From d18d502e642d654acfff29cbb7d3f8d747816fde Mon Sep 17 00:00:00 2001 From: Ed Date: Sun, 23 Nov 2025 10:35:19 -0600 Subject: [PATCH 01/18] Added robots.txt endpoint --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 3 ++- helm/revproxy/gen3.nginx.conf/robots-txt.conf | 6 ++++++ helm/revproxy/nginx/nginx.conf | 3 +++ helm/revproxy/values.yaml | 3 +++ 7 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 helm/revproxy/gen3.nginx.conf/robots-txt.conf diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 9c9ed51b5..bf349b63b 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -100,7 +100,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.48 + version: 0.1.49 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog @@ -173,7 +173,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.96 +version: 0.2.97 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 33e6be575..7b9a88842 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.2.96](https://img.shields.io/badge/Version-0.2.96-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.2.97](https://img.shields.io/badge/Version-0.2.97-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -48,7 +48,7 @@ Helm chart to deploy Gen3 Data Commons | file://../peregrine | peregrine | 0.1.35 | | file://../portal | portal | 0.1.49 | | file://../requestor | requestor | 0.1.27 | -| file://../revproxy | revproxy | 0.1.48 | +| file://../revproxy | revproxy | 0.1.49 | | file://../sheepdog | sheepdog | 0.1.35 | | file://../sower | sower | 0.1.38 | | file://../ssjdispatcher | ssjdispatcher | 0.1.37 | diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 5c1a5335f..75e8ec128 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.48 +version: 0.1.49 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 3ce73484a..b4dd9d63e 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.48](https://img.shields.io/badge/Version-0.1.48-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.49](https://img.shields.io/badge/Version-0.1.49-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy @@ -18,6 +18,7 @@ A Helm chart for gen3 revproxy | autoscaling | object | `{}` | | | commonLabels | map | `nil` | Will completely override the commonLabels defined in the common chart's _label_setup.tpl | | criticalService | string | `"true"` | Valid options are "true" or "false". If invalid option is set- the value will default to "false". | +| enableRobotsTxt | bool | `false` | Whether to enable robots.txt generation and serving. | | extraServices | map | `nil` | Configuration to add any extra service endpoints outside of gen3 to be served by revproxy | | fullnameOverride | string | `""` | Override the full name of the deployment. | | global.autoscaling.averageCPUValue | string | `"500m"` | | diff --git a/helm/revproxy/gen3.nginx.conf/robots-txt.conf b/helm/revproxy/gen3.nginx.conf/robots-txt.conf new file mode 100644 index 000000000..d9d7ae3f2 --- /dev/null +++ b/helm/revproxy/gen3.nginx.conf/robots-txt.conf @@ -0,0 +1,6 @@ +{{- if .Values.enableRobotsTxt }} +location /robots.txt { + default_type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; +} +{{- end }} \ No newline at end of file diff --git a/helm/revproxy/nginx/nginx.conf b/helm/revproxy/nginx/nginx.conf index c38743d93..78654ec81 100644 --- a/helm/revproxy/nginx/nginx.conf +++ b/helm/revproxy/nginx/nginx.conf @@ -177,6 +177,9 @@ map $http_user_agent $loggable { add_header "X-Frame-Options" "SAMEORIGIN" always; add_header "X-Content-Type-Options" "nosniff" always; add_header "X-Xss-Protection" "1; mode=block" always; + {{- if .Values.enableRobotsTxt }} + add_header "X-Robots-Tag" "noindex, nofollow" always; + {{- end }} if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } # diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index f169ae61b..cddd618a4 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -254,3 +254,6 @@ extraServices: # - name: "protein-paint" # path: /protein-paint # serviceName: protein-paint + +# -- (bool) Whether to enable robots.txt generation and serving. +enableRobotsTxt: false From 71a20fbc60d4f0829aa4c300dbc6abec609d1ff7 Mon Sep 17 00:00:00 2001 From: Ed Date: Sun, 23 Nov 2025 10:50:26 -0600 Subject: [PATCH 02/18] Added robots.txt endpoint --- helm/revproxy/nginx/nginx.conf | 3 - helm/revproxy/nginxPrivate/helpers.js | 283 +++++++++++++++++++ helm/revproxy/nginxPrivate/nginx.conf | 348 ++++++++++++++++++++++++ helm/revproxy/templates/configMaps.yaml | 7 + 4 files changed, 638 insertions(+), 3 deletions(-) create mode 100644 helm/revproxy/nginxPrivate/helpers.js create mode 100644 helm/revproxy/nginxPrivate/nginx.conf diff --git a/helm/revproxy/nginx/nginx.conf b/helm/revproxy/nginx/nginx.conf index 78654ec81..c38743d93 100644 --- a/helm/revproxy/nginx/nginx.conf +++ b/helm/revproxy/nginx/nginx.conf @@ -177,9 +177,6 @@ map $http_user_agent $loggable { add_header "X-Frame-Options" "SAMEORIGIN" always; add_header "X-Content-Type-Options" "nosniff" always; add_header "X-Xss-Protection" "1; mode=block" always; - {{- if .Values.enableRobotsTxt }} - add_header "X-Robots-Tag" "noindex, nofollow" always; - {{- end }} if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } # diff --git a/helm/revproxy/nginxPrivate/helpers.js b/helm/revproxy/nginxPrivate/helpers.js new file mode 100644 index 000000000..9dcb8d524 --- /dev/null +++ b/helm/revproxy/nginxPrivate/helpers.js @@ -0,0 +1,283 @@ +/** + * This is a helper script used in the reverse proxy + * Note that this is not technically javascript, but nginscript (or njs) + * See here for info: + * - http://nginx.org/en/docs/njs/ + * - https://www.nginx.com/blog/introduction-nginscript/ + */ + +/** global supporting atob polyfill below */ +var chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; //pragma: allowlist secret +// default threshold for assigning a service to production +// e.g. weight of 0 would mean all services are assigned to production +var DEFAULT_WEIGHT = 0; + +/** + * base64 decode polyfill from + * https://github.com/davidchambers/Base64.js/blob/master/base64.js + */ +function atob(input) { + var str = String(input).replace(/[=]+$/, ''); // #31: ExtendScript bad parse of /= + if (str.length % 4 == 1) { + return input; + } + for ( + // initialize result and counters + var bc = 0, bs, buffer, idx = 0, output = ''; + // get next character + buffer = str.charAt(idx++); + // character found in table? initialize bit storage and add its ascii value; + ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, + // and if not first of each 4 characters, + // convert the first 8 bits to one ascii character + bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0 + ) { + // try to find character in table (0-63, not found => -1) + buffer = chars.indexOf(buffer); + } + return output; +} + +/** + * nginscript helper for parsing user out of JWT tokens. + * We appear to have access to the 'access_token' variable + * defined in nginx.conf when this function runs via 'js_set'. + * see https://www.nginx.com/blog/introduction-nginscript/ + * + * @param {*} req + * @param {*} res + */ +function userid(req, res) { + var token = req.variables["access_token"]; + var user = "uid:null,unknown@unknown"; + + if (token) { + // note - raw token is secret, so do not expose in userid + var raw = atob((token.split('.')[1] || "").replace('-', '+').replace('_', '/')); + if (raw) { + try { + var data = JSON.parse(raw); + if (data) { + if (data.context && data.context.user && data.context.user.name) { + user = "uid:" + data.sub + "," + data.context.user.name; + } + } + } catch (err) {} + } + } + return user; +} + +/** + * returns absolute value of a number + */ +function MathAbs(x) { + x = +x; + return (x > 0) ? x : 0 - x; +} + +/** + * util for hashing a string into given range + * Source: http://pmav.eu/stuff/javascript-hashing-functions/source.html + * + * @param s - string to hash + */ +function simpleHash(s) { + var i, hash = 0; + for (i = 0; i < s.length; i++) { + hash += (s[i].charCodeAt() * (i+1)); + } + // mod 100 b/c we want a percentage range (ie 0-99) + return MathAbs(hash) % 100; +} + +/** + * Returns a release (string) depending on the given + * values provided + * + * @param hash_res - an integer to compare to service_weight + * @param service_weight - integer threshold for assigning release as 'production' + * @param default_weight - if service_weight is undefined, compare hash to this value + * @returns {string} - release + */ +function selectRelease(hash_res, w) { + // determine release by comparing hash val to service weight + if (hash_res < parseInt(w)) { + return 'canary'; + } + return 'production'; +} + +function getWeight(service, weights) { + if (typeof weights[service] === 'undefined') { + return weights['default']; + } + return weights[service]; +} + +function releasesObjToString(releases) { + var res = ''; + for (var service in releases) { + if (releases.hasOwnProperty(service)) { + res = res + service + '.' + releases[service] + '&'; + } + } + return res; +} + +/** + * Checks cookie (dev_canaries or service_releases) + * for service release versions and assigns + * release versions for services not in the cookie based + * on hash value and the percent weight of the canary. + * If the weight for a service is 0, it ignores the cookie + * and sets the release to production. + * + * @param req - nginx request object + * @return a string of service assignments. E.g: + * "fence.canary&sheepdog.production&" + */ +function getServiceReleases(req) { + // + // client cookie containing releases + // developer override can force canary even when canary has + // been deployed for general users by setting the canary weights to zero + // + var devOverride= !!req.variables['cookie_dev_canaries']; + var release_cookie = req.variables['cookie_dev_canaries'] || req.variables['cookie_service_releases'] || ''; + // services to assign to a service (edit this if adding a new canary service) + var services = ['fence', 'fenceshib', 'sheepdog', 'indexd', 'peregrine']; + // weights for services - if given a default weight, use it; else use the default weight from this file + var canary_weights = JSON.parse(req.variables['canary_percent_json']); + if (typeof canary_weights['default'] === 'undefined') { + canary_weights['default'] = DEFAULT_WEIGHT + } else { + canary_weights['default'] = parseInt(canary_weights['default']) + } + // the string to be hashed + var hash_str = ['app', req.variables['realip'], req.variables['http_user_agent'], req.variables['date_gmt']].join(); + var hash_res = -1; + + // for each service: + // if it's weight == 0, ignore the cookie and set release to production + // else if it's in the cookie, use that release + // else select one by hashing and comparing to weight + var updated_releases = {}; + for (var i=0; i < services.length; i++) { + var service = services[i]; + var parsed_release = release_cookie.match(service+'\.(production|canary)'); + if ((!devOverride) && getWeight(service, canary_weights) === 0) { + updated_releases[service] = 'production'; + } else if (!parsed_release) { + // if we haven't yet generated a hash value, do that now + if (hash_res < 0) { + hash_res = simpleHash(hash_str); + } + updated_releases[service] = selectRelease(hash_res, getWeight(service, canary_weights)); + } else { + // append the matched values from the cookie + updated_releases[service] = parsed_release[1]; + } + } + + return releasesObjToString(updated_releases); +} + +/** + * Controls the value of Access-Control-Allow-Credentials by environment variable + * ORIGINS_ALLOW_CREDENTIALS. + * + * ORIGINS_ALLOW_CREDENTIALS is supposed to be a list of origins in JSON string. Only + * requests with origins in this list are allowed to send credentials like cookies to + * this website. See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials + * + * In most cases, credentials shouldn't be sent cross-site to mitigate CSRF attack risks. + * This is useful when Gen3 is deployed as an SSO and centralized service in a cross-site + * manner. The NDEF for example, serves two sub-commons at sub1.example.com and + * sub2.example.com with a centralized commons at example.com running Fence, Indexd and + * Arborist. When logged in at example.com, requests sent to both sub1 and sub2 are + * allowed to carry the same authentication cookie, therefore extra login is not needed + * for sub1 or sub2. + * + * @param req - nginx request object + * @returns {string} value used in Access-Control-Allow-Credentials header, empty string + * to not include this header + */ +function isCredentialsAllowed(req) { + if (!!req.variables['http_origin']) { + var origins = JSON.parse(req.variables['origins_allow_credentials'] || '[]') || []; + for (var i = 0; i < origins.length; i++) { + // cannot use === to compare byte strings, whose "typeof" is also confusingly "string" + if (origins[i].fromUTF8().toLowerCase().trim() === + req.variables['http_origin'].fromUTF8().toLowerCase().trim()) { + return 'true'; + } + } + } + return ''; +} + +/** + * Test whether the given ipAddrStr is in the global blackListStr. + * Currently does not support CIDR format - just list of IP's + * + * @param {string} ipAddrStr + * @param {string} blackListStr comma separated black list - defaults to globalBlackListStr (see below) + * @return {boolean} true if ipAddrStr is in the black list + */ +function isOnBlackList(ipAddrStr, blackListStr) { + return blackListStr.includes(ipAddrStr); +} + +/** + * Call via nginx.conf js_set after setting the blackListStr and + * ipAddrStr variables via set: + * + * set blackListStr="whatever" + * set ipAddrStr="whatever" + * js_set blackListCheck checkBlackList + * + * Note: kube-setup-revproxy generates gen3-blacklist.conf - which + * gets sucked into the nginx.conf config + * + * @param {Request} req + * @param {Response} res + * @return "ok" or "block" - fail to "ok" in ambiguous situation + */ +function checkBlackList(req,res) { + var ipAddrStr = req.variables["ip_addr_str"]; + var blackListStr = req.variables["black_list_str"]; + + if (ipAddrStr && blackListStr && isOnBlackList(ipAddrStr, blackListStr)) { + return "block"; + } + return "ok"; // + "-" + ipAddrStr + "-" + blackListStr; +} + + +/** + * Handle the js_content callout from /workspace-authorize. + * Basically - redirect to a subdomain /wts/authorize endpoint + * based on the state=SUBDOMAIN-... query parameter with + * some guards to stop attacks. + * + * @param {*} req + * @param {*} res + */ +function gen3_workspace_authorize_handler(req) { + var subdomain = ''; + var query = req.variables["args"] || ""; + var matchGroups = null; + + if (matchGroups = query.match(/(^state=|&state=)(\w+)-/)) { + subdomain = matchGroups[2]; + var location = "https://" + subdomain + "." + req.variables["host"] + + "/wts/oauth2/authorize?" + query; + req.return(302, location); + } else { + req.headersOut["Content-Type"] = "application/json" + req.return(400, '{ "status": "redirect failed validation" }'); + } +} + +export default {userid, isCredentialsAllowed}; diff --git a/helm/revproxy/nginxPrivate/nginx.conf b/helm/revproxy/nginxPrivate/nginx.conf new file mode 100644 index 000000000..989b0affc --- /dev/null +++ b/helm/revproxy/nginxPrivate/nginx.conf @@ -0,0 +1,348 @@ +user nginx; +worker_processes 4; +pid /var/run/nginx.pid; + +load_module modules/ngx_http_js_module.so; +load_module modules/ngx_http_perl_module.so; + +## +# Preserve environment variables +# Note: to use the variable in blocks below, you must use +# perl to set the variable. eg: +# perl_set $my_var 'sub { return $ENV{"MY_ENVIRONMENT_VAIRABLE"}; }'; +## +env POD_NAMESPACE; +env CANARY_PERCENT_JSON; +env COOKIE_DOMAIN; +env ORIGINS_ALLOW_CREDENTIALS; +env DES_NAMESPACE; +env MAINTENANCE_MODE; +env INDEXD_AUTHZ; +env MDS_AUTHZ; +env FRONTEND_ROOT; +env DOCUMENT_URL; + +events { + worker_connections 768; +} + +http { + ## + # Basic Settings + ## + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + port_in_redirect off; + server_tokens off; + + # For websockets + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + + map $proxy_protocol_addr $initialip { + "" $http_x_forwarded_for; + default $proxy_protocol_addr; + } + + map $initialip $realip { + "" $remote_addr; #if this header missing set remote_addr as real ip + default $initialip; + } + +# Log filtering for health checks +map $http_user_agent $loggable { + default 1; + "ELB-HealthChecker/2.0" 0; + ~^Uptime-Kuma 0; + ~^kube-probe 0; + ~GoogleStackdriverMonitoring 0; +} + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # ## + # # Note - nginscript js_set, etc get processed + # # on demand: https://www.nginx.com/blog/introduction-nginscript/ + # # # + js_import helpers.js; + js_set $userid helpers.userid; + + + perl_set $document_url_env 'sub { return $ENV{"DOCUMENT_URL"} || ""; }'; + + # see portal-conf + perl_set $maintenance_mode_env 'sub { return $ENV{"MAINTENANCE_MODE"} || "undefined"; }'; + + # Setup root path frontend service + perl_set $frontend_root_service 'sub { return $ENV{"FRONTEND_ROOT"} eq "gen3ff" ? "gen3ff" : "portal"; }'; + + + ## + # Logging Settings + ## + log_format json '{"gen3log": "nginx", ' + '"date_access": "$time_iso8601", ' + '"user_id": "$userid", ' + '"request_id": "$request_id", ' + '"session_id": "$session_id", ' + '"visitor_id": "$visitor_id", ' + '"network_client_ip": "$realip", ' + '"network_bytes_write": $body_bytes_sent, ' + '"response_secs": $request_time, ' + '"http_status_code": $status, ' + '"http_request": "$request_uri", ' + '"http_verb": "$request_method", ' + '"http_referer": "$http_referer", ' + '"http_useragent": "$http_user_agent", ' + '"http_upstream": "$upstream", ' + '"proxy_service": "$proxy_service", ' + '"message": "$request" }'; + + access_log /dev/stdout json if=$loggable; + + + ## + # Gzip Settings + ## + gzip on; + gzip_disable "msie6"; + gzip_proxied any; + gzip_types + text/css + text/javascript + text/xml + text/plain + application/javascript + application/x-javascript + application/json; + + # ## + # # Namespace + # ## + perl_set $namespace 'sub { return $ENV{"POD_NAMESPACE"}; }'; + + # ## + # # Fence Namespace + # ## + # # For using fence, indexd, etc from a different namespace within the same k8 cluster - + # # support data ecosystem feature ... + # ## + perl_set $des_domain 'sub { return $ENV{"DES_NAMESPACE"} ? qq{.$ENV{"DES_NAMESPACE"}.svc.cluster.local} : qq{.$ENV{"POD_NAMESPACE"}.svc.cluster.local}; }'; + + # ## + # # CORS Credential White List + # ## + perl_set $origins_allow_credentials 'sub { return $ENV{"ORIGINS_ALLOW_CREDENTIALS"}; }'; + js_set $credentials_allowed helpers.isCredentialsAllowed; + + # ## For multi-domain deployments + perl_set $csrf_cookie_domain 'sub { return $ENV{"COOKIE_DOMAIN"} ? qq{;domain=$ENV{"COOKIE_DOMAIN"}} : ""; }'; + + # # indexd password for admin endpoint + perl_set $indexd_b64 'sub { $_ = $ENV{"INDEXD_AUTHZ"}; chomp; return "$_"; }'; + # # metadata service password for admin endpoint + perl_set $mds_b64 'sub { $_ = $ENV{"MDS_AUTHZ"}; chomp; return "$_"; }'; + + + server { + listen 6567; + + root /var/www/metrics; + + location /aggregated_metrics { + types {} + default_type text/plain; + try_files $uri $uri/ /metrics.txt; + autoindex on; + access_log off; + } + } + + server { + listen 80; + + server_tokens off; + proxy_hide_header server; + proxy_hide_header X-Powered-By; + add_header "X-Frame-Options" "SAMEORIGIN" always; + add_header "X-Content-Type-Options" "nosniff" always; + add_header "X-Xss-Protection" "1; mode=block" always; + add_header "X-Robots-Tag" "noindex, nofollow" always; + + if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } + # + # Strict-Transport-Security only applys for https traffic - set after testing protocol + # + add_header "Strict-Transport-Security" "max-age=63072000; includeSubdomains;" always; + + # + # From https://enable-cors.org/server_nginx.html + # This overrides the individual services + # + set $allow_origin "*"; + if ($http_origin = "https://$host") { + set $allow_origin "$http_origin"; + } + + proxy_hide_header Access-Control-Allow-Origin; # Remove existing header + add_header "Access-Control-Allow-Origin" "$allow_origin" always; + add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, DELETE, PUT" always; + add_header "Access-Control-Allow-Credentials" "$credentials_allowed" always; + add_header "Access-Control-Allow-Headers" "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Cookie,X-CSRF-Token" always; + add_header "Access-Control-Expose-Headers" "Content-Length,Content-Range" always; + + + + # update service release cookie + # add_header Set-Cookie "service_releases=${service_releases};Path=/;Max-Age=600;HttpOnly;Secure;SameSite=Lax" always; + + if ($request_method = 'OPTIONS') { + return 204; + } + + # + # DNS resolver required to resolve dynamic hostnames, btw - kubedns may not support ipv6 + # see https://www.nginx.com/blog/dns-service-discovery-nginx-plus/ + # https://distinctplace.com/2017/04/19/nginx-resolver-explained/ + # + resolver kube-dns.kube-system.svc.cluster.local ipv6=off; + + set $access_token ""; + set $csrf_check "ok-tokenauth"; + + # + # Note: add_header blocks are inheritted iff the current block does not call add_header: + # http://nginx.org/en/docs/http/ngx_http_headers_module.html + # + set $csrf_token "$request_id$request_length$request_time$time_iso8601"; + if ($cookie_csrftoken) { + set $csrf_token "$cookie_csrftoken"; + } + add_header Set-Cookie "csrftoken=$csrf_token$csrf_cookie_domain;Path=/;Secure;SameSite=Lax"; + + # visitor and session tracking for analytics - + # https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-user-id + # + # Simple session tracking - expire the session if not active for 20 minutes + set $session_id "$request_id"; + if ($cookie_session) { + set $session_id "$cookie_session"; + } + add_header Set-Cookie "session=$session_id;Path=/;Max-Age=1200;HttpOnly;Secure;SameSite=Lax"; + # Simple visitor tracking - immortal + set $visitor_id "$request_id"; + if ($cookie_visitor) { + set $visitor_id "$cookie_visitor"; + } + add_header Set-Cookie "visitor=$visitor_id;Path=/;Max-Age=36000000;HttpOnly;Secure;SameSite=Lax"; + + if ($cookie_access_token) { + set $access_token "bearer $cookie_access_token"; + # cookie auth requires csrf check + set $csrf_check "fail"; + } + if ($http_authorization) { + # Authorization header is present - prefer that token over cookie token + set $access_token "$http_authorization"; + } + + # + # initialize proxy_service and upstream used as key in logs to + # unspecified values - + # individual service locations should override to "peregrine", ... + # + set $proxy_service "noproxy"; + + # + # Note - need to repeat this line in location blocks that call proxy_set_header, + # as nginx proxy module inherits proxy_set_header if and only if current level does + # not set headers ... http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header + # + proxy_set_header Authorization "$access_token"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For "$realip"; + proxy_set_header X-UserId "$userid"; + # Can propagate this request id through downstream microservice requests for tracing + proxy_set_header X-ReqId "$request_id"; + proxy_set_header X-SessionId "$session_id"; + proxy_set_header X-VisitorId "$visitor_id"; + proxy_intercept_errors on; + + # + # Accomodate large jwt token headers + # * http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size + # * https://ma.ttias.be/nginx-proxy-upstream-sent-big-header-reading-response-header-upstream/ + # + proxy_buffer_size 16k; + proxy_buffers 8 16k; + proxy_busy_buffers_size 32k; + client_body_buffer_size 16k; + proxy_read_timeout 400; + proxy_send_timeout 400; + proxy_connect_timeout 400; + + # + # also incoming from client: + # * https://fullvalence.com/2016/07/05/cookie-size-in-nginx/ + # * https://nginx.org/en/docs/http/ngx_http_core_module.html#client_header_buffer_size + large_client_header_buffers 4 64k; + client_header_buffer_size 4k; + + # + # CSRF check + # This block requires a csrftoken for all POST requests. + # + if ($cookie_csrftoken = $http_x_csrf_token) { + # this will fail further below if cookie_csrftoken is empty + set $csrf_check "ok-$cookie_csrftoken"; + } + if ($request_method != "POST") { + set $csrf_check "ok-$request_method"; + } + if ($cookie_access_token = "") { + # do this again here b/c empty cookie_csrftoken == empty http_x_csrf_token - ugh + set $csrf_check "ok-tokenauth"; + } + + error_page 500 501 502 503 504 @5xx; + + location @5xx { + internal; + return 500 "{ \"error\": \"service failure - try again later\"}"; + } + + location = /_status { + default_type application/json; + set $upstream http://localhost; + access_log off; + return 200 "{ \"message\": \"Feelin good!\", \"csrf\": \"$csrf_token\" }\n"; + } + + include /etc/nginx/gen3.conf/*.conf; + if ($document_url_env != "") { + include /etc/nginx/gen3.conf/documentation-site/*.conf; + } + + location @errorworkspace { + # if ($frontend_root_service = "gen3ff") { + # return 302 https://$host/portal/no-workspace-access; + # } + return 302 https://$host/no-workspace-access; + } + + location /canary { + add_header Content-Type text/html; + return 200 'You are running the Helm version of this commons'; + } + } +} diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index eb0d5655e..f0374c588 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -38,7 +38,14 @@ kind: ConfigMap metadata: name: revproxy-nginx-conf data: +{{- if .Values.enableRobotsTxt }} +{{- range $path, $bytes := .Files.Glob "nginxPrivate/*" }} + {{ ($a := split "/" $path)._1 }}: | + {{- $bytes | toString | nindent 4 }} +{{- end}} +{{- else }} {{- range $path, $bytes := .Files.Glob "nginx/*" }} {{ ($a := split "/" $path)._1 }}: | {{- $bytes | toString | nindent 4 }} {{- end}} +{{- end }} From caf53e76754ff0a998d842e3b218ec791298db72 Mon Sep 17 00:00:00 2001 From: Ed Date: Sun, 23 Nov 2025 10:57:14 -0600 Subject: [PATCH 03/18] Added robots.txt endpoint --- helm/revproxy/gen3.nginx.conf/robots-txt.conf | 6 ------ helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf | 4 ++++ helm/revproxy/templates/configMaps.yaml | 4 ++++ 3 files changed, 8 insertions(+), 6 deletions(-) delete mode 100644 helm/revproxy/gen3.nginx.conf/robots-txt.conf create mode 100644 helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf diff --git a/helm/revproxy/gen3.nginx.conf/robots-txt.conf b/helm/revproxy/gen3.nginx.conf/robots-txt.conf deleted file mode 100644 index d9d7ae3f2..000000000 --- a/helm/revproxy/gen3.nginx.conf/robots-txt.conf +++ /dev/null @@ -1,6 +0,0 @@ -{{- if .Values.enableRobotsTxt }} -location /robots.txt { - default_type text/plain; - return 200 "User-agent: *\nDisallow: /\n"; -} -{{- end }} \ No newline at end of file diff --git a/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf b/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf new file mode 100644 index 000000000..e878dd0d9 --- /dev/null +++ b/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf @@ -0,0 +1,4 @@ + location /robots.txt { + default_type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; + } \ No newline at end of file diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index f0374c588..97d1fb6e1 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -18,6 +18,10 @@ data: {{ "portal-service.conf" }}: | {{- .Files.Get "gen3.nginx.conf/portal-as-root/portal-service.conf" | nindent 4}} {{- end }} +{{- if .Values.enableRobotsTxt -}} + {{ "robots-txt.conf" }}: | + {{- .Files.Get "gen3.nginx.conf/robots/robots-txt.conf" | nindent 4 }} +{{- end }} {{- range .Values.extraServices }} {{ printf "%s-service.conf" .name }}: | location {{ .path }}/ { From 5b18987a73dd65f11f587cea95c322eb1282a9e5 Mon Sep 17 00:00:00 2001 From: Ed Date: Sun, 23 Nov 2025 11:26:27 -0600 Subject: [PATCH 04/18] Added robots.txt endpoint --- helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf | 2 +- helm/revproxy/templates/configMaps.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf b/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf index e878dd0d9..9ea7ad24d 100644 --- a/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf +++ b/helm/revproxy/gen3.nginx.conf/robots/robots-txt.conf @@ -1,4 +1,4 @@ location /robots.txt { default_type text/plain; return 200 "User-agent: *\nDisallow: /\n"; - } \ No newline at end of file + } diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index 97d1fb6e1..f05e4e5ed 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -18,9 +18,9 @@ data: {{ "portal-service.conf" }}: | {{- .Files.Get "gen3.nginx.conf/portal-as-root/portal-service.conf" | nindent 4}} {{- end }} -{{- if .Values.enableRobotsTxt -}} +{{- if .Values.enableRobotsTxt }} {{ "robots-txt.conf" }}: | - {{- .Files.Get "gen3.nginx.conf/robots/robots-txt.conf" | nindent 4 }} + {{- .Files.Get "gen3.nginx.conf/robots/robots-txt.conf" | nindent 4}} {{- end }} {{- range .Values.extraServices }} {{ printf "%s-service.conf" .name }}: | From 367b682568cce95853ff0ab98e3087d09f7d5427 Mon Sep 17 00:00:00 2001 From: Ed Date: Wed, 3 Dec 2025 16:35:50 -0600 Subject: [PATCH 05/18] Allowed for setting authz for extra revproxy services --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- helm/revproxy/templates/configMaps.yaml | 7 +++++++ helm/revproxy/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index bf349b63b..cb30290ea 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -173,7 +173,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.97 +version: 0.2.98 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 7b9a88842..adf8ee7ea 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.2.97](https://img.shields.io/badge/Version-0.2.97-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.2.98](https://img.shields.io/badge/Version-0.2.98-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index f05e4e5ed..e185295e7 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -28,6 +28,13 @@ data: if ($csrf_check !~ ^ok-\S.+$) { return 403 "failed csrf check"; } + {{- if and .authzPolicy .authzService -}} + set $authz_resource "/{{ .authzPolicy }}"; + set $authz_method "access"; + set $authz_service "{{ .authzService }}"; + # be careful - sub-request runs in same context as this request + auth_request /gen3-authz; + {{- end }} set $proxy_service "{{ .name }}"; set $upstream http://{{ .serviceName }}$des_domain; diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index cddd618a4..38f9a75ea 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -254,6 +254,8 @@ extraServices: # - name: "protein-paint" # path: /protein-paint # serviceName: protein-paint +# authzPolicy: "protein-paint" +# authzService: "protein-paint" # -- (bool) Whether to enable robots.txt generation and serving. enableRobotsTxt: false From 23e4871568a15a3ffa50117d4d71cc4f753f5c8b Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Fri, 19 Dec 2025 16:17:00 -0600 Subject: [PATCH 06/18] Improve gen3-workflow to run out of the box --- helm/gen3-workflow/Chart.yaml | 2 +- helm/gen3-workflow/README.md | 12 +-- .../templates/jobs-namespace.yaml | 8 +- helm/gen3-workflow/templates/netpolicy.yaml | 2 +- helm/gen3-workflow/values.yaml | 83 +++++-------------- helm/gen3/Chart.yaml | 4 +- helm/gen3/README.md | 4 +- 7 files changed, 37 insertions(+), 78 deletions(-) diff --git a/helm/gen3-workflow/Chart.yaml b/helm/gen3-workflow/Chart.yaml index f962a6979..c6f00f359 100644 --- a/helm/gen3-workflow/Chart.yaml +++ b/helm/gen3-workflow/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3-workflow/README.md b/helm/gen3-workflow/README.md index 075edfdb1..ff5d158b9 100644 --- a/helm/gen3-workflow/README.md +++ b/helm/gen3-workflow/README.md @@ -1,6 +1,6 @@ # gen3-workflow -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -47,14 +47,8 @@ A Helm chart for Kubernetes | externalSecrets.gen3workflowG3auto | string | `""` | Will override the name of the aws secrets manager secret. Default is "gen3workflow-g3auto" | | extraLabels | map | `{"dbgen3workflow":"yes","netnolimit":"yes","public":"yes"}` | Will completely override the extraLabels defined in the common chart's _label_setup.tpl | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| funnel.Kubernetes.ExecutorTemplate | string | `"# Task Executor\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: {{.TaskId}}-{{.JobId}}\n namespace: {{.JobsNamespace}}\n labels:\n app: funnel-executor\n job-name: {{.TaskId}}-{{.JobId}}\nspec:\n backoffLimit: 1\n completions: 1\n template:\n spec:\n restartPolicy: OnFailure\n serviceAccountName: funnel-sa-{{.Namespace}}\n containers:\n - name: funnel-worker-{{.TaskId}}\n image: {{.Image}}\n imagePullPolicy: Always\n command: [\"/bin/sh\", \"-c\"]\n args: {{.Command}}\n workingDir: {{.Workdir}}\n resources:\n requests:\n cpu: {{if ne .Cpus 0 -}}{{.Cpus}}{{ else }}{{\"100m\"}}{{end}}\n memory: '{{if ne .RamGb 0.0 -}}{{printf \"%.0fG\" .RamGb}}{{else}}{{\"4G\"}}{{end}}'\n ephemeral-storage: '{{if ne .DiskGb 0.0 -}}{{printf \"%.0fG\" .DiskGb}}{{else}}{{\"2G\"}}{{end}}'\n\n volumeMounts:\n ### DO NOT CHANGE THIS\n {{- if .NeedsPVC }}\n {{range $idx, $item := .Volumes}}\n - name: funnel-storage-{{$.TaskId}}\n mountPath: {{$item.ContainerPath}}\n subPath: {{$.TaskId}}{{$item.ContainerPath}}\n {{end}}\n {{- end }}\n\n volumes:\n {{- if .NeedsPVC }}\n - name: funnel-storage-{{.TaskId}}\n persistentVolumeClaim:\n claimName: funnel-worker-pvc-{{.TaskId}}\n {{- end }}\n"` | | -| funnel.Plugins.Params.OidcClientId | string | `""` | | -| funnel.Plugins.Params.OidcClientSecret | string | `""` | | -| funnel.Plugins.Params.OidcTokenUrl | string | `"https://{{ .Values.gen3WorkflowConfig.hostname }}/user"` | OIDC token URL for the Funnel service to use for authentication. Replace {{ .Values.gen3WorkflowConfig.hostname }} with the actual hostname where gen3-workflow is deployed. | -| funnel.Plugins.Params.S3Url | string | `"gen3-workflow-service.{{ .Release.Namespace }}.svc.cluster.local"` | | -| funnel.Plugins.Path | string | `"plugin-binaries/auth-plugin"` | | -| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\necho \"Patching values...\"\n\n# Assuming we don't have any other occurence of OidcClientId in the config file\nsed -E \"s|(OidcClientId:).*|\\1 ${FUNNEL_OIDC_CLIENT_ID}|\" /etc/config/funnel.conf \\\n| sed -E \"s|(OidcClientSecret:).*|\\1 ${FUNNEL_OIDC_CLIENT_SECRET}|\" > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | -| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\necho \"Patching values...\"\n\n# Assuming we don't have any other occurence of OidcClientId in the config file\nsed -E \"s|(OidcClientId:).*|\\1 ${FUNNEL_OIDC_CLIENT_ID}|\" /etc/config/funnel.conf \\\n| sed -E \"s|(OidcClientSecret:).*|\\1 ${FUNNEL_OIDC_CLIENT_SECRET}|\" > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | +| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | +| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | | funnel.image.initContainers[0].command | list | `["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"]` | Arguments to pass to the init container. | | funnel.image.initContainers[0].image | string | `"quay.io/cdis/funnel-gen3-plugin"` | The Docker image repository for the Funnel init/plugin container. | | funnel.image.initContainers[0].pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | diff --git a/helm/gen3-workflow/templates/jobs-namespace.yaml b/helm/gen3-workflow/templates/jobs-namespace.yaml index 2203b134a..d1f5f9fa7 100644 --- a/helm/gen3-workflow/templates/jobs-namespace.yaml +++ b/helm/gen3-workflow/templates/jobs-namespace.yaml @@ -1,8 +1,10 @@ -{{- if and .Values.funnel.Kubernetes.JobsNamespace (ne .Values.funnel.Kubernetes.JobsNamespace .Release.Namespace) -}} +{{- $jobsNamespace := default (printf "gen3-%s-workflow-pods" .Release.Namespace) .Values.funnel.Kubernetes.JobsNamespace }} + +{{- if ne $jobsNamespace .Release.Namespace }} apiVersion: v1 kind: Namespace metadata: - name: {{ .Values.funnel.Kubernetes.JobsNamespace | quote }} + name: {{ $jobsNamespace | quote }} labels: - app.kubernetes.io/name: {{ .Values.funnel.Kubernetes.JobsNamespace | quote }} + app.kubernetes.io/name: {{ $jobsNamespace | quote }} {{- end }} diff --git a/helm/gen3-workflow/templates/netpolicy.yaml b/helm/gen3-workflow/templates/netpolicy.yaml index 1978641e0..9e539c387 100644 --- a/helm/gen3-workflow/templates/netpolicy.yaml +++ b/helm/gen3-workflow/templates/netpolicy.yaml @@ -11,7 +11,7 @@ {{ if .Values.global.netPolicy.enabled }} -{{ $jobsNamespace := .Values.funnel.Kubernetes.JobsNamespace | default .Release.Namespace }} +{{- $jobsNamespace := default (printf "gen3-%s-workflow-pods" .Release.Namespace) .Values.funnel.Kubernetes.JobsNamespace }} --- # Funnel needs both ingress and egress to/from gen3-workflow and funnel-mongodb diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index dc5e8c5c4..b03d7fc69 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -378,6 +378,15 @@ funnel: volumeMounts: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries + - name: fence-url-fetcher + image: curlimages/curl:latest + imagePullPolicy: IfNotPresent + command: ["/bin/sh","-c"] + args: + - "while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json" + volumeMounts: + - name: funnel-patched-config-volume + mountPath: /tmp - name: secrets-updater image: quay.io/cdis/awshelper tag: master @@ -406,11 +415,22 @@ funnel: - | echo "Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID" + namespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) + export JOBS_NAMESPACE=gen3-$namespace-workflow-pods + export S3_URL=gen3-workflow-service.$namespace.svc.cluster.local + export OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r ".issuer") + echo "Patching values..." - # Assuming we don't have any other occurence of OidcClientId in the config file - sed -E "s|(OidcClientId:).*|\1 ${FUNNEL_OIDC_CLIENT_ID}|" /etc/config/funnel.conf \ - | sed -E "s|(OidcClientSecret:).*|\1 ${FUNNEL_OIDC_CLIENT_SECRET}|" > /tmp/funnel-patched.conf + yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = { + "Path": "plugin-binaries/auth-plugin", + "Params": { + "OidcClientId": strenv(FUNNEL_OIDC_CLIENT_ID), + "OidcClientSecret": strenv(FUNNEL_OIDC_CLIENT_SECRET), + "OidcTokenUrl": strenv(OIDC_TOKEN_URL), + "S3Url": strenv(S3_URL) + } + }' /etc/config/funnel.conf > /tmp/funnel-patched.conf if [[ ! -s /tmp/funnel-patched.conf ]]; then echo "ERROR: Patched config is empty. Aborting." @@ -455,53 +475,6 @@ funnel: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries - Kubernetes: - ExecutorTemplate: | - # Task Executor - apiVersion: batch/v1 - kind: Job - metadata: - name: {{.TaskId}}-{{.JobId}} - namespace: {{.JobsNamespace}} - labels: - app: funnel-executor - job-name: {{.TaskId}}-{{.JobId}} - spec: - backoffLimit: 1 - completions: 1 - template: - spec: - restartPolicy: OnFailure - serviceAccountName: funnel-sa-{{.Namespace}} - containers: - - name: funnel-worker-{{.TaskId}} - image: {{.Image}} - imagePullPolicy: Always - command: ["/bin/sh", "-c"] - args: {{.Command}} - workingDir: {{.Workdir}} - resources: - requests: - cpu: {{if ne .Cpus 0 -}}{{.Cpus}}{{ else }}{{"100m"}}{{end}} - memory: '{{if ne .RamGb 0.0 -}}{{printf "%.0fG" .RamGb}}{{else}}{{"4G"}}{{end}}' - ephemeral-storage: '{{if ne .DiskGb 0.0 -}}{{printf "%.0fG" .DiskGb}}{{else}}{{"2G"}}{{end}}' - - volumeMounts: - ### DO NOT CHANGE THIS - {{- if .NeedsPVC }} - {{range $idx, $item := .Volumes}} - - name: funnel-storage-{{$.TaskId}} - mountPath: {{$item.ContainerPath}} - subPath: {{$.TaskId}}{{$item.ContainerPath}} - {{end}} - {{- end }} - - volumes: - {{- if .NeedsPVC }} - - name: funnel-storage-{{.TaskId}} - persistentVolumeClaim: - claimName: funnel-worker-pvc-{{.TaskId}} - {{- end }} mongodb: # This overrides the default mongodb image used by Funnel which doesn't support ARM architecture, # uncomment this if you're running it on an ARM chipset machine @@ -516,16 +489,6 @@ funnel: periodSeconds: 10 failureThreshold: 10 - Plugins: - Path: plugin-binaries/auth-plugin - Params: - OidcClientId: - OidcClientSecret: - # Replace {{ .Release.Namespace }} with the actual namespace where gen3-workflow is deployed - S3Url: gen3-workflow-service.{{ .Release.Namespace }}.svc.cluster.local - # -- (string) OIDC token URL for the Funnel service to use for authentication. Replace {{ .Values.gen3WorkflowConfig.hostname }} with the actual hostname where gen3-workflow is deployed. - OidcTokenUrl: https://{{ .Values.gen3WorkflowConfig.hostname }}/user - karpenter: nodeclass.yaml: | apiVersion: karpenter.k8s.aws/v1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 079015239..7273bafee 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../gen3-user-data-library" condition: gen3-user-data-library.enabled - name: gen3-workflow - version: 0.1.7 + version: 0.1.8 repository: "file://../gen3-workflow" condition: gen3-workflow.enabled - name: guppy @@ -177,7 +177,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.115 +version: 0.2.116 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 44d913d7d..f8e9921d3 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.2.115](https://img.shields.io/badge/Version-0.2.115-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.2.116](https://img.shields.io/badge/Version-0.2.116-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../gen3-analysis | gen3-analysis | 0.1.4 | | file://../gen3-network-policies | gen3-network-policies | 0.1.3 | | file://../gen3-user-data-library | gen3-user-data-library | 0.1.9 | -| file://../gen3-workflow | gen3-workflow | 0.1.7 | +| file://../gen3-workflow | gen3-workflow | 0.1.8 | | file://../guppy | guppy | 0.1.30 | | file://../hatchery | hatchery | 0.1.61 | | file://../indexd | indexd | 0.1.37 | From 57b79a6c408683fef9782d90d0bcc0a08136993c Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Fri, 19 Dec 2025 16:33:29 -0600 Subject: [PATCH 07/18] bug fixes --- helm/gen3-workflow/README.md | 4 ++-- helm/gen3-workflow/values.yaml | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/helm/gen3-workflow/README.md b/helm/gen3-workflow/README.md index ff5d158b9..8cfa07e02 100644 --- a/helm/gen3-workflow/README.md +++ b/helm/gen3-workflow/README.md @@ -47,8 +47,8 @@ A Helm chart for Kubernetes | externalSecrets.gen3workflowG3auto | string | `""` | Will override the name of the aws secrets manager secret. Default is "gen3workflow-g3auto" | | extraLabels | map | `{"dbgen3workflow":"yes","netnolimit":"yes","public":"yes"}` | Will completely override the extraLabels defined in the common chart's _label_setup.tpl | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | -| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | +| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | +| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | | funnel.image.initContainers[0].command | list | `["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"]` | Arguments to pass to the init container. | | funnel.image.initContainers[0].image | string | `"quay.io/cdis/funnel-gen3-plugin"` | The Docker image repository for the Funnel init/plugin container. | | funnel.image.initContainers[0].pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index b03d7fc69..473dbc25b 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -379,7 +379,8 @@ funnel: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries - name: fence-url-fetcher - image: curlimages/curl:latest + image: curlimages/curl + tag: latest imagePullPolicy: IfNotPresent command: ["/bin/sh","-c"] args: @@ -388,8 +389,8 @@ funnel: - name: funnel-patched-config-volume mountPath: /tmp - name: secrets-updater - image: quay.io/cdis/awshelper - tag: master + image: bitnamilegacy/kubectl + tag: latest env: - name: FUNNEL_OIDC_CLIENT_ID valueFrom: @@ -422,7 +423,7 @@ funnel: echo "Patching values..." - yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = { + yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = { "Path": "plugin-binaries/auth-plugin", "Params": { "OidcClientId": strenv(FUNNEL_OIDC_CLIENT_ID), From 004c3d0aa8ea46758067f54f085ae68397592735 Mon Sep 17 00:00:00 2001 From: Ed Date: Mon, 22 Dec 2025 02:48:19 -0600 Subject: [PATCH 08/18] Made csrf check optional for extra services --- helm/revproxy/templates/configMaps.yaml | 2 ++ helm/revproxy/values.yaml | 1 + 2 files changed, 3 insertions(+) diff --git a/helm/revproxy/templates/configMaps.yaml b/helm/revproxy/templates/configMaps.yaml index e185295e7..3d3703f21 100644 --- a/helm/revproxy/templates/configMaps.yaml +++ b/helm/revproxy/templates/configMaps.yaml @@ -25,9 +25,11 @@ data: {{- range .Values.extraServices }} {{ printf "%s-service.conf" .name }}: | location {{ .path }}/ { + {{- if .csrfCheck -}} if ($csrf_check !~ ^ok-\S.+$) { return 403 "failed csrf check"; } + {{- end }} {{- if and .authzPolicy .authzService -}} set $authz_resource "/{{ .authzPolicy }}"; set $authz_method "access"; diff --git a/helm/revproxy/values.yaml b/helm/revproxy/values.yaml index 38f9a75ea..04f6001c4 100644 --- a/helm/revproxy/values.yaml +++ b/helm/revproxy/values.yaml @@ -256,6 +256,7 @@ extraServices: # serviceName: protein-paint # authzPolicy: "protein-paint" # authzService: "protein-paint" +# csrfCheck: true # -- (bool) Whether to enable robots.txt generation and serving. enableRobotsTxt: false From 8bd4a019f258ac7c87df0c806c4d92bfca20fb0f Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Mon, 22 Dec 2025 13:16:52 -0600 Subject: [PATCH 09/18] Update Gen3-workflow chart and make deployment changes to namespace and config --- helm/gen3-workflow/Chart.yaml | 4 ++-- helm/gen3-workflow/README.md | 10 ++++++---- helm/gen3-workflow/charts/funnel-0.1.58.tgz | Bin 85463 -> 0 bytes helm/gen3-workflow/charts/funnel-0.1.71.tgz | Bin 0 -> 86643 bytes helm/gen3-workflow/templates/crossplane.yaml | 3 ++- helm/gen3-workflow/templates/secrets.yaml | 2 +- helm/gen3-workflow/values.yaml | 19 ++++++++++++------- 7 files changed, 23 insertions(+), 15 deletions(-) delete mode 100644 helm/gen3-workflow/charts/funnel-0.1.58.tgz create mode 100644 helm/gen3-workflow/charts/funnel-0.1.71.tgz diff --git a/helm/gen3-workflow/Chart.yaml b/helm/gen3-workflow/Chart.yaml index c6f00f359..21f9075f8 100644 --- a/helm/gen3-workflow/Chart.yaml +++ b/helm/gen3-workflow/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.28 + version: 0.1.29 repository: file://../common - name: funnel # NOTE: @@ -34,5 +34,5 @@ dependencies: # # ArgoCD relies on this checked-in .tgz reference — if it's missing, # Funnel will not be deployed as a dependency. - version: 0.1.58 + version: 0.1.71 repository: "https://ohsu-comp-bio.github.io/helm-charts" diff --git a/helm/gen3-workflow/README.md b/helm/gen3-workflow/README.md index 8cfa07e02..a1c600005 100644 --- a/helm/gen3-workflow/README.md +++ b/helm/gen3-workflow/README.md @@ -8,8 +8,8 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.28 | -| https://ohsu-comp-bio.github.io/helm-charts | funnel | 0.1.58 | +| file://../common | common | 0.1.29 | +| https://ohsu-comp-bio.github.io/helm-charts | funnel | 0.1.71 | ## Values @@ -47,8 +47,8 @@ A Helm chart for Kubernetes | externalSecrets.gen3workflowG3auto | string | `""` | Will override the name of the aws secrets manager secret. Default is "gen3workflow-g3auto" | | extraLabels | map | `{"dbgen3workflow":"yes","netnolimit":"yes","public":"yes"}` | Will completely override the extraLabels defined in the common chart's _label_setup.tpl | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | -| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | +| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq -y '.Kubernetes.JobsNamespace = env.JOBS_NAMESPACE | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": env.FUNNEL_OIDC_CLIENT_ID,\n \"OidcClientSecret\": env.FUNNEL_OIDC_CLIENT_SECRET,\n \"OidcTokenUrl\": env.OIDC_TOKEN_URL,\n \"S3Url\": env.S3_URL\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | +| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq -y '.Kubernetes.JobsNamespace = env.JOBS_NAMESPACE | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": env.FUNNEL_OIDC_CLIENT_ID,\n \"OidcClientSecret\": env.FUNNEL_OIDC_CLIENT_SECRET,\n \"OidcTokenUrl\": env.OIDC_TOKEN_URL,\n \"S3Url\": env.S3_URL\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | | funnel.image.initContainers[0].command | list | `["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"]` | Arguments to pass to the init container. | | funnel.image.initContainers[0].image | string | `"quay.io/cdis/funnel-gen3-plugin"` | The Docker image repository for the Funnel init/plugin container. | | funnel.image.initContainers[0].pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | @@ -60,6 +60,8 @@ A Helm chart for Kubernetes | funnel.mongodb.readinessProbe.initialDelaySeconds | int | `20` | | | funnel.mongodb.readinessProbe.periodSeconds | int | `10` | | | funnel.mongodb.readinessProbe.timeoutSeconds | int | `10` | | +| funnel.resources.requests.ephemeral_storage | string | `"2Gi"` | | +| funnel.resources.requests.memory | string | `"2Gi"` | | | funnel.volumeMounts[0].mountPath | string | `"/etc/config/funnel-server.yaml"` | | | funnel.volumeMounts[0].name | string | `"funnel-patched-config-volume"` | | | funnel.volumeMounts[0].subPath | string | `"funnel-patched.conf"` | | diff --git a/helm/gen3-workflow/charts/funnel-0.1.58.tgz b/helm/gen3-workflow/charts/funnel-0.1.58.tgz deleted file mode 100644 index e67b9d0d790f457e6c8bb1deca6eae2b48187c9e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 85463 zcmV)jK%u`MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%ej7KkAU>b@6gX1Ou{^78lDawJ{=H{qNpUpsMJp=Fo}J7u z2D?ELqh_NAKucz9?csMwEvOhR_a`5C&gW=xcVDC?8 z@Bp|pKBbVD|7q~aZPh#X2l?QF{z$l>EFYnpy&f(K_j7A+uy+^@2hm`-)k{f1@|5HW zC1TWzP{Q(*N+`Er`HZELnB;hpk+g?Uju*r|?;*rV!333zFGpxDWg$lWexg>Kh$mF$ zctPWYE&Aqr51|{2!*DTfQc98{iN!S{Z%ID)wCSgLoJpe%<@6C+Pt{ z!T!%!a{T~ptlR(l`;Gm7aCG!#|9_58eP7@I)}=EdRXJ-Wa%GOE#qf0TF` zQ`Tp5QAP<{6w!pTzByeHD#|RoU>Qx8BXpeI;-%;zL~|-nSS~Tm2^R_?LfhyfD`zxE z=Q)+gy@hv{G8Irlz%zt2Ix7)~!Wt6KMyTM?(EM&iPJI%#Sl~PznV$-Sr0{<9aZ&Uq zCC$>lX`zoxIcJ>yYEU-iSRoB6reHLoIp&n;3I;z@oDL(2HOFY4XJnos(pjI!c4hc0@ zEPvskca?LiN3EZkV%(M^RFsp9CNW8PjBnNGW1h^ZB#A6J86hEYp5lz5o)bbZ5Y zj*#S~9tzHw{6P>tLgX!86j}B30t=xyK>tmljwvBYo{$>ADb9qhE9kFegoe*)ug51i zQRNa&uq39{9w&m8JRw5wh<}ts*lA0Oa)bu(bwL)eP1LW9F6hc4Jwf;l)ktZ^^du{V zB>eoMhu{RhU|f#S*Moto%8Nw*{$}vaz?;dR7{4YQ{Reag+%V%vNXGGupq=qPnv}^k zk&k=knQANL^hS*xz7>(!@43zoUaCVKCkYYaB}>T&T@sxB#Hl1NalTYTl3^iU!TJ>Y zQ6gw05;ee_-B85|D5zpTP6So+tGER>j$_^aiGpCq)OF#MOmUe>M~u+UEtPZhjAiol znW8@#PDqO2;Y+o|PMRW%=R_7eyTg{y zCM=WbWEV|vIwO1+s;Sv0yC_}ec)`?5l3^ifvg_DCO9Co}up1xM!BVcnBV!59cF|la z`H}HmB(jn(c2O}AyJ*H~O7a=a$u3&pyi_ICdYoXH%y-eXJE(dmy0MY}tQ$3QqbBfH ztyyky*%6Q9P8?^uA2(pT=o(M2aqmnu2zx{yZIQ=NM+$zg_kzu4gsYd^NPVaI3}xg- z5m1zpNjcj^G@r6vL^x;aJb{mYyCoBpVlkgE%u|4Ob#DKxHD<26B|%DO``u0k;jOzCO-M zLHN)-L#R5;@FW@T?Y9)(YbiWsY=XHSo%1}&N=5F_)(KALBvPyvXW0nlEP_S8rRQ!= za7s9$IeJcH{{bFF z_8iZ=-JEB5ny@@433No#1!1LBxL)b6nypAnj7j#Rr3{42)L~?5O-4xTT*Q^wU)@oT*xbCxP51jCAa#Zq!X^Vy2oZf!-4 zlmP|wA9J}|Z%U11qcJ6hbu_j=P-{yS8ri*K&K%Ry`Ken&a&GjmchG;=>uGTlDVfq-P0pn&OLga=9Zf;Zj39PHxMH7#<^(2Wj&CS~qx#a9Qh-ig z{2;0(V|aQ}lmg@rUF7okWmRGqPJm~+;3Zx>pN!BTc4begxJIJD3F)Y!3V3z4(YG+6 zw-N9(NS3OXadVrBWu9pMzLf>}0d|evriY@}(=v}e&?aHc4=`fAsv zWsG28sX!^^B$13SRRap(Ddi&+TV28}nb ztm?vD28ZOSV&+&W`-F3S_mQ!gBPQlNY7E=9m8f)&B|`%}9GnOxZ|OBA)bb};s+N)} ztD&ZfY|?y|=?w_bs{KN&tV!Nd38%#iHmlE)s`3)QMU$mL5*Q8`AFnrNq1#RwSXY>4 zVh6D8dGY#|=;|smp6o0AZ-;`uZHb7Jgc%*vbrr2O^?u+aoU#UT1aMfgY zxj7{LJ@ta%8{*c7RvBnsUJ3Y`khz04VR=$=uDB#cpfZM2(Ju@5SD$znnBy!X*%imR zm@273pMBB&etO$ZtD}zUw9hyKSp^wkrT-ny(~NL&|4sL_;65_UjoQ>k#Xji?B>6>JS)nblEBbE_=#XsxKSSl;UC>}RY5lCf9eo)eY zlCFTIaomnjXEw{#BGE!;h03plvt2EA;VeT7yhM|XCD#fOqHs`Hsb(}{mGoq#*9k#H zC>lYvN5`(B8WUyEY#A|h+I0n-G#>l0eN5Uy(&8nAkCJ0>Naapahs!-6fk}P5EUm05FNNM$G zgx1AN1(efZGVisuMU(h(;Cz6a;%j4;%LswEd50qZtfSjdO%OnznzWYy&{LdNLCeafM37*@|Uw8&rhzP_`7#>igJQtC8VJNicIg`y(>7)sk%S@DsLMuXpim{AKt5 zUU&cYKTT-fpI|Z9KQEq*QS_>@DfM%th+2kJfh6So9Mg?`%#;6g`4TC&xViqSb*8`CWS+m;V3t)O zH-nqb`&TF`2wD{MJ_w@5VE)UEo$u%OG2I5}RM20EgZl8(J0O(Kv!8e7d3$@O3lYmYUHvu>NY;)Wwxvv)Vxgbt$OO`?KuSdjO!BOT}k zSpXYxFYHMLRxXMP?89$LP#ZnNGMOW7?>;f>KGgJEnezCjG18?QcV8CHz3y<=o?ZU+ zot=Zk4fjiW16P~(cfWD{&b4pbZS)s5(N{7s4GGRcdqCx!!2KFnOPHxy;9ptpE?&?p z^={|*^3`M2=K#(KZJBMQwsuOUTehwLqA261H3J~R7J%OBHY!D@RTpaePfAkscQ( zeQZfFLMcnG2@i~mkTaSap{?rq)_rcK@BQXlchl!OC#|`odG!}IImrml%c6Sq`#VE} zwWOB4zJ8Ppi2~o|YKaP??(CtefKyN3rS@OgM684`))p?uM%C?U@Xc;9)+<#R2jwLg z03tAOgMDT7#W5NaQdtvLt1zalpRz>sIhhhp@`Uu=jk;GX!UgT$4CCRG{sLjo`eUHsU1a1yrk0GdZ*Mfv~=$L&wJm*~2c z=xw7HEWujDLt-f;S;RefG_K5Xx6w~?DoI8KDB0nT#=E&Ju$&8YJEzIq(ikcb&N6nZ zNuRb!f?ERp@RV9B`v}E-g~fMQR~M#5XH+AZyP-68*+}cIjDq@>Ou!HpqvvN=)@CT~ zd7wtYZGl=rY7Os*$9@grE85ZiK=gY0EF15SDpHjC6zCpJm})nEHG`vjzU0&Q?QkD5 zrYS*ZdBT_ac6nz!K6{LW^|e4~JU(+K8l{kIK{&eL?1rW!b+ES)_w9@oEdaY}3oRt6jVN6-Sgo4c@dfP?>6N1+Qt)Q!$IEA$LzQEXZ-TH+o!$=`mbJJosDDp zR^DG5>-_)so*dNte-HKs2VeYuKgZ{aIsb*wSd=D2ANtvHR|yA-GO2?+kr|3W2d$;% zckfVqNiu>3i7Q$9!v~}!`e@4dE#@f_H%b59J4B7=iP1>Kia07zTPRjlz8(w)Bjedf zk~u?LKT<)ZwNxAKJ&6bLARdmii_mX9cK;qejs5@2oMZ*zB9_H{g#uW!|Mw3Y{{M%A zCtu?Ke3s9l9mTU@0F~TC+KJ&zS70GoKERmv=wb31B>LT`q~5JPPFD3yB0J@^^X!~T33yW z0?>|oKM@TZ%1hOP>ViNMlHgJhB-kQQD??|EnY&`(z&l&3LBKYC$J*b$8mqE2p8=2e zIPRTK5!Xad14(qS0-?uDKckf@0+cIQAPmSGY`ey_B8qlw>C_FSed&hN6zP1w$#7@F z!TAbMA3fcCJ}VsEAZQ@LvEc9w9^Mf-dqwxpBKl{sRfDA)-F$Vme+|~0H<@aGn9w$A zB4I+!>d>ViwnF!$LZNC#>pk%YS${WSxX^niJ8b=jEwuH^*4;M{L}$yq7VK> z$g3_g7Z!`n?PKkz*;&C(KJEgQd&J16Ef(mO`LeYUfX0me*5~ipl6Cr`fcf1l%1+jo3|6K}Wq(IMfL4RNGBov**vqo?y>u)A}P~g+5ift7v6I6R+3!Jomeqwe`k~58U7yHyJ!m+#VYhGI;;=b`BTGre{;I|j@`>pl%cIr%$D?DdFl zEHtUcZ{!xcIa+H3>a{A-a(m&#-LI2H#p79mG7YSgU{&zU2-~Sx#eWCxK=kxBJ zPyRJKbwz|UHcPcLKyhOgxj%KxS2vkA%SjR;&6?_MN_w-7c%m&JML`l1l{TXZ79((f zu=)}WVxd?!KSt?VsL0tv8VFt|)h7#pZ2%4-i>NVy2*TeYFVbthp8nh++^yg8NPSm_ zaShT%SL|E$DH!)d&}!ry$~Fk;*8{Iad+=JnTP=fQLmv1a-_`&ZMc??d>#}hoZffO4 zInkw86|@0;(O8=k6j zpAqRTuFlS$*umSZyLRk1>8%CUSWF}IJ_1D5lih2w+|>$z-REalyB9xP?Vg^!IJ-L2 zHc7g&Dm664hP&_|yq+?qUhSDzd%MHkfq6B-0DIrO+TR_h|7pMbo z^u~m=_8d~&f^x=*Hh4C89e81r5_{pFliP~UYi|^s%(Z*dj&23~j=X02)l+~6#F z_YTP-Lpw2qJB*(biMG1JoNqlwF?tU{#d3)bEZy$f|DM(BCli1*`~UFCQGNeE8Ge!f zKF{YPr8`fbWXvwy{b{gPx3nm?;d=K4Dp0)D?sqe1PVgS({z~qU|0Ktf%$6FU&Zcmw zLvHG*l=@o1e_~nj1%CTO?xLBF(9ng3B)KR#ctmAO2>e^H6#S>E;x^u>qKf(k!G<2K zppQ$gM7e?G`nS<51_aN5v!P4NT+$36u`JbrhJ~?!l7ug4u1akp>$Z(&(@dip*CRc1 zcawlOowTp5iV`85=S*srMjda4=q+X@-p~4IEnF!y20-+tFX5srr$5+6FCAw5Is-|TB zh8J0_cC}ZBgF9eA@|*Al$#1&aQ)Tba%=!nb6lyM%rTzG8IoLK;W-Gh8gV$=Qzpq>PiSqO9+MD*e&wswNa&t+t<0X%kFz`H#TERBXedRadIl-CW9|j$2)cIvBK8 zQTkeAG?SrV_oClA4JOgR7y&NxAB-XwZIFWF9xq&Td%V@#(`dk3)g_uF~_tALU-8 zYyTT_{(B(}fKy7DBQH#2Ns9XOoWvVB-{T0ODik-|YWbQC2$387KF< zzW%h4{^zi^|M#8@zWD!smJdXtl!WJyi&L)v$WMeOCCySun~IZbJR>5u##F|FN+2;O zS%zk6#e&5F&1bualMF-J{Q}Fm_Z;VGZyV)grlWlC6p*>lq@_du^f*SZok@j82^EB+ zjOHZn#i!$6#*%TOGmR}+j($8Dqm**di)U2!;jc!&7f*iWefVo1%x8V|$Nm&IdA|ZQ z!O3-5=s>r=>0jK;OpL>W4Tb@8K<+}pZ|Mr8~unmWu-vpr)Q!U7dq)-FQzHM zeO;WhzxU!Bk+78Xe>aExijUd#}X|82*{^`(nhEang=DWU{z|Or?VXWpa1ng|L_0)AHCl8Ho7GLC@Cl4wBGBz zN0*hs!Fy!FBDpv>z4v}d^7p|%>Ra!-WnT?Snhg~egM7MiEvj}G`c(y! zJ-M@>Nq4>33TP?4dL6b@SiJyTg&?PP+n%fHm|WMfm$Z7b3O`)F2n)8Rt@i5OkX)K{ z=6@ahZOxe%cFL6za4z3>kLXzFUc3@!!vQ}tbPQahN{9^$;_2bi1kNuo)t(wJEYs98x z-u#?*H8ws@U5)l-)yz5ka~>od{yATjZTRQ>lT!`oUceP z{Byo}ZsGO&qmfqlS=?;AIJMaVYdg@N99u`RNKFp4(Znm3lKA|zYXso+ zr85TylIi5BL02(DzTTs0#_;N*ns|1XbX{+9V!;Uug|$0dbNL>6<8$$By!pAU3U9nE zRN)Pnz-EGQ`)~~-xHdKT2E1QuR`5??0vqYTKZyx!<^lhVOrSq~tBAto#mPxVNiNsv z7^;HWmt0X1B1B!>auVI(n?YMEt2h6VzXHcL2X(Br!+B2ST_{Ib`-0}Pk80X}gKSf+ z1Jf+q+*(5)w)WF8yH;@|Cpejtu1#x-t8y2N*A68}qR}YIgnYGDnm2_nFHV|Z!^wk8 zYvTgfeW6ED> zzy6J2S6y4BMXsu~IavR7@Hgvp+~CcVV)MFnEhI!hgUfgmn^E*_*i3QiCJjEHy zNlUF#&SR6Jy^9YC%5ui!hGJ@?UQ<2aStkK=lou-pt$Qr&gw3ds_36^7oMV#k7~hI! zT^Id6AuR(FQu($zLeqMmXMIkqW_+iTj`22uTTYDX#1eJyeT)Bgi}c;)uD!Bo;GDi$ z$!@UL0(dTEVVGl6=4<~5w8eOlgryYw+$bgWwY)dL&Y7+nW|JE^*7^Kivb0v^lHe4s zx?bXZ*{qgiScoPsAoim~&`2aLHDF4OZt6r;@0wm)Bjxm_ab0yQBC+3u4k?`lWqG}V z*pCxIAcikrS4YIa&R2;5uv~H8#4W-$9M*`Rm5PP3? zM%7_$d=?qUbj_a_8{wAPZPC+Of!uK#VC*(%xIUPza6WntV90FlV)P!di7^6r^X@}i z(G5qp7v1U8J1!-gk(_XdHwBr(bw)F5vyDoj8vN^=WQ!6S(|not0J@>re$+ym+N70uM&;dWSs@l`^972gI#9W>rA<;}Rg3=RU-Zb% zNpj6fiKYZAVZ}=F@SbT?dlZ{rkcuzMP~20W2cCbk|BX=cOG<8jF?s3lF967z{XaZ7 zYQ%rp|Kk7gc|O`DQiskoqWrP#a+j2U%d%fs0c^d-9{`M;Ke@Ta|AWo)4U z1-2+7>&&bA={*HE`w@I=9{R8IZ*?5M4FmkfVaHHwDAK6a@7e2> z3kYaVzjyEAbM>wMW<@m74N~0bs0MJ=3S~X$3MHD)PAMPR>+6(quRv=w(DqoMCjMsQ zo?A5x_t)><+3d^j-fayBgT8$I{EJS)$=oS_1*b6 zjHW$B@hd`7aq;6xJwUEWO-|FdyXY$_$pSKy|EM)aLD|~kGo6jzz5A-U{7{&H>D@a3 z9Xl3HJ+2jZ`Imfv>nqmh+fO;}4_g?+ymdf2JJ{@BmFicI)JcZv!e70R`}bALW-V@# z7KnfBU`E0D-^?0uFKw(o|A&M9!~KT*_a*xQ;wQ18`7=?QD%#Ktk!LOb!UiZyF;O%k_l z?j6O7Aru;rkI?(xyLT=!c}r55Mm&r=CaV_HDqJpp zbZngx8h^a=V7T}&Z5RYT11)WzgpHqkMC-}Q=1;oX?^z@JVEs7DdsW1DZ5;L5(nR;?2e$Dh&%0ipos!li)<&oLo&crzY(Pah=qh>6OH78=tj613~ ztdRjiWrW>P&9l;mp|{4zfVF3T9QM22L|M}^-@tiIEo}s?32bOoy`sw-7-Bn!o{{&) z5L*qy)!3+)3d;FuP+R+mq-`_i^j-Dh4ZjVjTvKsj2rWo$ z9czBtQNvlM>hhjxYikAH^wn;&h9PQO%~pd|HE=p^L8S@xs`?=fRMB>gs#l>Ii~(?T zuKaq%bWn!X!6M9>0FCnMO5YQg5X0)0S649c1vCvApP6MH28d{f(H2RYlxB=I%AxYUS-3-jy3N z4V{jYdZLYMWNQ`YH>ruYv4CwY>da$7X2jELTya8<`}Af?dqyN5Z{xft@$5ZqTAYwrK{5BKW#e+Nf@QB#*3D8h#IU`%{Ad@*VOup_Hp{S42qwAZ|WyAyqAm98uXT% z)BC$P-5_V4U8{kef7czRH^a5Gd$rp{w2j7U*FfmGDwM*62Bk8;({K0P{6Q+9m{piNStgmEI6#(@2bidm*xDBL# z>qGqxpEmx_+=<*<8|&Bm)aIuo4%pAscoDNzRxjy=QW1M zGCRU^CNy_JTgZh>P9e&&kXX_LIsZUykec8ECsdkb|L#!IzJEQ0Dz8YFA0}{!>@_LJ zB>_@lIg(4FIHsN<=C2DcF-?SUma*F?B^i+#lw_Rh2E0A>Hzo-=V?Y% z0dVlF6Fyz&Sek&=?zqtA!mq3>ptTXYX*F1vWU5Psl0lt6ZC^wo`Tec8#{UzacKUyR zxqtt(QU0%b{QrZagD?IcpXFmsO8U;K>?@+fgu8lAey7Uj938}Ums0+E>Ot`ZS4*A_M^dmG~B=1+Z*lg zjrNb?Z;l4TC*KUe8UDAeKjLou{Gayyf4?CBR__13qrqUWvHy?0_3 zQCr&x;M9CUvbVhrY0~~P05Ra>07~ls*)V(^b^Rv8>MnktcE{JUGQtWoggM785Pf_t zv>+y%VlXS&-P~5}h{sJ(PBMROr|q>rf9^Gav@)@px{NKW#K1sHcG0AiD8V_RQjlzl zCd4j=l;pOk4ieL7Rt>vGNiqDvaF4WQ*Y-9#i)XR^Rv*)meyl`=#nM*%o-FliC6+^h z9%|M^fBjocmtY!f;0Vuq{`N8HM1#%YuO0=$jptZL@sdoHmlS8&vf3<`$FzCIowWhl zfn8;pWf(&fT?@dgIqmuF0G1UB7GMh+>eVJFs21vAYOOSvQD-xn(a;O8T7I?{%>l0( zxh^NfW=Z^(sdXqZpAqS0*s#n9+R+irz9ZQJ?g>CHqeLJ&Ra6TJB4Ok_n6=i71ar#N z(7W`AUQ?z3N}+@T7E~Fb(B`v(Ox{Y4Phkt8W3|H(o9c%qARHv-)q6~*%Jn8)!SMi$ z)Ne@9n-h{k#R)-Wu11;UN-R|b4yUQ6tB<^@kCaTycuKfWaVv2RJ%SYxfqIVcM@Z0= zB$%rfL4sW>1~7qjoKlgf8MgVuZSKi}(*@>BRIpT46Xi@XhiZbTu&rV=$2^S^mKtme zPEwlabx3(>W}QnWKCoG6ImVr_vVe_ca4tK&33LD3mk$#-JP`UzVUEGN0F z#Mu?4A!JmZkc|p2aE@mrjV8+xY>8E6LxCC!YK5z*BO#?L_~tM!?Njnr5}xDiisR{& zCiViNR?AcwR!2oY*&4Y{HtJ)!>N+_c;B3IYHnEE}ms7T? zh*hDN#^bK)ZTQZ0wgdc*T0RA56JlhK32{z&aFPITs-vE`0u@X8*z$z64y{1Q0yCjh z)Dm`#jY6iw49`#52+N7I-a+d0QiG!c`+${oN``JZrC^ zUhL4t!X%GW*a8*eM6*;WNgp?$X`NR)K=aN_&@EnC%^1dU9LGkMwxTo@)dcJ+W>pZm z+ag#?JZoU#1^RErM7>7^6lkq$<>TsKM9uY=_s(r<`$TnfUYSxHmUhx($wU2qbq5vBPo($DO6^n((fPhT;4 z!HKZj6=@42;HZT~$_%oS5$dw55r*x&ElMF3g-;gfh~sC)4-l6uh)(xI=Pw5SYdSfKv-We;2HDGt7U z@P|!d?A#l)!{l6vOmm!DZs9S=Yg80iCUYf`hz42g9A2C*XigQA92t4h8}UV%Nm^ti za?J~UDEoNUx?{?l)DKp+6#?hNf_Im@uv0r?Is?uI-r66O8C7G6)ni_w4 zoOtIKP~0)WsTx*{PTgsRc37S*(e0e%=#Ag(Qx8YLDQwWr;r4dDtH-6BlU$n1#@eZd zOF0i2k03*cVK;C9qGivhX^g#G9(}#@`m&UaQ=IiRz$gUNZ?GK@F0+A+%Oz6lnR>29 zmRmTs;0V6819IM)ZNLiivZae3d3(Aoh?I)@DWO=k5doFNc^cWqB9=!}%7u)0nfqO- zyiP5FuHl?$A0Y)%>u>G-v$)3&0PR#gz!mDYohItRc$dbBR-hMDNVU`hjJ1l!(&n^u zN)s?8#~JyGJ8~7=>WNj41T6_75tisph}D}WWH*3yjH?%S!McZ#Yt4{uhpGAP z09T~FZ3xln*~R7A$??_M=?JJvy)TxabdOdC2#3%L5EjV}5Uvj)2(R~M2^ZmtPMx#2 zUEslP)kJtqq>@q9|CLw?6CBbJzlLk9bhu;FDfH^~)!7LBr20?g zBfSB%(vaLxR(ia(X6orIXPl(5qsT#jVN7Hu!jnQ~qJB`+hT!VO*m^Fa36ZyiOB^Uznsbf%U$f1QIw6!qOOf=YPeLURy4Mx(Qv~$pXwGE?w z^JNIv4k6|fDsAS18U@y`{@rarPYw8LM)S8u`&aLNO_>Lo9~`^wIt&PxMO{bN1v_^#nA(y-*H4aj!3;&P?1rGXhl6i`n?+QJQX8@qEVVpVU>9P2J=(O5?fS-C zZ3g41G8>^`ytf}8_zK5?2^Hw699L=qKUNR;@tVMg*9H38z&3s01{y&}o$6Y_x~ef) zC05tCb^2-?A8n1$)>n(=FLNg3R`BWxypqH|2ky~>(-2bCdW0*e<1AyhLMtA%tRXX@ zZ>MhOG?^nY2leEHXfY0CGgX8N%gm!4W*ke=8*m`KdNEd1zu;s_xcR}gQETnzn$nX(UH5XHJaX^RPXdkbHowuZPmEgeQ$17tBYQ9 zftC?`V<;Qk=O!!{iIUbd>}1ZUu|HG8tFVc+#S6{^Lo`=wTM&VgInERPuc9}+1hp^8 zZzyLucx&imH=|N!#P;1Fvx`KT%oPGJX-?HBz^(6+l_+KC7Uw}33pq)M5STA_VF)-`up45uH#}RS3CA!zQzaulsvOZC#f>#s zPkvh`zt(sAV)vb~rw~@Ra{6kF=I&ur<)x3L2SYq8Z>^k; z!GF}Mfu4ebB_%M7sO7XuK4XEYJ() zMX~~Q_Pt#v7^n(O0gXi&n?*N-PZUqNj3Ai0e-#OZUa;AZwn!akT>@onh8!4F2V-Vs zY@v0}TPJk5aBN^RLW5o%c-x}UX&Uei)()DRx33eE2qn*`>SJA9ClY9znXb#YgmKdM zphbUo$n^CRsiD~Hg~s$RtWwJWwa5f{b^SMe`nlCV5gzqG1)dmDYrxbu-U7w}WC zSTY^iMS>8Q-!B*q#%G(3M$hLa6sPEy8lm@*HmKZIw3`#{lgn;_kCTiOxQB_2g{yJr zw z`LQqlQPSX29C#!)J1z>6*Ko?%?2<`{vd#%BNbZbutC(f=-e+v)JjP;88lcLJPZdnJ z3@3wVE(xD1j#j_Pi5&U%z$3KxWH5YUAC)y4Th4Oc}qfbqy6X{g!6rqI*W=qHq&h(A46gdhOIqAqs-X3;U*O zUH9(=OK=8EXesB2k1!FB^%^xeK?ZhuP))W?0VfqVr=2v&$yv!wC5VWJ@+#8BpsHSE(r*`4) zD&AEP&>>o2lO@8)9F1CGKm|&0mMNB#$~n!oE-n^x=XVhhRzb)ejum@v8sOUB_ODYz zT05mA)8wYhA;l#x1s=&sEY`^;tcffi+q3gch-lBv6 zD}qFYy}H+~5jDJP7I8GEGM#7!QlL``K4!*f1BZ%XqaH8E|940K}K_ermAp#8C78P8iH8Fx0I9gip~g!Y*b_VD|!Cx>0ad} zq${)_be7-zh`B%zFWc9Qq8rSqqG`TwPTeoSn6;k8vkEr@(X4Rm&h_o<*N!v9SxH9d z+3}@A&(`Ti@Z{wx%44QWJtVdxssp0l!pX}TA@ERZ z?NQwN<2nM~4eBb73t{Y81E#C)O6>bj9an3p^7WdK%FR=4!R|&@dQjn-?^K0>Y3ew1 zcka}=LIKEzk$VxoA_X}t+;TJ_MH%M+ctanHAXhCEbb$+0A}Wh|EkxIM!! z=Tgg{7dRo+5^LF5u|5Pl&;U9c8a_V-Mq*cC6W$3sKPSs!vK(PwJ*{1gV|1P)ZOIOc z*;)_OEBb3w*WARk-RZTJ1eh_L!XwF91}5wt(Ehd_#YpIZqhur7`85qx-R*B1z{@&q z4QEeNFzwrVsgsiFG-L3b`%kQtvcPZ0C7+QI+B^K`>e&yu3r=C*^y+POwq#aT!O}{^ zGk5hDEcL}geIXAAZ&SZIc9)LMIu|CCD0xHu1B-uB(k!(nwx?3JS8bZTQH-+cLkmtL z^qPZHrjlouA^yix?P~@%+YQ$!)fsF`paP1-ZfDXddShR{QM?|!wLG*AR5LZ$VRc zcLk=VfJJuAFxIg(qgnZuX;g>x2YVK6JNy9;>gKcVOJtv0+abNoj6?J0D>l@+G}h|M z?Sx)2Nk&b|y4y}(cAf2bjqKP{p89N%6~2K1H05i&m;yC6(Gt3+QGDbOc{V1nV}(^~ z^zELtZP(C}EHg%pjm354y}H+lQ-XnnNvc}!Yd3z^Vr^wv2mf)wwdz-KB{Y`}q;&!0 zmjFG=hCYQYe34==)t|`X5D91_N~$*ceh`8NjwWczfkSXIt5kqbK0{M)}0tAGh)%q$Rd|~cGo^za#3&JT&wZf^nE~>%^ zN+Vqy#$Xko=CN*qZZsKsvm5R-W$cFV8%l2b#sEayc$kPleGRa04%XJ#8$bvu;jERx zaIfzXH4kdv9sFHVWWgz1fw-vMfh~%Yk!&%PKtMC^`f<`A&jm|OY_pHt&}w(s2BU%# zvMAi1Zs1#61?C!{y*u`f;K4d!4G&C15i|sN*YUDww+Nq)(AZwfoUmMyw=&)YkJToj z_D%;Lk+(_^BNE&}>u;hd;}MQbh^T5UTcj*bt8W(c_%*w-8s=0y=d3J{{(FAv=$FZu zWGAw7vbsTwrATBZkp8#2Mp^~&k=Z^qSfdtaVS_m+`VE^?YpGW^w{t}-qh$4UIgxR~ zIEe*Y;I|3ObIUgw_1zZSCODqYLNVt;7p-quSZD{LsVUyXxc61XAO9As&Q%RG3}t=1?-V%&X-@=+@-d*(zZlhcibZN zp;Z^dE7s2{>*bA>%WC80hcjJ%K*Qw+HCuiNqh(*ATQgU_0?m^hRr9c^)AH6tD>Sz{ zG(7kbL_1ptvKQDXH^^pXqiilzJp*E+_^a6u1Dy=4lWVrgHOu5X!R@d~c0IaaTslL5 z&VGaSO|Yjgba*~w)#9FMPAl7x(HoKzA#@C`PW}Ey8+DcB;&}i5w!<~jalZn&L}POS z$kb?c@UpX#(UzW)3@@$paIT-BR6Rt(JXH&7Gnhpni)ex3Bfv;!BLEf6UH(S^n(Cym zS94CpoMkC8Sz?iNPc{c8O0a~kfQ|KoHNbkogSNAyWhO>wf1p#g`6Ah#dKL~2m{1^8 z@8}2}Dc+@q@dyn&*SC^`>F;NOJ9JuCc=)!v+TGUprcl?e@=XD4u+BFHwc$$N6x@bu zy#cNlKG}G+A2t{Jux+s)-gT{yGj^+0D`4AD1rbbet|ZigGf5J)%H^E1ayGYm7*s9E zaqvW&w7HnOL>pc1zpN+V^ed zv}Mo>|2S(J7=?V&dj2*rQD|jroXb&5`*p4mN?ZmssEK0jsJkPM?I%+W$qb;s+ut?({Ki|X>P{*;d7P%c9TyGUBdb_kI-UmHoOl|ex|!gKmzF=UqFS<& z8>edZz*3^Mw+&FI zR?QzH3-|XvI$E@+5Ws*L|NX8I`koM`v!`&JTnprxVXumJuNnh2h`xQGG6=;Fs)9%L z5aP&-_79=Na&6ZZxzOM?d^AMmRzrix+k$ChWjM8^#M*S*N2_39*1jtLK*sV}mBzrN z03c~C7Xi^zZd(hB@(E6CiE3n6Y7NlLow{0e`OLG4TbR(|+LgmvFbaZsGH=X{WpMUGeUu$zJ#;?_;@${@ggL*}o^?J=X$un}(zy4Z8L9xioy0B&y zll;c5VB6%2<7a0tei@&=I6Jv|eOawytJqx;?f$7*a=YCz?pG91&D+;ob*x?;zdRdX z9G{#u5o*n%&;W3H_Uwn}EtPGwd`C1|j7)VloR_T3rD%(^q3u006A00xWH)}r4K6x+ zfy&34%=*pOXd1kCBnfhk8`qsu@V=O1PWoXPb@0BKDu>gOk$X-4fP9-XsR!3R9|e`8sITrFq}TanL5a->=|kl#iqT#gRx>ufDiMm zzpdH?8!*tw+ofYWR2zbhMU>ci?;2YhboBgUfJo?3Sj=|=WPwwYEb~Cd5)Fv^tj{0f-R`+!bw}O{ApXoq9oCvW)#AAJIf!fmu zA6m^|`b$MfUG8h1P0j#NRQY^MOYQ*3D(-UmL{rMiEzYw3HYY-In#jn2nKB;vDuvaCGhlH6jU?#2*1mcm?`t4sI$s`4g108WQz37)77}wV}N4{ZK6wOMoMTm&a_Z z>`_aAWRLoBth=p!?sO+5GqN?>$r)b&|E;6LSti9T_N@rT_8hy_M@Iuc% z!uir?<%3*Y9{XiN$+_B$u5OEG<(b_c$L0>C;dQH>8|%VtFAPK$$|~(a%Isy9Cug|L>Eh9^#-iG^ zp0il1NYECh-t|?ng1D3{vPnaiwf;fzf^F(qsu=)?GHKM?f3d0h(y4ZU5JfzA{$38;ZOKhj$NM{3%t#YY8tlwnDPe6)*5 zCI~X2Hy-&RrXN)x?<=vLH;8LOTceK%ZjE-tU87n*-n@^W7}vTP(H6DFw?>;pxUP+2 zm~-GGVmseUbmxbS@BF|Ko*z8M^Fu{>-k1ii3jkdsfz9C0AJI}*Tjc zY-xG&T8szHBBPw#R$>j|Xu{dG7Xrl4$4XFgHybNveWP0mwO1X>s!?pZwp$I!Zm0`m zJh-HAar zqM%lxBWAgeY35v4`fYZH|<_p;i_A?P6M!+(w8KmXCc#qeJc>b(ZRI~F(ZRhQ~| z!*PC41$DQI`i`BvAD#8xGJ||JmGs)x6{x6ffd~x;vHstnzjx5Ju3FUF8;t!!>$^X* z#=BBjZKU=!?W)<(;QfJi+6*4-`6E!(+jy^}5ZW2(2+znr@y;(Eu*c^n>Ll>? z)P&;oSXbbfB!^%*GZTcgT3vcpJWShi8tI;m&|;~-#R*&ZgJs`uO40B0?#N%W;r-Dj z z{i@%xtiQ?luCj)&Uuf8CnAXgcwZXDUD(~S|!?Vv9>vik*FT&kbi1X&c6Xe#9)%{C! zYST2B6i)!|5al*U^}%I2U)RUq>`rJZfj9!p@Cg<)t&N1Cs1QEMeZOod)*&=hcNS)sJ zH6_o@2kf^HK_5&A4aLyaf~YrsHDUBloAMr|(r`!ACDS{Q){hiXefo7bF|~%kgGj6E z<<(D0+aBo8Ck@z%nv^ciI=NYOm&#R=rpgr7p!1x8eQcNyB)rVb<)ovLGof z7nOxEG7r?;zOi0?Z>-m#3DbP3t?Wb_zP_EcEFTb3f zGk+*n4w}7qH|&&2YlSG-K5ShRQfvVedc&wOS}@B)*u-ZT%}KUEDanW=h!rN}vEmEx zje!LVKzGiR0|=EnADD2McWFIYv}K1@bi*WU)PkED@3DS>I$cp<;pjM5i z|IvSPHH=BsR~q&!?!&4F+gO4T>?Ld8}x>X(%tV zY!~IM(HO81hze^@Eq75eXG~a|QEQIl+9lk1*7>kjj^Y*j*& z;s{+5oc_eAB(L+Nn|=uTD+wm zrL*nj^$_cpzY5Fs0)d-oe{X{;70}8q!ulqG3got@+3gCj<-De4mO(jLO{Meg@A4tF z=yqgnvofk3oI9RP^+rm`fc}R=e#NdyuCH*k!;Lv48gruyvfRjI!L<1%gy=-a2Q;h+ zu7%N^XCfA%J`bRZh z&Qe+@Ls0W)lwY2EEyQfLv7II)W4EiKD?v`ZIq3|n1qqT3%Uziw8(Ps4OUs60F0&wg z5H2W$*Y{#G!*jdaQQd^uE91x-{JtT4QZF$xf}4AgQBiwxi)AtoAL%4=PF4bpO@y3_ zDrJC?>l)#3o)H9LP~d_=Fjy-7YF9@WP(?@zcuUnnR}-cPr~2~DEbUvCKk^0JyT!iM zT6u_h>jLtdXSLJ^Mg|Po;`;0Et%{pt5~H7vFJGO%dOm6yFDg(<3QiL1P~rzL9mab@ zwa*px=et3G8k)oFL-%@vNInh3VDn#adP6fZBWEJPnLb9Xn#sOG#Jw|S7Zm!fc16L7 z6()_7HRxUiQ_=~zCTI@{ri;I6qM`QY8{g%<4X4d|@>xU4T zf+LrDYUqMVlvE`#a6VM`wL}5ZsTyUi2+=Y)=xc;dTs>ho#F$G|LRLYNMiBUlBy2R& zsLJ@^Q3XW=M(EMYQpn3PKNgStckZUM3SAhX1ii8Jn@;v zN{|;cFW@{`^PDgo)W{|zd9`cn2UUzs$Jl33V z!Duc`0BJGQZcn%Gbv8WC8n5fB z`?|}xVic3Pw&M8s5m4QK)9C)2RlfV32(Nbf*5#wZo9%|<_a@N0e7#q|_x!!rx6tC^ z-3fX_H}Cb0wtIGWw)>FY-RqIR0joY?%^aW>9<2P*A zuIIzu<-y(Nzis}F#GGW>{6hP14}Jgbp|L`!`ERfF-oAI=?R)jywytBVytY51&-TN6 zY`3^SG`zJp@YVLlE%ejAvzPWg_-H?*hxUW|XFsra_QUvQuOemZ+_77zWz!{lvj)1n zuvazVd140_uGPA4c-DCy*lqsMUEa{vxi0j)Zung{yskf@ji$GCZA2QW_@I!E0;KPv z*{x&X;I47XvQ$SLN?A_KEzz2sebvnyY`eKtW;N$ftOoHDWK?je0CmP|xAw6~m5sJ= zDcRO;ok{eK$ddW3*6M1&e%DO+p_J&1x1jkZ{9k~N+%?KvwXHCi(Y&E4ipn=5`1d(_ zkCIZNDBVI^D4OnR*3lrO@FfOQZ3H$gGoT%>3zCoLbSlji`5X%*l0=gPtFu#B&{Uuu zHIM@ZOpT_oPJV2*-@maELe^QLpp}AD+-0nvT6A;O&xuV4tdP--bY~!a3Y_uox-^lx z7_0~}UuelEPUZ`ih9%bQ_|6_Ql0-J@dU+zPDx#USG04+62*tHyKB2NMgY|k?KMtiC z^RO<%===g!2W$#i>Cv8f>Xfto6L8_D*@eC=CF2xleVnF|mmMK8aQY3QrEz~`(V8>yXS)B&_eC$Xro4Bj>_zTEU%OC%`0z=gZ5b5>a= zR^yfhAffG&Ubdn2h%oBN;=XTLn z#C69|V#`TUcft5LR@>2V#8bu>9h0b=YNWQQny^K74CVA}5X|+t=H4H-HURjqfDZ3B z0}V3{xR^Dm>UJ(qFyH+)Q_`@VPtP*Ic1m$$XsSxJ=|U?QRz($|tth&soTOKDM)(O% z=44ENCC{Hd-P@|B)>T`H-C2I~Bj(m_+2cyl4dzr^YpG)~1)kWEK6jgQ=AvQy;JiyC zeIfkq>(}1xk4{YS?D#Uk*4Etw-;D5_rKani8RH zYmVY~V%)iKT_Vfx7`qneh5ys>DIUQOgJCYPB()>WSj(#JPtCA%S-Qx)VSC*}4@@pV ze6B>hiy*h2#pkLjg`k+py61*t6_n0ptgmgyl4D6`OYMYfe`%GjwE-pzlZr{Pv``D? z+Nw&%X2p%|?eRxUf1>>oGQvgQTfzPRpS^egZrer{$M4VnE3k~SvAU*g=h^G6cUQ69 z*0+8g%Sk^yZH|``VTm-hV(e-EAnK!6WPcATzt&)vo(F&GR6gTY`PPgs9G zVu*>{xIjl<$T}9@dzMmb(!1hX8h~7VR$Mepf=~TvK7!le`KzbuQ>}!Dc((#9{Z{m9 z5Ijr6qaX=J^p1raEl*SGfz2O^3(~Sr5(C&Dr_(qjQ^KnXM*o4#p>i;z|DikQU>e1t zbZ#gz;tDpujB?{Sb6 zUc^LEiBJ~c;aJ(m8pdvhlPHN0rh%zu%%<=s^(6vIDrps4=c35cPy}F5OCy$xkjzvd z!f0qz9qvk(_~;V+TfF=?KN**!)c=jrOZ;ylGyXje^6=j+R|_9Ol#F~)bY>$!C>kYH zp-<8fZaj$+LK^b7z{d}g&<_$E$tTLR>w~Q%OM;^+(x@H$iRe=r^)?__3R6u8O{TaD zq{;u5upOBC%d#n6N zONJyS$DtX?c^6pASV6L1WMpYmcAUVZEpKZYQ<b5x{*JDo~nuG&dEMyA`_pnO{92q$&XVy0^VexsQ1ql%h{6&z3yN zL~q7)LW_WXCKG5BYhgIOuX(w!|#GhWT{_KW=a<7&COGgWus0qYVafLy`4| z)yE{tWy;A<+x&Dl>1E-lz}?U`rTRl-mPaWysLHr3RY8+SXYm=JSw0jS9nmP284#ra z=j98s>P26EmP0tnG}b7g>r_SZX+l(2`?&baI~ffR>Db_Xu)HX8047=m{>C9%wck7| zT>*95=)$hMX6YU{WI#8bAc$%D2lEY0UJ{VzE|z!PAqXqFPSo;vnu6udK7jpi>FxlD z3ARmQJ#;ifLmVT({#(R*TY)}PR$AY7En(X93lB)))<)4XI&)oQa@>@Rpv+vCK-?Xs zIqafz5_}q_NmA_dqO9!J=H}+6rm_fVQoK62ui)qMobf1RnuS7s*ZDG>sb3UX?j9;{ zx=b!ri{Lio)%yF@(sfsbbGr^#8GV$fHPS(S69wo)!etX;U+Sh;VLjI6>{Z?PKi zRh559LvDI>FnO2`CUP@2-Ac}>$w^R|KfF{_fx#}?7b!{v4m^iwI2}B5Fc}nw-b!Aw}`57;vhl7|5Cr-VD(LeDhoKeOU51W?a91J2o> z3xT{0qIjCa^KlN*IE_Q_J$nGKd@>JMG^LS~1=#+SXGg68OYd5ghpxTNGIQJD1xvz{ z>Gvhi*;6xR&lY=Z5?~v=W}25V0$Gy0a^2)G2&0F&a3pHhm7~9H0-)X6X%D}4^|S}s zVEwcQ+HeK62i$NCSpcs9<7ul^^y*75B7XP!@Rkrq%({ToclC|iEuMC;YZp#Ca19ns zJAe%rOgo?r7fT5!%~Di6GZspbn7jE(*|M*cR}~Awwt!x2+BHP#Ky|2Yk!3$DU3;t4 z*R>>Il{(grJS-9=vy6sYsiohZX#%N?v$1owN7}x>S+LeIsX@E1Fh?0_O;WW-*(Ogc z2&*_a(IpHjV?mhfsp1%?J8z?sZ9}!c>CSRG+>#gCES=^&4kigEMKCQ7ky73puTGUn zAQq}rd?0g=D_IFxcjS%U4?TpbM;>zSdht?F&_LgHO~KPTl;|eXJrUI<0IbQIYBtsrFqWFa1KHjG7H?it-IK4sy6* zekFp$6|0!=Bh-3pK$CgMf$ALpR8;E6ECQ&dywJx|Z&5x?L$DX2d`d?G-cG|2^T{-Q zr<+-j^J$`{yH+jA;h?xS3I{Hyhb$cENuV}(>O+=-!-lI!5~a#zxmu-B#!R5$>UsrS6e!q}L{d8XG-#C20N+6Jssdh!+T=P8~+TQBfJF zz|vj_NDntMD*UvIIVwb9;4?s42+{=7buERsJ8c5T^lObk;^^ys*-AC12NZ-Pc%pR- zl5;rRMamI}WF^hR4MURX-cb}1hkx%uNOIa`43avZ4G=eV$onE-uXj}MG{185{kr^*WE`VairAx zIN+F`3+xH zce_w2g-fMjpjAYZC>Zl63TP?_X}Gr@fr zwDi~}Wx8c(lS-`z5Z)wD3q>T8is3_ya4Pm49^hmgp}%O5le#Guhr9A__+a9k1j0)Q za~kXO@a03D#F=c~NT+2CXi3pdoP!>6uv5YMHBltRSn9(^+(4T~I%&N%gk2Noqz^z@ zXn(peC)0fLRYo}#M*K!WPUe^!GwB>5PG(>2!KwjHO=jy0$2VC}d<<{;(}p)mqiECU zrm=oaXNzzu!E6-ZQ~~%;ALL}pk;)jSv1u@0LWq;5yga-JCwZSRSAdhX^|IodtiTrt zZ?eK$D7wiCapB-5E7bp<*d}ekJiyQc{Cvc3sP|noF1QA**MZ@RWx1Jh4-4(Oy>gl!kcQ=qW@0XoB}L zVyHMMO9+)2H^p6|+Wd1QXy72owHWtjT|iWiK5~&R7T&su+UKo@{<7Y`3$F3I*Xb4@T^|l#CJd*#p3y zn2UrGhhZsTA6x=nM0*{m(Aeeccj}{mC~bH=hUa^>W}dgsOJ4EyjAXg1jL?vr6`8?Z zz?&wbl=m8~NhTa1iMr3aN~UqV4wAIg9j{3(F9@mo%5a>fNW_r{HBa^p^R9O3r$B5* z_kf-Nj;QzY>3h&)$CM-HCo178Ux}DA9}une=RCsjBpEhfJrw;1YBPJrtlACcmW?g? z58MXd{tz`7lp3t}e%Ely05w5)6{|<=)$~Fl3wV$r!&Q0|(XU_#0=y2&kuqU)NyDYE zxv{a>8EraM-9QvP9h{nTDGC z;QcX$gd*3n_#)yJ1Bs%UQw#@DLQ6%g!S1N5&Sabp3k|7L;M9k(Y8xrSO^1e*$S0z#L4{oCpIPL@_c0HIeQRHXotn&D$;u>>{hE zxWvUcj|NjQQ*6-b1afbibQ&@N6_SI=6lq~x79fP;QlN=QGA_wLlpq`k`BEY;?W`LO zCNv6E7{U3O=$|;vqTx>Qz`u-Qc)=k*p?`2;exWO~8a<86xB2KvWLlryh4&%0aWyDD zF)=9Ka2y;#;NsM%#AwrPr6N4L6bCLEZ3B->8pkGbPm$n8Z}%SvZXocL#DN=F-%}X) z5yW{kL}m#1ggw?{!1+T{17@N%kS31PoCuaNoFY2IIW7uf+QPQqvR%^TLjr{X+2=rj zV#LrC|M7Itf-Ov%lS*B5AP;9w+NP>eAdrS&by7(=S6t#1OA74=(ywU*S^0pnoQ z9AfKA`g&iyAihljx~F3KIzCE?{Kh13)yOYH{z8@UO@3wf0KsS*Y<6F~>27KT^4WcW zQ6GQFmF4AWvfsAAe7EqVx$6S+kcDT{e=o7Pyp=_!2N>1Y&Vr$jx97r-O}2 z5GC|~x}#JxYVyRgR{Qex_fupQ&K8=8mSeE!*L6 zS_a<8b%6d4w=XGF5;C?_)84r0``_nVuURijW2v!=vrzex$9*Ig zXxff%zp~h>52b^Ut#f)2UFDzGNXpC?>}5SI^7B|GaV4FgVII(MTAWXL)T;SOMk(#x z+<@+T8U@-lX~a+Te9mrf9dMXoZ-aklS_w>`G_LrZ{EwSG__ykaS#+rfSr=j$!2yV|RE-lH$7y+=!{#qjESV9RB0r)vj*rFmUD;4k8K?Etx$ z-?ani;*Qr2zz@pvdbvyI(ec{lcrEw-c|5PJjhEzlZG}C*@3j@&BF@)VfQx!xTY>)B z-LK{0Yfk^`Ha@}2@x9hDp2zvR4bIDQywwBZ$b7(Otnzz|C>uX{g>ImU1%-5CS~E5_L}?TA9d;W7tZl z_e~tLE4f)Z%>hrqNb#nQMyAN2WBZuqSJcR1HHcsR@4zw=i?) z$q-6^sv`MR<%q=fD>Kk<;2c7BFC<=A#;Od(H?5n+iZK1UYKJvWlQicuEf%f%Ox~Q! zq}9dBg-MvDQKEV6C~aGb$luceZAFdhiISm-`QW7qzoO4a5KAjBPMPZ%qA!0>2drh3 zsCGydJJE}B&BlG# z#4aiGDMgxx7w9cY2J3X*ZOy=>@Mq%8Vo9G(ga5_aMSH;m9Qy@olHG6lYx zb=&B&g3%3R?RzlH%hZw=g~b-hoetXW$_5HK1&ihCe%xZlL3Cp@@*n7w)yqeMa(|A;OE%w2@H}~lbheu!HzeX{hkiITksFC z*?m<2xlCz}B;^*3?>Z{E5xj;u%^#UDZ!`X;bde*zpH3!0K4a*M%Qp~f17OMt9W_w_ z{^#-c-}AeiCJBs%Zo!>UHkfFkxw$7n_ji;gi}bO%xw-lJOnce4V3x5_5k+Xf!5 z%tNN!=hL6&qYd`YC*C^w9M3XHzGauo>{;PX>}`V^Dp5SO_JDkvMcFpsDUA%RlP87<2nu*}g)2?e$%->!4Sr+92bSQ)U6 zaBqsoFu^?5Q}-vR#@RwQ`kZT6+Cv4CL7K)eC}8X8aGSA?mHw@Qi+p@reBtG3ir*oa zyAUwuu4?|mNt96kBPRyhb7L0O{Hq11F4z<9Ylu23dd^Xta?ieHjYN0~&NUj2H9M{g z@5HT5pUB@}NDfXxoQ;EII)QmK1PnLDMNjXP`Q#e|1Hhvk?{V#XU4NGal(#95ZwM|^ zKDo6LG7NAq2oPMHh}=t00&F_>Mmt?42H`Xp>f9Ff^`_?Z=s#>drk6m)q1{Rlo~270 zdU+|-51YE-E-+;7`bWXg6s+R_fehx82qEgF#E;C)r>c%@*&@sCRP_dKM#De(0_1yD zAL5_jY%ZGq1ZRZ8 zx~EH$7d4$U9u|5>0mU-nn$cE{R3DSBjm)iwaog8!bKNF~5Ua#n>+~OX zZ4^cSnNN!-che`JT5=eQqtM(n*|VdF40Fr&Civu0-)_shcS%HKr1wL#yiHLdan0Un zO*pqo_!_u2!SnWuvh+a`VNm1&t7K~$?2{Pj)7U*6ma)a)GL1u++muBm zt%kU2q=_Hs-Yx?!FQbHd9U;sM0D3i(DEz-0OkL&fYw^(L2@brwJ$`d<0!#nGZM1S) zcyku9>}y%s6#wrs^mh8Wexv3Zs6p^5npM!PmUeaY6Rs78hejEOiU? z7*9h;&IyxAnsjj%^J@{VQh~KF8e*}qT|*N+d%XIL2Ua`aGf1K&B>LP-GG-B%y2Ng2 zkZe_-D?jkE^&&?jO_Vp70r&|Hr(_SOB)OUn;1I`P1Tp)<_lvu6GTUd6rcdY=_vE*? zz>h(YWnJB|TKK>0n9V3UJ>gHw>axw!sSFPK(yfGEL|9kh41x2yq8#lvh8#^?6jJEGm? zG>)mS3~j~vQ&gB1FFnwe4RS{Qg8H_Ga>mq_+#75!r70t~cO-`T3-NiJ2I1QvCTx`- zoE}C9AHrmW$E0Np6WJPm!Z1&Qm~ojLuHGC;uoOiCjlv=SWQVKbdtpo zL%u|aJeOfJ6=Pee8ryjaBv|S@s`SiK2r!333^T;Mfwosxwz}ZwAi^>eLYb6n5zDBB zgDY}YxP%|UBuZ!^Io@c(?_Ol6QHKk8b$dkDP4}S~c;)SpG$dQ2(7km*$z#eIS`AstvhVhmK9|z*_SPqVN8}%JG5RU^9i<65Xze_^ z=^`B9Dbn_UZj_92h|sT_AG%R?`>f;10SeLiq6^*?gwW_PhVevFsSzhw<_t_`eh#yA zqoj?4-}tf4_YuS*$(^>-?=a$MGgJGgy==u`8xISgYP170Y{veXo34xf{7ZJWfM+n&#N+kj-vs+jFO* zZ_vRMkBg1?_IAZz?r#PB+&eoyIR1gHi?=g+&qq5Xo17GEDjptPPV@*jNf8EdbOqxX zw|3D(9EGKA3&OKoj5?mlJ(Xrq)V*>ha5xT<2u->St?y|9WnS_!hXG0xv<^O!{UcA4 zQ9J`^I-;rLs9*9-?(Y(C;Ze^ku`*v%`|vd1c$QA1yRvl3tD@?gZ$xgp0nIHO(H(jm z#r#x5PuUUKDQOyEamxPYo0S#)&YgK=GhGIT!u%_f_JF3Lmj$$Sgwl8Je|<_ zFd{v+CU#bMBksM zblZ{{)MW0le46l$f|-HA(aG@-Cwp%%&Q4CwFHU>?{?8|8dppMN$5QzjyNO*#P!3b} zkC4nP$G=i{MDK>?lof|RpCIoGzBX}I~qmUxs6_dzC$oa*2A9ip7ibO z?e@5fNmX0mmZkeZ2ho*lz$m_Gx)50mR1&#~OCk3HbCypnc2=qs^? zePLphmaOwJOxEeJbvdmYs9FkPAQCI1G53V@{W008Jt>~oHR(+Fxms8P-`DqOu`)#m zQzkHThG%`Jm%&v&UW(58sgSaa@P0a%1h6%cJr&ElgkVo1ikcE1Z zbv#J%7-V@g3Gx|5jm5Z-zgTlZX1bg<$k9>sL02qas`MzI$^++QT|K^&6Ky^nvg~Q% z6kjlFp(Hml1r-}b&DUYE-Io+iHZJzXHcgUAhs1NzhjPTsbQ}!Fmgeg~Q8DUqC@C`) z2+@ORkT|<08XHlFxlid&-y;589*qx95!Z@Ms|NefPr=71gt{i=z>4LA`z4(+YYT1V>Ae_TGr z@~JlpmRC}xAgq`ArAxQcc~dOYCdR1RJzm}2*_`tX48>)pMQKFECR_-M@>Xn-4Du{< ze6qKHad2uJVfY5qRzEjRCu{;Yn`J3)$ceA^7Z`3WB zY$~jyW=$TxHwA^WkG5}?om$tW;^O-7-Ps`+%tSV|w z+~+mSfxX@0TR!tl2UCVFveCXfJ7mc|wl_8;KeXwf$hpmJM`;F`@rWJLVMxgwB_IHU zJpG7Z-mT&W(~0e4kdw(l-8_xsC>fmxqhcj8JJ&odwaPeiL8x?9nICK^4q*XUICixb zTzDPCQ5ayz8gOr_hW?**{=XMv7-uj?U7W@9`j}Sx|Gs?jX6w1`|NDG%bL;t||L=YL zZf-Wd0oT!Fn+APcMlqzfn(U5lR7$I)XDVi+FBERM3Mb1K)RN!Y< zWPHVf&8^mkwpG%;Q~p9!Ps1&7*B>!0ZW!Z)*42{8LFAyo$69wwh* z^Y6y9&jW84UKh18P6xPK9{mo0T(&r#VxoSoD;x&9d#C z7EW~%n_v04es%)jCx0`#x5G{vT}<&ENW5X8k}_IJm@MrHI1jKP{&v5mg#xJROC zZHtdcR|4;3WJZJ})9!pVBC>AG4ux>>(YrLw`=A5SmVJ?jaaK!%dR=>Qax~EA?}Rev zhkdXMb6n2}Qk`FXu*Jz>;W6#e;-BDP!pi9LI-;!JBujx=Bbk({oV5eX)Nj?{kw5AE zgf6Y@E4^+7l&I8cOQxQ@l2$c6W+`B{$YPr;YS$}9hQd7^k+btKoebz%nw_?4bY^Z* zs@O&u_Qsz@+lD)5ZL{iK(`H7g*b@C}jk1&jy+i-i^n(6^Jj}t zjK`U1hIg^e&nm&}jYh%PAjR?RTp%jo_>k*&@?LX(pb_KQ_o zG**Q6U`X&!!)bu36t9B|!=lIoV?Z6XG=9%q}cepO8N-N+_sH!c@cBKN&-`A9BKpwY~Q>8n^v%z|r&Qj9$-XM^o{0irAKBT@@F zt2JC)d3D#6GQDw6C8D85v8dnFWP)*}jcF9`PG5F5giA_5S){*OaE(VWy%%j!IbQaU z&;f~Dzu_{r3`YEyvenT1MXD@JDw#1ojim0VvA0E37=nW`b#LrCr`3Y;Yxtgiq1rxS zwiKOG%`6XDBq?G^H2rjjjg#o&8m8C|wPs7sj1j!<{vy=b41vZ*nq2>BGdq%TsB3-X z5r+{h-oKxX%z;q^6cIPrs~kAwM3CB>{;<}>NN-iES4rwdC)+_p&QGG04Ps9hEM<~`WWS-wUQg6x;bCeT}|0A*sX2{%_*#N;BE zUgzn#IOBfwGpp^p{rjiyM5FDtGXJvFEpg+<0`#ewa1-d$vSXew>8Jhea}?@nB1oc4 zN&Je0Q)dtMXk;W=Akd?fm_yFpqQvfY%~6Ih=|WB^4ky^<5t0Kq8M=~Svj-bk)gOu4 zamRh6y`Gv|Dp{sNl$z|OWy2~n9Gj#3}So#o=8+eF_63JaY%?O+NcIgyZ1I2dNAXHH^c*E zx1N!F?9}S#Ea}S603=>Bk?^ArK`>)EAxoY|xVG=5`30j3 z5Xt3EFtoXIGW+b5S=is@@XuqjYhLYN))&NpgP?5E|vCLbW(*;q=WT42nACLegW) zESs{aUvGqz%OWPYkd;vI1B^w#NPZecq(j11+Le2(VE(eO5r{wSQ4&&RXWncDCoSffEH@K}r4VHvwWNnUhtT;;IIo1~(3aD#XIWa_t-NLk*m!mM zr5cT)dDuzIVXZ3eQW4$wJvyohH~o*wb~B?~RPLW*MItgQh2b=Pc%eQ`xoXUY>%`s! z#&F5UP-iZ6NP+ugz~)D9o45W*LU+cLMZ>$`ECkCUV>iMz{FLPG zAVdfUhi;`{Yy2UA;7I>g75wZ6Z$dreBSR=dnC=YTT1Gb}-i==bWM)>Aa*aBrwf;n! zk3na1bxeMD{NG)5_9FgSbkgD`S79!AmR@%OGLETW@q!L!E{b}M)Qo7+W7OEl5fK%I zd|{;OIB&on33*G}k~cs-e`37v!+Zff^wkxSYs|LFl4HrMg|LZ+k2qaBGI5%MLAG@w zO!HUERZ{Sfi_J)D^T6!~fo{Z7qOQaM-`>I#>++am8fo(Z2hS26BR!1E$cKbtU-+t8 zVk}Wa6Ng;<_{U|oZrKobeMa~e%Vsr2@;L~S8)li?WN!KEP*-$g&x4ibTYogddv5#4%fGv6ySfAU(C=d#?jF|@vd}2-4J&x-G?-tDs=TZ||9N;q zjZ|>dYV?I7k|yU!EGim;J6lKGyHo(dt)JQ5pkND0ajuBL~Fg0g0I*sO=QxM_hxYJN0ChTAUP1 zg9&fBu$zJbd_gNtQQT{snHbf6UW*xX`fC%cD@R+B%ipxF?Gih4$IS=;cNpGu{WE#n zc(5d)R5_b_=>`SdVz8$rbfI1?GW&5p2`twlDs-W3 z@HWs(jm*E}tx@9Mn)8bWZb4gjsFTb54Iu989(Qz?2&)B1HoH@vbzW68Wn0~llas15k0;uTX5HwE`H|#@2KOHq6ixTxUzcY(DlG2FuRFZ zZ-g?08c%Ze#ZD+}09ErY7A7IVJ!KvLAkBM6M{u5@lU0{hbI)y*P5gAOM|;jsJ!7i2 z&tHD&T+yyzh*OhtD4%FGF4PNg1RBAfky?tW)0-2CoY{bzw3n4Zt%i$b(jY2s%Hp-@ zZrS8CsUGA0d!#a1&R*?wxhP;|Hrx`2VcTB{khrlwY8H%|S54P4aaW8rn6hjW=7lI5 z=a*JrJ7_ZGN$IelWvM7+lvAOHRikq+%M_*!FmL zC`%4pSo)LBM078-Ig-!-@Wo8qfL~3+Fhkv*Z0UPk8dpyZTMzH~8i&{;L2#<;0xP=~ zln>W)mQ>a-qBWsgfOU*v z;B6KIJwHf%Dsb3AjP3xlb=O49S6RZ;vKhnsws`#Wkxt$V0<2g}O?!Ls<@~vY8859Yy9Quf#N=VyuW>X?>UdnC6gCVPDXt>pR@?J8(woDl6Hqe%5=& zNB4(=_BsF`NUBWPa5ybKf&=m>MQdA36GYEmMQ-E+{kM7#FZhSE`FE(`Onkd6O_@aL zph(kZW^7b4WZ@C3cA(|1QG5#V`{E@~m&xGIYoKA5-)k#ydqnZk+Nu~lmQ+t*U7ynD!xZo|K|U7N6uNRa?+m{R;@1>VDo)0*H;RB zWqoB`0b!tV3=~WuoNWd2eSm?tKIcP!?p}c`Kw#Gg77uXQ{)TRb+v8ObSPX3Kkc}R> zzqtNwS=idxH{(wfpfnz7vV|gs$N&`&)h@m0xAFV7-?;LH?GN3{?uQr4x=~t$ln7ev z4g^&OPx*>F;Lh{6%_=)QIKn$OGBd%g;-jS;!_Gsxk;?S5DLYe2XNLpT>5JMZ!3o9SzB~)K3j^9heD^mQE}m zZSh!%c)FbCZcVJqNK@`k(S@-H57Sau#9S+{Cf{kEws%h98}?q)9i9)YPNYM1cBI@M zpSY3~4|F}LD8OHU*irKzm&0I`9!iW&+7H6|A@g~{cw_E3D;=}K`TNen(qG$=IY6NzqKi3DW(}qv2p3t*tzbA{umT#Il)oTE;@kQnd!l2&7 zML*|JIKRs|H)?T1;Sv#pMn3e*y)^v%C6p}fR!@AN%5B4HE(f7nXWX;)Odn5O(h`>x z2h9J0d^$%vF~vXlO^gp5lGHxc^MB9y3~X$~rbbTm>0g>>wl+L2&A8x%by$Zu5sAYt zN$$OvY45uj*L5mec&8qr=3WkiioOwP`*ixX9>eY+{a;pd)^O=(~!Y? z;2KY*{x%C-7BphZRw#6_nPFw$k=9+bbe6Q`wbfV(d!>+}8386ji+RD_M|osX*-(9r z&r}uL!L){zV7=-rHBC7@%%oSB;LT$5iMEB%Oe)BJsI;=dX!;S4L_xWbzQP(wv|V69 z1Bf&=!zb`j0V^gZiPcst^bWc-<+TUUDd+ZwGhn+#hKve|PmJ-tQtzJ&TUXsrs7Arw z+sCJ7>t3K*UGr>S+5rRGNo=#t{PWnu({%g+{HJ+_O4mt;CVjS(DLFGi4y1#d^TMyG zn23C2mf*#qPQ-eZg|3q<%1{s5Oi&T%^Rxr;QY2STO0bankITUmQ4(uo7KDEL@Dp?l z#s<*yTgh-}NiUsXgCzaZ%)dCt4bf0U(6Zo%?f#Nt^9_BA95SIK#H8p!2}doQyk(q? zFea`ca`2h}5*wzlELf6}E0WvV%@mPJ|5eBqAI~ix1IhNm;^CkDG&q#B{c|@ohy{d> zeM<25-jY%TCHG!d_;A`&OVUR9X$cLhV)$n1!k+Cg>C$dsPPiDQPHC|fP`0PHd9;xH0ouppQqoib7+$K3lE>>Mmb4im63EtZneFS)))N zdb3=PM-B{Opcj-8T|F)eZzs-3kQFgMPS?LA0)ZEweOKKn80)=%9O)k~#IRZ3-b*8) zJGx@NzFvps#&Rodjk_wt+@1WK0%rL-xdr&R&vHIR)pe=!Xpx})Y?hXFv|CI|md4aX zZbD%OjMozWqq)*(EqyZJg)JN$%f`ZME0t14@v^hdi&R>!2Hlc(y#D-JeH97JBZQ;F z5h+qH{eA*gr4eZbNZAyq#S~v37monvkE@f*FYU`0S>9i1=HHf#rvzU|*x84F*sb3R0by!8s_4ffTpMs-FO=BTC zZBRW03I_gzbzaluITu9g-AA^twzRNM0@;{YN$KCQzwq5O$j4VvDF8uUvnDk!q(d%cZ^x|bW zf=?I}9QcVphMlurlERq6@~1LLsOF)95pTv)uE~nm2QA|+z)mBf@oMGzH@! z-oJ40`2%sAKRa~l(IjycWJdU>tgIRwKoZOQ*Keo7oLA1Lrtn@$e$0b)fBb@MpSlKY z9Roo1kK?278nOZsEU|FR{*wC2znL329wiR zsWoR{rtBAFTuYy&Obm74DvtQrFv*TW9uyD5+Q+LgaPQ#Z`|94>bAN%v7@zz5ILfk4 z!W2Z~_f_zKQJncdOmK8ZIbD7DRT2n+ZYU!YvGq*6%of@kuA?}+9S zgGurP!1MZOB5}PU?rAAtq{ViYWqPT1?8a@rwTi61Yzc@^6bok9A~Oh;r>87wrnRGG z!@e^-a3sGkQKeyc=sn$9aE~vcx~KCJU=Q)vlddMv5!&wsS<$^Fh$B#z$ zy(d5s1?I>Z*Q;d1t`xqC+Ct4PNWuPToBcJb9K<|HD~bN57$0?4f|fpE1sTL3Bia3c z{kpbvvw`t2>dlueKE~*3Xy7Xea~oT4v#BNf7nDQX)_WegpP6jk2*pqwcTM{|L$Ume zEH{uqiUoo^Y5{?KM`C@9bM2|uoPb$XCPT&p9|{J{@iC&a<54*E1o{&R^RyQk0ioA( z+aFrPQ9)tG*HXyNuF5e;_vX3hoC?=gSL3a{o8t_`O<;po5DXvS81QZh-K&TSrF(`S z6+%jE4yK7CHOV+kOU82Liq>GMbJ4mHqS?>asTwq0!*CoPiYVjtI#`m*u}ee_Xqk&gq6Hd z5D77k05|B1r{bTvPfl6Znd08RGK6$3;l$0XlDn0>YHeky&N6}E@owll<- zpbx^4B*PH>P&tDOQn=pk6CwaYFjxsp`^qZHWhVs_rZa9c$MZ8TC8r3Nd+hsPIjINp z8n<_gt5f%1-_9aNIOLbfJ;ZT0bFCEf8QX0zNW&YJe$zLnmJuQdX_zodb%cY3$|)eE zAfZC4meSTGXk=(%&pO)(V_ee#<-}~L5fS9yI1&hPoJka~+qXrk8_cAMAu?|_=_jF) z-g{|SL%}#}QH&L*VK)@GUrrAgA}A#0$$h6^sJ@@h1c)PzYqd1Oa(DsZz4Y3l#J(zE;Rol4Szin8!*Z27e0mhY{DmdE+c zMbqsA2*aIXMndg09g&_KxS}|DizUQm6Rh9T0;90$&b>rG=kO815!K3-%E!>-&996W zljTq6On}=jl`X&-!)N)Av$LKqFViF7rr)jK{oGd|vCuK8*Dv?&v$(DVO)#LlCYUVK z?UUA;eXe27M`=80071c%_4Z+{sESAh9AFg@W>==xY{NtB3!Tx+m08FxEWJA0lz zqx-s+-L+s&(|kcUGMj0dn!i0;p;l)`(*>Kjy+Y? zfeE!Py01cgC<5ci!|5h{s;XzsV(Cn4L5A#CB?}OhzsR}$E*~vXC|j*EOR6Bf>s88{ zD(85$05Eds1VfV8g-tZZc*)2UB?qMiBNK?TBL*z>NLq0esqpi7A_yA6)TBOi4{dZb z>o>PU5Hzh$YHN0xm9BQbD`i*cPThX^_qd7K>%w!(ilvc={o&;plsup4#uI;{ZkkPi z92yS)b#&okjbXoa=yw>KHEZFW?F`M40Xx7>jWcyt>w@`FzLYJ;hh zY*HsFmc1q%hv@}f8g;(&rpl-;`eF?_s-m^Zkm(u%7#o|wSs1am90B$Gwen=GcaOUY zVE9?-*aUKF{-9x=4@nZW?}lSkcDLk=Cz^#`{DY7_xXrpf?a0V}7jiBWIih#w-02HD zZu)-bjunrt%}ckp8Eh`03f=`fBjO1(MHv6AtE(0K)HL-FgYHs;bPl zHgbHhy8^Vw!?uD!P13_fW<~kLZm;c~vZKSppx~?}WMl5Mi+p*4en`z!KnINQ zE^dHXiRhQ@e&vOS^4$YheLm|ifUjrHz@GH&&S#+ybt(Y~`ODrtHg<&n7++zQEdiqC zW+7}3lnLFCHQtp3O`e4~e|Js_=?MgOQzExg^bU#2nKqyF~~pa z=IXw!it#aZdmKNXbO_1FH8#uiv@{Qq=|as%x=&Ay;y|9luDRNR4^73(>gQmaSK!;! zpX0Rq?IPfD*N09nuqypQIfS0+OoHzd>V#SJ1%-;7pNiQes1oBn{l(+J%k1y zZB@DUck_Daw>6B6U9Q$xkiOz)HOs^aG1PZy=Xo7|)GHISOzBm-zq)>T{8ZD7&?%Fx z>ZeV@nIG7mx5r||y_nvb`mvy|U>M=HM2pNsFYC$5Mrm(h-i^6?Cxfio|Bqf)RN_@n zFb`+6e3QicmPS+48KV^&n0xCI?m-4nBP)d(s1}-AYP#nu)cn_oZFJ8Bg{j02Kj~ef zKaQ|)b+9H%Oa^}N*0cZ9JV~bb3F`TGd`-RoAOJ#U!EB~lZ+7Be{mKbLnvBx#=hC%9 zefCoC(OI|p0v;h-T_RUZh{{dZ>4D7_(2!D4BJdd^aWO#^gAZ5c;Dja!HH2yT#XNKjgA1;_o)8S#paKZ09GO~2f#U8tKZijBzbj^}-z zqcfs1toPDYU)EFeRC9~0QSXNim#psIH%4-};u;?SJb*@2@|A8;x@zh7P1G~*s5bKr50qbeMHyHVe zN7BSE&_BA>56S3S%7L(cSW-15_vWV38H$BrtZ&HP%weU>308U5XcczakC}0?h`Smm zM^M6K;GPly;o|iTt<4zKdCJFf2F){+gD{?Gl!!4U+J&utzvXEc%_KZb5PyC^is<7> zdZh(^FE-!D4_gDZ*?yLwzWWBS{0|6_iq`e&Aankc5x^Ri%5#gB4gqs}=EsJCuJ@yVNTsJE;*`G`POQiK{IVWUsz3dGJF401q9$b@#BvqboP6JhhTU-~Nn3lif`v%w ze+-z`L4HWzNPqE3v*a68^qv<|jLvcoG#+!d4Tb+#<&CBmQ1Upig}Ra->YfewXUpc z3M18xbjVI>xM?W7aCS&yT~xy`5APY^3f%ph>eYEtV zR(PBTjWy*&TUeNcX1k>`VGl#8mGp5pF2x*Odxc9lyfR+RRNU;G#-ztX_Jih<*-*3Q z>%usY+^WzT`nO^IUrh+LtkR*RpV47F1Kv61vE-=?4K4Vv-FtPQ7 z2JeV6diKSm?A3iv18*|9lUG(~2&a7Tau8$uOQyMAKb9*SG}$z9hNyd4IW?^_!Pm-o zB4Dy^EG-m3!)w#rp;5RNuwD(#^{lK=)G7ndHdN{(DZD- zW1sJwIN(Gs!??isHK;0VYqt_L=vti>fs$TRQqQ7k2a|?uw!XGm4BG?JwA1uH(0;C< z!`fnI%KCI;asKx+*|xdj0*dLFWzpcJyIf!qvU#n7cjlBKHbgm@i~uoVepb2G5GM6| ztmzw&SuFT$sTeoPgN8QxrN$wx6|Tw9kVlnfGCft_5>Aq-Z>RBu|MP2j`A}w-9ae+f zgc`tOg~uK~K|`_}!1-1)G@-8UHdUaE9vVlLviaWEL+|&u=K6-VzScd3Ry;M&{w7h2 z2!az$!{%<8qmZA>=~1*3{O63WFrJLp9}EzHBiG7uQ1P|-t)t?h3xTkyxkf(Is#w58LVUAmct`K2q3gAXRY&U zXZ7oJx6k3auqQCU*{%NgEX}u9GlZ90kXz`4&>%aPkl=ATprGm?l{K2wxZ#_Pp>-|j z>$Bk&ik;^ORJX8?{(;mLXru~rS};_mYHM*J<^>B{ogq7pju5&#(<);{5W@~rIHiD^ zU-#_^^az;Uwv1^DNoPm%d|_yPnG+z##5}c#XMx%FzRqY zRDW<(@l~@^#cXH^DoVV--p3;$oV9BtE^ij;_#v>&xBl zdHYY{Q=C($m=rp)&wWqJZuIH|=tJS`8-Hz((PhiM-kak#>M^E6SkC3;g#|B?^ zsV!$4FkRu7%W9)8fZ6+UGK+Ic^~Z>Ohci+3_e3p_1X-chu;s$(ddDvC`QzZ?dwut_ zA*QS4Ufw~$f5NhqdD~Z)a$nqt0A&7w!Jc6-QI`A!dHDP0-!&aS4_7vi zc!!!vYc_bkrcG^!fGifK3K=MKLq4aQlQwtWQU zMW5*2HW=)Hc3`VxQIZ=HL9H1aS>L-rg)+O`h}LxJlCk0BFis=#mUwt*4O>-xB;psn zw&NBigc2yS!Sj(EPN8LroI5#dDE)Qwl4jsXqQ@t(Col|x<(Ug=98xYC!r>7TMGvre)vYnyc=ImvXi_~O(HV(Ph zPLqUv(x%=VE}^Kjs9I)bICYu?)wKY3R?YNN3ii)3mNrhZNMK)6vSn+>>3x-t3$AJd z{#oac5-UDysGX}dCOYm1(o40)+f|&62#)^!P{rPe8#f0`1%FbdXvR) zY={c7-l1soW4&FOaXs*E&bdCAipt{Ril2Il=xWe?9xY1`N#bk4M-dKfJN&&E%D14c zVF)2JY1fUcji5a!ub%zepVrOKB!548wQJT)YUnaT_a{h2uHCg&w)t6G>4zvFW_pC) z_kQ_id<&D;%h7WVxQIR3qzrhj-Pf+}X2gUkE1;Sr`{ zMH8hn-#^4YcBChyhAgL`508`nKF>Y-ie!M0_H z8pFQ1tyvuYXcMe#M)>57ZEl0{vZ1Iyb_|`;tTo7d&<`1F$!u$J7&Ui|kDo~@plsK+ z$mBFC{cLgIp1xQp#E#iJCz=oCYUf3)`A6u=Lrg8lL+kSy8;u z^b6Oy2hStN2=0)sBlxZsT_#h~=gelCWNxEr2=IG?2)86b}-M;Ma zZH=!**_Qu33YDN_N>YX`=xyYww-JZ~t?`CUtnE#+YkH577-|1JcMVQVl=!D$&Xq0{ zfzjtO=5(CbWhCq$6A94)x@+n4IxhYeWmUZ(N*eSh)fQbbBPl622#WyV1-TdbzsN`are7mk~AvyJ`#^(jXfa(l6P2j}68(p7k|{@3bIx!nyJBsu?`5_A(V!)BqIrKCc`&C!!6yv1V91 zuH!9SN~56G#M`Ht;OGzdbK_j-mJZNxiW@o>+!64gc~_ z)|5YHMUZSkrqIml-u`@aUeH+aaCfM_DJaKwe-BJ6MUNVBioUZ(I93Hcn+~kqvcr1^ zE=^!3ynl=J497yM(9C(*49=2T{RMP#|7EL*D8E1KDPtM)g9tSe1r8DqfkLWv!>(Z? zqY7FSSrr1JI>DXPVJPho=Gf6(%t6;(ecG(^b{o>~UtaF<1#2qL4y;Mh>aB%Vi6OoB zRPJF(5lzj$0IU9JX z3i##z8k+0rP;LdG+@m>ni~-aQsR5D_@FgUNLkGPn93=y|MEf{1zBQZ z4*}G!G}_GcJVqe#P$FQH9_08Y!8&!oiAk|RUm^q+Q0VE^DoT&ha26JW(y07PirV;3 zv*Zo4Oi3QQIBjy5ndFW50z=F$1QmBwpwdHWBtO-Z^%C?<@t;xVMtPuk5ASD!rHKTJBMh`so;QHK2d!)lxMlYZ0keUI-CmzwUp?u0g}LR^ z-6DbnQaDJrsV9Mu=w5{BLUl=I%copbdCG`BIrFL9vgItkBtmtcfgYRS9a*w-Az%I5Fb0wMCv?fU7W2N#n z+y8i^*hhC>GDjZTIc#`@R`9#x?>yWX36)G1`B>G;pjXzv3f7?*&=r;3IpPR6oV?`O z-9>_W{2a_qoWXp{>apwR@m=NYgl~Wv6`&=nOg;s}Rf!n~j)zsDjfx`yi+s4=@ zTVSq;ykrVmcjAe_RLT;vVwDIeFl6p5fq(A?TG@J^^k6*^E34NwFs{}1phvMzK}b!1Pc;1$+{@ld!i_QZuvhDx*{TBFnJN%J?&OU)d_sg}DpTNT<(+}Y1N1F4OBheuc zX9w8o+X4RZ`Xh8FjOt3LQyR$>hs29PtADML;L8*?K!^Q@iNByY*gP_&9Qzhjo#X>fPb=gckz1S(hxOaTqP=Sv2pb_+wT6_Qx+gK&pMt`RnJ zz*#0k;YA9J;iakC#mK0%V5O&ZF8M?s8qXj!rxmS}+jmMm4Mt>-ya+D3oUI9n%GcAUlm# z?!0`(htyQ<4HQT8?qFnV^=oVB89MUa;FUe1R2xusb%wbmuFa9efljqtsF$@r!HuU^ z_~y9hrUsmIN0B0359mkvo2$0>NnlNLP4#4k+LH=dUMhc^JU2kWWzdoIH6bJ& zutFLzeRpHTqagGp=xwe*afU%Gcs&hY*wi>s?0Nm=ix{A<@QIO|3qntgU=fGKfr3dk zK6ZmkPPJgBWV*o#S$OUsn0@6IJpc!bW*6BZw;$*stKGveW*s|7A+Ptp>Vh0F;-=b` z^vYKFyE8;)O6AX*eZ(VoBa!x>6XDXU0tLP(Tb@jLWw7i&ToKb1+OQtyls|)4v`mC6 zhI7ckbH|H=#+ukCm5yQh8%ku79bbmzpxnXL!b>LA$Tuqb%3jLRv@`{Da!L}h^GheU z5L54%S9;>`g{vg7JJnrFyVxF{~V1+=r&`%s{{n zuT~sge?S$8r*NXVxE9UKQX@_FmFj`)b$Dsnf5xd&t9R=YTDC^K^1xJ!-u&`@?1;dU zBWUZIh((TQa=cKIZ1L~Jsf%6#@7=X^Dv0BzYGmIyyoNeBM7LsYFNBmBo$QzmE(%L8 zUq*d(-wYf}(eDF#rEX^|iu}zToWHW_uo!=|6B zh7SmS#0JnTURX%&uk5Slk|7*SqA5YM8|NsCWG`NjAJ>7tP`UO_E)GHXyfa3Rua|7z zE3u4yhT|RKEaFJ4ros$c&y{7Fs5q0n$n0twvQYb$!L{H5j zE7?i#LI&7jD`EWqAJba7C=$A4sbWiy^RsRLY!eCkzZA#j&3u@%&(F=2eF3nOgHl3A zs3g{7JJy)ccxVsd)2fEk?CgbqMw+?sy3-oNLal7w>KF1*GRAPqcL;3%bjUS?7AAJ$ zo8K-0-EVRj8I!cLG>W>2g7q6!A#r|7UTSMt7NTe~n{JD`d_C*`u`~hgr6$97$~m*` zr#HlIj2un>a%1Ug`YC1mr?$bC)nhd4OV>W08*~DVtZh!C{~-!g&|Tw-_tyOgcK?o! zV^}re|9s(P5XH*q%iB9Y{%-9SOd-HuaQWd1mD8OaJk4u-zjBH|_sNxYj-bOhXQK)G zI_LGQj&r?&xS7q_pt2vq*-&^{qyBCZD?zLU(A9o6`B6nYQ*gkb*ry#2wjwTJQ$oa{ z8kbcr5vN{=b*2QbUKWn$#&tGB)?X6PrPD;Klo5ri15#=P(#ISHdy-(9FLOKLdf47#d@0_sLlu93?eb>TEPv&Vzo@E4Py|A8 z`c5309M>N=oZS<=5R#ct+&uYaTnU_H#}rgb#D29=g%FDI5`Jnj1eAM8m|bQh7nlzs z7}97LoZPuR2?ASVup_w!B#q2FH3f=A6mP?;?fGZr^XKK#lY!}m(&ZWc)$)@Dt8x|A z(y4DJ6oM}fIwbO?-5nQp@ilxf2m;f5WsbGW?_y%~r3`Q5*`mj|$9r9i#{O4~dNKD5 zxX>eXX0m^!o`g|3QNkb*riJV&;Xx$>q+tcKRA3PV97=%6Jo+gBq9_hqhUVf~-1t>X z;fOJ>JoBWdxW8(|r(qDYLG6|ncOCQoksad_?+iOJGw5%tOs?-Z@=Z&1{8_a)c9+z_ zAcBeT=iLwu_ljtZ(>ejhw^jyqXPrD7!ve7sB8%Xf?>0mm$~z>otN`_-;LKPlp-*Da z?@XYFE`UsBhX9|?&?Z7I$xH^vqU&$=M82U8lX{c_g5LK!`F;gA{k0oxe?w?~7g!~< za80vPq2xe=r&!i19AS@AW*%H1NvjM>`D5yl8%>D--!NdF6-v(yt_-H(_*KZX z6zJc&==IARp=RsEu-c$+HL`y$S||HedhETr&bGeRv1^8^mPm$=cDG&X_NC?Uj44;={Q&~n6^Fqj=ztuDDGeb26E-OAecz5+iIhv+KZ3># z$UUIP=T zE1)hhZylw6Nn%g(3hXk?(Mu8OL$$F{cy8&%?GDimrZT+JOEM3 ztlCD8dA*7xD-h<`)+~J6(5O6qD3m$VK{q1G&v5z*+@EETKS4#cZyc=l2#&QuKIL#i z+s|N(0RfL;7br8#_dmY;qgUSU++Qi0mEa&F`V(k_^O&O+*y$blJScPM>@{%Tx#}Q` z;YJFas;>=PshWNPRg;CA#=(^cfzMeVcN~(ftifzy%r%!qY#Ox5 zpHTRCFx0wAfsfjMy(=-d_QIg(i&}b7s$ZbvP@R0vDkriwOwTbytWfwr@_n(;LOmK^ zmO8b5^<>bT;1AVx3>**`$|&-D808B4Y5IfiA1KzOCk$0NfC9!-EKGVx;gPKOr3>kM zZU>6EYbi2Ka-FDt7d)`EIV;WL*8Ei%j5jTaUlP1@Iqc^meQ88I|Ec*op6p3=!}Xu~%tJHt9k?TQ*&|+AT-#8G%^v^eVk_DzjTdR+!K9yckv4V6I*C4|4))v` z)4quI`DT-C#E|0|llLeSO{d$fLv;nb>76S&Jn6JMx96u09^RYM?sAGN%YK(1B=Y}U zX+~q(3Nz=1PZEzQ``~?cWiI6rM_G81JMeXB7ueZlm)&<`e}|opUK$r$u50F8{4Iu! zADhyemJp^scH&!Qe{^kEWQo-!$SAW8-C%`0F!H}S$!^eb#GXGpM zPyb1>bj+=|9(w zb0~8yV^(c~Vryh+YiZIj_>O5hFQqhJNeHf=9Bm`4f5F|ze5sy6=F0|tUYU4jGzq9HE>}*`L_D{2VAm|SGCTQYkh+o*`wI4TouHVuZ zl#vUjB+m_-!1>0os`Y-@9mNpEyKU)c&}uTUPDYs!ggDg;>x6xb-5&jtg|P7p#V`S@ zCsrAM;Kdb{FsX{OdOeiWnq_*QEoLPc59*0qkW^S<>9bN#=HmZI_nzxM21Ka=cg|$< z1d%15XM6P&>l1{BD03m^KOL!wb*tn56Y@ue2~n?@eo<4U4}d@$r~V0%uEN&GZm22K zz`{FU(l%lXfmH?+B$$emZ{uH~LD;?fi!@hk!Wy~QQ|F;w{S&&pyux=YUVnJ@=3V79 zK)Hq7zdhcCI1eY#bt^|efDPBrQf7m zPpgfHCm95V zA1h7ewS*gpoQodoe%?kE-Y^eSY z?ydn)bbMmpY^kxg62SJK%I_^(wWdO~m&W(dWiKajE#uZ!{r`yjVFJ%CWfZr1=f$Lh z0NWh9Nldb>yI?!r4k7mcMb_V;8&F zL?j>RO##9r3bvT;=_Lqm_+S6ay~_p59WlV&z~Wr=a_w^BTq?F1EvEN>%lWdb15KR& zJfG^+Ovat6CCH6W&D>n3L|gu&!=Ka-u>M_EoB#Ko&i7f4@5K)KH^aa*Y>wYK5z$m2 zQicjAVv??OUQ<6JD;-%QzMa!dx4@ zbtv&&jauKoomPXtxiHDJnnTse$KuDRlnZ}EstwRvxQhNqZ8x1y;--VmpAIQwHx2XB ztZe(UQ`bcUv1Px=;wR%o995e2@MCd-+ArtcDKs5ZRQ%NK(=@b1*DR$o+ljzmmT^#_ zEjP(V^F%)R-;=l`#%7w?jWf6{VV)om_TnSwYFz(->-b^A}+i56P_KXQ78@&A_7 zvCr_oeyl`ZUKyKh6~6F<0BH%P!U#2kVx{MahqbP3O0XD_kKGIzt&` zJfQl5zwf?J&wbHg5^=#~Qj%u<{PM>CS}Q{)`n6yIjl7?drYU}KQ60AS;_?QhSICwF^C7hlb(agOINb$3XY#_Hay8NG__oe#&y zw-=+N>ZQZ4q)F3iss$V69<|)|;j*bl*AzLa&?6?^9`AQ=mxpP_>ukogy|dS)wXw&H zik)r!Y~3yapSJZzB@4CAR?&wCQ+$_qwQc=Rqygv##y?dph;Q4l&K2$p5FLLWUT>$~}v$I=!H*D(o*39ZJj- z^O~BBz74_jFm$8@Q0L^$u8>8qf%fvZpNK<+SM{2X#zhy`1In7tnxr-n$ykkJ7|Y>< zLsgIJ5sJr}lz`Dy$n4>y+3FUQj5stw8a-2XD3^>0p)()qgvS^3mLo5EgPq{A)`qE) zXuGu4_QbgNp#95aG&aT?d?_U3l*A|nMLt^}t^4z#g%uo3Lhk+#lA-QB6^ zE!&sm--M3x!`{U1)d~JPD3n8Eg(=Ku6WdH>)UCoy{pk0yS#~xu?s+ZjW}6{X0!KEz z*VA0|z2DFje4u$LQj_YL&%j}cGs-iStN>|Tr>lp?;iwIJRh`xv_%@!6$$$^k$tDPc zvNYTDuOw^TZZuNME`%r>DKXX0u6Y~Ynpwl-M`4l;Ty2GRF zkS~vr`@G5%d~3yrhkB#OlbsaC$2lS$75J+21>rkgD;-g@WK_mQ1L~j;FVX*EZi*x9CTLmN;*$Yiu4?xrd(mM$hB%9rl?TOFA9gK;ZDc{jj!~gxC6x~Po=O; zz*d2xKys8NqBycxRKV50FeWZb;IMG$sDIEDj$~SzHm>{tv=`z66PHd=F5_n?Uf`BV3#yByE?dsaa~Lj*Ew4O$AMyp=PtRZEQ{Nnm z%j|s3O!ph=#_yhb7Spes_;I&Y=F2HrJF}AdlA5~JoAIblu8jVqY@wH8x#R2F)K7`~ zOuPh%NuC!MBs*CnQC{`lXqy~3d`K{`;v=vqB_GI~?oSuFocZ*nBLgZ2vQ#N9zZrOI zV62TFNi^m4^~z}NgmW)I4bq>Px|U}BLSZ(fOsm+g`Gy{#yeq}3w7j|p#s8Q>dVgPN zqRZByRaDKPmrS|#d;fG|(nt{{DK~2Qr-kmaNR2w3uwZ`BJaNS~ZOMn&hjXPT6_Wo} zd(h0qmMiU^l%bD2frNy=#H2sqn@Wjv*Lpq!;ZF`aFBQ_Jub);@bOAB5KHI&8@HFpR zv6&c|$^Lce->yyo{EMmD`1QP_b|drM7R~TiaYs`Z-l59ad8E^l!jYJ`ruyO5P`2Wz zRe6;MiU=>O1K^S1JSm>mKVq&F8}_G(Lm_;s2V<}DoR%ua#iDB!7y#^l_kc=UgLJBL zDZ~inf$nDH=@{dqe5TpRwQylS|D8&zrUJ<`N3-8}p4!w*tEo1dTV@SDf`<1?Y= z^}G32gJoMz0;PA0LXkP2T27W-hYkC4@$|Lf6&+}7MA4;7hNZ_&HKgcH+h;=@MSzRBExWKt#&@ZT zA*Wup%rO&VD!o}#SU#l>`w<7%&W6rAx+d9*5p3tltY)dwD-aDoAPUVTGh-x4Y0p#25ki629gRMYy@&Na~Tm6?oFsOL92afWmarNUvqNB^bfRVVimDX=2fc8`6mI zArjmpf=C08sQf5hh_J!y^}yGGc^Bxr*>H==ki$R5m94ExPr5PIg}tu6we-H{5yMK5UCMMK+szi91yQ z7qkVlFa?4}g|hkd1lDE1>|qPY3ar0Ql!b2viY~T#J{#idxUKo$cyOGi;yKf4y8I9O zRLnzk6IR@Zs6RcUzy)L<^mQ{Ewy~-iz&Xyo5vAY0gDCYMzc)N+;O)@<_HZOK4PS`Y z@3e7+R)9Tg3ZvUt+^NBJX$r3pl8&M|(Yki2?CY1Me123>Ukx8NT|r3I#i`y7iWPrT zCWC8E8$Lcf+mv;|e0E`hfA5*amY&ejYEy9~&hQV?xcC!8uHA9JFE2e_TAZgS^tJ$> zqgYzNY8CnUCiMGFDvr=a)-O@TYWl&+BOQgP3lxOlGHQ1=+Z>Ysq+U0e(WJfEMjV_; zWQ|QDdC)$MW2hqppRqRkuzq*@GJ_UxexG~7TyV6I`d3*Un>WtRV#pjGQeg4bgTNshgMtkiE8iD-p4NM5&tMB5#;N0`&iIm}!E;Wu)^th##mWMvjBdDdoH&MHV z6!vT5cH?Rx6`<6b+pOl;P%tpRC^Lu{fHS&dHN}omQ@_1!d~~dK2?l3vZ4b1*2C3MK z8R`kKvx|4XMK#>i7ta{W<-4J;W=<%xz6mj49AY*Eu0PPIe)t~rR0b=+s)PA@*S7wq ziq7Vt=+N6#2S4}&FR{t4#xKYo=SbTL#H0B(b4PWB5dnZ#s7^$0Za?$>X#IxLLGJI% z{F%LrBW;QR6#HazUn+gMe^ogQ687)N>U73{#P|%&9exMF8LSTkbU&E(G|*OR3_nJp z5W@xYVsvSB%7|UZOicPKB6EMu0Waw4+qq*`s5TfG=L9r2b*CRmN1hq<4iAheW{eM1 z32b-_Z1R|S#3ITB-Yj}4eoTAQQu@Top#t{-P;PE|abBjY2%hY^&6Ck{BGe>-@6EZC zIOczsWI>8NK2lD{tU1%+Td1EnvV1{E&+8tx4{l%)g&v*oKBI@>a-giptdG@RPtiH# z3kYSWbnLF-L8F*+$duayyu#rTT)f$7Zq?O6MU_mElu^?)(a-;5(|=H96UCfr36m9a z#o9NZ6sF=MJ`+Ytv{lm;QY*iTS-P^Nhj%=4sCt`P>Y}ew(|VdVf#zFK$6rXPGQJ~d zZ=-eyfOluoLOZMmY=Wy@C*D%~W}0Em^&Fn*()f z>|ylec|(2g@iTgF2gd}`)_7{tt=e7vtEgnu?e^xo(mEu3DA``+qMANmIN|=ra!-_%~croIfS&P`6V4jK%>Q?QY z-@q&_h#kchd-GGRFccN|>T>LtACYki=C%XS77mkv78Vxs$>ilqXVen^G4af%_}8CV zDfBE|tgU1WUh+*n`^EnevVm)d{=Oc#M$E?e?8)Kvdwcw{!;RI)qgnmpXeGlHnPI|L ziS9d5hux;hIf!_z^Knym=0y0zW!xK~h;DTb#)D`#Z0C;3Fd%iA2bX0P2!`QYX+QlJ zZuG)7*~&2z{&s*<7DbJ&Mi+J;#D1MI8syIiCF z>cPaS2;WTsTeE1V6+lg>N3`~9d1Uct_w@?IQnXA*yq9f4H3P%olz4MISSS9ezlc%w zs&)Hm?LCLlicfK7kkYgzaWhwlfm9nCNL0|qT*6U#08x*QQ}p<=R!)VR=!(iUHQrFk z{5B9%EMT}Iu2Lw%Tle5V0MpU&yXL*#1pNCTmMZ0#TaV6QapwD2f%flt?lSQ&{dxgr z$ywjvc>?Vrw9f2rzo(D2dy?<(m)-Z8k8d@C5jBRz&9>8rEV~ab5m5YC3nJy)U$4O% za~ToUd&zsc%B;vz#`URrh56`BUP-5OKy{B3AiHdUUdwA~Cl&pzr*b~vV|_U#YT7fc z#qlQe*O?VPT;&@s0HCqfG<*e_lP*%PXp2#dY|K8fU<&f3XfdNPXKWP(N^EQ&l96YOPL#wE@-O!LZ4gs5A6jUJ`rH6&f8AS&yL3D;fLQ=&{4DVpHXy0$P?n6BcW zkd1U6@sd?lsKLQB@x{Tn2Uxg%P^4^Tj4QA>b}ilAn-jyzXj8_b`aEYASu0mXvC4U9 zznd5JU+)_CG0HhA<Q%|ZdzL6&Qg*I_vJ?R ztJZG7Q}?^bpJz1#*HD*4sQg3|xrhY?#XGM1c5JKJuj}Xhgfpo8OTe1j z2R7@{K~(E_d^D7$ra-$Nl7z!{Dsw+e$bc1H$W%j{E)Y2ZVtut|5$PSq7Hq`psMDFKJ9fSLaj0*~b)<`+rpG zQdyLu6plHoK?$aQj3_wV@-b;_#9s%oq#3@+7W424dz5{Ie%8ndxS65`37-MmGS-=i z@_odoQ@ddo*TMEgs2KjXIpj>H%KaVFfK;Y0Kig5>e`rrZ8U(q&A5WjFIeq~z6ZuSf z!@2=cg339t0Q0bS1ge76cF=acN~~Pwy`EZJfH^nlb($-hx?Y(H_8UT7wh-UCv=t;N z8LY53kolLFsT)0}j4G?*NK2+p`j*Lwrd^g6HIl(o|Doi@(u*CbRG<8HRSf{U7H~+nU^=pioHb8*_T~*Q+ zF@2pe@#d=K++=*4;*-6Cr3W)()>rktdvR4YDpJ{4V8a$A-Iw+EKyr_n!|zGi^vek@ zOzpP88Aj*1v}QG|TfJ=iFyza5cxmvQBd%Csjg0cAb5nroO9a$_q%hXVfjZfpl;&%) zzH}7b4;_b_YRH(|=x@TH%U^-1tN>c+=ajBrJtmT#Gl)h`e$<9=ut>#$;28e(rxR=B zlv3ChcGhfX8MJM7h`U#v#fx#KMxU^U+t1JQ=`MxPhc~%`Gy<|=cxkoy9qAR_NK%0{#c8lYy8#OED*(L zAHUnYsTRwbJR$>a)w)-&1(pKA{9x0iuQVG?Q!XKjHm!M8dW8NM6KZ##7zTT zCg(m1LnJvw&T`6(tGm_x9`N3vp0d)jlz&AK0DTsC)!&Wa8p>@C3Ga)mlhfttcY8eY zY&TP_*NvU2|GnIbwi@Wb)uze&*|&oVCJ$BRXV7cpOJGSL&U{o zK)3O(AG~@aau!Ujk1%jQ(K4g{`}*VV>NOre`)5)?mQGLG+vVrc+S2<%N`)+K zk}Gtiw5YuP@?EGB;6?j9Wz zjNJ{E;{&VKhrjWIFyIQVNP12Nlkdr!qm0wvXNEL4;~x~40^JyDds4?1Q}St8#iXb;rN*wE`50AO}=h}6PENlQclc}myj1zV=h*j!F`+K5X9y$oBQd|~#> z_ip@MYfUyec$`IDft7%=X56W2QdPfiaYFF$AH#er%KD?45o$b*U!8joPH_9wQSL)` zA~fBHlDFnBXlt9}B50gt`}LRPzgaufqG>9N3Q}ViAUkAr_`*I>cCe z5ltdL0F*9U*v_hw0Fy(Y{|A6p6KeT?qtfNV1?$l;f5R=$`iqR8l$nDw{}52X$eBg- zlJS75Ls|pJ;nlby!eNfV)*m1(P4-t;jlIxY={lJ?fFQP;s@l>H?e)V-Pg+gAO0+nr z>eJwj``1iT?il_OswwDhN zJZ*lc#x|dVT6Q+;^*~IXNDAZG#r)Tp?U)a1f||=8VS5%f|3dAo^;4=RJk(dt;V$`C+wx(oX;S z6yQ|DWX2``+>hkB#OCnXX$=h##W(w-Vc{2euc)pPOoL-a)Z%7MuOlK*l$$)t zrdgIMA?q!(ySHSSqeajqu)>8}4kOLP*cgrfU^gY(kb{N|}A z22$V#iPY5zA1;U=@e~@ZXa#grw#3<$xc?EJUf_vjmQFzz~rCJ8Z-er_$YYO%?SBW4)dAG zCg1-qaXW}U{1J>k`|gdtYDRVhzHq+%aA!v97m{MzR?80gFBTY_py4FRY5^SQ1i_B? zrS_jG-3!&Jv3EO^DBmaeZ{6pI^bf8Vf8*@b+0C<>%i^-og?YWgiqL4H>D)YnpkQ%JSnA3xq-f5a#k04&=aN{J!tM$M({4( zZ7#aHN2;y^tbM{czwdx^PL{; ziN4-bf}xVhg1}&t%F+{-=epD2wcG}c1KX$rF57zxDo?d7=7dF6wzrM0Jo9nClpC@` z*^b(52J&9;PDDL$;%?W*?@_Oog997P;AWB96Me)4j;p?>ivl_RDrsA?yb77$7H-VG zd_)c=x?kGvdpm;mq4Wy6>$6<`C&m2SOIL4nm6*-jvH~_e?L6I`(F{~a+1)8kc@#34FEi=2XSJN_Xl6eiqiX+xhG0b>;S9{dRQjYHeIvN)(~vG%V$zH%=nucg zTzQ$feh^ruem6pb2cBD}<(6fHR9;irO5+e!OFNpEQVpSFL}X#af(;om(E-*Oc#7XZMzaYzS3Rt zzWMR&__xFvv6%0EJVd#?QIq@qHr_rvfa>#6jfwB^<8R^Ki}m}~&%)2?<_65X^f1f{k?z5d)5W>}g$mxICMNoW$dv^6WbMK_O@u+u% zVu%_v0x>25tV@i2M&JZxfh9nU1(gzkigdwi#&*Bmh^N5Bre`W1pU{ zudm_d7bua!KhH?JFT;nvGTABTi~EhnI#p-kPei=MyKH8|FRN^ z`EOEMineX|JAX+r8Ts5)V1btvNmI8CAcH8R+mUb&GeIyD6a*9hrIWz`@#PnT`#V49 zO(!m=bfuxY96)UXMB(V_>FMf>>a#mdkwxj~ZjMBYhyY#6&;WT=;?Aquz>ph_{QDM! zDNz`v?LrSp%3fq_vNFZD1Zdt53E)J54HCRtz5I8aEblKXwTd z`e`TY0g-xdwH63SJoNFx>u9KfK&)o>47KpPQEf!_Q3uhCB7y{o=L^@t&fPM8w(ZKP zd2i-l3sk_tmONGV(b1!rOfzdA9EE-0pPq%egQ_@V12|MBVWXBaQuQaqg~r(q_l4Nm zt*`2B9_&R+{P1IRlwX3qAaW}2oXoQ<>_aJNiVv||W~rphXAgogjGPyQUnk#Z4=SMY zZ?W%?`zuGXuTHdBJnw#WI3Hp+a||Ypo3DnGE z71XMb8iL5!Bno?^LjNw96OHZpuDL9HhLteg05M?!LJL~ zuw1yDq@O6VP{tq`?DPs+ncP)632JNjLr5m?XD?uW8yzA$oY3ObP&)&k1YCxe5|Hs+ z%dpF4aGjwSQ_SY$VmBxP|5xq!u*zVtIV_VuAUUif@!=N%b2?d)sjO%_;RSz7he;As z^O>;+uo69+cN5;V06@aej~p#cYh%k9?R;HR^txBlQ!PFj0?rO|e}8(-jHj5R4noq{ z!6G0$+lJnz`7k;YlKG`{GVG4hv0X=O{;V_fnGaCFfcG`sWqKOkTgQp7HV$j3O}VX> z`>PI6#HiX_GSek~2ZYO(SJPS_pUI&^@+rF6g*<38 z$rxhR*yctwc)5+GS*06@@MipDWRnqUPyRD1k(_i3A_~1$bL~FT>1}u`g=n}y29I^A zmtO0k?={-d9fWVzrN+KE*ugX>Dh*|k_IR-c^I>RFI#ZN0&BQi#zmzXef~ZIn)uI2q z-=I(`D60XHI$xvy_!j5FKevI&4C6MX_7&7qg5zA~3;qse9uesx{4CLd3Onw1uSBBZ zIF9b9?q>XfOh6`VDJLd~!GaCKlxKp^zsw7mR!1Ls26uCOwR=*i_fKC!9ZT#$i7pZ|uE%xMO==Nud3@SI4CNtz`be$4%H?aP#k50v|G$p|CzEMNcJyW#`Dw|3g4Z zgJ4Jab*`eGt{ImE!4oWx4DJnsI&gm_WdYHEc6W#IY*2WA=QyFrswm#&RaHwQrpfH$EIqrzk7z)(Yaw{4 z1UW*7>_=!x5r2$Pcf&UcCWfzGcMZRV5+nYxd&$ap7nE1f>|k6pYvk)Cvnsmi?!A%65|32 zP8zx-%xUsHpId z6_59mgYX3M^ZUUluuy2v>%Zn&iB^eXRgE*q5f#12eRxG;lZRlIB2$U;&JX>=M6INzaQC z^j<>M8l={5U zW{U6ERMw(Atrr9-4a=RAP)MahXy8`n;9X1NDvR&)fbsM4yvS2mfK0CHXqFX|jTffK z2dqblZdbrXr{A%}waDt&1f)`L;2bp$72nCxI6wqbW@7Uio(86m?_fm&=S=WID)mjfos8me)~}!lE-S=h{`JsULuJK-u}y@ckm*D+Tk5kA4p0~3-V zmdCIt;D7p;^B(=TaAm89Zdjgi+wd%Q3;`YRRwtX5T!V64vrMg9l-EV0f$o&$?zE~d z$f|9yQy(55m1n%bj`d|yLrIJgnPgyn8mp3s`A6A3M;s^XwFm24rE%<)+q)#@TC7R7 z*~(L1HfL8swNu%4N~YWvB{EhVP#!=f8leAkKz(PJ~Il>uFB$=tRPisl#Dr=F_uNylRsjcN?r&le=K-?@%W!i5#t&bjJ6} zumzK&-5ma=Soa@CLUGA9q6JU@!QWuBP+i(Tbw`%aa z2y*^$4r277D50ikB~XqUO&m5@J`Acd8>cYHUXst{m0>nsn)GMQdPDfufHFtZFjGhs zf#wk|@njGsOWkB|qP6ItttpwC`+zc<`Jdc(NEQN>w`~TWHM5Pni;iU@?kvQoM^T zh`#8YDjI9j6cg+Ze#Bghe8AV}{~UsS{}EYcvy;zN(5a>D^hor1NoJPny?IJ8xo0TC z^ZD=L(tOs`AVpye&(M^<1%s-d-US z9s*8IgINb@r6Ci?-qwyCOC;2jge&Soqoe_|0j-th-MgWg#6?TR=q&e!a9jWi8vwup z|7%%M=m4_AsNU8I5FWlE)0`OSgsQpjL^|M^t!uEFi5$N*%>Zs=Q4x*$1NE)YSULr; zfz#XZWMZa)pcZ4|CWbyh+b^UlN!e9B3Q!fIhSa)$sqp{xf8~;juoqyRRdCkWqTISG#YgRZ|JpNIpO#M?aO;{ zsQ`B)M1i~e0P+ZaE?QgsSN}M67tHXrhR2`FH`;yx?hZF9Ye{p=c{OQ-MG#A@yY-Ns z7NBe~MP(z}V>d}G)7>Tmq>Uvi!**i~Y>}?#2%yTH)b!2kzjyF6h`Wcd{bu+DfjqoU zT1vch9h0E|QSKGq-(mou-NVqij{Ax>WWRTlI9`Y}fF-(*Yj9qm1D_$Z2Mm{k_wwR` zyS+H`Ddm%BWcLg455o0d_KFa3@c|K^YW^(|f-h$S6u=0$KdTkR2st1fz`-|LJG*O35IU1CMCg51;b71KD*-L>J~sov}<8fZ?#PdYf(#DlMwwVx@0z$iK`&TVV8r9Odgntsa&}6isl`4M#-i z5c`VoUWyb4J-K^eKCuUoaei&&ChaagdK0x2lvVnxubY*DQPzxhI>#oh_$JUu9Ecsy zmS40R;iFCpA5U8{p3+#5y90*Z(cLv0Y-a8bGQiCoddM*oQMcMDB8;0ZSdmMH4JMwh#><_G=T$g?hwj9(Bu0DYHAB-tRD zMqC;_S6gDVI=Fk8DNC240!?W3?x(wz+?c+WyK<9l1~n9 zao!=Z!F1tv@#ilLhDI=Cj~puZc-_n&szD|8m5dye|6B}DY z-V>BHCmGwVE^GY9rrRFEPb7yJe*+x-;6Up2E{TPd%`ap9A+nP?7weo zK8o;2((>VI(-wathBZ4*V4&BjV5C*+b7B1#fJ02P?Qr@$?Msea-jjLTOjkZy;a$m6 z5Dx8Kl@V`NjtM5tXb6|UJdQdQZaU4uawPQba-n@RMXx?t0d48-+jb;|7fk!si!5v4 z?b{X%Dn}5fzm}Ftk*G*AS{lrnhdb2GK@rr)-n^`JbI1?Wk{)}+cId%#kIPoWG3#1B zLT*3RAn42OoHFb}#8_Knz+w?jLT@S`fwduItzOp_N0MZ>BHGG4fytU8X9IDY%TBk8 zD-vVv4kuJ4`U3pH%`WLJ3o8CnlG!#o-la9zdRel(vY9W7woGztqxsrMJ;|wv68bP# z%t{S)A~|K+Z(QYsMYG=oyiIMbH^3VnL9d?<_C3~*ag%*ftHe83#Y zhjGkl|6#<->kJ&8el}x}W=1Q=$pdY0mU4L7TMm(ewT<&CkxoUzN621#*Jzzu>*~fU zRCF7^kFZ14#2aQHfJ0=g{H1Q@&9C`jgdZE?Kr01;32en?IJqjx3B1&F{;u;6+oe-NE%yS6%C?OH#`szGZr z7C6r%RtXTn7!3eLpB1nav}ps*=1*+Wv@=j_gfUM_Fm?&G5cykekd z#D#v&&Akx4*Z$BMTBgv$lw|>4ZCKts-cdoLx-p!iwWS4KEt!C$(~>zyVZ}j?e@u42 z%a|t6cZ#4GBgTxnzTN{?zcFQMuj>i_+XSMH5y2|&NLdqM6>{?Rh;q;seI3me{wCz? zv*M3(9LFuOF`S`Lj)niO$lK$T84g`6SR0s3RRplinD` zj%gg*{}!$83q%&K2`D8!%$gN9j{r23+ zq491YZwu(Y%nD}H}L;R}KUjWh;G(xuV3FT9UuD>>7^ z)S_Tw48!qc@fJ;~x<@SUg-MPoGq*ibppG1(9IMnhIc`I;sxv9H=N5YKH#1^Qu!`Q0 zsD3y2c{phPs#&g$FIePKmoU>?l2ObynepPM&uJRr#|(wJqnB?rn%yn5*(osG_Xp_{ z4Bzwzo5dG8KW;QX-owjU7)uw1<1G2%f@KNXttv!q3W+j77DlgZuw$hsL9hMJs>*SC z_nl`(?0N0K2OIwJ`l|HNCY%DeiKzk%3B;?rg#)b;GeaMjZVNlf>W97fd3!y-##;I8aFkglEh6dBMQuzpC z!ILb*m*OQ6G_f!ojTk?+snaa$O z@YsXq$gts>r`gcvO)!|#oJizF+@^FAw8>EO$KT~CqP-u>G_~~W>4^TS<#XPf7T3|s zTr7$Gw#P#mlUVt5iFi@j`c*2m>o>usA5V8Y*9;9lW_dfFGB7BqOv{va-`Xd;zPMyw zQfZLqBr>Rjy+ST!RCpk>$GnL(#6XtV7!OOe*I*my?L<-_gPso5L!jTq@ArA2_=?*L zCrVZHhb{$M?qcJ!z?xN|re~GgCh^#6@jPQnSZE-95mZp3BM+S~u34 zrMS1~4MFwZ{m;QJHNjJch04b;?kHvkc`eh=v3DW-uf}fDFruqL6z31ef=SYE8hhZY^FmcDyAjYLtgb!;HhjPQW0FI#?&IwFGrTN!!O%bZC+2oDSOGAF1xWWN^5uirizxtxE5)dUrzPB z@4%8M`A_4fh#KRg)lxl}GDST4BajOE25=*dQe(iPWRX@$FDqbcs>?IT*rX&*2USUb zder)9N~{~q03s64emO#s-OTN^e3&+s29`sBf?k-$oi-J$azSbFJ+u6bqxVN1%gDYz^_#h62zc~ghM$DTHvkXIn{K}6uOI!(l z_~{kWCQR8`)yY3ZP|m-T*b#~VKZ;Kmz>?%yxX9ELs^|eLq^z-|GqiF|)Pvk7XL*6* zO%85yxIT%ad1@3s(+E^ass?s~q%@!lh9Ef%3O0o6FeHiwMUkYHxFiarAHV{$n9!VsC#{v@cnHOBGW&7@m^gx_ zSH(ScTF8j7=HRAsq}+8H{+{|jO}i@XK>R?;qGwxIF3XT?sGCVz)#cRew_0ILvlXsL z^_GOaHxYx(auhwI$)OB|)PME*z~thHj+f>*2n%gJlattBfM!&$xQ*XJ#l!PYVfy|s z(?wC^$}6(PB3H%YALwnECG{dG{^C(i#R?UqIE`hJCMJ|m;i|+j6CnS`yq;VRC$QJD zTqc8WH`%GIS%f%E37tm;@&W;8Xhs){9j71Zn=2x2`=Vf7wTGreTcJx@2t6V@i$NsI zdDVn)736Ue#zu_n*!OT%jyM0Gzipu;TRN+tb*5qh3A=xc)uEte^~LRCuoegum?nIw z#4~qsG=-7oiI7UFOrXsc3ZO()N3R3IhsSYda;SlVMMiThp_CEEy4Mz*1%s&wbkc3& z68Fre^q?D~d4ual?SBERB^G*lJ`#YR^Pdv~I(Rmiz&Df7_Qe@inO`t7YnPD!Wf-sk zMm;22&SE^O@%Z;VyErY_$TFyo&88)hx*&uPR%omlrxY!V5^qKUG#6aLrATcTHgu5% zk_pEs=Z$gUvCZE*MgJ49KH;wx+9;ylTk={m$Q(nw8awLIRGE0^Yy(_MxNssrKo$Xr$MAq%Vu8#hiu zRc~O6xC$ZBFbqhLPI9KIZIoFk3aox5rXQ4}K2@l+?p$)?U)y#YuK`a*oNsqI7uHIv z?qJY%)9zJ2G=37%N-N#SDCs!5ts0%Y3~OW&YY`A}>&R6*Jp9kL%nq7gZW*;|CV=Ok zrQ{A8TDOU~x4ZJ=hs9}Y-L}_;uIprd)Mk{zNApBbi>2e5jdvSh{eKxfAoJx@*IV!O zv33L7jDlKCub*B$x(c{YzQ8{l^qZbHf}0GlF^Q_yKUBSXOeFwM-B}+!!;7RF@2;

+SB_ccgOydU zP}CAP{{$qRp{J!-li#Ur7s3p?=kdW{t_xEP%Wwy4{n^yKRHd!|{{Y88IKPT$ghN_y zFSR_RY)KoHrn{496ylR=IF$VeGs&q)zejM28J#OT-uUp!^b2 z_~Dn_eY1i}y@DT>fmA1Aoxun>zM=Jy*4;>CF*4x{8ItLx{MVMTv5EPZENK^B{{%w1 zY*b}CLwR4GHq$sD!$8PmUm{mq|Mx=+$8zm2Ek8 z6rm3E?Z}|6_wZO7;6SJY{X9%_Vcs4Z_*I-eK+tXs^!YH&`8_{0&1l2%BW$egED8aX z@3oY=#m;gVy~=3Fx_O59648*$s)8cafnF=7IX$YIb6o*JG$hc2#Wc5hKNbab!Ih;5 zb)YwkX|CF*#U>wXK4rI-BGiGNEvC86`?mzGkU%dN)11v=Y|P&!4C(-nmrAHN;rmi{ zeJMg6=>1ZFdUGx?VPhTW3FCu$BknLOL+$g5sfM~`*BB5cfrWX<6rh&tdSkva%_n-G zw~PNOij>)11}>>xHrb*BcFWRo#I1V~% zKwWUg2!Pt>jboat@X0BR{hCjZ{yM}n$28}zkPW!!fS?r;=%r(tEBfk`r1LhO<`oj? zv16JOqF)ixR^4_$&{zk0@0jK)eR!tsCBa&LJR$m!AWt3_YQH~EYk)UH9q83#n)4_3 zZqc}t${JbX-ZoA>hxTGxTzKBl?N`}_c(0cbtc)h58Yxy}3k=oPXI)Yay| zy1C8!0s)@^b3N46ropRlWML{$q(96g)w|QTqAQ}?r zab%j?yx$QBv3m;iJ~GX1-Ulg&h6H*dndUa{j}){U1HF<=bDQ@~T7Ik>*pRLGDFtz= zf!<1{xy}151<{Z|&n44bi2u^s@?(J980N)P3AN9cXFhOs)V}i*HjRQR{*;i z>Ok)%)7)_sl^mP29Zmt-T=lnfs_kYyU!bRx4Rx5m(;6D=K+CvhuP4*o+P+WTHD5q! zDX2rN5ZCa73b*76xC0CGhBD2q;uE#>T50B<0zIQlbG80a)1sm0iat`!r%a%iR0egO zuaqC^<^81sZj&F) zB=`Zh|I4Mizn&tHLhS~q$J1C)%IYWrkne%AQ$&PsZV*KYFS1$6O``8YU6sk+w?di| z+6$;zKvH{7GRScPB6Mf_A~a3Wa=YG za!JVy@hO@!xua=o3G7V2Rat}01~FLFqzkrME09hf^czSVT%9Yp3JXt?;MK5bFBGena{1MvZ;g2qZ#$kfPAaotq=#5R0I zrI4|ELTe8U7YkG4bHXAd9)OF5(qSv7f32?G5FX)JghY_oQs4+57J>UBB%;KY0!gfa zMTlK-jXAN8=B}L{z`~*;`*k%I)po}9=Ea*sBpeIJ?zqzEPJA?~EDLJ0t2dOw`vDC9 z^YNj_V5x*fh^$%`_AE@!%=oK2*fSwZL#bk900OR+G%HDh;d5cIsBb6Yao_hC_qL>(4>L%J=Q@%ymwSOGR;;WwlJ@53UHMuqqTY{?D4hehD-4)G7zl3PG~Sa^xl zmfQq}Guq8JG9~ObT zJH-EBOKt}~ECP3Th(E%X+z@bY3RyR8(CotnzvLcRv~Q#_v9uwe%1Jdtr~ zam(fv;rAB>EO5dRy@T=4ZS7pY29Rq!GKHG5Wgj6m8S8}^FJtlKpfa~_4HgO%eaPkV zg}I%SSGoEGR1s1YPAbHss4C`0UTe35#cFdwk+hz~$;9D6uGDK4qFF_iPSaS1?qhJ4 z#)z2!ux5L#ZD_QVZm@ubdVS^M@?gx9!jZwr1Tl_DvJN&YW8n>#EW-fFaH}a~3|#1N z&Qr*xb%cq?RZvCagmDUl>%HME$wFw(F3}BIWYHx-YT8%%9NJ*g8w~~ zfJ?>*n4+7BL043-`&>d+^QoBzMgM!ltd}PEks>h?Y#Iq8A%`ub8$V@ zsetqyhBBZgiMBtX6U4Ji3{J!v1CYs&eQ1OsjZr3*8%?1AlK5jYnGEONV2Ygu_iwTrzyhDjE1kC75W#+e|(Y)tMD zRYbr-u^EfNeNn(7fCE9aJOSqJ*gDG9RBa$*NB|a809EG96|5@Mp$2acjHhUPYa+mk zg#;6TKFD)p9oQW#>duRfp*aYSrxvkMY^c1N>-8Ao;1(@jNHE{+Wq2# zU^qqb%p4BGKKOx9gUep0GaL@bBw-{*9lIQuEqW9wTekn{2%uDdaL%WFN(jHyhCeTq z1(vY`+LHy0ZPSa{q9^`VZ%rBT)-4}F4o8s5^5$>dt%M^b#x7C7+v&(OXCrclG9wp; zIP*Cw52=h(2ghUS#gdsTiE(iuANH+n887w#)*hjV0Vo8WB!V;o8F&IONfsk8)MyU( z@~hLVr=f+dC@>{p3K@V}HYWh)ZRX9HSHpg%^B3^?&Gp$4cq5KaN&LoBNV#AoRaPOf zVzK<45Drqp7#^t%J>w}%Cd$N6us?V#jS0TXx*t;%p@d@?vpvA(BaXGif4UrZMV&w*6l_$7n~C|j zsFnK=Bel3Jf}rNuSil?7ohqM#NbvnJGMmZlS&7OD8?bkyd+smbEcS1Szko-Nu5tS4 z(GmEK%q2W#c#N?A&T8cM9qY$#r}ND>IyH+)^&kdZgQ8wUh(jDR8e0g+xICi5lJVt z{$BxmLlK*1VD`az0tk&1JB~h}@th;Wl8gF#fZr29Qe{ddWT=b?9CbQ9TY#V0hpgx` z8VytibIgZBnCgvM~Eg!936%9V`68EmNR73<}zrG7ADHB zr~j-e3y?l|tt`!<=8Ma=6Wur6fv*}RMfMNgdY^Ybu zRhC)hD0hZ-R)k8;azn`skU3`t1TBYlI`%Zd6U`0cN31yJI(C7h4gfvLa2wJaQ1{a{4RACt(=tWoZPZ0r(RDgf-N~Y;3y*J6rG;&xjA~6TQ zFa!oVZjM|c=VFlZ*gu`l`Hh?HE<0$%T2By)l-?*i;Kc6OF)X1~)97aj1u>aS)Q(WL zsA4ww6fF!l6iLb$*#tF@?W2~MP00p$hGR&@5UZt9j76lIRSCihRN4-6l($*fVYM3! zCpU!7)Ju}=$x$?03y_;VhX{y|3W9gc9`*vr8`+Y&!=C8NVU^@s0GGLYckS`r!ojT^ zhZrXmd8IEITB1a-7?6h*@`W;x0TeW+lfj^mEH!&G6$S}{cbB>NpduLM80CZ8$3%|3 zz-Ww8&h~YPlKouz=xOO=e;1fzG$u-(kOzVZhJab7z|esk76SUQ`7XJCafsq%(w93< zkP4JY*%MJkQkXi!?g_oky=Y2;&>o;>;R+V@9j9b2D94l#$sJ7Q;$)PmM@n_W7Tpc} z$9|#J;_sdnDIgyswaNs+(e&8TKuH}-r*q=}P^1e+j`CfrjTZI}cU3txJG}A?wG=o+ zaMl`j0oPia)D|*HvOj02mjm0AXqzF^);5E|#s2lhK&W&GVDSPr#xg*M*oCrdosP-<-aDfA+WQtK;`STpa&6 z(7d1da&mEg_WIf_kh@TLkGMU+$ppz5Tk&SFx)5~3q%3j z<1x$lrvc(lDm7zf_5e6y@z)?WGB-~MK$k;=wphwb*k4>*a+=)w`1 zyC9f__Rf-IoN)^yweAU~5+wCf67|GN-2cY()`LmZb5gR2p*dFGoH_61a$Z`rVJa`H zeY#``nRH`&>X+UAUbY`{l=Hx2`gnSmABMA;jk52&6qDsUD^*>CDn@MAsDW}8Fk8`L z>dN`}_VN$qly_3rm*2|?&#c*3d?L7Z34Ethw;-nEUS=LdFjjk5;bM+4ieh;baso7i z@g0-eL4}|sR`1kZjqmWP*;EshAPQrnC9r)9;FisBZ-sXbmx4E z5^gk-SQA#IDE*Fs1PNgV(uLVna`;Qi?IGBKF(c-S5`6}U|BM#HAW?KzmomV)R-*f^ zDN}wKtJwQ^(FebZ>SEa&wVyt|B=SL`3t4R$7(o{^~aa7iU znnIQiw4n5?ypDKxc{~{W`sV8Ncd%oZvFGl^yQ{Oyi}RD?!P)iCXTSZvYgDMO2}ehA zFoZxP*T#IrIOay3l*Vw3rX-GpIAV1rP%Jc>AA4GBOh)p&%%m(wyDFzlp9j|j96s(J z^bhnwFoS=Wt40k3MM^i%(4E*Mrghn9erhB#CMp9n%;XBaK~StmwkHZ^DwvUgLMA-V zfTc(W@?`Q#MZ;<&2)(oO;1hyQ-`t=v&(lnHIz2FCI+5(P^bEwZiWobo)*rfAX@|0c z<%FjzsM`>AQ{#)GWLHbHa;37WDd1K&+6|@6>em8MC|eugNwiHzaNMUPzj-XQr@qTi z9#A~ZJ1r2tJVaTv>$>#d2j2~GjY01KoYzDNnU!5>hxThmSXDm|<#ZD7;s z*tdH?l68fnBe|L=A1Fmhgp#p5ATS3Bx)&QmZpA(DOzcgwRS(rxJ=YshtLyiavc3>a z1&roN6e};?6dH$8Y@eIp9_H5y@_Nv|1d#S*djQ>`#Jci>nno!7|DNQLG=C086hSFz z>dOJJBbBSegZ|-R|8GM%bO-$>2mQYdcl#Yp+JzX)H9g3Qz1GW0Eq%&3MQ|q0l)np} z9&+&C9{wmrbW9Rx$o6|P5c|4a_LqDh57a=udy|0I9h$dgP|Zr&2@{Q19yNAT@esj4?Bma2{tazghS%GmP@m zF;7%4!8?%?sMFZ%D_ES22~COEN9r~%yCO0)Su3<~qH%m8$+xyhAc>LgGZHOJnQ_OQ zq4)++G=Vfb+Ra#1A46lZ5n3VFpPZ&np6XU<&{Kv6N&t;)x$2g$}g z$t0j_0{&A?ewF#K4)g%-5k>ay7(VSk?SD|>DpnRWP@YGE^GG4b^4e>m22Y;bW}2m5 z-|ems9C`7E2-z!RSXqgEvF@GKvG;Bu%>-hS6xmxn9CFZRFqy;H?0}x!S^H1>PkUx? zSk}tEpos7Ey^9bO*J)PsKs~9u&j$X_YT$d|*y3B&4ZI4askDwoy@CugU~#>IYKb9_ z5l8Zp_6CkQp(yHu*W`W=j0m5Cl;W9Sx|PMom?V+-rBoY`B8wzyCA1YNyx-~R{iRK& zR|;Z3=W5Z8joH)EtRxP-`dGjmvMk+ z;+TL5mlf4@&(JK`GBc(=oRE3KhkaT2*p(qIs8xhALMJf6{}g016PT2s_{b8xkCgEg z7|t2W#mYkOvX)V0^-T@Exvy-2bT51Ti-|auzw(qiHFiWwEF0!>kjmjMFMr6rPxjr@ zFXvWAjvZI_A}Vy^la?uBsgNJR1vjAJY*Q zykJiEsuq(f=&YxHr*lFQhW;@}$yiHUFX8z19@2;v4n55sPUeupgd=&qogZNWU`hOk zdzp4YF`I_x)0DV)CX1b~W_pGvlCM!_G>}6fL8vqeQY$io#d;Pw?0YCfR@(|~oJ=TU=FVXX4XYFN!Fj?sf|019G&e(CxSv8k zWqL)KcT*x`Btao;iwWQekdffJm{LV*yH>G()Rl(Lp&hGObh@kuOzAP!L(%zOpt4zYJn635G!62<$6Wh90`-l|xstn58O=WY*53MP@u^s|_3- zmG~kF?(LtMxtL%w)}a`pd#H?1=L`YSi(%jQTrG>S>NeL0xe{N%AVfbgS4y8#g8YRl z$cb8q(%yAwG*A7GF^9YHsydCLyBGj-s3pOxv*XiOXKUY;enSzAX2@cApQ*W#3cl>J z!D6T!rS_iONyg|lPi1sNg2$xXZt`2jB-_TVH3PEGcV`DvPCy>eO^o+Qz z38(LqVL?5ga*nju8$&jR5qcpvLcXVRQy0r|F8!71k}8_$O^!j1@u2pygDy z>+Y3_iYX{fn*-3yGGSNBy;5Dujtte)AJpD4O#mVH_1$YPu_sA_ z5}vhPQ`lH7hLoMb1Wr)Y8!e8cR8v#bK~0tu9G8KbFH&@r*`Vo{MuB)u;mr*mt1z-h zK*vqfg`^%aN4{4(hNi+1cye%XaA>_X3fS_OloC$HBt8PyCzsZH<&>oAxFcnJ$Ue!G zl*d^iA&21zbj4}ZH6#OE;4w-V5?oulpm;Ln;D3)vy7({f_~7vqqgd~BbUB;$0mwTYspdP{-@m`V??VY4I-OtC zX_TqY#Br|FCNhE>yq9Kk6RJ4@oPc|Z1uM4)7`fs1kfKh6nNE^n508OK$P88iX}b=( z#{+Oa=z^EWgY&^&=hyS=pWgg(4Sqeox;lP+eSS6oZ?3?}o7bo3*XM6u55Sur!13$f zz|ZHePxk=A(ry8LNF^Uhs1PP&jG}&LfRNLO=Fl$=7MpUkUK=B4|a;EyoQmM zPf65~kwNucbqSsRe|*~KW}YM{HkyRY6ixk9dV_tbhLN5FtMzekaB%Sa=~Mad!NEcC z-^0Vh=l^l|?BMzLPY#}c|MdI+ICy+;`25L#fP=P?^*wXOA^neowfia}_k}!GKvF?n zg&;m5g07uA`rQryX2Tz8LM1kQ$2pWAcVL=kKOgrW_n&s6Jn_R3I0hG5y=JM;#g>{- zGMDiew8=qCCU~5gIE|d!NFixoJ6=(O1}gST5}DCLYsveaDG{`Lbq!hvj|JSO0b3Ow zk^3YjFk<^LnGj~a^=6RX_S0n2xkU@G%{-A8?VX;% zv?D;#GKQ$Gjv#Y(05GR<09GAUP4}(i`ikb7YvyGH)wj{^D8@po5<7S9Y=7$2{PkJ( z38DX%>)1+tG|>Np!{;UX|Mc;*uk?Q#&o|$I0?GU48=yS!Y##39eE;NByHpB+E~R9Q z7(=Wt%Ku+>i&GoW zO&9FQ1k>G@$5&nP|Nnn?cNg^j_@g7C`S`JC6z~l_h$^Y{te_}5m99Jkl_eP`lk-VJ zve#$o7Lz1O*`z9=WQ>f?VFvkldZt7~!z~*P$t_wOfsY?S{}wI4AAeXn4HJb#@YB|7 zV>$<{M_@&ziAG=B_&F_!enc1G0sLc5I4XV>)lm|e*Y^ldru+yTcFc!fc^;>bMr+NZ zXkfGRsCp1p%yASxjiQBtRvldP`fru!QT*Z?H_@Ur1n7cqgU8SU%M8W08DQY(MLvRE(9b_)WlMlrRV1FfpbY%# zr&2x>f}S1O_Z5SZj(nDPc_i2MPH}$JMMr<;47nb~UGM-BoJ0cM!vmK>>Ajo~4t8Yv zd27&ii$y_7al&svw^nEWC)Tw`zSNy{v=vG0x3_4q2fmdAON@VcQi>3Lt7yBV^SYjw z5|=u*R-LT8&Stku>@I(7x3?>uL;UmEmHElPyIt$z5v8=7!#A1DFQTX5TSyKNqhG`aADp&(l zum3qbeEjTbQUCMo*;oC~R-P5~KUM%)%UxXG1XWTjXXS|VNM97@M?AjCIEzV4Mlg0r zO!1@LhF!3xRL?3VshaiMum}AU8_u8e+I`cC>7cS@o3!a(+UX%kHq`+VDM=}Y99d>l z#!)`PjLzka>}VcM5buZ0nMxJi&)aimj-lBdq9!0_k!#ST4s-wy-HH3B5+Z)Q0tJBZ{9Mfot z@mqiC!4&7qeyO3WsM+4A9bcYnpN7D(gDEx@!iVsnjUl9Hk~#Y?JBa?e?G58kVri3v z!&t^TJDzjG#xO=Sa8#!$T!JHgvg~kXx?cN)6(je!G*%jNoJ{ub9?K#PgIlUlHLQ)5 z!>5C(1T8vfx^z5KaVhdJ8&CRA{!hPiES)%IwgNQ1ttfpDm0fS63%6`rmClVftT5=C7xe%qLStd5VD!m3zIqlgx6+ zm|%6%0a(Tx6a;L9RJneq^9zF$bfhkA?_i80$qbx{4h{~$(Tmc}QeKE@%c{QUI7WTh zWOm~wzo}d36!K}GlPrwI!9f>vRW6|HkJr)|rh9`?9LXxGXz$>lo1f1m2oE;};o%Yx z9%c}hK+&7kgk;I4r3{IUR(2cdnUV4k?7A2Hf+x5#cH>!2BpJ;@$1^DQ26{jr1wCMD z_Q3^KVF~ln;+V$C#H8+`lIM_d2UJ`%we&Ct_aym_13snX-W-ymUkxSbfs^d7yuV8* zLv-mv)eK_Okmfg>#i5c$2!AIykwy#UQLyiCVG?=j8;-Gmr9)<%vtP7>zJ34jt%OmJ z>Cp?&{h!1Ht{i}~tE)FxDrJz|k2-;o2{KIODCGOMu*oeS{(iT*(-)eRbY6D?roAHWU7@z-1Z zFZo%L|5IW4+U5VA9UML@@_$dh`u}d{S%Uwwv@R+*i4K{Qz!~zfA9}6Gf4X1?C~iak zyds3>c7%ri;ZvkagRZ*0?-mULB!f|PHoN_0T$@%iEd&Q8&cl8NLEn6`3!6yC-s0wC zUO`8SB2*r=M^?Wa(HTzE>EO1*;lvh!ZT*km@Il)$s1^*&#&E8T~8|N3EhCEmoI(IQCA4%OmvHd?W@n5%4wm5edqz+sq-B-B> z)%@};hA1rc);T5PTSURR3OZ$GNN1ChnRdZW9vbgR#`tj8IYmi?=;b_)RV`+eQoA*q zG0lq?wq(ZkSMJKgz3Oj|cdPbn$d+}WvRG*Az1Tt$JTa!lonfyN?RH~t0DFvjnZ0SL zhZg{*shBtCZQr|X++Q81YaP0_R|YEG5+L{n?ASKKRx`VDK8nL~RDjg!SoUIq5Jyjygl$VFLM3Wh^^uTF@HM~ZAw&| z&gm)jmTO^yl;O{>!JhUSqnKjNa-*A6gTxzv^H5+a;kq|E7Nx_0yM@Hri@4Q$+VA{~?p&Br1Eh zU_ne`VcoV}TW0w+wfD~x-UsrP40F0eC`jhB5u&?UsC#Xz0nT}rwTV-huq?q=o-{&c zfLCGHW$a|5?uJ?)4pgo~oN)C2vG=vjZQIVi@A)Zk>GarYP1>?!=Un%=cU&j^*VEMT zwVh=C)7(iR5|U6;1PhR|)h73|pTQFe@KKUw$2k>WWE>G(EEbE!?hgxKgep+?OD;GQ z=e}0=Z1UH75n2!L+~Fc|GXP%coIKt&vM-K~J2D~aau911A_xUr=ueAyUA9`UTBxbazt`0XRjpR|iK|$RFVPWwJJr{-1Oc(0 zB~GH283rhv!!YP}L+U>l&XB64NQv`=+mm&qaF)xmQB6CI zAY;PX+)JKkC29-GwfcE`0@~u@eQ@dK!VM5jJ$V=}Ee^sm4oei)^ZNA_V0aXx(BU88 zAr8a^Q@n|MI#q{_E5VqbJC|r!9N}lymfxzG@qXJ;Lf+ZPJJd7DbayVN{i`I+rvb#$ zA{sU*HK4KDP8$txk9b>Z)vMIfRE;6~1krwp-)vooGuK)D={k_Wi&%xf>|9^~Uf%PB5mzOtIQFVMgYcvN+U3772 z1DcN5t}$Zbh<4wYi}XEA@+Q&dPsDrmP22I`+|AMH6xva1Kb775LM2_-W1i|D1a&Gu ziPferpCu^p^@--@`494%tZ87E=#s5pyQrxC2O7kG*t4Mhmm0H}`R~Mk4qlYc zf85*KU+@2alxG3^|LQIg7gdhc1uhEBkk^|xnkm!9ctsJl6<&NRtci9%dC50ZL@5pt z_{9CNH~@$H;!ixe%7#OH2VAe|=(1CaV5+aH6Kryxb=EsnH{uLt#-(<`kajgdO(<4$ zA=Zk$Z@BMlHbnldfrwA~x?SLY=K}YmyL_WyF1TS9MKkbc1|vMgJTOTT(OBPkk0f};MD_CgikB5gSb~C{@0<#Mo;q`0 ztzQ>ru&jj^HCgW>%GMqscPgQAiSpN|i_M|5)JEe@&q6WvscF0#1w|L-R9>bmDa*W5 z=RIldDHoo5X}N_bbFdhdwv3q8QY#oXxp?fV<{diayk~m|)xN#=P^zW6>LGQK-(YKM zueg&+rMVL+o)F0`jgu@&u~!r_FCCK?{tQI+vA!vzdr}s3YG!7$-Lfvz;E7-EKTE^L ziA>)CC_&C59ek4&BAR#lsB34byDKPUc>?l#O=S$?es3XBd}-HDJPZ2&ax=gYQryA2ld{ltv@oBs>S16_&xDS!%d;`TIug_JS6wI z0ck_GUe+sQTImjR4_6^ad5eg;fi#-&nf(^Yo5h*B8oVS?aRNb`Ca8qI<068+Zu?6r~iSDdL(X_NYb_!BAcQj>5UdWU*aVuBaHPUDjr2 z9WvWv5V&f$YWU7RHMzWhx?i)Wde7|vH$w3!9lM~vEBcV|J`_0wb_8$z-I_e6hJHn3 zfoG}grtHbh{8TA$EAD0%`S4oCm;sg&uI_DPp+vc6Fv#m`OhExp?5F-ON$dxkTG=S+ zU7kAYzQ!nR1LTj6xC_SqjB*LPK6sC#2qZYT0Ygk#D))V(6j7BBsK#d~iAh#vp8!wf z7Zui$^DN(}mX4HehJeC2B$Hfll8o$5;DH|ri4cr!Qt!t|?AT4^jooZE84$TPHwWng zy{K_>O8p^09ATKn-f0GLSX@*oT^o%(v238Q^RE5rz^iOfcX+?a8~Smqj=7O{0IS<1 z)ed=4kv*EZ^7i@UAO~Fe}f)#gNo^p%f(wdkz45 zKDfxwHPB6+Vptv|h48q+EQTx7Ol$GjW3`okk@qPEXg*}2X#z~gfs1qu)dv~cF1H)0 zF`5fi6|8Oaz7HQnXeo(HwfF?Y=vI%Uszg=ysbR0~Q5JrT6o-7VY1t0RP*E{& zTftuE^k1EJ@`>?T&e_p1a9xmZ>r`X2^mAbf%9l{&FLY5&SXnWne18}Cs`+_gr2|^C zevvLpc^=JD95H`{(qGW*CrT#Vs+-quF&FqH({D^*MX=IT?K^#+Lu19F1h3k>X+ccW zwQXpvU3Sk)m_iY2MTFdB32>);`qrNM9H3iHSM_(#4>?I=OQ}(j>C&m(F!Qx}>6fh@ z+BvI~w(ha`yXItZ?R(W6!*N}>-5=a<*asJc1j%#Hl-bKCdHMcB?CNIf+S`s`P?^CE z{cLPOD_Yr5*4ViF2@DROqc|{IZnoRlomtv)hGIB~P-t%_)&uR>99>O&rJm_j%nM`K zme13v*F^1NYVql#bc7gP&4z1mRHMA+zP&Ol;!upGP6Vp9%B%LxyPD%<fPN2bWl2&k z^+}zr^U-Y@zoI+~Fs|6286rkx0s2%X$Ekr&JL3nXSo8+Q6?g7Bm~x zK;=uvfQ!aHT@Ih_ea|?#O*%HN@uMY}qvImY-~AA8)>7O&0w;8oO*l83=I5JWf*DiW zv6LD0ZNWc|*JB{P;t(;Twyg$#r)SPKQc#V~P6hNWeP+wF&S|K_g)NgZwZv7w1?EH7bE-c+2Lo8M0)T&G=$QV8KDsHAZx6ONzN#rL214>*HRZ*0bpPe@ZAE zp_T6c?)MMN_kZmjtk3^?oM-X#zsyryuB18uvFESWwkmxIc!6T$S$;fYfa+J{i~_~M zLhTuGrK$>uN4*d{iiID8xNp7mswZ)kS9H{|DV5L6J1p%QkJ~?LT_hEDv-*{KwT1o^ z3&B>AUTJAbPp)Pex#{_X`@uC&qA_ELu5V?~QqNgqYu1MS={*bD|Kc#51!jN_`@eg* z`=WgRV}Jj}+WtSrvylCdLqzix1-W38FVAQtX-lN8IZ6rGXDQW81@*yq(=1S}qGZ7< zYxvUw3@t2Qnne1IdF)o*?UCjuTmCeUeEtn5QLp~%Cv@`Cg5zH<1gv=f*Y4hKW&hXu z{@2HO78w8XFb^Ed`%=VK`jmhXkF|B=t1z8r3n2AJ!BZoYs&U^Qa_d9y)vw|kPyaZl zU1+G-K!~W$`m5(z)OSr@#nX3?>dUOrT|#K8ZZ($#K7T%bwsn&YP>@DKI2sf%()L@o z;+BGG1DI8ZvZyc`cm({xNX%{JvHQ2ce|%m-o&oat^Jf=)0t3j<;d9`LQ$fpk%8wb2 zLV)5am_jO7)MdUIl-qDRJF+Ac*^9boCNnR`1-rYZM9Kh{#2b+lnM7Cs6pa5Nt_a}n zuWGRIg;*gtg$(^v`BW@4c;&+c%XOG@MkBT2{J^FXTR^T=_@GzgAB+DM%NC7P8d9~= zVkQ=_x|%y>4|euk>soG}JthCQ&=9K-E&wLp8nv=*^q}wB*kV0cE9Rf{&EOCI;#p~B zF)yZiGq0(V!e`L&YSw5IxeJG)DMoT*4vJGu6*^9aVDlTcsUSswW1z3^f7ZSjTS7^< zG`w0cV{3@<;(E~zNNd;btAtW*YBM_6= zQ>Euox#qluQYzmKn)Pix6bXEbYNAzNIRR8PU*zQE?d9S5rVx}+- z!B&n;xO(G(3ydoqdg|2W@@)*CWZuV5I1Yj9(GMTO@1A{PW4L#4c;w0hnctsWo}Zon z>j+#Htp_1WQIMh#Y;hmlxGLiF=Og|LFZ20xZyP8dBhK$Wk_URq^q6P{DB{gTu}YzZ zQ-Z^)wAI~^iMXIrB!{ASiYbZZ#woEqqxl9RB^yMUzJy35@rrYrJXMRwYw?Vdj)7gQ z=Zya$&tmr9NM+mk7(m8g98%ad8FbkHgWdjN$^IYgzgVyTJ<79y{a0Ck2%PGUFH&ZT zE8`%Q*VI<7c$_CMvQVj$ z3JQv3Wn-m9Po?|LMM#z{Q3wZb8KM^y4e{MvWNy&RmmifV>Fi)LZ@37Ciu|=wopuVV za4QIvj>EI^-al~yb$J)5SYz$!mr5Y=P+EJpU?q!}mC>q2GN3EXZA^czQC_!;u>$z2 zzN^n=E*4rk(-x<);L$kM7#pFb zJ-@BSt#hd8lY?5!)fX@uoori(nqRPJXiPcnzo03{R(YST2DnR^2yG%%A-H6P){cI(+zEm{KW2;`$c`aj)#f)YDBtF#HYVkQIKY|b``D6kWsu$DND!Ap<{^-pJ@394PoOYA!$SCNR3ynRcj3$KK<%66N5&k ze(wCfJA7^b{t_h-4upy{HK$slO7)3`#N}RU42!LT&7rZ<5s!EAilbwT1G_bXNmEgl z*^FONxVi}0PK-3~ptN}CRTJD-4MJ#1SB1P%7^0kSZ#G|EAZA)0*BA?Kix3(HRkQZh zl%GQhi?1F)Om#f9OYENl4b!!f^M&e`MkN;y?Y}=auun4|WfC*Z9w4JWJs}yyIW~_#YIFzF$2E zq_pbkfIwzzn~@;N_C2v6v#JLIgsS3Q3=mS^uLKaXX*B>s?J$l_q5;O~1eHpSY6g{_ z8X)u%rf>jR`TJ1){8)g}71A3!s!)=A*GcIlOUJJYT`}n7deHzwiJxCJtJxxWiOEGr zEcyWGm&71U7M>(5rcB*G02Y%Un1k#-wdQoX!8mbvlilPJFAtB&m1eXjg~>6L&H>34 zW~mE|Qzhq6dRg9MDE0DVaaKAd<|9-HqOEKGMIoO`*mY)su2tH z`?A_$KK{fXqr6eheT*r9OpE)p$n!l2GkNT&4WUsZ6V3m+co#cMRk`w zJTCgBp_xZ{?t}k{qhIIP2-=nZb+BK~|9XDdU+@2XlxHdYZ+7*6U#}kcvrZEJ^01$1 z+ zmgWXAnq9YtgfJdvc-M$o<68E)2mX@~mX0Xu27x;A zzxsz2{O90sz5nlVo@MZ#3)%4x0RkC1^<zkOvtF~VSu4}0WX9O86@s` z3``BBT8Jo*F7xtc_|;97TYLR0D}auUI*eGUCA+A;wpw7tw1GKPG8!;y6e_YInPWa#O4ZSz{g1(7}wM~QRJ z2Po%O-olMz#kHQoN=CeKQfY62?M|11n1(x*YD*dQ80slCB}8{~d}UqFT&H_q3~TD1 zK^H?Jy6G7cofK5#Ro@FJXt|Q^gxUH?S)W|KRqj)RmwF7TXE&!Mo^GsTQNk;Rs*ENs zs4>fdRxO0?iCmeT^|awD4R%yq!Uema!L58iFl4pi!Q3r+5bIGCeVZ?cc3TkPD_4hR zi{1irj3pJ9(Z18E?xSkSxKXt$vrv7F4`4}5XLUJKV!OLvu@=|1XLZ)i6!e0Yu1vLq z)Qat$SzEHa$*YZRzhZT1Y*UBIG^j*U8s?@xw3YiZ`0+jPUy4FJ*F_K=`G1G|yXE`e zo*%65e|((BSq1>UI4GlKI?Tvo*Jb7Scu(&=8tePYkVrGJm3yCU+5W9tB7M)u>7ME`s zI?2-U;{B;qxSPj}p^Jssd=hBBaaCan@m;_tO zX8=DOgZ}g0+&xk2cHBe%Yv~zampSujqi#=MTMPJHJvkS;4ZatzK-~knP1w-BoUKLv8)l*4EE!o5$sA z^7Q0A$F;JlYeMzT<5D+(#F*@LE9*gy>#@4WIwjf@5nRV3MGD7;hvLuRB(iop7QtQv zo>I6Kjd)6Zy$p;{j3`V|xHJDYOLgsgSN*b>YMWvvgek1AqB-wj4!^#bs^k^XevXb= z0aLg3FdUC6;XcF#`r;CaUaE z^JymrgA7L@x8ey5Zr}(p-`N1yW6S`{l7!Hd0X9ZaBywKB1g60l$D?gPQ3O*wRnuni zJB&kT1H@<~v!u5qG@-Il!T;*{;7uIO0ExwyoF$MT3L+dM-|=5weZ1n6oU;K=g;s)h zr&l1vlsWzgr#s?b$-d(c{-QhLU;V>)w8Q_=|7Fv7ryw+d!A+Kk*oQga`s_AwzV!$2 z#`)GyCyDdz|93XPJ4i9f7&v?RiaCBl$sZ_49Uq4X?#ObK{Neah76Aqd`Sp+x?R-V3 z#608w^3}=9Utjr?aLGD4_J18z&j0SeIM`c{|3`T?z>heM;RNf^@EQ*&_gYT53OLRQ z`0ZyDP3)il-_|%y6Lz$-!)FGcjdwy4u$`17IAA-GEc#I?(FQNm6ZrRtk}TmSMJg7E z$Os2ufYMvU4US?&e&;*R#s;{4{r$^J$NByD-??Y)geXCAh~fYv<-PN{^+?eZ^Spvm zk3iqQ^Y3)l4PiJXban(Zryr2Xj{2KdCTa{w%t(YB&OgX&o`Edkj%r>^Fa{I+ zPFFnbJ2yBEj{pzh@#t5WI1`jY?mly#CC4=}6Mw<{VHQO)8B#21>#rs==^Fv}XB0&Q zyeBjYUCG481~`jTO2SO6LpYAG($W)2D4F6AF#xsDHJS&;C`u4z;C76IF$iGHeISAV zi=7Tr6p;kP=vH+I$hc=M)uEyQJv~c+35?+gQQvWXwEEMkK$!gBe#r(1CJ8I3-Kbyu z5KVWa&V(q5$ZW#BL+-6g^5VZ_2!v{$O8PhkL6or+QKdT<6p8qo;S@2)@c^%n#wbM$ z^!@(-{?73vfqj3^-~CR0!vjOaX^8(`B`Cl!0ys{x6tG~7CQ!WD0A~|8LYIW3g%VIS z!YrjT-e2h~K}UdzILHAYL@c0K1VcyQB?)fCnu{!MM0uDK<$+H`0v-%G0H8ZKNg{Lv zLh+T4iQ^aw-BHzLUQ$R;(&y@BQdWw;6OV9w=Qt@Gb&-{HQaCcn^!@&!-}gc^z%cgu zyBSFgqlmrtJ78$^ed|MS=A{f4>I7M$n2Qd6sXJuFTFSI}n|M@TMI6OA! zqI;oWw?Wa7p+za5vD?&HtB&mS4XZn(TsMFr*pdJ?fRKP-dP77sMzy)lzOoW~3bhqe zeMc)zSWG7fDa6fc>|~~>-=NvAFyU_0QJI$dJ@=?2%>)J9^4y@Au>4{o;BR81X8sb# zO-xAs$v^}>ZNiqmP0s2DFqz!|AP4t&A)V{;3!3GkLQVqN2sV?}$QCQ)wsI^%{g%J-Vu4-d4Vtyqcw<1t^H!)fKoyyW zpFa!vIUD9Wf)HzIMA?JCYczp(=8B>kVCQeHUtRg>U1|k6_gJyr-F@6O+ui;WtG4qV zLfe(8cklIE(Kly9ZjpwB27KluEMHSsJGI540Jm8tH$(nTKI+h2LTCyMGRM!h zcw88yk@#3Ip?Sj2B``qw=H5aVfJeX|jKrM1WA|@yA(C%s;b)hdH^|W8bKr$Nr%nX@ zr9{v-MbKZ32>K5of__;98cKMZj3^Abry@+qH35Bp*WY!V-`>RFoJ`SVfGFtiZ-c$v zz1?jYLQnTJDhzHR10n?B;n5Jsn2k|bg!m(zjiHg#WmP=X2{hsxy@m_}ZeY5~A0L(z~2Rgi|tugFFA z>dk9kS>^X*nC86SB8mW3kPcGouw^;?AII^)1w~TefwJY1|i&1QQ};R0O+lKr%V548DGsE7`u|fwx==(hX7wFtu7Qmy9XsX98X~F^VZ|y>rboLRC^*+7u3cve zYEYiDEQ`t|!H|*(fV^o^7fFotoTRZnHFCBEJvQbcL%f-SAvawxo&n5QhS>a7N*`T~ zBc-S;Kry74a09_@w(2Pbx|m;w1TkK{Hd%T+!g$6zvS6cVg@_YMgUxK395kG5*2cFj z3^kWfG(=Pzs^7?Phy~~8QFeo zy^2S&^K=_h0;c;)Ti!A>%pwrs_(q_o|E25Zby~oAnx%wd7_l9S7>TCH(OrNNG4ca4Ng^zxXFY2u629|qMSu)aCe^6dKT&G{90^Ak8Z|2O#M?EK|6Kv<%Acid_+&LEzMS>1Q85V9)Q zD3`=zaR4G1k1{wyU__>f#$q8G(Fta9nuKxaM0kQzWeh9L@xP))-1W15*3bG`;`#3Y P00960Z8Jg@0FDR%!_%6b diff --git a/helm/gen3-workflow/charts/funnel-0.1.71.tgz b/helm/gen3-workflow/charts/funnel-0.1.71.tgz new file mode 100644 index 0000000000000000000000000000000000000000..af5429d52706234f14af212598dada37e5419dfc GIT binary patch literal 86643 zcmV)qK$^cFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%ej7KkAU>b@6gX1Ou{=lJBz3dH{pXyOB_+|s7pcsLwB86FLW!{MI>!@YyU!#|*1nsKezSG zUeGvUi@y2ZL+HlhFx-#7j1PJ#5ecV-ZtoaL#F%9>wo^=|NTFD*JOFicnWCi<=)c>njdmmkP*T~k-PWtesljH3_tJxhxpX@_5E*MIwL}kkeK7W!=ur3h@T7x$=>kG$>ab} z2M1pc@nkqXz+YmV9)3BT?(L_Orz!dJVDRMd$>1QFrhEHOrw987>C*#paMYWToNz2j z>JzB_tHJ*0U@$t|ix2k?zZ~oxJbCipw*Ha#?R|aB{=dOlNyH~&09Nn+{ez?7UVZ;R z86JJ!{}1umM&Fea!gC^th(tjWI!(}+NJ;aV=y3vv;t4BrIYPr;k1p_xjB0e@ZzW#F zl=azMlu^PKMKqzTZ%$W)iZaVCSVoiO2pwm)cqw`a(VWT?mP<@?!i9o}&^Efr${Eek zc}^vAZ{eM#Oa+t>@C+f1&PoKLu!h955h{2zG{0MsQ=fz_7C28w=BL6SDZC$jTonCD zNwc(XTIl0a&Kak_8I(;qR!D=2DHu&?jyWZ|g2B(!xM5kjATQK-3%_Z<^N}v(-XgS6 zt%RCGJuPV!tp=7ZS*yKLu0~k2uC|tijO+Q5>K!ok9+1csMU+ALqd%e z%bz>wUFF>BQR`=>7`NpJ73CzONlX$R<6AZQm?v{8Ng_*5Mo37Ur#NG|>aZFxUEeU9 zBP4mLhk`REzZZm$5P5?aMOHn%z(Obv(0@~?V@gPpC!_{&iZh|>3i=xvq2V{Q*W(kM zsB#G>SQ67}ZyP*-!4ML9yl!C(Qu7Gwb%_HelOg6duu zbFv^DXTJ!^IBX{SGJ|$QFf}-PgM+8tfXv(8Hah-sjK)`EG}c}FS9D2cia}R>8t^oH=BnqZPk!-(thBUG@oC#2A|MyM1K!9qsEUQZByL-iDDHvS|lg(Up^qKANA zxnNw5(9^+SpvI<1^zSbRUk(!@42Ni zfYHE7LWFq1QZho91gAf8D#;6+FVzCdun;d{H;er!5i}BsT8^CEP{lVXsA4}(1Xa61 z@m6ltjdlAc3PQC4O&3nd6qlKFq#NzrQaMM@SSC-ODQcbJgro=_zEB(T^x5Oyc5fS9 z&50lgbAk#i1W6IiB}1>LG$W!ffFMK(%cpb(+`(&v^As&`N)W!mG*g=fNrvQ{pp+CD zTP{d0(GA7ubx?bO3k?8TjnE~TRvhJw%6T~fPO^=L_a_;f^cPsoY+r-xr@F&FZav){ zAeM+t0VkYDdP9*L|jA+-@no~pI!dSRZ45t^_}rjuPX!Rd_fU8tsJpX{P^nd1dh zFG+@lq{*&hmMy`o*ynD1R0m7B4v&l_INL>YsibYjcag|SzSu>@MC_s&rzy#2G$*@g zf%8(8RO@kqWisDI*X~&Fo#@6!{$c>u7TeW7n#brl4jyrLj?S9yR?V@Wuy~e#W z)gbH<%?L!E_z@}iz20*+n-Q*FZX@-b<};L$8+F{EluXLmE~5FA?IOZCQ>QPyH1D7m zz*oS8UaeH10?T=f&Zmeh3c1|XFV#j+eU~Ix1%*rr=W!1qR?4E3U(<|?(AHM3r_V}_ z(zi@VePSI+pDV!I7!RgkU!XJ3f?W5pcISwgkhcn zysN7VP06+tY1?XpcX@FVf>RYQFHTH7MFLGdb<|L7A#lG8*Q@@R>M-oHrE8-TJy;#rK6`GTeB zXfQAX7TayU$R0znXA0M2!wzf%kE9R(QV>2g&k(APemqHrd;2Yg_gV^18Jl3PN9R0G zvQm*dv~_}$If)cw%2_r-Ig4PCZ|S+46Pyx`XpX)ivj3b4srp>7To3_}U^MjhN^mk) zV>nqVdQ13%q!jZdGUu64BYH}O+G`3nG;C@9<;BTKMoBJp*VR0m$-!yLiBOH{)p@Lc z8$vQ?LXPywr|O+>lB#*enPx7Y{T_OUVVzXDepAwG}l|1{BbL%;j#qDK(Of#+1<7(b)b#tu0k(WcP|W zb4*L;r*0|XQnCeB8!*e3$Z5M&E9a;B=rJH17IUlygXD;&8G#O{9uYO;IEP|p_3t8T z)~uM95~b`m*Q+!dq6NXZTHk~dwQ6$awhS8Bm-+#s3m{jLWJ`pnlIW#1rCdmu@#ZGe zl*~$N(Bv@;n#LyVv*b%P^eIs?Ai7mM&Ph0MJ_n2^mAVV3WJ+^2IhU?1)t!fSGzBp; zg4hk=ihUBA6PS=WzM%|`>Pugk0y=r|y{MXu;ps_HiV*@r3MBaWMO9)KPJm~+;3Zys zGZ~>l?8=@}ag9WQ6Vg#d74Yh8qpx8?ZzJGokStX%E4 z@;h~-U|9xhIKg?MdO&A6&eUeTU|B}5>AWfY*wEo zRpkYKgCK3;FkLbshVu&yx8#zrn33 z=ZZ^G1S(@V75%b+fAxuXfjQ1Hl3j6}i>Z9w31cFM;HM$}_>PnsvXwDR&1C4=}FNpBu1d^JOGYs%|PX&6(6g{gnO@{qU z^};h)Dk4S}MF!+}hvr@SqsK@vO=6Vvrn$J3<&Pwq;~QAkS{srnX$pwTLSX{9kI+wl z)!c&JMpT5`3bqEY%<3qmxmA{Vv{xSyss>1DPV3_>sw>MWnQ;OIy_F(rtfmpI6r&B& zVv26(B-b+qER~gF6px#y2&6J4KPYKHNmp2_oy{R2)S1n4wMewkS)uY9;cQonT{z3o z0x!`dW68BbgeV*oR;n3|SS3AK>2*R75sF4oG1n~VDu&kzYA~bM1nAD_D z^^E2enWF9mwv;psJ2UAbZfO}zV& z`=;*O$f)Gt{(vay?*31ZZ?8^3YpA#GRmpRtgiD}HLSm_;R(00WjPMx!I48Ni1KG7~ zP^CU1qGBz-y*L4ol|(2Rn$kSA;vUGzoFE~~#Mjx=Q)qo5?VYl^q7th9@H~$}W^Kbvtgy#JT7IXdc;@KEQFB^MOKWFRq zkS<2nZOQd}Lj%e*+x*pVR22DF_pm`M*aca9rIzq)at~X>0#yW~g1Ty7)M)31wDSBk zn3mo*oTg`R@izLfx&EScroY%^p1;^&mQ^7)gPYF#7bq$SS`_p?=%L17{>zP>?{Ds7 zx((2&puZ6Z_0v!HI4k+$GadcI($RjnxyH|quTH*2QS>XDL?C)JcA6`a>#-iz9%}|? z-7a&*4L`DG>u#_I9Yn>MLuToe`9ProNYXY>rqWRA3J zz{D*3P|a@z%Hto$NSAJ0d|5d6y1`w0cJ=}5os#L6ZR@`% zy7+O;0En;!ptib=O37(eh1ybQCYms7YYk?uQJ|E1msSG-R-S=|w9lu?>fOlQZo8`oP;^OV9_Uj;#GajxEh$DQWyv++fngDH26H2{RXyLj&%N}W z-(2fvdZ<&<8itxze_@l8jNrU1s#kxw6Es*#YSrtTN6C;V@NKSEs4$w&9;ymB&GcPr z|AkG&N(f_Z+;VKR+@A8@Y!+jEK6`BJ z0PMRFdi!2)1eQ4^ZLPfb3RKgUqPgx>)*J5P%`IF|u-gq-L-XQ?#)FgK$)`|i8Uxi& zpv&C;h%1k-3yBsPal=z{ZU2fQlG%xqjgm6GO=dM zbkFyP`YIo;TE;Xb=qyk8QeRx}jK^n>k+4oL2#v>Q&ibPik}U{F7o6SDl%x*!HsZbs zv!XR%vW;N?!Is&MWgjlJWWN-I&q|t-zQ#l$QsH5n`i?9`JeP}1o0?QlJuwI<>x=RI zAoIPT`RuzF;|i6k`R`tg?O?;Tg=Rm9Gmy82z}A+((8I(95@j++SfCd)r_A1;pO9kS z+eY6gN=y^A%CtG=X=ov&?J>{tv|!Yn0{W4~MgQ`q*Subc@5s{HN$HzeZ$GrH=RfY< z>!-8{@2g|EH@>A)**-Ae3&ORoNU}JX-AQ7k%2KH*yg-_4|H;lRo_jCb;G5-)joL8O!bc* zy2@#8)A94&=7>zJXGu^^JC?vbRXNdRTi&l6-3`6-ejoo&gN(Dh=)Zh*bvBOW8+m_i ztn>fhdvZ|o|2-HUKKbnb`w*Wi<}C6<^GBKxeb!{lUB#2Cjit_yL}n-g#i|wt-@Zlh zCCLaDB(6ln_wSLCQ==*4x0t6$+$8_#JxZF-@os@eH$4&E4O*|#*M0%a45$*lniKC;~(@1 ztx8%J0=-i#ex9JCefUZj<8nHsZ_rk>g$yi`r|N4DkUP=(RP0*N48h+@oM{a#E($<9 z?)^wKY$z{P3#tnOO-O=EL6BgJKv@c%HHO=Y{{WX~Eq#Nv_l~tFdpTBRX+8rM<#F6Q zpCYb_o(7WWUtnSMqq2^eI0ED#3d4Ypn5S`kG%wsh)-(!O-VX^M2d-(lWJjW$W%62%N2(=vCraQ52u<=?L9q4ldH1<}B>EE%7G^XC+qKHG?t&1b17>q`hcj#{=lcd() zCX@xv@rORn z_6ASt{NIzq{m=a0Lwsucj!$sn?KVF;B)qaAjr!M%)CCf-}K_pJG z1bg~G9b*<)q*hqeB|Y|dnOS8RF6cL$m4z6gpSHICYQhHvUYe@dmh%%4Th+sYrS+fv zjLrNzjJI~t7I`B{u2z6pG4#K(iQh5x({@ZdYu!** zifoAz#yLqOXv6K`TtC>oz2()v(UP^0Z~qVC5gS=(T#Hmj=`u*S0-e>y%FrT+?ee$mv+bbfZF_o&F0g5lK$o;8fgS*MR zSx%A&Y1UM4Q_`Dt#FK3SDGHL9sKgmfFa%RY$m+{9h=pQ6{TQ`tp(1C7X&`u=RG%yW zwgEVVETTx8Zv^3wkr(N=UQd7S5boG-d8EFp!?*_NqAT{X`V@@&A&3ooZ&9{kRi6&L z679i@{cg1kjt%1Ae|(DxToirdp|8uviMXkiccvMu3fh3q=%+1k84@7gMv0O0%oOq& zh=aFtn!#lf`A;ZiNMwW*X#Z$1_)idmz}4}rcJAEMhWU>Etf}9NqA1vtZaW%w;S=md zyK2J?wRX9CODIAGXObl>8=k6jpAqRTuFlS$*umSZyLRk1>8%CUSWF}I zE&@c=lih2w+|}xz-EYpWb}zoa+C4pces*=HO{#QdRcdI84R_%`cs*rIz1lOc_I8K6 z1M_Nv0rtLmwZA)1|JhpR?SXlFpsJaQI4kB@y*xB851~O_bwVV(J2LN%phf*|h8GKX z`NX_@0#NnKlw`W*Q}gmEAT;c~efyb9`}_Yi_`lYmJ0I7^I{U9D4g0U7qodFHA0Fgm zLby>8gkv=>IYC+g8!g;MOE+apVSTBr%L>iWYhz03`PsMy6*<=(6Am1l9lStLi8c7h z$!$gFwG#|Z=Gtj%N4EmrR9-WE>-RQeuOG(-W!*mr9V8hNWueX;R1glNUBe3;>x79z zJKpy#ydTFOd=!PYxEmcqsE3d{ikc>;a2CCNi)4|ZofrZ*#@`T$wz>khZ#_madIw?B za)}Ns-R|1|p3&|{6M!}Q|M1CCeg8ihewP0p=JSElou^MSW;gEsJXot+T9n&xz54N;=KI{mXC0xT3wB9z zQF3s^%9aqyxL_%`ZB@l>1XV>9^&N-}rdmNCmt2W*1IzVqqn8W_o&jfrv6i`{89-uL zszWCWV*w`#U(g)u%e1w!ZrgY^&2*}9J<>CGHwk#tNqcHllnCKGXVSPpIylLkB-f%` z7?b?KoMi`Wr_dL%^=FKqVL`x+XRDoiF{DptAQR=HYTRo{I}`XT+gb9oRQ2Wfrb)}j z8d|4cwwnp$@;FS6R26PZnxsK!E2Yh#R6?r4t-gI#Ehpx0`L&$>VN2D6@96#ek@_L= z484E9wMxODidD&${1(rrFPXgHM37w88nmNhWcTo8BSTX#6s=WM*A*hZkycon)T?wp zRCr-N6X6?BAhcuDEPUVS_zIY?M3-tt)s*Z%@FJ_#uJ-D1a0d)XeiObR`At`Qs_Y$_ zS^r>_Ld^x|v>$&h2ivB~Y-U$?@LDbPcXjL7z?gC6HfZSCT2`^b`jJNXQT?$daE-^j z%p1>aJe9_a)y__S@rLn(eeCC$^7>Mg0c+r@$Ijn4Da!gDsPajzu4bTXFsDnXkRbC{kYeFs$e^zixb0WkAXA=^lqtN(<$oeo9 zTE{vkIFs|=>Mz^TD+s479qX(V&QsfdOt@M1dOvt8O7JzhnsXxNEK5gd7`!*$;of_{ zenxM|gZFQ5b^i|Ufd3{$*etu1w76aO+zCb0xjLW!ZaNn$!QYEs zylej(`_+3P18eQS26g|xql4jR|Gx+MthWDJch_i5le!h3D+S=S21+X|0`8~6At^1Y;VtW!I%n*9OIt}fCbO>nv8>>&by{#b zpGhf}6ZXbwjjUbJBUSW~HSIB`K#$h;+Sd_T=?QKa-@gZ7oIs#gs{wjRZV3Ow(7nd~ z*8zDS^8SCgH{5I7{~vzl{~qMidjD^>k_$HJ(lYsO??LYL555^U%gr@$=gaZl+qcyP zc*Z972HXHHZp;->d@M9N)g}0zCNpaxBx^vd0q`rEd>{ZDefJ|kw1{(e2jZN8Kdh?n zN7N1B_udKrZ+;B@kJZUaXF22K{@Ylu|2wSF|GlH5z0dUjAwCcQQxcv-c2T_oAmtL8 zlr&2r5iCxw@r;Pr8dDhyDuKkDWEq;N?G6?PG@tDvPBJX%4FTo5_Z;VGZyV)grel}y z6p)M2B-%s&^f*SZoJoa72^EB+jOHZn#i!$6#*%TObEhp>j(#{9qm**di)U2!;jc!& z7f*iUefVo1%x8V|$Nm&IdA|ZQ!O3-5==i$5KgZ&>=>0jK;OpL>W4Tb@8K<+}pZ|Mr z8~uPeWu-vpr)Q!U7dnk&FQzHMeO;WhUwiS5NLWhxe-9+h?ElNN#= z?=TwfMZ<$N4ONvQsG}-H!-KW$^?JuhGL~JNWS%J%lG6#KHU+Cv6SSS>=>Pn$|M`Fa z_y6eiwzttG`CCajf$#yn-aB+z863PrCM=eVbJTn1M?!xW{G-10-npR95R*y76Do7O zpb+!fd`Iulg5@)oPS86v+>gJE570ZnMT@Npi|>ePUJW^Vhfa-ogZd^CPIa7Yi%b)X zAY8k`$);6_8+jDaJ2YV|L+{XQ$xHGYy+bId5hf3Lht!bfidlSJ&;QX{S0@AMs-}~A zG%M=fdv#jMgsB~Z(!+shtuSkJp{1A!UEWp9gzb)9wDgt8HcMAw)q&ww4ZR)?R@K-L zAsdm|n^6eO+$=dBpT)H}=4+v=Iy(4xS5ciJI|j?Ypva1B*i~(tfi7Y9cn*80Ht$>!&tJh&mh1CndRS1%Vw{5wqj!E7fds($US z=%z4U;qL{I)YZU)K=_-k&#=LJjkH@bG|Bl^3VB4=T81P-ym`F z&-wbS$v@{Cq)h%fUy(2Q=X~>I$?LaABTw>&Z;`G9$se;(+A|}s*ek&M`HQ`=v{of+qieQEJ0o7-P_}eC z=VjdTo5jtRj#Hakv9`DUiL`YT@6}{|8%?N{8lRtbjR3s9bY|v2jGdr1=qhFi<2y9X z7+zgeljZJ`uIo(}FF3lPuy&JcuJl81d@i1iH)jY`;Z1jtD!T!5+03PGAFg3A*Je@Q zfTwItp#BleWg~O?M=_Vpl<5!1T>8_uiY8oMoSbBoO@j!V%WKp!w{Bnzr8{cUJ4bG|RT^EFZRZ|1q0Zu{tL> znUk(PYl^FK7mU}=FUZZ(D9VI(Y$-W!L5y-+(f8rWgMR>eP}~{G;eoOG5DnBv9eRuOd;9IWIP8@KzTJ zGu&0%)n&S?m0zoA(Z$;Nn|k9_>b=$FY{tG#O09=xlLvN{(j031oZuT`)^lfXZCN(E z!ZcIk=u4qGT6k8kDt*cTY ziW?XdnD~;SZ$p0)zB$;vI@s=XdH~;q09)UHc4iM?ZxUp0J>aHzuyNJES>6MnJ&4!W z*N)15%RCycujYFms^2aa-^N3K_cppl$z)Ni1H9YFaQ}LB!wIfnX!GP47sYDU#au0P z6^t5J53T}F=2VhImb^9wLgGBd8Oupaty0colRUqR=?Thm#^i<~aid=Ij-j(o0wy)j zR}NbDSl9`hQ6cNorL$niB;hf>70tRXRYO8r1|~dH+Uf{>viLmVH?(TTcZ}*7Zxejx z#He%{1h>@(y~c$O28*rk3Z$5m1>rdR#im~ls_zXBp1zKpazhLr-J{W_klXu29} z5Ir33t!c6i(^@TSYCo5z~qESj}`vT)shSg(PWRrev}9riKL|ltUIHuJ5klU)}XDCa(dIa7`zpc*l$9I zl-+`|yk0@<$BCejM?7JRX2q5*GYDo#ingogQbYs`=^sX$9y%)nS9F8xx}R=M4craJ zgqd9dX%!yBk2_22ur@w3O%MRhM;Uwk4M(IE$VUw(pl;Jmcd6~Yq8s+I7v1U8J1!-g zk(_Xdu?0!lbrwJCr+`YK8vJQavPG1#M4+2tJUoc^Doe5%mGcr#ynfF3Eo14geOJ71 zvO|i#srUE~Y7Ali2Vg{r7%6!D7ynp5`082ha`0 zGNYDl+Q#X}Gb-<1%L;%{n=eo_)q%>5Ep3t-t6KCg|Ds2BPLgX@N;D-{G5S^thWAXH z+N0R~f>exIhT@+3eB${x``T$%TJ-zYwWCgXjb+{mhb zM+jtAXy+_X3r2G}LW(CZMRZGqjP_y-#nYq|K~wI+vp05Yh;bP0zYoZ0a^uw z{tKJ5MuL9r-KM>M|31=B{=z2aLEWX>ysh@4E!CCq$1Y2FVQ*UNEk|LSHY$XFNfHFY z@n1me-gQY((7#4$35o1S0^UZxRhn>5Ems+)+y*%j?uGj{`aFpWmPRg;MIQ@6XSsSP zBCsgwZ);spgrTIIV;Rke6p=9Z{Anav1av)_GeL5w<{|{Xu0@0!>y_)+J>pU5~TMdCdlY_q!vk(6{-f~`t>XGs}@psIwgr&%xCbu9y!+q^m_ju zhTL1v=>7Y*Z{Y&HQKLfFM7MnZUe+IJNR5&$Q13XkW0I7d%BA82$s76cTSpjx@QA#T z{cS;HB;2R@{UXG!>O<{CwG5`h_khZmZoax7l3Q!ri>ezt%xf-H0`#rE5w)ZoIJv18NQK9JNLg zX`Dx{<3_5`1AT8p4VG8NyIV(0q1Exh?i1YL9uR5h1C#_~E2Z&djMp(>J^53o6M14xJygmN+O| zTM`DH=W?sY*2W_AP*pohYgv*NVG5b3VZJ71xr+VE;72`Zf;j#xQkuyV>h1 zqrD!#lMK^^zv3Xp{mYh(Roo;k5Zfrh@6FSG{%rmU;E3)bH@zdko$REFfWKps?NSp!fPJQkS@ASJls??G}=D}utgH>@iJ3{bX$q8Xn}J) z1Aayk!37lp4Ct42M+C^J4BGo?`74YvZ zK-fiFI`xnGR@g@=$%rIdf4xJieIcn;4X*V{%HEbZtk+ED;)el;ajKCUCu z#6cCiYtOs7*$&^p3W%_#z85(G>enuB+v|o-fl%+|21()@*U1~_SO{rLSH)U{0IeQ+*|?agrSIs9 zk6^SjE3R-h1+d~mr=|+>e)f=mb+ZohmTQw{ip$mIBW(xKxMF#==6WSSs(SoG^Ae>? z{dKnDa;ABiR9&B#B8^ww7cT7>tek{xo4fljY|=w03=}a!?^Yy~Zp5-~WRnK?jsWNu z>M=uBx6u;ry1kW)AKWEu51}ep$3|Un5y87)pM=0q?g%|u3BI$%SHH=v3g7*GP#I!n z+7QcYGzf44HLDONZ3VpmCknK7U{|26!+V%vwC)YBlZ9G8`u4Kc$zGQ=zVWR^t>3&Z zS$F0S(62fCOIc`#f7J;W7-3{qr3f#_rAG=s1Ls|s_7 zRA5T$paH9jr#cdW8X|obj?AfO?r&YannO1<;CX_#mGvFPp?u(%-c}=YT(@%t+lEX-XS6mw(Iy^SYZVu) zO%re93g24P`N@L<1W&JV#R)m?)0bT#*rR!0@tZY)wOOcxL9NeDgtoToB_Oh7s5|f? zPAa?uw}K`*?zL?rB*-BF_B{|lur_%-oJ0UA9zD&-noOy_daL`80!M{x$e@cwAEUvOlhu$AaUkBW=m@5fA2Z> z@1HjC{~8`P^uLFDpYy*x$mgyJXt&Wzrr1}=)dQElG@sSA8gs(QF3On%n?}k>iX^jk z2RXR~EdpXZxK08C?^ma=;`Ow=Z)ioF}L8PK45OE>3sgGbVjxS%rR)1{?&N*JF7soueFdFGF z$+ZYwz(Cm&VV*lH*9H*N0?BKB5^n4vx-Bd$04)pY~5c|7%L#`)Xqi{XZHG>;7K{hfj_^)BlI~e7wKcN4t0FRp&@( zL_27xB2rpfMmoThO+?r8?W9+5V`pz9$ENBBUTEFH0qQQGAJk*bpHubm=Vis*Y%o8c zec?X)!hQCI`|Jz%*%!_Y$%i?+t?{Azcwacn?!Um-1Oz4>0rg*z#IwpwdXf=W<72(& zAf0~Ts>;Vc)AkUm0{0r^A{4~z?KKJJ zrFOlt%*`cH3|P;cNv{e|@QD!4GIkqjr>o!*yCM8mHDaD}xa0at4}re$s?LB2vh+j? zmXfaqPYw^QmcyP0_7cpmAp}AAR*bF}qIwctF9d`Eqp4}CS+%YfMko=~T*N{s;Sma> z0r#qt@mrjy8BqlwfN}eYri&g+lONliraJnV&l&40LH{gl%Zm`OJgtcnD!IglAr9(P z!HIQu)$AI_jZH2By7ocR(*NIkkFWZ))Bofl^}mCoM*OdXqv644`u`9gYZBgfmfIIU zob)z26@Z7_;Am*u5}(l1>!VMP4Nixecvu$<-HD?PoSr3q?cDY6OfSs-hv?U$Zw!9= zC+g>e-TxmB59{~;`$wPe{~zR2yHrlFBr{MNdNg$O8uXpa6ee)TfS=rutpOLPY57#-`&a*`sE;0#Y_M&%M>6U^ys9u``#JxFFBiIt6+6;)@#gY@! zUtpTM7iM4gXrhM1Lh#2K3qd4=Vo0tlIzSgQ`#pkJ(ca$R&EEb&T;#LfHCf&=p2FYRZ}TTh@z^F%j%VHb;sevihNV*Hh>^ou*wZ&)npfJlmk>JzdS>;%IcVvZ_<2 zt{Auqg0+cceAaX8Znz(R86W(i8NH6rD*B(Xw?F)nOb2-H@afT{=aP1e(AM5yZ$BFBN5lQAy}i-?-e~_Q{_~grE2S1AMl((SH^M%mC0g8Jpk? z6`11%k%Wuh_O^X^%93ls%{5_I;sP84z}}M}ImZ&oITh%ZW*K5PgmaqucZ^l#T}1OF zD^tbx_;hI3-9T!?(NgI8GmQ!?PSx;9$vMd-!Z(;^c#^pi9mtOKlS`9dZnwI#)CTGT zI5l5z>}_xNR7?LEfEe&`0Ht++Yzn)Mx_*;kb(i~22b;WO zVlXS&9ckfxM?7wVax(cVJ8iH0`E#!Uq?Liy)Mac*QZ!jYF`y;8Xi`d);2cpYNH#?i zVi!Y7a$8g8iW7p$T#YgTyKP0_aGGkm`pB#LNXfK}r-b_yw-VRTBUlj;DCG!$ zgal1Vg1KrDB-o{50JV{LN=2e(7^Zyg))Fc>U0}XM1xr;mQO*=|s3wRC+bTwL%+n}g zslm43B&7*t_(oSJ7pP!dLW>Hrh3HyfDcYG6P87ub!C)}lMai5oLC}(w9I@LR$R32a z^EI46E&}HV{ixDz!cVK>v@)@2-+yUznsQF8`&{I&Yba+mo8~8|H{;N%D`AU*RcFvQc3joiL3i%MomeRb@kg8VYI!tEnTG1sQ1{Ct1NV zHdDMo#p&o;D5DeWgyhPhYqE^d`4mA0OBA84a02H{C^?vHDe_Ya0%VTHB=%bxxgWLZ z|BdB>0B>ugO}J`gdcRvmiD&IK)QcUuSd^Oo zP}l+$;zYAlDM=qUplO{~J3#Z!OwcV}TFn^7aU91+mbRia71adnDrQv>x!WRGOFU~} z;U&p$#YDYF1r%tlYvt2%K@vJ$B0Y`KT?AA!9Ar|?z^79($OWf5vScN?1y4h`LXiv! zLJZqWbGRgd<){cTo5AAqG8I};&@3&=YMRQr_TFR&gnOwdB@>GCXgG}cK@TCTp|oP9 z?JurdH0#&F@@_H2F9qSztfVRFLw(WTE;xzQh|+u(>1TF3`bi1Tr!Sej;6&K%inLV` zaMZ#gWd>Qv2zA-j2*Y;X7NwAi!Yy!K0u1deliIcCn9_K&j;;1EP(9I|Q#|nvmc*@; zzJ^cYnW65*he+y0Lr90de$=8epkaaf=a)TfZEz(BhXH@s6vocIK|4&&mB=*5x#bof zgSg+~nW7e`~ z)HKFcZK6&)z4Q9Al#ElH^)XX?2cS#IIjf+P6W4#)*K zX#-Z6mn~iVz}wSpL8MgFPYK1UjR>eD&eO;?7O^~Y@mY(SE$=|ny3fkU7ENv0zIcfs-+%atW`9YHm9Xinke3k;><*MZo;)A zSHZ2GSoKKIk{}XciC%|Ty>3Ew16aqndT|%5dkDGK4C!{5n%@p^McUhj5S^Y~T%MgA zU!9$ffST0%VhKw3Xmx;a2(18Nk?a8B`VfNfdT*9+5w7Ue#YeIWJlL(82#<+WGOGH& z5-VYXLpp+-HrQ$GI;m(t+3jBQ8*0aeyrGc&*F^ICW7k?^X|iI@mY-LdHudim<=Y=nMP{ipJg-T+!@NNy-AJ>FU~ z^>mgqPSV&>)KPYNLaP@p_{nXKf$Xh~k&|5hv&1#OZK({2z)W5bI zbPy#F?@|*tsJVfps_??4WZ&5Pa%8_DY`62tvA*vj*)$S#mXj1EgiAVAOR8!m0Ml|j z!4Pb)G}J)&@EZ#v!I66J&uoI%O(>OG9x{@?ZBY|!mam#jfO(vzHmJbKv5#M)j|n~@ zT(%cZ(T>`~M+b=Hpt^qCQeExduo^PFGP)+qb_igSr`k0b0~GVUVurLxAGTM${lM9I zt)QsU-$n2>(NmLP`1UxqZEi9vexG5z89NR|xFBYaMG>7GTfjQRP203p^sBAo)!SOf zg@3;i41xIAF{m}<&_WT~S{P|28f>*b9&Y^(BWX|CIq1IHhEc!yJcMh95c3I@gtv{M zdG!ys0X;R~%Nfnz80}xZ`!!|Wc}``erF0zzgv+9?qw50ZRD2tPv*kMgN<7;P(nhMl z_BM>tZ=+^Dor16(H&0Et5q`efup6SK7TqB4s#R=q9FpVHTt^v#Q(WtL(p;F@l0nx` zj(5QfMX>CKpf`tuFM*pyRESa=vJ@<}JXT;AVtqT>w2kfh#$0U%$>RQ3Nsxeq4R@b<7`f?l} zZH>^@7mMXDb0*|g@ahS?lEgj-?$LwO5K`58ge$1yEMvDqD;~A1Av2+Gr*7vonIoa2 z>rIFj<3Ki3MX0dMJlbK#nH0SSr_rnDV@34~PNsyLA111z`sLU})yfD}Z#0Im0bOR| z%4W-YEP(`&(FK)l>XOy^?L?;uiri(b(e(bPdZ$;KBaU!ytH#Cddvmi|UG$m@w2a^z zL)qXyH(|L*l(eQ{Cv!%P{h1nGg-xt2UT`KDqPbezf(Vq%ah~XZ6}{mlsC`L(LpjUA zTSFha8I>|4w(ka+T_nn6t`K-ZbE-xGZhe=mL@7hJI1l>bRdc2`fZdd-2{f@Sw^2rO zRR*WOstqaUWT9HfNkW9ce7Orlz{!H$5Tm`}*%D1ShT)ki8Szo&c=jl6tidYshn~?o z`L)K=k<3J->9AW6{u*cn=~m1gfZ95hk|A)L+ulZJZ}6hXDgj2L;gJD|t}+}97S$sg zI%T-`6uj#kH87RY+xIo_6~NF_@6Ii_>Y<&3q9Ml_g@vb%qUz!mULmaCsTv!F=+d|B zBFc$03FZ4ZO(T*+Ec-|@ptwXPkpeFwwUXg$WLkoI0S~L1kw~TNXtulAMsxSDsq)fC(kDYaEN`uxj=^8ls)4=& z1xe6J*A1gR@r?hV&iTd75gOl8namYk(GUBUb%(c&oB76_(ubtNmKTJdKI=yQG%WX!-Eb%tgo8O%FGRZgwrIQ*k}S}3HVZQb-y5

+SB_ccgOydU zP}CAP{{$qRp{J!-li#Ur7s3p?=kdW{t_xEP%Wwy4{n^yKRHd!|{{Y88IKPT$ghN_y zFSR_RY)KoHrn{496ylR=IF$VeGs&q)zejM28J#OT-uUp!^b2 z_~Dn_eY1i}y@DT>fmA1Aoxun>zM=Jy*4;>CF*4x{8ItLx{MVMTv5EPZENK^B{{%w1 zY*b}CLwR4GHq$sD!$8PmUm{mq|Mx=+$8zm2Ek8 z6rm3E?Z}|6_wZO7;6SJY{X9%_Vcs4Z_*I-eK+tXs^!YH&`8_{0&1l2%BW$egED8aX z@3oY=#m;gVy~=3Fx_O59648*$s)8cafnF=7IX$YIb6o*JG$hc2#Wc5hKNbab!Ih;5 zb)YwkX|CF*#U>wXK4rI-BGiGNEvC86`?mzGkU%dN)11v=Y|P&!4C(-nmrAHN;rmi{ zeJMg6=>1ZFdUGx?VPhTW3FCu$BknLOL+$g5sfM~`*BB5cfrWX<6rh&tdSkva%_n-G zw~PNOij>)11}>>xHrb*BcFWRo#I1V~% zKwWUg2!Pt>jboat@X0BR{hCjZ{yM}n$28}zkPW!!fS?r;=%r(tEBfk`r1LhO<`oj? zv16JOqF)ixR^4_$&{zk0@0jK)eR!tsCBa&LJR$m!AWt3_YQH~EYk)UH9q83#n)4_3 zZqc}t${JbX-ZoA>hxTGxTzKBl?N`}_c(0cbtc)h58Yxy}3k=oPXI)Yay| zy1C8!0s)@^b3N46ropRlWML{$q(96g)w|QTqAQ}?r zab%j?yx$QBv3m;iJ~GX1-Ulg&h6H*dndUa{j}){U1HF<=bDQ@~T7Ik>*pRLGDFtz= zf!<1{xy}151<{Z|&n44bi2u^s@?(J980N)P3AN9cXFhOs)V}i*HjRQR{*;i z>Ok)%)7)_sl^mP29Zmt-T=lnfs_kYyU!bRx4Rx5m(;6D=K+CvhuP4*o+P+WTHD5q! zDX2rN5ZCa73b*76xC0CGhBD2q;uE#>T50B<0zIQlbG80a)1sm0iat`!r%a%iR0egO zuaqC^<^81sZj&F) zB=`Zh|I4Mizn&tHLhS~q$J1C)%IYWrkne%AQ$&PsZV*KYFS1$6O``8YU6sk+w?di| z+6$;zKvH{7GRScPB6Mf_A~a3Wa=YG za!JVy@hO@!xua=o3G7V2Rat}01~FLFqzkrME09hf^czSVT%9Yp3JXt?;MK5bFBGena{1MvZ;g2qZ#$kfPAaotq=#5R0I zrI4|ELTe8U7YkG4bHXAd9)OF5(qSv7f32?G5FX)JghY_oQs4+57J>UBB%;KY0!gfa zMTlK-jXAN8=B}L{z`~*;`*k%I)po}9=Ea*sBpeIJ?zqzEPJA?~EDLJ0t2dOw`vDC9 z^YNj_V5x*fh^$%`_AE@!%=oK2*fSwZL#bk900OR+G%HDh;d5cIsBb6Yao_hC_qL>(4>L%J=Q@%ymwSOGR;;WwlJ@53UHMuqqTY{?D4hehD-4)G7zl3PG~Sa^xl zmfQq}Guq8JG9~ObT zJH-EBOKt}~ECP3Th(E%X+z@bY3RyR8(CotnzvLcRv~Q#_v9uwe%1Jdtr~ zam(fv;rAB>EO5dRy@T=4ZS7pY29Rq!GKHG5Wgj6m8S8}^FJtlKpfa~_4HgO%eaPkV zg}I%SSGoEGR1s1YPAbHss4C`0UTe35#cFdwk+hz~$;9D6uGDK4qFF_iPSaS1?qhJ4 z#)z2!ux5L#ZD_QVZm@ubdVS^M@?gx9!jZwr1Tl_DvJN&YW8n>#EW-fFaH}a~3|#1N z&Qr*xb%cq?RZvCagmDUl>%HME$wFw(F3}BIWYHx-YT8%%9NJ*g8w~~ zfJ?>*n4+7BL043-`&>d+^QoBzMgM!ltd}PEks>h?Y#Iq8A%`ub8$V@ zsetqyhBBZgiMBtX6U4Ji3{J!v1CYs&eQ1OsjZr3*8%?1AlK5jYnGEONV2Ygu_iwTrzyhDjE1kC75W#+e|(Y)tMD zRYbr-u^EfNeNn(7fCE9aJOSqJ*gDG9RBa$*NB|a809EG96|5@Mp$2acjHhUPYa+mk zg#;6TKFD)p9oQW#>duRfp*aYSrxvkMY^c1N>-8Ao;1(@jNHE{+Wq2# zU^qqb%p4BGKKOx9gUep0GaL@bBw-{*9lIQuEqW9wTekn{2%uDdaL%WFN(jHyhCeTq z1(vY`+LHy0ZPSa{q9^`VZ%rBT)-4}F4o8s5^5$>dt%M^b#x7C7+v&(OXCrclG9wp; zIP*Cw52=h(2ghUS#gdsTiE(iuANH+n887w#)*hjV0Vo8WB!V;o8F&IONfsk8)MyU( z@~hLVr=f+dC@>{p3K@V}HYWh)ZRX9HSHpg%^B3^?&Gp$4cq5KaN&LoBNV#AoRaPOf zVzK<45Drqp7#^t%J>w}%Cd$N6us?V#jS0TXx*t;%p@d@?vpvA(BaXGif4UrZMV&w*6l_$7n~C|j zsFnK=Bel3Jf}rNuSil?7ohqM#NbvnJGMmZlS&7OD8?bkyd+smbEcS1Szko-Nu5tS4 z(GmEK%q2W#c#N?A&T8cM9qY$#r}ND>IyH+)^&kdZgQ8wUh(jDR8e0g+xICi5lJVt z{$BxmLlK*1VD`az0tk&1JB~h}@th;Wl8gF#fZr29Qe{ddWT=b?9CbQ9TY#V0hpgx` z8VytibIgZBnCgvM~Eg!936%9V`68EmNR73<}zrG7ADHB zr~j-e3y?l|tt`!<=8Ma=6Wur6fv*}RMfMNgdY^Ybu zRhC)hD0hZ-R)k8;azn`skU3`t1TBYlI`%Zd6U`0cN31yJI(C7h4gfvLa2wJaQ1{a{4RACt(=tWoZPZ0r(RDgf-N~Y;3y*J6rG;&xjA~6TQ zFa!oVZjM|c=VFlZ*gu`l`Hh?HE<0$%T2By)l-?*i;Kc6OF)X1~)97aj1u>aS)Q(WL zsA4ww6fF!l6iLb$*#tF@?W2~MP00p$hGR&@5UZt9j76lIRSCihRN4-6l($*fVYM3! zCpU!7)Ju}=$x$?03y_;VhX{y|3W9gc9`*vr8`+Y&!=C8NVU^@s0GGLYckS`r!ojT^ zhZrXmd8IEITB1a-7?6h*@`W;x0TeW+lfj^mEH!&G6$S}{cbB>NpduLM80CZ8$3%|3 zz-Ww8&h~YPlKouz=xOO=e;1fzG$u-(kOzVZhJab7z|esk76SUQ`7XJCafsq%(w93< zkP4JY*%MJkQkXi!?g_oky=Y2;&>o;>;R+V@9j9b2D94l#$sJ7Q;$)PmM@n_W7Tpc} z$9|#J;_sdnDIgyswaNs+(e&8TKuH}-r*q=}P^1e+j`CfrjTZI}cU3txJG}A?wG=o+ zaMl`j0oPia)D|*HvOj02mjm0AXqzF^);5E|#s2lhK&W&GVDSPr#xg*M*oCrdosP-<-aDfA+WQtK;`STpa&6 z(7d1da&mEg_WIf_kh@TLkGMU+$ppz5Tk&SFx)5~3q%3j z<1x$lrvc(lDm7zf_5e6y@z)?WGB-~MK$k;=wphwb*k4>*a+=)w`1 zyC9f__Rf-IoN)^yweAU~5+wCf67|GN-2cY()`LmZb5gR2p*dFGoH_61a$Z`rVJa`H zeY#``nRH`&>X+UAUbY`{l=Hx2`gnSmABMA;jk52&6qDsUD^*>CDn@MAsDW}8Fk8`L z>dN`}_VN$qly_3rm*2|?&#c*3d?L7Z34Ethw;-nEUS=LdFjjk5;bM+4ieh;baso7i z@g0-eL4}|sR`1kZjqmWP*;EshAPQrnC9r)9;FisBZ-sXbmx4E z5^gk-SQA#IDE*Fs1PNgV(uLVna`;Qi?IGBKF(c-S5`6}U|BM#HAW?KzmomV)R-*f^ zDN}wKtJwQ^(FebZ>SEa&wVyt|B=SL`3t4R$7(o{^~aa7iU znnIQiw4n5?ypDKxc{~{W`sV8Ncd%oZvFGl^yQ{Oyi}RD?!P)iCXTSZvYgDMO2}ehA zFoZxP*T#IrIOay3l*Vw3rX-GpIAV1rP%Jc>AA4GBOh)p&%%m(wyDFzlp9j|j96s(J z^bhnwFoS=Wt40k3MM^i%(4E*Mrghn9erhB#CMp9n%;XBaK~StmwkHZ^DwvUgLMA-V zfTc(W@?`Q#MZ;<&2)(oO;1hyQ-`t=v&(lnHIz2FCI+5(P^bEwZiWobo)*rfAX@|0c z<%FjzsM`>AQ{#)GWLHbHa;37WDd1K&+6|@6>em8MC|eugNwiHzaNMUPzj-XQr@qTi z9#A~ZJ1r2tJVaTv>$>#d2j2~GjY01KoYzDNnU!5>hxThmSXDm|<#ZD7;s z*tdH?l68fnBe|L=A1Fmhgp#p5ATS3Bx)&QmZpA(DOzcgwRS(rxJ=YshtLyiavc3>a z1&roN6e};?6dH$8Y@eIp9_H5y@_Nv|1d#S*djQ>`#Jci>nno!7|DNQLG=C086hSFz z>dOJJBbBSegZ|-R|8GM%bO-$>2mQYdcl#Yp+JzX)H9g3Qz1GW0Eq%&3MQ|q0l)np} z9&+&C9{wmrbW9Rx$o6|P5c|4a_LqDh57a=udy|0I9h$dgP|Zr&2@{Q19yNAT@esj4?Bma2{tazghS%GmP@m zF;7%4!8?%?sMFZ%D_ES22~COEN9r~%yCO0)Su3<~qH%m8$+xyhAc>LgGZHOJnQ_OQ zq4)++G=Vfb+Ra#1A46lZ5n3VFpPZ&np6XU<&{Kv6N&t;)x$2g$}g z$t0j_0{&A?ewF#K4)g%-5k>ay7(VSk?SD|>DpnRWP@YGE^GG4b^4e>m22Y;bW}2m5 z-|ems9C`7E2-z!RSXqgEvF@GKvG;Bu%>-hS6xmxn9CFZRFqy;H?0}x!S^H1>PkUx? zSk}tEpos7Ey^9bO*J)PsKs~9u&j$X_YT$d|*y3B&4ZI4askDwoy@CugU~#>IYKb9_ z5l8Zp_6CkQp(yHu*W`W=j0m5Cl;W9Sx|PMom?V+-rBoY`B8wzyCA1YNyx-~R{iRK& zR|;Z3=W5Z8joH)EtRxP-`dGjmvMk+ z;+TL5mlf4@&(JK`GBc(=oRE3KhkaT2*p(qIs8xhALMJf6{}g016PT2s_{b8xkCgEg z7|t2W#mYkOvX)V0^-T@Exvy-2bT51Ti-|auzw(qiHFiWwEF0!>kjmjMFMr6rPxjr@ zFXvWAjvZI_A}Vy^la?uBsgNJR1vjAJY*Q zykJiEsuq(f=&YxHr*lFQhW;@}$yiHUFX8z19@2;v4n55sPUeupgd=&qogZNWU`hOk zdzp4YF`I_x)0DV)CX1b~W_pGvlCM!_G>}6fL8vqeQY$io#d;Pw?0YCfR@(|~oJ=TU=FVXX4XYFN!Fj?sf|019G&e(CxSv8k zWqL)KcT*x`Btao;iwWQekdffJm{LV*yH>G()Rl(Lp&hGObh@kuOzAP!L(%zOpt4zYJn635G!62<$6Wh90`-l|xstn58O=WY*53MP@u^s|_3- zmG~kF?(LtMxtL%w)}a`pd#H?1=L`YSi(%jQTrG>S>NeL0xe{N%AVfbgS4y8#g8YRl z$cb8q(%yAwG*A7GF^9YHsydCLyBGj-s3pOxv*XiOXKUY;enSzAX2@cApQ*W#3cl>J z!D6T!rS_iONyg|lPi1sNg2$xXZt`2jB-_TVH3PEGcV`DvPCy>eO^o+Qz z38(LqVL?5ga*nju8$&jR5qcpvLcXVRQy0r|F8!71k}8_$O^!j1@u2pygDy z>+Y3_iYX{fn*-3yGGSNBy;5Dujtte)AJpD4O#mVH_1$YPu_sA_ z5}vhPQ`lH7hLoMb1Wr)Y8!e8cR8v#bK~0tu9G8KbFH&@r*`Vo{MuB)u;mr*mt1z-h zK*vqfg`^%aN4{4(hNi+1cye%XaA>_X3fS_OloC$HBt8PyCzsZH<&>oAxFcnJ$Ue!G zl*d^iA&21zbj4}ZH6#OE;4w-V5?oulpm;Ln;D3)vy7({f_~7vqqgd~BbUB;$0mwTYspdP{-@m`V??VY4I-OtC zX_TqY#Br|FCNhE>yq9Kk6RJ4@oPc|Z1uM4)7`fs1kfKh6nNE^n508OK$P88iX}b=( z#{+Oa=z^EWgY&^&=hyS=pWgg(4Sqeox;lP+eSS6oZ?3?}o7bo3*XM6u55Sur!13$f zz|ZHePxk=A(ry8LNF^Uhs1PP&jG}&LfRNLO=Fl$=7MpUkUK=B4|a;EyoQmM zPf65~kwNucbqSsRe|*~KW}YM{HkyRY6ixk9dV_tbhLN5FtMzekaB%Sa=~Mad!NEcC z-^0Vh=l^l|?BMzLPY#}c|MdI+ICy+;`25L#fP=P?^*wXOA^neowfia}_k}!GKvF?n zg&;m5g07uA`rQryX2Tz8LM1kQ$2pWAcVL=kKOgrW_n&s6Jn_R3I0hG5y=JM;#g>{- zGMDiew8=qCCU~5gIE|d!NFixoJ6=(O1}gST5}DCLYsveaDG{`Lbq!hvj|JSO0b3Ow zk^3YjFk<^LnGj~a^=6RX_S0n2xkU@G%{-A8?VX;% zv?D;#GKQ$Gjv#Y(05GR<09GAUP4}(i`ikb7YvyGH)wj{^D8@po5<7S9Y=7$2{PkJ( z38DX%>)1+tG|>Np!{;UX|Mc;*uk?Q#&o|$I0?GU48=yS!Y##39eE;NByHpB+E~R9Q z7(=Wt%Ku+>i&GoW zO&9FQ1k>G@$5&nP|Nnn?cNg^j_@g7C`S`JC6z~l_h$^Y{te_}5m99Jkl_eP`lk-VJ zve#$o7Lz1O*`z9=WQ>f?VFvkldZt7~!z~*P$t_wOfsY?S{}wI4AAeXn4HJb#@YB|7 zV>$<{M_@&ziAG=B_&F_!enc1G0sLc5I4XV>)lm|e*Y^ldru+yTcFc!fc^;>bMr+NZ zXkfGRsCp1p%yASxjiQBtRvldP`fru!QT*Z?H_@Ur1n7cqgU8SU%M8W08DQY(MLvRE(9b_)WlMlrRV1FfpbY%# zr&2x>f}S1O_Z5SZj(nDPc_i2MPH}$JMMr<;47nb~UGM-BoJ0cM!vmK>>Ajo~4t8Yv zd27&ii$y_7al&svw^nEWC)Tw`zSNy{v=vG0x3_4q2fmdAON@VcQi>3Lt7yBV^SYjw z5|=u*R-LT8&Stku>@I(7x3?>uL;UmEmHElPyIt$z5v8=7!#A1DFQTX5TSyKNqhG`aADp&(l zum3qbeEjTbQUCMo*;oC~R-P5~KUM%)%UxXG1XWTjXXS|VNM97@M?AjCIEzV4Mlg0r zO!1@LhF!3xRL?3VshaiMum}AU8_u8e+I`cC>7cS@o3!a(+UX%kHq`+VDM=}Y99d>l z#!)`PjLzka>}VcM5buZ0nMxJi&)aimj-lBdq9!0_k!#ST4s-wy-HH3B5+Z)Q0tJBZ{9Mfot z@mqiC!4&7qeyO3WsM+4A9bcYnpN7D(gDEx@!iVsnjUl9Hk~#Y?JBa?e?G58kVri3v z!&t^TJDzjG#xO=Sa8#!$T!JHgvg~kXx?cN)6(je!G*%jNoJ{ub9?K#PgIlUlHLQ)5 z!>5C(1T8vfx^z5KaVhdJ8&CRA{!hPiES)%IwgNQ1ttfpDm0fS63%6`rmClVftT5=C7xe%qLStd5VD!m3zIqlgx6+ zm|%6%0a(Tx6a;L9RJneq^9zF$bfhkA?_i80$qbx{4h{~$(Tmc}QeKE@%c{QUI7WTh zWOm~wzo}d36!K}GlPrwI!9f>vRW6|HkJr)|rh9`?9LXxGXz$>lo1f1m2oE;};o%Yx z9%c}hK+&7kgk;I4r3{IUR(2cdnUV4k?7A2Hf+x5#cH>!2BpJ;@$1^DQ26{jr1wCMD z_Q3^KVF~ln;+V$C#H8+`lIM_d2UJ`%we&Ct_aym_13snX-W-ymUkxSbfs^d7yuV8* zLv-mv)eK_Okmfg>#i5c$2!AIykwy#UQLyiCVG?=j8;-Gmr9)<%vtP7>zJ34jt%OmJ z>Cp?&{h!1Ht{i}~tE)FxDrJz|k2-;o2{KIODCGOMu*oeS{(iT*(-)eRbY6D?roAHWU7@z-1Z zFZo%L|5IW4+U5VA9UML@@_$dh`u}d{S%Uwwv@R+*i4K{Qz!~zfA9}6Gf4X1?C~iak zyds3>c7%ri;ZvkagRZ*0?-mULB!f|PHoN_0T$@%iEd&Q8&cl8NLEn6`3!6yC-s0wC zUO`8SB2*r=M^?Wa(HTzE>EO1*;lvh!ZT*km@Il)$s1^*&#&E8T~8|N3EhCEmoI(IQCA4%OmvHd?W@n5%4wm5edqz+sq-B-B> z)%@};hA1rc);T5PTSURR3OZ$GNN1ChnRdZW9vbgR#`tj8IYmi?=;b_)RV`+eQoA*q zG0lq?wq(ZkSMJKgz3Oj|cdPbn$d+}WvRG*Az1Tt$JTa!lonfyN?RH~t0DFvjnZ0SL zhZg{*shBtCZQr|X++Q81YaP0_R|YEG5+L{n?ASKKRx`VDK8nL~RDjg!SoUIq5Jyjygl$VFLM3Wh^^uTF@HM~ZAw&| z&gm)jmTO^yl;O{>!JhUSqnKjNa-*A6gTxzv^H5+a;kq|E7Nx_0yM@Hri@4Q$+VA{~?p&Br1Eh zU_ne`VcoV}TW0w+wfD~x-UsrP40F0eC`jhB5u&?UsC#Xz0nT}rwTV-huq?q=o-{&c zfLCGHW$a|5?uJ?)4pgo~oN)C2vG=vjZQIVi@A)Zk>GarYP1>?!=Un%=cU&j^*VEMT zwVh=C)7(iR5|U6;1PhR|)h73|pTQFe@KKUw$2k>WWE>G(EEbE!?hgxKgep+?OD;GQ z=e}0=Z1UH75n2!L+~Fc|GXP%coIKt&vM-K~J2D~aau911A_xUr=ueAyUA9`UTBxbazt`0XRjpR|iK|$RFVPWwJJr{-1Oc(0 zB~GH283rhv!!YP}L+U>l&XB64NQv`=+mm&qaF)xmQB6CI zAY;PX+)JKkC29-GwfcE`0@~u@eQ@dK!VM5jJ$V=}Ee^sm4oei)^ZNA_V0aXx(BU88 zAr8a^Q@n|MI#q{_E5VqbJC|r!9N}lymfxzG@qXJ;Lf+ZPJJd7DbayVN{i`I+rvb#$ zA{sU*HK4KDP8$txk9b>Z)vMIfRE;6~1krwp-)vooGuK)D={k_Wi&%xf>|9^~Uf%PB5mzOtIQFVMgYcvN+U3772 z1DcN5t}$Zbh<4wYi}XEA@+Q&dPsDrmP22I`+|AMH6xva1Kb775LM2_-W1i|D1a&Gu ziPferpCu^p^@--@`494%tZ87E=#s5pyQrxC2O7kG*t4Mhmm0H}`R~Mk4qlYc zf85*KU+@2alxG3^|LQIg7gdhc1uhEBkk^|xnkm!9ctsJl6<&NRtci9%dC50ZL@5pt z_{9CNH~@$H;!ixe%7#OH2VAe|=(1CaV5+aH6Kryxb=EsnH{uLt#-(<`kajgdO(<4$ zA=Zk$Z@BMlHbnldfrwA~x?SLY=K}YmyL_WyF1TS9MKkbc1|vMgJTOTT(OBPkk0f};MD_CgikB5gSb~C{@0<#Mo;q`0 ztzQ>ru&jj^HCgW>%GMqscPgQAiSpN|i_M|5)JEe@&q6WvscF0#1w|L-R9>bmDa*W5 z=RIldDHoo5X}N_bbFdhdwv3q8QY#oXxp?fV<{diayk~m|)xN#=P^zW6>LGQK-(YKM zueg&+rMVL+o)F0`jgu@&u~!r_FCCK?{tQI+vA!vzdr}s3YG!7$-Lfvz;E7-EKTE^L ziA>)CC_&C59ek4&BAR#lsB34byDKPUc>?l#O=S$?es3XBd}-HDJPZ2&ax=gYQryA2ld{ltv@oBs>S16_&xDS!%d;`TIug_JS6wI z0ck_GUe+sQTImjR4_6^ad5eg;fi#-&nf(^Yo5h*B8oVS?aRNb`Ca8qI<068+Zu?6r~iSDdL(X_NYb_!BAcQj>5UdWU*aVuBaHPUDjr2 z9WvWv5V&f$YWU7RHMzWhx?i)Wde7|vH$w3!9lM~vEBcV|J`_0wb_8$z-I_e6hJHn3 zfoG}grtHbh{8TA$EAD0%`S4oCm;sg&uI_DPp+vc6Fv#m`OhExp?5F-ON$dxkTG=S+ zU7kAYzQ!nR1LTj6xC_SqjB*LPK6sC#2qZYT0Ygk#D))V(6j7BBsK#d~iAh#vp8!wf z7Zui$^DN(}mX4HehJeC2B$Hfll8o$5;DH|ri4cr!Qt!t|?AT4^jooZE84$TPHwWng zy{K_>O8p^09ATKn-f0GLSX@*oT^o%(v238Q^RE5rz^iOfcX+?a8~Smqj=7O{0IS<1 z)ed=4kv*EZ^7i@UAO~Fe}f)#gNo^p%f(wdkz45 zKDfxwHPB6+Vptv|h48q+EQTx7Ol$GjW3`okk@qPEXg*}2X#z~gfs1qu)dv~cF1H)0 zF`5fi6|8Oaz7HQnXeo(HwfF?Y=vI%Uszg=ysbR0~Q5JrT6o-7VY1t0RP*E{& zTftuE^k1EJ@`>?T&e_p1a9xmZ>r`X2^mAbf%9l{&FLY5&SXnWne18}Cs`+_gr2|^C zevvLpc^=JD95H`{(qGW*CrT#Vs+-quF&FqH({D^*MX=IT?K^#+Lu19F1h3k>X+ccW zwQXpvU3Sk)m_iY2MTFdB32>);`qrNM9H3iHSM_(#4>?I=OQ}(j>C&m(F!Qx}>6fh@ z+BvI~w(ha`yXItZ?R(W6!*N}>-5=a<*asJc1j%#Hl-bKCdHMcB?CNIf+S`s`P?^CE z{cLPOD_Yr5*4ViF2@DROqc|{IZnoRlomtv)hGIB~P-t%_)&uR>99>O&rJm_j%nM`K zme13v*F^1NYVql#bc7gP&4z1mRHMA+zP&Ol;!upGP6Vp9%B%LxyPD%<fPN2bWl2&k z^+}zr^U-Y@zoI+~Fs|6286rkx0s2%X$Ekr&JL3nXSo8+Q6?g7Bm~x zK;=uvfQ!aHT@Ih_ea|?#O*%HN@uMY}qvImY-~AA8)>7O&0w;8oO*l83=I5JWf*DiW zv6LD0ZNWc|*JB{P;t(;Twyg$#r)SPKQc#V~P6hNWeP+wF&S|K_g)NgZwZv7w1?EH7bE-c+2Lo8M0)T&G=$QV8KDsHAZx6ONzN#rL214>*HRZ*0bpPe@ZAE zp_T6c?)MMN_kZmjtk3^?oM-X#zsyryuB18uvFESWwkmxIc!6T$S$;fYfa+J{i~_~M zLhTuGrK$>uN4*d{iiID8xNp7mswZ)kS9H{|DV5L6J1p%QkJ~?LT_hEDv-*{KwT1o^ z3&B>AUTJAbPp)Pex#{_X`@uC&qA_ELu5V?~QqNgqYu1MS={*bD|Kc#51!jN_`@eg* z`=WgRV}Jj}+WtSrvylCdLqzix1-W38FVAQtX-lN8IZ6rGXDQW81@*yq(=1S}qGZ7< zYxvUw3@t2Qnne1IdF)o*?UCjuTmCeUeEtn5QLp~%Cv@`Cg5zH<1gv=f*Y4hKW&hXu z{@2HO78w8XFb^Ed`%=VK`jmhXkF|B=t1z8r3n2AJ!BZoYs&U^Qa_d9y)vw|kPyaZl zU1+G-K!~W$`m5(z)OSr@#nX3?>dUOrT|#K8ZZ($#K7T%bwsn&YP>@DKI2sf%()L@o z;+BGG1DI8ZvZyc`cm({xNX%{JvHQ2ce|%m-o&oat^Jf=)0t3j<;d9`LQ$fpk%8wb2 zLV)5am_jO7)MdUIl-qDRJF+Ac*^9boCNnR`1-rYZM9Kh{#2b+lnM7Cs6pa5Nt_a}n zuWGRIg;*gtg$(^v`BW@4c;&+c%XOG@MkBT2{J^FXTR^T=_@GzgAB+DM%NC7P8d9~= zVkQ=_x|%y>4|euk>soG}JthCQ&=9K-E&wLp8nv=*^q}wB*kV0cE9Rf{&EOCI;#p~B zF)yZiGq0(V!e`L&YSw5IxeJG)DMoT*4vJGu6*^9aVDlTcsUSswW1z3^f7ZSjTS7^< zG`w0cV{3@<;(E~zNNd;btAtW*YBM_6= zQ>Euox#qluQYzmKn)Pix6bXEbYNAzNIRR8PU*zQE?d9S5rVx}+- z!B&n;xO(G(3ydoqdg|2W@@)*CWZuV5I1Yj9(GMTO@1A{PW4L#4c;w0hnctsWo}Zon z>j+#Htp_1WQIMh#Y;hmlxGLiF=Og|LFZ20xZyP8dBhK$Wk_URq^q6P{DB{gTu}YzZ zQ-Z^)wAI~^iMXIrB!{ASiYbZZ#woEqqxl9RB^yMUzJy35@rrYrJXMRwYw?Vdj)7gQ z=Zya$&tmr9NM+mk7(m8g98%ad8FbkHgWdjN$^IYgzgVyTJ<79y{a0Ck2%PGUFH&ZT zE8`%Q*VI<7c$_CMvQVj$ z3JQv3Wn-m9Po?|LMM#z{Q3wZb8KM^y4e{MvWNy&RmmifV>Fi)LZ@37Ciu|=wopuVV za4QIvj>EI^-al~yb$J)5SYz$!mr5Y=P+EJpU?q!}mC>q2GN3EXZA^czQC_!;u>$z2 zzN^n=E*4rk(-x<);L$kM7#pFb zJ-@BSt#hd8lY?5!)fX@uoori(nqRPJXiPcnzo03{R(YST2DnR^2yG%%A-H6P){cI(+zEm{KW2;`$c`aj)#f)YDBtF#HYVkQIKY|b``D6kWsu$DND!Ap<{^-pJ@394PoOYA!$SCNR3ynRcj3$KK<%66N5&k ze(wCfJA7^b{t_h-4upy{HK$slO7)3`#N}RU42!LT&7rZ<5s!EAilbwT1G_bXNmEgl z*^FONxVi}0PK-3~ptN}CRTJD-4MJ#1SB1P%7^0kSZ#G|EAZA)0*BA?Kix3(HRkQZh zl%GQhi?1F)Om#f9OYENl4b!!f^M&e`MkN;y?Y}=auun4|WfC*Z9w4JWJs}yyIW~_#YIFzF$2E zq_pbkfIwzzn~@;N_C2v6v#JLIgsS3Q3=mS^uLKaXX*B>s?J$l_q5;O~1eHpSY6g{_ z8X)u%rf>jR`TJ1){8)g}71A3!s!)=A*GcIlOUJJYT`}n7deHzwiJxCJtJxxWiOEGr zEcyWGm&71U7M>(5rcB*G02Y%Un1k#-wdQoX!8mbvlilPJFAtB&m1eXjg~>6L&H>34 zW~mE|Qzhq6dRg9MDE0DVaaKAd<|9-HqOEKGMIoO`*mY)su2tH z`?A_$KK{fXqr6eheT*r9OpE)p$n!l2GkNT&4WUsZ6V3m+co#cMRk`w zJTCgBp_xZ{?t}k{qhIIP2-=nZb+BK~|9XDdU+@2XlxHdYZ+7*6U#}kcvrZEJ^01$1 z+ zmgWXAnq9YtgfJdvc-M$o<68E)2mX@~mX0Xu27x;A zzxsz2{O90sz5nlVo@MZ#3)%4x0RkC1^<zkOvtF~VSu4}0WX9O86@s` z3``BBT8Jo*F7xtc_|;97TYLR0D}auUI*eGUCA+A;wpw7tw1GKPG8!;y6e_YInPWa#O4ZSz{g1(7}wM~QRJ z2Po%O-olMz#kHQoN=CeKQfY62?M|11n1(x*YD*dQ80slCB}8{~d}UqFT&H_q3~TD1 zK^H?Jy6G7cofK5#Ro@FJXt|Q^gxUH?S)W|KRqj)RmwF7TXE&!Mo^GsTQNk;Rs*ENs zs4>fdRxO0?iCmeT^|awD4R%yq!Uema!L58iFl4pi!Q3r+5bIGCeVZ?cc3TkPD_4hR zi{1irj3pJ9(Z18E?xSkSxKXt$vrv7F4`4}5XLUJKV!OLvu@=|1XLZ)i6!e0Yu1vLq z)Qat$SzEHa$*YZRzhZT1Y*UBIG^j*U8s?@xw3YiZ`0+jPUy4FJ*F_K=`G1G|yXE`e zo*%65e|((BSq1>UI4GlKI?Tvo*Jb7Scu(&=8tePYkVrGJm3yCU+5W9tB7M)u>7ME`s zI?2-U;{B;qxSPj}p^Jssd=hBBaaCan@m;_tO zX8=DOgZ}g0+&xk2cHBe%Yv~zampSujqi#=MTMPJHJvkS;4ZatzK-~knP1w-BoUKLv8)l*4EE!o5$sA z^7Q0A$F;JlYeMzT<5D+(#F*@LE9*gy>#@4WIwjf@5nRV3MGD7;hvLuRB(iop7QtQv zo>I6Kjd)6Zy$p;{j3`V|xHJDYOLgsgSN*b>YMWvvgek1AqB-wj4!^#bs^k^XevXb= z0aLg3FdUC6;XcF#`r;CaUaE z^JymrgA7L@x8ey5Zr}(p-`N1yW6S`{l7!Hd0X9ZaBywKB1g60l$D?gPQ3O*wRnuni zJB&kT1H@<~v!u5qG@-Il!T;*{;7uIO0ExwyoF$MT3L+dM-|=5weZ1n6oU;K=g;s)h zr&l1vlsWzgr#s?b$-d(c{-QhLU;V>)w8Q_=|7Fv7ryw+d!A+Kk*oQga`s_AwzV!$2 z#`)GyCyDdz|93XPJ4i9f7&v?RiaCBl$sZ_49Uq4X?#ObK{Neah76Aqd`Sp+x?R-V3 z#608w^3}=9Utjr?aLGD4_J18z&j0SeIM`c{|3`T?z>heM;RNf^@EQ*&_gYT53OLRQ z`0ZyDP3)il-_|%y6Lz$-!)FGcjdwy4u$`17IAA-GEc#I?(FQNm6ZrRtk}TmSMJg7E z$Os2ufYMvU4US?&e&;*R#s;{4{r$^J$NByD-??Y)geXCAh~fYv<-PN{^+?eZ^Spvm zk3iqQ^Y3)l4PiJXban(Zryr2Xj{2KdCTa{w%t(YB&OgX&o`Edkj%r>^Fa{I+ zPFFnbJ2yBEj{pzh@#t5WI1`jY?mly#CC4=}6Mw<{VHQO)8B#21>#rs==^Fv}XB0&Q zyeBjYUCG481~`jTO2SO6LpYAG($W)2D4F6AF#xsDHJS&;C`u4z;C76IF$iGHeISAV zi=7Tr6p;kP=vH+I$hc=M)uEyQJv~c+35?+gQQvWXwEEMkK$!gBe#r(1CJ8I3-Kbyu z5KVWa&V(q5$ZW#BL+-6g^5VZ_2!v{$O8PhkL6or+QKdT<6p8qo;S@2)@c^%n#wbM$ z^!@(-{?73vfqj3^-~CR0!vjOaX^8(`B`Cl!0ys{x6tG~7CQ!WD0A~|8LYIW3g%VIS z!YrjT-e2h~K}UdzILHAYL@c0K1VcyQB?)fCnu{!MM0uDK<$+H`0v-%G0H8ZKNg{Lv zLh+T4iQ^aw-BHzLUQ$R;(&y@BQdWw;6OV9w=Qt@Gb&-{HQaCcn^!@&!-}gc^z%cgu zyBSFgqlmrtJ78$^ed|MS=A{f4>I7M$n2Qd6sXJuFTFSI}n|M@TMI6OA! zqI;oWw?Wa7p+za5vD?&HtB&mS4XZn(TsMFr*pdJ?fRKP-dP77sMzy)lzOoW~3bhqe zeMc)zSWG7fDa6fc>|~~>-=NvAFyU_0QJI$dJ@=?2%>)J9^4y@Au>4{o;BR81X8sb# zO-xAs$v^}>ZNiqmP0s2DFqz!|AP4t&A)V{;3!3GkLQVqN2sV?}$QCQ)wsI^%{g%J-Vu4-d4Vtyqcw<1t^H!)fKoyyW zpFa!vIUD9Wf)HzIMA?JCYczp(=8B>kVCQeHUtRg>U1|k6_gJyr-F@6O+ui;WtG4qV zLfe(8cklIE(Kly9ZjpwB27KluEMHSsJGI540Jm8tH$(nTKI+h2LTCyMGRM!h zcw88yk@#3Ip?Sj2B``qw=H5aVfJeX|jKrM1WA|@yA(C%s;b)hdH^|W8bKr$Nr%nX@ zr9{v-MbKZ32>K5of__;98cKMZj3^Abry@+qH35Bp*WY!V-`>RFoJ`SVfGFtiZ-c$v zz1?jYLQnTJDhzHR10n?B;n5Jsn2k|bg!m(zjiHg#WmP=X2{hsxy@m_}ZeY5~A0L(z~2Rgi|tugFFA z>dk9kS>^X*nC86SB8mW3kPcGouw^;?AII^)1w~TefwJY1|i&1QQ};R0O+lKr%V548DGsE7`u|fwx==(hX7wFtu7Qmy9XsX98X~F^VZ|y>rboLRC^*+7u3cve zYEYiDEQ`t|!H|*(fV^o^7fFotoTRZnHFCBEJvQbcL%f-SAvawxo&n5QhS>a7N*`T~ zBc-S;Kry74a09_@w(2Pbx|m;w1TkK{Hd%T+!g$6zvS6cVg@_YMgUxK395kG5*2cFj z3^kWfG(=Pzs^7?Phy~~8QFeo zy^2S&^K=_h0;c;)Ti!A>%pwrs_(q_o|E25Zby~oAnx%wd7_l9S7>TCH(OrNNG4ca4Ng^zxXFY2u629|qMSu)aCe^6dKT&G{90^Ak8Z|2O#M?EK|6Kv<%Acid_+&LEzMS>1Q85V9)Q zD3`=zaR4G1k1{wyU__>f#$q8G(Fta9nuKxaM0kQzWeh9L@xP))-1W15*3bG`;`#3Y P00960Z8Jg@0FDR%!_%6b diff --git a/helm/gen3-workflow/charts/funnel-0.1.71.tgz b/helm/gen3-workflow/charts/funnel-0.1.71.tgz new file mode 100644 index 0000000000000000000000000000000000000000..af5429d52706234f14af212598dada37e5419dfc GIT binary patch literal 86643 zcmV)qK$^cFiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%ej7KkAU>b@6gX1Ou{=lJBz3dH{pXyOB_+|s7pcsLwB86FLW!{MI>!@YyU!#|*1nsKezSG zUeGvUi@y2ZL+HlhFx-#7j1PJ#5ecV-ZtoaL#F%9>wo^=|NTFD*JOFicnWCi<=)c>njdmmkP*T~k-PWtesljH3_tJxhxpX@_5E*MIwL}kkeK7W!=ur3h@T7x$=>kG$>ab} z2M1pc@nkqXz+YmV9)3BT?(L_Orz!dJVDRMd$>1QFrhEHOrw987>C*#paMYWToNz2j z>JzB_tHJ*0U@$t|ix2k?zZ~oxJbCipw*Ha#?R|aB{=dOlNyH~&09Nn+{ez?7UVZ;R z86JJ!{}1umM&Fea!gC^th(tjWI!(}+NJ;aV=y3vv;t4BrIYPr;k1p_xjB0e@ZzW#F zl=azMlu^PKMKqzTZ%$W)iZaVCSVoiO2pwm)cqw`a(VWT?mP<@?!i9o}&^Efr${Eek zc}^vAZ{eM#Oa+t>@C+f1&PoKLu!h955h{2zG{0MsQ=fz_7C28w=BL6SDZC$jTonCD zNwc(XTIl0a&Kak_8I(;qR!D=2DHu&?jyWZ|g2B(!xM5kjATQK-3%_Z<^N}v(-XgS6 zt%RCGJuPV!tp=7ZS*yKLu0~k2uC|tijO+Q5>K!ok9+1csMU+ALqd%e z%bz>wUFF>BQR`=>7`NpJ73CzONlX$R<6AZQm?v{8Ng_*5Mo37Ur#NG|>aZFxUEeU9 zBP4mLhk`REzZZm$5P5?aMOHn%z(Obv(0@~?V@gPpC!_{&iZh|>3i=xvq2V{Q*W(kM zsB#G>SQ67}ZyP*-!4ML9yl!C(Qu7Gwb%_HelOg6duu zbFv^DXTJ!^IBX{SGJ|$QFf}-PgM+8tfXv(8Hah-sjK)`EG}c}FS9D2cia}R>8t^oH=BnqZPk!-(thBUG@oC#2A|MyM1K!9qsEUQZByL-iDDHvS|lg(Up^qKANA zxnNw5(9^+SpvI<1^zSbRUk(!@42Ni zfYHE7LWFq1QZho91gAf8D#;6+FVzCdun;d{H;er!5i}BsT8^CEP{lVXsA4}(1Xa61 z@m6ltjdlAc3PQC4O&3nd6qlKFq#NzrQaMM@SSC-ODQcbJgro=_zEB(T^x5Oyc5fS9 z&50lgbAk#i1W6IiB}1>LG$W!ffFMK(%cpb(+`(&v^As&`N)W!mG*g=fNrvQ{pp+CD zTP{d0(GA7ubx?bO3k?8TjnE~TRvhJw%6T~fPO^=L_a_;f^cPsoY+r-xr@F&FZav){ zAeM+t0VkYDdP9*L|jA+-@no~pI!dSRZ45t^_}rjuPX!Rd_fU8tsJpX{P^nd1dh zFG+@lq{*&hmMy`o*ynD1R0m7B4v&l_INL>YsibYjcag|SzSu>@MC_s&rzy#2G$*@g zf%8(8RO@kqWisDI*X~&Fo#@6!{$c>u7TeW7n#brl4jyrLj?S9yR?V@Wuy~e#W z)gbH<%?L!E_z@}iz20*+n-Q*FZX@-b<};L$8+F{EluXLmE~5FA?IOZCQ>QPyH1D7m zz*oS8UaeH10?T=f&Zmeh3c1|XFV#j+eU~Ix1%*rr=W!1qR?4E3U(<|?(AHM3r_V}_ z(zi@VePSI+pDV!I7!RgkU!XJ3f?W5pcISwgkhcn zysN7VP06+tY1?XpcX@FVf>RYQFHTH7MFLGdb<|L7A#lG8*Q@@R>M-oHrE8-TJy;#rK6`GTeB zXfQAX7TayU$R0znXA0M2!wzf%kE9R(QV>2g&k(APemqHrd;2Yg_gV^18Jl3PN9R0G zvQm*dv~_}$If)cw%2_r-Ig4PCZ|S+46Pyx`XpX)ivj3b4srp>7To3_}U^MjhN^mk) zV>nqVdQ13%q!jZdGUu64BYH}O+G`3nG;C@9<;BTKMoBJp*VR0m$-!yLiBOH{)p@Lc z8$vQ?LXPywr|O+>lB#*enPx7Y{T_OUVVzXDepAwG}l|1{BbL%;j#qDK(Of#+1<7(b)b#tu0k(WcP|W zb4*L;r*0|XQnCeB8!*e3$Z5M&E9a;B=rJH17IUlygXD;&8G#O{9uYO;IEP|p_3t8T z)~uM95~b`m*Q+!dq6NXZTHk~dwQ6$awhS8Bm-+#s3m{jLWJ`pnlIW#1rCdmu@#ZGe zl*~$N(Bv@;n#LyVv*b%P^eIs?Ai7mM&Ph0MJ_n2^mAVV3WJ+^2IhU?1)t!fSGzBp; zg4hk=ihUBA6PS=WzM%|`>Pugk0y=r|y{MXu;ps_HiV*@r3MBaWMO9)KPJm~+;3Zys zGZ~>l?8=@}ag9WQ6Vg#d74Yh8qpx8?ZzJGokStX%E4 z@;h~-U|9xhIKg?MdO&A6&eUeTU|B}5>AWfY*wEo zRpkYKgCK3;FkLbshVu&yx8#zrn33 z=ZZ^G1S(@V75%b+fAxuXfjQ1Hl3j6}i>Z9w31cFM;HM$}_>PnsvXwDR&1C4=}FNpBu1d^JOGYs%|PX&6(6g{gnO@{qU z^};h)Dk4S}MF!+}hvr@SqsK@vO=6Vvrn$J3<&Pwq;~QAkS{srnX$pwTLSX{9kI+wl z)!c&JMpT5`3bqEY%<3qmxmA{Vv{xSyss>1DPV3_>sw>MWnQ;OIy_F(rtfmpI6r&B& zVv26(B-b+qER~gF6px#y2&6J4KPYKHNmp2_oy{R2)S1n4wMewkS)uY9;cQonT{z3o z0x!`dW68BbgeV*oR;n3|SS3AK>2*R75sF4oG1n~VDu&kzYA~bM1nAD_D z^^E2enWF9mwv;psJ2UAbZfO}zV& z`=;*O$f)Gt{(vay?*31ZZ?8^3YpA#GRmpRtgiD}HLSm_;R(00WjPMx!I48Ni1KG7~ zP^CU1qGBz-y*L4ol|(2Rn$kSA;vUGzoFE~~#Mjx=Q)qo5?VYl^q7th9@H~$}W^Kbvtgy#JT7IXdc;@KEQFB^MOKWFRq zkS<2nZOQd}Lj%e*+x*pVR22DF_pm`M*aca9rIzq)at~X>0#yW~g1Ty7)M)31wDSBk zn3mo*oTg`R@izLfx&EScroY%^p1;^&mQ^7)gPYF#7bq$SS`_p?=%L17{>zP>?{Ds7 zx((2&puZ6Z_0v!HI4k+$GadcI($RjnxyH|quTH*2QS>XDL?C)JcA6`a>#-iz9%}|? z-7a&*4L`DG>u#_I9Yn>MLuToe`9ProNYXY>rqWRA3J zz{D*3P|a@z%Hto$NSAJ0d|5d6y1`w0cJ=}5os#L6ZR@`% zy7+O;0En;!ptib=O37(eh1ybQCYms7YYk?uQJ|E1msSG-R-S=|w9lu?>fOlQZo8`oP;^OV9_Uj;#GajxEh$DQWyv++fngDH26H2{RXyLj&%N}W z-(2fvdZ<&<8itxze_@l8jNrU1s#kxw6Es*#YSrtTN6C;V@NKSEs4$w&9;ymB&GcPr z|AkG&N(f_Z+;VKR+@A8@Y!+jEK6`BJ z0PMRFdi!2)1eQ4^ZLPfb3RKgUqPgx>)*J5P%`IF|u-gq-L-XQ?#)FgK$)`|i8Uxi& zpv&C;h%1k-3yBsPal=z{ZU2fQlG%xqjgm6GO=dM zbkFyP`YIo;TE;Xb=qyk8QeRx}jK^n>k+4oL2#v>Q&ibPik}U{F7o6SDl%x*!HsZbs zv!XR%vW;N?!Is&MWgjlJWWN-I&q|t-zQ#l$QsH5n`i?9`JeP}1o0?QlJuwI<>x=RI zAoIPT`RuzF;|i6k`R`tg?O?;Tg=Rm9Gmy82z}A+((8I(95@j++SfCd)r_A1;pO9kS z+eY6gN=y^A%CtG=X=ov&?J>{tv|!Yn0{W4~MgQ`q*Subc@5s{HN$HzeZ$GrH=RfY< z>!-8{@2g|EH@>A)**-Ae3&ORoNU}JX-AQ7k%2KH*yg-_4|H;lRo_jCb;G5-)joL8O!bc* zy2@#8)A94&=7>zJXGu^^JC?vbRXNdRTi&l6-3`6-ejoo&gN(Dh=)Zh*bvBOW8+m_i ztn>fhdvZ|o|2-HUKKbnb`w*Wi<}C6<^GBKxeb!{lUB#2Cjit_yL}n-g#i|wt-@Zlh zCCLaDB(6ln_wSLCQ==*4x0t6$+$8_#JxZF-@os@eH$4&E4O*|#*M0%a45$*lniKC;~(@1 ztx8%J0=-i#ex9JCefUZj<8nHsZ_rk>g$yi`r|N4DkUP=(RP0*N48h+@oM{a#E($<9 z?)^wKY$z{P3#tnOO-O=EL6BgJKv@c%HHO=Y{{WX~Eq#Nv_l~tFdpTBRX+8rM<#F6Q zpCYb_o(7WWUtnSMqq2^eI0ED#3d4Ypn5S`kG%wsh)-(!O-VX^M2d-(lWJjW$W%62%N2(=vCraQ52u<=?L9q4ldH1<}B>EE%7G^XC+qKHG?t&1b17>q`hcj#{=lcd() zCX@xv@rORn z_6ASt{NIzq{m=a0Lwsucj!$sn?KVF;B)qaAjr!M%)CCf-}K_pJG z1bg~G9b*<)q*hqeB|Y|dnOS8RF6cL$m4z6gpSHICYQhHvUYe@dmh%%4Th+sYrS+fv zjLrNzjJI~t7I`B{u2z6pG4#K(iQh5x({@ZdYu!** zifoAz#yLqOXv6K`TtC>oz2()v(UP^0Z~qVC5gS=(T#Hmj=`u*S0-e>y%FrT+?ee$mv+bbfZF_o&F0g5lK$o;8fgS*MR zSx%A&Y1UM4Q_`Dt#FK3SDGHL9sKgmfFa%RY$m+{9h=pQ6{TQ`tp(1C7X&`u=RG%yW zwgEVVETTx8Zv^3wkr(N=UQd7S5boG-d8EFp!?*_NqAT{X`V@@&A&3ooZ&9{kRi6&L z679i@{cg1kjt%1Ae|(DxToirdp|8uviMXkiccvMu3fh3q=%+1k84@7gMv0O0%oOq& zh=aFtn!#lf`A;ZiNMwW*X#Z$1_)idmz}4}rcJAEMhWU>Etf}9NqA1vtZaW%w;S=md zyK2J?wRX9CODIAGXObl>8=k6jpAqRTuFlS$*umSZyLRk1>8%CUSWF}I zE&@c=lih2w+|}xz-EYpWb}zoa+C4pces*=HO{#QdRcdI84R_%`cs*rIz1lOc_I8K6 z1M_Nv0rtLmwZA)1|JhpR?SXlFpsJaQI4kB@y*xB851~O_bwVV(J2LN%phf*|h8GKX z`NX_@0#NnKlw`W*Q}gmEAT;c~efyb9`}_Yi_`lYmJ0I7^I{U9D4g0U7qodFHA0Fgm zLby>8gkv=>IYC+g8!g;MOE+apVSTBr%L>iWYhz03`PsMy6*<=(6Am1l9lStLi8c7h z$!$gFwG#|Z=Gtj%N4EmrR9-WE>-RQeuOG(-W!*mr9V8hNWueX;R1glNUBe3;>x79z zJKpy#ydTFOd=!PYxEmcqsE3d{ikc>;a2CCNi)4|ZofrZ*#@`T$wz>khZ#_madIw?B za)}Ns-R|1|p3&|{6M!}Q|M1CCeg8ihewP0p=JSElou^MSW;gEsJXot+T9n&xz54N;=KI{mXC0xT3wB9z zQF3s^%9aqyxL_%`ZB@l>1XV>9^&N-}rdmNCmt2W*1IzVqqn8W_o&jfrv6i`{89-uL zszWCWV*w`#U(g)u%e1w!ZrgY^&2*}9J<>CGHwk#tNqcHllnCKGXVSPpIylLkB-f%` z7?b?KoMi`Wr_dL%^=FKqVL`x+XRDoiF{DptAQR=HYTRo{I}`XT+gb9oRQ2Wfrb)}j z8d|4cwwnp$@;FS6R26PZnxsK!E2Yh#R6?r4t-gI#Ehpx0`L&$>VN2D6@96#ek@_L= z484E9wMxODidD&${1(rrFPXgHM37w88nmNhWcTo8BSTX#6s=WM*A*hZkycon)T?wp zRCr-N6X6?BAhcuDEPUVS_zIY?M3-tt)s*Z%@FJ_#uJ-D1a0d)XeiObR`At`Qs_Y$_ zS^r>_Ld^x|v>$&h2ivB~Y-U$?@LDbPcXjL7z?gC6HfZSCT2`^b`jJNXQT?$daE-^j z%p1>aJe9_a)y__S@rLn(eeCC$^7>Mg0c+r@$Ijn4Da!gDsPajzu4bTXFsDnXkRbC{kYeFs$e^zixb0WkAXA=^lqtN(<$oeo9 zTE{vkIFs|=>Mz^TD+s479qX(V&QsfdOt@M1dOvt8O7JzhnsXxNEK5gd7`!*$;of_{ zenxM|gZFQ5b^i|Ufd3{$*etu1w76aO+zCb0xjLW!ZaNn$!QYEs zylej(`_+3P18eQS26g|xql4jR|Gx+MthWDJch_i5le!h3D+S=S21+X|0`8~6At^1Y;VtW!I%n*9OIt}fCbO>nv8>>&by{#b zpGhf}6ZXbwjjUbJBUSW~HSIB`K#$h;+Sd_T=?QKa-@gZ7oIs#gs{wjRZV3Ow(7nd~ z*8zDS^8SCgH{5I7{~vzl{~qMidjD^>k_$HJ(lYsO??LYL555^U%gr@$=gaZl+qcyP zc*Z972HXHHZp;->d@M9N)g}0zCNpaxBx^vd0q`rEd>{ZDefJ|kw1{(e2jZN8Kdh?n zN7N1B_udKrZ+;B@kJZUaXF22K{@Ylu|2wSF|GlH5z0dUjAwCcQQxcv-c2T_oAmtL8 zlr&2r5iCxw@r;Pr8dDhyDuKkDWEq;N?G6?PG@tDvPBJX%4FTo5_Z;VGZyV)grel}y z6p)M2B-%s&^f*SZoJoa72^EB+jOHZn#i!$6#*%TObEhp>j(#{9qm**di)U2!;jc!& z7f*iUefVo1%x8V|$Nm&IdA|ZQ!O3-5==i$5KgZ&>=>0jK;OpL>W4Tb@8K<+}pZ|Mr z8~uPeWu-vpr)Q!U7dnk&FQzHMeO;WhUwiS5NLWhxe-9+h?ElNN#= z?=TwfMZ<$N4ONvQsG}-H!-KW$^?JuhGL~JNWS%J%lG6#KHU+Cv6SSS>=>Pn$|M`Fa z_y6eiwzttG`CCajf$#yn-aB+z863PrCM=eVbJTn1M?!xW{G-10-npR95R*y76Do7O zpb+!fd`Iulg5@)oPS86v+>gJE570ZnMT@Npi|>ePUJW^Vhfa-ogZd^CPIa7Yi%b)X zAY8k`$);6_8+jDaJ2YV|L+{XQ$xHGYy+bId5hf3Lht!bfidlSJ&;QX{S0@AMs-}~A zG%M=fdv#jMgsB~Z(!+shtuSkJp{1A!UEWp9gzb)9wDgt8HcMAw)q&ww4ZR)?R@K-L zAsdm|n^6eO+$=dBpT)H}=4+v=Iy(4xS5ciJI|j?Ypva1B*i~(tfi7Y9cn*80Ht$>!&tJh&mh1CndRS1%Vw{5wqj!E7fds($US z=%z4U;qL{I)YZU)K=_-k&#=LJjkH@bG|Bl^3VB4=T81P-ym`F z&-wbS$v@{Cq)h%fUy(2Q=X~>I$?LaABTw>&Z;`G9$se;(+A|}s*ek&M`HQ`=v{of+qieQEJ0o7-P_}eC z=VjdTo5jtRj#Hakv9`DUiL`YT@6}{|8%?N{8lRtbjR3s9bY|v2jGdr1=qhFi<2y9X z7+zgeljZJ`uIo(}FF3lPuy&JcuJl81d@i1iH)jY`;Z1jtD!T!5+03PGAFg3A*Je@Q zfTwItp#BleWg~O?M=_Vpl<5!1T>8_uiY8oMoSbBoO@j!V%WKp!w{Bnzr8{cUJ4bG|RT^EFZRZ|1q0Zu{tL> znUk(PYl^FK7mU}=FUZZ(D9VI(Y$-W!L5y-+(f8rWgMR>eP}~{G;eoOG5DnBv9eRuOd;9IWIP8@KzTJ zGu&0%)n&S?m0zoA(Z$;Nn|k9_>b=$FY{tG#O09=xlLvN{(j031oZuT`)^lfXZCN(E z!ZcIk=u4qGT6k8kDt*cTY ziW?XdnD~;SZ$p0)zB$;vI@s=XdH~;q09)UHc4iM?ZxUp0J>aHzuyNJES>6MnJ&4!W z*N)15%RCycujYFms^2aa-^N3K_cppl$z)Ni1H9YFaQ}LB!wIfnX!GP47sYDU#au0P z6^t5J53T}F=2VhImb^9wLgGBd8Oupaty0colRUqR=?Thm#^i<~aid=Ij-j(o0wy)j zR}NbDSl9`hQ6cNorL$niB;hf>70tRXRYO8r1|~dH+Uf{>viLmVH?(TTcZ}*7Zxejx z#He%{1h>@(y~c$O28*rk3Z$5m1>rdR#im~ls_zXBp1zKpazhLr-J{W_klXu29} z5Ir33t!c6i(^@TSYCo5z~qESj}`vT)shSg(PWRrev}9riKL|ltUIHuJ5klU)}XDCa(dIa7`zpc*l$9I zl-+`|yk0@<$BCejM?7JRX2q5*GYDo#ingogQbYs`=^sX$9y%)nS9F8xx}R=M4craJ zgqd9dX%!yBk2_22ur@w3O%MRhM;Uwk4M(IE$VUw(pl;Jmcd6~Yq8s+I7v1U8J1!-g zk(_Xdu?0!lbrwJCr+`YK8vJQavPG1#M4+2tJUoc^Doe5%mGcr#ynfF3Eo14geOJ71 zvO|i#srUE~Y7Ali2Vg{r7%6!D7ynp5`082ha`0 zGNYDl+Q#X}Gb-<1%L;%{n=eo_)q%>5Ep3t-t6KCg|Ds2BPLgX@N;D-{G5S^thWAXH z+N0R~f>exIhT@+3eB${x``T$%TJ-zYwWCgXjb+{mhb zM+jtAXy+_X3r2G}LW(CZMRZGqjP_y-#nYq|K~wI+vp05Yh;bP0zYoZ0a^uw z{tKJ5MuL9r-KM>M|31=B{=z2aLEWX>ysh@4E!CCq$1Y2FVQ*UNEk|LSHY$XFNfHFY z@n1me-gQY((7#4$35o1S0^UZxRhn>5Ems+)+y*%j?uGj{`aFpWmPRg;MIQ@6XSsSP zBCsgwZ);spgrTIIV;Rke6p=9Z{Anav1av)_GeL5w<{|{Xu0@0!>y_)+J>pU5~TMdCdlY_q!vk(6{-f~`t>XGs}@psIwgr&%xCbu9y!+q^m_ju zhTL1v=>7Y*Z{Y&HQKLfFM7MnZUe+IJNR5&$Q13XkW0I7d%BA82$s76cTSpjx@QA#T z{cS;HB;2R@{UXG!>O<{CwG5`h_khZmZoax7l3Q!ri>ezt%xf-H0`#rE5w)ZoIJv18NQK9JNLg zX`Dx{<3_5`1AT8p4VG8NyIV(0q1Exh?i1YL9uR5h1C#_~E2Z&djMp(>J^53o6M14xJygmN+O| zTM`DH=W?sY*2W_AP*pohYgv*NVG5b3VZJ71xr+VE;72`Zf;j#xQkuyV>h1 zqrD!#lMK^^zv3Xp{mYh(Roo;k5Zfrh@6FSG{%rmU;E3)bH@zdko$REFfWKps?NSp!fPJQkS@ASJls??G}=D}utgH>@iJ3{bX$q8Xn}J) z1Aayk!37lp4Ct42M+C^J4BGo?`74YvZ zK-fiFI`xnGR@g@=$%rIdf4xJieIcn;4X*V{%HEbZtk+ED;)el;ajKCUCu z#6cCiYtOs7*$&^p3W%_#z85(G>enuB+v|o-fl%+|21()@*U1~_SO{rLSH)U{0IeQ+*|?agrSIs9 zk6^SjE3R-h1+d~mr=|+>e)f=mb+ZohmTQw{ip$mIBW(xKxMF#==6WSSs(SoG^Ae>? z{dKnDa;ABiR9&B#B8^ww7cT7>tek{xo4fljY|=w03=}a!?^Yy~Zp5-~WRnK?jsWNu z>M=uBx6u;ry1kW)AKWEu51}ep$3|Un5y87)pM=0q?g%|u3BI$%SHH=v3g7*GP#I!n z+7QcYGzf44HLDONZ3VpmCknK7U{|26!+V%vwC)YBlZ9G8`u4Kc$zGQ=zVWR^t>3&Z zS$F0S(62fCOIc`#f7J;W7-3{qr3f#_rAG=s1Ls|s_7 zRA5T$paH9jr#cdW8X|obj?AfO?r&YannO1<;CX_#mGvFPp?u(%-c}=YT(@%t+lEX-XS6mw(Iy^SYZVu) zO%re93g24P`N@L<1W&JV#R)m?)0bT#*rR!0@tZY)wOOcxL9NeDgtoToB_Oh7s5|f? zPAa?uw}K`*?zL?rB*-BF_B{|lur_%-oJ0UA9zD&-noOy_daL`80!M{x$e@cwAEUvOlhu$AaUkBW=m@5fA2Z> z@1HjC{~8`P^uLFDpYy*x$mgyJXt&Wzrr1}=)dQElG@sSA8gs(QF3On%n?}k>iX^jk z2RXR~EdpXZxK08C?^ma=;`Ow=Z)ioF}L8PK45OE>3sgGbVjxS%rR)1{?&N*JF7soueFdFGF z$+ZYwz(Cm&VV*lH*9H*N0?BKB5^n4vx-Bd$04)pY~5c|7%L#`)Xqi{XZHG>;7K{hfj_^)BlI~e7wKcN4t0FRp&@( zL_27xB2rpfMmoThO+?r8?W9+5V`pz9$ENBBUTEFH0qQQGAJk*bpHubm=Vis*Y%o8c zec?X)!hQCI`|Jz%*%!_Y$%i?+t?{Azcwacn?!Um-1Oz4>0rg*z#IwpwdXf=W<72(& zAf0~Ts>;Vc)AkUm0{0r^A{4~z?KKJJ zrFOlt%*`cH3|P;cNv{e|@QD!4GIkqjr>o!*yCM8mHDaD}xa0at4}re$s?LB2vh+j? zmXfaqPYw^QmcyP0_7cpmAp}AAR*bF}qIwctF9d`Eqp4}CS+%YfMko=~T*N{s;Sma> z0r#qt@mrjy8BqlwfN}eYri&g+lONliraJnV&l&40LH{gl%Zm`OJgtcnD!IglAr9(P z!HIQu)$AI_jZH2By7ocR(*NIkkFWZ))Bofl^}mCoM*OdXqv644`u`9gYZBgfmfIIU zob)z26@Z7_;Am*u5}(l1>!VMP4Nixecvu$<-HD?PoSr3q?cDY6OfSs-hv?U$Zw!9= zC+g>e-TxmB59{~;`$wPe{~zR2yHrlFBr{MNdNg$O8uXpa6ee)TfS=rutpOLPY57#-`&a*`sE;0#Y_M&%M>6U^ys9u``#JxFFBiIt6+6;)@#gY@! zUtpTM7iM4gXrhM1Lh#2K3qd4=Vo0tlIzSgQ`#pkJ(ca$R&EEb&T;#LfHCf&=p2FYRZ}TTh@z^F%j%VHb;sevihNV*Hh>^ou*wZ&)npfJlmk>JzdS>;%IcVvZ_<2 zt{Auqg0+cceAaX8Znz(R86W(i8NH6rD*B(Xw?F)nOb2-H@afT{=aP1e(AM5yZ$BFBN5lQAy}i-?-e~_Q{_~grE2S1AMl((SH^M%mC0g8Jpk? z6`11%k%Wuh_O^X^%93ls%{5_I;sP84z}}M}ImZ&oITh%ZW*K5PgmaqucZ^l#T}1OF zD^tbx_;hI3-9T!?(NgI8GmQ!?PSx;9$vMd-!Z(;^c#^pi9mtOKlS`9dZnwI#)CTGT zI5l5z>}_xNR7?LEfEe&`0Ht++Yzn)Mx_*;kb(i~22b;WO zVlXS&9ckfxM?7wVax(cVJ8iH0`E#!Uq?Liy)Mac*QZ!jYF`y;8Xi`d);2cpYNH#?i zVi!Y7a$8g8iW7p$T#YgTyKP0_aGGkm`pB#LNXfK}r-b_yw-VRTBUlj;DCG!$ zgal1Vg1KrDB-o{50JV{LN=2e(7^Zyg))Fc>U0}XM1xr;mQO*=|s3wRC+bTwL%+n}g zslm43B&7*t_(oSJ7pP!dLW>Hrh3HyfDcYG6P87ub!C)}lMai5oLC}(w9I@LR$R32a z^EI46E&}HV{ixDz!cVK>v@)@2-+yUznsQF8`&{I&Yba+mo8~8|H{;N%D`AU*RcFvQc3joiL3i%MomeRb@kg8VYI!tEnTG1sQ1{Ct1NV zHdDMo#p&o;D5DeWgyhPhYqE^d`4mA0OBA84a02H{C^?vHDe_Ya0%VTHB=%bxxgWLZ z|BdB>0B>ugO}J`gdcRvmiD&IK)QcUuSd^Oo zP}l+$;zYAlDM=qUplO{~J3#Z!OwcV}TFn^7aU91+mbRia71adnDrQv>x!WRGOFU~} z;U&p$#YDYF1r%tlYvt2%K@vJ$B0Y`KT?AA!9Ar|?z^79($OWf5vScN?1y4h`LXiv! zLJZqWbGRgd<){cTo5AAqG8I};&@3&=YMRQr_TFR&gnOwdB@>GCXgG}cK@TCTp|oP9 z?JurdH0#&F@@_H2F9qSztfVRFLw(WTE;xzQh|+u(>1TF3`bi1Tr!Sej;6&K%inLV` zaMZ#gWd>Qv2zA-j2*Y;X7NwAi!Yy!K0u1deliIcCn9_K&j;;1EP(9I|Q#|nvmc*@; zzJ^cYnW65*he+y0Lr90de$=8epkaaf=a)TfZEz(BhXH@s6vocIK|4&&mB=*5x#bof zgSg+~nW7e`~ z)HKFcZK6&)z4Q9Al#ElH^)XX?2cS#IIjf+P6W4#)*K zX#-Z6mn~iVz}wSpL8MgFPYK1UjR>eD&eO;?7O^~Y@mY(SE$=|ny3fkU7ENv0zIcfs-+%atW`9YHm9Xinke3k;><*MZo;)A zSHZ2GSoKKIk{}XciC%|Ty>3Ew16aqndT|%5dkDGK4C!{5n%@p^McUhj5S^Y~T%MgA zU!9$ffST0%VhKw3Xmx;a2(18Nk?a8B`VfNfdT*9+5w7Ue#YeIWJlL(82#<+WGOGH& z5-VYXLpp+-HrQ$GI;m(t+3jBQ8*0aeyrGc&*F^ICW7k?^X|iI@mY-LdHudim<=Y=nMP{ipJg-T+!@NNy-AJ>FU~ z^>mgqPSV&>)KPYNLaP@p_{nXKf$Xh~k&|5hv&1#OZK({2z)W5bI zbPy#F?@|*tsJVfps_??4WZ&5Pa%8_DY`62tvA*vj*)$S#mXj1EgiAVAOR8!m0Ml|j z!4Pb)G}J)&@EZ#v!I66J&uoI%O(>OG9x{@?ZBY|!mam#jfO(vzHmJbKv5#M)j|n~@ zT(%cZ(T>`~M+b=Hpt^qCQeExduo^PFGP)+qb_igSr`k0b0~GVUVurLxAGTM${lM9I zt)QsU-$n2>(NmLP`1UxqZEi9vexG5z89NR|xFBYaMG>7GTfjQRP203p^sBAo)!SOf zg@3;i41xIAF{m}<&_WT~S{P|28f>*b9&Y^(BWX|CIq1IHhEc!yJcMh95c3I@gtv{M zdG!ys0X;R~%Nfnz80}xZ`!!|Wc}``erF0zzgv+9?qw50ZRD2tPv*kMgN<7;P(nhMl z_BM>tZ=+^Dor16(H&0Et5q`efup6SK7TqB4s#R=q9FpVHTt^v#Q(WtL(p;F@l0nx` zj(5QfMX>CKpf`tuFM*pyRESa=vJ@<}JXT;AVtqT>w2kfh#$0U%$>RQ3Nsxeq4R@b<7`f?l} zZH>^@7mMXDb0*|g@ahS?lEgj-?$LwO5K`58ge$1yEMvDqD;~A1Av2+Gr*7vonIoa2 z>rIFj<3Ki3MX0dMJlbK#nH0SSr_rnDV@34~PNsyLA111z`sLU})yfD}Z#0Im0bOR| z%4W-YEP(`&(FK)l>XOy^?L?;uiri(b(e(bPdZ$;KBaU!ytH#Cddvmi|UG$m@w2a^z zL)qXyH(|L*l(eQ{Cv!%P{h1nGg-xt2UT`KDqPbezf(Vq%ah~XZ6}{mlsC`L(LpjUA zTSFha8I>|4w(ka+T_nn6t`K-ZbE-xGZhe=mL@7hJI1l>bRdc2`fZdd-2{f@Sw^2rO zRR*WOstqaUWT9HfNkW9ce7Orlz{!H$5Tm`}*%D1ShT)ki8Szo&c=jl6tidYshn~?o z`L)K=k<3J->9AW6{u*cn=~m1gfZ95hk|A)L+ulZJZ}6hXDgj2L;gJD|t}+}97S$sg zI%T-`6uj#kH87RY+xIo_6~NF_@6Ii_>Y<&3q9Ml_g@vb%qUz!mULmaCsTv!F=+d|B zBFc$03FZ4ZO(T*+Ec-|@ptwXPkpeFwwUXg$WLkoI0S~L1kw~TNXtulAMsxSDsq)fC(kDYaEN`uxj=^8ls)4=& z1xe6J*A1gR@r?hV&iTd75gOl8namYk(GUBUb%(c&oB76_(ubtNmKTJdKI=yQG%WX!-Eb%tgo8O%FGRZgwrIQ*k}S}3HVZQb-y5

%^2o$up|@SXb8x!`f!1>oP83ob)|t(XS4fzFs0V z6q~)!nEr*8YVU8{15;ix1DoOs93ROO(hpW)WEjN$w)4z1*K5XXJ^odg{dxHRH}l)?C0(!D7jDWETly{95ay z!T4;`(dhZygyIzaQX}*((gu~=igt6NeRA0?@NtrH0{1Ynv2Zo+`_=?AHIc&_)=R2R zzcSS{EwgP&HESb zbu~Ow#;93d+=Lc1wRosrJ2g{?f*|t3zNuQ*{d>+5oB)Xfh`0M43y;thAT20RAmw@llk{Wy~w^T;{1}d z;$QcBfeR-lR#yc!)@A$Mf4BqI^9fz|_4XDe1XvLyD(uz0c8#dvU9*UzIhE-|GmrwE z>Im2h4>mRL%nk&cob_u^&J-|wkXn*hBCr8M6UJnn6$zR&WNoqhMLqsSgNns`gx)#& zx&2T5i4q&I-shU8CUb_iP8kwxK@=&N#o!7O0uS{P!Mkd<&N?R0*ab93q1O(_4y-kQ zhyU}LHb3HJo?D}!N?Eicv`L^<|9Sp*G5Q{;A;(JvU{P};QNW#xhOJ%!wncVIL8fJ< z1$6E8XL|*fw~qtc$eCCL6W(tEuxE|<(NBNvfr)*nZUOD_*BPFPh6!exQWK2E_8_A< zK~q(@zKkj`dJREX<6Fu}dPQf1Lju<^{f&I{?5n-XOGsB}LFg>M`2ll*AS;5e8AUgk zQ$^E!-<-N%fH7-5i)R&X2BKNv)}8C?SFaprr~|M+JHB-2**e__p1fE^dCYXFhs1V7 zbwJcxIC)Vc1pZ5NG23XzJnw7-?a*9jCsI^_uLct|Q>xpsw<`5XPQ0V7ltA z#J>O3akYjjU#|(N+&tA5>~3VG2NkaQPE{C~rjA2Lu6t@WYjY+uNAU?{n0i?*CW;rG z)|=3#Ri9dOd7@MI@AO8(WGcP>n{u3*u zEbyCg$!BDQ_74BKdiH(pf>YQxy?R@nEt!>7u(T5K%w7EjOMS6WU&zD3+tja)-KC?m z&V>mjO5RZaz~Y~jG)wJ??Wxr5RhwpS6r-&A(1Ozlz2e}MspQ#Zi2w0a`TBTskyU>Ktki=V zO2HLq^SvhQwdrcZ9yawy&zHG*)C8htl-+{dHECQ70B&%gf|aRcXaSB%D-o+lSb-!x zHD_nCM(W@OE4PzL!r7oTyY1v<*V&HO$c{bbsm}&k;Tsr0Q@+NF z`B|~Lr%`<15P3Exuw#W)YxM1&bs4!rw7eu#4KsZ2)xAz!d+sc7T*& zRlkZWp}A}ztqUN(1n5yV^eJrNixhj=hiqvEhe$vhQBt+h_k$2LaIEzuqf?SBlZ<@J z*tI~<{hy9^XljPEh`l4gS<<8!B{h}NgiINSG_l(F1yUlF1qcX1tMyet_`=+We8X`< zE(oVAwb{Aq>!K=*pfu9OVGLFQY98w*=th&FH@o3ZQ^sxxzoF!|Zwx@RjfaT{)Yky} z=3s4&y#a)v63$u~4EOpTQS+eo-ND}_MHZaG6^M({9oV8c8Oaty2?R9rt{*22@?5ag z#5ViD4Xt*EZ7?c0A&bK8=?1>FRbZ|G+Ph=#2tHXStl@!aD1wFn?>b%Toyg9~>IN;AB9WOu`rqmr zX%)mrX8VkrdG+ef!Y;$!a4;}zPOYV0-Q3OF4%bM>{R-p~jm-rhQ=`?v%g#zhTY5?|ytLB8 zxqgOH^$-d3R4u5@U>1Qaq6LZ%03)4^08})0`5ypis`JWT%{dWsmZiufnnlt**&LWC z!4kRxHr5Z;0P6)0+Rl!anHZt{flkxri)4H1SvWXgLV-}dqa$>rc$XT+BQ)$>-%1Xq zf1CyG&}m)a;oI(NcU$9|LS4JcHwCo8I^Pu3hAVwja2u}m2Do1MWaHI-*j((xw#9yU z*R?***sWHrfNet+L@>d*l28lIBuUgNmvhd_+1%=3P_-n-!4qxL=3=tbye%a2FdiOh zi;)StX$B6wGp}Dgx6~wZBOMux%_iz^r({ZVQhV&pwRzFHv;22mRqnQ{Hi5WyM{NRR zgWa?Vm<@N*CZIOlMKw@8|97hi-lkiq`@Cq|Ep0n%-?y35mO;<`g$z7cJ@d z*Tmjd&wcnvr!=o50wsLxA6TP658d!uz(j{{jE;HUHb9+PHGhmO+&}v0XwjZR00UOl{8Ovu?8UvF8fTXot1Vm4{Z7nRyCpfVs zs*z!-H9#|W>T1>HGtVY&VM2>*R}O2zC7~k$msh>p(m`Xvv7TV zt<9+zzgC;Z)3XK*>J??y>owyf&&W;x`l*P5Vv(11Va+Ng`Hfq_w#nzm&(5CzGCq5L zc5?OVvRcJfvAZJL{a0qm?RLkwUr|IgZ(ncKv3hy@;%t0zd~()As5Og11HkFov+uuY zscfU=JEGBIWU8~_ykKQ6MO&l|ZSR?xK!_eCyYVY-aM9TdR6f>Z)^EN>)8M@$NswpU zxbBpK_r)A@(htk1gZEXQEuAv8*KDJ62tK6uV!fSbt*5Iy31Rh5slC?k1r^)x7cN+e zPO0D}AdjAv>CE|oce(9$3KzW0BQNEqFKna}eF2zGLJOfHoy0nxiV+Z;6ASLb&4i|F z<5|q1XCuD>+_vz3s?`O}kDZY9g64ElE>I43vHgPZgya&>NQ;TAqI{ZgL1Y*qt*NJj zruDXP1#4`nT$B;7QOy$9kP1v5(F^?ML(sxY9j_);^mHS%YL=FD8*7t@L?2>GRB2jP zo3t;rH|87+=iEGugG@>-9?J?`?!~Zfq)ci93if55z-;k?=i08>h(yjF*s~LU99oQ- zj4S6CtxYL*1}>;OaEF+c5O{U-b}h^*k4aa{ojPg1`PheRqIT5u(XBIM62nw&s9$hI zQ+-*Z`eM`80FUvU;q)2K)InBd&rqW%Htqc#j1^k~e3)nbZPg~&fPqHdE*;yU+7NUs zqQuU7*Vx*iqvsbJ_pXYn5%SOyNzo_yGXhRSCTp!-mx(#OHfhWRZ z712U?fuL*;8eyPpFEei?onN5Z&lak0xA?<$PvJE&c)2^O0N2iW^o!{ngUu%&-OqdM zW@P)RO=4;t_0#;V?&}zC1utgCd9!l;zHD{6zaEnNT0PnaZSP#&)e#B^2vbuoN+lI4kos;%q{VIo1!xX8i=} zpI;zgXmWDrFn)GZxJ(o^e7!?{P0zGfrtgsG?A)w?T&rR1(AvN_JBY+|uriEjXzcd~ zgAU{kEVo|2B{sC8A)`i<%7>F#CRoa7;*~=_X&TyO4#iL)1MYU-?XR%h1pe;#Je~aVc43 zlZGy9{e$Aic}=fw6YN>@@hBy#S@irFKxEuMMkY)2x03Ls^=|v_sX)gU=O(B;cv4(G zJ3c`RI-AQ@(pO4$YVoVDi`obWW$WXu9msK`H?>|6e{{OBcZ;bp!pINNtR^{;nG4d~ zBoLix+OBm~lcwzs{azjVxi;aA$j^6frYk6PM?+pr=sPym5-z&6jSZtk-?8=fK+>%U ze9Ab|cf`6o#B?j>VT9=qXsaXmba!JWg1x_^ya3SMA)woXK$|^dO4vZqhw)QC5cIxz zT?+*by*qu8m@tbKnDFJKsxm=T95o`4dNY z{^T*9KUI|HjcMSz0MIoO*bM&s0WEdKh3;z0iwW(8RSx1pckClSHgubfboI0uzuDVO zwJ6aoaiUuyMSnzlfqgdAa1rx>emimloSl&scEn@H-`a`DmX;^4#dy#xGRnzqCDss* zCY)V+AwUd$tOO-@v$0~Mp~DEv=!vk+#X;Dbk1r`u)l?t*qhe7aH~& zrZqEVZLn;T%6qug@a*%&dfoc{i*R=p;=H-=1iAHNb^j8b+B6L&#S?%#M7hmT{p2#8 zuWRd&>+Xi_Cl&B&*g7GvRm|HQ@B5PXy0kZKGGD9I*DCk<3Y-qv@58$KaYEpy7Xw!b zf*;o7dz1+Om@?r8E3hdSc1ngFE3Z{L+_ZmsdYdV)c68Ewz5|7<{1k zx=w&?6=By3vE5zu1lhoU=z?%Tg(P{yK?n@@wAfjAg|wlUt0s~5VnZhxri+cjZF&>s z0L#eu-DzL6s=b;|TJ>U0l)4m4+=llLCk^AhhFP=U%7Ub{TvQgu$UIPU``UW-y|!M1 zCQS3Cwz3m#`1;0zJ!HT&Z1jVQHt&xbVb9jNiX!^Dnhrf1Q1o?ovWUtW*`(QCgK{-Q z=ToF(jHJ72Fx}~BZB(4miivTn2gXVH6SemZq_qhuy!>)@&itWRIcWCc-LO+8trenR z`>=IQNU;S>=nbRBXu&KGVH2NWG$+{tr6ePgAXb==$BHk&HwG3g0NpuL4j@$Sd|<+1 z-lg?q(Uu)r(G8QZQ44NryvOU2ecg|A1wIb%LJtqb`7{73)hY8aEMt!S&Q($?0l z$>L^QLWOnBM59A$k}z5tco#Sd1ur+zy-*{Xyl#SywBIQ@}RNnYhiH~kRw zHxf+Tr9K@unL5=4`WqRcr{BgcXjQp-;=iTv9K}ak4+)~uzUs^RNv)1VYy-; zb?}M_%^}dk4vA;6pQlTSpw3g>Q?Y(3$YU@0V#|SE?lgRg9BEyUPW@l~G)(;u&04`tpsUbiJHacV(^dUANkFo` z$Jl9xBt%$)?t3oqrnOd2c=Ij{gir-KVAC4P9ib0IJ@7%7E1hjGuZLK-{8d=47YN)$ z`+FN)seo2?5!N>eR3NuK&2CqKE$1~Yvkc0~YAT&?f0qxbMYkhso0U=R;N0ta(#uP9d67a(U==ukmW`u3#QFCAw(xSKA>SufL%v)s>3+gfuo`hB4scO zInkOGMKpYO9OG=$)qyHZ^d-v(dWHo_4I{G2Ho)nE=KUa_aGy_bqGRMwa1yR=^~A2} zALj(}qp34OKlv9x9=2#@QMKMz#z+0*ox|%RWIMtVDW@+ED{E;u%-Yxd6*2+W7TNjYuJgcQXFfw4s z7S~^QZ&lnJlNkMYeEIVHfM-JmuA3#+XoUmU#*$gDeyM73fDL8Ver-m+=L`hW=1Ls3^ zUrQ7qovKmRiV!V>gT6-S#MKjaLyWmZC1e#OX#|03HVhHbAd&QI%)J0{wTUUtct z{F-J&EQKVCW-0BOd&*gHf(tyM8I?5bT7-_DKd)-I#1juRR)RdIdHJTLIcVxQUskP& zvM4f0qWS-`_wHYf+{ohi{h7Z)+run4OBGaX}g83(C+TE zWM;e!-@pBP^lVA3e%Xd$viP368M<4gQmIrbmFf{h#XaUevAmJ_*mSzB4P{~FHS;-- zy0aci!>;u>b(vZDH|Ft1*u>9ZHbKk`kFCQ_G04q$5BA2C2yCq-A6U>)9D)(6-Xk~p z+yc)BypB6u^Gy>J6H$O{E$0!juGUyASuh*}l>u=@RTczSSu&A%AoaQ@GB2b$j%aOH zc>mg9&F!r4+BV(WA>&k09FDmc$NUta!~d-?{NJi#_e&A34*KTb`>8hDg~0D7(92@I zE8uJK-t|2=LcB{sHw^Qx@6;XHUE1$`Mt9dETOQC|im(~f-K+~4@+-G_9(=80ZbjHO z5A z@Tb4+u>XDsK7rws06+AA2mGrSTy+!(QGB7mlskc4O(P~dPE#27$LNZPEAnxG0Ui#y zNRT!=iUkTWSf_;CqQEFMg?DmCEWe+UDN9)=g#tGUBHV`7yAs`)j&mRj0#jsoC*>7L zcbR6qQCB9Cf5tchk0<=((;bc{Noamiv*JrfP$&{vXsgwUl%|Mc)kdREtzE( z>@(QPO28kRry23kKEv?(0@4O7K9Z+Lx#!VcPR38L3qP(dY?3KSG89CcK^Xd4bp&6) z*(@Ad3in46t#N`$FG6geVz+h-FSc#aS0Lc;c-wj1rzx5+CK-a*CkazcAQ}3!1I%kC z(|`J+FNM8^TOqBZ#NRBGEhol&DvK6~D#JRJZ6YVxND?`}r8c1Xyog1PrSZ0K@uj9; zdLpr}Cqb%i>y%g4p0qgdrSBYzkkO|X2RmFK$`bWD8(BnATuQ};sBfVmP;rOQ!h#8*i+DVapxRiU&^-i7>RT}V#N2SHq) zbM3w3?11540iC^X2Aa({!$t5UZClEo%zgLUh@OV!d}^Kna!^zo16TAbmn}4hAx%_1 z@O=LR%3yebMljn8hGW=A|AF7V-F@NZQ>&U)Vs{YVybm(zx2$QU;3mir_tv7@V#su2 zCHmBD&VkB?t%K7pjrfJ|x2LDt?GG9-QzL^Yj5)f!@X~J8U4*yD! zJtI?kQ%PTNTwmTE&oTW&9+wco3~y>2y!njx=VOkT%#907n{V8rfN zgwgUWVIJ7xp}Zh1`Xq6H{c$plLOLa)sv!Cg zGXh^gKll%;>gMSv^KV;VEbe3-NQ*ZT?;66o5EnGo?*Ta8+r>vlG9)=UC7O|%cZs!% z6{Pz`N|!cc#|ezv^0uKd6}h@*0SZHCsbt=$mQEYu+*~$UO1nXNSd%=>EB#yr9+qfu z6mVaK3KS+D&rL<`ZiOv>?pIF22>)?jsQgrRkH}vn5Y5)td>M(7aRTY<|D`@KIEI$J*%ZFy8qZ*|)1F{t0ynI1dz3j_RGYBWC z!5Rg0OI49<8dKHPJudO`UPdEAIyOZgJTHnGfQ?p;zjcV#?Kf+ME1+&0UAXM7S-A%e zInd2#7!sEL!G6P%mjtwV8OxX4AxJB_Nz~$ant~P1K7jvk;qCy-33g3lJ#;+7LlR-Y z|C`5qJAtlgE3NOkmauL5xd)_lYh!3xot0f=3f#1epxj&+L(&~48SLU@5_}vcah&h- zvaIa(*4EaRp|VJ5O1zeEU(V0PITKOHEDMGDuJd^~)4V8h+&xs@blF_07r|}FtM&J* zh3l?DZ*u@XN#gS)A)v1vvnuCIZ>3#~IJ+ogW9`08F|rOK{&Z|z$q>bc%f9M7Nm zUN&eh%&z+|3TDzuf5@MKkUj)hJf+;(7J6z}|G5=^A%JGq8F0b>TnOYd8D{@sveQ=3x6%ksY-LEW2yb9+vHGj+xs5FL@H4)Vwcw!JpbGd$##w zn*clD4cEM^5vY>nmFp&hL5Lpb!cnL>SC09%34nHMr#<}I)zcnigZ0xMXu}oM9&p1o zh{WCN<6A-kG3Nr(-_aa+a z%pw})N-g{L+z?1boUNU+J<{&|&4IOvNe$Y4jX8=)8726kW=oDi(yh zo@$P9rt>x~*fw%XhXUPXx`(+)CxL!(L{o@Y`VDeV^W$V16YL7y z;!b-J!YmbxM${Xwq~$3X@+?XP5zxMmfTeuPGE z4QMhCIdGlhpN>lXm}LO9k{9M!>MhD=NeK24&ZcZ6;O#UVai2`vce^pJ)FGYQnDNPWmtaJX=lNuqSQtX8Ws%Ge1s$~vE*xTn%_9HSUbrV|iP zCj*#mrZ5}Am;@tsbERvu-181|N3RSrBfNB7GHPw;;H6ejf{5YH29AS|ZBUs6Gae@y zLOsEVfr{lXS99~FYKr8+8=$ffq!PL^vv@FpYHPj7-R>3S*oubK8&r67G%A~+u+OVF zt$@xn&%Z zw&}DDMG`$Wi$tpFrz9Flbg^hKlIZ*~#v(}~HVH)%%j^ClkpxnDeH?JYP6m`mbv>oL zI6)p`B8wB$mkP)W8ss++ISR_|Z!t$@xRjvT5~8IF9Y4iNJy5Kapm)1aDUC~&VW3q+ zlPnnXCkklF32C{#>l^ofWlWPsnPNy&fjUoNO%EB?RG=M2Y6DQRN$l&xp2P%~MLp@q z`Og&eRF2^_oEZo{j*zEvd_`PS5#`4h@FcZnIpz9Ne`GOFj##IP7^kJjHfhtXLYs7I zJ%aEiby~j?c>gPinDF+bcDcf&^$=OhtcLYULooQKaJ>Lkx( z^F}%?V?axab`l))n1h{i)~|^o$;VP3K2i>}X{3|UTSM42aZcs{w1xJk3v;r~CtqZg zQ*Oj>6y#)&xiOQ@5#nU`)gG)K;M8QcK68AN1I4HCrax_XlQN1njcyv7*L1E3rvl7I z0ZtWw|MWplwj8O9aT?nO^Cg5h8OqD!i*Qo+33CNFIa@C)zR3xEf$%0LyoI8hoDdfd zZgN8X?}=?P7R)0IZBjCL&d4Tr`=tdoxxp_I*W`w{SXh%A=HgLJZn%Hupr(G5eBjr$ zJgd2K86Wa`mT8s{IAjF|$5}ERjm`K0!P|Y~8LRnXl!4O=#=(r$yWQ??zv2EogX9J- zT7yS_e-VNY4{H)fVk#g-;oXw~d~%^p7TZFC&IZfO3RT*>O|C zC8}Ic657vyQw)`yi1r~=WrpoPdl;4Og1Fo$D(9;IQX;8}WLYSXs>*Nifr6>NSKf<{ zB9=>7 ztlDY&Qf_&fPG78$oJaCr%XlUK!q(VzQm~RwjxoI7GlG~3XSK@yCNM5a(z7BrxJ!7`SeEi$XEn*B z10+@Vc~|i?iZ(!;6uJ{NsnrD`b6**blLX5+5~=2?zG2oiF8wr!&FCJm6TmU^UOsyd zdi6_aTkP0#D;%1J=XnKhT)jb8gjcFt>bc=s$1={QW!BU{HFn z-upevDFf65;Z>|2xmU9bi8K&Fh8$PrQN+H2AqdC@C`QVJ=!%6)5qo3fu`|YW>bij} zcq)wY4d^``C{*!u5TcCv3C-kHx4@btyc<9gg)WLg2ycwrE7@NV^J)rb@7cUb?^_u* zXyPwW&^hs26hlC!Eb@Z_xXFu7UkGcbF-NZV#jr=m@LdhNSf!yBK6rmjA*INTD!zzC z#XzcPW(>mtidm_Mb=Vzs^_h&4VXh%{a-8}QR&67BxZDWFFbfC_wa@$@MVmL<-4|P% z&$w%nK-s_9_9u{40nET8$*3?O0gA94sEJL7u=xn3Zr=8IU>99Q`6VtP85&IGOz}Y{ z6DYiGl4-~VR7ejdQ*4BBIe<`#D}g2>$%G^WD8?j^@})pt)>#(~CM*h68o|Yx=wBpB z(Qr3^;9sE#UJA(1*dIceUz*CSK~L-QZ9aNZnbzlb;eAM4Tn+M1Yz*=@0*8_yaCvIf zVzk+|QW2hAhy$06c7P`&P01$mK#|~9Zx0^`ZXxi6#DQB_KTsI>F(erpVmkzU!XKM4 z;NqdJ0dvtBC=q|5?NidQwDAt&)()tc$tRYp^*0+JGiux_UI!o%CfJrcF4zYD5eX}o75Z|Q$ zJy5ZH6CbTaeq$1p)yOYG{!EqeZGPqV0KsSnY;|9L-Q6+@bKeE#ArH@H|6XEoc_)iZG0f-~L7!w)>aopAJ(MC@d~J$9^Q6hVos)#H#_Alx zHo!_KD?oKu@UWIhrUAwuk}NckR1aGqIhc~-$PvyD?E%PwI7}uvbU6~GC@Uk2_@WeR zEuVmnH@9=L>;clG>Bih(v=Jh7SD@QL3bSDn2Xb*;s?A^!C4`b%6bkurFy;k}|eX)84x2``;JaZ+I_SW2LdnvrzGpr~F7P(R3Z(e&(@NzZMQc zuFly-bd`TzBPlaqu$S|+D9&T4!j*P{hgrbFX-PH}QLFYRDWkM^dkebnSrlm3rja<& zi#fZyD}loedz<1r+e%;qWpTw9^nc3PLwu``m`4Zi@u>g9vzks!%xjp@(VJ$Ma1{Jz&taEmx!I{_~0eeDGLXLr9=hp##PuiN+p zFUR-V#CRU(>ozzq%kkR8`aV6c7jn7Q4mW*qMm|nrM3Nd~<}k@%f;aPXou8yI3sgJy zYt>GgL0OKr{bV?uz?g_UKPl=?LhHCL(5yMNi?5WB-Q$jyed8@Smo`AQwCO>Z?p*S; zC!FVUN}c9I1qEk1m#1Y3QtFa|lWRb;+SfVK48o*u9!~#?5#f3!V*-wxHu?mw~R^6$7Y_ z43~}O+or_HAaj~wDLu~lzj>Nlo|rdHBbFu%b32(#3@W*$Ynr|kD2H1>N&o!uxrT)} zgEU75#UqI6k}+MuY{1QN5^1R3VV-g`4KM~GzY=p#pjw&Ci(}bJnDU5U9$<_ zHTC`ZROPo9w~q5}kk9yjEN%P@8p^YNt?1TL+H2VkXMUx2xIRl#kN72JHf2bQ@B*_% z!C;-tyRBK6rf`xK89qfwTyG}lFS z&NSw;Q*{1llQ}ICJ5yr>nKj^&jn%lAc=n86RwAqoj)f8d`tb(4ViY8of@T1tp3p}ZO&WWn$n<_^j1Q!Qr}!*U0Fk49tRV15)37&9*& zK?e9S&334~*b&!Tml6NuQk-LVCNPL!Pi}ut2D{#5_Ion$?!Z66R`+!d1*^HwvFW*3941g;qY}8Z*_@AfWf6wn~8pkk_ zx`l8;+2o>y<>sCQ-QRH%FVe@>*4EaWSFhNAx3;#d|88%8{rctqY`@;#{(Ae(*7o-H z|7>l4z4i5*{{dUe8)o@$N)O8av$b$v_Tavd-|Y$j-YTDHZwGjyG7p_{Urc|JjW+o| zpLrYfb23XI{gz)Y^Jlp`v9|+mnMCpQ+5_sT)*drID%PGqM$d@6r~Aw4(+ zQ92Id=>%qI2smzg27t#n-V@sShWRcH7;iHk-;`XYeRAg{WEhZO5Ma1C z5rvnY0@!r!t#+nL48mz9)wylv>&?vR=s$ctCRaemq1{T5o~270dT}Y#51YB+E-+-_ z`p3Yq6s+R_gA`^Hgfa6{5=Z9dQ&mT{bdhCurh5Z7qv4-?0gAn<56KU3HWy8QfV13z zTYzH$#6h!d;_*<`%QtebjJUee;3n>h{$IKC>-CUa8UTt39BHiQ+|w1w^O{Zu4@2>eKT84N5nip5;-{XSrU}gmbHe zuZ3$9Jnud$OCQFFfIJUaC0ny#pV&&D#_!>XiY*3LNfg4&r7UV`HRM$zOZ>q0b`@}W zg<|G)go!8s=+#W3^#5)!b(OoX!$VsnIPmWG_$|B%9Q{kT(aLEN&3VMKZ)9cD{J)FP z+v(@#jau12ErM6ktb%T}w5y|^bgi&FG>S0FNNIU?uuHIDcwO(zQS72*C4vgk2WrG0 z&_#PJ{r@|+UEgj0m0>7&^W^m6px-4Q$pSXUYWwetS6{!}F4})z zJ=uRB;~#O1!1uu*z~hyb z!x$u4$TwMWL?_S+o|ZnDe3!ujBN2ux*=L1`-OVH=%0)+fuLLZNNj78dFkL*Z{xqA$ zU5XxM4j5smmeZbn}M8Pi(|Z?OG@rHtI!RT!Et6?c7!lFg7JuqY0C)4 zsx|ybU={}v=Q1^1vpH5^8HyAdgG2u--ef^Mf?ySHfK^1_QEfM}W}*mWm#zjFhx)Vi zG($1D0^W1%KM%Xlv9D6oRG3_f+2587`8NC+nw$^EY^X0(oqc*NT7gUc*)Es zlqg^z1_UUp7A)foX4h6L*-rpn{_t1WtpeYlSunqr|D`%nbD;`T@z(ydYI-lm}BGIFEcuIl)l(l3c&Om<~5HsF6) zS$WX~rvtjjm5_)^ifKB^f>2PNsc3=-Ed(R|{OGi|fBCj|)H~TbIKMnRyS%++E?lb! zY=gVIU2k>0hO9-|cX!90E9rQ5=hMFt{fAnNegb~SNlXt~yKA>yOad~+#vaf`@hF2B z|Gf2U7o~S=9ZwBViq4l^@Gd8WL5DGnCW=apIKeSzU^4SFm?oPAZ5;d}j&;6|A(2V$ zjGca$6UU%=Ni(+~XAvT*g*LHh1FXWDiLL3PWYhgwPSmfvt2L})ASNcHMaOh&*wuFi zhf*bX#Uumk)!UEs-07GbbTB33d?UWQTk)6s zTLC}z&QA_czT@lS?Tp>?u@31brv#ghhsTx^JHky8OhAOLVKfugE_R4xu#9a%dUnfE zM>DmjvJ8r*SIz_u$3cwnq|4FzmL*UYB`-4=;3UQy-~-)1vLqfwGk~WfmO764CC}9U zt^nsA^`a6h_ce77&+v`s=`^}4OQ*aps=oS4=C&KK+`@?M&|?&dQw=+1Bf3+vG{W+f z{nb}1E9RX$_sHhD3=F0DS0(KM`zL+o;k=GJZ1wP56<1j@Ve?@{dhDo`)`YjY>I!~O zPz=0ZVo%qhts||mn7NoRwuElU*1@!GEqzJhsNvF`U2BQGzew1&r820g++*1^78?aO z1B2t!lkZOV-(H@do?cv@_4@rEPtW&vt=*5O^0Rgmw~nA4rraN4m03=FrSFK|Ez2n@ z4}U&I-j~SVdEgU0Cc`(cfFE`YituwAy8?ZOVTPTDJ?%a1+c(?o3m22Bw(1+by%g8{ zEHO#R%s{2nalKNIIvp4O^4y2h2od&&x8a#1G*5$+2S09rRpwo@vs(mav4xTA&ZA7p zTHf7xZia>CQA?0H-JiX zU80feVRUw7BsM4TXBotO*=cGPm@rJRojaKlj6xA<6GI;AN!RfpA!CqcXcA;Ih8mA? zp?~q_l+0{7ZPKHo?1QaXu~gYnK2ZnG$%cM>rzhHMI^@~Y6hkgP+pb(mxPzhE%AKXvLlv{(CN*`!dDnwbHjGJWKC;<3C z2fue&dpf3(bxom+NMR00-rwpsJ(6+cnBZ`nfO^xy7htj3NR!aBjTwl*3I6%3U%NPk zLvF_ZdF$71EY`~18u$cA2G;2R{SvQrJdMN9mE1b9byjV<vkr_#qvJjLawo0T^V-2Mn`r6*t&U zY#)M*P7dy7Nfe=YbPgCtlFKqwcuiw0W^8bB^-|g+@SKtOsc39BI z6^bCcC7)2T499Q>e6`8gZu6^^gO90nr`1z#G1lp>i0^!n2g^Rp`6aB+B(gg2`I;#4 z`F67T)r#`smzgoC*qwntra^?R5DY<(rVOR-%8w9`Y#KAq&47S6FBy6m4B#-BVhC_D zfqIT$UKa_$DCD_>Sp^Jk>SQjR>mq}lxZ$MdA*$YYx+{lQKwKqqAWGTb*Qz|V7%@vH zu@Vmyd4X*y&GLPvnr`}iL_^x~V}!gpXK3;yi{h476gdlFT!Eikk?}PPwy;`T+EzjP z(gCRU5(d9MYScujeKw4y7aV#!qkpagNZ-s_CBW{#fK(B9dzfN|?Y|q(z6iWslnVry z_S|4KEPLLDI~p}Db6W%5AO zdKO=a5CQhrd6E!Y+44qFG6y(eg(ApLsk*NgU%gC$< zNv_@bdPHR1m`fDG#YbPJX+8uUsJ86OJdCqi8r19Bi<6^)K7TKixj5>BJ(!VtPEhLn z;)Bgk1`CgApB4WEhZ9~#U(^xh^(J`=%o@q0RpqQ5SgL=k50C!I?k7xX2XT|w?*dLWL~>oGcx4v>6o6Khsk8X&eHs}RiiTti&Dil%CWcp%-c5H zIcu9$@0u<%O2wAwS8J4o9OwlCl$bP%$hadt(7Gsr}_DB{&A)d?11 znSe+g)uf_K5&#hy!wlF;AFm0`I_>d3yWA^n1!10AImr~5go5~haMfYY1a_j1eU2G- z_FI@1*?EoPy6!w*N!awWPCX0AzC7^{uRYk((~GuEDesRw{TJ3!SZle^tUPGzBG=Sa zl1&0qu`e4AsycqQYb!&gWPX^T3Za~F_1dQkmXDbZm=)R&W z-2>~n@1N;;+jvryGpV}yGp4!a6w2Ij?rBtS8%?G1)Ge9H9GXqf{EZu6t0~P1v;Z2* zm|6v{&GcGn1n*_tYR=(~NjKcfYbRYfN|a1`4$Y=^{>BZk)uiY2S^$k@OuFtaUpwjC zJ#P}Ec|}swRof^=Q9i2@%!z3Q)x9_oCMX{5sSf?J!I3noXtt`2O5fq;Fw!;K&Zvq& zl^BgyJk3tAgg_w@wt`};g&LM;he)X47JUNjxNVCz9i3ko-UUiE-oZtr0^eA+irbP&1l^X#A$)M9>|uBfID!TZ5-rRh zG6#tz{AG3x&WOiBT6bSU+lPZbZ?<>r6d2|=3bOoCpUH+zj6rH9WZKLZV_3f2p!AZ7 zCv$d?(R=mQdKHjp$56EkFtETaQBt(pLX^rVNK!xk`mIF`ZN4q0ym_;&MqWWYk}anN zWox#e1v$)qUa^yvPQlW4G;J|{&kcZW)*{anx2&aTLMtEP{VhIDg4*%cFFiSw`Bq+O z>xK(Yr0;tq>#iwLYgV0OG&cKnOL@t9T(RWJXkW47%CD`HNs1x}f+zygHwvJbB^Spi z9z_sLAjZK6Zm=N^>4#SViYinD+eyk-X_`1B^K4jnqY^mDXGN--J#JyX`56VWUJtrJot9p)n`=cZ^(z zv11gx8Y~REoFkfpH)-tEk5yg-S!62KhSCRprus%@V?Y+G){~mSl6?)nuF^& zUaDc<7e6(i-lFrU>Qc{A$V0fztf7tRTcH8ZXIN0FSsUeA)soh=Y-#4jYuh>x>g!k= zUPUv;13ei+S~~}9vycPaFe6fv3@8-33v)xPYDLMZ$aNmccw`*J#RLlU(At<+Dh@Jg zYiXTVS_itU9L%3LJu#R+*Km`(#%5MygLm6ei?Q=bk##8PY{K${yIgn`cv@3k!M23IQ;EMuMs^pXz@kSCh zHz6b}70DPHd1p3x@}|KI{4s^uOt=Cuus{4AgWlPpI#|Yutg>MCCdyP{F-SDze3C(& zOtT@xc>)|kEvme;9tI|1xH_*qg~mER&E$Q7ZGKG&XQo+Tcp={z>GP zMD>~?JL~CS%6r#xZpH)g%$B{?5R8+9lzlm@^)lgaojt2N;bx_3Jo1^9)5!#4>EyK# ziivDO zZjy!Sz`OH9S+3UyhI3F5hnq9|k^s-~rEb zGHr?5nT(>aowaq$dsD7oDzsPESuPKiaOL>m;{0&0fBCL|aLx)8eFAj%^fT~_hd2Md z`TW(^=I9@Ib7%AU%iiYb7q7EZ212H7sR!|IW2na5mbtk}7T?@_j-zB4MB@aLo#){u z%OUeGcF!TlYb+WSG$qAP^O~;nIAB~H_3KpUkfB3$DR8RlZMLPQfec++)fHFwO_i**&p ztCLJ`RO#2Ff7sB4XBaHseMhH|+T-YCfsvT4D!0qxq~^p^*J_k_4NHxDQnIhWV)=Ik zZZlYCRntr>J2rHEt>ab-zty))J|Q}GECbt7wc8Q(GAaje`~0~_E;Ojp&K-)VqwmIA zsoA>_7y7*GQ=v#BvGm)l{rU3$)a8E?C~YbSw(cyLw9Eumo&RZT`_-#gX8xxa^q)`p zpB~~T*s^>T7TgQ@mK3B&Z00-QW_#rt#o};ecXC&h6(AG(AD-=ilO%>KfLBT3bLNYsNrtH}mXok)73vk( zWG)mc;O$6|jUYK=t#ybs+yOt5EKqmp%i7@`(5p-DTLk8Aut`=aK_&qij`_k|M2I{B z9i!>~pN4}uPJaAXxBqXyd}HnZTd%jje%k*Z;-~vGG|~a=^_D98sI4C8`?gp*tBVzm2*+n?P+iFo&HPN)t-J$e@*v)OacP0 zrV)muwH{Et|G#{*{qpO=`TxaJ{{IL0Epq;^+u(JcDcR-w;*8t5if^KoCsixOMKpV?F)4(BI}*#^@jJPzVu1Sc>i+)2f) zD;2-1RLiDm7!cSeSwP@Od}==9Vu2(-1(RaFAFFwhJk52q_J)VHN*Yk*$piwL@TI@G z#o*s{2e`(fuwwb8NoWe4Wl6;xaLMZXyWOL<0vig*hY^z1h~~nw-7T+!UJeoCkfU0s zt?!j(`{5W4ukm!UY24TuLPI1PUhQ58PVT-9Fgy#$7EGSiq_JZWsbsNV7={Q6l{j&4O%)Vxzxsl-n-;nub=ueLyVdK?Gm z32vJTwHs=Q~I|@k~E2u(d-8}(|o1#hh@Xt-qN|2F*-rZ9)Sk(Ax04=A#6MZ z=D1%o1|1+DfQb3K*72}#39|``8OMK@1w(iSGsHSgVm%Xoe_ZU=I6^+Q!VI=9ihsCDC|xP{F1vfNLPHHM3@C~Vf6{%MY-G-2dy4gSBEPa zQKi^nVoTr%&GI7V`2>G^Ij|rC$v+Jorpl(>)`?lrs{73R}qV>ldU@V))$UdSirmvq`M^( zBr@@N1&9G6aWFxf#V;v{AP(&XW4G8;i=AQ9#bd2Okd3enz{m4j8%wA*bO>U5f@}*{ zr66iAgqjJUlHEb!U%MxRR{L@p-0IzV`$ZAy0+U)J2~jYL6HL(XI0>N}Z^=*#ZFyEl z0%qy)&@~jgnw^utK`kF=yN5Q&E`jcB5iXPH6yP!_&fqK=RRi`C39YX0&=nlch7tTe zNv(+qirnmq8;QZpSf4~m~6^vles?%Lv zw;8BYN=^++n+DaBdvpv=wK>)Gj*d=$ygWEQ zyZEVczD#DOY|J^@$(t4Iyvo8azKsH&ucu(g$=`kw>GpwVWLE+68;6RNv@zOMQs4JU zgsG;m`y2!IN24r4;?t@;LO?GhM$w)mAvCaX(akZ1w<<@n-q`bM#n%73IPYD4d(``` zUpmvP#zd6PW;s@6bJN6f=R$h#=UI_KquGi3wsY;-_i>{fYn2)X74j!;{-t_rm z7z^0#uy#Jw0{#rT=6X;YO{pMJ4Letnz4Y8HP0R&lHY%1l{s`T`7-D>uB?D-mezjLi zGMG5}T!P)fz|>8IB@AZWX_AY~!ALt?r@1I0!?d3auOYE{J1qo#)-Y=6ET6+5L?zRl z8Sj=k&sMKXm}nDM_e?KiJnpH^tnoa~x$cu7Bh%C|(^z}6%y~9?T*55tc$Qeq7aoaw zhOse{&pN+NCtW3DwpW38Tdg$8*S=Yc&zq#IuMq{vTx=)H?%x9w7;yJL+>+Y`o6S#qm#u| z{AP~K7=>^cEZ;Xo!JXTA`Q8_9&6?%w)p503ddaQMEavid1+tkin#Hr_KaozED$_e) z>-Fo`_AD<~l$45*x&fDa{+m^RtFPIY=^|uH1D3^cA7wk>w$R-i{vS2IAN+i15-Ya= zmbkH7X;%wYLPX%CaLhA|hA!&{0I4p#OTL+K4tuk;RRiC)MLNJ2KXE{J`MuQpyfmQe z+|f7Xc|}dpR<%T5yna*1-p!=7A-$F?u?^UZhMe3!B>?zhes%Hx=3eCwCri)&y8UA7 z#kQUQ_05~7{I3u4n>&x|{Hn}j4b87eUG@lL-&+K?F9X%Z^0~4LILQglQnebJa45pg z;it^Rg2y}H6QjkmzibXryg3Mj)2BrahcF=)H!^P2BagIa=TRa9} zRqG!3ewt(?uS}siGXUR*H$eo}!a;WoqbOPLbP@hBLxc|IEJKqZn}JWCfc74Mr4sNNIG^$w25FY0Fyj%yAcQH5Lllod!r$I->BZXo{4-cx z=fHt4UP#J#;Xr=tb-?cb2iAYy^8feOzx~oR|Jwn-{tEv3SMdJeynlFlvb%cww%7mu z^8Dbqcd_^V&)dIp^tz_qL^>u%XdpU~PRRn!<#F%-PS1C})%6i1ml#e0f`*q8M{iYp z=7H^wXSO>$Y1Hn8)$WX<+o0V`(GFcv@~!8uIL03EM-aTG>-e1boqarZofD>7#(nT<9Qt9AE-7hS7xmQy`+fsl??9tpJdsc;qX8 zkuPlx&rLy(p0~pZiubtt^79zd~q(C;vj4*bBv0DSY! zH(>Sl^z5Q{{@v#0#wNG}|M-V#l5w`>rLXH-;|{<#!`=KNuvz%#mw$Bt{D=tH*55!J z48pNbzT0G(`uM%0Wq6j$v^nJfPjCB2T2NJjHB)_z5?HTb8vdZ zWq$_$_?7)DgMVD+)q=n-xOsV*!9O@A{0u)ucnm{E0BAH+kH zj$t-|F*nWNDXU!6i?}=IF8Fs45k8L`AN40kX#b?&-3Gg072gcigBSFHHVyhxXi^78 zt^*3|r3I@?d+M&*9-nm%pSkGJj6Vwgf*^BgL?ONcyFeA_Vowjxx?8lHTQd&sPQIiB z++_VgJyudabZxJYK+yamiemQ7Y!Btut}W%B^{;w-oA~*J+3? z-*H*VKXBeV+5h(N=s@l+-7F5N?jUfWLOsI)@RKP4`Ub?39lY3j^>;4e_f(BnFpLn4 z$tH%`4OJecc~b(U%hr$K2jEi(1(3y#hByO0U4g*c+}nNE-#pzto`KVB6vPPggVE;c zyWPW!&ApRdeNlM8=N4~Jq$|goE_+e?7HIf_4~UG}!@VAV5X2#nmQ*>AkFU4>7x-*A zD0ZN{*8?REivC{D9=kHu(w96#4~7{EA{Rj@h%lI8@bb;;E#PY+SBORW=!))tB?HeU z1$@OcCNWh=Vm6lv2msYV7$nNkQw%|XwMhnN2gm&NhcOzCS+!qTfS5KIBxDRGkQLFS zBowWJDOElR)qSYGuJ)P2C=1;2Pf*m6c=OQMweUDe3Ggw1AIT_626EJXb_M>jZq3Ih z4cMo>9{!|}OKgziNfI)Xxox=zHX^n(trPHCg|XbEd$_;rZFx?3{IuZda@nJYDjA^R zZ+WY>ey@RpQ7Hgk`pWm%Y3z1;93=B|(LZvoOlq~ZSRxQ|+ zo-FqNjlX*P|NM2|+|9^;I=^=QDb>HfZy-!yH|8-XaOE2;E zRN8HxU!DACjsbpzaQn3H>Q^KGx3=HBw&nk;r~01{^P_7a3*r&X<5lU5@53}oSQ<>< z_g9*^(3q>T;2`s~>K@~-ZvFGK)M9F2o&LA|=B4fb@l^lmfqtd>pD1X(?DD_*3H{4< z7vW=g+^XTdDO-{|o^-A+{MS(a!;dT}K;#F*Ve2ZuHS+)Kms@uI-i;~<@3yM` zpIGIt@_&*cdW;{eFXe(~rqq*$E?=yHxMrVj1ByX7{yaj!-lB>0= zXalS=1g0@Tk=2E4ElZe&^uwYl`FZGxas%wKmyfIiR*`~oNn2w`z$)+*L{Eo4R|RDk zKE9j)4Htn*n=Ny7j;(Ta30ozbuBGpn1Iin`DSsrKHLk(uiFwF_Zvij>>1^;N>+&fBw@NEzU@sN&MhZZLU ztg{fOHc%rC-r*S*I=J~%NR<$NTmZ5XRxV5CoM2gU@*>9UaogD`fxAR(`z)^cobFN% zr1iH(fb=qYt1{365JXWj3<%VD>m&&w%L&q!j+Ma5X}X?dV13~Q(U}j1#Lw#p{+Ep| zvf%0p4YgdnEnqu=m`BzHxeG%~^@^TR#m0Kr7HcQW<>JZh22O1GtNHRLER0a~E@sdm zoem;|$0rFnhe0^&g<%FUD;q+xX-NV8cJn|1xU)E_vi&WgInw(qv~|RCRd-B)tMUau z1+?5Y6jZfg08v*)B{9l7FryKTP}00bJdGm#Gd+q?s(W@OjP^Xv%;=hso6p`dUx%&K zFI-uk$5nT5p#y+k6xRGcO+r6k8HVD`FCm@+Oqc&_X#W|*AdFfYe#EcF{`2DN?N@gF z=j~TpPxhaO_|@6}E6P95YrK%W^kn}39EFmLhhNLaCifFLO+{NmUE$=$fEJ`nlYZJ7 zeww+`EM-FP!2q$x!ys6pouT~q4me3-IKPrwLhc3%X+=wi@>!#Ml>l3go>dS0o^`6Z z1<-=JP{aK{4F~t;|Fiw(Rl)!B<;$o2|3QB9-v5YKsqz%HwF8IG&@f1Y0g7Zb*9Z+~ z-Mopo2I4BkSrYCeoJ~_I9^X#G5hTlTDgd1)tzto~LT)*3xlB1?g5usyfFjB^9Dx4B zwKcd~RXMrp4TF#G;=tnT>0gd$Z}e*@|MgRQ>wTbF{=fP9 z>lelI-^(Ze&jeK#E+fw%d zDjBNiUz1bxH@Cd#tA092nATr`l~%$%0{bqQa`n2tJvPX4WALV z9yKSF#gzjIz9GVfJAlGOaVur;O7uh%ZoCSy!j7u#&gCMYon;X7gwbMa@qp(6k0fal zC8OC7aHb`k&L5Um0oc;l7+aPEEg5qS;=N)YCn0Q%I{ml?cO4!_TpX&dbu`OAzNUzC z9&GYC|FUd&4Oa<;+ZVc)>8{eRyhUiaT8wU%w!}#i!OY%ow1-PUUGHRxm~&q3rx^@F zJ#Cvdj*?H7G^#QLmNv#TLkTOv9|ahjn_%IU^C(l^z99zLG$v>Q9RTb%&Qnoo>!t)q z!af{MGw#zzX;RsFV1L}%%`$gsY8+zW*A`td`M(&9;CqcKBP?yy&2%V*rQer#V3N2>?uScUu9Ac(9KPwM~@n@36F# z!04vxb9VvFAYv2%>SNOXunWo_G?z4^S z3dJFKxZZ(3p(`yVW3UbUN$^qqJ5C5-UaG+B;y6h0I3b?#I7%@2+f_1+*{<-BG7|7J zF*E-8{Y{QWvOJ(@9gw6?G8B)%dd2#|r3iF7z@swNsyAJ~Yu0uGJk^VH|17P?SdU0^ z9Gdo9Q|hqT(Og9jtH88Gu)N}+l;B}Nf)Hi42+PaoITS+Y`f6pXDk+gDky6>aNrZj7 zU{}SqLczA*NK~uZtpmn4ZYtWDi7j%nUA|Zt8!(v$qtIC|TD%h#7KPWW zIu@7&WQv)c$b#-5#QoBs5tEl1d27qKf%;Nzz*S~)bFb$pHCd2X{JD%xk3;xzLj;cN zOeu9;qvlwl`lP!!+U>0XT--(rNSA-?6e^{U=P$@vTUgNsVU^ryq~4iDItmp6>hwOm zjO#;_hMGid?e1V_`dbwTeD*A7ej@k7~Bv)#24)%M$NJ-E4#a&nEEqcqoelfC@Gwy?bS{`bA} zgZ;~I509L^?*MNTkAn<`n<&0Yy5yrs0d25hBNETGY8paZx|+(zT(KcIK2U9IcatXk z0`!8{wh3}i%Q_H|sTUF;dorNeE#R(>8 zc$|bK_4=hiS;&ZIbtGUmt>>*2M%NT@NXtjr>Yy#Et%Nd$WSaVN-x}Y;EHd?NnN!Hj zH;d071G8jIbVMJGOI2%Ur`y{!xa98h^G61WmMTSzkv%fvOIO!c9UhW^f zefOPvcV!+MSsY|D;E{~t>0Jd8h91jBV#?7F4yL0T#_YI7?3bf3f~Dyuwa3QKt9U&o z)5&MGA^q_8{$>B*{QcqHLFruV0MDh7sB|5{1fJf&EJLACP`uKvzCYaGKRCHOIo&^) zw_7uZVBuiyrnaa%cz$qpbhy{M>>pfQ9-r=)bt^pJD?uHe99|sujxNv650882KQUG+ zl`@(kVXM2kZWF!JU0t^sqQmN)J+HSksG9{>J+vl-D5t-sObT!1J}e0U=0As=%Nu?# zs$=2GFbq==mP#i%klz0LgY%2S{sCXi6})7SxFcqvj33Kqq@n^{Bl*X|Vun*plF2&^ zGwjThslBIc?w7;Z4@fXzK78eH)Hh|Yto%P(@3r(l_u=&!1zOwg$^@%h3X)M*y-s7W4&7G#bzQ) z62k5`OD5F`UQ+Kd5|0i@QLwSN|KZ@LM>!b2Pxu%TUlu%+zv|_t?=}-iGBm_yz@Jz^ z_BT^Z_nir>Ur5IX7w3n2eI@2<`OWU4X1{DAFv@Ux%nT~X;O5c!Zku{XN2fnt9vq)t z{8Tw~^Kcg@9`I(mhp$2Eh617gQ~%=N`10uVyUX_n=WkE@hZoMJWUvCBVFD*d$>=@I z1_?%_#12>NZvU{~dwX=Cbz47BHbyqw{G^KMAo~)Hw!Qyf?|rYocYb(QuHDx6{(r$u zz%4>eyFWPLy`R22Kj|IK(>0&m|4XJ+xoq04R+zkYW^J41nUUkB-8c`=-oKfDkcVeC zZ(4S^e|UbdcX4|D)8*O0`Q`rG`6f4GzU8wsnC-uckSgTad8N| zGDWqd|8)UhbUCF)*Dc58|8mLFT-vUeEw)fNyC2thVJAUAFZ;_KvIG za$l2zUA3q_)YEG3xX2DeStQ7*a4288LE zhO+LuJdMnu$Q#p6bNK;3=FzwE=e)oJZZE17#Uo!G2HIZc8S`=ugAkSQLT0>MA~RT> zF3t@mrfzmv#%P@UkXfVovKgXJf{aX42RmTx%@Ucx=x}jX(6KD>l2~{gPBy^CI6eat z2n76;4ZRr`G-Qpryp{@WzX&&a!6VY=s2YO!tkflUamQMhUWsBv!a<*Zt13UbUzeiB z)}BwlZGc~x46kA4!e##526u75}GGWfbLz!NR34I{2j3M`t@s@zDqFq zHZ%9u4Y_E}G4VOJw8V0jS*8uR)c#vHoYL&mvKNQqTRx;mZ*(m+xH5O#eU$Bh+sc8K zo3vZ3m8C3_uZxSM+$y?kL1chlPHOm?j7;_krF6pPOSe;#YKI>J&6&*)h9!c5M8e^w zTf2TN#1O2)xfv?+8yAFpE#hqYz4Q)6hoY7?eh$^$}!Yn zwpte(keD0HUbR49yna*1{Z)?~XXAF6F^d<%ZYg2h0>coQS^u?#W(<{oS$nI@;g#M_ z6pc&HW$hqM-jc7?y(mBvS?53%54Fp6fD+o&Q^rv=7J%hfnknnDQ5y3COX-yj00`KQ zNtx5iEz6f^6()I0bGCdo|E~FUuy?MR8|wNWQ;2P&5++F|@6W1S4$yy^hOszWyBMb{ z@wtaf%I1A9@$#~1-*iRv+4ShZ@~2DZ?m8^y&oXYd+fL-D}IBK7jP8o zs5^`ToYySSP^m%_c%vv81X2DC|GT3}VUB_OpKa>@)zyDw#TSAI{fEgz->h2Gu#dX> zzpq}}^&elp+!pD{=azr^-H_{ z`|CGP^?x7aSMPG?6zqL&_Nx`^0^S!c(X~62$1l+}>$bXN5=L76VB13Qy9Qnbx*Z)V zulro!mr+&MQ77?XcQ==1#VlV-W~tkE$1u6G)|z*SFYf&++NC@MkU!1OF(k-FkeoSg z4bv-HS^NL?tF5Q~|3Q9^^PjB)*w1s8IHxR8qAE<17?C7H z@u)jYGMF$Kxv3P0GXscQkEqG^SFbTxm>LSik`#wWtPhk*V~Z?77$Ul71<_o1SBmDk zu3E@xxi5~gWSXkot_8C&tM@c&Q8Cv&B_(5HpsTB3KQ`gtME>JeratGdM*hEiwY_c1 z|Lw20Uu-|g|A+WdmRwD7+Peu*L@f4HuY23qW{Am!6@_S$(Oi*c;6$J(-!N*puc2I{VYlM zGzlh^ir&%D3ae1es}n9l&_*R5O9|VwHHJqho_;hCWk~ko8O0M%(=>t;7?U9SPSc+r z^Oy{$Ss$z^H@`LcggXYQKcxqYdZ4aU$@~1?cWnumrhlSeo&F~>v0_Lzr30wXy;7QA z3DoF+UvIy8ZJqyLy?ps}{(q34rk?4}zCkt|BLatHO7*{-3A|33Kd_Z#x72UgbQs>_ zSecUZEY)Q!nG1}()3#xqpy-xpx87r23!>Umu0bl2H>oMpyEc>d@6)R2tUpPQVAc| z2~+MrbB?^z8lk-?z_>U__PFufl>l@Nuq`<5jCsy9@gkb~TO-_Vp>C>9*Zjyj3<%T- zf0BfdUAQ$SStXQm@~tP?V*JsrvBb!em^a-A6gag5Fb4whln+rs zHaaw;RPq+_G>TSA+_4Qeh8nf9e7P>cOQB^?kJe)W@aT5}uci@(#A=Wxp`SCnp$q%I z|72@!N+2&Ihy}!h)2j>|jA>m@mu^R2fQF02s=D?|_pehVv_^Hk}(Nqpl_n z#j{2Wv!N{4FZAKHtN8`W=hli^?Eh&vxEKG=7hA8kZU4^~+pnMY|A+X^fB!?-!R@Kz zaIG->gi_(mpqhy7U%B+`Bb-fBDnH*&!x1E3pi|GENSpYAynhNfQzo6DIQKeZ?er(6 zYl-voDx$C!!N+%TV0B?UD|X^&;@*Q+xDSQeY@ExhZcloX@62DsuJrVKs9%fyUqolO z&jC=q|G#|k=C!^5zuJC^|9_a@GS2_aqx_!&{GWF3@&JEv%OE+SiTjUelEDZD7@kO$ za5gQ5|2Tr57EOy-pAV6O^g{&`k9WW)pH1JhzvSf}*n|H2y~~r{@xiXQdVBoS<=N>z z`|~dM?cv`&1HI`-6rmuSfvageWaQ_roRDO*%MW7|!SxQfRZf{vG7KW%XJ9x9DfI1~ ze+?%gKp0FA#wZ@$dBtxjFa$CE{>6^J{lfJPjv!1g37SCq*~=aOb>XWFl4%xSGWOZs zUeVH21tA6D2eKLl_~x5$fVVoFggK0>Bm?W~2<(Dw@DG5%H@gxq`sd$vw?U`#4-h6s zx+ZV+R)GBZ-@o2@;IDr*vDl(d1{n;l&1_h7Fu+^Q2bJRya?6WEodTnLm;+@m`MSLR zJHEs>!^>!JiBiWrD9+qvGok*}=fi3u_-vO>#lOTK^`Bp&ba!=~O12@1zz7n6Z-#V$ z{Iv)C7Amd%{mWoX>#fAq#7saCtV*K;guU(Yhd7YA;#|b7B@O}0# z`=D4TG|(0J`DY4v^){!%9r*Rve*iLuu`%IrI8G?DXdmV?4!QGq`PX^(Ik%!RHn^nh zK6_wh;Dqp2*9}xmlIOG0@xZUYYWP0`KL&^h$4FhYfx|P}9UGA?c7W#?How-kh4$SY zSd}8r1D`$t_z@AXE&4tkkO0MIzful@!?PlVSv?h3FLaDrKY&0;pM2jtKiI$g_VDPy zE1t&4G_4fXU9-ZQEUPB7X2SSJmP;%7GD3qZT>nj!jOstS2_h8oO}Hx&wA6tT?_JYY zKG!x^VsCG>v5Ka=){QDY(%XN3aDH*vKiI$g{R&TXAyX$zl4y5@F9PV4Y z=QG9@O3App^F6U(8+5z6&KCWecARhM{dRY^Mp-QbehAin{+0eQoD%jISOfkQU6t#r zhx_1fV7t>1V$^YkAye2log3xKGzUS@6+rlsIgao>4S1^#>YSaPUtFHNJAQj`?ioV0 zoS<5h7Br1DN3l7mDTHw~W6Hk5WJ1MFbB?S>-vnthY7_1gvqm3W3X$hx5$B(-v5V7P zACf&i19~44g5ps@EIb2g6bxYq#xR3m0I!k^0_I6CYwiFT-_WgqF6$2&B1G`QGcXCR zAqH^*0*t2o)?qwoAhcTXJ5Cbv}2ngaCzyzlI$%hyu8HkhE7b$D3l>o07-oT6?3`6j}P&amf3n9rg zp1U!>nyVX$JYMXL;qaQN-ZE1(5Cmmm3@8S}07E+Lj7>qDunea31sOwd_I^(Qx)>u& zKcJv!6AV7EHsUM#DoQY+lT1H3rrYQKTQCfUWBM&3<77%CFXkCD*^}Wk%V10{(+o|5 zY_{v^LM%iXpG2y#$x-k3E_#>yhv#>j;lP|VPOp7Bh7e^uIr0V=QZmrNqbr87PJBzq)C`pX z9O?#;by(>5sj>$G3iNOh(cxb2vVU-Kd3?HmuuMNZ0f^1OFzS=1VMN#h`?46$MQ$VLb?0PeZwK?aLnICjK zunP)jovqTzIZG^d6}hn0Y^CCZd*fTp-ejQ^CJ@JKgrn9PvHF=_26wd8Z?DYNXQRMn zPL4)#+G_Ao&r9A@i8seGH220^BL%z6E=^X&Z5$Pqq)waes7Nn*zCsn4<+q0tOHagNTCuForQZ+AyhsyN>TMBp76v z{+IOxK8(?D42D6>VxR{Q1Zf%}7=jxVu)`6!LJ{P`LVC`CC>f1l2G;pD^lWvT3MP8u zj!+B*PV5^lrsM@aU-J!QmG6Vq+wD6K{PVB;a$88N{?Wm~+2z^6`QhpQ?)H`;^mQL4 z!w_dYq~iQcN^>FirPQ}{k(DJwuj1~Ni(gZA+W&^Bp<*ArRsv+{e+P{_WqtWlr&+)IjYtL`iJk_b}GjFL=GGont%n*S+ zLa2g=celiwOWOCPL;!}D$@T6uzK)X*F>lPhFxb)h*7^AzH(HTw3i+WrOr$~c85mLO zv%3z=PedR9!!cEw=|aHM;Sj=5Y7+rRjv1&D?$4EE$_62g8QiOC^;T#1JK5tfnZ^WW zyRyD1$Nn!s8n0Jx9UPdOaWg&_>zy^j2TVexTIQ|z;|~07yQ6z6u|@AuIWdC-Fu!~` z3IR5kE5bGhr3o{dfovMb>|zXq_27!Y3}{^m%HU3Z&~=l6ztfz{YEhSn7jPU0H&oAq zF(1PMC@XF-h!KpaLd;hmoqa^Q8iA5*5)djl*Sv48;q0Ft*a6=#CjaNgnt4aTSA}*% z(Rh-T1SpWU&oxw}o zV{rA>{A%?Y&VJ1ut(e7GoRqv@a=Rw~`p)~s1E0VsgDLR;06sma-Co1l-40m2W$^Dd zyiU~tTXWRF2NXqgi^7m@pgBlS2jwKk>aFAP-SBGEmCw7Pr(Fg0AHaa? znh2S8Rcw={8=W;KH5P=`m1;mFSUy76ki=n8ES>y5hRZz%Rzm7A+#I$rL;%LS%(Gdm{$nLli)<{ObW<7#D00D?|g#wHS zn4r;^01{k75P%2~LWMS(sPip7d{UJWVXHO5$Lxa7k`ip)HWxz@$~wCylw zOf4`u1E@tPf!%RSey(pg7oGvUfGzO(Ksj&OTc4ME|2_l3O@czEl4NLjJ(H>;o(?cU zWXd$Q4~UEbM)4?uJdgx~!Hg=J@~(}|xM<1!J(4SM6J%IhuM~w{Z+JBVyFhJG|M0Xg zGRVKls7A?G(faUeWPT*>pm&+NMnAd(Zn?~sFNbrdjkp>2dVKA(t~4=9Ckw3p3-~bv zTcGG7EobN30MWw-RnplENFNk^uQ26AsUNijDM4rpz8so7$9WDwKT^hEt~yd!>0dpg zJH#5{zQw;!F<)Q4DWBvP%Amkd`Z2}uBLPv8q{VH=t)w%h%_(F52DX7x;RF<+^*w0L zq&D$?S`w&Mc>t>8|K8AFA^*>-r})1I`L&GyYwgc=PyStcV!Mj)Eh8y)n`^I5p2yl8 zZuwX`oq6NJ3iXrg5-8{^u_TK^UwqPk%AW98%5OzWtF9HbE}rE|4YkB-pvz>PV{j%> z*RGRHY}>Xou{E)6+qP}n6HIIyPi)(^ot(UHeO2e2`u_EgwX3_T_wK#>TKBq_?8k$i z`jrx7c+%@#NwI`G?qFZ|;>%3^yd|5`#dGLCd>lQD96h>n*?C67TDf}v-UNSRK9+jq zG}a2)cFhdnA|K6?W-3OYc*%GH0hB`N^=!3~PhRoAA^A?Vu9?9lf3=h=4}heWHnuNw zVdM72=3Wd)9oY)oC}~TGcCccej3Z%EV+4xggyT8>7A;9M;Imq3WM zkliyk_!Q|6#Dm1v3+!tHuZcDt`O9*8t8YqKT?w|?bd+=suOI5vt#Asgi83^(s0fP9 zRfAHjyI4~~l{1CZJ)@r>6B^)5q?NoFueq7F2=1g3Nt9TVzWxoJO;5Gf>g!r>V+K(% z`6dR{0iKW-Klb=B3Z(>TyVbw;!lRN_nqu?ze~e(M&05B;UnopS{%L`r>g%0wzly)j z52XeI``w~RC7yhnUF&qLw0_Oz0U9etao#iNOkodNY8YrY(h!>Gg4;qkm4r~>>1zzbm z4W}5X?<|Czst}$u5x6mLti$8YQWK{l$%NE&Z#a_f!>;06j|S{FT*7(EGg@0#sCK3C zHKa=3xrv=nnVLfT%6j)cZ%L>YJz=lP0)0|$AaV!suQ0eeu&D_#XIJE6fq)9Ph(@F? zJ(@J3t?MjP<1aLBtyumdiNlg}Aq*Y!`cKy+8r|DA5uIquVmFfdCB|^DmDN<1I?laM z=xl3PYR4vs*;J8*xw7+r!dCNJxJqVrslOiQ3`zH6g#UEd(g>je&8{Sp-4nI;UNDlo z15Qdk?#p*zf@z}MZMlBD-USd=;QjA@od&0@KhCs1Ocp(|12uF&D$Ph;Ryw`=F<09r zb+XV)z%*HibCbGl(ye+Au3xUbKxUU55NWh`o+_B%ZqOMzMkPU7JMztB-3BF@D%nGN zvb^wpy9qH9mWTV>=8-X)C?&d7)fn~He|M7Ii`-m1dwYdnm;}CcolnyF3;x~vXAEI% zOh^#qW+@AH4^rC!)1FP`dWn_E&;XDSV9y)!=)mLqM{Hunrz_BJ0GYFFnufNen-fk< z4xP%>q4(7^f2Phpkq9(aK>vDGQ%f8yO;SDkhrRF3Nh6!kE>I(e#UUd zF5znfpv$c}+hH_vSqm0AtV?p4&4R4czy`gvtzk-HsUuh<=iYsnG0nTIsE&_@~@o7(Q82_ zOdY>)_Z3jVu325ED~c(L+|SI@O`0&jqFfu_^wUix!r9So8zx>(n9c*em)Wzbx1HKv zib*#|*8LX@`QNJFYEtQ%OX}3KJtl~0q5lGEnYu;yhd9LeksQ?me}CKX#!D$x{_1?T z^!4z)KYO|R*gRbw*YkDOi|cRlCy%Fh1`3V!Ut`ik040f@G3T>b@$Rt2f2A6C&u4Qe zRB(H5t)IitiUip?=116qo2uT<&dc^#-uq)5swG5n+3rv^ntaTgAO@HT`da2Tv3Gmd zyG~wqR5L-gsr;L?ZFTifVS6$OOX?e_f+q$sqQs}{i_24RQpVCyt7-O`eaWi7^XF_& z!zHS@Ln>k0+nF+fJzOSyCHywq#P|tDIGNMw61(R(-fa>!U7R1cVAo^IxKgAOb;saRu__-Tf{3&7MZvkCQ+5T|z+M{gg- z@eOT&Pu1MQT}N00Oulr!L%8yhovosZu4r66?ar^q&DF!jNxP=9bxk>;c7X#Z*CeiZ zB3NIXjclFn4)@Rf4tBF;20er+yKM2%Cpf)Y*h%`41Gqwxe*2?3MwL=-UIN^nP7an5 z8!_b_${9Lk4nP8~Ib&+hXU(u(ECj{!v6`y^U>CN4+F7ZP@PXVirb4k(;l}x8W$1+;q*ftgWuz_tVwc z#oOlT_+n}bbj#ilT45=}dF%S}-sf2urfmAFfR*=q*;bdpGDX(!7v5HicfRFX5et7Q zB{dP%*6H`(lbX2LxR@Y-&cIp22-MyD#?2M(tN9;XoxYu#}9PRA9u67G> zyI&^wsshr8C$w#Tzy95axTxIcvDxO|)@-?2q@Pdp$AWrfsDJl_Qvtf>%j*#`e;f&mE9|^wUdCz64w%62e=B%wMTj8?2M%Vqfb)7T= zze#94;e{B`(ra3;f?(&YbGcM=uzDKnj+Uf<0-@55`+RIhE*DMF4+spZ(14_>oagUq z4$kk|I20;;@_m$ebQZ65873ZmsC*1GXUz%MbImozJ{vGt9SS`=ZGgOyu(pZTXqW?^ z4@f`tqoQL1a#E_|^Z%yVqO-qeCCCFn7?ok>g&X=}#47N@p0Q z{&y5JRJ|C|EltZ;e&-Yy0FLoXsc09#X{0-tWz0OE?LxZ^SDty)@3VGJt=4_M(8)E< zXUUQ(i_~KN!b)#wr8boD?MNS`O>H8_=q~7WX0_$1wf;Rn-1{c4r)i7N7K7&MjJlAN z?QX1fwtGpd+?aV_tZhzJpVdb=orjd@#lc5Dp=u6?`~ZZeve&9(DcoRH*EhzDM(aIAyTR(&>|t)2z`V%Il#@g>YntX1*Pnq_uFQ?@vpp<@)^MlF<@T6! z0lVmNqHgqd#x9m#&sj8VbtnX1W?unr>*JH?J`s)`39p647F7>;hTy4Dc@JlKB8YNN zJ0H(rAE}4X{KK%>8tsz_fr~djte9lCwFNyYY2JsV)e(SDTL`v2ibYEAV7UY-+gD)b zQLHXBC5KDsf=#6ozlL$^>N&$rg3r|0N`HZUnVDNhtxh)4ykQ6a)}tDru(^G#cTnu^ zgD`}eP>8f!UvH3^uW61;8%|f5%f>0z{T)STHR6x&Zw1ETLi@IlSx@}h2^@*SHAwuvFS&r+O|ci2-zyMB87Iw*J_EB+F5?^99Jk}uoZ&1%9^Jd z)$X-p#dOazYOjs0^*lwGlYbE@(pgXd`$ctD-p{jlZ5uF7|AKwIDQYVj%6!9iawP0B zX&}`EbdBI5$}hp|#@2&O2!?mKFphfvuIZ{?-o3bNgL;bsqqHKSS$=R#;PUhPF_&x< zQ}*0Qh0Ij~TV1xy;cnGv57(_()rIK2uGOVlapj=u4C<)5P^T;8HT3GJ7|ZT*%q{U) zRMwJ5VkzDLgl*6BAm5)&Qs|#b>U7`D7^-WjwE*K(&FpjTfY5+hzDY!;P@^swHSpxw z6%(bJH&m+dMZ%;hb4J4lcekAsR7&=GebYfPo#&VE-F!0DGr9Eo`mF=b>?bqbtrs8CGIzVKt6dX!V1?&8@#mCri3 zO~S?Oo0U)d?G~+ZJN)Z-4sRJ9N#A^`jTtVwz#G-wu>LqVwNNP)e_I&WDJ2MIfg5)6 z3W=Af0o5_&&=3AyF83LJA`NRf^>A6VPRGsd9x7SPcsl9)R5||*Kj_U4zh|>*BbOEL2RGKK;d6HqjgOe8;8|OCp%3~ECTo(` zag_24DW&Mb*Gc5&FHAx55G~)c5TtKS-&Kb0#mUR;PQbbV8AiQz?#jr+_uw7rI9O%u zYj<_@aox5Pbt?mVQekXI$<&tS_V;(9$-cawTxFe2O*K$q!augFUHdn@^-KtJEu{{5WbYu*WY)(7sJ6D4s5zuOBsflM}4VH zM;*lq9r+bJ(_55Aonp0Tl}EkJD((juD)!WmZ&sbCd`}@yhYbr9@?To#Q2DxF+}=+I zr}Oon-yPSvzW;+guC&uBKebDCk@~14M+rSWfFlC5vsKnr zm%VOkOmQm#!|S>;uyTJ?@m;Ulq_po!MTeFJZ9IR=(#|?2nd5=5PrE)gBCK>45ny2> zg9+fBb)R|OGs%!vt&TcUgM&xxH)4AA&~y9iKrr3wF52;gX=yIz0!00(B^ z29NArRjpc+YOzWZvN)9Z@H#ba?Q1X)FI1a)kq(fz?!mKISwA0E7@m;x>ufL3lxY$aHd z(`UP|0W#k3DQb7-bnk9o^?S-lIL5*#YPT%a)?y}%3s__ zLZ?s?7}*8R_gBdEl5Sb59UV(&F>EQ&h+x@LdVz10^3!2KRJ4&jk_7PGk$JGX^&|wP{*Y5ui z3wu^jsZw;;$OR>p*rEJAB$Juh_z=O<(`J}omq@|lt6)QSMforb_x=^Af?aununrn^EgFTxnqc?7k&EhthQPchOAHYgQt2u^q%{OO{IXNSI#QR_xk-;*yPAa8Bel zhe*L0;iN}9So5mH-81wHRW-qx{WZx1yPq2?q#IWbnN4a?Hh5z#r~xv$Th90R+*?gc z8@%+%-2Mig4;;gCM!DS%+s5Oe8TRA%dD~2T?y>RSIFlcJZXqJo;Pwn%&9}tm>v6w% zGmPauHv(K$W7^{~I@0^6G*B-+K*8g0NpIYc3xyW13UhHSlS0w1s_*iU5EC`{sN0U< zNnV`wk{K>NSlt%F9(=PT?nKYT+h)&VkQ?!8^ zFf`Rgwj8#XF_Wew-lM%rtAS@52^Hd#jJMrm8Zfe>pTw;xWL+jFc9pBu{0fy*=(F=A zAG?S4lSLQKaUr&z|Hz33Jw0H2V=$}!T+1cMUc~~9iD8A^J;k1Ix&b*jrRk3^FZo{U zwJ?`_PzhWcyF+Welt+%Z^YAD~v_MNY)mUpt(hZvhqrfVBW~2w2-43R8Z*l{x={>|! zN-xCW5jM6(wW;lf2OeRWij-F%eIk;bC}#nrS>d1hYh3d_B-yAG|w70K6evu7?8ja8G|H4Kd|~X#Nh3EB6f_R2 zI)K%redqPKe-+Yx^K-g?iGFR54d11}xVX_n_+UWzP0a`#8exYke#kKGnm&~{nz!z{ zFSAMq&!y9vQr<=r%hf3JViW%UVg}-vq+kTRZ-6YSJ$G5k1-z!sE0>G4qgOfFn0z_K zECZ0e$DX)~f9%~{K;bLO)eawE&?F#n7p?Ds9jG3!Xzy7Av9OI%P0j1=o9%mzp1I0{ zS?cc?o-$Lco1e^eU0epn3<(M59K%8KlgWHdT+Pv1Ax$G0 zGY|=@F=ho``RbaAhmURQ)IG1D@_Bp(t{!4%V$6iytgTNB7^P_m?ZY$_27qbm@<^mD zse%a!!AU6f*Y9JVyF*s79_dx5v2Nk|_;jVklu~96hj-VH&1>qd$MLC#N#d`Lc`ptt zP17jbX#Sjk9K51Xvgx9K6?bdIwZFCo{B0VGJ|H~sinm+WY*ogfZE;7cO`w~byHXp_ zRv0wa!5q5l2rZRoC!vZMH73%IzSjmDN;3!n9W)rX*NVpxw)yoIEJBItytM++!5I&# zO%~Y0vg_2?zMsEELvWMnS|5RsR8lk!fvX%nf7Ei02WIv0$T@jDh{l3UqS@UW&9EG_ z`19oIN|8`Qt9zuO(W}~>cS$-h!`pQhvRrb^wB;$uUa5X{rVnmbBK0G}p2Se9bP_`s z;Epks*oBJtQ75X-qB4!*&R&OLBM$RFW=t&8r%q{XdEK$kd-*RnqXbLQrA~ORHhCN{s-%lS}Bd;DtYaU z1bA97DQdn4&1r<_Av#o5>M2U=Tt zBb@$KG^-5*6x-of^#G@DilztZT4I1B@paPQ9UboV{d9Ev)qa&~&9`?+U3}j!0P^g4Z*PY*6QWjcm7s7A`jy!d=GTsdf36cCJ}TvfA@d4P*h%1+wi= zw5J0aBPz@!K87!$=-N*X$$FWCqD_bbOi@Rr`t%_T6fzhrk@3fw- z4o{!AtHs;H)t$4KgGv!`2bphy(MoOSoCXF|aq8=u`~Lu5Njm(jvz?dI$DN~`veL9MLPaKSORbl404rniXr4&=sHyYm3;Ohde# zuKum@`z*ELwBu{pY2B~8A}N5P91m-NGjKcBA&{$`!Gt`BrX2R~ZCjn< zE0cz`#}6agoV_WwRF;&i3Hk$+BznD`x7)|laW^x+jy68u=kc8j&G0$hJx$8xcz|E& zG8rdy(A~q!(aYg&KGs-Z8I53O9zd~NO?)1mnVZeP$At&;1_Q6tPu(6tQx zmO=_MxT`nBN?$CuJkreAmyaoevKd(E<;kMdC;MP{4E}>O(dbHPVRRNU2OPZ}Zr_&O z%+l1@dln0A^#Y(y1F!nM;hX>9xd(#xz}ZgGZ|ih^-EL+zoTt@59REm%ZNZxLu`+ey zM{z{NgLfy2$dvyV)4X!}UrdwTYT`@H9ih0Mfa`OWhV%VguUZdJuadb*d!r|ja~W{| zLo~ZQeSGe(78%kQey!M7d+2CbjHM0Se4I^2EzWZHwENW^1eYE!n^CaW)cAS1xww8_ zJset&ONQw6??KPbr#00V)N*|w4nVP>#Nur8QCoqXyal&`7gc%H6Zd%4qzy&GG;DuI z0N)Nn6=HP{8KoEG&F(?q7G0-Y$~v{9PAbnE4NteDLNIQ7a5%Fd6Tw81nFw__wcwB= zf7&~I7{wr(&w9eW)`WhTw93*?P3vy522uRkxXP^bPbZwwaQp^WEY-1A(V4+!mq)2o zGltuo#Qiv!du@8is-#R&`IjGxPm#9RlzLU3#^?f#C|VN5`Xtn`C2K9DxWsU@T?1Z# z?Zio$qZbK+ZcEo~nFU(%L#im?tXgff*9R-FQ4OW3wJ1YOT?4Ka0x>%Zjf2OUk@rj4 zCe32omTHAG;@c8zfM4*&fpFG)ttzaF0sh}3Mb9BL&UHw*b`-szzKMIrbK@Zo7U3!r z!v>nGT+5JRD-CXCk6JicrL61N9mAoMG4?n&>+fNyJKvBvln@1J&=dRtysRUHlSluI zAei>kem}*r&HqFOkKd;^{62V^GWZYu+@=K5TxA<_P~Q!?b-I;Sco*Pu^XMqw?y`G3 z@0ob#Q7M`gXy%<|&V4syFy9k-bYBO0A!hCtZVXF|rWbKc&dvVY6a6~f+Y8;pOv*jM zoGpEKL&vY<5rpk7k$K3vn1SG4sx7+f_p-FMUcz>1<)IfxHh9Sn5VX*ds0Y^*S9;r# zrBU2JGdbP@PK^>^laxeg?X2-%ypNjhHQQmySF?8N{&k3z3bq8L5W&{kIar~)`(1Af zl{uJYFINlDwYt=nwKbvesf&+9=n}qG5@Hb%tYIg2hz4jN0P0?>Qu|@!3>Q!UBf8hX zF>iJ8w4RKSl!ma*ak$Z=^$h;}UnhaO)k;%TuBCj`0|Q#+w14Q2%+iU~Zv520c-Iz0 zHd1_~BmF#Lb@n)$0R=Am(6w% z!#=S4rA}8V)=2ZTQhp*Duc#%C6sbLE?$Xw4=Sl{rlzL*E?DQqLE8^KW(o zQ|c^6Ff=_r9Yt10DN8&!rN5ZFohskz&vDvMXf!Y?a+aeE$^?e(g8{W&92Y-`leo4x zco(wt1{?n#!@vvA>2#Db)i!Qc{l2czKzV`o|3#eBuni`^|9`~Ud&*|}n@Ik#d+7&p zZXMCtuDoilA1$R{9`IX1!qUME_BTAB&Xe2}FdslOg~8p1DjwG^SIh|WtkXxO@CS*j z^8MTlq#a6t871a_ zR8nIkSt70N8Qr#1OzW{;?l~e$C<#JO#47llQ{y3=2f&D~Ov##ML%^V{&V4JAL)>Ba zS2Tkk*Ez`-&@yWn&uFuRx}%FlcY2X$#GY6daUJP(m2Y|J)Ear>yaJzItM;+0&86Hl zxU}L#p{8IQbz`bga7@79B{$fEAY`*?O(ra&`!7a1x6b2u9zjdGt8&JgnhFEuLxLWa zwkF4jqsO@f$~)IR`^e!EElW7u1Phfkfo}RuAkk=9sf(5QJ~;CI+4tj$abS}=T0@F8 z#21@dSyHX_JzHEt<$%eOs(&12`q>G&f1y%%=W|DlLIQ^3?ylFU4+yv~y}mSvzx_P< zxBh(AP;BFMQZ9dc-d((=ef*#*?=odMGoQu9Gb9Q<@Pwo5qW#gu2eOnAMG4FKje-(iviU#stBVY z3FMQ&(K(_rcn0U(6zbKsI3Y5BSE>Ukx^07JPP8eUPOG_gwR2UbUiL=xf;P`ul539x zJqQm9tmsWRZ+`o^{HS)}u|V~2<|KU4hK*rajK7{DMg9b-BHTpJ*}bb~-;{;^BTNiNj-z!%*C zHdDIkaed!$L1qAw5RrpN{(}U@BrD%D&yUxMV;o#KrM4r2i*|El3`8ugQOe)9+Wk@k z+A~k^nRFHPea29d$udca$b(=l^feEhc6a!Bkhv%^}Y1I9OcU)@B6%Ae}25-i`LR4cJ2QA z;pQ|dXkhNu?`boM;n}G=PbaO47fvI#A8{=35(*JpjqL3}K2;%f5ug%p74ydPM^X z1rA8IR}Z2_@6pgZOh5#1k0r^x1TlOcJ)s{;+zVh#eayoU!q40rZA>Hflsbuy;`On| zC&CQU5)ur)Qjk`hngB3mh!ZB@LYMSclPx^^mfk--^7d@Z{vvEaC-U9SFxBvE?D@XA z$v4U5D@fXuJw|2OwF)>vYRw=PKw3T;I>8D-$`te*1`5MZ0u{xrvyKF6>k=)r2mcEh zA10#6+5myrrw1igiQs#vjHue4oalv11Qha4UT6esgt*TniHSVYZ``*#T@p^T#g!Sy zc?fzOduW80E(ESmtXf*CDh@Xb@nkvYK|I18q%LL;DWHtbY z>MtY8yptG|Emg+p=iIe(_Z#$v_Q&(7ODPL3{4l8jsTdx;BT%Fwh(2n-Y9YnfB-C{5 z6I#$&h5hAM`h@dI^F=sHY9B}Hry(fToUnNb;22pck0RqQG`U16$qBI-1c?xHszSP> z^Ohx7I9~0KVPTkYV8f}mu~4nv0qyoQrO;O)Bz^u0BAHKzs=bg+Wi14-Q-lysrZSn zpIS~1u4Nm-%MEgbR<8jtg`;=2xp{{69!(_W+b}LmHqp}QgFpZS#|6RHvY)G`qkriq z#pkcD*flOUpfv8i6 zdb!(f-IDkGuE4^3l#oZggN#EpgjxO4c6hwhkpirxj(DK9j+wH@3_I&~cJ^(0m*0wJTexdBT@VrSC=BE;)KIPIvpOgvI$q`;d0Xu}G zTFop&AZ9Uux;EGAR056!y$UTC=DURLx6wY-kRc0W?C7sw;9JEes$ri2{*d=xLfO3c zf}sW0x%DKBw7SQk{_>2p_?DqQH!w=1Ebs79Lx*nH?vmk_05Cfbob^FgFTZU%(~DGJ zCj1D};+om2Y>`^Jh>q^DV))+I@n{-c4y5Jgmqb#azT3vufe8y(U9^NcpEKyCHoN;U z?aG||N{T>j`9_A;h~5%2+1j3pbTwblmpr`yf}xHI2WGAual#4St7#GrQRXrK{l=kb z62wsGn-vdG-fM`3&(_hnT=ib|y` zKx%KX(=!9KZd~S5bNW2S0MrJ;;##(Ng1(!}YqFPQrvP^g%rjHy?tt4Y4*L*(w0L+G zZtE7h9iE4A0_#VqYeXK9A6}1thYlig8DD_uO@s?WUJoJW)%htElbb4E}v01QRH}Y8ybyJ=b%tBqT;7-VHORoN`Q`8=J>H#{*`$xEx4dB3@k`xi*RHd7{q;)^A?1Y6pNtv4wM7* zNwtD<8lI^N)x(c&vG;(E8yHQ&?=foIP&^@-&ZIwZQ0YW)30HQ<0d_ zb1io;3&+jFK~wcQF@W}#0C3Mf$&ZM^)(`E`o^pk5r>aOR<}Pj0h9HY|T(os+1-T3~ zdH70Dn!$QmtvM2=zc#mFR{#BN20s_`T#5Tj1m;uTpZ3*#E_Pz%BTehjD?&#GYxXyCgCb6Iw9xtnDnb*SVi8O!C#THB9>n#= z`u8*_!qkq4ZW3xlO9-iuLRPr}oF&5>#OHArWDKLUXIL2To3(iX`Yx1V1`IcXWqr_5 zAc8&ce*xznWWR6EHiVjF7-4^PxJF;sQ>*isd^1H2nqm3BZ2j><)%J?TXE00AtC?Q7 zQEnhCyEO>H3el1PCn6N_68XD|Bls^fMk|8+NX*+hEp|G?=dU>f}h7O)|G$FKDc_ z^b!-;DD}i-;&Gm~*H6Mx$$S8Tuv`Mks)yiLKm9rER7chW~8*;I3CQfp`H1 z#XAr7H7|2x8#Z6^Q-U@wi3_Jp$&XhvhOJt0nF$orMGKUI6~PmeLxgTWMa~z%1tP(g z2T$UkM<7`40uB@3HS19FeH?(faqcwv&b?oQTGm<`Hcr!-l?l*r=*CjQ#Rz^)l8-IAw-fjYotvG>6qXb?!0*Wbd6&h$?X`RjR7 ziME87^NWNdhVezr4v^YS2V$T$w4nt0*^tuea!U zC=^}v0yo91$&EeMUci@6@Rinp3wTj5ho#7dhT3eaAGgH(!FT=99rl|EVDju(^Bm$T zHgBqZh4{OHkW#I;H^2UCG8avcL?w=*5s}m5BJlPp%hA-~hfaLNhlEKjSOv@I6m%X8 zd5%<63RH6iV#@IM+5{Us!5`8RDE|0alfx3@YBIEa0!Hd+aa|Qh!yZ<7p>R|?A2gj| zb43kjmnf0gh0oznm>BD?_Vt~yl-B&)3*1_CmdO7hi!%Bb3(G{p(>VPzq8< z{lak(hvw;XD6n#gGO|AKg(2oT1g|F1>|1s(wcY8$UZ^0rz+2v_OsS#>r$VTEBwz6h zJ4@wj@<^sKr%(vdv&Iy)he{~bg%G2QlO9IIuiC_IovNBRs{3OkRR+%R=%EYP*iX^f z7PF^QpEx18FNTOxs*_Ad8%@LF#qA?SEkXF`+ra9%<%ibS@`=jkW_3)bU@8p+=x614 z$(li&BVt9PCH1d)I7a^<7AQ;O2{*8qow(vl?dkw7EnrRU12c_+Velk5wPjOpU;l+D zC>!hH^ioHQe%=xOso*PA2v+&AUIbuLKyE}Pp3wMeGv<;#+Y!PABwi0k3;oE)r6q`! zFTMUS9fz1UYIC}paYAfjW6IIv6jUDaS}wk({W0oiQqRmSW-;nN@uaZ}RakVt|J53V z((9tV6;%*ykT66Qi1lzOgCeH(2Th5uU3*BExsy82U|m5~DzxhTZ;*|Tcfmz1w*ML6 zsZ}3DbmIc@HYk+XM&_x;$|>90M9j?m$KC7bvDZp`+7@w6(>+DnMd(OkQ^Fgx=BNRw zP)zbSTxRl5zbsDPz}=+8SwZ*JQlyC)!XifDq>vHi^QS+{GL5A^V!_NH!)5wp@K@^) zJ&w3Mx=%tQ^?08>7|3V%Vb7W2JVHH?h$$19i6_j{i-)lci8s1PG!M3#TD>v=|ro;epXD_4N2+ z@*zjOd&KoeMr_CjxJqVrtFB;Mj&8`YYy(%}>=JjkO8k8n_*ZZ4<_&+HZw#Qh>m@*@ zK+#g8HG!-a05702#G3sOAj6HFV$biC!EvJAK zV%8M6L2dEqboqjWMDI$}s|I^u=`Q>9opQ^!HCSE4F!-#R3OtoWh9kix5RBnBiT1?w zov$Hqi4PGLLyA$58eoNRP@SKmxtnODZ_`_{tI0JWfW$ayHOXNfJoY;y~zfGWP?uNjXR^(`jQp|6Ozt<9NJFQQYpqK zK1Z*ix9NR#=;POG0K>BD~b6L>{TUt*fWcQ7rH81elc}JDfOX8-PM>eyI{?9i% zJB&cO&HDS5iSm-ZTI#*$y&tA<9B}TNR5hq!HQQ+2pZdCpmsil!zBm0+$D>T+L7@b| z-=%GM-u^YejG%Oveaph0(Il!xJ8NOZp8HdT zj7Xm6Gzn_D2CvzV{MA_N?wV|%jqR}6*_u_L$~63Fo+==zt-kLeL*=@;IX-O72XOYi zk_iFTlvqT5wAxbyl}|W8^TEqaem3qZtantAyZwn&#Zp9}OyMtf{-Xp#wkxpEKNIw! zm#il1ro{GCZKde1dxwVrjC&qy|9CMb^K>~7e<055{1OoQM+?-JR`@=rD7#YRO7dVy z(;>tw%E*HqPUs5~tRBb3zu%qK^k=_2cJM~>nxU=>e(6>p?wNuo+(UHuR3NJExNO^@ zck+QN3={kg>LGN~-69Z8f#-F_N$OK8? zw?f%T|CKK-2)8HPM=P65(LA*rRRwwTM z)DC3JDk_HSRRe4*`_UGBN7EewQ1AJ$58b&I-h*}bwsT1POiIuS(DlI;Eh)lkCLWAL z)n@kB;}EShyT4zV#*Ce5U4^IusX03aX~UB$hS1&3B7@1+PV_j$t2p`ON{I(V@#L$# zxeQTLqz6oNG3m}I%}L%Y&Hgl;(`c}pzI%`Q#TO0Ra z70i&XE76HsUd6)q2pixY7`^2kWP%v9y6zZ+%AGVLMDi7Xrz$i`HntDMrT^1!qnP|B zYZB|2lp2Y5p`px8=+@PVAtwXxru_;An8Ev73dD-Y7c}kWllrC~48j?l1oUV$@kVt^ zEBLyQx)grqJ(-c7sPd@pL@P~>PV0jUYcK8L&&NvMTk@^Ps+-YNfv)xToTRk2k`QmgbQ6i! zl8XA{(4H;U=`c@5hExZu{Ug6>W#G9f^Dj0bW#4`IZLQ-Jk+Lrb04MV`aqeARWpqEr zO$xST>pxvY%&uT2X+Rkz>p%OirWu@Ird!|5EF@9Qa zQyIwX?Tilga)5hpcj)L}qNv6hUMfRth&mmrBcVv+E}fiRF+05pYrZC|!JsF`FuNZZ z++T!MjPiRKeqbMrVg#BfY#+Ik}R-V=3S}VDH;AG zj=fHN2}jutB4dt71$C_Xa8I1EGoB3B%HAZLNjh<#5#r7J0432lIs8Q>QhBeIIAT8d z!h!~Fzu!TUSb#F$I9G&MQjBh?g4W*0L=D9Ppb~2FyQTsOCGGvw!b!toq2HKuZl9**rdf15|4-Q$`f6w~j4 z#{(FfTwcpV6rH^GApqJGi(}+!`UXk6`5@1*idg2rUt{-WL69y;hh7-2Y&|AMP5+-H zht7#6690Ebz<$NO38NLt@=>O5aibG5)8;n`X=K$TJWg;$&xjso_4+uj)!(SDthgBt zr4~8LY8RDnA^S~JYK;v3Cy(!G)324%0e$WBF`&?$_Q{RxA}}3nnUi;(blD6(fP}RPb4ShV6E)YCoHLs`^xL zd+emMQ7e5{wE_9U^n~eIAKS#jkx$26#@g?%e@#^$_A;3hJC+C8>{u04FZN=0kYADS zDA89)lZu6yWtaru7?J6G2YZ`!1sZiJ#XPF)%{uhxxjoZ9X)aE zU>Ya{PJM`}7ZD~*hFW)Z!8B5$x zt$k=zxEzEOwLf!*wkYw961p|ODzFbc!~c3oz#K8{#i1pNP1^9FN$9yn36Dd?r*Bie zLMg1-0`eFF-m+$y`R&&lzSt$k_?EH<+a(Jqdw-v)<9o@I={q=j)0SG@BdMGr!Tfp^ zzfkt9e6*BDidk4{kjk$EooBVl_BQhcc)4(O84h`eY7vL#L_y8byfyswqk z*FLB`uX`(p#q8MKE9ly&m{qG_9;(~oHwpOK>uun(m$Sm0vyhm5k#MLMg9m%n-x#tw zi9}2EFVa!REB2DGbJ;4 z@#8qtEJqd-t>8Vd(H$$QFf2jk3{z!r>xKO64H6f)h}NJ^$d-_5!&ZPse5EIdoynxn zz(B_*^64b7gQ{TQikUM^q>r$WS_-<%ew3idU~-)Jo$_1^2B)(wfgI zZlx#s`A$+Vnx`{ll7@fpq<5J%Fo)^Ul362R{v0;g254Im*Gs2_0`=hQ^>Fz;?kha9 z`(uU6OU|lWvt*~&yg!G1QiOR6zII7HS2{~@Ao250`_b1(prPEtx{2QM#?FG~)GM>O#%K}{kAZNwi!RB|;!6CyD42pAAuZP^yVD7x!M)>Ua>9f>QK{vroW8R8#Z&=&F|is2J)t6${Vtwi8E&4e`0P| za>rv<@Z|uOcMos;y5$6Qzx@|+4y%zT6Xx=UANK3!-=Hmh$aJU>dm13@mBw6U+)Smt zMNhCIaysDHM_|l-*g3e(vQC$8(I(v0YSGsYJ$>!ny`o!6k>TGr%LHxc9S-sY;Ov?gHQAn2e15kEs2T)(8Xbq`VO0~{_r}w*Ed-WE_ z$SfhbCZw*Kk@@QDhkOCR43;I}d=zbJ%-`~5k4umU@Ekep=E0_fA(@NI+f~%=9 zz|NeZ+j(q0^~j|9Qi5oD>SUuiDUo%g?;*vUa|z2IjD(+Qe$T96)n5YAlgk=U*qRfi z_5uGAX?!>yOTyZC_6ta*c?aiq$!CmVFD+JGjo5o%|~IIp5-mI0l@K; zyADlX(+E)%T_YGRh9#P^@f1b#7}5ING4``<-U;jw`LZ*Gi53V%f&K`y6lUY;GM81u z>Zc^qPTRti;b#2CJ{6_owVQV;y7a;MBq0<<0N;Wk%$?;i1LD_m9O#gd+ib{>)^G}` zQPr*y(j>!8(3T)gGTdt&+(-SL8`6YC$OhASstQP7kqDKED#BRS2DO2v4oL5iE3bwH zsr070Lkr;!CN^X}m?59#A(cp%?D#pE&_1MftDlnSB0%taH1!Tm(w09B zG!^``S(q;K(@l8bG(k!+5vI%-GUmTg?b|fhP;_rF7Ow4vF=ezcS0Sj_Rs)x!^CZJF z)BtD+Qq`#y_<|ud+yS(O*k%69ZGAQ%-xN>(s`oOWRUxgj^*JDQJ<&b_@m_{}O18jv1}o$(oOH!?{!L-KSpaIDxC+ zuTIlC&fkY`g$sJyCLQ@& z-s0T8+T3lz>Z#W6hSXb@+gFvlWk_9hRSSMu) zE#N)1`8|;O4!`s4w@lxLvtNSLclh0Bzg8 zX$^KMmG`X4YoY?F>enW)A-+8_4(XE2E4~uND6dlqW4urig$v~&6JsUySvV1?>_ics8GbWIh`qx}PFCMo9)I!uW5wo(ZQ4HYM{|q!5BQ$sGb} zeLxyGzkn3J|D_1u^l+(5_lb@oR7(p ze&O|>KuDL(s%%!sZx7NsTi+*?pR$Sbhh~@De5K%q+cdCp>NaYmx*!$76F;bbCZr~~6I z^l(2FWZhikMNK9vy+gucFZ6It5g2}~T7^0=4nq&O`Dl!w9TFIm5dd{dkr_cy2gYaU z;mjSdu}F(-;`@p@(xvekh*NM&L&n zt<5S50i5rZ(7O4_vIISEHe@wCL)jA9kgKMGGSq=lD|$FZ)y;*jfFK?c7{Q{4+k700 zgt`>UQieJ(nne%ik7+U4$C{sNSW6k|z{nOo+~(t3f_6w?l#3qDlrT0H?-B-eK*Wm| z>P^JHR6}3NPzOf8l%U>R2uv8Q10!KvP;Vq0W@V^dQ89j~TMmr@VH#LigiHx)v9C84 zE7N?V2S&@dpx#*AOo+@E6glI9dSfv(%{wG8ipB-?#^Pz3X&o3*Fq^*YSfFN22M(^n1yfHje`;lO+IGzxDNKhn?4YfO-r!~Nvp$?4d z(Zjimd$$>Ljog<^l+PxFACxzfl)?!xXs5J z1@Vx;h$B7R=Hre)h~HCS^pPHJ^D#(4JR~p@Ne{RAc%-1y7#NkLhueH?((<%!5JR>S zrxYZq21YCC;Wi($6vRUUBbW4WA@NIV>yH6?V^|cE7iw25)4E`XLfshAcHqGJ=}2=RRWuoA5IC{!t}RvsqJPvUtpw@33XV!(;61+K+m}5s3$$#+Obd0 zJzqj;DX2rd5Z8!<3isp+cmoTIhSI~W5)-xbUTKz|0wbgJaJBJK)3T%IiZN2nw@hG^ zR1S4rtdtw-<>RFSUX#o+{7o?ixqNNHCrXAJ!zc<2ZY#fYp8iUX#q?+9<;FSuL&e zcpo4ei;X)Jwen9f9qJRfb|B3Xv|hQSeuebwRcl`k>QAL`eob9`7p+$>kKZb_YpUP7 zX#I&4!4G)-U#`^s%@lzYsxUxBPwhb|x}yldY!6g}A|iZyizrI6vX~{qB>FbgzDoA4 z9nxITooSsdWiQWsy`T150C7&_iPeNZ<&l5Qm`I_Q-&Fg98bxA_R^FugG>PFfGQ`Dp2- z_H{$dv>tBrk<&F$iva3Nlu zT(D6gSY1&)J>AfSg|js9Dp<5yB=`{w5Bg8P>mOLPfz^YB0}E$CU_Ta{E(2U(;i(4f z#==HPmtPq8CkNg%_L$%Lr z!*^5)8G9hK_QJ5S&^dC-IzRh@M~7OXejTjr_LaeA=+1HiyNMJF3oRvn5lF3yVNb8{(h8CAWMR z7LND3W-Q!}a$9oKcVThpaN=sj!tFS>CAWPS7G5Okuy8xlZOM(_g@wZluo(-tW8IeA z`dwH&U1crYj&@se^LJt4@Pu$-5#s;9CAWVU7J)n}BpzT(VE`^H0#A2He885%0@}mE z$)vUvCg8#%kVl2Y4{RxHz=cI1j|zz=*ismQ3yVM=6%t>trLcl3puv{^ka&YFg&DZ8 z2t3^(@dsN9J8)qUc)CO45w;YD;KE{+weZ9zY$+_kg@q$dp%DvDyuy~k6kJ#Y@~Dvb zg|M)N^?m6bScKZ60^%70!x&meV_7Wf;~TaV*02T^$_8>t5}Xn0lgv+q=QtQxjls3D zbjm|ArZC0HBscFU=ikEa^EyQo@_tKT5qj&{Sctc+6ppQ)(&0jU4IZX=JT+m%4A6NZ z^3>v%-7CW1FG^V8Bt!Hb#zT9wbM-ZVnZhGCs7YV;5t56sUYhYL7EcenwS8-_kf5kb zuFx;^>!f(fRX3o_kScMKDIR%OzBb}nyB#c6TMLSW_asgxmIQJwzm_SQWmf4ljYaA{ z24`uEm`(tzkH^}MMoZZSOIXOSuWei&wR=)HGB}wamSK{tgU!lVIMXGIG(aNVY6=+x z7b>0e6lTIZLTBVEnWAyRG8o4w;-`K=<`j&j0bC$0{AV@O18RCfmr zaWhq=fYcj?bf6}Q@;{*yl;w{Y8R2^jKqh|tI~mEIIN=w)TG8N)m!ZA~`N-Gv*lSfA zpiH{eWCUb%E8mvy&gjuxI>HY1(=Ny12sI%YdCTl6TBzHI-u!-10X!Fe|AQ$n&U z<@ocx^uW@7KzpKr_HFupw&?MH%WriX{;l0Uf*Bk^Cfe(Nt7!!sDbaq39NtbxlsOxb zdz3r5FqAP@pz@H4Jauq97Evs@yAr314f(Kd9LspI2e66=MGQc$=p+%O5y-*gcnP)` zfuTZkxK})#<}(cqYJcTsl zqNJ=U#CI$fey>U zqMjTG;B1e>#_y;qYNI)hvmQ&Lwk>w5ennUp0 z@#Tdoa3msX#W}=CZZ3l%$Tij;@S1g}GNvHna(|5UVbW(-pt8aN?A@xF`wKXW-ACdt z;M;F+aQf}HN8mRy7w~BEXl4DaG05*b#vi+#&R1Wl(k!~v11GowMSc;X4C0u{7=X7b zfj_us;M{WG{e5SeWhpz_-;cM% zdAKy1qlM10>zF?u$^fJfUP(`LsN~|RZ+S}5Jtjf|7Fw>lK2>c1IkNygVL5e%eKs8m z9x&|xoekA)xy~!A92LRP){c;+S#Bwr0W!~+20`heosPLoaD@>}4^Rk-N-w~y0K?h1 z;@jgQgbr0~lPQUEnOaGHoIP++meYXmm5g?7998;BuChcx?4Mr*L>B}`FJa7g zWL|!i<-fin5fV;h`j>vEbB%5#F*uHIB}0hFSjcWgE{YkUNb_H@D0WpIb(hq!-n)E5 z?&IW^LYC3Fpp`y^`__>8U#O?C?MZBV1k<^;pCRknf#I@dxDDkXaRD&XE6c(qlDlsGs#{8c_T+sP1xgeS)!8I3*f2< z@2Etk|D@(54Or}AC;O$kRKFAD4 z1x5vN`evJ@uoum?i#iYS_jBD4pn-nd*ueVb7-=bU3oh>#8@bAB_5 z(j%3=VVmw2{$sy1YWeS;ktv{{k=$jR;V6D=SfGTBrPDca|4`-&T90x)tBn@s3Aar- zH7DGAhZ+VP!X;}3JBMqnLux9SB-x)c)GL7P3A8oIl()@baIt@LG2nYTSLJgFSeQLU z$w}D?j8OJ~@}hT&K`Uu!kF(|n6vzDkx?%YNHpU`B2S0^kjJ=AGdHMR)kFQT(zB~Kd z&GqrSA1;o694OgO|8jD1e)j6dZcv0!IIp-pkdX-zwaoIna7-vg`1H-$_09R< z?DXAFuLn1;jxW!K;%=1IUvN8*W5B6^k}+Kf@pTV~>Q@}@EH)yXErY!Dfm}|$ve|#J z5H}ZtHaCa_xR=E&m!AeGvr4I1J449nLQ$2kIGK9ck=r+~3TB*@zy0lRMj5G`E<0?u z4}QQ&R7Dq#$lL}&Z?w0DCS%bpjMdsVm@JUgOG(t@J8}OjJzEbZQO_#L#z}K5qd5!N z%a**9YQtn*R`Yhr3o@y}_T*pY_#mf2HL4h~ zU2O&`M8JGU^QEiSo1!Gs7D=oat2C5;!$5+#G6U&CA1Xoqig9}gc3{ki{za-j1C;%Y7Q-M_ zbXT>~z}a4+`?f1n@fa(``*_g@zw+*U+iSC+VgJ?F=Pjlz6MhGKfRULDKDVBW(ikpK zq^y&4xmWh)kta75sHz!4#ZvaDMDH546?h$!NEQ7Z^T6C^%DrKJ^p;+!F zNeZO67{}wNY6I1c3>#?4=;?iqczbm`82tMB`t*0OW41BZ?)$gbXIB^JC&z=co1f2q z`+ZlNP+yS@9SLG^g-Gm;`G{pW)8?c!hGR4(am3XTV=9hfY0%=@Q&wX#68B}UWm(o$ zv1IB#xFO*1N&ldKpe}+L{JYpSk`NS0+dM<}{E+C;#h}Hlk%*kA49qYSJMXji2jiVj8)p6Vc9L*z@1D~poZEm6i5Z&%&G?yjvH(wfz;1)|ipHo+4gn~vbP zPf79eSQ=0ME`D-=;uzi`=lxMrHTN`KLV9~wan@G9fl#mSYK-$R`DFL_mJ&JZ~ zrl~%qhfSp%Y&sqDbq@%(E^)LpSDobpr6`F|G8PvE&Om}5_`wiIaSuG_XHy^5LwQus z)d5uI`aNl^FJ)5!qj?g=GD_l?6Sg2 zpR$Z1IOBK9-?>Z=Gw?qS`6xwnOcJQs_B&08eKjuoOF_s3NyxXa6Yz@MBT@DH@aZ0S za`5C}Pg3aqiB^@stqxfgFF{V>jNc_nGW&{UFq^X;x$R|Bp`vl9chz%{q@JcRW||Yu z<2>XyPyeOKC>|Y)LiGZ?6S07*jJ*)9UQ?MZeQ|dx0QLq?9KmJAG4#Cob`_Dn&Vc@9G4K zQlM^CKbA8HG45%u0o@SrUvlw%?!zk419(6bnWtm;tpBY4UaG5DdeA^|A92Yeg&7vl zUJFS)ac}Eo7IuAmx<0V<#aqI4uUued74gM*cb3=Q+ktQsh)GfwZxuNN(Pl82!&sky zo;X?i&-%}Lnm8;UWuJ4zx9Z)6D~jt3t7M>_u-)f`|Fa}~4;&kEt9*f%sWhe4v20fm zX$B0bmvb#n@)%`EJks96aYiVL`rs9L*aIVyO+iZWj0@e;V`EH`i2o%`8;~M{B`PDd zktn?1>8bOjT&BcUfDug9R*=h8?0+Szj5yy;DI90=&7~)ge16!IOgt1LR^-5vdd_eU zK=3xkBg%mkqZQQW`?t@gQs2!;ipN}<7fs(OUGOX3MiHvGPx|0eyyjR&2;)?8WEmZy4lYjOUz*3#s)pGqFn87;)m<)h{!r%a=@ZLCgg(+R* zg$sXL`TQ!40CaI8{i(g=lrlS{z## zX_FB%`)I-~)$%uq(?1Sa^OoNeX` zlT;MHH5Bh7={yC7bA}4FvNXHsrA=9V-9sJjYf~ZJ%fJ3bXPhd&adFuM>41*(Z1oovVLy_)BhY2Qf9dZ&qKQj`mlI$Pl_q$7c6@qyw)R`;R}{f$ zh75uCxm+7z;L9Hy41vlrYVV1o6m-VHJQ2Bog-MS@IxI;EO+v0yr%fE>ZDW8$&jR5&B*ngyKvUt}cetpmHlK`MDGgJl-w2 z`X_u_v=>3eq2*MJWBIe3%k|S_70XjRj);A(Z1>VdMK=_#O#%k+R@*z&juS^PC6U}G zh-!G88-Gk@BSQD@{>&upda9H5OxP8AuP_{|-KVK8A7Uc?a4z(B8Hj>29d4rA^6T-a zxPlXM?P8RYkl6vKecJ@sZVeiQKwN1E%YALQB5 zLjbP#_3dXbekMtRk}My)rm^-~3~4)q37nv)H(DGCt)`}_g_>x`B`ythwn))Y?t`Yj z)CR;G3U6=mSf-IZ0xEBsY9#E41@gUG8tM*5;OW7^!J+Z3Ho#VYNh!(5n8Zim=H$xw zUIrz}J~pLv4B1Cnk}91g5`qjzpv!Ngu4WnF0*_I`5SQB01;vwT2LAV$q>KLsPY#|u z)rR#>N3}EMzvC2+r$~>m2h?r{Px=R7hd1b|pSrvM-4W~_F2rRZ83<<5j~%@qqf}hr zLO;hM3NJS%sUhSw$p?_n6aWGar54>(D*&@jN0|AJ_V*ti9{Ny#*e7(dAIm0e|Kj}Q z?A73`_oRRDmrmywc^l>CGk%>*vx&&y1|Njm+=MDg04LyqVlK+<0Y+}K2S`yT!b}y( zFv+7~;yQ!TK=`hM?(qPe54zyx@!)*0*ZKAQ=BL-c+<;$?udk0^-JG8d!0T&p^7_^3 z`OW$3R|D|+2XOrAH}LcMtJ6Jzu<%%v1!vBrXv6bd%;Qt4QFDm^1*}=gV{=bdSS6_h=%lqmpAS3Wh8SdnK z|KwDKRC0wbrDTj4L#)r+{~vaTQ>}K2k~^KRzUr8NYc?d`9=`C2Pv#SH{`FnO_TLqL zjr}YQ661}U(WwFJ|8~pe+%yM>_}LIxB|&9`0r<&EaNFU0^jcc z@kgh_n{}>HHm6)w%N02@rpbK^)JkCJ( z4lTN%`@`$kUC@$Jbr{-~YF}y9;`M{LvB6eE87Q2Ka^txkKiA3lA-diygN!F{q+OFlWBGY z4mnLa7UG#MnzKnc?fifN4AUb3EarQG>%bL|&W8v~Oq-ue1x7;VJ?0R;~ITqKom1%k1F@eGNZ~K)~Jf!HMGx2N@6lu z{EU_$z0s*y0P{ORtGrhU};i(odX7rzAq@)1^wcO zyln+Aql>_E7gT{?{Z=Ygg7dQ@^SxqFv60V;DUZay-YKt-eCX)UERriK?t({<;3VSc z9v;{nN}c6|WMD^>pEroMTW$(cij(XXbZc$)e_~ye@|Ed~tF6ppzrI6@J@B<)Se*XV zMJYq{wdC!B&#Qh;PF$JT*ma`wI)~kCvAg`W-QKCRF7Z$2R2Db?_D<#UGDgpR`r12t ze>S&d@WEUE*f|c}ibpQ^z?G)l=wYilUag(1?MPX2rWS-O<1TDZ#xjm_lZf@PRpEcj z&yx0^F--H!Qo$CWdi&4e;gjdj%J!e(iV#+_7W0(zVTJ?-(f~y&SYw@6eV#4`z(Yvol(Gz$_Hd&jRrJWgq zbW@cek&={Rm?6V$N(ahEn9;d-ksZyW3Cj9mYbHxY_lxnYm1AgjkLU@RrH~@f{h!1B zlf&LYw<`De_d$O*A5h3Hpev``zdszI3?6oEvijOqmD*Klm7wf_&^v{A7?o6?t0jr` z-P*J&GP;G)O96_LN&oK8LM&{PbYn`AzmriQ(RAx=?yV6QR>Mf8o3=-u!dWzsLPm#R zA{{>4`lf zlqc7xp#&V$XbJkQzx7~>i*3IY={!B#quTM+xr%8Bq#aDL?hsDGgEmM=(IgM{UzUjO zzU`6mC%&~wlEGNyIy;_cgpFa0XdqRmDO^G#eYz|;b6c-@!*a?!snAM6j+4p${S(oo zfw+|pKC(7;4qpx?3$&=D=_2q<=A|goY&`8h{m*{qSOjs3Y6WO~=V|=_rC)CzuOESV zlHoXS@U;K5e<0%;Y>k=^^G3%#%6eQXVoxTRD^lBbKm74W7l7Q!xvvxPaj-Bm=T_+t zCg{B|a*F_36Z4!Z++Ig?!9i3?)tP%d~GK= zdz!s1BtjBuiew2$j<)gr?Dt>*kN{sLS$3SQxaV{o5gY)6!C>Zx!Jw`U=FwyTDB156yW!VYP-wyl(m5W4Wws+w!wILorRu-8Yz?E6qeCPS|Ye*ad=a}Il z0-{d)VUELiw9U|jMszZbsz&4a^97A+m9Nrht2G}C&bWW<%zo~AfB9GE`Op9N?qARE z?w+}5$6^oqgm`?#;V`h;wGebbe43=~b7N)yiO-VwugnFwMC{-HXpjFp=pFV7`0xH< z_h5tnKE|^c{tIgUdYs17(O7DpVxmKNyk71}W_QTwWOZ-=81fAY1=c6BobNbq86J@n zxoJDYAq~J7cqJ<6cG1acX=f=f#8hOJFDed+4Q${o9(s}emDhKHAw`!eRBs@*u{7V|EV2rM5Ppkk1VIaB zE|~kbI0`Dh*A}CHsZwT~v$yJizPbPK4BDu8dUA@~50Oq>d4*nGUcR}MR|dg+R2LZO zB*Q6iA)mj6Np76s_ucwRPn9WY{pfxuUrn3eWdaHAp`!UHq!>k%}F$ij@WO6B=R~Zg%y*TCyMJ6XvDRUw`Aywvwk`?$r7wsTvZNNV-f^M@8oGW+owC0Q2CNY93 zX&3F}sqs!A$A>NFDTxA-UQEMKe#JB>)oGZFNnX4#B{Q?Xc2@Rw>)-8n>gMbsQ`Tyg zVL}_fizx)n6Fe=>3{y_ju^V#&m^|{bc+*l1rwAvB7&q%zzjE5x|8lIVRq9%=+^FP{ z8bXI?$BYp+$aG*liflP4wA88?YSBpu;Mh{39ab~eC;vpa$TGE{!V!eAuWgYAAur90 zwTpVe{oKar=6UpIS^rPP^(^H8w)lUChu@U&|D&T#{*Om_mWluVJK$EF zKyp%{Ge{&BZ2<6So~Se=`Q67xfcV+Pd6q-eg#OE`xRNndOQvttMIQXH&e^o6vfCX9ias)dS$A!O8qxBl_axv?UUvDh9DKAR(Y&-|Ol?RLd295+YV%OEmkv7c!&-Qe^7L5TOTzQGGp62!j1A z$V4q83`nqmV$jhD7mA82t(-QIEq`VR+D=7;)PFA>Ayo>If_%cw!8(#Tt3}zUuDu8` zW1wyB#n1BswI%sl{=7K=ZF%-SICnGV4oJ#9nT$8h6JZ(25cs5NJ0H@{Fp*VUM(N`#=Y^2d=n z^yRaJ41Ar@+|2(VugRJX>=JFfwGv3&m%Yof>OW8+{>h#t^}m#u<J|52VL^#7}m30zb;Ru{M^G(%o*UaO`|9pmLi)KPf&7PN^rKSjwmGm@q>An22@ z!=eE?K7c>zQa}zND1cpx;kj4XtR!b$LdC${@l3K4isry2h@UMc^9x( z?0qF{XR{;nZw*9z(%0=G_iGoqzqqS+3TKQPPQ!4HexKry4ykZVk_0;IJMW344&}M1 zL$sV_M-bq`aAPIUy+-M_z-0ycnp4Wqj$+lz*H@w}AYlm^bbRN0Xy50P9kMWZPji3^ z_zuS?MB`O!n|Uq@mK;efC;DY3D_-FUYN^0Nd^cUlXOW5lSy*0;c4q95RP3cQYpeC^ z(hV$1p+!yByNs|kd&sRqXk4QFCCXyGD=nqbxYIKiOr14NRHLBiyqt>5lqF@EcPihL zmY!nag}0U)+GI`^qtb>M(^zT^(Kh0q&)P>`e83Sd-Nuer-J1ksc4P97v9(c)^V2byKyZF8qpbvv|BM{>M}j4!@=4x z4h+NHxJu8)5%Cc$19C@!a;^B~?w~#!we#DQakY7zF~0+!)Z7#*ua*9qM#K0%Hy~~4 z-phJ{r={UA&v4~@l(&ee8%V>sSlMrhyjh&7tHBE#g*)KQ+(-|-n{7*I$$)8J7OXw% z%<8IOkVX2mxc(?Zr~KWLORJ|2#22MLx2+)3thDc(@2tu1Bh$jtZT71znzHFvThwf5 z&H>&1YEz-8b#BOfA*FL;q=H>V=g2IrHv~ez-Hl>-48?Lo=GDhRUmJLnD5UiTeA+&} zZ}JTJp3Fsjaw;!)u%>Ortg%xrm*$QAg&p)+rYLIs2`7m@{$RwVing308U^HI(^t>3 zM%RaywoW!pqJ6Gq2YBNYrG%%H%!rUIIHMY-1PAK+cM>c#C-dX7a!17o?XnI#YnR!c zgUD50ZT|>V3C^+>k^gK6X*B3u73IF@zWb+k?0MZVVn%Q@g>m`mx-bTYz+qUR0Pl zh4GLe4k%_gJIyc+@{1~^X``_xHtj3yyzP8C@=6EP9Wie5hJG5UG&k}NV0D|MIw21g z*|S*)Z%-@^asp?oP)SOqg4#JBB3vQDqAs{DKEKlzmT@h6n!DRfeVI#x2K2JF%6$dQ zE2_zJ_kgfx7a7aCFk{&vaI}3x=8e^Gog7C>HjEi%#dSEJk{U0RtRz9lL1^Dc7g=5d z-PIYz#YvJgPbkcMx-#8p%^rKMHntz)K4F4pQx=;lz%(2LOUGD!FeSUieiJoEGp4G7 zm7PBD(IrfcaBj?&0=ra?&rn2e^-L;rR1Ke+_UayGuwx`UmpxuKP#+cKugvS(nKk) zqf<^p=8p*ffy}>8)h=A;C{tExG0E;%zLKPUbe`~_a7oxcT?Bil!8G;2G@+UaRe>z zWldS*;O-~XKRzVU!0fr%Z{u`k;m8?@a6cr0eVkZNv{Q3-)t!}krb96=jA>iUr&BG7 z+QiiC)2VcTjjnEnYqY3Bc+GQr#il?~jFmD1m3!rt$L3u{IvJU!r@A4A_p+|EK=o~@ zoago#H(yz3g~7k#Y1WgSFuo-z+7WBVS(uD5>UBEupRcDAlF|X{b*R)l){8VR;PGcv3i3BPQc6 ziiLT8OBuvXGeo({9VSg2y>cqIVF6E5E+)(Rm#Ut3>R_i*Ta&refnTUEXm+ZG%IEe0 zm-T(x3_d;jo{_mt8aA%+qs5q$(>%=I{Sa+eQrtd4XX$7<5v|!aKi@_Z%9uKirPQcz zGyZX`9s}uxBw|KwJ2m!B$6ReBqiT(v66jm_%;ss8(NKj8TPkH{v8(zB%&l_gF-lT0 zqw$oLy%KD?w`>ueAxpODjL)V7mYgJQb42&HAeieF%CZ%{N%#7+o@Mv{d7R=AS?l@l zUhlYg|JVM}CjZytJj>_*GPAf`NpV1M=C4w>DtQ@*0{OwSEIs3ZRPV+a1@go~%@J{h zs&a@&y?{2t#*abVw_bYXOkBks9hEkv^qF~wrCsA`^GA)Fq@Xv;U#V9+V=w$4TLDw zQGeBKhWf7KSJCVpPW5HhMo3MT%5D*}Z1t2%6a0XqaQ zFeBfWK81}2ub51*Sckc0)Kbgy2iBF?L2|FcN1Y1$82*`WThvmi3Dx5HN(`{NT07+k zwvJrmUTzjWCI7Y56e|(V0VdHKwXkog^|4qDjR@hn0imB1eYAS{B z8FajgJ=#Q`!b!=D5_vF(M4YAy9gl}-`zyAsAVowYq_6LP*1Q>8KuLEryqY)0mJs8` zX&oYJ0jD!Det9^8`~)bX1{hTW^qPl8AczIgqc~M16?h3#2qFMO6vdIJN-rXE^>GV@ zP`(>7@7Zz)0es6!qE%lp0917!Vsf%~DVdR!ksrj5uqOcjRHbYwGm91nd9@e{zjDvH zV?`|(;!ubl^~>AljYzwibm(aqqMPTlJWJaDw>XVxG+NFDXvKfKCH(iB-p2lalxGS1 z|GgZ0g!}Q7s|&xn15#FYt|-=AH+K7al96LgvP9tDJx z0Ve_45jMDSRm9!hiTFj7xx4G^B4uMl+1*Dnp{ERw3Fjy!qMIaAA+&fF)1b_4bvI-J z7gR!UD2Zk?jU#z*3XW&g-$0~zLsF(MA%Y-Y$kXJhT0BvUXOwgd>|(QK{D(Zt>3<`X zZSR)>W(-F`irW^07X5$J?Hw2N|IxwWX8-R|o+b3Ziuxnyg&z1kWG25d4yW>(+R_z| zi^N6dB9#%W1BZ0t=PYnjALOxJgvG)$>=S0HoD9jxJF73DNQsKe&@oV1t24ZVd8)Ot zUL8?dbvnh*4yWWb>0`5)<=@7sV5^T_N;mIB_P2J8T$H(n(^)wFR^h_r6cowQ!Agss z3in-zkStrE5cJF9okF}#;Du&3UwDxJiQWP&MqE*X8K$p5(8~$7&ylz{=a^S1{t~!=E-+*b? z0g&S)DczT<=~jeGoAJk$;l~XbSf(FoNO3wh4hcz28?v&{(U@zDElvw(ejAlr>r~O1 zgBsM;XHXlh&9)FVKX0NTF~zX|oTi*x#dEeA;4VZWG?84G(7Fa*&D^{z%Z(g~SjL%oW(xp5;{kPwSu|P*GwBmyrxA8KLd5!Cs8n0Zd)(Sde`PE@2292rux%K;Y_qF-^ zOOk|i03uS?opOmX)hFr_7e}eqEw&2QyT(dJJTb&;_KvL<*u8;9nu4;*Vf>Q7Re8vE zV5E5mrPYQ`Ilz70AcW?0naOK~A&T+#X7}XbalvF((5XkIp zJrX3FeNQaNtm=UPp)z}y1BBG~YXO98S~Y-BGmK-CsDW`>L8U^c>OrNa1_-^x9QQFR zejlix9}7^rBKlxQ8A_7xS}C1P`S?{XD+ZlRE^1&X`1w`6m@R{sn5}5>MIQkDk{E>9 zgeM7$DOL9;fW_no<|MmMtr?wmFb4{8!ix5!FgZr}0+3v;mfFBLRdNBL zm*qW1xR<4sUn2si8nVIO7Bx23hrNOE)nAL-xInvC!2}f9FB^MPomgVrSH<3HsN5HO zQ)Hhw_O>uWQ)fXxBto-hKc}`2Z7_{7p;mxt9uyL7a!J12p}9XUs)y|1ana8W%{!R)tr+oTHD={_FO$k9+G`W-Rrc^eq}gEh6TdFw-(*0u1rw|Ny03y6N%7!!11;n7|dU#g^WUvvqGK5=YmVGyIKJ7TJRiAs{KS|8^C?)M6P)qz*@3@5j935}Y z|2@vL3jT8;2mT>IAVa2}3=)*LsU8l>%iIqWGU|F5V5pkGOQAysiF>Ajsi0H|5oO+G zR^D{K+Nla{uYYAZ(9u$d;VU&n7gg6*39R_`V)Gf%lyb33&eps6<>K{zZN=PJQ;L~# zD{Od0amX0RrKHdt#eDQ^9HF9$;&?PLds#rCQ8*VGfro_`ntS$?fQHq~=YR}oK(hPi zh-jEt5!Gcus+~=1URl_tjQIM7BP$8_4VioK(9`dl*0q`oB7Fp@#6`>dBx|j_g_}mI z)p`jlDDm1wrMU;TIbCpKYVK63EM?SVh^Lg4fP7rwE9-jZD%tyNSX287x*QVGPS05A zB%^At`d&gniaZHW2RAWdTyE_g3bZs5W5?(V@Wpr^#iCGP_Y9Mq^ zX5|6T4lwZpf+6d54;JpxgJ_Su=-X^Vv|WRMtz4d(4RVXj zIhK@6M*B{us*lPgqgv4}twPl`K7b}Mjn&muiEZwF!BSk=pY>@slhI3Rx+2vUQftS^r{81~)9*g#ms;`+?#%(;Q{ep3@3k&PlYRYzFl0 zDe4_|79NR8v*RA}UrEmZyUdkGD|LJM+F8Qp>d3Xwt+BmC1?nEq71xepYn#mvI;^YS zoUuZ@TPEY@_Mg7==N|sQxzIJD04@Ii;qgJy|3CU>|7hd?KgP3)`>)(#Q3f3SJ}LY9 z(sqaPFtK06(XiVU%4Mf$@@2RD!cT6Uub%}oC=%W9D0daUlT=CQU!pw-bxk)n}dq4;w=39ZwPxwBV;r{rcu zEuK@9xGQeFGrR=+H!`lcEaV2-P+sE>PCz^>1iDtSe;pP^%x!_+Q4 zj7Fo9yO7JUpAB@aU!*R@ueeWoG4nQ)GJVH<<7{v5Q*B?|;uQt0Q*tu*%(A&PZ2Y;I zG>7sA}uF*dONESUzzylfj%S=jp?i4Z0Rc~g`XI$OkN@-H-ju{x0 z>zcTe@8-@=M<2p8ekt#E&r18;&t^C~F)F5mTFR^{N7wPIX!Z`LW{_k}GjbmWUFYudKo*greexmt5b0>duh@sE!qbtJ%a)6g zQylO+HGy6>0wBq6f5o=TYAw5<83zH{_B>%033u!CnJBKbfM^Ad0$+GxxoG60Z~Uei zSmMOf@M{*a|NSuuCv+6WDOstG7W=<@v|qgcw|j8-&Bp$JjAsj7U@kNj6S6G_Su8sd z>Q8AH2rZuA!3`b}<~v*HdQ2H&({a}-DLrDzgLNQy!l5#RA&Uj1?<7CC1Ny#T31?_OM? zfTqmxN0jfue`WI>zyI%a5B{rv7?1YEfAl}uEZWNn_3_|lnt<=aoaa8fO`PX`AKy67 zeLhK?=l{>yLho=&<0(VuFJCdoPty1|GT@F+1A_NtxitRG@n>uh2W0OHLM0ZN|Cg`M zUjFpTp9Cw`(Q^LlsFeS^_s!uqoB97J&ldWQ@(53;o((_Jek!b%7eWLa=M4S)4-!u7 zpZ~Qp<~(61dwXJK@Y#4ThzD$s#|a&VY(fc?J z16MX;YYUx6JdJ}X>_a#XXlZGQBxyXO0bvMhrfW10jY*i0l%d-(9gNWcN5TdI{2xv_ z%t#m~C?dCNK+sfJ)>0fw0?^T`1e)Lok4Wk}&Ue;$S`~oG|M`b$pWq~6Ikg-0iyx5L zo|Kt@Bw;+C2kBjnE*RGEPz@I~OSd|C>=xnB#az)R#tt6NY+z z?=N3Fo+NPK@B7`a0FE#pC{x5G4O*NgaX0_DFtWf1ig$0H?Zd-iyK}Z6-0&O6UGDK3^@pqk9d-V`e-a8J?~;$>1+g1;AyX!Ox>I3Bf;m2@~BnPhr?@7V8o0qIj5dA+We z9v?VPG7ZCvIHZHtwgR(zH4pgpr7E%l60(c$PN^rzxI02vJTXEYRFi?bU{J#B`%0Nkm9x)_heD+R2aJ zV3til*6|%DApNPq?!MfkE3roQ1@=Se5Y6K$x{aq{fI@mh#2ZEkA|H8*5sij%I*~S( zRI$t)B)NMhWcw^aG-4b_1EPra$%(U-iKQuVTb2&B&A*RhCJ~Ul zfgHVy!|8;eD@h0erCoGB)UxM#?k+N`c@4VXb(PKyC==~uD3}X|4y3jgs|bxoR*PNF zbsRhx5XOFr1Jc&qGbo8Bagav<*S6cL=#t>zeM&ib0|UV5zgsK2qW>mK)bQVbr;a0h zgEqPs3U=$~0~uJ9vK6~YoVDo4LEo~5L-KVC8H_D3U<&~UpwV04(HPZcGW*I3?8(Iz zmim@nny{D-5K@Sn)!E5hQNJPcpKv0~sFNZs^?PPfNty{62+eat=AijuArNmOqh|4v zMs~PZZLzE48q-9e5yGnByNJaTf;gQJCJ5Z(2qxu7e9dD)J(UpxNz54S(~$DHtXA}% zj|oj#ksHFa(4)JRYw|tCEBM{>ylQ(;abe?{>@=~q&@axeuHL`7e3`vK z672gvjVC9@k4P~ZBEW|Bn+A62(UCn?$ZaVtLG_Wp;%0$e^vbB`U{ZufEbY`eV`c5N3; zLfaOpcklgM7@PB<&`85L9f*}PX4#&)I;jnt0zzleFa+BUR2dFQ%30Yr1yvk|NLasU zGFO{0fLs>_>eO|23%opaU6AvtXJ=Qk009nZ+5Pg2x7*hTx@ z{qC-Gp=bLV6-Kw1A#g#2do-jGWn&WLF8+w}@w5+six6G~#B4E+`ILF_(Bos`DS)-J zi};u_G{L{csYZ5$t0zPLnCP%FV6vU|!5Bv)!o=zrQi)}V_c>Ca<`_5#JQhkJPLnvr zTpF^)5xk)JwTK*5)Oq^h0{RU6&cH3 zz4_5sTKWAL^Q`T+BqfL{NQbC>*dibPm*aToA|*2brqz#3@`Ez7!&64kueL?@E zr#w*W9dLUGI1)k?ph*lo%AH-@kEe288SVO2?qvIphu#VRCsMmlV}G+iFALpvHctv3(Ng;*nvP}%urt#?{OLsA<#HX#<)*7 z9l(qN3wIn(;t`3682MW~mv*pN0mdZ5a}8`v$=C}atN}??AS~?iO!aJ+6NP4yB&6$H zK@G}smSst?BpRmi1YyxNDT{GL^qQoxJ~eZ8fgT$Rmm%8bXed+{j^>CmHYIHFDy5CC z=8+OqHXspBX)F|k(AjFF6zF1p9mIr*>b1(!^ASgLF_3vP@?L3Cl?%``3RH0US%L>+qABbmeGX{f@1h-1z*Vo@&R-oNHWNGt z2^5MKh971&`8Xg6%=|$-NkS^UXT54D629|KMIi2T43k~7QZI9=6vEtbfEy=!d$+f@ zK87axaXQ)yWf8Xb-<@5ZU+p^Y&#(XS=Iu3l ze|C9!_WJt#)fIYkiC(;U{qp?!{LSkt^yYhX_WGabhx6AjcM+iy&HE^{CKC;$6Ij)K z=ZX-ka*c9HJeCenh@;UIj|dvYGm=KIkxkMGWpbIsQQ(AhLb+0grSAA&&?fHY**u$P V^Q`dv{{R30|Nn@koA3az2mq?sD=7c~ literal 0 HcmV?d00001 diff --git a/helm/gen3-workflow/templates/crossplane.yaml b/helm/gen3-workflow/templates/crossplane.yaml index abb04947d..6de4ab75d 100644 --- a/helm/gen3-workflow/templates/crossplane.yaml +++ b/helm/gen3-workflow/templates/crossplane.yaml @@ -79,7 +79,8 @@ spec: "iam:PutRolePolicy", "iam:GetRole", "iam:GetRolePolicy", - "iam:TagRole" + "iam:TagRole", + "iam:UpdateAssumeRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/gen3wf-*", diff --git a/helm/gen3-workflow/templates/secrets.yaml b/helm/gen3-workflow/templates/secrets.yaml index f9cfbcc1c..f8fb0a0f6 100644 --- a/helm/gen3-workflow/templates/secrets.yaml +++ b/helm/gen3-workflow/templates/secrets.yaml @@ -45,7 +45,7 @@ stringData: # EKS CLUSTER # ################# - WORKER_PODS_NAMESPACE: {{ .Values.funnel.Kubernetes.JobsNamespace | default .Release.Namespace }} + WORKER_PODS_NAMESPACE: {{ .Values.funnel.Kubernetes.JobsNamespace | default (printf "gen3-%s-workflow-pods" .Release.Namespace) }} EKS_CLUSTER_NAME: {{ .Values.global.clusterName }} EKS_CLUSTER_REGION: {{ .Values.global.aws.region }} {{- end }} diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index 473dbc25b..e1c2b364b 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -389,8 +389,8 @@ funnel: - name: funnel-patched-config-volume mountPath: /tmp - name: secrets-updater - image: bitnamilegacy/kubectl - tag: latest + image: quay.io/cdis/awshelper + tag: master env: - name: FUNNEL_OIDC_CLIENT_ID valueFrom: @@ -423,13 +423,13 @@ funnel: echo "Patching values..." - yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = { + yq -y '.Kubernetes.JobsNamespace = env.JOBS_NAMESPACE | .Plugins = { "Path": "plugin-binaries/auth-plugin", "Params": { - "OidcClientId": strenv(FUNNEL_OIDC_CLIENT_ID), - "OidcClientSecret": strenv(FUNNEL_OIDC_CLIENT_SECRET), - "OidcTokenUrl": strenv(OIDC_TOKEN_URL), - "S3Url": strenv(S3_URL) + "OidcClientId": env.FUNNEL_OIDC_CLIENT_ID, + "OidcClientSecret": env.FUNNEL_OIDC_CLIENT_SECRET, + "OidcTokenUrl": env.OIDC_TOKEN_URL, + "S3Url": env.S3_URL } }' /etc/config/funnel.conf > /tmp/funnel-patched.conf @@ -476,6 +476,11 @@ funnel: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries + resources: + requests: + memory: "2Gi" + ephemeral_storage: "2Gi" + mongodb: # This overrides the default mongodb image used by Funnel which doesn't support ARM architecture, # uncomment this if you're running it on an ARM chipset machine From 6a2da8ebfc0466a79c94f164eb58e05f0f9d16fa Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Mon, 22 Dec 2025 18:29:57 -0600 Subject: [PATCH 17/18] Fix lint changes --- helm/gen3-workflow/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index e1c2b364b..ca37e3ac2 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -382,8 +382,8 @@ funnel: image: curlimages/curl tag: latest imagePullPolicy: IfNotPresent - command: ["/bin/sh","-c"] - args: + command: ["/bin/sh", "-c"] + args: - "while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json" volumeMounts: - name: funnel-patched-config-volume From c28e547c5593f397485c2ad76abfa530bad8bc16 Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Thu, 8 Jan 2026 12:44:32 -0600 Subject: [PATCH 18/18] bump gen3 chart --- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index fbb866d57..a5aedd524 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -177,7 +177,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.117 +version: 0.2.118 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 92a3262ed..5620873c6 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.2.117](https://img.shields.io/badge/Version-0.2.117-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.2.118](https://img.shields.io/badge/Version-0.2.118-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons

%^2o$up|@SXb8x!`f!1>oP83ob)|t(XS4fzFs0V z6q~)!nEr*8YVU8{15;ix1DoOs93ROO(hpW)WEjN$w)4z1*K5XXJ^odg{dxHRH}l)?C0(!D7jDWETly{95ay z!T4;`(dhZygyIzaQX}*((gu~=igt6NeRA0?@NtrH0{1Ynv2Zo+`_=?AHIc&_)=R2R zzcSS{EwgP&HESb zbu~Ow#;93d+=Lc1wRosrJ2g{?f*|t3zNuQ*{d>+5oB)Xfh`0M43y;thAT20RAmw@llk{Wy~w^T;{1}d z;$QcBfeR-lR#yc!)@A$Mf4BqI^9fz|_4XDe1XvLyD(uz0c8#dvU9*UzIhE-|GmrwE z>Im2h4>mRL%nk&cob_u^&J-|wkXn*hBCr8M6UJnn6$zR&WNoqhMLqsSgNns`gx)#& zx&2T5i4q&I-shU8CUb_iP8kwxK@=&N#o!7O0uS{P!Mkd<&N?R0*ab93q1O(_4y-kQ zhyU}LHb3HJo?D}!N?Eicv`L^<|9Sp*G5Q{;A;(JvU{P};QNW#xhOJ%!wncVIL8fJ< z1$6E8XL|*fw~qtc$eCCL6W(tEuxE|<(NBNvfr)*nZUOD_*BPFPh6!exQWK2E_8_A< zK~q(@zKkj`dJREX<6Fu}dPQf1Lju<^{f&I{?5n-XOGsB}LFg>M`2ll*AS;5e8AUgk zQ$^E!-<-N%fH7-5i)R&X2BKNv)}8C?SFaprr~|M+JHB-2**e__p1fE^dCYXFhs1V7 zbwJcxIC)Vc1pZ5NG23XzJnw7-?a*9jCsI^_uLct|Q>xpsw<`5XPQ0V7ltA z#J>O3akYjjU#|(N+&tA5>~3VG2NkaQPE{C~rjA2Lu6t@WYjY+uNAU?{n0i?*CW;rG z)|=3#Ri9dOd7@MI@AO8(WGcP>n{u3*u zEbyCg$!BDQ_74BKdiH(pf>YQxy?R@nEt!>7u(T5K%w7EjOMS6WU&zD3+tja)-KC?m z&V>mjO5RZaz~Y~jG)wJ??Wxr5RhwpS6r-&A(1Ozlz2e}MspQ#Zi2w0a`TBTskyU>Ktki=V zO2HLq^SvhQwdrcZ9yawy&zHG*)C8htl-+{dHECQ70B&%gf|aRcXaSB%D-o+lSb-!x zHD_nCM(W@OE4PzL!r7oTyY1v<*V&HO$c{bbsm}&k;Tsr0Q@+NF z`B|~Lr%`<15P3Exuw#W)YxM1&bs4!rw7eu#4KsZ2)xAz!d+sc7T*& zRlkZWp}A}ztqUN(1n5yV^eJrNixhj=hiqvEhe$vhQBt+h_k$2LaIEzuqf?SBlZ<@J z*tI~<{hy9^XljPEh`l4gS<<8!B{h}NgiINSG_l(F1yUlF1qcX1tMyet_`=+We8X`< zE(oVAwb{Aq>!K=*pfu9OVGLFQY98w*=th&FH@o3ZQ^sxxzoF!|Zwx@RjfaT{)Yky} z=3s4&y#a)v63$u~4EOpTQS+eo-ND}_MHZaG6^M({9oV8c8Oaty2?R9rt{*22@?5ag z#5ViD4Xt*EZ7?c0A&bK8=?1>FRbZ|G+Ph=#2tHXStl@!aD1wFn?>b%Toyg9~>IN;AB9WOu`rqmr zX%)mrX8VkrdG+ef!Y;$!a4;}zPOYV0-Q3OF4%bM>{R-p~jm-rhQ=`?v%g#zhTY5?|ytLB8 zxqgOH^$-d3R4u5@U>1Qaq6LZ%03)4^08})0`5ypis`JWT%{dWsmZiufnnlt**&LWC z!4kRxHr5Z;0P6)0+Rl!anHZt{flkxri)4H1SvWXgLV-}dqa$>rc$XT+BQ)$>-%1Xq zf1CyG&}m)a;oI(NcU$9|LS4JcHwCo8I^Pu3hAVwja2u}m2Do1MWaHI-*j((xw#9yU z*R?***sWHrfNet+L@>d*l28lIBuUgNmvhd_+1%=3P_-n-!4qxL=3=tbye%a2FdiOh zi;)StX$B6wGp}Dgx6~wZBOMux%_iz^r({ZVQhV&pwRzFHv;22mRqnQ{Hi5WyM{NRR zgWa?Vm<@N*CZIOlMKw@8|97hi-lkiq`@Cq|Ep0n%-?y35mO;<`g$z7cJ@d z*Tmjd&wcnvr!=o50wsLxA6TP658d!uz(j{{jE;HUHb9+PHGhmO+&}v0XwjZR00UOl{8Ovu?8UvF8fTXot1Vm4{Z7nRyCpfVs zs*z!-H9#|W>T1>HGtVY&VM2>*R}O2zC7~k$msh>p(m`Xvv7TV zt<9+zzgC;Z)3XK*>J??y>owyf&&W;x`l*P5Vv(11Va+Ng`Hfq_w#nzm&(5CzGCq5L zc5?OVvRcJfvAZJL{a0qm?RLkwUr|IgZ(ncKv3hy@;%t0zd~()As5Og11HkFov+uuY zscfU=JEGBIWU8~_ykKQ6MO&l|ZSR?xK!_eCyYVY-aM9TdR6f>Z)^EN>)8M@$NswpU zxbBpK_r)A@(htk1gZEXQEuAv8*KDJ62tK6uV!fSbt*5Iy31Rh5slC?k1r^)x7cN+e zPO0D}AdjAv>CE|oce(9$3KzW0BQNEqFKna}eF2zGLJOfHoy0nxiV+Z;6ASLb&4i|F z<5|q1XCuD>+_vz3s?`O}kDZY9g64ElE>I43vHgPZgya&>NQ;TAqI{ZgL1Y*qt*NJj zruDXP1#4`nT$B;7QOy$9kP1v5(F^?ML(sxY9j_);^mHS%YL=FD8*7t@L?2>GRB2jP zo3t;rH|87+=iEGugG@>-9?J?`?!~Zfq)ci93if55z-;k?=i08>h(yjF*s~LU99oQ- zj4S6CtxYL*1}>;OaEF+c5O{U-b}h^*k4aa{ojPg1`PheRqIT5u(XBIM62nw&s9$hI zQ+-*Z`eM`80FUvU;q)2K)InBd&rqW%Htqc#j1^k~e3)nbZPg~&fPqHdE*;yU+7NUs zqQuU7*Vx*iqvsbJ_pXYn5%SOyNzo_yGXhRSCTp!-mx(#OHfhWRZ z712U?fuL*;8eyPpFEei?onN5Z&lak0xA?<$PvJE&c)2^O0N2iW^o!{ngUu%&-OqdM zW@P)RO=4;t_0#;V?&}zC1utgCd9!l;zHD{6zaEnNT0PnaZSP#&)e#B^2vbuoN+lI4kos;%q{VIo1!xX8i=} zpI;zgXmWDrFn)GZxJ(o^e7!?{P0zGfrtgsG?A)w?T&rR1(AvN_JBY+|uriEjXzcd~ zgAU{kEVo|2B{sC8A)`i<%7>F#CRoa7;*~=_X&TyO4#iL)1MYU-?XR%h1pe;#Je~aVc43 zlZGy9{e$Aic}=fw6YN>@@hBy#S@irFKxEuMMkY)2x03Ls^=|v_sX)gU=O(B;cv4(G zJ3c`RI-AQ@(pO4$YVoVDi`obWW$WXu9msK`H?>|6e{{OBcZ;bp!pINNtR^{;nG4d~ zBoLix+OBm~lcwzs{azjVxi;aA$j^6frYk6PM?+pr=sPym5-z&6jSZtk-?8=fK+>%U ze9Ab|cf`6o#B?j>VT9=qXsaXmba!JWg1x_^ya3SMA)woXK$|^dO4vZqhw)QC5cIxz zT?+*by*qu8m@tbKnDFJKsxm=T95o`4dNY z{^T*9KUI|HjcMSz0MIoO*bM&s0WEdKh3;z0iwW(8RSx1pckClSHgubfboI0uzuDVO zwJ6aoaiUuyMSnzlfqgdAa1rx>emimloSl&scEn@H-`a`DmX;^4#dy#xGRnzqCDss* zCY)V+AwUd$tOO-@v$0~Mp~DEv=!vk+#X;Dbk1r`u)l?t*qhe7aH~& zrZqEVZLn;T%6qug@a*%&dfoc{i*R=p;=H-=1iAHNb^j8b+B6L&#S?%#M7hmT{p2#8 zuWRd&>+Xi_Cl&B&*g7GvRm|HQ@B5PXy0kZKGGD9I*DCk<3Y-qv@58$KaYEpy7Xw!b zf*;o7dz1+Om@?r8E3hdSc1ngFE3Z{L+_ZmsdYdV)c68Ewz5|7<{1k zx=w&?6=By3vE5zu1lhoU=z?%Tg(P{yK?n@@wAfjAg|wlUt0s~5VnZhxri+cjZF&>s z0L#eu-DzL6s=b;|TJ>U0l)4m4+=llLCk^AhhFP=U%7Ub{TvQgu$UIPU``UW-y|!M1 zCQS3Cwz3m#`1;0zJ!HT&Z1jVQHt&xbVb9jNiX!^Dnhrf1Q1o?ovWUtW*`(QCgK{-Q z=ToF(jHJ72Fx}~BZB(4miivTn2gXVH6SemZq_qhuy!>)@&itWRIcWCc-LO+8trenR z`>=IQNU;S>=nbRBXu&KGVH2NWG$+{tr6ePgAXb==$BHk&HwG3g0NpuL4j@$Sd|<+1 z-lg?q(Uu)r(G8QZQ44NryvOU2ecg|A1wIb%LJtqb`7{73)hY8aEMt!S&Q($?0l z$>L^QLWOnBM59A$k}z5tco#Sd1ur+zy-*{Xyl#SywBIQ@}RNnYhiH~kRw zHxf+Tr9K@unL5=4`WqRcr{BgcXjQp-;=iTv9K}ak4+)~uzUs^RNv)1VYy-; zb?}M_%^}dk4vA;6pQlTSpw3g>Q?Y(3$YU@0V#|SE?lgRg9BEyUPW@l~G)(;u&04`tpsUbiJHacV(^dUANkFo` z$Jl9xBt%$)?t3oqrnOd2c=Ij{gir-KVAC4P9ib0IJ@7%7E1hjGuZLK-{8d=47YN)$ z`+FN)seo2?5!N>eR3NuK&2CqKE$1~Yvkc0~YAT&?f0qxbMYkhso0U=R;N0ta(#uP9d67a(U==ukmW`u3#QFCAw(xSKA>SufL%v)s>3+gfuo`hB4scO zInkOGMKpYO9OG=$)qyHZ^d-v(dWHo_4I{G2Ho)nE=KUa_aGy_bqGRMwa1yR=^~A2} zALj(}qp34OKlv9x9=2#@QMKMz#z+0*ox|%RWIMtVDW@+ED{E;u%-Yxd6*2+W7TNjYuJgcQXFfw4s z7S~^QZ&lnJlNkMYeEIVHfM-JmuA3#+XoUmU#*$gDeyM73fDL8Ver-m+=L`hW=1Ls3^ zUrQ7qovKmRiV!V>gT6-S#MKjaLyWmZC1e#OX#|03HVhHbAd&QI%)J0{wTUUtct z{F-J&EQKVCW-0BOd&*gHf(tyM8I?5bT7-_DKd)-I#1juRR)RdIdHJTLIcVxQUskP& zvM4f0qWS-`_wHYf+{ohi{h7Z)+run4OBGaX}g83(C+TE zWM;e!-@pBP^lVA3e%Xd$viP368M<4gQmIrbmFf{h#XaUevAmJ_*mSzB4P{~FHS;-- zy0aci!>;u>b(vZDH|Ft1*u>9ZHbKk`kFCQ_G04q$5BA2C2yCq-A6U>)9D)(6-Xk~p z+yc)BypB6u^Gy>J6H$O{E$0!juGUyASuh*}l>u=@RTczSSu&A%AoaQ@GB2b$j%aOH zc>mg9&F!r4+BV(WA>&k09FDmc$NUta!~d-?{NJi#_e&A34*KTb`>8hDg~0D7(92@I zE8uJK-t|2=LcB{sHw^Qx@6;XHUE1$`Mt9dETOQC|im(~f-K+~4@+-G_9(=80ZbjHO z5A z@Tb4+u>XDsK7rws06+AA2mGrSTy+!(QGB7mlskc4O(P~dPE#27$LNZPEAnxG0Ui#y zNRT!=iUkTWSf_;CqQEFMg?DmCEWe+UDN9)=g#tGUBHV`7yAs`)j&mRj0#jsoC*>7L zcbR6qQCB9Cf5tchk0<=((;bc{Noamiv*JrfP$&{vXsgwUl%|Mc)kdREtzE( z>@(QPO28kRry23kKEv?(0@4O7K9Z+Lx#!VcPR38L3qP(dY?3KSG89CcK^Xd4bp&6) z*(@Ad3in46t#N`$FG6geVz+h-FSc#aS0Lc;c-wj1rzx5+CK-a*CkazcAQ}3!1I%kC z(|`J+FNM8^TOqBZ#NRBGEhol&DvK6~D#JRJZ6YVxND?`}r8c1Xyog1PrSZ0K@uj9; zdLpr}Cqb%i>y%g4p0qgdrSBYzkkO|X2RmFK$`bWD8(BnATuQ};sBfVmP;rOQ!h#8*i+DVapxRiU&^-i7>RT}V#N2SHq) zbM3w3?11540iC^X2Aa({!$t5UZClEo%zgLUh@OV!d}^Kna!^zo16TAbmn}4hAx%_1 z@O=LR%3yebMljn8hGW=A|AF7V-F@NZQ>&U)Vs{YVybm(zx2$QU;3mir_tv7@V#su2 zCHmBD&VkB?t%K7pjrfJ|x2LDt?GG9-QzL^Yj5)f!@X~J8U4*yD! zJtI?kQ%PTNTwmTE&oTW&9+wco3~y>2y!njx=VOkT%#907n{V8rfN zgwgUWVIJ7xp}Zh1`Xq6H{c$plLOLa)sv!Cg zGXh^gKll%;>gMSv^KV;VEbe3-NQ*ZT?;66o5EnGo?*Ta8+r>vlG9)=UC7O|%cZs!% z6{Pz`N|!cc#|ezv^0uKd6}h@*0SZHCsbt=$mQEYu+*~$UO1nXNSd%=>EB#yr9+qfu z6mVaK3KS+D&rL<`ZiOv>?pIF22>)?jsQgrRkH}vn5Y5)td>M(7aRTY<|D`@KIEI$J*%ZFy8qZ*|)1F{t0ynI1dz3j_RGYBWC z!5Rg0OI49<8dKHPJudO`UPdEAIyOZgJTHnGfQ?p;zjcV#?Kf+ME1+&0UAXM7S-A%e zInd2#7!sEL!G6P%mjtwV8OxX4AxJB_Nz~$ant~P1K7jvk;qCy-33g3lJ#;+7LlR-Y z|C`5qJAtlgE3NOkmauL5xd)_lYh!3xot0f=3f#1epxj&+L(&~48SLU@5_}vcah&h- zvaIa(*4EaRp|VJ5O1zeEU(V0PITKOHEDMGDuJd^~)4V8h+&xs@blF_07r|}FtM&J* zh3l?DZ*u@XN#gS)A)v1vvnuCIZ>3#~IJ+ogW9`08F|rOK{&Z|z$q>bc%f9M7Nm zUN&eh%&z+|3TDzuf5@MKkUj)hJf+;(7J6z}|G5=^A%JGq8F0b>TnOYd8D{@sveQ=3x6%ksY-LEW2yb9+vHGj+xs5FL@H4)Vwcw!JpbGd$##w zn*clD4cEM^5vY>nmFp&hL5Lpb!cnL>SC09%34nHMr#<}I)zcnigZ0xMXu}oM9&p1o zh{WCN<6A-kG3Nr(-_aa+a z%pw})N-g{L+z?1boUNU+J<{&|&4IOvNe$Y4jX8=)8726kW=oDi(yh zo@$P9rt>x~*fw%XhXUPXx`(+)CxL!(L{o@Y`VDeV^W$V16YL7y z;!b-J!YmbxM${Xwq~$3X@+?XP5zxMmfTeuPGE z4QMhCIdGlhpN>lXm}LO9k{9M!>MhD=NeK24&ZcZ6;O#UVai2`vce^pJ)FGYQnDNPWmtaJX=lNuqSQtX8Ws%Ge1s$~vE*xTn%_9HSUbrV|iP zCj*#mrZ5}Am;@tsbERvu-181|N3RSrBfNB7GHPw;;H6ejf{5YH29AS|ZBUs6Gae@y zLOsEVfr{lXS99~FYKr8+8=$ffq!PL^vv@FpYHPj7-R>3S*oubK8&r67G%A~+u+OVF zt$@xn&%Z zw&}DDMG`$Wi$tpFrz9Flbg^hKlIZ*~#v(}~HVH)%%j^ClkpxnDeH?JYP6m`mbv>oL zI6)p`B8wB$mkP)W8ss++ISR_|Z!t$@xRjvT5~8IF9Y4iNJy5Kapm)1aDUC~&VW3q+ zlPnnXCkklF32C{#>l^ofWlWPsnPNy&fjUoNO%EB?RG=M2Y6DQRN$l&xp2P%~MLp@q z`Og&eRF2^_oEZo{j*zEvd_`PS5#`4h@FcZnIpz9Ne`GOFj##IP7^kJjHfhtXLYs7I zJ%aEiby~j?c>gPinDF+bcDcf&^$=OhtcLYULooQKaJ>Lkx( z^F}%?V?axab`l))n1h{i)~|^o$;VP3K2i>}X{3|UTSM42aZcs{w1xJk3v;r~CtqZg zQ*Oj>6y#)&xiOQ@5#nU`)gG)K;M8QcK68AN1I4HCrax_XlQN1njcyv7*L1E3rvl7I z0ZtWw|MWplwj8O9aT?nO^Cg5h8OqD!i*Qo+33CNFIa@C)zR3xEf$%0LyoI8hoDdfd zZgN8X?}=?P7R)0IZBjCL&d4Tr`=tdoxxp_I*W`w{SXh%A=HgLJZn%Hupr(G5eBjr$ zJgd2K86Wa`mT8s{IAjF|$5}ERjm`K0!P|Y~8LRnXl!4O=#=(r$yWQ??zv2EogX9J- zT7yS_e-VNY4{H)fVk#g-;oXw~d~%^p7TZFC&IZfO3RT*>O|C zC8}Ic657vyQw)`yi1r~=WrpoPdl;4Og1Fo$D(9;IQX;8}WLYSXs>*Nifr6>NSKf<{ zB9=>7 ztlDY&Qf_&fPG78$oJaCr%XlUK!q(VzQm~RwjxoI7GlG~3XSK@yCNM5a(z7BrxJ!7`SeEi$XEn*B z10+@Vc~|i?iZ(!;6uJ{NsnrD`b6**blLX5+5~=2?zG2oiF8wr!&FCJm6TmU^UOsyd zdi6_aTkP0#D;%1J=XnKhT)jb8gjcFt>bc=s$1={QW!BU{HFn z-upevDFf65;Z>|2xmU9bi8K&Fh8$PrQN+H2AqdC@C`QVJ=!%6)5qo3fu`|YW>bij} zcq)wY4d^``C{*!u5TcCv3C-kHx4@btyc<9gg)WLg2ycwrE7@NV^J)rb@7cUb?^_u* zXyPwW&^hs26hlC!Eb@Z_xXFu7UkGcbF-NZV#jr=m@LdhNSf!yBK6rmjA*INTD!zzC z#XzcPW(>mtidm_Mb=Vzs^_h&4VXh%{a-8}QR&67BxZDWFFbfC_wa@$@MVmL<-4|P% z&$w%nK-s_9_9u{40nET8$*3?O0gA94sEJL7u=xn3Zr=8IU>99Q`6VtP85&IGOz}Y{ z6DYiGl4-~VR7ejdQ*4BBIe<`#D}g2>$%G^WD8?j^@})pt)>#(~CM*h68o|Yx=wBpB z(Qr3^;9sE#UJA(1*dIceUz*CSK~L-QZ9aNZnbzlb;eAM4Tn+M1Yz*=@0*8_yaCvIf zVzk+|QW2hAhy$06c7P`&P01$mK#|~9Zx0^`ZXxi6#DQB_KTsI>F(erpVmkzU!XKM4 z;NqdJ0dvtBC=q|5?NidQwDAt&)()tc$tRYp^*0+JGiux_UI!o%CfJrcF4zYD5eX}o75Z|Q$ zJy5ZH6CbTaeq$1p)yOYG{!EqeZGPqV0KsSnY;|9L-Q6+@bKeE#ArH@H|6XEoc_)iZG0f-~L7!w)>aopAJ(MC@d~J$9^Q6hVos)#H#_Alx zHo!_KD?oKu@UWIhrUAwuk}NckR1aGqIhc~-$PvyD?E%PwI7}uvbU6~GC@Uk2_@WeR zEuVmnH@9=L>;clG>Bih(v=Jh7SD@QL3bSDn2Xb*;s?A^!C4`b%6bkurFy;k}|eX)84x2``;JaZ+I_SW2LdnvrzGpr~F7P(R3Z(e&(@NzZMQc zuFly-bd`TzBPlaqu$S|+D9&T4!j*P{hgrbFX-PH}QLFYRDWkM^dkebnSrlm3rja<& zi#fZyD}loedz<1r+e%;qWpTw9^nc3PLwu``m`4Zi@u>g9vzks!%xjp@(VJ$Ma1{Jz&taEmx!I{_~0eeDGLXLr9=hp##PuiN+p zFUR-V#CRU(>ozzq%kkR8`aV6c7jn7Q4mW*qMm|nrM3Nd~<}k@%f;aPXou8yI3sgJy zYt>GgL0OKr{bV?uz?g_UKPl=?LhHCL(5yMNi?5WB-Q$jyed8@Smo`AQwCO>Z?p*S; zC!FVUN}c9I1qEk1m#1Y3QtFa|lWRb;+SfVK48o*u9!~#?5#f3!V*-wxHu?mw~R^6$7Y_ z43~}O+or_HAaj~wDLu~lzj>Nlo|rdHBbFu%b32(#3@W*$Ynr|kD2H1>N&o!uxrT)} zgEU75#UqI6k}+MuY{1QN5^1R3VV-g`4KM~GzY=p#pjw&Ci(}bJnDU5U9$<_ zHTC`ZROPo9w~q5}kk9yjEN%P@8p^YNt?1TL+H2VkXMUx2xIRl#kN72JHf2bQ@B*_% z!C;-tyRBK6rf`xK89qfwTyG}lFS z&NSw;Q*{1llQ}ICJ5yr>nKj^&jn%lAc=n86RwAqoj)f8d`tb(4ViY8of@T1tp3p}ZO&WWn$n<_^j1Q!Qr}!*U0Fk49tRV15)37&9*& zK?e9S&334~*b&!Tml6NuQk-LVCNPL!Pi}ut2D{#5_Ion$?!Z66R`+!d1*^HwvFW*3941g;qY}8Z*_@AfWf6wn~8pkk_ zx`l8;+2o>y<>sCQ-QRH%FVe@>*4EaWSFhNAx3;#d|88%8{rctqY`@;#{(Ae(*7o-H z|7>l4z4i5*{{dUe8)o@$N)O8av$b$v_Tavd-|Y$j-YTDHZwGjyG7p_{Urc|JjW+o| zpLrYfb23XI{gz)Y^Jlp`v9|+mnMCpQ+5_sT)*drID%PGqM$d@6r~Aw4(+ zQ92Id=>%qI2smzg27t#n-V@sShWRcH7;iHk-;`XYeRAg{WEhZO5Ma1C z5rvnY0@!r!t#+nL48mz9)wylv>&?vR=s$ctCRaemq1{T5o~270dT}Y#51YB+E-+-_ z`p3Yq6s+R_gA`^Hgfa6{5=Z9dQ&mT{bdhCurh5Z7qv4-?0gAn<56KU3HWy8QfV13z zTYzH$#6h!d;_*<`%QtebjJUee;3n>h{$IKC>-CUa8UTt39BHiQ+|w1w^O{Zu4@2>eKT84N5nip5;-{XSrU}gmbHe zuZ3$9Jnud$OCQFFfIJUaC0ny#pV&&D#_!>XiY*3LNfg4&r7UV`HRM$zOZ>q0b`@}W zg<|G)go!8s=+#W3^#5)!b(OoX!$VsnIPmWG_$|B%9Q{kT(aLEN&3VMKZ)9cD{J)FP z+v(@#jau12ErM6ktb%T}w5y|^bgi&FG>S0FNNIU?uuHIDcwO(zQS72*C4vgk2WrG0 z&_#PJ{r@|+UEgj0m0>7&^W^m6px-4Q$pSXUYWwetS6{!}F4})z zJ=uRB;~#O1!1uu*z~hyb z!x$u4$TwMWL?_S+o|ZnDe3!ujBN2ux*=L1`-OVH=%0)+fuLLZNNj78dFkL*Z{xqA$ zU5XxM4j5smmeZbn}M8Pi(|Z?OG@rHtI!RT!Et6?c7!lFg7JuqY0C)4 zsx|ybU={}v=Q1^1vpH5^8HyAdgG2u--ef^Mf?ySHfK^1_QEfM}W}*mWm#zjFhx)Vi zG($1D0^W1%KM%Xlv9D6oRG3_f+2587`8NC+nw$^EY^X0(oqc*NT7gUc*)Es zlqg^z1_UUp7A)foX4h6L*-rpn{_t1WtpeYlSunqr|D`%nbD;`T@z(ydYI-lm}BGIFEcuIl)l(l3c&Om<~5HsF6) zS$WX~rvtjjm5_)^ifKB^f>2PNsc3=-Ed(R|{OGi|fBCj|)H~TbIKMnRyS%++E?lb! zY=gVIU2k>0hO9-|cX!90E9rQ5=hMFt{fAnNegb~SNlXt~yKA>yOad~+#vaf`@hF2B z|Gf2U7o~S=9ZwBViq4l^@Gd8WL5DGnCW=apIKeSzU^4SFm?oPAZ5;d}j&;6|A(2V$ zjGca$6UU%=Ni(+~XAvT*g*LHh1FXWDiLL3PWYhgwPSmfvt2L})ASNcHMaOh&*wuFi zhf*bX#Uumk)!UEs-07GbbTB33d?UWQTk)6s zTLC}z&QA_czT@lS?Tp>?u@31brv#ghhsTx^JHky8OhAOLVKfugE_R4xu#9a%dUnfE zM>DmjvJ8r*SIz_u$3cwnq|4FzmL*UYB`-4=;3UQy-~-)1vLqfwGk~WfmO764CC}9U zt^nsA^`a6h_ce77&+v`s=`^}4OQ*aps=oS4=C&KK+`@?M&|?&dQw=+1Bf3+vG{W+f z{nb}1E9RX$_sHhD3=F0DS0(KM`zL+o;k=GJZ1wP56<1j@Ve?@{dhDo`)`YjY>I!~O zPz=0ZVo%qhts||mn7NoRwuElU*1@!GEqzJhsNvF`U2BQGzew1&r820g++*1^78?aO z1B2t!lkZOV-(H@do?cv@_4@rEPtW&vt=*5O^0Rgmw~nA4rraN4m03=FrSFK|Ez2n@ z4}U&I-j~SVdEgU0Cc`(cfFE`YituwAy8?ZOVTPTDJ?%a1+c(?o3m22Bw(1+by%g8{ zEHO#R%s{2nalKNIIvp4O^4y2h2od&&x8a#1G*5$+2S09rRpwo@vs(mav4xTA&ZA7p zTHf7xZia>CQA?0H-JiX zU80feVRUw7BsM4TXBotO*=cGPm@rJRojaKlj6xA<6GI;AN!RfpA!CqcXcA;Ih8mA? zp?~q_l+0{7ZPKHo?1QaXu~gYnK2ZnG$%cM>rzhHMI^@~Y6hkgP+pb(mxPzhE%AKXvLlv{(CN*`!dDnwbHjGJWKC;<3C z2fue&dpf3(bxom+NMR00-rwpsJ(6+cnBZ`nfO^xy7htj3NR!aBjTwl*3I6%3U%NPk zLvF_ZdF$71EY`~18u$cA2G;2R{SvQrJdMN9mE1b9byjV<vkr_#qvJjLawo0T^V-2Mn`r6*t&U zY#)M*P7dy7Nfe=YbPgCtlFKqwcuiw0W^8bB^-|g+@SKtOsc39BI z6^bCcC7)2T499Q>e6`8gZu6^^gO90nr`1z#G1lp>i0^!n2g^Rp`6aB+B(gg2`I;#4 z`F67T)r#`smzgoC*qwntra^?R5DY<(rVOR-%8w9`Y#KAq&47S6FBy6m4B#-BVhC_D zfqIT$UKa_$DCD_>Sp^Jk>SQjR>mq}lxZ$MdA*$YYx+{lQKwKqqAWGTb*Qz|V7%@vH zu@Vmyd4X*y&GLPvnr`}iL_^x~V}!gpXK3;yi{h476gdlFT!Eikk?}PPwy;`T+EzjP z(gCRU5(d9MYScujeKw4y7aV#!qkpagNZ-s_CBW{#fK(B9dzfN|?Y|q(z6iWslnVry z_S|4KEPLLDI~p}Db6W%5AO zdKO=a5CQhrd6E!Y+44qFG6y(eg(ApLsk*NgU%gC$< zNv_@bdPHR1m`fDG#YbPJX+8uUsJ86OJdCqi8r19Bi<6^)K7TKixj5>BJ(!VtPEhLn z;)Bgk1`CgApB4WEhZ9~#U(^xh^(J`=%o@q0RpqQ5SgL=k50C!I?k7xX2XT|w?*dLWL~>oGcx4v>6o6Khsk8X&eHs}RiiTti&Dil%CWcp%-c5H zIcu9$@0u<%O2wAwS8J4o9OwlCl$bP%$hadt(7Gsr}_DB{&A)d?11 znSe+g)uf_K5&#hy!wlF;AFm0`I_>d3yWA^n1!10AImr~5go5~haMfYY1a_j1eU2G- z_FI@1*?EoPy6!w*N!awWPCX0AzC7^{uRYk((~GuEDesRw{TJ3!SZle^tUPGzBG=Sa zl1&0qu`e4AsycqQYb!&gWPX^T3Za~F_1dQkmXDbZm=)R&W z-2>~n@1N;;+jvryGpV}yGp4!a6w2Ij?rBtS8%?G1)Ge9H9GXqf{EZu6t0~P1v;Z2* zm|6v{&GcGn1n*_tYR=(~NjKcfYbRYfN|a1`4$Y=^{>BZk)uiY2S^$k@OuFtaUpwjC zJ#P}Ec|}swRof^=Q9i2@%!z3Q)x9_oCMX{5sSf?J!I3noXtt`2O5fq;Fw!;K&Zvq& zl^BgyJk3tAgg_w@wt`};g&LM;he)X47JUNjxNVCz9i3ko-UUiE-oZtr0^eA+irbP&1l^X#A$)M9>|uBfID!TZ5-rRh zG6#tz{AG3x&WOiBT6bSU+lPZbZ?<>r6d2|=3bOoCpUH+zj6rH9WZKLZV_3f2p!AZ7 zCv$d?(R=mQdKHjp$56EkFtETaQBt(pLX^rVNK!xk`mIF`ZN4q0ym_;&MqWWYk}anN zWox#e1v$)qUa^yvPQlW4G;J|{&kcZW)*{anx2&aTLMtEP{VhIDg4*%cFFiSw`Bq+O z>xK(Yr0;tq>#iwLYgV0OG&cKnOL@t9T(RWJXkW47%CD`HNs1x}f+zygHwvJbB^Spi z9z_sLAjZK6Zm=N^>4#SViYinD+eyk-X_`1B^K4jnqY^mDXGN--J#JyX`56VWUJtrJot9p)n`=cZ^(z zv11gx8Y~REoFkfpH)-tEk5yg-S!62KhSCRprus%@V?Y+G){~mSl6?)nuF^& zUaDc<7e6(i-lFrU>Qc{A$V0fztf7tRTcH8ZXIN0FSsUeA)soh=Y-#4jYuh>x>g!k= zUPUv;13ei+S~~}9vycPaFe6fv3@8-33v)xPYDLMZ$aNmccw`*J#RLlU(At<+Dh@Jg zYiXTVS_itU9L%3LJu#R+*Km`(#%5MygLm6ei?Q=bk##8PY{K${yIgn`cv@3k!M23IQ;EMuMs^pXz@kSCh zHz6b}70DPHd1p3x@}|KI{4s^uOt=Cuus{4AgWlPpI#|Yutg>MCCdyP{F-SDze3C(& zOtT@xc>)|kEvme;9tI|1xH_*qg~mER&E$Q7ZGKG&XQo+Tcp={z>GP zMD>~?JL~CS%6r#xZpH)g%$B{?5R8+9lzlm@^)lgaojt2N;bx_3Jo1^9)5!#4>EyK# ziivDO zZjy!Sz`OH9S+3UyhI3F5hnq9|k^s-~rEb zGHr?5nT(>aowaq$dsD7oDzsPESuPKiaOL>m;{0&0fBCL|aLx)8eFAj%^fT~_hd2Md z`TW(^=I9@Ib7%AU%iiYb7q7EZ212H7sR!|IW2na5mbtk}7T?@_j-zB4MB@aLo#){u z%OUeGcF!TlYb+WSG$qAP^O~;nIAB~H_3KpUkfB3$DR8RlZMLPQfec++)fHFwO_i**&p ztCLJ`RO#2Ff7sB4XBaHseMhH|+T-YCfsvT4D!0qxq~^p^*J_k_4NHxDQnIhWV)=Ik zZZlYCRntr>J2rHEt>ab-zty))J|Q}GECbt7wc8Q(GAaje`~0~_E;Ojp&K-)VqwmIA zsoA>_7y7*GQ=v#BvGm)l{rU3$)a8E?C~YbSw(cyLw9Eumo&RZT`_-#gX8xxa^q)`p zpB~~T*s^>T7TgQ@mK3B&Z00-QW_#rt#o};ecXC&h6(AG(AD-=ilO%>KfLBT3bLNYsNrtH}mXok)73vk( zWG)mc;O$6|jUYK=t#ybs+yOt5EKqmp%i7@`(5p-DTLk8Aut`=aK_&qij`_k|M2I{B z9i!>~pN4}uPJaAXxBqXyd}HnZTd%jje%k*Z;-~vGG|~a=^_D98sI4C8`?gp*tBVzm2*+n?P+iFo&HPN)t-J$e@*v)OacP0 zrV)muwH{Et|G#{*{qpO=`TxaJ{{IL0Epq;^+u(JcDcR-w;*8t5if^KoCsixOMKpV?F)4(BI}*#^@jJPzVu1Sc>i+)2f) zD;2-1RLiDm7!cSeSwP@Od}==9Vu2(-1(RaFAFFwhJk52q_J)VHN*Yk*$piwL@TI@G z#o*s{2e`(fuwwb8NoWe4Wl6;xaLMZXyWOL<0vig*hY^z1h~~nw-7T+!UJeoCkfU0s zt?!j(`{5W4ukm!UY24TuLPI1PUhQ58PVT-9Fgy#$7EGSiq_JZWsbsNV7={Q6l{j&4O%)Vxzxsl-n-;nub=ueLyVdK?Gm z32vJTwHs=Q~I|@k~E2u(d-8}(|o1#hh@Xt-qN|2F*-rZ9)Sk(Ax04=A#6MZ z=D1%o1|1+DfQb3K*72}#39|``8OMK@1w(iSGsHSgVm%Xoe_ZU=I6^+Q!VI=9ihsCDC|xP{F1vfNLPHHM3@C~Vf6{%MY-G-2dy4gSBEPa zQKi^nVoTr%&GI7V`2>G^Ij|rC$v+Jorpl(>)`?lrs{73R}qV>ldU@V))$UdSirmvq`M^( zBr@@N1&9G6aWFxf#V;v{AP(&XW4G8;i=AQ9#bd2Okd3enz{m4j8%wA*bO>U5f@}*{ zr66iAgqjJUlHEb!U%MxRR{L@p-0IzV`$ZAy0+U)J2~jYL6HL(XI0>N}Z^=*#ZFyEl z0%qy)&@~jgnw^utK`kF=yN5Q&E`jcB5iXPH6yP!_&fqK=RRi`C39YX0&=nlch7tTe zNv(+qirnmq8;QZpSf4~m~6^vles?%Lv zw;8BYN=^++n+DaBdvpv=wK>)Gj*d=$ygWEQ zyZEVczD#DOY|J^@$(t4Iyvo8azKsH&ucu(g$=`kw>GpwVWLE+68;6RNv@zOMQs4JU zgsG;m`y2!IN24r4;?t@;LO?GhM$w)mAvCaX(akZ1w<<@n-q`bM#n%73IPYD4d(``` zUpmvP#zd6PW;s@6bJN6f=R$h#=UI_KquGi3wsY;-_i>{fYn2)X74j!;{-t_rm z7z^0#uy#Jw0{#rT=6X;YO{pMJ4Letnz4Y8HP0R&lHY%1l{s`T`7-D>uB?D-mezjLi zGMG5}T!P)fz|>8IB@AZWX_AY~!ALt?r@1I0!?d3auOYE{J1qo#)-Y=6ET6+5L?zRl z8Sj=k&sMKXm}nDM_e?KiJnpH^tnoa~x$cu7Bh%C|(^z}6%y~9?T*55tc$Qeq7aoaw zhOse{&pN+NCtW3DwpW38Tdg$8*S=Yc&zq#IuMq{vTx=)H?%x9w7;yJL+>+Y`o6S#qm#u| z{AP~K7=>^cEZ;Xo!JXTA`Q8_9&6?%w)p503ddaQMEavid1+tkin#Hr_KaozED$_e) z>-Fo`_AD<~l$45*x&fDa{+m^RtFPIY=^|uH1D3^cA7wk>w$R-i{vS2IAN+i15-Ya= zmbkH7X;%wYLPX%CaLhA|hA!&{0I4p#OTL+K4tuk;RRiC)MLNJ2KXE{J`MuQpyfmQe z+|f7Xc|}dpR<%T5yna*1-p!=7A-$F?u?^UZhMe3!B>?zhes%Hx=3eCwCri)&y8UA7 z#kQUQ_05~7{I3u4n>&x|{Hn}j4b87eUG@lL-&+K?F9X%Z^0~4LILQglQnebJa45pg z;it^Rg2y}H6QjkmzibXryg3Mj)2BrahcF=)H!^P2BagIa=TRa9} zRqG!3ewt(?uS}siGXUR*H$eo}!a;WoqbOPLbP@hBLxc|IEJKqZn}JWCfc74Mr4sNNIG^$w25FY0Fyj%yAcQH5Lllod!r$I->BZXo{4-cx z=fHt4UP#J#;Xr=tb-?cb2iAYy^8feOzx~oR|Jwn-{tEv3SMdJeynlFlvb%cww%7mu z^8Dbqcd_^V&)dIp^tz_qL^>u%XdpU~PRRn!<#F%-PS1C})%6i1ml#e0f`*q8M{iYp z=7H^wXSO>$Y1Hn8)$WX<+o0V`(GFcv@~!8uIL03EM-aTG>-e1boqarZofD>7#(nT<9Qt9AE-7hS7xmQy`+fsl??9tpJdsc;qX8 zkuPlx&rLy(p0~pZiubtt^79zd~q(C;vj4*bBv0DSY! zH(>Sl^z5Q{{@v#0#wNG}|M-V#l5w`>rLXH-;|{<#!`=KNuvz%#mw$Bt{D=tH*55!J z48pNbzT0G(`uM%0Wq6j$v^nJfPjCB2T2NJjHB)_z5?HTb8vdZ zWq$_$_?7)DgMVD+)q=n-xOsV*!9O@A{0u)ucnm{E0BAH+kH zj$t-|F*nWNDXU!6i?}=IF8Fs45k8L`AN40kX#b?&-3Gg072gcigBSFHHVyhxXi^78 zt^*3|r3I@?d+M&*9-nm%pSkGJj6Vwgf*^BgL?ONcyFeA_Vowjxx?8lHTQd&sPQIiB z++_VgJyudabZxJYK+yamiemQ7Y!Btut}W%B^{;w-oA~*J+3? z-*H*VKXBeV+5h(N=s@l+-7F5N?jUfWLOsI)@RKP4`Ub?39lY3j^>;4e_f(BnFpLn4 z$tH%`4OJecc~b(U%hr$K2jEi(1(3y#hByO0U4g*c+}nNE-#pzto`KVB6vPPggVE;c zyWPW!&ApRdeNlM8=N4~Jq$|goE_+e?7HIf_4~UG}!@VAV5X2#nmQ*>AkFU4>7x-*A zD0ZN{*8?REivC{D9=kHu(w96#4~7{EA{Rj@h%lI8@bb;;E#PY+SBORW=!))tB?HeU z1$@OcCNWh=Vm6lv2msYV7$nNkQw%|XwMhnN2gm&NhcOzCS+!qTfS5KIBxDRGkQLFS zBowWJDOElR)qSYGuJ)P2C=1;2Pf*m6c=OQMweUDe3Ggw1AIT_626EJXb_M>jZq3Ih z4cMo>9{!|}OKgziNfI)Xxox=zHX^n(trPHCg|XbEd$_;rZFx?3{IuZda@nJYDjA^R zZ+WY>ey@RpQ7Hgk`pWm%Y3z1;93=B|(LZvoOlq~ZSRxQ|+ zo-FqNjlX*P|NM2|+|9^;I=^=QDb>HfZy-!yH|8-XaOE2;E zRN8HxU!DACjsbpzaQn3H>Q^KGx3=HBw&nk;r~01{^P_7a3*r&X<5lU5@53}oSQ<>< z_g9*^(3q>T;2`s~>K@~-ZvFGK)M9F2o&LA|=B4fb@l^lmfqtd>pD1X(?DD_*3H{4< z7vW=g+^XTdDO-{|o^-A+{MS(a!;dT}K;#F*Ve2ZuHS+)Kms@uI-i;~<@3yM` zpIGIt@_&*cdW;{eFXe(~rqq*$E?=yHxMrVj1ByX7{yaj!-lB>0= zXalS=1g0@Tk=2E4ElZe&^uwYl`FZGxas%wKmyfIiR*`~oNn2w`z$)+*L{Eo4R|RDk zKE9j)4Htn*n=Ny7j;(Ta30ozbuBGpn1Iin`DSsrKHLk(uiFwF_Zvij>>1^;N>+&fBw@NEzU@sN&MhZZLU ztg{fOHc%rC-r*S*I=J~%NR<$NTmZ5XRxV5CoM2gU@*>9UaogD`fxAR(`z)^cobFN% zr1iH(fb=qYt1{365JXWj3<%VD>m&&w%L&q!j+Ma5X}X?dV13~Q(U}j1#Lw#p{+Ep| zvf%0p4YgdnEnqu=m`BzHxeG%~^@^TR#m0Kr7HcQW<>JZh22O1GtNHRLER0a~E@sdm zoem;|$0rFnhe0^&g<%FUD;q+xX-NV8cJn|1xU)E_vi&WgInw(qv~|RCRd-B)tMUau z1+?5Y6jZfg08v*)B{9l7FryKTP}00bJdGm#Gd+q?s(W@OjP^Xv%;=hso6p`dUx%&K zFI-uk$5nT5p#y+k6xRGcO+r6k8HVD`FCm@+Oqc&_X#W|*AdFfYe#EcF{`2DN?N@gF z=j~TpPxhaO_|@6}E6P95YrK%W^kn}39EFmLhhNLaCifFLO+{NmUE$=$fEJ`nlYZJ7 zeww+`EM-FP!2q$x!ys6pouT~q4me3-IKPrwLhc3%X+=wi@>!#Ml>l3go>dS0o^`6Z z1<-=JP{aK{4F~t;|Fiw(Rl)!B<;$o2|3QB9-v5YKsqz%HwF8IG&@f1Y0g7Zb*9Z+~ z-Mopo2I4BkSrYCeoJ~_I9^X#G5hTlTDgd1)tzto~LT)*3xlB1?g5usyfFjB^9Dx4B zwKcd~RXMrp4TF#G;=tnT>0gd$Z}e*@|MgRQ>wTbF{=fP9 z>lelI-^(Ze&jeK#E+fw%d zDjBNiUz1bxH@Cd#tA092nATr`l~%$%0{bqQa`n2tJvPX4WALV z9yKSF#gzjIz9GVfJAlGOaVur;O7uh%ZoCSy!j7u#&gCMYon;X7gwbMa@qp(6k0fal zC8OC7aHb`k&L5Um0oc;l7+aPEEg5qS;=N)YCn0Q%I{ml?cO4!_TpX&dbu`OAzNUzC z9&GYC|FUd&4Oa<;+ZVc)>8{eRyhUiaT8wU%w!}#i!OY%ow1-PUUGHRxm~&q3rx^@F zJ#Cvdj*?H7G^#QLmNv#TLkTOv9|ahjn_%IU^C(l^z99zLG$v>Q9RTb%&Qnoo>!t)q z!af{MGw#zzX;RsFV1L}%%`$gsY8+zW*A`td`M(&9;CqcKBP?yy&2%V*rQer#V3N2>?uScUu9Ac(9KPwM~@n@36F# z!04vxb9VvFAYv2%>SNOXunWo_G?z4^S z3dJFKxZZ(3p(`yVW3UbUN$^qqJ5C5-UaG+B;y6h0I3b?#I7%@2+f_1+*{<-BG7|7J zF*E-8{Y{QWvOJ(@9gw6?G8B)%dd2#|r3iF7z@swNsyAJ~Yu0uGJk^VH|17P?SdU0^ z9Gdo9Q|hqT(Og9jtH88Gu)N}+l;B}Nf)Hi42+PaoITS+Y`f6pXDk+gDky6>aNrZj7 zU{}SqLczA*NK~uZtpmn4ZYtWDi7j%nUA|Zt8!(v$qtIC|TD%h#7KPWW zIu@7&WQv)c$b#-5#QoBs5tEl1d27qKf%;Nzz*S~)bFb$pHCd2X{JD%xk3;xzLj;cN zOeu9;qvlwl`lP!!+U>0XT--(rNSA-?6e^{U=P$@vTUgNsVU^ryq~4iDItmp6>hwOm zjO#;_hMGid?e1V_`dbwTeD*A7ej@k7~Bv)#24)%M$NJ-E4#a&nEEqcqoelfC@Gwy?bS{`bA} zgZ;~I509L^?*MNTkAn<`n<&0Yy5yrs0d25hBNETGY8paZx|+(zT(KcIK2U9IcatXk z0`!8{wh3}i%Q_H|sTUF;dorNeE#R(>8 zc$|bK_4=hiS;&ZIbtGUmt>>*2M%NT@NXtjr>Yy#Et%Nd$WSaVN-x}Y;EHd?NnN!Hj zH;d071G8jIbVMJGOI2%Ur`y{!xa98h^G61WmMTSzkv%fvOIO!c9UhW^f zefOPvcV!+MSsY|D;E{~t>0Jd8h91jBV#?7F4yL0T#_YI7?3bf3f~Dyuwa3QKt9U&o z)5&MGA^q_8{$>B*{QcqHLFruV0MDh7sB|5{1fJf&EJLACP`uKvzCYaGKRCHOIo&^) zw_7uZVBuiyrnaa%cz$qpbhy{M>>pfQ9-r=)bt^pJD?uHe99|sujxNv650882KQUG+ zl`@(kVXM2kZWF!JU0t^sqQmN)J+HSksG9{>J+vl-D5t-sObT!1J}e0U=0As=%Nu?# zs$=2GFbq==mP#i%klz0LgY%2S{sCXi6})7SxFcqvj33Kqq@n^{Bl*X|Vun*plF2&^ zGwjThslBIc?w7;Z4@fXzK78eH)Hh|Yto%P(@3r(l_u=&!1zOwg$^@%h3X)M*y-s7W4&7G#bzQ) z62k5`OD5F`UQ+Kd5|0i@QLwSN|KZ@LM>!b2Pxu%TUlu%+zv|_t?=}-iGBm_yz@Jz^ z_BT^Z_nir>Ur5IX7w3n2eI@2<`OWU4X1{DAFv@Ux%nT~X;O5c!Zku{XN2fnt9vq)t z{8Tw~^Kcg@9`I(mhp$2Eh617gQ~%=N`10uVyUX_n=WkE@hZoMJWUvCBVFD*d$>=@I z1_?%_#12>NZvU{~dwX=Cbz47BHbyqw{G^KMAo~)Hw!Qyf?|rYocYb(QuHDx6{(r$u zz%4>eyFWPLy`R22Kj|IK(>0&m|4XJ+xoq04R+zkYW^J41nUUkB-8c`=-oKfDkcVeC zZ(4S^e|UbdcX4|D)8*O0`Q`rG`6f4GzU8wsnC-uckSgTad8N| zGDWqd|8)UhbUCF)*Dc58|8mLFT-vUeEw)fNyC2thVJAUAFZ;_KvIG za$l2zUA3q_)YEG3xX2DeStQ7*a4288LE zhO+LuJdMnu$Q#p6bNK;3=FzwE=e)oJZZE17#Uo!G2HIZc8S`=ugAkSQLT0>MA~RT> zF3t@mrfzmv#%P@UkXfVovKgXJf{aX42RmTx%@Ucx=x}jX(6KD>l2~{gPBy^CI6eat z2n76;4ZRr`G-Qpryp{@WzX&&a!6VY=s2YO!tkflUamQMhUWsBv!a<*Zt13UbUzeiB z)}BwlZGc~x46kA4!e##526u75}GGWfbLz!NR34I{2j3M`t@s@zDqFq zHZ%9u4Y_E}G4VOJw8V0jS*8uR)c#vHoYL&mvKNQqTRx;mZ*(m+xH5O#eU$Bh+sc8K zo3vZ3m8C3_uZxSM+$y?kL1chlPHOm?j7;_krF6pPOSe;#YKI>J&6&*)h9!c5M8e^w zTf2TN#1O2)xfv?+8yAFpE#hqYz4Q)6hoY7?eh$^$}!Yn zwpte(keD0HUbR49yna*1{Z)?~XXAF6F^d<%ZYg2h0>coQS^u?#W(<{oS$nI@;g#M_ z6pc&HW$hqM-jc7?y(mBvS?53%54Fp6fD+o&Q^rv=7J%hfnknnDQ5y3COX-yj00`KQ zNtx5iEz6f^6()I0bGCdo|E~FUuy?MR8|wNWQ;2P&5++F|@6W1S4$yy^hOszWyBMb{ z@wtaf%I1A9@$#~1-*iRv+4ShZ@~2DZ?m8^y&oXYd+fL-D}IBK7jP8o zs5^`ToYySSP^m%_c%vv81X2DC|GT3}VUB_OpKa>@)zyDw#TSAI{fEgz->h2Gu#dX> zzpq}}^&elp+!pD{=azr^-H_{ z`|CGP^?x7aSMPG?6zqL&_Nx`^0^S!c(X~62$1l+}>$bXN5=L76VB13Qy9Qnbx*Z)V zulro!mr+&MQ77?XcQ==1#VlV-W~tkE$1u6G)|z*SFYf&++NC@MkU!1OF(k-FkeoSg z4bv-HS^NL?tF5Q~|3Q9^^PjB)*w1s8IHxR8qAE<17?C7H z@u)jYGMF$Kxv3P0GXscQkEqG^SFbTxm>LSik`#wWtPhk*V~Z?77$Ul71<_o1SBmDk zu3E@xxi5~gWSXkot_8C&tM@c&Q8Cv&B_(5HpsTB3KQ`gtME>JeratGdM*hEiwY_c1 z|Lw20Uu-|g|A+WdmRwD7+Peu*L@f4HuY23qW{Am!6@_S$(Oi*c;6$J(-!N*puc2I{VYlM zGzlh^ir&%D3ae1es}n9l&_*R5O9|VwHHJqho_;hCWk~ko8O0M%(=>t;7?U9SPSc+r z^Oy{$Ss$z^H@`LcggXYQKcxqYdZ4aU$@~1?cWnumrhlSeo&F~>v0_Lzr30wXy;7QA z3DoF+UvIy8ZJqyLy?ps}{(q34rk?4}zCkt|BLatHO7*{-3A|33Kd_Z#x72UgbQs>_ zSecUZEY)Q!nG1}()3#xqpy-xpx87r23!>Umu0bl2H>oMpyEc>d@6)R2tUpPQVAc| z2~+MrbB?^z8lk-?z_>U__PFufl>l@Nuq`<5jCsy9@gkb~TO-_Vp>C>9*Zjyj3<%T- zf0BfdUAQ$SStXQm@~tP?V*JsrvBb!em^a-A6gag5Fb4whln+rs zHaaw;RPq+_G>TSA+_4Qeh8nf9e7P>cOQB^?kJe)W@aT5}uci@(#A=Wxp`SCnp$q%I z|72@!N+2&Ihy}!h)2j>|jA>m@mu^R2fQF02s=D?|_pehVv_^Hk}(Nqpl_n z#j{2Wv!N{4FZAKHtN8`W=hli^?Eh&vxEKG=7hA8kZU4^~+pnMY|A+X^fB!?-!R@Kz zaIG->gi_(mpqhy7U%B+`Bb-fBDnH*&!x1E3pi|GENSpYAynhNfQzo6DIQKeZ?er(6 zYl-voDx$C!!N+%TV0B?UD|X^&;@*Q+xDSQeY@ExhZcloX@62DsuJrVKs9%fyUqolO z&jC=q|G#|k=C!^5zuJC^|9_a@GS2_aqx_!&{GWF3@&JEv%OE+SiTjUelEDZD7@kO$ za5gQ5|2Tr57EOy-pAV6O^g{&`k9WW)pH1JhzvSf}*n|H2y~~r{@xiXQdVBoS<=N>z z`|~dM?cv`&1HI`-6rmuSfvageWaQ_roRDO*%MW7|!SxQfRZf{vG7KW%XJ9x9DfI1~ ze+?%gKp0FA#wZ@$dBtxjFa$CE{>6^J{lfJPjv!1g37SCq*~=aOb>XWFl4%xSGWOZs zUeVH21tA6D2eKLl_~x5$fVVoFggK0>Bm?W~2<(Dw@DG5%H@gxq`sd$vw?U`#4-h6s zx+ZV+R)GBZ-@o2@;IDr*vDl(d1{n;l&1_h7Fu+^Q2bJRya?6WEodTnLm;+@m`MSLR zJHEs>!^>!JiBiWrD9+qvGok*}=fi3u_-vO>#lOTK^`Bp&ba!=~O12@1zz7n6Z-#V$ z{Iv)C7Amd%{mWoX>#fAq#7saCtV*K;guU(Yhd7YA;#|b7B@O}0# z`=D4TG|(0J`DY4v^){!%9r*Rve*iLuu`%IrI8G?DXdmV?4!QGq`PX^(Ik%!RHn^nh zK6_wh;Dqp2*9}xmlIOG0@xZUYYWP0`KL&^h$4FhYfx|P}9UGA?c7W#?How-kh4$SY zSd}8r1D`$t_z@AXE&4tkkO0MIzful@!?PlVSv?h3FLaDrKY&0;pM2jtKiI$g_VDPy zE1t&4G_4fXU9-ZQEUPB7X2SSJmP;%7GD3qZT>nj!jOstS2_h8oO}Hx&wA6tT?_JYY zKG!x^VsCG>v5Ka=){QDY(%XN3aDH*vKiI$g{R&TXAyX$zl4y5@F9PV4Y z=QG9@O3App^F6U(8+5z6&KCWecARhM{dRY^Mp-QbehAin{+0eQoD%jISOfkQU6t#r zhx_1fV7t>1V$^YkAye2log3xKGzUS@6+rlsIgao>4S1^#>YSaPUtFHNJAQj`?ioV0 zoS<5h7Br1DN3l7mDTHw~W6Hk5WJ1MFbB?S>-vnthY7_1gvqm3W3X$hx5$B(-v5V7P zACf&i19~44g5ps@EIb2g6bxYq#xR3m0I!k^0_I6CYwiFT-_WgqF6$2&B1G`QGcXCR zAqH^*0*t2o)?qwoAhcTXJ5Cbv}2ngaCzyzlI$%hyu8HkhE7b$D3l>o07-oT6?3`6j}P&amf3n9rg zp1U!>nyVX$JYMXL;qaQN-ZE1(5Cmmm3@8S}07E+Lj7>qDunea31sOwd_I^(Qx)>u& zKcJv!6AV7EHsUM#DoQY+lT1H3rrYQKTQCfUWBM&3<77%CFXkCD*^}Wk%V10{(+o|5 zY_{v^LM%iXpG2y#$x-k3E_#>yhv#>j;lP|VPOp7Bh7e^uIr0V=QZmrNqbr87PJBzq)C`pX z9O?#;by(>5sj>$G3iNOh(cxb2vVU-Kd3?HmuuMNZ0f^1OFzS=1VMN#h`?46$MQ$VLb?0PeZwK?aLnICjK zunP)jovqTzIZG^d6}hn0Y^CCZd*fTp-ejQ^CJ@JKgrn9PvHF=_26wd8Z?DYNXQRMn zPL4)#+G_Ao&r9A@i8seGH220^BL%z6E=^X&Z5$Pqq)waes7Nn*zCsn4<+q0tOHagNTCuForQZ+AyhsyN>TMBp76v z{+IOxK8(?D42D6>VxR{Q1Zf%}7=jxVu)`6!LJ{P`LVC`CC>f1l2G;pD^lWvT3MP8u zj!+B*PV5^lrsM@aU-J!QmG6Vq+wD6K{PVB;a$88N{?Wm~+2z^6`QhpQ?)H`;^mQL4 z!w_dYq~iQcN^>FirPQ}{k(DJwuj1~Ni(gZA+W&^Bp<*ArRsv+{e+P{_WqtWlr&+)IjYtL`iJk_b}GjFL=GGont%n*S+ zLa2g=celiwOWOCPL;!}D$@T6uzK)X*F>lPhFxb)h*7^AzH(HTw3i+WrOr$~c85mLO zv%3z=PedR9!!cEw=|aHM;Sj=5Y7+rRjv1&D?$4EE$_62g8QiOC^;T#1JK5tfnZ^WW zyRyD1$Nn!s8n0Jx9UPdOaWg&_>zy^j2TVexTIQ|z;|~07yQ6z6u|@AuIWdC-Fu!~` z3IR5kE5bGhr3o{dfovMb>|zXq_27!Y3}{^m%HU3Z&~=l6ztfz{YEhSn7jPU0H&oAq zF(1PMC@XF-h!KpaLd;hmoqa^Q8iA5*5)djl*Sv48;q0Ft*a6=#CjaNgnt4aTSA}*% z(Rh-T1SpWU&oxw}o zV{rA>{A%?Y&VJ1ut(e7GoRqv@a=Rw~`p)~s1E0VsgDLR;06sma-Co1l-40m2W$^Dd zyiU~tTXWRF2NXqgi^7m@pgBlS2jwKk>aFAP-SBGEmCw7Pr(Fg0AHaa? znh2S8Rcw={8=W;KH5P=`m1;mFSUy76ki=n8ES>y5hRZz%Rzm7A+#I$rL;%LS%(Gdm{$nLli)<{ObW<7#D00D?|g#wHS zn4r;^01{k75P%2~LWMS(sPip7d{UJWVXHO5$Lxa7k`ip)HWxz@$~wCylw zOf4`u1E@tPf!%RSey(pg7oGvUfGzO(Ksj&OTc4ME|2_l3O@czEl4NLjJ(H>;o(?cU zWXd$Q4~UEbM)4?uJdgx~!Hg=J@~(}|xM<1!J(4SM6J%IhuM~w{Z+JBVyFhJG|M0Xg zGRVKls7A?G(faUeWPT*>pm&+NMnAd(Zn?~sFNbrdjkp>2dVKA(t~4=9Ckw3p3-~bv zTcGG7EobN30MWw-RnplENFNk^uQ26AsUNijDM4rpz8so7$9WDwKT^hEt~yd!>0dpg zJH#5{zQw;!F<)Q4DWBvP%Amkd`Z2}uBLPv8q{VH=t)w%h%_(F52DX7x;RF<+^*w0L zq&D$?S`w&Mc>t>8|K8AFA^*>-r})1I`L&GyYwgc=PyStcV!Mj)Eh8y)n`^I5p2yl8 zZuwX`oq6NJ3iXrg5-8{^u_TK^UwqPk%AW98%5OzWtF9HbE}rE|4YkB-pvz>PV{j%> z*RGRHY}>Xou{E)6+qP}n6HIIyPi)(^ot(UHeO2e2`u_EgwX3_T_wK#>TKBq_?8k$i z`jrx7c+%@#NwI`G?qFZ|;>%3^yd|5`#dGLCd>lQD96h>n*?C67TDf}v-UNSRK9+jq zG}a2)cFhdnA|K6?W-3OYc*%GH0hB`N^=!3~PhRoAA^A?Vu9?9lf3=h=4}heWHnuNw zVdM72=3Wd)9oY)oC}~TGcCccej3Z%EV+4xggyT8>7A;9M;Imq3WM zkliyk_!Q|6#Dm1v3+!tHuZcDt`O9*8t8YqKT?w|?bd+=suOI5vt#Asgi83^(s0fP9 zRfAHjyI4~~l{1CZJ)@r>6B^)5q?NoFueq7F2=1g3Nt9TVzWxoJO;5Gf>g!r>V+K(% z`6dR{0iKW-Klb=B3Z(>TyVbw;!lRN_nqu?ze~e(M&05B;UnopS{%L`r>g%0wzly)j z52XeI``w~RC7yhnUF&qLw0_Oz0U9etao#iNOkodNY8YrY(h!>Gg4;qkm4r~>>1zzbm z4W}5X?<|Czst}$u5x6mLti$8YQWK{l$%NE&Z#a_f!>;06j|S{FT*7(EGg@0#sCK3C zHKa=3xrv=nnVLfT%6j)cZ%L>YJz=lP0)0|$AaV!suQ0eeu&D_#XIJE6fq)9Ph(@F? zJ(@J3t?MjP<1aLBtyumdiNlg}Aq*Y!`cKy+8r|DA5uIquVmFfdCB|^DmDN<1I?laM z=xl3PYR4vs*;J8*xw7+r!dCNJxJqVrslOiQ3`zH6g#UEd(g>je&8{Sp-4nI;UNDlo z15Qdk?#p*zf@z}MZMlBD-USd=;QjA@od&0@KhCs1Ocp(|12uF&D$Ph;Ryw`=F<09r zb+XV)z%*HibCbGl(ye+Au3xUbKxUU55NWh`o+_B%ZqOMzMkPU7JMztB-3BF@D%nGN zvb^wpy9qH9mWTV>=8-X)C?&d7)fn~He|M7Ii`-m1dwYdnm;}CcolnyF3;x~vXAEI% zOh^#qW+@AH4^rC!)1FP`dWn_E&;XDSV9y)!=)mLqM{Hunrz_BJ0GYFFnufNen-fk< z4xP%>q4(7^f2Phpkq9(aK>vDGQ%f8yO;SDkhrRF3Nh6!kE>I(e#UUd zF5znfpv$c}+hH_vSqm0AtV?p4&4R4czy`gvtzk-HsUuh<=iYsnG0nTIsE&_@~@o7(Q82_ zOdY>)_Z3jVu325ED~c(L+|SI@O`0&jqFfu_^wUix!r9So8zx>(n9c*em)Wzbx1HKv zib*#|*8LX@`QNJFYEtQ%OX}3KJtl~0q5lGEnYu;yhd9LeksQ?me}CKX#!D$x{_1?T z^!4z)KYO|R*gRbw*YkDOi|cRlCy%Fh1`3V!Ut`ik040f@G3T>b@$Rt2f2A6C&u4Qe zRB(H5t)IitiUip?=116qo2uT<&dc^#-uq)5swG5n+3rv^ntaTgAO@HT`da2Tv3Gmd zyG~wqR5L-gsr;L?ZFTifVS6$OOX?e_f+q$sqQs}{i_24RQpVCyt7-O`eaWi7^XF_& z!zHS@Ln>k0+nF+fJzOSyCHywq#P|tDIGNMw61(R(-fa>!U7R1cVAo^IxKgAOb;saRu__-Tf{3&7MZvkCQ+5T|z+M{gg- z@eOT&Pu1MQT}N00Oulr!L%8yhovosZu4r66?ar^q&DF!jNxP=9bxk>;c7X#Z*CeiZ zB3NIXjclFn4)@Rf4tBF;20er+yKM2%Cpf)Y*h%`41Gqwxe*2?3MwL=-UIN^nP7an5 z8!_b_${9Lk4nP8~Ib&+hXU(u(ECj{!v6`y^U>CN4+F7ZP@PXVirb4k(;l}x8W$1+;q*ftgWuz_tVwc z#oOlT_+n}bbj#ilT45=}dF%S}-sf2urfmAFfR*=q*;bdpGDX(!7v5HicfRFX5et7Q zB{dP%*6H`(lbX2LxR@Y-&cIp22-MyD#?2M(tN9;XoxYu#}9PRA9u67G> zyI&^wsshr8C$w#Tzy95axTxIcvDxO|)@-?2q@Pdp$AWrfsDJl_Qvtf>%j*#`e;f&mE9|^wUdCz64w%62e=B%wMTj8?2M%Vqfb)7T= zze#94;e{B`(ra3;f?(&YbGcM=uzDKnj+Uf<0-@55`+RIhE*DMF4+spZ(14_>oagUq z4$kk|I20;;@_m$ebQZ65873ZmsC*1GXUz%MbImozJ{vGt9SS`=ZGgOyu(pZTXqW?^ z4@f`tqoQL1a#E_|^Z%yVqO-qeCCCFn7?ok>g&X=}#47N@p0Q z{&y5JRJ|C|EltZ;e&-Yy0FLoXsc09#X{0-tWz0OE?LxZ^SDty)@3VGJt=4_M(8)E< zXUUQ(i_~KN!b)#wr8boD?MNS`O>H8_=q~7WX0_$1wf;Rn-1{c4r)i7N7K7&MjJlAN z?QX1fwtGpd+?aV_tZhzJpVdb=orjd@#lc5Dp=u6?`~ZZeve&9(DcoRH*EhzDM(aIAyTR(&>|t)2z`V%Il#@g>YntX1*Pnq_uFQ?@vpp<@)^MlF<@T6! z0lVmNqHgqd#x9m#&sj8VbtnX1W?unr>*JH?J`s)`39p647F7>;hTy4Dc@JlKB8YNN zJ0H(rAE}4X{KK%>8tsz_fr~djte9lCwFNyYY2JsV)e(SDTL`v2ibYEAV7UY-+gD)b zQLHXBC5KDsf=#6ozlL$^>N&$rg3r|0N`HZUnVDNhtxh)4ykQ6a)}tDru(^G#cTnu^ zgD`}eP>8f!UvH3^uW61;8%|f5%f>0z{T)STHR6x&Zw1ETLi@IlSx@}h2^@*SHAwuvFS&r+O|ci2-zyMB87Iw*J_EB+F5?^99Jk}uoZ&1%9^Jd z)$X-p#dOazYOjs0^*lwGlYbE@(pgXd`$ctD-p{jlZ5uF7|AKwIDQYVj%6!9iawP0B zX&}`EbdBI5$}hp|#@2&O2!?mKFphfvuIZ{?-o3bNgL;bsqqHKSS$=R#;PUhPF_&x< zQ}*0Qh0Ij~TV1xy;cnGv57(_()rIK2uGOVlapj=u4C<)5P^T;8HT3GJ7|ZT*%q{U) zRMwJ5VkzDLgl*6BAm5)&Qs|#b>U7`D7^-WjwE*K(&FpjTfY5+hzDY!;P@^swHSpxw z6%(bJH&m+dMZ%;hb4J4lcekAsR7&=GebYfPo#&VE-F!0DGr9Eo`mF=b>?bqbtrs8CGIzVKt6dX!V1?&8@#mCri3 zO~S?Oo0U)d?G~+ZJN)Z-4sRJ9N#A^`jTtVwz#G-wu>LqVwNNP)e_I&WDJ2MIfg5)6 z3W=Af0o5_&&=3AyF83LJA`NRf^>A6VPRGsd9x7SPcsl9)R5||*Kj_U4zh|>*BbOEL2RGKK;d6HqjgOe8;8|OCp%3~ECTo(` zag_24DW&Mb*Gc5&FHAx55G~)c5TtKS-&Kb0#mUR;PQbbV8AiQz?#jr+_uw7rI9O%u zYj<_@aox5Pbt?mVQekXI$<&tS_V;(9$-cawTxFe2O*K$q!augFUHdn@^-KtJEu{{5WbYu*WY)(7sJ6D4s5zuOBsflM}4VH zM;*lq9r+bJ(_55Aonp0Tl}EkJD((juD)!WmZ&sbCd`}@yhYbr9@?To#Q2DxF+}=+I zr}Oon-yPSvzW;+guC&uBKebDCk@~14M+rSWfFlC5vsKnr zm%VOkOmQm#!|S>;uyTJ?@m;Ulq_po!MTeFJZ9IR=(#|?2nd5=5PrE)gBCK>45ny2> zg9+fBb)R|OGs%!vt&TcUgM&xxH)4AA&~y9iKrr3wF52;gX=yIz0!00(B^ z29NArRjpc+YOzWZvN)9Z@H#ba?Q1X)FI1a)kq(fz?!mKISwA0E7@m;x>ufL3lxY$aHd z(`UP|0W#k3DQb7-bnk9o^?S-lIL5*#YPT%a)?y}%3s__ zLZ?s?7}*8R_gBdEl5Sb59UV(&F>EQ&h+x@LdVz10^3!2KRJ4&jk_7PGk$JGX^&|wP{*Y5ui z3wu^jsZw;;$OR>p*rEJAB$Juh_z=O<(`J}omq@|lt6)QSMforb_x=^Af?aununrn^EgFTxnqc?7k&EhthQPchOAHYgQt2u^q%{OO{IXNSI#QR_xk-;*yPAa8Bel zhe*L0;iN}9So5mH-81wHRW-qx{WZx1yPq2?q#IWbnN4a?Hh5z#r~xv$Th90R+*?gc z8@%+%-2Mig4;;gCM!DS%+s5Oe8TRA%dD~2T?y>RSIFlcJZXqJo;Pwn%&9}tm>v6w% zGmPauHv(K$W7^{~I@0^6G*B-+K*8g0NpIYc3xyW13UhHSlS0w1s_*iU5EC`{sN0U< zNnV`wk{K>NSlt%F9(=PT?nKYT+h)&VkQ?!8^ zFf`Rgwj8#XF_Wew-lM%rtAS@52^Hd#jJMrm8Zfe>pTw;xWL+jFc9pBu{0fy*=(F=A zAG?S4lSLQKaUr&z|Hz33Jw0H2V=$}!T+1cMUc~~9iD8A^J;k1Ix&b*jrRk3^FZo{U zwJ?`_PzhWcyF+Welt+%Z^YAD~v_MNY)mUpt(hZvhqrfVBW~2w2-43R8Z*l{x={>|! zN-xCW5jM6(wW;lf2OeRWij-F%eIk;bC}#nrS>d1hYh3d_B-yAG|w70K6evu7?8ja8G|H4Kd|~X#Nh3EB6f_R2 zI)K%redqPKe-+Yx^K-g?iGFR54d11}xVX_n_+UWzP0a`#8exYke#kKGnm&~{nz!z{ zFSAMq&!y9vQr<=r%hf3JViW%UVg}-vq+kTRZ-6YSJ$G5k1-z!sE0>G4qgOfFn0z_K zECZ0e$DX)~f9%~{K;bLO)eawE&?F#n7p?Ds9jG3!Xzy7Av9OI%P0j1=o9%mzp1I0{ zS?cc?o-$Lco1e^eU0epn3<(M59K%8KlgWHdT+Pv1Ax$G0 zGY|=@F=ho``RbaAhmURQ)IG1D@_Bp(t{!4%V$6iytgTNB7^P_m?ZY$_27qbm@<^mD zse%a!!AU6f*Y9JVyF*s79_dx5v2Nk|_;jVklu~96hj-VH&1>qd$MLC#N#d`Lc`ptt zP17jbX#Sjk9K51Xvgx9K6?bdIwZFCo{B0VGJ|H~sinm+WY*ogfZE;7cO`w~byHXp_ zRv0wa!5q5l2rZRoC!vZMH73%IzSjmDN;3!n9W)rX*NVpxw)yoIEJBItytM++!5I&# zO%~Y0vg_2?zMsEELvWMnS|5RsR8lk!fvX%nf7Ei02WIv0$T@jDh{l3UqS@UW&9EG_ z`19oIN|8`Qt9zuO(W}~>cS$-h!`pQhvRrb^wB;$uUa5X{rVnmbBK0G}p2Se9bP_`s z;Epks*oBJtQ75X-qB4!*&R&OLBM$RFW=t&8r%q{XdEK$kd-*RnqXbLQrA~ORHhCN{s-%lS}Bd;DtYaU z1bA97DQdn4&1r<_Av#o5>M2U=Tt zBb@$KG^-5*6x-of^#G@DilztZT4I1B@paPQ9UboV{d9Ev)qa&~&9`?+U3}j!0P^g4Z*PY*6QWjcm7s7A`jy!d=GTsdf36cCJ}TvfA@d4P*h%1+wi= zw5J0aBPz@!K87!$=-N*X$$FWCqD_bbOi@Rr`t%_T6fzhrk@3fw- z4o{!AtHs;H)t$4KgGv!`2bphy(MoOSoCXF|aq8=u`~Lu5Njm(jvz?dI$DN~`veL9MLPaKSORbl404rniXr4&=sHyYm3;Ohde# zuKum@`z*ELwBu{pY2B~8A}N5P91m-NGjKcBA&{$`!Gt`BrX2R~ZCjn< zE0cz`#}6agoV_WwRF;&i3Hk$+BznD`x7)|laW^x+jy68u=kc8j&G0$hJx$8xcz|E& zG8rdy(A~q!(aYg&KGs-Z8I53O9zd~NO?)1mnVZeP$At&;1_Q6tPu(6tQx zmO=_MxT`nBN?$CuJkreAmyaoevKd(E<;kMdC;MP{4E}>O(dbHPVRRNU2OPZ}Zr_&O z%+l1@dln0A^#Y(y1F!nM;hX>9xd(#xz}ZgGZ|ih^-EL+zoTt@59REm%ZNZxLu`+ey zM{z{NgLfy2$dvyV)4X!}UrdwTYT`@H9ih0Mfa`OWhV%VguUZdJuadb*d!r|ja~W{| zLo~ZQeSGe(78%kQey!M7d+2CbjHM0Se4I^2EzWZHwENW^1eYE!n^CaW)cAS1xww8_ zJset&ONQw6??KPbr#00V)N*|w4nVP>#Nur8QCoqXyal&`7gc%H6Zd%4qzy&GG;DuI z0N)Nn6=HP{8KoEG&F(?q7G0-Y$~v{9PAbnE4NteDLNIQ7a5%Fd6Tw81nFw__wcwB= zf7&~I7{wr(&w9eW)`WhTw93*?P3vy522uRkxXP^bPbZwwaQp^WEY-1A(V4+!mq)2o zGltuo#Qiv!du@8is-#R&`IjGxPm#9RlzLU3#^?f#C|VN5`Xtn`C2K9DxWsU@T?1Z# z?Zio$qZbK+ZcEo~nFU(%L#im?tXgff*9R-FQ4OW3wJ1YOT?4Ka0x>%Zjf2OUk@rj4 zCe32omTHAG;@c8zfM4*&fpFG)ttzaF0sh}3Mb9BL&UHw*b`-szzKMIrbK@Zo7U3!r z!v>nGT+5JRD-CXCk6JicrL61N9mAoMG4?n&>+fNyJKvBvln@1J&=dRtysRUHlSluI zAei>kem}*r&HqFOkKd;^{62V^GWZYu+@=K5TxA<_P~Q!?b-I;Sco*Pu^XMqw?y`G3 z@0ob#Q7M`gXy%<|&V4syFy9k-bYBO0A!hCtZVXF|rWbKc&dvVY6a6~f+Y8;pOv*jM zoGpEKL&vY<5rpk7k$K3vn1SG4sx7+f_p-FMUcz>1<)IfxHh9Sn5VX*ds0Y^*S9;r# zrBU2JGdbP@PK^>^laxeg?X2-%ypNjhHQQmySF?8N{&k3z3bq8L5W&{kIar~)`(1Af zl{uJYFINlDwYt=nwKbvesf&+9=n}qG5@Hb%tYIg2hz4jN0P0?>Qu|@!3>Q!UBf8hX zF>iJ8w4RKSl!ma*ak$Z=^$h;}UnhaO)k;%TuBCj`0|Q#+w14Q2%+iU~Zv520c-Iz0 zHd1_~BmF#Lb@n)$0R=Am(6w% z!#=S4rA}8V)=2ZTQhp*Duc#%C6sbLE?$Xw4=Sl{rlzL*E?DQqLE8^KW(o zQ|c^6Ff=_r9Yt10DN8&!rN5ZFohskz&vDvMXf!Y?a+aeE$^?e(g8{W&92Y-`leo4x zco(wt1{?n#!@vvA>2#Db)i!Qc{l2czKzV`o|3#eBuni`^|9`~Ud&*|}n@Ik#d+7&p zZXMCtuDoilA1$R{9`IX1!qUME_BTAB&Xe2}FdslOg~8p1DjwG^SIh|WtkXxO@CS*j z^8MTlq#a6t871a_ zR8nIkSt70N8Qr#1OzW{;?l~e$C<#JO#47llQ{y3=2f&D~Ov##ML%^V{&V4JAL)>Ba zS2Tkk*Ez`-&@yWn&uFuRx}%FlcY2X$#GY6daUJP(m2Y|J)Ear>yaJzItM;+0&86Hl zxU}L#p{8IQbz`bga7@79B{$fEAY`*?O(ra&`!7a1x6b2u9zjdGt8&JgnhFEuLxLWa zwkF4jqsO@f$~)IR`^e!EElW7u1Phfkfo}RuAkk=9sf(5QJ~;CI+4tj$abS}=T0@F8 z#21@dSyHX_JzHEt<$%eOs(&12`q>G&f1y%%=W|DlLIQ^3?ylFU4+yv~y}mSvzx_P< zxBh(AP;BFMQZ9dc-d((=ef*#*?=odMGoQu9Gb9Q<@Pwo5qW#gu2eOnAMG4FKje-(iviU#stBVY z3FMQ&(K(_rcn0U(6zbKsI3Y5BSE>Ukx^07JPP8eUPOG_gwR2UbUiL=xf;P`ul539x zJqQm9tmsWRZ+`o^{HS)}u|V~2<|KU4hK*rajK7{DMg9b-BHTpJ*}bb~-;{;^BTNiNj-z!%*C zHdDIkaed!$L1qAw5RrpN{(}U@BrD%D&yUxMV;o#KrM4r2i*|El3`8ugQOe)9+Wk@k z+A~k^nRFHPea29d$udca$b(=l^feEhc6a!Bkhv%^}Y1I9OcU)@B6%Ae}25-i`LR4cJ2QA z;pQ|dXkhNu?`boM;n}G=PbaO47fvI#A8{=35(*JpjqL3}K2;%f5ug%p74ydPM^X z1rA8IR}Z2_@6pgZOh5#1k0r^x1TlOcJ)s{;+zVh#eayoU!q40rZA>Hflsbuy;`On| zC&CQU5)ur)Qjk`hngB3mh!ZB@LYMSclPx^^mfk--^7d@Z{vvEaC-U9SFxBvE?D@XA z$v4U5D@fXuJw|2OwF)>vYRw=PKw3T;I>8D-$`te*1`5MZ0u{xrvyKF6>k=)r2mcEh zA10#6+5myrrw1igiQs#vjHue4oalv11Qha4UT6esgt*TniHSVYZ``*#T@p^T#g!Sy zc?fzOduW80E(ESmtXf*CDh@Xb@nkvYK|I18q%LL;DWHtbY z>MtY8yptG|Emg+p=iIe(_Z#$v_Q&(7ODPL3{4l8jsTdx;BT%Fwh(2n-Y9YnfB-C{5 z6I#$&h5hAM`h@dI^F=sHY9B}Hry(fToUnNb;22pck0RqQG`U16$qBI-1c?xHszSP> z^Ohx7I9~0KVPTkYV8f}mu~4nv0qyoQrO;O)Bz^u0BAHKzs=bg+Wi14-Q-lysrZSn zpIS~1u4Nm-%MEgbR<8jtg`;=2xp{{69!(_W+b}LmHqp}QgFpZS#|6RHvY)G`qkriq z#pkcD*flOUpfv8i6 zdb!(f-IDkGuE4^3l#oZggN#EpgjxO4c6hwhkpirxj(DK9j+wH@3_I&~cJ^(0m*0wJTexdBT@VrSC=BE;)KIPIvpOgvI$q`;d0Xu}G zTFop&AZ9Uux;EGAR056!y$UTC=DURLx6wY-kRc0W?C7sw;9JEes$ri2{*d=xLfO3c zf}sW0x%DKBw7SQk{_>2p_?DqQH!w=1Ebs79Lx*nH?vmk_05Cfbob^FgFTZU%(~DGJ zCj1D};+om2Y>`^Jh>q^DV))+I@n{-c4y5Jgmqb#azT3vufe8y(U9^NcpEKyCHoN;U z?aG||N{T>j`9_A;h~5%2+1j3pbTwblmpr`yf}xHI2WGAual#4St7#GrQRXrK{l=kb z62wsGn-vdG-fM`3&(_hnT=ib|y` zKx%KX(=!9KZd~S5bNW2S0MrJ;;##(Ng1(!}YqFPQrvP^g%rjHy?tt4Y4*L*(w0L+G zZtE7h9iE4A0_#VqYeXK9A6}1thYlig8DD_uO@s?WUJoJW)%htElbb4E}v01QRH}Y8ybyJ=b%tBqT;7-VHORoN`Q`8=J>H#{*`$xEx4dB3@k`xi*RHd7{q;)^A?1Y6pNtv4wM7* zNwtD<8lI^N)x(c&vG;(E8yHQ&?=foIP&^@-&ZIwZQ0YW)30HQ<0d_ zb1io;3&+jFK~wcQF@W}#0C3Mf$&ZM^)(`E`o^pk5r>aOR<}Pj0h9HY|T(os+1-T3~ zdH70Dn!$QmtvM2=zc#mFR{#BN20s_`T#5Tj1m;uTpZ3*#E_Pz%BTehjD?&#GYxXyCgCb6Iw9xtnDnb*SVi8O!C#THB9>n#= z`u8*_!qkq4ZW3xlO9-iuLRPr}oF&5>#OHArWDKLUXIL2To3(iX`Yx1V1`IcXWqr_5 zAc8&ce*xznWWR6EHiVjF7-4^PxJF;sQ>*isd^1H2nqm3BZ2j><)%J?TXE00AtC?Q7 zQEnhCyEO>H3el1PCn6N_68XD|Bls^fMk|8+NX*+hEp|G?=dU>f}h7O)|G$FKDc_ z^b!-;DD}i-;&Gm~*H6Mx$$S8Tuv`Mks)yiLKm9rER7chW~8*;I3CQfp`H1 z#XAr7H7|2x8#Z6^Q-U@wi3_Jp$&XhvhOJt0nF$orMGKUI6~PmeLxgTWMa~z%1tP(g z2T$UkM<7`40uB@3HS19FeH?(faqcwv&b?oQTGm<`Hcr!-l?l*r=*CjQ#Rz^)l8-IAw-fjYotvG>6qXb?!0*Wbd6&h$?X`RjR7 ziME87^NWNdhVezr4v^YS2V$T$w4nt0*^tuea!U zC=^}v0yo91$&EeMUci@6@Rinp3wTj5ho#7dhT3eaAGgH(!FT=99rl|EVDju(^Bm$T zHgBqZh4{OHkW#I;H^2UCG8avcL?w=*5s}m5BJlPp%hA-~hfaLNhlEKjSOv@I6m%X8 zd5%<63RH6iV#@IM+5{Us!5`8RDE|0alfx3@YBIEa0!Hd+aa|Qh!yZ<7p>R|?A2gj| zb43kjmnf0gh0oznm>BD?_Vt~yl-B&)3*1_CmdO7hi!%Bb3(G{p(>VPzq8< z{lak(hvw;XD6n#gGO|AKg(2oT1g|F1>|1s(wcY8$UZ^0rz+2v_OsS#>r$VTEBwz6h zJ4@wj@<^sKr%(vdv&Iy)he{~bg%G2QlO9IIuiC_IovNBRs{3OkRR+%R=%EYP*iX^f z7PF^QpEx18FNTOxs*_Ad8%@LF#qA?SEkXF`+ra9%<%ibS@`=jkW_3)bU@8p+=x614 z$(li&BVt9PCH1d)I7a^<7AQ;O2{*8qow(vl?dkw7EnrRU12c_+Velk5wPjOpU;l+D zC>!hH^ioHQe%=xOso*PA2v+&AUIbuLKyE}Pp3wMeGv<;#+Y!PABwi0k3;oE)r6q`! zFTMUS9fz1UYIC}paYAfjW6IIv6jUDaS}wk({W0oiQqRmSW-;nN@uaZ}RakVt|J53V z((9tV6;%*ykT66Qi1lzOgCeH(2Th5uU3*BExsy82U|m5~DzxhTZ;*|Tcfmz1w*ML6 zsZ}3DbmIc@HYk+XM&_x;$|>90M9j?m$KC7bvDZp`+7@w6(>+DnMd(OkQ^Fgx=BNRw zP)zbSTxRl5zbsDPz}=+8SwZ*JQlyC)!XifDq>vHi^QS+{GL5A^V!_NH!)5wp@K@^) zJ&w3Mx=%tQ^?08>7|3V%Vb7W2JVHH?h$$19i6_j{i-)lci8s1PG!M3#TD>v=|ro;epXD_4N2+ z@*zjOd&KoeMr_CjxJqVrtFB;Mj&8`YYy(%}>=JjkO8k8n_*ZZ4<_&+HZw#Qh>m@*@ zK+#g8HG!-a05702#G3sOAj6HFV$biC!EvJAK zV%8M6L2dEqboqjWMDI$}s|I^u=`Q>9opQ^!HCSE4F!-#R3OtoWh9kix5RBnBiT1?w zov$Hqi4PGLLyA$58eoNRP@SKmxtnODZ_`_{tI0JWfW$ayHOXNfJoY;y~zfGWP?uNjXR^(`jQp|6Ozt<9NJFQQYpqK zK1Z*ix9NR#=;POG0K>BD~b6L>{TUt*fWcQ7rH81elc}JDfOX8-PM>eyI{?9i% zJB&cO&HDS5iSm-ZTI#*$y&tA<9B}TNR5hq!HQQ+2pZdCpmsil!zBm0+$D>T+L7@b| z-=%GM-u^YejG%Oveaph0(Il!xJ8NOZp8HdT zj7Xm6Gzn_D2CvzV{MA_N?wV|%jqR}6*_u_L$~63Fo+==zt-kLeL*=@;IX-O72XOYi zk_iFTlvqT5wAxbyl}|W8^TEqaem3qZtantAyZwn&#Zp9}OyMtf{-Xp#wkxpEKNIw! zm#il1ro{GCZKde1dxwVrjC&qy|9CMb^K>~7e<055{1OoQM+?-JR`@=rD7#YRO7dVy z(;>tw%E*HqPUs5~tRBb3zu%qK^k=_2cJM~>nxU=>e(6>p?wNuo+(UHuR3NJExNO^@ zck+QN3={kg>LGN~-69Z8f#-F_N$OK8? zw?f%T|CKK-2)8HPM=P65(LA*rRRwwTM z)DC3JDk_HSRRe4*`_UGBN7EewQ1AJ$58b&I-h*}bwsT1POiIuS(DlI;Eh)lkCLWAL z)n@kB;}EShyT4zV#*Ce5U4^IusX03aX~UB$hS1&3B7@1+PV_j$t2p`ON{I(V@#L$# zxeQTLqz6oNG3m}I%}L%Y&Hgl;(`c}pzI%`Q#TO0Ra z70i&XE76HsUd6)q2pixY7`^2kWP%v9y6zZ+%AGVLMDi7Xrz$i`HntDMrT^1!qnP|B zYZB|2lp2Y5p`px8=+@PVAtwXxru_;An8Ev73dD-Y7c}kWllrC~48j?l1oUV$@kVt^ zEBLyQx)grqJ(-c7sPd@pL@P~>PV0jUYcK8L&&NvMTk@^Ps+-YNfv)xToTRk2k`QmgbQ6i! zl8XA{(4H;U=`c@5hExZu{Ug6>W#G9f^Dj0bW#4`IZLQ-Jk+Lrb04MV`aqeARWpqEr zO$xST>pxvY%&uT2X+Rkz>p%OirWu@Ird!|5EF@9Qa zQyIwX?Tilga)5hpcj)L}qNv6hUMfRth&mmrBcVv+E}fiRF+05pYrZC|!JsF`FuNZZ z++T!MjPiRKeqbMrVg#BfY#+Ik}R-V=3S}VDH;AG zj=fHN2}jutB4dt71$C_Xa8I1EGoB3B%HAZLNjh<#5#r7J0432lIs8Q>QhBeIIAT8d z!h!~Fzu!TUSb#F$I9G&MQjBh?g4W*0L=D9Ppb~2FyQTsOCGGvw!b!toq2HKuZl9**rdf15|4-Q$`f6w~j4 z#{(FfTwcpV6rH^GApqJGi(}+!`UXk6`5@1*idg2rUt{-WL69y;hh7-2Y&|AMP5+-H zht7#6690Ebz<$NO38NLt@=>O5aibG5)8;n`X=K$TJWg;$&xjso_4+uj)!(SDthgBt zr4~8LY8RDnA^S~JYK;v3Cy(!G)324%0e$WBF`&?$_Q{RxA}}3nnUi;(blD6(fP}RPb4ShV6E)YCoHLs`^xL zd+emMQ7e5{wE_9U^n~eIAKS#jkx$26#@g?%e@#^$_A;3hJC+C8>{u04FZN=0kYADS zDA89)lZu6yWtaru7?J6G2YZ`!1sZiJ#XPF)%{uhxxjoZ9X)aE zU>Ya{PJM`}7ZD~*hFW)Z!8B5$x zt$k=zxEzEOwLf!*wkYw961p|ODzFbc!~c3oz#K8{#i1pNP1^9FN$9yn36Dd?r*Bie zLMg1-0`eFF-m+$y`R&&lzSt$k_?EH<+a(Jqdw-v)<9o@I={q=j)0SG@BdMGr!Tfp^ zzfkt9e6*BDidk4{kjk$EooBVl_BQhcc)4(O84h`eY7vL#L_y8byfyswqk z*FLB`uX`(p#q8MKE9ly&m{qG_9;(~oHwpOK>uun(m$Sm0vyhm5k#MLMg9m%n-x#tw zi9}2EFVa!REB2DGbJ;4 z@#8qtEJqd-t>8Vd(H$$QFf2jk3{z!r>xKO64H6f)h}NJ^$d-_5!&ZPse5EIdoynxn zz(B_*^64b7gQ{TQikUM^q>r$WS_-<%ew3idU~-)Jo$_1^2B)(wfgI zZlx#s`A$+Vnx`{ll7@fpq<5J%Fo)^Ul362R{v0;g254Im*Gs2_0`=hQ^>Fz;?kha9 z`(uU6OU|lWvt*~&yg!G1QiOR6zII7HS2{~@Ao250`_b1(prPEtx{2QM#?FG~)GM>O#%K}{kAZNwi!RB|;!6CyD42pAAuZP^yVD7x!M)>Ua>9f>QK{vroW8R8#Z&=&F|is2J)t6${Vtwi8E&4e`0P| za>rv<@Z|uOcMos;y5$6Qzx@|+4y%zT6Xx=UANK3!-=Hmh$aJU>dm13@mBw6U+)Smt zMNhCIaysDHM_|l-*g3e(vQC$8(I(v0YSGsYJ$>!ny`o!6k>TGr%LHxc9S-sY;Ov?gHQAn2e15kEs2T)(8Xbq`VO0~{_r}w*Ed-WE_ z$SfhbCZw*Kk@@QDhkOCR43;I}d=zbJ%-`~5k4umU@Ekep=E0_fA(@NI+f~%=9 zz|NeZ+j(q0^~j|9Qi5oD>SUuiDUo%g?;*vUa|z2IjD(+Qe$T96)n5YAlgk=U*qRfi z_5uGAX?!>yOTyZC_6ta*c?aiq$!CmVFD+JGjo5o%|~IIp5-mI0l@K; zyADlX(+E)%T_YGRh9#P^@f1b#7}5ING4``<-U;jw`LZ*Gi53V%f&K`y6lUY;GM81u z>Zc^qPTRti;b#2CJ{6_owVQV;y7a;MBq0<<0N;Wk%$?;i1LD_m9O#gd+ib{>)^G}` zQPr*y(j>!8(3T)gGTdt&+(-SL8`6YC$OhASstQP7kqDKED#BRS2DO2v4oL5iE3bwH zsr070Lkr;!CN^X}m?59#A(cp%?D#pE&_1MftDlnSB0%taH1!Tm(w09B zG!^``S(q;K(@l8bG(k!+5vI%-GUmTg?b|fhP;_rF7Ow4vF=ezcS0Sj_Rs)x!^CZJF z)BtD+Qq`#y_<|ud+yS(O*k%69ZGAQ%-xN>(s`oOWRUxgj^*JDQJ<&b_@m_{}O18jv1}o$(oOH!?{!L-KSpaIDxC+ zuTIlC&fkY`g$sJyCLQ@& z-s0T8+T3lz>Z#W6hSXb@+gFvlWk_9hRSSMu) zE#N)1`8|;O4!`s4w@lxLvtNSLclh0Bzg8 zX$^KMmG`X4YoY?F>enW)A-+8_4(XE2E4~uND6dlqW4urig$v~&6JsUySvV1?>_ics8GbWIh`qx}PFCMo9)I!uW5wo(ZQ4HYM{|q!5BQ$sGb} zeLxyGzkn3J|D_1u^l+(5_lb@oR7(p ze&O|>KuDL(s%%!sZx7NsTi+*?pR$Sbhh~@De5K%q+cdCp>NaYmx*!$76F;bbCZr~~6I z^l(2FWZhikMNK9vy+gucFZ6It5g2}~T7^0=4nq&O`Dl!w9TFIm5dd{dkr_cy2gYaU z;mjSdu}F(-;`@p@(xvekh*NM&L&n zt<5S50i5rZ(7O4_vIISEHe@wCL)jA9kgKMGGSq=lD|$FZ)y;*jfFK?c7{Q{4+k700 zgt`>UQieJ(nne%ik7+U4$C{sNSW6k|z{nOo+~(t3f_6w?l#3qDlrT0H?-B-eK*Wm| z>P^JHR6}3NPzOf8l%U>R2uv8Q10!KvP;Vq0W@V^dQ89j~TMmr@VH#LigiHx)v9C84 zE7N?V2S&@dpx#*AOo+@E6glI9dSfv(%{wG8ipB-?#^Pz3X&o3*Fq^*YSfFN22M(^n1yfHje`;lO+IGzxDNKhn?4YfO-r!~Nvp$?4d z(Zjimd$$>Ljog<^l+PxFACxzfl)?!xXs5J z1@Vx;h$B7R=Hre)h~HCS^pPHJ^D#(4JR~p@Ne{RAc%-1y7#NkLhueH?((<%!5JR>S zrxYZq21YCC;Wi($6vRUUBbW4WA@NIV>yH6?V^|cE7iw25)4E`XLfshAcHqGJ=}2=RRWuoA5IC{!t}RvsqJPvUtpw@33XV!(;61+K+m}5s3$$#+Obd0 zJzqj;DX2rd5Z8!<3isp+cmoTIhSI~W5)-xbUTKz|0wbgJaJBJK)3T%IiZN2nw@hG^ zR1S4rtdtw-<>RFSUX#o+{7o?ixqNNHCrXAJ!zc<2ZY#fYp8iUX#q?+9<;FSuL&e zcpo4ei;X)Jwen9f9qJRfb|B3Xv|hQSeuebwRcl`k>QAL`eob9`7p+$>kKZb_YpUP7 zX#I&4!4G)-U#`^s%@lzYsxUxBPwhb|x}yldY!6g}A|iZyizrI6vX~{qB>FbgzDoA4 z9nxITooSsdWiQWsy`T150C7&_iPeNZ<&l5Qm`I_Q-&Fg98bxA_R^FugG>PFfGQ`Dp2- z_H{$dv>tBrk<&F$iva3Nlu zT(D6gSY1&)J>AfSg|js9Dp<5yB=`{w5Bg8P>mOLPfz^YB0}E$CU_Ta{E(2U(;i(4f z#==HPmtPq8CkNg%_L$%Lr z!*^5)8G9hK_QJ5S&^dC-IzRh@M~7OXejTjr_LaeA=+1HiyNMJF3oRvn5lF3yVNb8{(h8CAWMR z7LND3W-Q!}a$9oKcVThpaN=sj!tFS>CAWPS7G5Okuy8xlZOM(_g@wZluo(-tW8IeA z`dwH&U1crYj&@se^LJt4@Pu$-5#s;9CAWVU7J)n}BpzT(VE`^H0#A2He885%0@}mE z$)vUvCg8#%kVl2Y4{RxHz=cI1j|zz=*ismQ3yVM=6%t>trLcl3puv{^ka&YFg&DZ8 z2t3^(@dsN9J8)qUc)CO45w;YD;KE{+weZ9zY$+_kg@q$dp%DvDyuy~k6kJ#Y@~Dvb zg|M)N^?m6bScKZ60^%70!x&meV_7Wf;~TaV*02T^$_8>t5}Xn0lgv+q=QtQxjls3D zbjm|ArZC0HBscFU=ikEa^EyQo@_tKT5qj&{Sctc+6ppQ)(&0jU4IZX=JT+m%4A6NZ z^3>v%-7CW1FG^V8Bt!Hb#zT9wbM-ZVnZhGCs7YV;5t56sUYhYL7EcenwS8-_kf5kb zuFx;^>!f(fRX3o_kScMKDIR%OzBb}nyB#c6TMLSW_asgxmIQJwzm_SQWmf4ljYaA{ z24`uEm`(tzkH^}MMoZZSOIXOSuWei&wR=)HGB}wamSK{tgU!lVIMXGIG(aNVY6=+x z7b>0e6lTIZLTBVEnWAyRG8o4w;-`K=<`j&j0bC$0{AV@O18RCfmr zaWhq=fYcj?bf6}Q@;{*yl;w{Y8R2^jKqh|tI~mEIIN=w)TG8N)m!ZA~`N-Gv*lSfA zpiH{eWCUb%E8mvy&gjuxI>HY1(=Ny12sI%YdCTl6TBzHI-u!-10X!Fe|AQ$n&U z<@ocx^uW@7KzpKr_HFupw&?MH%WriX{;l0Uf*Bk^Cfe(Nt7!!sDbaq39NtbxlsOxb zdz3r5FqAP@pz@H4Jauq97Evs@yAr314f(Kd9LspI2e66=MGQc$=p+%O5y-*gcnP)` zfuTZkxK})#<}(cqYJcTsl zqNJ=U#CI$fey>U zqMjTG;B1e>#_y;qYNI)hvmQ&Lwk>w5ennUp0 z@#Tdoa3msX#W}=CZZ3l%$Tij;@S1g}GNvHna(|5UVbW(-pt8aN?A@xF`wKXW-ACdt z;M;F+aQf}HN8mRy7w~BEXl4DaG05*b#vi+#&R1Wl(k!~v11GowMSc;X4C0u{7=X7b zfj_us;M{WG{e5SeWhpz_-;cM% zdAKy1qlM10>zF?u$^fJfUP(`LsN~|RZ+S}5Jtjf|7Fw>lK2>c1IkNygVL5e%eKs8m z9x&|xoekA)xy~!A92LRP){c;+S#Bwr0W!~+20`heosPLoaD@>}4^Rk-N-w~y0K?h1 z;@jgQgbr0~lPQUEnOaGHoIP++meYXmm5g?7998;BuChcx?4Mr*L>B}`FJa7g zWL|!i<-fin5fV;h`j>vEbB%5#F*uHIB}0hFSjcWgE{YkUNb_H@D0WpIb(hq!-n)E5 z?&IW^LYC3Fpp`y^`__>8U#O?C?MZBV1k<^;pCRknf#I@dxDDkXaRD&XE6c(qlDlsGs#{8c_T+sP1xgeS)!8I3*f2< z@2Etk|D@(54Or}AC;O$kRKFAD4 z1x5vN`evJ@uoum?i#iYS_jBD4pn-nd*ueVb7-=bU3oh>#8@bAB_5 z(j%3=VVmw2{$sy1YWeS;ktv{{k=$jR;V6D=SfGTBrPDca|4`-&T90x)tBn@s3Aar- zH7DGAhZ+VP!X;}3JBMqnLux9SB-x)c)GL7P3A8oIl()@baIt@LG2nYTSLJgFSeQLU z$w}D?j8OJ~@}hT&K`Uu!kF(|n6vzDkx?%YNHpU`B2S0^kjJ=AGdHMR)kFQT(zB~Kd z&GqrSA1;o694OgO|8jD1e)j6dZcv0!IIp-pkdX-zwaoIna7-vg`1H-$_09R< z?DXAFuLn1;jxW!K;%=1IUvN8*W5B6^k}+Kf@pTV~>Q@}@EH)yXErY!Dfm}|$ve|#J z5H}ZtHaCa_xR=E&m!AeGvr4I1J449nLQ$2kIGK9ck=r+~3TB*@zy0lRMj5G`E<0?u z4}QQ&R7Dq#$lL}&Z?w0DCS%bpjMdsVm@JUgOG(t@J8}OjJzEbZQO_#L#z}K5qd5!N z%a**9YQtn*R`Yhr3o@y}_T*pY_#mf2HL4h~ zU2O&`M8JGU^QEiSo1!Gs7D=oat2C5;!$5+#G6U&CA1Xoqig9}gc3{ki{za-j1C;%Y7Q-M_ zbXT>~z}a4+`?f1n@fa(``*_g@zw+*U+iSC+VgJ?F=Pjlz6MhGKfRULDKDVBW(ikpK zq^y&4xmWh)kta75sHz!4#ZvaDMDH546?h$!NEQ7Z^T6C^%DrKJ^p;+!F zNeZO67{}wNY6I1c3>#?4=;?iqczbm`82tMB`t*0OW41BZ?)$gbXIB^JC&z=co1f2q z`+ZlNP+yS@9SLG^g-Gm;`G{pW)8?c!hGR4(am3XTV=9hfY0%=@Q&wX#68B}UWm(o$ zv1IB#xFO*1N&ldKpe}+L{JYpSk`NS0+dM<}{E+C;#h}Hlk%*kA49qYSJMXji2jiVj8)p6Vc9L*z@1D~poZEm6i5Z&%&G?yjvH(wfz;1)|ipHo+4gn~vbP zPf79eSQ=0ME`D-=;uzi`=lxMrHTN`KLV9~wan@G9fl#mSYK-$R`DFL_mJ&JZ~ zrl~%qhfSp%Y&sqDbq@%(E^)LpSDobpr6`F|G8PvE&Om}5_`wiIaSuG_XHy^5LwQus z)d5uI`aNl^FJ)5!qj?g=GD_l?6Sg2 zpR$Z1IOBK9-?>Z=Gw?qS`6xwnOcJQs_B&08eKjuoOF_s3NyxXa6Yz@MBT@DH@aZ0S za`5C}Pg3aqiB^@stqxfgFF{V>jNc_nGW&{UFq^X;x$R|Bp`vl9chz%{q@JcRW||Yu z<2>XyPyeOKC>|Y)LiGZ?6S07*jJ*)9UQ?MZeQ|dx0QLq?9KmJAG4#Cob`_Dn&Vc@9G4K zQlM^CKbA8HG45%u0o@SrUvlw%?!zk419(6bnWtm;tpBY4UaG5DdeA^|A92Yeg&7vl zUJFS)ac}Eo7IuAmx<0V<#aqI4uUued74gM*cb3=Q+ktQsh)GfwZxuNN(Pl82!&sky zo;X?i&-%}Lnm8;UWuJ4zx9Z)6D~jt3t7M>_u-)f`|Fa}~4;&kEt9*f%sWhe4v20fm zX$B0bmvb#n@)%`EJks96aYiVL`rs9L*aIVyO+iZWj0@e;V`EH`i2o%`8;~M{B`PDd zktn?1>8bOjT&BcUfDug9R*=h8?0+Szj5yy;DI90=&7~)ge16!IOgt1LR^-5vdd_eU zK=3xkBg%mkqZQQW`?t@gQs2!;ipN}<7fs(OUGOX3MiHvGPx|0eyyjR&2;)?8WEmZy4lYjOUz*3#s)pGqFn87;)m<)h{!r%a=@ZLCgg(+R* zg$sXL`TQ!40CaI8{i(g=lrlS{z## zX_FB%`)I-~)$%uq(?1Sa^OoNeX` zlT;MHH5Bh7={yC7bA}4FvNXHsrA=9V-9sJjYf~ZJ%fJ3bXPhd&adFuM>41*(Z1oovVLy_)BhY2Qf9dZ&qKQj`mlI$Pl_q$7c6@qyw)R`;R}{f$ zh75uCxm+7z;L9Hy41vlrYVV1o6m-VHJQ2Bog-MS@IxI;EO+v0yr%fE>ZDW8$&jR5&B*ngyKvUt}cetpmHlK`MDGgJl-w2 z`X_u_v=>3eq2*MJWBIe3%k|S_70XjRj);A(Z1>VdMK=_#O#%k+R@*z&juS^PC6U}G zh-!G88-Gk@BSQD@{>&upda9H5OxP8AuP_{|-KVK8A7Uc?a4z(B8Hj>29d4rA^6T-a zxPlXM?P8RYkl6vKecJ@sZVeiQKwN1E%YALQB5 zLjbP#_3dXbekMtRk}My)rm^-~3~4)q37nv)H(DGCt)`}_g_>x`B`ythwn))Y?t`Yj z)CR;G3U6=mSf-IZ0xEBsY9#E41@gUG8tM*5;OW7^!J+Z3Ho#VYNh!(5n8Zim=H$xw zUIrz}J~pLv4B1Cnk}91g5`qjzpv!Ngu4WnF0*_I`5SQB01;vwT2LAV$q>KLsPY#|u z)rR#>N3}EMzvC2+r$~>m2h?r{Px=R7hd1b|pSrvM-4W~_F2rRZ83<<5j~%@qqf}hr zLO;hM3NJS%sUhSw$p?_n6aWGar54>(D*&@jN0|AJ_V*ti9{Ny#*e7(dAIm0e|Kj}Q z?A73`_oRRDmrmywc^l>CGk%>*vx&&y1|Njm+=MDg04LyqVlK+<0Y+}K2S`yT!b}y( zFv+7~;yQ!TK=`hM?(qPe54zyx@!)*0*ZKAQ=BL-c+<;$?udk0^-JG8d!0T&p^7_^3 z`OW$3R|D|+2XOrAH}LcMtJ6Jzu<%%v1!vBrXv6bd%;Qt4QFDm^1*}=gV{=bdSS6_h=%lqmpAS3Wh8SdnK z|KwDKRC0wbrDTj4L#)r+{~vaTQ>}K2k~^KRzUr8NYc?d`9=`C2Pv#SH{`FnO_TLqL zjr}YQ661}U(WwFJ|8~pe+%yM>_}LIxB|&9`0r<&EaNFU0^jcc z@kgh_n{}>HHm6)w%N02@rpbK^)JkCJ( z4lTN%`@`$kUC@$Jbr{-~YF}y9;`M{LvB6eE87Q2Ka^txkKiA3lA-diygN!F{q+OFlWBGY z4mnLa7UG#MnzKnc?fifN4AUb3EarQG>%bL|&W8v~Oq-ue1x7;VJ?0R;~ITqKom1%k1F@eGNZ~K)~Jf!HMGx2N@6lu z{EU_$z0s*y0P{ORtGrhU};i(odX7rzAq@)1^wcO zyln+Aql>_E7gT{?{Z=Ygg7dQ@^SxqFv60V;DUZay-YKt-eCX)UERriK?t({<;3VSc z9v;{nN}c6|WMD^>pEroMTW$(cij(XXbZc$)e_~ye@|Ed~tF6ppzrI6@J@B<)Se*XV zMJYq{wdC!B&#Qh;PF$JT*ma`wI)~kCvAg`W-QKCRF7Z$2R2Db?_D<#UGDgpR`r12t ze>S&d@WEUE*f|c}ibpQ^z?G)l=wYilUag(1?MPX2rWS-O<1TDZ#xjm_lZf@PRpEcj z&yx0^F--H!Qo$CWdi&4e;gjdj%J!e(iV#+_7W0(zVTJ?-(f~y&SYw@6eV#4`z(Yvol(Gz$_Hd&jRrJWgq zbW@cek&={Rm?6V$N(ahEn9;d-ksZyW3Cj9mYbHxY_lxnYm1AgjkLU@RrH~@f{h!1B zlf&LYw<`De_d$O*A5h3Hpev``zdszI3?6oEvijOqmD*Klm7wf_&^v{A7?o6?t0jr` z-P*J&GP;G)O96_LN&oK8LM&{PbYn`AzmriQ(RAx=?yV6QR>Mf8o3=-u!dWzsLPm#R zA{{>4`lf zlqc7xp#&V$XbJkQzx7~>i*3IY={!B#quTM+xr%8Bq#aDL?hsDGgEmM=(IgM{UzUjO zzU`6mC%&~wlEGNyIy;_cgpFa0XdqRmDO^G#eYz|;b6c-@!*a?!snAM6j+4p${S(oo zfw+|pKC(7;4qpx?3$&=D=_2q<=A|goY&`8h{m*{qSOjs3Y6WO~=V|=_rC)CzuOESV zlHoXS@U;K5e<0%;Y>k=^^G3%#%6eQXVoxTRD^lBbKm74W7l7Q!xvvxPaj-Bm=T_+t zCg{B|a*F_36Z4!Z++Ig?!9i3?)tP%d~GK= zdz!s1BtjBuiew2$j<)gr?Dt>*kN{sLS$3SQxaV{o5gY)6!C>Zx!Jw`U=FwyTDB156yW!VYP-wyl(m5W4Wws+w!wILorRu-8Yz?E6qeCPS|Ye*ad=a}Il z0-{d)VUELiw9U|jMszZbsz&4a^97A+m9Nrht2G}C&bWW<%zo~AfB9GE`Op9N?qARE z?w+}5$6^oqgm`?#;V`h;wGebbe43=~b7N)yiO-VwugnFwMC{-HXpjFp=pFV7`0xH< z_h5tnKE|^c{tIgUdYs17(O7DpVxmKNyk71}W_QTwWOZ-=81fAY1=c6BobNbq86J@n zxoJDYAq~J7cqJ<6cG1acX=f=f#8hOJFDed+4Q${o9(s}emDhKHAw`!eRBs@*u{7V|EV2rM5Ppkk1VIaB zE|~kbI0`Dh*A}CHsZwT~v$yJizPbPK4BDu8dUA@~50Oq>d4*nGUcR}MR|dg+R2LZO zB*Q6iA)mj6Np76s_ucwRPn9WY{pfxuUrn3eWdaHAp`!UHq!>k%}F$ij@WO6B=R~Zg%y*TCyMJ6XvDRUw`Aywvwk`?$r7wsTvZNNV-f^M@8oGW+owC0Q2CNY93 zX&3F}sqs!A$A>NFDTxA-UQEMKe#JB>)oGZFNnX4#B{Q?Xc2@Rw>)-8n>gMbsQ`Tyg zVL}_fizx)n6Fe=>3{y_ju^V#&m^|{bc+*l1rwAvB7&q%zzjE5x|8lIVRq9%=+^FP{ z8bXI?$BYp+$aG*liflP4wA88?YSBpu;Mh{39ab~eC;vpa$TGE{!V!eAuWgYAAur90 zwTpVe{oKar=6UpIS^rPP^(^H8w)lUChu@U&|D&T#{*Om_mWluVJK$EF zKyp%{Ge{&BZ2<6So~Se=`Q67xfcV+Pd6q-eg#OE`xRNndOQvttMIQXH&e^o6vfCX9ias)dS$A!O8qxBl_axv?UUvDh9DKAR(Y&-|Ol?RLd295+YV%OEmkv7c!&-Qe^7L5TOTzQGGp62!j1A z$V4q83`nqmV$jhD7mA82t(-QIEq`VR+D=7;)PFA>Ayo>If_%cw!8(#Tt3}zUuDu8` zW1wyB#n1BswI%sl{=7K=ZF%-SICnGV4oJ#9nT$8h6JZ(25cs5NJ0H@{Fp*VUM(N`#=Y^2d=n z^yRaJ41Ar@+|2(VugRJX>=JFfwGv3&m%Yof>OW8+{>h#t^}m#u<J|52VL^#7}m30zb;Ru{M^G(%o*UaO`|9pmLi)KPf&7PN^rKSjwmGm@q>An22@ z!=eE?K7c>zQa}zND1cpx;kj4XtR!b$LdC${@l3K4isry2h@UMc^9x( z?0qF{XR{;nZw*9z(%0=G_iGoqzqqS+3TKQPPQ!4HexKry4ykZVk_0;IJMW344&}M1 zL$sV_M-bq`aAPIUy+-M_z-0ycnp4Wqj$+lz*H@w}AYlm^bbRN0Xy50P9kMWZPji3^ z_zuS?MB`O!n|Uq@mK;efC;DY3D_-FUYN^0Nd^cUlXOW5lSy*0;c4q95RP3cQYpeC^ z(hV$1p+!yByNs|kd&sRqXk4QFCCXyGD=nqbxYIKiOr14NRHLBiyqt>5lqF@EcPihL zmY!nag}0U)+GI`^qtb>M(^zT^(Kh0q&)P>`e83Sd-Nuer-J1ksc4P97v9(c)^V2byKyZF8qpbvv|BM{>M}j4!@=4x z4h+NHxJu8)5%Cc$19C@!a;^B~?w~#!we#DQakY7zF~0+!)Z7#*ua*9qM#K0%Hy~~4 z-phJ{r={UA&v4~@l(&ee8%V>sSlMrhyjh&7tHBE#g*)KQ+(-|-n{7*I$$)8J7OXw% z%<8IOkVX2mxc(?Zr~KWLORJ|2#22MLx2+)3thDc(@2tu1Bh$jtZT71znzHFvThwf5 z&H>&1YEz-8b#BOfA*FL;q=H>V=g2IrHv~ez-Hl>-48?Lo=GDhRUmJLnD5UiTeA+&} zZ}JTJp3Fsjaw;!)u%>Ortg%xrm*$QAg&p)+rYLIs2`7m@{$RwVing308U^HI(^t>3 zM%RaywoW!pqJ6Gq2YBNYrG%%H%!rUIIHMY-1PAK+cM>c#C-dX7a!17o?XnI#YnR!c zgUD50ZT|>V3C^+>k^gK6X*B3u73IF@zWb+k?0MZVVn%Q@g>m`mx-bTYz+qUR0Pl zh4GLe4k%_gJIyc+@{1~^X``_xHtj3yyzP8C@=6EP9Wie5hJG5UG&k}NV0D|MIw21g z*|S*)Z%-@^asp?oP)SOqg4#JBB3vQDqAs{DKEKlzmT@h6n!DRfeVI#x2K2JF%6$dQ zE2_zJ_kgfx7a7aCFk{&vaI}3x=8e^Gog7C>HjEi%#dSEJk{U0RtRz9lL1^Dc7g=5d z-PIYz#YvJgPbkcMx-#8p%^rKMHntz)K4F4pQx=;lz%(2LOUGD!FeSUieiJoEGp4G7 zm7PBD(IrfcaBj?&0=ra?&rn2e^-L;rR1Ke+_UayGuwx`UmpxuKP#+cKugvS(nKk) zqf<^p=8p*ffy}>8)h=A;C{tExG0E;%zLKPUbe`~_a7oxcT?Bil!8G;2G@+UaRe>z zWldS*;O-~XKRzVU!0fr%Z{u`k;m8?@a6cr0eVkZNv{Q3-)t!}krb96=jA>iUr&BG7 z+QiiC)2VcTjjnEnYqY3Bc+GQr#il?~jFmD1m3!rt$L3u{IvJU!r@A4A_p+|EK=o~@ zoago#H(yz3g~7k#Y1WgSFuo-z+7WBVS(uD5>UBEupRcDAlF|X{b*R)l){8VR;PGcv3i3BPQc6 ziiLT8OBuvXGeo({9VSg2y>cqIVF6E5E+)(Rm#Ut3>R_i*Ta&refnTUEXm+ZG%IEe0 zm-T(x3_d;jo{_mt8aA%+qs5q$(>%=I{Sa+eQrtd4XX$7<5v|!aKi@_Z%9uKirPQcz zGyZX`9s}uxBw|KwJ2m!B$6ReBqiT(v66jm_%;ss8(NKj8TPkH{v8(zB%&l_gF-lT0 zqw$oLy%KD?w`>ueAxpODjL)V7mYgJQb42&HAeieF%CZ%{N%#7+o@Mv{d7R=AS?l@l zUhlYg|JVM}CjZytJj>_*GPAf`NpV1M=C4w>DtQ@*0{OwSEIs3ZRPV+a1@go~%@J{h zs&a@&y?{2t#*abVw_bYXOkBks9hEkv^qF~wrCsA`^GA)Fq@Xv;U#V9+V=w$4TLDw zQGeBKhWf7KSJCVpPW5HhMo3MT%5D*}Z1t2%6a0XqaQ zFeBfWK81}2ub51*Sckc0)Kbgy2iBF?L2|FcN1Y1$82*`WThvmi3Dx5HN(`{NT07+k zwvJrmUTzjWCI7Y56e|(V0VdHKwXkog^|4qDjR@hn0imB1eYAS{B z8FajgJ=#Q`!b!=D5_vF(M4YAy9gl}-`zyAsAVowYq_6LP*1Q>8KuLEryqY)0mJs8` zX&oYJ0jD!Det9^8`~)bX1{hTW^qPl8AczIgqc~M16?h3#2qFMO6vdIJN-rXE^>GV@ zP`(>7@7Zz)0es6!qE%lp0917!Vsf%~DVdR!ksrj5uqOcjRHbYwGm91nd9@e{zjDvH zV?`|(;!ubl^~>AljYzwibm(aqqMPTlJWJaDw>XVxG+NFDXvKfKCH(iB-p2lalxGS1 z|GgZ0g!}Q7s|&xn15#FYt|-=AH+K7al96LgvP9tDJx z0Ve_45jMDSRm9!hiTFj7xx4G^B4uMl+1*Dnp{ERw3Fjy!qMIaAA+&fF)1b_4bvI-J z7gR!UD2Zk?jU#z*3XW&g-$0~zLsF(MA%Y-Y$kXJhT0BvUXOwgd>|(QK{D(Zt>3<`X zZSR)>W(-F`irW^07X5$J?Hw2N|IxwWX8-R|o+b3Ziuxnyg&z1kWG25d4yW>(+R_z| zi^N6dB9#%W1BZ0t=PYnjALOxJgvG)$>=S0HoD9jxJF73DNQsKe&@oV1t24ZVd8)Ot zUL8?dbvnh*4yWWb>0`5)<=@7sV5^T_N;mIB_P2J8T$H(n(^)wFR^h_r6cowQ!Agss z3in-zkStrE5cJF9okF}#;Du&3UwDxJiQWP&MqE*X8K$p5(8~$7&ylz{=a^S1{t~!=E-+*b? z0g&S)DczT<=~jeGoAJk$;l~XbSf(FoNO3wh4hcz28?v&{(U@zDElvw(ejAlr>r~O1 zgBsM;XHXlh&9)FVKX0NTF~zX|oTi*x#dEeA;4VZWG?84G(7Fa*&D^{z%Z(g~SjL%oW(xp5;{kPwSu|P*GwBmyrxA8KLd5!Cs8n0Zd)(Sde`PE@2292rux%K;Y_qF-^ zOOk|i03uS?opOmX)hFr_7e}eqEw&2QyT(dJJTb&;_KvL<*u8;9nu4;*Vf>Q7Re8vE zV5E5mrPYQ`Ilz70AcW?0naOK~A&T+#X7}XbalvF((5XkIp zJrX3FeNQaNtm=UPp)z}y1BBG~YXO98S~Y-BGmK-CsDW`>L8U^c>OrNa1_-^x9QQFR zejlix9}7^rBKlxQ8A_7xS}C1P`S?{XD+ZlRE^1&X`1w`6m@R{sn5}5>MIQkDk{E>9 zgeM7$DOL9;fW_no<|MmMtr?wmFb4{8!ix5!FgZr}0+3v;mfFBLRdNBL zm*qW1xR<4sUn2si8nVIO7Bx23hrNOE)nAL-xInvC!2}f9FB^MPomgVrSH<3HsN5HO zQ)Hhw_O>uWQ)fXxBto-hKc}`2Z7_{7p;mxt9uyL7a!J12p}9XUs)y|1ana8W%{!R)tr+oTHD={_FO$k9+G`W-Rrc^eq}gEh6TdFw-(*0u1rw|Ny03y6N%7!!11;n7|dU#g^WUvvqGK5=YmVGyIKJ7TJRiAs{KS|8^C?)M6P)qz*@3@5j935}Y z|2@vL3jT8;2mT>IAVa2}3=)*LsU8l>%iIqWGU|F5V5pkGOQAysiF>Ajsi0H|5oO+G zR^D{K+Nla{uYYAZ(9u$d;VU&n7gg6*39R_`V)Gf%lyb33&eps6<>K{zZN=PJQ;L~# zD{Od0amX0RrKHdt#eDQ^9HF9$;&?PLds#rCQ8*VGfro_`ntS$?fQHq~=YR}oK(hPi zh-jEt5!Gcus+~=1URl_tjQIM7BP$8_4VioK(9`dl*0q`oB7Fp@#6`>dBx|j_g_}mI z)p`jlDDm1wrMU;TIbCpKYVK63EM?SVh^Lg4fP7rwE9-jZD%tyNSX287x*QVGPS05A zB%^At`d&gniaZHW2RAWdTyE_g3bZs5W5?(V@Wpr^#iCGP_Y9Mq^ zX5|6T4lwZpf+6d54;JpxgJ_Su=-X^Vv|WRMtz4d(4RVXj zIhK@6M*B{us*lPgqgv4}twPl`K7b}Mjn&muiEZwF!BSk=pY>@slhI3Rx+2vUQftS^r{81~)9*g#ms;`+?#%(;Q{ep3@3k&PlYRYzFl0 zDe4_|79NR8v*RA}UrEmZyUdkGD|LJM+F8Qp>d3Xwt+BmC1?nEq71xepYn#mvI;^YS zoUuZ@TPEY@_Mg7==N|sQxzIJD04@Ii;qgJy|3CU>|7hd?KgP3)`>)(#Q3f3SJ}LY9 z(sqaPFtK06(XiVU%4Mf$@@2RD!cT6Uub%}oC=%W9D0daUlT=CQU!pw-bxk)n}dq4;w=39ZwPxwBV;r{rcu zEuK@9xGQeFGrR=+H!`lcEaV2-P+sE>PCz^>1iDtSe;pP^%x!_+Q4 zj7Fo9yO7JUpAB@aU!*R@ueeWoG4nQ)GJVH<<7{v5Q*B?|;uQt0Q*tu*%(A&PZ2Y;I zG>7sA}uF*dONESUzzylfj%S=jp?i4Z0Rc~g`XI$OkN@-H-ju{x0 z>zcTe@8-@=M<2p8ekt#E&r18;&t^C~F)F5mTFR^{N7wPIX!Z`LW{_k}GjbmWUFYudKo*greexmt5b0>duh@sE!qbtJ%a)6g zQylO+HGy6>0wBq6f5o=TYAw5<83zH{_B>%033u!CnJBKbfM^Ad0$+GxxoG60Z~Uei zSmMOf@M{*a|NSuuCv+6WDOstG7W=<@v|qgcw|j8-&Bp$JjAsj7U@kNj6S6G_Su8sd z>Q8AH2rZuA!3`b}<~v*HdQ2H&({a}-DLrDzgLNQy!l5#RA&Uj1?<7CC1Ny#T31?_OM? zfTqmxN0jfue`WI>zyI%a5B{rv7?1YEfAl}uEZWNn_3_|lnt<=aoaa8fO`PX`AKy67 zeLhK?=l{>yLho=&<0(VuFJCdoPty1|GT@F+1A_NtxitRG@n>uh2W0OHLM0ZN|Cg`M zUjFpTp9Cw`(Q^LlsFeS^_s!uqoB97J&ldWQ@(53;o((_Jek!b%7eWLa=M4S)4-!u7 zpZ~Qp<~(61dwXJK@Y#4ThzD$s#|a&VY(fc?J z16MX;YYUx6JdJ}X>_a#XXlZGQBxyXO0bvMhrfW10jY*i0l%d-(9gNWcN5TdI{2xv_ z%t#m~C?dCNK+sfJ)>0fw0?^T`1e)Lok4Wk}&Ue;$S`~oG|M`b$pWq~6Ikg-0iyx5L zo|Kt@Bw;+C2kBjnE*RGEPz@I~OSd|C>=xnB#az)R#tt6NY+z z?=N3Fo+NPK@B7`a0FE#pC{x5G4O*NgaX0_DFtWf1ig$0H?Zd-iyK}Z6-0&O6UGDK3^@pqk9d-V`e-a8J?~;$>1+g1;AyX!Ox>I3Bf;m2@~BnPhr?@7V8o0qIj5dA+We z9v?VPG7ZCvIHZHtwgR(zH4pgpr7E%l60(c$PN^rzxI02vJTXEYRFi?bU{J#B`%0Nkm9x)_heD+R2aJ zV3til*6|%DApNPq?!MfkE3roQ1@=Se5Y6K$x{aq{fI@mh#2ZEkA|H8*5sij%I*~S( zRI$t)B)NMhWcw^aG-4b_1EPra$%(U-iKQuVTb2&B&A*RhCJ~Ul zfgHVy!|8;eD@h0erCoGB)UxM#?k+N`c@4VXb(PKyC==~uD3}X|4y3jgs|bxoR*PNF zbsRhx5XOFr1Jc&qGbo8Bagav<*S6cL=#t>zeM&ib0|UV5zgsK2qW>mK)bQVbr;a0h zgEqPs3U=$~0~uJ9vK6~YoVDo4LEo~5L-KVC8H_D3U<&~UpwV04(HPZcGW*I3?8(Iz zmim@nny{D-5K@Sn)!E5hQNJPcpKv0~sFNZs^?PPfNty{62+eat=AijuArNmOqh|4v zMs~PZZLzE48q-9e5yGnByNJaTf;gQJCJ5Z(2qxu7e9dD)J(UpxNz54S(~$DHtXA}% zj|oj#ksHFa(4)JRYw|tCEBM{>ylQ(;abe?{>@=~q&@axeuHL`7e3`vK z672gvjVC9@k4P~ZBEW|Bn+A62(UCn?$ZaVtLG_Wp;%0$e^vbB`U{ZufEbY`eV`c5N3; zLfaOpcklgM7@PB<&`85L9f*}PX4#&)I;jnt0zzleFa+BUR2dFQ%30Yr1yvk|NLasU zGFO{0fLs>_>eO|23%opaU6AvtXJ=Qk009nZ+5Pg2x7*hTx@ z{qC-Gp=bLV6-Kw1A#g#2do-jGWn&WLF8+w}@w5+six6G~#B4E+`ILF_(Bos`DS)-J zi};u_G{L{csYZ5$t0zPLnCP%FV6vU|!5Bv)!o=zrQi)}V_c>Ca<`_5#JQhkJPLnvr zTpF^)5xk)JwTK*5)Oq^h0{RU6&cH3 zz4_5sTKWAL^Q`T+BqfL{NQbC>*dibPm*aToA|*2brqz#3@`Ez7!&64kueL?@E zr#w*W9dLUGI1)k?ph*lo%AH-@kEe288SVO2?qvIphu#VRCsMmlV}G+iFALpvHctv3(Ng;*nvP}%urt#?{OLsA<#HX#<)*7 z9l(qN3wIn(;t`3682MW~mv*pN0mdZ5a}8`v$=C}atN}??AS~?iO!aJ+6NP4yB&6$H zK@G}smSst?BpRmi1YyxNDT{GL^qQoxJ~eZ8fgT$Rmm%8bXed+{j^>CmHYIHFDy5CC z=8+OqHXspBX)F|k(AjFF6zF1p9mIr*>b1(!^ASgLF_3vP@?L3Cl?%``3RH0US%L>+qABbmeGX{f@1h-1z*Vo@&R-oNHWNGt z2^5MKh971&`8Xg6%=|$-NkS^UXT54D629|KMIi2T43k~7QZI9=6vEtbfEy=!d$+f@ zK87axaXQ)yWf8Xb-<@5ZU+p^Y&#(XS=Iu3l ze|C9!_WJt#)fIYkiC(;U{qp?!{LSkt^yYhX_WGabhx6AjcM+iy&HE^{CKC;$6Ij)K z=ZX-ka*c9HJeCenh@;UIj|dvYGm=KIkxkMGWpbIsQQ(AhLb+0grSAA&&?fHY**u$P V^Q`dv{{R30|Nn@koA3az2mq?sD=7c~ literal 0 HcmV?d00001 diff --git a/helm/gen3-workflow/templates/crossplane.yaml b/helm/gen3-workflow/templates/crossplane.yaml index abb04947d..6de4ab75d 100644 --- a/helm/gen3-workflow/templates/crossplane.yaml +++ b/helm/gen3-workflow/templates/crossplane.yaml @@ -79,7 +79,8 @@ spec: "iam:PutRolePolicy", "iam:GetRole", "iam:GetRolePolicy", - "iam:TagRole" + "iam:TagRole", + "iam:UpdateAssumeRolePolicy" ], "Resource": [ "arn:aws:iam::*:role/gen3wf-*", diff --git a/helm/gen3-workflow/templates/secrets.yaml b/helm/gen3-workflow/templates/secrets.yaml index f9cfbcc1c..f8fb0a0f6 100644 --- a/helm/gen3-workflow/templates/secrets.yaml +++ b/helm/gen3-workflow/templates/secrets.yaml @@ -45,7 +45,7 @@ stringData: # EKS CLUSTER # ################# - WORKER_PODS_NAMESPACE: {{ .Values.funnel.Kubernetes.JobsNamespace | default .Release.Namespace }} + WORKER_PODS_NAMESPACE: {{ .Values.funnel.Kubernetes.JobsNamespace | default (printf "gen3-%s-workflow-pods" .Release.Namespace) }} EKS_CLUSTER_NAME: {{ .Values.global.clusterName }} EKS_CLUSTER_REGION: {{ .Values.global.aws.region }} {{- end }} diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index 473dbc25b..e1c2b364b 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -389,8 +389,8 @@ funnel: - name: funnel-patched-config-volume mountPath: /tmp - name: secrets-updater - image: bitnamilegacy/kubectl - tag: latest + image: quay.io/cdis/awshelper + tag: master env: - name: FUNNEL_OIDC_CLIENT_ID valueFrom: @@ -423,13 +423,13 @@ funnel: echo "Patching values..." - yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = { + yq -y '.Kubernetes.JobsNamespace = env.JOBS_NAMESPACE | .Plugins = { "Path": "plugin-binaries/auth-plugin", "Params": { - "OidcClientId": strenv(FUNNEL_OIDC_CLIENT_ID), - "OidcClientSecret": strenv(FUNNEL_OIDC_CLIENT_SECRET), - "OidcTokenUrl": strenv(OIDC_TOKEN_URL), - "S3Url": strenv(S3_URL) + "OidcClientId": env.FUNNEL_OIDC_CLIENT_ID, + "OidcClientSecret": env.FUNNEL_OIDC_CLIENT_SECRET, + "OidcTokenUrl": env.OIDC_TOKEN_URL, + "S3Url": env.S3_URL } }' /etc/config/funnel.conf > /tmp/funnel-patched.conf @@ -476,6 +476,11 @@ funnel: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries + resources: + requests: + memory: "2Gi" + ephemeral_storage: "2Gi" + mongodb: # This overrides the default mongodb image used by Funnel which doesn't support ARM architecture, # uncomment this if you're running it on an ARM chipset machine From 8414d5ea382558f7ae1ffea8e99a4bffb3dcadc8 Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Mon, 22 Dec 2025 18:29:57 -0600 Subject: [PATCH 10/18] Fix lint changes --- helm/gen3-workflow/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index e1c2b364b..ca37e3ac2 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -382,8 +382,8 @@ funnel: image: curlimages/curl tag: latest imagePullPolicy: IfNotPresent - command: ["/bin/sh","-c"] - args: + command: ["/bin/sh", "-c"] + args: - "while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json" volumeMounts: - name: funnel-patched-config-volume From 9010bbbf65f8aeab25bb4786aaca0eddaf38f149 Mon Sep 17 00:00:00 2001 From: Ed Date: Mon, 5 Jan 2026 15:13:46 -0600 Subject: [PATCH 11/18] Made csrf check optional for extra services --- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 2 +- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 079015239..01350ba71 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -104,7 +104,7 @@ dependencies: repository: "file://../requestor" condition: requestor.enabled - name: revproxy - version: 0.1.49 + version: 0.1.50 repository: "file://../revproxy" condition: revproxy.enabled - name: sheepdog @@ -177,7 +177,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.115 +version: 0.2.116 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index ad1f505a8..42c007b34 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -49,7 +49,7 @@ Helm chart to deploy Gen3 Data Commons | file://../peregrine | peregrine | 0.1.36 | | file://../portal | portal | 0.1.50 | | file://../requestor | requestor | 0.1.28 | -| file://../revproxy | revproxy | 0.1.49 | +| file://../revproxy | revproxy | 0.1.50 | | file://../sheepdog | sheepdog | 0.1.36 | | file://../sower | sower | 0.1.39 | | file://../ssjdispatcher | ssjdispatcher | 0.1.38 | diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index 358d44cbd..d5b1a3597 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.49 +version: 0.1.50 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index d90c5e3d9..4e94c938b 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -1,6 +1,6 @@ # revproxy -![Version: 0.1.49](https://img.shields.io/badge/Version-0.1.49-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.50](https://img.shields.io/badge/Version-0.1.50-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 revproxy From bfef9b83da7f9e3dc57f9445494229fe010ba43d Mon Sep 17 00:00:00 2001 From: Ed Date: Mon, 5 Jan 2026 15:16:50 -0600 Subject: [PATCH 12/18] Made csrf check optional for extra services --- helm/revproxy/Chart.yaml | 2 +- helm/revproxy/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/revproxy/Chart.yaml b/helm/revproxy/Chart.yaml index d5b1a3597..51cb1a41f 100644 --- a/helm/revproxy/Chart.yaml +++ b/helm/revproxy/Chart.yaml @@ -25,5 +25,5 @@ appVersion: "master" dependencies: - name: common - version: 0.1.28 + version: 0.1.29 repository: file://../common diff --git a/helm/revproxy/README.md b/helm/revproxy/README.md index 4e94c938b..e5f503049 100644 --- a/helm/revproxy/README.md +++ b/helm/revproxy/README.md @@ -8,7 +8,7 @@ A Helm chart for gen3 revproxy | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.28 | +| file://../common | common | 0.1.29 | ## Values From edbe1cafacdb45b298d1478da7d676332e303811 Mon Sep 17 00:00:00 2001 From: BinamB Date: Tue, 6 Jan 2026 12:31:15 -0600 Subject: [PATCH 13/18] Fix AWS Batch Credentials --- helm/datareplicate/Chart.yaml | 2 +- helm/datareplicate/README.md | 2 +- helm/datareplicate/templates/aws-batch-replication-job.yaml | 3 +-- helm/gen3/Chart.yaml | 4 ++-- helm/gen3/README.md | 4 ++-- 5 files changed, 7 insertions(+), 8 deletions(-) diff --git a/helm/datareplicate/Chart.yaml b/helm/datareplicate/Chart.yaml index 5db972724..f3313fd59 100644 --- a/helm/datareplicate/Chart.yaml +++ b/helm/datareplicate/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.12 +version: 0.1.13 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/datareplicate/README.md b/helm/datareplicate/README.md index 960a459ec..3ea02ce0f 100644 --- a/helm/datareplicate/README.md +++ b/helm/datareplicate/README.md @@ -1,6 +1,6 @@ # datareplicate -![Version: 0.1.12](https://img.shields.io/badge/Version-0.1.12-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.13](https://img.shields.io/badge/Version-0.1.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for gen3 datareplicate diff --git a/helm/datareplicate/templates/aws-batch-replication-job.yaml b/helm/datareplicate/templates/aws-batch-replication-job.yaml index ea8b3d630..f6d634f6c 100644 --- a/helm/datareplicate/templates/aws-batch-replication-job.yaml +++ b/helm/datareplicate/templates/aws-batch-replication-job.yaml @@ -72,7 +72,7 @@ spec: volumeMounts: - name: cred-volume mountPath: "/root/.aws/credentials" - subPath: dcf-aws-fence-bot-secret + subPath: credentials - name: "setting-volume" mountPath: "/secrets/dcf_dataservice_settings.py" subPath: "dcf-dataservice-settings-secrets" @@ -80,7 +80,6 @@ spec: args: - -c - | - mkdir ~/.aws echo """ [default] region: $REGION diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 01350ba71..79cc45032 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -44,7 +44,7 @@ dependencies: repository: file://../dashboard condition: dashboard.enabled - name: datareplicate - version: 0.1.12 + version: 0.1.13 repository: "file://../datareplicate" condition: datareplicate.enabled - name: embedding-management-service @@ -177,7 +177,7 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.116 +version: 0.2.117 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3/README.md b/helm/gen3/README.md index 42c007b34..d527eab69 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -1,6 +1,6 @@ # gen3 -![Version: 0.2.116](https://img.shields.io/badge/Version-0.2.116-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.2.117](https://img.shields.io/badge/Version-0.2.117-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) Helm chart to deploy Gen3 Data Commons @@ -28,7 +28,7 @@ Helm chart to deploy Gen3 Data Commons | file://../cohort-middleware | cohort-middleware | 0.1.16 | | file://../common | common | 0.1.29 | | file://../dashboard | dashboard | 0.1.13 | -| file://../datareplicate | datareplicate | 0.1.12 | +| file://../datareplicate | datareplicate | 0.1.13 | | file://../dicom-server | dicom-server | 0.1.23 | | file://../embedding-management-service | embedding-management-service | 0.1.1 | | file://../etl | etl | 0.1.19 | From 2a8607f59dd11fd05de7e96c19a75f206ad7cc64 Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Fri, 19 Dec 2025 16:17:00 -0600 Subject: [PATCH 14/18] Improve gen3-workflow to run out of the box --- helm/gen3-workflow/Chart.yaml | 2 +- helm/gen3-workflow/README.md | 12 +-- .../templates/jobs-namespace.yaml | 8 +- helm/gen3-workflow/templates/netpolicy.yaml | 2 +- helm/gen3-workflow/values.yaml | 83 +++++-------------- helm/gen3/Chart.yaml | 2 +- helm/gen3/README.md | 2 +- 7 files changed, 35 insertions(+), 76 deletions(-) diff --git a/helm/gen3-workflow/Chart.yaml b/helm/gen3-workflow/Chart.yaml index f962a6979..c6f00f359 100644 --- a/helm/gen3-workflow/Chart.yaml +++ b/helm/gen3-workflow/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.7 +version: 0.1.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/gen3-workflow/README.md b/helm/gen3-workflow/README.md index 075edfdb1..ff5d158b9 100644 --- a/helm/gen3-workflow/README.md +++ b/helm/gen3-workflow/README.md @@ -1,6 +1,6 @@ # gen3-workflow -![Version: 0.1.7](https://img.shields.io/badge/Version-0.1.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) +![Version: 0.1.8](https://img.shields.io/badge/Version-0.1.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: master](https://img.shields.io/badge/AppVersion-master-informational?style=flat-square) A Helm chart for Kubernetes @@ -47,14 +47,8 @@ A Helm chart for Kubernetes | externalSecrets.gen3workflowG3auto | string | `""` | Will override the name of the aws secrets manager secret. Default is "gen3workflow-g3auto" | | extraLabels | map | `{"dbgen3workflow":"yes","netnolimit":"yes","public":"yes"}` | Will completely override the extraLabels defined in the common chart's _label_setup.tpl | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| funnel.Kubernetes.ExecutorTemplate | string | `"# Task Executor\napiVersion: batch/v1\nkind: Job\nmetadata:\n name: {{.TaskId}}-{{.JobId}}\n namespace: {{.JobsNamespace}}\n labels:\n app: funnel-executor\n job-name: {{.TaskId}}-{{.JobId}}\nspec:\n backoffLimit: 1\n completions: 1\n template:\n spec:\n restartPolicy: OnFailure\n serviceAccountName: funnel-sa-{{.Namespace}}\n containers:\n - name: funnel-worker-{{.TaskId}}\n image: {{.Image}}\n imagePullPolicy: Always\n command: [\"/bin/sh\", \"-c\"]\n args: {{.Command}}\n workingDir: {{.Workdir}}\n resources:\n requests:\n cpu: {{if ne .Cpus 0 -}}{{.Cpus}}{{ else }}{{\"100m\"}}{{end}}\n memory: '{{if ne .RamGb 0.0 -}}{{printf \"%.0fG\" .RamGb}}{{else}}{{\"4G\"}}{{end}}'\n ephemeral-storage: '{{if ne .DiskGb 0.0 -}}{{printf \"%.0fG\" .DiskGb}}{{else}}{{\"2G\"}}{{end}}'\n\n volumeMounts:\n ### DO NOT CHANGE THIS\n {{- if .NeedsPVC }}\n {{range $idx, $item := .Volumes}}\n - name: funnel-storage-{{$.TaskId}}\n mountPath: {{$item.ContainerPath}}\n subPath: {{$.TaskId}}{{$item.ContainerPath}}\n {{end}}\n {{- end }}\n\n volumes:\n {{- if .NeedsPVC }}\n - name: funnel-storage-{{.TaskId}}\n persistentVolumeClaim:\n claimName: funnel-worker-pvc-{{.TaskId}}\n {{- end }}\n"` | | -| funnel.Plugins.Params.OidcClientId | string | `""` | | -| funnel.Plugins.Params.OidcClientSecret | string | `""` | | -| funnel.Plugins.Params.OidcTokenUrl | string | `"https://{{ .Values.gen3WorkflowConfig.hostname }}/user"` | OIDC token URL for the Funnel service to use for authentication. Replace {{ .Values.gen3WorkflowConfig.hostname }} with the actual hostname where gen3-workflow is deployed. | -| funnel.Plugins.Params.S3Url | string | `"gen3-workflow-service.{{ .Release.Namespace }}.svc.cluster.local"` | | -| funnel.Plugins.Path | string | `"plugin-binaries/auth-plugin"` | | -| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\necho \"Patching values...\"\n\n# Assuming we don't have any other occurence of OidcClientId in the config file\nsed -E \"s|(OidcClientId:).*|\\1 ${FUNNEL_OIDC_CLIENT_ID}|\" /etc/config/funnel.conf \\\n| sed -E \"s|(OidcClientSecret:).*|\\1 ${FUNNEL_OIDC_CLIENT_SECRET}|\" > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | -| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\necho \"Patching values...\"\n\n# Assuming we don't have any other occurence of OidcClientId in the config file\nsed -E \"s|(OidcClientId:).*|\\1 ${FUNNEL_OIDC_CLIENT_ID}|\" /etc/config/funnel.conf \\\n| sed -E \"s|(OidcClientSecret:).*|\\1 ${FUNNEL_OIDC_CLIENT_SECRET}|\" > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | +| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | +| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | | funnel.image.initContainers[0].command | list | `["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"]` | Arguments to pass to the init container. | | funnel.image.initContainers[0].image | string | `"quay.io/cdis/funnel-gen3-plugin"` | The Docker image repository for the Funnel init/plugin container. | | funnel.image.initContainers[0].pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | diff --git a/helm/gen3-workflow/templates/jobs-namespace.yaml b/helm/gen3-workflow/templates/jobs-namespace.yaml index 2203b134a..d1f5f9fa7 100644 --- a/helm/gen3-workflow/templates/jobs-namespace.yaml +++ b/helm/gen3-workflow/templates/jobs-namespace.yaml @@ -1,8 +1,10 @@ -{{- if and .Values.funnel.Kubernetes.JobsNamespace (ne .Values.funnel.Kubernetes.JobsNamespace .Release.Namespace) -}} +{{- $jobsNamespace := default (printf "gen3-%s-workflow-pods" .Release.Namespace) .Values.funnel.Kubernetes.JobsNamespace }} + +{{- if ne $jobsNamespace .Release.Namespace }} apiVersion: v1 kind: Namespace metadata: - name: {{ .Values.funnel.Kubernetes.JobsNamespace | quote }} + name: {{ $jobsNamespace | quote }} labels: - app.kubernetes.io/name: {{ .Values.funnel.Kubernetes.JobsNamespace | quote }} + app.kubernetes.io/name: {{ $jobsNamespace | quote }} {{- end }} diff --git a/helm/gen3-workflow/templates/netpolicy.yaml b/helm/gen3-workflow/templates/netpolicy.yaml index 1978641e0..9e539c387 100644 --- a/helm/gen3-workflow/templates/netpolicy.yaml +++ b/helm/gen3-workflow/templates/netpolicy.yaml @@ -11,7 +11,7 @@ {{ if .Values.global.netPolicy.enabled }} -{{ $jobsNamespace := .Values.funnel.Kubernetes.JobsNamespace | default .Release.Namespace }} +{{- $jobsNamespace := default (printf "gen3-%s-workflow-pods" .Release.Namespace) .Values.funnel.Kubernetes.JobsNamespace }} --- # Funnel needs both ingress and egress to/from gen3-workflow and funnel-mongodb diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index dc5e8c5c4..b03d7fc69 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -378,6 +378,15 @@ funnel: volumeMounts: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries + - name: fence-url-fetcher + image: curlimages/curl:latest + imagePullPolicy: IfNotPresent + command: ["/bin/sh","-c"] + args: + - "while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json" + volumeMounts: + - name: funnel-patched-config-volume + mountPath: /tmp - name: secrets-updater image: quay.io/cdis/awshelper tag: master @@ -406,11 +415,22 @@ funnel: - | echo "Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID" + namespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace) + export JOBS_NAMESPACE=gen3-$namespace-workflow-pods + export S3_URL=gen3-workflow-service.$namespace.svc.cluster.local + export OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r ".issuer") + echo "Patching values..." - # Assuming we don't have any other occurence of OidcClientId in the config file - sed -E "s|(OidcClientId:).*|\1 ${FUNNEL_OIDC_CLIENT_ID}|" /etc/config/funnel.conf \ - | sed -E "s|(OidcClientSecret:).*|\1 ${FUNNEL_OIDC_CLIENT_SECRET}|" > /tmp/funnel-patched.conf + yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = { + "Path": "plugin-binaries/auth-plugin", + "Params": { + "OidcClientId": strenv(FUNNEL_OIDC_CLIENT_ID), + "OidcClientSecret": strenv(FUNNEL_OIDC_CLIENT_SECRET), + "OidcTokenUrl": strenv(OIDC_TOKEN_URL), + "S3Url": strenv(S3_URL) + } + }' /etc/config/funnel.conf > /tmp/funnel-patched.conf if [[ ! -s /tmp/funnel-patched.conf ]]; then echo "ERROR: Patched config is empty. Aborting." @@ -455,53 +475,6 @@ funnel: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries - Kubernetes: - ExecutorTemplate: | - # Task Executor - apiVersion: batch/v1 - kind: Job - metadata: - name: {{.TaskId}}-{{.JobId}} - namespace: {{.JobsNamespace}} - labels: - app: funnel-executor - job-name: {{.TaskId}}-{{.JobId}} - spec: - backoffLimit: 1 - completions: 1 - template: - spec: - restartPolicy: OnFailure - serviceAccountName: funnel-sa-{{.Namespace}} - containers: - - name: funnel-worker-{{.TaskId}} - image: {{.Image}} - imagePullPolicy: Always - command: ["/bin/sh", "-c"] - args: {{.Command}} - workingDir: {{.Workdir}} - resources: - requests: - cpu: {{if ne .Cpus 0 -}}{{.Cpus}}{{ else }}{{"100m"}}{{end}} - memory: '{{if ne .RamGb 0.0 -}}{{printf "%.0fG" .RamGb}}{{else}}{{"4G"}}{{end}}' - ephemeral-storage: '{{if ne .DiskGb 0.0 -}}{{printf "%.0fG" .DiskGb}}{{else}}{{"2G"}}{{end}}' - - volumeMounts: - ### DO NOT CHANGE THIS - {{- if .NeedsPVC }} - {{range $idx, $item := .Volumes}} - - name: funnel-storage-{{$.TaskId}} - mountPath: {{$item.ContainerPath}} - subPath: {{$.TaskId}}{{$item.ContainerPath}} - {{end}} - {{- end }} - - volumes: - {{- if .NeedsPVC }} - - name: funnel-storage-{{.TaskId}} - persistentVolumeClaim: - claimName: funnel-worker-pvc-{{.TaskId}} - {{- end }} mongodb: # This overrides the default mongodb image used by Funnel which doesn't support ARM architecture, # uncomment this if you're running it on an ARM chipset machine @@ -516,16 +489,6 @@ funnel: periodSeconds: 10 failureThreshold: 10 - Plugins: - Path: plugin-binaries/auth-plugin - Params: - OidcClientId: - OidcClientSecret: - # Replace {{ .Release.Namespace }} with the actual namespace where gen3-workflow is deployed - S3Url: gen3-workflow-service.{{ .Release.Namespace }}.svc.cluster.local - # -- (string) OIDC token URL for the Funnel service to use for authentication. Replace {{ .Values.gen3WorkflowConfig.hostname }} with the actual hostname where gen3-workflow is deployed. - OidcTokenUrl: https://{{ .Values.gen3WorkflowConfig.hostname }}/user - karpenter: nodeclass.yaml: | apiVersion: karpenter.k8s.aws/v1 diff --git a/helm/gen3/Chart.yaml b/helm/gen3/Chart.yaml index 79cc45032..fbb866d57 100644 --- a/helm/gen3/Chart.yaml +++ b/helm/gen3/Chart.yaml @@ -68,7 +68,7 @@ dependencies: repository: "file://../gen3-user-data-library" condition: gen3-user-data-library.enabled - name: gen3-workflow - version: 0.1.7 + version: 0.1.8 repository: "file://../gen3-workflow" condition: gen3-workflow.enabled - name: guppy diff --git a/helm/gen3/README.md b/helm/gen3/README.md index d527eab69..92a3262ed 100644 --- a/helm/gen3/README.md +++ b/helm/gen3/README.md @@ -37,7 +37,7 @@ Helm chart to deploy Gen3 Data Commons | file://../gen3-analysis | gen3-analysis | 0.1.4 | | file://../gen3-network-policies | gen3-network-policies | 0.1.3 | | file://../gen3-user-data-library | gen3-user-data-library | 0.1.9 | -| file://../gen3-workflow | gen3-workflow | 0.1.7 | +| file://../gen3-workflow | gen3-workflow | 0.1.8 | | file://../guppy | guppy | 0.1.30 | | file://../hatchery | hatchery | 0.1.61 | | file://../indexd | indexd | 0.1.37 | From f765f790c54bbea47f063717d5adb77d06c4af95 Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Fri, 19 Dec 2025 16:33:29 -0600 Subject: [PATCH 15/18] bug fixes --- helm/gen3-workflow/README.md | 4 ++-- helm/gen3-workflow/values.yaml | 9 +++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/helm/gen3-workflow/README.md b/helm/gen3-workflow/README.md index ff5d158b9..8cfa07e02 100644 --- a/helm/gen3-workflow/README.md +++ b/helm/gen3-workflow/README.md @@ -47,8 +47,8 @@ A Helm chart for Kubernetes | externalSecrets.gen3workflowG3auto | string | `""` | Will override the name of the aws secrets manager secret. Default is "gen3workflow-g3auto" | | extraLabels | map | `{"dbgen3workflow":"yes","netnolimit":"yes","public":"yes"}` | Will completely override the extraLabels defined in the common chart's _label_setup.tpl | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | -| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl:latest","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | +| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | +| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | | funnel.image.initContainers[0].command | list | `["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"]` | Arguments to pass to the init container. | | funnel.image.initContainers[0].image | string | `"quay.io/cdis/funnel-gen3-plugin"` | The Docker image repository for the Funnel init/plugin container. | | funnel.image.initContainers[0].pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | diff --git a/helm/gen3-workflow/values.yaml b/helm/gen3-workflow/values.yaml index b03d7fc69..473dbc25b 100644 --- a/helm/gen3-workflow/values.yaml +++ b/helm/gen3-workflow/values.yaml @@ -379,7 +379,8 @@ funnel: - name: plugin-volume mountPath: /opt/funnel/plugin-binaries - name: fence-url-fetcher - image: curlimages/curl:latest + image: curlimages/curl + tag: latest imagePullPolicy: IfNotPresent command: ["/bin/sh","-c"] args: @@ -388,8 +389,8 @@ funnel: - name: funnel-patched-config-volume mountPath: /tmp - name: secrets-updater - image: quay.io/cdis/awshelper - tag: master + image: bitnamilegacy/kubectl + tag: latest env: - name: FUNNEL_OIDC_CLIENT_ID valueFrom: @@ -422,7 +423,7 @@ funnel: echo "Patching values..." - yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE)' | .Plugins = { + yq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = { "Path": "plugin-binaries/auth-plugin", "Params": { "OidcClientId": strenv(FUNNEL_OIDC_CLIENT_ID), From c9ad644eba14f69499b0138f2538f80be5d50c7e Mon Sep 17 00:00:00 2001 From: Sai Shanmukha Date: Mon, 22 Dec 2025 13:16:52 -0600 Subject: [PATCH 16/18] Update Gen3-workflow chart and make deployment changes to namespace and config --- helm/gen3-workflow/Chart.yaml | 4 ++-- helm/gen3-workflow/README.md | 10 ++++++---- helm/gen3-workflow/charts/funnel-0.1.58.tgz | Bin 85463 -> 0 bytes helm/gen3-workflow/charts/funnel-0.1.71.tgz | Bin 0 -> 86643 bytes helm/gen3-workflow/templates/crossplane.yaml | 3 ++- helm/gen3-workflow/templates/secrets.yaml | 2 +- helm/gen3-workflow/values.yaml | 19 ++++++++++++------- 7 files changed, 23 insertions(+), 15 deletions(-) delete mode 100644 helm/gen3-workflow/charts/funnel-0.1.58.tgz create mode 100644 helm/gen3-workflow/charts/funnel-0.1.71.tgz diff --git a/helm/gen3-workflow/Chart.yaml b/helm/gen3-workflow/Chart.yaml index c6f00f359..21f9075f8 100644 --- a/helm/gen3-workflow/Chart.yaml +++ b/helm/gen3-workflow/Chart.yaml @@ -24,7 +24,7 @@ appVersion: "master" dependencies: - name: common - version: 0.1.28 + version: 0.1.29 repository: file://../common - name: funnel # NOTE: @@ -34,5 +34,5 @@ dependencies: # # ArgoCD relies on this checked-in .tgz reference — if it's missing, # Funnel will not be deployed as a dependency. - version: 0.1.58 + version: 0.1.71 repository: "https://ohsu-comp-bio.github.io/helm-charts" diff --git a/helm/gen3-workflow/README.md b/helm/gen3-workflow/README.md index 8cfa07e02..a1c600005 100644 --- a/helm/gen3-workflow/README.md +++ b/helm/gen3-workflow/README.md @@ -8,8 +8,8 @@ A Helm chart for Kubernetes | Repository | Name | Version | |------------|------|---------| -| file://../common | common | 0.1.28 | -| https://ohsu-comp-bio.github.io/helm-charts | funnel | 0.1.58 | +| file://../common | common | 0.1.29 | +| https://ohsu-comp-bio.github.io/helm-charts | funnel | 0.1.71 | ## Values @@ -47,8 +47,8 @@ A Helm chart for Kubernetes | externalSecrets.gen3workflowG3auto | string | `""` | Will override the name of the aws secrets manager secret. Default is "gen3workflow-g3auto" | | extraLabels | map | `{"dbgen3workflow":"yes","netnolimit":"yes","public":"yes"}` | Will completely override the extraLabels defined in the common chart's _label_setup.tpl | | fullnameOverride | string | `""` | Override the full name of the chart, which is used as the name of resources created by the chart | -| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | -| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq '.Kubernetes.JobsNamespace = strenv(JOBS_NAMESPACE) | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": strenv(FUNNEL_OIDC_CLIENT_ID),\n \"OidcClientSecret\": strenv(FUNNEL_OIDC_CLIENT_SECRET),\n \"OidcTokenUrl\": strenv(OIDC_TOKEN_URL),\n \"S3Url\": strenv(S3_URL)\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"bitnamilegacy/kubectl","name":"secrets-updater","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | +| funnel.image | map | `{"initContainers":[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq -y '.Kubernetes.JobsNamespace = env.JOBS_NAMESPACE | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": env.FUNNEL_OIDC_CLIENT_ID,\n \"OidcClientSecret\": env.FUNNEL_OIDC_CLIENT_SECRET,\n \"OidcTokenUrl\": env.OIDC_TOKEN_URL,\n \"S3Url\": env.S3_URL\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}],"pullPolicy":"Always","repository":"quay.io/ohsu-comp-bio/funnel"}` | Configuration for the Funnel container image. | +| funnel.image.initContainers | map | `[{"command":["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"],"image":"quay.io/cdis/funnel-gen3-plugin","name":"plugin","pullPolicy":"Always","tag":"main-gen3","volumeMounts":[{"mountPath":"/opt/funnel/plugin-binaries","name":"plugin-volume"}]},{"args":["while [ $(curl -sw '%{http_code}' http://fence-service -o /dev/null) -ne 200 ]; do sleep 5; echo 'Waiting for fence...'; done; curl -s 'http://fence-service/.well-known/openid-configuration' > /tmp/openid-config.json"],"command":["/bin/sh","-c"],"image":"curlimages/curl","imagePullPolicy":"IfNotPresent","name":"fence-url-fetcher","tag":"latest","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"}]},{"args":["-c","echo \"Priting FUNNEL_OIDC_CLIENT_ID: $FUNNEL_OIDC_CLIENT_ID\"\n\nnamespace=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)\nexport JOBS_NAMESPACE=gen3-$namespace-workflow-pods\nexport S3_URL=gen3-workflow-service.$namespace.svc.cluster.local\nexport OIDC_TOKEN_URL=$(cat /tmp/openid-config.json | jq -r \".issuer\")\n\necho \"Patching values...\"\n\nyq -y '.Kubernetes.JobsNamespace = env.JOBS_NAMESPACE | .Plugins = {\n \"Path\": \"plugin-binaries/auth-plugin\",\n \"Params\": {\n \"OidcClientId\": env.FUNNEL_OIDC_CLIENT_ID,\n \"OidcClientSecret\": env.FUNNEL_OIDC_CLIENT_SECRET,\n \"OidcTokenUrl\": env.OIDC_TOKEN_URL,\n \"S3Url\": env.S3_URL\n }\n}' /etc/config/funnel.conf > /tmp/funnel-patched.conf\n\nif [[ ! -s /tmp/funnel-patched.conf ]]; then\n echo \"ERROR: Patched config is empty. Aborting.\"\n exit 1\nfi\n"],"command":["/bin/bash"],"env":[{"name":"FUNNEL_OIDC_CLIENT_ID","valueFrom":{"secretKeyRef":{"key":"client_id","name":"funnel-oidc-client","optional":false}}},{"name":"FUNNEL_OIDC_CLIENT_SECRET","valueFrom":{"secretKeyRef":{"key":"client_secret","name":"funnel-oidc-client","optional":false}}}],"image":"quay.io/cdis/awshelper","name":"secrets-updater","tag":"master","volumeMounts":[{"mountPath":"/tmp","name":"funnel-patched-config-volume"},{"mountPath":"/etc/config/funnel.conf","name":"funnel-config-volume","subPath":"funnel-server.yaml"}]}]` | Configuration for the Funnel init container. | | funnel.image.initContainers[0].command | list | `["cp","/app/build/plugins/authorizer","/opt/funnel/plugin-binaries/auth-plugin"]` | Arguments to pass to the init container. | | funnel.image.initContainers[0].image | string | `"quay.io/cdis/funnel-gen3-plugin"` | The Docker image repository for the Funnel init/plugin container. | | funnel.image.initContainers[0].pullPolicy | string | `"Always"` | When to pull the image. This value should be "Always" to ensure the latest image is used. | @@ -60,6 +60,8 @@ A Helm chart for Kubernetes | funnel.mongodb.readinessProbe.initialDelaySeconds | int | `20` | | | funnel.mongodb.readinessProbe.periodSeconds | int | `10` | | | funnel.mongodb.readinessProbe.timeoutSeconds | int | `10` | | +| funnel.resources.requests.ephemeral_storage | string | `"2Gi"` | | +| funnel.resources.requests.memory | string | `"2Gi"` | | | funnel.volumeMounts[0].mountPath | string | `"/etc/config/funnel-server.yaml"` | | | funnel.volumeMounts[0].name | string | `"funnel-patched-config-volume"` | | | funnel.volumeMounts[0].subPath | string | `"funnel-patched.conf"` | | diff --git a/helm/gen3-workflow/charts/funnel-0.1.58.tgz b/helm/gen3-workflow/charts/funnel-0.1.58.tgz deleted file mode 100644 index e67b9d0d790f457e6c8bb1deca6eae2b48187c9e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 85463 zcmV)jK%u`MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ%ej7KkAU>b@6gX1Ou{^78lDawJ{=H{qNpUpsMJp=Fo}J7u z2D?ELqh_NAKucz9?csMwEvOhR_a`5C&gW=xcVDC?8 z@Bp|pKBbVD|7q~aZPh#X2l?QF{z$l>EFYnpy&f(K_j7A+uy+^@2hm`-)k{f1@|5HW zC1TWzP{Q(*N+`Er`HZELnB;hpk+g?Uju*r|?;*rV!333zFGpxDWg$lWexg>Kh$mF$ zctPWYE&Aqr51|{2!*DTfQc98{iN!S{Z%ID)wCSgLoJpe%<@6C+Pt{ z!T!%!a{T~ptlR(l`;Gm7aCG!#|9_58eP7@I)}=EdRXJ-Wa%GOE#qf0TF` zQ`Tp5QAP<{6w!pTzByeHD#|RoU>Qx8BXpeI;-%;zL~|-nSS~Tm2^R_?LfhyfD`zxE z=Q)+gy@hv{G8Irlz%zt2Ix7)~!Wt6KMyTM?(EM&iPJI%#Sl~PznV$-Sr0{<9aZ&Uq zCC$>lX`zoxIcJ>yYEU-iSRoB6reHLoIp&n;3I;z@oDL(2HOFY4XJnos(pjI!c4hc0@ zEPvskca?LiN3EZkV%(M^RFsp9CNW8PjBnNGW1h^ZB#A6J86hEYp5lz5o)bbZ5Y zj*#S~9tzHw{6P>tLgX!86j}B30t=xyK>tmljwvBYo{$>ADb9qhE9kFegoe*)ug51i zQRNa&uq39{9w&m8JRw5wh<}ts*lA0Oa)bu(bwL)eP1LW9F6hc4Jwf;l)ktZ^^du{V zB>eoMhu{RhU|f#S*Moto%8Nw*{$}vaz?;dR7{4YQ{Reag+%V%vNXGGupq=qPnv}^k zk&k=knQANL^hS*xz7>(!@43zoUaCVKCkYYaB}>T&T@sxB#Hl1NalTYTl3^iU!TJ>Y zQ6gw05;ee_-B85|D5zpTP6So+tGER>j$_^aiGpCq)OF#MOmUe>M~u+UEtPZhjAiol znW8@#PDqO2;Y+o|PMRW%=R_7eyTg{y zCM=WbWEV|vIwO1+s;Sv0yC_}ec)`?5l3^ifvg_DCO9Co}up1xM!BVcnBV!59cF|la z`H}HmB(jn(c2O}AyJ*H~O7a=a$u3&pyi_ICdYoXH%y-eXJE(dmy0MY}tQ$3QqbBfH ztyyky*%6Q9P8?^uA2(pT=o(M2aqmnu2zx{yZIQ=NM+$zg_kzu4gsYd^NPVaI3}xg- z5m1zpNjcj^G@r6vL^x;aJb{mYyCoBpVlkgE%u|4Ob#DKxHD<26B|%DO``u0k;jOzCO-M zLHN)-L#R5;@FW@T?Y9)(YbiWsY=XHSo%1}&N=5F_)(KALBvPyvXW0nlEP_S8rRQ!= za7s9$IeJcH{{bFF z_8iZ=-JEB5ny@@433No#1!1LBxL)b6nypAnj7j#Rr3{42)L~?5O-4xTT*Q^wU)@oT*xbCxP51jCAa#Zq!X^Vy2oZf!-4 zlmP|wA9J}|Z%U11qcJ6hbu_j=P-{yS8ri*K&K%Ry`Ken&a&GjmchG;=>uGTlDVfq-P0pn&OLga=9Zf;Zj39PHxMH7#<^(2Wj&CS~qx#a9Qh-ig z{2;0(V|aQ}lmg@rUF7okWmRGqPJm~+;3Zx>pN!BTc4begxJIJD3F)Y!3V3z4(YG+6 zw-N9(NS3OXadVrBWu9pMzLf>}0d|evriY@}(=v}e&?aHc4=`fAsv zWsG28sX!^^B$13SRRap(Ddi&+TV28}nb ztm?vD28ZOSV&+&W`-F3S_mQ!gBPQlNY7E=9m8f)&B|`%}9GnOxZ|OBA)bb};s+N)} ztD&ZfY|?y|=?w_bs{KN&tV!Nd38%#iHmlE)s`3)QMU$mL5*Q8`AFnrNq1#RwSXY>4 zVh6D8dGY#|=;|smp6o0AZ-;`uZHb7Jgc%*vbrr2O^?u+aoU#UT1aMfgY zxj7{LJ@ta%8{*c7RvBnsUJ3Y`khz04VR=$=uDB#cpfZM2(Ju@5SD$znnBy!X*%imR zm@273pMBB&etO$ZtD}zUw9hyKSp^wkrT-ny(~NL&|4sL_;65_UjoQ>k#Xji?B>6>JS)nblEBbE_=#XsxKSSl;UC>}RY5lCf9eo)eY zlCFTIaomnjXEw{#BGE!;h03plvt2EA;VeT7yhM|XCD#fOqHs`Hsb(}{mGoq#*9k#H zC>lYvN5`(B8WUyEY#A|h+I0n-G#>l0eN5Uy(&8nAkCJ0>Naapahs!-6fk}P5EUm05FNNM$G zgx1AN1(efZGVisuMU(h(;Cz6a;%j4;%LswEd50qZtfSjdO%OnznzWYy&{LdNLCeafM37*@|Uw8&rhzP_`7#>igJQtC8VJNicIg`y(>7)sk%S@DsLMuXpim{AKt5 zUU&cYKTT-fpI|Z9KQEq*QS_>@DfM%th+2kJfh6So9Mg?`%#;6g`4TC&xViqSb*8`CWS+m;V3t)O zH-nqb`&TF`2wD{MJ_w@5VE)UEo$u%OG2I5}RM20EgZl8(J0O(Kv!8e7d3$@O3lYmYUHvu>NY;)Wwxvv)Vxgbt$OO`?KuSdjO!BOT}k zSpXYxFYHMLRxXMP?89$LP#ZnNGMOW7?>;f>KGgJEnezCjG18?QcV8CHz3y<=o?ZU+ zot=Zk4fjiW16P~(cfWD{&b4pbZS)s5(N{7s4GGRcdqCx!!2KFnOPHxy;9ptpE?&?p z^={|*^3`M2=K#(KZJBMQwsuOUTehwLqA261H3J~R7J%OBHY!D@RTpaePfAkscQ( zeQZfFLMcnG2@i~mkTaSap{?rq)_rcK@BQXlchl!OC#|`odG!}IImrml%c6Sq`#VE} zwWOB4zJ8Ppi2~o|YKaP??(CtefKyN3rS@OgM684`))p?uM%C?U@Xc;9)+<#R2jwLg z03tAOgMDT7#W5NaQdtvLt1zalpRz>sIhhhp@`Uu=jk;GX!UgT$4CCRG{sLjo`eUHsU1a1yrk0GdZ*Mfv~=$L&wJm*~2c z=xw7HEWujDLt-f;S;RefG_K5Xx6w~?DoI8KDB0nT#=E&Ju$&8YJEzIq(ikcb&N6nZ zNuRb!f?ERp@RV9B`v}E-g~fMQR~M#5XH+AZyP-68*+}cIjDq@>Ou!HpqvvN=)@CT~ zd7wtYZGl=rY7Os*$9@grE85ZiK=gY0EF15SDpHjC6zCpJm})nEHG`vjzU0&Q?QkD5 zrYS*ZdBT_ac6nz!K6{LW^|e4~JU(+K8l{kIK{&eL?1rW!b+ES)_w9@oEdaY}3oRt6jVN6-Sgo4c@dfP?>6N1+Qt)Q!$IEA$LzQEXZ-TH+o!$=`mbJJosDDp zR^DG5>-_)so*dNte-HKs2VeYuKgZ{aIsb*wSd=D2ANtvHR|yA-GO2?+kr|3W2d$;% zckfVqNiu>3i7Q$9!v~}!`e@4dE#@f_H%b59J4B7=iP1>Kia07zTPRjlz8(w)Bjedf zk~u?LKT<)ZwNxAKJ&6bLARdmii_mX9cK;qejs5@2oMZ*zB9_H{g#uW!|Mw3Y{{M%A zCtu?Ke3s9l9mTU@0F~TC+KJ&zS70GoKERmv=wb31B>LT`q~5JPPFD3yB0J@^^X!~T33yW z0?>|oKM@TZ%1hOP>ViNMlHgJhB-kQQD??|EnY&`(z&l&3LBKYC$J*b$8mqE2p8=2e zIPRTK5!Xad14(qS0-?uDKckf@0+cIQAPmSGY`ey_B8qlw>C_FSed&hN6zP1w$#7@F z!TAbMA3fcCJ}VsEAZQ@LvEc9w9^Mf-dqwxpBKl{sRfDA)-F$Vme+|~0H<@aGn9w$A zB4I+!>d>ViwnF!$LZNC#>pk%YS${WSxX^niJ8b=jEwuH^*4;M{L}$yq7VK> z$g3_g7Z!`n?PKkz*;&C(KJEgQd&J16Ef(mO`LeYUfX0me*5~ipl6Cr`fcf1l%1+jo3|6K}Wq(IMfL4RNGBov**vqo?y>u)A}P~g+5ift7v6I6R+3!Jomeqwe`k~58U7yHyJ!m+#VYhGI;;=b`BTGre{;I|j@`>pl%cIr%$D?DdFl zEHtUcZ{!xcIa+H3>a{A-a(m&#-LI2H#p79mG7YSgU{&zU2-~Sx#eWCxK=kxBJ zPyRJKbwz|UHcPcLKyhOgxj%KxS2vkA%SjR;&6?_MN_w-7c%m&JML`l1l{TXZ79((f zu=)}WVxd?!KSt?VsL0tv8VFt|)h7#pZ2%4-i>NVy2*TeYFVbthp8nh++^yg8NPSm_ zaShT%SL|E$DH!)d&}!ry$~Fk;*8{Iad+=JnTP=fQLmv1a-_`&ZMc??d>#}hoZffO4 zInkw86|@0;(O8=k6j zpAqRTuFlS$*umSZyLRk1>8%CUSWF}IJ_1D5lih2w+|>$z-REalyB9xP?Vg^!IJ-L2 zHc7g&Dm664hP&_|yq+?qUhSDzd%MHkfq6B-0DIrO+TR_h|7pMbo z^u~m=_8d~&f^x=*Hh4C89e81r5_{pFliP~UYi|^s%(Z*dj&23~j=X02)l+~6#F z_YTP-Lpw2qJB*(biMG1JoNqlwF?tU{#d3)bEZy$f|DM(BCli1*`~UFCQGNeE8Ge!f zKF{YPr8`fbWXvwy{b{gPx3nm?;d=K4Dp0)D?sqe1PVgS({z~qU|0Ktf%$6FU&Zcmw zLvHG*l=@o1e_~nj1%CTO?xLBF(9ng3B)KR#ctmAO2>e^H6#S>E;x^u>qKf(k!G<2K zppQ$gM7e?G`nS<51_aN5v!P4NT+$36u`JbrhJ~?!l7ug4u1akp>$Z(&(@dip*CRc1 zcawlOowTp5iV`85=S*srMjda4=q+X@-p~4IEnF!y20-+tFX5srr$5+6FCAw5Is-|TB zh8J0_cC}ZBgF9eA@|*Al$#1&aQ)Tba%=!nb6lyM%rTzG8IoLK;W-Gh8gV$=Qzpq>PiSqO9+MD*e&wswNa&t+t<0X%kFz`H#TERBXedRadIl-CW9|j$2)cIvBK8 zQTkeAG?SrV_oClA4JOgR7y&NxAB-XwZIFWF9xq&Td%V@#(`dk3)g_uF~_tALU-8 zYyTT_{(B(}fKy7DBQH#2Ns9XOoWvVB-{T0ODik-|YWbQC2$387KF< zzW%h4{^zi^|M#8@zWD!smJdXtl!WJyi&L)v$WMeOCCySun~IZbJR>5u##F|FN+2;O zS%zk6#e&5F&1bualMF-J{Q}Fm_Z;VGZyV)grlWlC6p*>lq@_du^f*SZok@j82^EB+ zjOHZn#i!$6#*%TOGmR}+j($8Dqm**di)U2!;jc!&7f*iWefVo1%x8V|$Nm&IdA|ZQ z!O3-5=s>r=>0jK;OpL>W4Tb@8K<+}pZ|Mr8~unmWu-vpr)Q!U7dq)-FQzHM zeO;WhzxU!Bk+78Xe>aExijUd#}X|82*{^`(nhEang=DWU{z|Or?VXWpa1ng|L_0)AHCl8Ho7GLC@Cl4wBGBz zN0*hs!Fy!FBDpv>z4v}d^7p|%>Ra!-WnT?Snhg~egM7MiEvj}G`c(y! zJ-M@>Nq4>33TP?4dL6b@SiJyTg&?PP+n%fHm|WMfm$Z7b3O`)F2n)8Rt@i5OkX)K{ z=6@ahZOxe%cFL6za4z3>kLXzFUc3@!!vQ}tbPQahN{9^$;_2bi1kNuo)t(wJEYs98x z-u#?*H8ws@U5)l-)yz5ka~>od{yATjZTRQ>lT!`oUceP z{Byo}ZsGO&qmfqlS=?;AIJMaVYdg@N99u`RNKFp4(Znm3lKA|zYXso+ zr85TylIi5BL02(DzTTs0#_;N*ns|1XbX{+9V!;Uug|$0dbNL>6<8$$By!pAU3U9nE zRN)Pnz-EGQ`)~~-xHdKT2E1QuR`5??0vqYTKZyx!<^lhVOrSq~tBAto#mPxVNiNsv z7^;HWmt0X1B1B!>auVI(n?YMEt2h6VzXHcL2X(Br!+B2ST_{Ib`-0}Pk80X}gKSf+ z1Jf+q+*(5)w)WF8yH;@|Cpejtu1#x-t8y2N*A68}qR}YIgnYGDnm2_nFHV|Z!^wk8 zYvTgfeW6ED> zzy6J2S6y4BMXsu~IavR7@Hgvp+~CcVV)MFnEhI!hgUfgmn^E*_*i3QiCJjEHy zNlUF#&SR6Jy^9YC%5ui!hGJ@?UQ<2aStkK=lou-pt$Qr&gw3ds_36^7oMV#k7~hI! zT^Id6AuR(FQu($zLeqMmXMIkqW_+iTj`22uTTYDX#1eJyeT)Bgi}c;)uD!Bo;GDi$ z$!@UL0(dTEVVGl6=4<~5w8eOlgryYw+$bgWwY)dL&Y7+nW|JE^*7^Kivb0v^lHe4s zx?bXZ*{qgiScoPsAoim~&`2aLHDF4OZt6r;@0wm)Bjxm_ab0yQBC+3u4k?`lWqG}V z*pCxIAcikrS4YIa&R2;5uv~H8#4W-$9M*`Rm5PP3? zM%7_$d=?qUbj_a_8{wAPZPC+Of!uK#VC*(%xIUPza6WntV90FlV)P!di7^6r^X@}i z(G5qp7v1U8J1!-gk(_XdHwBr(bw)F5vyDoj8vN^=WQ!6S(|not0J@>re$+ym+N70uM&;dWSs@l`^972gI#9W>rA<;}Rg3=RU-Zb% zNpj6fiKYZAVZ}=F@SbT?dlZ{rkcuzMP~20W2cCbk|BX=cOG<8jF?s3lF967z{XaZ7 zYQ%rp|Kk7gc|O`DQiskoqWrP#a+j2U%d%fs0c^d-9{`M;Ke@Ta|AWo)4U z1-2+7>&&bA={*HE`w@I=9{R8IZ*?5M4FmkfVaHHwDAK6a@7e2> z3kYaVzjyEAbM>wMW<@m74N~0bs0MJ=3S~X$3MHD)PAMPR>+6(quRv=w(DqoMCjMsQ zo?A5x_t)><+3d^j-fayBgT8$I{EJS)$=oS_1*b6 zjHW$B@hd`7aq;6xJwUEWO-|FdyXY$_$pSKy|EM)aLD|~kGo6jzz5A-U{7{&H>D@a3 z9Xl3HJ+2jZ`Imfv>nqmh+fO;}4_g?+ymdf2JJ{@BmFicI)JcZv!e70R`}bALW-V@# z7KnfBU`E0D-^?0uFKw(o|A&M9!~KT*_a*xQ;wQ18`7=?QD%#Ktk!LOb!UiZyF;O%k_l z?j6O7Aru;rkI?(xyLT=!c}r55Mm&r=CaV_HDqJpp zbZngx8h^a=V7T}&Z5RYT11)WzgpHqkMC-}Q=1;oX?^z@JVEs7DdsW1DZ5;L5(nR;?2e$Dh&%0ipos!li)<&oLo&crzY(Pah=qh>6OH78=tj613~ ztdRjiWrW>P&9l;mp|{4zfVF3T9QM22L|M}^-@tiIEo}s?32bOoy`sw-7-Bn!o{{&) z5L*qy)!3+)3d;FuP+R+mq-`_i^j-Dh4ZjVjTvKsj2rWo$ z9czBtQNvlM>hhjxYikAH^wn;&h9PQO%~pd|HE=p^L8S@xs`?=fRMB>gs#l>Ii~(?T zuKaq%bWn!X!6M9>0FCnMO5YQg5X0)0S649c1vCvApP6MH28d{f(H2RYlxB=I%AxYUS-3-jy3N z4V{jYdZLYMWNQ`YH>ruYv4CwY>da$7X2jELTya8<`}Af?dqyN5Z{xft@$5ZqTAYwrK{5BKW#e+Nf@QB#*3D8h#IU`%{Ad@*VOup_Hp{S42qwAZ|WyAyqAm98uXT% z)BC$P-5_V4U8{kef7czRH^a5Gd$rp{w2j7U*FfmGDwM*62Bk8;({K0P{6Q+9m{piNStgmEI6#(@2bidm*xDBL# z>qGqxpEmx_+=<*<8|&Bm)aIuo4%pAscoDNzRxjy=QW1M zGCRU^CNy_JTgZh>P9e&&kXX_LIsZUykec8ECsdkb|L#!IzJEQ0Dz8YFA0}{!>@_LJ zB>_@lIg(4FIHsN<=C2DcF-?SUma*F?B^i+#lw_Rh2E0A>Hzo-=V?Y% z0dVlF6Fyz&Sek&=?zqtA!mq3>ptTXYX*F1vWU5Psl0lt6ZC^wo`Tec8#{UzacKUyR zxqtt(QU0%b{QrZagD?IcpXFmsO8U;K>?@+fgu8lAey7Uj938}Ums0+E>Ot`ZS4*A_M^dmG~B=1+Z*lg zjrNb?Z;l4TC*KUe8UDAeKjLou{Gayyf4?CBR__13qrqUWvHy?0_3 zQCr&x;M9CUvbVhrY0~~P05Ra>07~ls*)V(^b^Rv8>MnktcE{JUGQtWoggM785Pf_t zv>+y%VlXS&-P~5}h{sJ(PBMROr|q>rf9^Gav@)@px{NKW#K1sHcG0AiD8V_RQjlzl zCd4j=l;pOk4ieL7Rt>vGNiqDvaF4WQ*Y-9#i)XR^Rv*)meyl`=#nM*%o-FliC6+^h z9%|M^fBjocmtY!f;0Vuq{`N8HM1#%YuO0=$jptZL@sdoHmlS8&vf3<`$FzCIowWhl zfn8;pWf(&fT?@dgIqmuF0G1UB7GMh+>eVJFs21vAYOOSvQD-xn(a;O8T7I?{%>l0( zxh^NfW=Z^(sdXqZpAqS0*s#n9+R+irz9ZQJ?g>CHqeLJ&Ra6TJB4Ok_n6=i71ar#N z(7W`AUQ?z3N}+@T7E~Fb(B`v(Ox{Y4Phkt8W3|H(o9c%qARHv-)q6~*%Jn8)!SMi$ z)Ne@9n-h{k#R)-Wu11;UN-R|b4yUQ6tB<^@kCaTycuKfWaVv2RJ%SYxfqIVcM@Z0= zB$%rfL4sW>1~7qjoKlgf8MgVuZSKi}(*@>BRIpT46Xi@XhiZbTu&rV=$2^S^mKtme zPEwlabx3(>W}QnWKCoG6ImVr_vVe_ca4tK&33LD3mk$#-JP`UzVUEGN0F z#Mu?4A!JmZkc|p2aE@mrjV8+xY>8E6LxCC!YK5z*BO#?L_~tM!?Njnr5}xDiisR{& zCiViNR?AcwR!2oY*&4Y{HtJ)!>N+_c;B3IYHnEE}ms7T? zh*hDN#^bK)ZTQZ0wgdc*T0RA56JlhK32{z&aFPITs-vE`0u@X8*z$z64y{1Q0yCjh z)Dm`#jY6iw49`#52+N7I-a+d0QiG!c`+${oN``JZrC^ zUhL4t!X%GW*a8*eM6*;WNgp?$X`NR)K=aN_&@EnC%^1dU9LGkMwxTo@)dcJ+W>pZm z+ag#?JZoU#1^RErM7>7^6lkq$<>TsKM9uY=_s(r<`$TnfUYSxHmUhx($wU2qbq5vBPo($DO6^n((fPhT;4 z!HKZj6=@42;HZT~$_%oS5$dw55r*x&ElMF3g-;gfh~sC)4-l6uh)(xI=Pw5SYdSfKv-We;2HDGt7U z@P|!d?A#l)!{l6vOmm!DZs9S=Yg80iCUYf`hz42g9A2C*XigQA92t4h8}UV%Nm^ti za?J~UDEoNUx?{?l)DKp+6#?hNf_Im@uv0r?Is?uI-r66O8C7G6)ni_w4 zoOtIKP~0)WsTx*{PTgsRc37S*(e0e%=#Ag(Qx8YLDQwWr;r4dDtH-6BlU$n1#@eZd zOF0i2k03*cVK;C9qGivhX^g#G9(}#@`m&UaQ=IiRz$gUNZ?GK@F0+A+%Oz6lnR>29 zmRmTs;0V6819IM)ZNLiivZae3d3(Aoh?I)@DWO=k5doFNc^cWqB9=!}%7u)0nfqO- zyiP5FuHl?$A0Y)%>u>G-v$)3&0PR#gz!mDYohItRc$dbBR-hMDNVU`hjJ1l!(&n^u zN)s?8#~JyGJ8~7=>WNj41T6_75tisph}D}WWH*3yjH?%S!McZ#Yt4{uhpGAP z09T~FZ3xln*~R7A$??_M=?JJvy)TxabdOdC2#3%L5EjV}5Uvj)2(R~M2^ZmtPMx#2 zUEslP)kJtqq>@q9|CLw?6CBbJzlLk9bhu;FDfH^~)!7LBr20?g zBfSB%(vaLxR(ia(X6orIXPl(5qsT#jVN7Hu!jnQ~qJB`+hT!VO*m^Fa36ZyiOB^Uznsbf%U$f1QIw6!qOOf=YPeLURy4Mx(Qv~$pXwGE?w z^JNIv4k6|fDsAS18U@y`{@rarPYw8LM)S8u`&aLNO_>Lo9~`^wIt&PxMO{bN1v_^#nA(y-*H4aj!3;&P?1rGXhl6i`n?+QJQX8@qEVVpVU>9P2J=(O5?fS-C zZ3g41G8>^`ytf}8_zK5?2^Hw699L=qKUNR;@tVMg*9H38z&3s01{y&}o$6Y_x~ef) zC05tCb^2-?A8n1$)>n(=FLNg3R`BWxypqH|2ky~>(-2bCdW0*e<1AyhLMtA%tRXX@ zZ>MhOG?^nY2leEHXfY0CGgX8N%gm!4W*ke=8*m`KdNEd1zu;s_xcR}gQETnzn$nX(UH5XHJaX^RPXdkbHowuZPmEgeQ$17tBYQ9 zftC?`V<;Qk=O!!{iIUbd>}1ZUu|HG8tFVc+#S6{^Lo`=wTM&VgInERPuc9}+1hp^8 zZzyLucx&imH=|N!#P;1Fvx`KT%oPGJX-?HBz^(6+l_+KC7Uw}33pq)M5STA_VF)-`up45uH#}RS3CA!zQzaulsvOZC#f>#s zPkvh`zt(sAV)vb~rw~@Ra{6kF=I&ur<)x3L2SYq8Z>^k; z!GF}Mfu4ebB_%M7sO7XuK4XEYJ() zMX~~Q_Pt#v7^n(O0gXi&n?*N-PZUqNj3Ai0e-#OZUa;AZwn!akT>@onh8!4F2V-Vs zY@v0}TPJk5aBN^RLW5o%c-x}UX&Uei)()DRx33eE2qn*`>SJA9ClY9znXb#YgmKdM zphbUo$n^CRsiD~Hg~s$RtWwJWwa5f{b^SMe`nlCV5gzqG1)dmDYrxbu-U7w}WC zSTY^iMS>8Q-!B*q#%G(3M$hLa6sPEy8lm@*HmKZIw3`#{lgn;_kCTiOxQB_2g{yJr zw z`LQqlQPSX29C#!)J1z>6*Ko?%?2<`{vd#%BNbZbutC(f=-e+v)JjP;88lcLJPZdnJ z3@3wVE(xD1j#j_Pi5&U%z$3KxWH5YUAC)y4Th4Oc}qfbqy6X{g!6rqI*W=qHq&h(A46gdhOIqAqs-X3;U*O zUH9(=OK=8EXesB2k1!FB^%^xeK?ZhuP))W?0VfqVr=2v&$yv!wC5VWJ@+#8BpsHSE(r*`4) zD&AEP&>>o2lO@8)9F1CGKm|&0mMNB#$~n!oE-n^x=XVhhRzb)ejum@v8sOUB_ODYz zT05mA)8wYhA;l#x1s=&sEY`^;tcffi+q3gch-lBv6 zD}qFYy}H+~5jDJP7I8GEGM#7!QlL``K4!*f1BZ%XqaH8E|940K}K_ermAp#8C78P8iH8Fx0I9gip~g!Y*b_VD|!Cx>0ad} zq${)_be7-zh`B%zFWc9Qq8rSqqG`TwPTeoSn6;k8vkEr@(X4Rm&h_o<*N!v9SxH9d z+3}@A&(`Ti@Z{wx%44QWJtVdxssp0l!pX}TA@ERZ z?NQwN<2nM~4eBb73t{Y81E#C)O6>bj9an3p^7WdK%FR=4!R|&@dQjn-?^K0>Y3ew1 zcka}=LIKEzk$VxoA_X}t+;TJ_MH%M+ctanHAXhCEbb$+0A}Wh|EkxIM!! z=Tgg{7dRo+5^LF5u|5Pl&;U9c8a_V-Mq*cC6W$3sKPSs!vK(PwJ*{1gV|1P)ZOIOc z*;)_OEBb3w*WARk-RZTJ1eh_L!XwF91}5wt(Ehd_#YpIZqhur7`85qx-R*B1z{@&q z4QEeNFzwrVsgsiFG-L3b`%kQtvcPZ0C7+QI+B^K`>e&yu3r=C*^y+POwq#aT!O}{^ zGk5hDEcL}geIXAAZ&SZIc9)LMIu|CCD0xHu1B-uB(k!(nwx?3JS8bZTQH-+cLkmtL z^qPZHrjlouA^yix?P~@%+YQ$!)fsF`paP1-ZfDXddShR{QM?|!wLG*AR5LZ$VRc zcLk=VfJJuAFxIg(qgnZuX;g>x2YVK6JNy9;>gKcVOJtv0+abNoj6?J0D>l@+G}h|M z?Sx)2Nk&b|y4y}(cAf2bjqKP{p89N%6~2K1H05i&m;yC6(Gt3+QGDbOc{V1nV}(^~ z^zELtZP(C}EHg%pjm354y}H+lQ-XnnNvc}!Yd3z^Vr^wv2mf)wwdz-KB{Y`}q;&!0 zmjFG=hCYQYe34==)t|`X5D91_N~$*ceh`8NjwWczfkSXIt5kqbK0{M)}0tAGh)%q$Rd|~cGo^za#3&JT&wZf^nE~>%^ zN+Vqy#$Xko=CN*qZZsKsvm5R-W$cFV8%l2b#sEayc$kPleGRa04%XJ#8$bvu;jERx zaIfzXH4kdv9sFHVWWgz1fw-vMfh~%Yk!&%PKtMC^`f<`A&jm|OY_pHt&}w(s2BU%# zvMAi1Zs1#61?C!{y*u`f;K4d!4G&C15i|sN*YUDww+Nq)(AZwfoUmMyw=&)YkJToj z_D%;Lk+(_^BNE&}>u;hd;}MQbh^T5UTcj*bt8W(c_%*w-8s=0y=d3J{{(FAv=$FZu zWGAw7vbsTwrATBZkp8#2Mp^~&k=Z^qSfdtaVS_m+`VE^?YpGW^w{t}-qh$4UIgxR~ zIEe*Y;I|3ObIUgw_1zZSCODqYLNVt;7p-quSZD{LsVUyXxc61XAO9As&Q%RG3}t=1?-V%&X-@=+@-d*(zZlhcibZN zp;Z^dE7s2{>*bA>%WC80hcjJ%K*Qw+HCuiNqh(*ATQgU_0?m^hRr9c^)AH6tD>Sz{ zG(7kbL_1ptvKQDXH^^pXqiilzJp*E+_^a6u1Dy=4lWVrgHOu5X!R@d~c0IaaTslL5 z&VGaSO|Yjgba*~w)#9FMPAl7x(HoKzA#@C`PW}Ey8+DcB;&}i5w!<~jalZn&L}POS z$kb?c@UpX#(UzW)3@@$paIT-BR6Rt(JXH&7Gnhpni)ex3Bfv;!BLEf6UH(S^n(Cym zS94CpoMkC8Sz?iNPc{c8O0a~kfQ|KoHNbkogSNAyWhO>wf1p#g`6Ah#dKL~2m{1^8 z@8}2}Dc+@q@dyn&*SC^`>F;NOJ9JuCc=)!v+TGUprcl?e@=XD4u+BFHwc$$N6x@bu zy#cNlKG}G+A2t{Jux+s)-gT{yGj^+0D`4AD1rbbet|ZigGf5J)%H^E1ayGYm7*s9E zaqvW&w7HnOL>pc1zpN+V^ed zv}Mo>|2S(J7=?V&dj2*rQD|jroXb&5`*p4mN?ZmssEK0jsJkPM?I%+W$qb;s+ut?({Ki|X>P{*;d7P%c9TyGUBdb_kI-UmHoOl|ex|!gKmzF=UqFS<& z8>edZz*3^Mw+&FI zR?QzH3-|XvI$E@+5Ws*L|NX8I`koM`v!`&JTnprxVXumJuNnh2h`xQGG6=;Fs)9%L z5aP&-_79=Na&6ZZxzOM?d^AMmRzrix+k$ChWjM8^#M*S*N2_39*1jtLK*sV}mBzrN z03c~C7Xi^zZd(hB@(E6CiE3n6Y7NlLow{0e`OLG4TbR(|+LgmvFbaZsGH=X{WpMUGeUu$zJ#;?_;@${@ggL*}o^?J=X$un}(zy4Z8L9xioy0B&y zll;c5VB6%2<7a0tei@&=I6Jv|eOawytJqx;?f$7*a=YCz?pG91&D+;ob*x?;zdRdX z9G{#u5o*n%&;W3H_Uwn}EtPGwd`C1|j7)VloR_T3rD%(^q3u006A00xWH)}r4K6x+ zfy&34%=*pOXd1kCBnfhk8`qsu@V=O1PWoXPb@0BKDu>gOk$X-4fP9-XsR!3R9|e`8sITrFq}TanL5a->=|kl#iqT#gRx>ufDiMm zzpdH?8!*tw+ofYWR2zbhMU>ci?;2YhboBgUfJo?3Sj=|=WPwwYEb~Cd5)Fv^tj{0f-R`+!bw}O{ApXoq9oCvW)#AAJIf!fmu zA6m^|`b$MfUG8h1P0j#NRQY^MOYQ*3D(-UmL{rMiEzYw3HYY-In#jn2nKB;vDuvaCGhlH6jU?#2*1mcm?`t4sI$s`4g108WQz37)77}wV}N4{ZK6wOMoMTm&a_Z z>`_aAWRLoBth=p!?sO+5GqN?>$r)b&|E;6LSti9T_N@rT_8hy_M@Iuc% z!uir?<%3*Y9{XiN$+_B$u5OEG<(b_c$L0>C;dQH>8|%VtFAPK$$|~(a%Isy9Cug|L>Eh9^#-iG^ zp0il1NYECh-t|?ng1D3{vPnaiwf;fzf^F(qsu=)?GHKM?f3d0h(y4ZU5JfzA{$38;ZOKhj$NM{3%t#YY8tlwnDPe6)*5 zCI~X2Hy-&RrXN)x?<=vLH;8LOTceK%ZjE-tU87n*-n@^W7}vTP(H6DFw?>;pxUP+2 zm~-GGVmseUbmxbS@BF|Ko*z8M^Fu{>-k1ii3jkdsfz9C0AJI}*Tjc zY-xG&T8szHBBPw#R$>j|Xu{dG7Xrl4$4XFgHybNveWP0mwO1X>s!?pZwp$I!Zm0`m zJh-HAar zqM%lxBWAgeY35v4`fYZH|<_p;i_A?P6M!+(w8KmXCc#qeJc>b(ZRI~F(ZRhQ~| z!*PC41$DQI`i`BvAD#8xGJ||JmGs)x6{x6ffd~x;vHstnzjx5Ju3FUF8;t!!>$^X* z#=BBjZKU=!?W)<(;QfJi+6*4-`6E!(+jy^}5ZW2(2+znr@y;(Eu*c^n>Ll>? z)P&;oSXbbfB!^%*GZTcgT3vcpJWShi8tI;m&|;~-#R*&ZgJs`uO40B0?#N%W;r-Dj z z{i@%xtiQ?luCj)&Uuf8CnAXgcwZXDUD(~S|!?Vv9>vik*FT&kbi1X&c6Xe#9)%{C! zYST2B6i)!|5al*U^}%I2U)RUq>`rJZfj9!p@Cg<)t&N1Cs1QEMeZOod)*&=hcNS)sJ zH6_o@2kf^HK_5&A4aLyaf~YrsHDUBloAMr|(r`!ACDS{Q){hiXefo7bF|~%kgGj6E z<<(D0+aBo8Ck@z%nv^ciI=NYOm&#R=rpgr7p!1x8eQcNyB)rVb<)ovLGof z7nOxEG7r?;zOi0?Z>-m#3DbP3t?Wb_zP_EcEFTb3f zGk+*n4w}7qH|&&2YlSG-K5ShRQfvVedc&wOS}@B)*u-ZT%}KUEDanW=h!rN}vEmEx zje!LVKzGiR0|=EnADD2McWFIYv}K1@bi*WU)PkED@3DS>I$cp<;pjM5i z|IvSPHH=BsR~q&!?!&4F+gO4T>?Ld8}x>X(%tV zY!~IM(HO81hze^@Eq75eXG~a|QEQIl+9lk1*7>kjj^Y*j*& z;s{+5oc_eAB(L+Nn|=uTD+wm zrL*nj^$_cpzY5Fs0)d-oe{X{;70}8q!ulqG3got@+3gCj<-De4mO(jLO{Meg@A4tF z=yqgnvofk3oI9RP^+rm`fc}R=e#NdyuCH*k!;Lv48gruyvfRjI!L<1%gy=-a2Q;h+ zu7%N^XCfA%J`bRZh z&Qe+@Ls0W)lwY2EEyQfLv7II)W4EiKD?v`ZIq3|n1qqT3%Uziw8(Ps4OUs60F0&wg z5H2W$*Y{#G!*jdaQQd^uE91x-{JtT4QZF$xf}4AgQBiwxi)AtoAL%4=PF4bpO@y3_ zDrJC?>l)#3o)H9LP~d_=Fjy-7YF9@WP(?@zcuUnnR}-cPr~2~DEbUvCKk^0JyT!iM zT6u_h>jLtdXSLJ^Mg|Po;`;0Et%{pt5~H7vFJGO%dOm6yFDg(<3QiL1P~rzL9mab@ zwa*px=et3G8k)oFL-%@vNInh3VDn#adP6fZBWEJPnLb9Xn#sOG#Jw|S7Zm!fc16L7 z6()_7HRxUiQ_=~zCTI@{ri;I6qM`QY8{g%<4X4d|@>xU4T zf+LrDYUqMVlvE`#a6VM`wL}5ZsTyUi2+=Y)=xc;dTs>ho#F$G|LRLYNMiBUlBy2R& zsLJ@^Q3XW=M(EMYQpn3PKNgStckZUM3SAhX1ii8Jn@;v zN{|;cFW@{`^PDgo)W{|zd9`cn2UUzs$Jl33V z!Duc`0BJGQZcn%Gbv8WC8n5fB z`?|}xVic3Pw&M8s5m4QK)9C)2RlfV32(Nbf*5#wZo9%|<_a@N0e7#q|_x!!rx6tC^ z-3fX_H}Cb0wtIGWw)>FY-RqIR0joY?%^aW>9<2P*A zuIIzu<-y(Nzis}F#GGW>{6hP14}Jgbp|L`!`ERfF-oAI=?R)jywytBVytY51&-TN6 zY`3^SG`zJp@YVLlE%ejAvzPWg_-H?*hxUW|XFsra_QUvQuOemZ+_77zWz!{lvj)1n zuvazVd140_uGPA4c-DCy*lqsMUEa{vxi0j)Zung{yskf@ji$GCZA2QW_@I!E0;KPv z*{x&X;I47XvQ$SLN?A_KEzz2sebvnyY`eKtW;N$ftOoHDWK?je0CmP|xAw6~m5sJ= zDcRO;ok{eK$ddW3*6M1&e%DO+p_J&1x1jkZ{9k~N+%?KvwXHCi(Y&E4ipn=5`1d(_ zkCIZNDBVI^D4OnR*3lrO@FfOQZ3H$gGoT%>3zCoLbSlji`5X%*l0=gPtFu#B&{Uuu zHIM@ZOpT_oPJV2*-@maELe^QLpp}AD+-0nvT6A;O&xuV4tdP--bY~!a3Y_uox-^lx z7_0~}UuelEPUZ`ih9%bQ_|6_Ql0-J@dU+zPDx#USG04+62*tHyKB2NMgY|k?KMtiC z^RO<%===g!2W$#i>Cv8f>Xfto6L8_D*@eC=CF2xleVnF|mmMK8aQY3QrEz~`(V8>yXS)B&_eC$Xro4Bj>_zTEU%OC%`0z=gZ5b5>a= zR^yfhAffG&Ubdn2h%oBN;=XTLn z#C69|V#`TUcft5LR@>2V#8bu>9h0b=YNWQQny^K74CVA}5X|+t=H4H-HURjqfDZ3B z0}V3{xR^Dm>UJ(qFyH+)Q_`@VPtP*Ic1m$$XsSxJ=|U?QRz($|tth&soTOKDM)(O% z=44ENCC{Hd-P@|B)>T`H-C2I~Bj(m_+2cyl4dzr^YpG)~1)kWEK6jgQ=AvQy;JiyC zeIfkq>(}1xk4{YS?D#Uk*4Etw-;D5_rKani8RH zYmVY~V%)iKT_Vfx7`qneh5ys>DIUQOgJCYPB()>WSj(#JPtCA%S-Qx)VSC*}4@@pV ze6B>hiy*h2#pkLjg`k+py61*t6_n0ptgmgyl4D6`OYMYfe`%GjwE-pzlZr{Pv``D? z+Nw&%X2p%|?eRxUf1>>oGQvgQTfzPRpS^egZrer{$M4VnE3k~SvAU*g=h^G6cUQ69 z*0+8g%Sk^yZH|``VTm-hV(e-EAnK!6WPcATzt&)vo(F&GR6gTY`PPgs9G zVu*>{xIjl<$T}9@dzMmb(!1hX8h~7VR$Mepf=~TvK7!le`KzbuQ>}!Dc((#9{Z{m9 z5Ijr6qaX=J^p1raEl*SGfz2O^3(~Sr5(C&Dr_(qjQ^KnXM*o4#p>i;z|DikQU>e1t zbZ#gz;tDpujB?{Sb6 zUc^LEiBJ~c;aJ(m8pdvhlPHN0rh%zu%%<=s^(6vIDrps4=c35cPy}F5OCy$xkjzvd z!f0qz9qvk(_~;V+TfF=?KN**!)c=jrOZ;ylGyXje^6=j+R|_9Ol#F~)bY>$!C>kYH zp-<8fZaj$+LK^b7z{d}g&<_$E$tTLR>w~Q%OM;^+(x@H$iRe=r^)?__3R6u8O{TaD zq{;u5upOBC%d#n6N zONJyS$DtX?c^6pASV6L1WMpYmcAUVZEpKZYQ<b5x{*JDo~nuG&dEMyA`_pnO{92q$&XVy0^VexsQ1ql%h{6&z3yN zL~q7)LW_WXCKG5BYhgIOuX(w!|#GhWT{_KW=a<7&COGgWus0qYVafLy`4| z)yE{tWy;A<+x&Dl>1E-lz}?U`rTRl-mPaWysLHr3RY8+SXYm=JSw0jS9nmP284#ra z=j98s>P26EmP0tnG}b7g>r_SZX+l(2`?&baI~ffR>Db_Xu)HX8047=m{>C9%wck7| zT>*95=)$hMX6YU{WI#8bAc$%D2lEY0UJ{VzE|z!PAqXqFPSo;vnu6udK7jpi>FxlD z3ARmQJ#;ifLmVT({#(R*TY)}PR$AY7En(X93lB)))<)4XI&)oQa@>@Rpv+vCK-?Xs zIqafz5_}q_NmA_dqO9!J=H}+6rm_fVQoK62ui)qMobf1RnuS7s*ZDG>sb3UX?j9;{ zx=b!ri{Lio)%yF@(sfsbbGr^#8GV$fHPS(S69wo)!etX;U+Sh;VLjI6>{Z?PKi zRh559LvDI>FnO2`CUP@2-Ac}>$w^R|KfF{_fx#}?7b!{v4m^iwI2}B5Fc}nw-b!Aw}`57;vhl7|5Cr-VD(LeDhoKeOU51W?a91J2o> z3xT{0qIjCa^KlN*IE_Q_J$nGKd@>JMG^LS~1=#+SXGg68OYd5ghpxTNGIQJD1xvz{ z>Gvhi*;6xR&lY=Z5?~v=W}25V0$Gy0a^2)G2&0F&a3pHhm7~9H0-)X6X%D}4^|S}s zVEwcQ+HeK62i$NCSpcs9<7ul^^y*75B7XP!@Rkrq%({ToclC|iEuMC;YZp#Ca19ns zJAe%rOgo?r7fT5!%~Di6GZspbn7jE(*|M*cR}~Awwt!x2+BHP#Ky|2Yk!3$DU3;t4 z*R>>Il{(grJS-9=vy6sYsiohZX#%N?v$1owN7}x>S+LeIsX@E1Fh?0_O;WW-*(Ogc z2&*_a(IpHjV?mhfsp1%?J8z?sZ9}!c>CSRG+>#gCES=^&4kigEMKCQ7ky73puTGUn zAQq}rd?0g=D_IFxcjS%U4?TpbM;>zSdht?F&_LgHO~KPTl;|eXJrUI<0IbQIYBtsrFqWFa1KHjG7H?it-IK4sy6* zekFp$6|0!=Bh-3pK$CgMf$ALpR8;E6ECQ&dywJx|Z&5x?L$DX2d`d?G-cG|2^T{-Q zr<+-j^J$`{yH+jA;h?xS3I{Hyhb$cENuV}(>O+=-!-lI!5~a#zxmu-B#!R5$>UsrS6e!q}L{d8XG-#C20N+6Jssdh!+T=P8~+TQBfJF zz|vj_NDntMD*UvIIVwb9;4?s42+{=7buERsJ8c5T^lObk;^^ys*-AC12NZ-Pc%pR- zl5;rRMamI}WF^hR4MURX-cb}1hkx%uNOIa`43avZ4G=eV$onE-uXj}MG{185{kr^*WE`VairAx zIN+F`3+xH zce_w2g-fMjpjAYZC>Zl63TP?_X}Gr@fr zwDi~}Wx8c(lS-`z5Z)wD3q>T8is3_ya4Pm49^hmgp}%O5le#Guhr9A__+a9k1j0)Q za~kXO@a03D#F=c~NT+2CXi3pdoP!>6uv5YMHBltRSn9(^+(4T~I%&N%gk2Noqz^z@ zXn(peC)0fLRYo}#M*K!WPUe^!GwB>5PG(>2!KwjHO=jy0$2VC}d<<{;(}p)mqiECU zrm=oaXNzzu!E6-ZQ~~%;ALL}pk;)jSv1u@0LWq;5yga-JCwZSRSAdhX^|IodtiTrt zZ?eK$D7wiCapB-5E7bp<*d}ekJiyQc{Cvc3sP|noF1QA**MZ@RWx1Jh4-4(Oy>gl!kcQ=qW@0XoB}L zVyHMMO9+)2H^p6|+Wd1QXy72owHWtjT|iWiK5~&R7T&su+UKo@{<7Y`3$F3I*Xb4@T^|l#CJd*#p3y zn2UrGhhZsTA6x=nM0*{m(Aeeccj}{mC~bH=hUa^>W}dgsOJ4EyjAXg1jL?vr6`8?Z zz?&wbl=m8~NhTa1iMr3aN~UqV4wAIg9j{3(F9@mo%5a>fNW_r{HBa^p^R9O3r$B5* z_kf-Nj;QzY>3h&)$CM-HCo178Ux}DA9}une=RCsjBpEhfJrw;1YBPJrtlACcmW?g? z58MXd{tz`7lp3t}e%Ely05w5)6{|<=)$~Fl3wV$r!&Q0|(XU_#0=y2&kuqU)NyDYE zxv{a>8EraM-9QvP9h{nTDGC z;QcX$gd*3n_#)yJ1Bs%UQw#@DLQ6%g!S1N5&Sabp3k|7L;M9k(Y8xrSO^1e*$S0z#L4{oCpIPL@_c0HIeQRHXotn&D$;u>>{hE zxWvUcj|NjQQ*6-b1afbibQ&@N6_SI=6lq~x79fP;QlN=QGA_wLlpq`k`BEY;?W`LO zCNv6E7{U3O=$|;vqTx>Qz`u-Qc)=k*p?`2;exWO~8a<86xB2KvWLlryh4&%0aWyDD zF)=9Ka2y;#;NsM%#AwrPr6N4L6bCLEZ3B->8pkGbPm$n8Z}%SvZXocL#DN=F-%}X) z5yW{kL}m#1ggw?{!1+T{17@N%kS31PoCuaNoFY2IIW7uf+QPQqvR%^TLjr{X+2=rj zV#LrC|M7Itf-Ov%lS*B5AP;9w+NP>eAdrS&by7(=S6t#1OA74=(ywU*S^0pnoQ z9AfKA`g&iyAihljx~F3KIzCE?{Kh13)yOYH{z8@UO@3wf0KsS*Y<6F~>27KT^4WcW zQ6GQFmF4AWvfsAAe7EqVx$6S+kcDT{e=o7Pyp=_!2N>1Y&Vr$jx97r-O}2 z5GC|~x}#JxYVyRgR{Qex_fupQ&K8=8mSeE!*L6 zS_a<8b%6d4w=XGF5;C?_)84r0``_nVuURijW2v!=vrzex$9*Ig zXxff%zp~h>52b^Ut#f)2UFDzGNXpC?>}5SI^7B|GaV4FgVII(MTAWXL)T;SOMk(#x z+<@+T8U@-lX~a+Te9mrf9dMXoZ-aklS_w>`G_LrZ{EwSG__ykaS#+rfSr=j$!2yV|RE-lH$7y+=!{#qjESV9RB0r)vj*rFmUD;4k8K?Etx$ z-?ani;*Qr2zz@pvdbvyI(ec{lcrEw-c|5PJjhEzlZG}C*@3j@&BF@)VfQx!xTY>)B z-LK{0Yfk^`Ha@}2@x9hDp2zvR4bIDQywwBZ$b7(Otnzz|C>uX{g>ImU1%-5CS~E5_L}?TA9d;W7tZl z_e~tLE4f)Z%>hrqNb#nQMyAN2WBZuqSJcR1HHcsR@4zw=i?) z$q-6^sv`MR<%q=fD>Kk<;2c7BFC<=A#;Od(H?5n+iZK1UYKJvWlQicuEf%f%Ox~Q! zq}9dBg-MvDQKEV6C~aGb$luceZAFdhiISm-`QW7qzoO4a5KAjBPMPZ%qA!0>2drh3 zsCGydJJE}B&BlG# z#4aiGDMgxx7w9cY2J3X*ZOy=>@Mq%8Vo9G(ga5_aMSH;m9Qy@olHG6lYx zb=&B&g3%3R?RzlH%hZw=g~b-hoetXW$_5HK1&ihCe%xZlL3Cp@@*n7w)yqeMa(|A;OE%w2@H}~lbheu!HzeX{hkiITksFC z*?m<2xlCz}B;^*3?>Z{E5xj;u%^#UDZ!`X;bde*zpH3!0K4a*M%Qp~f17OMt9W_w_ z{^#-c-}AeiCJBs%Zo!>UHkfFkxw$7n_ji;gi}bO%xw-lJOnce4V3x5_5k+Xf!5 z%tNN!=hL6&qYd`YC*C^w9M3XHzGauo>{;PX>}`V^Dp5SO_JDkvMcFpsDUA%RlP87<2nu*}g)2?e$%->!4Sr+92bSQ)U6 zaBqsoFu^?5Q}-vR#@RwQ`kZT6+Cv4CL7K)eC}8X8aGSA?mHw@Qi+p@reBtG3ir*oa zyAUwuu4?|mNt96kBPRyhb7L0O{Hq11F4z<9Ylu23dd^Xta?ieHjYN0~&NUj2H9M{g z@5HT5pUB@}NDfXxoQ;EII)QmK1PnLDMNjXP`Q#e|1Hhvk?{V#XU4NGal(#95ZwM|^ zKDo6LG7NAq2oPMHh}=t00&F_>Mmt?42H`Xp>f9Ff^`_?Z=s#>drk6m)q1{Rlo~270 zdU+|-51YE-E-+;7`bWXg6s+R_fehx82qEgF#E;C)r>c%@*&@sCRP_dKM#De(0_1yD zAL5_jY%ZGq1ZRZ8 zx~EH$7d4$U9u|5>0mU-nn$cE{R3DSBjm)iwaog8!bKNF~5Ua#n>+~OX zZ4^cSnNN!-che`JT5=eQqtM(n*|VdF40Fr&Civu0-)_shcS%HKr1wL#yiHLdan0Un zO*pqo_!_u2!SnWuvh+a`VNm1&t7K~$?2{Pj)7U*6ma)a)GL1u++muBm zt%kU2q=_Hs-Yx?!FQbHd9U;sM0D3i(DEz-0OkL&fYw^(L2@brwJ$`d<0!#nGZM1S) zcyku9>}y%s6#wrs^mh8Wexv3Zs6p^5npM!PmUeaY6Rs78hejEOiU? z7*9h;&IyxAnsjj%^J@{VQh~KF8e*}qT|*N+d%XIL2Ua`aGf1K&B>LP-GG-B%y2Ng2 zkZe_-D?jkE^&&?jO_Vp70r&|Hr(_SOB)OUn;1I`P1Tp)<_lvu6GTUd6rcdY=_vE*? zz>h(YWnJB|TKK>0n9V3UJ>gHw>axw!sSFPK(yfGEL|9kh41x2yq8#lvh8#^?6jJEGm? zG>)mS3~j~vQ&gB1FFnwe4RS{Qg8H_Ga>mq_+#75!r70t~cO-`T3-NiJ2I1QvCTx`- zoE}C9AHrmW$E0Np6WJPm!Z1&Qm~ojLuHGC;uoOiCjlv=SWQVKbdtpo zL%u|aJeOfJ6=Pee8ryjaBv|S@s`SiK2r!333^T;Mfwosxwz}ZwAi^>eLYb6n5zDBB zgDY}YxP%|UBuZ!^Io@c(?_Ol6QHKk8b$dkDP4}S~c;)SpG$dQ2(7km*$z#eIS`AstvhVhmK9|z*_SPqVN8}%JG5RU^9i<65Xze_^ z=^`B9Dbn_UZj_92h|sT_AG%R?`>f;10SeLiq6^*?gwW_PhVevFsSzhw<_t_`eh#yA zqoj?4-}tf4_YuS*$(^>-?=a$MGgJGgy==u`8xISgYP170Y{veXo34xf{7ZJWfM+n&#N+kj-vs+jFO* zZ_vRMkBg1?_IAZz?r#PB+&eoyIR1gHi?=g+&qq5Xo17GEDjptPPV@*jNf8EdbOqxX zw|3D(9EGKA3&OKoj5?mlJ(Xrq)V*>ha5xT<2u->St?y|9WnS_!hXG0xv<^O!{UcA4 zQ9J`^I-;rLs9*9-?(Y(C;Ze^ku`*v%`|vd1c$QA1yRvl3tD@?gZ$xgp0nIHO(H(jm z#r#x5PuUUKDQOyEamxPYo0S#)&YgK=GhGIT!u%_f_JF3Lmj$$Sgwl8Je|<_ zFd{v+CU#bMBksM zblZ{{)MW0le46l$f|-HA(aG@-Cwp%%&Q4CwFHU>?{?8|8dppMN$5QzjyNO*#P!3b} zkC4nP$G=i{MDK>?lof|RpCIoGzBX}I~qmUxs6_dzC$oa*2A9ip7ibO z?e@5fNmX0mmZkeZ2ho*lz$m_Gx)50mR1&#~OCk3HbCypnc2=qs^? zePLphmaOwJOxEeJbvdmYs9FkPAQCI1G53V@{W008Jt>~oHR(+Fxms8P-`DqOu`)#m zQzkHThG%`Jm%&v&UW(58sgSaa@P0a%1h6%cJr&ElgkVo1ikcE1Z zbv#J%7-V@g3Gx|5jm5Z-zgTlZX1bg<$k9>sL02qas`MzI$^++QT|K^&6Ky^nvg~Q% z6kjlFp(Hml1r-}b&DUYE-Io+iHZJzXHcgUAhs1NzhjPTsbQ}!Fmgeg~Q8DUqC@C`) z2+@ORkT|<08XHlFxlid&-y;589*qx95!Z@Ms|NefPr=71gt{i=z>4LA`z4(+YYT1V>Ae_TGr z@~JlpmRC}xAgq`ArAxQcc~dOYCdR1RJzm}2*_`tX48>)pMQKFECR_-M@>Xn-4Du{< ze6qKHad2uJVfY5qRzEjRCu{;Yn`J3)$ceA^7Z`3WB zY$~jyW=$TxHwA^WkG5}?om$tW;^O-7-Ps`+%tSV|w z+~+mSfxX@0TR!tl2UCVFveCXfJ7mc|wl_8;KeXwf$hpmJM`;F`@rWJLVMxgwB_IHU zJpG7Z-mT&W(~0e4kdw(l-8_xsC>fmxqhcj8JJ&odwaPeiL8x?9nICK^4q*XUICixb zTzDPCQ5ayz8gOr_hW?**{=XMv7-uj?U7W@9`j}Sx|Gs?jX6w1`|NDG%bL;t||L=YL zZf-Wd0oT!Fn+APcMlqzfn(U5lR7$I)XDVi+FBERM3Mb1K)RN!Y< zWPHVf&8^mkwpG%;Q~p9!Ps1&7*B>!0ZW!Z)*42{8LFAyo$69wwh* z^Y6y9&jW84UKh18P6xPK9{mo0T(&r#VxoSoD;x&9d#C z7EW~%n_v04es%)jCx0`#x5G{vT}<&ENW5X8k}_IJm@MrHI1jKP{&v5mg#xJROC zZHtdcR|4;3WJZJ})9!pVBC>AG4ux>>(YrLw`=A5SmVJ?jaaK!%dR=>Qax~EA?}Rev zhkdXMb6n2}Qk`FXu*Jz>;W6#e;-BDP!pi9LI-;!JBujx=Bbk({oV5eX)Nj?{kw5AE zgf6Y@E4^+7l&I8cOQxQ@l2$c6W+`B{$YPr;YS$}9hQd7^k+btKoebz%nw_?4bY^Z* zs@O&u_Qsz@+lD)5ZL{iK(`H7g*b@C}jk1&jy+i-i^n(6^Jj}t zjK`U1hIg^e&nm&}jYh%PAjR?RTp%jo_>k*&@?LX(pb_KQ_o zG**Q6U`X&!!)bu36t9B|!=lIoV?Z6XG=9%q}cepO8N-N+_sH!c@cBKN&-`A9BKpwY~Q>8n^v%z|r&Qj9$-XM^o{0irAKBT@@F zt2JC)d3D#6GQDw6C8D85v8dnFWP)*}jcF9`PG5F5giA_5S){*OaE(VWy%%j!IbQaU z&;f~Dzu_{r3`YEyvenT1MXD@JDw#1ojim0VvA0E37=nW`b#LrCr`3Y;Yxtgiq1rxS zwiKOG%`6XDBq?G^H2rjjjg#o&8m8C|wPs7sj1j!<{vy=b41vZ*nq2>BGdq%TsB3-X z5r+{h-oKxX%z;q^6cIPrs~kAwM3CB>{;<}>NN-iES4rwdC)+_p&QGG04Ps9hEM<~`WWS-wUQg6x;bCeT}|0A*sX2{%_*#N;BE zUgzn#IOBfwGpp^p{rjiyM5FDtGXJvFEpg+<0`#ewa1-d$vSXew>8Jhea}?@nB1oc4 zN&Je0Q)dtMXk;W=Akd?fm_yFpqQvfY%~6Ih=|WB^4ky^<5t0Kq8M=~Svj-bk)gOu4 zamRh6y`Gv|Dp{sNl$z|OWy2~n9Gj#3}So#o=8+eF_63JaY%?O+NcIgyZ1I2dNAXHH^c*E zx1N!F?9}S#Ea}S603=>Bk?^ArK`>)EAxoY|xVG=5`30j3 z5Xt3EFtoXIGW+b5S=is@@XuqjYhLYN))&NpgP?5E|vCLbW(*;q=WT42nACLegW) zESs{aUvGqz%OWPYkd;vI1B^w#NPZecq(j11+Le2(VE(eO5r{wSQ4&&RXWncDCoSffEH@K}r4VHvwWNnUhtT;;IIo1~(3aD#XIWa_t-NLk*m!mM zr5cT)dDuzIVXZ3eQW4$wJvyohH~o*wb~B?~RPLW*MItgQh2b=Pc%eQ`xoXUY>%`s! z#&F5UP-iZ6NP+ugz~)D9o45W*LU+cLMZ>$`ECkCUV>iMz{FLPG zAVdfUhi;`{Yy2UA;7I>g75wZ6Z$dreBSR=dnC=YTT1Gb}-i==bWM)>Aa*aBrwf;n! zk3na1bxeMD{NG)5_9FgSbkgD`S79!AmR@%OGLETW@q!L!E{b}M)Qo7+W7OEl5fK%I zd|{;OIB&on33*G}k~cs-e`37v!+Zff^wkxSYs|LFl4HrMg|LZ+k2qaBGI5%MLAG@w zO!HUERZ{Sfi_J)D^T6!~fo{Z7qOQaM-`>I#>++am8fo(Z2hS26BR!1E$cKbtU-+t8 zVk}Wa6Ng;<_{U|oZrKobeMa~e%Vsr2@;L~S8)li?WN!KEP*-$g&x4ibTYogddv5#4%fGv6ySfAU(C=d#?jF|@vd}2-4J&x-G?-tDs=TZ||9N;q zjZ|>dYV?I7k|yU!EGim;J6lKGyHo(dt)JQ5pkND0ajuBL~Fg0g0I*sO=QxM_hxYJN0ChTAUP1 zg9&fBu$zJbd_gNtQQT{snHbf6UW*xX`fC%cD@R+B%ipxF?Gih4$IS=;cNpGu{WE#n zc(5d)R5_b_=>`SdVz8$rbfI1?GW&5p2`twlDs-W3 z@HWs(jm*E}tx@9Mn)8bWZb4gjsFTb54Iu989(Qz?2&)B1HoH@vbzW68Wn0~llas15k0;uTX5HwE`H|#@2KOHq6ixTxUzcY(DlG2FuRFZ zZ-g?08c%Ze#ZD+}09ErY7A7IVJ!KvLAkBM6M{u5@lU0{hbI)y*P5gAOM|;jsJ!7i2 z&tHD&T+yyzh*OhtD4%FGF4PNg1RBAfky?tW)0-2CoY{bzw3n4Zt%i$b(jY2s%Hp-@ zZrS8CsUGA0d!#a1&R*?wxhP;|Hrx`2VcTB{khrlwY8H%|S54P4aaW8rn6hjW=7lI5 z=a*JrJ7_ZGN$IelWvM7+lvAOHRikq+%M_*!FmL zC`%4pSo)LBM078-Ig-!-@Wo8qfL~3+Fhkv*Z0UPk8dpyZTMzH~8i&{;L2#<;0xP=~ zln>W)mQ>a-qBWsgfOU*v z;B6KIJwHf%Dsb3AjP3xlb=O49S6RZ;vKhnsws`#Wkxt$V0<2g}O?!Ls<@~vY8859Yy9Quf#N=VyuW>X?>UdnC6gCVPDXt>pR@?J8(woDl6Hqe%5=& zNB4(=_BsF`NUBWPa5ybKf&=m>MQdA36GYEmMQ-E+{kM7#FZhSE`FE(`Onkd6O_@aL zph(kZW^7b4WZ@C3cA(|1QG5#V`{E@~m&xGIYoKA5-)k#ydqnZk+Nu~lmQ+t*U7ynD!xZo|K|U7N6uNRa?+m{R;@1>VDo)0*H;RB zWqoB`0b!tV3=~WuoNWd2eSm?tKIcP!?p}c`Kw#Gg77uXQ{)TRb+v8ObSPX3Kkc}R> zzqtNwS=idxH{(wfpfnz7vV|gs$N&`&)h@m0xAFV7-?;LH?GN3{?uQr4x=~t$ln7ev z4g^&OPx*>F;Lh{6%_=)QIKn$OGBd%g;-jS;!_Gsxk;?S5DLYe2XNLpT>5JMZ!3o9SzB~)K3j^9heD^mQE}m zZSh!%c)FbCZcVJqNK@`k(S@-H57Sau#9S+{Cf{kEws%h98}?q)9i9)YPNYM1cBI@M zpSY3~4|F}LD8OHU*irKzm&0I`9!iW&+7H6|A@g~{cw_E3D;=}K`TNen(qG$=IY6NzqKi3DW(}qv2p3t*tzbA{umT#Il)oTE;@kQnd!l2&7 zML*|JIKRs|H)?T1;Sv#pMn3e*y)^v%C6p}fR!@AN%5B4HE(f7nXWX;)Odn5O(h`>x z2h9J0d^$%vF~vXlO^gp5lGHxc^MB9y3~X$~rbbTm>0g>>wl+L2&A8x%by$Zu5sAYt zN$$OvY45uj*L5mec&8qr=3WkiioOwP`*ixX9>eY+{a;pd)^O=(~!Y? z;2KY*{x%C-7BphZRw#6_nPFw$k=9+bbe6Q`wbfV(d!>+}8386ji+RD_M|osX*-(9r z&r}uL!L){zV7=-rHBC7@%%oSB;LT$5iMEB%Oe)BJsI;=dX!;S4L_xWbzQP(wv|V69 z1Bf&=!zb`j0V^gZiPcst^bWc-<+TUUDd+ZwGhn+#hKve|PmJ-tQtzJ&TUXsrs7Arw z+sCJ7>t3K*UGr>S+5rRGNo=#t{PWnu({%g+{HJ+_O4mt;CVjS(DLFGi4y1#d^TMyG zn23C2mf*#qPQ-eZg|3q<%1{s5Oi&T%^Rxr;QY2STO0bankITUmQ4(uo7KDEL@Dp?l z#s<*yTgh-}NiUsXgCzaZ%)dCt4bf0U(6Zo%?f#Nt^9_BA95SIK#H8p!2}doQyk(q? zFea`ca`2h}5*wzlELf6}E0WvV%@mPJ|5eBqAI~ix1IhNm;^CkDG&q#B{c|@ohy{d> zeM<25-jY%TCHG!d_;A`&OVUR9X$cLhV)$n1!k+Cg>C$dsPPiDQPHC|fP`0PHd9;xH0ouppQqoib7+$K3lE>>Mmb4im63EtZneFS)))N zdb3=PM-B{Opcj-8T|F)eZzs-3kQFgMPS?LA0)ZEweOKKn80)=%9O)k~#IRZ3-b*8) zJGx@NzFvps#&Rodjk_wt+@1WK0%rL-xdr&R&vHIR)pe=!Xpx})Y?hXFv|CI|md4aX zZbD%OjMozWqq)*(EqyZJg)JN$%f`ZME0t14@v^hdi&R>!2Hlc(y#D-JeH97JBZQ;F z5h+qH{eA*gr4eZbNZAyq#S~v37monvkE@f*FYU`0S>9i1=HHf#rvzU|*x84F*sb3R0by!8s_4ffTpMs-FO=BTC zZBRW03I_gzbzaluITu9g-AA^twzRNM0@;{YN$KCQzwq5O$j4VvDF8uUvnDk!q(d%cZ^x|bW zf=?I}9QcVphMlurlERq6@~1LLsOF)95pTv)uE~nm2QA|+z)mBf@oMGzH@! z-oJ40`2%sAKRa~l(IjycWJdU>tgIRwKoZOQ*Keo7oLA1Lrtn@$e$0b)fBb@MpSlKY z9Roo1kK?278nOZsEU|FR{*wC2znL329wiR zsWoR{rtBAFTuYy&Obm74DvtQrFv*TW9uyD5+Q+LgaPQ#Z`|94>bAN%v7@zz5ILfk4 z!W2Z~_f_zKQJncdOmK8ZIbD7DRT2n+ZYU!YvGq*6%of@kuA?}+9S zgGurP!1MZOB5}PU?rAAtq{ViYWqPT1?8a@rwTi61Yzc@^6bok9A~Oh;r>87wrnRGG z!@e^-a3sGkQKeyc=sn$9aE~vcx~KCJU=Q)vlddMv5!&wsS<$^Fh$B#z$ zy(d5s1?I>Z*Q;d1t`xqC+Ct4PNWuPToBcJb9K<|HD~bN57$0?4f|fpE1sTL3Bia3c z{kpbvvw`t2>dlueKE~*3Xy7Xea~oT4v#BNf7nDQX)_WegpP6jk2*pqwcTM{|L$Ume zEH{uqiUoo^Y5{?KM`C@9bM2|uoPb$XCPT&p9|{J{@iC&a<54*E1o{&R^RyQk0ioA( z+aFrPQ9)tG*HXyNuF5e;_vX3hoC?=gSL3a{o8t_`O<;po5DXvS81QZh-K&TSrF(`S z6+%jE4yK7CHOV+kOU82Liq>GMbJ4mHqS?>asTwq0!*CoPiYVjtI#`m*u}ee_Xqk&gq6Hd z5D77k05|B1r{bTvPfl6Znd08RGK6$3;l$0XlDn0>YHeky&N6}E@owll<- zpbx^4B*PH>P&tDOQn=pk6CwaYFjxsp`^qZHWhVs_rZa9c$MZ8TC8r3Nd+hsPIjINp z8n<_gt5f%1-_9aNIOLbfJ;ZT0bFCEf8QX0zNW&YJe$zLnmJuQdX_zodb%cY3$|)eE zAfZC4meSTGXk=(%&pO)(V_ee#<-}~L5fS9yI1&hPoJka~+qXrk8_cAMAu?|_=_jF) z-g{|SL%}#}QH&L*VK)@GUrrAgA}A#0$$h6^sJ@@h1c)PzYqd1Oa(DsZz4Y3l#J(zE;Rol4Szin8!*Z27e0mhY{DmdE+c zMbqsA2*aIXMndg09g&_KxS}|DizUQm6Rh9T0;90$&b>rG=kO815!K3-%E!>-&996W zljTq6On}=jl`X&-!)N)Av$LKqFViF7rr)jK{oGd|vCuK8*Dv?&v$(DVO)#LlCYUVK z?UUA;eXe27M`=80071c%_4Z+{sESAh9AFg@W>==xY{NtB3!Tx+m08FxEWJA0lz zqx-s+-L+s&(|kcUGMj0dn!i0;p;l)`(*>Kjy+Y? zfeE!Py01cgC<5ci!|5h{s;XzsV(Cn4L5A#CB?}OhzsR}$E*~vXC|j*EOR6Bf>s88{ zD(85$05Eds1VfV8g-tZZc*)2UB?qMiBNK?TBL*z>NLq0esqpi7A_yA6)TBOi4{dZb z>o>PU5Hzh$YHN0xm9BQbD`i*cPThX^_qd7K>%w!(ilvc={o&;plsup4#uI;{ZkkPi z92yS)b#&okjbXoa=yw>KHEZFW?F`M40Xx7>jWcyt>w@`FzLYJ;hh zY*HsFmc1q%hv@}f8g;(&rpl-;`eF?_s-m^Zkm(u%7#o|wSs1am90B$Gwen=GcaOUY zVE9?-*aUKF{-9x=4@nZW?}lSkcDLk=Cz^#`{DY7_xXrpf?a0V}7jiBWIih#w-02HD zZu)-bjunrt%}ckp8Eh`03f=`fBjO1(MHv6AtE(0K)HL-FgYHs;bPl zHgbHhy8^Vw!?uD!P13_fW<~kLZm;c~vZKSppx~?}WMl5Mi+p*4en`z!KnINQ zE^dHXiRhQ@e&vOS^4$YheLm|ifUjrHz@GH&&S#+ybt(Y~`ODrtHg<&n7++zQEdiqC zW+7}3lnLFCHQtp3O`e4~e|Js_=?MgOQzExg^bU#2nKqyF~~pa z=IXw!it#aZdmKNXbO_1FH8#uiv@{Qq=|as%x=&Ay;y|9luDRNR4^73(>gQmaSK!;! zpX0Rq?IPfD*N09nuqypQIfS0+OoHzd>V#SJ1%-;7pNiQes1oBn{l(+J%k1y zZB@DUck_Daw>6B6U9Q$xkiOz)HOs^aG1PZy=Xo7|)GHISOzBm-zq)>T{8ZD7&?%Fx z>ZeV@nIG7mx5r||y_nvb`mvy|U>M=HM2pNsFYC$5Mrm(h-i^6?Cxfio|Bqf)RN_@n zFb`+6e3QicmPS+48KV^&n0xCI?m-4nBP)d(s1}-AYP#nu)cn_oZFJ8Bg{j02Kj~ef zKaQ|)b+9H%Oa^}N*0cZ9JV~bb3F`TGd`-RoAOJ#U!EB~lZ+7Be{mKbLnvBx#=hC%9 zefCoC(OI|p0v;h-T_RUZh{{dZ>4D7_(2!D4BJdd^aWO#^gAZ5c;Dja!HH2yT#XNKjgA1;_o)8S#paKZ09GO~2f#U8tKZijBzbj^}-z zqcfs1toPDYU)EFeRC9~0QSXNim#psIH%4-};u;?SJb*@2@|A8;x@zh7P1G~*s5bKr50qbeMHyHVe zN7BSE&_BA>56S3S%7L(cSW-15_vWV38H$BrtZ&HP%weU>308U5XcczakC}0?h`Smm zM^M6K;GPly;o|iTt<4zKdCJFf2F){+gD{?Gl!!4U+J&utzvXEc%_KZb5PyC^is<7> zdZh(^FE-!D4_gDZ*?yLwzWWBS{0|6_iq`e&Aankc5x^Ri%5#gB4gqs}=EsJCuJ@yVNTsJE;*`G`POQiK{IVWUsz3dGJF401q9$b@#BvqboP6JhhTU-~Nn3lif`v%w ze+-z`L4HWzNPqE3v*a68^qv<|jLvcoG#+!d4Tb+#<&CBmQ1Upig}Ra->YfewXUpc z3M18xbjVI>xM?W7aCS&yT~xy`5APY^3f%ph>eYEtV zR(PBTjWy*&TUeNcX1k>`VGl#8mGp5pF2x*Odxc9lyfR+RRNU;G#-ztX_Jih<*-*3Q z>%usY+^WzT`nO^IUrh+LtkR*RpV47F1Kv61vE-=?4K4Vv-FtPQ7 z2JeV6diKSm?A3iv18*|9lUG(~2&a7Tau8$uOQyMAKb9*SG}$z9hNyd4IW?^_!Pm-o zB4Dy^EG-m3!)w#rp;5RNuwD(#^{lK=)G7ndHdN{(DZD- zW1sJwIN(Gs!??isHK;0VYqt_L=vti>fs$TRQqQ7k2a|?uw!XGm4BG?JwA1uH(0;C< z!`fnI%KCI;asKx+*|xdj0*dLFWzpcJyIf!qvU#n7cjlBKHbgm@i~uoVepb2G5GM6| ztmzw&SuFT$sTeoPgN8QxrN$wx6|Tw9kVlnfGCft_5>Aq-Z>RBu|MP2j`A}w-9ae+f zgc`tOg~uK~K|`_}!1-1)G@-8UHdUaE9vVlLviaWEL+|&u=K6-VzScd3Ry;M&{w7h2 z2!az$!{%<8qmZA>=~1*3{O63WFrJLp9}EzHBiG7uQ1P|-t)t?h3xTkyxkf(Is#w58LVUAmct`K2q3gAXRY&U zXZ7oJx6k3auqQCU*{%NgEX}u9GlZ90kXz`4&>%aPkl=ATprGm?l{K2wxZ#_Pp>-|j z>$Bk&ik;^ORJX8?{(;mLXru~rS};_mYHM*J<^>B{ogq7pju5&#(<);{5W@~rIHiD^ zU-#_^^az;Uwv1^DNoPm%d|_yPnG+z##5}c#XMx%FzRqY zRDW<(@l~@^#cXH^DoVV--p3;$oV9BtE^ij;_#v>&xBl zdHYY{Q=C($m=rp)&wWqJZuIH|=tJS`8-Hz((PhiM-kak#>M^E6SkC3;g#|B?^ zsV!$4FkRu7%W9)8fZ6+UGK+Ic^~Z>Ohci+3_e3p_1X-chu;s$(ddDvC`QzZ?dwut_ zA*QS4Ufw~$f5NhqdD~Z)a$nqt0A&7w!Jc6-QI`A!dHDP0-!&aS4_7vi zc!!!vYc_bkrcG^!fGifK3K=MKLq4aQlQwtWQU zMW5*2HW=)Hc3`VxQIZ=HL9H1aS>L-rg)+O`h}LxJlCk0BFis=#mUwt*4O>-xB;psn zw&NBigc2yS!Sj(EPN8LroI5#dDE)Qwl4jsXqQ@t(Col|x<(Ug=98xYC!r>7TMGvre)vYnyc=ImvXi_~O(HV(Ph zPLqUv(x%=VE}^Kjs9I)bICYu?)wKY3R?YNN3ii)3mNrhZNMK)6vSn+>>3x-t3$AJd z{#oac5-UDysGX}dCOYm1(o40)+f|&62#)^!P{rPe8#f0`1%FbdXvR) zY={c7-l1soW4&FOaXs*E&bdCAipt{Ril2Il=xWe?9xY1`N#bk4M-dKfJN&&E%D14c zVF)2JY1fUcji5a!ub%zepVrOKB!548wQJT)YUnaT_a{h2uHCg&w)t6G>4zvFW_pC) z_kQ_id<&D;%h7WVxQIR3qzrhj-Pf+}X2gUkE1;Sr`{ zMH8hn-#^4YcBChyhAgL`508`nKF>Y-ie!M0_H z8pFQ1tyvuYXcMe#M)>57ZEl0{vZ1Iyb_|`;tTo7d&<`1F$!u$J7&Ui|kDo~@plsK+ z$mBFC{cLgIp1xQp#E#iJCz=oCYUf3)`A6u=Lrg8lL+kSy8;u z^b6Oy2hStN2=0)sBlxZsT_#h~=gelCWNxEr2=IG?2)86b}-M;Ma zZH=!**_Qu33YDN_N>YX`=xyYww-JZ~t?`CUtnE#+YkH577-|1JcMVQVl=!D$&Xq0{ zfzjtO=5(CbWhCq$6A94)x@+n4IxhYeWmUZ(N*eSh)fQbbBPl622#WyV1-TdbzsN`are7mk~AvyJ`#^(jXfa(l6P2j}68(p7k|{@3bIx!nyJBsu?`5_A(V!)BqIrKCc`&C!!6yv1V91 zuH!9SN~56G#M`Ht;OGzdbK_j-mJZNxiW@o>+!64gc~_ z)|5YHMUZSkrqIml-u`@aUeH+aaCfM_DJaKwe-BJ6MUNVBioUZ(I93Hcn+~kqvcr1^ zE=^!3ynl=J497yM(9C(*49=2T{RMP#|7EL*D8E1KDPtM)g9tSe1r8DqfkLWv!>(Z? zqY7FSSrr1JI>DXPVJPho=Gf6(%t6;(ecG(^b{o>~UtaF<1#2qL4y;Mh>aB%Vi6OoB zRPJF(5lzj$0IU9JX z3i##z8k+0rP;LdG+@m>ni~-aQsR5D_@FgUNLkGPn93=y|MEf{1zBQZ z4*}G!G}_GcJVqe#P$FQH9_08Y!8&!oiAk|RUm^q+Q0VE^DoT&ha26JW(y07PirV;3 zv*Zo4Oi3QQIBjy5ndFW50z=F$1QmBwpwdHWBtO-Z^%C?<@t;xVMtPuk5ASD!rHKTJBMh`so;QHK2d!)lxMlYZ0keUI-CmzwUp?u0g}LR^ z-6DbnQaDJrsV9Mu=w5{BLUl=I%copbdCG`BIrFL9vgItkBtmtcfgYRS9a*w-Az%I5Fb0wMCv?fU7W2N#n z+y8i^*hhC>GDjZTIc#`@R`9#x?>yWX36)G1`B>G;pjXzv3f7?*&=r;3IpPR6oV?`O z-9>_W{2a_qoWXp{>apwR@m=NYgl~Wv6`&=nOg;s}Rf!n~j)zsDjfx`yi+s4=@ zTVSq;ykrVmcjAe_RLT;vVwDIeFl6p5fq(A?TG@J^^k6*^E34NwFs{}1phvMzK}b!1Pc;1$+{@ld!i_QZuvhDx*{TBFnJN%J?&OU)d_sg}DpTNT<(+}Y1N1F4OBheuc zX9w8o+X4RZ`Xh8FjOt3LQyR$>hs29PtADML;L8*?K!^Q@iNByY*gP_&9Qzhjo#X>fPb=gckz1S(hxOaTqP=Sv2pb_+wT6_Qx+gK&pMt`RnJ zz*#0k;YA9J;iakC#mK0%V5O&ZF8M?s8qXj!rxmS}+jmMm4Mt>-ya+D3oUI9n%GcAUlm# z?!0`(htyQ<4HQT8?qFnV^=oVB89MUa;FUe1R2xusb%wbmuFa9efljqtsF$@r!HuU^ z_~y9hrUsmIN0B0359mkvo2$0>NnlNLP4#4k+LH=dUMhc^JU2kWWzdoIH6bJ& zutFLzeRpHTqagGp=xwe*afU%Gcs&hY*wi>s?0Nm=ix{A<@QIO|3qntgU=fGKfr3dk zK6ZmkPPJgBWV*o#S$OUsn0@6IJpc!bW*6BZw;$*stKGveW*s|7A+Ptp>Vh0F;-=b` z^vYKFyE8;)O6AX*eZ(VoBa!x>6XDXU0tLP(Tb@jLWw7i&ToKb1+OQtyls|)4v`mC6 zhI7ckbH|H=#+ukCm5yQh8%ku79bbmzpxnXL!b>LA$Tuqb%3jLRv@`{Da!L}h^GheU z5L54%S9;>`g{vg7JJnrFyVxF{~V1+=r&`%s{{n zuT~sge?S$8r*NXVxE9UKQX@_FmFj`)b$Dsnf5xd&t9R=YTDC^K^1xJ!-u&`@?1;dU zBWUZIh((TQa=cKIZ1L~Jsf%6#@7=X^Dv0BzYGmIyyoNeBM7LsYFNBmBo$QzmE(%L8 zUq*d(-wYf}(eDF#rEX^|iu}zToWHW_uo!=|6B zh7SmS#0JnTURX%&uk5Slk|7*SqA5YM8|NsCWG`NjAJ>7tP`UO_E)GHXyfa3Rua|7z zE3u4yhT|RKEaFJ4ros$c&y{7Fs5q0n$n0twvQYb$!L{H5j zE7?i#LI&7jD`EWqAJba7C=$A4sbWiy^RsRLY!eCkzZA#j&3u@%&(F=2eF3nOgHl3A zs3g{7JJy)ccxVsd)2fEk?CgbqMw+?sy3-oNLal7w>KF1*GRAPqcL;3%bjUS?7AAJ$ zo8K-0-EVRj8I!cLG>W>2g7q6!A#r|7UTSMt7NTe~n{JD`d_C*`u`~hgr6$97$~m*` zr#HlIj2un>a%1Ug`YC1mr?$bC)nhd4OV>W08*~DVtZh!C{~-!g&|Tw-_tyOgcK?o! zV^}re|9s(P5XH*q%iB9Y{%-9SOd-HuaQWd1mD8OaJk4u-zjBH|_sNxYj-bOhXQK)G zI_LGQj&r?&xS7q_pt2vq*-&^{qyBCZD?zLU(A9o6`B6nYQ*gkb*ry#2wjwTJQ$oa{ z8kbcr5vN{=b*2QbUKWn$#&tGB)?X6PrPD;Klo5ri15#=P(#ISHdy-(9FLOKLdf47#d@0_sLlu93?eb>TEPv&Vzo@E4Py|A8 z`c5309M>N=oZS<=5R#ct+&uYaTnU_H#}rgb#D29=g%FDI5`Jnj1eAM8m|bQh7nlzs z7}97LoZPuR2?ASVup_w!B#q2FH3f=A6mP?;?fGZr^XKK#lY!}m(&ZWc)$)@Dt8x|A z(y4DJ6oM}fIwbO?-5nQp@ilxf2m;f5WsbGW?_y%~r3`Q5*`mj|$9r9i#{O4~dNKD5 zxX>eXX0m^!o`g|3QNkb*riJV&;Xx$>q+tcKRA3PV97=%6Jo+gBq9_hqhUVf~-1t>X z;fOJ>JoBWdxW8(|r(qDYLG6|ncOCQoksad_?+iOJGw5%tOs?-Z@=Z&1{8_a)c9+z_ zAcBeT=iLwu_ljtZ(>ejhw^jyqXPrD7!ve7sB8%Xf?>0mm$~z>otN`_-;LKPlp-*Da z?@XYFE`UsBhX9|?&?Z7I$xH^vqU&$=M82U8lX{c_g5LK!`F;gA{k0oxe?w?~7g!~< za80vPq2xe=r&!i19AS@AW*%H1NvjM>`D5yl8%>D--!NdF6-v(yt_-H(_*KZX z6zJc&==IARp=RsEu-c$+HL`y$S||HedhETr&bGeRv1^8^mPm$=cDG&X_NC?Uj44;={Q&~n6^Fqj=ztuDDGeb26E-OAecz5+iIhv+KZ3># z$UUIP=T zE1)hhZylw6Nn%g(3hXk?(Mu8OL$$F{cy8&%?GDimrZT+JOEM3 ztlCD8dA*7xD-h<`)+~J6(5O6qD3m$VK{q1G&v5z*+@EETKS4#cZyc=l2#&QuKIL#i z+s|N(0RfL;7br8#_dmY;qgUSU++Qi0mEa&F`V(k_^O&O+*y$blJScPM>@{%Tx#}Q` z;YJFas;>=PshWNPRg;CA#=(^cfzMeVcN~(ftifzy%r%!qY#Ox5 zpHTRCFx0wAfsfjMy(=-d_QIg(i&}b7s$ZbvP@R0vDkriwOwTbytWfwr@_n(;LOmK^ zmO8b5^<>bT;1AVx3>**`$|&-D808B4Y5IfiA1KzOCk$0NfC9!-EKGVx;gPKOr3>kM zZU>6EYbi2Ka-FDt7d)`EIV;WL*8Ei%j5jTaUlP1@Iqc^meQ88I|Ec*op6p3=!}Xu~%tJHt9k?TQ*&|+AT-#8G%^v^eVk_DzjTdR+!K9yckv4V6I*C4|4))v` z)4quI`DT-C#E|0|llLeSO{d$fLv;nb>76S&Jn6JMx96u09^RYM?sAGN%YK(1B=Y}U zX+~q(3Nz=1PZEzQ``~?cWiI6rM_G81JMeXB7ueZlm)&<`e}|opUK$r$u50F8{4Iu! zADhyemJp^scH&!Qe{^kEWQo-!$SAW8-C%`0F!H}S$!^eb#GXGpM zPyb1>bj+=|9(w zb0~8yV^(c~Vryh+YiZIj_>O5hFQqhJNeHf=9Bm`4f5F|ze5sy6=F0|tUYU4jGzq9HE>}*`L_D{2VAm|SGCTQYkh+o*`wI4TouHVuZ zl#vUjB+m_-!1>0os`Y-@9mNpEyKU)c&}uTUPDYs!ggDg;>x6xb-5&jtg|P7p#V`S@ zCsrAM;Kdb{FsX{OdOeiWnq_*QEoLPc59*0qkW^S<>9bN#=HmZI_nzxM21Ka=cg|$< z1d%15XM6P&>l1{BD03m^KOL!wb*tn56Y@ue2~n?@eo<4U4}d@$r~V0%uEN&GZm22K zz`{FU(l%lXfmH?+B$$emZ{uH~LD;?fi!@hk!Wy~QQ|F;w{S&&pyux=YUVnJ@=3V79 zK)Hq7zdhcCI1eY#bt^|efDPBrQf7m zPpgfHCm95V zA1h7ewS*gpoQodoe%?kE-Y^eSY z?ydn)bbMmpY^kxg62SJK%I_^(wWdO~m&W(dWiKajE#uZ!{r`yjVFJ%CWfZr1=f$Lh z0NWh9Nldb>yI?!r4k7mcMb_V;8&F zL?j>RO##9r3bvT;=_Lqm_+S6ay~_p59WlV&z~Wr=a_w^BTq?F1EvEN>%lWdb15KR& zJfG^+Ovat6CCH6W&D>n3L|gu&!=Ka-u>M_EoB#Ko&i7f4@5K)KH^aa*Y>wYK5z$m2 zQicjAVv??OUQ<6JD;-%QzMa!dx4@ zbtv&&jauKoomPXtxiHDJnnTse$KuDRlnZ}EstwRvxQhNqZ8x1y;--VmpAIQwHx2XB ztZe(UQ`bcUv1Px=;wR%o995e2@MCd-+ArtcDKs5ZRQ%NK(=@b1*DR$o+ljzmmT^#_ zEjP(V^F%)R-;=l`#%7w?jWf6{VV)om_TnSwYFz(->-b^A}+i56P_KXQ78@&A_7 zvCr_oeyl`ZUKyKh6~6F<0BH%P!U#2kVx{MahqbP3O0XD_kKGIzt&` zJfQl5zwf?J&wbHg5^=#~Qj%u<{PM>CS}Q{)`n6yIjl7?drYU}KQ60AS;_?QhSICwF^C7hlb(agOINb$3XY#_Hay8NG__oe#&y zw-=+N>ZQZ4q)F3iss$V69<|)|;j*bl*AzLa&?6?^9`AQ=mxpP_>ukogy|dS)wXw&H zik)r!Y~3yapSJZzB@4CAR?&wCQ+$_qwQc=Rqygv##y?dph;Q4l&K2$p5FLLWUT>$~}v$I=!H*D(o*39ZJj- z^O~BBz74_jFm$8@Q0L^$u8>8qf%fvZpNK<+SM{2X#zhy`1In7tnxr-n$ykkJ7|Y>< zLsgIJ5sJr}lz`Dy$n4>y+3FUQj5stw8a-2XD3^>0p)()qgvS^3mLo5EgPq{A)`qE) zXuGu4_QbgNp#95aG&aT?d?_U3l*A|nMLt^}t^4z#g%uo3Lhk+#lA-QB6^ zE!&sm--M3x!`{U1)d~JPD3n8Eg(=Ku6WdH>)UCoy{pk0yS#~xu?s+ZjW}6{X0!KEz z*VA0|z2DFje4u$LQj_YL&%j}cGs-iStN>|Tr>lp?;iwIJRh`xv_%@!6$$$^k$tDPc zvNYTDuOw^TZZuNME`%r>DKXX0u6Y~Ynpwl-M`4l;Ty2GRF zkS~vr`@G5%d~3yrhkB#OlbsaC$2lS$75J+21>rkgD;-g@WK_mQ1L~j;FVX*EZi*x9CTLmN;*$Yiu4?xrd(mM$hB%9rl?TOFA9gK;ZDc{jj!~gxC6x~Po=O; zz*d2xKys8NqBycxRKV50FeWZb;IMG$sDIEDj$~SzHm>{tv=`z66PHd=F5_n?Uf`BV3#yByE?dsaa~Lj*Ew4O$AMyp=PtRZEQ{Nnm z%j|s3O!ph=#_yhb7Spes_;I&Y=F2HrJF}AdlA5~JoAIblu8jVqY@wH8x#R2F)K7`~ zOuPh%NuC!MBs*CnQC{`lXqy~3d`K{`;v=vqB_GI~?oSuFocZ*nBLgZ2vQ#N9zZrOI zV62TFNi^m4^~z}NgmW)I4bq>Px|U}BLSZ(fOsm+g`Gy{#yeq}3w7j|p#s8Q>dVgPN zqRZByRaDKPmrS|#d;fG|(nt{{DK~2Qr-kmaNR2w3uwZ`BJaNS~ZOMn&hjXPT6_Wo} zd(h0qmMiU^l%bD2frNy=#H2sqn@Wjv*Lpq!;ZF`aFBQ_Jub);@bOAB5KHI&8@HFpR zv6&c|$^Lce->yyo{EMmD`1QP_b|drM7R~TiaYs`Z-l59ad8E^l!jYJ`ruyO5P`2Wz zRe6;MiU=>O1K^S1JSm>mKVq&F8}_G(Lm_;s2V<}DoR%ua#iDB!7y#^l_kc=UgLJBL zDZ~inf$nDH=@{dqe5TpRwQylS|D8&zrUJ<`N3-8}p4!w*tEo1dTV@SDf`<1?Y= z^}G32gJoMz0;PA0LXkP2T27W-hYkC4@$|Lf6&+}7MA4;7hNZ_&HKgcH+h;=@MSzRBExWKt#&@ZT zA*Wup%rO&VD!o}#SU#l>`w<7%&W6rAx+d9*5p3tltY)dwD-aDoAPUVTGh-x4Y0p#25ki629gRMYy@&Na~Tm6?oFsOL92afWmarNUvqNB^bfRVVimDX=2fc8`6mI zArjmpf=C08sQf5hh_J!y^}yGGc^Bxr*>H==ki$R5m94ExPr5PIg}tu6we-H{5yMK5UCMMK+szi91yQ z7qkVlFa?4}g|hkd1lDE1>|qPY3ar0Ql!b2viY~T#J{#idxUKo$cyOGi;yKf4y8I9O zRLnzk6IR@Zs6RcUzy)L<^mQ{Ewy~-iz&Xyo5vAY0gDCYMzc)N+;O)@<_HZOK4PS`Y z@3e7+R)9Tg3ZvUt+^NBJX$r3pl8&M|(Yki2?CY1Me123>Ukx8NT|r3I#i`y7iWPrT zCWC8E8$Lcf+mv;|e0E`hfA5*amY&ejYEy9~&hQV?xcC!8uHA9JFE2e_TAZgS^tJ$> zqgYzNY8CnUCiMGFDvr=a)-O@TYWl&+BOQgP3lxOlGHQ1=+Z>Ysq+U0e(WJfEMjV_; zWQ|QDdC)$MW2hqppRqRkuzq*@GJ_UxexG~7TyV6I`d3*Un>WtRV#pjGQeg4bgTNshgMtkiE8iD-p4NM5&tMB5#;N0`&iIm}!E;Wu)^th##mWMvjBdDdoH&MHV z6!vT5cH?Rx6`<6b+pOl;P%tpRC^Lu{fHS&dHN}omQ@_1!d~~dK2?l3vZ4b1*2C3MK z8R`kKvx|4XMK#>i7ta{W<-4J;W=<%xz6mj49AY*Eu0PPIe)t~rR0b=+s)PA@*S7wq ziq7Vt=+N6#2S4}&FR{t4#xKYo=SbTL#H0B(b4PWB5dnZ#s7^$0Za?$>X#IxLLGJI% z{F%LrBW;QR6#HazUn+gMe^ogQ687)N>U73{#P|%&9exMF8LSTkbU&E(G|*OR3_nJp z5W@xYVsvSB%7|UZOicPKB6EMu0Waw4+qq*`s5TfG=L9r2b*CRmN1hq<4iAheW{eM1 z32b-_Z1R|S#3ITB-Yj}4eoTAQQu@Top#t{-P;PE|abBjY2%hY^&6Ck{BGe>-@6EZC zIOczsWI>8NK2lD{tU1%+Td1EnvV1{E&+8tx4{l%)g&v*oKBI@>a-giptdG@RPtiH# z3kYSWbnLF-L8F*+$duayyu#rTT)f$7Zq?O6MU_mElu^?)(a-;5(|=H96UCfr36m9a z#o9NZ6sF=MJ`+Ytv{lm;QY*iTS-P^Nhj%=4sCt`P>Y}ew(|VdVf#zFK$6rXPGQJ~d zZ=-eyfOluoLOZMmY=Wy@C*D%~W}0Em^&Fn*()f z>|ylec|(2g@iTgF2gd}`)_7{tt=e7vtEgnu?e^xo(mEu3DA``+qMANmIN|=ra!-_%~croIfS&P`6V4jK%>Q?QY z-@q&_h#kchd-GGRFccN|>T>LtACYki=C%XS77mkv78Vxs$>ilqXVen^G4af%_}8CV zDfBE|tgU1WUh+*n`^EnevVm)d{=Oc#M$E?e?8)Kvdwcw{!;RI)qgnmpXeGlHnPI|L ziS9d5hux;hIf!_z^Knym=0y0zW!xK~h;DTb#)D`#Z0C;3Fd%iA2bX0P2!`QYX+QlJ zZuG)7*~&2z{&s*<7DbJ&Mi+J;#D1MI8syIiCF z>cPaS2;WTsTeE1V6+lg>N3`~9d1Uct_w@?IQnXA*yq9f4H3P%olz4MISSS9ezlc%w zs&)Hm?LCLlicfK7kkYgzaWhwlfm9nCNL0|qT*6U#08x*QQ}p<=R!)VR=!(iUHQrFk z{5B9%EMT}Iu2Lw%Tle5V0MpU&yXL*#1pNCTmMZ0#TaV6QapwD2f%flt?lSQ&{dxgr z$ywjvc>?Vrw9f2rzo(D2dy?<(m)-Z8k8d@C5jBRz&9>8rEV~ab5m5YC3nJy)U$4O% za~ToUd&zsc%B;vz#`URrh56`BUP-5OKy{B3AiHdUUdwA~Cl&pzr*b~vV|_U#YT7fc z#qlQe*O?VPT;&@s0HCqfG<*e_lP*%PXp2#dY|K8fU<&f3XfdNPXKWP(N^EQ&l96YOPL#wE@-O!LZ4gs5A6jUJ`rH6&f8AS&yL3D;fLQ=&{4DVpHXy0$P?n6BcW zkd1U6@sd?lsKLQB@x{Tn2Uxg%P^4^Tj4QA>b}ilAn-jyzXj8_b`aEYASu0mXvC4U9 zznd5JU+)_CG0HhA<Q%|ZdzL6&Qg*I_vJ?R ztJZG7Q}?^bpJz1#*HD*4sQg3|xrhY?#XGM1c5JKJuj}Xhgfpo8OTe1j z2R7@{K~(E_d^D7$ra-$Nl7z!{Dsw+e$bc1H$W%j{E)Y2ZVtut|5$PSq7Hq`psMDFKJ9fSLaj0*~b)<`+rpG zQdyLu6plHoK?$aQj3_wV@-b;_#9s%oq#3@+7W424dz5{Ie%8ndxS65`37-MmGS-=i z@_odoQ@ddo*TMEgs2KjXIpj>H%KaVFfK;Y0Kig5>e`rrZ8U(q&A5WjFIeq~z6ZuSf z!@2=cg339t0Q0bS1ge76cF=acN~~Pwy`EZJfH^nlb($-hx?Y(H_8UT7wh-UCv=t;N z8LY53kolLFsT)0}j4G?*NK2+p`j*Lwrd^g6HIl(o|Doi@(u*CbRG<8HRSf{U7H~+nU^=pioHb8*_T~*Q+ zF@2pe@#d=K++=*4;*-6Cr3W)()>rktdvR4YDpJ{4V8a$A-Iw+EKyr_n!|zGi^vek@ zOzpP88Aj*1v}QG|TfJ=iFyza5cxmvQBd%Csjg0cAb5nroO9a$_q%hXVfjZfpl;&%) zzH}7b4;_b_YRH(|=x@TH%U^-1tN>c+=ajBrJtmT#Gl)h`e$<9=ut>#$;28e(rxR=B zlv3ChcGhfX8MJM7h`U#v#fx#KMxU^U+t1JQ=`MxPhc~%`Gy<|=cxkoy9qAR_NK%0{#c8lYy8#OED*(L zAHUnYsTRwbJR$>a)w)-&1(pKA{9x0iuQVG?Q!XKjHm!M8dW8NM6KZ##7zTT zCg(m1LnJvw&T`6(tGm_x9`N3vp0d)jlz&AK0DTsC)!&Wa8p>@C3Ga)mlhfttcY8eY zY&TP_*NvU2|GnIbwi@Wb)uze&*|&oVCJ$BRXV7cpOJGSL&U{o zK)3O(AG~@aau!Ujk1%jQ(K4g{`}*VV>NOre`)5)?mQGLG+vVrc+S2<%N`)+K zk}Gtiw5YuP@?EGB;6?j9Wz zjNJ{E;{&VKhrjWIFyIQVNP12Nlkdr!qm0wvXNEL4;~x~40^JyDds4?1Q}St8#iXb;rN*wE`50AO}=h}6PENlQclc}myj1zV=h*j!F`+K5X9y$oBQd|~#> z_ip@MYfUyec$`IDft7%=X56W2QdPfiaYFF$AH#er%KD?45o$b*U!8joPH_9wQSL)` zA~fBHlDFnBXlt9}B50gt`}LRPzgaufqG>9N3Q}ViAUkAr_`*I>cCe z5ltdL0F*9U*v_hw0Fy(Y{|A6p6KeT?qtfNV1?$l;f5R=$`iqR8l$nDw{}52X$eBg- zlJS75Ls|pJ;nlby!eNfV)*m1(P4-t;jlIxY={lJ?fFQP;s@l>H?e)V-Pg+gAO0+nr z>eJwj``1iT?il_OswwDhN zJZ*lc#x|dVT6Q+;^*~IXNDAZG#r)Tp?U)a1f||=8VS5%f|3dAo^;4=RJk(dt;V$`C+wx(oX;S z6yQ|DWX2``+>hkB#OCnXX$=h##W(w-Vc{2euc)pPOoL-a)Z%7MuOlK*l$$)t zrdgIMA?q!(ySHSSqeajqu)>8}4kOLP*cgrfU^gY(kb{N|}A z22$V#iPY5zA1;U=@e~@ZXa#grw#3<$xc?EJUf_vjmQFzz~rCJ8Z-er_$YYO%?SBW4)dAG zCg1-qaXW}U{1J>k`|gdtYDRVhzHq+%aA!v97m{MzR?80gFBTY_py4FRY5^SQ1i_B? zrS_jG-3!&Jv3EO^DBmaeZ{6pI^bf8Vf8*@b+0C<>%i^-og?YWgiqL4H>D)YnpkQ%JSnA3xq-f5a#k04&=aN{J!tM$M({4( zZ7#aHN2;y^tbM{czwdx^PL{; ziN4-bf}xVhg1}&t%F+{-=epD2wcG}c1KX$rF57zxDo?d7=7dF6wzrM0Jo9nClpC@` z*^b(52J&9;PDDL$;%?W*?@_Oog997P;AWB96Me)4j;p?>ivl_RDrsA?yb77$7H-VG zd_)c=x?kGvdpm;mq4Wy6>$6<`C&m2SOIL4nm6*-jvH~_e?L6I`(F{~a+1)8kc@#34FEi=2XSJN_Xl6eiqiX+xhG0b>;S9{dRQjYHeIvN)(~vG%V$zH%=nucg zTzQ$feh^ruem6pb2cBD}<(6fHR9;irO5+e!OFNpEQVpSFL}X#af(;om(E-*Oc#7XZMzaYzS3Rt zzWMR&__xFvv6%0EJVd#?QIq@qHr_rvfa>#6jfwB^<8R^Ki}m}~&%)2?<_65X^f1f{k?z5d)5W>}g$mxICMNoW$dv^6WbMK_O@u+u% zVu%_v0x>25tV@i2M&JZxfh9nU1(gzkigdwi#&*Bmh^N5Bre`W1pU{ zudm_d7bua!KhH?JFT;nvGTABTi~EhnI#p-kPei=MyKH8|FRN^ z`EOEMineX|JAX+r8Ts5)V1btvNmI8CAcH8R+mUb&GeIyD6a*9hrIWz`@#PnT`#V49 zO(!m=bfuxY96)UXMB(V_>FMf>>a#mdkwxj~ZjMBYhyY#6&;WT=;?Aquz>ph_{QDM! zDNz`v?LrSp%3fq_vNFZD1Zdt53E)J54HCRtz5I8aEblKXwTd z`e`TY0g-xdwH63SJoNFx>u9KfK&)o>47KpPQEf!_Q3uhCB7y{o=L^@t&fPM8w(ZKP zd2i-l3sk_tmONGV(b1!rOfzdA9EE-0pPq%egQ_@V12|MBVWXBaQuQaqg~r(q_l4Nm zt*`2B9_&R+{P1IRlwX3qAaW}2oXoQ<>_aJNiVv||W~rphXAgogjGPyQUnk#Z4=SMY zZ?W%?`zuGXuTHdBJnw#WI3Hp+a||Ypo3DnGE z71XMb8iL5!Bno?^LjNw96OHZpuDL9HhLteg05M?!LJL~ zuw1yDq@O6VP{tq`?DPs+ncP)632JNjLr5m?XD?uW8yzA$oY3ObP&)&k1YCxe5|Hs+ z%dpF4aGjwSQ_SY$VmBxP|5xq!u*zVtIV_VuAUUif@!=N%b2?d)sjO%_;RSz7he;As z^O>;+uo69+cN5;V06@aej~p#cYh%k9?R;HR^txBlQ!PFj0?rO|e}8(-jHj5R4noq{ z!6G0$+lJnz`7k;YlKG`{GVG4hv0X=O{;V_fnGaCFfcG`sWqKOkTgQp7HV$j3O}VX> z`>PI6#HiX_GSek~2ZYO(SJPS_pUI&^@+rF6g*<38 z$rxhR*yctwc)5+GS*06@@MipDWRnqUPyRD1k(_i3A_~1$bL~FT>1}u`g=n}y29I^A zmtO0k?={-d9fWVzrN+KE*ugX>Dh*|k_IR-c^I>RFI#ZN0&BQi#zmzXef~ZIn)uI2q z-=I(`D60XHI$xvy_!j5FKevI&4C6MX_7&7qg5zA~3;qse9uesx{4CLd3Onw1uSBBZ zIF9b9?q>XfOh6`VDJLd~!GaCKlxKp^zsw7mR!1Ls26uCOwR=*i_fKC!9ZT#$i7pZ|uE%xMO==Nud3@SI4CNtz`be$4%H?aP#k50v|G$p|CzEMNcJyW#`Dw|3g4Z zgJ4Jab*`eGt{ImE!4oWx4DJnsI&gm_WdYHEc6W#IY*2WA=QyFrswm#&RaHwQrpfH$EIqrzk7z)(Yaw{4 z1UW*7>_=!x5r2$Pcf&UcCWfzGcMZRV5+nYxd&$ap7nE1f>|k6pYvk)Cvnsmi?!A%65|32 zP8zx-%xUsHpId z6_59mgYX3M^ZUUluuy2v>%Zn&iB^eXRgE*q5f#12eRxG;lZRlIB2$U;&JX>=M6INzaQC z^j<>M8l={5U zW{U6ERMw(Atrr9-4a=RAP)MahXy8`n;9X1NDvR&)fbsM4yvS2mfK0CHXqFX|jTffK z2dqblZdbrXr{A%}waDt&1f)`L;2bp$72nCxI6wqbW@7Uio(86m?_fm&=S=WID)mjfos8me)~}!lE-S=h{`JsULuJK-u}y@ckm*D+Tk5kA4p0~3-V zmdCIt;D7p;^B(=TaAm89Zdjgi+wd%Q3;`YRRwtX5T!V64vrMg9l-EV0f$o&$?zE~d z$f|9yQy(55m1n%bj`d|yLrIJgnPgyn8mp3s`A6A3M;s^XwFm24rE%<)+q)#@TC7R7 z*~(L1HfL8swNu%4N~YWvB{EhVP#!=f8leAkKz(PJ~Il>uFB$=tRPisl#Dr=F_uNylRsjcN?r&le=K-?@%W!i5#t&bjJ6} zumzK&-5ma=Soa@CLUGA9q6JU@!QWuBP+i(Tbw`%aa z2y*^$4r277D50ikB~XqUO&m5@J`Acd8>cYHUXst{m0>nsn)GMQdPDfufHFtZFjGhs zf#wk|@njGsOWkB|qP6ItttpwC`+zc<`Jdc(NEQN>w`~TWHM5Pni;iU@?kvQoM^T zh`#8YDjI9j6cg+Ze#Bghe8AV}{~UsS{}EYcvy;zN(5a>D^hor1NoJPny?IJ8xo0TC z^ZD=L(tOs`AVpye&(M^<1%s-d-US z9s*8IgINb@r6Ci?-qwyCOC;2jge&Soqoe_|0j-th-MgWg#6?TR=q&e!a9jWi8vwup z|7%%M=m4_AsNU8I5FWlE)0`OSgsQpjL^|M^t!uEFi5$N*%>Zs=Q4x*$1NE)YSULr; zfz#XZWMZa)pcZ4|CWbyh+b^UlN!e9B3Q!fIhSa)$sqp{xf8~;juoqyRRdCkWqTISG#YgRZ|JpNIpO#M?aO;{ zsQ`B)M1i~e0P+ZaE?QgsSN}M67tHXrhR2`FH`;yx?hZF9Ye{p=c{OQ-MG#A@yY-Ns z7NBe~MP(z}V>d}G)7>Tmq>Uvi!**i~Y>}?#2%yTH)b!2kzjyF6h`Wcd{bu+DfjqoU zT1vch9h0E|QSKGq-(mou-NVqij{Ax>WWRTlI9`Y}fF-(*Yj9qm1D_$Z2Mm{k_wwR` zyS+H`Ddm%BWcLg455o0d_KFa3@c|K^YW^(|f-h$S6u=0$KdTkR2st1fz`-|LJG*O35IU1CMCg51;b71KD*-L>J~sov}<8fZ?#PdYf(#DlMwwVx@0z$iK`&TVV8r9Odgntsa&}6isl`4M#-i z5c`VoUWyb4J-K^eKCuUoaei&&ChaagdK0x2lvVnxubY*DQPzxhI>#oh_$JUu9Ecsy zmS40R;iFCpA5U8{p3+#5y90*Z(cLv0Y-a8bGQiCoddM*oQMcMDB8;0ZSdmMH4JMwh#><_G=T$g?hwj9(Bu0DYHAB-tRD zMqC;_S6gDVI=Fk8DNC240!?W3?x(wz+?c+WyK<9l1~n9 zao!=Z!F1tv@#ilLhDI=Cj~puZc-_n&szD|8m5dye|6B}DY z-V>BHCmGwVE^GY9rrRFEPb7yJe*+x-;6Up2E{TPd%`ap9A+nP?7weo zK8o;2((>VI(-wathBZ4*V4&BjV5C*+b7B1#fJ02P?Qr@$?Msea-jjLTOjkZy;a$m6 z5Dx8Kl@V`NjtM5tXb6|UJdQdQZaU4uawPQba-n@RMXx?t0d48-+jb;|7fk!si!5v4 z?b{X%Dn}5fzm}Ftk*G*AS{lrnhdb2GK@rr)-n^`JbI1?Wk{)}+cId%#kIPoWG3#1B zLT*3RAn42OoHFb}#8_Knz+w?jLT@S`fwduItzOp_N0MZ>BHGG4fytU8X9IDY%TBk8 zD-vVv4kuJ4`U3pH%`WLJ3o8CnlG!#o-la9zdRel(vY9W7woGztqxsrMJ;|wv68bP# z%t{S)A~|K+Z(QYsMYG=oyiIMbH^3VnL9d?<_C3~*ag%*ftHe83#Y zhjGkl|6#<->kJ&8el}x}W=1Q=$pdY0mU4L7TMm(ewT<&CkxoUzN621#*Jzzu>*~fU zRCF7^kFZ14#2aQHfJ0=g{H1Q@&9C`jgdZE?Kr01;32en?IJqjx3B1&F{;u;6+oe-NE%yS6%C?OH#`szGZr z7C6r%RtXTn7!3eLpB1nav}ps*=1*+Wv@=j_gfUM_Fm?&G5cykekd z#D#v&&Akx4*Z$BMTBgv$lw|>4ZCKts-cdoLx-p!iwWS4KEt!C$(~>zyVZ}j?e@u42 z%a|t6cZ#4GBgTxnzTN{?zcFQMuj>i_+XSMH5y2|&NLdqM6>{?Rh;q;seI3me{wCz? zv*M3(9LFuOF`S`Lj)niO$lK$T84g`6SR0s3RRplinD` zj%gg*{}!$83q%&K2`D8!%$gN9j{r23+ zq491YZwu(Y%nD}H}L;R}KUjWh;G(xuV3FT9UuD>>7^ z)S_Tw48!qc@fJ;~x<@SUg-MPoGq*ibppG1(9IMnhIc`I;sxv9H=N5YKH#1^Qu!`Q0 zsD3y2c{phPs#&g$FIePKmoU>?l2ObynepPM&uJRr#|(wJqnB?rn%yn5*(osG_Xp_{ z4Bzwzo5dG8KW;QX-owjU7)uw1<1G2%f@KNXttv!q3W+j77DlgZuw$hsL9hMJs>*SC z_nl`(?0N0K2OIwJ`l|HNCY%DeiKzk%3B;?rg#)b;GeaMjZVNlf>W97fd3!y-##;I8aFkglEh6dBMQuzpC z!ILb*m*OQ6G_f!ojTk?+snaa$O z@YsXq$gts>r`gcvO)!|#oJizF+@^FAw8>EO$KT~CqP-u>G_~~W>4^TS<#XPf7T3|s zTr7$Gw#P#mlUVt5iFi@j`c*2m>o>usA5V8Y*9;9lW_dfFGB7BqOv{va-`Xd;zPMyw zQfZLqBr>Rjy+ST!RCpk>$GnL(#6XtV7!OOe*I*my?L<-_gPso5L!jTq@ArA2_=?*L zCrVZHhb{$M?qcJ!z?xN|re~GgCh^#6@jPQnSZE-95mZp3BM+S~u34 zrMS1~4MFwZ{m;QJHNjJch04b;?kHvkc`eh=v3DW-uf}fDFruqL6z31ef=SYE8hhZY^FmcDyAjYLtgb!;HhjPQW0FI#?&IwFGrTN!!O%bZC+2oDSOGAF1xWWN^5uirizxtxE5)dUrzPB z@4%8M`A_4fh#KRg)lxl}GDST4BajOE25=*dQe(iPWRX@$FDqbcs>?IT*rX&*2USUb zder)9N~{~q03s64emO#s-OTN^e3&+s29`sBf?k-$oi-J$azSbFJ+u6bqxVN1%gDYz^_#h62zc~ghM$DTHvkXIn{K}6uOI!(l z_~{kWCQR8`)yY3ZP|m-T*b#~VKZ;Kmz>?%yxX9ELs^|eLq^z-|GqiF|)Pvk7XL*6* zO%85yxIT%ad1@3s(+E^ass?s~q%@!lh9Ef%3O0o6FeHiwMUkYHxFiarAHV{$n9!VsC#{v@cnHOBGW&7@m^gx_ zSH(ScTF8j7=HRAsq}+8H{+{|jO}i@XK>R?;qGwxIF3XT?sGCVz)#cRew_0ILvlXsL z^_GOaHxYx(auhwI$)OB|)PME*z~thHj+f>*2n%gJlattBfM!&$xQ*XJ#l!PYVfy|s z(?wC^$}6(PB3H%YALwnECG{dG{^C(i#R?UqIE`hJCMJ|m;i|+j6CnS`yq;VRC$QJD zTqc8WH`%GIS%f%E37tm;@&W;8Xhs){9j71Zn=2x2`=Vf7wTGreTcJx@2t6V@i$NsI zdDVn)736Ue#zu_n*!OT%jyM0Gzipu;TRN+tb*5qh3A=xc)uEte^~LRCuoegum?nIw z#4~qsG=-7oiI7UFOrXsc3ZO()N3R3IhsSYda;SlVMMiThp_CEEy4Mz*1%s&wbkc3& z68Fre^q?D~d4ual?SBERB^G*lJ`#YR^Pdv~I(Rmiz&Df7_Qe@inO`t7YnPD!Wf-sk zMm;22&SE^O@%Z;VyErY_$TFyo&88)hx*&uPR%omlrxY!V5^qKUG#6aLrATcTHgu5% zk_pEs=Z$gUvCZE*MgJ49KH;wx+9;ylTk={m$Q(nw8awLIRGE0^Yy(_MxNssrKo$Xr$MAq%Vu8#hiu zRc~O6xC$ZBFbqhLPI9KIZIoFk3aox5rXQ4}K2@l+?p$)?U)y#YuK`a*oNsqI7uHIv z?qJY%)9zJ2G=37%N-N#SDCs!5ts0%Y3~OW&YY`A}>&R6*Jp9kL%nq7gZW*;|CV=Ok zrQ{A8TDOU~x4ZJ=hs9}Y-L}_;uIprd)Mk{zNApBbi>2e5jdvSh{eKxfAoJx@*IV!O zv33L7jDlKCub*B$x(c{YzQ8{l^qZbHf}0GlF^Q_yKUBSXOeFwM-B}+!!;7RF@2;