{8*foO-BxSl}B!%SRHAnsu%uBL(?TJpyR!XMV> z8&4ntVkWL95C*Z7UXL^uVjjJk4~W?KVylnq2}DJ#g6lDcM$E*uh4_dK%*q<)M9lVA4pD8S-sxE@24#c!c=69(2n zR3mW_!IzATnCeG%n8XKOnuy}~MdLUo%0uZ#&7#)+Sgw$&8g3>r4Yw8x+apu#Ko7X# zJTS~F3O(7TXc~HudW+SJEoJ@4X5A0G*i>*R@qZ!X$Y-S18L8l<@-~I4BxZV%^T;M) z#Qhlk9~WY;j-T8EC|Oi+i0_1yBHvjQS-}(46i{KQx=q3XBk8RAxQLKRg$cwSa{rr* z*$Q!Y-G<=g1b=woC6gnm02-6ft4xVPj+9&72H=3vtEWN*4yn*s zPZ4xI?4z;(JY`hKu5L4Matvq>ykt>gH~x6+z(LW%$1WZcub`{v-}9GN}vQjrQP z#NN;YzhyW%fgK)r$~lLX6;d*h6f=IGU?7igT6<%7HmU-b9|V$U~Ox!1)tU zp(w)5IRlu3fG~!oZIu9|evf#Q_L2|G_Ztc`@>Fc9E63xh!jY17Y~qqvR&bsNUTRUH zEP7BCD%f?16(fTTH3ugrl+Xh&*;H5|mrf29OdcIh#J;>iAf_LqkL}(V`#m;m@3lKl zd#@c#Ke^#NfSw0B9mhk^2b~U{bfkj^1D%dXpxe2{uoFParQ>Ob3fZC4`86aQb)e^U zu#0?-Cm2!jg-<#GWbBSm7j!yeQGfH--v{5Het0+dbb5aEM=x%(^Vc1D_wnW5zWP_^ zt9j=uxAWBxov+@#-0cQa@s5}#HU4wR24CAZi`36HwbAj^wrq_deWCo=tpap=3y zBR(3feDU+CShfunOa$Z#CT_`*fyJn+^*6(=CHi(+T}^ z`tjtbP|=efXeuO}>Az6PbFF{irEo1&^ZN&dzW>`@4S5#<9(XBS3w3T(3o3jW=``7o zCnqCSykiCw733YW=+;$y6Kf-v%kuj%>M1lmrI|hsiWG9BYB%D5l94Lhh}%3tp5X3$ z8_W3D`fd!%xtwzk`Z}iLuOSj-xJ5JyMZ^hkh|jQ#sN5>X*ms2>x+7zrS;>q&;=~b* zR#F%qEk}~~8gxK!?XA-I^#;?}1G(jpDDjntW^NHg-tZ65i9ha?T7JGw_C|d6O<;F< zn+k8_45>z^%wbao*g4`9J8Tuu`CtW)(G`Q8fRZ`lGZd~KRjXE~DuDIj9I*g8HB4jo z;2rTXCsM2vM+{HITEC) zzb;sv_ffo&0;?}AC%AED_PHdmO_n%3Q5jhKu59_jt+QrD&7COlIosT_t-fXpz-BDm zCf00f5Y}I|)u(X**o=j{=9+B)XU4K^1Z>8_t+8g8fNiW4u32PZb&7 z%s!~etjstTace4h)+TF*PgZNznaL=Ra&3}3@fi9pm`ZCYyG_w+XbX2>&v*z(YEm=m#aWpo@)!496!L#{$8z$ueaM=5g1e2#nEKW0q-5FGLrFo>%44V0Cn&Mze1=TkgT=d~!*+%%kLMl9ZwwB8Q@q zaIiJeF;!*b=$2!`=Af&Wy}b%LQ=`f1-gL=4U?@dra-A1nCa!_bRQLta)w>tBd?hZm zt#6@ZUc_1nUHZOR##OVe!)p#*`X1MPcCzWMBCI2c)w>gNUznPCJ0LT!f@m%2J)a>8 z25Trr4?zpEd$aOM-$T%N;*vhb)6uKHRj1n}>drklp-83xlY6k7ZzlY8bUuFeIY1Q8 zkwW^fmD&a zAu7d}J~NRN`n^>NDxX2A4V9E7mX4uQvO4T<^@_hD9+Kt?@sDrKS{D)>rY24Ka3Chz z9icZHTKB1SB9YLF=Ecamc=c`nMA{UkkI%}{S=TEmgK@xu$|M2z;HMdq`zt4U&I4#i zFwv%1@KgWl^8E7q#f_@B2NtZpf?L07sWWKYAI8&DmpICytOk^v5L=BvQO45>PzvH`)qqkEr)q5|)#6t*F~N$$46O?#ukLIpRmI7b zWA&^9CCj**PnCjzJk_9-1-w}Y%2M5h6RaSrO#+ICZ;_7}8&EQ?m=iBz#))qM@vFlt ztUnE<>RL%c!9L~~dZ);Pi`eLNGc@bVnjyhQKL}=v+bPbeyFgmKp!IDq{M6onH z6vc(U2Lt)qW--K24)VEi0Ti*kNXUz^+=FZN+BUGPOqGd>^?N;|h|P$Xy=d-%4hamn zd2e%I?!oBIN>Fs<_A)5L(73&B14=>Q(gYNWpo{CVu!w^tzugQAtHHriP^z%7A`X^9 zw|=RyR#H%^u&_)H);NY3N>vV)f>MQrWpl6%VOgCjRajUa2ipjk8XPPIr3wqn<6xVD zQk8?rAoXETLj;RCnEmaBM6fzSegaA*5v-7dCD1idYApK%lu9C4HV11Q!k!%D@Z74%)Zj@S%BPfX(wHcz+f@1cq0im3k z>*Xave#u^F?D?^OpS;esDwO{?`1{*xLVg{uXI=ZXOd_j4G~Ue_H}wkl{K`Tp6Fat&3T09?AI>6(QV+Tav07Ai~ zSlogvGXz~v>^i#Y_0GU*9IF~A3`ytS{$wI#%EHstducGG!~=ITL=kX2jC>xu%umT4 z;6!=7!8wxNh(ZS-q3?Dm8RI&RG52632B{8JY6W^rr=+)L87I=cuj69o$aqTvkzr}b zcLRcJdBW9SD>_U^MT?7ee;X#g1y|-ugOp+%3IpsnepFun{jGg9ZHq(@Cm0^9py${ zdxd@!LV%I>3;_uJ0=Js-CZ$MBdbiuhT+Iwf(%f)SyZV%Bs74 z3ey+a?Nd;i+*eZYHomW z4O)D23%wA1+>8GC^9VpX4W)A)CtxI__sgBq^G03p9iaeymdtps)f$aP4)GcBP|JP~ z%oiQ1r`o?;qEo6p81h-y_!AFw=9_PnU#3ZfBVQ*DKJN95S9a&18~IiDv|F;w2*4ue zhzVX6JzaU1F zqK>KvV7@2%CV2ibv~h?%-oZYA?i~Aqh>+u3F&xBW08c=4@1)!MFYxu(KSAnafBN;; zQHBW^Q^c%yJoSlK?8FB?x-)Z4;l)01#B7t%djpDYF$q&~&(w6hgDlD;!Dp0&Qzewk z>8s~V7o7Ws5izs}i08@(=dvR+cq_Azh=-<&dqB^$C^?3%S=M?-{FfYXc!L0%OpwF7 z;8gTLhLg-2e%Tfy-mMy5%vgxJ;0jHY4DnGu0Ehc;4u0O5aUQVaUT=!|ER=b-%qr>W zWg_2ZJ@NXkibpDhC>L>vJ=SXVJsGM>kjPu?0SNxpe|G^?k~uL9O!5<~Ev=GG#OAR$ zMv~#%fy&k53Y|yZERuvWyhnCv1xC`D=$5++IQLd(5n{ewN(($NFQp)q3#)DETy0iA*Hv6LT>d))y~cfR9&1LH}_G&J$M|V!FA+VO`y6Nxk?` zv^OJn9Zq_o?;8dz9WpWZ)GBik3J}$o z2JmmP52i&(QK~_!S{0W!g_SP?3DCv2*bN1>^-O{4itmDiVzMRfu4s;-Z^T5f(@+^v z>?X5a&0EOCnmUp0A^Rj=m9r~;A+jDb(37D8)oBgrdyJUw$bCcf`VRUzZF8cVmhQTy zo;~%In65rjON{A^ZBbJ)L1fe&Jr116ElNCrz!A%t$&5(X@leTefRaZ`;_1HXo^_*v zqe*(FNhv!gcb=ZRmH0xb*?GmNEujx ziMCAaPY9jsxB|WwysRBiOqm(EGwhbn&|J+)*#Q=XSEcw?sH0~4D%cBdqU*ao>`y3U zoQ5)+nYFR?68xp7m|I6S+0om<7L3dAU=RGtpy(#zTB0 zR0AXMrYNGb`pFvRFi0%5OLgf{GI`9ht~uV3SboSz?|+FrkReA`7lk{5~2H zBA!ge!f`A-af(n+2n@aSwbx(0UCoS=8(gS%4YRKTb&XxF2b|wgsag=~Dt?1LBPZm@ zSOdlPF}VzrOx2$;Jw$u%xU1ht@JDN2C#K12vmyefriE^>;>1YyGHRiL=>g6siWJ%X zGcq7x$Y)sUp*9;gDz~jNCzb9+N=?Xtq;97sSLU@9N?EcY6*x`o?4vH5jrPQUe)UFj zQtpjEi4Wrpr%(b=KuLh8x6qxD4cc9``*z%FbyRPR3HR7Iky@V! zWjQutYRjtm&_R?-k)9(n{KqOF1(_sLh3c?IN~u@VK?&1#4PyQo#?HES8{c6M$zVOl z;3WP)@ZRkO=*+>=oZlhpNUS~5qcxVIP^I{4o9wGq1Z(Zq^#9adxX-|5_joiLxN5&FBX;N zQ;|asOc)bYrZDK+^%yq=LV-u7Q_(5oBDNcEAubVG?k$Fj6*Jwvk!GXzUO2?_z*}g| zUyB-%s~L10qK03qEmoAD_$|TtyVAI}fOD_)LYf1z(_ggoe~()Lm|ls0cjPhNv20&! z6ykxL;qp)Wr}*h03OsQP`raK}F!`HQ8IIM7fUa0PifRN2x5{I1aQNzVcDJ>0g|%!+ z{{ePhasexNk`f8j-mK&oX)u!lpANbc`AiwNJ)wPmj1Q&aHEW%$VzR5Y>m`pXl@s7U z4*vdj*BnoXnuS^}O_$PUXqHWEfHCz5QNk?j6DGSP|Apt+ zgVY=eyE4+#I2KSo>MhPby3=Rk3H2kBN5#lzz#;$g(1jBt@loq6R?FL2PwG zq0}Rz`oNNQh|H0=qa;MkM_#0|d@`TE5WVxK9Ut9wbgw(N7Si z-nRahF)V*u9;>BCtt<+p`*ff2NPK8*714*oaNKds9Jo(CI@BMo)?#|9g5~L(z!*)v z=+v6e!~#)gR$z=ga;KMy@wW+}GHJ`+>Z#lXKae{i2JHbBj`ha}lAj#Pg=h@Zj>=4v zimn40xI>b;m zhEZ7NOX*Eu4$8mbh;i{p%XIvpTm9X`3h$=hFa`qohWMkP<@|S-TV8%Q{e}xU97Cr1 z=8g;6&3kjX)%2TkUY;vkydTcTh}z7Xi|NtP^8@>0e`JX5Wghh^(k`76J4AYi$xpF7 zu5|Haf}POgUC{RdjIFTX&P*EXh{ZP7D9IzeQHklTW|KXE)LRwko%7-{d2(LN98qa0 zyMv3pB@D*PArX-idY(BDiPodsox#934s6Nz$vB~C$&p5;*4NTYEU+=4Wyn!Rg(DC^ zJ~ODIUUXZnLF@~mQ!&Y0&q@R}Y07R83Y0i0n|3H+%sQ90jFEy(`6g_w7|ica&h|k6 zr=jxJm}4Ic0kGRLqT0teuIbM^FX9Qi3z$mkr5UL*cd4QH@kA(m@{o^7q6INsx{=Ze zJ)xy&u}F3t`_h3XIzXI2?8(`^@ExtX`|j8z>67B3=Slw*%-Nn1)Z|j4$nc6dR(1`32?u9O7)ma)kOIxB^}Mc1pAoH zv>u<#L@iGpQAV=eMJlj&#E-y7Xx@|?ix*C@_V5u(Hj*&FO(y5XFW?<$-NAA!j!enIM zBk(`Pf8JPD6lvS%A(dy9Njxbly|%HQB7b4!^Np_tDbxJ1WtK<&giv{xEE@Sw(DOdY zytZcMMO7UqTzrffQrB<27oDrMeZ;$C#9=o%*2z))=J$WMb;iMew~xgij3_Uhf47hS z-L_EuyZy%>ZN-Cs68lkdH1rVfMV5BMjpfBgHMf5eBdYT2y?%A5Ng(y0fFcJoGZcGS zG?coe$q4w3GGc31r4Bh{8cy+&8ox*!lD1jpL!$1D=@gJTB3-wYk>b(CEb!nW*1So` zgHVQGhd|%+o`jxREo#Y~>JxQGI^FX-gnY2P#h9Zp-vu8}r2`gtF9r}pFJ3Kzy=d<& z!DT*0EJSZE+A0iE6=XzKHBLw7IKjBs$Qi16k=T=^YoqmJX2{7sJ)4biq5TV$8ATE# zJ5Z%=Ja&&v_gjw%MPTrLc>Vp=+3?ec;n~$*{O9Sn)*plZaQM^vt5fUI`Q`cb>9?Qy zSKkkppZ?UpI6c3TV?Ox)w13_2g1$bWqe!r7X?x7JUu%i7}HiFSdRwfkEfaQ^%4%7-1jt z6SG~7x}Yx)R>sIj6U@~|n5B-hF|+)Ph--vIVEO~bNGx><9WMQ>j9BH-prTD;3O-Q;5Y@<4mec_U?p zO;v1e&vJ(-jIyd<&p+l-zq8p~Nr%bjOGEg&d!Q888J^CBf^5byenqaB^0Deh4xcER zGFs*}cJ>qrl+TEm502DdqH7rGfnKJk=wcYeW2-ICZhFvkPrva)&x?jQ;^O7cE6+)Nim$}10dZe40QHS= ztqK~CD%-O}Oj6sk#C&4Ae*E*F|Lnr(@_D4I$W+bWVWHlnz185Dggn)W$P#az;pG^d zGbCPz_znsN_@MfBotfzj1V#VTCJj4p*)iwc|@m2~SFFL(R%j@W6G ziK(NGo|Ok9_z+AfbR{OSysim2IPC6s_w|aJ!(RxEyh-iEyhgQH5@h5-&cW;MXMynG zsQbAKzLO$>nj9pO>wM*WDdt`b>hA8&w*3$~Rm6cv~Z#ziH{Qx>MWUAQ%KWe%jcK5-Kc%iL-YVZE9 zmehOULTU)g5`mRBj7gI&?*q&O56fHMk&dOS=t>7oQ2`lC=L-l#R}Bl&Zvn_#t^X8b zrfCml7bV?2^$P1{liy(Ie2}vf3&~9|N7wQFZ%~?4qmJR4W6e(mUuwYsYi@cBZVy{92%C}7N>gfKq zIzp!n5N&k;NAp04I;{?vgudM9TO9+TC8RxV78jo@51_;j20%!?xM#W2V@rLjJD}r@ zi8{-_6q?O3@DwRpw<(H!=_&bKwpeoczvXJQZW|^1fBykhGOEq+&6_m;f4%?ung4I2 zya2IKonS*Rz;JN-&yJR+I_L6?d4dr=2K_<*6ZSnvAul@hC_x0~>+em}=v;GPk?Y_2Bld|mC>FZtZ zd#;miea(l@c9UnX*|&vANJ32!EJ4Z9CceM@9t=JReu$n2?<`pZK`vBOoC}hqtS^x@RP4!!CgEdOo8LLtVAN8 z94ME^2~Pd-E2$4_nOi+ zEPy2BBo9^6%Q8@9jT}^k?*+I|S@f=pY~N>-m_;N?4aupf{SXPxLEd|*$HXj9VH6!m zI{HQ|-eRHRmny`n`ls1&fGHG!6hDiO!U3U!)>}`FHCm0~bu(UcaF|VugS_lRR@TCV zT^vx?MPBZ^sZ~NkMa@!~eC^WcZ4iPJXb`1>H{WXWkTfF&A12McGwwRcx_$tQb+brx zGLoP-vB_i;DVobsSRT#UJbU^azuQG$P(-E6bALO}rWHerSc*2uBu?kn6nBe7QJl~y z9U=$Ealxg{R60Q4K&K2jl$x{l_u@XYeo5wAXdSq=n6xr66nnHTH#perRK3dWsMN5v zvY_&9IG$aiTb5mNBdn%7sPh=9X#L-TjLQ7t>mwtvEy};G9kIXMeh-rJ>Ndih-2899 z5oR*{pJgLlURQCeS=GaBci-8|w>6WxJ&USfP&eG=S~I6YlXuLR+U{r%Mh`U`*H=Lh z3-_x>Ob{)$pq1@D_oMvFmR6wqTe{ThRDWw1HlW;1GQp4zjR30d^4e>;_|b-87hF)v zwTc1zuzqXV&O5gI`BPTg(@=B+wUBKdqFPx^3#~Q^6^J!qaY7;Gh4J&z{?Y;E$rRjr z2Gd|fQm@^d#p)`XftQ;(P9`&w9J5J`6M~$-_Pw3HyX}vvJPg5BH~gQsZn$dK zS;=PggthzL;?KT6I?mE1w_H`p0Q*buo7;;;vcYLOW{HXmy%Y);RbL${kI!DVMWCMq zOW^PJq=#dgk^NGrtEss5VI3!6+td3*6gy6orEIO4fx|`c!1?F~2xKcf*(Wp1ufg%maEmf#PYh&fr zO~-qZ$aF+EnvB`gWGpio9Hq&W=zLWWWDKr1>HEW!qg`+JTd#A3uJBx@^CSLcP3bEv zFEr68g`8S&S2LxdDX{D9dfW2iY2FGXz$h$lsgzG9OnpAiwDbA;+Cj)%@A7mY0nshW z?Y1HNLqbO66P$;@{bhm!#D;K)F|6+cy1qsO;^QeN5;BcO=AP#zk$1p!SsJ0g?s~gI z6o4QXaC6pybl*el6TrxjO{2h(7s|cPvu78OQ7Iu4HiJBIMCW2kamYp+9Ky3rrcu>w zJbTts!%-<}tiI;fgM}IA^XBZAZTCO_*?soQe_#Le+4c3hgEn*ML0?eH&LNcsvd(RQ zd=^pL-PwQJ*#G4X{+s#!|BvSTKf626Uli>B@Si99|2;hSY5#||E>u=aAS$_NO@sp# zoJ1Z4o7^e6bY>8ePB4Q3k>$Kj=Vy*bq`5_O_Glb)_Em@2ZFW zC3@I5JuG!at$r1g!GP!Gp4h`O$G#OaQbs{H?-nFT>P+7rGbvmlI*AI&Uu+GzNU>EH z>6#vTEjqx4R%w;Th^uUT3GClnf|08b_CR_x)%jM(3A@r8j%Zi=G`Q&4{FSwLs-i2a zSU|NqOcP48qvRs0z=P;_Mk8=_Dr3PuD92GyQC~}6o=W5Go$#MkY!CbVX&w5gaC&fv zoR5(XF?Wt$ot?cqlbKIpJ*r%-I^a+OSjg6IVUf!ibFy)#zR^P^mgQbLAIr)5vwTlv zMj{mnG$D36RhfR*j+8sWb3p(RA%PTf(lMFqx0fo;M=7x`@*$Y)O1k~SG=bGLHDPahYuVskNq#P5Y;w)KsPa0b%MFJ3O`(!<*~t|v6XX{exAyCFpZMyZ zHu9fLJ9%gF-~Qh2^P>E>ySM!$|J}!P@A98zzmR#}RQxQ+fKwrUDB^?vWIl-S^Ng|7 za%@)ePdX;DG;*Z(hEsG10Rf|KZ_c-8q&A&o74pIz93s#3z|)`X!a72BWpR^R)>Pm` z2sbH9V5>c_+D%C^p^@Aj@^Df-veil3mQwBbqI_8-1l?!tuUH=BVNDIU&P&DmTQryT zG@v8GQ@cCXfDe)LzY2SeJ?6s-Koz4dG@c(xc}sG>;k|FT_@7fKTbw(qr@4NW>`3Jn zB>3eawlV#wrK5rdp8&a=8IsBAAcY}En*oUv0vW^)AfQ>E&Jz*^Bsraip{&KVfv3A* zF~(W(!jd#%f9>DH~;HcK|wD@%m7-isv!-4i%1t_+(_)U{iC0oXWljhk<& zg+qj6$heYw>s2nB{I8r>w;EKgn)(voQ%C3!ZQ8Ec7ML!~M-eRtg`Vab{(`0v{X@H@ z%h*M5d%4h^TyIvl42aN_WolAoP7pG`mT?x)dTD{IoZ<_bZv&NA^rxBD)mN>(ij747 zottl6qTYj2&1_}46|9reF+v)L%Kjk-p0|8B$g}aM4;H$QWwqV=aK4^3D@8PIl;5P$ z2y(;7*9n|e^9dNT5{i8{Av)0%1P{cj@M3$rr#k43*xKvoefRbA=g15xf28r-e{aHx#<$(g zkDmJLzwAF<_1hS@}k-h>C z{_mKo-W!PNoBgDb{qq#YyI872o{YtOWaw?N(Du-}U7M$s{;&MYZfXE%(Ep$By(pdk z?CtM7>Hqif-2eTLzpG?4NN{nnR!AhIHJM0>Lu_T7(m|;6bA+LNLFDN4L~k10KKdzh zeMPjY6|>QD>ARy&Ley9FOMN?Kg5&FN>R0i6;?z2guwa^l2(KoEJe1U9w`+@bOzqxD zlzIqWiES5cvP5Oj>zZ6{$_WXbq$WvEn&60=IO~DRzLTOko`fpzp6G=+?!f9i1j$sg zG)l>cl#V)H3dGsx92Y7dnE0#@^fkXQk~WL#4?s$jW421mkLBR7!K6F?KMN9DPkDo2iQ-LZCkVa`9S~vSP3>i-MpBKOD=73bo4So?MRv|quwtJjP_nb5l z60-8L5qv;MYZvpFAUMwy^lY*!wO|a|v*T1jaim<^M6%^-7NKocxc+^&wCi8V_YV?* zEOva7$hn!vk{a4^h&cytb1QtF6re4M*K+m6o|Vg^_s+3vkn58qbtgE&BRG*%2ijK1 zZQ!04ug?*uqlg3@QGpJr56P<_&lWKW7!_jd>YXz(%pyhGt(p8PQ!#Hnh2-9vnNZgT z(>%EX_8SRWYy*U+nI2_9s?nr0pSA|RSdm)Ls`gTltZIz;Ph^gApq(NjR1!sb6q*P& z->OZxtnKy=0=oOpcPQ^u~EYT6W*)ho9PUN@0% zfj5puAi`Eukt{cG2lI+b>Z(Omy;)J_mo_@fJktg9n!r>^)~?1_Wnh*Z&IF(wwiZ;; z_(GNKX-r8eIftam@)?@)H8h4QE1BF5qDB!tcF>x|a*d)!a8_p#qLaxqg;X0LDGE8! zA0w=DXnQ;+zQhKS3YVJoiWSwlhep2h^8A5r(zBXI74l@&`Nkh@THwgd`m0pd<&7(_c}ka zD>5U=mINfzSF3)BE?p%wm8p>m+|jyUkaT28>G(z_VooL`#Q{#SLYi^WlVE<=66T@Xj$I!Xob zyO-zQ{r_HlipAcd6Z>mxwmey@-K}h%=VnDzC?u#0+)axEqU5_7NfH_m!E}>p)e~r^6xrgdDdnbop^YaH={byD9pt4krU594FlSu?UorO^?&Jp| z|IQ?}gv22hg7CKva(;DgJ}7JuH=Ksy9Q`rHp_tb|h(9n`Pe@Dv9m=Po4bgLMuJds= zA@-?EW;K*%E6B_!4Zd`6gp%LNOF@8A?f-jwPyRpm z^4z=pZ`^+*RjF-r!M>@fFSk`{hnjPBzq#tzF<(Y(slb&4FOuuYLC$1u{#@kXQvl_n zSGgBGbNBdNEF)}49~sdbZAG+Pfb=~JcyHxdMI$;Rkyb0f&L;zh8)?G|z9EWeKFcEF zA=n1wi84(!4Oxqn#Jw~j zq&LAd>gAJyuIbUsb^)iQ>9Fr`XLyvkM3v<^oQs|Pil8x`i9yUrg2N(4x#0YE(8s&> zX3A4&Nq}kI7IHpIM(V0SP!9BAasN?*PPyKaTdS*r%M__TldZtTyySP3c~;2!ku72A zK6}*?OzHQ zis;KBqESFTEvmI{I$eLKq;aun5Y21N1n^)9N=TYeG9!Yr;Fu{)2oC1R2T?v~wI;K0 z8S+Tfa_!9pJJBk0ehnf=MXLzj=hIUZ zRRa549$Jwp=_n8Sx?KfR+Csz|9S9MO{}CDtJ0AK#!w|vo;gBXgm2qE4N)qJ|uGVKD zfyu7QIYBP?muB2j^jUsUBONK)3{ZljfK3eIBp5lJ$VJ~X77`rgL46n#h}e-bp;#h5 zpA1;Y^^hAtXV!}fF{dye(uf0$8Dgh!OqDh+=2wa~+V;e!17$mJicf>wQh*v!Wr%6` zE_zF@>W2MNZ3beT$&`5LWC&t@$|TuuA(_5ihVxJ=cSNoPSpjy6JCxTEIPReGa}S>MAKJ!oPpDdX0q^mu*QIXv$injCiV>4xFqw1&7?ZMom@~rDwG$In{fhd zrj)28LAQg@j)zW7I3+#Q8O6o5nITW`>5NNo-D!=UJd0S^f4FV{e8F%EY;zu4UJ)oA zV^v{Fwu<8>iZvLds)Ch+-u2KKtjKU~Ez$zI)QFFOaMc1XV^mF_;x;@czBD+gA#BJG z8#$IGJCrpn#+G%jQR*n~c4j|bH$6KzM2>?@GzrBL3a_(;Zdp~qL)FVZ>B1SiDyG*n zA9PXO3&m-z^8Ib(DO{PtieNMu{v^ey;$A;ZX~?}1Nq-{q9}+eZJCB_roIA)XY)=)b z$GWx6zSpU~Y8!?UqG>w`7l;y-V_4X_oXeLu#h?#{j9pG+G6rYL-LzTqDo6fh#A zo+^%M#1i@aW8~;T>%J@s8m0SHJ?qwO`E1NJWv%PEU(jIxIf?v|*PP1EW5tsw+>R#^ z9)u*w2SCwl^w3^wb=SJr_2q$6YsD8M09Mnb7K%0cbnrhwqocdwSUsxB;b(;yD0T(H zc-<(5VR=+;d2ZfU1i+Jl1*07G`WLV#q%2l7gj_)a%vM~AQX<|mQ8L}&qpiQyu z9EI^1qkgw5f4-egNJ4$o@1o6V9G6RdQPBW@b?R0#l;=LBB~D#efsDwfGwE({6o#*9 z3RX7f7>-X z1t6=hq~(;~*e2MjYd}*@xFxi}RsQ@vP_Y=d5EBZ;73FZ#ha;M*Xs1#-()*}VbXw@f za%)*uBUbIaS3a1EZB6Eq2Y#j6t39Y1C=ac*E~%|G%8GjSjgiV^G0xF-mezm%Q}b=hD`h#rC{DMQg;(^>(LhIc(pWK7N#FXl=i!OTAlx=EWsmkSMfjkJ1=%h z=l{?9Pv`&l@jO)gPdgOUxuh=ycfKnbo+3bB6v!?foAAs&sXmRf3S@x=7kk7Nn#yb~ z>I3u<4t^})UhbpqIi~`s6;E_jytGm^J9T)z#lyvw79NrUGb`6ppEk)Ka1fj;(k&b< z>D|vRBZFRibUr$E2s&FLZ>lR*fa;#rj^=CTwvX>=!~e5OTQ}PQ8umAafmj3oQm4Y7iir(BOy-djGRMx_xjqXQBG!cak^+z-5-^B z%++#KYh9Exu~%DyL?=`OcC6E~ji+cqnrS0(y(>iTS?3M(5=#S~Ofh0|)Rd`N=cEvG zrmq)!3Pzj|p9CPIK=`vrr3@BNk+=W4H;Z?u>Q$D6`TY^^IF!UVo)EK$-OBIq;;W}5eY<^xU)T$v7vlca} zW%rHI7j?H88Z0Y<@_p%s@8cF%+U)=GOzh6?f9`FU^MCC;>3{e0-2477gSpX2<{pGl zN-0All4iah%0gPtyd*&?WABKhYDF)$gXyGK>Mhi9^~;v`rD__sHsM5j{Z{uG+Ph${ zqS)Ou3&;SJsmvzjcg7PWb7IGQ- zowG=A@k8e`*l;~jLdJl*7W?!UG{BtfKSwTP1t@NX-%n{6AQH{c3@6gHMf#g!c@3{| zA`3{7v#4igGIx!Yy?JU1pe%bZd;y>6IHa((aPbGE2ovhB8n9IZ&fAVLCqI;`!rtf> zqlg#Vu$A*#Xj$O!x)Pg6p8R>JTcIDr&+HJe7D|n)W|~Rja7d+gbvc8LGq=!B!gx>0 zUrQ~q65!10D@LQdMywh1oc#Gf_0b1xXz9Db@8ZLH;her8W@IguTzD-wZiUA~EN|f@ zWJZa+m?v0gqRyJw5N&+JHQk%c+gn2Gtz zTz%G+xbI$HqXlOh^0-Um(DKO29e5#@sFLbL0hSPW0EZ}Ik*i9#A-Q^=pn@y!C7Jj0 zbO;W-%Ti*ly`lrS8a_D3nQsZ1k%W_<#LI(2q<*SWc`CDu7AN^;{z=t>ZC-7&$f4jp z?vvIGS6Cd=hxlmpyebB(%v1L2Lc*c3;TEmC5>QT zRVZ>YjpYmCW4yDsFQ)A4&|aRN+dggdzbl-GWqM;3u<`t_UpoJL(SPxz|J}!P@A}^d zNlXY2*fdoMpA!~_z`F5h5tBA_sLEg9(Sp=1XN;wbcyc8)`^*eN;ANIjeeujeRtmqa zO1D$YM=utpY;-@4)n?eV( zQUzXLABZ=i%=LA53n>{hGP!SMK!53M7|u~b#4t&u?lRyRqd^(lD$jll$^OAhpF}g7 zut;8FSRP zAu=gN{z7t0AgIl*bL+OIJkx-vT)eJys|R2kjoo(h zE(E5F7R3}VQDrdY+A79b&<7j^PqalKTLW6v#H*E?4Q08x*W9go(%VmlhSOpeY};`C zjOc+azI=fzc4HJ$k{ z|0aI$f7WMN{cnO3ii5#YroaaM@5PJV-J<@tz4N61-OKZE`rjKtNiV-&x%Q_i^wH>k zdZ4wMAKWFpoz|z@xEr0X0;Nl7e7e2@ho|ZI#!6oSR<+896Msxo;-}N3@)Wh$A**;1 z(li~{tBwUYVxtumYShLv#?l(qF|j^5xmGLSi0xOq8Cfu<>UCrNX7zP({WB7W)CUr& z8&0`I8R{cdiHoyTs}|=9)~m*fMqDw)E7p#4J;;v+I%yNiO#+>i2(C&)&R=bU(-7d> zg+6r47o1jYgwU8SBYCA}h~j-Kd-yVeu+4oOYb`hnkWjOz>Zz}ydA=!-pNQTGWyd<|BjHn!;ZO>6=R?AL93Q-fGy-fwDqtATP` z+nWOW$Zc<}Ei`o!^j%tLR;=gLj-km+V=br~m}&0RB)Ui?`Ff}3_I6P{Wp{5EeP{zu z!?U#g58_@gcM-J7|7-tw(f?~_Z~y83=e;}+X#bm^|DV^ZH~i(|vOm1p4+eRso?p!E$Ua-8!~S(P5x z(@PTIlb_ea*qR#mywzEnR<-dr_xUCo76ARaZA>tP*0X(6`%)#0+gg_Z=p(l+wKihZ zi*9#m!nm8|b!*FoTvuPYKUcLF{ngE8dlRAIhIi%1b<<~A`%hNBy%DIv|EvF^WdGUS zf4cv7KhMM2e@-PO-GvdzBGN}=3Cj9ZZw|`J+|DLswRJa!p=ty#WgW6W+%gPI1*A$7 zkQZ81B*?KjVh#rar(>}3rK3yHJU4BV}GVe!ZwlcC{e;&VWJ z8W58dl!%Ur9Z@BVQ~g}D=aq?V%892l+~tC>Uy`}YhOYj$XkV*Ix9cGYB`b2g&3QW9qQ&~KMyf|G@Vrp{gRhF{avB*POtR>K5Bh3!8)ta)7T)$bIQ>!o4Hl%KTI1BXY+BTL2ykb+8HN+(; z=4M8#1%Pg8xw0qgahtESv7;msE;$7?V&xqgLsqLEv>wr&aF49$&*nh1nS+3=Twa2T{aO!ga6hT z|KHB@C;RVxJgc$)-pBxaCP?XSuK!9ZeKfXT=uW-a7e3$4;wxLY8)I(?neEK7vRXTf zY^}px4#*{$b1#On1wfE;0w?reBv6Tt8i83=yqQjp1j(=JZP+@4@@D4z205?_<8Z2+ zD7uZc$`!~Tl|$2}!8&t$tz6y453Fb`uJ!^eI|&Aq+s4PGP-RSr%}BC~wnk5`mp^lI zG)>3L&!-~c<~~k2IbEuokHVU7rK-#@bQ@2?9JcE%sAlY<|GH@<_vKA?mj79S+7|fE z*(K|3+j$mT+wjtUa(3%qzu~&c3?&)tqP@C$Q&`UUR1M>nnwbRpC{0ds$CJrJwIU`* z-x||kkx?7x9qL#slS1mZ{rYK^b?iA?jCz@!(wxEozM=mBaf54&aw*Sg1}@hm+Eg+F z`r9GuKkv4liAu5K7W7{U&oXw|JCA1S`R!|S37M-a_d=&e_7V-KJg_(1JBqzsEPl{o zUGw&e73AHp7#~^-d$?y={ome~+FAh`^#A8Cc8mJ|?u*^0`+xWHJe>cRQinwuQ1l0+ ztm{kJ9m>PPK4#Hyds{G<&7#O>vOL2pr%u;5&J0RKa<{jYm|W9Zf3>akO>1pLzB)-y z=DDuKP1O*}Ij;-TfMRR2*Q2a9a$Jm69`lrGNd$TwjT9&vSrQ85NzUDN%#^(vdrBr& z)Y?<3+vR9PB9h>g1ikjxELGb7ruJnqH8$0m0H?URiF&_>7IJ;IRml|Lp0SSQ6sBhC zkvX*sM3m96XC}Hk((c$E(!^7t?^lgWHG`RG?1aU%%aS%oubY1rkVM(6<2q;Qi{}iV3v)_ zacsMj=VZ!HS6{-k-jq+fXQgxQ^%*udM#XYaTUoBih@{8UBq32|RCJu8;RZ*6;T(!% z6znIur8=xZr3>~dn!U$~?Ic;#jZB9@7n!>3%OaAr4?ad8Bkhg&4gVNbXgacS*>f>- z3IkrZ#?dQp0g&J~zTq2Xwq_DE;~+pAt}DbMp>7?ni{gq4h+g0*@PrnYkw!NA);o>B z5+-h|*VM}Y-k5|FI*M3AZYyIp$p71WI|cc_zrVY;^CbV@$Fqh`aVmHW7gQu&m{}PV~_d09nVoW*W(>P{H$`K!vFa&QEG{LDqrqO5%B_zZtov95kdyk`_ zvxXuvlK#z`(x{;PNYVf7dgxsg&Jl~CrsxuiNrFNe5wGLDJpc7vY)_pvbPNQF-XEW% zfF``-jcD3~e`WVO-r!$J5B}9J#-pD2NB`ursFwj6VE=L&gVw@3&pdt=cb<6zeA#*C zrIWbx?EiJv(0iOvHs$E#05~&t4t9 zeDlhi1h;Ra;r`d&i~ftk`rq5ze$xN%AsbO24M=)L zNMt%9>v^5d+8Vle{g;<#oz8E+{U&7MPC#N31tjt*QF6D~6%Q0V*rAmX^Z@O6pS(}n zUxsm-vSfaMm`@LSy@ZS?Pm{UZ_X6f$lEkB|H<0bi=0%gxuFoRQLedeVK&JgUn#MxV zG{vBMIHvD)^Rs^El19M+5-K{t!4V#j#OrkOvzluF82>LnO$P+W zG0&h~syALhW<5zc0f|F4p9twrNShKo{A5D}1bQst(+K(Dl&2&S6!e<0OVQnwi53x? zCJ4vIc?wF$24nw)E|NL=MVi3SQC1Ee;}nN%l=V=Nis!RQk3=a+;)HV2-2$;Ldx1zm z0RS5s>aKt*N&Pe-py+d&65i>!NFXMONJ=>Bd;S0Xw&Ti??s_}k_P4T*&_Ib8Ec`r= ziBEBeXcSLV#QiauVED3zP9}In&KOHGYSoKC5LP;m$pPY^aCHz02=@~TTGs)32`dEY z;+8r|1yG@3h0GUPR|g^T2~XmX93Zo$?FNP#n4aZ8zE9?R4U47@o3_`i*@BWDn;EOYoYTk^b0Xb7VC$?z>pPZPpPly1oW$di7abqFU3o_7$UDUtSv z#XZ&Pb2vv_cRG?l1ZA4;t9H<4cE<;E!zp;z>vRG#m|Ex_$iu)AYUEhp;Drv+oK4Xc zn}z`j=_L_gI3b99N)wD|G-Sy{E(f_IaC?&EF`=OCqX^N6r#SM70yZEAoi#(2HpQ*w zSbm;f)&%}*W`7M?(~s<#=&T_*bk!rpao5nP;P*Twkx#OfrH+6b@ubg9WqBd)YFM6) z1cAp+ho>yTBXS&K&YNiS?_0zv?33!Mx#?K!Tqh3sbD!Y1W7 zYI6uE7yaZYn8QXXw-vG7(P)(GvEw?O4)%S*`5P9HrtTg=Ni<F7Ny8{@`ovOBwmkg+0)LfWb3 zCo(sv6u5)|i;hhNr}`jN=PTvmi8zTk1!Wl4B1FBhWf>YFtUA7hIGYfZ(h1=Lz!i>Q zQI14yDZeDr6(MGv(*X@>I+x9Ygfk{I;YDl+8A#9WTE@wH3Rm#nb=_*gRbl1kQY%6s z9*|J&P&kg;SCv!vF2;XMiIIM@+4%e!nJX3A(E9}q_Mel;He^7n5 zuy`twZ}O7N7q)n5*`(VxsBT(iE{)gMfWOX~eP97-Ev%^g;%{0_=)HY(sTSDVcNeeD zz4TL>)5dObG`ziizlX!y{Tmz)w~cn&Dr*mNxie1M7OB z|0+Nf?DF+z3mvoS$fuYkDYC#Eu5Stj)=xvItk3FP;BztdiMd6b(E@TA`kk{#bnnpl z44IcaiwdtD!QL<@`_GXZbURfj=-&theH#V+)u5n%2Po(lQJ`%eKgXj42SQQ-7IMK* z-`n=KJDp$NMd&S?k;#B0sK2{~cD8r6x1Tgb(Ll>lRo^!+i8MubbV zgfzN{@0m$Mtuas#QYM%JOJbJbR0^>H9S#Xh%aGu7ng~!qK;YC>4s};bPyj`&LnZQp z@x?TyMu2F_NjMZr6;1*rR~VGNdiUB>T=~Nor>5^$Bq4|@+Y?a-zC}FzSEu8m(}c{x zj;>yEi4V%{0Z%zWzvU&8-_WMw8i0qv91U1HmX&s3e7hR?79cUT(o6^A&%@j)!<5z) z#G-KC_0TUrl7uX_bZQHypaC3HH7FO@dKc7QA4h_y0yJTOqfFVw12&cG%Ieo|^2prl zxaenr1t|t8gX(XkKFxN$T(^e!kKURp?Ly~VMdl5?5e;7CsY&#MqgblHTG)ODh=uL` z8623PG3IC>gm;z%L=ZF%<1rqPl=`ruK*Alf2^*1!h?&2_b14Ul9bin1UCc7#DH=N# z#2S!9+3Mg>YN}VeTqx8~lAx{=Wol58vn)%BCDAZp6NJUkBrURt=sigrCDqE=0(g8Z zREB6HMMJ^5a5P7h^C{u&o0KxTT1SddxlbaTP$n3J;Mr=Xl+nem9WcU0^O|Mp^@yXn zn8>Uf*(g9yC@eO6XmZhrZu3R`&LczZB?%dlL^G;i*l{z~;|KYQE{ui;0?dJV7JF0Mirct0=*^grEkBJ7eh4ihX9d8?L ziUN-MI9Uh2^~z+9C~!0C`Wby!IvZC9G#<+a|eBYbbfNa z)%kF8@#DLnFVKghv$LbO7bmaI(YrHr{O;|`lZ%sgZ_m-YAJEa;f1saE-oD&Igi4d% zC&4Dc zVQyr3R8em|NM&qo0PMZ%dfPa%DB8dM6gW!vjy>CyWXDN*^zB|}t7RwgYG1T0C%tCR z%;!KPB%w_aYyh;QN#_mDBb|3TuW&xxNPss{7duH${LOT1609l|3WY+Ust^;#rxdZ@ z!_Hs^DQ_>}Jp69EKizJ(`{L+G{@d+#^Zy=pUp)Kn;OOYZ^TVU(&tD#X*FAW4bnxsu z(A_c}r9TPdkbc+Q7+1b?U&#-QBEliZBx1cC0DQ>Nl+Z;F977Jrkf9v_@ElGN>w!OZ z006)P5uBqQAk1Sk6o&GlZqx$-@oy1rW6~L89>F>8n0CE`11~^h3?uL0z@yKO9B4)k zJ@g?alq0$fY~h1mw|(%eeQ4u2cwUO*_oXyvEqe#g+ehuL4Yj)iK!|-5F~O964E-7M z4%^)w7~^+{GEAZ#xI5f|ah(3CpzH)FMp1wwA0yV=F?9K4J}1!*02IZ9VJ`VkeBA4F zD4Jr%>B2i`7pU~bd}TWTa5$BN=K=l3OCjDF0uI|B+8=fT#C(clE*}k5CrAHv26pxD zY!6@tU<62vBEU#OeFVt(H{^4VqEN~S3_+k}1KdXBUZ9x}3MdLO9ODr41%Oc?8vz_~ zG^Lm?+Mqu;Jr;z;A%+p(2bcqv#A582_#WYD1a8rS?StP4j@Z7S9;17<4>-lsDWXh* zWt>nHfS3{=1qns0y)z?%i!;t+*6SGVw0$z)!M^Bd$(s&j3~|CP=$+!Gqe@v|f<`(wvT8MNa8^^T%A#J=R;jtBfOVM4^`5Jw#1 z2vJKK-ksk=iuS>2Lgs|($a>MLWK;V_Oz{j%fr)s5hnh8VTkz!E!67^I7be-_Lt!A z|16_en9*>G1|eiAwIlnPFzJUvjWdoS4&IS4nWJ5{XAs!{G+V4)liXkxkY)|qFyXWG z?;&JN*wi5XMPL_0+cHgB00wg$i7}^O*9Z;+?@Ix_-)lyIfF=e52o_4D5cmn>WUdf# z0(^=fM@5w8)2686%04zk7_Zp3bdy%>Tl%U7ooUk)9r}P7$I(>DokB_`z&tjhucxh) zu5AD5QzZ2Z3|Wy97xMePb~Az$!e7vWwWa77zW;(2DRsAK0dTYpB5Sa{-)n=*C|n4b z0l1%`2)u8^#P?z|&JbU{!$OuGt-m>BpP{?f?)uSsU5;~WotOWJc0KK@%Bwi7bH$HQ zMb@LZ*vd?3>yb->^&;!1K@UJ)tgYsXgsOMtoJyP24Kzda4*RGry+qavd%$!XAlf)1 zR`qeJ(RNf7VrG*h zzOtH1JQ)x%uIa}kPKEq(B9ICZ4HuaWrS@!XXNf^q7jiY%SN(C=1F5_{M3lBxo zHj_B^1Q|B6932K=2`%DPV>$$yJggil?HxNNf>@hj1N8!^Hv*E=v}e9-hs1}W1rdGV z6dt2EBn!|N_Lf?iIEC7|$wWT_)!-iUnZur4BrHp@-IOL<+7-z%3$!$~tZqm?oWU^) z8R!QA2-UBg02qc6gTjacK#_LW$xc}x_Q1za1(^NJXD5T2>f`98HptAuga~t6C%K_|IDC#ODSVjwU$5eBo*%dkL#jOg}3(jonsldNNf6D4Jyc=2tP|#Evr9 zD?n0isv@XT9)9ix@P!E(N2(TGR!az(nJ?YhPne+;p?QrS> z%=rpSjuGTJl{pE^pQjlQq1j#=nqan}ReVvekI@7sp;FsV`{6xYu&09lZ16DyPlb|Z z{OLYGA(Neu%}*y6gbyiVDB@2QI7jAh(*>uENhcsa>j>+{nZxaDs%B%@12!&&>M~YmXyF1d(?{(D5Q|cN`>y=~W^CsP<6=POFiIp0wR;PUY|2G9 zhCXUH>llaZmUU9EiWif>OZ8Dl^h9;eiz&W?9C>EsI|}~E2RM&IqyOV|92RkzuVSRe ziqiy%VO@{}+)H5$@vYpoGKBO3j-v^obGeiO5`mCR(~*$UY!-wkPe4E6Ghx~*TQujV za#&S%QkJUe+S9Tp3~^yndwhmGN(lFiDejTTn_$YgN0Xwa-2kJM0f7>F#>RhCTyl2g z5bl_*OQv$vrbn*Q=Ct`OLlpEG!_x@Bbk8D3zRLI02A6z>=sjj=A5b(GIv4srVwv?Y z4uw)O{uRvRcdnUW6VQ`lRwQ*z=TsY0yj>&b^VX{#zc)gqEd zwjK{lP?h(6TTZxkm0xu~?~L4+Hv0Q2j=WE2CD#2G&0{PlXcB`7C37`N6=`j7Eev2q z=3Jgiz>pDRBs0m>TeJZ0!vMyqZhbG-#7*eQ6QfpD%zzJ> zUQu@{oF=((cu3!4(ZRIDom5TRw%vqVB<+D*dTUU)Q*?(FU14c7nh~^}Qm>fvw#qMN zJ-5LX*8=m^D;y#Q&Pft+$9*Zi6%+XqM~ovF2-YP`FbqZjMR%BzXpSNd?jXft)>sRN z1KqNs3=!0yVUB#BP-HXPdA|FeaToSeDeD3z#IMTV({kb^5XLC$QxXqpPyc*Gc7*^J3&vTI{UMpd$1V9$g8_*m<)BioO8reprXH42rZn?gilsdyQ>n4aU>#%TSA!!7 zXR82=r;>Z3BLb59rT9weNg0`-nu-l4ikLgTd0+#`q4-)dNdK-N={ALLRUgiAbdDH< zQ=!S#FOrH7-JwwKcxRBJ%sDM>(h??};Rp>Wn&1!M+PMCOSW8$qLLgQzcLU`@5$aQD z1BUos8N6#eNB<%b0_iWtv=tD=3}+n9W2W|e0p>zhElJ7zv92^Y&)t#DUS(`G5e9ia zXX>HA#vVYF5~?s{Y|)Ucu9@QpX+IX08O;!BO6FYI@&g^iESesl46jZG{p*us)jXjg zIMs?-tO9q+Q3Jsw5ewBmh?V0|m@H5A7x<}JtMkYiqIZab(;BRCs0&I=9qaVw~CS)X;w`Lotx=%d?6YM zGrZ8HWa0va@metRj2D~3a8%24jb(yEVG^u^=au}lX1+Safb2I;z#MXa2H;feX?afAozW?Ws!;2_vKmD7 zL~nrPdzaO3qnrzzC&|U{3Vb9$cS|0E&FNh;=`9#CN^2Q$VHL(f~DTHteyz z7$`lY|4=i={2_(k`XjzK-?+o;JXOPE9!a+9KX|COkTu7ZW+hO{`R&!2nzE7PuaXU+ z3e^bxo&B@d=?EL_?>*7Ie|8l8@7v&Xk~)(1(?emxXNW4ung2WQ6w&tn)hhPBkS$M= zF3kLNA4zfUbU%Y}3^_c;&Q4wC3BlKmZVNS(vPm;}3QPnvKf z;UL6wY)Wocp7*iWQ0K3w0MHs{5aG{4a+ehf#7u!>4 z!23>s?mBEXmlOK^i=*@Rb;kk5lxB22!iaM`h6#bqc z#brK2a{z7rt>CNrYx{*-x8{h?NWh$>%k52hhiRDhR{UbdSvpvq&R?NBqJ2qcm}OB! z8GvGZp~aOU#dAm(xsaY%J#}Zge%LOYd+8V1x!Nw8nuq&f4w;Ns2@wp$zwLHARiHYz zR5dL{<|v>t!euC*+e&Ul0FHh`z7DM$$oJ_R%3rO_u1KbmNn13>!g z(l@f5d{S&PU!N6Dv z0XI^ZQ}F|LvrsKPqN2}H%6YYZc*S(D4Bcm7|D}nrYF`=8Q-EQ^D;n!#*A$x z%vdTFC(c*vONYVUKuk&rT`CO)LbI-&MwkcVrTSo#C?gd+CZo?JG7r*eG8YSEnh7SK z=QFWPpVeCxmTHF@D#}%8l?^h>NuX0!61$&+o00k}429L61@!6gj?k=!#ywX!zBp)zpV8VG8|qDcfG2Qu0Tj0xf9V{N)C z<6V7{{tdunl1k7k!1hnmAQa7Hm)K1M#CC12v#Ye$7eIXV{<@L~69}09P znsQA8J|&EqHqN20bfBm`NUqfkPiFw$K^*FWHX8QdNTNVTNG;K606i}DB~lfBr993j6xI1RJvelcBI>SYfr3ERr6LlY#naO_0{30JYFKa7PtQUjW8Fl zX9&n&vd9D#W~*^(*QJA_32=F8buDF(t`1ygDoc13epdjjPNcKL!d++VQFs#Fy@QnL zv?4j4YVj$f%!hkDdyrOSY3xxk73Bn`M-1 zm#b;Ao2XzCc?P47{k_xwesikUcjzy%eRV(Rm78=ZOWxA|S_717|3jz%u$sua zA2)%&RA^TR*+6Vp2ij0@R|nisbV~rsJOKOYO2Yg6(PdXF=u*kG->oON4)oQe*8X%k z?4=UB8n_11x*EWSlDZnuhEiGps;uqwS*6LnxqdyUkWpRowW*LQTj|VM`3KrT zeu&->a?8q`e+2~~H%;nn8Rh)tV>BTYiJdB(h%Kw8JzMK-WEo8**i4NCbGE2#T6r+v z(3Z85gncrP6PYcm3ompkmInR0t?O>D5K7VnJ^)o+C#DnhK40|9pjtRwlA$C9< zec;>Jr!WmuK0+UO`Dn*dsmX>KcVSgDwD~q|%fU?8Yf6$BsQ;cGr)-Xim0+6xtjc`Q z(1hmg9;CZPJrzG6`_lGHn3$=JM(nHvOOvRt5|rhCEUu=XtO2lMpf&+{K_VI5J3<^d z4>klY-KRr}?{J8w=!E%D)&G`=Dqn7hlp$Xz&mkof9HKT~#3~@Q?D>YMd>AY5E=H^! zP!dZ-#i!+HR6s!~n*#u1%!?4e zC-fFa(+&&*4@I0}B#)+r`as943I@+rISsxxlowwLMW1UO@UPi z#ps%1ydl`NQoA(pJ)01Xq%6wKrsZ@vD9|CEZH0!@;h+w`E>Lw2V?ZW$xvC&d$*@Wj z)nW^?>Q$w#O}m1X^?SZgmN=z;%v|NFiZ$|Vd0(WE)^#EUQ-{bVUt`PH<5~@6zBE@A z-ifLLC9BKu3a$aDTY*?MbIT8;qoEt6dC$evRz@aVop#P34c<3f_Om(d&rp!aS~=)W z9j$kuEc+qnazp~ud4eO3sQlZ|Hx>vV40VUJ(w9Z%K3F0_3ic@3B#MX%imFvQO zy&~M#K@e4AS*VsGj~Ow4Du*LolJz&0%as5;LLu@wq2MAFg4*?dWsX|@7pYH}L@1bQ zYZOC9C9RxY8-~C_O!-mSbj~gdE2q z@={FMZpxvpvIiW|IgX^9zNXMeL+AJ;Jw_?FzaoSJRk=Y!L0~F?$O^+NPOYLSb)Hzn zd1T^>Ngdsly-nf(ax~%;ax`5OtPW#G*}EpD8%yh;2~bL8mC3jA=`!fLF;Fma-f}B@ zWL;kRB;o>x5DW`%=ZQk->E7Wi$j0qW&oYdz?2aklhyA2dL(7O2mA7}UQtL{JYO1i7 z5UY4J7z9|~U3X`H*u)=gXAp=D14@^l|OO}~BmPlGduuvU_XBpAiWua;!fU^TJTU)3JWnezU{WQv_!@%|FA z*Eax2y=)bdA8D9c1?M(wx=hsRa0%3=mlC+?3)b}lg_2Gt4qaHt>S9b8V;vKQ+!%F# zMhMea9*hycM<@dS>shzk?Rw7+U%q(xA4^CVmT;jURf;xe>l#?i_xvR;T>Y%`MDSSd zZSt&1X)0q+<^I$3$Tx!qMly>IWDn$?Ll-WZAsB>+F*87{EO{gSv?o8biL_oVC22(` zr~b^zwJEp)>+p#c`ezuz$d}zdBQOAC{Wmxrs#4^c;L9?3XVy3G(<~UIN|M+w-A_4@ zH@i}y07)cmvn`5<0WA~IJktf6F>Y5Ij0O6jKwhhacU@!M92u%?P8|SnI#hlkdS_IP z=~@HhT1K6CRw=m5$ddLNhIp zL2H1TA;vI?QlHgG{p~ujtff$Yw=XlE#t5{8#%l?k*&0Y0JRPQU>vUp0l$Y@_zn zN>8CQcqY5agR1mybABYZ(nk%Y%{_%xcB0jw%2u?RkIFv>zjHd>W> zF?=_0W^N${U<8`oTHV26;;WSCYAbzMnaUB}E{ z*$M>!W(lCu;ar(@lE1dZk+BqKX$_|aM6+a^lFX8^(k?`0=~~otqEG=&3{YL+6-OXI zcXo1?3iK29;qaZ5Q{w~6n}|BDbgbxa#AD}@O)+%(hD~5yu~{KoswbA_4bTKfDA;!{ z-c+u*|7Ab=59=F!+Cjn9;*H`h+;z54goS{;7d-kzWryjUM zF!+^XjxHm=i87Fdq->$NQj6(IZn5knwc~3yqwQlKZt&fT_Nt0M~Oo+Wk!#M7N`9fH? z?%M1eHZALznE1-lG_lxX_@z2f8vz@3)>uNXsvIQGal{tQq|Mr8|8_~f7=FHvx}Mg> zvh8-U@O(vetBiQb?He%23YR;zh*S=QtVYB_c!$c05Q)#LvDrn-tvcy-?69JZvv2d+ z0uGYqHC~FyzLk5)vvNBb)ETEAJBPZmKU+$qF6-IyRO(8qwv|uafUJs)YKOGPOsjSf ze*wAG84JJm>}rRzYo}P3@uMl4ZDm^5px7YYx(4b-IoCCCH%`2+f&Hh?zRuYcYo}nZ zCeaU-iCu?elXUDlxSQo<*FoMqF}n`>pFca>>HV51+N;U+Lu6`KBUnFOyBg*uIos7x zH%;8GhWw|`-ga%s$4}ud!T;EK+$AJDUNU#iI9Qg^U7{}@G^g9%cRyZMcWzx-GqrnF zn_<%o?~U;_PV}zC^yf+Sc6ha6zV|X%f9j;~oReUyncvM|ubTe70@Rgqz*m5~W+Heq z3=feF-VF2hQo@_z`<55JMqaqX+KS}xYytT4)58n>*-nml88@0{i5E!v9I4{2<+ozK zcx~@1GR9r6ZL^3iqFMzBQ7_mtn3;BQKz@%#LRZZrNy>RaWSZoiZ^+mUGtV888>XK>j3}&~fS&8Zw=DGav(Q~rW35#5 zded-eGP--P@YQCdyE3_ITDoh)eKm>cPN$b-r)OPkmY-e+yD~|=9Lb+KO}!X<^kbb$O<*r)#IjieeKnu{3|aJ*z1t|2-pQr^8Tz+LY&)gRCF72)HpNQwrx9 z9LzvOIDmjfFlIBtfxr_;kF^k;dq{)M82Y#37eJ9u?hsvovFxJ+v!SzH^wj%}j9F(# z0d;EwXhbjttI2-L^mBh`z!RW-}DjkWul4a^;r4TTTW=vIk3L(rKs8x$GxBa2e?gHG@wf z%FYg+va(cx6;6U1Cks4bh)cIo{*82zK+lfJuAj22M*rvgya|GeM1XCguyX<$43`sS zzAjz_gUcvf2oSGuh}eR0GzX{5jg|+PGZaqb5^lRySHxDCdT`1B<{&1FVY$W-fYi&B z!Ri@NkM#K&ems!3!hPh2QVU8qc6XqLX9 zGOLRs}qXF6oL4z**VN|aPE+`Q&Q@IiA{A8w|5oz56X9X3n<_WbnM zRy@5CW)TcS;CX(CU<5o5PdsU)GvF!L`W=Q|ES4(iWu{`*d*1H};mCtw=-~iG98WN! z;){rQF=XtX&;WR{+Rsnle;mF(etSN=IX=Dm)X8vq-|xyGji>+fhrfA0%)K81?}szGwLOwe-|Na+#iCk2sXci}BJ_SQBg1xCh>glTVH}J_=aAf5&0&-usGMIpuro-xepl$6OXDiNYv5?I7U8^mX*~zi_FYWd zb~5R$dJ`v8eke-)MGXeR^%vRhqJrbQ=o~8b4mBD5I`7buaX0;S+(b<}YH2NjI{;A4h7gSyO>TokdKKUqR~g(C!b zB8!y?Fn5{$z1B{s0)NZeWQ+aM4wrqNInw$%-Qf2G2|nB*nuf-4qTD%w*nSfV#yAQD z-Mcbq);c5ziJwK(?b(z)Ec6jVb=xzFCWxZQN1Z8(gf>Tk)y#u2?%W-;54)WwYAM$& z@$L@1IpR%gQ`! z(=|-#k~t7g}NsoF@qbU_j zm-o`yGokK$su+P>#pN38I2Ja8amH%VQ`i1pS>UNNP=0R)yK(xr5o0Gu3$n(zxwvo|vD)abE6y z+BK9$j5~d^$tuQp)kv0o`nRzrlPO$TMcao^W;OIas7A|m?Gcq)O^>&)*|yNlm6cmf z2iMYY`99c6t{T@jO_#$w_*yhw<(9;fu>eJj0f{2D8)DbwM8`uL?S}HoEkKdjUyy`P ziFD=KoGO@$%v1N6a1v2uVMUyQ)6Op|#2Y_HD5x5-;B=QPREgiyg;1;;3o z32df=Dp*)`vF*e)_+%bKF4eINlaQWR&5JCkLO`wLS#Bp#4An$=@yaJp z+r3j0!=I_J|5ZBBVEbRBMTT~^DVk!&=_1Ez-QJ6>(UBhj^Fc%CF=1Fb-I~KUpESb2 z;j}Sm(RLTl=LuIaJ#floIt4{Ona}0T5POY~26&1XZ;V$r*J%a!Z~@p19zK83gRtFh zx4|$(kRhQygxq3F%J)^45Z_nUfhmkC;cz%@L~NYqc{V0ke4;gDV-)Hx1-2RvranqN z1@rXi%ZOPI1jN5Zw2g^=Zp5PpO!zTj9-E<11s`)b?SX>>FF<1qBk$nAqt8_Oh#H2} zLmON9ucwm>!ew!fD2*v7Nx*~=fbt3uGRbmib;nbS%rL?nkfjG>=A=x^f#ay!LIjHF zk4^-RDZYcU46I^e$6z?ga*CDtlhN<26!XQE{`42LPz^4i8;WXwni>kZ!GFx!wnf=2 z6u4b3nkm6HjSUc_{aXQr`DVoevzD*TM)kC!1gZ-4SBI74KCmHAb7(zIx=EukO3HTE5c!T=AC}3^FlY>6iD!D)y{El$obFT=Gt~YrRMsos~ml zIAr1sgg#=3OWmYt#Z1Ou?E|O)VFuE}L4Dq+0{-T65-A5)dy<5qZ0uBKN^f_|6|>3F zE$hXL-&|U+$t{Xhpfr;;<@Jekfp@AQiF9hB(_d{q=*rhB5mX0INPY@aQC8YA9m6aS zA|R4W5mFwegdyMHl8m2feJ zz7bYE<*&p?LN3HFKby%emQ+kl?b*>#u;iZ5TXlKh82Y_hk(GF;?Nhk=xj#_5aseu> z7@1x2M$ML7n^`c%Qcvbftr#H#AZHd>ZPEfv^6xuD$N3ghLx6b@VwSR)rknD7DS91U zy-K2m+A7E@WNEaser63!%wjVxzs``<;lkulPgGqK{jql8fM5Gp7pE7md&PIsXhAVW zzA>q-bm_Z;_Td4L-dVYaN+Ng%aj3W4^7ZrdwHWM}#l^99mYj2a2A*4Vtb^RFpZT+O zc~1p^)+x12G^adUVQV(-23l^r?p(^7!adP&>-Oq-fawmsA;{A0xeHWmv>QQNc}MQz z(HrZ0zUm`wxLsPTZFZxsSM9NjP|b!iEu_8e{j*8m^(?W}8|iNQ;92|7-c0NJZ@z7& zAAB>N69~168bx$0V=C<;S$dV#%}ch|)@7{slq85nC``xx#*F93w9=OhZY*BK<@V~6j_Q1*6=md1Z z$;GjtK)k&fFT~>U>gw{m0tk>5SE$@QOWK7og(I;0)YyvMr~4rN<3Rjj`1^FvTGQt_ zmSw*9-cHWFo-kQ^taaA^`Q)sXe;Xj?QylASZ0$>o4b3eVN7m6wOt1TIU!N?&G{XNX zU=o~=kkeafUHQltAxxJ^`-a_j`}~Jo!lIsyz0L_yS_O;xxP9bj8YDp3w?!kz2rvU`i?udv_8s>IIASN zm1wkvx8`iz>!x@!$I{3xm%l1nQ10VuMu74;ZG{2}Y7G+XoV<;R$a3{oAfxs&pG`=r z0=yb|RS9*QP*wtSHKNM%>oy^&0I``%@K1JuP{Z4@mvQ%Nyf@p(+}c-W*E6L7u5I0$ zT@HPNE3?Z1Zgg9AImnGK$}R`{dG5%5ylaF_uj%@?W3M5+^ntF(u7JPE?bsC{H@g_S z0_f&%osN8#yK( zGY}|SDAv5+x>jQ@L6!E;y>B{0yB5ARqJu_j)bUT%l~ZTGUX0RHjYfs{^O94CebaLC z+o@V?Y7Kbu9u0CIc{ui^p^-V-g4kP?AJ} zN68qcl{4Sz8{AC!XTzta9I@t@;Yr8tW0SJX`M%nR{%Hc zptFc;C!lV#WFG2P`8cK=o-3nbrSTy8jH7AFIbGzqNUqJw@=WAcR;CuNdrh-}_1MX9lC&A+N1jq07$60(&n zd>RF)yo&n+cFQ5MdEazCy%jcO?lhKJ5h~tE=EgCSm#nOiy;2$|0ON%v?KXLpg`BE* zZc_cM$%7-tVN|SHu#DB_z+Ki2VjWHq>dYaIvO?O$L3m<4%j*)*p#E${wUZVlR4O=*LwUa{lP6xx6m>Fs#l~$xD#?wlK(8KOSwx)MPa2SdqbXu}J`}(Tvr1sD81X0l~=LLtEthDaEaZ;~m}S_xW={sSD?cqd|cIGEdy!m^}JhVBrR z=Dklb$36`0_XTr1{mzLHvHB*Z_TxvelzQ;#lM~9vKnSN(VYiMK0)XJl_ezC)`qUDw zXC$F^GQ93UGM_`b=($Pj89l25)`ycOV)nalKacs7O~H=3qg>WWpTqWVj6_?)(d~A- zFOH7nzuj&(_wPaX<+Eqs9UL9Kcz$^F{Q1kn@45%i4-OB%1Klm*ul-3FhxEJd#<=pG z`$~R3?f}sGUX6LH2U@}?=yf_`^gS&Jgibr^*C(xg(VQ=0B-$#EgL;SE!3>Q{ znLfh$N6XCff3$$SZ(G!BU;n)^=gT}+_3uKOz*9?0AP zc}j-=m1ePJ6s*>5F$&Ux*-p2Y4r)o4#W(ABR~ImmKxAE?8DzjtStf=15Nn5M>HOI0 zyvVUY_5TZ+6_yTvyCq4njoHTHA{k_AOU+@VlX(oFc4e=e=QA7xD9UvJfRC<(2`CyXs8F;*7|7*+&>wc;x)<#?TlCh~J@7_k33%IXwYYG3-Q`(hmvn!K`dX;`& zWin==sD&f-^{lw`>x$vZ5nTsMzMG>tp^L)vdI6{#*X3jDGV@##V2Y*}8#;o}t$Hn` z;jnx3V?_fa66d((H29R8kbazeMqUhtZ@0vVZdC)rh3Z zzUI@X9rgCz$<^re^1^QLPRu~T&IAQ<&rq(R+$HN0BT;+S}Q&ZuFAW=1yaH z9BSvfwlBbLfPHS3gsQF?%q^Yw*#h71fj>Zmqd;))Nc0&1NT+P8Xa&GpoI9`e-CLnh zzeHEY87~0(fc%8xXewE9n~agqLoh{LweY;`+*JsQK0s|}XRx0>0WSnFj@xboorwwg zDgT)yr=OLBj!6I(BmwtOEdv1>CsT(sn=MP8V`jYO|TTx)ZvrhLJdR z``U_hENM-Xs4a*TQiVdM*ew3|UU`IM8gK8XOyaU{+o{V=9y+S8@?Kl#TP>}++(tVj z73VuNgVQ5H~!#gz{c4dWNx^Mv$NO#|w zr(hTT?r}K?+yV|VY37`?G?C+i#c zK3La2+zAOoaxd1e;|o=IgQ;r+L^p6G6caVE%zD~Z;L!J3XFwK1vY4s@4NGhUkNwMEhr$YpXb&|MR` zYRMJF_HAYm0Zk%3hRRL{!^_e2>#LK|P5=1(^x|gNAB}#!ygL5r`(1k>)CCe7EjpC~ zXsX<3@$(4yjgd%f9)D_mly~2^KYlFxG_L|%p#AC7rxy4_-V^`g2zbGs!}m%?eEjIJ zS^%l$$QQ{Au}(E&g4T z`m~`5s!C>64WN8!#?C|0-A}FI>r7q>BGdx^&|U-2GaC)h12OwO1fDk|ta1S?Uz~vV z7BmrW;01=wWx&%@PX)As1hUE$rNlUJRv9^~b3X=6wD@+r` zKrf3bu!5l6C7YYi3 z3AzV!93|Y!bG8A4)1i)1O6&2q(*uHEAvgJJa*8OwC3xx>k#|jfVfU*E^iyZ@k4~=M zoeoOoe`EYBu3(-y*O2D7_&=5BNxL`-&<9|YMriTU-0=pwdr}0nBOXqLF{mF>gZXJ)}XiNx<&>&T12(F>ia#N8x{La~2#N zzHE2f-S)v3E7F^7CGzrb_4n)OM`5dN+uo^5_j-nG7jEhRF+t#X8WHh=L?A-JL_YL?l4Jmx3sE5#Cymqobo2x%iJ4-NWv;_>af<`S`K( zmz@EL7Zgut9K1WfhZOCD)5ve{jE2Ym?VVvCMGSeT=Eh{&1N~ut@aDujYdDbFpB7Vj5Q8Jm} z51{2`1WE(JM!wv!=~=6O{`U=sH@o^;GlzX)BVB&lX}GY#z}Zo%D~w(l+wD4cum0=! zqHtfBoSHOBpr`D^8J0wlaGU$D9%gd=x&}g0()cDh}h< z;nx-72~`JWD%Q1l3y^?b+bMl0p%4@_i+syWBOU4^|GFZC=PlWmih^n7qGI;I>eQRy z+J?PwE)3eZHx9IodzEzo?3Uj#S$RS5UTvo<_5d4qziMx>DI<>MB~0K{0yEbE>D!G| zb(ZClYTb{tte>&n)b6eLQ-(yk(px_IOPI2^K3CGk6^xxzaAsZ9t;3GlF*~+xyJI^Y z+twR&Y}@GAwr$(CoxFd(I{(F~b9HX^?XFsL*Q!0o9OIeE$97B1BoSNp;Y>*Az2--_ z!^s+l8A?V2Fb$OK)vSV+Tz`%kICjL3R4k^V(8O9bm%-Y35plt5_aLL%Xa7uCu9W>z zue*2Qj};ROU#K>BWtDQ8It;+!*wsf|V5YAMY=y~|7DTA%KN2yrA@6WbwVgFgTU3<% zN^;;{a<^eYT--FLO@gGcZO)uQ+iD}O!wV#k9gfLJ$)uZW1y%LHt7ML|=SYv%I5cTI zdN(De>hD%V9x`lM!K4Tdy1Au;H2{4I&u`|pp;1<%VLvrVIUk9vh~3aJhP};*A!YiT zzB4#ylbZBZ(@aqhmdx%1mSiPS z163pkm(HZ6tu+f(HOJ3^sSR#fQ}>d6(5)jM8DW4EUZ3|tbl7GLZ>)>g>1%8B3-3^k z1t-HX_b&0`*3_A+SuJ%9Qj_ZUZGPgae(G&$Rv#p3hWsHN<2*{cEa%yX_Rpr|s=h<- z%|!Vg?&>CnQbr8K2cP(oHw+jNo?L&;74;kyOSa}T)6m7ZhYjzfmSDUY$>np(S#!;b z>aU_j=n?MtyOzDL25W~>bXwYj_h#2vmo z^s6SnOGn&9lisP!#4`K4ZoeAeji z^f+JQ_7GaYP%Sm(Y3kI3rboxPzrfI~$LX!?$e#AE)l&!H+rwS{bBrWy>nR0bI>}8G!QjS8f3IPVezbuI1e%C~Z6nUf}9lF%a?GEQR8!JyGD$dm+ZCRh1*usl13#^v~@Y#P+fj$~Q0&{aXD9`Nb`}+mHgJW`A zMtEC$y8|lLYXJb`}zh5R29wuIRH*^?-3-WA8bU!x;HOSjMCSWwhzz#Ob)==wL ztnD&C8Sq8)yD1U%pJw@MaHQGQVk6;vWFmw|_%0=jt+s!9YO~!0bqk^;l70A zt1Gh~K3N{=2>n!7Fx=I56OCo0E7k=y6#HI3wb?sG7ac%=rGWZLfqgxJ5(0Wq(_BEW z`|T6|H4^bph&kpD))i+8dy2Z==!PuM65kkEY5ke5w(g@)&>fYUEfiVO)OW@~>Mt?9 z9n%ygji`+!Vg^^4U3it$k&PBY7oNQjg6BU$NtoL3zx6KW5JjTgAarXzj(gz}EUg6E z&5Xx4kChx{PrhG$M{hy_uh$$0!U!)mk?MKv+Sm=gTuBHLa=>201Gs1wKyU!5%Dt-W zBKVk z-+u?x@dxQKQgzlM>Kcv3_Bb?@ag=m*jMX$$=ZL1O=_iL8jgwYk0c!d-?6`ZOMJNCFi`TOWOzUzg)iF9KEm#z>VLa{bmy0MJq*aBs!=sy6=rjDanQ` zm|a~wJbc_KEPRjB4I=Z2n}ul-=|Fo^BKy;t#NvmbvtKk)wjenQcT51&URlPj)7q#Y z_U6>Xn;U`1p~|{aw0Uh(6y66d{(9YT@ zS=8^d6iMO>!S`$mu*U<~ug|$o&IUT?@Oi0~06m@UZ!SNMnS7hPzl?G`kEi@HNv_Gq zlJE=Y`lyt`UIoD7SPm)Nq}9<5`;9^0^= zr#5pR)Qx77K+P!rB9qWQJF0U+r3CjmRh!GL?P3ueH3Kjf)R5b*B|0_)1?2Joqc01f|{%*8tl>7;-Q# zx(iaaFS>_cR*OH6%P6Qshba-mRI;;=lNJ|rEhAcF=9*7C4|C>T35k5=Pb#(6cuBYF z5mZ)J<~hZ zWwY$@I*aE&PVD`T(`o?$ecLOsKyX6%}e-b&P%Tb8Q_s+3l}q`3tn-KM9l z#rW&t^@Lhzm)8NEcvvSvg27+m11I66P2P}=oGdy*^71SmB?dJ5qTp)GTBd0}dtwty zC=fE8qKpw2a`iU-Sd&3!K%M6d_;ilu*G?*`oHy!I&-(tK`QqikJn`Nz1OfE7#E>1M zgh_1@wi*O8NfuF>i=1wFo?_?E<*!;fEjE*So1VHy;Eo9gArN?XcyD(OH2Sdi_^hrh zR-*j9OkXjr>D*mU?2N?ywVBlD~Y*DX(a$BC0X|6mWNN zPhAHR@&Y^_Y(BrCNyGX;nK4@1LBy2~9Z*~(ukxKfWUkEumw$#ch$1%C;-kWph=Us=etqv zPkDWbG26W2_yl4JXfFX(+q$LOV-_wE0XUm_=aaKpFVYyGG;;sAk2WLgTcazG%erV6 zK4lQG8RCw|d~GG|@js#>NN>d=Jq?h_BS}2DH$eS}$jJ=>%qZ`;9G-mg(p5I4d9lDD zjuw^khiNU*)|gB^&09)xCdVOClWXX^il+P`OoE$yliBhyUz(x(Nq$E;+!a!Txrb8)tMDn;zZr+)#K0u$6 z8q~V>o2$LXTSB3;k4-<#l3W7(m+Y}DxB{+xY2(NznCZHfv%rX`j!h!}HJ)zVQb>AN zV@e6%!-QD389GF%KtJ9qZyt2RLuCW=Nr@w~4YTRE+Lw0_Wz7UcF7ywi$%jVluiR5y znmyoI9d|l#;R@KeZY)PU0i(MPT4M|ZJP_*xk8gH%cGh373qHJu?)B+(kG0yUqhT9v zcFotGV8leP+PPoBArOq`Q3Zptnp=GujG?*;d1g~w2NZ;kwZ2_~f!b z>YMM9-|q=s;1unEP9w9VFxYD)$SReefEk~!yAw*lmz(nq-Pf_AZ<7Vk&b4#BZk|gU zi)QLbyloWvw(=UHE33ECqzU)R)*&Mf{MEi!_Qz}vTS;jhKpQ8w@&}W}GxfPYcxzEC zoO8k4(Z!VAG%~!f2l6)kW?x#96rNzTc&2c4G56A_PqC>xeM`&U{afT$$T|kw0_hdL z>FfLWl5)C1g7&m;1O7_X;vbQu7f#FD;l-(dxjI zGRnz4-Hl}2LSix=xdksoYEGcHG%7XNkD1iPDJ41_(36=o6SK9GbAjz98l7@sqoOJ; zj968a$@vn!I5R{wM(=qgu1dAW*@z_$K0udRLpAqLwp}WN=QvrbSD4a?ZkEk~bacWY zLCqb42p<}!YyhRcTgxXh-yDN`N^b5FgQMfEQ1n`CC<~Dt)B~aa(X}GqO!9@8eL1Nm zCoFmo7yD?>GqA4FB<1zLF~eL&T&#b{5*w#dVhJ{n<>3M0cpq$@*xw1kMXPU+TZO0^ zn$lO&K7}nvE)~L&p5vMC6)*kZrLRWI@48z_67JzRwA^L1H}g8@oL zgHjKh<=J!27BOv>WM9N9C_C>L!Lyj6xvi7E&WHq_50H-SKt5KwAf6d=&rmHM`GL3A za$q<4>y@Ym1a+YK9T#$kXSl|=dbbw(h}yox|3DK_7SQzYe{M`Rt|T8k42n>`cH3{p2 zwF<@X`^?QW>Br$>nFpUt zJL(Nd^wV9XvXgagQodDJ6m_Twm6#QB{S|+eC$PS&(tLYczq5UH;!IN*TW08R`wUZN zRvoM)6_+hWeRhWGJlt}13oDuG$`oyZ^0L~bUwd}-h~hwXs)a5q_PEFH@GqWm7g=&Q z&xEP-zV7px*G1Hai+)}R&2j=rzlA8)@D~>h^-=X|rJXZuqDbK%HG&+qO6H=#TtS-u&`q%IAee5|;&HxS3{Lu8>ogUpC-O+~S>4v*`{ViZh_Bbv$=lIsJN@H^MpAL~ zG%?lyXHcz7*gLJCSj-EKnGw<^5ayY`QzDP`TG>aWc8<@M6w9d))0&URrxNfhWaR7czCWo2in)Xl4KmDj1KhR>gUD5!qIf3qL4#}-UW z6X8tOho#fUM|=(wcNhi2yYy%FU}eMYQU(OdW8iwNo~G%vRDAX39?`8&xq~03r|1El zTwH{Dz{+F_zRJ2Le-`||%>_6%#?wKj(mN5!TYrh(uBkc(v#Xntyj7B(RL`5LmF3t~ z9Lw7)aG#%)kcN`R!k#CauiYH{vwQcM{}9SjTYKlEA1Sg z*kJ~8sHb42*hz2%j^E$UpTCVRz`M<-eHU*dPcY`noa{l7na~8y9CA=?!5VVzhnbzk zGR3zVwR>}v59q>?Fv$G65+7ZfyMf3Y8*fj)V0mQI7gHCLQkP?ptBwJ5o$7b$O|3A$ zlsnXA?^p|ez>3r+eS1@?KkHSS?o?NrR+9<`o@mGbtS#L5dgYtqB#M@P=6pw1o%N`T zj~R71Te!yM=~yI<@EoVhW$gVP`ctPIDFx?4n@pS!+jh|VvbPm`_ho_{qzy`0YK}J- zEdn}6ggmV$KyOz^Wpgb{E;?i@e>G9&3@UhojtPY^g!FqU59M( zhh6m)HP6vcEMn8e0jtQ$(mcZwtSp^QE5cgWKv6uob#Y0FdTK?q3J!1@ls0uM=1&2l~F~W&Dprn zgo^wp-F-yi((C|L_>*c0jqU)@N$?17oGR(_#Z}J%y)2sxWgoCNDZf`GUB_3g^w+2- zZ3RK=5M%1dcWwzC$o&5`&_3K5zW(4DWc#J~*EdHLTl1@QRJ5Hd{)#oB+%ojT|}@^^-) zO2<_Jt#V(k2Ixq{bga%Iq z3j;rOlPVluZc%dMKO)UZF}ukl30Ku)BTCD4gDXzI2o;t@%Dg7|;dOXJw#$EyIkiG9`J-yjN(O%Ts zF>xB^aB{(>j(#GdCPAAJ9}lmkkS12XtFNpey$XUmFvGBy7%>Z#{3p(|%^%MD4 zxx&_OCb0A@I05x?Vv(YbtNxGhzZ;Fo3^?Js%9zFt-q|Z~~%s(5)t~s;b@V zQ`RGSYou0|7JbfP^1{Qlj5&L$_5KcUv=-`zTuRF836IIn^O-YTrG4MojRg^ue{dc_ z$^U90vJgIC>5EjegQPwA4xKb&F5>OZ!x)}XHC20EK$GItQXTMQ;n)Vs+bm6ZkIw+= zZZ3;!EO!FuQCrfxU26K$(?Pf(X zG*nozc?l*%;~_by9TbgFFqmX-ND#t zt@qrbOBj}^h1bA9Wuy0Jp zZTR5GZ~~;?FUb0H4f<0f88&$l=HNf;Q=Ro0SE>g;*`%U*uJoVn#8d35e^7j1qjEIz zMzW5|XSOGw$j-h7Kn|nbOo)?zAS|d*E5Xl)mkYkM5(1mIFESdu1O(9gW9CD|@|S zm1ZaF3(MDw{q>(;7F90lkDz1sy>Df|sutsbE?YJ2ONF7X`8b{kzJlyXID zUvscIH>sLvOPW+-g*xcJ+JD(m2hcs;SQ%TC+kfnA`=%2lO# z%KXrrN8iIQJ$t9p*>l;T#a)M2k-lj6-Skt_Rc;|S{We{ANJQ2$ER#(jE&jD|IQ1KJ z>=HbE7jFmXwD+@f-)zRGOnmO*U?)jVM;2MU{MU`=t+(E9AY@Zos3OcYXKACsp@Cp9re0HAL> z5^b(djo;|hvtqYfc^?J~w8&Isd!99+CiO;K-&lEdD|7icfVvVVx=Z*@!!7LHydXv& zat5S|NE`U(q0OAIo(392G593E@nBJzpAusicM>s@x9M!RCAyQ0dZ;s_s!(jJBy3oT z@Cs&5lRWD_5iNe7KMr=$;e(vKht@iw9w0cw7EqO$Sv{5Vobr_tk97>6GpUWNNM2=K zAl3g{H>(M9(Dff>51Nv@{nl$gFtQzlCs7=1{J_4{Ega1fc0&71X8P1tk5p%hR@l>R zxB^&H)_kEgU2U3!nv%(9lq7sAH)i$2qzq^8bthvE!FI(*U0IJ1+wVKE1B60TxltAD%|yiWO$2?+n@2CQPox(nSp z5B0X+dr8jnb4GnUO_{rYY;R#dDGtQCQ4hd~$3U0_W8|WeGMs zMx!yl##PTx7pm42x6$jDjhmxcm!lR!q@+Z}&_6&fmj+(HF1G_QVU)c6P>Y&)hSFFp zB1rv^U@2A5VO0YQ2<1JYK0Bv4+5sQ4rw8oDjp+KNKR2U0FS$#1FP6?T!cr(P_hc}H zIeaaW?W2iG?WUR6_oc(di~E=%N#=1Qx_c9nj!)_8jQxd#6%7k#BoJV78K_5 z=nCKauo{FvdgnGL9$&HDr(?&OGKHZyA!eRyKR77-IZ#3p07hr1g;P2vn49gylED$l?zoG=IE z|Bk_;-57IU@L)ND1cHbTm{DJ|fvMv;vPK8e3=E#g?^fc8{)SXsu*c>8MHmT_)ELHq z-63QsInWK0Lkvqlcg|G@;~XK(C~PEbl68NKHoEWsifEt#4ZA0ynPZvkhXOWtDmej; zwIRttdLrxcxpF6mLnJ>VuC{#bH`f}EC!*mCo#eJevTtud8b$q_qY}FpD~GJU1q=76 z76C|~o&NP)96p2ZQ#DHkzj=TONE!7x*dIwgTz>3F70fYa?cYi7yT$T?r2l&LgzX-w+F{=JbmE0{ zkhv%Pu|zSZ=L*vgV@O_Nv3f5ZYeF~*2M!F0ySd-v?W7c@IM9;#{SR|7k-D5DE*GDX zJia;2D)~iscCsOCjv(1*EOvs47c0gg^i{_v;k~x*vJY16#Gl)p;UdIyA$qgE?a^{6 zN$8o&1vHk=e$#OefWc$ccCw+STY_6-M7y#ZKY2f9p{gRK739OYY@mq#NE8X~MY-vw zKRj)&ayt%rHmP8MO)CLqo1U+ z3HG^A6(#A6xI%f(tXYMrJK7=#K6z?y3Om(%buP6>5=zRz+WYTu=8;A_GN-+l#X@~K z_^F902}5eSGC@vXb8X0`BenY6f<%0UDnhfOh!}tv~>Jt+_p% z!!M+C#BD#iVAJMMf;deGDzHu9#x-Hb+2yLjCo7146BVY%RaYak#$&(>2N zUfa&tRbA!jFdll~LqZG$9NaT{08xIF2P1NAR2k3YNhyL~?gfEIvUj z#bLeCp_+{!hGY|tc_rC-*iz-*_#C?a+R2hFI4I3XPYgy*@L_6cP>y4^ohk(j2bKtounjiNoa6K^SMc{i&%O-G3 z@-^~Uz%!t8@u#&I%b!U;|MK5PR~&OP5D(~f@CUhoC0y{Lqrv#8s$Q1vmLRpgC*D)C z@iQ{p`dxMAc#`}wCV=Yde0Vo)SL1RU|G^JSrl}ojR5@J|vOAfoW$f9S(Kfk$To-Gm zx*pUsc23TN&@JKfx6;?aptA^l20y35IEg=ht8U@rR$!MiURR4m$R24|X~GYT2X+VQ z(6j}boWqLq7s*T$a9JPkO;CD*B+mU?R{|UTv*KfC>UAh}&LvXPR5c`u1;{W!Mn?*7 zV%x-**MP|?Hq-|I{H{o%uBCgRo&M$FKHv)Q{&tw~2_PvldEJ(B<(OZTn{#_9W(~_F zbL6N!T)%G~h_@3v(T)(mF|M_vZ!+63(_UZ;Khw>L5GihCSnSTjG0u3fT&x$W&%YqZ zwvg*~5Z#N#jS{uJOrlb>9#X*SX|a6S8wtVFb%5ncHwT1W*aca%mYtO#F4Xhmj|Wj; zYl<{y%Z%6X0wLL6VX0d!$eCmS5-Lk>Ex-tZ4177ngT1DVr4g{_9|bh ze>+?wMGqGl^7hX*Eq6Q&p~|H&QUGlIGAywd@YXDxLYNN7C8P#ZKbqkusQ!2(8;mH3 zkIMP#T&^@Vl*WU8X0*@#qRBA!#v|LV;U(2R1I&dQ9kZ++Bz%#c3sz)}$(_mnB|t|J zkX7kBR$TO4aM4p3Ku$?2#jmG96FhO-R4N@wn!MHWG+%5tWDwaSIi?R!$$B$iF5@og zf7%>DdyCH5$ZgG*pZFws^u^v0w-R3HI;r{tT-#e4VO_f0TN(wcYfpVNieS7b){;Pp z^ZR|I9{2JZ`ZrQJR3y7s=t=cn6nUxixOh6KmXeqhG*wJ3wxQJOQ49L&OaHT~N(_1o(qUHS>_lSpT+HLH40A$hbW_ICJaJdo ztnXIpC376!|9jd}IU@b*R!s%QkrAB0cmzfL&Vi0cBY-SXRc{h2^M}|)3gbh4RViN$ zPv0(m#*yzO5ySJi&ygKS2lU0AW&;hy`4xvjim12SUk_+A_hs&J<>`Aud9wki>gOlw zcy2@qJZ|v_&EJs6#Q>1MUh~rjA2+Kg>!Q)~C`^vZx#Q`g$&$kz8BE zq=&L2W&qKX5CZ|h81M_^${*8d=3WTXS;)?tkrvaDPI5G!`bQEQwedPb`4;FpApkGg z)mHIsUh%Mp5YPZdC6FeXw)v78ptsQCuUnf)gD`M+`I|Pkpn2`rMh9EW-+f24@Kr#0 z>gRqC(@@@ai`+~G3?k|+)e2N6_J{FTrO;>vf~^1JfI44qS5X`Hl~&di??pYbxV5x9 z$Gwvv7VtcEATN>p>(Qh22T0DZEXJ7vPta$2E00hX8OpK`7DnjhN4?jcHCPPSr#i9a zc8G1?ce<6w*-QG2sbuS^B^wM}EiuFoTAsvy2&?FPOPM#`1X~#R!woMk#m%8SoNyoK(-vyCu`KR5tX)K9<#v`{4$@Y(FE9V=)h7~H6}?ws0?i!q zTZPGx!qe&A=Heq#3WYlG`C@;tef&J;_KyHYP%Sw$}ckA$kv%h^PsY)^3*)Ikrn*B zu8A83iRT#1!1D5(ZCwJu$Je(V&Y4q|v6vY~qUhG3T|WiVBH#-?q}WV)pBgWS*ruUj zT5R)^|7YM3+F~~#_mvEXfxq%LS&fk4<#F}!$E1t^gWs0mTNO@h@9JuMjzD%tXUmt_ zVJe>G(V}<;49b?i>J6C}U5i5i6rYz-@JWu-9X+wWoYMxSjMqZPrNdMLdRpfF^mLDj zCtRH;DT6%ylw8b@<$u>x0$o0CI?SMLw0_N8OB$N0WZUDvb-0kn|?d`wr*l^)1J8+*05sHs?*UKf4MRnqj zH2HeFx#+IRp;#uEcH9tXx@gnm$PETXkT&{^=6n9Anyxx)$WFNLbu*(Nytl)!^m7_$ z%f*ei&EuN0vEadCtlZMg(e>$Q;eGx3e$V3Qp*%$jVT>GuFK??(TRn=Hk!Uq?r`Q9u zgtDk6IJ%31}omUsmJ|HfIfDQ;;9yF4hXn zAXmY5F+XJAJw2Lq%owKCwt9okE{yb+C+pn=B#ZY4c5+K<31dfN{@#`$G#2I+xE&u; zNEq5t=?lTx;KwnFX1A%%RJ88TmltXA4o#HXISZN3=;!Pr>ngAg<>0k@xO(~$uTGo- z+Mj1Fi_)ZuD%O|XgTG{jmuoxueZ1~~TUi{bEK=Zf4;<+uqdwx~^vNBBKdxistHqk} zy{uHXE9w_30lYXmNXe&zC2C4&ZQ~uxFSmHPA?{8H{Tc~4fDpwK!jfC7At}AA?Om=_$F=@3Wn^=@c^?mol zJ|T5oUOzs+y>oHc4vS@FELBEzG#*#6#|PM2;Z0Uuu5KKebKl;1Zn+2BDTZRv7)1Mj zmbhG{+O*I;rJg!50jxpQAOqp+YQ7%uP zn7M>7t$$u8)dj2^Di7AQ2PJCGOndJr>XX4e3b&_a>7kAtoPMka;P-{+|EoUYdf>%` ztj6n6YQ{JOK7N|aaAg)&&Ial`jJf?`6oAMaGKT@l0kRLyi>0yYCTg#eN)-{vZxYhpS`Lg+zuwX($ny3EcxZXfnc~f$9$w#A0iLa%y0PI*2PEvgCm>8$6XM;$ zxy*7eZLBD@AL{B+bm6P22)c$Hy1t9+<1Xhc!-Iz@*Ga7}Yeplzh$qcH$cBH8vDCd5 zW;@8GFC)GJ=23r`g;5m3{oP z2zyTY*n}*O!%0VR(G<@43oisM$c918QfQnI7P>NV<}n_i+_W;Lrkx6!GYqD^@g|Z5 z0YKf)41_flQ=crsM*l>U9u0Rbi}$5Ban}22iR;p~OB~@YH6Zk`*PUgIUrUJy%rm_; zq}@7a|$3=`0CeQYU)9&!zI-gMY`Z}c0f_nO{3;{cz*M5__L+?F0^^3}?epT5&mEw$gW9ovG&=7#L) z*;t1K+H_?2_5!&>j79j^))f#8jGC%hDRc4`@Q9slz~k4+3e#dgU}Kv54L6x)(d+CI zO{?>@M=`;PNFf0_P~XQD%XcT)bqE{!LC-_Pd#hYG;i2M)ro9zWt<)i&-GF{f9>PIJ z>4-;crPwCxpGK=G^>yyu#HFCpeJ&&?v?cpJeUQ$O*CFCiEfAi5?m%t2O<9-BlJH zm8L0KQl+F>DAj-nl<{-E$e)%|i)Zqjx7~2nyj(f;^rS>}%=%Sktmk)cm@y{Rrpumx-RB(liy1|FLW@1DgnM%I*al}pGtAS&!zJ;w5D=0zv?Mq*YngX~5y5jUc*FV;96+id#d`6RS z)WiJ;zUJ4fht%6$TgCAeLL*cBRb^!=+2yaMSm8VEtTiSVgy>Vg&VlRv5x4$S%X~nId7q|7g`A_^<{cQ<<%%UAFMNZ9! zdOA>6vpp!BNQf3mFXWv?BK94la6?E4O>pM_!^F>1KL-#7IHAJ2Gg~d;!*lrwfe`Pp zBoV;*(;#x;4ELh%89w~GQ9~py4xqGbLBNki8u~l7Hjo0p^^1vgZ~L!23MA&~B={;s zn-~#R9#dZ3)T>iCDOBn;NN`XErElV6sVNK=(Jwyt0bak}sE1SkEtTaMI`tfsI|v(N zmrq2>ESfOcZSIBYjt1Pc`S-QTUzkP|ag|(!KL?U9dxU>3dJ5@+eWYCJJQ0O0B;9RW z8tN-q9&|5zy;nQkZJ&28d&%EzlaHm40O{L9AtLJn6`vyofjn3}Ga@R%(XMZ2nJ<#oBf35> zLHwhX_PuOD`%F);8^>@oG#|9>edCCR$$u#lLQ8K}lJudL+{VT{{}X@LaqL&`Jts`` z`LSC5VT%0<)%(l9c}N&#oky* zc!J-&#+`c}HwH|Q%@r4`P#;WjFt(JUY4&`FhqguAi3Rs5N1fpm3^@Z&k{9~;6~uSD zsg4ryqZt|MZnK}mAR=#-E?>eJLnvJES>X8{s@l`531B)4kH%xh{od5vm=jDkX`;<+ zK!Tw;uOFJj*vBkky@xOlK21_u#D9(EIWuzH)!IU*KNwn?Vuymi$}j|PViot3+o#vZ zU*!zOkZbHu69I$ISMv9cZY0FABmXXi4n~CR!Zh(BXCUG3%MkFTl??5+8Exs^Nc|$=bCczsrpUUlc%8Z2Vi@^{<*~(OTm_eXgtC{T=dBXu> zghV&7d|Hg>FDHJs8(!29YA#V(PSE$y4WCqUCwrd^Eh6AD2l%=YX!$GftM@D5>)G>q z=k&vkq)7G)xR}UD|M&7oX>wwXocXC6B)R%)6#8ZU!MMgT-FQ7+)|`{_HR1;cxj%`x^BT{Zjf4@?5CuT`Y&Qfiml# z4=VpL$WZ13Ib~wk>du9`ecUflH)S-ii5wOWsMQ-R5bTzpIe|=hYcX8A9)tAcHW%0+ zq56(5EMAg)cN+qi@2}E2OQy-cPeRH(7SA7-`ZGK)mVWO1j0vSMeQZff$~G9{jSNFq zqWts6Gi;WX`p3x`wCHC1YE}!y+48*Bco*_ou@;}wHLWj|!=<9M>8*^oGOcBIg$oHZ z>#HeMGQM&q41GM}#I7y#Q;2>&@J;IjScQ)4mmi|CaVQx`X)Sc7P)L zWgzhA=c;=-;&`WC6$%_ZE|8<&WX=pRUy*G6Wz7&v|JZQ27{75<%w>HrfAqM?hCk^| z$q<-gg<0klkrV@ZHvJvkz6N%`JdFaaNK9mpyH^t!&PiL&woYx$^=_WBX^aKl`#oy$f>-SV8J?e> zF+Kp<9{>(zts@|M@Qu|^Ocnc?hhM~e3?LzP7trYhhmc!oaA!tZ2~c7PKhX#fE{?ni zE&?#C^~tW&Vj`w|;U>@DN@TBoo&IoqDK^)Z;x3@C#7n>)$n##l8Jq|_;1th_2A1r9 zBiih~%m5HZk$7mU#k>ZNPO2cBucP;%<8bv4mhEPyb7OTRbl*RU($_n3q0 zSKfz`GmL0x07yv5_9>yhPsiTh{QqI;EQ8`|x^|6w&_RQ{y9_~s2X}WH+}&LVg1fs* zfZ*;fK|^qNcRxJucjm{c>FPaQyY_VL>RRi%?={8YK)Foucyx&Lm{u?EAM{l7>c8+N z?|*CG#_+N6%9?!&{^0PhUvc26wt(r(1VWh*k}f`#OrIA_@w{Pl9Qn*0G?d*;ek^&y z`2_(I(*oyquojPgB)x+9*N;p{diCyzsk#LvsI96$#uIz5RubPQ?Aw2i-F<8?RBCuX zJ=Vf+bopKVe&}0m@uh zHjXP2^Bx+>CxI<3K!j2@G>~`)f^{?B>8*w!X-xlddd9b3iBiKTE z;PEYz3nElSl|?mROL;<9vSV`8tse0%4G|~!Z}22Zo){bW$)h=2GrAo2ZBm{YN;lM}RgAV3#*JDz7bV(xo%2A8|Z!sgbG= z8K||Ymw_r@sG^SeU4k;l#m%pKAq}V+DH>2$30M}RM5^V|HDf!BXDzo7;9E=Gb|7IU z4dtMu9%Ip&F4&E=?TO0*Bq*?J$vp!u>2}R9GqvNWDpm=Q4nj(#=6QJ4-V`m?5!_x}zTg6e* zv<%Uz5GVRgA9td1V{$kk@F|GHR;%`0_GyD)uT`v}?x@f!Uk2}zrdfLl_=(f#3v|$K z6WDwchpC4?vK%N892mP;gDWzUjdJAVEP=GGwK5+oq=&)CT%oY7Mia$()h1XkVhOqz zGDj|${({ioN30@134oYHO_n4jEM*1vod2#SD`JBARn^5XLQ;E)CAw72XA%y zNRBJXJ>X~#m7V+ZcW95FTo`$2;?yAem6qfOipK@;+}cHdA$*XdLV+yIQ7PiWb0IX` zBtW6K);M7h%19(*5v##l;Ra5Zu1#5m5bU^zJz@SJUxvMcC`vs7#i!Y(zxQpzt*PY4 zOKbg%cnRKd9*D>jL4i8w6W2o(F8(k&yEsZ<-+`WAE!RI$V~~AznzY!kZkx#RM6*AX zdiP)~4vJwnr5bY`xq(XES;v-K$n)-mA%_i$0%z_5J|-Xw$+rQZ5~N`HGsh$Z?jto* z;Xecz#s80uz`>|go(P|D{s@t-P`}(93bDnWFS|UgesL; zEo!zU`w5EYbDXh4qg=f^T{^qlhDXgCAiw%F*yh_Kbw8RtJFH#GWa#+f)T4N)g1U_$l1dw}&pOqRZB!i;kL z$m&gJ_3LRF*8=t46zh%`qx2?;j*|rcYIR^{h3f4m>!_FdkxFHDEhTXWGFQ4 z)=`R-X^Ro$^93*BhsVaunkMJXV7f}2_-8!Kr&Px=huahV zh+s2{Vww~k*R=984zc-I#+st}G;JTY6Uql*N7ISl-;>fDWLC_W1ZnW&W!q4Orb6N8ztmo3U50X!3O4i%gsUa)NkawM|{< zuw|c58OV{PnS}dSv!MFPu_#mWPB~61XVAT6H3pCZ`a4eL1vGO|cSiqksM53|H93m2 zvV5kaJkO zuZ;_ugIcn!Z}1M}KBo};a41(qR2Nht@nt_|UKA8@8rffrq|<3pp_1KdAbGGzAd}$? zf1-EIIH84=?l||c&>GWDFo6j{6`$GIUbPT@{+t!lKMyS2!F%KMQUBWBX12{N02&vZ zIG`b+F4Xx+s-6&VY~X_i`%paM^1B#7+}m(XhjTmI!?(pL-mJP2YPsLCv6akxiLDfp>Z0;w z%f)mh)9-kv1(b%EwV_51B!3a&MweKQTneBn#;e^BcThQwaQJ~|hb6*z<5CaNZ(;Z5 ziFom#0PDumBAz=pILeF)jyYg@R5uO=y~LX*S?b}rMMc;WB*}=dfSC!?$E;=)VwYC< zbfa;BQ`1z{+(}V;X(>r#H!(Ag2@X_OjR@$IFGo?qt+z49!NTZqe7n{!H)MDTiV^x_ zNlzFOO03QAU4>~BSIurYiJ18Ku|%~LzKDBWNS9EcJ`cBK)Xo_3GOZN>V5~WX7;N|K z#-VkevQt){PEvlR9t)6$kSK`a$d4vuB9apip&B8q09k6Y-!zvGvq_JaF!_iKE^ zz@>$rles(aa>2@6cF73DyDq>zzNH7agyCIj))R?KMI+oe=r1Q`u`qc z-&v^0l5J$!7H_ov@Leod^e^&x$(6qO+_<&+UBEK_+$**Vc++bNqmFILP2#M0#7ihf z%Ib2z2TN>5J>4lzE>MglUd0SnXbr@el8y>BX(Dk7TeQV-<7BBMf1L5{bG*R)YykUk znkV*vRvt|iqcA5+qIZwcu&P5`Jr30+mvgzD%U#PfjC-zlyFmX;Px&W5Bv zfiXyn(W~b3DspI|QKhpT^Cui&cCbw6;Fit+UKZf5`FWrprG|8Xof2uvmrN1xthKU2 zsYT5mF$zYp>D4?6<0*$ZPz;y-)?)N&qOrB%vlXcnF(G+gL2?ii))`VPNLC>1F;TCi zqQ$8pK=u=sd28RzwxCT|~K| zjL(siCc*shq38O10(*S^+KJds0R;%5kp>NbkzIm>AIT;n<`Toag19U{9UjfyleK7L zl8mle5J85wVrgno6d;K>vhP*-6I5iY(Oem6GS>*o_8Ae@3DRdUrH_443?PTYCFT7` z-R$d10dZy+`FZslRf1Hwq{wqC+J?=-C$S=I@QEOW=WKv8_y-$HQr(5{wWgwQ2`i)n zl;enpUHd3|TdA@pfzrM=;iYo*zP@)sg{^p(rS8P;P;H-h<$-^4CBl#oSi~+SD_6Rt zMR_Q*V9Z-?$UO|}4)!ZSJpztfW6qTSpU<}mzo9D*fiOND&79`DMknfLJre>+;F~`f zFkc1KHa7;J=yskjzUIG6a7apt`%4hFqbAW8}Z4>M_MV^d13Q z^Xd`@uqb@MWfjX~<#9K^KFFB_@2sg^Q+UG&iFdAjhpw~ZTakQZd(&Xv=OQQAKeqsK z!qO=?o@k%WnJX0VgbRR$c{cYDBO5%z_$Qz^EnK7z5$FkRGn(ck5H|4pU?dg)dyc$$ zMHJq1B!3W{6FF{@(Of!`w?V@n%2EgmoU13cl1+6#>c&jH&$Dv<5u-mADfxRaxa1>1 z+Lu2di5=zRYxb5F83xv}4LH5=LzGkyD)4daZ!T=$BO}3gqGGj_XWt=V#yPI+qFKCB z2mYb;Immz4pSuVvDUglkdmj3zUO`f3I!_3al$l~#oG>dq3hWMXBK{230>2n9G4f{` zEwrJaMTxq=BKk0yACj-{58w~^MtW|kl(7YoHnDA)CoET8Ue0mFe1O$27FreCYoC~~IGE|p zq<^oWNFW(5=?OkV1CvH3{VS(`!Ibo1Hv5m@V>M^A7&wLTlFn^Oe1ds44hOUW1~ZQM z=2VW5HnC>0l^2loOsTS-6>TD#qQCGJ%B-iiCC_*Bndkb)^UC7c*Q`J5;~9%?+~OU6 za(Qjr`Stw*N8njST^$Q!zg0+%5!2gE2w{WQ=8cP5<2@-pee~T0p)pEQw|+MR&RP&u zvMgw<5_a=aWB16E>c{ny4qi1xxx*h2sdysEkIOQQ8WG9ob=7lL&M3#bZJ5zRSfm9M ziMu5FMFwT05o9d!GL7MbPuGIO{VxcvX!5r|?ua&&yX;0ZrVupuPgy3~&VCONC>>Ek zS0`wXE00F6Bkei`g@{hPDP{E9$3*-4tm=|Nl8K5g|xvBYu+nPP_uJ~%&Jw*?>(2?q^I6q z?8PO(D#;bEwy_z`ONi~D3!x6Bv7<_a{HEJx7A^)mxVv>8bMf%&7$f5-!!|`rpoF40 z`!Kj|v*mMWSmDn-+!VB&s5h{p{+QI0X8WjNge&cGT@p zxo{*Pv<*kI{u^prlGxVJf+fMGd4=|8SMym{un} zMS-b@v<)p%T}cAuvl9qA;s@DP>KKA%ntwiE_K(hRwHuk2Wt)=LeHu))(CBseyNs~4 zELEvqIeNl+*<#c%wsHb(om8h3l7@`j%$2|F`%tx}xOswK13h;@3OvXvhANvqi&`HG zV-+@`%wEnzmkjn1Cp4lCSz5w1=CjY=^Xc~+CQ_qF2@6ccCdILsS9;P&U*i5vJXi<6 zP=3s3SjrCg(qpd8s0RoYmWs?<{G{qsZ&n{Az-$$iatJN8A03{`MW~N$qNcLs%NH_7 zeo@N(g|vBbFU(K(s5bb1jZhxuF|wazsK(%$Qa~LYA{ci;;8DL5uEo<{CGWiV(p6NF zF~!pUm{hNPNf5c{Om)tJv^Ro(+;dICZxno(HOZ} zjHU`zo&LW$w&4|o5>VN0-}M-99ZrbXvEzRi4P9|Vm*?!Tq0+?`!jbEbU7gzVkZ<#@ z5GzZ{lj~CrkLTHR14ljZ{~NIl>u{t1lm&*zg`6<2q=D-atXu{%pA&S$D-g8lSjjGB>x9Lodiz`<#x8=$b^2zJD)ZV|GJ~+Mj5q0_wUGNG?^~{=*w5e;z z_P7ha7+OIbjb(74O0ayP%PhV zsZhWm1@y4}7$vts#uSepm=~>Lsa?GRFP-< zBT03|_~fl`0E&V&YB!iy$Et&O#T|dDXNK;IUrAizNqRR}RdXjmDawB0hVgNQ3LWYm za)at``KMgZzacfGX~a7rX4Bq;q;&nt{Lprt9lWy8X~;7X5vf2Oor7!K7ab)fp`X5c z^u?>TDz{Dr%5;WJ&UHbU(EDQu-%TJ%Qw|MD}i{tRF`Ps3cR`KA=rVrxFCCxds zeY*UN*Mhe|gh+CCnxnD()N%ZHy%?yh!x4AB(z8^>q)hx91E=lq{b*~w%UTbqNNBtN zM}i`$)F;nd^DW~|du?;1AZO8qH&9}Oks3W+?KTJ0Eig?`4teq=pvy>qT{6C zwb4-_Y>LmL&4jY1?XnjW4rf0R$p)-D{-U|4!n=OQFhCCmQbu<9MsPDLlqt%5a|#x? zLt&ik#}3diqBc4YLAle3Y|gcJR+ee-4s|vb$HJ(#dNB&CDB{ul3!<7FRb;X2HD?H? zg=85_g80^#EvGO};vMvxCs^@`-q5n7Na!*KsQ4(OlA*#IKXLDhoQ#%#v8jR?vXZXIK_9BEYj=R6sn*^osCzi9AfrM#jj#j zk%U)~bsBkc&9*H^rg0JF9aRunMOaanf?{jJC`Ll?jkdCDa6Y?jvO30{|YtoSH$WMrX=n&1!;FZM>NHuoKAe}c!ry!??cH*EVS6#CWOf? z6e|qtW<;3rZGyHN#IeGs3?G=!v$j~s{Y`i~V#vVrKhLIN0HtdK#v4ln!<1_LHyELwFv_stq;>mXu@5c7C>FK|s+h3R=P?D*ixg?+` z%Zq?ZfLN5E1(K8olo`DddqE_2FAH5yEnYLAKLmTDHOeG>f&bXso-o7Sw->~{u*gq4xYznRh8ndfylCP_u^dxi)uJhtBV7v z>dB`Zfl^dwy5cf-9Y_g$!yN6A&^*&ZvkxGnm};6#mG-%rGgdgIF#I3+2VQ&RdmgYN z<+6K*3*{_G2Cpu^QG&=NQKziADX~x(0zCfwoUUl5{he^w*yLAT+mg+q6=x=r*%jcU z?cU`gAWjVWOC^r$AW;y z+?htUWIP&xd>m)KIs@)^qCkebdhV7KnD22iGSF{~ad{n5S1FGRDcG=<8$h#xEB4U@`8%AVx*aEk(X?`PpbVn6m&om5zHl9B1) z8wW}mWOjT<|2*vzXBC%%zKRxR+95=?X2T)jD|A}yN&R-GRiT0(+ed6N#liFpV<>V~ z_3_%pnXAO7?9ELwRw{%#&SVSvmQZT>)AFsDP+1VFmcNL?h?OTW!N%k@#Rr|E5akQm zT}c{6>@Xl5+A+O+8eGr0s?QZx8+KU?dtHrE-X5q-G^rsQA|o!|~awW+CyPpE2JR%*4j>UIPknP=Gs84&~qJ?jIUcA`jaVO!4GCx z+LJNXx*>m7`Ber+rt-Ic()K@#j^D+XOh0NTVdZpEEY4fH@lW0AZ8Knvu(TgzU5&A#o%-!_ z!LVPpCp~J!P1UFxGIcA9WaR2YcH^7RK~OCVTV7R4t4;@~2C}p~Ji4(gIXcj~vGisC zi}jgbYld;xC%-K1L|yHNom|0sjc;mm{nMdWvmsy4eBnJcM|e`_q>rJQIzKr<2EU{% zbT1OT+QQBzZ8^=W{ELA|)v;&7b=S2oDu&0EcwX=KDB@^LM36 ziO}&aZD-w2RFF_Rl2>7%ARFaVGk;TDmJYX87|K1yO8 zA+nTZ?*kclh~(%C`RCB;=uT2}Hu+EGTZ>CIOVj@64>w(yTZm0U+C+4}BB(6&RoOVm z&&yY}{hqe|slL>sa50XksR2HT|542_csC-tl)PibxkIHlEQ1< z{AX?|9a=HTmniKQidGR_t|$>>0$Wjs;{e%T@X(vX4I>ENQX}2W;)%cj&NPHWQzkQhrg}UC)zKnNWOIR}CLWS-wa~n`=L0zk5Ea<4r__ z5;;Y+pSR9JYpcv^3CW;FD~X4tJnT~Yer_lV2zUCwQ7Aa`>M78FDxe(d@LPTJ!AiJ_ zlg&eq3UmP5+u+sV_5EyccxP_>yW1SMw}I`bH}~|%^WArEgJ~~=m(E)M zQ{T7yC%5kz5$*#abOn9NN>ta{nO&EyTgqu<$QU=-U)f2ok4`~E_AVGQ&U_9kcm(Sr+mLMQh(u|ERg<`8j& zf@4V$>d@KaDRoyV+6;*MEJ@ohU+!L=-&F4LpQLK!l9Sh;JeB>lLWoloN3cK>%AwP* zpy5Msue#VM$`u_rHI`_$Oa;|Y6e!9Vq#w-c^03K-$VQ{wuh0b_hHotcBGFaAkbzoA zkMdh1E=_&R6=~$@o{YWKNr4UmQv$tWHPJPm@ZM zP@dNKlpQq=<&-ij|$)_E*~=hGD~Eo#RTH zfM$HpD7ivO=(4Rl^ZS~_l)3e=8T5GCu%-Irujg?slDc^_ru}Zuaitc%oo<>54YEx( z)t5d+_{FYt^=^mEDlH}FX=y-r6X>MNjG+gIag}?~#tvQGpy_+fmW@dJp1UgFq&H>yw2jSiuvNCZEZFhU0(jEIS92iodpHsm+!r z)hn+pxW}@fXB*-F3vH~v5rk1|zC5=1Dt#_GV~hNfN8P}_qd8z(wyTv{MMSAwtz}Pd zqBYtmbv`i7dfO}JMPQ9(n56Gy@XS~+BVG$blv6&phG^D7kDp)u#EC4U_BX0(kklHc zWQeNGAa;so{Y!zbY*@@8d0&W`dT=e`HgtN5FoepDX0%ezkhiXY(YRbMFsq8z9xLNT!jXAS$BwgS;>37tqqttrNi?OG49&5YMdZzi2U?)+bq z%oe05)3?MwjnBvW&@Lr?(-AexKdT1EHCt_cp^Gn(W|R-Fd9sn1d2I>xy+6N3oJXlx z*#V5Oq^g!}Lte&Uk}@H+JP?Jgr9LZlN)B~F#<%FdN!xj3a&HA-e$p^KneY=8-tf7$ z=@p)@22+4d3$R+@$DhoCe5en0XmZKLu24b=;j9HZ$Ck-le!%7Y*p7P;Se~ozWcUJR z)W_n8j+Xo7p(m;oG&&tbStTn~*e4nG?Y30&jTevp`M}F|ksFf<8kg)d$2{9ewK8b! z6ugVggP$AgejS^X9-Syt%DR>!RG#{*2@7C+kQ zpP}wtuUa=n8N!Ill7c$#omQcI(2&2)f~PkRPa*tGhx5wc!v9_1W6R+RzX#=!wqPU? z87|xn?|kL$y;m^q073cWr>FpA80Yj#c<*+Ut;LrPe)O(<9&Z<91R|qG+MVlHo-v@`! z^k1?#ZH?IowW{SXx|YRf>*8%==lMpO^!+6peZ~gX5(QgYY2*2qGV99{6V4&B`kN%n z-Z>z46H;-X0dIS)&o&?@r1^X6K?28q_KURH;$_moh}PF%-@{ zZ*!%J$bznt(cK)DAyx;bg)61iJk`PCHW42xLa8-*MfxBGt^j4s)pBgwF^^-2V)7sr zXj*KH1og0O9NzMui0aszW@@w`S6op?Y?{;<%m$<+@*O)~HF}ZW7U6Q_#(Jcr&^87d zO>zEYlq86a0(3Sv;n5Mc8->1TjtwZxw*Jbh?`VUr)u#EI=*}p?CV(DKO9&O$VrOzpqi+aK;4ix}0_mwP=-mYb@#H$CehO$U^H4rhYQyMeK;K#%)~#IP z4g^_N92Q+Jseu0`!3;+26CXlk1!O)f!tWEK7_h*K4@=bqJ7IrqUXl|kM@UZ(6v4Q4 z4;>skZKe;t0`=yJun&h!vC`Bz&?>-Yg0YH!^v z(cjCtKp9M?pVZCbP~1HkX%?!6l!K`UHoLG&Q(AWlFQ8R_g}0xT)z{e){->ayJQP(+*4vl_Tqs+cu#vg1RZ@+1ZPq zupS`-PwII1K#RXc9m58Cx@5@XM7m8;=&+t-moNG}iw#dCUZud0_kUs(KVW#SL#(^h zUD8m0L`Avzw~zTCGfyVN(G7Y4B!F3ztS)1ZfLlKN>7@CpH|l3;9BHS?4yb5f3c&;a zmH;am`@{*^R+*v>j0Acse)^1BY-reU!apnZFEb_gDsMOegsXCOJaR)ha#Dnkh9Lm0 zxbBLblWRp)_}_xc)*R|aHrRNrV|z>NwT_3)JM(S)fYhE{{89~~JqbPUP$Nu{fcV!U z4h%RHQK3&-@oZ294m1k7Ncj1@Zb$No>N&94DeW0@(vFMfOWwnTC(^IID|fnz^|9s9 z!V!x1>VE6)(*lsfNm$6zO5-mhDe898IVsLhrzQuSH(HnTkrK+I>r7d?c+#q1VtT1} z8Y)jyoY?Z6WZyeUJ@sJf6vBc=efK_19P}#n8J=F?>763n{v3Q7>?oK@yW&F%75{vb zmN=Fn)Rr&8CTxdNL)o!ZdLB@A*G(T$UDr>6>Rv&D$xy>^F4 z@eilW9G4k{QxZ-l$48c$03S>Y*j&>liK;q5=Obmr{34R;BT-^K z3AS#xODSKgQ60~%$PB9DqaKAqIfycn!u#9y7-?HM$djRSggaoNJg>K4w9q+M^5Yuw8qQ5JnM?I3$4jSyqfG zTh#ia@S~JSbPMVd$OK17dV1GS-u?%-o;tX@2R(77;O9=zFE5OXbxpbro~+Olm!lW> z43ME}mU1ANmeC6r7qo2p?w!G%m-!NX+!$JP}pm))nO{rN$e+1yUdZd zJEuv-9$z#)F=(p!*;4~fP!|*St(3tbqjfB9c9Mqp$CL-vR}A!= zL9B*-FGeJAGWofNDm&>A9U@KdY8Q>sK*OpnQk@8F>#L>&Q-eT*>n|XnK8^fS>Dc6n zaEYi~CEq~m2?=mI?Ilf%!p`~I0L+TeAB<S@MhlAHJ{S%fizIF{fSj7A)y@CbM?d@oW#>)xuh!()3hRmcyzM)NdgKKs~ zC(kHJPK*qD2FDx&pgwe%wTal2**?1#DX@3X6VMH-eb5Ve-$x(0z|nvEPJ@9k!-V8E zkgJ*jlOPR&{|4qafr;M^(f5~PVE5qNnhQluPxH1)enJqBIF^Ba+^9z@5tme|5w6t6 zPUQ(to~A&Y8E*a?3)^@n8+Z)9$Qm%N2c6eg#N^u#Q2x46#8)~k`K33hGx9g%TjV*} z3#EQ?1A{MF9Wlo*22t3GIRaJ$Jhrv?m$1V-A{3c_`(ivyYp!wve8&uIdZI-scyq0N z2_>dheMNj;gur;6q(@jN1x9n~&%{fqDAh2eG%-_T=}U$8q5@ou*-#81xzy%rpSKx)As37eA0bq959CaTKvY=yAXAX3n3U{MP{D%-`?qP?u~r>$ zl2RKu))HJF5(RLdyL^kwZyBr|n7lGV0|XsgyFpF6Tj#6|^k9RrI5~EGc}F0|1R2E_ zM{-`?TL3?q+MKHDh@1Kh|B=pqydpW~p)mxNpL60kwJ_wE#q|zC%3asSQC8Tf;<4of zI_b4Cmx?aErFw-Cnb0?2c?xK~PttxO$e=8GhIcIeuuf!$j103P5W~Y6@JH*-^a}?b zDCJ*k+bwN6znS5&-zEv$F+cYVj%0NjZtOlJQNi;&de2LW-5IYAbZlQsI z(*9&!+YP&tfe+$o(L5tCGk`rNXxBw+=_pigB%RlIh4U5BpNOx617D~(;Zvtqb{l#{ z+`lRrbjNSSE_O`GChnPuL&?e^ujTCwjNG$Z=7%0Z$`6A9gKr${q=vMnn#cLvUwP=8 ztJ%$y&pqYkXakGvO3gI(8?mLe>dCNya;K;Lf|;o91O9%A8^&9z zll`-l7oIsV6f=Nanp`Zn^*q{U=DcF9xnI7t)XPM+C44Ay{#lH6yc|PCM}0D!xIhQ#)qx7o#zV&^k zV|V2%C(BEh$mT}Zr^y&t-{hfgJV*^C;3qIIg&HyIugbv9)p;48y9sHtC(DU%6 zw9acVLuQ!-_h2;B4)LGeK7}a%U0XncuiYPwZl~b=H2^b&zlN;bghkzu|5zb#Lc82_ zo`_nCOf!YZHvTW6ETWYT;?39;V-r&&M$P=bATXww4ihQAv9u4&fULarZV{Q)bX#sC zS=;p%8;rXm;uNYHh9qq;daJ&Vm@7@ur5P<6o;eEsB=U#8yl6(3@FcyIa7shCL>*=+ zh|`=SbjBMKJ_9~=tsB1-Pbtup7mvyWL@ce++i%OsgiE<_qoi-j2gu;fq9f^5@KDaY zqBEiLNl6nU50e}*R^*$}a}k&xa6|{e>F4W;4NBfD9eoY7Y1WelQ3R2d__zE8VFr~< z>Pfk`OubJpvn|}=4S6@R8PMQ41D9KWG(Lzl{Yd|ZUAFan8v|>=Hau_tUhaM2?NSuw zhPb*hQZdi+Q~Xon805ZXhxo+L1@VFchMn3%s32`Ss^0j*tlA6 zvDf^;l@~pfE?3zuCGhSwS)F+ z2eIFgzke`5fN>1Je=t@*bXBbPakH~fVVB4)`Y2uPh<nT-eO+iqY8EWHMdtD(Vf6eUseQ2 z+3H`LQ?djn5rf=Iw4)T=N|8s^W{CoU^E#-v%$|<%{8TJBF=fA#)_R|&px}1);vz>7 zgL?=gC{L8mr#Ab5s5T>yqriNN-gt?U#idyp`d@5$pb;bCP*HSYL9Vg{{ae25sCitG zQsacyoMZ&6*`zg60G*>U_nA^(nk%y{J_T$hlH6ZywzThr*{1=$(;8zsCSjtCFgqoRV;kvPRJM>NtjC?P2YgXGJOgwpUC zyAX~jj-=)f{I|c4iJvJFixj|7!lZ91tmb?Yiit9jW(u_tENCxj{Mu*@!8SxOjqE(p zdtA!|NowJ&p-%8(#{h%2BS%*P>Yg_o+65D8HLShdBv(%8&vs$l3tm3lSdILyVz8rb z2dzEph~J?|@;p`S7=`(J|MmZ%U6!26>LAFT^kY&za+zS9gv9bRYaSU-V z9_8k{3maFEb1tOddYA5GdOj(&`ZXUBwHb@1U>0Q}>u`kVpIF+@(-)*yg{$196m0Q- z_nxwQS|A*SDd}3StDd25zK)RvWiA8nUST`Qfrn2=bXh*#vC@>0lte>rT11Y1f9A zEG-o7MNN%=3xDhL#SciVi}q}ohjvJdS*87t7`dH!%{Pf7*Ssm3z2KfpO*)eKr<74FCV6c7?bt%Y zw>nc9W`;u%lj>pgvl0$dEty~6U{w5!Cw3=fsyCz!XIgLO>r4^CfCH~1HX8kccq75d z7)XEcobNEqT6b(F7{60&edMj2M}va z1u^Wk5(pT0W&ZVA0F!avSKl7luimGe=5n>AnhC_T|e`tA&u*Tq(&CcL8r@=l46 zvhq$zQ?OZz{dm9lIPc%R_AICzQJvf{$zR{?T-b~l;9rUyz_icaO2*4VrqquOAqE4- zJ##-HDaupvfeXYl&_lXqHN0pyyl9N~e(ITDDTm=TDbvDz!#fVOcg2i_hyEl$q*V83 zTNhC$cQtjAD$}=w0(mu?PDCF`?A+z5fr*@(GK2Z3`DQpKoY|jluHEuKtukU|p2Y`v zuAof;E`qC4Bq4+>{FJH!xE4-mOfO)}jT*Yh!IbY*ViR5RrB><|vEn4XLT9>2$U;e& z^!L{gR%DvU(9`K1!BCjU=#QiiS~<4Zvc{){NCy&BYj8v3YwsO2ZUi9X9o&)#nWodsr>8X{Qs%6x3KN=!H~_?~eMAN3znq^tf5AM@}VGVwxk zs0kyk`A%H`XBJpjcX#s@KZNYEy}A!89&Wueg(t>1^Xp@pq~A#aajA~c<|^9;?M2pB zVO1qkh#Zz8FORBvq7F_1jrNamilP$#)&N;XXrVz^#PJsLSEggVAGea69|oI-7n`t; zM`uJu7VueN`rUJXSYCwI-QwclF>XsnR2!iEW?cjhF9MmaL^Qr1+kMo=%zJO?S|N;K z1}5`FOC>U2K!3g~#&tF#V~Q&eW#HwMAn~ORkP*Z*z97%qLyquee*jEMEYU!?RBO<8 zNGk$-0^fMMza0_XKD@6Vb)bQ&5-5vjE$sM|8e(z(%Bu*sgAywl;$Y;QQz#O>J$_L>Q zSBRK@BkGW`l}iMHQVE=Al>Y@rjs9ik5Wabz2VF?}bd&ed{H{N&&;TL|f&}(cARXzR z4IWdk~DN+VYcPol;2I5CcJdT=k)RNDxk{ zSai5*hIrpfv#YXfLAUpj@-SUtJAe7n8N5_`^ZKzDMf2Vre~nV)WEX}e0Ih*L{INC% zC4Zqx{1U@f5N_ze27FcmgO!b^DiXJGT`QMTh-2m5V`J_>Uis@1Ngfew1JB!UAI3aD z_AU_np3%W_L(E&Vk&ASvm$7nn^6Z`cJzLWY8yEVm=WiIEGOdq|u90zn_!oE<1ODod zPahxujkgk&J}6zhp8s=+kI?R6${~{Wj#o4+7I3D9TgogDjq6%$6}$Gqm6pT!n?l9_ zBX{ty0g2j4dXI5ffxp~blJCNP7=_ekI6h1azxI{$BIx|#V%=3(<4jNQ7q;P$@I!kq zNaOY6XWoZ!|Qj znpeQyC2U|YF*Q&54?`}%`%*_1IQAVow{V8%`vw^s18T3|F#jRbtP(Lnwa5>pUazAv zZS>qUxzX(Cf-nXmy9gk?uvPgq@z^!@udfl!p zjo3SlG96D04Es|YZIQz5Nqcaoo+C()s_&nI?<4?T*(46pSdzY%LV_!v_7Z+2^>kQWNo=_j9*%{g1qr^rZ4jBel zsB)J!u${I;!~S0Y$}2V0tyw2OUS+Y{Z)`W;w%c2knN9rRtjcuf-`uKfE@SkHS6_Q; z?{D^$bY6I?FS~+8x8#y@UU0c4*Sgp$mRD;lYco=oYN-Vw%i0Uuld-I&Tqk0EZiV`h z6&L$Y#?5F63sANFXaC^!%h!4P&#Tw_PxhbxpS|z@Zres4yr213;OO)dD>Z4$PMlru zdOznn>DI4p;(CJmKh$+8xVYm&KvT-MDACL_9{UTYL z+E$I)>(WZ6Rp^0tqf#jqqbspq-k4VTjZfX^mFFmh7k>e@aGj(Za+dtY1|5lJTHhsa z4WzQ#jZ~)T`p6SuGG&SAy!P_;ok`Sxe&;NO(^RaNOg7iDE1mKW{#1k#8P3RP7I)_; z_lvtEl^*(i5J@NRbtI5!-9Q|(N9$%wUO5nKs}4yh*Ti@|tZ`^U+uCtcS>XB-9 zy~Uq>b99_nuqtACQu9G~67H;ng!=C7)%maS+x3z0JIUHC$sh?jLPxWV zi6M>&??}~2idRtF_f{pRb&0z>tfbs-g;pAKnvA#SyU?VCxRno@$lChx`ljPO;i^K! zwI*Z!I2o%mL}-$d*Pl`1t9Mjl9_y{ zz&gT10u&jsSrYjw$1n7rJ$na5E;yO8Ih5`praVT5V>W&&;KrQkEUBA~XU{rXIJ#

611I2iRvBx80uq zw~PN@B~@N8_Va(V$A9kaK7U#A|L;71{^+x$20;h=e6u$X9pb|R!$c4MnXr{g>a)A2?3-% zafNp(3L(YWB+Qt-Ol@b!N4~y)+x+7V1Vi~FO5zAUQB8xL9Y5deDj4=}3&Z{j81^lO z6;$-<*J-jAyr^R04$GcK*UU(j1ifN_hh(WUlRaRo>OsP|z9qTb8w!vXs{t}!hUf>0 z02?{2b!iEq3nX#azqh0y*S87->(R`Vz?*P(X*L|$uemNGK*#o9d4H$+!b^QUL*ow9 zM$-I*yG$wwLivr+1cFwoRB+GlaT3*hZ?vyaS5^&A#7{ci+C6`I0yt`#9vmY7V`6Uo zIY+P0&fcD>Vsx+`b@@DV2LuNyHkT zPTUH2sv@F$dEpc1J~1?_KV91@n@EO=8g46?Z; zUKv`?O$6H;`QQV^egPEG2<*J*_9n~z8bkc5^pTDoDm1Gyme^zTVb?=~5&%q%IEe4@^Zf8i<3sNQX(Pl(aPN1mk0o*ZDtdzsmmUQ^yryxp z3+wJSrIwMZ?naZ0j7i1S{Ynzf^>e?|B|7A5bD(SFh1IlJ((C}QOpdj8oj8Vr!gns>H z<=)e4y*%(m5$AdlD|%?hF%|-(&5h`JQi8T3U8|ojkE~mrythtWOWYyhSun*3 z9>a;0KG1Zo+yvjF3FCh5osm&~RixXSz4Ck}=WSaPd3(c7 zXyAfrpIiz1M+I7L14LxG8SFr6@WvWB?F@Xmsk@|Cb4sm5)dY+0$pRHX`(;Atx<=|K zj7u@!>9dyR#ccR276BekiQjX@+dT&MbbPw#|N4@F+dBX0@9yqY&VOD!f7Ji);<@wl zA4ivml5vhcTGC=N9LndV9cR4=5kI!;-LL9MRP*^4G5o`zzwt*gQ`egg0HH`V?i zz#tiFy~>1B7)7nxUWt|{7%Ylk=xFkKXQ#dhLszO}iOyyVp-{Te_l3Ckf2f*l^I@?? z8*K|0h}@LCtCH$L3B*6y(?$NP3BI=YZ}tDY+^L-Z@9sXz|2ui^T>iiQlu8L@YAxEb zs!(pAQB1iqCdixUs}SH@kS0d`lr7)R3FkB-=(E(rk|EmPgMZTL`D`?zpO7CkU0rvq z%jd%l^MIzr*+h_Ip~CicF+J4^1Zmp<^oCNfF5s*<_)6-|?m*PPjU(bS)CR;ug8Z+2 zz!8!f6VF4ZROUL5KF4>_cKMY&gGQ(?aFZ+-g*2i&KOW zN}6n%x`S`dWn1usrDWI(y_1oN1yn$6!h%D4nmf3F?vRook=NKRr@3rcF(eJ2n3tAU zf>Lg6r9mgUyC&q5M8|-1=2r(#OAZC4xOG}w3%{<6V3`XG&{V&xFxzqqxs?e`!S3PW zi{!;-Q(AFjK0Jpp&8>N|8|{kD+v&JW)l#*2ukZUZ+*5Ac`Am5UPVQoHI$g42mbO~M zva#eTcGY$1l;fU@OQ`nkjh9j_)O9bZBU|{(8^Mo z%NtPGYii>F4|^+-;)eQP7yV!5j@;JyZ-4(q|9M&efARA1{P#|tJJfFx7HgZb^sU&5QT2DUmrwjYfWe2<^Pyu>f_+i`T9=%OfhOIgy zmDre4h|UqPiL+D%b@MtqXiVoMF=oX~5Uy`9wc3W0eCyVSWC?+a+U!!DDA3FZeswx% za-%k(BD^|0w#4tjCj&gZxWqil58!D`GhNO1YnqH$hniH)HAcI}*Wt;u=K0&Q^`y7jMlj z=TG-*a;kUz9`a+7jI)W4`a3X(OwJ+15EL!=!oQaWkLjgf;aC(DSoW!!$*1` zroz9WF%?K;OtSm3wNQdwvlvwQB9~AofPCt|D`5X9LMsa;ljUi`?Q4Y679!#JK&oKk z_t;X{577r2$0()43pAo!WO<=*9T2G3XQY5BRMniI0OE^sX(@45Z}dpVnl~fFaT2kq zC7c4IrV|C|8^&USlOm`O69O5#8Iy)35{v18sk6BbpmXmdlAta>8DSc~P2P~preVL*n}HlBpOFxqj8s{8rr3T9sq%d) zomZRO3AvPP1=K0;P@yN;h4BcopY=^Os`Rz4n5q-=VSGg)BG*h`?nz2+SkRTlq2%J` z$q3<^l_UFNv&5}T4cdcYc{8a`h5j;ULgPoYxT@m}oYi!bU%vxu%+~K#ePJPN?m2pT zK^9B9$;|yWYC!?3P*EmsE(wgAQjwBGJrAMX5S`lV6wFZP6qna#PCO~6b15MV(uO=m z5wR412sZ_}U?l~1C6BAGNRm#l{$NJ7%Ht+lG+3hQhP8v<3(*;@$avu_(h|A!h>w7A z^#ZO^R8OClHoAN`s85O<>c!K7$WjR99m}!h=(TDc)!okS$4@L~2ZzY_ksoZ(o5^=&uVQG7EHrd>uYU=jAsX5ZvF|?3fyVXEIm8c!V(%#ivzQP#>doX6~ zVwNI*E>#R;O>}S!TDY1ydSN6%I%%&?N3Pnb2Cw>Ace3U3F*mezQjI^O z!TxiS3|%_>;oQ#e$=FO8JF5sUrfgf zwN6=@{PT?4k!;57l5n&sx1FOnonX}O_0*qlW>doH5cPX#bC#ynR-g54K)?7+s~Osh zA*B^b-Shz&lTT+V+~6pVf1nw7+5C?mKRC32wEfRg{S+BTFS-JE)8lS>>(yK4PQ5m=-)SKC~g5DC4^(hGj<2Q8~wk`~OCWvs9mJw&uQXY_8j9Z9FgW{43 zi1ZeSX8N`>r5%}lR2w=SY-6>xtZEVKe%|XGR4ulq3nc@;Q0vtlR0EXzwpv%T)>?H% zGy8#a*PK#weCNm8)kYjIF1fI9er_9;^!(BP=(|_YxEguex5@;l$EJvCnxrt#KzsEgimlPl<_2nEVbF{ z`VS#hX#w#)&6;w}bxWvt-%`!4QL%cFRts+nybnY2(G#4e%M+uk9lD#1qKqrsE1?GS z+yknW+B8O+L!2Ss#_c=_&q$0jIw$7a> zuw^ILH!~VXh$M3~$6SRrsCYxH(y&@5vP2X$i)Ln~i@^0yliTPy_18*EtO7Xq`pMDgr~zjNL%--Bu6KRIhL*h@ z{3c&KDV@{WW_mVlPn8f(2To9P;+?82EKcT>sKhKOI=Mb;U?cSOEAdqOc@a(Y@q(}8 zG8>P!OOEYL<08+IDRPMO;&7SE+IqIbS$u(22+?9C#qcbxZA0 zh9v|MpfO5V66n@lSgtuHq!h||K^FZYA3^}=xvq?u-2cU){w0 z;pptm$(w&3ptF4RC?XjdW+XzJQU`ZRgm8K2h!W5x`Xll5pE6}|JvX{VV z={dfQ$35fTpAPchiR0V;Wr&5qNyPCAn?Z~Gf6?D9=YQ|*y?i|Xy_4t8<-d-hBNdrU`--d(M0GLGgHhk)a_K9Og>mseS{Mo zEMp?dEY{ZFAp(u9>es~Q)}`r$HaRKp$)rtVk$=m$Bx`7LdJfch8~4br#C43$Qu{3HlJqww95dv<0h@t%QbLog3sM(?%H7PB{%TQKGB$BzHqX&lusLOw4z<`sD(L-4#$*}C~}x;ZI$z^jf1-siLwl2XF%(kc)fD- zp{zFdM!MBcdiTjNa5~I_>ljj|J?e0yZO5O`!kZpbOvlpIN>_=zRyRaB-@+ZfDj?@dAKzIE{t_ZI zEUISit7+eX3G=URflPHcEvML@#gWrx2V9#kXN}507rd|G%rRhV;9bX&(-F*?-8g0t zE6n>fT{ulpZs@=~^q#ucZltg(VpcZ<%OTU>61A>3r0xjWJ-3#;L~H9O|y`dwjW zb2a;moYfrtmKk-WWZjIpzhBo4x3d3-C1bW$|4)DC#q)Ch-`>t+{>R-s_vrtTob>9O z|Keo)xAi-LG@CvgCy+bZW>1hp`-Z+Cx2s!n2vy0unnOr`zZQp35mtjkXt^7w2%^D_ z)9O?z4XW9x^w1nauW*J3Sd_ny^v`$YP&y|jv7_orQtw(J9nG@I>zr2{IF>IO+)(iI z>t;4v#b4rL(PE3U@c~22fVN2 z6VPD4Y~Pz6#0v9%UEf;+l$-kAG}s63d+Y3>Y0{u?(?hdnJEw6BZEhN8L0!X5bE_`V zWhTj&J2f}=i<&9BeZS~^J9t{2mHmHk@9k=dpl$JA`_IeqU%UJL$NbMbdG68ww>bab zKdj&JSGbq?{@s2s$Xkv4f*x+k%~vMoYEC}*dMz$K7t%E&z6!`(JKoEM@)+&)80}TH z@L@&&37lH@9qUz)oDa&YbkC7qiUA+vyza->)Vk-b&(pN7jlUh|>sVL-^vm`!!4Nvn z_I3SBwJ>h#T>_vF+_%)(iP5aO-KGoUc9z$TJr`zI0XK(*8|L<;|`}6;tDo(l$Cy>LW55^OeOmeK@w#lIWuP-fA5yVR5s$ zM{i2CSuJIo&HQTfX1lg#ZLH~vnJN}V_ll;FGm$HCp*xHD>=pe8HC>eFV+pZWbto)l z&Q3FMyY7YMBYQ}WhU=-%5gF2m*rI?$A|`i4T`WrDxopp?GTTg$&{Vi8T*7@p76BUt z=H0S=t)bjzh~O%5iTQw7Y*jgQnrN)e7FH7Cjho8y5fs(wk`dETQ>(U>(~rZRic=!; zsl!)=(${socW=I?_8oLJPeeOBXQNYuYAmC^0)v)2X%CpKx0KDz<(uU>b#SToA@z#G zSz=E&_OUA9HM^>uA+E?V*K=Ae0dzypl{;Av+kIu69Tk;u#VKe|D{s*mvR?C`^N4Om zdgM)ivInB=5(ISR>e5`ox5!;%X+>qscZIkRRlTfb(#YDCU8ugtTaYBKvU)vHQdD=p zU@op5&-$dBOXw9PT^VW%s5Q$wx3~2ABCpoA{es!0aZD{N)4&pGX_>qHu&mvx{^M2s zznnyL)j|+0@qhczcgpqOc3-^MdG!C@#j_s&@3kDjXOfj}C;eA(>4Wk80y@oZUwC~p zkFV-Os?WN4WE%tS3P3K%LWC)_Edhd(6PVNgkmx<(qQOO10OouW&eb=* zDt^@L!_K6J$rord4}OChNTqT3bwL!p)~~7`kl$;EW?X|!?)FB#x=S2b*;!m41y&6b zjHqy(k1LVNx)9rmcCace){mXY;x4EH|fL*p%*KZ1| zIiKob+|V*pKp&*bN$q&5c%(7J)aW}?8ay(3&X$w@ctVC3 z!k)qay#arK_*58*3Z>5(0j}00+SED&`o|&aKks#(iCVSe2K-+O&vACSJC70S#qDcz z1)Zy>_Cmiw_mUmxI-u9wJIdHDS3l^ese5*^$C!v#j#jD!=fP-(>6C zUXF|zuw;Zwzn=SUz4V%>Kxb7rfvw;n#ZMSK&i9Yn^D#~Io?fl9qWu4 zO$4w`#u^k&91SI0;AvdQcFc{v27gMfRy6uk>iZRFOcKIzMxyQRX_mU|dt3jinI4-) zCc+u6@1i;Gp@UwZZ&j*9bZEU}1%s)bdjw6!6>}ly;m}TWqg|wn;@8xZ?xx;aE;BXe zm#+5qF*T0GFPA82U6Rv9;I_@RVdtNZi{@?@P07@#Ku1Awc%~^7z;(vwIFjWEQ?Nir z;VO%=xOU1u%j;HV&sSVia-~wK&A=QVmG8TLr_j%hpPos=bbhIxcF!y4+)w7%W{k?^ zptrI@lQGGTXPlEHcPjdR*>QuD$Vv_^F-rau(^C`G;G=i!buxdCxf>+efJSb^pm({s zJXB2-Yae_}J|-p_@hkB$sj+la=L&Nhhv(2S!9Jq-e> z7D;pK@QG}$rGUf&Cs8P^u$(pW*>`?31gucvrglxE{vS?AJf-7=adJ}~vqk^kd9hp4 z|NHxUFZUny|GRiL&?(NOj1iJ6)qKkhBSC{1jUy?4Q#`!DVd*R?ed>j62ewd86<$uhd zVxDa0fChMYF-yT}5#F;f#onX+e<#ld z`bJgsH>=?XI^a^@IF{Vtc}M8y??^l?{`~LFNtUJJV0&9`5}}xEM{FpzGnUe!*p5}x zUo<~$$TmIjT#q@MrBb9Q9z!u3(;*s=?2?egBBH(vJ#S+Jz5C&Bug*O0*I$2?I+6j7q`r)VWlZlsMf@X{_4iFpCgY9ij##Cf{5%j}|4KD}} zDcc^X{#Ey~OXzpV62W5P$x$HN{{qcYsc70}fF4fid(-{A?_JO&IzZ9{r{f=S>P<<8 zrTQx|S9sUhJo1GIN3%Fq!HjSuZN8c=lx~Ck??@ao^nvj>@)Z&r8|Wm-IE!X*j^KG9 ztCc2^ayF+C5eOU78}}ZXkT@k=pvwszPS6l1QilQmJ!C4(Nz77|kV`!+XeKpd#S|4b z=$X9&O>u(9gomD2oYg`HAozd&el{RDO+^mvLjMv*WWKF9Cn9Og7E`I+No`YshdiJebE{bd zlCiQyN)C_!gUdrGB4WrXSX~F`6|4|snmgtsl|ZG16|EAH>8_1b{0&b;~IX6}9rMhcig)R{!9X(HEjN>smjVmY`M%y9A}S=F0!0hhDAl$iw>z4Q3mE%>?|FDQBtrbi zBGQKL5wt{87UiMFjd&M2IwLsxz-dO_!UPEVpVrRK>3_%yJ^baL)bpe%(+2lc`}YR< zL`DTjX4hEC&W3f=q;C|aL(z2uIfN|{U;_aK0O<`dz?^O^&%Q215anzOI!VhYUH_Yj zMAELk!eFNh4gG>Fe#EKN`VPvl^zT*yR4`LAl#=IyEI{(ZMj+oLPS5fsO`4EU__G1n zXv>JLlrW3x26B?Icp^a(LBSY?wFtM~ zxVj8Y5Y~uqA;G2uWpqk}1aOHHSd?S=wbEa>3Pnhn5OhFenk`hfpy5mi<)TatsRNnW z-N+^Rwx$*Q9t1(X;;N}~eXSLt7!OFScPN~u-9J@R_%_AA&xqB2^V#_04`fp+jHCB6 z8tgwO$47E61)aD38TJJgw0c}U~c70}Pya1Shi ztfduIT>NdT3B7lZF7*O?^Y-2A^Dz6A6|Auv91ZX6-0k7;PX8Lm!(DH?Z3_v!@j)@n z&B;hgq!HsoxpOjM5AStKIGjF6nMLCmbUP4bI407Nt{BlEisKkb?H5fK`m_gJG9|XA7QPb>vgZc!nG>hfg-80XxiM_}HA) z1t8~AJR~-YIOhcvF!Y;XiA3+v{{t#7g$@^9`BJ=LLH3`cAnJK_BNb ze+wk&mq}oJ9zUgHjw7k5fCzcVP(R!WcRcUsw+VW~=43h`9QF6M(C*Ie&XzKv=ex#< zjV`f3V1h{VXhah#CM3!&{V~lZvjG_Tl6ke0bVFn~n~8vpf^0$p?GFa~p9(a^zcFqc zQPR{?v4uhoSSv90NPjrN$(RV`mQYR?`961P=rslgLdK*}U_50UXG)2U=x9V>T1EtC zGcG|z5rI=zHPk(&K>-xG4zt$W4=Mn$-UG9Dh!e?F z5t=ffQEu$w0h_6H<>2+JIx-Kv0R1GXpwuAkQ2n)n(|j*1pf$q3Z*S<<0U#G>HgCa3 zcKEKyO%e}*Qf2-cW&0Tr7Pk9maA1NaSfGJa-WiXGWM~|x6FeXp9m0wN4R^w(Y)ld& zXZ{i|lpZX1fC;gFF~^CgdF)s+YecyA)xn|E%&c~`P^jf3$z3Pf)u1(J)s~c7q7i3P zgyql_FS3M~J;^vF^~%`-cw!<=hU966MpAU)WPzvR#RkkKqgF-Fs~G z5W9?~_Jcvp#@nh53FJti&tSeAWK92aZ~Gsxt?95!&xy_auOUkpf0NtTUNKJ7(~ToE zOClZ0ew5IXXG_(KkouC+Az$%-O1ZG z=jiRX=;+PA(Dx^AUTq;ll}qoF6rDmMNT;y1hu%3Mh0cwuOF3of5XCqd&+wR_F`E;f xz~MXLQ!3P6iId2S>6B(#B36bIenAJ%kI&=t_}u&R{{jF2|NmQPIOzc31^};dH%tHk diff --git a/charts/matrix/templates/_helpers.tpl b/charts/matrix/templates/_helpers.tpl index 915d31b2..67619557 100644 --- a/charts/matrix/templates/_helpers.tpl +++ b/charts/matrix/templates/_helpers.tpl @@ -156,14 +156,3 @@ Helper function to get the registration secret containing the sharedSecret {{ template "matrix.fullname" . }}-registration-secret {{- end }} {{- end }} - -{{/* -Helper function to get the OIDC secret containing the OIDC client id, client secret, and issuer -*/}} -{{- define "matrix.oidc.secretName" -}} -{{- if .Values.matrix.oidc_config.existingSecret -}} -{{ .Values.matrix.oidc_config.existingSecret }} -{{- else -}} -{{ template "matrix.fullname" . }}-oidc-secret -{{- end }} -{{- end }} diff --git a/charts/matrix/templates/synapse/_homeserver.yaml b/charts/matrix/templates/synapse/_homeserver.yaml index 03a9efc3..fea0974a 100644 --- a/charts/matrix/templates/synapse/_homeserver.yaml +++ b/charts/matrix/templates/synapse/_homeserver.yaml @@ -1492,94 +1492,18 @@ saml2_config: # #template_dir: "res/templates" - # OpenID Connect integration. The following settings can be used to make Synapse # use an OpenID Connect Provider for authentication, instead of its internal # password database. # # See https://github.com/matrix-org/synapse/blob/master/docs/openid.md. # -oidc_config: - # Uncomment the following to enable authorization against an OpenID Connect - # server. Defaults to false. - # - enabled: {{ .Values.matrix.oidc_config.enabled }} - - {{- if .Values.matrix.oidc_config.enabled }} - # Uncomment the following to disable use of the OIDC discovery mechanism to - # discover endpoints. Defaults to true. - discover: {{ .Values.matrix.oidc_config.discover }} - - # auth method to use when exchanging the token. - # Valid values are 'client_secret_basic' (default), 'client_secret_post' and - # 'none'. - # - client_auth_method: {{ .Values.matrix.oidc_config.client_auth_method }} - - # list of scopes to request. This should normally include the "openid" scope. - # Defaults to ["openid"]. - # - {{- if .Values.matrix.oidc_config.scopes }} - scopes: - {{- range .Values.matrix.oidc_config.scopes }} - - {{ . | quote }} +{{- if .Values.matrix.oidc.enabled }} +oidc_providers: + {{- range .Values.matrix.oidc.providers }} + - {{ . | toYaml | indent 4 | trim }} {{- end }} - {{- end }} - - # Uncomment to skip metadata verification. Defaults to false. - # - # Use this if you are connecting to a provider that is not OpenID Connect - # compliant. - # Avoid this in production. - # - skip_verification: {{ .Values.matrix.oidc_config.skip_verification }} - - # An external module can be provided here as a custom solution to mapping - # attributes returned from a OIDC provider onto a matrix user. - # - user_mapping_provider: - # The custom module's class. Uncomment to use a custom module. - # Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. - # - # See https://github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers - # for information on implementing a custom mapping provider. - # - {{- if .Values.matrix.oidc_config.user_mapping_provider.module }} - module: {{ .Values.matrix.oidc_config.user_mapping_provider.module }} - {{- end }} - - # Custom configuration values for the module. This section will be passed as - # a Python dictionary to the user mapping provider module's `parse_config` - # method. - # - # The examples below are intended for the default provider: they should be - # changed if using a custom provider. - # - config: - # name of the claim containing a unique identifier for the user. - # Defaults to `sub`, which OpenID Connect compliant providers should provide. - # - {{- if .Values.matrix.oidc_config.user_mapping_provider.config.subject_claim }} - subject_claim: {{ .Values.matrix.oidc_config.user_mapping_provider.config.subject_claim }} - {{- end }} - # Jinja2 template for the localpart of the MXID. - # - # When rendering, this template is given the following variables: - # * user: The claims returned by the UserInfo Endpoint and/or in the ID - # Token - # - # This must be configured if using the default mapping provider. - {{- if .Values.matrix.oidc_config.user_mapping_provider.config.localpart_template }} - localpart_template: {{ .Values.matrix.oidc_config.user_mapping_provider.config.localpart_template }} - {{- end }} - - {{- if .Values.matrix.oidc_config.user_mapping_provider.config.display_name_template }} - # Jinja2 template for the display name to set on first login. - # If unset, no displayname will be set. - display_name_template: {{ .Values.matrix.oidc_config.user_mapping_provider.config.display_name_template }} - {{- end }} - {{- end }} - +{{- end }} # Enable CAS for registration and login. # @@ -1591,7 +1515,6 @@ oidc_config: # #required_attributes: # # name: value - # Additional settings to use with single-sign on systems such as OpenID Connect, # SAML2 and CAS. # diff --git a/charts/matrix/templates/synapse/deployment.yaml b/charts/matrix/templates/synapse/deployment.yaml index 84659cfc..cddac2f8 100644 --- a/charts/matrix/templates/synapse/deployment.yaml +++ b/charts/matrix/templates/synapse/deployment.yaml @@ -47,8 +47,8 @@ spec: name: {{ include "matrix.postgresql.secretName" . }} key: {{ .Values.postgresql.global.postgresql.auth.secretKeys.databaseUsername }} - name: DATABASE_HOSTNAME - {{- if .Values.postgresql.enabled }} - value: {{ template "postgresql.primary.fullname" .Subcharts.postgresql }} + {{- if not .Values.postgresql.global.postgresql.auth.existingSecret }} + value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} {{ else }} valueFrom: secretKeyRef: @@ -66,7 +66,7 @@ spec: env: - name: DATABASE_HOSTNAME {{- if .Values.postgresql.enabled }} - value: {{ template "postgresql.primary.fullname" .Subcharts.postgresql }} + value: {{ template "postgresql.v1.primary.fullname" .Subcharts.postgresql }} {{ else }} valueFrom: secretKeyRef: @@ -102,45 +102,44 @@ spec: name: {{ include "matrix.registration.secretName" . }} key: {{ .Values.matrix.registration.secretKey }} {{- end }} - {{- if .Values.matrix.oidc_config.enabled }} + {{- if and .Values.matrix.oidc.enabled .Values.matrix.oidc.existingSecret }} + {{- if .Values.matrix.oidc.secretKeys.issuer }} - name: ISSUER valueFrom: secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.issuer }} + name: {{ .Values.matrix.oidc.existingSecret }} + key: {{ .Values.matrix.oidc.secretKeys.issuer }} + {{- end }} - name: CLIENT_ID valueFrom: secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.client_id }} + name: {{ .Values.matrix.oidc.existingSecret }} + key: {{ .Values.matrix.oidc.secretKeys.client_id }} - name: CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.client_secret}} - {{- if not .Values.matrix.oidc_config.discover }} + name: {{ .Values.matrix.oidc.existingSecret }} + key: {{ .Values.matrix.oidc.secretKeys.client_secret}} + {{- if .Values.matrix.oidc.secretKeys.authorization_endpoint}} - name: AUTH_ENDPOINT valueFrom: secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.authorization_endpoint }} + name: {{ .Values.matrix.oidc.existingSecret }} + key: {{ .Values.matrix.oidc.secretKeys.authorization_endpoint }} + {{- end }} + {{- if .Values.matrix.oidc.secretKeys.token_endpoint }} - name: TOKEN_ENDPOINT valueFrom: secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.token_endpoint }} + name: {{ .Values.matrix.oidc.existingSecret }} + key: {{ .Values.matrix.oidc.secretKeys.token_endpoint }} + {{- end }} + {{- if .Values.matrix.oidc.secretKeys.userinfo_endpoint }} - name: USERINFO_ENDPOINT valueFrom: secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.userinfo_endpoint }} - {{- if eq .Values.matrix.oidc_config.scopes "openid" }} - - name: JWKS_URI - valueFrom: - secretKeyRef: - name: {{ include "matrix.oidc.secretName" . }} - key: {{ .Values.matrix.oidc_config.secretKeys.jwks_uri }} - {{- end }} + name: {{ .Values.matrix.oidc.existingSecret }} + key: {{ .Values.matrix.oidc.secretKeys.userinfo_endpoint }} {{- end }} {{- end }} command: @@ -155,14 +154,18 @@ spec: {{- if or .Values.matrix.registration.existingSecret .Values.matrix.registration.sharedSecret .Values.matrix.registration.generateSharedSecret }} yq eval -i '.registration_shared_secret = env(REGISTRATION_SHARED_SECRET)' /data/homeserver.yaml && \ {{- end }} - {{- if .Values.matrix.oidc_config.enabled }} - yq eval -i '.oidc_config.issuer = env(ISSUER)' /data/homeserver.yaml && \ - yq eval -i '.oidc_config.client_id = env(CLIENT_ID)' /data/homeserver.yaml && \ - yq eval -i '.oidc_config.client_secret = env(CLIENT_SECRET)' /data/homeserver.yaml && \ - {{- if not .Values.matrix.oidc_config.discover }} - yq eval -i '.oidc_config.authorization_endpoint = env(AUTH_ENDPOINT)' /data/homeserver.yaml && \ - yq eval -i '.oidc_config.token_endpoint = env(TOKEN_ENDPOINT)' /data/homeserver.yaml && \ - yq eval -i '.oidc_config.userinfo_endpoint = env(USERINFO_ENDPOINT)' /data/homeserver.yaml && \ + {{- if and .Values.matrix.oidc.enabled .Values.matrix.oidc.existingSecret }} + yq eval -i '.oidc_providers[0].issuer = env(ISSUER)' /data/homeserver.yaml && \ + yq eval -i '.oidc_providers[0].client_id = env(CLIENT_ID)' /data/homeserver.yaml && \ + yq eval -i '.oidc_providers[0].client_secret = env(CLIENT_SECRET)' /data/homeserver.yaml && \ + {{- if .Values.matrix.oidc.secretKeys.authorization_endpoint }} + yq eval -i '.oidc_providers[0].authorization_endpoint = env(AUTH_ENDPOINT)' /data/homeserver.yaml && \ + {{- end }} + {{- if .Values.matrix.oidc.secretKeys.token_endpoint }} + yq eval -i '.oidc_providers[0].token_endpoint = env(TOKEN_ENDPOINT)' /data/homeserver.yaml && \ + {{- end }} + {{- if .Values.matrix.oidc.secretKeys.userinfo_endpoint }} + yq eval -i '.oidc_providers[0].userinfo_endpoint = env(USERINFO_ENDPOINT)' /data/homeserver.yaml && \ {{- end }} {{- end }} yq eval -i '.database.args.host = env(DATABASE_HOSTNAME)' /data/homeserver.yaml && \ diff --git a/charts/matrix/templates/synapse/oidc-config-secret.yaml b/charts/matrix/templates/synapse/oidc-config-secret.yaml deleted file mode 100644 index f75d4687..00000000 --- a/charts/matrix/templates/synapse/oidc-config-secret.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{/* -if matrix.oidc_config.enabled is true, and matrix.oidc_config.existingSecret is not passed in, -then we create a secret to store the credentials without it being in a configmap in plaintext. -*/}} -{{- if and .Values.matrix.oidc_config.enabled (not .Values.matrix.oidc_config.existingSecret) }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "matrix.fullname" . }}-oidc-secret - labels: - app.kubernetes.io/name: {{ include "matrix.name" . }} - helm.sh/chart: {{ include "matrix.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque -data: - issuer: {{ .Values.matrix.oidc_config.issuer | b64enc | quote }} - client_id: {{ .Values.matrix.oidc_config.client_id | b64enc | quote }} - client_secret: {{ .Values.matrix.oidc_config.client_secret | b64enc | quote }} - {{- if not .Values.matrix.oidc_config.discover }} - authorization_endpoint: {{ .Values.matrix.oidc_config.authorization_endpoint | b64enc | quote }} - token_endpoint: {{ .Values.matrix.oidc_config.token_endpoint | b64enc | quote }} - userinfo_endpoint: {{ .Values.matrix.oidc_config.userinfo_endpoint | b64enc | quote }} - {{- if eq .Values.matrix.oidc_config.scopes "openid" }} - jwks_uri: {{ .Values.matrix.oidc_config.jwks_uri | b64enc | quote }} - {{- end }} - {{- end }} -{{- end }} diff --git a/charts/matrix/values.yaml b/charts/matrix/values.yaml index 73f6e2df..813b8510 100644 --- a/charts/matrix/values.yaml +++ b/charts/matrix/values.yaml @@ -128,51 +128,11 @@ matrix: # use an OpenID Connect Provider for authentication, instead of its internal # password database. # ref: https://github.com/matrix-org/synapse/blob/master/docs/openid.md. - oidc_config: + oidc: # -- set to true to enable authorization against an OpenID Connect server enabled: false - - # -- set to false to disable use of the OIDC discovery mechanism to - # discover endpoints. - discover: true - - # -- OIDC issuer. Used to validate tokens and (if discovery is enabled) to - # discover the provider's endpoints. Required if 'enabled' is true. - issuer: "https://accounts.example.com/" - - # -- oauth2 client id to use. Required if 'enabled' is true. - client_id: "provided-by-your-issuer" - - # -- oauth2 client secret to use. Required if 'enabled' is true. - client_secret: "provided-by-your-issuer" - - # -- auth method to use when exchanging the token. Valid values are: - # 'client_secret_basic' (default), 'client_secret_post' and 'none'. - client_auth_method: client_secret_post - - # -- list of scopes to request. should normally include the "openid" scope. - # Defaults to ["openid"]. - scopes: - - "openid" - - "profile" - - # -- oauth2 authorization endpoint. Required if provider discovery disabled. - authorization_endpoint: "https://accounts.example.com/oauth2/auth" - - # -- the oauth2 token endpoint. Required if provider discovery is disabled. - token_endpoint: "https://accounts.example.com/oauth2/token" - - # -- the OIDC userinfo endpoint. Required if discovery is disabled and the - # "openid" scope is not requested. - userinfo_endpoint: "https://accounts.example.com/userinfo" - - # -- URI where to fetch the JWKS. Required if discovery is disabled and the - # "openid" scope is used. - jwks_uri: "https://accounts.example.com/.well-known/jwks.json" - # -- existing secret to use for the OIDC config existingSecret: "" - # keys in an existing secret to use for oidc config secretKeys: # -- key in secret with the issuer @@ -182,47 +142,75 @@ matrix: # -- key in secret with the client_secret client_secret: "client_secret" # -- key in secret with the authorization_endpoint if discovery is disabled - authorization_endpoint: "authorization_endpoint" + authorization_endpoint: "" # -- key in secret with the token_endpoint if discovery is disabled - token_endpoint: "token_endpoint" + token_endpoint: "" # -- key in secret with the userinfo_endpoint if discovery is disabled - userinfo_endpoint: "userinfo_endpoint" - # -- key in secret with the if discovery is disabled and openid is scope - jwks_uri: "jwks_uri" - - # set to false to skip metadata verification. Defaults to false. Use this if - # you are connecting to a provider that is not OpenID Connect compliant. - # Avoid this in production. - skip_verification: false - - # An external module can be provided here as a custom solution to mapping - # attributes returned from a OIDC provider onto a matrix user. - user_mapping_provider: - # -- The custom module's class. Uncomment to use a custom module. - # Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. - # - # github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers - # for information on implementing a custom mapping provider. - # example: - # module: mapping_provider.OidcMappingProvider - module: "" - - # Custom configuration values for the module. This section will be passed as - # a Python dictionary to the user mapping provider module's `parse_config` - # method. - # - # The examples below are intended for the default provider: they should be - # changed if using a custom provider. - # - config: - # -- name of the claim containing a unique identifier for user. Defaults - # to `sub`, which OpenID Connect compliant providers should provide. - subject_claim: "" - # This must be configured if using the default mapping provider. - localpart_template: "" - # Jinja2 template for the display name to set on first login. - # If unset, no displayname will be set. - display_name_template: "" + userinfo_endpoint: "" + # -- each of these will be templated under oidc_providers in homeserver.yaml + # ref: https://matrix-org.github.io/synapse/latest/openid.html?search= + providers: + # -- id of your identity provider, e.g. dex + - idp_id: "" + # -- human readable comment of your identity provider, e.g. "My Dex Server" + idp_name: "" + # -- optional styling hint for clients + idp_brand: "" + # -- turn off discovery by setting this to false + discover: true + # set to true to skip metadata verification. Defaults to false. Use this if + # you are connecting to a provider that is not OpenID Connect compliant. + # Avoid this in production. + skip_verification: false + # -- OIDC issuer. Used to validate tokens and (if discovery is enabled) to + # discover the provider's endpoints. Required if 'enabled' is true. + issuer: "https://accounts.example.com/" + # -- oauth2 client id to use. Required if 'enabled' is true. + client_id: "provided-by-your-issuer" + # -- oauth2 client secret to use. Required if 'enabled' is true. + client_secret: "provided-by-your-issuer" + # -- auth method to use when exchanging the token. Valid values are: + # 'client_secret_basic' (default), 'client_secret_post' and 'none'. + client_auth_method: client_secret_post + # -- list of scopes to request. should normally include the "openid" scope. + # Defaults to ["openid"]. + scopes: + - "openid" + - "profile" + # -- oauth2 authorization endpoint. Required if provider discovery disabled. + authorization_endpoint: "https://accounts.example.com/oauth2/auth" + # -- the oauth2 token endpoint. Required if provider discovery is disabled. + token_endpoint: "https://accounts.example.com/oauth2/token" + # -- the OIDC userinfo endpoint. Required if discovery is disabled and the + # "openid" scope is not requested. + userinfo_endpoint: "https://accounts.example.com/userinfo" + # An external module can be provided here as a custom solution to mapping + # attributes returned from a OIDC provider onto a matrix user. + user_mapping_provider: + # -- The custom module's class. Uncomment to use a custom module. + # Default is 'synapse.handlers.oidc_handler.JinjaOidcMappingProvider'. + # + # github.com/matrix-org/synapse/blob/master/docs/sso_mapping_providers.md#openid-mapping-providers + # for information on implementing a custom mapping provider. example: + # module: mapping_provider.OidcMappingProvider + # Custom configuration values for the module. This section will be passed as + # a Python dictionary to the user mapping provider module's `parse_config` + # method. + # The examples below are intended for the default provider: they should be + # changed if using a custom provider. + config: + # -- name of the claim containing a unique identifier for user. Defaults + # to `sub`, which OpenID Connect compliant providers should provide. + subject_claim: "" + # This must be configured if using the default mapping provider. + localpart_template: "" + # Jinja2 template for the display name to set on first login. + # If unset, no displayname will be set. + display_name_template: "" + # for twitter: https://matrix-org.github.io/synapse/latest/openid.html?search=#twitter + picture_template: "{{ user.data.profile_image_url }}" + # optional - maybe useful for keycloak + backchannel_logout_enabled: true # Settings for the URL preview crawler urlPreviews: