From 3c53ea75ced5879589287e63617b133adc237f05 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Wed, 15 Jul 1998 18:05:01 +0000 Subject: [PATCH] sync --- TODO | 3 + g10/keydb.h | 2 +- g10/sig-check.c | 2 +- g10/tdbio.c | 6 +- g10/tdbio.h | 10 +- g10/trustdb.c | 266 ++++++++++++++++++++++++++++++++---------------- tools/mk-tdata | Bin 35443 -> 11769 bytes 7 files changed, 197 insertions(+), 92 deletions(-) diff --git a/TODO b/TODO index b5cd73422..73ed027fb 100644 --- a/TODO +++ b/TODO @@ -4,6 +4,9 @@ * invalid packets (Marco) + * add some sanity checks to read_keyblock, so that we are sure that + the minimal requirements are met (?) + * what about the CR,LF in cleartext singatures? * add option --restore-ownertrust diff --git a/g10/keydb.h b/g10/keydb.h index a0398092a..51da9a628 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -130,7 +130,7 @@ unsigned nbits_from_sk( PKT_secret_key *sk ); const char *datestr_from_pk( PKT_public_key *pk ); const char *datestr_from_sk( PKT_secret_key *sk ); const char *datestr_from_sig( PKT_signature *sig ); -byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf. size_t *ret_len ); +byte *fingerprint_from_sk( PKT_secret_key *sk, byte *buf; size_t *ret_len ); byte *fingerprint_from_pk( PKT_public_key *pk, byte *buf, size_t *ret_len ); /*-- kbnode.c --*/ diff --git a/g10/sig-check.c b/g10/sig-check.c index f600a4d1e..1dda44529 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -250,7 +250,7 @@ hash_uid_node( KBNODE unode, MD_HANDLE md, PKT_signature *sig ) /**************** * check the signature pointed to by NODE. This is a key signature. * If the function detects a self-signature, it uses the PK from - * NODE and does not read any public key. + * ROOT and does not read any public key. */ int check_key_signature( KBNODE root, KBNODE node, int *is_selfsig ) diff --git a/g10/tdbio.c b/g10/tdbio.c index 425e51cbb..9355f4c6e 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -287,6 +287,7 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) log_error(_("trustdb: read failed (n=%d): %s\n"), n, strerror(errno) ); return G10ERR_READ_FILE; } + rec->recnum = recnum; p = buf; rec->rectype = *p++; if( expected && rec->rectype != expected ) { @@ -383,13 +384,15 @@ tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ) /**************** * Write the record at RECNUM + * FIXME: create/update keyhash record. */ int -tdbio_write_record( ulong recnum, TRUSTREC *rec ) +tdbio_write_record( TRUSTREC *rec ) { byte buf[TRUST_RECORD_LEN], *p; int rc = 0; int i, n; + ulong recnum = rec->recnum; if( db_fd == -1 ) open_db(); @@ -506,6 +509,7 @@ tdbio_new_recnum() * The local_id of PK is set to the correct value * * Note: To increase performance, we could use a index search here. + * tdbio_write_record shoudl create this index automagically */ int tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec ) diff --git a/g10/tdbio.h b/g10/tdbio.h index 7229d7222..2d28131cd 100644 --- a/g10/tdbio.h +++ b/g10/tdbio.h @@ -42,7 +42,11 @@ struct trust_record { int rectype; - struct trust_record *next; + struct trust_record *next; /* help pointer to build lists in memory */ + struct trust_record *help_pref; + struct trust_record *help_sig; + int mark; + ulong recnum; union { struct { /* version record: */ byte version; /* should be 1 */ @@ -72,7 +76,7 @@ struct trust_record { struct { /* user id reord */ ulong lid; /* point back to the directory record */ ulong next; /* points to next user id record */ - ulong prefrec; /* recno of reference record */ + ulong prefrec; /* recno of preference record */ ulong siglist; /* list of valid signatures (w/o self-sig)*/ byte namehash[20]; /* ripemd hash of the username */ } uid; @@ -127,7 +131,7 @@ int tdbio_set_dbname( const char *new_dbname, int create ); const char *tdbio_get_dbname(void); void tdbio_dump_record( ulong rnum, TRUSTREC *rec, FILE *fp ); int tdbio_read_record( ulong recnum, TRUSTREC *rec, int expected ); -int tdbio_write_record( ulong recnum, TRUSTREC *rec ); +int tdbio_write_record( TRUSTREC *rec ); ulong tdbio_new_recnum(void); int tdbio_search_dir_record( PKT_public_key *pk, TRUSTREC *rec ); int tdbio_update_sigflag( ulong lid, int sigflag ); diff --git a/g10/trustdb.c b/g10/trustdb.c index 593e12cd2..b2e478ceb 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -259,7 +259,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create ) rc = build_sigrecs( c->local_id ); if( rc ) { if( rc == G10ERR_BAD_CERT ) - rc = -1; /* maybe no selcficnature */ + rc = -1; /* maybe no selfsignature */ if( rc != -1 ) log_info(_("%lu: error building sigs on the fly: %s\n"), c->local_id, g10_errstr(rc) ); @@ -1441,6 +1441,31 @@ query_trust_record( PKT_public_key *pk ) } + +/**************** + * helper function for insert_trust_record() + */ +static void +rel_mem_uidnode( u32 *keyid, int err, TRUSTREC *rec ) +{ + TRUSTREC *r, *r2; + + if( err ) + log_error("key %08lX, uid %02X%02X: invalid user id - removed\n", + (ulong)keyid[1], rec->r.uid.namehash[18], rec->r.uid.namehash[19] ); + for(r=rec->help_pref; r; r = r2 ) { + r2 = r->next; + m_free(r); + } + for(r=rec->help_sig; r; r = r2 ) { + r2 = r->next; + m_free(r); + } + + m_free(rec); +} + + /**************** * Insert a trust record into the TrustDB * This function fails if this record already exists. @@ -1448,17 +1473,20 @@ query_trust_record( PKT_public_key *pk ) int insert_trust_record( PKT_public_key *orig_pk ) { - TRUSTREC dirrec, *rec; - TRUSTREC **keylist_tail, *keylist; - TRUSTREC **uidlist_tail, *uidlist; + TRUSTREC dirrec, *rec, *rec2; + TRUSTREC *keylist_head, **keylist_tail; + TRUSTREC *uidlist_head, **uidlist_tail, uidlist; KBNODE keyblock = NULL; KBNODE node; - u32 keyid[2]; + u32 keyid[2]; /* of primary key */ ulong knum, dnum; byte *fingerprint; size_t fingerlen; int rc = 0; + /* prepare dir record */ + memset( &dirrec, 0, sizeof dirrec ); + dirrec.rectype = RECTYPE_DIR; if( orig_pk->local_id ) log_bug("pk->local_id=%lu\n", (ulong)pk->local_id ); @@ -1474,124 +1502,190 @@ insert_trust_record( PKT_public_key *orig_pk ) if( rc ) { /* that should never happen */ log_error( "insert_trust_record: keyblock not found: %s\n", g10_errstr(rc) ); - return rc; + goto leave; } - /* prepare dir record */ - memset( &dirrec, 0, sizeof dirrec ); - dirrec.rectype = RECTYPE_DIR; - dirrec.r.dir.lid = tdbio_new_recnum(); - - keylist = NULL; - keylist_tail = &dirrec.r.dir.keylist; + /* build data structure as linked lists in memory */ + keylist_head = NULL; keylist_tail = &keylist_head; + uidlist_head = NULL; uidlist_tail = &uidlist_head; uidlist = NULL; - uidlist_tail = &dirrec.r.dir.uidlist; - /* loop over the keyblock */ + keyid[0] = keyid[1] = 0; for( node=keyblock; node; node = node->next ) { if( node->pkt->pkttype == PKT_PUBLIC_KEY || node->pkt->pkttype == PKT_PUBLIC_SUBKEY ) { PKT_public_key *pk = node->pkt->pkt.public_key; - if( keylist && node->pkt->pkttype == PKT_PUBLIC_KEY ) - BUG(); /* more than one primary key */ + if( node->pkt->pkttype == PKT_PUBLIC_KEY ) { + if( keylist_head ) + BUG(); /* more than one primary key */ + keyid_from_pk( pk, keyid ); + } fingerprint = fingerprint_from_pk( orig_pk, &fingerlen ); rec = m_alloc_clear( sizeof *rec ); + rec->rectype = RECTYPE_KEY; rec->r.key.pubkey_algo = pk->pubkey_algo; rec->r.key.fingerprint_len = fingerlen; memcpy(rec->r.key.fingerprint, fingerprint, fingerlen ); - if( keylist ) - keylist_tail = &keylist->next; - *keylist_tail = keylist = rec; + *keylist_tail = rec; keylist_tail = &rec->next; } else if( node->pkt->pkttype == PKT_USER_ID ) { PKT_user_id *uid = node->pkt->pkt.user_id; rec = m_alloc_clear( sizeof *rec ); + rec->rectype = RECTYPE_UID; rmd160_hash_buffer( rec->r.uid.namehash, uid->name, uid->len ); - if( uidlist ) - uidlist_tail = &uidlist->next; - *uidlist_tail = uidlist = rec; + uidlist = rec; + *uidlist_tail = rec; uidlist_tail = &rec->next; } - if( node->pkt->pkttype == PKT_SIGNATURE - && ( (node->pkt->pkt.signature->sig_class&~3) == 0x10 - || node->pkt->pkt.signature->sig_class == 0x20 - || node->pkt->pkt.signature->sig_class == 0x30) ) { - int selfsig; - rc = check_key_signature( keyblock, node, &selfsig ); - if( !rc ) { - rc = set_signature_packets_local_id( node->pkt->pkt.signature ); - if( rc ) - log_fatal("set_signature_packets_local_id failed: %s\n", - g10_errstr(rc)); - if( selfsig ) { - node->flag |= 2; /* mark signature valid */ - *selfsig_okay = 1; - } - else if( node->pkt->pkt.signature->sig_class == 0x20 ) - *revoked = 1; - else - node->flag |= 1; /* mark signature valid */ + else if( node->pkt->pkttype == PKT_SIGNATURE ) { + PKT_signature *sig = node->pkt->pkt.signature; - if( node->pkt->pkt.signature->sig_class != 0x20 ) { - if( !dups ) - dups = new_lid_table(); - if( ins_lid_table_item( dups, - node->pkt->pkt.signature->local_id, 0) ) - node->flag |= 4; /* mark as duplicate */ + if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] + && (node->pkt->pkt.signature->sig_class&~3) == 0x10 ) { + /* must verify this selfsignature here, so that we can + * build the preference record and validate the uid record + */ + if( !uidlist ) { + log_error("key %08lX: self-signature without user id\n", + (ulong)keyid[1] ); + } + else if( (rc = check_key_signature( keyblock, node, NULL ))) { + log_error("key %08lX, uid %02X%02X: " + "invalid self-signature: %s\n", + (ulong)keyid[1], uidlist->namehash[18], + uidlist->namehash[19], g10_errstr(rc) ); + rc = 0; + } + else { /* build the prefrecord */ + assert(uidlist); + uidlist->mark |= 1; /* mark valid */ } } - if( DBG_TRUST ) - log_debug("trustdb: sig from %08lX.%lu: %s%s\n", - (ulong)node->pkt->pkt.signature->keyid[1], - node->pkt->pkt.signature->local_id, - g10_errstr(rc), (node->flag&4)?" (dup)":"" ); + else if( 0 /* is revocation sig etc */ ) { + /* handle it here */ + } + else { /* not a selfsignature */ + /* put all this sigs into a list and mark them as unchecked + * we can't check here because we probably have not + * all keys of other signators - we do it on deman + */ + } } } - - - - - - - - - - knum = tdbio_new_recnum(); - /* build dir record */ - memset( &rec, 0, sizeof rec ); - rec.rectype = RECTYPE_DIR; - rec.r.dir.local_id = dnum; - rec.r.dir.keyid[0] = keyid[0]; - rec.r.dir.keyid[1] = keyid[1]; - rec.r.dir.keyrec = knum; - rec.r.dir.no_sigs = 0; - /* and the key record */ - memset( &rec, 0, sizeof rec ); - rec.rectype = RECTYPE_KEY; - rec.r.key.owner = dnum; - rec.r.key.keyid[0] = keyid[0]; - rec.r.key.keyid[1] = keyid[1]; - rec.r.key.pubkey_algo = pk->pubkey_algo; - rec.r.key.fingerprint_len = fingerlen; - memcpy(rec.r.key.fingerprint, fingerprint, fingerlen ); - rec.r.key.ownertrust = 0; - if( tdbio_write_record( knum, &rec ) ) { - log_error("wrinting key record failed\n"); - return G10ERR_TRUSTDB; + /* delete all invalid marked userids and their preferences and sigs */ + /* (ugly code - I know) */ + while( (rec=uidlist_head) && !(rec->mark & 1) ) { + uidlist_head = rec->next; + rel_mem_uidnode(keyid, 1, rec); + } + for( ; rec; rec = rec->next ) { + if( rec->next && !(rec->next->mark & 1) ) { + TRUSTREC *r = rec->next; + rec->next = r->next; + rel_mem_uidnode(keyid, 1, r); + } } + /* check that we have at least one userid */ + if( !uidlist_head ) { + log_error("key %08lX: no user ids - rejected\n", (ulong)keyid[1] ); + rc = G10ERR_BAD_CERT, + goto leave; + } + + /* insert the record numbers to build the real (on disk) list */ + /* fixme: should start a transaction here */ + dirrec.recnum = tdbio_new_recnum(); + dirrec.r.dir.lid = dirrec.recnum; + /* fixme: how do we set sigflag???*/ + /* (list of keys) */ + for(rec=keylist_head; rec; rec = rec->next ) { + rec->r.key.lid = dirrec.recnum; + rec->recnum = tdbio_new_recnum(); + } + for(rec=keylist_head; rec; rec = rec->next ) + rec->r.key.next = rec->next? rec->next->recnum : 0; + dirrec.r.dir.keylist = keylist_head->recnum; + /* (list of user ids) */ + for(rec=uidlist_head; rec; rec = rec->next ) { + rec->r.uid.lid = dirrec.recnum; + rec->recnum = tdbio_new_recnum(); + /* (preference records) */ + for( rec2 = rec->help_pref; rec2; rec2 = rec2->next ) { + rec2->r.pref.lid = dirrec.recnum; + rec2->recnum = tdbio_new_recnum(); + } + for( rec2 = rec->help_pref; rec2; rec2 = rec2->next ) + rec2->r.pref.next = rec2->next? rec2->next->recnum : 0; + rec->r.uid.prefrec = rec->help_pref->recnum; + /* (signature list) */ + for( rec2 = rec->help_sig; rec2; rec2 = rec2->next ) { + rec2->r.sig.lid = dirrec.recnum; + rec2->recnum = tdbio_new_recnum(); + } + for( rec2 = rec->help_sig; rec2; rec2 = rec2->next ) + rec2->r.sig.next = rec2->next? rec2->next->recnum : 0; + rec->r.uid.siglist = rec->help_sig->recnum; + } + for(rec=uidlist_head; rec; rec = rec->next ) + rec->r.uid.next = rec->next? rec->next->recnum : 0; + dirrec.r.dir.uidlist = uidlist_head->recnum; + + /* write all records */ + for(rec=keylist_head; rec; rec = rec->next ) { + assert( rec->rectype == RECTYPE_KEY ); + if( tdbio_write_record( rec ) ) { + log_error("writing key record failed\n"); + rc = G10ERR_TRUSTDB; + goto leave; + } + } + for(rec=uidlist_head; rec; rec = rec->next ) { + assert( rec->rectype == RECTYPE_UID ); + if( tdbio_write_record( rec ) ) { + log_error("writing uid record failed\n"); + rc = G10ERR_TRUSTDB; + goto leave; + } + for( rec2=rec->help_pref; rec2; rec2 = rec2->next ); { + assert( rec2->rectype == RECTYPE_PREF ); + if( tdbio_write_record( rec2 ) ) { + log_error("writing pref record failed\n"); + rc = G10ERR_TRUSTDB; + goto leave; + } + } + for( rec2=rec->help_sig; rec2; rec2 = rec2->next ); { + assert( rec2->rectype == RECTYPE_SIG ); + if( tdbio_write_record( rec2 ) ) { + log_error("writing sig record failed\n"); + rc = G10ERR_TRUSTDB; + goto leave; + } + } + } if( tdbio_write_record( dirrec.r.dir.lid, &dirrec ) ) { log_error("writing dir record failed\n"); return G10ERR_TRUSTDB; } /* and store the LID */ - orig_pk->local_id = dnum; + orig_pk->local_id = dirrec.r.dir.lid; - return 0; + leave: + for( rec=dirrec.r.dir.uidlist; rec; rec = rec2 ) { + rec2 = rec->next; + rel_mem_uidnode(rec); + } + for( rec=dirrec.r.dir.keylist; rec; rec = rec2 ) { + rec2 = rec->next; + m_free(rec); + } + + return rc; } diff --git a/tools/mk-tdata b/tools/mk-tdata index 3b9e1c01698c67881ff1528526fa66220c1c5d3b..7fcfb389fa82c4a49e208cdeb2cab18fd4575459 100755 GIT binary patch literal 11769 zcma)C4RD;rd0rzq2-gEP!Ni0@4VcCzvV7nDNT(BOe3s6VuyiNios69TA1B>Oy7+$N z`>{->kjprv7>ABaOQ4VvcT(DPN)k#F$_z89gWCzs6ozTjP8jmzOiD){pf#AbSTYv0av5f}{lg63Q4K1I@^Cwz0iboZeo_Zz~lm&BHzQYLBDTdgOl?@k+$2 z5h>$x#0`iHYY?wNqzv|hI7yl^AZTM;>a?ALnqd>7K=pVjrRgf`=#*Zr2E z*Qhk;^C;)sa-8-fcEJu>9(@;56DYro_!Unc=?3Du$2z;RNY~@9h4gupZ$?Ua#}G|_ zHlaVi3wp`#k5a!6dL!DSEb>2z_mIgY?%CyU-r>+l2PMiF6C<{{~W) zpG3@~{1T+>&nrl~JbgKS{|LGhSA*K(CS#8it)kn2){ zZlX}DRjQ~|FEnNsnlp=lNZpxgrBSPvlv_aK=tv=-YvfQiU9Y31T#Z?f>FVm7-_{1x{I8zwvBvTAgmMM&RA5$#2JD6f2-OUsupJ$2%HqR6bZYhP? zdQqw6$PVNz-#m<847*ysnJvr{o;kgYa5Gz)XW5xog=UNMTsCJ;3eA@1xfIVlBQ$$3 zzlrn-q1lu9Eu@bN%^uAMNVkM$&*r0~7ldXH=Xa348#Gc0`;Y$g=;@>1UG?|)d-cf4 zPUr2Zsi~uHOlI~x{{R?XAk)jOW5b)fzPtqjuK3H<9J$G*ry=9WUw1AIBc10WT>7M! z^YeF?mzSncZE|T2S)X|58^2B=Uh+I0#mlWX|I4E@FGL~s$RK}JW6kkn9m}sCIn{Y& zKsC>O;?zUEr;e`-=-ZLEuKG^m9AzH4w`-U!ux z^tV4;y@~06zjp80V-sh;x%TM9Td$Shdi~Dxua(dK;bsg-|LQIHUA*Cn=Mv{9=V@e1 zAC|Vd-n{Oi=h&FnAK`v*>ih%imRGala^k|72D;tu@0)AA3R3OpTX&wyywELU#NTCq zj4m7*SZfsrr^y~D?+#_fT^k+-h7r77JdZe@K14zI48C}kK<6c8U-+;)#y^8w) z{oE)b{U!Gh?k%H`OB_H-pU4Hlea-JUFhd^kEc$qZg}Z^dhcFBvwg?dJL~IctR1sSQ z2wy;K5g^bvw+IkkMr;uvtj7Sf1SvIT;ktz%vGB7Ne#OG4E&LxAUW-96^7}2EweW(4 zAGYw5f)7dWo)vtx;FE&&PW^X+^$!1=K1&0N{DmWte$AWtWzb&{=@CCtik2pJZQm=l&*9aD^EhR%Zmq zB!3YoiP_VG5s)bvEwaq*vSli6wg0;;&C0N_cp9|h3g8oVHX2Jg> z_#=Y5u$Wson=^b+u(pls1#8>5MX%*sDy;eWUARyg*SuB!G~_#q2_+rmGy@Ky|ysXJ@o zr!D*w3twfmyW7H_xA1o@%(I)3pRn+vg}-ItcPt#k^q9Ii3pWLKipDL$Pzd3uV00GY zVZjiF@PuIeApDVFJ-=TStmpSR!FnG5O0b^Cmjq)n5&l6iltcJ|VBPK;f_1z9X7T)7 zu;7yNtosuZyhYmGAz1t5+XUX4*qmVQym-_Q ztasx@!Gn_D63izar5+Tl*We?9cS`=31P=-R6T!oRpAjrj{n)~nLyeZ2l!A?d_XxgO za9VIca7OT;;H=h!CpWkQ^?-*t8;<}F z%c;fStK>Od=Wnp^hvYe4=U<~De%)&oJ&?}7PTlR}8`Q%-zE-{JKriJI*EGNDx}@hNR6C4@IQa9vupc&wOrV~Sg2JBwe1V_ zdgG&WPGEbzHnY7^t(NNBRr$cS2A{@yX4KrwOc0N1<%MFYknd5&N+Z^A25Zj1wxAR4 z3r9n};pl)5`v%m^e6AL21P5!ufxv(hL{6z%ncE~4L;qLBW~E-7s}%B@HB8pPz&6LL zzp^y)p3-&`y;9-?E*1s?eHRN}3nF7>Gkqe=7BvuXE+zt6*5|9WhVFZm)wYF#eZA2E z{`#dWrT1$kdLxlg1ogG@dib1xh;V{YJ%oNmuUKXvFc6HOBA&x@oD>YXGZ4m@DLkc5 zmkP*|@s2V}l=Jgta2-yN;?$N3hjquD$Y4EME96Qsr#sLc3Jw&@xjEoakVKo=G|9p4 z)omI%ej6OSz5!|6l&$OpM~UjO7l*3FJo?)|==9?a0Qp=k$fagsyxeeS@b=;W$q=c0 z;Se#nNANPCTK5a)ig~}FSg8_6$W*T83w}WbZ|Fpp)UVFY`qlBOgVik2;QDF zqEa3p)$~cJ49e+cY19;I($owEebKC`N$D%7-Y^S$O-)Vq$x9w@n6p6#wtyjs1q0d^ zW{ZVV-ibwN4Vd*ilw<^v5sorrK&qE>wF8A(EE^0C)}5eR!K^$0XUKxT9u2s&rQ94D#6DRHd(CsMV!>Vr zZObu5c!`7}PoQ66I#(|+yT6z1pjogl){2dSYf7;ASkx}iZ9r9N+OFa?;q=QoVGSth z3kn8B7hQn`9(yn%ZIiv8JJfDC81);T&dnTXF8Go{mcakt6%2TH*fFZk!k1U77{f4Tjw()<4$v@}6V>C2H33_Xg}Nh-NJi&pnl)?$rDnMj z>+g<)!<=)sS!vb_7~k#)MkPAniWig_?iu2!s9D}IqWSSX=#HYE0a(4DQ;7Goh8IE2a29mH%w!;lewhdStT zFO3EJXoFE|?BeaGY?BU_G6)$p@n#^fJYx+kR6sgH@n7!2W)2QA6owv$;GRPfZ*-jj zYNW>z6+E_H!)7MI8Hlvm+P>3mdrP<%<2Y?!iLU4K#(%kOPl>K+&j=ra9veUF+Md<5 zoTA%ytgh_@-PyWsH$;tROk+WctuMkZWkS?!o^Ova>X>h=%h`P0oh~-&u~5G^4k4|f z69|e)x$r@iLdo^&H9~NbCeKpeLcZB4fl&+JbQ!AHaCvC+vi+%+gi_tF$PPWON)6NWOGAvc~LF}i>n z8XX%S78<&c9^dU|hjwdCKqp7isj10~Q3g4w$wbm90}_2s#3v*})InDEXjD0*I%7EU9|9D1^DHMYK zI&*kTH;t{p%gGGI@pXxlWWmtqC*t#>c0;6=SRjRrgFKOs<{8 z7QhMX{>CRKVQ$>FGqJFzLt+90wj18U>+FQiaMSVRNFo;2bAilMdOuW4WfMaf#$+t4 zHJM0cGO$q?Y9<5Qis8_qb>=9f$Fi_p*mo)x*0bZ~?#CdECWfbAHmG7|2@7bPnz>Lp z86QU%y+x9kh)<5D;1^;z4axY8#?z4N^(wXVHgpPwX12^=n8qVoRT;HREMgo%1dd=R zgRW;s;nDC}%-&P#Q9NVdRPQzk=#lGAuN>vwCIJrdZaox~2NAbP!0oZ#8rw; ze-3K;haf(#P~oOI{xtD97@L0>$C_XO&uaWaZ4P`Op>n?N0UqPZJc;jeRIWBR6I+n9BR7q-QPb(XK~S<#TTngo zx%#~7$=_1}t429)a?azejEx^wg^It-nYA&NQkuRLbjQ zu8Mk)oGTY+lop5Sm)_*2(GS&w*9ql91zeSCqd+Zx*}%8v)E=M4^c^9j`i(pQ0?Qa~ zLR^hVK7J2fLi!EF4n&4dFK$K3H@M{EchWCHzzIZ_Qx;RcZRF^)F8TOf^;Qt)fK4#% z@=F%q6qAqNO#=|XFMh1M9+C1mvpW$DAHTDXqF@wx6>?yvI?%aue7$ zhCPUe?=kQ_2EG$4@B-yA@{5Au<2|h%7^Ig>=TTi>B!C0{4*5b!I09@qpkM!$m$YgiTe4r9WNtx_J} zPd|!CStk4@jO34LC|)o!PJlL;MK|8m{=QDyl>I3%x-Nll{O|e&d~CvQ_i^xjU00J| zBabQP)`ajDj2}8ro4y5+dT_pJ%eK6HH{M+vAt& zR=iDfM%$so9~qt3vBIJ$k6N@thkOyRY5lFop- zmBMms;=$J;H__S^I(+NVc^&?(KSS$pMW#lF+*ULc<$2#Cy{rz*qCGF2xW`7D*>x1R1pfA53bzGVFV>$gp}gI{HR`LZ=mqxYd0?)8X7OI% zw~^ZS{$2uY-&6b^=&!)vB2hOYzK&?$Tl^Q$^mnvW-lIH=lztouX7^I{Go<#t#7i(C zhM)Hw*MR1&FRnq}8{7z*e!C_0FO%B?_C3eVUO9?kU6-j4X!N2%LD)8CW-O3d#h=<_HK3$4`cplx|~fu>(2Kjk+-&s*)?1KPd^dLL=}P2pd! z?gwq(+k6nTeGgO3)Ef0hb9VOq-?3bLUvTG2)#+TxmGg(2YaYfCdnlVqyNTqm>*4@d zY`FPmxqOepOTHPr-ml7wJa7%SxzI$QCxcHel>!RdLgh5$2^DreAwnt-K%P{uHLt+> z=GMN`>0OP)vt!-6dugs?wy$8m??$J6_0rt+TzTVCU$68oYPwKC_XypyuV3=Gs`SOq e6}LpqP0fp5IF&n_a*x!zxG8r+@$6zQfBr9ZZ;cHA literal 35443 zcmd^o4Rl;bmFANrJF?M<9pgZNFqq&3J1DZc)skB61T0G}TS0%;kCTAIOG|1=ok(h> ze{3hjprANOrx7>|%g)(lW)c`6{Ok-f3=2$PZ~{2Mz>ook-vP|>Gx9iqnHa~+hM@2=2XFn^vN{^|B4pmjhaKHAT z=ES^>-b!z?_hRpb-YTG&7n=nQu7?2gT8XO)S0%1*@u=XNP>Sg{4kj-9(>yfHzUVnr%FUrL_woYb-w@!{;Gntt# z9;nM_>mr_a3Ggq*#m@_Ikq20LFTlmmT3o17%2WO|xHjOb#>KMykpIO3g@0-QirgVe zAnFT|gU^c$^gMGXfBS(d@}XTWHSlV4cW8(renc(291&$Kgj@5go0l)nP-O}GvtA2*NbH{hyAx)XQOXK{H*?=tBk z?oT@9??U>r4^~wV;(iHA+>iS$pr6H^<>zr71N|nGW*b`hHbTCKklt?UC;j_z%^*!# znEo)XjYzYdnEoiPbx3!Z^rvy3Mf%ky{RHllkcVwgdHxaiYmI$q&woOi^5Q1;{mHWQ zuaJJLlkdULMkm$5{PvrATDv>jJb!0b?~c|kzqg}fAUWs{w(jUk`lP(m5N4(`1tGdr6wn{Bi>jpo%W{EQ~7j(B}Z7Y(Mt_ya|LfaU6{#?dVXiG zpD&DNiv{14qQ0Nqm(Gn%X7_uRX+D>l9tG=c#uLc*$;?*)d@vuIDUR%i6uA2%+37+q zJL&mphynrAqp3m)dBgcUDoUYd2s2Y5%r-o?AL2wTPT7CwPqvd|C8$0dEX zu^kj=uiS;dM4Y{n5={_1e(WqhS5mSG<{f`h(v)z5UH|wINmJ4ZcERHxl{6)u*vRxl zlBVPno0&c=X=*T0&-ARMsmVl~=^05=qlxWI-y&&hHnEH8K1oxM)A4NS1oM8eS+h_f^RUNc=qhsg}0$t-@;y?UO!*B%A5c6E6M1S z9E83)d*Ye-zrKoTR5W+p1lW4Th7->(ot|4c$`RyY{w;4`Jo}_Tb8)Zuvx!OI7Cwf? zePSg`kW=ZYn?H9LJnVg92BIn9pP)^ME}eGr=bpOkiR39(Ja@3V;!T&9lQqz|ysm%Y zbC4O@l#ZNO5jj#yo?2KBMCnN1!kwD&L~>D!o$?B6%E`r+@ZG6}@85jpyHh70u7$`gE9>!h z|D};54mT0c=&gesQSb@p?F~E%>C=mt|al<>4?8LNtVaH|&X=Ej>HG z&ntIVN51~RC9S0=OWoCT$KG7}^*4^Ke&U|5A6zwe^r90#J`9CR@p7_yK7Hm5KFxzN zY=ft&ZrEc~EFY{ccP|3J_P;lmPVOX=fBnX>xyLSAom{-<>vtWW`|Zp2uYcy~c9^5E z=97@)EUHK@f^&Ijv9zvqWN&+RC&dpm%d0Q zuydcUX-O{bt1KlKD?0$5$pbu7I$61Den#tkocbon9)`K3+8SNPh;t3wcU9j)73!ZmT2+x;gv&wB;=i0&4?~o9pi?f;9VLU9 z?*>-RzKzP~KEHuAA3O1q(&_o+slIu*tTTt|YBVA|CchGmdg79DUroi(8Q34FeQW0LsAxI3 zxc~1XN5aMsf0}!0ozoWgzLfp}!&c25fn(Hcd3^rS%l_r;+4<{NKao5stA==`HE0@0^9%~RaPvv;n(vrrv5a{TXrI}9%>x0IeOotZmUS$M&n zYv<0aD6EWMRoL2rKUee5l^x|(_Z%x$-*cq!;(LBtxb%YvJm_q&J0S0D@yBz&tnBDO zpDFz-x|>u7fmoqPvO}sZKEK?J4pdY6a=Eo)?(vnSj;a%DQ1=t9oS=C!^i}uuFMNis z@wg;wko=`2;UdMF2Ue6i)|FSyeSY1J+4!BswQS)2g?S;UgiAj;pZ=-ap04e#zZ_L` zSC5)Ze+%kk zOvE@2yR}xVfW?kKuDBv_V3qSfT2ZU-i z9q4v1d`;8nD=_TZzqp~Mj4^9y@o0Pf-ip%Tz3Yzek-DTj>HpNw7fDDe?|97eXa1Wl z|5I9D7HM=d_!(+F+P-G5^#1k-*B$>IobGTS*G^l`$kpuDGgj)j@kB!)!%LRu9sf(^ zWy=0LMm5w1g*f7MR3Co_vP-9LEi6o(Hojf@cIoKir_i6hr{7oVn>mpeyVaC;&mdBM zEzIj*_#TR!7{o})IUM38RXN&Ty|-e1!=WQ^wfPy?>F#yxd?)A5ylmeOPP`Jl0{do{ z%2IP;_2GqQeuH9YCx%_yVUWfc7=)si&<}OCr>C5BvvqO_8g_v{b$l80Zqo;R2RhpjwZg+W}S-Tg$NwTAunjJd5_MR7mXqh4g`^Pz!WYL%$*-4_C$(Vd&|SzYw=$S)d93usN)I!L`2$rg&*tN0si8E_ zDScUZl;$~gK76ZJ79=WXdNdykDkqo@(<;MHS-^5#^R?i_M@L6q|Co>7Z72L7vt4f9u~siVp&<)RoqowQ&n|;Md@@c z((pEK^uDU<>u|54uU%YyXhjwK*P4}*zOPbl_f{$WF68_f=x;h7Jv--pRZ727=??(q z-CtGxx(m{4HTPn!OUpchYcJ^Q&qLn_+!t}Z75NXIC%;PSxBNtmxr?gepsZ7&>Z*mL zuBM73M;+tCM*&<8y*HMss?S`IXSM3IT6wOix>|X1L#ocJl3P_3R^m)ydCdB#3{o%G z6eSC5r=9E8RdG&Iw_#bi^HOp*3zQpq^A2yv?Md*s?18Fkj^-kj+ivHz1IKsBMQ;F) zN!&J|nLh#^*Misid0eD=tNL@RtDaIGB7e2&T_YsWhP!#8`i4Z2uyYL%_n^Loa#eK% zivND~l~D>Z8=FX@!FO5Fx~k1upQHj3x-*1Wid>@ScL({z@@ z)(lh9XkJxJQ$`16T{^u9*muGXm%qKL`g*|U*nv8h9MlSZh~c0$Z&o!o$YCwOt6?mw!t9(4cof1u7d>bVQNst;FH-+ZAuL-~!d zv@5afCsB3+Ww{}80eP!9wuMSdYkOY-?i9)%M%lYyhjYrZb?&PZ^u1fx|F>p9CE28D-can`-t{b=I8 zg}vOL<2sFN)uF2D7vQ=IR}-!dTzhbh;o67mUR>|OMfb25eT#4!7cI!WY)Z$yE11z+ zz*zzJ+OM4hf85`Fx8|P$%+_KX(C_)-xW>J4_KFEy^m#fa_x`toFX4LJX%CRgFUQ@&wSccRMBHDWH85qi@S7d@&mH({4*VMjZiUjbNb@uAz#ntqA2@I& zl$sT4&)e+4I~@3C2Y!mZl5+XD@P9L9tDZnP1Aptoo_9vdvW3xBRpdkO@VqSo(?dLuYvx&V zI`cY#d7|TaIf2>2m_rK8miN5(3e48W*d{PN#Phx`uzJzI2+RQ${shOH^|1GY&x-}# zC~#EZmkZn}@D&2zBJe8&J|OTWfgcq3N`W5{n4^m4eOBPB1^%AE>2Sv88W!;IadM$$@_?@J~cKSN>-Nzf&=j5tz{nu??iN66rjzMPMDrZWLHgx(^7exbVv%%B)b}6iMJc=g_-;dn;&Y!`sFxytg=I|JH$j;lP`qp5;H_ zz;AWnBM$r<2i^>G*s^H{{;&fdbKvJ==(qIOJ8;>7zvRHHU{*`t?!fyT_%jZC(t%sh z47Tho4(!_Y0PwWcMvOlX8u;?VSSK0yEt@>=3sSZURG#;Jfzes<`IW%xW0h!T8xvnB zFq{RSR|yPbgT@`Smjv{7o0V_1FsZVWxG~jm2F61m2FC39XIY5_!^PtA%UX;e@ftHfxj*=XKOfA z71+$+Fr3YL+;zabQD8nP0Q(4xK!DEdTS z^s^Y^E(bj8^+|z4k-8wGw;;F|-~n{(V_8i z@h*HEG@CF3=3MtTfFHuM5eUg%1%?B{Y)R6$%PiT#8{~Ny#b4^cFO+9z6#pWREu-*D z#L^1C)T1^EzubFQ0KY``RuumV@5unaNuDQCyuz14HjZ_RSdYBaz-ItoDe$GhWa^NpG@b?|~1=uQ@m6D#<=D=A8euo1;=D;T%_!3OtEuZTh z_zePo3m&4r@g7sx8-cgFzt@53OP0okzv9sR+JRjf7rqor2+QBa|2}Z*|6F;siFF0`JD?*x9 z2Y#yqf6jp`H-+>)4qSHN#~k>S1Hbahu**)sz#nnoUpjCt!d^h{z#nqpUpsIV@y600bl|^n;Ab3o>(wFsJ_r6Q2mXZv zUx%r=<^MJZe$s(ohym2n^f++IfuC^T)d(7vzRiL6Iq-)a_(u+0Qx}$vJMgFjzukd9 z>A*jB;PqQWKG!<%umj)kz<=$)#~iq(KIGHlziC}>_^1Q_#(_6QLizy*ev1SD zxdVUCfmdNlWb2AK@Q4Gy!+{@n;8PBKRYS<_*n;T zxHc?1?Z6K^@Noxz`E?=vHV5ACz<=q$zi{B_tHZKyc3?MFehGNS(`Pn#-uHxNA5xz8 zuL3_J@I|j7pQi%GT?^2L*nu z6gceQk2>(0wy^9K4!jTWChVkho;(luA#YsP2oD>$23-FN@OI$&p^lqyM{|0g27Z%w zP|j?>A@p}i*&i90WlsX$?%gHN%r6=k=zz~nfLFDLvc(;E58zGSV{*ou0sN46MEKul zVDf*^!0Q0N2k>^#@beJ^uK;XiejVV?0KdumdpQTzvR@URO8-^QrN=PsJt_3Z^jsM5 zL*5UC{>KKU48JlkWmuUc&5vZa=A{O{40z@L!(h#_3AhJwT?3j;-m`K>yj|#jC;Y9< zXF$^>G*?ydO!j7>xw4`fcuVsRz!O5VyMkw~cMDCQ(3A~KIsX{&cCW9()sg43ACR(d zs^IzQ5uv|J%6{3vEc+dS4^~jepBWfk(>n=xyLYhSBEY{hu*;w4u{;pmRr3Strsl3vhaE73Z7XipUa(kFF&W=4+;HMD|jxc^jA9c zS4v%0&YQvi%R>K}6>=5{_#yAr4*jc_&|d}mp9y{E3Z6e+w3GC^g#JYare2mm&nK@2 zezVu>-H&IOi62FN4bI-S=2H`?Tx#n~E_>_NnS8$Rs_{tu)_iVcYayGR%y0FkZo8(y z*9GcEyz!BdDBdNQn#oM2G3Uxm7ZQcd^|g^L*X884?V4yL)*OpBG{xfE086 zA=kruD#Md$^#s#`$ci&d%;M&o=0biXN&-65Wcom$as(}vkLS{<$%J@RZGCM+bX#UB zHEz-kQ6j>Ej##z{n~YqRw_Cq$k!B;Hr8!4XWBUk2JoTb8oJ`#xbEc(W)qxi!-mZ@Ok?L|=}(W_-HHcY-2;RQ^uB38eA@Mz@Pg z70tGa`Ym|H$uBw?XlvFTkqqD?O{N4|8X57RK#+kZMh2{-H8ey`0kkYR1qFf(v>P&@ zofc?{nF44l;G2R1K?d3e8O@S`SE{DRVWno&=#YnKx_m%A0yEuaRaUb$2%FLLK8se3 zRsOM=Y~JEkVI?2Wj9TRLcvs_MP z%U^X?S@UiMsx?4|Zf>IQ=i@M9LaWpvXDpMR9F1_$iEqJ( zQyXd8w$~G6)F5MVBDV>*sZ{Q^bS^<|FlIgy^{4TkT>?qi@M^&-TR%Ts93vh^BpxO^ zkf%Hyon6TUE5hiu*Yn|bX25HT>3|myu@V%^$LsyE$<(-|lYx>%7(7RPQKt!=M+_Jh z6_m53!25obqiIX6)({jOPUX`krv>thI4HC~mno!uClld=xh$u7L7lLRNCQ2B%&@vh zizvw~*uv!)jf$>XjCo<9XrqY2LiyCbC2~aLB8MrJ8o8}F<1%fC29}YMAPJdYa3%2;^|&~ak`jKqgm?VMYWAEVtkt~Qv%~O=r1YGv=F`P@z2u5 zL8t1|t0{2=#hcN%G2@@&T?J&YW6^yuGcf%huC1L7n~8=jN+(vbU;u>dLKZ>yUJ}&M ztI!eAtHPlm!eO3+?sD36E;oHnRFoIFx1KjEm7fYSMl(7>w+QbR>1XlVi&@y0)oJ(2 zrKe2N&J!lXa#Wy&9WNi0Lu*S@nR0A=X{2pSb(9x(QxcsyVZewtHZ5aV3wt7%N*_|DwoM;r$bWOo&~(y)02>M5D5%$7%Xo0$FjNo38WdUt`@w?bvrznEh;%i zw!Pl%KIh|X=Vs}>akTQ1HYrYHBprpkORyMIG6($ZOksHj<_TL1cg)Dd#P{*Gu+G*a z7~rHCCHey|u808|8DWqF9wWM9HDGW&2i62;5Np6--0^QOrZ|fNl7_<#mdnTYak_`Z z6910SzomiHjlnW3O?H81$@xtzb;vk5zflYZEL8XAA4Wp7$mpmBLS|4oaeutHZ6Y(#8V4C5VI2pragZ||*ixquB&U+~bQs?crwYu_ z=r8gF@fvs&`h~xpD-dm3k$l3i%nVhRaoHcshx$gTFY=}45mzyZ{R|ppwI8FN^a8R9 zG+yFz+PBs5tcQ(_^6hlEe?+=6{69W6n)in@1q{HzL8!158^jA5*@}_+s0?R5BJFf~ z(l>nIOf51t3A?2p&+%hv<-RR#odMCo@dd-$HUcu$L}Ce(8F&B#OXx->H*6?mJN{v^ zZL1?Quvj3IZ8K!5r%20~l6C@yOm!D&ev@f^7@6ucZe}>t)8pw<(nC$r&?8XTOqShx z-Pt869A`2d0vBYq+Dlx}WQTKZ=Bvfr{IKURUrpu;5IP|9X*J`3hJVnLn5}jb|1{Zw zV>6qU;~hrI$9-SM9j0NH(C5VEB%+vsBlK7}ItQ$CUDox_&@n;I8reS}(vqIRb=Y)j zDvhytBl<#A!f@K}YxBE0dtU2zx89hjuVoUD-`3jG+mna{>CT?Mp}|D77C|2r_-cxz z6lf5FzShBAl8kAxvoGoI80ttg8uGSXy*Kpu{mFsB{?4|+WP74X=z4nn!TzD1wnVce z_q2Bo@Y^jCaZ{{y;HI87%)b&X%C;X9-H{DUE6p4K#yitK3l^+I04`C!%U|rrVQy z67V_-9Q8YT`v(=%5EKy{JR*Tvxl#?>pfoCX)bHx0>g~ynM6}5iYlT;Ibq);TMi-8% z@rjkB%FJXR{ii+IHQ1^-ErtP5tv3yJb|?D<-vIZ5gx$MCFKAF5fD#_$i%FX*+CMnZ zsb+7`wirlu`#tz${7E$-a!+g5km)tni%@j;P|{+x6&y*7D)jVS{k=WCLj&~x2I(IV zv4a_j25p1x*1kTt8|TvliI~wL*$soeHW9Pl)U61=zqMy)G7;0Z0J69LCaBgsm~4X? zdlE6#q&qn<03U^;4h+Dz5?C~-&a^^*=OBC+{@t61Y3ms5O|agsWcv`@21RTup#ybM zGaoAVw01#6(@ByLd{-~Vh6I*2H2lD>)_(9cQuXe*9zr40ww5)9t-MiH6{`&-8lAxa z<9^z28-VzOyD+jXo3L^R%+3#%43j#6IByn%yUi$uLAlY5=lM7$o6$xS#Sz^wZz&p_ zMk2&B&SfG^N~qz7yIOwH;xtf8M9nuumClLJMT^t0EU`7;6jM5l#uAT;7N;>7+gCxL zKo4VBm5GcO%uHe;Hp9~vFPM>FX{s>{%e7GHm`pW5iooj3Kw>h<02)FCGmn@|E`Y?O zCYW)=WKsbnL=9#dF_}yN30Z>~Moi`qK*C5)=!OQ|cmkgLlwnK;o~jWK)=MT6$l`2) zS0fSn#gNq1th}Zswz65Hs0Ss#GVbVrR@Y;AV z9I$5h7u4ExbX2Z9L%g=0_N%E>{x({_!N?6ePjNS=1G8V$lgf>cBxVA5pTKNV?#Y33 zMt2ds5p$o+Ol8bQgJ%!SQZqC8tz0_GX5(-%Gdap_$*nvUz<gwwnQi2}Kake+& z6@nf3^V4be)=WdZY3qS0^EG!97ht-Kn1wK*EKK3gb90xm_4lGQd~rlLlFsL|+`r0W zwPrU@qj9Ve-EEl3GA9@qhg^1_I(v^cO0jRlLfS{H9AHL z*=iFs{L@ee`;6G+$*^k(Z?nO;%?stFLyNealOndZA(-~|`<<{Cf{}xW0m1kjqA>X! z>>TRG{PY|g5QzqavRr!HADK+$)go~HG$zyi$(;k>jqte>9NT&0ETxS=L+uXUVzsU9 zO4nGsTLDJsflg*N*S5<&UWWsok0EN%rF#=s+^Sx$0i8qt74g?IR+Ai7HY9 zNlbl(aRPn3qpP=d(2#R-*NR!F7LL_+VKNI?C!YxVn2~Pt*w{Wgh-$+TDH7eE&5bVE zXr6}77GXE7feN-p?XGp(Q1?(*>tN@eB$ojL=#tvoxdHxrxM-@t&8p{iWo&pIcrL=< z%iZ()a5L$ zsX_+3m%@ZoO_N8ZQw|HxGc6z$;s4kdXg?{)A(jX zoLTzAvS|(1HF$hA;xPC|=&S}M@};r8#%>HJHRxP=ES*bFkKn*cGMa1#H)*j^kNtEE z6%j6-Oo@CU2SXY1xFrX+IKq=zlhG1n6o+&862{E5$-(j|V8trYcw9pn=BUjY3~?tw z=4a9)8Jry9P{tZ9&ox!R38P{r1^Z*3Y6?OADX>z@AmS}W%NcVXb#ZwWaLG(hq;W)( zf;kcxEKQLNXM?CZA83+@a`JAnF@r4P=pL&qgTMsMFJygf12qTMTP9PE5@~5!Z&@Tb zr>4h^g|O^0`2Cr}1io8x3Vs!{xYP*a#}Wr=;Ofg1;o*|0Gt@a%7@07ZXuz1L9xoxo zka7X$qG?Jj!wky$ayG|xm_hOsM@!3M%wlsH9u8q4W)PfL$(baUV9QWG4#TE&4Q6sU zxq_j!zXUA_yCVvXqqA`JWk^wUW)fctD#Yp)T!95@1o_yXDyA(#(58inTz0?hnNDM} zC#%a~8D^?7zC|7duE$(7AKJhXSWxZ0EQAUy(-`R7-HGj($!vBe5ou~fw=_ItBq;c% zTQ@Z=F(szTI(!&aQM4&EtQm>iJjPKS;mB8qI0kD}hK-1BpS#eEqb4bOMlocG^g$0s3RI)>e@um~}6Mq0yFhX)K=7NO=eHV$ivm|-kn3q&XzPh}Z-!+P>^ zUZbXyGN=gF3`H#}f$0lEg2BxwEq-Hhs40{eG|>ch7sHx>i6yX(v=cAS$Od;DWhCJ~NC#1uBv&(ma)CW6S(TQL-Wt zPeDHB4j7qGK*S=0;&6T>r-xWFh0#L8cc4qiF{&C9l$h%A0EOoTFsLB|PN_`mgN_Gk z2xa;Nfd&ZHgVD#J#D+lO8+84dksu}jGm#me5R|k!NidofQ{xCUR$dd4U`8=CXht(o zfV*ibk|epCT*TOG<=mHnp)!+LOeGKwY)Orh9RIbbiAXqA9xqIo5P%9y1VHm?gwq{1 zEyCyq2~fXyf>2`yZR@vsV2mta$rHpoJML3_ophKII{E{x!Gfc^R+P!}v=A+e<2elM zRt4A)v3NLJ#9*moJIZ2|8!e6?ZtEbem_k;fB!^>LIG0ACo%W?W>wo}K`3hn`Kaxdk z!M;{#89X;5O)WcDiZ0Gz>Sb!jpsC2zFzlEbfwSZ?<5=clgUVz`#IfywanZ^_0T_#P z-mW7fB*8F=SUr+~#uyrvM-Z0s2@Hys0j4hO1$>}tA6$?A-)Kc2fo(9{N)!N7c5WL| zgU*5n8Z0YLnCv3~jaDT=GEgNNZHo$u@jTHO8q}R_;fVniSshYhSCe&8Oq8-RO>8nl z6C}e!DmYAovQ4(L$}&}-pTHbmxs7RHY%;?W%3-kul`*NoQjm{}G}-<&l^V%q;YefI zM3dFThEa)``9zZ$ufS#|mqCM}gEZOp%BRQKkrT~U6Ek}~%>5<5?=9DaS%}FrJ;#n1&ADUMv(wM?#$HQzZO~|=8jqmiv zK`0y_(;L*VOr(5vtbo-6^vuj)B7<4%XnF>t3@EKjDKpp*1D-FVHZnu!l57r9R4!U? z8%5ATpVMN|`mk*z9~*b5(R4@@wrwPt6RErzZt`RtcB}lDhyiRY=)`y!SzRg~)0quy z4o3@cVa22z$;x6Cw6@0K>?meNYUY^EYrsLUobZ7%7DPSUKYe_&x|xPx3CzfcHMWde z(!xj}sA2kVdNI;6Cyf+!_7J4=8ue^CTGU0m@{=ObyqP>$niyzA^Z)@0VO8`AI)Ml?%{@2h7RQ`NC!W8xPGr|?@2ATUk0qq#}Cs5~MM`wT1z0gPGy8hD;$AOzt(^$mkW6Y%Tkwz1I40%%mamOWZP9X4v z+~X$L81fdz8HYSt&j1sUM$l{VWBoI?V@|cMwhP*L>VB(TDB@jnK@@5k_ z3^~>kVV{F;(UwHB)0PeOiDpN(hDf40>~+{Zt54v;L1m6q1mkp=iei`yBtdRNB5qp~ zsTc;akhU=q4_gztO^LW|O{AI=aVry2@dO^9v>GDal8D>3L<());))bWw1jQR{AdDC zbA}=}Bs2iR9?Xp;5cC}8XzLc+mdtNTV81sk-JGxy%#@EOG*FpjO9G)OAV*8%O%0bl z8ask06jESuq+v%HL>rI}+Y=H*u~@2iEEjD=+L17d-QfDLNm-&97{`9mIMTLJncsr+ zl2%2lM|9Uqr9iVsbb*8PFp4lgY+GVTVOy7J=n;(eOhXS0_SUe(Ko1P}syWlpBN*(N zh8}jEXljKXy1+4M=%MRGlZGC4iD)ozhKR0iECO-{gFkD5J4EcxmZgELy0K*u5H*Mb zQV6ozjVwz8adi*NA|P!L52O&pMNDu_5P`(HS7i#(L4w%8Li7*2j*6u2T$!+3`*o#NJjL2&Vk7k=>QI$tLeCnudIgDH9v((pAe z-Mt}!ruETO(T_;`;u5xSL>U*Sr13z0-4h?pOojUqq7BX%Wp>x!j>*h^%qwq2sMj$M zC_JcbP<)m_H>k`m=Cb_}oJxvS+IY6)&)}7)4E7mBZG*yG30o{s%CvE-#b@?mGZ410 z6@)tnn1wFcguxLfE7{Y@4LPhpwE`y72Xyz{GA9m?%TCJ9^Ag^6eY2c5j=7b0|KLz- zSLfhO{xl}=YKlFb0n#jxY$H24Gu%P9+2KACo-36#qMlmdjFq)?!nEA&&8MgHnL=it zsRw90y)Wb@&HyvY-A=)Y7ulkj>9BBUyYno|wPJH#($)sGc!Z&*L(=ZgnpP14a&e5N z8zajN#-|rVm!2;0&A)fe5iTNz|z*y8pwt|%h@fAPHeETX@+9ruqTDJJog^O#6)o* zmNsF6a*>O1DWa_6Ku5G;mSLmXFw3yqDc{S36XI2rzzuZRWrmR_%rTLWdD#CGbByW^ zI#GF?n3!EfX&z-Uj<*r8q%^Z4#hDW(?&3h(KtEfb!8>ZAE`MY!g?WIrpTRILY6UuH zB7d7@P3)+udl$x)VKZ!xOUPrfojpT7-cQ4TBX1dTkrtSUc{~-@IEff*J6Aqi%%N8V z+s4}ZCLDC(**?E5j!;jjHD!lrNwtoq;ti(f2(7GKb@?iuqGhtf*~wstdbr9tGmOMB749nVG!bn$P1vc9J{0c>6f) zTG)W0v%~r$*l*EuFIC+HsqWUc&Yq55(`VEG7ALM_?O>6*3vBuptYz`+p=LC3u-J4R z#gix)xv<9|&n<+n-lF+&VD3I_hUv0Cz=Vf?xTCD^E!YPG@hpP#_EMvHdI`^%1urY2 zygs^g!N(T#`JM^ar(e_4<##jUIx^5e8593 zcnd}!s0bZUvG#EpbOB6jf)e0`;1E6u7HKx`(r{Ld7sIxZJ!g;Lf)~)5u>_JA(6Bkr zL65VZ@b$E2K33PXjW5sPAs?`YA(peo^JvYOBx7=l2g+Ov6j*?dci{%pXNPa)DU;X* z<6}M=o53(IJ9EYWP&T>^NVM*9n_!34p+yI~nq}Z^2lD3R5WAGdP^6U^pD@AHMriT6 zl(m>{(Qih(LU!|Xk-oD@N##i}0C+pnJY$4+>G=>09$>*cA$-!2j~aQ!5U1`1_rM!Y zII0vnv^D5}%ZE5Lj48|WE~Qh~;zM+*$Vi5VZm0;B!_znBaEJ)|qFY;M5}WXBKL`_e z4L0uNxd5W^+#q}=zAaUh9d$jSV+QOVHXpt+fjBf@w6-2?7aCI92*$;uu@|U+G(E|; z(3Xm@ygk)#fz>$)sZpD@0$c?xCYIteebSg7bk~htF#rXK)}Nz;G^ofe{<0T8NOEp3 z!f^+jU=j-n^I(|DBBwDf+PXwe`h-5h1nU{6SmMu+%p90dx(4_`9_wztw?y|whmNt)1Ggf)B%qkWG2c4_^BKaNglk#*&OX>@M22f{a_yDPG#kJ zS>);%ZFSKUT16y)1q9T`>+Nhzx#$D87h;d6+4vBOt>hdLmS=MVL+5%+WmGwQOf{C~ zJDi=M#J6oFCni0UZAS}1m>hn8cd0pHYi$&eXz25fVCJKNe48#iNSxMidJjRPB7 z;`NP@#*Lf9XMi{6aC(RZFTRZN|LsEjDkXmS9ZdCje3@Tf_P>Mk>hgC?p&fBA*RNq>+s|O4%ksp z{vr}cTYGgp6-Dt;y^UwV0d=ING9#WcMu!o(}D%~_IdaH4fj=zb*-`!z(mR*mF{Mf)da9KM3hRSwi zOaMnZ=36>`!yI|9!o}Zk`6x2h0Jb0U=4Ur9OLqixM?iOs8RkQNy!PO-bPwS-V;+K$ z-pwzsG9SxtFVdEdzZtU~!c#8$v2?>gkdFHD_keeSj^9ycKdh6VTXB(&`tg^QZvmZC zt;mKfZw8m8<8L5Og6{KdNb|A$?nK(s@dwuG@r7@$e3tHRhb|7f_yy?hcj)+AH`_tC z9XR_TKVI{=*cQ}-zt=Mhx<3MJ>*Jkryvy84$6q+U>_zx(3&8ecW&N)}P!IbdT@9Sv z+K~Kcr-yNom;G#tdEPdB$C&+C9v=e2!p!sEsNd7QobF>lTx5{n#J%Azd{?6-!rk(? z1h8B09OyoE9y-#~2kfWoZumV61$8`peWcijK0}{(`R%PDv`4 z)J*;kLy%Mktz+pOhmw4@X!xlNETg!}C7wlo)FS*;F6oiXe_oggsB(#?Gwt?ZruF+S zZJ|nUtp(*?X}-_jA}i(Bmu!mV(Mg<7<&qJR`PQ41s51CvC!2nOQ=0TIT$YBDJD*Cl zs@qOg-mm%dBi=@Q=e?4x_Bc-Scg>lufc`JTo&8VKYvsG_<)_e1ehcol{0i8&7iso? zrC;N5oEbIznLmXzfB#%1TQ9$cH0k8O1^M?lY4+QYUya9p$8iHU$agWW@MHDi_w^}u zwf8{)HqH7!i*(E>&-!A9p83n``wH^yZ#Pz;eZPxzZBTxV_s>Y%59|LW66+j$K5a8` zXa2Lx(yO3={oO~_e<{-TcO9ADL|9LCI-_s+%E0DJQHiF;PNZa4YWBv}L zCm}y>B7YwM#@|`t2YVvD5oz{R%D>m-14Qp%?cIhn^=F#)*pGBQ=sS@nJ%5*szd7+8 zNw4-#9_jlZ(~qe#Eik>~G_ zz6IrHP5CF0oKc$Un)Sygv%`4zMdqe{s(1j{ys(5sZVH&T2YXIon0nIm_j9 z7QhgCskxS~9zDPPCVVYKXPf8aMWq7;`7$zmEfQYn@jWc`@a{8s@L@L`KJUltp_4cb z0A|@r5t#HePBpXBUTPQ{>>f1A;4e<%hWQAhz)P2%x~#?KffhS=U5a93SynZJca`y& zHXh^jxM2kD*e0V`KJ2b-E6sy-kjcln3C@7zWmYe5h?g&WJ#3dxXFQy&9H4Y*Ss3{{ zyLxxv#lhZ=j)CML-W$W0d!Xg9!vWKR49`1eP%)T8s*(KwmnkK?{jwrIe;%4Mo%a4G DQuMX$