From d469b4189992463f7a8c3acd5f1b62f800a6f820 Mon Sep 17 00:00:00 2001
From: Joseph Schorr <jschorr@gmail.com>
Date: Fri, 14 Mar 2014 18:57:28 -0400
Subject: [PATCH] Add an oauth authorization page

---
 auth/scopes.py             |  46 ++++++++++++++++----
 data/database.py           |   3 ++
 data/model/oauth.py        |  45 +++++++++++++++-----
 endpoints/api/discovery.py |   4 +-
 endpoints/web.py           |  50 +++++++++++++++++++++-
 initdb.py                  |   7 +++-
 static/css/quay.css        |  83 ++++++++++++++++++++++++++++++++++++-
 templates/base.html        |  36 ++++++++--------
 templates/oauthorize.html  |  54 ++++++++++++++++++++++++
 test/data/test.db          | Bin 185344 -> 499712 bytes
 10 files changed, 287 insertions(+), 41 deletions(-)
 create mode 100644 templates/oauthorize.html

diff --git a/auth/scopes.py b/auth/scopes.py
index 6dbda6c72..30d88169d 100644
--- a/auth/scopes.py
+++ b/auth/scopes.py
@@ -1,25 +1,33 @@
 READ_REPO = {
   'scope': 'repo:read',
-  'description': ('Grants read-only access to all repositories for which the granting user or '
-                  ' robot has access.')
+  'icon': 'fa-hdd-o',
+  'title': 'View all visible repositories',
+  'description': ('This application will be able to view and pull all repositories visible to the '
+                  'granting user or robot account')
 }
 
 WRITE_REPO = {
   'scope': 'repo:write',
-  'description': ('Grants read-write access to all repositories for which the granting user or '
-                  'robot has access, and is a superset of repo:read.')
+  'icon': 'fa-hdd-o',
+  'title': 'Read/Write to any accessible repositories',
+  'description': ('This application will be able to view, push and pull to all repositories to which the '
+                  'granting user or robot account has write access')
 }
 
 ADMIN_REPO = {
   'scope': 'repo:admin',
-  'description': ('Grants administrator access to all repositories for which the granting user or '
-                  'robot has access, and is a superset of repo:read and repo:write.')  
+  'icon': 'fa-hdd-o',
+  'title': 'Administer Repositories',
+  'description': ('This application will have administrator access to all repositories to which the '
+                  'granting user or robot account has access')  
 }
 
 CREATE_REPO = {
   'scope': 'repo:create',
-  'description': ('Grants create repository access to all namespaces for which the granting user '
-                  'or robot is allowed to create repositories.')
+  'icon': 'fa-plus',
+  'title': 'Create Repositories',
+  'description': ('This application will be able to create repositories in to any namespaces that '
+                  'the granting user or robot account is allowed to create repositories')
 }
 
 ALL_SCOPES = {scope['scope']:scope for scope in (READ_REPO, WRITE_REPO, ADMIN_REPO, CREATE_REPO)}
@@ -32,3 +40,25 @@ def scopes_from_scope_string(scopes):
 def validate_scope_string(scopes):
   decoded = scopes_from_scope_string(scopes)
   return None not in decoded and len(decoded) > 0
+
+
+def is_subset_string(full_string, expected_string):
+  """ Returns true if the scopes found in expected_string are also found
+      in full_string.
+  """
+  full_scopes = scopes_from_scope_string(full_string)
+  expected_scopes = scopes_from_scope_string(expected_string)
+  return expected_scopes.issubset(full_scopes)
+
+def get_scope_information(scopes_string):
+  scopes = scopes_from_scope_string(scopes_string)
+  scope_info = []
+  for scope in scopes:
+    scope_info.append({
+      'title': ALL_SCOPES[scope]['title'],
+      'scope': ALL_SCOPES[scope]['scope'],
+      'description': ALL_SCOPES[scope]['description'],
+      'icon': ALL_SCOPES[scope]['icon'],
+    })
+
+  return scope_info
diff --git a/data/database.py b/data/database.py
index 840265fae..55e1e0471 100644
--- a/data/database.py
+++ b/data/database.py
@@ -275,7 +275,10 @@ class OAuthApplication(BaseModel):
   client_id = CharField(index=True, default=random_string_generator(length=20))
   client_secret = CharField(default=random_string_generator(length=40))
   redirect_uri = CharField()
+  application_uri = CharField()
   organization = ForeignKeyField(User)
+  name = CharField()
+  description = TextField(default='')
 
 
 class OAuthAuthorizationCode(BaseModel):
diff --git a/data/model/oauth.py b/data/model/oauth.py
index 5f64f79f9..475893b4d 100644
--- a/data/model/oauth.py
+++ b/data/model/oauth.py
@@ -11,11 +11,13 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
     raise NotImplementedError('Subclasses must fill in the ability to get the authorized_user.')
 
   def validate_client_id(self, client_id):
+    return self.get_application_for_client_id(client_id) is not None
+
+  def get_application_for_client_id(self, client_id):
     try:
-      OAuthApplication.get(client_id=client_id)
-      return True
+      return OAuthApplication.get(client_id=client_id)
     except OAuthApplication.DoesNotExist:
-      return False
+      return None
 
   def validate_client_secret(self, client_id, client_secret):
     try:
@@ -33,12 +35,35 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
     except OAuthApplication.DoesNotExist:
       return False
 
-  def validate_scope(self, client_id, scope):
-    return scopes.validate_scope_string(scope)
+  def validate_scope(self, client_id, scopes_string):
+    return scopes.validate_scope_string(scopes_string)
 
   def validate_access(self):
     return self.get_authorized_user() is not None
 
+  def lookup_access_token(self, client_id):
+    try:
+      found = (OAuthAccessToken
+        .select()
+        .join(OAuthApplication)
+        .where(OAuthApplication.client_id == client_id)
+        .get())
+      return found
+    except OAuthAccessToken.DoesNotExist:
+      return None
+
+  def validate_has_scopes(self, client_id, scope):
+    access_token = self.lookup_access_token(client_id)
+    if not access_token:
+      return False
+
+    # Make sure the token is not expired.
+    if access_token.expires_at <= datetime.now():
+      return False
+
+    # Make sure the token contains the given scopes (at least).
+    return scopes.is_subset_string(access_token.scope, scope)
+
   def from_authorization_code(self, client_id, code, scope):
     try:
       found = (OAuthAuthorizationCode
@@ -109,7 +134,7 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
     is_valid_client_id = self.validate_client_id(client_id)
     is_valid_access = self.validate_access()
     scope = params.get('scope', '')
-    is_valid_scope = self.validate_scope(client_id, scope)
+    are_valid_scopes = self.validate_scope(client_id, scope)
 
     # Return proper error responses on invalid conditions
     if not is_valid_client_id:
@@ -120,7 +145,7 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
       err = 'access_denied'
       return self._make_redirect_error_response(redirect_uri, err)
 
-    if not is_valid_scope:
+    if not are_valid_scopes:
       err = 'invalid_scope'
       return self._make_redirect_error_response(redirect_uri, err)
 
@@ -138,8 +163,8 @@ class DatabaseAuthorizationProvider(AuthorizationProvider):
 
     return self._make_response(headers={'Location': url}, status_code=302)
 
-def create_application(org, redirect_uri, **kwargs):
-  return OAuthApplication.create(organization=org, redirect_uri=redirect_uri, **kwargs)
+def create_application(org, name, application_uri, redirect_uri, **kwargs):
+  return OAuthApplication.create(organization=org, name=name, application_uri=application_uri, redirect_uri=redirect_uri, **kwargs)
 
 def validate_access_token(access_token):
   try:
@@ -150,4 +175,4 @@ def validate_access_token(access_token):
       .get())
     return found
   except OAuthAccessToken.DoesNotExist:
-    return None
\ No newline at end of file
+    return None
diff --git a/endpoints/api/discovery.py b/endpoints/api/discovery.py
index 087b51c1c..b2b7f3ba5 100644
--- a/endpoints/api/discovery.py
+++ b/endpoints/api/discovery.py
@@ -102,7 +102,7 @@ def swagger_route_data():
   swagger_data = {
     'apiVersion': 'v1',
     'swaggerVersion': '1.2',
-    'basePath': 'http://ci.devtable.com:5000',
+    'basePath': 'http://localhost:5000',
     'resourcePath': '/',
     'info': {
       'title': 'Quay.io API',
@@ -119,7 +119,7 @@ def swagger_route_data():
           "implicit": {
             "tokenName": "access_token",
             "loginEndpoint": {
-              "url": "http://ci.devtable.com:5000/oauth/authorize",
+              "url": "http://localhost:5000/oauth/authorize",
             },
           },
         },
diff --git a/endpoints/web.py b/endpoints/web.py
index 5455ec573..5ead821da 100644
--- a/endpoints/web.py
+++ b/endpoints/web.py
@@ -14,8 +14,10 @@ from auth.permissions import AdministerOrganizationPermission
 from util.invoice import renderInvoiceToPdf
 from util.seo import render_snapshot
 from util.cache import no_cache
-from endpoints.common import common_login, render_page_template
+from endpoints.common import common_login, render_page_template, generate_csrf_token
 from util.names import parse_repository_name
+from util.gravatar import compute_hash
+from auth import scopes
 
 logger = logging.getLogger(__name__)
 
@@ -239,6 +241,27 @@ class FlaskAuthorizationProvider(DatabaseAuthorizationProvider):
     return make_response(body, status_code, headers)
 
 
+@web.route('/oauth/authorizeapp', methods=['POST'])
+def authorize_application():
+  if not current_user.is_authenticated():
+    abort(401)
+    return
+
+  provider = FlaskAuthorizationProvider()
+  client_id = request.form.get('client_id', None)
+  redirect_uri = request.form.get('redirect_uri', None)
+  scope = request.form.get('scope', None)
+  csrf = request.form.get('csrf', None)
+
+  # Verify the csrf token.
+  if csrf != generate_csrf_token():
+    abort(404)
+    return
+
+  # Add the access token.
+  return provider.get_token_response('token', client_id, redirect_uri, scope=scope)
+
+
 @web.route('/oauth/authorize', methods=['GET'])
 @no_cache
 def request_authorization_code():
@@ -248,6 +271,31 @@ def request_authorization_code():
   redirect_uri = request.args.get('redirect_uri', None)
   scope = request.args.get('scope', None)
 
+  if not provider.validate_has_scopes(client_id, scope):
+    if not provider.validate_redirect_uri(client_id, redirect_uri):
+      abort(404)
+      return
+
+    # Load the scope information.
+    scope_info = scopes.get_scope_information(scope)
+
+    # Load the application information.
+    oauth_app = provider.get_application_for_client_id(client_id)
+    oauth_app_view = {
+      'name': oauth_app.name,
+      'description': oauth_app.description,
+      'url': oauth_app.application_uri,
+      'organization': {
+        'name': oauth_app.organization.username,
+        'gravatar': compute_hash(oauth_app.organization.email)
+      }
+    }
+
+    # Show the authorization page.
+    return render_page_template('oauthorize.html', scopes=scope_info, application=oauth_app_view,
+                                enumerate=enumerate, client_id=client_id, redirect_uri=redirect_uri,
+                                scope=scope, csrf_token_val=generate_csrf_token())
+
   if response_type == 'token':
     return provider.get_token_response(response_type, client_id, redirect_uri, scope=scope)
   else:
diff --git a/initdb.py b/initdb.py
index 3cbd8008b..77fa9f162 100644
--- a/initdb.py
+++ b/initdb.py
@@ -339,7 +339,12 @@ def populate_database():
   org.stripe_id = TEST_STRIPE_ID
   org.save()
 
-  oauth.create_application(org, 'http://localhost:8000/o2c.html', client_id='deadbeef')
+  oauth.create_application(org, 'Some Test App', 'http://localhost:8000', 'http://localhost:8000/o2c.html',
+                           client_id='deadbeef')
+
+  oauth.create_application(org, 'Some Other Test App', 'http://quay.io', 'http://localhost:8000/o2c.html',
+                           client_id='deadpork',
+                           description = 'This is another test application')
 
   model.create_robot('neworgrobot', org)
 
diff --git a/static/css/quay.css b/static/css/quay.css
index bde24600a..f953428a2 100644
--- a/static/css/quay.css
+++ b/static/css/quay.css
@@ -3392,4 +3392,85 @@ pre.command:before {
 
 .slideinout.ng-hide-add, .slideinout.ng-hide-remove {
   display: block !important;
-}
\ No newline at end of file
+}
+
+.auth-header img {
+  float: left;
+  margin-top: 8px;
+  margin-right: 20px;
+}
+
+.auth-header {
+  padding-bottom: 10px;
+  border-bottom: 1px solid #eee;
+  margin-bottom: 10px;
+}
+
+.auth-scopes .reason {
+  margin-top: 20px;
+  margin-bottom: 20px;
+  font-size: 18px;
+}
+
+.auth-scopes ul {
+  margin-top: 10px;
+  list-style: none;
+}
+
+.auth-scopes li {
+  display: block;
+}
+
+.auth-scopes .scope {
+  max-width: 500px;
+}
+
+.auth-scopes .scope-container:last-child {
+  border-bottom: 0px;
+}
+
+.auth-scopes .panel-default {
+  border: 0px;
+  margin-bottom: 0px;
+  padding-bottom: 10px;
+  box-shadow: none;
+}
+
+.auth-scopes .panel-default:last-child {
+  border-bottom: 0px;
+}
+
+.auth-scopes .panel-heading {
+  border: 0px;
+  background: transparent;
+}
+
+.auth-scopes .scope .title {
+  min-width: 300px;
+  cursor: pointer;
+  display: inline-block;
+}
+
+.auth-scopes .scope .title:hover {
+  color: #428bca;
+}
+
+.auth-scopes .scope .description {
+  padding: 10px;
+}
+
+.auth-scopes .scope i {
+  margin-right: 10px;
+  margin-top: 2px;
+  font-size: 24px;
+}
+
+.auth-container .button-bar {
+  margin-top: 10px;
+  padding-top: 10px;
+  border-top: 1px solid #eee;
+}
+
+.auth-container .button-bar button {
+  margin: 6px;
+}
diff --git a/templates/base.html b/templates/base.html
index 5bbda45f3..852302f90 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -47,22 +47,22 @@
     <script src="//cdn.jsdelivr.net/g/bootbox@4.1.0,underscorejs@1.5.2,restangular@1.2.0"></script>
     <!-- ,typeahead.js@0.10.1 -->
 
-    <script src="static/lib/loading-bar.js"></script>
-    <script src="static/lib/angular-strap.min.js"></script>
-    <script src="static/lib/angulartics.js"></script>
-    <script src="static/lib/angulartics-mixpanel.js"></script>
-    <script src="static/lib/angulartics-google-analytics.js"></script>
-    <script src="static/lib/angular-md5.js"></script>
-    <script src="static/lib/bindonce.min.js"></script>
-    <script src="static/lib/ansi2html.js"></script>
-    <script src="static/lib/typeahead.bundle.min.js"></script>
+    <script src="/static/lib/loading-bar.js"></script>
+    <script src="/static/lib/angular-strap.min.js"></script>
+    <script src="/static/lib/angulartics.js"></script>
+    <script src="/static/lib/angulartics-mixpanel.js"></script>
+    <script src="/static/lib/angulartics-google-analytics.js"></script>
+    <script src="/static/lib/angular-md5.js"></script>
+    <script src="/static/lib/bindonce.min.js"></script>
+    <script src="/static/lib/ansi2html.js"></script>
+    <script src="/static/lib/typeahead.bundle.min.js"></script>
 
-    <script src="static/lib/angular-moment.min.js"></script>
-    <script src="static/lib/angular-cookies.min.js"></script>
+    <script src="/static/lib/angular-moment.min.js"></script>
+    <script src="/static/lib/angular-cookies.min.js"></script>
 
-    <script src="static/lib/pagedown/Markdown.Converter.js"></script>
-    <script src="static/lib/pagedown/Markdown.Editor.js"></script>
-    <script src="static/lib/pagedown/Markdown.Sanitizer.js"></script>
+    <script src="/static/lib/pagedown/Markdown.Converter.js"></script>
+    <script src="/static/lib/pagedown/Markdown.Editor.js"></script>
+    <script src="/static/lib/pagedown/Markdown.Sanitizer.js"></script>
     
     {% block added_dependencies %}
 
@@ -73,10 +73,10 @@
       window.__token = '{{ csrf_token() }}';
     </script>
 
-    <script src="static/js/tour.js"></script>
-    <script src="static/js/app.js"></script>
-    <script src="static/js/controllers.js"></script>
-    <script src="static/js/graphing.js"></script>
+    <script src="/static/js/tour.js"></script>
+    <script src="/static/js/app.js"></script>
+    <script src="/static/js/controllers.js"></script>
+    <script src="/static/js/graphing.js"></script>
 
 <!-- start Mixpanel --><script type="text/javascript">
 var isProd = document.location.hostname === 'quay.io';
diff --git a/templates/oauthorize.html b/templates/oauthorize.html
new file mode 100644
index 000000000..e7cdb900b
--- /dev/null
+++ b/templates/oauthorize.html
@@ -0,0 +1,54 @@
+{% extends "base.html" %}
+
+{% block title %}
+  <title>Authorize {{ application.name }} · Quay.io</title>
+{% endblock %}
+
+{% block body_content %}
+  <div class="container auth-container">
+    <div class="auth-header">
+      <img src="//www.gravatar.com/avatar/{{ application.organization.gravatar }}?s=48&d=identicon">
+      <h2><a href="{{ application.url }}" target="_blank">{{ application.name }}</a></h2>
+      <h4>
+         {{ application.organization.name }}
+      </h4>
+    </div>
+
+    <div class="auth-scopes">
+      <div class="reason">This application would like permission to:</div>
+      <div class="panel-group">
+        {% for index, scope in enumerate(scopes) %}
+        <div class="scope panel panel-default">
+          <div class="panel-heading">
+            <h4 class="panel-title">
+                <div class="title-container">
+                  <i class="fa {{ scope.icon }} fa-lg"></i>
+                  <div class="title" data-toggle="collapse" data-parent="#scopeGroup" data-target="#description-{{ index }}">
+                    <a data-toggle="collapse" href="#collapseOne">
+                      {{ scope.title }}
+                    </a>
+                  </div>
+                </div>
+            </h4>
+          </div>
+          <div id="description-{{ index }}" class="panel-collapse collapse out">
+            <div class="panel-body">
+              {{ scope.description }}
+            </div>
+          </div>
+        </div>
+        {% endfor %}
+      </div>
+    </div>
+
+    <div class="button-bar">
+      <form method="post" action="/oauth/authorizeapp">
+        <input type="hidden" name="client_id" value="{{ client_id }}">
+        <input type="hidden" name="redirect_uri" value="{{ redirect_uri }}">
+        <input type="hidden" name="scope" value="{{ scope }}">
+        <input type="hidden" name="csrf" value="{{ csrf_token_val }}">
+        <button type="submit" class="btn btn-success">Authorize Application</button>
+      </form>
+    </div>
+  </div>
+{% endblock %}
diff --git a/test/data/test.db b/test/data/test.db
index 8c7053601aec6f5efe2b6dc877ab6c95adae8382..cf5c2a0b942a748b25f0edaa857c8c0357f9b4db 100644
GIT binary patch
delta 15749
zcmeHucYIXE+VIYtEoaL)Lkl52Awd%2W_zQDgjCXd1jBB!DUb#!fGA<bdc6pE^bRNp
z_o7k+gd1_O05(8HL<KKc0Z~9uk$bUR!I$?rXAy!SUO#=`?~m{I?JvK{lxJq1nR)7*
zXXdZf&VMm7x~O1ML%TP+wq<6MyFJ<>>nB4<Ha<F9CSzvGWU^b9M30*|Q>OnkP5~u3
z`4UpuP2>Xkj+`T3>cTY_G)pvb>POW>*=N{R)eow_DJLtj;#ozdLLuME%)*!OJoFlh
zL(xKiwhPIH$t`11IK4Cx1qqv5@`WdwQ&E^ye4u5rx+_E#JT3wGVuj7kk;0^A9)$`=
zn<50#q7mfHLxgcHT46(z1%*KEM4_cI5e?~nq;UWeHfM*S;J~QIvZI8XvZK&oVQ#if
zxR@0SGeu{Q61ua(&>&%dmR_jHib4Ye!1rej69#4mqXFHCnMp|4o-q{l7mj9FqB@Bx
zI3fc1#<jaWjox;zyJ=?2)&Kp3nv4qJxx`RJg!d8?h1|r!h!?zxCBnNSjDluFh!B=&
z5hjhWBAwtHQ6L;iNJLu54H05TBnTY|BalWag(a$mml7g{;`kV(7CPfE2@k|J3ta4-
z!V^OqgxH}Agpo0)1b_4$LPYePk+Abw`H)!0LlTt;Nn{8IDI(v>$hY17<IXbO(Q!w6
zBtkShS@>4fPeHzuk?;C|m?C_q<x?4Q4u+D=4je7V=+@{|+FH%mni7pty<V+h8&v01
z<tnvuqmolJ%FoMhlIxhwOh4R$zDGABBI}mj2}e9$l~f{*BctaEaU6YN1TI&qJU`r;
z6G_qi*i0uS;$T(ilN+#aa0D&5A6w{(L|i4;wNJZ1?;C>KN!Z$h>wJ-6YFUZQ664d;
z%@<K3b%o$MGNy9=o4$z9%PomCW;#x!AB5mq<*>Rj`zk}|x~H*;&I-lD<f=Dk7tvLr
zI9nd^0XK)94aE;BLoPMn+&P$jwH1J#55vi-{wpFs^+g8J+GhYS+7H(g+h@iMU&NrR
zGbCa?9n~M#D5JNb6O{w$x^@6P)E~#m6PH+a&`bSchH($AUPW^UzzpUalUH>1qhECZ
zP}o2`ULIFh`~j^Rh*zkFJP|$C7s1o0_1OH-Qe3BuX+8Y6N{;SW57^idpgeRpcaT;g
z7%+C>!63Q`!GN}H54$=w^eYn#I2Xf!mhC$}raLiSA&-9Rk?-hK1}|6IJ+6dG72Pon
zfIhs4;*>YetF6mX(ujDdaQuXVRkp#)fAS4h(586U?t6YhRr27wH!A3vpHRDsm1QpW
zMKW|=0<<mrFI1;u=WW>Pi@-E$1k{YYgld(9{cuesqB};wfQK)kkTN*ljwz7L7z;^j
zlt_coT$GHQBJYxC$lu5kGM}^(4=E<8#6}_r=1=l(^4&b;Z|A4+1^j3}o*%?r<c@K#
za+|pOxn?exb8u0;=#z~{-BJBd;1n)eMh*}^`GTzGpC*y~0)7l(_<h_WGJ`z8<&lZ}
zQvMVd%}*yjV&_`8pZEkmi2Ib=#XUtzNHt%`IeQPDfV!iDKF2C@61az)>;(Xv1pG5e
zI2jhHBBy|V$f-VHa)eV+;aJwMkLKwQ7!~OMdgEw?nj9Cg{*oN;1F<yW__(2J@|lc$
zPd+1G^#PSGe3lZUCP&1vPLm^jKur*iq{r|YAO(gT6$d;+j`jhXA{@;d7NpxKBlnUU
z`CWW1ui(~l=^W8*{6!Dg|IdVt`9sIM%59U3u8BF;%8Km#38`uJ!sODt(yYRq)a1O>
z470_amY!2&vzC@SCrv6UDK5?}&75enSSu{$mVyFjQK3KzO0A8v+fpWUW+qz;Yn|EC
z^V(*$X3UxGHMONR7ZoR!cQjViw$>Vo)4fHR#sXJcM*fVJiXvfIL4wWO;cDzis+nYP
z)D@JLl^N1ICRMoe^6F-`<rR7?*}2VSY0Y!yRG8iM#YvSdhN6s4^YlF7`+^&7ZRNJc
zl8%bj%F6cH8ObwJi`w&xbCL|n$+>CfRIg#$gj9QTMTg^->BfwilZ^JH#{7<s4xzj-
z(bnpimQtQqG_$kWlxnZ{G^AF~sz~l|HaRld+M4QT=d@O)*H`Avtg%^&%$A}Voh40~
z?Pg(H;c%O^HZR3iR9RYAZk(1@Qsyd5nN>C;sohl2;F(!5t)OmVo7K?Xlx<8Yo8-(*
zHce~3r7p8U7*u2%pO)t;cjTK3OY=(|6EjP5(u&J$h3Uo4tSpN;*=jbX+bdk<&U9OG
zVfv&pQ&G7wzdUzBVNq$8qcYo+?JN-PEsC%@^GaItO=+c>GqYwTyUV=x+NPGI37wsm
z>GcNZ9CLodOpCjq*^ud;oixdnT2NeC+EylfP?Q)%I%H%K=^*FH5we@CAP0frH~fMi
zx}(_*jL=cGIEWmSk&EP?<SURm$H^z;eIU7my`Td;oG2W;$#l8L_dWU?B=7g#qY8R#
zmXXiNQSu@A2YH9QNj3xhZ@pfRCHX30b9G4&|A~zM1O(unfK(0{Nv4uE64$E(8^lbU
zDED#b4^wq)-5r1Y&`#EYd~1|}<ZkSZ>J~<5oUZBmqnKtOCD@fd4&&cNW5GR$OcXI#
zw0JJ`Y4cPH-<*^S|8CQ%{v+HOh4AAnt%}T$fhu{n_xhh<=qepncHuv|12|0q>sSB2
z^%oAl%4C7{pOcY)lXJcB4bXe3aIS06uV|cj`REWlPlo3)Lzw0A1qxQtqByVgs1~Tc
zVk_CB>dETYG`!|6%}2VSx?6R-xHxVO_c~FLF8&EJS+e9m>kf~uM38*O1dP}2&iDj$
zja8d@#p0bJS;4-`c5$X;DYpbH=igvw&y_6lEXhRAL01j;@sc&4FIo4MlC_`T(*^k1
zIY>p4w{S~uPr{NQ8ZHB5KgeW1piQ`t*&sK_pH@~VkE-UVZ_{v^r?eBbhq-9(E&gV*
zluRej$rcIucbKm6Sw>w`dbp=+Gvy8wis)W+$IS>u2fPjDu2$jxJ6Pf3ogu=5cO_~T
z42@C+>-Ff)S;Fgg4MRhPvv+MJ?$*}EhH7_vLrZg2$IJ%7_;9G;-xWtQhoVS&ujrq!
zyHn%|K6$ioYN;K?3eg(}39FWBg|W+$7~kL+A#dqu6nD9HqR_a^fQEH1U)B$!8=x{;
z*!PG<7`I^p8ZMQlZs;#`Z)imEP<jw0KpG{`jht|7V+|V7owlhI3BC<M0=KKbF#9Q9
zc>5`%u<h0H=tck>1hs`o-#v9#20}@~y4}f2kv4y?85A#PF%M?e9ei&yi`6rueIZya
zi<pv`fGjyRUUyAv%gpH$U9Pgck_maPtdtU0ajLDPxFR#VBHLVU%FNA3PPP{pmYPe8
z%TtA8LS$Ecdwc6hgJDL8drneA3tQCE<c-d2ulLT3F7~#yM<=(o7S}hlMZ=%FxkajP
z7wdbR$1O<0z=4KyA_g9>x7JZ<Oe?VEnoDvgxtwX1JWFMPHKjbQ#F}hP$t=p7lwvoQ
z<fN9R*0&4Cg>b+lC^Rth&vORY8BEageVd@ebW8;LdCgeMM5uqB{<jK4j>U2YsacWY
zfA0bPFB!4h{&#F+k(|iGGO~j_+*?W>VT6bGPXEu^LDVAqL5qO*e6dge`6fx*{CEJg
z$Z5$&?meI6N#qHq4~4173Gt{;^Z}DCocJ(GEspae*eR#`fXWe09~pev*8WC9jeOGw
zXb~XS&nX^z5DJl@5L6GM&cNKrJjh&>->rOA)yRgjYt(t__cbfE5!$)BXE-CbjkL(N
z$Z}+vOOgjA$tRCe1}Da#xed)V-r1cEZ4I7=#)kGeRn6`uZ>Nt>Q3X%5A)i5No+)(g
zNkpcAxO;KWcwz0aNa6JE2xJi0J=w@86z?g$wmBA=yWc#<AY>8V{<IF+APo@;j+Y_(
z&x6Q?myeGXn$FvhqkHxF9E_a8x$o8?7o<al?cb-+pX6u^8YvcOv;wJUjRG~IQS==J
zT7gDO)kl;_NvRUGqcK01Lxla`N6;D-8jr@($5rSi>Wx7+pmFriF{l!ar{{K~A^uA-
z$be8X-Etfaq3N-x8ch(filT4C0)BTGkprbjko0*A($IVhlG8iaqgcPfggOvP4Rnl5
zLt0v82FxBeqv5~#+|C54$r;hi`4>6U$LZz@XU>MINt2B1Cy$b*UQq02Mrit%w#)8t
zyNuNqlip=Bdh}MO)u{KFtQNh?ZmYJr+@4y8(aT^1W@V^E4Tc(PvskRv#u}&I<8e8l
zgVU>bdyF<n?B;53jmKW&G-Jkqqz*`iScj>`Z1q}d^iGevR&Vvz)asq!mg&6~o5>n%
zba?C@uaRLyc_rR70Xv=Rlc9>imX-_OUg)O|Kz`q+p;Iie-nW+k@~n)U{S}k2Q26GI
zCWw)w;8iTdOUw(sb}e8;71MKCG)Nj4EKPE@4=@<`q@4bXpaIfp{rGFAMb8XGp(^r)
zc;E0vALHfHFM?6HBuY;AxkGvMbQlT?(V1mr4XNP2;y3ac+`l=2Gwa^h&Cr>DF*dl-
zUTO|UVR0_E!)Uj;fCelkv)=0R)ac!{c9XuQ8cxgPu+@M{qcg%$YMjGquC{p{UcKFA
zs}>>cdQWY&Q*W!TH5;8)yUpRY)Az%XEzV{3n9Me-NpJC3U`%&4K-z%9oE~Gf$LcXT
zJT*pYjzDALT-8Rq(du#OjV`xQZ>^~|>fI)%Menv-YOF@DvBqS#P$2?Mh_hOpCS$eB
zq_3?u)#$BeXRY32v^(`?x6|Qq)Yy$?mzn-M0wu=Py1dR>x7)0@d(0+)thVW09#6I2
zZ1*}WZj;yPsCChdNR%9Bf$<$?vsrI})#$AzGf=nJRIRt$YP}|h)e4i_=*CDC9_KVV
z>@bK)?{Ro+daK=N*SlPH*eXwr+iU}5Z7v7>DiUSH*}P7>)dGy+a@$>ctJMrFVzSuu
zc1KN(w+7HQo2zL>6dDl++i0`Z!eVR9Uf?LR3wFtBbm*O47|&$)IP8vUx+V(QCfH5Y
z)fRURjAX6_R<gUR^)6sW7~NW9@p_#`Q;k*RBQ1GR2G=$cal*~mC*&|(zr6{r^NYVY
ze(6$}_In-7<5!2H<Paj4kuc&Uxu6`MAT@BaCMUDW;_KKStb_5(6A?mDq*J`p`5N5e
z55N`PL$;Hr$vTiZ50O8SF4Ea+Ms_trI}PYhaU!NXc}C=T(e*w_J|!OmrhCBMd>5{!
z-Xt%P=X>=A4y4@<R2W5`mXT+rZw)8Nd*oG^6t0y(*j*s610p-F-*J@KanohJ2rm0)
zJ@<w@2ZL<t-SI<4V&uP%Lq$<w>0d_o>g~conDq^^3%c*@-T5dJxB-yU9VuwSU!F$t
zXr8PTW%qfwpf~{+8i!%m-XO1#7syt!iL4|~^csYHlc6iKQEe1iCL^mrjC=_jwVOOe
zmcatvgQNNpwrn3+)4StthAzuP({uZwi!yW(FJz3&OY*xE*~<4+<5b((1kK&r1nnW+
z?VO7&<i95EvhQRg;Z&~v<UVVzDtL+u`Kkh1+}qmHMw1>yPE;OHVa5fZKyw}h9k=K~
zbOUW%fFe}TUk>V@?l+?t+HWGLx4Tl&Ae7!i=}EP_QbF%#h<Y=YzG+6|(8Mbc1E}2s
zx;pJjg_iENppne~*{~zT*@NiVG;omUL{x_|#mSbVZ2$5!RD)=4IZ8m2By)l;EJssN
z4n0$jW}#g1Ul^TNfvQkmK#hOgg8KQDmFP$4)r8VezJ%FdS`bH{YeMr;!PWBAW^^|y
z{JH!WRP=L}qb)6{Ki$`YEHr37(j(9$U`)_`w<EP=9ngeIz;sADIDA<T>--1iqdf?f
zNZqNl(a+wFVl|@8hD2Ie*6YMY_E=VgblyUzIWr~QQQ)-Y81r2zrp)BD^8Eaw@{}BF
zUa`?(t1L{<Nv@paEKkoX&&$fOW#(tPiYI2dGHhm3dPNRvHkzz@qeXABMw^@?ZT68i
zN0P%~wp*Q8<Xc3ZmtCJbL8A=KONBcub?zU;Au!Jc;Faqw6Xx;I3sp#?AioY$ErKkT
zk;T17ImFP#bx0fMb=e$V2PhGv+wBF7X7hmJF@b`!dAwGWsoGmzQ%!f)p)>`#2>joB
zAjyiarWY3>^?w3s6G46*V`)*pKG9rplu#K7?S%{LW@u;^+B>Z0!MRLEhs)E^&{(4v
zZS%m+9+r{Ay}Ac1oN@H<-AMmGfah=65DDZX8TqIWTvF&qkD$0{k?3{WQW*%^TSy$g
zoxh1!aZht@-Fe;pI;Xa@XK%KSp^*o0NdLedI7S*xNoJSJWHZx@1Necw-*VnVZ!6Yn
z#4p}RmMp7Nv+7@PM9)FpZ{qap%=O7W98Zn=u$+GWCXT-j0Q3u`&V6{ob=shF0)2Yl
zbr%6`;|G|G5@-Gbk5HQR7Eb8z>eVJ8v*9hAc%8OWZ{gzp&R$&ry&&q@j}6yp``dmz
z@;cRD?Z?69VA&Tkri?iupQ}KMg{sfk9QFlulKKgaLQ}6Bq-)Y0;0$nUh{+u6M=zo>
z*%$D6cm&1AkqOm{!Y-WVA4dsv&u%n;K6n(3KuvV#QPhAM1Cn~|F_eX-`|mx5f)JWU
zSAL4B=|{JtQK<Baq@0b)uH=>UPYV#CE$cv0eY60@^{u|DP{oyAEF}-2d{pV5`Vg9m
z(Pa7(1sBk@7A2x7Vm_GOx)znAn*;eT*P_X&O3a7S>UF3XO%2rVUxzZ0JCHZ72WQmd
zZ(ffcKts!>fa@H5*>!Gca@TpQ+|AW+tJE^HO)6GX>n>18HPpKslqhI0C4F`m8i~C0
z{4UgrYQ_5dP@NwX2tmKxyQ!!_Tu4#4PBd7ayJ86*2gBhI*c*F+i~2BDwDh^vC_9Y2
zBm=nJV1r$?&b}lc!RL;>Jvj};g=9m5G#()OW^~sYH0m!-B!`(nLx_E!2T$q@Scga8
zL(Bm%Q}&RTt~bJxe4S)w?R*NQg^^u-npxND3$qWFW`DgKjSeHviVk03nLA;jU%*$O
zkHJ>#<Ey}ue2p~mc0bAp;}^=n41I+>1|Mo_NjixqYW_68m*2oI>@_jF1Ji}iA+D>J
zl+i^p$*6C6q5bt{&967Bf7#px`niV`V1L<uZL{i{=3X*H*|XW$ON=P4)7;f#a``pw
zy+jK0>&-ZVNxmXyjlFt{aYhRGCJ(<`;54N;BXUv`^SLHf{a5w^Tc~<MB~z9uo>XAD
zo7v6`#*Jtv8X{{3@nWZ?QFy(7@F0Ae@o$#ne8wO113JR^P3O@wOcx9}s|}LQn;@B)
z3Q3C|lI9_zs+_BOT{PGak#3Tr4b_xs!qi99Th;fmud&av3)nWcnk`~eSPL7=4rCeC
zzf{Ln2f#}If_%)*VH?;AHj{O+32X?fR{dM`h3b9P>+k_Ei6DNLcBytOi6UGV|4;rM
z{wV(p{}{iBpT$q+$MO;2w!aHszvpt<+z{QTx^*Bp_1e?g$F%oqXK6j!EUiHs4X(#7
z@~pPMR-yS$^O<J9#;;kfnWvee$<<8ISTr%30T83}z4~+YKh$ripI2{CuTn2j->&Xd
z*Qra?<JIwMjy=o1MM9ngzoL^o06`M<B$Je}JK4?bW9(A)-pf?aeuQa!G7jxhFa#N9
ztC?VAFqxc&SyH+4a@lU^kjm|s%T`01RGxXcY&Oi0%B`2nMnj8KZVr@<PD7JaZoFK!
z8>UO;X_w1ZLra5HQGdC@Y^amUwU^6AgI6lo@C@9~xoifP-QaQ>s<lkm&qYs<yqjf$
zr245+uc|=NVz^l<PKjnF(wNmaRPHhvCez5(IFbovTw+zQyfT=vh`B*s6@wT(GB_;;
zr`6!J8Ju>5(_tv@&kVn|vP?qh3RtOxMxa<C%?tTrY2G3U(%~{VjRvR5P$)qLiUkrR
z<ntxSJb>&%28Yeyup1l>Lv8?6D&_=0ZH7q_Xtsoq!)S1r3=XrwVKHO{run%hGtgHm
zW(4{g4e3(fG^wxMX0Y20c89_4G)$EGN;T19RjSlE0FfefhWrGnb28oZ3W{MOm~nK=
zD=1VxPTWGs1;gd)Q|Wj}m$ZF0o55x`*c=9%(_nKMMoTmHtQ;lHc%^2fG-06Vk|u<_
zQ<~5rK>}@>Tn3xjV86C#lR5@kt#F2j4ob&^(j_D=*E$SVr@`tnm?b27R+@T@Wpx;g
zJ;pLfpY5sJhOKm88s=z08cw18(;zf!6f+k|4Xo8{NOUqCQpqN_F)dQgq)0F`4N^8q
z5pQ6srEH>N_>IgIDI2f2A%Q8Avcu3Y`cw)YE{|ohrHUv;ERd;`4Oa|>U6!&TU^19e
zaF|?LAs{s{C91~~%?^XvX)wDCkv*0esEp{bM5qbxvBWU?@&v3W7Q>JpmBI9{6L4gt
z(Gb+5a*%W)uyX^Y6B$6)uEtRz91{i1W-u8ICaZyHn2^gQp5D6}hj*C_x~p|s6*Ew5
z)<^@WrLlqj3=RV;vAUR7Nia5pQi4$g<~NuP7K1z>4j|7+FeU@s?h>^@66Rd&Romhu
zIR+sd?|~G3y$iJdc8Dw4LY^d#!!^t@B9MjTZjgv`A@Zb!G>~dCg_My3l1(O(al}O|
zL{Em37`QMCB7~?R?CdB0d;T1MhX0&D!oSZS;P>%+_?P(S`K|m@{5pO$zXIaimhkuS
zck*5Q9KMZj;_G-fI5H)C9$%fwr|@HV2XEpN`C)t%AHomhIbOvh?gIBMcb5BtJI;N~
z9pc{M_Coa9PVQN*o7>2(;r_}!!ac+-;_l@ZaJO-@xEb7Z&dXJC6<iUQ1F=)d+$hcl
z26qA%`wJ5W%%)D!^zjdW9eskk#85i;mPNj~{>2zs3*jrv$zR|)@K59pG7l~WXOc#+
zlBSYMi08{C8Ds((P3*)-MvyoXNrsRCL`RfF#{bBl=fCDp@t^V^@&Dl8=HK97<#+Jg
z_`ic)^#s3)f0%!ezrTyW2Z8`^<vaOS2nDR+Z|2MSLVgmT#*gPm@>V_xLIa2L;rw8}
zAFtu%+<$RDaR21K<W6u$xevI5+*{mh+{@ex+%w!}Zaw!H_b9iNdw}~hcNaIGyM=3q
zP{Ml7!%gN&xqL2*OXbFLPR`8T$lU<z7JuD?<4#{2Alv4T-iJQJU6|C10CV7aupZ8e
z<96{Yw0CO9=%(l%=WMzl-B;Xg+I`FvypR2f9j4i+%F%qwZe^Q5xqPdBkNHYH5s$%l
zDmye@<#yS7C_=tVQKE@J8&wL$=ZY1ohvc`ZK9<{%SHY<lGLI|uvW4PwSAI)!HBzJr
zeY6s1(4<(rgc?Rc?yM7%HPMjliNTBM9u9JC2T-yqU5qDz?@hijcs$+7VU|{n#qedG
z8e?!CJvkEK%EV-6EKa7aqo8g$bfYi2AlK!BhBf6lot6&8+4PH{IE^~Qx|2L4MC`Uw
z8bB=WB;o)Bx)HJ16(iP-g1S@DP`5_JZ{<)i;c+H45*X@)268JkQ0L%ajvWW!vst_r
zQ@Tb6b@TrX-`q6xln&=oUWDAEhT7!w@X>9j8kSL}fw5P!c!3-?r=7BQ;S4d?MvZ`B
zsdz&$oZBjcyW|sKti1v3yb;VAfh-{Hqz;HQhl~fNjRSU70;8VhKjhy6GTg*J$}a@E
zYXqxn5(J>$$cOP7u)R(JukGe~2X(QVk$>xZC?6M)V9_ju4?ve)j4PfMI2+wC_Zsq7
z@(A36FM?>s1>`m|3j&Fz6ECSE6{HBTNhir<6okPVNCJt4VA$Ya@MkwTRSX3hRM7Ab
z(H8|IBp|tZ`BUIyZH4RLb!0UJ$59Bfy${@%E;0vV%$i{3ZgLaEy5@mlmqNx62QiUE
zG7QYlklynR3fy%^96`rRMQJ&lhc5!(g8%jj_-;>uC;1wzWgZBD$6)Mw5Qv2!44p7u
zBpC?1dI7lhWeDfZ1D-Vjw+`gx@CoV&*tU;@=)0Gn%U|b9<R#>npFjxzN?6kG4={+A
zTfqU45jVe+592y?2X!XxpEZBfV>rN!34&`OQUqchbLF}xwHLG*ng`VHt0UN(Rm+u!
zlths#?_?gw@4$s|6o6j)^S6${i?RP@D;~@E?Kk2#7{4zLcQO7=;dm`h6Dc_g!scO@
z<$N`FhAaF%QTO2WH2wcD`~L^S?BlW$PrTI{Ad(gtnF^$x4$<;eKqS@Lm$g}%EgBEF
zeYNZ^Hb?ce$_r038WgW7^5uScJv_~5#CvfOdJav8rx`6kBngZ!Vr(F&{{uI?nQ)|h
z=%^eM2<o5hffo(Nf%Bv3Di1tBu=V@2ke>Cx1B6j~pFGw%k}ezqk^e7L<MBkf^T-fi
zr0d$(8B6owbw*6m!M(l+=he3p)5W(F1@LwvNEQ2+N=M*z#y<++sYBS`Yz)0r05e(F
zzs}O!LYQetqN0DNHSjtkv<N55ttU3jqg6$C1qsT2<-dFp=Bpzo!n==U8L)=%6;JoC
zGzDH|I5J@kL3v-+(W*=sd9dl8d2~}Ij2wN?I-)Zv@G4_&7Fg=B;q%teomt`|ihHUa
zrBk!v5k<uQ_@62h1J5x&FydiK%ZDZVb4E}%5+6~R;LVEciD|=qgA?c$1kWPwF~OUa
zQLij7r)NyKU1fZu;es!6IGxu3ZOhEKP8I&Z<A3!<+(4tILCr`D;2N`k$EC_)foB?r
zEr4snc<m1~EMCNQ!<u{Pw0OXE^w8V(cMhdr{e)oF1i+Q&-okWl0^r*3zQIq@@DX^q
z%R1*ftw<KZvdJ<M#m@$tC`LC!yF(kSX;Qxe53%N{4yp9Y`HHs{5%M}_6aFVIKpP<d
zSLok3oR+r01<A@9>}LFnC*xMeA5x4@GX9m5poT6QjgNJS8exRoCX?IbbLB59)QWt?
zQpHhays}lfO(j!hs1~aZv(aolTps)Yw+r{E-_{J#Ox3K_e4}-0=WAcn_0yH>R_RVb
zAkl2@MV{sJ;dRDQxMXW3+xl*~B06az!~y!Juy{42kZhblo^CsUGW-yWJC&i0QZ`!5
zMnjgaa^l68(KgEDv*j;BMC<<;(sJW(Mq4deaG=QFF2>{iJ1cN9ruV!H2$r|vPw2cm
zafW}M3*U~f*lq!f&A+N#T#5+k2gtPy9W8cRbq795U%L~JzpN=h2vosCnq2M@w^|Yc
zXS8r@pjo3)fe`qbEn$_a^(qYrfpdy-g<8H*&Vdj(k8i>{v>Eja2m$K(GrUF`*r7e@
zi<lgc2Cjubo$>Qqvnp>2NP|NQfjW~i&%t}Tg+QJ5j)$^o?)^ZWVd3|sca{gFLD(Xo
zPUqRNduY`n;L#hh_Zxi?rB``We4DjwK8)--RR3{hNr3z9KHz@yu3<OQDj$p-yY~J4
zbdwK8Hg6C9TW4W_`)|1&xIf~FT=*JrJJ5aH#MhprQy1Xna(wGpA6?T956Z^9d*8mC
zT#5#W%-I3VIYQs6_6^RV1p`Fp>;UF8toYMndZq)Ilf3=oT3=)~owp94mv-WMm9eWO
z*%y%|J;tK0S@0T5z15vsnHgaJL$iSWNAIlqBqt-l{(1E<L-5&x2YiF!+qTI5tLkx;
zGW_Cw<2uvC$5~eDYQSUrsh`|Ld=V3WmW>SE(vC;aEe*JishR#G4W9;Ui0qUn&=;n`
z8iEer^JdP3z$>ju(_x077sj3Q4NeZc(poVc)-YzC%0=&+3Tr^`9iHxs92a<{<#OY?
z(NQJF4FMsrUo=qu&huQIZo96ZwneiS-ecavzR%iJ_bWeBrYKg*e~{-gf5qqUSagqU
zzib|8gG^0<PwWogy$Cfe!O2ML|7Z!0!~RY8KqRz3>Q;P=@o%4vQy^``%W#GWJw*0^
zjHL3bfdX&VJ*OL}ZPdK1iBaFme#qKY4=KM<<|)<#<<&5+Fp>B+bQn3HLl3J+oRfaE
z4X68OJc}1$f6@m0F5^#nOiZI56le4;##2zLI9DX-EpiWk797V^@behmecFF&S8LOO
z-j(Y6*>Bk=*esxTwQ`B#2gN!?4$!-fc@ST~8*o0*JAp;+rB!=@+LKZrzS$RXi%9K2
z058CC$Jf8IuX2t^?eO?+JJ4kCskh{`YCF(m*q_$lOE+x?nzYW}JEOBxq;?a%We3pY
z4db7Ahwj_~G-+cB*V3sw;XH%NANiE7c^b~sVz~DoIWs9L6vy0(ho~Y-2S4Z=JcAY#
z!nAj9#Z%=Z`GT3A*^1lcW8z<9X!SF|I0Ks=0=3zEm2nb*W?X(iasW5x>&hlkxtZu8
zKhUI2Sa~d`QKWhk&0PyK$mbs?zQNN)syEY>Yw=X2efQ3~&S|2q10>b~&I4*fAEI;D
z0nUTgCe+aI^?)<CO237^upV%BE_i=RPOV7gCYt>ujF|ZG{6G5!dqpZY)8$VB&O!LD
zd+2>jfd=CzD{k;bRtJ=vYZ)jx)ixp37vTvgxet~Bv&Y`_xV6$9P;#>$1~DRAzxg$~
z>S5T}q|eR!=-G#1V+ZbwN$tEjpyXb71dlK2@0eOIDxG19r7}^ms4_&=qLTGgE}(iA
zUsW)w!^+lcRf*!LsAiP$0Y#%&N@xs=M_+yp%O)af+=5k<>;`x9#cptzm+ltb;4R>I
zmOTo|&bz_qJbD+@trUw6so^g0w+(kg^8Gs~*?(#|JazS-d=!Tu`q(=tW6g_OFs4)A
w0k<_D2J@fXjU&(?Rs$jIRs3^&2-mJVpi9y&)LawJ&LSZA7bUXahSSi015uxI^#A|>

delta 13380
zcmbt)2Y6J~67ZcfclV|ck^o77kOBk<WplUPErCFK0?DQa2!dfZ*+d`^YG`U)u@~A3
zM=+s?N_kRLbQKFe%kx>DiWLz7MX4g-vpfampL;hTDv#g)fBE=^xu?#VGwsamO)n<i
zv?)Bfvb=cGY;STy^USI4*~u0`6aa+G<YYm>8G;}@xh#2vbB18}VxW$`x?vkZVLqP2
zAMh-GjYshd{0#Tv`}j7#j<4Wu+=Wl#4*VNFg6pyEiRdT^r_6NIoGIf8G>j(Tt{^bJ
zgus|l1S;|gxUvb198MrRoxpH~fYVICoJL?sDuDrg3G_)K&?}xm*H{AKoe6|W5d;Ch
z7w~)9@Fe=bPm0pv4+8!`pI@W@2f6d0X#5)u5}x?KQ%-Yk!qy!NX!N#O1pd}UU}HUj
zhb9nMuO4AdDS-zH39QN_u);~euabN3U;=li5V*Y;fm>q;_*5cq(uhokBms}%d-xPS
zh|BOMoQ@u>!dz4^0U0~W-eONM&TeM$lUX?%#!^`~I1iu0E3gd~!!#%XJ0$s|qdtBj
z$#sO~K(aub58!d!z;<FHTf{OD*}q^3&cNkRih1mQb_|l)6!f7Dn&B5Vkj20k@G5M_
zYOG@w;Go6!K9M}(D<<Jl;vXKR<9~|&qs@sD9wQFoF>2V4{$s7Zx<~?@sh98+q_f`a
z5sbj)fy6y95dwSPhr5_wy#+y};XmW@cSRaqB?wh82M)4g_8yktF4}9j|6Eva2=ga|
zU*L;AhC%-KLVNh9gog5WK8BJ03i`M%Y#<-E7p%~kM}Gp{{U<}6{Lo%7LZtfbhA98P
zLaP1KLwZ8A|L%~%`moD(U8;kQ{jY?*s|&@$>XE+2!$jqW=s$e0PbhvV;E(tvo}#9Y
z(EsJ>-l2F<9d!Z^QqvyvAH2}JyLz?|Ay1%x&qG&ML)Ua3ufZL3Bm?if4-%mZH|&Fj
z(2Z~22csY+@ZCOe0mS<Eh&}oE{V){b`2G8#j81f;ZYWRr43eOSzn@Ow^FM=l=t<+O
zoz=4-9#RQ9iHB(S_mCfognlu?RsrwCA?#Jwz;v()3LsM0N_+eH)?Uyj(^^!RJJM_~
z$+BC@avk|KBaL|_S^1TgnqsA-ps><Wm|a=uDyq&KRcx*vYqgtm6s5XmWQkL8*lI=<
z6=w6u1Q>0t&M{hNmgi2cDw=KcRGEx<^^;BZ(%EG>W%I9VsF~-QHrnE%<|)_ZkIK$&
zm{wLjzud@ICBQ&M&T^DYZkbhHIcK(KURG1u%<>soO{LY%qh>8o%+uyp6q{;_rnk(q
z=6dJXWly!pxw%z2IsC^27@|yFP&|9CE897F=CqOWsKN!s^XxfwUXL=fu+C9rEo&^!
zs%$E&a=GVEvyMv3Yiu5sRWrGWk4=QZ%IG|~a!zSOWrNaGRqV~qD{oG-&z+MtHMer|
zf^6sf=`%()Sw>Ep?4B~qR@z)#l0U7Yw5pUpod^SzqWJ~xve`Awqs^6Rb8Yi-l}2Yl
zzPDvcb9T|B(#mE<X&RGO=ruMr<xI6zdW%PwHP31+<=v7%$+Q=j8H<W5#+B!mmyXW1
z7M7UDRMj|&EMv_TB~^+gr?^-dSyf{mQ#9ICR8X2zXf9An9eKtIb7?_#S!rGtzcUFE
ztU0#g#;FTtnw1%4x!DUQ7Z%jzIZJ0uDe$Hlr`Vfpji#3QWp1O@T|UQHK6i3cb#a!r
zi0?~+!7(^Tz$G{bzr%z04{XN|NdF%tQMm^B92u6z;0FSp$8Yfz*_p$506!sN`hfa(
zA^%_mm^%7@yllh=_(?~9soK9oz_0KSeu^LA9(;>z`3ZcI`d1>~Q47^E?0~=ykoCHi
z)^}k#PQ+Q5LjA9>ygbnt0spfs_HBk+{&y}PZ3ePnO#)fkCZcX4@}^b@YyDrTD+E3H
zM_&YE|6g*DaG4;eCPgPS3qmt&W&OyWj`v4LP2jJ827~>bSV-XfXOIDqz|#-H0)1jm
zMP62wzZv@Q{Rbh%|4+yzN3chX;m;p}q5RB2GLLPaLmB_#FvO~DJ^e0_{Hs9jq#6~b
zI>&RGdpwT(jEo}xX$f?ae&1Y*I{x!o2$#t7lLvW*_~ymd0v(+f*#F8omanc8`v1(g
zUVl`e;Capp_!FKb3co^rb~kjpX!ze1JBb4M=?M^E>1;Q#)Wt^}f|Slpb<NWnCaFQr
zq~>Y81Gjtu*8=p_SoojAFkPRbahRVz4Dr0|OOW`|FCiuD=HW?FoWTIM$oz#bp&#_)
zUw#Qs@_&5;eff3;qj~yi7$6P2vJ-k&)B|o7a5Is)79G_jI|&m;LcP~r@9}yY@|;=D
zk@>Ewnu5{e3aYD$&5BavRK~eX<BCg*a;l7@l`&(KJaZ-Aox~EuL)1M0&(S^7a%V9{
zL<kL0g-8^N1^V|DG~skQ?=bYmCiBBbU>Nl0$w#3EePVAu{s`D0RsBxlj~{_FKL04l
zFfg$BC`2(B#LG@VGGB8X!ueOnAvG+x*>?hdN1L6%F5#FEdXetS{rnaEtk_v6j1cJG
z=P;LrVFk~M(x>sxCm;(3s~fe0A-LbWCm@2aIR%~gy(dV3Z6~3aD5DWc{K1nj1LQ!r
zuVFNRQKh>ZZ#@O2SN8WSmy%n&n(G&%^up7E@H7-saCHKm*h-vwh`)UbGQo6d^=NMW
zhKRHTTE2lo04v{p8nSo~6DEMd?ItV&8((C?(O}o)=ClbjJE`1YxLUv$a5eF2G4j>#
zuql7gEKT7KGEz8-O3!O?>4^?K{P{E^g*%}|95nv`@)H+Wyo5)H_jrU__8~tKiAkaA
zn4igPpP;t=G%5*WqqOUXO#*CU4^uoghq~?uE}OA0I0BVsM1XX@+k!p#bPJY{p&)!Z
z4AZF3vto8f#BoL=3eV8=FEp~EuG~?IF`;-;wIu(>lQj4<<R@#fXDCh;@Eu%(Q>m>M
z`P60%Z*4GnJPxDVXmFTJ9)s0mwj10IXPv?6wAn01cSF6y;YB915CN(~$)<*QjUK1n
ztvC#Bo1@-f^_o>o@fd7Yd!4i1TW9px9SmjACV)T_JZ8o1F**#E29H7$>S=<-VKz8C
zW{V}xTj#B7u-g$;9-%N*5T>#%Sm7rM`R!IzAS3X+6<rKQ@NXPAn4hts#53$T7c$j`
zK75HCyYS<7G<EQTEY5j)^Qdo%!<sJ?`S-0D6^dHNkD4)}4$ZiJzeMdgE#T=6tNS^1
zlww#9WUAU~H0gw21mPD7oXzYxyqV}a$$L65g9J|7KEpxu>~vxRU*o`1$WdF{Avf5$
z&4~*j?-H)(EFHV5#3pcGI%Y=XYsM@uxhgBWIFGL%Mx9T82*Z9miTZj|?FbQkb~|>{
zXeIxEr>RY)RTbEO@5V0Lb^m<Xb-#l>B|NUa6pqtS5`g0ev6m*lCp6Zm@_QQNdkAI$
zH)0Jt#kR6S_zC=A7CsSX2<By3-MINY#-}JAugB>$S`5YpqtRfs+dKxRgD%occE)3G
z@HALG7Cz%V=B8L}iqTqcGZ`H94I~*Jr`O;yDpo_CS1}r`7L#HzJNYN)QAw$@Hkh3j
ztI=S$)HTqWRyVC_wHh3C_0D>y*=ls#6>k0oGg9h|&boSggVSJYuy_qto2{NClUDbd
z>Xo`WrOs$F*K_|bn4My?J1t(T*=(?x-FAc3=%kSrr_<oE)tRhrQ=PreVc|dhf`e1s
zPPfx*F)N08cZ1Dfb(`xAjs_c@t<G+3uqn2NI<K7<{)$<2B2o&)?KIep7E%tA)ok!I
z*hqejbvBFL>~<^OdcO5n?3H3yOdgxpY&0lVhl$Q^_mX_mu{`E_#cowRRwvPU>Q^jG
zu~@wpn~l`LWNM(1UZ>UICdDy$yh@#=&f~S)tR`M_0SBcxEFQaJB!#SZTdYK#*JN;;
zh)blFj(U%+-s`bi_{IxJTUr#Q!E1LI>gsJygSDQB^_Z-R!AZ(kXEb}vR%=7h26+YW
z!prPeoJV3&4Lo5e_J;zVI~2!3AwQFW-2;K4q`feT_ihur^9#eU4vI8G^vyCcjE~H~
zNWLrs2PCSlCmdfC=uM_cB)x7AP=?_>ibel{FVgA{B7ZSb%<F-ofbr;{m*oqTZK$W0
zu!!?;srH0D!UAHF2#|y=>TBv73TgLIIQtqtk2`TQnW`0d7q(&xEmwiOMHcT0+EU>b
zLAZqtWpCjGe{|Gr{&WV~p*TSFzW`7YBt7juF`U0Q0@L{UW#R}Zy{t8PxhV05<zf>>
zV%jmau|F&q(^u}$iOHSuDb<Lm!S}_)$!ip#zDF<8xA5=yEK#!@`BNjr(j?p|;4}0J
zJ&Q;1LrSddR9}Q-WY1BWWgoskBbOrISt^z%;kFLzO@aECm$QmeF*|V^jl8Qvp&zdm
zE0b{7MG}5{A$&j!zk#pPgxxee80m}rg=R6kgDckv!ZpIz@EB|HM@JQLqo2-Qe(8i=
z_-em68!9i}W@mm{<-_)66rPscC*BHGf9TQJq+20Qf$G4F6=FRFT6F21ajoiFzN4qh
z5qjM0rTcmVU&iMsp|lOx;v+=bLgZ^(#fBtYCEz-;N?%j*=^wZqSJBBoBr*7zxcM*K
zNF(PUU$sP>LID^JT}2H`sA0R<$!jUJ*qqfaYfVjVc2!|PxxK8ka+KLt;H)mU<hzRV
zOR_7<%N=8~M>~uK`IY%*i&8x<zpT*eD6gu?FCQ6VHkzykvRWo{vdNrov8J1yX-<p7
zVR5ox(DbaJUF2g}olEbb(31agLruK|%9fQ-^kRbt=>mrH4_Ar<VYJ58|8TJrPv&Ad
zjO8b|7|-wJ;&`Z0@dYqW(>&hVF6#KYHc<-PdB6B8bVPTTLP>t^9WhMzTWHD89aO)U
z3b>RQcN_Ahr^WCThuQ8nn=A^MUGnNy6WIc%oh)~q)$6v}E!KL)*+2o4n6Jb0Bw{r4
zTjb|uT}USpN(4$>ondQmBsC8Qe*0=MAFfdas2|_Dn$-W7)nW@w2sV^HAa>>(9}wrm
zwQ9pQs13GnY7?WmzFo9*(0|!3k-E^|(XXB7vVK|Z?<rtU+CB<-&k?#ejhEk_)oFEF
zJaZ;B)f=X{r+R}tr`%l(o5c3x6cSEB;Ldi@0270@j5s=ifk!1Qf$v`{rtmQvbVH#o
z*sx=RZWh!Baq%HtlzN&N-tdqvri1jo0`4VJ-bTK+RA;y<=@&#I{dY$ph6<DwO%rxP
zCURb$DJAjiAJW;u8{BdFQnF9`AJWxAW3VCVVO<1ocvzPY*ZJ2(#0Fk|ST~BnB;I+G
zZbSz``vu%j1W~?e{}Npa#qYtl2L1P>7AKs+K0Cuz`R=6Jk6o86^I=lJk4aJAB<rEt
zj@8I_?ba2=<KG2p{RbJf-^|_DxSw(gZ_=ps9r4qv@92hhQ<<$7D1+)0HbGBV4rf`F
zKRT)(cWu%QhRG_GaeV0}-B@VS@Rgf&<6)|b_T+_|b)ER4&ALLE794kYvu-3b2l3o3
zx(t{exOt0iIV1;ZC*4%(d6vxTNpcAXDLe8$8I0HP??lxD9cFU(L0x`4zWQIyBn^GI
z;{dOp)(wltXVf?^$c5d+hvSrY`HYNr@V&jNW7X#`=nCW6y#gi7U&e<hebRshn2Mq7
z1bdS`%I>9Ar!szTXMIHLMai_7(yUg8!)ff4h*|I_!*i)S{Oa9dSMLt}V|S}&)-J6c
z^2h$)cT1Od8yy`+@zQMl@4D@O?ABeOyVaV0X}b8ke%l|X<JG%a0%nC?<eTwNvsEdN
z#pMKr$LO{$Ry2BFwWNU@m(yKMz}D?^XyT)kz!A1gBJfBZfrr%+!G^H})>RT%>mtym
z)(KYU5V&70aI92|1@~D9EF~=#77rqDPk#b;^(JtKS~j>Xj=;^)1X?>0xKYmtGTcH?
z*i61!L!O9<T7}~BWX$8fLHeHIHjA7|{mX{n1a2ClAK10Os#!YdB0v|I0(+Q&y|y7b
z3V63ib-iH*w>_$x0JC`GR$Xt^OY8ZwkLuE4Hvi#K-E^3vw%-jcLH`lHP4{D~szD2(
z?{8{x6hEgd;fF-e>m<_8Qy%g$s{1@lu6h;v@m{>0styY&Q`wA@uns5S7%ayk%)=4%
z{I;M02VifC-(oNlL#b-<3;U6sWhdEJ>>&Guz0dx|USoe}&$1`kcD9*qV6E*`7+J>d
zX1B6dHlNL6Q&}T(vujv2D`g{D4$EM6W@3XWm6pVMu&ykENeti|d=IDLI2?x0;A7YW
zZ&LANH#`GRz*g7@>)`=d0ZZUcSOhn~TuM1ip)j@<YM_#`_XU&-7z&D-C!tJ{YLe7<
zQD8uZ{s3!*WR(*?;F&9jUAT#Iq;0s8;?cYC7QB%n)0x;rN<R_DQN^bO3o#pqp$&~V
z2vbOoyJHvZgnAU%&+I$)4LioZVEfre>|OQ-dxgEgo@S4enRtY)W2@PHY;h~QgEAS{
zvlcd;O=k7%S~iwdP@yHCWm4YD%F?KI)Q9zAu`G&(F%f=+|G>BKH5`FMun#_fx8a}g
z5<CY_!4B9055XF^pG@yPa2wnN3t%?Ynyv#6jHm2N8I?0~VK_Lz3`3wlom>6$$3`Ut
zl3n^QS<g_QLXRLkPSNId*oz3hg*j-abx=im;sn^r%N9$8A`RKZqwWb}5Aw`AgIGJi
ze|Qk%JjxQpmaMb~kvn;+9K>$nHw~5w!)cL4!Gt98s5pJ*n9iz@4}d2Him8u~5q^UN
zaVy1!eq4mJv5}bV!b}pk6cRK&iP#DDDSMmPxs9!1_Y(h_*m&aFFgAq6voLz69wRCF
z2dD|}S_nKjRbR%+F;2^!l8p~q_DlYbZ2S|n*+!~#K0ptOB~+qWgg4+^%AHO@FV<oW
zR?_wbn1w^B!YAWE>`QgNI9mMgj1%*8yjQFKcsce6D%GEy5;>|TDZ1T^8z|AwsbF|F
z`HfbbPbv4QbT&6tpsKMHM`8}rI|WTR82e!o_Mi=3X2C~%!V>-A4i|f$fDGp|56L(a
z?(<WblOJEF8w5A-ZtHcE;Cd~b^sm>Af`x$t>vb^z3ogd(Vf^*&x@exVL1*D?yUql2
z`D5F4y?EJn-9(tD;*}Kx7`?~7C%<}teCl?J5&lX1xREsAAtLuW(*Fw5eaf_utaqiW
zI7cG;5|z<PNnlMRs$H2#$%2Dy4||vt{Z6)!soA7$5D?esf&E{TdnN(hY&VOCIl>2m
zX<1f6z_efgJ|^ge-U433cCxN8U3h~&F8>Qubk`rmSXG21VWU8limVP!LIt3(kr=eh
zzj4@Dea!B%o-RFiM@VMBJtIz%;!Dr@Vs-qn2+88VBcoRA-@5K)|H+Kmkz!im6TU<Y
z6{-bGZ=Zqh7$pt%uNvMc_P4JGdNZ}@hYfGvH4b<*NM^qGf<C2J_ngm`2luZNa3Y<c
zfJ(i!w11tT5CzGQMsScn%-JS}j1}tqTbyIX{!4D%@7JdniIKm;v;OMz72?p^$d&$Y
z(r1h554IohHw>j9`SA$@{nD_u?s0GJV45QksIXH-a<79LLThQ+5-2C=3a}V`8TMA~
zdxVxc7d8kdzy$N)MHa%!sD^xq0+s2=%Wsl~1@29jHeixExRbDs+?;TXYO_}w>I)>N
zN)u5lol1g7z*?$rm%s(sK&SHvR@yqL<8)0*yV&#ledv#{wTXjY`X$%D)izd4ZU5)Z
z{!n|7I6S?s*gw|3LQJ@JA@`rP&laPa7oGM`a<upCk@eti^>lh6R^8xPs+Ug|o~I8X
z&^=mz;^OXi3wQ@RO|~<aOdSe$3+n5>uw(ZhO|!+mFMl`K-)wFdjeNqb{wPbEn9}{`
zT>lQsSkbm*qs!mPS|rN#?~U<aV_gxU%(2|u5*wo3a;-ly-QXXj4DTL)@Pm(njHU<q
zXttS7I#$@G?Nr>s=&`5tn;4%KrQh<G7$^lToydK?q|89%5UB@hs;m=y0#>pOa0b!|
zHENs;Ugamp^{p7Mk`W@r3uGg@v*%bZs!O9VnHuO7QyU=_iAjr!ALH91q!oI@!NqG@
z`uI;}nEAraQl{uQb$=D#-C1fElfQhfFP|7GwdvDmG~P2VNfTQCQDcf|+1)+cA89HQ
z9dCV7?!VTwBGxHA`cv@iHUV?lt?;t&t6(F#QUZ}j^lx0ehCiy9FrS9h2d{yR8|;77
zY3Au+Qi?v|hyCTQLH>|*GhZ1d#feewdENM9VMMQaa|mxq^`D`h8^fhcsn07<Kj=#w
z;GZ;9;Xj8<UMaR=-b!CWe}C983t!bqYS5=H8-Clke*VqF%-kL!r3@VQ@Vi=MBnmGH
zsIW#@NyzW*0`ZA{=s~o#2ljlSAO6?GollpgrTpnyeIa*^(My3=tK?%{RIZ4^5&;L2
z>`y0TI4vs&<$)(9NuLL@4(XRNExH;8sRCqE*x{n^qlT=2mrV5x3QKOF@Z?SkQ&v#8
zvYx`0trWgILt)IT<dWZn_bIeF4*#ZKcStOn+*m)#sype&Ar44oE;gEZ*fh3)-Nu%)
z^<-~fA`5$%eM`Br9^^2JaWXlT?Fb(cS)2Il1N1#xMT`uUbr=b<PJ{IRB)p3T?HbI|
zAU*V{y-0(l8m!dd1P#_|uwH`=8oW+}lQr0+!D$+tuECiaoUOxFTC_#`m?vRZkWDfR
z#W?kUvy9;wAH*!O7;H5fWp4*&mK!@Tt30U#v&mCBFo!%fh?$IXa|dRYXLMjzc~%GJ
zw#jokP=`D>1Y>AJhuk%|vqLsH<!+bZahKuom*MhdxV1C())t|;W}_U#BV>9OS>*0~
zPnzBkW0!kH<A6&8?6TP*C-5a{`WTEuiyF&!6O($PQ^n#SnGa8+*=pEN-w9%$zF4GU
z$ztFBSgvAy#gu_KM#cIM?WY>*9;E$%V1Wi`gAYkY$|-`}$Bwge7)6%dj`<Xij-?Fh
zR0=Kbz||xVui+OY5U*3rQl~C7L>yqoNh&6bsR}l$m{}a?z&R?Wh=YdWLKSmRfzL2R
zpDAXGK1ppD8e+A|2K9#l+E*)mSrs|$GKN^~vhlLx)2Ee~+zkyE84_%<66=T?e`-{W
zvgNYX6tk@S{?n!jks|BWJ1vwI*(OWc-Kdyd4$&@HQDjH3QIQp!?9`T^M#2@loUYM#
z=~HpYL-{*{I<AM_UfskD^?C@4gW>$fLHfiFr*}1%j=lu5Kgwp|YxQKLMod>88)x!w
zx0!i{L<Uew&zR^k`oryJzDknfB+GfjbG}&Fe~sP3Pe@X&K8#OHYDwc~3Mr8Ag^(dk
z-Fzy_muT=eQ8nURh}0-0J^Rs9zJwwE2&aX&g-Q+GBQpgaG}4r3t)XWXg9>4-P(l}-
z(cz$8h?m?KjrG+$Hu@5syg5g*a6sCsYme*q`Vt&GDwkRwL^@9dyp%uA&bQ|hd6^;|
zXvEneZkNs9*=pvLhm4c#wHqsZv5Nm%Dm9!ErCPD?_|Q*znNFH5jrcXH%$I2KH!BwY
zt4?Z6h+J5GgG#twpg>tATnF{Si}a!X1wM|Gj{ZdpZ5XXD3DDc3%SAs*DNfZ>{{;EM
zQegx!BCUfFjoqZ_7a4K2;DNPdYQ8hRlziu~Ya$r0EhXRCXHK4HMYGf<c8zc><dGna
z)yrW6kGY2VqfKVM7Kj1SQG=KIVu$+OCJR3UbfbpXAGp6I-TxB}xSdIv-BS;gr(U|Q
z0(Li?AS!=<UHWLct^{?^fARLNLd}QTi)h0xmU%sVu?7CI=@x!R5p8IG`eb`czUE4k
zib;Y7?s(u4Ut%7)Qu3U|bgjwT=A`=)ay3`#bkVKG&l0{Hm!rATk6luVI3UCQHNW7Z
zfFf<n0me&8q!lUb?kOJx$$nmAE(@W{dS3nI;HAHyXKkDytzvw9l(eNI^rWoG*sH{o
z_Q08RY173^xq2v3s%g@J0usCkDPfPRMAM}7LSjSjz03aNi*;$5bax>Mp5C!c;olUJ
z;0-!cdYdn?NK>J<k;H)5Nl@rZ7^SID#wcPyM$)sx$BoqDlut)VDJk*S-+kyW9X4g0
zl!Hm?P`yAu0Ub?gjcAHgU!;%U{sK9prOz)O@M^Y$N92-hiT92Fh;Pj$*>Ws?yu?+d
zDOW}woiTC22Zw#Jm6~!b&Z9F%9H+|h**rR<^M(Lja=E5lYxC)h=@0Mv)R$1EnWD@B
zsiAL|73U}amGGV)8ZI5;4y%;UUl<`}^CmU&Nxnnky!3XdkO%IdXh^zU%IXMNDJULK
zrw)f}{}2?Pt&l1%9{OrFhc{=EX5r3>**q$Xj^AyOYZ2d(MaPf*=ij!w#%ZdRnN7zR
zyN9>?Vrw+jT9!?c-s61dn_9+ds+F2UiV6YGL%b<RYVU4&s^atD1yV@uVjK=YpFf1u
z8>UJ0W1@G;q(1Do3mi{RjW~+uUjO|CzBKu_3%t77sMqvv_w}TA`XQ{^msqFio%05|
zl77~E;(Q4nP4D*IAT>k`TEpHQ=MFwN2Jnf6l7TO{QR*Xht2wfjue*`-&vDE9llbWy
zDM0R5nN!hnt!9*-Yn3v48*lG@SiR10;h6AW-)e6L?zmHG2EO|?x;akQ7x?imsRxv)
z6I0-8fzmnOGoVybA4;&<DakaJQg2f!eR3<M<knGs?n%l~eZ)>8((8U0z4g8HUR+4;
z|J9TSdy1locPZ2UmG%>fHfYscu1%4%HJ3|>%_iq)E;oqV>~gN=axZ<_9CDsE%Wjkl
zv{{7MO>&_&D~Q|8@<?sgrBAy>9u=IW$i=}~ifp${kzK)Q>W6H%%O$}<PPr^N$SFIF
za(Qr!hC57hg*L`vk*l;ZggC5nwKgV*I}~}ew*93~hfN;CGY59W342m0PN-4i1j6E|
zGIu&vpUB@%)%PBvMJP@=EDU>q?35`!4gU@89Dzw4ttOM)iTh-IFSN>$e59;Ta%ogK
zE%LQNM3E<I<T(}DX_MWT;U10DV7t>H*9A>cn)+zo#d^SO;e8=(Sys=$nFi^-tGkpY
zvZW^e$vmmM)US5bAz$nivZZD|XudR26kqI`$rsNjJCpWp>sDXlB(kMuK6HU}on#;J
z%~!sJ>&TXx`Thk`qdqaB@aVWkvZW@zV4>7cpE_o8va5mom5G0}kQN^iVJ0p1lD{(Z
z0oO|tyIV$V(tbFjr_$FS$xf^zvg1{84FjWag^Waik{2<+_uej*^0}&%LnXbb*WM#N
z1N_*n<Ze}l{5c79`3sf1=8&=J@!hx6Tr<hmn)v=XDi6{MY`)kTWNXdb&_X;I@XE?u
zzO03KASDI{`4XGS)|&b7xx|BRTar%t5~h)@HS>dWi3j1)t9Ol?O3uo}Z<r_b>z@AI
z&J+LbW_GQS@*%K%qI3`Y3*jZ-F@tQRV%+rtFPlkZ54t_MpKBi3NE1IelgKvj#<RZI
zxnv{F+&D{`sAp}B(_31|Mw<9*v!pC>kpKDhywhwlxl}A|=38e=ZQbLs^SA$vyko2B
z24d73kmxsEzom^>2&%mQH}Ly!mCE?K#Zm#6=>h^r7fT61_4!)5%qQqKBgi9XNbP-M
zZW|P>?h!6H1S+O2z!dg8W%(u832xy#VX@#KF&$V%#YmtZfeBecV`#{w8qcMo{G|dC
zcem*ZqW@G;;|JPxsodDE6Zuzdy3{KSpm{yHqg|JMg+7`*kne2Q^|*3hW|u$L!BjeW
z@=<Ga1Ec>`1Pc=L=o;PNEA$;(qpOPkQ|U@wE{1#7>f|f*J-Akveud^!YjttN??eF;
aiQnCjkAC2aC%EYW-SYl_rP|-;hW`UqAngVK