From d6116ba92fc91b1d87c4292f092adfb2810e713e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 17:49:44 +0200 Subject: [PATCH 01/14] Update links to headers moved to the framework repository Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index 3611cf98..87ef66ea 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -121,7 +121,7 @@ void test_function_example( char *input, char *expected_output, int expected_ret Calls to library functions in test code should always check the function's return status. Fail the test if anything is unexpected. -The header file [`tests/include/test/macros.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/macros.h) declares several useful macros, including: +The header file [``](https://github.com/Mbed-TLS/mbedtls-framework/blob/development/tests/include/test/macros.h) declares several useful macros, including: * `TEST_EQUAL(x, y)` when two integer values are expected to be equal, for example `TEST_EQUAL(mbedtls_library_function(), 0)` when expecting a success or `TEST_EQUAL(mbedtls_library_function(), MBEDTLS_ERR_xxx)` when expecting an error. * `TEST_LE_U(x, y)` to test that the unsigned integers `x` and `y` satisfy `x <= y`, and `TEST_LE_S(x, y)` when `x` and `y` are signed integers. @@ -195,7 +195,7 @@ In a test case that always uses PSA crypto, call `PSA_INIT()` at the beginning a In a test case that uses PSA crypto only when building with `MBEDTLS_USE_PSA_CRYPTO`, call `USE_PSA_INIT()` at the beginning and `USE_PSA_DONE()` at the end. -See [`tests/include/test/psa_crypto_helpers.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/macros.h) for more complex cases. +See [``](https://github.com/Mbed-TLS/mbedtls-framework/blob/development/tests/include/test/psa_crypto_helpers.h) for more complex cases. ## Guidance on writing unit test data From f6ade983366d335d9d42151a2ed6a9d83c0bb0a2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 17:50:12 +0200 Subject: [PATCH 02/14] Update the names of some helper macros Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index 87ef66ea..a4a83e5c 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -125,7 +125,7 @@ The header file [``](https://github.com/Mbed-TLS/mbedtls-framewor * `TEST_EQUAL(x, y)` when two integer values are expected to be equal, for example `TEST_EQUAL(mbedtls_library_function(), 0)` when expecting a success or `TEST_EQUAL(mbedtls_library_function(), MBEDTLS_ERR_xxx)` when expecting an error. * `TEST_LE_U(x, y)` to test that the unsigned integers `x` and `y` satisfy `x <= y`, and `TEST_LE_S(x, y)` when `x` and `y` are signed integers. -* `ASSERT_COMPARE(buffer1, size1, buffer2, size2)` to compare the actual output from a function with the expected output. +* `TEST_MEMORY_COMPARE(buffer1, size1, buffer2, size2)` to compare the actual output from a function with the expected output. * `PSA_ASSERT(psa_function_call())` when calling a function that returns a `psa_status_t` and is expected to return `PSA_SUCCESS`. * `TEST_ASSERT(condition)` for a condition that doesn't fit any of the special cases. * In rare cases where a part of the test code shouldn't be reached, the convention is to use `TEST_ASSERT(!"explanation of why this shouldn't be reached")`. @@ -141,21 +141,21 @@ Here is an example of a test function that checks that a library function has th /* BEGIN_CASE */ void test_function( data_t *input, data_t *expected_output ) { -// must be set to NULL both for ASSERT_ALLOC and so that mbedtls_free(actual_output) is safe +// must be set to NULL both for TEST_CALLOC and so that mbedtls_free(actual_output) is safe unsigned char *actual_output = NULL; size_t output_size; size_t output_length; /* Good case: exact-size output buffer */ output_size = expected_output->len; - ASSERT_ALLOC( actual_output, output_size ); + TEST_CALLOC( actual_output, output_size ); // set output_length to a bad value to ensure mbedtls_library_function updates it output_length = 0xdeadbeef; TEST_EQUAL( mbedtls_library_function( input->x, input->len, actual_output, output_size, &output_length ), 0 ); // Check both the output length and the buffer contents - ASSERT_COMPARE( expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE( expected_output->x, expected_output->len, actual_output, output_length ); // Free the output buffer to prepare it for the next subtest mbedtls_free( actual_output ); @@ -163,19 +163,19 @@ void test_function( data_t *input, data_t *expected_output ) /* Good case: larger output buffer */ output_size = expected_output->len + 1; - ASSERT_ALLOC( actual_output, output_size ); + TEST_CALLOC( actual_output, output_size ); output_length = 0xdeadbeef; TEST_EQUAL( mbedtls_library_function( input->x, input->len, actual_output, output_size, &output_length ), 0 ); - ASSERT_COMPARE( expected_output->x, expected_output->len, + TEST_MEMORY_COMPARE( expected_output->x, expected_output->len, actual_output, output_length ); mbedtls_free( actual_output ); actual_output = NULL; /* Bad case: output buffer too small */ output_size = expected_output->len - 1; - ASSERT_ALLOC( actual_output, output_size ); + TEST_CALLOC( actual_output, output_size ); TEST_EQUAL( mbedtls_library_function( input->x, input->len, actual_output, output_size, &output_length ), From 3fe9bf2938163383cd6dff923140c4a057ee6b86 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 17:53:04 +0200 Subject: [PATCH 03/14] Update code style Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 59 +++++++++++++++++------------------ 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index a4a83e5c..390ce716 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -94,22 +94,21 @@ Note that SSL is tested differently, with sample programs under the `programs/ss */ /* BEGIN_CASE depends_on:MBEDTLS_DEPENDENT_MODULE */ -void test_function_example( char *input, char *expected_output, int expected_ret ) +void test_function_example(char *input, char *expected_output, int expected_ret) { int ilen, olen; unsigned char buf[MAX_SIZE]; unsigned char output[MAX_SIZE], output_str[MAX_SIZE]; - memset( buf, 0, sizeof( buf ) ); + memset(buf, 0, sizeof(buf)); - ilen = unhexify( buf, input ); + ilen = unhexify(buf, input); - TEST_ASSERT( mbedtls_module_tested_function( buf, len, output ) == expected_ret ); + TEST_ASSERT(mbedtls_module_tested_function(buf, len, output) == expected_ret); - if( ret == 0 ) - { - hexify( output_str, output, olen ); - TEST_ASSERT( strcasecmp( (char *) output_str, output ) == 0 ); + if (ret == 0) { + hexify(output_str, output, olen); + TEST_ASSERT(strcasecmp((char *) output_str, output) == 0); } } /* END_CASE */ @@ -139,7 +138,7 @@ For output buffers, it's usually desirable to also check that the function works Here is an example of a test function that checks that a library function has the desired output for a given input. ```c /* BEGIN_CASE */ -void test_function( data_t *input, data_t *expected_output ) +void test_function(data_t *input, data_t *expected_output) { // must be set to NULL both for TEST_CALLOC and so that mbedtls_free(actual_output) is safe unsigned char *actual_output = NULL; @@ -148,43 +147,43 @@ void test_function( data_t *input, data_t *expected_output ) /* Good case: exact-size output buffer */ output_size = expected_output->len; - TEST_CALLOC( actual_output, output_size ); + TEST_CALLOC(actual_output, output_size); // set output_length to a bad value to ensure mbedtls_library_function updates it output_length = 0xdeadbeef; - TEST_EQUAL( mbedtls_library_function( input->x, input->len, - actual_output, output_size, - &output_length ), 0 ); + TEST_EQUAL(mbedtls_library_function(input->x, input->len, + actual_output, output_size, + &output_length), 0); // Check both the output length and the buffer contents - TEST_MEMORY_COMPARE( expected_output->x, expected_output->len, - actual_output, output_length ); + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, + actual_output, output_length); // Free the output buffer to prepare it for the next subtest - mbedtls_free( actual_output ); + mbedtls_free(actual_output); actual_output = NULL; /* Good case: larger output buffer */ output_size = expected_output->len + 1; - TEST_CALLOC( actual_output, output_size ); + TEST_CALLOC(actual_output, output_size); output_length = 0xdeadbeef; - TEST_EQUAL( mbedtls_library_function( input->x, input->len, - actual_output, output_size, - &output_length ), 0 ); - TEST_MEMORY_COMPARE( expected_output->x, expected_output->len, - actual_output, output_length ); - mbedtls_free( actual_output ); + TEST_EQUAL(mbedtls_library_function(input->x, input->len, + actual_output, output_size, + &output_length), 0); + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, + actual_output, output_length); + mbedtls_free(actual_output); actual_output = NULL; /* Bad case: output buffer too small */ output_size = expected_output->len - 1; - TEST_CALLOC( actual_output, output_size ); - TEST_EQUAL( mbedtls_library_function( input->x, input->len, - actual_output, output_size, - &output_length ), - MBEDTLS_ERR_XXX_BUFFER_TOO_SMALL ); - mbedtls_free( actual_output ); + TEST_CALLOC(actual_output, output_size); + TEST_EQUAL(mbedtls_library_function(input->x, input->len, + actual_output, output_size, + &output_length), + MBEDTLS_ERR_XXX_BUFFER_TOO_SMALL); + mbedtls_free(actual_output); actual_output = NULL; exit: - mbedtls_free( actual_output ); + mbedtls_free(actual_output); } /* END_CASE */ ``` From bcb4befc08fdcf77b366eb923b88b502ea54477e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 18:12:52 +0200 Subject: [PATCH 04/14] Modernize .function file documentation Modernize the documentation and example around the capabilities of the test code generator. Some of it dated back to before the introduction of `generate_test_code.py` which replaced `generate_code.pl` in Mbed TLS 2.13. Also document features added over the years (all of which made their way into 3.x before the end of life of Mbed TLS 2.28). Document file locations in the framework repository where they have been since Mbed TLS 3.6.0. Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 52 ++++++++++++++++------------------- 1 file changed, 24 insertions(+), 28 deletions(-) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index 390ce716..ef37e9a5 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -14,7 +14,10 @@ Each paragraph describes one test case and must consist of: 1. One line, which is the test case name. 1. An optional line starting with the 11-character prefix `depends_on:`. This line consists of a list of compile-time options separated by the character ':', with no whitespace. The test case is executed only if all of these configuration options are enabled in `mbedtls_config.h`. Note that this filtering is done at run time. -1. A line containing the test case function to execute and its parameters. This last line contains a test function name and a list of parameters separated by the character ':'. Each parameter can be any C expression of the correct type (only `int` or `char *` are allowed as parameters). +1. A line containing the test case function to execute and its parameters. This last line contains a test function name and a list of parameters separated by the character ':'. The parameter must be valid for the function type: + * `int` or other integral type: an integer-valued C expression, evaluated in a separate function in the same C source file as the test code. So this expression has access to macros, types and even global variables defined in the header of the `.function` file, but not to local variables of the test function. + * `[const] char *`: a string between double quotes. A backslash escapes the next character (needed for `\":`). + * `[const] data_t *`: a byte string written in hexadecimal, between double quotes. For example: @@ -31,7 +34,7 @@ Code file that contains the actual test functions. The file contains a series of * `BEGIN_HEADER` / `END_HEADER` - Code that will be added to the header of the generated `.c` file. It could contain include directives, global variables, type definitions and static functions. * `BEGIN_DEPENDENCIES` / `END_DEPENDENCIES` - A list of configuration options that this test suite depends on. The test suite will only be generated if all of these options are enabled in `mbedtls_config.h`. * `BEGIN_SUITE_HELPERS` / `END_SUITE_HELPERS` - Similar to `XXXX_HEADER` sequence, except that this code will be added after the header sequence, in the generated `.c` file. -* `BEGIN_CASE` / `END_CASE` - The test case functions in the test suite. Between each of these pairs, you should write *exactly* one function that is used to create the dispatch code. Between the `BEGIN_CASE` directive and the function definition, you shouldn't add anything, not even a comment. +* `BEGIN_CASE` / `END_CASE` - The test case functions in the test suite. Between each of these pairs, you should write *exactly* one function that is used to create the dispatch code. The function must return `void` and may only take supported parameter types. Comments are allowed before and inside the function's prototype. An optional addition `depends_on:` has same usage as in the `.data` files. The section with this annotation will only be generated if all of the specified options are enabled in `mbedtls_config.h`. It can be added to the following delimiters: @@ -52,18 +55,9 @@ An optional addition `depends_on:` has same usage as in the `.data` files. The s /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ ``` -## `helpers.function` file - -This file, as its name indicates, contains useful common helper functions that can be used in the test functions. There are several functions, which are described in [`helpers.function`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/suites/helpers.function) itself. Following are a few common functions: - -* `hexify()` - A function converting binary data into a null-terminated string. You can be use it to convert a binary output to a string buffer, to be compared with expected output given as a string parameter. -* `unhexify()` - A function converting a null-terminated string buffer into a binary buffer, returning the length of the data in the buffer. You can use it to convert the input string parameters to binary output for the function you are calling. -* `TEST_ASSERT(condition)` - A macro that prints failure output and finishes the test function (`goto exit`) if the `condition` is false. -* Different `rnd` functions that output different data, that you should use according to your test case. `rnd_std_rand()`, `rnd_zero_rand()`, `rnd_buffer_rand()`, `rnd_pseudo_rand()`. For more information on what each random function does, refer to their description in the `helpers.function` file. - ## Building your test suites -The test suite `.c` files are auto generated with the `generate_code.pl` script. You could either use this script directly, or run `make` in the `tests/` folder, as the [`Makefile`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/Makefile) utilizes this script. Once the `.c` files are generated, you could build the test suite executables running `make` again. Running `make` from the Mbed TLS root folder will also generate the test suite source code, and build the test suite executables. +The test suite `.c` files are auto generated with the `generate_test_code.py` script. You could either use this script directly, or run `make` in the `tests/` folder, as the [`Makefile`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/Makefile) utilizes this script. Once the `.c` files are generated, you could build the test suite executables running `make` again. Running `make` from the Mbed TLS root folder will also generate the test suite source code, and build the test suite executables. ## Introducing new tests @@ -72,8 +66,6 @@ When you want to introduce a new test, if the test function: * Already exists and it only missing the test data, then update the .data file with the additional test data. If required, you can add a resource file to the `data_files/` subfolder. * Doesn't exist, you can implement a new test function in the relevant `.function` file following the guidelines mentioned above and add test cases to the .data file to test your new feature. -If you need to define a new test suite, for example when you introduce a new cryptography module, update the [`Makefile`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/Makefile) to build your test suite. - You should write your test code in the same platform abstraction as the library, and should not assume the existence of platform-specific functions. Note that SSL is tested differently, with sample programs under the `programs/ssl/` folder. These are executed when you run the scripts `tests/ssl-opt.sh` and `tests/compat.sh`. @@ -84,8 +76,6 @@ Note that SSL is tested differently, with sample programs under the `programs/ss ```c /* BEGIN_HEADER */ #include "mbedtls/some_module.h" - -#define MAX_SIZE 256 /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -93,29 +83,35 @@ Note that SSL is tested differently, with sample programs under the `programs/ss * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_DEPENDENT_MODULE */ -void test_function_example(char *input, char *expected_output, int expected_ret) +/* BEGIN_CASE depends_on:MBEDTLS_MODULE_OPTIONAL_PART */ +void test_function_example(data_t *input, data_t *expected_output, int expected_ret) { - int ilen, olen; - unsigned char buf[MAX_SIZE]; - unsigned char output[MAX_SIZE], output_str[MAX_SIZE]; + unsigned char *output = NULL; + size_t output_size = expected_output->len; + size_t output_length = SIZE_MAX; - memset(buf, 0, sizeof(buf)); + TEST_CALLOC(output, output_size); - ilen = unhexify(buf, input); - - TEST_ASSERT(mbedtls_module_tested_function(buf, len, output) == expected_ret); + TEST_EQUAL(mbedtls_module_tested_function(input->x, input->len, + expected_output->x, output_size, + &output_length), + expected_ret); if (ret == 0) { - hexify(output_str, output, olen); - TEST_ASSERT(strcasecmp((char *) output_str, output) == 0); + TEST_MEMORY_COMPARE(expected_output->x, expected_output->len, + output, output_len); } + +exit: + mbedtls_free(output); } /* END_CASE */ ``` ## Guidance on writing unit test code +Many helper macros and functions are available in [the `tests` directory of the framework repository](https://github.com/Mbed-TLS/mbedtls-framework/blob/main/tests) (location since Mbed TLS 3.6.0, also applying to TF-PSA-Crypto). They are declared in [`` header files](https://github.com/Mbed-TLS/mbedtls-framework/blob/main/tests/include/test). + ### Testing expected results Calls to library functions in test code should always check the function's return status. Fail the test if anything is unexpected. @@ -126,8 +122,8 @@ The header file [``](https://github.com/Mbed-TLS/mbedtls-framewor * `TEST_LE_U(x, y)` to test that the unsigned integers `x` and `y` satisfy `x <= y`, and `TEST_LE_S(x, y)` when `x` and `y` are signed integers. * `TEST_MEMORY_COMPARE(buffer1, size1, buffer2, size2)` to compare the actual output from a function with the expected output. * `PSA_ASSERT(psa_function_call())` when calling a function that returns a `psa_status_t` and is expected to return `PSA_SUCCESS`. +* `TEST_FAIL("explanation of why this shouldn't happen")` for code that should be unreachable. * `TEST_ASSERT(condition)` for a condition that doesn't fit any of the special cases. - * In rare cases where a part of the test code shouldn't be reached, the convention is to use `TEST_ASSERT(!"explanation of why this shouldn't be reached")`. ### Buffer allocation From d5f2acf1762cdda8f0fafd6e0fd07c334562615d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 18:16:26 +0200 Subject: [PATCH 05/14] Recommend using unit tests even for SSL Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index ef37e9a5..934905ac 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -68,8 +68,7 @@ When you want to introduce a new test, if the test function: You should write your test code in the same platform abstraction as the library, and should not assume the existence of platform-specific functions. -Note that SSL is tested differently, with sample programs under the `programs/ssl/` folder. These are executed when you run the scripts `tests/ssl-opt.sh` and `tests/compat.sh`. - +Note that historically, most of SSL was tested differently, with sample programs under the `programs/ssl/` folder. These are executed when you run the scripts `tests/ssl-opt.sh` and `tests/compat.sh`. However, for new code, we prefer to have unit tests as well. ## `.function` example From 93fd15c0cc2d2c2d65019bf5c9d448bc1447324c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 18:38:57 +0200 Subject: [PATCH 06/14] Tips about running a selection of test cases Document `SKIP_TEST_SUITES`. Tips on running a single test case. Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 42 ++++++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index 934905ac..1c5208e6 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -55,10 +55,50 @@ An optional addition `depends_on:` has same usage as in the `.data` files. The s /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ ``` -## Building your test suites +## Building and running tests + +### Building your test suites The test suite `.c` files are auto generated with the `generate_test_code.py` script. You could either use this script directly, or run `make` in the `tests/` folder, as the [`Makefile`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/Makefile) utilizes this script. Once the `.c` files are generated, you could build the test suite executables running `make` again. Running `make` from the Mbed TLS root folder will also generate the test suite source code, and build the test suite executables. +### Running unit tests + +You can run a single test suite individually. To run all the test suites: + +* Run `make test` from the top-level directory of the build tree. +* When building with Make, this runs `tests/scripts/run-test-suites.pl`, which you can call directly. +* When building with CMake, this uses `ctest`. + +To skip a few test suites: + +* With Make, set the environment variable `SKIP_TEST_SUITES` to a comma-separated list of short names, e.g. + ``` + SKIP_TEST_SUITES=constant_time_hmac,lmots,lms,gcm,psa_crypto.pbkdf2,ssl_decrypt make test + ``` +* With CMake, set the CMake parameter `SKIP_TEST_SUITES` to a comma or semicolon-separated list of short names, e.g. + ``` + cmake -B build-debug -DCMAKE_BUILD_TYPE=Debug -DSKIP_TEST_SUITES=constant_time_hmac,lmots,lms,gcm,psa_crypto.pbkdf2,ssl_decrypt + ``` + You have to re-run `cmake` if you want to change the set of skipped suites. + +### Running only one test case + +If you just want to see information about failing test cases: + +``` +tests/test_suite_foo |& grep -Ev '(PASS|SKIP|----)' +``` + +But sometimes you want to set a breakpoint in a debugger and not have it trigger on “boring” test cases. At the time of writing, there is no way to skip individual test cases. Various kludges are possible, such as: + +* Edit the `.data` file to remove or comment out the boring test cases, and rebuild the test suite. Remember not to commit this change! +* Copy the interesting test case to the top of the `.data` file. Remember to update the test case in its “true” location if you modify it, and not to commit the copy. +* Copy the `.datax` file, remove boring test cases from the copy and pass it to the executable. + ``` + awk -vRS= -vORS='\n\n' '/test case description regex/' my.datax + tests/test_suite_foo my.datax + ``` + ## Introducing new tests When you want to introduce a new test, if the test function: From 4c244c09edc5dd24ee939afb2914f0d580241c10 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 18:54:42 +0200 Subject: [PATCH 07/14] Document mbedtls_test_set_step Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index 1c5208e6..3fe79ebc 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -164,6 +164,31 @@ The header file [``](https://github.com/Mbed-TLS/mbedtls-framewor * `TEST_FAIL("explanation of why this shouldn't happen")` for code that should be unreachable. * `TEST_ASSERT(condition)` for a condition that doesn't fit any of the special cases. +Older test code only had `TEST_ASSERT`. But in new test code, please use higher-level macros where applicable, as they have additional conveniences. + +These macros can be used in the `.function` file, but also in auxiliary functions. If the assertion fails, in addition to marking the test case as failed, the macros cause `goto exit` to happen, thus the function must have an `exit` label. Often you'll need to write some code after the `exit:` label, but as a convenience, if you have no cleanup code, the test framework will add `exit:;` to test entry points that don't have an `exit:` label. + +### Output on failure + +If a test fails, the location of the error is displayed, as well as the failed assertion. + +If the test code runs into more than one failed assertion, only information about the first one is displayed. This is usually the right thing because as soon as one assertion has failed, the data is probably in a bad state anyway. + +When a test assertion is in a loop, or in an auxiliary function that is called multiple times, the location is not enough to know exactly where the failure happened. You can call `mbedtls_test_set_step()` to declare a “step number” which is displayed together with the location on failure. For example: + +``` +for (int i = 0; i < max; i++) { + mbedtls_test_set_step(i); + one_iteration(i); + TEST_ASSERT(intermediate_check()); +} + +mbedtls_test_set_step(max); +final_checks(left_output); +mbedtls_test_set_step(max + 1); +final_checks(right_output); +``` + ### Buffer allocation When a function expects an input or an output to have a certain size, you should pass it an allocated buffer with exactly the expected size. The continuous integration system runs tests in many configurations with Asan or Valgrind, and these will cause test failures if there is a buffer overflow or underflow. From af7496042951c70ca9480383301697e2d6a81718 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 19:48:09 +0200 Subject: [PATCH 08/14] Section on constant-flow testing Signed-off-by: Gilles Peskine --- kb/development/test_suites.md | 13 +++++++++++++ kb/testing/testing-constant-flow.md | 2 ++ 2 files changed, 15 insertions(+) diff --git a/kb/development/test_suites.md b/kb/development/test_suites.md index 3fe79ebc..42d5ab74 100644 --- a/kb/development/test_suites.md +++ b/kb/development/test_suites.md @@ -256,6 +256,19 @@ In a test case that uses PSA crypto only when building with `MBEDTLS_USE_PSA_CRY See [``](https://github.com/Mbed-TLS/mbedtls-framework/blob/development/tests/include/test/psa_crypto_helpers.h) for more complex cases. +### Constant-flow testing + +We run some tests with [MemorySanitizer (MSan)](https://github.com/google/sanitizers/wiki/memorysanitizer) and [Valgrind](https://valgrind.org/docs/manual/mc-manual.html) configured to detect secret-dependent control flow: branches or memory addresses computed from secret data. These tests detect library code that could leak secret data through timing side channels to local attackers via shared hardware components such as a memory cache or a branch predictor. We refer to such tests as “constant-time” or more accurately “constant-flow” testing. + +Constant-flow testing was added relatively recently in the history of the project, and many functions that should be constant-flow are not tested. However, constant-flow testing is preferred when writing new code that claims to be constant-flow, and especially when fixing a timing side channel. + +In unit tests, use the following macros, from [``](https://github.com/Mbed-TLS/mbedtls-framework/blob/main/tests/include/test/constant_flow.h): + +* `TEST_CF_SECRET(buffer, size)`: marks the given buffer as secret. Call this on keys, plaintext and other confidential data before passing it to library functions. +* `TEST_CF_PUBLIC(buffer, size)`: marks the given buffer as public. Call this on outputs before testing their content. + +Note that you need to call `TEST_CF_PUBLIC` before `TEST_MEMORY_COMPARE`. However, it is not needed with scalar comparison assertions (`TEST_EQUAL`, etc.), which make a public copy of its argument before comparing them. + ## Guidance on writing unit test data ### Document the test data diff --git a/kb/testing/testing-constant-flow.md b/kb/testing/testing-constant-flow.md index 7280f16d..2d659e8e 100644 --- a/kb/testing/testing-constant-flow.md +++ b/kb/testing/testing-constant-flow.md @@ -1,5 +1,7 @@ # Tools for testing constant-flow code +*This document is an investigation into test tooling. For usage in Mbed TLS and TF-PSA-Crypto unit tests, see “[Mbed TLS test guidelines — Constant-flow testing](../development/test_suites.md#constant-flow-testing)”.* + Code that manipulates secret values (private keys, etc.) needs to be constant-flow (often called constant-time, though the requirements are actually stricter than "the total running time is a constant"), that is contain no branches that depend on secret values, and no memory accesses at addresses depending on a secret value, in order to avoid leaking the secret value through side channels. Ideally, this should not only be enforced by code review, but also tested or checked by tools. This pages list some available options. From a6576695c3ebc0d7b25af211361df4b572b75d29 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 22:39:37 +0200 Subject: [PATCH 09/14] Debugging tip: reverse debugging with rr Signed-off-by: Gilles Peskine --- kb/development/debugging_tips.md | 60 ++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 kb/development/debugging_tips.md diff --git a/kb/development/debugging_tips.md b/kb/development/debugging_tips.md new file mode 100644 index 00000000..ce7fec53 --- /dev/null +++ b/kb/development/debugging_tips.md @@ -0,0 +1,60 @@ +# Tips for debugging Mbed TLS + +This is a collection of tips for debugging TF-PSA-Crypto or Mbed TLS. +It may also be useful for debugging applications using these projects, but that is not this document's main purpose. + +This document assumes some familiarity with the project, e.g. that you already know how to build and test it. + +This document is written primarily with Linux in mind. Similar platforms such as macOS will require few adaptations. Windows (except WSL) is out of scope. + +## Reverse debugging + +### What is reverse debugging? + +Also known as back-in-time debugging or time travel debugging. + +Reverse debugging allows you to go backward in time when stepping through a program. For example, a reverse single step after returning from a function goes back to the function's `return` statement. + +### Tools for reverse debugging + +* Gdb supports reverse debugging, but not out of the box, it requires some complex setup. +* LLDB does not support reverse debugging as of 2025. +* Visual Studio (under Windows) supports reverse debugging since 2017. + +Reverse debugging works by taking snapshots of a program and recording its inputs and outputs. It may or may not work when the program interacts with its environment in complex ways, since the environment does not roll back when the program does. + +### Replay debuggers + +A replay debugger records one execution of the program. It then replays this same execution, simulating all inputs and outputs. + +#### Replay debugging on Linux with rr + +Install the Mozilla Record and Replay framework (rr) from https://rr-project.org/ or e.g. `apt install rr`.​ + +If needed, give yourself debugging permission: + +``` +# The Ubuntu default is 4 which is too paranoid. +sudo sysctl kernel.perf_event_paranoid=1.​ +# Make this persistent across reboots. +echo 'kernel.perf_event_paranoid = 1' >>/etc/sysctl.d/zz-local.conf​ +``` + +To debug a program​, build it with debugging symbols as usual (`-O0 –g3` or `–Og -g3`).​ Then run it once to save a full trace of the execution: + +``` +rr record tests/test_suite_ssl +``` + +Then `rr replay` gives you a gdb interface where reverse execution actually works.​ You can use [`reverse-xxx` commands​](https://sourceware.org/gdb/current/onlinedocs/gdb.html/Reverse-Execution.html) such as: + +* `rs` (`reverse-step`) steps into functions​. +* `rn` (`reverse-next`) steps over function calls​. +* `reverse-finish` goes back to where the current function was called​. +* `set exec-direction reverse` changes `step`, `next`, etc. to go backwards. Switch this off with `set exec-direction forward`. + +If you use a frontend, configure it to run `rr replay` instead of `gdb myprogram`.​ If the frontend uses gdb's machine interface, use `rr replay -i=mi …` instead of `gdb -i=mi …`. + +#### Replay debugging on macOS with warpspeed + +Try [warpspeed](https://github.com/kallsyms/warpspeed). From f5fab757f4c3b6b94a6e056b5e31bb4a87a808ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 22:39:52 +0200 Subject: [PATCH 10/14] Debugging tips: sanitizers, why and how Signed-off-by: Gilles Peskine --- kb/development/debugging_tips.md | 86 ++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/kb/development/debugging_tips.md b/kb/development/debugging_tips.md index ce7fec53..750a6264 100644 --- a/kb/development/debugging_tips.md +++ b/kb/development/debugging_tips.md @@ -7,6 +7,92 @@ This document assumes some familiarity with the project, e.g. that you already k This document is written primarily with Linux in mind. Similar platforms such as macOS will require few adaptations. Windows (except WSL) is out of scope. +## Sanitizers + +### Sanitizers used in test scripts + +#### ASan: AddressSanitizer + +* Documentation: https://github.com/google/sanitizers/wiki/addresssanitizer +* Detects: buffer overflows, use after free, memory leaks +* Compilers: GCC, Clang +* Compiler flags: `-fsanitize=address -fno-sanitize-recover=all` (in both `CFLAGS` and `LDFLAGS`) +* CMake build types: `ASan`, `ASanDbg` +* Used in: most builds in `all.sh` + +#### MSan: MemorySanitizer + +* Documentation: https://github.com/google/sanitizers/wiki/memorysanitizer +* Detects: uninitialized memory +* Compilers: GCC, Clang +* Compiler flags: `-fsanitize=memory` (in both `CFLAGS` and `LDFLAGS`) +* CMake build types: `MemSan`, `MemSanDbg` +* Used in: `component_test_memsan*` + +#### TSan: ThreadSanitizer + +* Documentation: https://github.com/google/sanitizers/wiki/ThreadSanitizerCppManual +* Detects: race conditions +* Compilers: GCC, Clang +* Compiler flags: `-fsanitize=thread` (in both `CFLAGS` and `LDFLAGS`) +* CMake build types: `TSan`, `TSanDbg` +* Used in: `component_test_tsan*` + +#### UBSan: UndefinedBehaviorSanitizer + +* Documentation: https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html +* Detects: null pointer misuse, bitwise shift amount out of range, signed integer overflow, … +* Compilers: GCC, Clang +* Compiler flags: `-fsanitize=undefined` (in both `CFLAGS` and `LDFLAGS`) +* CMake build types: `ASan`, `ASanDbg` +* Used in: most builds in `all.sh` + +### Valgrind + +Valgrind mostly duplicates Asan+Msan, but very occasionally finds something that they don't. + +* Documentation: https://valgrind.org/docs/manual/manual.html +* Detects: buffer overflows, use after free, memory leaks, uninitialized memory + * We don't currently use it for race conditions. +* Compilers: any +* Compiler flags: N/A — runtime instrumentation only +* CMake target: `make memcheck` +* Run with: + ``` + valgrind -q --tool=memcheck --leak-check=yes --show-reachable=yes --num-callers=50 --log-file=myprogram.MemoryChecker.log myprogram + grep . myprogram.MemoryChecker.log myprogram + ``` +* Used in: `component_release_test_valgrind*` + +### Getting symbolic backtraces from symbolizers + +By default, ASan/MSan/TSan/UBSan display traces without symbolic information. For traces with symbol names, you need to set environment variables: + +``` +export ASAN_OPTIONS=symbolize=1 +export MSAN_OPTIONS=symbolize=1 +export TSAN_OPTIONS=symbolize=1 +export UBSAN_OPTIONS=print_stacktrace=1 +``` + +With Clang, depending on how it's installed, you may need to specify the path to the correct version of `llvm-symbolizer` in `ASAN_SYMBOLIZER_PATH`, `MSAN_SYMBOLIZER_PATH` and `TSAN_SYMBOLIZER_PATH`. For example: + +``` +if ASAN_SYMBOLIZER_PATH=$(readlink -f "$(command -v clang)") && + ASAN_SYMBOLIZER_PATH="${ASAN_SYMBOLIZER_PATH%/*}/llvm-symbolizer" +then + export ASAN_SYMBOLIZER_PATH + export MSAN_SYMBOLIZER_PATH="$ASAN_SYMBOLIZER_PATH" + export TSAN_SYMBOLIZER_PATH="$ASAN_SYMBOLIZER_PATH" +fi +``` + +See [SanitizerCommonFlags](https://github.com/google/sanitizers/wiki/SanitizerCommonFlags) for more flags you can use in `$xxSAN_OPTIONS`. + +### Sanitizers for constant-time testing + +See “[Mbed TLS test guidelines — Constant-flow testing](../development/test_suites.md#constant-flow-testing)”. + ## Reverse debugging ### What is reverse debugging? From eb555f9e50daed85ef9dc95369fd211ee6c14707 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Jul 2025 22:53:00 +0200 Subject: [PATCH 11/14] Debugging tips: all.sh component with debugging Signed-off-by: Gilles Peskine Signed-off-by: Gilles Peskine --- kb/development/debugging_tips.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/kb/development/debugging_tips.md b/kb/development/debugging_tips.md index 750a6264..282a6b3c 100644 --- a/kb/development/debugging_tips.md +++ b/kb/development/debugging_tips.md @@ -7,6 +7,28 @@ This document assumes some familiarity with the project, e.g. that you already k This document is written primarily with Linux in mind. Similar platforms such as macOS will require few adaptations. Windows (except WSL) is out of scope. +## Reproducing CI builds with debugging + +### Getting the build products from `all.sh` + +Normally, `all.sh` cleans up after itself. However, it will leave build products around if a compilation or runtime step fails. If you want to see build products from a passing component, add the command `false` after the build steps. + +If you have a wrapper around `all.sh`, note that passing `--keep-going` (`-k`) makes it clean up on errors as well. + +Cancelling `all.sh` with `Ctrl+C` (SIGINT) makes it clean up. But using `Ctrl+\\` (SIGQUIT) bypassing the cleanup. Also, you can use `Ctrl+Z` to inspect an intermediate step. + +### Editing `all.sh` for debugging + +To reproduce an `all.sh` component locally, but with debugging enabled: + +* For most builds using `make` (without CMake), in particular including all driver builds: add `ASAN_CFLAGS='-Og -g3'` or `ASAN_CFLAGS='-O0 -g3'` before the build step. +* For builds using CMake: add or change the build type to `Debug` or `ASanDbg`, e.g. `cmake -DCMAKE_BUILD_TYPE=Debug`. + +After changing the source, you'll need to re-run `all.sh`, including its initial cleanup state which is not trivial to bypass. To speed this up, enable [ccache](https://ccache.dev/). In most `all.sh` components, you can enable ccache by setting +``` +CC="ccache ${CC:cc}" ASAN_CC="ccache clang" +``` + ## Sanitizers ### Sanitizers used in test scripts From dd6c76eb0efec7539f3eb3d55fdd60a0220c9db7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Jul 2025 13:39:32 +0200 Subject: [PATCH 12/14] Add a section for presentations Signed-off-by: Gilles Peskine --- docs/index.md | 8 ++++++++ index.md | 1 + 2 files changed, 9 insertions(+) create mode 100644 docs/index.md diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 00000000..dc04b306 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,8 @@ +# Presentations + +## For contributors + +### Reviews + +[How to be an effective Mbed TLS reviewer](../reviews/How to be an effective Mbed TLS reviewer.pdf) + diff --git a/index.md b/index.md index 1ab94685..8a36ebfb 100644 --- a/index.md +++ b/index.md @@ -40,5 +40,6 @@ project/index.md reviews/index.md security-advisories/index.md CONTRIBUTING.md +docs/index.md kb/index.md ``` From 5fb36364850b8ffdf6d4f47f562817cf74adcee0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Jul 2025 13:40:36 +0200 Subject: [PATCH 13/14] Upload presentation about unit tests Signed-off-by: Gilles Peskine --- ...anted to know about Mbed TLS unit tests.pdf | Bin 0 -> 518458 bytes docs/index.md | 4 ++++ 2 files changed, 4 insertions(+) create mode 100644 docs/Everything you wanted to know about Mbed TLS unit tests.pdf diff --git a/docs/Everything you wanted to know about Mbed TLS unit tests.pdf b/docs/Everything you wanted to know about Mbed TLS unit tests.pdf new file mode 100644 index 0000000000000000000000000000000000000000..af118a7f230636386e33c13b0098ed33696fe5d2 GIT binary patch literal 518458 zcmeFZ2UL?=v@RN|fS`h*iF83i6$nM73DQ9zR1rivp-LB!rXUi!^p23wQPEKCN~B2( z2+|b=1i=Cb((n3%yPW&Zx#PSy-ne7jamD@TZ>!EV=QqDOS9S!9&S{ECipw$33Dko> z20BTeQ#{`GZVYsaiV~*5SDYl&?fmULyj>)W>|C7uc%;B*Va@>*VDC8Ue3lp;nZY8R(q697)522J#=qNgAJox_5vV z7{)0HJ+!0WMILFW8jmDt)I8FsNp~`&Zg^z(-^t369?Fr13H7vJq|R-4{yi0_tN+JTfV{!%!Bn97 z5-2A>?*LyQ3m`v@tNvOh{&xOO;9AQ>hG$=DS|+D?NPUB6lBd8#pn5>QmWK9jP7eN{ ztd1vGL0KNsz(``3l;i>b?HAMZ_JYc2O7f5<2r3%+dOMgn`CpU(8X{rpbk%>q0k!>; z`u<4=nh9vk5pAdDef1(}>=e&w*;70+$Wt~vU@^S>!5sW}_H{tZ*E`?}=!B$Jq#Fqn z2~%G?FTX3$TpfZX)J-JLIR&B}oKRY7pj}ftdp}TQU&r?4;m338-=c#W{!4V4Xb*oU zUkObQAewVd4&IJV68cVFF8;1ONJ$wvsFt6nd{eU513+_#5N!#9D z9sZ^gzPCx}N-mdpy0g4G+?MtK_GU{;i)9Tq>K%ZOP|tztk9V*F>GI`(&hYnk-8iv*T{MwLVku;QQDkR_{yo z0~Qg=Hntzyh95oXWbF+Ynra=8FAoXX-TYB{i!iNoJ6}tQU>{L5b>S69yDHC(tDCbw zN>#>N$M%$!_SV~ypN5AoZWP&l>3F*Cer;Y&(rDDBa%6~0qo*a_vN!nCzyu%m>Us6^ z-Wf(qb4qGo(k^S?YPs&8w3s(AkNasbcYR2nE;kejKS379_Yqg;r%aKIePEK3dnYq) z`BZw_!bOI*+kI6g=a{{EIjZ>YKIMs4?z2AclYh}^>J-qXVsjNRvw$q_t;MP*c$RTN&#qgfpE8@cGvHa@a;!PNAo?pj!; zUvFD0p|!Z8&ilnxHkt4U1ZGl%T+91UCRms-( zCE>hzx;tNPJDfzW9E_+E=KyDhtn8Ei&ql_()=Y@Umm@sIzwKkm!Nv^ zF&5=7S8bM|Hh9eF4)xpa$9^kLRNV#B!p9Zv=j5&|>Z5TO^C*WHBiZ!4nx`{r=A3Ka zBd>h8WhQ!aQBY3wIA=lr{a6L#>R|1@m}%{_z8AVOjL4sY$e?&G%qZpS2K$wjk*c$d zbl;A7GhFcK4~`BsRf~y&zkSHdTvbvd?xx+Yfs3vGWT&4%`_uXyy|g#Q^>-!aUu~qX z8ysiurqYyk)C#ESp|U#0BI+sbdJ6qeQu4jLL!fyQZ;$=?3ZaCV+hR>w2C-&puCZ+x z9GpXV$6rX7&rvdC_=T02>EsE@>@*(zsuuwzbSh$mL_Pi^1}0)OR=S@Q)9U5>O$UZ* z++Mby6L>LyTi4wyC)}k=*v-=XbyWJtLFYMYfta%~7S3dMPOWHU+YT`@o#wiq^p5GY z_|emCh+5}~8q-5!ss*z~j-4fad?})YZeE_TMO0u%V}f=-69a9YiO^Y!0g9Kn^?J8E zZw{Yj38FsKeO?!a zQmce(dQNC_xN;eVeq9vp^G)Wm*+fdjZ(!K2`SQ6Hq`JK6x&EGF4z=s2P{P*ONOk&a zxNNoKkxHvO<1pRgt=0F|t}QoPOMl2qF~*k}&Egr%^N_7i0?1`8Kj6qu4l!V0{dw4$ ze#VP*nQ_OaKP{J$9T<6xZbCZyUH;)3P=T>`+?;1R@wn+`(vaF=tv7{5{yhldN~{b9L%{mKJ1?NHlMsPI7*jpObM$Bg$-=m+tlJ;|N4{7^mrwFI~{? zr6=LN!cAwG9Q9v*?hbSmckldqUrOY24EvogH;rinMOqacV>eM`k0Y7Sv>ZCe6~E0~ zYg&G2)JWVRQ1*I{3u8}g6~kEb3&EQ_-3j?|FIq}jP8lo2sP9r;U%WIW6qV$GZjkP? z#HpW_S8Kb@@xzRl#;aRM};>9 zUPXs_^YsYkAoe^iT&@&Uug;t8r0+2j?d-y>P6&!Gof}BMDc+c7B=|zm)hO)Sx!k*p zitlCO#8p(=bC#p}qt7WHbx76{7l`gWYWPwxX4jSaai1V})UO)HhE$pqg0cP1si9V? zLgFd2z=$`QtXnmU4h7R_nrU*bfO|C4{F&XR^iTY=;ly(sGw3C-6Q6>S*A4bPsom-2qNGGv}2>u+5; zc=+HJ-Mkd`7{7n7OQdl{WRcgc|ChdJ;lYaQUgv@oqx0jK(bmqXoU_8UZz2 zAKRwF8^4nL*L0V^Zg6%phj>L1ziD${SP=ZyqbK~4_U5sc1CL_zoknLoX4}=cX&nmR z*KZLj&#;JR1m+9_w{2Oq^-oFB2}3iRIZ<4i4B3UcwngazVa z&t0)NWt71gG^p4hcHPpMqrJlIQwN46FGnk`DZ4_Oonfpa@Kb#|yhA1SnA)6UU8s9c zyZ)_17{%G(`Rd#6IR);Xg1@ke^(ZcTn-SOHv9Xli#89tY3hNp?8zs$Y6(^Z>_IhIA zPiM8)GUp08J|FF#$Sl2}al^y}xyMc8D(e?#l9ZU`6R6@&tx>p~O%o7SSfC@6Q?TPD zX{648$?TAp=vlnn(X8vps}H|WJKW-*tiayiAE;^w>qYX`->>Y6R&|Q4(`E?XE<>Vb zImb{ZzdZ4f^Y`b*%B9Wwm(AP0J*ac$-1rh@-4W%hKM7w<)D>B8+476n@l-Qc|2!aA zNHusrA(7l|Q{%?CnOLR*_1B%u&TJRC#6Xe97AyCUJJx4WF>A!heeM`xD8@+|7xRbi!5)08^bs4RtMr`Pf zu`f$PsSoo6y2%8_oV5O$ZXqFd@5zr$)(biWscoW=LFH**#&6vW7G~jFj-wwGxTdw7 zw7YIp&1~>`xq5y*(^IezgG;&W6r8u9X~z>eG9EmE;dzf<<(l`PN0uO7yspK^Co z@KUnBWlly9pcIE4-Ss|cv5c;&Uw_N}@e}{s+aGg>?JK7q`9j6Wn|b;{5$(pU z45-xDQtFOAQftkm&c<0qz+=R4xp3!J!(t;%d-(13MVF&Cj-;pknL8(@y24H0zX@-+ z!N1i^%Q<2=UAS}ND>yw_bP+!Dpr|!t=Y(Q=IO@pU<#*rjEs(ut>bS^s^~uDdDc@tu z`brTa_f;Ob{)K*vH$QRRA_4IZFSCmI-{_oKk&5XKyV*>W;`rCYT5nFjV>;$C8#A4o_0-KU`+da<`&F1zPCI+jlIz{?6E7SvC12&%_2BrJ z1RR9j0A7Uw6~LSxX4nixiBqsBOS3 z-Rw|p@>3SYb%f8E9lyAB?V>hJea(WFovR_fpcMY2S-Uf7ajoM_Z(HdtXG518UEeYK zhXkvht)T)|0)#wgk_;0C7ky>Y_RI;# zN3Qah1Wv&3&9L0r*euLEVcLF$|NV`_)p8+xyu8w0(VxAEZ5%NHZjWai)$r&;FE1_& zUgH;aVq$waSjvEOT&@Yg-ob>_%Vf*b6xJ*SWnSQA)7?%e7OlklJxkGDaZsAFJmEih z!-6I-Y$>{P8O7OU(|KT90atO)l0TByfNbJtJQ zAY&wJ-Of49TgP=fx5UolL-j3*yoGbh^6mZO#$NBbL#;2~Cx6^6_WgxgGnwjkJ4G=u zF89sd)k*m2v?=QoBSw09$eAcy`&vp^(2+v{tyc_H;*T66|K>cX$MEZDN^T5qj^X%g zwS4ciz#mRR_bfcsJtJ0SuX}W(3lx})ezf_m8Qe;2sqwU7oO+xl$fJHuv1s&G&e?9% zU9zN4!Ydy!1WKhj*R|dQ2|Ejh>bpV$@?pP9)5#)kJr_Ru<4alGVXfhuN7lUb*N*y} zZBNWUm0|jjN&Q;YOeyQTuh*FLT<>1{)aX5C|0AgPy>e-Ef=!N(IBn~>b8@%P9X(Tz z`||A~uDRc|p6AnY3AgUE7MZry=hRM|@*JVfqhxygne1#>%LIS=S*3?p7f!Wq*u7$l zJ?%5bG6=8J{-`|Nd}&dt1TSx8M}Ai8Iaa!0c#h$2oZaMc50hCYGVsSz6 zr;lD@PrC8md%CVn8@lsx>Swnh-`?ggJUw@VL5>pf$So?tIMM{aCVdrDMKYCZkueTp^V;=HAlq*4QPQXN|VQ>@B~JtUhd4KCDO(`|#+^ zi}qN7$bs8q+^l z>^!uMcq*gUnK=}(+ueLtU`u@Vg@Wy5S&2B?!<&gGwT*aa+qb&j zSm##lc8uZIPu=eKHy8*Nhb@#xo+c~|^LcE?F%BI%J^Vy*B=M6{*r=R6d01J>!ZXo1 zk$73fMe7SI<)2qZ6}DC9+vHd`=d76;8&&ptT9woGV$X;S@3uwirRl2V>0~^e^I&}` z*JwCMh2$vDYXld1zt%H$Wy-Zx1Y&LM2+HUUxX81J7@UfbmPVRoXJ;nkja$T>nm9K$)2TQ0aHBM#3b(-XBW6kuo+C7HCJ1!;qAc zKP92XEp=}XZ(oxub`DPeq)a5#(Eff#PQL2io>#oRpzM*n#P6)gId#+D zIT0O@lkvUc4P{A4Ik>-)BvP`na#H`!lI*?Pdk;IJtEr<2BO@b&T?YSPdmms)8duTI zFqnY>Oc(}((ZHz4m|zs(iVXaNksX6kk*;AdT{4cpuTf+|zsr!rV6kWzf)!Kzbxqy}N`t?>F_=1xhMM{SH5JW)0|#hnY3S(T4D<&N z(z7!iJq+hO#?8ff?D%n>6XGX%_(b`S9~Y8Ch@O%}B9YuDPbLfYQE^yhq;}Wo{^cAos(Nqip75rdgX6HW7FZ@_uS^c@T{%d0snip81{b~I@v;S#cj9^~ml#~>d z2cUV8kq3c;f{~JnSCX3PtnmRmpQC(IQ8aM1)H`)AX!)g4-$Cl8pN{1O@`Jz+XlkUH z{r4tz{r}U<{+`%B^BRTGQ;>nhqhN%oz`lnFl{|_RD#5`19Dii+M+g4sz#kp>qXU0* z;ExXc(SbiY@J9#!=)fNx_@e`Vbl{H;{Lz6wI`Bsa{^-CT9r&XIe{|sgY8|)?H`ajt zHx3>;p_0h|3y*9nxG_+WQaB!#j_TK@EXl;cbP=w_lms?hN#s#D-dGisARV+CVsKcx zJt&}Wtfv7J6e2+PsD4%G#dA`nzia<(Gs(&r;%eQ@)8P5xdS za6yC?0JQU;_evTKmP`X~^uPaL!|hLwq*MZ8|H~nmz)CPe`$rbsK9UJz4Ycb&)jR@B z0NzvrN>~YzA<#gd{}$W7F4EvIV@)9fzz2*ZP;vX;NLdP+{w*v?P0-!HRG1_|Nevzd zDdz=vGqi zzi#n4@QbQ&)HLR@05nWs&^+{DaDVAX*?*!303qzNav||sLluC?Xf?!v^njqTpx*vc z{8m^97+-Al}UVg&`rxC}Plv!bd{^1M`G8;fksI^)QgcX8*mg z`oGm1D0%;Rum;el08C&XqQELJlV%Le}xOsqJgN#(!;xV*e3PL93`~ z5^lf<|GWX#_ZPU5bYvfveiIXFl4X{{o1hUM2emmc0Bpzs>iq=_5bWcdim9hF|Lso( z9Y!NL^e}-!`^%OtM$S(VXV7WLf|GF#XpW|V25Ht%OXbs9)RF99Rkw{X_8bifCUtrk znAfP}`L>~~<3<#c-E8Giz<&ejf&wsSA%Y56Huhhr>4JtVZ(=07CP^{q3F6>PfJwuf zNaDYOK85}T%mW+=8+w83#{SkAoN48|bu04u<~sFdw*h~ytTf6#DjS3`(AihfM5p$ND;3R#Rbn5oc_$yKn( z4N(a=U?V_nQ11u8nqQWN+ha$8jo&2G!-S98;K{hCz?vcg`zV2Ni;v10QChCy+L#49 zZPLkDfL#Xr2m6y9nsSpJ98<Hzra4;VB;EqgF!)2UKV-_5h1m^_PJT&PXk#Cv@bWsZ< zX*i|>lvxPE0$?`!kPeV5LK-=yN#!>bKkal7TD&MgLNKFbr%aBqUN#aeO9g|eONd$n2ft?ouMkYXUG#7Xi zI}Nrym|z0nxBH7ngn$J?5)#!Q!7-#b&=V5t(mw$FK6%Ns%JK{!1B`wTSur#dJ??&U97tDcFjGr{ROa0q$M6 z<@qQJ@VN);5gyLco9Ux6=9I`D&`B{(fP^YXBm95D3bh3D@ z2W~`_`Pw}+gL$sxjafP~Z%fiW){5y0 zfznxxXubf|s|+Q+n6J?pq(85mAqEHdbzz~QAjnL*up<_VE#6tG%!)0B65G>v+2)_x zz)VMU9^4J~p8{h8%4ojbVhFAlv13c-*ILv$Vdi5x4{FlO7B`Kk!ti+pmI!TBBo9C# z-y$o6bW0i^&C!%v!BJ7lP_*n|6EYi1c@<00!O)bE&J6%r-k|J@Ae6ID+s9Ufq#^K) zj#rCoRp8mhG@S#wgYQb=WVV#XnCuEH0$9UsEW%*al?)M!$ZIeV z1QG85Tfyi8;8dlBRLCA;_|`&L0{rGaVPGpg{+A*`E)8H*HXwkiVi2$af(g7z799AO zekkSe7Z{PqgSD|fDFXSoVgcQR$|RurAYTb_DS+UxY#fAKWca4?7~DZ%YWo1hTMWDg zX^`?_@`v35M`6yR)+P;9}bY--2KEHDM^Bdmv^1RjL3RjY%m|Okd z7ru4WIL{c7Z$xDWbk025^aCf%4BVSUo4IP~0)2a_a0OEnT~5=n1Xje3o0zU;PIy%G zp^}BDJ{o0><;RU!9lShuZ@Jp&bC&dd%R9F+Y!~KfhnTxpS%G^yjFeO|$6l zh4EbUx!C1UEf{yDjE-Di?4<*Fw~nuxoM*Ys{Xu5F>&`DX<+CL`+k@$@?!lG}3`;tX?hp>{Aj-B(BA$fG z?X01<5KKR`inQK8aoYWw6&SIU%4~Oys1}&QV_d{k!GWKZSs!NaZ2Mj~IW*&5x=gn4X%`uMaA!d&IY-6H zMNyf%M|o#0|JmA<3b9}hM#IP*YBCVJ&5*p?b#YfetXm?D_1+i55%Etu=xp`pDalW2 zER$dKu9hd0j|L4bw(UHO_+EQYSi)Fuh5$-UZw`F5k9f&&S>a3IRJ6qTJyW&>6>1~X>v&(7!d`CTb z-gpo85@u*%cwS|#KX&zQS|=v0BOV#5BDsTJKmG9g^2cA^_}M*JV?u;(!nVSo-?CEL zj=06Pd&M%}&mGq-#fZrrw1RijZbOgGF6S2!;-u^z%-3IKsJbyS;6wX>i}(5!_xde` zHD8ru#s`xhi6sAG=IUNY*pEEddH=*$*dEQZ=PL>4HJERh05*f;e1P#%_Z^|&nC=mKe^E&za8!j z4`coa)Zc<$r4a4gRcCu4?h}D#N$0^6o$WIp;TKCbNB&FN;<5KeVr zoFTG(DR26I>5+HArc;kn$;l0K(-x=k157VJYuR*auxj}6OLSo+-ws6$SDDZ|2C!`- zl4jI7k!|LkMBv4o70^j{;aG%5B-R0xdIer+M3$k_?5e|UkZsy@c?emvQt(ifxq;{@ zbGgj`p?bvrb~(a8WJx137O==W35D2O= z!pkx$AwM5oxmq?|!(5h8>?mIfU&cp+DuB{r0SiwssRV3N-4KL|B-)H(RHZKkOaVk$ zx3l0)>&4VW`vMILj$A7t0&k3<5J(cJD3F3r5V``62V&ZazteDkV=~0_te~J9;(_*n z=|j;cNI@i^i2DJ>?+k?=#PodhFjuSxUiMLj8VFgXk!QhaE?Wg6#?U@sLTt!IlZHNu zQwX1VKn7@B$(72|#q^I1L_0_F(VibOxi$Y%0Tw9$Aog7N;16bU5t{jFg$Mj=<+tXe zEHw-n-$rpN*`F*{$$(if4nzm|cv`PAOIe=&qMD}}k#(NdhPmjb%)xPvP>#5>U+eP2 z!$jN;lT9XYl=c27P2Wv)_l_fQ!yD9<~)H4!*# zOq*)M9?Yz)>q?kQ_Qz#wGhyFQez{x8>fN_r^zOl`@Scit5kb2pJ=3=S38|N2IoDH~ z@b@1!axbdUZucT}!YXe;mHkdG@`S>D~FuNfTi%85XNO5xP&f zuV239JZFJd-+7mjzX#*BdM)T>)3NQkTxx4oe>T9`>oKP8SJ11zZ666MoB<({iub`Aq-e?ND@sQN$xJ?5>Lp?_j;G z^}$SyRm1e~4AluTVy@St74u5*Tit`A53Re>PJEp*NA{iwvX3}+*NbB^*V$p}XSI=I zOUyH2$wA^YuW3R;DACJdGD%atqHF9UCv3Y?ag|fj^g-y{N=Xr~;$rh!>S)@Mj0y0% zsYiRdRNRzTi_mU2;PyqrtdbI=9CcXf##(7^U07*)q1~=K*KD#(a>P&$@YkXcwyBo23O;0^HL2#jN~S^rU;z>bP-~UdG|{#;uo`Udbc}3`$o>>Z@B&ACk@KCUmg#?jKN8~`t@nH_rim$ zogDU3m5SZ^0q>ZWC~f%jpq<^);p85~|YrqxWi+d(di@{%CO8rZQCI2Q!fz&^3F-c?w`C9k|*@QxJwJ|8#6K z7}2I%wJ$>eScSqh!2y7d$?yz-mfF-P`$7#tA+|SAkPngop1j5=Kz7M!bAh0Ux|G zV5}g>(WQns?Lh#FkwSpB!qS_dpnQKLXdf35k@gsCC~E@6NFeC~5mh}9%1P=0jD!+f zYPnafz{O=Nqo(rdbPyB4ABCZR6^p^-$kXYrT3ywJC3}jGrVA))sU89Ba^ZPWVO<}U z4|lybzszN=T^~cnEh8!)X6-r<0V&z{y20-9!GCaG)U)t<>wJdV{=kVoL8A0^5R=9; zD#3Tn2H#y(H+^jL!?K-!4_0`aA%3F}ASCt07dIlR&T?0&(kJdvA@kmKnw2Ecig7+N z%l02mjWlyUd7t^SF?y4#eDl%iyW{@oPtUirw%r!o{8}YlC|Tl@H|&m>Z2a7D*Uqk(kY9t>TX zcO*cj>ebzvPBU!#H1V;L+ttSAM}Yb&Inq2!nfqB?H!09E-E|({xNdnvZgxb*Hbg?- z!5(ZaoSOoqM5!K%vpjv`^APK?XL zp_o~A(sa2Gc%$E!464D>rIdp$6HbY z4ZvHfq54OYU&qrRT)`u?h#0ZsfhF-Yr%RHAw$YYUrQCBM7Z*>XD+wZSwi1lceJb!N z$_v~$+VwuI4#wIUV@@WiiYu*WIT)uiR4{}QW##x~e7+?9&_|Fsh1aki1)Bf~#+RGM zjWO0?Lh~BeryZUgPns?GiJi{4nN54#U$C(85F*+*3E^9kK62Tn@FV6*Q{qjUD*Sku zTQH+;smA!(lLz3vb#3{j%qoldW>!}MIcY1eAk9XR{7r+!Hg%WUJ9gSOvX*72+EN4d zVBDKxiEY( z%iV@7xNa@YJo|KY$Gvi;#QQN7|HZMcd82ubHh8bnv+v=}<&M4O1`oGBKgwD;ZZ7ij z^Og3qn-=%f#Fx%{ddM`Lfw zB#Q3AaPup#pG}TrY;T(D@g6^-^+9tsuFMpnFZuRCIx+nd5z*x*{Dd7R2@t{zz!Z>5gkl=El>?b5KoihYGbgk0K)BJ5`|;T0F=!~2Scr9 z4w6X-x;{#IEI}Kf%}p(>joAVWP04eq6o5~~)QmcY0Cr?SRuE;M0u&$sBt|t9(%|&^ z#@%ouR&I;^Hj1DynzSb*sY(s9K!|q$va&q2Sqc)2 zL=tGvA3P62VFvL01Nwz4`6=3Rs!BDJR(~=Y-4p?R{z^(yGHWdqfENsa7fNyow-gPN z=t^^HFN`bs{iH(vwH@KrK>Z2#i-zBqmbUDNh!>vdmQyT*(9!tm`H|THHdP=x(lYGl z{hkoZP%$+&mb@{?{f&G1cz8XIp)AJX237n-yGqi`Q`@aiJ{z-lk#l0HX?I)Pu4IOY zuKQ9pHr{qoN~M+Qzj&4FyZD#k#s{{W9(ypkonM2R(&ZAT#@OB9mv>lKtFT_D zgHG(YyM8D#cUE9NniNWK>9?nmD$-Q43Jl}#vq{j^zE5hz?}VCG(x(DS;%v_oR!*3*2GW1kOY zS8;SKpj8x}IY)PS`Wl{(ICiV&bqTKO)47H-p&_|oOXz%S19>_~p~W@P!AjEUM77EE zG{lwhv^Np1nObfr~eN)q~W zDaGJ9tGM>!vw8%|19Nq8Zma6i*WXAMei<<(eT~idu z^Rbma5rc6T2!h?5!#H?EB4;JcJ|PU@x-CR@8rxQX2A)o%Z;Y{BAtrZbM3Qos#&+YL z+>zxDxrUwbRIONoxTK~szUE9EMoLR9LP4m6;CJW(_R>w<#n;Cfb8kdx3R{~X3^EC= zhU<}7clY36wrAxn$S zh&NZ<1PagX3g>tq*0ky|P5c<=N@)ImGb$(z9pPigJI_hQM35uJt}b2YWpWPBn; ztHZm@p4dg+Jf~YcOg|xQoWuTTs59I0>9A^0#j#JhwYe(2y7iPXcSLkw=cP@iQD@bg zMZ@uQ#u~Tmqrje@E*0f{^2|ttYn`YNv_X~vBrgQ4QxDj_s5Tx?vg<+UWPW5*+MpY5 zss0dHv$SHrM%;;sZuZ|c4$goUY=9R?eDoO=D>CrBPmi+*2LS^tjJ@n@X#hDF13N() z=^S;qlrJw=TJ=!3I658NfkvD&Qx1{Z>f_xgRmQ&|&PHuG3nP4`t(HqIhIQL+@Co_j3q#W zsiaosC3IuRwbvqD=*uY)^tVjksy!ZlfL#A_IL&9q_TnC_S0w$A4ELMhG z=jKP9{Pl#5RF}`e+yxrB6P(8PSb}qO?Q|Cb<*9m^D04%-QdI@>_Q4e9=Z;8r?xf`j z*O|oB;p;U`e9;54C`0=+E#vfRCp1ooT_1M}XN@pUFLpxViS>@)jz?svY`Pqnzv_|c z6ihnCi^MjtA_jaZ^aNfAEx-;Y+A0f9M36CBc?o-%==Mp8nrK(*4rmvX68tC>+Zz)f z6se#Z;**IFh+4#jDulppy%@Cf557PI(4YyT6xP4-pptyxdY?!l?RoNiDtR$-4vg$z z6nY_@j7=S2Ko>B4B0F8%5~?P`s=%R=MFAFNUumw819CIf#-q}K#TIo24r`UfiM-<4 z0+n;kPqVt}8*aO-YV;^S%^;3lJwMq;{Z;~{7;tkuHllTvyVlfx?13h#mif+Wb$cCl z%Gnkrm6xpRj5QB58}1ivxL*mR4?R@=ow;8<0DW0@K9jNa)$T=YxsHv(1MjKMB3H(n zgJ)bE!0*X?zR6-Z-Ph6MJ9d_*e^p6^+9J&;J&^lR^0wi;c~7N$d`JB`eC$?=`1p>Y z$*;Fe#=<9?Def>2(NjLj(rm zo&Z6FWe^9(=t2k+0*$c5cHI7Y?n`@ROsh1#b}={31j~neA+0^=+9bwo+ue{;5>DWt z&YVSyJ1p0`bA;)teACWO2|Mm*`nKRSz1z!6E#F`9J;)Hrdv&BgHt78h%XV71t&W}K z9xRi!6!A-bx1{-r#mn5+Npj;Ob+Pz<&d(9=)iJATo?cpSV1k+O#}B$J$6G2FaynB# zpPjC|;<|YAWb?-vM2!1e?;8Iw?V=?miNyi#jo>Gm3|1Gy$wMKrsjiOERi8 z6%ubpiZEjd=gqUtQ`&vB&2b_I(Dt*wX?EFkB%6jDvmk;7OF;wT5RmVHMc2wPOM>hN zeJniMGzN_YnPY7Yu;Yi7#5dteitnh^WE2_Y2U=rQ_h8bS zCU+&oy*d0>q(hHBXSRM&Zf)VD$Y;xfl|fw7m=Dm);aj$&^**q@920o&W74xk)8`9q zKPyf&Q{c=(Z--boA}%`Fmmc)Egw6;t3wpF#<*_)4FZ@|mhMCdMDRZvqI9V&ejHb7; zI;)F#mkIyy3x(>_gQJM3K6T*x!tpsJFS+#$x+ONgXs5b@kWIT3iSGy7Mv8rcVnSuR zrp?7sPrt1+13V?Y()XQ}Oh_GP2H6X3Qr`4b9g_hQaj2_q#FXYQ} zN|CK9r%9%*=CJZjFE<(ZdM4+D!QfIPO&Zdx%w=9PJUv70`*XCy-M`-y{*;bEV9 ziKX43>FxepfG02&k7(wd>Bp%oL_ zw9>nNnhVZoY5jA}*ly_{V!|FQzmGDfR7E#A00bhiZQ|F86-`%igTdwsFas)J-up;! zqFX$o$4zO_WnR@X4e2s(d>s)Kk>3Y~MViTe#h<0}KS5`@3|hI?eH1Uc#oZKl(0 zHOREzmUYNiv;1p2^(XJrLkv#L_v{mg$v%J$%KTYfG(92Br5(Fx5XI ziT5c}*x<4XU2H(}2;KbG;2f(2T!2F34H+A8=__@$6GhwG7dgKqhkyLR+>=qNRo8-E zG<7V40|t?hPG4r8YhDYl7(tL(f(-)9eSi#6DXH2T+UB_$Jp2Tn*fOi@6)QvaNt zGzzkI6H))j7>CMCg$##EbHzSNJ#J>g4dmpjZz;Q zoR=_t_<<9JW=TT1T3(py+YxkM#2!m{I#MhQ^Ip6+@}9Tov!TY0f$c7lr9T_l<&VGh zU6=mR;lPE6ta?ww!>5<(Zd4<#33}d(9vV59Ti-b*vHe3IS^oX=v$$=M^CDwmN`Ywe zcruXO>|W81;F`KA94C-8XRq^9hC{zX{_et6%eJr!!g&!#n-!B!yt#CNJ$qfS1Z{Ta z?P>ANw}BbCkNEXRRGY=7o>-tqs-6bVX4SeCrai~KdXQz315Qrz^ba)+mqpRIHMbP=z#L%M*IJm-Sjm zs+^KLYvv zZQ@Nph=>4#NWd0PCJxw$GXMrKi`@_tIg^LF&(9!D{Pc2RR{DoS5D3^4*X_^UCpYF* zsVKo#C;2fz-bCmU~%c*fg+F}mI zpH^H_o+(wvjB{61$*oywR%yS*e|u=ny%GA*rd+wE;PCu;9miWUmT$37bTr4J4@@yf ze=b1&V3D8Dd*1l{+^~XUT;*s|(Ao9D2z-IohuoPA`{Jg zx%L#uU-G3LAB+Y80X;!L5$runfjnlR20XHgO1sj~l%Oc)XxRq?4xg%$+=v$h0EKT! zR!_#%_J!o{R{`s%K36wb&3#$;P2kKU^TfhD(d8PW)@AK+DzgqGBcdXwe@uE!B?J9# z-o!???&8bk_6cTI!IpS$`mqr*!CK|ld$1x`ZHZrn@te6Vn^_sOjrXI(#Cna{Hu836 z7u-Xx2KROx|5}5?>Y7g;!`B&Y);^yaUhF$12EHodb>n;YB~R@(P$x!==kqy-S?}rq z@EgX9!AfqdO=k0#Vnjt9?k>7zOw3eD{dghspNKMb`1DBF6uRG%rMx;0TxEYQEeNXF_h9m6vyo_;0C6{VlD(~#pt$XtJ0H?A9K{@D{b*p4!n$^CNs0fGLO3B(+>AtPn4 zWE2Gc8AJgTE5KC)7&r`UDp~1sH~IaYsU0`)O3;;DpEMX}*ADDHF-SwwwE~EMEDN}2 zFA(hK6AvB+?jL}`e&E1Saqw{OP{M$;rt86dfSJ%X2Nn%slJY85>{rt00QHa9F?G&q z0p$P01c($?G$RTie=TPMDgu-ADsxU8q>3Y%KfsYkOG5wHX>ZQ^WcFZ@mgqo9E}AS2F^q;>$MU?I0A&V4a< zf!}!szI-RB0Url(*umU0C}#}JO1TM(`vS4wq`^r25R9(%T1g}m__FePF|p2qGDtnc zUU<}&n&YJEt6^qT3MTHXQdh$0yB3fBcLpw!ItTdOFJmxU?SmE_!!=Yr@~p-TX%Zi& zepE2$95PK^t@fGn0#(0!nY>?cw5*V?O{C%~kndf8k&HpRO zUq_CxtnN~P3Wc?(K~SlFOUC_ARrLBdCR8fAeI+CTP`>y0q5nE z6qQ;NAk~Iyqjh**eSg&DE}H36DoXyKKXdpfq2R6ALFp?ncEJ{lKbx*7YnjpHc03_`PMUq`TT+ z&2fSEl9TtVl3f5E5w5rzK?W(R`h*1OLyi&E0ow<--kzN(h;N^PTzK%?5c?;`EVbJ# zs;P9II8`D}3*@I2g~ZI6&0{LX`cK|4%T=5B(tzx_H6YsMZ%AI9b+WR|88f26uXjS+ zwFDD*1pjOf2Y#D8p2o_`8I67iv2u_WNktF#>uIM(C%KH*fZ9r;gyd zWuaKyIZqSKq>wP++D)0%yFmbHxgs|;&R@jYyh4QZS>VaT)5nP}^V<61t{}+IDNfzM zg0tzZz;L|RCdrsV7yyhHrlMj68FO*!7Rfq61V93bTvdqI=Nsozo>2y!<$}=QA&DK( zfCfR*FC})CWU5EDxAxmP1BC&g)VlF+(*Hl0dk?TEmaScwq!I+lDnW)Qd4L%*NX}6* zNRZ5sB?(9n0VSzOlq5ML5+x}aM3jsOh$ulof=HI6w|c<6^_;!;`Of|CeeVD4z)Vl~ zs;cgHy=&E4RlVv8b}q+CmPnx021M{Alp%{hNO622P*od1CK-B6Js|WaAJ_#MbhJ+Z zY`!OOw4(+INS%Su`dDPU5)=Rc*8kWYI5N(5&~!l_1y}{xW{7oAq2UM>h@o;A01rU% zM6C8Ch&A|F0iz`HQ~G}fre38MxE#Pq0i5Br7>UdPJkrBzAL+@xh>-~X2R_)5KrE0f z=&MP|{2p={)O#>3j*UH9p}B?|?my-wor@YaFLd9`;8Y}pl)a%49jy!o4hG~aTm=j` z_=OzIlroFNpwGudgZwyLf>W3E@XU<79p=Fgj0YfsnS-^H6`_m+HZyTxfV7>FsMfi- zhxs5Jf1;UJzB`7{SmkS*b?YfJ(=8Qp9c8>PsPon3-bUsf9U&_;!4Im-oxg`X??=R6{YPofvE>~b~H99(hENC$=50lJ9Vb}`I=nG z?|N}q_4!*wOWrdy1H6J5;4^;{zP%Cq?x1|-Sj|LT@SMz+`2F${hAO*l5wg0=G1+W- z-8!mqr;ETWp#;nlt|<}_&?*B9PHPY`Q9f7q>UkI`pD%t5VWGGj3bm)Y6U!;kUsXXj zb$Ksc%0#a5K|Tt`zx4Q1KZuKvq`!Z%|KeL?@O|G}?YQ?@Q5OvzYj{1Cvq6b4puQ-?9%zfWn=JY+M&?M5QO*M-?MM%F8r)(UB6j$AHnZSlIJNM|G?%- zmN$jrtj!V#PrsLA)QLHZyq-50kwKXdyPnfSNxX%hd@DJau@PuwT|QVpuOEapwOUwJcQDbmoWbsQnJ30Km7ziCBR4L1S$_n1ZEt#6^Tgv zwhD1HH{1jsGBAT9iJ(=K`zp9WKo8NQz-mKJF)nR}n(rQ)^H^lko;Cuw%168c%^eQe z#Xz_KEj6kiC#B#$G*f_B0RgD!CYmq6`M^5@R(SDP#i6(%r2CLr_Q~ygE|+W!_yh9c z0c`*chZM9fLlzxtGzLNo-9H1Vhjt{a_9kF1^L{H2r!KcgmJnir>mz_G0^;g2@UClp zLAxyB!O(01vhPt)`~lti${S)p9t_5V!I!Oe@=xx7xPqkpRV26yGyfzc3CITA*QWI) z2RKS7ARVMBE{}lya#~<_m3mI@RWkC2Te&ZMK`@b)rb2p59`>fi{lwsMomxp?6n?fE zV??i}>L9|d|1KQa(`O5dIYlR?D#&qxA zCMwPW@-wyK>;sgEGpBL10&dsk%RN@FHwb>cWkUJ`L%wbuzVe7g!t*|R+wg@De-7kh z-=*gr)peE6g5V|8C5Y1?99RHe4d0{CqG?t<@y*MU(bM7lLp=S%p@BO~h9-}D7j#uW z8nUw}KNo-YbiGPjexNJ=bZISYKjP+NgjJ6>7oP%7x~jgmqCheDJ znTBOusjuMbjl8SX-jHYz)IKN*znaZ7tRZBYo~D&B`{;yk+(JPyvt?Eq`BN?xH;m@* zp2|wEXs|UCFP5U}O2b+hbEW9V`jEDhDJsbop;@t>EP=gtWp`|1k#V{PG6gxgIUpq# zSB1+qJbqb<0c>3g;o=fV2qFN!_t$JBF*gbYl1KEzRRi*NOh!N-AS<|)jT}cvaeAHy zYHBYlio6{YizJmmCIMvyEU$GGUfa_IdMlyqY}dnJuso>kE=Ny*o@?ho>O8RzoNlzD zf=v0J_7phdz!yGND&m7d$eteg=)lBEqL1Tc$kbeuUp$V~`9NWL2wNboy*CIo3>W~5 zF5MTQnvFd1hk_>?Lq2sa(R%mn>$uI>?13VMOTkD z^1!XNNdhxu5Ho{X%Lb}`^!GGSLa3J|O2A6L{;B7{(xDjuZQV}-3BVAy0j0TrX|pav z?4os>fG;K~qV!}Xx5KIH0B;QJBR#z^eDo`Pt%pOtXiEvCP4q!5jn~2O9HUugJ zdGB*^R5;2&QzIc|a|gaV@*|isV5^_Zdaq2#YY<0e3{HJ7Ng50Y;UplTM4*O2xhHQj zp9Ff18ruV0l6%^o2PKsun=w?W2@JL#mg7KjlmMz33=m2v!YCtD2m4_FA9K+sS+lFj zOL(SJB0R}Ukgtf%l!!;a#Yo5;vTLIV->y0_v9WJNeT>MK2PY<;r_@0txuk;3zvyY)yCj7Nm^sCNa3OQ($jleESG7= zoqu3B5(QGZ$+_n@jeC5)*EWnDZ@wVs)}3P}4_>Z~T1XYJ|Vkh1{ zr}FQ!K(5p=cK1LY5W;A*-{?|RN+Dt^|0<19tk|H|P+4eJw00pbE7)*#2kd+yrEdefnm{4O*^aQ0s=W)JL)^S5?w|Z9rqdMqP*I zj+pz6abWTYC6($yIt-v3%p(0EM-U1I9Xq>g0L2nU#|J>X3KN(y1k!de+5jYyY!9ZP z-hx?eA-EbB94#J1uz*#v1NcWz7Lgf4z)nHbG3=8Mxz&jP@Q5Wz z(z!Sq9SHGC$-qD@8V>=7c^OgxFxf@56wwUTXdYWE;Py)GY0YJwOr;7Uy`9@5m#k?A z%{GC7O9W$((F(qdtQE)nD;f}AyPc2yZCE(p zIrl1a539sH|2g230H*;cw+FmvSh3?92fN&suJ_aHzj zNkR+{q8LYPJCLjj0THY?7zC>lpx=*K79bO(Nsq+T0a}Kj=95h8d?oj@7Pj7X(EBr~xlyf_y22zhh_V z#4)BRY0>l?Pz9o{XcTTjg!;n%$WzJ%myMx&c4Qa+gzttN)Cea!`C{CEEX9ua5QHQF zmHu>!RPhj?SP_`YT!Yf8DB$&g_PPBRfq!)qtlogUHjo&Bq8WCWyZJxoV<1BN2ZeK^ zBETF9cwm61xdFr{vwJZ5A>b(hl#!qVpNYt3G&|?p1Q|qAxmrS@Pz*INW1|F$g{29= zN(_jVL30?&A44phN+?Yz3ej=~2&e)Qz6o5YU}ZuK!0GldfAqN%+Cc@C%7h%4+;({< zfm#stz>S;%PEST+%qRhTNPYJODOyD$1X2s%XzNTRCD}r7soEOlugOEmw z5(X|bfjkN?2e<(?DRMZG$pAjUi(Y-qf?_*jI8}g~vzImj6j&gu3Ycn;xC#R0AG}ow zcn`>dz{iGIMbD%`gEx)X08{}EjxPk}_{c2)N9cc2C4^Rl@<-55@GIcsWAcLf08U2p zY3LC|Bnf~g50>I(oC2}CA$KLrvU5$=Rsb^ z5oMtn6?*~Qhog8P`W(;=jOD>Oh(96V0ulyLLu`Q$Lx2+ifr1D*I#-wlMfM@m#5e#P zj?Vhk6?}GAJvBdh6h{wd1&}e0zyO(h)gJN_5FC@x>;~*Pu+g!|jD3hDfyIXy)j1FN z?4sxZ{GGY9nf^w z7zXALWZ1wv@MJ||@*tN1r(pvQguDc>&`3okRmU8F4-cY8C^-q7iYP%aWoeG1(hR6R zhs=DA0-dUw*wZA0LF=B9a&t~m0UK(Xa;eL7__CZ5!*`v_ay*m~%0{x0;}PncRk#wp zC=_c3$ihM}GjighC)m9VEGwY3;|H2`OF_#f27(6&`{A@k4T4}SK&RR#=KNMU_0)8dhmIKl`&PW}@6La?m2C!8M-+e*s6bdDw&&94pXRm-^uY(Az8O$-E z02biFx}!B@U|O1G)I7vqgD4Udf zG8=f3JWPP8phPin7klIhS&_JL{H*q2R9;|;3GgL3R4ECJ>wIz;l`9BtXBJ8o1m$C^ z;>iH&lG-`K8X>T}$&#vsTynsN#cv!q4w;D(CpeFPm1&(w;4RCb1Bz1EqYq&fwT-w~-8hwT|sAeN4$06m0GIvzd zfy+6Add?_kTTl$iS<2ZR^~ZPUWLax>OE;9Ohl?8wU2PlGJaTjQkg+p&gCY1pt@7i~ zynK8|wUpdp!oujH*}oQJg0B3xj{Yeb4mE`C<-ha{l$*A7huTpBWztcWQqH!H)-WEp zl)EKVe@U2!ACzZ0`pm`03(7W`yZ%wcNeC|GWqVZJ35nzdbQM{>hpTj2B(b z{MYe9wZeZJ?_X7{l9BqoVimfo_j-U^Hsx9&RY8#5gyS2Z1ib4o=}l@bW_y(xGbOe_#JwKp0(j z>u1p}?^Gup(cTO6rjd+>&{kWVBUfAo%BjHGh-jAJSm0{2<&By z-5ytNwKrk9<`7b5u(!V@*663))E7Lovr(pM>cFm?r{NmM6%aTQ@m!eke?7L zk0u{>kwOx=j8-#P%{UjYU{z`L2A9<5u{J1H$k$aXnl{V$WB6kSNb+O4+`pw`g!>f3 zi!aeYS><)ya|KeFEsCj={6$~RUOml*yq0U>CO69HlYqcnQ>go{fV){Tl5tzLZsxW+?RcH0-a>cnnFm^A3rsrs%S4&h zxNkGVMGGe{ct-bC_zXYTdN^XP@M(0BqT1G@tW(^?gXwJ7GCgInf{97jz{lGsB>Py+ zWuJSy)!ygRLoThm1{^-Ud^QWqpOV@8g8x=M#mxu`HCH*+USByZPpelQBx9W2Mp#Xl z^koNhVRQJj&KeJSsT+MNFuWNozZ!Tj^LX*7jN9KswH7r?YYO`~b5p_51 z>!O6CFq0p2eterGdUHO_T(NV7R@305hCs$m3a=4Tnaq11_!zp1(`xri-pO-S#@A*M zZa&Jm_2~VJV$}<8&G7JG^oU0pq-RWMCOWvcLM&YoGgn7LTY_jQ?!Ss);v7yAyLne< zd1IpE@spB$R049p0K_HQ4XHta)#eCYyJ^ z=bAkA3p~d-zLHPZuR3fk(|vgFGQYMf_8oK1S~2P`xs?|}{%;zkX>Mx`*EDy7s0aE{ z3$A7D?&9fYY3(j12LD6D!Dj_+pjzlN6todSFz_#Qwt}`W3?c^T6VP?Ex@%p!1Vnm( zqH)gPI!!(V4EzgD0f!-i0mtNdVGzwjM~+n*98|ORFb67+)_SxEHy2B7YmX~%O<8%k zjP70MhpscM&EpNc`y@29DlG+)n*`<9ZNpd*Z{8b2KF%??j*CRjiQGvQXOn zq4QYxeM4Uq?wZ(XTip*uOOx;Sr|#2TI^5g)G?PEGMAs-B(C{2jp*DorLOGLeu=TQv z(4}Yf&v$ntXAW0-+IA$~%=9R1zf#(4in`|KT`7N?Ql?a2#w_sKjg6XjDKnxb(^EU# z-)3HEq?`JC2Z{xVT?kO!{q{{!VBNs)U{W`I<0hNM%ghT?2vxsB>BIwVu}y?@ivegf7i#H|xCp0&i^GZ}9lhH`8I}?9zDSn%m}&vaLJ*4(T&0 zXCs0vY888)ZnL@#n6&%8WTacAr0-Cna(kvLU7fCh`&i=^J^dp7AajL_`itx>wZvN^ zLiouykmO95;S4jm2Ni>6>fSdi+y*;ySw&Y_ni( z-Mr*1Uz8I=nKs4r<0u}3(o3nJh9=0s&qLib=9`RDof1% z8$J7NH||RJR!U_TyL%P|cdCd5KKm0!erc;IcFgM|uICo^l14ni>^f<*B`zSt|B3C4 zGGbmf2t#h6!pN9UX~&IOEC^SJo4BDJx2l;jKC8j-aS?ge$W46y0_VB36gY?77jpfn z{-B=WR9jnR4&5qz8jg^P%n7S4F8zwdvOBgR910~CyjFsB=2HvHvmxTc;YK~~x46j_ zl0%5}io!Dr1vBfeY-$d(@I0kRN$=AmjL`Ic>+R5G5!uT)kxj~eI;Y?fVWB34wdZ9S zX>NA$66Q0O7ODmF3>FW4sEOMttKC+UNgSsO?6`R<=tYYxJ-Pb_%dVo_rGk}G?uKK& zIA2-mcKRBnyR@7+XQE@vb4QU9QfX0fJV`b=G@nT*U?EhUYJ8-P2A< zqmCm#Nnx6FBBb@TzIlM5g5s=qvxtStY^~}nO@39fXQh^K6^3WB%mcPa=}5^6a=|+{ z9V=DFm;v{{`7FTXsGf;KsM?47cJggesNSoKRArNCAx=6sMBsQdZu~vHgn0Q&?!)e_ z{DN~KniNT&TNcUB`M!WLTeW992D}f}km`xJ5^$!J^HnX68G&if!Ftt!xzhETgKOco z#hq-kSr)nBS+a@ir9F%R>^9+un_jOf?&;{7d$LH4OK#j8cek|-O1QDPFqrRS_*%dH zV=UR_r6@5=FG?Ibp~Us{q4OQJ&$+s;?Nk~v2P?k8|8!Cl>wW&IdFdg3rVDppJP0>H zhVtb*m5t}ne|bz+)`AbG5Gr@p#0i^Zvc7w7RI5yNnD}C%AfZs#oLXBhZwhv#La~f4 zIpdH;;6i3`jDjF z`CRh+^N>6^RRG^x$NbvT>K%OPZ;0u&jnWE=f&kJlA z^L_I2IE(n*_+HLisqBvhHnet}35TSqwzFt-YN8F_T$lLDX5POp$~;t7ckY}K{w#y} z>ra;RpY2_J@ViN3eNxhDp5Cg;oS`}t$o@#^H0IwmOFx9`eNdyh*u~UPLRlLwDqhSj zYX44*=iP93>O*EDwauHizP_CrIicVywZXvoAhvymKlQ;7YTc4Xa8ICM`WLndKm6~t9GUR?gViG3VU5zfLoT7^q;+Na_5p>fAktp;i)ATWWgoopeXO!m5KBVq zbZQglt16imLCT^ku8!Ba$l>T0F3OD7ljU5V6_c;LWE6I!d=W|Nw#nahpGQ~8v^S)| zC|gfGY4rBD51YqYbFgAQZB=bi{k^%p@+MV6`DID9CcEf{q7JPW&Cfq*o!?l_8*mQY zvA>WIT(Vt}k;S@pQe2q24T0e^7q83HasDdzS24b2B8)l5MBE65p$6delU4?q{UBN+ zPA5q5Q4;4_lYO}=m)38>c1wk&A(B2q$H1fSBWAn$f=Ahs-%15(WOro9eanE6Eo%Ztza?%n`7wz|~uNgFF zbX%q)Z`&p*joHwAsaP@h7U1pKsq}$`z_RP7d7X?R=93+r!VkKnQvwvr_AF^GX>kdc z`fw%e^>FCRp%iA84^Q8xJ)3c5bD3rI&BTGCzNl_Q21(aQ8J#J(C& zWqQcPu`{IUKz0&Z_S4r%hpJt+C2`=aG3UNz+brSA^oSLaeKzw~0Wmwv3RTuka+2Gz z&uk@97TD28Bc3i_+*R7n#`Q(Jf)K)SPh@mgO1X}Xn!_85>{x_oiUa69&v z(5bfDfx2gS5)>z6nwM5=@=2#UiquSkjIvMFh3nmKv?zr;nHFB5A#21*GgluEO=NTY zf_N==lWD&rk<@30&bB0`GkB^*kKoUFMJAo;lgEqq%)VOJQBd_{Yubi6o7%SMlj+g%`FGM-=PH_%yS|p0EYswM z^~q^@S=DGv`dqpohrA&|ZG2nb%8l>xVRd3r$`ctBB0p(2aiu&7tL6u}1R`+9vK~Km z{s#sb+jon$-V~L76{e6^-^c0c-^sP@veRdJbJgJXyxpl{%9OrMjY;Qc@O*#_4=?E& zqikU8r4Otn+A~}i$+FbkNhf0jr>M=@Vw;KcE;wb-$J#z-B-9-)e%#V7_0`I$sq!^` zi{`W~jyWkvlwBYiu_Plp5#A*S%iwpVo*Dt+xT<5~OYo?8i;_{Q82o z&FyeSzg=)O2d|5mt}kD}!bY<)&fz9wUH3t)1+P?}aLVBZre)LKP_%?Ho;uxkR_kUu zhO%zigL>5T(17P0cRKxPKeB6bU3XJ?;&m!XW&DahWuG1W;zz1tSL!!gqw&^a?RwwG zOW7e&CP~-0@!Dl&1;bD;dp|tuPc;wpbGU8%nZedJz_{O-W74M+=(m#D^ z^M8H4X>#6e=kq1X@4kWQo$pij&waVKpSt?pvPn{OKNGXb)UZuqY5k=goy11ZY_);Z z9(=2ajpnc82S_lz{$sN1>1^qNa&d+x(=Y^F*2T#j2FkUe8Mu%IiufTYr?|=Uv zI8)li)7i=$iqi4%gZKhB0s+d(LoqvEAq1GUgMc3RPly+NOh5pEJ_aV!Q26e+1K?s_ zbYud?D*&3(0&&2jKj;tzj29iB0AWt_K|ZKAS};CzumcJnpa+T`6I#e$j*jnNMkm7y z^;eKj7zw0t^YiiYLp>H26hI0>Q3oD$%n`v0#T>bLg^&p7EMX)+bYs;2C42z&_`hfq z$oea(M@{kx3GhKp@*STf%r77W1w#L|P3ZRg7j6EX*rP^yk-WU%MsxECf`LNg6a>%l zFB<(dT>kUPp`r8FH}~(vq8kOxAdYXou#gZR@-LeEHCp|joBIoa|JCTw;QB9a=|7H+ z`|ob}zdT1Yl>duH|4!`DNdE>||JvrS5yby|U%CHA>QR$_r$GPOCKSB;InLw2;xTfx z?aZMh4+!bWxH!7FX}g+RTK^fqgCGBVe6oy-iyOo=2qa(^As8>803WxYAdH_+fSaEe z#w7r-%ZC6^0#Q$pg17<$K|gEs|G=@ILxu4|6bQnTzY+)Eue1m?22v014j^u*>gj}X zc5z2}_`nrld`Hn!X&D$Fnx=k}0R8rJh-eA_oa*2PIU61UULFMhFVRkPKobTrz`ulX ze+k9{@<3-o&?A7WT07f%*nvCnYiROk>=tI}4uflgv)wJ73Go4Y{(GY^H)}$C8+Jnc zzqA(UVWI~GSq1Qq3G7d@MR)V(i2pGN`^zMqHi9w)E3=A?@ z&^I)0VBmqFzo8NEyZJ#2`FTfv;_Vo^zZ+M`{D43?+R#Fp^z-w-=nc9%|62lqCIC~0 zwpzdb{dby05A}cC#NUfO;saq|-O(oG*S~+!=zqyUe<$|1Q664l@HDuEfBpLxjs8kP z|MBVki@2ZSf!P0Uq`wl&|D@4hZyeMp^!?99e|?tFuh93u80oKE^gn6zZ^Zr+GXE>D z=O?`XN#L(8&Hrl?!H4!ce>V~6blFcuK@$9*M^J-3~f^Y zOaIA!h+kbAw21$`uB}kPAfr z`fnLLB)ASueBc+&|9J*a%Gue)1K4JCZe9z3@;|2ZkVifFKaG6XF3%}Y;@6;aSEB9#y-2%>L{BXT6&&j9o%nYkd^4TOOX-TkS3G9s2)voLZj>}Ow z@tt44G->#oQ8f5)j~G+5H=p;U7_%z>!dY=RoqlQZ;9%}eN6%c!YCzNO(uS?`j90HP z-L2vj(+QS~HM`!s2V;SU&KqBLE6)ZVTymKV@csVUWs*D1WQ}|7`J_w0&cRrEy2QH! zDS7{L!55L)=Y>Nw20q;t<^3cGw;m7NPI*e;v$0N?m*689FeLM#`q>&@pqXiKYE4dA ztaQ!p%!cg`f6AI4l|H*q`qB@lJ}D2Fbcv)VdPQ(2vHGMa%{djWTAjGGY7v>Tbb{o7 zyQ;B{RJL;lGix{qW0;}{Dm|!2HNy z{Oh0e5d-j#&IhiZ8xUbJMWEdkd+iM)cgPUW5 z77Ru8xw*cHNeQn$mS=T+(32aC>J^z+ru1s+Vt?>LPVRiy+VH0Ci(X-`6;2D=dEL+R4X`d?DAE^)oF-L}kc#9gNu;2KyOLDP~1;7>2Q9eKKLgW)SvCoYONC_G%Z2 zEyLH0c-mW449aB$5n@rSqzE~$Sa05y^;k5-(g=~ihQw!<!WTsgqRE6NXhxPmCGo=)if?Ei9O>yXRamUr2O5C&G_Z$YkikhKM1| zkN#c5P6*{k=}?AZLnAp>{CH{BLY$7*CGO=Y(Ujr}j?cw+BVY2~>+OCVJvNRq=*`6g zFEsWay6}X3YYMmAHmt7g&TIC!AMcH*-+pLfa`v&Xe3xuvXixzYbMOhdlJFjiNtp~j zjA$;NWxuKj?VRS~Z&xJ0a`CCZ<;Q2xmWt^*AI+ni!ODVPz(HZiRf6MgNh=%nY0y&g zIi|-R<$&7~)n`Y)SB~mB6(hE+HM#Ctaa5_yomn`+$lx&fHdJ<{rm7dqxlGAYE*8U7 z!!aHMsoDx7M+L=};^)qKQl1*7r>Asd5@PXPU^H(Ehtwikbwl}9kj&cLYm!CDSyFLY zn%&tkbElB)NdCx&-)uDL2NrI*I&d1U5Dnq$2sycMFp=Nk6FH0jlApqRgtb3D=~`b8 ze0=Jb)ceN#`EMxSJ_dlER@5e8~zA4KGrwXqp<3gR9vM(1k| zaF~(G=14@8EiF3Y#ybl3Jn0Py4O7_)-C!?!rMp3W>r2V5)BIb#HSH)lyuxrvDYfo; z%8hUIQe=0qABR<(3@?}%G$eVB6cCIM*ISuj`?T28Fq~=nbr-8}BU~y|>&-^hK;6)8 ze{IP3b9(T+S1GBfr2$9++l4}9tws_>^`3l@Z0S~h;V)8_k@%>=*}-#9H64O$YdK_G zgOc>dQSBAYlX!*vTUF0i>X_~*>MUG5>tK(Jewmzn%@Qf9cHzMtd=4WWQIm5@9KEF# z{Dq-Iwj4-d3^{VO_c+}qj8_MPKHEy)4aQGI(nSyq-O;d5pyJ|I(MKllt7p6E>bX)j zRY?0=Zg#U3`8%_hbg;hu=J51D9Dk;iV&I)*l~EbPL(UMBLTkl^2Kf+n0vi^C2VuJF z_jYqJs<3)S$EpW5nm25p772X=mC@`yWgvfR=FpD&rLtTx{gkU4dto>r-QahKw?K*EN!AIx0Jj3W$-Q&xrtj6DTk8?U^s)|bU*LGez z^(vxsx?p{lrkvvj^~)_rzO#f)@3$XCKRv0G^BwEN`>3yD*J9%IZq-xLV|~t5VIQ59 zy2K9$t^y~ zvatT-E3 z#5aSgb9eSQ$(2zNPLi*eW)@1q$g3;gP^KvtX!iT}mxLl5IXz2e`APJ;9G*VfV7M{& za`T=+kP#M2kAjqtdiu17&S;cReDto%C;2cV%PZ}LyQZ?C>OFU+2*qeSk;@!c7{b-s zx1ttYr_@x;j4qwX*}vs%Z6$@2uMRP8y7uvbB)_a9i)I@){w}wL)Ph~fJ{QA~kf>4> z!RS>*4djzGcGEwNl^qCf@#YZo9RU(I;yi z(x*rcs?Zkx;HVCFck{yTB8}*Ky_VdK)}E;HLOahNA1~S&PH2dDb=^qL!p-?)9hMTF zbWx{Dr>s9W;!YQnRWV(uzmZI(9oEaY)pY}*JXy&fg&hrWp19jP;3;dEWhh;Wko-O% zu$^aDVb&Q6ukJ4H?H*Q-uN-+Ju16_(an-P8G`DUvfm@#@$BIq&0&2?w%K*M>raL(v8F1@iR=TA2=F%E$uMk6FvkiY_!Ir%Wh?-w`dkDHN5f(r^Ms-+k zmSuKbVc^NdJz;i%6^@i(DOjCWNJ0&P7qbaL@i`GPb~&yt9c0SR3eTabyb^6d$&yn4 z;+*doidQaW$<_Ulq_# zSlEhuPfy@>T!Jxx=?Pwv zI+K?ArP^2KKurE)s)bMPHnyzR)@dhL)o_Gi85QA46aCUtD(2B<)#Uk)JyW@Gupam2 zlRi&+r#`BHm-9kSyob0*W5kE%f{(xzAqSDW30-^2vQLLhDc%dw;>U{I?P^+hB*4+O zra$)NLDRT^$+^<~Km`gVFN^H7i?Ny2|0CpmZiVn_|*^HvmAT7({0L2mJo;#zK%r#Pc33N{=XE{Dw;HG6qoQ8H=Q zo=xW(1E;}^@b&|G41C|aFfQPA*1w3ic;_o_`MH#jPAo`rcbwR8NQIYEQf}sslv-co zo0s6#ntO|qX$c-%ikQ)QI4kX#VKnn|_T@S^d) zC37MA`SRYlaguY!`j16^F4j=@celE%z&x$Qv;_KIu?vCY^a6w4m*7 z;6)pxS<&XcLcKt3ZNzB;6W<^ry@~O8YB&1!{l#HoH_U|;kyo|G<;0l@l>+a!Fr(8~ z?7E0@MXu9%v7TrqVi0s*^pg$|$gGw`;xHFdlZjbMo9qW(&1QUUb|Z(eoU%ZY#vgQA#dtTV0=I7uSxg zj%WWkOIYNgGgEynO)0A-SzKEu76*nf5U0(2T+mYF$s~R~SNTjqZSAIbE$Q~$#`V2U z>yD;Nfs`I8abE=&KN~;f-U#Am!gIFV`93Rg%|o%C!1%}Jc4%$r*$*a@&qz=0tnBxs z=c_zW?uuNMc;;KPyI6eo!{K+c#`m>n1AVu?tjsO1zuyfEXgb_m>Jj`fxioIsPT%^y zN+lQTzaFG#eXieA0dhaNsO)m0W)Kg`>qX}O8 zm24`#iGI;r^mRE_6odVwANis*)64@uW_DDk{NC5R1tZ7p8j-XPCs zos037g73V%*qSunxlfG}rjL&i?C&IUjq)3DCyt0Wil4Y9b!(i~Zr}WVDT`2*vC%8) z-RCtQ?r}+U4{_}JGv%c{XAzUX;Td@_6WjG6d(sb1p=hRf0!!I(>PI2I_u4CsCm1dz ztD?ImWj_phZdgb>!PtF(PwYcU`zG}E>p-^`AFd!X{4fdaI7iys-wC}){nFZ@u6{~7 zeRiixO8^VYh55aD^BMVe`1-zKfS_YtRf6F94VNa`D*8Mn&}VjD*S~i53!%3-rC{k7i^Y}CCrmV-btc5V``$pcPli8^`!y|*q%lYP$1|aQ z#*V@f(TN%(7vb-NGm=@~uhsRT4@gbBt^LtX=>3l)VRT9o50m{F^C)S$F#8N*wQGM)PO< z=FhGed>?oy+P>Mwkf%a6)T6zq+?*&F^Eh97a{d%S+bXK-Ne=}Ku@7r%`oOZSaM3E- zSh+)Xg+nf7la9oC(+O$zxQBj1ZO{znv~f?rL8~)qP)6=h@b;y{!>@5!+YffSwG9NU zYxbER?ws0v&%Wf>CArVK@?EQs^%kczT=;8+mbp}JXQ$H|!{z|Z;1_PbK;x`AjoV8PPIoh zV^VmRTEcGO3N-{3vpvg=F<@toQcTxmph|z{<407jbWiXS@9lt7=R}Euc8MAT9d9+i zv1{d2xOit3zY~U+_%i2AQ&}@>csi^6q*U#o>jLptM1;1i$KwlY$QJof?bIb>f%;B>d~AluC5vT`BW%NN~GaPAeG#TMKW z)%*HE8Ry;!a-V(1EUSrlu24GqX#p8JKXXb=uRYA5`{51exmbz52$((`V0cqqLA~Sa z`chFwc|F;j^lC=o zLd{fR@)v8r9EMB^_EC?=CK`x|q8r`>r=H`PC0vaw$`5Btmg#oQ3lDqbVmKzgD5$Vh zsMHjrdZ2pt?1kmoGM}NOIrhE)tKfoUz1V=gJ60BcY_}0oH1+GP)beXmt47w9sVrIU zdV)f_Q|WKDN48QW7%uR;2&B6{y=`z$MRocIvi2(TQ@kS4{YQkhJq7k3Z~V6 zUGvQr+4eqJwM^+@_UxqTw&D7>wIH3eS&Eq8Z^T6xx>G)6+^Tzt-Stfp_54=VC1>%c ze)Dp6qVSSM|LLI{+q*X}31-V(TYYM^D104RvuN*U9KV7X33We&Uo{>G6rQPvzqI{e zex}gzhn1GE^wPSzL`=P)VO8ndV$b)Eg&G=#6BT{ZU5$b$4F?N3xc!He2*G#mab3j* ziWD{8+*b@9QglzXv@AR`4?n=`(hvDCwZ=~u7_UD@HZzey_rtjK@H^&L5zh2UJ37oj z>rdvD@e(52Q&lbl4pd*8I0|ICPSkPn(8conMO_+x2I=v@b|GX8vjO z`DR(7gQCBaT4o{qQGKIngQ;1&obmEJWDt$Dz3Mu%!Am65ougg?K^Im3h=%yNCD)yjs7w8L_G>cW}OA zs)z<^u`gm5W}G>&wi5mFK! z`uxnL;lPG(wUL2h4_>AkOZpFEt-n0+@yEG%x{8}k&5P~Sd5Fvpj9(*S{C2X9M$5RR zp3lytKg~?_ZxXjHAyj>k^Df`X%9!E?xl1Imae*z-MVur7_G{npw{azwU9E6lv)%DM zXkvf1Vz6bG#=H^8mtbGj>ip@=*PxG6lA{V$aXTcnT>exoE{^m1CoRruB&BJ=S;RRG!6}`;>Y*lB0}oZi_dl2CBMGDc{uN>V?S_*!jC_M;Jy^D+N%#w zp3J<;U#I5p8WAyGv#ws>*UXYlg(`2zvZ z&3moogaJZ^iE7JOjy<3o~%jHlu z?WYy|IGTlUdbu7KQeN3JZH?);OnhBV6}y9@)k`qiKcb~lYNGGm^mR!i&UN}|0zLQ1 zcULn=9U2I2Fq6sB1Iw#)TQXi|YRl5bY2oSWYxfmCO?1PS@QBXxO-TX;f+^? zz8U47zIpA>AHiS0KWDG$nR_SN#RY#UDPO|!ysIJ7e?D0+INq36^kK%5y4Kl+G;<^FZbAKnrOu914D4fJ}n}p}Up?*xX$l&E5aUTbhyR zr3QbyrZXcvb^!3U^tb{O;1>qU%gYU3t02rH%q<911}rn=19GLc!TLmf2MjC@J6Tv;ad|kpbGuoaTY1=7Te(=ebE90~ z*3NK8a}R5G54eK`+{)U^+R?=oQX)8X%*-8BJF#|$vq2l8f8DSQ)@J|Q2hHkWAp%na z(qTHP+A!!UcbKgw%F5aiN5}{~xUuui!6` z{5JwcU;Fdf{GmpF1Ib@I_s>`q<_Bw&|9BS%FipR_ivxW7<6RtJ0r;O-GhAv%)YQsct5 z^Yjc7&M+-!+}lNxNf)zcVkQEq7lQ{}cJ3g#*%&wavn+9#H(C27xwp{Qz$I8Lh3 zghZc0gwk{%mZ6s=#5I=K<)X3S35I#&Z}ZwRtTHOjxQ~W>Zd=^Di8a~#QV>hqO7`xc zuqCRulPKbv6TfWGnw@%ll1-KS>#OF~Go~lL3cb`5aTO!?d6VJ3sVg${G~4}k>v>d1 z<1ICOHAk%wH)flxtVB^craisV99{MaMv=*IoKjf^b`o-ZHh$dMcHM<5PMxEV-kuNB zJ$>TI(&^&m{2=VgpbRE|?9Lwk>c$IU_`(FQ$+8}tzAG6-zbdn|Tow{dmh5EBN-ZdD zkh5)FJ1F8&C!3cdWtCj98P;xu-HeFND&^%RPjfjScJ^Hjp})zw%~zpjp*~;M`3#?u z*sOWmo-2byC_ydrP1NHmHmqD6)-Ix$WYm1lkRH<3Tt8Z$fRgOFOIqj^?yPF*@+dso zS#8?=+x({1U2R;U;%cz9l}NBWokY;3VyCvm~Wy zj}fcJv*hEzoE=8kXXSF<;+^!2jv*sG0}fOFC4{Uhb60ExpH655D^)^ja(TCG^jxb& znKwey{EA|Cb@83@a^@^y$u8xUOoPr|%m$rNgLQ*ZDTN+Y*`VpTktEiWqSzetQh8DA zNm2HO+6K}Ok>J%siLFmY#8jzuxx5Di;K5brtTw1xB~#g7GvOIivPx^nXihN@Fl8x` zhM2fX*PR`73?3Ko?5R@o9(u_l^_k{cF_+=yy?ka?^Km1VFjlWZPxVnIZL79y?;!Tq zn+`SsaYQpA(^#L&UgC9RN-3ASTOzog%KPwRbTbfT3Yg+Nz!iE`G=24>lP@>NeC(av z$h{e^5PHi&X;W94Lpw*ctH{JtU^Fl<1UQlO=68R<4B=7bGsfM z@0e>UmQXV=8;!Q>ja|jP1j#_t3S5N{}_pN zhXqIYGTTb>@N`3S%;;%58+b9XQ~Y^Rf~>s%#oSu})wQMT+6e)IJHg#OxVyW%ySr;} zcXxMpm*DOW0fM``|10UQeBT#J<&i;S>FuIh7ulL zHcRr6hy@EmmmQXP71{QK!yyq9TL!cWUIt7i_3VicVECd3LNeuBAN`=9*tct~6_Rl; zqj6H!E##)BOc+#aa~Cv}w-V~Af$Ek*ko7P+kfnG}^kc@+6ZjIig(EgNY0os^8W;qI zLzMf-N7FL!3^AvaFTqm2go}K&$4%^J?@I#afh5!uUIZHLP2|p1Y>d-7!o?9g9s@&< zqDt=+qZ@Pm1Pdipi%JGBxD|=YBQVs1nbYMPqq>d37mQz*Hm+yFG6T;=>L2+LPsAL? zhWnJWs*N`CsOHjAjs{!sz!t7JQsZ;il+rewb$tTF9BnS1zjW|{Fg9Cxn|_V)1jC#A z9nkiI%ZXW&eGZzj1!d2u?W}u>N)n=-yg{pil!OTwHm>fm{g>b$$orqr z;n27JrAQiusZj7F;=>1ZV-#;H^}LFq_$2)#(Rzkf`P{Ti?Ad2@nd zA9iACaU%M43z=a?O}8%$I-~fjLpiyA(VjnQZbxc#n8YVz;Al&=gGrItrQJw9nAJj% z1lt@#O;zHzA;<`4{V9vVOTv#x6TO1rX+1HIE15MQDUA$QL)%XGGgE|wx>N$Z3gD)) zo(uj_aDs%~kj4mKj3bg0KXfX{uiP++J1H8t>BjSIjmaPXXaH%3cB2VdcLQ!GjQjv)S-lUDK$sK*?)MkNVn-e^ZFmoc?H(IN z$2ig<0bR>_Xt_gjQ#0a59chX-vpw_yOG@#ru#OXwy$i)9b)HJgOxBR+id6S2tFXA8 zsVrQQVX#bSVsKsjVlnt0AFbs4K2aEJ3Crla217HL)CGTX8PJ`pA-)hI38cc1!%?_N zP*-K4Plc&j)0j1r!(jLHKZ2@iww)94k!OK<8C4_Jz{rO2lPXl#p>hcd>%%o$NSTOP zbZdq84FZDVxPl|oa~JMe726RQ(h46ZNnA!O!c?P%e7t2tEqe8R4~f zvN@xp1SY3nLQ8MU7n)Y=2?tC|)9@)5qb*cepNPdAb6o8DB{K7bh+(-7k?)rwv1FX>=6kSeT_snLT)u2ofndUN%ObykZOVxen37Et zD;Apm7F%{AnH!B2#9JS2gG?qvxqZc4q3m?e^!wnE#x9X@iK9v=Q9jv*H;G^%XH*tZ zQq*QatpH6<{Hj6}aE~HO-7I;Tub52|m<~;ODFk;lE!Eds*%1}+yi#K4Qp2Q2Z2m?i zj%e#FpnW05pU5>hyjkpTeQ+skKMF?zv)U4Xqmj;)o$;oDH z;Yac)F^!cPiR|?pQpc$iF(xL6jT1lGTFPMuvJ*5SRWP*-Fb2f;d)o6wh>t3@v(rUA z1tRq4KjN!Xgan;t+uB+iTA(Zv3c_Jd7B#K~A5dl!G6u#_!*e*93N$WlYP2yTIr6t( zyP8pd#k1*ey+mDzz@V`gGq>ZD#>%n!2Hfos%Yrq~k+NdDjNJpW^2S1Tca-A&8 zdRlI5G!Qv1YTun~2-#QOvVyvqBdyrV2L2$Ax$s!VQRTJvO!kAdt@ZHrDD}RqO6^z!c%gp^;c&hcjtn%IqIAT32bFl*lkL_I9^ZZq)*tHA(8L> z*sJ$>7?kOJkRrJ~D-oL}UUO z&+)SFP$D6e5*F)Y0U>%mKKlHVlG1Cc8dc`0N&-Rt@YsBPEO|J?zR@1#2j%BbG`!p- zUp2nEv9NFjypmEAV_pL(y$8h|cH-e7xe&}jWX;_=X_@%lm*x*w4ZLF2lJfTcXJ3Y` z!A8`sa8&VXf9itd?tN{4{#gNkMHhR1+UsSK%^_r1jpacjHWTPC; z6!ZpnD$whWCY4JsHCB=*cuT?2fg^+S{mZz^hL@3W$PX2m4_ac3 z86MneJ#pj@UQCKx^9{11O5vwU@+5G~&YMtA8}Ed!gBl7(K1~`Mqj4XZ#&Od&0*jrr zCAggc-`of9%}Wp-q*L(*N8|=)C7~I$kTR_JA491&;&Nur4qjY%g{Rd<`rm~7Q{d#F z@o$ZIU^7H0QAgaQw#;qijF|)G=Z)X;}i)ZTF9ej7< z*JAedL?Vw@tyE|hqCFWuT@{YaRN99N1n)_VyXpE2N4cRE4C)}8hGF~BW((sa7x3C; zm3GJF&JMLq;6hmGmg9LKi1mFIOhgFWu~CU!=5b2oX9?OPU4(eZO^0@yF;g%G+pHn~ zG70i4iGXKjd`(~!R|=w4BV_&N1;AO4PaF2&)1de^XgiNnr5fXR6i!+zcs< zU>SofqN5SGKBt7-c+qr&Ws5nm*aN8rU1eL#gfFzia}e-fZ$JfB!mf^*g`9J%nbi9l zTM?m3dPZEK90ZY+>IsHKX#`q%haYOr2Z-utqt@{Wi*^YsAYM*)QKuZK!-hArd!UZi z4!CQrG4n|pAJ$d}4WO~#Z0zg>oKBxdb<^)Q>+Xe7dKb01Up6nhzHui9Nk>tyLxshK zedgv?_j*3PSi66pX%L$XLOMpFz)C9T@0N_c)GE*_^60GRqLNB9we4`QwXM4e(>)y7 zD%QQ|KUE&(8=t$eI{dK}`xQmpy2NvjYws!cL`vM(XWZ3F^kWgf3c^`6+FVJC9!5|Z zv;9(*%d|Fz{8dvH;p%BK;>jfQ&>lu&JuBztnidDECR-hg=1MCI>)v46?x(bnUVqew zV+5=~$HXvIutGK9Yy^11^ zla#=)i%~ugK(EG7z-YLavP-?$2<++G-gbQgH}h=#PRW+6=525uNQ-!hM&E4CdJ+x`J zw(4H{Fp)uscBl+I&U~9B0w^fd3*8C|byhq1FSK9l0? z6sp2^sg~G=uY5Sds@y%><8#})#9OWW?f!NB+eDq(^n8Kpo6npCZ%aiAZ3s+GJ2Fq( zq~E|-jo6OzpBj#!$fmWZ5=q|q<*jpgmR_C_WXI}B0PClD-tim63g-6P?i8?VP&ab> z3~5X5m6H3^uCE@BK)|gTo0qZEgCZ3M3_F5JsHb{lUdf%`^evcW z7ae;2Iza9WK2dm*aodYdA6&A>DHe=sim|m34Xv89WsU})=`doonTNJ_6wk`9i;iix z*w{Pp@@8nZv$vo(``SB1c%TJj#Fb$Pb+olNL$1Omow5CxW(iNlrrtO$)}l~P=tq3w z;O`ur67PTUK4Bwjq_0WS`43Dt6?mYJ_j|`<9$S+FXGs zI=!nlHjWJS{Z@|?cgz8$=fg?l5OU^MK0jz%ElA&Mlhp0JmTI99Son@}^3Vy?o z$amD<&02w`W7hFT&9k91r$_i8CoN{Zk%g@5#W>@esQn+&E^kO1(x^6J#x&K8krwJ< zvjtNZddvH7+eX-uCGy(#%`4v?2i>FG>#xfa+V9OH1v|U9%R2TLMXih{CObBe$VUZx z9!tF9LJJ}~q|TTr=pJGQl$g$KOMLjl9#d3?A5ixmlKPXLH8ZbQ_g)OU==ckPx<0)i z8W6iY9v-|XIF!3WdF@wZDP1t_)I(iy9qh*|Z#bMjYPxRI#(Jer`fSBVeeJc_AWzEzDsEXBVxTZ zJ1ZO^r`dr(OZhW1edg25?X;Ajq=cWB!dQDGPg7`$2l-$V`^zi6Yxp)_z6tE%9=5Jl z2whD(bPznpJwCyP?tc3wFe-g>v$67os$#X9_%0x&J+&=5dPEfW&Lds)#F_)Up^OQBFUs?iYFW;Hs+Cnmft<)Op zQA2vzGONr1{Me(_oin2*v-jP}a!5y-E#Mn{hEJEK6`?pvdYI#2$zW=Zq_s8n@cO2c z?`p-(C2g-R{d+;{C$z{lavU6bOwQ#j2F$2=RF3{2buR_VlmO3lk&>(ZZ+oWh(#vbR zE+o5p!~M6RY2?Z`uA*7m({}mE&NrL;$~Ub1qr+NZ_OzE7tFCHY8duQ0BW~MRq>n{2 zZY1uG#psa{phaSz=~Ui$7}GOPRv9sesbzXu&qA%th=urP#tL=}B-iz_A)E`(UzG;`l6b>#vbn5n@Vek4s5D`dSx&)jf zx*BF7e-hO;2FH33Ui%1t6P9uGZqM2glXhSC(h?T==(%%R$F_G_L=ID^-)4BGZasTr zP=%)1@ z$u}#lH~!NqNSlJyei!1YGY<*o2R7xIfPA_>2f8Wk@k2wOb%d;0*W%-K@Q`O!+KWK< zs=IG$(U3qDu3wl0aje5&9^QQ6&)NH!#eWR^9PHYDHWuRO&+~XUJi5dLyiqU9`M+Cn z3~Up4+G1`CdvF^81A4pOpFTW~nkqzD*WN#OA}2o3$PQRyKK&R^?kJ3TD4cIB>10~q zesao!oaMgy+VvHdOk4RAJ9z1wWiFStXu+-2`kl=^<%KdZj04WddAg6aD7NX} zk(MvDflV%!U)?bi?f55YrsD@$1Td#bt!h6G+kK&*GjZFUVc>j^`{f#UB zi5LAF>MsTWS^$x}@h{nkJr#gwJ6h=4{fV~zVBPS1ney<0R zfc{O||GEL-_mMwV`_~Ns|9Vw_u*v`XtpEUz^1s*$!1OnG{Co4jZ|w3{T=IL!A8Y-; z+6(aeGJnkUUopLZ{UrW9-D6>8{SUfF2iPI-7r4hv`zPFEVf_nerln{6-`JAE^0#yT z5Yq!D2MDMEzeVQXx`kid??1ra?_m8uJiz|~Gt)9LPy=KFEG*Pa0HF*6J;2Js48ZjC z0Pg(XLCwad4knIz)cV$zG{3ko6@Ux>#?JuyOl4#T=&|5zZD&rSXJM^J^Gombn>5?g zm|E#uI0E3;Zx(H-t8Zs*Pi^wg;2H2t0rv_3)b^ymS@VBB?oY7E^iSCN{}I^y6K4W8 z5B=SD@CWStpRyeMmmHJnZxH-{hGYK2zRuq>|M7PEH&O#S`rr8TkH45M=^g6o)*8aU zr3PPJ!C4?p=k7-bXmyrX`azwT%uQp0*1l(xiQ)6fsm1zQ8eDJ4-+Hcjx&_ixsNxgo z6qg)vt<5`D9nnj7wzjgmJ9^mFxjn5dmUVG@=qMTKhu2J`w3iN->wPUNn+<|}yJjvM z4T8;ld2`k1==6H{Ua1u|{0n6+oG5p>KKzu1#VOAmE|qS)bFniQrquOgwl%!7c)SU) zcxG=S$3Ri0(K=kHJs+toElWdCW;)nFK@poUmr>!(QGI>e^y|Xxzx`IB^|IRgc~XlK z$rDO7YCrEZPn-#&@s#j6QHI$L2!pxvVZNV-rOmdWasmYY_810#H&Uh;VFai-Vpro_ ziG*#@5=h7r9CbnoPaZ3qJbHO9nPu7f0}6=;;&-BeSdyJEzRvI#SpduwG6bgxANTSF zz)Wg5Vic&L1gbP7)6C!tQ}QrcBwwYDyx$ilMuBayF~0tCXXuz6>us@>{9O86 zc~L?eA_!U0>}Jsteq0i(9u715g*&$i+;Tb62d9bZVJ}q{QVd|Rbc|}N%96=j9)$x{ znM|;VEfX-1fOc5V+Fp1*Dbz;A9E%^`HbYFxo8|Ecmt(e21+ftXC^6gaCK#6 zxr|NlwJ}tc1au-HBff+S{+s0hvBBI&B6XdHYc6src%aEGYh<|%{9}boSvYtI1c3<% zaCwj`y<7-IIe1guVMb=91h5(n7brz*5OR+&6W6q(O$&<x0!Hj}R z5O6j$C42~|qMKnp+9k9(Fc3P!WCObKk=AaAp8S5jvOpxy`n`GlVzcfr>UO9Zz3dCN z9-a*HANiyj#7MeDcnrG;umbZ)(7y4QWcP&QPQ_uS=wE0zMTPOY57KSQa8jI#Rw3f6 zEvX<0k=o`+NWg}XAUNnC6zFEHTOM<;24c2=POFDwwx)7~031^VMx6i$+M8}3Z*C%t zCxWNCToMZ^cYJJj;BjZO zTe&P6xQr-gf4RbaGEcjJYad(i*L5nb@WHfnOzDlF0Qw6BvS{lMzB!Kuv&GRi(2?o| zH7Z_NsLfwr!bdyhb%Cz&xRcjCU4$jC8F zol+L^r~E8LoXiM6`V;F){G$%Y*b;5S_v_;QDAWR$-5l_%oSWg$=-av824TUV2CJ!n zZV|;iApzZW_)o!LDPwrA$l+sDUGTurs=XG4dD9X>9wu`yO!vD)amo zp7N8yd~TRXX84PE)Hky%I~cF|{=`BKz>ognUKdlFKM=z@>dd!kc7cp#sIHDJ+=vJh=sQIMdpjo45~02mZ$W!hVR!H zcaYMXZb5&*=cXn$)wdvLg>T$y8y z*cbFaicAm)K;@VibrR9v;)aRjRdV!kn)5G4``3Yi)R>A)9@$eo0LvCXrlgCqq%%5D zee@_Pyg9Wra#U>QM4QJ2y`CeH*8ix>pDA9i9_7E7pL0JD2P#dZ^H^0`&pWc5)8H*{ zDKuFwE^ev$+3Z;E0FquXEb|}l zv!yv|ErE{gqX_ynMI1FjRR-1{TN;J;`YzPfPfKQuqUYwcaR>E)H=voob@7U8!8dtm zG~{ORg+b)m=k``=p@Nha{KZH=*|}CnxA=z`plfOex;YKC(P668y@YRqv6Aqg8T-R( zZ}**#5hu(53o^E_wtZxbElKiBmIhr3ChO3%*2s?nkCeDePN#HjUgEEdK~R&W9Mzz_ zkjws3m!b0M;|9XKG==|HfBe>^7B-5C$mv+wk3p?O#o`FTuA(EAlL4))k6VK!s)23NH=N-_#9W}+Lh`SS*lt%+hf7~kSQs=} zmnH`LjMDFn6>~)5Xt4OS&YunNefM`3)EVMse6!7qQX=T7C|i`OCH%ovjgDzymI zz_0<_@s7C?u$?7d=ZNqb{12u^qa(#Xk#s0cZ1YWEKOB`y0{c+*wh?;+u?qPuyiql@ zxZtpi5j%GGVA)mBtiZK^7vv7-ccAhm0@aPvsd$^rm+mMjHFJ=u(+o$|)r^J}6Izf} znC`GGqR**tz>?ILs@;ng^m?X-(Zo=Xql6~j`ekI>HZyCi_ESmX@y%Y%^+)uL0m8G$ zP_4x-=qdgdPn#M=^zmOL6|P*-sBQ3qizP2q7NEQBr6Y-j-HyD8AK`Kyg;g6!1mjLs zls!$4+wGL|ofIb0QSOtcKV-BUD-A?$&WW`qlL56dDzg)CoRrv=>aS;RnWc3_?9W>Z zcl}ZtoC$TcBEKGCzLuusX*2#!X)u2RP#T0ED4zn91S^qV^W)Rf+3>GB&rUapeMqmR zS$P}YZZ{ZU0$oRY2g++wH?x*WfbW1Q)vkP-;TsKM!wdJi#%5cis!PS0fNMbO_v!u7B)qT*& zz|i&$&h)JD*F6jCspYkZtREIIs1Ur7ji(~EH3XQ;Tk91&dVmE}7Qcf;S7Dg}uhv5e zFInlP;LBKLJan8?LcmyPO%WUMLmZ-naB$mk$@V zTjK>TEuz5cRw_HoEzw?kB~LGv5YGuop)#caT4`8%`%VLb+h zRHlTll3c{{SQFN~izNeP6T-ZI;wZF$*>h91f+R3339#1Plm`JjJ|_OQfAy)9TT9-Q zXo#j1sDP#sZ+cwg2zw74n=iElrJ9ew$QeBse*Y0OSJTpZ!cc(wzr%UQ`Xy zwD$glxe>SZ8ilwR*fU;}=TN#=4WkEDf(+WhvjHb8` z`EWFoZ4Bi_^0U!pAF_6+Uw1=!fvJqqtg2v1A8RzB8^lXOkMcCd$fl_AtHpyJoaBR0 z_>&Us*ZfFbNc12#5y^B(LrRGtE=v=Wv~bz4#m015u41*d)$4NB+*6I{eJ@xN$oGGG zJNlb|Enogv!ABZN z8I}*kzeB+gQ=JPLR4O8di(|;_wc1)Bqmm0VL?YMO0WYpEx@>fmj1!PGZxoSDBSbO- z9bJWAf`Cq3fOk2ENH~+B^BP-oB|4es_9!~HhQ(n~66Sq((;8_x#Nr|nw*ORTR`op0 zeQBL)PICJ&J4>4vLn$}cSa~ijQ9!aCD?Qyx&R`q@{KEm;M_i%N4bZ~QZ znUz)5^lcs$eo3}{ece;p~!4%Ek?T)ogHF#&Y-E{2W(CBn_pm+K@y*$3spQqnF zoYdpf1f*Hn!P%-+p{etSuEQyok@CTgMReQaoVQbkc8H8G8Ho%1MhjUmD*j8$p&%U{-&z%_{6eNGlh z;hlt>xFoo>Ml9=E?Oo&jOJ4f57}nZzzfXq6BjW=(mV13*od<^o9&tL27c@+qJ?}Wk z%W0k|iC$&ZCZ{$t|0AyWbqAR*jZj#SyR5&Rb?8@lPO=`H?^~mSuu?(IWLXq3tzk{u z`@3L@no7ZoU_-y~?(K%!W5=(^}T=PGZ$%{+pqx!IHc+89MCaD(n) zsmKi4*k#`{QJVx`?qBCXjCJ$I_25Scl=|M*mM@9h;msr>!o8j4_Jlo{*wcv>y0 zAVWg(gX2MgN1gepdwkwEt1M)pL|2fybn5DXsV)y-W*En))TMG~(yC#2>lfi#zudNO zUPGdzXRPPpZm->wp77@|a9zqGL8X?Z7Ss2MUbko^)mq=kzA+omQNNXVSbfb8eX2Um z+ZdNw>Kbk8+K64+#|fzVc!F&>f2R#yYW1yAn5zO}Njya|hRcw~RM}kgcEQBTy#loK zYZ%V!TY^XDz|i8=X^O`iKNro)kbJnus*sn-`?sj5$d?-4T)o>og%cU`eAU=PIq+1g zZ{_k9PW9Tu6aK4JpzqEK!95QoP~+slak4+Z!7RTR%Rbq%IRv325P>Y*Gu~UjO8kJ2r$`@g)Etbnb77c=FU76HvtFYDf zf8U6bS>-<^X+`uDr}T1TQNCWAoqHxcf3Tm;p$Tl-j35!_Vne_*(_kd?c=Aaj^coN8 zvRuL$7-Bihb5hHc4f5(V-$=#ZIA4~&EOMH@w=U><6v$in!KS;?j{Vi1T zpY;a*Ye?>&a;3k={?mg0lSI-#t?=K2i~sEw!OX0G#*zTCdzQb(l9>N>i(uxz#*zR- z{!NQu0Lc2g==d+y`(F>@A8z~qQT6_hNUB~|$ z_4}Wx<1_yQANp(9_TSX;X=(qLJkq?nskNrC-77WE`=+PIjev9q4Wh93u3@y!3!Xj* zZ!|a*j35;%HFk`Y1@Pl}30u+Ax)+jRh`JsmuA{W$#@W$I+w;{S$~pB$CmToW503Y{ z(eVvzZaa)7`-w+5jkTLCCf1hmw(Y^Fx7)h$qCe%tqTjk$6rHsEdSPJJ z_F$uMUY{E=Uk3O3xjDUVZo?Atq;-#n+v|@XVnbq^QViA;pQMz2UQ;(Vvuc8MpYt83 zA>tW$w)2rX!XY{4lH;CmJP%Z}&UES~O&zK8+24k0!18EDuik1bv7ULW13s^V3Ce~D z)R2W*9;P8bBTbR>yTDsSAdZaFc=FmbtbWw-KJC%X!s6`GVKa^G>nyE5w_Fin+8UvY=9`f^*i{_s{rF zB96FPGxqp|nNVv6?3LSB!s*_JRU#N@6pwreDH>45V%uL@R-KESXpy6{2++bK<}XVQ z*O41mY)(F%02A~|Qy8gaIF0c$%jF?gO(yrfs*LyfF123JGOrwt<(MHVP(UiEZoD$z z43n+^yE+>-~4o|{iPz`*vI5^vtuXaiXh<%_?dns&eDg6=3X zQ!k@GxqM@a%$)g$T;EvB2tipG+abT1a9SB$9_-dJ^f-kX##8Vreqel*;0|}#dT#=9 zL8ZF-P`O~Sk79G#%_)x5OqRm-13WlD*R_!(jHs$9e$$iUIyc53WLWtRk>rJNUR_UQjljcP*95t4F<#mqFsj))1e;!%N{eFz7*nSq z0|~0?G5v_;VS08!VYl3%FQ^{_1tN6htdQ|0>XyWjzpsY6MlH*A?PfKfjp6N5C7Gc1 zsbd{^sr!%~X_aq7dT~3i&DWyHuVkRgA#^VcMD)}lfc~O2fc~P<*CGoqJp7XKb;aP; zpyc3EC<1Ew!#C_1N;2K`9Tg%hFoq7)GO^|gE=FGtkc@snUWYk0^F(5l_a^Z~&hiY{ zf{E8rHX3)PdXtai-QtA_02+**7{S0S8zt6?b_xiT&RdEkr}Kd!B(D>kxN8rit1)JY zd}q@HpH<&IY9_o$=+HH?5>e62vhI*x+84@zE5)auH_ZUzuW}IugTEv#)mAp|&EoG}1_}0#&n0hi zAkIk&+yiYG9GSpUt6a|&$J#5P)rRwvh7u^CyQ-gVA$a)S;{T4iKsvB1$s1XQGmeiY zP#R0h?7efqHIIf8TZv~|#nC9zmpfcQYvD5w3T{gx^c{%4y}mcZ(5K_mbefym`khMb ztb_s_35vCuP4sYDswhB9{3S{)D3nw!Ka1MeAH`UCI`v>Pcv(RH18z>W17bWoz0TJ6 zVEUYa?f~)fpe_6x__)*rA@QNDP$BybS_21gGd+|A=rKAXj`&MT zEEavq(6d~o*V}46<%1`}NT8ovb2bDnkuSCx{SL#cRA%kZBfP+%j%HFnlY-+&*?oJA}z>tH~=y}0L#uGg+sjiUOwk`#Ba{vs;?&}B44pK5ghq`@%9 zazj<=@ge}Pt-u7}B>wS1?n(qcOs<}8V>U%7TCqS?SZj_`y|+5rw*l<)GNpmS?L3nQ zpGp0T*f0|11bbj2aErs@z)h!}^E?YDh+*(>d-#OBI^Rn4J;W1Nl67!Vc7#bQ-VS z9{EJ8NTXkiD1Q5hQ5JA<8x106L!$$$L#({kGZiJe5 zYWk4`yp~jxALCJ^sqFy$R>vfsLz2Hq*lA&Z93?g;tNW0{4}7V`Suy4@7=4bTc;LKc6Dm@jNl74XxH zQ+~GwGhws4;*SgnvUTGs0~O5F!vJ&i#LN&CiOD#%n3m-S2|e>O#!f#Rh}9>Ww zT)Mqw(L6=S^MV#rn3)xEztHUOh&MVG45J@*QiPSHkc+%qzF&#V(tk*h!YO8t{<3G{%1v=<^xEiQ3HHOze=wV5SZgUpm0`8p?{tVX^eY>CC1@4!a}1 zxjdq%eMk&H(I`krS7bao#Knr5rL=aIWFBU}25y6nU(G^+>K@jMZ**(j<|O)_G60xr zbX0~Jf*w}EMWOmauy=Nh(1IRjk*gv{l}UCSASA{Ev>Hv_qP0*#nq*y81A07!Ougav zUBI!_w+@|bZ9Mf=VaUAvOU72wEI!hN-79WKWhrz)))~Q=54mnijbLeHrZgAIr=NKa$ z*MTc^E0eHb<(D*sldnJIOn%np8v?{jK*rNiFvR&eFl#0V71qKI%9a|NdtzL(o5RJm z=P4v?6kMTycn4Gkoimo^lV}O<1XdLl~#8=lv;LHj!JVOLw3FDBt(!bX}1~Ryh8k0`^`2 zl<(ImElAdc!M7Y`rRis8Nsc+Fqc~EjG8mAN->)Fb?J&?9#K~H=|L*H z$h?f+%vK%XS?=Fqh+|I%0y9XGvXdP4ovtl~on>Ls7t}+}V(0B3bCzBb6I(~4HwC^A zVyjut@$m5&rGu@X;BrLD|{d=m&Al4<@fBT4sw46LG zD@mDecGhUbr-0hSi7tBhnm_Wq1ViJ_hKS*49(Huw6SB8}dGZla=8B%Hie*vPN-Ou2 z!kkwg7~?f3e6K^hlml@BAvDSaBJH0-=l;>$|ytvv?g8K$0G z27DwOsc&`QZNG+z^+vk9@-XQY24$3Nfp{P`M#E92l$f$#FnadjS)O!aG)R)eYJ+Wy zm(xLkPd3E$T4T64I-s*VU4%pL3|S)R;gvC%(9}gK_$R-XJL|@!=cC}8xF6du@K(x66m0+83wbU?9 zH8~o`CMq@Mi(#d-7XC@$pyDRH)j=WQmc6w#b3a0&Tjh0`*4f4Bh1AS0_QZZAM=h~& zLB_6z(H!AY(Vy+ zpLb|=)USCB)4#E!nF9>#2B-4*#Wu_M8%ZWSuX#u0e!e!pkD&+co(*~V=Q7vpvs=eG z?!#Oz=gN6woL#mbvNNewRW=nH^r06dog}jFt3LO-?r(WRi`J8qQeF%1%%7z_keA)z z?`YND#IrUqyVwKCcOGMb89Mpydz(nOvHLnbiv*fH?H~MZUN;|3a9d62MWkiKpjmMdr?K|m59!P8=t9!dKSqt)9`Zh*dbw<%y_g|zJdP2H zq8WC58c>=Vh^5npbw^}D7*xA8rlj?(k$RHtpZ^RY+}Xd@E0}ku18%wHZnw$Z$vL0> zo+!GDAi7Bv+p~QBF>I+7ctWvZq2$MRPWI zmZo~ykv$U2Sru5zZiy6d9aSmCNJQ_Nl`I=pX!?pL>46p$)nj7p&J?4JveWM( z%y|X*?xVledC6jO*MBH+J+rS|x%iB`IO#|&{%k8vcy4iNeI6GQdvxZ<@uSQ%eoWl& zxajGG=bpmy*s#U+c<1nF5|pZ|cb2nO5%P_4->q^zw0ZL4I$O+yb~AtflhQr-ZbR29 zXt|d1r9luzl*+|4lwVC4muVe~XoE<*upa8$6G;dquYG7A%JPlNS|SG-`htUb>D-3( zm!8L~WBEw(vsS~l33$sKS(;d@`YB~S@cn9thNuXRHS6F5tZywYkP~O~Tphw%_kN5<$Pj*qD0p2OZz>51i49A8s`L@GS@;f36qou@p}H zB3YcX-UZ{^_j4EcYB9%8z4~SbVg6pnbVxSi1=;J28+F}x_<1~|vq#RldypS^7o#rc zUbZuTJdB{?15RJ9;i{UKW}v5jq!t*n_UNSZ&x3&e5E`D%$wiaLIF1e-*Fx1w>kZ0o z!D;RD4m(H?oXsB|g7;~g$tKn#{hgix*KCO@B4_2pPk!`o1JjtW4)T*vY!EW zT^%!+b)sSI;6CcK{B%T|XZfv>A0wx;2h#ZI7;J8|X;cYfZhXbTWKqIBu1kYWbLk^| zBuJ6*+F5K%Tmg;orrpx<79x^;Q(L?_l_}}o-tDUOPeQRMaVy0%{JzHqmJa28Ec`B4 zWEYd$0cjmEL1&27BfV*)U5a{4HC|^s@y6Al$lEK+qr=IJstpeFEA2OkcgFh@(eThN z7pHf-4#AqMG}_%&WPeW#?1gyi%$#q~i5~iZhy(QF-tudc{t&Y^1{5n-H6BS<8=7(# z1b-*lVwTkqDgPUa6l{Cwzb>f%OVi$;1$BTw@E^U062FvQ|74>4H^B$yzl8_>3_h^_ zYP0xD67^@f`1d)#%f;%rzuHaW%KbI>@cYOg#pJ){9{yo1|8sE%=HI%h-v#hL3-!3n zzujBE&4>R~?*2XEj}`u3r5%1><&T;E191GgjNhyJ!+iJ;_y1q8g8#pYH<^F!bpMAN z{_l|j0EPHvDg5=?p%IqWuii`4%37VX(BQXRQ71|}6&E|& z?qAQjJ)U;Q%Yvi_7r8y`U)F8RqMC4) zX-KBu=>{%0PtnoTpjxz`J+J#u$F;4jBhMW|o;O;5Mpbcny1j0`US3=_zuV4jZ+}`2 z#-kMSI_-<3ebrzD&8-8`bVGtmv;M8xSYO%G9WbOQaau(LmLyG{nUUA#nS@~cA{RT17tlrhtOeg z>V%bqu(h-FshckG0?n0bY{nE~^nAI5lEPvwwKTAkIq_w6{lOp0cd7~sfns-_iQ<#{ zef@pe#WmL5?V2kmX}oYts=Aa{3YGAdvl*JPRY{_ z>HRCkBQvJP%sT-QOF9NM-L=WO2};XWU;-nGr*-02+kIu^?qu^&CwoXFJ(M+Z=%} zQ-NBRv{GSVV`tTcb<9<|PS1wyk0H+SOEAMXIg&Iv`@)IT03L4Hzqenf=!cKA&bW?V zyOetkc3Fa&B9XKh+2#MdGGuj6w3g8V;Hu{+J^;$7mdjTGS6}vie34xUwk#&%)!f35r z0fvevV^79lBzFownzDZ!4|nxM&S|(QT*R>z8az#&l=ssteNV%EgIUh}RS0PLU|e;C zne;x94}WFhatq$3gJ-0hRP)|I`Y%wxsR956=cxJq;V$vxRqhvL#j3WW=iLd0XefK; z{~vR20aiz{^?MV76Wjs>cXxLW?oJ@MyW1wg-Ccvby9XyY!68Tp?(T9opJh5B8|X>>_aA-7wRITnE4Qup=}}i!vS>@m_hksqkRW znfJt(W%_gql2 zX}DmJ@symBaU@Nc_#mv+wUfLTkaI1j4a`RN?~hF!3xf3wZnlw$TN?bsrv(wjhDhf@ zL7>BOQ?e+BKKP*!jpU@0VPsa|4oGe>k;2i1sr0Xg8&zv1#&L;!R9>Zk>Fs?(L6PW* zqcm*?f9Q3GN3gdIH+Kx+VaE9-1V1-cB1O$Gzhp+c+v6!jjIV> z7&qh&tyC!=eqN4N--*?G#29HLpa^cEv4hkfe>gNXsG}(xonD^PPv`;Mdry0r{A0L< zX&uv;TCNZWyI`L;vH>ebP6h{UGwXB-W^hJ`krC=i%zHWPW@uO41JcZ;L@ttfFb3#Y z6v`WtE?-Y;px|K=#iND#`$AwYFlA%l)rcJRz+mp#B5B#a@IB?fg-P?0_IdiV6x z-Qek8>6M+lhT<`9OZN2BR!yN+L2(_+p;n3Fhm~IOGz@lEH)i@L3So~BZg%5eP~RBy34%f_vl zV3x+>7Xzel8N)vGdBNs}OH~b;eN1VXsNSi{t{Z+?EnPYkq@Fb;j6e?Mg=6*3CIUoxRE4*5BW;52fkg2^jS zoDB|n8GUg2%e(Lm7@m6mZReZ_YR4GoO_I1{Fd?`_pGCnD#(g_hdxOjfUk2GdS`i@n zhI}n_ghs(XpRXYzbTvRPZR5Cm^M#}DZYLI4cf6VHJmObG_;I3x{Oa$Uuelhp-m=%D z!iop0CDf!F>0Cu9GZ1|z6<{-Tf6at9XN&Q!`rWJHXk)dl@cxmDW+t{C-sZ1Dgbh@$ z3kJfu%y1Xb1*ogx43t<-3`9bPhq8sWq?B?({r3&HPBaXH*D{3QGVQBoTUm?^NQEIq za8Fy#l*Nz2kyT#@zb_SHm7CZZ=r*Xkvy%AcuaP7F!Eoo(=Op;j?!-a-4$)>eCW0SW zgrjh0K^sJ-stw54KKHTbIeLGR$KZtSx)i&vw-{D7)T2dXhJKXBS# z!3E3@ydxwJmO4}cp_CYc0NitR3wh95Y>=FP?nWVL$8Z#M&V`~)+N1R+SI`~j@qt9- zs>N#VM4@#aC{BoCwSr?c(xkF^D zVZCJ9lsO+zcw14`BJG$>51hQE3LZj-m2OCCm}1*7SQqepuA6yzbmJqUcj!)VUyUh6 zx_MPC$q5mx* z*6r@)`_kNsF9A~n@%QL2=44OO?=7-`VyeKU6!TRXYh-f~FsZ=Mtc?*LTPD-3__yke zZk}6lkLY_TL!jk`stjM_Ia!$1H?OcClzBd@5xR8M?7$T=EB8iI z@W)V#oYv`A)qQA`H;%k75k66)aCB9s4WqSjxk$-R-fsYcyz3&7z>Dxiq;4ZkS99Bo z>u28;w6>pd=B8h5p}I^*>t3I7bSzO!N7Bkd`E4Zi5+4;!sZ=h~V?sHP1mrT$9kvAP zn`c^;@!~QV#GG3P5R?Yshq12I4)~i0lFwe+FSDgUkePl&0=5Q)!J`_%sR^x z(Y`R4R$v}Sy62*@#KZ=@VTkwAHy+s)GGXmX1dJ7Q|@M;NKVgn}}VVoBnhwpA5O0VSK*A->^mM@(SNZBBxQu7%--1q@#7 zSRS`Vk!+yWTkiA+F1dqb;6g1(XBdz~lPzq{qq#6(GaT`G1ABwF^wnRSiJ1Y?zZk2d93qrj52J$R$ZW z8B#EC?+0*0=X2`0WMzmzk$rS#+R25ugMK^Q8978|rB5(YFW!8`7&}v3ms!W>hAmLH zQ6qx`U2ye-j>P8Br7Sce@xM|U6r-zHye5tx z)4J}r&M50yJxuTL6otlYX8fUr92gX6g*XwN)(*@GbUj>6Kjj2Qo^k?>D&6ggoKaZq z3soqr(8Mm|Ox`yR?t) zjTEhU-XBa>CCpF(UdQ=fSW6|7R_I5g9SB&k2VO4s+i|^d){l-QB8Of#m&KQT2|7!_ zvHW=LJe~I$I;~#rEiU&D&R)0M2gT*#7FuhX)m2B3JC&^ONj?=syks zxHAwt0*o%;vpvU(@Y$Y+9pbY;M$S5c{s(B6MG@?Y=q zzm^UtNdJe@2{Ak!FB>Dr6Z44{C`A7xZ9>bz#>&hFJT4*nr?t#X3`|c;8Q6i}p4Kw6 zJe?RBe1<>74xWzqKk)fCR)4x=WM^f3a>@7)*BmUY?5uy`^VcZkZzu7&7XP}Oe`ofm zQwC-R24Ep*8QFjZeJUp#upa-}>2qcL2L=5*v(HX}ZkYaY@;TVq8JYjW-BYFi`|ke2 z;D1)SU-d)&jZ^wBOGo>6C;U&>&hw@G@0am!&HgOu-&|RL_W5f7@!u%u-&pC?G$Zv^$mgYGES!Yh6-YWbpKfWkBx<_ zt?iy#8YX7o-N_E5KCm*<0`GYiMpjxNU4@1fc}1{?rxZw^F^NI6=XT3Ooz8AWtr`0USZ6rG?DP)6pdwfcjF zr**$o<+Fu<&3~f>5@P6CfdVu@>={JEoj zx|4qU{-^uq`EdTX32U|06sYyJB9&&}*}QU7fhe{c3@d%ywg-JiRVUqAoC>3`S; z{hir=IDKL+(_c^Alhdc)zdQZ4 zE}zyu{r-!R{@ND(J5K+`?7zA)|D&g#-!AWeW$@QWn*Y~b#B($Cr!L}Wvh24z<++6i zb~9p%4nU?2ouD+GjJ2Jmt_7XGEE#$)}##{XXS?)Q8h@cH!_ zTMG2^=foVH={%3ype>@Q_dv=}=H_6Y`}=yjCZ5N^0fWt55L7SCrGu{kyIgJyXM9Qo6EJdJ^c`HSSK2vrQRF^GzA2WlZH)YoGuc zT9&wcH@6uWn-O?Cx4Xp^>}`O%e(Lbe4n^h|Sk3I^yX)iZN5GxQv7m})U2R{rCYK%b zk404UiFBHF?nui=J#<&guGJN|x_D0vBY6w;%?f(lc1UCV%|ujm1$LT;o2zlYc-M2U z5T8f4yR9C9{H@E#a|iBu-X;Sg>m8XY>kC5~GJ4(pD$UekDD!F7gq}it&}6Q_L@ZD_ zd2;CYGopQ*&Fr0O%@=ztbJbj!{EC&n!Tb|Vz6Cyu$u@PJY%eUpP}2lyfr2c!*dW-} zb5xSAbuH{(qE;pKAv5F-S+&!<;`oH8G2*lJh}uL~iU$ttbAysZTTgdR!QfDo=O`oP z<79qA?Oq5UG^bljrFhh`2pkwo#R7HLfF#f1@3(gfE<<|#5|LzUr8`?41%lkSbOH)I zM&FtG{k#%nfG|2b)8If%pS+0a7uyWSo$ihfG#qNZ&6UVlrg_Q6Xlb+^i=x1RxJch% z`9n&=0qb=Mt-esC4ngE7Eoea{RPqvi3&bzb=6n~)-L*I)+kVO)T8cN%cGqq?aV-$Z zchp856@x5Gh_d8Hxm^gEgR|xPU)qh-cf^YwQB*CU@|#vMbqh^beh5j;##QaFaYq!d z8zLg?G=pLXVVGnR=3t$tKu5%D1>DURhL8D=gBGTlOFu+38@ z7~d+fDaKLXhhKm}ZM6J?gB)yW;X~xdY>4JEMlKhdWHmTEI?te<%dW^JRU=VpEtfkx z->3<%=`C~a8(ri>7lxtD;@wfDM;=P>4G=O^cisas6YN3= zzgt4&uWsx7PGl>#)KJt6bzEA<_(`1WB~ea6Y$7v(Y-Sdj46<)FpIyZ+^Aw3vRjwHz zxu^oswy@1c8_8*og^y?}JUL?~?=m<;kNV`TG+33Hf}=?Z?y{SSp8Y3i`8q+uB2(Ow zKxC$7rk;ancv@hlW2!kPPy6T^wD8ncB{OmIbd9xP?0T%h7hv3sG4TUVMn-nI$&cww zX`E^q>Pmc=Ogat*dSv9r5Vo!ixDSZ_WMW&!27{IZb7 zc013QSQ|xq)>!cDm?lzW2Uu8=-^HgFI40DJuIH4j(B@SOdS){XP!xIgQAfIfd_UJl0_YeFv;O9o)ac7myxHQ_ zSn-!@9#%ddBhOd9?A-p2&YbF1bul<$yV)fG+zW}T@~PV$!-YMJC$4zbOPqhY-sM;stCI%7hh z8Re;%{m2yd2rvI0JuF)Z^2_x`Dur5JLiLzf+Uzt6wBl-0QMyzcK?Q%#mZHMjPPCnm z$ua#GNl=@yd`ih*DAQCtWzV&|6TMZq;{&M8BIH&uv91*Rd2@ym#UZz;3|PGSPdn4& zksD)+FSZad6bJXDP45d-X@7F zv~$aa)|BFrk3tSF^nSh0M!`DV$eA13HGNT#Y8;s8=RM>hX>^4DF6RZ+=qhe)rs>-? zbzg5emK?+LLUa%B{-SGf4ir~*rb6@MHOVBqg(c$BvMQ_c(4t6)(^&`v&vad(4Ut;S zK40hH>LpnjQ=1|%jfbu{6{ys-+ISo4sV$aW!NM@df;!flx{5rLjv{cErgq`#3+ipy zn1~H6kOVWUWN>K#b!;i0BB%A)Wy)1>fr@ z=TW{+;|BpHx{7E<$@0vb)DVMoPT>!OCE1H!ubt$lG~DOT6nA;?8=n?l@N7SHD+DarLs3W9ot8P#V??)p6`^lQ1|3)>36L)<1D zB9vAi{;AEWNmcet=h&7`#K8IFK@c!5gsIP9?|3cW^eMSuy=ai`AFzQ7c*`))`lEU80mWnjQMaK46MHO3Eggo638$MV+g=8%bB!2&zsl9IZoi zvN*Y%Pm12{dlM{}J3V(zhbvw_U$^TG8OMZ@}j+i7rOf)m9 z)j%SLiIf7ZR2}lREkq5GlkxE0D9SVyhd4RXWpojf0jd!rHJD$;dd!l9Xa?#N^KRS} zSjUSoHMt*edvQRfFcY9aG2ss1f`C_H!R?$|(@ynpl`p!9r#0I6ShQl41}ga}xP0+# ze(e_uGo&;)1`4K3)lZ}GeMkI!hotG+!fkL6sMGc3{A)jJnQ}pu%U*a(QBl2YWcY#N zI}iAsuUabOX7}$QOnAR(zFY98k(LMhdNSKR+&zRC?50dVksBP)Pi#<(Cu7JiR5lJ4 zE!)a9;YXjP(qXU81*?5IxnvTT&M4&Lf%@@|h;Bz}+<>VZR!75H+fg;osVJ4g@iNin z1*gj>SntSUWxNAHA=G5)+}GFNO=Lv^G=>-S)htfyPg)xGw^Y9q%*HKlsn%ubU}ozi z^=_%=5!^u23%4`w1Eso##>*2KZlG&$?t^i%Gx+V#VlJMfx)AS!v9p(7)o!s7y?$Dw zQ^_@suyC=Zx(ECT6y)-Lou$K|e@10Qb`xhB3IILdn)!f!KTv~m-+zpL54JU4F7>p- z*%lZ~!G+l5)=WBxUD}BF&2S_WmDee)J^Zdr!Dm_FF9` z_!;`0+2z2i2n*797gB5H6;SQ^t+tfSQ>N34%YQXqk?N0wQ1+JITl`p;QY(c-K9zEt zgjNI_u8lvb0QQwkwp9B@_1Nv3-|9VyU$0|vgiOq|1_=>hNpvMmFFkqyzO&eE{u`p( zRPZ|+EI0@e*)jylx~PmZN*Q-Wcg+egJ4_uCi88B&>~Q3_86m-V1mAe4I`)tIE1LbQ zOBS}!)VGCwZ{~}$%*%zGGS-0c-szixl zYg=V31q0qUpU>xxB4E;VJry7#VR&c*Hy5QcxKOQ`vM2=;RPQ_$Kyui;&wE}3uJj%# z=@)|d&2T^|wuMdI(r>L55@rFUkvL{{i{CCz`$J59QQTe(+J>-N8ukDqUa7CB{;3$lX} zSpfd&YkGr#x2bhZ!xiY-hN>mMt;ZQe)~iLQGEQm&9lTM;l3eRpOIwGJXTu8;AfP!B zo6=alg^EJ`;GdWr6E19fq7L8u<$_EGKplL=zi%q+SR6B4 zSGvGwY!8|hY$%8|A%_M^58fyhM`#msZO0@UI**9~JnD=*JTFs=hM_u-mE=Z}UiMPv z7`@*cYQEX%u@bwVs5d%Mmd-(#j)2vRlPJ`Ya(o-xzGEly>P@MU=NO%sc_=0i}vqdFZVPl=NR-71b#IDBYD&M#h}BNX$|Z2PuLm zE+?u%V^OPxFF!0(+J@-)GOX{+3+;ZIvV3-bdQ4P271dWhA;!Vw(FJK2i7gd!)0lB5 zdxvee4;8^T#EWcww70&oA$K=_8q(9UU#*%Duo)uD=Xr5bT%JLfXY9qr&8JPx2Al@u zUVC$Q+LJK)SQ_yLC;e3&pM6aO|3%WWzU1ODDqgvxS0+n$* zMsY)n21h-&x_UD=#@1_-Go4SzGW2XzDG3Q*T_A^s+YX8A5sVKU*_-BLFK|YFR8ypf zWyDLj@b|upIy5b)?K1PgWkeVT^-5iFpu%{ue~??R@0(Zl8!Zi zPqUmxr!q~AAS;XJTFq$K*r+`xp7J?w9Vt1W+bko?3vnA2GvESLh<0Smm2s#=^pxx_ zRg3ord;(QMCHnjfryM{=cBHaO{bBRgaQ~o(MK*ixyGE$6>+TBjgQacAYFmPt7hO?p z(=0=~(v>&60uR)!QCtG{HHu0|CDyPbetL`Gu_B+*WT}58WNl8D@26^%eYONU)I3u2% z3DkEAt)yWc3CdiYdThw%oZl+|+Tz;j)(+7g$Ii|D+M?RacLR0sqGc%Hh#4AUh;ko3 z#zU^l27a?W?1kDBts3*m_M&dr@jL-wAoHgGi1}J`FXkJdz+g?6aX+#tk6C|xW4wS-0}C}SW$xbEb^r$gY|04Z%MBL2;bT; z>Ve++`bAg^0rp+{E>)ON`YRz?jx|&ve_Km+%;R`2yVbdjrO~6aC_93Lqt`c;cA0nM zc9|a!n(Zy2s}buPPCosU?^9pCBlO3}vf<%oTI0;P`)Hho{~#okz>n?T zGOuat88!a^Y0~<6v>4Na$7eaS2NM!xw*evBH6k$Udw{9)*jK+P1}r4L549b+5}HO49}SC)EwT_ELLVzy83Q_ zr)-*NSG)Rb==Lq0Io7&*Z(ydR$c!w6^9Y{?4wIRrSGi6*H*YuZ!@sWROY5%=Z#6h= zLb+}_bn@Gvv(R>OqZ`w5-b1i>@ZE^8XcL&YpeegW&-V<$yAAR(ukV4!1MEzo-yfy4 z^&B=*HR#Ok1BfE3z%w+wnETw@2QKRs3O^pvjNUqMQMeXEj|RBKd6Ez>HSFWudet)O zUMrwZK&2hWeeS zOE^jZ6XmA>+ZN07FVGUw9P5! zq)M$EZm?uFv)3M>8+i!q>dN&N3Crc_N9{^OaAM`-+-1X;0kiHp6H6oF_8JL((k@3W zG+)w-aV~^+gw~s!-G2ys9nL@EJ~)iZES)k1-)k=Z(6$^^5omXqZJ$cuah^Oo!$~Hy zNH@E<{!pXVq8-4uHal%3T5_)m$8m16_hTS5fSBm?F?R)l!}fTW3*jzR>=q{9(QoocW+GxU0ZkiYIxHNRdz}e44~qXwrj?79{*5NpKsTYY;f+h5|C;>e5(Dv?O-_Oppq>u zwZ0jU>UR-yU^{YS#pYSB`4VE!mh7ZNpUz#}bC%+Vm8!+V*TI_j8gZd;G(@@gMowb`i|=iMWC#;wA|UnbLlxxQbLU(W&L|4YGN4&aoI=NuND=x@>A z-}RpUFUEnNM{N8|aso4%&u8E{C=ATA{)_A(oszDeJ#Z66U^Z9ZLGCHT=wJ^l(H{fB zf5<5PEpDELk>h#4-vhz>TH+BvOhX&WiWhlCo+f=rBb`6KJ~LK?p&Dd_!4*Ays8RJS z@#Ml8A>3mtQ5zkTj*26TNMUm?#;KeOQlm(3deof9{cTD!!l8`Jp^A>zWx$kleK%Fdu!Pm&dJJAJDq`du6b`%R2ilb-X>>7vK6AF=31j?Ni0Y3W3DaK z+SCfti5rs+e#7UNXGtk`CeP` z&`rB%w3TCpik)S9zoeyjxcjkStojo-5?0SRA`FZxo||z1jc@9hMX}&q!wcP*((+E_ zi}5-tgC?FpYRP!as7W&r7jOj&cPSW=O)kEE=|db$(0;*qdCzD&&H$PXDd1Do8Myu^`|QaziDKGM00}8&Xc-@HDePNP{yF(jaX98>HdpC#2!!uaJiA ze?S@#kg6hofi!IV0%=(K1=4V;bnx#%8g`!{4JQA9G>rd*G>iZt4W>UK4I_UCX~5Aq zHA7OWT@k_1hA?H2bHUO5B!gz9fJ%!JTrq)|Y!?KXWflw}AQ2wx4wS5)>|tgJNu>WO z|CXMU?AwlJ-r{x@C<(RZASiSX?fD3_Afq2>L?~$7(3z$cz$Cynr-7f#!Y+s1p+J7` zn@Rlebbsaxxjatac~_(YB&hh>LLY&eq{eUT8Qk1cdaS}yq6AR3QV56((+OEkDq&=+ z6}0Hx%#`~hl3)QA(oBj%-Fi1~&Jio6!>|a1Mf9r1xxs_e8Qvn|KJ*vAGoHx%WMDpV zXOUdNyejB9~KuF2N zi6XBkVE=K}(`XZh!g!%Y@?a;IR|lUH?+_|iYE;o}6K3<}59FIx&6d~oY#ba1ZEUc{ zD}@U9%OGGvr(g2q3BF^!sh7|{_Dy6?8q1d+(;%ZgXd$TRfTAj;*PDA^`oTn+C3GBJ z^UsV1qdzkmO8<$`z|Qa&jD~OW)@A0;j0UuS&1g9I1ET@^PmG4~pNs~RTz11TuxmLt zW08K3o$vE<VKHL_WZXZp1G`dHa{>vQCVfvYQvTD?Y8Gc8A zbXW?@nG3&m0U_Q*BJ`JIW?GI;a*GtnkvGO&O|Q)~f7_|;>pjbyV|?C-^BbdK_P-bn z>y{haMK-RCMFOuj3Z2vEK|B3J|Hx=qIo5e+>JwWnWd0(5J~UlD0k_r>x1dxqQ+5cI zhEs$8!|fpb?gt`Ik(2SXkj~m9>}q_JFY_i`lQqRTx$3i^Nh)wt11v)e>hZ5bc-Dhh zJV@MO`)hd^$^4h+N75-RA;hKc!R@$1R~Ft!A)(H4x_up!6M)@w}Ye zLrPk~0W;$*&u#03o+g*?M1-2x*Z~t}Yht7?q|I;+-<3OO27RBT)^Fo4B+YQc2vwmX zX+2;NOW?80e;~JPsg~@=!p@>z`v@A4#{{`>ov0Q%aZ^HxYI>3@)W7R_C?$Nf_suNC zA6Wv?VV}9$CJ$0_1dSR+S1^9gEmY{DKju4*BV-NOm=qc^-0rG_jgs5z>R7qcaAnt$#$W|~427pREgA~XD zk)9w38TP8So=r*vtlbC!vPp4eg_0C09g*@^J!aT zffP5&Tw?7&{=$<*6q6tT4lv#eL^D8!Uv80o2BH;!0pg}1}1Nn8UVJ!d8BX zdR9h-CD#qKUNB&4bUb1V^&SHB+10kN=C~{(5FcRzTyrSQ2U8)&x7dMvpA16-bjb0W zvy5O1;4y@6sSf*WslL2>gNl8Dmf|zcZzlsbxF9Y|66dF!#tAABgg&Xn%zCIfb!NUp z;&`qf$0iVxQfxY`2a{s&Y>)n-*#5gD;&?S}{MeAAZG{CQP)mXdNqv-%6SWULhMfsE zSYLa-NL$xCYsh>Bw0{Pk#oJONnaHC4C=rNhi2DuGuuq=#6;c)_;iCW4_-= zUND_(I!R&ppWa!2BFtQztvEG6u8B4qa%*u3$zIgMd_^L+FlPA%zWU?C}B zN2F2PtuN;hlIuUle8M#BK4BWdfkID(q(s2D@7Rf>kZ@jto*E2EZv+I|lIO%1DsQwK zi&)P1C!r@qD)0SX0i^NK;l>_?7nB1WSb2hngKmjCYaB>H$XN8tQ9NV)UPU)|EyrAqC-?|_l8siEMSNTktL(V=$} z!kas-F(DcWRIn1M6!ABMBG<|lTu@n&bX+ux(|Ay<^_A8MngWHMgwv82*&W&WGvB3G zm-|@98anQR9*-=DgD3j<{gESSp`8;a-YobKCty9QKxYV-K+!U=P;>q@bi$L1jsz5!u0mHrE)VN3BCqP%_K zTUwyb?S>gkyyyM>`Iq&bLAs~+J?nP$q?t#6oogNEyjI)I=wU?rjoJA*Tl-GbGo-;d zTn4s3bLCy1%la%X+r#zjb@uHK2M5=^{qdbypiWm`?)#C5G_D($y;WAX39coaW~~oedR42O=F{R4=sx=94g1xb`DM#0>Um1 zb;F1GNCvehySM~fJ9aOlU@>RN*!tRnVOpxLx4H_m4n}3IgmFsn!RG^M6Q{$Gw(RYw zpvaXtH0Ugs?c8CO^^VfuNmqq$PfqtmXFTk^@|u@EfUveSj?1LP;5lCJQdO*5C7p)V zEiLPsmRx=hFHsJ|5e9KS{k~^m|0djue{}(^_x)X8E?JJP-L<@`CJ)(VGv|ua<%`>L zYgWGPXuPrm>&BXWWRTi#gNt%;iYEx(pV+5iWgnFJ$^qI}QrB97-pwahNK(z(riaBD z=txT?@g&REv<_Q*k5%WlFV)-2p;QAHACH9D?i*T+JIP#ygvs*Xvk@Q3hNvwGejlBZ z+Z*>co9_mJ)?WUs0?6{zUZk?Qh1O4<=hb>pNprfr*ov9S?jv%)TLmhk*2Z3)sI<$R zZOU}S=uBr{5q|{h-onvS1RXdPpDUjxhE8gK>*$t+Wy;!&vTxtxGh#XTDN)2y9fl<&R8iJajb9iHuQ14<048 z&-x2Ke&Dy0XZI+!x>sdqE7gkt4G^*I!u)0V(Ul!xBft?;jpbwqeny+a@V<%F3L9aVs;H+_IY=z z9MQWGT##Xx{apDT)fuOCkaa?RW*jfIOGVo^9I>>?S~h&I05go^n^FSjxQjf!eq`4P zUF)A{!8}9VUO(D35Ic~%7snsNsCOShN>;ht;8Ju!rw!0wQDA=*b8W|1P*~tP zR~*hx-MXtEQhu;iPteX^?_B&sp`G%BNanyz+(H&tHnuE2?@|)w-NJb^z5eX}CVN#^ zZs*8%^%>pRU7N-usS6Yz)rpt>SsC;@iW>f-?Y8kLF^iwU@2{@BkoVx@STsE&Y#S7I zzDI8a9p(Eq73Utgc&|7%Ub{Nz#@^Vp>E;{1QlZ7>)n2X-<0_5#^u}vYBIxdJ6y)%H z)5p71$J#SrNA(WLhNoAr2==}SAV|=QLpxZ9`B>W_@FtE+E1oCj{!#u&Tz-s)ChalD z&aa7A4$(nYdV?=h6Lu=b>>dACKAGC2pt*d$CB`lY;qRXiSPtEyP{7>V0};Q*HueRD z`{C?Nad@E~A2+zjS1=r7hbEHVl=9lqk$DU?kSq@dDH@8XsBr%X7SOTau3D+KqS<

66d@XwJJ#)UK8fSd;)&EY4dnvoqi6#rLB^>0E- z&vo}aN|^x&o&J3S%>O|SfB`to;_2_H7XA(Srl$#h&y)O~CN2GWocKRw0RF!caANog zzWATY0Q_MZ=1<%I{ZMdb2Btq{07^A9BU1ZpJ;^>l(nmByIL%%jfWCSewN4IA_&MnH zRY(8J+Dwy|gUV90aQ7anX^M+Fqtr+tDpwV$ik`(~?#^E258GW68D1{-j}A9G3(M&b zCnqB8e)doVd8jwy8thZZGI&dE9>)PXX}CIVF6YC}=Vu2*x9h|=s=e%Ka&94&Q0CLbnlKXt<%$&0505%UfiuWo}oX^j?+E5Q!&VNnhxw~=|!kHCKaz< zVe7O`vpjO7_i{{4?BZ#+1b9_8Co@_VVK~ zssF+wZ|g&S0v+J;=KaB@jZ6LEi9L1lTTl|a_~fuKc_3&jcwn_Z|1u