From 0604fe9749878ab41afec81dec00ea2c60c88064 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Thu, 3 Nov 2022 16:11:53 +0200 Subject: [PATCH 1/7] Update oath for git providers Added gitlab and bitbucket --- _docs/administration/oauth-setup.md | 102 +++++++++++++++++----------- _docs/reference/git-tokens.md | 16 +++-- 2 files changed, 71 insertions(+), 47 deletions(-) diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index de46731a..da8147fa 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -5,26 +5,26 @@ group: administration toc: true --- -Easily Connect Codefresh to your Git provider using OAuth2. +Easily Connect Codefresh to your Git provider using OAuth2 for authorization. Codefresh integrates with Git to sync repositories to your clusters, implementing Git-based operations when creating resources such as Delivery Pipelines, and to enrich Images with valuable information. -Codefresh supports OAuth2 or Personal Access Tokens (PATs) for authentication: +Codefresh supports OAuth2 or personal access tokens (PATs) for authentication: * OAuth2 with Codefresh OAuth Application or custom OAuth2 Application - OAuth2 is the preferred authentication mechanism, currently supported for GitHub. You have the option to use the default pre-defined Codefresh OAuth Application, or your own Oauth2 Application in your Git account. - To use your own Oauth2 GitHub Application, create a secret on your K8s cluster and configure it in Authentication > Settings. See [Create a custom OAuth2 provider account](#create-a-custom-oauth2-provider-account) in this article. + OAuth2 is the preferred authentication mechanism, supported for popular Git providers such as GitHub, GitHub Enterprise, GitLab Cloud and Server, and Bitbucket Cloud and Server. You have the option to use the default pre-defined Codefresh OAuth Application, or your own Oauth2 Application in your Git account. + To use your own Oauth2 GitHub Application, create a secret on your K8s cluster, and configure OAuth2 access in Authentication > Settings. See [Create a custom OAuth2 provider account](#create-a-custom-oauth2-provider-account) in this article. > A runtime can have only one active account for authentication. * Token-based authentication using PAT - With token-based authentication, users must enter their personal access tokens when prompted to authorize access. Token-based authentication for users is described in [Managing Git personal access tokens]({{site.baseurl}}/docs/administration/user-settings/). + With token-based authentication, users must generate personal access tokens from their Git providers with the required scopes and enter their personal access tokens when prompted to authorize access. Token-based authentication for users is described in [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-settings/#authorize-git-access-in-codefresh). ### Authentication provider accounts -The authentication accounts created for a provider are displayed in the [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. +The authentication accounts created for a provider are displayed in [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. {% include image.html @@ -36,39 +36,60 @@ The authentication accounts created for a provider are displayed in the [Authent max-width="60%" %} The authentication accounts are organized by Runtimes. Every runtime can have a single authentication account. -The Type column identifies the provider account type as either Codefresh or Custom. You can change the provider type to Codefresh or Custom or select manual token entry as the authentication. +The Type column identifies the provider account type as either Codefresh or Custom. You can change the provider type to Codefresh or Custom or select manual token entry as the authentication method. ### Create a custom OAuth2 provider account -Codefresh account administrators can create an OAuth2 Application in GitHub, and set up authentication within Codefresh. Users in Codefresh can then authorize access to GitHub using OAuth2, instead of generating a personal access token to perform Git-based actions. +Codefresh account administrators can create an OAuth2 Application in their Git provider accounts, and set up authentication within Codefresh. Users in Codefresh can then authorize access to the Git provider using OAuth2, instead of a personal access token. + +Supported Git providers: +* GitHub and GitHub Enterprise +* GitLab Cloud and GitLab Server +* Bitbucket Cloud (hosted) and Bitbucket Server (hybrid) To set up OAuth2 authorization for GitHub in Codefresh, you must: -* Create a GitHub OAuth2 Application for Codefresh -* Create a K8s `secret` in the runtime cluster with OAuth2 Application credentials +* [Create OAuth2 Application for Git provider](#create-oauth2-application-for-git-provider) +* [Create a K8s `secret` in the runtime cluster with OAuth2 Application credentials] * Configure OAuth2 settings in Codefresh to create a K8s `ConfigMap` that references the secret -#### Step 1: Create GitHub OAuth2 Application +#### Step 1: Create OAuth2 Application for Git provider Create and register an OAuth App under your organization to authorize Codefresh. > Make sure your OAuth app has `repo` scope with write access to code. For more information, see [Scopes for OAuth apps](https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps){:target="\_blank"}. -1. Follow the step-by-step instructions in [GitHub](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"}. - For the `Authorization callback URL`, enter this value: - `/app-proxy/api/git-auth/github/callback` - where: - `` is the IP address or URL of the ingress host in the runtime cluster. -1. Make sure **Enable Device Flow** is _not_ selected. -1. Select **Register application**. - The client ID is automatically generated, and you are prompted to generate the client secret. -1. Select **Generate a new client secret**, and copy the generated secret. -1. Note down the following: - * Application ID from the URL - * Client ID and the client secret - -You need them to create the K8s secret for the GitHub OAuth2 application. +1. Follow the step-by-step instructions for your Git provider: + **[GitHub]**(https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"} + Notes: + * For **Authorization callback URL**, enter this value: + `/app-proxy/api/git-auth/github/callback` + where: + `` is the IP address or URL of the ingress host in the runtime cluster. + * Make sure **Enable Device Flow** is _not_ selected. + * Select **Register application**. + The client ID is automatically generated, and you are prompted to generate the client secret. + * Select **Generate a new client secret**, and copy the generated secret. + + **[GitLab Cloud and Server]**(https://docs.gitlab.com/ee/integration/oauth_provider.html#user-owned-applications){:target="\_blank"} + * For **Redirect URI**, enter this value: + `/app-proxy/api/git-auth/gitlab/callback` + where: + `` is the IP address or URL of the ingress host in the runtime cluster. + + **[Bitbucket Cloud and Server]**(https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/){:target="\_blank"} + * For **Callback URL**, enter this value: + `/app-proxy/api/git-auth/bitbucket-server/callback` + where: + `` is the IP address or URL of the ingress host in the runtime cluster. + +1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application: + * GitHub: Application ID from the URL, Client ID, and the client secret + * GitLab Cloud and Server: Application ID and Secret + * Bitbucket Server: Key and Secret + + #### Step 2: Create a K8s secret resource in the runtime cluster -Create a K8s secret in the runtime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the GitHub OAuth2 Application you created, and the GitHub URL (`url`). +Create a K8s secret in the runtime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the OAuth2 Application you created in your Git provider, and the Git URL (`url`). > All fields in the secret _must be_ encoded in `base64`. To encode, use this command: `echo -n VALUE | base64`. @@ -77,10 +98,10 @@ Create a K8s secret in the runtime cluster, using the example below as a guideli **Before you begin** Make sure you have the following handy: -* Application ID from the application's URL -* Client ID -* Client secret -* GitHub URL +* GitHub: Application ID from the URL, Client ID, and the client secret +* GitLab Cloud and Server: Application ID and Secret +* Bitbucket Server: Key and Secret + **How to** @@ -96,10 +117,10 @@ metadata: labels: codefresh_io_entity: git-pat-obtainer-sec data: - appId: # application ID of your OAuth app from GitHub - clientId: # client ID of your OAuth app from GitHub - clientSecret: # client secret of your OAuth app from GitHub - url: https://github.com # GitHub provider URL which by default is github.com, unless self-hosted provider + appId: # application ID of your OAuth app + clientId: # client ID of your OAuth app + clientSecret: # client secret of your OAuth app + url: https://github.com # Git provider URL which by default is github.com, unless self-hosted provider ``` {:start="2"} @@ -109,14 +130,15 @@ data: #### Step 3: Configure OAuth2 settings in Codefresh -To complete custom provider authentication, configure the settings for the OAuth2 GitHub application in Codefresh. Configuring the settings creates a K8s ConfigMap that references the OAuth secret credentials. When configuring the settings, you can work in Form mode, or directly in the YAML manifest. +To complete custom provider authentication, configure the settings for the OAuth2 Git application in Codefresh. Configuring the settings creates a K8s ConfigMap that references the OAuth secret credentials. When configuring the settings, you can work in Form mode, or directly update the YAML manifest. >Important: > The values for all the settings in the ConfigMap are the `keys` in the secret file. 1. In the Codefresh UI, go to [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. The list always shows the default predefined Codefresh provider account and custom provider accounts created, organized by Runtime, Type (Codefresh or Custom) and Status. -1. From the list, select the runtime to which to apply the current configuration. The runtime must be identical to the runtime to which you saved the K8s secret. +1. From the list, select the runtime to which to apply the current configuration. + >The runtime must be identical to the runtime to which you saved the K8s secret. 1. Click **Edit** and then select **Use custom provider**. > If you have managed clusters registered to the selected runtime, the authentication account is available to all the clusters. The settings page is opened in **Form** mode. @@ -132,13 +154,13 @@ To complete custom provider authentication, configure the settings for the OAuth %} {:start="4"} -1. Configure the settings for the **GitHub OAuth2 Application**, either in **Form** or in **YAML** modes: +1. Configure the settings for the **Git OAuth2 Application**, either in **Form** or in **YAML** modes: * **Secret Name**: The name of the K8s secret file you created in the runtime cluster. * **Secret Namespace**: The namespace in the runtime cluster where you created the K8s secret. * **Application ID**: The `key` representing the OAuth application ID in the K8s secret. For example, `appId`. * **Client ID**: The `key` representing the client ID in the K8s secret. For example, `clientId`. * **Client Secret**: The `key` representing the client secret in the K8s secret. For example, `clientSecret`. - * **URL**: The `key` representing the provider URL in the K8s secret. For example, `url`. + * **URL**: The `key` representing the Git provider URL in the K8s secret. For example, `url`. {:start="5"} 1. Click **Commit**. @@ -160,10 +182,10 @@ To complete custom provider authentication, configure the settings for the OAuth 1. Optional. Enter a commit message. 1. At the bottom-right, click **Commit** once again. -You have completed the setup to authorize Codefresh as an OAuth App in GitHub. +You have completed the setup to authorize Codefresh as an OAuth App for your Git provider. ### Select authentication account for runtime -For a Git provider and a runtime account, switch between the Codefresh, Custom provider account if one exists, or enforce token-based authentication. +For a Git provider and a runtime account, select the authentication mechanism: Codefresh account, Custom provider account if one exists, or token-based authentication. 1. In the Codefresh UI, go to [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. 1. Select the runtime, and click ![](/images/administration/users/icon-Edit.png?display=inline-block) **Edit**. diff --git a/_docs/reference/git-tokens.md b/_docs/reference/git-tokens.md index a8e28e3d..4b432869 100644 --- a/_docs/reference/git-tokens.md +++ b/_docs/reference/git-tokens.md @@ -28,7 +28,7 @@ Codefresh requires two types of Git tokens for authentication: -### Git runtime tokens +### Git runtime token scopes The Git runtime token is mandatory for runtime installation. {::nomarkdown} @@ -55,16 +55,17 @@ The Git runtime token is mandatory for runtime installation. #### Bitbucket Cloud & Bitbucket Server runtime token scopes -* `Project admin` -* `Repository write` -* `Project read` +* **Permissions**: `Read` +* **Workspace membership**: `Read` +* **Webhooks**: `Read and write` +* **Repositories**: `Write`, `Admin` {::nomarkdown}

{:/} ### Git personal tokens -The Git personal token is a user-specific personal access token per provisioned runtime. Unique to each user, it is required after installation to authenticate Git-based actions per runtime in Codefresh. +The Git personal token is a user-specific personal access token per provisioned runtime. Unique to each user, it may be required after to authenticate Git-based actions per runtime in Codefresh, based on how your admin has set up authentication for Git providers. > If you have access to multiple runtimes, you can use the same personal access token for all the runtimes. You must configure the token for each runtime. @@ -100,8 +101,9 @@ The Git personal token is a user-specific personal access token per provisioned #### Bitbucket Cloud & Bitbucket Server personal user token scopes -* `Project read` -* `Repository write` +* **Permissions**: `Read` +* **Workspace membership**: `Read` +* **Repositories**: `Write`, `Admin` ### Related articles [User settings]({{site.baseurl}}/docs/administration/user-settings/) \ No newline at end of file From eddeda4a6510ff78a1c61ebd9ed01ad18f10dd68 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Sun, 6 Nov 2022 11:29:17 +0200 Subject: [PATCH 2/7] Update oauth2 setup Content update with scopes and steps for new Git providers supported --- _data/home-content.yml | 2 +- _data/nav.yml | 2 +- _docs/administration/oauth-setup.md | 77 +++++++++++------- images/authentication/authentication-list.png | Bin 28781 -> 57384 bytes 4 files changed, 50 insertions(+), 31 deletions(-) diff --git a/_data/home-content.yml b/_data/home-content.yml index f44b3461..07163c37 100644 --- a/_data/home-content.yml +++ b/_data/home-content.yml @@ -118,7 +118,7 @@ localurl: /docs/administration/add-users/ - title: Single Sign-On localurl: /docs/administration/single-sign-on/ - - title: Set up OAuth2 authentication + - title: Set up OAuth2 authentication for Git providers localurl: /docs/administration/oauth-setup/ - title: User settings localurl: /docs/administration/user-settings/ diff --git a/_data/nav.yml b/_data/nav.yml index 2bfef560..8eb051c1 100644 --- a/_data/nav.yml +++ b/_data/nav.yml @@ -141,7 +141,7 @@ url: "/add-users" - title: User settings url: "/user-settings" - - title: Set up OAuth2 authentication + - title: Set up OAuth2 authentication for Git providers url: "/oauth-setup" - title: Authorize access to organizations/projects url: "/hosted-authorize-orgs" diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index da8147fa..261fe457 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -1,30 +1,42 @@ --- -title: "Set up OAuth2 authentication" +title: "Set up OAuth2 authentication for Git providers" description: "" group: administration toc: true --- -Easily Connect Codefresh to your Git provider using OAuth2 for authorization. -Codefresh integrates with Git to sync repositories to your clusters, implementing Git-based operations when creating resources such as Delivery Pipelines, and to enrich Images with valuable information. +Codefresh integrates with the Git provider defined for your runtime account to sync repositories to your clusters, implementing Git-based operations when creating resources such as Delivery Pipelines, applications, and enriching images with valuable information. +As the account administrator, you can select the authentication method for a runtime account. Users in Codefresh will then authorize access to the Git providers through the defined mechanism. -Codefresh supports OAuth2 or personal access tokens (PATs) for authentication: - -* OAuth2 with Codefresh OAuth Application or custom OAuth2 Application +{% include + image.html + lightbox="true" + file="/images/authentication/authentication-list.png" + url="/images/authentication/authentication-list.png" + alt="Git provider authentication accounts" + caption="Git provider authentication accounts" + max-width="80%" + %} - OAuth2 is the preferred authentication mechanism, supported for popular Git providers such as GitHub, GitHub Enterprise, GitLab Cloud and Server, and Bitbucket Cloud and Server. You have the option to use the default pre-defined Codefresh OAuth Application, or your own Oauth2 Application in your Git account. - To use your own Oauth2 GitHub Application, create a secret on your K8s cluster, and configure OAuth2 access in Authentication > Settings. See [Create a custom OAuth2 provider account](#create-a-custom-oauth2-provider-account) in this article. - +Codefresh supports OAuth2 or personal access tokens (PATs) for authentication: - > A runtime can have only one active account for authentication. +* OAuth2 with Codefresh OAuth Application or custom OAuth2 Application + OAuth2 is the preferred authentication mechanism, supported for popular Git providers such as GitHub, GitHub Enterprise, GitLab Cloud and Server, and Bitbucket Cloud and Server. + You have the option to use the default predefined Codefresh OAuth Application, or a custom Oauth2 Application for Codefresh in your Git provider account. + Hosted runtime accounts automatically use Codefresh's predefined OAuth Application. + To use a custom Oauth2 Application for Codefresh, first create the application in your Git provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. See [Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-provider-account) in this article. * Token-based authentication using PAT - With token-based authentication, users must generate personal access tokens from their Git providers with the required scopes and enter their personal access tokens when prompted to authorize access. Token-based authentication for users is described in [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-settings/#authorize-git-access-in-codefresh). + With token-based authentication, users must generate personal access tokens from their Git providers with the required scopes and enter their personal access tokens when prompted to authorize access. See [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-settings/#authorize-git-access-in-codefresh). + -### Authentication provider accounts -The authentication accounts created for a provider are displayed in [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. +### Authentication for Git providers and runtime accounts +The [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"} page displays the accounts by Git provider and the authentication method selected for the same. + +Authentication accounts are organized by Runtimes. A runtime can have a single authentication account. +The Type column identifies the authentication for the provider account as either Codefresh, Custom, or PAT (personal access token). {% include image.html @@ -33,29 +45,36 @@ The authentication accounts created for a provider are displayed in [Authenticat url="/images/authentication/authentication-list.png" alt="Git provider authentication accounts" caption="Git provider authentication accounts" - max-width="60%" + max-width="80%" %} -The authentication accounts are organized by Runtimes. Every runtime can have a single authentication account. -The Type column identifies the provider account type as either Codefresh or Custom. You can change the provider type to Codefresh or Custom or select manual token entry as the authentication method. - + +As the account administrator, you can change the authentication method for an account at any time to either Codefresh or Custom, or manual token entry. See [Select authentication mechanism for runtime](#select-authentication-mechanism-for-runtime). -### Create a custom OAuth2 provider account -Codefresh account administrators can create an OAuth2 Application in their Git provider accounts, and set up authentication within Codefresh. Users in Codefresh can then authorize access to the Git provider using OAuth2, instead of a personal access token. +### Create a custom OAuth2 Application for Git provider +Create a custom OAuth2 Application for Codefresh in your Git provider accounts with the correct scopes, and set up authentication for the same within Codefresh. Users in Codefresh can then authorize access to the Git provider using OAuth2, instead of a personal access token. Supported Git providers: * GitHub and GitHub Enterprise * GitLab Cloud and GitLab Server * Bitbucket Cloud (hosted) and Bitbucket Server (hybrid) -To set up OAuth2 authorization for GitHub in Codefresh, you must: -* [Create OAuth2 Application for Git provider](#create-oauth2-application-for-git-provider) -* [Create a K8s `secret` in the runtime cluster with OAuth2 Application credentials] -* Configure OAuth2 settings in Codefresh to create a K8s `ConfigMap` that references the secret +To set up OAuth2 authorization in Codefresh, you must: +* [Create Custom OAuth2 Application in Git](#create-oauth2-application-for-git-provider) +* [Create a K8s `secret` in the runtime cluster](#step-2-create-a-k8s-secret-resource-in-the-runtime-cluster) +* [Configure OAuth2 settings for Custom Application in Codefresh](#step-3-configure-oauth2-settings-in-codefresh) -#### Step 1: Create OAuth2 Application for Git provider +#### Step 1: Create a custom OAuth2 Application in Git Create and register an OAuth App under your organization to authorize Codefresh. -> Make sure your OAuth app has `repo` scope with write access to code. For more information, see [Scopes for OAuth apps](https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps){:target="\_blank"}. +> Make sure you define the correct scopes for the custom application: + * GitHub: `repo` + * GitLab: `read_api', 'read_user`, `read_repository` + * Bitbucket: + * **Permissions**: `Read` + * **Workspace membership**: `Read` + * **Webhooks**: `Read and write` + * **Repositories**: `Write`, `Admin` + 1. Follow the step-by-step instructions for your Git provider: **[GitHub]**(https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"} @@ -128,16 +147,16 @@ data: `kubectl apply -f ` -#### Step 3: Configure OAuth2 settings in Codefresh +#### Step 3: Configure OAuth2 settings for Custom Application in Codefresh -To complete custom provider authentication, configure the settings for the OAuth2 Git application in Codefresh. Configuring the settings creates a K8s ConfigMap that references the OAuth secret credentials. When configuring the settings, you can work in Form mode, or directly update the YAML manifest. +To complete custom provider authentication, configure the settings for the Custom OAuth2 Application in Codefresh. Configuring the settings creates a K8s ConfigMap that references the OAuth secret credentials. When configuring the settings, you can work in Form mode, or directly update the YAML manifest. >Important: > The values for all the settings in the ConfigMap are the `keys` in the secret file. 1. In the Codefresh UI, go to [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. The list always shows the default predefined Codefresh provider account and custom provider accounts created, organized by Runtime, Type (Codefresh or Custom) and Status. -1. From the list, select the runtime to which to apply the current configuration. +1. From the list, select the Git provider and the runtime to which to apply the current configuration. >The runtime must be identical to the runtime to which you saved the K8s secret. 1. Click **Edit** and then select **Use custom provider**. > If you have managed clusters registered to the selected runtime, the authentication account is available to all the clusters. @@ -184,7 +203,7 @@ To complete custom provider authentication, configure the settings for the OAuth You have completed the setup to authorize Codefresh as an OAuth App for your Git provider. -### Select authentication account for runtime +### Select authentication mechanism for runtime For a Git provider and a runtime account, select the authentication mechanism: Codefresh account, Custom provider account if one exists, or token-based authentication. 1. In the Codefresh UI, go to [Authentication](https://g.codefresh.io/2.0/account-settings/authentication?providerName=github){:target="\_blank"}. diff --git a/images/authentication/authentication-list.png b/images/authentication/authentication-list.png index 0b99b3d64af299f5d4481182afd506f24a17a1ab..2fbaeca8631dd737e3d206ab9c89097dfbe285ea 100644 GIT binary patch literal 57384 zcma%jc_7r?_dg=-ib@jN5JC~M=aI_36Jsle>{*5^GeVIRWt$jV_I()3*hk5}hMBRG zov|~98OHD3^YrxjewLnoe;DtX_kG{@UCuq{+}C-X8=|Fg|M-#fM`&nhjw?U7t3yM> z2&18)wLWwZ_$6RLS{e99>!x%651N9`3-iF2yWoe)*6Qjs{J`}g8roo68v5@=fWPy= z9}UfcWLla7z<=8Bza`WCeU}lIeBkeETI=rxjoq2Q(9qnWQNF97_l$ONgwY~OX|QgM zx5hA{TXpW_9jSne`f;xqPM*3xK2VsPIXXaen1wbE5Em^JPb(-W(4V>M?fj7xchEKs z?ra@1Vx{rn z@vT#LXlUtA{;!WLU)nRDb9WVP1gNk)b$7ppD@}kbkqmP0HP{>Gg=(?=;<2Aqz2>zz zybI2~+Bs30>OnmF)V*&~7`BR|hmDzDna~et#3J5&z4Dxf?$E_werRDCE_`7=l(#Tx zA=a^8=|W3R~v_0jiC;t^ZveY3IkC13``&{fpF=kB>ZY9!MyK8v7)vZaHfjp z@0-kU1Xz|*)9{k9BUZCIzb`*<_}Mk zz>GW?@*OP-_atjuX4a(_e5+4bF}@pnBn_sqz=qMG!y7hPPOyV$>FSYZ;Z@lSL9 zQz^Xop%nB4Xzja6aHZn*^5F354jGo+d;?+2B1XdGq~JW;d_+XN@nYFav8V2?5p{RW zL&BsCAL@7hT7POSF|_M-S$mn|w)3}yc_g0Sft+dP*p!7iVCI5P&=3~Qp#|5#pTFFn ziW%aMP4E9eyPTfNs7;b!mePwgqP9C|!5 zbAU8?ys@Mup}*Haf4 zNaQiGhSkR7n3fpzwhnIIQ8H7=YZ<;zpN==+g|#Lgr-DC)bG5CWLO;-YdZ6WjW~357 z%T8a2Vg@WS!x7y5u4v-hw|sKzJ4cXVE4frPuO9hs)=ajlB_uL4UAvyVK7PP2QhKGe z1(!e>x!;p#YdJsKi*j1uX20L2Dl8`y=~SV)Tto7x*j;x@IWS2f6~yew3q`=qV7+fD zd`N9pn%gQa9v(5pHkQ*FA*AMyf%iKq2n8HMUGk)?XFfi$K8gGFkG&>Z4BIOp_GerC z4+L}HDhYYU+Tu>BS$~H8KZ2f<;2`Y^2_K21<}xnDJK^uBZ+4D zpUm4zx}bT%8&HoM`|sxcaIW&MIk^0xyJV(n4HT-_%5(dmvZkiK!uYA4a%FbimJY0` zaoNJvklD$p=J&D_Tqm!ihqubheV(ofK=MBMmg(y-H@<3O3N$I_sEnS}GeCAV3jlFiIz z-EgdNZ9FmT7L%hLU8S_g3xvfEJPBi|;q$CA_l*lLo3wS*bt7`{+A;gFdqGTGPaHc% zf4#o+jq9v-HELu)*33KkJ;J906_a@m-=@_}yGqWY6qt zZRT40K&u?Jk=@t9nP@fW_}ET@NYiI2GpEE^7^&b(u7jB;lW_FfPTt&PQ@9aba5i7d z`eZeeTFubPGh-Q9=+uy;vvQo&^7N8`dR&RY>;?UMPoK{b_9`YA2P&X%<1_}1mTO7e zw!H<23z8R{23fb#z1qU~pAs%p^t39jPL~Zes#;rT`0fy8Y)7j@jFF!4Z)#`wjS8RI zejMr8@$fehwaeOE!0K~)Z%gWq;k%fhj}!!?phuiql1EC`084=Vnr>PZ!_!Mj@RWa# z*U!jD9J#tOSZmUlWijvR<|hJ)(6=zK8CqCx$U~=ju5h+?=&n~KW=9d)vQ7mG`Y&o? zVhpK!F|jF>K+^t|*~kd>{Cxy9>^fynIPzna4@s`{?3%n)e<79sNzETK9s5R7?oR|( z{BEem>=#KHB4gBLM?7_-_o|)86hLQJJl*7?3QVO#k}$}8s?R>c7WJyMA?B^Bx&;Mp zPAyEZIq*y4=byt5c(N<=q-OoC)8B1m)*)Jsa?=Xek0p-1`o?9;4kFe>NR>PLMM%K; z50}2&O+u-E8b)EkJi3sM1to@qP{tSOLVT$ZEBquC zoU7$#*Xen*y|@-RtZPVc7!BsE)*URd<&)z_7{cF;U)(V1hl}S6LJ49o^QY1B261)H zvu&=Z5`4jcl}1w&_k)O56Q{wnkEK#wzxHMHY-w4xp`LF8pGoS?yNKKdM)?t4m0nC< zWNPsX@vg&_ki~wG$Fhn2vYs;tKZ<4CS{V}>LQ^5iFH1_S1`3xAtE4IpV8|~LFW>fT zIZN3ap4D@#B3BGaNqvZ2=e~JULq|u@|6BQXvFl9VDT>gMfnNJ#61Ic)g0dkm40owD zN5pwf_k4CGkNP-?5;lTfmTI%r=Q=oUZhrALwjxxPm9aGRH@CLl{7P6f4vmbQPPFW+ z#Ds**c6<|kuZ>b-uyRu=D2tVJbn9fTPS5;^<0gsamqN~L>Y$bJQfEGzvk|f% z%g!!K3nZ<9t*lSy%Jct&E2B?;eFa7M8nr09nd8d!29Qs?SIpg6BZ;Xfz$>@se(<^O6BI0@mQJwi>sW|UXd5dZ+GG)uGTfVE~r*y#s&VH@O zEthYEE7?KEU&^z}m6kX?>?h{!jXfPXT7CnD^xf0gC&#_9;2Yx*m}A2 zp3Cy%<8x$hpJ_RVp;7dH;lOflX7Ex!O)0EU=-W4nV^jbC+2j0&X-lp=^5KnnYO6I?rNo5_+uk4@wAm|%!D@A$QP-rUBi{Lg z>I8Umxl3wCUl-80wA8qa9fI(vzWroD)Y@c0DHh9~*>yLrZl!9a`m(p<&}5V5P(oML zMjKL~y|NOWQ~CnZ=uGi&wED8DAVQ@2&E&_ez(xs6gB4u`iKY83=rOBCh*9R2b}eQHzS#p_4G>OoV?>rhYqj?^pM8_Mcx)mchl4B-0Z6uDt!A(MBomD`34(i))NNGV8b{$b?P9^p4Oi5&grgZ zvR5M9O2I)1ZljZ4L$h*8l=xDpLRZDmbb)U7+AyU59*sZh)T)8~#6l^QSl@s({ruTG zE_k$z6Ky?bw(xpDXSL)rjxR2pW8?}#BLC$6bBhYpK7{$S-dLV+we!kZ5Po2Qfn=GR zRuG+$;b}%DIJmfay!Q`mQh6Ahh?4eAjhAw{mT7zm)B*B{+J51-j!!!J`obpGRPJdK zH-$KrcGBqBp1CGI|ntM*mB9@Jeb|VuH z*yJ4E4MS)1BcP97&$j2qmj=0Yy@86)#8!YlcHQtGd z;`_RdysmGU36mafdMr~{YGys=vAKvm(<)^-gyem>olSO0m-Q0B#C=eUmC-I+IfS;a zy_ern<i*=r?o9O^DP_^sid+Qk$5ZROgZ~@hgp&Pr9nRQcRzpKX#>}N%%8w z%Hq3$U%G8sJ#;gsOUX`?D1>A~>l%xViderj|Iwu(NiNmM#^dVpYllNnPrnJTH(LsS z*z=PU*H<6%>QcgQe``{5?dofq?xsQ}78kEN4w9m$rcMJd)-;1ZQe;#KY)t5&MktxL zf#Hzytni^snQI{QQbaytF>_x{MJ0wwE}nZomYQga*smewn0PKd*s) z?MIrbR{Z#dYd3?IZnGci^f30V*PQ6JI@k%+0-5%263G#gcc$n96y?smibI* z!Ml>d{gL$I%raj#pK{q=PT4oYtYtvF6rnUv<-vn@ckkVU>wB^ib+z{8_&f4Q}00KXpS_)+cD>8fvy)XRNonB1w6q^3yt@N8YO8HP*Fv zo84-n!xG%mGi^86A@8_{Aty;-qY#q1_D*AEy&j!dtiIgNlb~T4J{z*mP|HzvHvVU8 z{qk-BrQ}ueaZul2LP193`kCCRCI;0saGSNrJuqb6VuN}h7(BY$!0LT6I$ONkA^f~o zwCOnB!2dY?$!ngp9L<7l7EUe)O$-#wp&dDZ{7!}%_Oihtd|k;%PJ4wt-Yllm(PdFe zTtUcvOa(F1iqnU1=*e54axOzUNiB@_?;b3)Fxb#XFE=Ml`{F+ ze0ufU`AdktlH`%T^Wjjkdn7hj!nBWz@%P~0!bQLZ0^jUTl)bKd z6KP!h31@1Zab&_wth3B{_ z@-f*YwV1_4haoD3%eR28D5jLRm>a|iU6kBe^%I?H;pHsEw$yyY)50d!Y|9kC-n3bw z!+4H)<*L;>29#G-WxsiJKjh8pm~i<7$Azj2NmY0!ht)`>Ix|<&HO3R1F^RHOAt#s# zcf|e~NcnE;vYhC`yz43+7jkp%XX|FF50Qz4*jdHk@a$6QaMha1OLqAqT2(O0COh}> z^PXk0c?#zC=?q8VtzjHh;00OTFTM4>-u+wg5fOIwxs(<`$)#_x(?&b~O zSUwSHw2NaG9w3+RWZX=_pK=<^D>|lSna`rv)E6t_6_9^|{nrlR4+sUYWY>ztU@R<= z;C+8Zk%fiash6`{(V{k&r)LgZs(CEs8IASFzBw;>H^q%15bZp~SLMM~nCrHnm)0IH z2Fg%Nd?F!OQjjL<&O7X$V7kYRp*}(*J>9tk_KgJ$w+Mm&P7?Xz#a+?8&G4gV+eS## zUIV{xOvPzFq)ujLohFYwM?#DTzMHK>fNEm%|0Rz4fHjM@1Zyw|*9~203GVPBz=3IPHYLeed+4)(yw>OUn~&qenYp-}hi=x0 z7Zw*6SIbQ@0M~2iD$bbW?C4m_*w`3i0I^fi&+ndizB#`rb;V2a+3GtV_Q~zF_+WN4Qw?`R% z_@nFYcB}~7htB4FUEVvFFQ>Gn$xA8F_`g20x?cUvap^S&t)b%Ig7ZI>$+fWOMw9qk z%|aT*s`!rP=Bsl)wwF8q5#9e&G{8JSI3)&a(gha3F7?MhzT!`jzLo=k{Dfp{U-3ve z)>1a&|7^^^3xCe*I~8g~6Md&JmtVtne~(J30s!?ZZ{;5s79+j-rTg{chL}E3xY&MS z#KrvgaxQqXId&noWXyQg)h+aQ#kE)%fIv^ey6T{_x-Yciw{Ue90}#$Yc5Xo~PNUCO zj}Bk{HB#}{tNZT!iQy~nbnWkEKN)vu3YdC(r&#vi zM;`2Ao^wy)f#StZZ>oOj)%}z$yU;tGdR-~0nA5+FCD8aUd>3>r_t9S96Cs&WLK*Z5=$tbAucK)s*;?!Rfti`}UUh>1f;jbpyGqZ4*E}W{Ytayz; zRF#*PzY3&sy!e&7)ko*=5d8{~m?)H;%@+|9XE5XGaCmpYNqJk)%|z<&k@unH*d(s5 zp0u%HrLZjiD*7R2a)l~Y2vBMH#yP%MvzqCd2I)i(Lu)`N#wnLIbA9r@e2OZ)vG=1L z&rfv|4Cm$(_C5yYbx<@dL`WY~@ zOg4;+DBd%H=9>7`kBHdM_+7nnr6z9$PW_#L()gd}wZLshqnNI-9>EqWh}!mLrC)!z znthnOaFCC$1vQr$J25|f#c>eAR}vnf_te#cU%A-z$)p9{$aHs+(do*CVH>aEM+2n! zZ{PH{5_+!u?@|7#_|9C_velJke0l2~fJI3reX#J%&CbqdW?{Lc09hE~5bg*|O-((< zA#OGpOl0OQt+nv*D2tbZJcNB9y}!!M9g{&|MkhSo2<$1;KI*lfkU8ZWQKR4@l@CI{ zr>B3>oG6QM?8q41cUD$aeNWOG1Dh`Ut?GvuB8O&+Gg!0j_n%*6ll4Z?2j9|B*fT=; zcy`_n?NgA{J93o3m)Uh8x_E)21~-Egx;XUr4oH8Gh!_CPD%ChD;Fz>BOm4ezC@hZ8k#nG!(^%4Ud0=XQ#yf!X+y>6_f zn^o)Q4`&ZOtPqZ2;bl5gYE*$^ms~hIpH|D2H~l3<(RE^*Hsm(6&-<0l|CXkoY9uH6 zdCRu`;leX!mpd;+_Pc!*(aE2$nwvFB5rsm!J^Kq00L?-71jnGMwWZw<0Om@Una{Mt z+Hjd-ZN)~#Wjr*}k0$CP5)*ki?GhewWXU|W2;MDO6|H#GF58o)Y~Rw}{H_CG_<+P2 zXw@=-1mg>cIv54r3M#p(y{|7emW{u^QUPWpGi0L3$f^hcD*?t;&Z1#l)N;387+b9TOY3<8RAq(@iaP{b*OLR_Q)3u*Ya3EL2e7O7*SIGp)J%c3QK- zyDz^d!;$rCsJ#4oKLYh=&v||JH3Lspf^=y4qtqGK4l#5nIvj)Q&>@wX!pv^>np73K z4Avd#FW)Gbol^U9^RPAmkXj%`-})Kf(5-=e6M=mWY%Pek9jNL$6!Kb*`|w)P42(?V z%3mHb73t{(6XP0CW+RzGJ2fXLB&X%}=^3v|lj;{J)0B!8 zgxqHEVV>dLcYTLZR&Tis6-JV}XixwL zf?fxbYvZjPAj#76z5!&;JriisVrh*50Fb=%SfHqAs&aC98d!J1>W7D3o_O{fKPLGP zhU;vYGx1BgD>noLK(G({A8#FXMbXbQE_1v!PmFfbd@!P5PTo@_6Q&9 z=2}=7mn_0_E+z_nx^%pwxC#*rsI@a((J!lQCtVLSnF}9ae0z%H98Q;xOAZC{-n`(D z@w&{KFZ?{Dsyw&!5x&4E1r?$hm-kqfh!S!t;LKR5gs`{92nuj3GI02i*a}c!!8ZP? z%F5Wf%!1s&MyV`Y=$D3j2yd67n+x7yBHKCa+}vU(3P==B!c9V+JhleM3?w zz2>@wYHU$ivch>rgvG_n5@8tg>S|x?tu}UU9&$;EZLiY7<7_tBpyu1^>8idiy8i2B zj#VmlDiJSoEy_bf5stpnXr!2~t&O#HoKI*-*o{x?mlT^2G@D^d_E!aEmB_iaF^X7{ z|Mwa06e?&mWgI~}gB<0~C1+aWgeY51rtudYf$A9S3U{8OX0P*h!SNX}PSLH=qxK@wA1bAu`fm1{ zZG5DaC(7ao>mM@&&3~iCvySnwXC<~w^s%Mf4_}V{^5V9nkGM{p1XJXrdgqv( z4Y_x2HmNF(6VppJQ-9{LJnEfYV41BB{7C5#ppFa0)sZ~nb1oF-M&KRt&g}K|(Y1@>5*vcee zB4RCwT$rw6LT@F@V0Hf7_)4ohYYq(&Ia6qsX~^gY7mBsa&%iAT`o@>FdWq}kb(7kJ ztv{rO@hciI1`x#{2JUz#!`DfE@0O_UJo!TAP|5o0+QI!=MruCFnbPvDUeai^!aP_5 zZj=EwD_GXHk-C5P0{j&JfoI4gp1UM4XG!&NFu&9sbi=)k&ppM#4L?Sr!xz)CXz4!?mh0MnJwIySk3b zOAL|JpxVZ_RxY+pfr`6Wf1`u>jgxgUytjx@A`i!AvkR~ZFFbF~r z*X~^jYUL}XE=Y=TyDO^(9T}gWn3{Nue;L|Zj#aW5G7dd)5ENKT{?Iuin_xeJukn!> zVt{qU%VnT^ecGPW;$PRlggDCzSq(01N%iV8mOzRQiV<>b(>4ym)ES6MHV4LTQ)xv_ z*TXmDMS>w(w{`N>hl^)VW`mGLtx`mhCRy3V12~-Ax*X#{oLKN@{W4_f+#T!CvmAL< z4V;m-TirNX;&I8#oRJU` z$%;FK<2v2V{fGL^{7`WmZrQHY+H?~VIOrL9b21}m(MCdyqZs)>CqU9LN?7V#0tJHq zWX7?5{MfM~v2eXlHuhf$`h@nUDp=OJVQ#g!TXq%)y%)dm4OBKnaGMkFcOLqu9fH5= z(T6h}1>@O?NP~g6rm$sEw#8{y?}NXdm5b;tJ&iI?~H(K_}C6+WG8;J;&IxMM(@zxmvzW|*TlEG zxdQ%vBrl`9xZFb{ynsMSAPg4%su#51Y&~vc>Fg zVPKo58;J{IMG1D;oJdEIX6fR@0zYPVy>zj^>>fDqU>k?0oV~R9@LK~%DdnoI5p2}g zwyCsM*RmKVJ5!J;l{DHL5fPDhA?TIa7|z(8rbmGhb>v#n?DbwS+CZ0sP#Oxc?Z2p} zqZ`@bq2w2$dE3U!kIUTeD-dHOMi9yMHl0&e-7y|&K=@jxS7t@4_od&HO7FRq7~3p2 zQm%PbfQrhxSGGAOd&xc5Afdx!x!rn5Sv;q@ZgRic+}F1nyjU*1)L3cp32D7Q4d;Y! zEg84v?t3*Y`+k&O7V5DaxH4geA2Se>6;j@k5!HOm3dBlQil-%ATs@=TT8_P+a^(F| zY|mnQs{(l;b}cuJqsXe2^l+`bTw)cDsgxBSSc|cpfdubu1I8naZ~%-b-zbh>VS(CQx{+K!O0!agYP7|jcNOy^9WX-c@2~h= zRRvSbzIvwJmXua~@Zd_Mezi@Pbrp=?&W2R*wx<@##O67$ z`=}$s3$~x7-50o}#+N20asp@?5qT>C#NR zeX+)yNz|yB!nD{7ir(WFN-p+-bd$0(&7+qx^HUAiU`6w7G9ffP9yWwkabouUq@a7ot~8`Y!z+tlaMH^J228h~nPc zyFa(+IXN^Kq#o8V$mP=WJNl;!>0upxnP)_+0~tNyY!f%C;^6S`FHK2endikFY!gXK zBaag&Ssv?;_b7{qzTRh?UzeYWC7KVFEm@<~A;G8k>)l65`=U_R&1p1vO!>i6Mcbi* z+#|b?_gC(3sXWO73*tBII{Hne@rdgqLB}CCq>bI{ijrNwy4O{R+|zeR*{!oS&&daQ<0&9M96H4i?OE3vrgHDBBCCk2VeTW8t?x2G!i?UI%~n^ zi@nXFHB#mn{UX@8(8KdSu=<2wB~UydSBALO_I$;6nb>Hona{_#<=hl zvY(vG6ls$Me^$p2y9POq%wy-WytxtcRti-Kx;0~MWmhRAM~aS z15xWgZ|NPNg_&m`6lPWgIFtNWEL>X$)w?>k$WB=oghKbe!%=pHEH0cOny}OUrL> zNMkCwB{M{`A>&nPN|-Vyr^JXTJqn$TSz;nLI9Fsz%JZ#AUmEaPf%jOZ$1PMOV)B+ZBCHbIc3?}a)Rcub5p41Ps}ntI`O2;y z9k2lifp_No-qs#yQwr}_>Z39UdxoHAa)k^QZ2o%0@GDv z?Q@Wd15C^|a!rnx8@6&K9uzCwa9M(&6ddYCK-Czdx~6vOw0@P;4+x$jY; zowQ?%h~FE9NkMA3yp&Y4{nQO5*VmFHb!E+;U~PyEghW;egv`#fHx7D6wUwJgq?~d* zsj6H0pQy%Ky#Rk1y*iA4{pf*SY^`^~;3>ng%ZKfj2ETlH_#I`sAXBdEvHZ~RW?(bq zjBE`uH@E7RC8tiDOWZ{4vu=Lqk1=V+bEZxz);0lk6?~4cJj# zpS#s`>JGq-ydVwhQ6uJMy3|rSK~oF%&hHOTB8$~`WF|2yZ9Xeqs1XHZqG^X-SJ?r0 z|82BGc=N_(r%!SjxW!K#*N9}jnIs*x=YyAbgY>_&=RIul(2|iIa3P# z#x--9N{Nq71l#{(u(D5x_P$${RLgbVuX!qm;$Pw0%=yM?XJ8pR8Rp#U;sE*+G)0lki9prZuhpQK6>uesi6|N8Ck?E za=m>q3FKBMGrO09pTagMF@%Kb>V$*nTFeAp!PlitE*y7yYHA2VYa}`?j1l>_n5rDz z9WH9^(O=-;0CzthoyfAL`S>qI_T%af@l3bhWH3FW!5F*66tHCKxak38f-Kwa8*m8z zq=^q$SjnwNeW?we>+7oFZMvEmekKhcW6u5Ay`3;4{8vb*?xuGo=Uc*qBo5&R!)2Be zo<=Nyf2IEkcReJ<apl*(3gRMM2fA*nSX7uW)+`(YBrsCt0AJGGBvUCB1;cg13Xj zT0sqqK4MJoJCAbd^=jmnLa`WvtxeY~C_M0xo~J*C8ZTTR6qAi3)>v6vtK79J*&W;T z1QX9wh^4BoNGi2f#P!Ra0nC1(Lx1^*``Q*lScQrBD1sX!1h+}_$-g?%bMQ~{pZ|G* zRV=HsYHrL&hS9M!5Z62C!Yu#KU~ZP0Kdqsekf!|JyKV9_#3QTRv=9zyk2WZi9Cvp1 z{7nA`La-{pB;Kvw4!?Yy*b0+Pe^l=+LZT=E@SAp;xZZc%r&YHuVl5YW$NHg{R4-s6 z^aAPv7%(b-{E>2)y3iK9GHTseCb_Wh?3`B)S7p90!FssHv-_p@7Q|JoY)EEfLwsY!-D1UHVsWwnccAu}@oeAR zv#<6Cs_37^Zh)L0<#@h%(%=NnXH`$o_oH5%?L%~? z-W$uHtMqIwFG{r!Eu$iMU^Df#@-^VKMjFv#MCau}=pP z?l*tuCs0SW&1ygF1l_X7-8INJ7T%-eUZ>_c#O`(YuIctRn?s5EIW?)*&1+RS{aPR6 zEA_M5KTz}N85y&?2Ei==ePybak`(jeuE>U?@a4Y(?a`M{o|_Z4>1vD_DD@+|WB}Cn zmU=%w4TJoFtLQN)gXLPn+2}Q&2Tq9H!iq3zGOmeB4gTuYwH>!2 zGDp3M;K)dC=Sv2oFpB7o?N{gZ4#O3djTv=y=w59dz)b*Cca`A2ntupiBAOGacV;^| zzV!Ci`!??q@$yk%3^Hd>m@ZWjNLXRHwnWMIVzkz=&e+msvr$r&Y8y&~{-wp{>X!Rm zJX?po(vAA)ced;T6+!S?4x_ zil~SCzikiB%LnuZsErRdUfJ$YThZLLC&1=#>}0(%D}F4UUmOHD~p?k z2$st^(Tp?WEkx>?v$OL?(|EE1l$(!F$$g)EfCq0TZ4wa?sXqQNX=API4Iu$-7E=ic zUuOP9bCus@*`yN`9%T(Fz8pgrqsMBL6jIKW!GDR1bxGAfKq zYP%A|q$8je+m)f3dXG3=Iv>-H*soqsb3bIC3gfg1>AY~_M9vjw%#N#I)Ktt5Xa-0- zqik^)`0d*unEd?6YscotkZ=`d$!n1-&%V$@A!DcBYtJxOCc@+|Zkfan-vn2`C`IoI zF=vmu9a<&98M!_@UP!p@)p%V#-E(t=FH`gWX>#J1sFq29V9Xh_#jAlBb39_4*r_*h z6wnk}Y5)(a1{qGCd@TkGRlX1TlOh8`FN*k^aV%nofFNqtC>@vIZBuI)x$^q{lC&tc zxE8_1dYx}wokP-F?Vzcc8Fg;~l+p3rA8Iw*S+hR8fsBRjg^X$AN1dqs0$IJz7|^xA z;4n0Hpc0aKjLkdJ!O)(5USuZdlnw?~I0p$No>w5p*Je<_l{|5o% zPWn;zg?^1ev^_ZEUXLz+&FTcfb;9cI`=(M@jj=Q+S_!lJDDl97108NIwYw!xVzXh} z%{Moyce})9yqYvr$I(im);$^eN8QvkS&5V$Nt8p2Lou@W#g8Ct-$8##H`pz-7qMA^ z`P?`!EiE)}Y47pm3gv^uB)a~U z`tq88wI$Qds=XW&3r^XL>hNaE{%Cmo9n&bq)891D2;H*VxxOgM)b^Q6PLvH(>AFY0 z#86hz7h=RJx9zbai;f+094v9Vv{Eh6*8adF+avya9Qrjs5PUBvQ_IxryVv)V#=;L8 z@2uhyP0GS5nAhCv^jEyU7&LVePTjkQ$<9;t_6{p}{oZu6SzWgtlDR@q;+s2qZGYxwC;cB@2&TCs(Hd{p^%r0(N z9)g-<@{pF6X7!rr3mA=jSnL#9z1xa#ol#3OT2HwTBt~`OS7Kv7zxEOCyASkto#lqV z`9|$r`WSl$Qn2Z7SKD8OrN0b{27Dw_s&VP)n{V^H8L_i}LMvMNOj)V~gP82g9U7-< zt+Gm?5EoBR;Xjr>=Pr)=)amumTFbue?O*e3L4gIVMt7B7N@V=t?TOvBn9OjruADtA zVQRBH*V{GIKQaJLsBecoc$(a@-qBt{AE2u%$c3t0`NZ4N^>tvZ9X-0+M1dz3YdwpCF@<9^tGDlFBL;&f-C3;5edw^eMOHJnQ{BVL(#x6(V ziI$<<-m@T?+e@(%w=h{wckh+ZL|5o(#Ur5rn+R7HEAxR z%+hjlYJ?=;H4^Xm!@S-ZkDzOVQB<8U(CS+{T+I7RcuCi-MI+n(LVsHpfT)KvVDylc zm9^?zBw023$)BtVa^C3XSzlx9Z5SFFiZ9kTVE_8HGRb>=Jv6+{uz0rR^Gnr^c|e@b ziCRa^JFh0gT*t>BWrHO8`|w;&ncsH^;7dSOFqS|;H98wT>tXyG?kKDqC@w<5>d(4i zdATs=or$5Meh%};hQu9>vy$yoj0C!+@)nO`HmppW7fU(Oa_82|oc=xwfUwnOm?vJv z@p`^qkbi|#LvVoKTj($p7S;qZ{9*=pjkH1xXx^1BE^uCag2Fsa@DlS5|#>NbTvMih)ttiV-hTTI9S9IqrT=oTg za+w+=TPMt6@YE&^2^(Gy8Pp*@umlX=79D`bV5ywt z-%CmV>6a$FB*D}lr=+T4T@sR$bxMVuChKVAH|`s{3`HA4WfP~OPAh9@2qIOxh5wq5 z2IlTw<^?A0XwS9Pr;+KZwWkbOSu3`JT3pHQQ5937b|cmH_e{CXVX~T|UY;4P-r1JY za38g0rvje(dze_2AIPTvAh#9{gPfyQ*VIgX3DJ#+PLG&)t>tcE*k!B}@0v}zsv;6J zVS=ax))JIng#xo5mF|dLsCcqpJMGvd_d_-=YJnMY1`+l8jxzdNFD)(pL}A2KEH<+) ztxvJ^wtIUGp@V1H`>_)7>DE1k2VZQ^rDfT&{-3iCq73f%&E=PK`3g978-}mxtk6bT z9ZRoq9=!7W&eBOhuSIUz*Y<@WW`zDL!j$}&-o(`O>dl+lCobH+-b*?fi@Gcc(W;Ka9mZOHkC%)8dmDgL4lciojWy!KPpA9< zt)Ab}X4rhxXrU1kP(P<~_*@*CH&(vj327{{`;46#*=P__zd^ zr3yNL%2q)&;rNf|{`>2-Qow15dtr`(slHWa{JRl3lO z+=Tu?&CiBIBA-{DX#xn1J`a4(_bFj2?2epjzu?w<@_r!fV;>~iJ{dYY9Gg0OmAnE|UH#U3#0 z`okT19|bC^eDpqkz40GQ^1tf_QaNpglu!af(`dyevmW%=HA&xVCQ|OzCYMt+S|^e) zCCAg#*u%oYMBMw;na|>MFX)d;2ny1Y|S7FS#)=RZB+am7-uIvdLkCd($ zH}^p8XxX4wHp^|BF$V^*tTcnd7$ZOV$%F2*jMDP)^u?Wn#WbtAk zWB3^xR>P2RX@R4#-Mf!1Emi1;0j3zs_U;w}?YI=qIUsO=aqQw-M9GcVA|PHB4dXAy zW3fL;Ua%z*(B5b9duGtk!#vViG%Eui4jEOthY3y^paBkI$S|o6(@$9jP+qfx&9Odwrl) z0M7FvEequv2gT7Mx7|#!=WnO}3>yB=@ya?$8<}VqVd4g^jG2ulZnnKY)s#LKZ5Rqi zhaY1XSD5LbXpMRiTn1{P(Qj%!R6>MSxK3K3Aesp>R(KddzzhXPj*Mr$FP03UfQu#{!EVUUm$$O$T<851mIfE+WvGUFW+l{kJ`pFW1oZ#%| ztF5IKv0l`3t1Yyz%C&g*`)tgI4jH|7pjQ66R59RlEZ6^(?j8?v#k^ziV&5zP7n;Fn}3x zoF(3S(@K}Phh?AXFJB`m7h5|vC^J}wdN2LS!FsH#=EG&aPlrT5s^{vdnY9qbZUDR} zQQ`)SuT@O<2kj{%Orw+M9{sfntlMu`cS-`VRSXfBe;z+ZN4C1+1 z?J;6aly%6~^-7&;{k78lu70Drf#YM`7~Up(COrbq0&zAoIIBoux=H8cFNeODc^qtX1J+GJ9f|doVNDOKf2K2Uzo9vOK49W2UijfA{nT6O$gm(AXN1~JPHtVW{DbpU7@q(9Ft;lzj8+cFIS zGKx*oY-cC!xxQcr>VcK2thUMKCI?z%747WoEJ3jW<}g?TH6Ppl!i%X8&Z4{q48` zCU)tY^4%*Kz}&o_Y}y(Ms2!;!!7~>6YimH$&F@EmEz*hkA?K)DcEc(CuWb1v4Ut|$ zC?&?KvP#Th3Hhu3`~-2iZ}GABjBN-D6EibH-mmAj=~Yh-o_~gIg0xhP73n%FYsd+& z)b73TUE8sD6>nr#6OR`5wH+)ebwnF&Y*|xG9P~co%fwnswfl*i+nXir4AGyL(a9bc zkb`tm+mr^wjrRKUhYAL-SiAqTP)&dLbFfA^6(ag=gcN`ysjV<7nBgOv?}ju}oX!Qz!t_swnJ-2|6*BEjUDlrWnioPJL}h33p$0#B8PrW{1C=|PU;Xt>w_Z4lbh)_1*oFt6KwNBtcfqSEHeL4~SXjJr zU-C}h&b{M$CHiALnm#u>H#of9XmhaQySY?gh!zzU0RxN@c(unUY!mhf-`lG}AQ0zn zYI!U^%q@s@z^f}4*y3rW|GBe(!z=hbc6EY(2))Y!Q@7|jAAjs9fg6M_C^<^DyUB4b zOt<%%gd;Aa|G9u(p}351;H@Y9CPBxOF2W(Te*orQpx6fUh%DuP%>;)8SqGp4k>_m! zGKR|XMI7B<0f*3@=wkkh+eoD1 zKidkxYek*8@om(jx45{bmYu&z(?ka1GGHc@i7qVUbR}<|ipHLgc3b^yurafARZLJ{ zBk{KT*NPO*)%DHy8_I_n3`kpB(RZT{n?y{^EDL4xW#?q?d4H;)^zUPLtvo-0Qy?Uml;HH&R`W8UknyDM$Ja9}&^FOc5-$JYCB1>$EF=Aghe% zkb*h$ZVf?++0+B1S25Uw)jg-VN%+hrHX-WPT<#F?My_t`Y+iaYa6X3lusyJJafGv* zCd2=av8#@2dj0+)pdzK9APq`Lcc-EvT>{c7C5)2J4Mf2rq#IO1Bt|z31Vmyq8#PAP zfYGrr_|5CRUhemM@BRM%;kB_(JaL}$obx{CydMC~5G6jQ`|n0&<_bw-Ub?r!NBBXZ zUx?M6|0NiB{rZyhp$Kr7{?AgK%r~SP(iJ?%XNBed-lYF5Mi8?(4)n`5&mjHZwR9I^ z_3-skFJB<_Ltu&1Vcuv=@v=XxTm?MhW~2PX=p{ zQq6@+?{Cr?%G^B@{N=jPSKbyfo4`^)qcYEGKx4Q7qoa=EgWD?-G+ZiN_$rH->guP` zOwaBN4C-ly_w@;pY*5BK$r`HK-mAsa&%8=V0JC#`Q#H)7G22Cn$6$6-I^vx`YF>uT z1S|Ekt~&75u|qX!zkrN8Drw#R$vu!aBz5dugl^fxwS&5uVC>ZIe{vhidf~M+6jngZ# zt!^r9l`chBKkPm`mOF`57R23B+Z>Ls@3|lyz&>HfFU+PzFX?Q5wq8}0WM+MZTVaxb zGX@T?iYRyN?;mnPR;G~9u*g-nz$!Dt&ylC31eJaY`NWfrr53L*?pvbYFM7%lke=%RXYf^56$B z7yF{so$5hu;|mGW7<@`H?GVSmt**?_ix00ei|;H{^W)t%#91S=3;`fkDrhX+QqW`y-qF#v6ZJmHHXSh`_h6wgvJkz^vn|0dK3WNu z+yQpiT<8x*eqS1_%u8S6nIHX87=+{Dm13JN=%Dv91Q5Z=?H!GH*@O)#SSD>EmJ1#s zAR(WuN?@dws3@j?7RN6ilngrD3%g&(L+f+#NC!E@pHAfL1v9;=0&O-w*Cis_Gw)ovvRXl zb1n)GhQtJPH^IOOHCZz8UkaOr3xCdv!5ve?ztRt^JDMhjeFTTGYE z|EV$^vV%-W?jF?-a`XvmPMDY7(Y&qiq;3*w0c$g!8NMORy%>@;ycc@yFD#EkctS_W zqgTvB$+T$;1Co}dh_tK z^sS>OMz1w_k~O>xbF8gxUqL`osS56`5{0D+RT;}l=N$wMQd8gT2|SESt~3Ud*YgIX zEenW=X-pvGS8Mk+$)he@^?Y+{qq<%^&*W{hDqNy_)|RCy07Nt zi$~yU($#ZRc=5tLa8@P?+qYjNviUh?0wJhMwJ+6aTpL#ck(1`C8PPVZ1z{G?p1;n{Hk48kQ>fRJV^B zxu-_#fjqu)6Swl#d&qx%*Jg`}vJ>y4?6wzMw zRC}&W|F$e9rnBJwd*y^`;JVlEL9^dLDII)i(^0k>cEt-06$<82sZzdouvIgu0{5{D>R}fcm4ZpZ z)fV@{Gx!QIFT)j&S9%D2xN3hzQ~qKs1k00nkYOghu(;%<;p-nTnti6ujatW>1Nv^q zcj0QzTFvRTQU!bCP3RBrn zt+?(IY7QZx`|xEz^sqW@$3R;~*T(x#HXBioMfd`*x(6^5iJ>j8i3F{~rMR#d~j%DpV zleI~(_uPqrP)NnWz9G`5{n{VZvL4(*4o6p#gyyAGhm@QH%`09|yoqHcKLa-33~y~E zk7vtkv6&mW!7d|l>-O!C?DFad-?U^*^g?sg$2Km{pjcR6YiddejrWbPzFh!)3?z$I zRnd&;AFFDa{Vseub+SAN>%4`!4-e` zw(Xt^@xB>wYNhoGR@zfM5<)`6^&yS!3h9DXCt3W1Rf6XOp>@j_kCGiNaY4~|V$7cd zw&NMxtgOeuC#Uy?N1a2F%e2g|U2W`@E)^9G=dI>us%ux+fdmBfFT$hOQsAn`Jx(HC zTf$TciCN7fX9Cl*gC{RA6vTbudG=Jo#myo4T}nVX(YY|SJy`e*K1W?r=gPNj+81`IKKEXJFH9vVb@yCC{C%|*A@Vzv@9WcKvnp#lZJDqb`&w%9 z-{dlw;QFKI4TBLEW8aB^HV3t@J2;ry*jc?Lz`6ZgQplGI7rvPQ9%`cS%|b^jVH1J9W%c_tq=rFnWK?ioC|p#`bt`VYi}U zYuUfdx;fQ*6=k2B#@|eTWwP8kuKsA}Bqni0ss`O}Cr_+3fhnO)o?lD<3Y|b(J>szDaThIbX_|XG%fJwhfkCE{*!ALu?}= z(~=fo+bfrmG8lC zR)}M!OP4Lt`j)0^2>J2f7Y-nJ=dnU*SrfPCZXH-On^;or?)S6htf4?!b%^yaPf33x z6~p2UMNswai*Hi*7%d@&PzvWbfHQX--11dC3(_va{$g?E(tVc0=86xcPdr29_Ipig zwxTc5rO~n87{Il)_p+%cNOmUb9*fvngrxdC33?GK<;Xf>O+0vdKgk4<9-tH@ERqgs z>EwCz6^_2gEsrCgH!d)hXM~PfTOOwkLQdY=di`uRo*zD@LU!TR4GsZdv7-g#UgOaY zp}GIQhiP<8*D?x?KUCmDvhI~^79Q+UWqe3wcA`0oA~~~Y9aeyRI36Au52Cn8RtdNu z>2PKw>*C=O$z|PVehn=avKn3LDQg#?SDc+4uEdBt!gmY7aXS2WojUJHipP0N^ZlX8 zEQxmNw5eET`vh$~UG8Dzxw!|(roc3k-<1^y3np#fucp%Y<|6k19{x;_Fl_`L`LV z=Wl@P`=1ha^TNbbKgatpr>}6?%oplCfL$loJl1P0p~7kt-fhXYf#Uovnc#Qt zJQ&C;Wa|-1juANaOX5dQu!J-&K;3PQlILh)2WwR)!lJ@Ix6pHMg7o3X+r!$intc)) z@MXtn%#(45FiAalFKpIW&|>GH$U0^J;@S-}$eL}*99pz5+^NFFz^)Jr)=4Di+Y zc7d`3s+%^Sk?QI55)9;wdCdNE*`KXX-IzTCTfB=CecSr_!xNF`A;i3ufC>pDrbkDE{dpU0On)h7B>wKK05|fo2I|ob=HwX}prMzzj;pkij?ZB%F+ z_&ER3{&(rV5}bNO)6wPKSwi0g?cOK@aiy@LWyp_g7sa|d2G7pFdSgf@{?)Ua$eMaK zaP@GPoPr;|%Ju#-J!6p*mbAWng4+(2++;AU#ofQv%OEMyF%TCnVjmE6u)IZKbq}MO zw^t)t)fVqx30rX6#x^Mh+ohk{Ay^*~-?PmbU%Y%{V6I9gNe>9i^>9v%KOj7Ga0BQ zADWn$WU)$`RyvyT&)c-kd;*YwaPwxb-@T5HiW15j$aGbGobEVO;y7Mz5z>DcE$mki zpTd}B^)y}%dUkJnpVpLfO!T6}Pc^dyIm?l)WxS*LN#oig7YPXv)$nNN2-!dmfZbaQ z_{|JK$Jp`@KoPZ&F3uZ1Wwyu8lQ6zx%(BX@5Bd_$&atI$Xb^CAUt)ffijYgLCpd6K z(kZyBk26XkATjXSv9H~jUG6zQWB|(i@Gua9mb_&tDy-k8b5C(>j2^Q<7oC>oVli+@ z=}{2ri_jNjt^_&w5oaQP^28i49)E?_Th2qr(tH1tvHsYoN|}QuK%#lPpK?yI(F(Nk3PN-L2Ed>^~hBUwC%`dR79&g|Y+>OnG*%g8NseoR8@HygpHw ze)wP#Av4PM*66O6)K~S>Zh#acv16Y*C86v|{owrPPh4F&;p5f_j3%BU@m^kD5u#-j zTUm#LnCumT(=8B&E2CEl*Ozxwf5{@F*VzRI|Al@;d}8eNJi1TpJQ7+tmOeE^nDZ;= zyTVJCK<;bF_36O!BX=wPPmA;G422jrcT>)1?X%?MyG-7j^uL>K9FNY{6-_x~BX6&u z#vpt5^1h61mt5qZpD-RDJnreSVL9!P?SO*4ktw_j{rEo{#|kzJzY-A3X?~LFA5QtQ{o~mDI_^^41i1eNs?gWSHP&8zYO&1{02|;um{Q{tc$@{y)lG ze#ZV>M=nT-_l+-ok@p>W_d59JKl^BjG%lBf+J+GkSEz*)RRApZcNcOq;uBQ@^^Njh z?Cu(i08e!iQ`Hom%{w=3sn}@AX^&YUh5oRUtPZL)EPWu?{)^uzEH0>Qm@RIYfa+@h zP5kaTFv33L!EC6!+W+V%;O=eZJI_M`vOhW?)xPd7eM^1!hi3ZGG_1j+u7$NH%!GNP zO<_NzT9=_jY6D`L~9mR$Q(sM{rL zWQbKwvc(!2;=>Orc;fj}9KcOMS6qpK9eYesE($TfcB*+i2&ecd0*!XSOFK_Lqp!_l1ryJELNo+<3vBvH}y(4vhc_OE;_{&{9 zu1YXGOT|u1YiqUq*_7ElSRf|cS zzl*mgo>Osh(bvU)U)=isM&r%Sh$cJwukoWL4~@vAT(EZjf<1l2c*MD+b!S@s5VMDt-Dx9`eKJ=}C+~6Qm z5D3I)OO%+!^I;xVx)?uM6a$*&EFPp%T2ut43$5MnRS-QtxSz+xvN+oQKiOG#Km>}i zZMX+3zOWQQ_1m{o1CBZZ4p+;-bDg{b@6qPIc>!W}=>c0Ei(7cAP-Y`&azYXByD!oJj!xu)a#(!hTNNR z@M;1ou?Q2F8R1(}}X^gAYIGzipw%eSxo2 zg>hHv0w<*h=hyw2E5{Wf=qeG%hhGrK2p1rmr|0h0xJr64*a&RFs~pNc?gRqC$Dd8s z)8ja=nJ)XA%2*&O3 zszW56xc$9^;=v0?Yj-H3@Hz$(XwS(j!Og8};XAKcvxmv}{#FnoV3+QmU4SfB6=+yu zG{s0u`xY-A=!1Z&5z@y2d4+{B49?YG5QS-4xkn3d$VRNx9>rX(wpp21Nc~<$m3*Wx zX`>sfd#h|Nk%sX4w4=0lYA$Qj?h{k)B+;>Pu_^VPFC zBc^<22-czp)TMC%XEN5r8 zadTz(L!gA{;`N)k8 zA#{sZU73HfaGDHGq~7P!&N>W!x^!^Dw@<{DQL_oIqB+|0O0W#c=SIyLO_Jc4$7}A zP8w6-d>a}XYLfZpO{dm}J&*dvqFYBtW1)`)dOAAdP8zZA&0LR-MSKUUwXk&?&&%56 zCf4>rK6)B7CEh5XUT<57V_7s*`q1~~50KP1qY=KA0&*=3IH~1z!k+{YA0xoW6Hn_E z_n88()Ksb4J7(I{vr9`&BwR*0RhY!@YDA3?rT7mV;RqcKi}%HCvgh|~o<4lF@0|3k zg=uT8^iX7*1@zwTjV4^pmZ;^!75)iBY?L)~tM$b651*cqxZ4 zn}vwT!0KVnP`SNo2=!_iRz*iAN=#h5&T`C-x;t>cK{`4v&dJi!ZFYF^T8p;L22B`)(rGgzKTmxgL|piJlJF3Q#q^_Mj$}|KpUFr3G~Wgqu;S8 zn&fE8j$tqT4r2WCej=nqG?qKI-jbCdU}_ImIGmfEN8))?cgh_*+Uaj1xQ#6LZ`7f$ z$UDOp#G%$L$)3SgjtFN<{}Umb2sCJFf2(yCQfU)Y=Dpy@62CHL!hQ3ma}{`&bU$%o zzka*u{F;1Om0(PCw1_{ZbUuG=JIOBny0!xDBci8UBW7xf)iiXhu2*{zZ!HHRv$A}Q zF}qw_J28;BvfhTVbhqKF32%&3q&!D1VTEKhYZmE{5WRHJrUBY{uQn|q1w8sSM*I~c z-|%oz(~hxS+7qy8W!Gq3j0*6?PIwjnRgjxy3W<*MSiM1yG}hyAS9$*xN$sT6tiMDt7MuhgKa(R3oU9pK+r+bB zjaAs=aJczpMM&TBnr6^JJc|Wa(v47WzW^6mgq0goR1u<6RJ)~@k^~S5)fBZ!+Quu< zS0uC63yK->arv-LPk42yM+OME&-cV#)7kk0zQX*v^yUjIo3AhW^$ZN077u$sijGxY z8+9%x`Z-!@H#awh^&UQaBCuwNot*{68N1Z;xhn#d)BP~Ss>6;*6u3c;5b?6q7O|j( ztv-bL&lR2kELUm=sYicWwM}eSKIg3jsJ>E`Vs}1eQk^yjFYJ&8SL*d*tG|K!t5;T7 z)V#bRCb9t23j0;<)^p#XU1@jUOm;D z6e-fE$wi>Ey?qIMbuDaP9<y^D3Y?HcfDpfeSc}Tcf@W#GPiG7BbXUZ%PQ;u7wfQ7 zr{avi!yNx%t6_42$oCyy&%i!KNb8q+FQ5~Q6DypcV-4BaSJU?FBHCN;tW`X4&!ydW zv-4i3ySBu2`SNA?&Yrb-*V@3O4w|CRpQA!U_fX{Cb%a`XGHK6#U}I~jexr`35l|$p zRu@A9mfvSK1s!*{PW;E4|M(j0Ogbbf=7pVDPkpK`55_YZh>2IoE_$OF%M{S*&l__H z-2+@u+g_-9@=|%S`(n+*>9N-9&1?RFE7KC`7TPaJPXRrrjm}>ko(duv(d%7aULGi< zZ$0mL&EqdV!QW}c3#@&n1Plk{7cUOHLr!`%d;a}Je=$VE^qS5AO-)V3XZLj|Lj3=? z<$7Vq5Pt^~UM=9Nzqz=aZ~6bcMV@w}^MGT%YBAt{oAnnM{qUWT-)VV7^#5po!_^I* z-HCC5YKmV2_Xjlg$5j3LVM^y>d7K}O`C`KV$Dm&%I+DBLY!hx7NsKRA?^`5JomOV| z86%WWR#}VAZLNB$8CkTvVjUI`d9QV<;8m!SY4-x19-~(1E@2iJrRxH+NW=5LN!a}0U_iQ@o`tx z9#|K=V-y}83?o^fNtpAuXm8`}cr`sM4@NLV5b8J}+oyRc0(UCIuPNMGjOiQis`Yf(tU?UbR4)}Jy*?CuNb;;> z2DJ!IYSg5nr(uI?hVS{fZMnXVRPTROpvu@S7ieE;p6Ero`bCTKCIlxo>vDo?+h7DeLQp%w1hAo>lKx@-*sCC%>Fl?hq%){WC%|eYHyaam%;#Ik zJpxPr;+DvVtFYFpnaI9R<%mXa3o^^@o@fB%kOKEW0w z<#U1n?=n{yLegggms_$Uye%<$|Syi{p;@b_Kt#$(l?h3zq)ID zXD{sBY0@25Fcr66BGEIqb!xq@PCwS& zGbx)a8XR@33JFnev)(>Obgl|jl~-Z`Uk=|`6*aDVj1L{<#k)!rRt$3k;DYa89I!=; z`6RYJpoph}YB&!(Dz^9Z6i+UxpL7ljeL2or9aw@2?!DSrQJrc07 z?`&MQut9lT8TbX_&-Y}iA*LJ8oPbGFGN0xFOWOkritN`nwrN?gLfPrNA2>2_Z)7b~ z;HVjdM4)&RLm_JQUOW5!&L|C4Z3aN^rT}6!Q1{chWX-+xsn*Bztxml2jKVif2+Qmx zlmM{(!u)&~Wml@6si_mbMwwn!l_Cvy-=w+KWI=ZH2?s z#6S>eU6@XmbGtYriu|ayY={EeFQSCMAv5eObeOn^cQwIuC+skzs2Mej7Nh_{HTuF@ zAYo}^gQlKoW*}7tiF*Tj?e_y5qiqLZUEiR*Ss$7W6l$!%oa2>hghi^V_Eb!9OVVZ! zVtJn>#{te(YifpE)ZRdW%E6LX|yA( zPyPA&92x{Nqpq8wL@k$mLqEpt3E>Ye95D)Bm@ycLb}LZb86Ietn1*lj4X_tR*xDCC zmp7eYE)Of=09fHk4nmp}>oxmrer=E6TmsqH(>ckiKp*8*Szaz{p%Z1(r6d~=ARdy5 z6OOs+2wU@9-RM6&99gy4Z!CuZzHFzPYgmKA1#milFNvsvV zeW#3%k^G>dWk9L9y#N6~SO+e>pm_FF*D;@iy!*V1Y%!CCw~)5DdIbpy6D`@@JF@x2 zq>a%>XU$>rLe3H!>iGU0Q3&JZWQ2>LeGHzh#uE6!lMLe*S!2~#g%i#Vbsj(O+z{zq zfiQrWo45ZSU_RB1U*2{Pye6M){hGnhr$4v=AUk7~ z-&{aGc8P?4#1Hy3g9m#d8qB`yCv$b8&M4Sb$;m_B!!@KujOB^1ZB-AtL)HF9`$);r zQX|qETPn)}{Axj+5;e32sP&)G(i02{W-UeXr_LuJqWCd~ z`?J~$UGm@CqO9UoHw`7m=_?W?*1fl&nh|pJK~%TPswI+4y{oe{?3c zesyhYfEp6lPi-EU91|!eB>SYB$R8od;%|{!oBr6>{yjToS5zvK>0A;L$weE8=1g*1 zRo$D&2|af>RS4>UpQHf5(%9&Hn}HIp`%9Vk?O|4y{0H~(ryUG4iz?o}{dEqwCdtlc zMvp?xA$t`#@j>=IMzrJX5wG1V5{(qkuaaO>HbKSRSMvOvz+yAdcrS;HLVsh?P5yY0 z{Pqbu$S%H!bUg~N`!Lyp_ROb<|1Ja2L(!J6rb&crVgc3beHc*cwee@sbAX z&T@6livsxwnw#~E%(=;Tchkt@0)I1S2p={PJ&ru=myULuyI}vhD5k9!$a=_Ix9@Vy zjm!{eV{o@V>^?NVc#h&?eAh`})tmtGIwm1)u5d!2!R)e46*d*q#XEOWgo_z68d~>y z$8_3A>f0y!p@aEx&VKoi+Wzax(R%7&}`5*ewiCABGcI63Uy(W=U&=I$O7nCMj2 z%P6|I3P^c2D>y%yfg9bfMx}Gj*P=iBF2lme|A>&0gL7n&DJ*)VWyZQe3KA4~K}`1iLWACXQyIEA#u)nuC>;)si>n+oGtr z2S%~#o(2X9+ak2)has};LRn4|&UWK$ia#}lPH+s!H;G-dC(0Lc7+K(NSJE2p7P#pT znjuqkdLHWxO{k%4;B;pRFi6$p$CmkHPQz`%!0S_Jw4fkl=fyil>Dvnda+Y1P`;nPo zU;nWcl6C)piguTM{G70iiPdM?$lY(E zYM&U`2pq^_@eweQYLEAO6UlOYxuv~R96rH|4@CqG4H^1oOy;k-_tf2s50KZU>CSKh zBWv9ASGy@%0>I~-Iwb|`zSsT~rd?-T|)L}-hrc!y2wqPU!dV5?%cbYpA)BEg`*MKW@F zY^O_xuYq2eT_^seI!<>aNV%tBRc5sGamCT>@*ZlVC;hO1@9;_b+IYh~^wB;twg%n! znDFClE;E-3K&bjQK2@P>ver1=e}^E+?_~8||a0MUa#_O~6iN;u&`jvyW-}vyfV4;QlH~;?Yr92J%TS%E98T zc*>|{$P_<@xbeI*Hl1AQWC08wBeU*h{dv6JwZ5~Q})Vp9`)4k^trh845e&y3>Q_B2cm?hFm zk-A9g7N?nnCa=5LGHr>8bx)vZ_7l4jW7At&)r(J5uZccLUSXL3WO<~|Q|h63%0|SS zyQxjz-!Drn)me8`x%JB9xRwC;jMoEvCIIuCUau~OEtlj7xOwPb>alFMcKk_*;89tx zk>ZZr@qxQ_OQ=hBc~&MuT0XFU z-%y}*vAcR2$Z!dWtH`zKPRw(INgH*+-zvV()7P#*p>6D(Vo&^WV5&=(ZdRSlMeZf% zjV-pS4$gHbBKVt4fFj(|=8SbPq-gN;LA7<>Fza^Ihopf%9WHb|?m4+@B)xo_?L@%g z{P}d@d-uM5Z%de1?Ys`71XQ^oAN5Ka_dmuom(yvhb-Hd2ioBDSt@=J*W|>(~zKF2- zEyR-vx!CG(F5f-{R6$}%AG>xI`OlBri2_9o3#tlGNw3pTzLldoM{7cHVCFO!|an4Q(IXh=|Jv*R-Eggc#3sMr|_3 z`upcG=jRu~+|ltQDvXPh4VLLvPs~{uX=xY7U1(BVSg}}Q9}ETA#rUWxA?%p8BGKOP znRQ(i?Swd9Nc7g$6ICV&wa^?}HGG97-}u#Pf&Rvc?al37c)^XeLF6u*(<7zg);3ht zyWK{BpsK7SY_{VFx1Bx)0T=hYRZGOnS4fcNe(sXt6%~BWt2Aa{D*%T*#H!LH$cx zI}(1(Flx%iDX*I>?hi{NsK=EVP>BW<+b(k6e``CDoC&t~v=QHv=41P6dy?+c%dv$> z@>VM?qFvoUVB6`50i|Qafpsg3+wHch16k8<&{gbwtG{6UMsxq(Nw@b@eB_6F;L84CT_foTRb34afKsO-)QeFwffH$!k0$wyD_22O znZ})pHQT~;lIu@91{|jkYmwGi=kZD{(L^M=G(YL&=+gt#`Q~7m^zQB();(e1&an#Q z!w`LKY=kXic1KP)ug$}io6s$DK{Rfkr4o|j47?u#nO*fNI2VcXz%~22BZpkBOJ%bv znl29X%?C>VJgZU(bV-P=ASY>{Cx;`4ERGahuUlqYb^rCbhnnszq5vGeNW$(dZ=wSX zDn5Lt+pjJs!vpH$S(Un4=rx$SJwm8hX?ZaP*gUUiV7#u7ZQ5&4%UNWcyN~KsEXhuX z%G9>pdlz4U6et<3w#62La8O$&&?3gvW~+p&>x%iOgY6o$=P0CuVqLWhQG-ZlE(2&< zZC@9*e}zbZh^j|OACkR(^(IacPdbcOPeoxT)@9Ku+KD{s;vpkMO;Gxdb=Yvd$&UBs z!Fu$3!`gbtZ)c|k2lMvn7;sf^#JLUe+jV?|09iRnCGGWU=fD#Jz*_`Q&X(kuxev^F zwup41dzNXsxDzF05F`)O7}07~v8< zgOQE%bmpZ^Dm_Ono+7*7mPOETaGjv1d{tn=7aY*yRCZ<%Uc&BcGdQ&Su1gQDmA$Tj zrsLA(Hu6=l9({0)Z|8tcd3Lz-gUwHK3O4cB>O3d|2cHy>4}ABIS>7NdL%lq9%Z%TO zkz0jD*8JYP#LVDHPT#{e#H_;?ezV}wbzCr;N&{!q)AH7#6JDLe+G=!?NHB%k(1cJ7jSh7p&H9pQ# z%a`GOtRJ4FIici(b)SuA3_D`kZzPM11xP)~5$lyMkYlsxF!F?$p4$7NS$1!X)!{@s zkO75=0XJxSnpXs)`v6_3YL`eZ`l1DTq`t8Z;fQ8RY%NQSy*|}}HSB>INtwwX+>jT2d#U#dez4%|8GlTeH%%u-$k#V74OrXcR2^=QTqvl^nceD2> zbVn%!>sIVg&kfv;(rDH0YgCIF!qxBZuqK_{56c8EGA$Qa_1^kD{rKmWHYG%pD2^iR zm`vhLk#vH0)}`3sLN)dD^}Vk}R%4X`T?g{_Pi$Ym)+z?<)rLJSwQkpz()##uW-b|k zj&q6cNq9}2JKDk-11qoxnAq6l*)~U%k2f6Z>g#j&9?b*&mv@mTHMaCzz9K=j4BO6e zxUjhi1LuAmbQWeldfzsvvF>dBu4jdwuEmpf$8;3Re7?{SY*H|PgLf{`syDW^xutw) z`$ESx1q<6=Or3nf?}>#wMg%c=*v(ZVYs^cdG1emP@YD*MPu79MeS zfup4}x04R5RMtx186Xqq<7KdutE8IfW6dUUajV!x(*Qiu!7^Vv4zwlwxDaCHzQ!P^ zI2bXIZ{k*mTc@=IVuEcMBjfs2G~zDPFNp`kUb-*7B8dQQz#tq}J3ix(x_WnAU_?9h zKFhM>;w1Fe-IJJ^=VtDC0eCFHZI8o9y}k&U^1&u^u^Z?axh=8?!L5+GZ4OJSKJw=<}b*++qATYQ!0&c*>GP{4TfFpSE^<2N>_m5aF1V}7Go-n@`e&!W! zf|dpyZ`M6wUU;Z!@X{RC95@lHe!QE8OqiO|F+FUFyE>=9QyRD}<9iT+;_%RUVSf9A zE=c=XmEdBd;KDQl=!q4d6qFx7fhm>c@i zMm0FKnAD&b(6!nXy^tEfy*fCPWn%Quq|@e!!sTsON!bipa20AV`3u{(7Q|Mm_vbb; z@}YZ6ThwfNCb4LepcHqR6mlFW^QeRmKeTz}q zC6t15sk5vTCe2Zw-Y;XE86!NOwXc4Hl~a=W(|Y|8W#PC)PtQkd;aW*_4ujTDASc({ z!e_h4If}k;nu7PZg6%o5b5k`3yyo!zHy@I=a185JsM(^yT_-4gm40rzZI?VHgM=Or zkGcmIfUoOZT@u#k5Es|)4g)WY;rhF4>+zKlBDUS{z0xMe#vFug5;eK)%PgE7#-46& zqedBAV3dr~Zqf0slbirpK!bLRSVe1>8mY}I8BN(~GpLt9jA&2&?Ra3B5*&wM&DDfx z1O(#daQnw>!31nnd4Qdy?LVqg*a`G|e6$Pmt!!&Ti;}&A%Ja8tWo(~!PTsOayF<}p z^5$i5EGFFnFdCgZmCczi|IVYg)@QW3A& zU&;c%3R7La%#m*-81DkX-TuPU!hzWJW$oVogpOJCTo{8uQMYSzmwuHILd()s#|bf;ljS z(SO2Nf-v{9kP2J|*luw=jTN0gBDMYDg*sZMuVY`*v-wwk9Qae;z9Fy!~hy!jWbIYy?-~w*0BRA6t2!aP@ z9AUd#CNj*?eNndt`W~W<&-+$Uj|3|T65m$7?dQvpfTy4UU48XByh5LsTVOJm`yBCl zhRx+Y`%7kjB)(t`n(XvSW5MIxg>{YJ>n&x`A!*V9j8xJxcT>CEF;h!Fh&BF<=`v~r zW6r_#T(PM1^MT>W268zr@4CeH4-R4aeei2y5)!NLKjwJ#W;5*jTt0Q0)=wX9B=T(G zFgew=tDL(WM-0Qo^rTj||0)L*l|hj;ANXGeM8OW^N2uq3r(XTD5w252Choi(Qo?%A zpPYN$;l=bB+Ksq&?Qfo>G)@mWkL{VDJdLIQ)(}jilIABVNg7ohy=rp5H(*?ZFEYbO z+pce>JgM>9?V%UHq5!|WlhKg?tk-)U3;VlAy$m`hV=8%79RNuri#fg4@ip=8|&J^uK27Ki{Fm zLiLn)cOvW@ROf#W2hkYOm8T(-^}wIIW=PwFZ3jg4~Thn2QFA^k~MDP!T_^aV$_X)u7EcJlr=RgD+KdaIHMRG9pKdN$!i+fx$K%z@8P4*wy(_?hZMfPQE+1HsEjCF>DEMp(TU`E-OvF~H~P3KhS z^#0Cyd;K+^na9la+|PYq>-YLz-6GUCQ>9lGhNJ4W!(V$W!VfmtZSTKOP-^aIkF(e; z>{xk8UjTu`w~(VvCA}X`3*GRFefIp`&|N;p9X_HnJX+_%tU2}HsFN>~kr0i~sn4UN z#L_GLiKeZ0q}#l18F&P}BN3QgP_0~P@A4sJq^#`DtME5*QS6)ndp8?LzeWdkFH{X( zV-O6io2dwBxvt=Pzml1S$($RQh(={=E zzeu$Ee{PPyFY39JCx$Ho+=!DANog14$F)uk(14@IcgBvFq`qw)*5i%XTkAT9f0W)f z&BxufdD+Kl^BEas;NIRYAlEJC*$c({p1N5wX(`gCUng`#=oj9##b`t?rj+Q^EntZG zPX?)J`qO96M%UEv441i7Aj{uIXnZiLz=8L5Qj)culdHve17c<{ld)eeGG%RVto8zm zY)2xzbSw<5yEhM`&J#zc#SoFGTm!D0$|fE^XtjDZ(>ZOuEdfDsoN9FadyuwM%61Sdppb93JPhx=Lu z`8;uqlr=32-qSCYYfm_-AG^iDad(XZ>ih(4DkX6R8IhN9-K2F6avRmyH!#5FcS34$ zM@K}T3$0PQh)=vrkqR=|GDN)>`iQWG9}hz~kR7IRY5gj5t z#s~DI)RD8H#$|-D)!)i@J+Pn#G|S=&yTS1qbtGk(U;mkaPaD(>7XYEzOS&hY zD*@R2-o!fGbM5NlTN?Y;MNU|gAw2cs*VcYi`54NOP9&xlef>Jz+aJ7&y=l~zI|@C$ zl&qw#o?~8X2H`HvQ&emjo_Py0#K>1A5$;o}ggLH^kol<#Gqi&?t7>TyCWquJrK~Yz z#Yn~t+o{|)-gPo1TnE*JssFNCA#9e%5!0cYp|rawsichMlgr(UQOmbx%-LVPx*PCV zJy`12_3IDj7Z&zL$`h$bPpV~b1Sfso0Z1PZ6aW<=F03PH;FkjMv4V8n^1)IOv|$_e zZb=$=@gCH!dfK6~aL}!CVeFohyNAuRjZpd;Ok}FxPNu$n7h8 z#TKOVc7S|H911|Il4vIh@@rM#YJd6Wv~i(diQOTs15Ud#@5|i8BD8kq$&*SyeScdS zP)vBZhs(IQF@cAtGv2|>x=II{^w!pG4=O(WV~EH{P;dHtFEw6-FAEVusski9(Eh(TlS(w+k0|MSB)v$EzMOPM_^LJx6D;(T#}z zxG6)m@8oE+Em_YQR#9B{ncSHD>O<+N@LKjt7|o!I{tKDM<=vM&(`TB* z0F~}dV1bxK`*nK_O_0=33aD1G<*m#hxvTm(nyg9PbK9*FNoQDxX7x^J6l+xjIOq5G z_2^&BW9YUEG8cAbdLVu>pf|nx&9A}6-xr5Sn&CjPU(;WDZmp9zpUHM-W%c6ai}Tf< z&*FJx9)1-uy1C3}1mCCVKE%52?Cm*pW)P^Q=V#}lZ+U#ZLb;#j)wP`st~5SeU1MD= z=M{}{YmInY=4WkUG=TMYXC^(a*pMewJEnL1st$+$d`Vwl##AbZv3YptdIW8rgvbP1 zdulIQv6jMr=cB&NZDE%KHF>}7=`)X)4()q0R<3LA&aB)t%q=!@L(e%^rX~t}OgsjV zw{)-705L9jrD9KY%f?gyRJaqIPTThzo1~U`A6!%>V!)L{!<5ygEV+BVd_f}g&dEl3 zK1zfBwakpP{3Y|_V`{^5UB>r6v$cJu7Z~wz?kPipoo!>{Mlt~$guR++Y`(QHpLlQ) z7Sd~H2oj9|RMdGImVA&f3>{$iqWt<^Ot-qOPoK61cHreD5b^gE{tsv8&lM)JPZ5J6 za>bEgY;e!C?=Fp8RQ~Law~?hCrKOylT$03`f>G@jlcR(CiSt|N44`{|Xfy=yprsYm ziIor}dA@x}pdyYMD@h5!RtR|vTw}TpCt&kz+R*9kN3sM+ywKaI*8nbsGby~nrk zOp~cFi+9sR2*BogoGSmp`?Ji+j>lO$;)6JKBc=7H19u9Gjn*qnck88clta}TjSFwd zTD=52R;$SFjpIC~^nLEDEm}&IEG{C~;1TcdLC0KccCS!k6^6nXnih`yjJ@sLqONc^ zi5{;iF&EDr^qwsrq{lbgH$m~#y82c|!9uzi_1S;#%O9e%_BsRBj`1SiHv ziK;T#_gy2}Jf}k5O}{F9mO^M=ZiNG@23}ae4Fo=5azTF;1>lo~ zkl#?S<%h$7!%o55(;MZb(J{3syU`l3OKC6`HK30dOZP{1Zmw_ALA^gzw~Vr1mAYi_*_nh-R0 z^=o=Dm3#%J-4_-a)t?vK$|5y2plUnxLEGD`gXk}|MJc7`8o9wM)e3H1xewjw>$~@= zZQf)LNlIxK%*U1L5%sB=>zfliXPV&TevL?oDATqDGd+ICQ>~xIbu&- z1c>VU;C@E6amTq4JNVc`(t5@`6wfi)z2}r+z{XEsW{A*W&*HoieRP}G3AuhEBDjv6 zN1c3$2nb$0@{w9V+Kd=DHlWA=Sy>ll@`#OP6C%85GIwNxLZzz(ATsF~Uc>CJ#Lepi z@$X!F)NG;P54BTtcEjWOZL{i{tbn7@A-Hut!M%0{X<|6HV9<6y-E!Nlf4wt7_5~3I z916GN8~d19**7#i4BDWO2=RwYIba7J=NQkFV8SGNuQlNe* zW-ZRp$*!apOZ0(<-v`T9O4gbahAs>A1J!u>k}Hisg~b|QZ`L0!H&$K*_!WMMh1ti1Cq1aK8P8GsUnixpn>WJ zYu^BaTJkRkL=63KFI>p>>f}9Fc^;j+WiVq!eDH@E>;B#%ubc7|lNUVvrMowow&3JD zHJiBd1vI&uIKLarZLVy0%gbPkoG^7xS7^AF#=(np-F;_giB?3^sL^iBy!D)J7q-<7 zTLVG1W7wv@xK4NH+jhu#BFY!$z-F*dTL4ov3oMeX0BNm>v^fhgf)1H4PfTQ?&Uss~ z4#{}0+ZQL*`mD3O-UdSJ)sKIxm~2)eA`VvmIWC4ZTsif&%1tICo$5CK*C$(cYXtuD z7Z~_oy;?1^I+zYxUOcwdV=%va3~Qrlmf)n^BW`~5np|S!BvAeQ)d$Cuz9oB+d&uq% zj4oY0*5W;f&KRFk$Bjr98AVkMVtDetNTHCB=yxvi4eimBW5fwv3ExVvEJ6!b$?~rq zZ`T~!nPbn@x&WPfo@li;xOr7@L*~!yC3|)TJ#1BrQWdDx7Y;qnaZSWjK^5!`Q&jjg zWC=aJmu#o0k z2;PIHYT3z9QZrK?plQjvcB0d$C%p7%ffV1<^!N-FSt#-GT z=Uay{UJajo44=T@U<00Z)kXd3YAmmAHL8ee89sIwU$q>)yx&8Nu?~hdrR%{y7EqY| zI+e-tvYtHj`3iM}ghq>|gn_yLs!ye9g-`n5nP&gUrSzDQ zP;XFro{O4qd0601JC86PF)W{Rm6MU_z5>5ENzG|R;_sI3{1hQ`VlwdWskvFb2IdWB z8J>QY;JN0!NrEsi^AWO1cqib#Fi^cqnXSN_F>XlvY8%HW?RDNQ27=JvoS)P)iE0+q8zr6wkNx-M@ggL40h(sqJU7|y zIR*K!SN?UDpbCj*m7SE#pK2uE^c!nL0M7JWY<>r(61w2A0L+6*b~~z!`tCJzP%v~ z=k0jRJgUQ&XKG-4{q769_Hybj8qfVV!jK+O54zbJgdH>Tt@qo}b%7oDCAyjR*n+%8 zuS8;}P;_hx=LF|vzNDH;2$4C=?mXHbTvSp}MzYEtDXn_%H@~pUlEANOnE93%C0O)_iNNjyRMGm1 z1YU~uJH-Cy@8r0BnMc7?l$3G*NsepP+(WzLqUtV_f84afBkB^(6eh#o&&XsP)_>dA z_RHbX))E;UTsTVDIZEkVPZ7C0bB&oh=Zy&bnbF*jPSoa~pT;n7t)7=BAxB{|!L(I11`OH8Tn#s=Uk z;I+-1-F|7Jg+aOw~HIq=B0Q4~MCuVq|uNl`@w{nLroc~zDlkf&IROMHV$Wy>w!^Ao2Lx|W!aq$53+ z9Es$6;%0s*O3CFW)_$O;bNABMw7W}Qtr6Zj)jynjRT>wx8_3MR0{80J8?X2U1@_HAyXTX7tK)ikmZf`!7VDJ&W?w>hfr)wxg6LY8nK z3sq~8CwV&&8OLzNU5#RcVh{eoRD5iok8T6``F{U%y1>tG4|1j;Ma9KyiJ&lw?Y)D; z1_n>L%;@N~EZGL8!%cqO2;ay<_)h8F8gx!V&|sWyYU=6gHnG{C4ZMEi zhMFMfP@n|*+$j4piva1P($dxry+mS+{pOv#vA@r>niuLkYaio#LNDd_-14(rc@Oj@ z{c;zA{K<5NR7lMSKGs?Ks#`xkj%cuaH27iY{?wRz#Md?GWD!6c8D26!gmZXW&Z20W zcYW&a^E1K>4eCrP6-RBT@J=++*-G&g z4QiQlMPe%}?bMSbTWxPr(QH&4Tz>Fzw*ejo4Xz3q0fYIU!kb8@FMreMArt1~U!SAr zGmAQf&hc6dP8_YrT$u@&z~fNaALnw5b@N;aUq$bx1z+cy)Ra;d2d>v*Y5^dYoh>xg zlup;LcJSNxUATDa^;z^Mh=sHNdj9;>_P|OPi`Sq?5wv9N2F;v)N97q&H*VcN2I{!L zn%(5!l6mx^cE^(8>3ttHz~_!h>xl+S3b>MDDdC~*IhUmc66=pbO2B3PC-tUd92cw>2t1Og+R zj88+8Xq<+NI<}vk(v(p)vnzN;x!|Ah;8dFXGbS0<&lD8PW>FKTY9~GZZXEw8f=G~& zfO?rsZr&4|=+|3yj$*`O3%1tCsb7jF)!7Xz*48QH8R5`4?W|{Wx6Ww3)(r&aCad2Z z`t&Lcl__-blGLrcB~nG|Zu|Z0|n!!9$=ZfUI6bx;3hvT!rk{y zY&EBDo9DWIsc))~KzhmGn0`28O!mr-gI7g)k<}Or^^+yA0%H_o-T;-RzM5;ebgqq8 z9?}??GxVn4h8k4;Ns~28LbpXyl51E$(X|{6#yU=;Y|9cR;(XU6nu*i#*sAJVn5=<@ zRu9=k$Rd@B^g@U7}Mdv2E!_+$=AGra|85QkIZtrO{<)5I=x zqOxfalUeQ2981)c+*C93Y*G(@_14GM(A!O5@JQM{ zQW9evml6*Kxgrd?=Zxk>P}1#N_&M?J(N*eA2y8SbJ62?UJ;fp?zM}o_cH+ z(1ctvb@P3e+nI>3L=d1#ogP#`l!2k+;-|ob62ioC;9WzD;H<91;IzeRc%_&OVUpc= zweO-2k_K&>*FVjt75FeZ5RdmiXm0jjYQyH-e2A=C_FJ)P=D1dnRiS^hJR_&Knwtrn zu=$gCKSb-|%QKO^5uH!PrWihM?qF z@{lukyKRGGN2)liQ~3(JyJgRI5p0wXu`A_<-k{9MfSlOIxXC1Oc!PfC^`1SIzoQc_ zyFCTrl@!y!m+*y)HRAfa%`^O1;SW}om1~xGVccT;jm+!5^~nz;kYt|A?z)71b)244 z3q1@kF6ZzTq&MW&el){`)AlIbwaRObbr+JOpHlyvP@h{}+Pi75xdn2%Mudw4SdvNMDq(XJKtI_`O#HpxCOaXT+PhdTm_AaNnfo=tiBP|!}}P$NCF6SI(Dv0j~ax9(2{_VdxCrBSEb)jsPh*@M1jQhN=mD!ne8rMw)`>62mi@ zR8h`L3vSDL8Dn|ZV#XF;g+EUEq+Q(>o*p&vw3)erkMlFgVQbyArz)rFqs>{LYUlBn zu@Zi2^0yAkhQk>_P7&y$M@{Al+9|G2+pHc%g$v%sPWr{rL^;cRx?^sw8mp_?R;-j8xnb&gNYX2Vo_;z6_Tq7n=4PCe1 zDG-e;J;>o$8mhZw>0%1Q*s$f*ZsTG6wZN4GFe+6% zXmCtU3Kr1WNImptm79(1#FqG?zT+4_O#(z01W{BLEO4c*=8h?^UUV5Y9C0$?LHbFd zMzI<5xgM~wd4PB8&d+0T*^7jF{H!=bIZ?|`iYGxsMNQ1BvpxoD)zx8bP#CI0N&%+I z9A8AC`B45=y;pACx`b`e;|LE~VZ&8nPnxte;`Cct6v*p&R@qk?+jf3lX|*V$SK%VI zsU|-9)oetc4X|Wl-!)P)KLtXq3~DH5xA1^(s(yJ@8ZO9@0(#w{zuqE-x`E3KS6t9T zIMvz|CSs12QJ#l^)T{%7LQgMYbOujz&2S5G495Cv=;RT5j|eRWF|XlzPlxZe;tk*nF^a~r2$gnKlVdRMd`rW8D&DziPBX!yeDXqU{b9BY=XukcLGiU+c9bX8b{$N}F}5P0PP;#ltH(&+^ILYvD1jgf z)GHM^DIhgV@lKnA+)ud+WA(go_N0glR@!Tu+$7BNo_71+{pa)kq$JezCB~J?NRxK6 zw#oN)mZ}`BiJSiTbOzz#1lu~r0$mMAy1G;!GVR7)x z_GZQQT40)Aa5$;JV{SXsWL^@pYMZ+s0zg+r%irs{1Qa1pb{%i8cTH;>Knezle`aEG zC54UX5sXVEJAo4|^@RbRVUi$BtZ%!-bFO9{Ndd(+dv#*li#i7_^?eOVm&`(o(c+s# zEZ=UukiN8`jnF%F+OoDYEWr!U8wq704Xalzg@arICf=g15GgK}p|h0x=a%nY4}#eK zNu5S49`7`eIp2f0fIZqsvQDwAQyKKxe6X&xKyc$n$NeiIsk!CrU&_UxxgRJciR8vo z;buL%_BcdS9I&emlu@@DoWGA7xn+yFU$X$+pQ^mwYi<@$!Z(OKA+N!Buz^o67uQ-;h{c#Lm%x$Pm&zux#LKo?XBK-87y zij?zqEJn2+x_;u9c0RO6Us}5E<_@tsy20wwahEXCIob)~-;%4i2j4S*;vCoF)h#M5 z`qN1{pV*k6WR8tV?oTZ));Quf<`_1DH?}IsVu&R##<( z+j?V%^-GA8S41r6cDw-l$%xvYbQNrRWQAJ^)$cXZB%A8(B2zPh1p%}1iF{l&0El&{uEypI7ivh0 zPTF3AiE^`|Y+(Z&xa-HayTB@npVSqtcCWz(*?YMYG!caA4#~qwI@jL0b-LL%&~9{x zY8r#acFLb#jQssGLqgq(9Bvy-0UB!xB?3kTdxJc~Iz75&cGNp~u1`Pa%)hC5V#JCr z2?nTK5ib_dhPLIqxD+tB(~G?XsB*R@6^~(POw7i;8mI|%j_C6dps12qzuiLOv{~CP z7||e?-5K!oIhd^5gUkYByQgK9oohqg-G=S^q<-v8sG7WcshfPnXSh^o7gU2E6KTZq zQ#Vv3b(F>k4b*udD5mcvHasrprZGF(a*c5uy^1((Cw?g|f8&*Yu3E({bTPnLIP}0p zcDw_Af1dwU-p^oj0dJlSex0G?-DK0*aIpwjLR~*JTnZ`wh7q?Y^5^3CMZfiF)SMP)C z1qj?YmnJ^YBIO1zETyJ+d}zyxezwouo-WyOBFZ9Qbvaqcvy%5nI=GPoQ&w=DJ_B3r z)vq56@vW|2>fij0E~jtYTeEF4`7MZQoL_xU=~80FFI{aSt$Hp~J| zJcJ#F!;>xXyQTeVT2;D^bZIs%!)8Iq94acwW9P1(mn7Acskk4YvgHU^)o=m26^Xg< z8+huf&Z><+iK>aT*OFa1M&tb*b2pwy_aUj~b-MpRNxfBQ)t9IXmuIp;)}`18Z z8A-_JnyoE;TtSRMHl@0L96C1lffH)u)QY(kj! z_A*GKYD}`A9O~U$bJp5A|$KfzgucuV$vVw|IM& zbn%6F&SPdJv*l!T8*lHw^;}*;z!!2QhtTshh8b{AQP zu4Y-sCZ}1c=q7ZaAFWh8Jy#d;ePU>Ye#j)4yU=05%yTJ}-rnvpeEwr);Ca~ek2w2*Wwd)6jE`Y`hJDc$6>>C*QXFcjjj`>>OC-9rRR*;;SuIWLBM9({tg|DFu!_E z@PmRNL;#X3Cul9Xlm@%5jjAhE_kvt1%BmcW^XekH74wG6dQ|ziB`=>7&)sy`7I8muP4nDVSA&sFbB$21#Y(g`SP! z_+qp#N=y_-=GzE_;Mn~?n!agxbX9(QTf*<1+VPMJv=Z^h5$w|XHQy2OAx)RqRss^; zO@BDhtck?Y92Qdakp)hdXQQLl?zv&Y@{-D0jrfmO^~Wk~4K+Yc$G5yu*YAJv&APvJ z5?LS`Sc=z6=VZN-*mT@_1tROTzl8IB)@iJ#K*1pfajyppJlbB|g}+6Ux!SfH5|EPc zlVY{l50o||w6l!zO_$e_<#*)KHLuUDGlk%qo=ucpxKOo~T(nUiuuLBXU)mcC+M7sE zV~B#^%cO?2Kn^1Hx-Ax?W@BZ)=al{t)fl2h^WnC|$YM>6I;j0pQdCA2x3wC%`wQ-z z(VS#D@#L}&f_n87Ep$L{*+YHIkQuWL7NcH~$r$!}k>wd9It7p9?X=lm+B*O_i5azq z^^fjgS=YVHPK@@PJhihm`uQ^BT!xz_y6)=A?bF46wfAw=GYF;0txAY>L3IO!=^fuG z&0m`i{t)(@ZUb0#SvzqT_zri2#SYO_UrfO61FfsfQ+`ZrXri8Vn$ucXa@y9fc3K_xQ+Tn5XVMevzh%l9Id(s22%i98)6be=XtcmrbvHjSQh>#z< z>C`j$leZ&elQ7#1Gj7MH67P@Hh#+JoizlMMNVuTSpYh&b&u{$M`PsGd!Zwr4{LdoI zyklg+N_lmOe1a~*LHK$+y~8gOG`zY#PKp>~Km;03D(oL`Ncm5cH@z|mldsF^5vgdi zKDzJeXQJjNyEkL)q~x;m2P^9awR=t)p}y&-X8(D2e}_o@X&>&Nu4;g^TFdr-Y&E_! z-zfOthkNqZ4gANe45fx|0lWQGgbe3*$Nb;F{}|~NjvkZwTMdkeE1Q$wC;t{V9d1JG8_Ox>HozrANRkrSrlXgfmmDpNAmyZ>RJLZeQ%)^G0goAAWC!p#Z8 z%t22F**o|C8)fHrk%r+J|R}wx1)E(euy#_>C^<=Md8(8&5osNa_?8uWovN(N@cq6MYEFH zC75Ii5L6l0LCpZJdNk*HssiBSgqo5YeCoB$5?2wn5bn(@CZHeXczOwl*QYcFuEF$t zyYHy)p-(7%%s4(H6dlCc+fen}_L_65Z1g+KV;)Hf)Wm48ha?O_WCtF9|W-w zroO+|tRfTC_eHH9Cwj8W_8MWyhu!=TK#oFhZDGpk2EYCttB8d$;x0pXAvB@Eo}oH3YLAy`#txNY zh>3`Tqen^D>Rl`SqXV;T;8e7a*Pw+PWkliR9ExWbXE+AL+D{j(462TLXLLZAsrb-X zIk29RVyKXSlw$u<)txBr)j|`5k|IpH@S_xXVC!VMp^{&yKX{WMxw$sFTqP?uw#tRy zK?$XC{x7n$@Ur!(kkHQ_hNP zyFCHyQ?GsysY(-nxumbTe*4VM!Tj|i!v-?50AnSutUyt9SD!_$E}g}4XO6DaZ0@6N z9>tuN?Ud=K@aH}jIRoptPOXuL@2Ab;mL8OFqv|%(>|?!lxq0f=RrC?%%1npr+&-PS z-h#oeXJ~NS#higww-JDPD{~*JfQN%|oR);;u@IYDTxIRORCO0`U0XX@lchkFf^`bf zDLJ~rxq6}c&F8op>&n>m>5;?Y#iH(>4FXtutk4Cs`5CY@)HvM-TOJImFov$&_GABu zd_c?7N7jJborIXZau`uovJDMi_Q#NwPU!ifk-JGw38s+xJ7ERc5b za1?6r{dL{wz0PI}-S*-~(P&-^Gic@E$}MD7zJ5x!uu2eX^+5U z@Lht%D1GO=x}+4&hCX;8b!OYkapd4N&CVg$==%Iz*w5_kzgYx&<`Bz*8Ex>I^z5SZ zO4;l}WRZt<)I|+u$Snl?c5jk$sJZaaZ4k*wd8LBxa!q?`yvx(_+Tg=XCoE=(6cTDC zH6X||S%I`` zpE^2m7o0PXyD1}Hl`6r9-gKLxjfHk?BqCNR`i!E;QBy;qy4wnu(oJ3uR z@`Mk)UsoPJepM-3HDFU|9yD|{r@O=p?Ya{w_nDdoEFa*bJQEZgP%E_p$OR4|g>NRC zO^9D*H!r2`Ged8QPIU%SE4*E-N8JYFWvo{CBHN~!^Y!6}X;}D{A^!s=LwDbWC5*f` zVj3^k4d33n{6%_iER6X#R^+^d4GG%Z62KvsD88Jwpp!Q9t~*DuT2Z?R8t zA=U$XDRuR8g6M<^MVtf?&f>V_m0zu3&rxW#sjTjoSh$T zO+)FG^J)x~Wc#fxFFUV$@TX>hbH(^T9w45hQgdoqpDwG&l4(5iH)VCmM+fNJWIY3< zIV9wOyAK51JaXPxpAoJgyf@UVcPgqp@J})pOW3Tn*Ygf{GUtv*=2qn7hdCwXo`q7T zEd@^MquelgFvPwT-tS?vR>Fx$rASTvISZVDS?|(#K#;iU5wDL!Ym;4P5o|6MB3(Qd z32_H3w#?WUT8+7iC)9Tr_kz=J-~$R?B&+V#-SIihT|Pu^md;`AM}aN-+y{GBzf5fZ zMLB=>ULq(%EXTJWaHAKB+@i#VO!H(nPQ=vDqdQN^<_y*84R6y(Y$SK)ydLBcl2R^! zwr*2vCdacgEskx&V50=CqYY2aEKwtX?3OU97?UfQE)B))QbXhnAL+Kt;sL;d%7e|u zvY|9tj&}st88ffsmf%fNm+E!ylDd_!a3O}y=P>ipu^G7{&TSdQa;1#p9+j-s;7kcB zS@R$hC*kkyzb61+a4a#}$uKezzumuVK6`G){FYLi{ZwuBrQmHN^}QAjnS^TeHZljN z%`F@J#_nKxz3@TZ;HLK0h7)q9EiYCYV7fvqUf`|IONada1d5W-J>4K2gg~5flBMt3 zm$A%!Znt;<@j}aGQ&f%~!OL3t0tz?gM+46JzaEYRYFl@u`}It)KWeaB$6Q3RqnryI zO@PBpC^HTJ>^=OP{f9%M%SNXl?o}6{AvbAgct(nU{vBlEX%DS$$@o@J+OaHRS7z4L zck!hl=K|!T+8#x7Q`UVcLM;2JW9j6snLHh;+&%=9)_t)$h#>HQ z_VCc3c!PgGY(0F$*dpsyl>eTMS@{IQR`t@hi&)PHYPx??O2Dw;=&&M?I(Lfak%|UR z^{>gW|FnbueD5Y{kcv#?otkC2w)zXxmG$~*p;T9;Wz|ktR9~;^{x2x-%{eZ2` zeyM00Xu`oUB~wexF*KaMah{GT;D1N~e2Yzcn55Z%&+Bmh-Ghk)xf4J3(7%Sg@-Hdg ztulS3diUk`%gnz*@q3PlC-SprwB~O;PG@HST~tg$mLl&~FmvqcZ>1y_rLW5u%xDEV zz4`Z+${*Wlmc55*XLG|ZLH&Pt8t*R5noT6=bYEHTp}+n+ADFGjFhiV(I;{PF;PGE| z;UCK7*_$U6`{bnAgcqIE))~LO#Rd}6`kXYQiS1*IKk6|5*4XK9zB{S)8Y9rqN+=mu7 z2Wg>uzZZLhjtEGIUKz1?A@kc^&89%+kKW<@z(9K1Tdg MR@6`c-?4o9f4#x5SO5S3 literal 28781 zcmeFZXHZnzwl<7xQ4tUWNwP|kC^-j3BuUO$BuN&@p+Q7JGJ@nNsU_#sK!X9092#hv zEIBu!1JF(P+n&9>`|NY|et*8Ix8ADz18UV;i#6vQW6TkrXG|isHI*qY(_bbcBBD@L zd8kW7bRm<7=$zlB3xqpmp7)K2h%V1MDk^HLDk`#Szi_vAbg?5MQi)7Xy{MmLLi2I~ z4-~(|#>&c$i1Q*=A(f@tG|+!=U4=`K<2<#_wVRBgHF>v*x86n(Uyh4=8ADR@gn^2| z_@b@0_T;Bm6z|VM*#`!4=41ms-R6DwLKgVoZSw0Eh}7;W^A5c%A+n9CWxIy6jA=eT ze_>CulbGb?#p#!yzN>YWS64rI`EB6T=;S$zLee%+jB3a!l#g_4w0NE{GYu@by+`$C1ptsE+=KlbUoX8uciN5{PP8(#a_lZ zHfo|;(Wef!o_g;jR_?v7P?Gs@>ATG9xfbFpl-6tl)!zoprFy?y%4EeoCF1gWo!%P~ zm42Ff+*VHNv_7P{Rh27nh|UL`oEoOFEy%UASpmh(_BJUX_bUnG{ z&Y1g&#-oClu5q%lk?1kF17fsfF+3hfTC(Kedb?0AqPGs7({K=TPQvaY(csfb`)I*vLz-p zzVhOel=h{lPc+qk=)Y`#A}>K6_i8!sX4ZxEPj=6lW{J_AcSguAbn@IImU}69>DBYA zB>DHZ60X=@N>^;WdgDbz(1#~n#8DB6dHO2nd-Ken$?B6QKcF6w`$%(2Dn*hVQTf1P zdml5; zl6AaN)*(`QP?GPZlfuQ($3PvWrcji}_EGfXZT*|2^b;?gl)Ury@&a_ed>nqpn-OlG z$2VHJLF6Tp5p5Z68ODF#D37urbA)!(cLcC;4IxfWQV=QF)BI#AP2w@Py=3uKz3`Gx zSzpaR&we3)BKM@m*q~f+l9b_PY)`SZk+phtYfbEwm%5kAswNzeA`D6+TZ)c(2UO$#lo!7V@23 zQgW}ot^14HCXePH$~|=$+V+R1KL@r4RLLbuJt9>2vFp z>VZl{KE~*Y>7oqQ?$UC>jlg-cT8g6x$9WNcSJ_>n-RrI|b3oKmn_J=byQZoljnrY#Ici- zQ>+tu9Q;vu954ZyXet#ilOI)ZPIG+i%nO|=@KCk!;|El3oA1r$xAd&bjlUKh6uBc} z_Fec##G%wR@OS|hL(WwLvVDI=~mPTQe%NHRN>occoayH8vW z=C&~#PFoi?`n=GaK3j2{H@B6xSGPsCWJfu-gpqoPrtPNfc)AU`*K{lN;|ww)Y;-~t zB;nE&(&X~=HyOI^|Xw49NM^_S)ZU z-FpCIzxyQH8qj(AF1A)9PXnw`HfUxhY*y)7v}++9m7P0h+Dg+Zj#@(nVPsLVS41MN zMo?VYy<)|b&Bz`{5vQnmK~q)JKy&V~lyHp6=eDI757Z0G?V#zCy66J+lzxv?d2>Ds zh{d+~#dU_^^<3bt$kCauzy{w;%D$cj;5Q(|2qr$=^ch`}n`2dK)xPkyBMi@tC%7U7?as-U zZjCgV{grm{=cPz0ue8xUyb?uTdMSX$g@%{ZjUrT$Sh4YqjOCMNh59^6s@JuOO>g8# zg|C>=pwuPAWO&P+#9=bhLX5)LIYHP6)!BzEfP$xcLBj0XxS1?L2Qm{dg#Rl+H z-6n8(t*augmAUGgK#aR;C;L~nakdzKghjK>cZGb#r`AhnO5M?hydaRVjYs#AusT)h z^OP)=&um>B6YQ~`4cti$r~eW@i7!nF#>2PBs4ug>nPV^)-#KGGYv0EV#riP#x?&B#@_-CoEX)mMEI;$Lpuz?z zSLGkOsKLftU>-*~d{cb+eCVbC7g_UC{S3Y74nA8mh)*{ve;4k{3-f3g0K337mo#BR z^M{LvDHa!68+YiduIkU0Axd4!$I7RTksjji=v~>IKzfwZF5f(6Rr!0oEC!1fHDEAE z-R;>Mp2uSq214V)2ErOd=|#Ilttca}AerMNf@&s98XGn1+&pE?1% zC{ide^ac#k@u4=gHUc4Pr<=HgyyacaG*0?pF>K2g+pew7jq&&y4orQt{aC+iJ7 z5c}Z0JIlmtdy-pTVh=>%3R3F~g_dB;Uckv~YLHor;JjxbAR#KRt zcKyM%OBzv^UtQ+rdUg2{mrM~U4b^=T5^CwZd@t?Nr}qK3kKbDsHL=y79}9%J)WT5q z_AvHLTbKrGAev)gV=w!K{ZP6)am(z2>^fBpooI<1@A*qtSruLqog@Cmh1i3<=XZuY zF8}i3pMMwnSYc{~lKA&;bUq@xlqr@m6#0wq{~Y==N63Yr*S~m8%v52je$-2o?RWFM zboHv(iSX~AvR020e=d$K_PqW3dA_Xf&HepTqR?2Ht75Jq**8dkFRppRDSgX%zI^b@ z|6!a?8t&>*Ye?SxJ4+h{9rT#?b?s0H&1poB>y6**f!jqbte7%*5#q6)-SpKEaPd+W zR`T|57wqzZn1NAD^nwN+yRLE2$1~h*g?o|Qc~=X+kJxxe9(H_1Aaf}L{``hT+^-dX z>8jsF5-~0pQ{iU;fbM7$VMC)TC(p(DIiJ9DrgWV9MSaE7H(gIEqQ3$zs`8_>X@Ed__ z+=;~Q`(d$U0sgyjW3`FJyS`8DcBS0Fs{#k{Gk7NTRQ`pHe)lM6H!qtkmEYL=rIm+I zWH*OFyL1xI{lt{@q`WL`;)@&9D{e~c*1?r0it4zmmx@D7|0rX<)Zf^9})>fK)h&7}C*Ua5{06Kda2873*J8SCWPe)x+ zYl5sAb+p|JrWC!vYv?w4kwf2tVWtPGJh%5AEpbxq{L5aRGS8FiCU!WFjhe{7$#^a;124 z{C2DaSKnZkb6RoNXIz_HeR$jV0O(m7Jx=+nc)&`o2VykB0WiO1})nieD*}!wKtFD4L$g+)N>Uwuczr0G{&EEc?cNew9zte}!4(Hhst`nq{nf7DFi^6i&{>q$P_~XggjKt~o;me$|xT zO-kOJZcuiS_lWn~scE%Y?W6YS#KgZPRn24$+KA)g=8g-ya%yYnHj?MMGzZ6Nw;>Me z4zOhL?4jf51YM4&?2+~LqwUJ@sX#cT1A0_9Jp~0n+nZbZuAK9>1HX)aI+Aw|re)gL z*5)ZzZt3CS;o}6KZ_fyawQjD-ca7Qg+l=P3d-Muax`4c@a%2-Rr|#GTE&N*qsE29h zx%+z7S&_s>=h>1kbb(&jGMAb*2wlE0-JtHJ7QU+tc5mf4f-gkpFs4dV6J6 zT*WCWE=RW2p$DR{*}4wkqv1DaOvSB%T<{H0^F$`hLHuwuvuX?6a=*^F-p?@$*#Mai z8a(PaLK=f?P0Rs<8lx?Gz~kM94i)q00;>+N;L}WNlb1d)>W=7Zcfyry%<7^sO25@h ztb*d{sG28>NA`4cz(fQlt9h>owkq2LIplxS{Wzo-M&Jbrc zPd@EP@V019x2`7}<*E~BSE^DLpVbQ8Xq=HHE#O`{=-KOQRF0uznbDZyE7l0SH4|KB zb+kSlGhtBnv;)mZ6EBCYV!LE|Y}l0LG(9v&fj86TckPp}7agoFJ_oqFF zwPJJe2^R>pE)=-xdfyKo*~!VJKt2P|BA$O7DIU2}B`^cm0nX zx(v-IT&63_UD9lxZH|$^z|`(80%jntUQ7D5kS&OFSz)Rc^mu0-4D+%Km}}&B>_i-g zz@q>Qp3i1csXWtO(~-H-Qb#cNj`rJUsu2+NKk_F(7pL%p+w$`_M_#e{sYMK{r@GC7 zzE<`=_u8!XitT@WV3YB=I9=Gmp%wTz_-^2CD)}55OQy#VU5Rc8!GldUk}ha$3IR@I zb~r8MZ?#k{$I0FX`NC7&?A3vqcClrAU_vO^tx4who%0SsNj+DEIt6}})clA!tX1cyb2{rGt`(*Yw@=+fKbADg0Zus;YZ@wib(U2PREG$?T{Pn8<0 z@SVYecSyrPzJbEcj%{xDtur5q3~V*yLzS1Omg&RmoMk%rJeeExdtSYXuC+ATd>-Uz z*59X=L{uY_!f!zX%nCA>NhGI83%3u1*9D5rTH0i9I;%s2a3^;U4&s@zD3Y6k{FQ{> ze;D{mub8Sp0@+6{>T-m5qQ;mds5g8K33E- zQ=BG++@zBYcuIqMtP&31PDbbkpkNW=8z6{PCcQ=CNp^SqjA#IQi^b~r^GVHiC8lYU zKI~%r<2Bwb2H%A<;Kxdnxnj>a>AfVAs?vBS94xK*EEqOi*~*lL^pZlZ4BK04OiS_N`@(L?1!9327U-f>VAsg4FqwMrh2VV@8wGax43p{s+qc4&3Wr%Tcb#_@ zQHIdAgJO9*G``FV%Zi$FA3p9jv3eYCY@X2|-}=_-7g^@Na*lUeI&lix4^!@u!!TYK zXxsO@u3at-)wMZc8#M-kIGH;*?T7r>=P}^;E}$IX5wEF)IAH+`+waX5;t*|Knja}l zR4A{4xHlIDX6O%Qpn_~J9-#x~#S+f<|W-rwP(F(z3 z7WP0JJtkJ=)z{G6aqhX8FXE;Utlc2SIruBh?^5QGQIgA#VlwL8Od;n?E#4!tO3NzZ zPyK|S!A9(hpem{LMmoyIQAwRe)zx{9mHADOVuE+*j-pOJ(7Yh}rdK<7bKifn+Si$1 zN$E}Ry}+WH7ptYBzD@q^gy5@hSn1;FPx8A=JQRCvquN>zch%|c?`Eg)q@ViP(Y*jO z{&&)xzfGgBK2ueg8c&Ql`<=BAlIM!cmoiP+b$_?{2)-td{hYO)x)AF3>HVd8ZdMnk zWR>5}_9anh%K6tCe7#dzzaMC%^ksF4!EKV?<X|NDUy$_Ry$VI zq76Y3|0|SVRDl0)3dJiZ^z#EemoFAr_~w^3{!J@%QZ9^tXn1DKiTH%C8amEmFMiK% zn5Fv_37Ocby_EMBm0gjYj=nin#n~6|XtKn+Ul){(&q6^U(8r3B*wP7u8mEa;Z{F7$ z+X++mS>@07_4VaDLn}{4jVpd#;fJzrO-T5byOXPLX`~+4C(>}QHH`-7|tIm z<~27sE~ZoUFd0kn+9J|I(%Lt_p68`{VCSh^CXHCb`VDQ` zP+yh2;^H+XP-6ctbpB(Hgf?-qx&#CU4{`j~i@5y29{5fVTK#{QjlArfxp7sjT~^-V z_dcTW**R+n&Drss%&(V7nBU?q>7~s1oZPzKImUCuX7w+t9ixM>ZaKeM{#Dj})cL4| z`Azr^>>^{ed(4c_V~A32h_xDa+X^k>>b{|-<8LxvSsM4T%-P2Yc)$JWM0wXB3idxZ zjH&0LS4Qg`vCV=WUyvPfdjvl(3Z18-wR+)?nl1=zatR3tQcST1w#%b3URdwoR(x%$ zdgb5B=73mFnVSJVk%>90HAfZ>U4~`0`~2E;8w4G0V?9zfzVztG2dw!o`a5hXjN0G7qIt*BAQ)$nqRYtyOTG zZ5}-+AnRz?q==U}e3%vTX?O{misO<)ZVp#@2JJEx@Jqi+#;nt3Y(oXN<+Bg3o%ILw2CGd3U9a^{;ldw|?F7S1&m13Qu^}MOOE8 zh=S5S0%Ao{q@-$$bQm-p9)c>K-y(t{IBDJYI*4kz*Z2^b!rN~R) z*(!A|=&>xwA3irD%2fAT_~Gi*?D-e;VzKJsBbkDpD6@>>BZ;E^BZ0@U^+C?+)+VZY z@8&Tv(Xu%*9h(mOq!>{qb)&Ic$Tf4kLZkay5k3;;{92>TK_J#44kW@1+s5u3S64B< zZ*N37JC0>;mc&~yYJo=;okko`Zo5=Hzu%qyJPD9$M~#MP0kBMpK$WqlQ6pebR9tih zI{j!j%0NSD%h@R(Tr9R(tbg^*YLSjytretZ(y%nO{9Dwxfq_F+muzdjkD5;q4lkG7 zZm5}=+n&NE`|Z|I-_E6^H3rs`gFK=|34YwaQwjyzZ7Rz8+r)QieS*-jr=z@4Wx z`-=$LG6auZJuGa`7&}R4o?e})!S+IHAt`dR_aYzxRXVdMRU(Ez3J*U3pe_0fXpL{E zWQvXS_DQyO;Q!|YvVG^X2fox>*#~a3;F&kEkNZ=r-bVAc+zxbosP*Mzy}2p4VYRCc zpFj;m)!NuhIl|*3J1`FrvjAJFapeIFBm^o6__RB0iwVyT*7mw7`XqbV8UE4Af??I> z;@7<4HfauX-=*n@f_1Qs&2c(Q6cZlXwKLT=lVc2wVLIQ)7J9JULqIXyhnySP=UM~V z|HGL#%7ik@f|RVSXF8_9tE4S9#OKA7Lzm1K#(y{w0`l})C1O-PVqhjBOxvufSzSnA2)SHv?$p{2C1;YHsQI0(tpZ%^_C)2!s86{w;?iYK-T7&r zkT7S9PaL7MWI^y(?q4zUtwwr^PKmcT9R|{vtT5f^r_*H=vgb0dxOMjJTbuQSUfiQ4 zpu!e{uBQb2-^tG$usZy7x*odxRx3F8kIF)>KRwpSJh4qrOw4v=yI=c6rLoRU_#A#8 z$y}H8Gj8PFUv!X{74TVbT`$gaJaracdVQngIss*kZ;%)E=c%K(i!p?H#1LNJy_;}U zeV2(}!0pTodpgF_#p2e^N0x0rki|qPkM-N>z|RxvT7U#uM(qpN_vtuD$iq`TkOBH* zRb}K>LwId#$UypFCE{Do;2*^e@l`EnTW><55x_!Us7hF=XzEEwpwJ92w?OpiH0W6t z+;LE7lGN*b=+aVt`Asdk6LVhEHa3nJt$-B@mg`35sO2gAODz|#8|Wz;s06NA%icYI zta`IyQ`n|&Jarkx7F7FJq-QdFGBoS&vEH#aNZ)eQ%JB$3FM9`2buZ*o{)&Tjk6YX1 zwZCHC3*P9!AMK&ZG zIJ=p0j#!gawykyht$Yvvz>LR17alEu+ke1%2W3_`R;Q$S&Di#LxU;H-9>{RpRbcKx z#SX);(i>IdWW)un1rZIvL9)cU8EyBZ8D)%~mLz{Gl<-^5Kdiwy3s>ZBXV>j2Ej5!H zYzF%Hkt-@Gw?2qo#Ui*1>47oXaOyG3QD6LeyvOv-g&1HW z5jPXfS}uVNq~SA7qzKIpe*0p$osyF!e}_?YV#4DrHY9EVheE>|u-Q5A5TW|qKh5u1 zbZ4_iLG9CyQ>3>?KVL|sW_I5aP+n5NG7w<+c-j@{Ehj9wi|}0f%#w8@aIZ!EP*T;S z4SQIByafd_D287#1@6eh+jxeseX1Ux(EL%-iH?uJ$6Ys;s^f!M0{p!^dV!eWao%8Em6!&)@X>f*0tQOkT3Dg`*x1Z%E)BhQqLT4|{`r->rx`6CfowD%Rs_rz~w@XQy zxB%?pXZ1-;dhcEo}9Ik=m@O@8_4cO=d!kQrcG;S)Q#epf{fj=E`lY9B&Q_^v3~q zswq#U0T6k5(VyPp;UWQ@idwM1_i(8^dL_w~K74w(faTgF5O9KWn;!Mx;l~_W!GfAn zNCpptAh6q{mvMTcSD&?2W7@IZZefcCB5(=V4;hxpjlJjDZ8S9a=!1WmC*vK3mz~7~ zcGLB;0hBF)lh|=238kr)+SNO&VI{HY?CRw2eQ2#GrQ-+E=dih!>b*5yd^Gl8vt?6K zpk0Jd+F^1h{KJ7Iz&oIEuFj!}PTuWtWAHeTGMYyKuS!loF28*;erFS4ck9o9_u|g; zVOdH$D@~X~?wrjMYWb<^A>XWH6?k$y4VW7&XBM*ZE_{@fKs;^25gbfBf7XnhDXh;4 zq(@9U3a3&SI&2d!pM)gBZ^n1D&zorlzRX2e2=wgYn{VNKX1se5#9h4(EEJwDRp{3= zJ~-?WPk!wSJFy59+#Sq2B)J`}lg435LvSGVbqWz_btTzw6Yukv+HO7ngcj&qb2&X? zsfr5y1JhI4xx?;3IIo{rP<~Y5VR!jO;<8-MO z_L#FH4xuhhpyPDvUTi+HfhG5*`ap^ZxHinW$<3k`ihyGM$(9o0gE+d~q`BpSry`cx z;V_<|)9I4lw?YfgxNUw^sJplJQF7PZ;%Q35h(a~^_rI{_BW5 z+I@#n^0=?UCc};)KyjPe`+uTQF2%%~Sm+Fg6}aW#RDJn-ArQU)T`}MDkYv7I+z(WK zmaZx_r~rz2yjG{#F`{Q|oG?(7y-V=HguIW*O8#g?0&8=T)9UgbV=Gv&-ox}XB{Mi_ zuoZw574J$cqVTRz36L`R5j5wC!$+OnJ&@Nn6o?xdC>F$m7enzJN4EzD1H^Y**7-fU zlEuH)+Vv-?vZJHs+XL*EFNlLl)iSM&(A}-M4STD5tt@Y$NtF3x?$eARvz$<=>1xea5&p63<9gXFnLr!h!jbVLx*ZeRZvXqXMtDjB<-Sz2tJAI8fuv z+NVhmg|+52u6|Om*XF(uUI}6Fe!-xnCeN!D(b+qpYivv>3-XQbwnn~~xPttPW}+Zo z&jLJRe6f%7I1s3e+OFylo$(*J505+opCvbA`?i-s+qeV(kMBfjsl6>>mvmeIwM#Z$ z5^sLvj%`nv*E||S%l>fz747dyYYU;O_o?vOD;9a|)IV0DXEM%i#b}v55YdhrtFl^9 zSzoJEeZ@(Lq35R+pX?4dP!vF!x3*XlfW$528M?JzIT!Ei<>0=Ly8M7prgqL(;^zcx z^o0ic4_Ceb9I2?hjol^bFF2jj8F*zpg2pOmT-3HNTYE=y=+JMP6 zT$}A4$B)5Y++}s?D*}W5F3DCRJLi1m>9pjJ9+(H8z%wXHFk3uTT?KdmcaGm-i%iRn z!GB;>p}vIP6oh6pi22VL@&ghY)LyJ*vo&2v9MX8+SF&Kda0~N~qWKBgHLlqQdl1*( za(d@4xeycJ9u5U>)gKG~Pi*B-IS*VZ7eZfFM0iLL_~+s)$J!#1f4ZrEyc~+UVGMHd z#~2iI5I*D*PIz^2{{x8qS6}_tI0}KJR82-oTelPzH9|2xSvLU~6u>h=^f!M%P*8x_ z>Sh?^UyAw1&_Cs&piBr~-migq6u(%>pKA-1p}zXRU->Dpzt#Bvn_RetAU@7wp?sE4 zKD{C_Ydc5uYju8Wf0?7v5^}-xKg!>Kv%qg=1Tte@PKx69tjUU{!qj_=LmtWR_1*SE z-@65n=f9o@!HyL6NM8T%RQ^*u1gVH^SC{1FJ!${^hD2$5&i${{^;Zh(3@7z^TfOQ0 zM`=Nb$60_`&Yo7h`?s+o&!#E2S+|;_I80Zo&lKk)^4zOM?Af*IR1d9p>c7kj`Ypb7 zk*3HwMQpJ+U(jCe*&|TBE)b_=Y0X)lQxx-*ljQ$EF=dwhKv?NU>I&n?+!E^(~uP$aVq0{a~;tjX-*?YideLm)Msc zWe*Qk$ST=ovi!Vi?~GTkK6AM!wiJ_@{gtTxn??R~I`v5k{_8_Jmh=8eP{X!f=VwK) z+FK`;ptkz0VF3?kL4I?eBhYa>ex`dUy9&w>Xq|E{FHwffYUIZfi)@Q(P=GhN#^>V1 zr7;4T%_Iv#N0yc*>of$|xny3@>lF%~$xgcJ6fj_R@6L?nkx>UY%!bgj=>um{3%+a%}dGdWHO>lcvRIA~)%>317zM&$vpwqtS{OXVQ;$-*g zjcf8>BsJVxw}!lCdzfLG?4_uN!+($yJ$TTSDH|2;RT@vN!&1dou%WSGxKLbOQeN&k zJ~=5uqERw?NUgrq(i<;w%V$eJ2Wd;7Tccr~#a#&%%AEHh^~Q}sbM-tFAII{X*2<0Q zo;zh)FF*C~N@VlO$h4^Ph2wf_jPgHzl(@hVs=wM7Rcxa{ZTh#Y355qB(4Z#|XP`6R z;(CW{<*WAPpf` zTH(Cmt*>iNV@Amg)At#gg+5&^jVj*tQfV*hr|C+t9ZoDFv++iPXte?#$l_LHHDuEX zcA9{UaU##8;m^3?xz?UyQD;Xc38pZSXI1Kn5y$7@vEx0 zsE)SwRX`%M3cK?_|M;{weLT=p!BsfOyv;cRV3V3Xe`Br{?IxzBXSaITo!=XhAmA>B z)`Oh;tN8j6EeK%y?&y1g`+9xp7oIu>LVV1A?hhuNyu47r99>@vtuNJvdcAaw7YCF4r{Bs*4!+fAq=|qe_5jUNC{1ws zv5GZ-Tve#Zv6uEPdc*u`JO`eC-utnKAwS>3bZu#=5NTKxp)HIzJ-39rxI>Q6FS5hZ z9*9&A|76y*uDgt!1i!d1RcTd=*cHCFT_NJ%XQN}#F4P_8l(t-Q&^DCaDpvVueaPbJ zL?5-rjN#7}5RjxK1wtRD9O9WNgup+^k)Jf#XIA`0lw~$45a=j!iKk5)Ezq|Bq`(KEiO29i$_k2Q9G!&5EC52U=k-*f zm9CuczoKzEOiEV3YEbbVY?d<9_ww_|i zoSz`rlRA1ze|CjD3SwZcr!_f)pwy5Au3GH9;p@MXg+J4W5f73m(EF~}WrUMNfHnJvHs1kvbW{h4DMt7t-ns- zGgF>j%AMq$nLdr`vpYa|Qrdg+OmHe57KM&w^d}9^Hm%tYq#<9RAkB68FC5EF)=qlk zA4&P@SpZyZ-t8bGfk|#vn?ka#cHgCtB8-Skg`OL9f&oE{fqm(t6=vu{sFlI2H^yoS z)iF!OB7xAWS-8&<2W0kV^_h09N;}00AFMM}MQH`CkqHJNrqaX%4G)JOu;FFlB_6OU2(+a4AWC(dg*S!c3D zkI{d&q-IXD^(%qn|5!45*1CK~I(qwGkz%A)K~?p>*RCmDG_81u`|RP(xSxeiBYCJL z#*G0v;e9a8?puiuPZF3(q1d=dV%G)ZQri|74{|rb@6{ad-4$G4i>Uo$I0V(Vfsa&u zhsv8ii4(TzUiB44@^3ZHC8RyyB|X>~?TD)$ z@8jvO&R7QNkF}QijR-o6(%`mXJ5!6xsL0Ts9csrkk@eGywcAkWq!Kziyk{ym zL`p3nr6(UBC|67QHbZ=Z&;=!V-I((kXsx)MeRraum7-PUQUP<1NUKPe9-NimutBK z5L--y?uwdiOH5b!O~`U`iNM!)J-PG+J+8FsH2iNZ0jJ%a6%k7GY(@R54mk{FlnmF% zXb03mR+TZkKC|qk#hQI_fbTr(-HW%rJpDck)6q7j!+`ONbmAWCe&|4XI%$n*;Znm2 zwKa*dnE75&zCTlTh2TqB{sH*rlZd{Y#)EBaazky!`00c z*u(maMQwC`&|AefE;2VLi`iOr9SJ9CmnoCWoX!buZw1=GLI~}F!dGHyak90wGYiLW zxHjk5i_bPf3Y><4GOe)$F4jp3bu{M_L0}=-SaRF=>a-6S>i! z+1S*>>JMEnKB984Gf3!8&5TxMgKd*Pt4ozp9@4HIzkGi1g)^7*grSPTYui`8g_IEHcFflcyN3 z!g0CkEg3ji_mFRG&jZH}6-#DFKs-~62f)jd3YweQg1umaf^L{_x5Ym$Q1-?F@H={S z%-R>3PJ6ld_%vP>x7QwZppi*;vRQTmJFpf)w5F-W&OdW7sp8HE`6=1%_+7>bz-f^^ zMcXRq-9e;{p$Vq#r`G9Uz=ebYUTR{n|7*ekcF?PC~!{AKVC)_ z)E+A5?yGsJ2B@B4FDe%3nOO5$S>E6TY&IN^-93Byx%rSw165&c$)MCla!@i19xJzG z_^XBsjpNWBD^uqUaWO3$EH$%8Lb!1|Hkg|}IiwAtEf|s(Ic1T%dx5dRVceiHE)|UI zNeh`-7F>qndtc>O&RmI#>aEKk4!vRXNj}F3v^TpT&sbO4Dqznk`yLgrhpCykCEbPX zkiV%UE7kK}*zGMz?7eU!+!5vKF7^s_eVldeGpA#M1U-5DqCmP(>QYw<$K+;ex(L~*)RS#NpH_gi&IjfW-a z)hQ9;R=B6a<7tenPU888vFeT{Cd*E3GRT%2NCyg1meI)O~KV7 zZ_dQs+0DUE*Fj!)9|x!_BX-Rg&5%5i1&J>|Ha5!LeAL8B!(SfzB|ccvt<_(@u5)YF zojj^1xBM-Om5jhPpZC@}#x8XH4@#r2aX0#xCueB7*5h_*WkJ+kV{CpuhdVD-+IeKv zT&$t7eU@`D3SVSeK1o`@K5$p(oHQ`#8LwJMJoCzw5P1}guBJO$zEiLixd|Kbbvzb1 zeho-sevDSK7OJ0*;n{Npjc>K|*CM^>+NP7s3JTq!Tyv#?jqWGQ5CUv{N|y8;HCA-= z5vMZ?bbcIgJOlGN<=Gw7A8Rseob%J1*kQlc8z@6S*IHv1t zA83S(d^|9=7Sgv|A6gZZzbPhQF)35k+$_?#;Ezs|cd-A_%n#!5R7xhK23uRD8!(`i z;rw6C-+4AKgvZ6b31Bj%5acnAd(6!JXHls-v7<7~Yv{y~24i|Z;My&KdD6r)?O)LcJA;*$? zu^K#gC_XaJVX*e=KFrg=?^&c~4(snZLf=~>GOoc`6NE!+Y?K|mbN!Y^YY1SUpvO}4 zztUR*KmXo~+!)>eDzo;3doYEE-sBP?oAaUz_2RGdx~mbux?A0!Bj^FNSa>#b+VM`e zCdgmtye3)#RVch1?GS>Gt)&nU&J2axn*!+T*jFRD(@oezaM8 zq?ug@-P$^(19_{y_tgaZ9X=8OB9Mp9G~Ksy{Rp13C*Rh%?VJe=VRRaN>m*JMQfq6X z@i=SbdBwquPuvOF{EpI`{(qHstd!>i_QZr5B{2yu&7hQw89T(w4g7(H&B0tnga(06 zAB7i4_cSjsGRXR}BoF3_pd50C_}iCS(qY>%{d;QRE9wEsEFjN;v$H#V1~c{Y*+(V8 zcHZQevHPR0m=A($pS8XgMu4*iVB?Z0v(oHp7+6mMm7Pb|r0{qe>p)A?_= zR-%=yP825NMi=DsHv@h+sEW?TPZanHM-w>Eu0MrC z@q3$O(4duD8#n2D&G<-o29@Jm(bX2%5yx8$w7#rhT6REzpGGwdm7$7<%^F zu>6@ZIm-!zt{FKp<+QkHED>UffT_WYefO`mQvIu_m|`Oqcw7<{$YM+bwW!f3H#MN; zNzBpAm9;aK+25~i-cbIM=sq~XE}KAKn$v6nJU%S><0kB!;rhD|duXUX)%t{fC2r{d}*Ow$#`ytB+fwqHrR(~yB=>ij6In%raSincSW=^|sp$A9 zQfPJ>bxBoeq$4d(c6;;v-p7nq5kt22kDwR^s=7pGZC4YHT-3}IYN@~mBcFBMo2PVX z)e}$UIOAaHt%aBkbcs2g@2TrA_w%uD!)+tfyO4rNXYro2!d*vcLk%lJP9X46C49Z^ zDr&32_E=ism(l2oGp0@Kz0gNtcDDS6>$F|PR}`ufI9le?!O z)RMt%SdOt)tg=+nX(*NBPI}@vSfrJk&*nlvlak%{w9rLIQmzBFbH{8W0r}Sap|O$+ zl0W0V?*mq*2LjnFj*CE4%y)<2do*X5Hy`~_NG>jZwSa3Bk(R0n!pL&7r=Re04WA~8 z6t{}hr)L~@?Rw;Mb0#q3J^YrK5i>U+)O-OshALJE41(Z;m;2RjXRr4X=-AK(5`>GX z*;fKK{gBXU>*`M49kU?!D1L??CB5+lmi74V@EpFaB3)Mst*frCr1Zu1y)z4~NCn^1 z%zssID-jA(E|%WjN0iKyv?4{mb$%X4FJgV0!P<@h41NE9HFB+lDbR})_3tn+tGp^+ z&&L$L8?{OOu9He`CXP-~eo82Kqoxhq&x#gO_B;U}v|*h&f(O32@wK6~(`<>AeVeB%QwKT*2Gm-zrwUl~r&b2a|C-#-vgguOV|7+04tJbuyo0tK>16eGbnS5}PYAz`_3QtQDGKFN&3mp6GC`~TeXu~GpE#L^ zEK!o4%#?rRTzuiK#*FLVSl|zHn0xwETyJ|7*MaxY*?-929bRKJl~l@V~z)#z`QK*AOCe zKlttc{`kk8yleuuwo6_q^}82dcCN9px=d%~6bJre-~Z!_^>u{fM%kYXl>afoe;<+{ zme(4Y5Qvw+zu*0b%tL($|5c$uxOwZ>GyU=D%p?U5e)r;!1bDaR$kEm9bCeNIyfiVl zsg;U`O34DSJJTL>^f!V3pQ(uM+u3OYoYm!I!9$+#MTSJaim)n$IjXRtbmg z^PhH&rQxREe>80ux}1N{XWAN`CX8-Klf)#egaIvOG2Kh-WVJ-4<%N2WXWioc)?gP4 zN&^fa-t$9!aW~LWH-)VtNuurDN9+QSQ{3DFrPvr zs7_@!O48k}zS>ZG-#%tQ<5+SA6vJ&~;Qm#(u4OEmt zf4-w*W_H7(Kk)0@Yd4lQ9az5gdBZ2A!`)=1)YQ~$l*aBjo+5g;5o%ky^RkcJgm004 zqOUYDoR++RU`a$&PIIU5TBISHO$`ig+C18&d-LWE3^}$97TRqozw*mN34aIHPng2_K zD}zPi$W{Z?DrRgY>zb;2u~&N1cy^=j_xu(?cU+9i|7q{q!=XyUcuHGsDQ#L*qLt*n zZj&$~mu)aEjiGVZ1>+h+F7sHlDeDrYA;zs_D0kx$5Ax&^g%ldZY$5kS5^YxYJ6+J& zV%i|60Jp6cK zO+?Vt(KI!2s(`cWna)<(=CF$7OGlk$Mxy=o;-tb3GzJ%$JpKH#X9jvE;hi8&+c(nvNIW{ZHu$wALL_5Fecwn=KD1t6?x<_Zsm=Oq? z`IHjZ=5!p<&!k<_iWKJ!%ZBP#cpCgVO{m+FN(Vtn)3MO*jt*lpoSNapyCdoDJU%mv}3Kkj<) zE7_isi#s{Tr|L*`VT29z;PDi~D}~g>))PaQ_JG4u&b-acbR7Ou!Lb?zEqS@XwyU!C zXKSW{h_~uMLgu1&W1>mpKK(Qu{iZ=*b1NJr#B@WJFZDvb^4Mvg>-wO9h7sXH2HTFCeA#!dEF?g6M||JgNLoZxbQU zUIXVp1xQ$X(i++k#elZsFxoUe%dFnHvBHS>_m+OqbMK_FRJF1Z-~Pu%3{i&~RwRG1 zX31Fk*(w@HV%FEPW<#q2eyGc8vuPM~(%sRLERQZ1A!$VJDGTTy0o#w?1;7;{RX{h@ zwl)*vUMpSZY*vb~iIlFHv&rD_E><+Qu-c`F-(4`1l43pdfyTVHJtR*0ePm<%-rXfd zi;*>5t>j435yc5-mZCteyXI3OE8(h-3#4%Dxh(T-H6FQTE;TE#1=`?J?qP1bHjARC z2i8+_Kyx5Hpvdh@1wZ>hEpDh^;nQ&s|H+3AAJ3alfTNoD(fXzEE8fu^C?RrqRul|o zxrOriAtjV{Wn@Jbn0+)XDWHU)QcyT|a-xKR60)E9wRbt=zrx#}Um>*;QbJO>YOrg+ z+8$Cu5&LOtRi2arB~)40v4#?gfRxa)8m|>ed-jQ#g_Ka~{f}(dR}7hY4a|?c|4p|w z76%hl_|5)oCb;6Z?g;ICVfW~=UAF~jduR5I3Qt|G27SJ#U@U_xctIK0 zg0R{$@{<7;^S=$RaXMQW zXkC8OV%^L(ugh*mV6u7|5tyuETm&WvOhD2QVUuO%{1WewptCx(ATaqVJU%SWj;C_2 zTX#A5W*~#&!E-xRlDwi7#X#L9&Qf0`Q7! zn6sAF!j$_qX7&Z9{>ob2r9AM~1~&1!!agaev%Sj#Ua|FT4aLsMc&+;7rI$_J#Z6Tv zKUt0BuUCS}90envLbfk^p8a*a)}O{XxWmiW^D;uH-UqE5@Q*;i0Kpgm1B9_)1Pllm zzOgz2hR;-wFayF2OYs*00|EvF3`-tBz_8>Bgc<%XFjTKQ#)^o>ZEDnq{u>3OZJ?EV H-1g$Xp3FQ2 From 3de8f5bf54d4b1fb802665e8e65031323b215139 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Sun, 6 Nov 2022 12:22:47 +0200 Subject: [PATCH 3/7] Update oauth-setup.md --- _docs/administration/oauth-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index 261fe457..2d9469a4 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -149,7 +149,7 @@ data: #### Step 3: Configure OAuth2 settings for Custom Application in Codefresh -To complete custom provider authentication, configure the settings for the Custom OAuth2 Application in Codefresh. Configuring the settings creates a K8s ConfigMap that references the OAuth secret credentials. When configuring the settings, you can work in Form mode, or directly update the YAML manifest. +Configure the settings for the Custom OAuth2 Application in Codefresh. Configuring the settings creates a K8s ConfigMap that references the OAuth secret credentials. When configuring the settings, you can work in Form mode, or directly update the YAML manifest. >Important: > The values for all the settings in the ConfigMap are the `keys` in the secret file. From 739187d6d107f1c0360caf51766559b7639addc5 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Mon, 7 Nov 2022 14:03:44 +0200 Subject: [PATCH 4/7] Update oauth-setup.md --- _docs/administration/oauth-setup.md | 42 ++++++++++++++--------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index 2d9469a4..de691b3b 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -63,49 +63,46 @@ To set up OAuth2 authorization in Codefresh, you must: * [Create a K8s `secret` in the runtime cluster](#step-2-create-a-k8s-secret-resource-in-the-runtime-cluster) * [Configure OAuth2 settings for Custom Application in Codefresh](#step-3-configure-oauth2-settings-in-codefresh) +{::nomarkdown} +
+{:/} + #### Step 1: Create a custom OAuth2 Application in Git Create and register an OAuth App under your organization to authorize Codefresh. -> Make sure you define the correct scopes for the custom application: - * GitHub: `repo` - * GitLab: `read_api', 'read_user`, `read_repository` - * Bitbucket: - * **Permissions**: `Read` - * **Workspace membership**: `Read` - * **Webhooks**: `Read and write` - * **Repositories**: `Write`, `Admin` - +1. Follow the step-by-step instructions for your Git provider: -1. Follow the step-by-step instructions for your Git provider: - **[GitHub]**(https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"} - Notes: - * For **Authorization callback URL**, enter this value: + * [GitHub](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"}: + * For **Authorization callback URL**, enter this value: `/app-proxy/api/git-auth/github/callback` where: `` is the IP address or URL of the ingress host in the runtime cluster. - * Make sure **Enable Device Flow** is _not_ selected. - * Select **Register application**. + * Make sure **Enable Device Flow** is _not_ selected. + * Select **Register application**. The client ID is automatically generated, and you are prompted to generate the client secret. - * Select **Generate a new client secret**, and copy the generated secret. + * Select **Generate a new client secret**, and copy the generated secret. - **[GitLab Cloud and Server]**(https://docs.gitlab.com/ee/integration/oauth_provider.html#user-owned-applications){:target="\_blank"} - * For **Redirect URI**, enter this value: + * [GitLab Cloud and Server](https://docs.gitlab.com/ee/integration/oauth_provider.html#user-owned-applications){:target="\_blank"}: + * For **Redirect URI**, enter this value: `/app-proxy/api/git-auth/gitlab/callback` where: - `` is the IP address or URL of the ingress host in the runtime cluster. + `` is the IP address or URL of the ingress host in the runtime cluster. - **[Bitbucket Cloud and Server]**(https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/){:target="\_blank"} + * [Bitbucket Server](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud){:target="\_blank"}: * For **Callback URL**, enter this value: `/app-proxy/api/git-auth/bitbucket-server/callback` where: `` is the IP address or URL of the ingress host in the runtime cluster. +{:start="2"} 1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application: * GitHub: Application ID from the URL, Client ID, and the client secret * GitLab Cloud and Server: Application ID and Secret * Bitbucket Server: Key and Secret - +{::nomarkdown} +
+{:/} #### Step 2: Create a K8s secret resource in the runtime cluster Create a K8s secret in the runtime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the OAuth2 Application you created in your Git provider, and the Git URL (`url`). @@ -146,6 +143,9 @@ data: 1. Apply the secret to the runtime cluster: `kubectl apply -f ` +{::nomarkdown} +
+{:/} #### Step 3: Configure OAuth2 settings for Custom Application in Codefresh From a3da4f860a6cf75b48f9f188a7c4d7dff08d9210 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Mon, 7 Nov 2022 14:08:22 +0200 Subject: [PATCH 5/7] Update oauth-setup.md --- _docs/administration/oauth-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index de691b3b..9339fe79 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -88,7 +88,7 @@ Create and register an OAuth App under your organization to authorize Codefresh. where: `` is the IP address or URL of the ingress host in the runtime cluster. - * [Bitbucket Server](https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud){:target="\_blank"}: + * [Bitbucket Server](https://confluence.atlassian.com/adminjiraserver0902/configure-an-outgoing-link-1168853925.html){:target="\_blank"}: * For **Callback URL**, enter this value: `/app-proxy/api/git-auth/bitbucket-server/callback` where: From 3fd2ad4a7035d3f87e2de0d004f4347ad4176767 Mon Sep 17 00:00:00 2001 From: NimRegev Date: Mon, 7 Nov 2022 16:12:16 +0200 Subject: [PATCH 6/7] Update oauth-setup.md --- _docs/administration/oauth-setup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index 9339fe79..57f825e6 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -59,9 +59,9 @@ Supported Git providers: * Bitbucket Cloud (hosted) and Bitbucket Server (hybrid) To set up OAuth2 authorization in Codefresh, you must: -* [Create Custom OAuth2 Application in Git](#create-oauth2-application-for-git-provider) +* [Create Custom OAuth2 Application in Git](#step-1-create-a-custom-oauth2-application-in-git) * [Create a K8s `secret` in the runtime cluster](#step-2-create-a-k8s-secret-resource-in-the-runtime-cluster) -* [Configure OAuth2 settings for Custom Application in Codefresh](#step-3-configure-oauth2-settings-in-codefresh) +* [Configure OAuth2 settings for Custom Application in Codefresh](#step-3-configure-oauth2-settings-for-custom-application-in-codefresh) {::nomarkdown}
From 766aa84d0ff2f94edb2e9c92c9f89a157023240f Mon Sep 17 00:00:00 2001 From: NimRegev Date: Mon, 7 Nov 2022 16:14:36 +0200 Subject: [PATCH 7/7] Update oauth-setup.md --- _docs/administration/oauth-setup.md | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/_docs/administration/oauth-setup.md b/_docs/administration/oauth-setup.md index 57f825e6..e07369ea 100644 --- a/_docs/administration/oauth-setup.md +++ b/_docs/administration/oauth-setup.md @@ -58,10 +58,14 @@ Supported Git providers: * GitLab Cloud and GitLab Server * Bitbucket Cloud (hosted) and Bitbucket Server (hybrid) +{::nomarkdown} +
+{:/} + To set up OAuth2 authorization in Codefresh, you must: -* [Create Custom OAuth2 Application in Git](#step-1-create-a-custom-oauth2-application-in-git) -* [Create a K8s `secret` in the runtime cluster](#step-2-create-a-k8s-secret-resource-in-the-runtime-cluster) -* [Configure OAuth2 settings for Custom Application in Codefresh](#step-3-configure-oauth2-settings-for-custom-application-in-codefresh) +1. [Create Custom OAuth2 Application in Git](#step-1-create-a-custom-oauth2-application-in-git) +1. [Create a K8s `secret` in the runtime cluster](#step-2-create-a-k8s-secret-resource-in-the-runtime-cluster) +1. [Configure OAuth2 settings for Custom Application in Codefresh](#step-3-configure-oauth2-settings-for-custom-application-in-codefresh) {::nomarkdown}