commit 017c761fffdb1dc337efc8fbf7c6ad89ad4112fc464f10a12b5e33affde7630e Author: Reinhard Max Date: Fri Jan 10 13:08:05 2025 +0000 - bsc#1232242: Start clamonacc with --fdpass to avoid errors due to clamd not being able to access user files. OBS-URL: https://build.opensuse.org/package/show/security/clamav?expand=0&rev=270 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/1305.patch b/1305.patch new file mode 100644 index 0000000..63d56b8 --- /dev/null +++ b/1305.patch @@ -0,0 +1,2255 @@ +From d11590f7a443b19da04211c13a57395f33ed7b11 Mon Sep 17 00:00:00 2001 +From: Micah Snyder +Date: Wed, 10 Jul 2024 16:26:00 -0400 +Subject: [PATCH] Fix unit test caused by expiring signing certificate + +The clamscan test "assorted_test.py::TC::test_pe_cert_trust" is about to +fail because the "test.exe" test file was signed with a cert set to +expire after only 2 years, and it has been 23 months. + +While attempting to generate a new one that will last 73000 days (200 +years), I discovered that any signing certificate set to expire after +2038 will fail the trust-check because the `ca.not_after` variable is +maxed out `time_t` incapable of expressing a higher number. +To fix this, I've upgraded the variables to `uint64_t`. + +I also had to replace a bunch of generated signatures to match the new +"test.exe". + +Finally, I noticed that "ca.not_before" was being set to the token[8] +instead of token[9], which presumably mean the "NotBefore" field for +Trusted and Revoked Certificates was non-functional, as it was treating +the "CertSign" boolean as the "NotBefore" value. + +Fixes: https://github.com/Cisco-Talos/clamav/issues/1300 +--- + libclamav/crtmgr.h | 4 ++-- + libclamav/readdb.c | 4 ++-- + ....HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb | 2 +- + ...g.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb | 2 +- + ...HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb | 2 +- + ....HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb | 2 +- + ...B_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb | 2 +- + ...SB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb | 2 +- + ...g.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb | 2 +- + ...ig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb | 2 +- + ...g.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb | 2 +- + ...ig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb | 2 +- + ....MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb | 2 +- + ...g.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb | 2 +- + ....MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb | 2 +- + ...g.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb | 2 +- + ...SB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb | 2 +- + ...MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb | 2 +- + ...SB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb | 2 +- + ...MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb | 2 +- + .../Test.Sig.CRB.BlockCert.crb | 2 +- + .../input/pe_allmatch/test-exe-src/build.py | 4 ++-- + unit_tests/input/pe_allmatch/test.exe | Bin 1447976 -> 1447992 bytes + .../trust-sigs/Test.Sig.CRB.TrustCert.crb | 2 +- + 24 files changed, 26 insertions(+), 26 deletions(-) + +diff --git a/libclamav/crtmgr.h b/libclamav/crtmgr.h +index 468c2626b8..64a009892a 100644 +--- a/libclamav/crtmgr.h ++++ b/libclamav/crtmgr.h +@@ -66,8 +66,8 @@ typedef struct cli_crt_t { + BIGNUM *n; + BIGNUM *e; + BIGNUM *sig; +- time_t not_before; +- time_t not_after; ++ int64_t not_before; ++ int64_t not_after; + cli_crt_hashtype hashtype; + int certSign; + int codeSign; +diff --git a/libclamav/readdb.c b/libclamav/readdb.c +index 46fb55abf9..9d37d44323 100644 +--- a/libclamav/readdb.c ++++ b/libclamav/readdb.c +@@ -3463,8 +3463,8 @@ static int cli_loadcrt(FILE *fs, struct cl_engine *engine, struct cli_dbio *dbio + ca.name = NULL; + + if (strlen(tokens[9])) +- ca.not_before = atoi(tokens[8]); +- ca.not_after = (-1U) >> 1; ++ ca.not_before = atoi(tokens[9]); ++ ca.not_after = (-1ULL) >> 1; + + ca.hashtype = CLI_HASHTYPE_ANY; + crtmgr_add(&(engine->cmgr), &ca); +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb +index 94fe32aec2..946e6efe3b 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_1of2_MD5_FIXED_testexe.UNOFFICIAL.hdb +@@ -1 +1 @@ +-05fcb14bd4dbad8617251d4e22708367:1447976:Test.GenSig.HDB_1of2_MD5_FIXED_testexe ++8a655379478861572791e2404f45f9ed:1447992:Test.GenSig.HDB_1of2_MD5_FIXED_testexe +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb +index 261053d1d8..198c450d85 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HDB_2of2_MD5_STAR_testexe.UNOFFICIAL.hdb +@@ -1 +1 @@ +-05fcb14bd4dbad8617251d4e22708367:*:Test.GenSig.HDB_2of2_MD5_STAR_testexe:73 +\ No newline at end of file ++8a655379478861572791e2404f45f9ed:*:Test.GenSig.HDB_2of2_MD5_STAR_testexe:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb +index 7a3d422c7a..7134f239af 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_1of4_SHA1_FIXED_testexe.UNOFFICIAL.hsb +@@ -1 +1 @@ +-2ba31b0352bae4f57c1c9144f64ac7a57c010876:1447976:Test.GenSig.HSB_1of4_SHA1_FIXED_testexe ++4a2a55f483339bf55fae340f82d3b42001b30e16:1447992:Test.GenSig.HSB_1of4_SHA1_FIXED_testexe +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb +index 9d05bc2da2..f5e239bbd1 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_2of4_SHA1_STAR_testexe.UNOFFICIAL.hsb +@@ -1 +1 @@ +-2ba31b0352bae4f57c1c9144f64ac7a57c010876:*:Test.GenSig.HSB_2of4_SHA1_STAR_testexe:73 ++4a2a55f483339bf55fae340f82d3b42001b30e16:*:Test.GenSig.HSB_2of4_SHA1_STAR_testexe:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb +index 60300a3689..fa06ce21cf 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_3of4_SHA256_FIXED_testexe.UNOFFICIAL.hsb +@@ -1 +1 @@ +-4f713f2f0d3269d5ea24bf58c8acff9ad67d53044c07f028ae825cacffb6e82e:1447976:Test.GenSig.HSB_3of4_SHA256_FIXED_testexe ++ecb52dac06daf876b6ed53063c5fdd5a3e05a0e70f7d326670f202f36ae66c95:1447992:Test.GenSig.HSB_3of4_SHA256_FIXED_testexe +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb +index 1558769a64..ae6af8f50a 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.HSB_4of4_SHA256_STAR_testexe.UNOFFICIAL.hsb +@@ -1 +1 @@ +-4f713f2f0d3269d5ea24bf58c8acff9ad67d53044c07f028ae825cacffb6e82e:*:Test.GenSig.HSB_4of4_SHA256_STAR_testexe:73 +\ No newline at end of file ++ecb52dac06daf876b6ed53063c5fdd5a3e05a0e70f7d326670f202f36ae66c95:*:Test.GenSig.HSB_4of4_SHA256_STAR_testexe:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb +index 60ea617381..ab261f1a2e 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_01of16_MD5_FIXED_text.UNOFFICIAL.mdb +@@ -1 +1 @@ +-34304:c2cf3afc85a94f96246ebc2d10427b99:Test.GenSig.MDB_01of16_MD5_FIXED_text ++34304:1931e3808e2374839e1cb81790d14c14:Test.GenSig.MDB_01of16_MD5_FIXED_text +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb +index a5fa019c22..86d2153bea 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_02of16_MD5_STAR_text.UNOFFICIAL.mdb +@@ -1 +1 @@ +-*:c2cf3afc85a94f96246ebc2d10427b99:Test.GenSig.MDB_02of16_MD5_STAR_text:73 ++*:1931e3808e2374839e1cb81790d14c14:Test.GenSig.MDB_02of16_MD5_STAR_text:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb +index da1edc59fc..70e89a1f14 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_03of16_MD5_FIXED_data.UNOFFICIAL.mdb +@@ -1 +1 @@ +-1168896:6623c7640384c88d74cc4d7701a02627:Test.GenSig.MDB_03of16_MD5_FIXED_data ++1168896:b724ae3f375a29dd4d5fbe37f430c0ea:Test.GenSig.MDB_03of16_MD5_FIXED_data +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb +index 7fbd3d852b..e854e6cf60 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MDB_04of16_MD5_STAR_data.UNOFFICIAL.mdb +@@ -1 +1 @@ +-*:6623c7640384c88d74cc4d7701a02627:Test.GenSig.MDB_04of16_MD5_STAR_data:73 ++*:b724ae3f375a29dd4d5fbe37f430c0ea:Test.GenSig.MDB_04of16_MD5_STAR_data:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb +index 26fb2ba711..764299be73 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_01of32_SHA1_FIXED_text.UNOFFICIAL.msb +@@ -1 +1 @@ +-34304:7bcc8fbbab4b38c28cb9a571fa7004d8ff47b09d:Test.GenSig.MSB_01of32_SHA1_FIXED_text ++34304:45f9f37f318a50c62d3f26699f2415338ddc1f81:Test.GenSig.MSB_01of32_SHA1_FIXED_text +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb +index b614ef8fa0..3feba8624b 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_02of32_SHA1_STAR_text.UNOFFICIAL.msb +@@ -1 +1 @@ +-*:7bcc8fbbab4b38c28cb9a571fa7004d8ff47b09d:Test.GenSig.MSB_02of32_SHA1_STAR_text:73 ++*:45f9f37f318a50c62d3f26699f2415338ddc1f81:Test.GenSig.MSB_02of32_SHA1_STAR_text:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb +index d7bca8539a..7010b7703e 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_03of32_SHA1_FIXED_data.UNOFFICIAL.msb +@@ -1 +1 @@ +-1168896:dae420693dde3530da0ad06f593148c9647a66b3:Test.GenSig.MSB_03of32_SHA1_FIXED_data ++1168896:9cdbd12ab842a2d021be6cb8f379ee219e817fd7:Test.GenSig.MSB_03of32_SHA1_FIXED_data +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb +index 8762992c3e..5bb94ad380 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_04of32_SHA1_STAR_data.UNOFFICIAL.msb +@@ -1 +1 @@ +-*:dae420693dde3530da0ad06f593148c9647a66b3:Test.GenSig.MSB_04of32_SHA1_STAR_data:73 ++*:9cdbd12ab842a2d021be6cb8f379ee219e817fd7:Test.GenSig.MSB_04of32_SHA1_STAR_data:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb +index c23e1d313a..339d0e2107 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_17of32_SHA256_FIXED_text.UNOFFICIAL.msb +@@ -1 +1 @@ +-34304:a0174c8dfab8cd480495fede811c9fcd16ec40db6d9dbe69e9e5f32907be3a1a:Test.GenSig.MSB_17of32_SHA256_FIXED_text ++34304:73757fdfd15f2e63995a547e86cc4568a9137bfb2f64a588ad9e6f45ddd5e367:Test.GenSig.MSB_17of32_SHA256_FIXED_text +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb +index 920ef139e6..3124b3897b 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_18of32_SHA256_STAR_text.UNOFFICIAL.msb +@@ -1 +1 @@ +-*:a0174c8dfab8cd480495fede811c9fcd16ec40db6d9dbe69e9e5f32907be3a1a:Test.GenSig.MSB_18of32_SHA256_STAR_text:73 ++*:73757fdfd15f2e63995a547e86cc4568a9137bfb2f64a588ad9e6f45ddd5e367:Test.GenSig.MSB_18of32_SHA256_STAR_text:73 +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb +index aefc9430e9..d5449b2b15 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_19of32_SHA256_FIXED_data.UNOFFICIAL.msb +@@ -1 +1 @@ +-1168896:96559752f87084cc488e3163b615d13eac1816580375facd2f872a3e4d808789:Test.GenSig.MSB_19of32_SHA256_FIXED_data ++1168896:09dbd8590151147c35c0b096c7b437d69cfa08bb7116b2f1dfc20a7c8e6d7a58:Test.GenSig.MSB_19of32_SHA256_FIXED_data +diff --git a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb +index 236bec5bbc..43565dd810 100644 +--- a/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb ++++ b/unit_tests/input/pe_allmatch/alert-sigs/Test.GenSig.MSB_20of32_SHA256_STAR_data.UNOFFICIAL.msb +@@ -1 +1 @@ +-*:96559752f87084cc488e3163b615d13eac1816580375facd2f872a3e4d808789:Test.GenSig.MSB_20of32_SHA256_STAR_data:73 ++*:09dbd8590151147c35c0b096c7b437d69cfa08bb7116b2f1dfc20a7c8e6d7a58:Test.GenSig.MSB_20of32_SHA256_STAR_data:73 +diff --git a/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb b/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb +index 08083f0d69..719bf514a1 100644 +--- a/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb ++++ b/unit_tests/input/pe_allmatch/block-cert-sigs/Test.Sig.CRB.BlockCert.crb +@@ -1 +1 @@ +-Test.Sig.CRB.BlockCert;0;8b166a274bfaa700a912edd57e8e41365beea576;d2a8ea878c4bba243788488f59354835a005baae;E709F7C042C0DFE60CDEF79BFEC8723468DE92B027E4BC31C2D2B8224DE04B6A23C49C8FEBFAD35274651AA5DAA91FD392E0336B31140F90C125E43E4DEBD3276659BBC639425595F4713C4CAC1892D5D136F76263EDE02DF4EBB849A508B492C7BD3FE295617FC5FF1C482543C938F389D521D8E758D59183C7986A5729E16B5BC3081CF3A749447E23106D170E5835BA137821202B100124EDAD00F7508C19F8103B774E9FA19989058EC52776934690E2CAD67B99E93A9AD50C470E0DF4C48F9F78DBFCEF812730A3A458A310A913CCA7E0B10699A4A441C8900A59193FFDC7376162DA6DB805E4BD9AD9463717B6EEDACAD53AEA9E7FDBB2826588FBF8E45F390B4A44A6A01787DC8110581DD1DC00407C3868F3534241BB340AED7CC9CAB56D27F7E6B645F7CC7BA7B0D1BFB27036F09B9FB25B396575C16B0BF3177FE052F7B5C8BB97F72E69DA7971EAFA643C68E36B5F156BAD46F3E3A580A7CE56BA92ACB972143DDA4B20867A45081262DF2E7A1F80A9D3588C60D48010F10461A8AE675CF8EE47E66425A5A6A0D95F1076AFEC6246C3AA635C13AC1E9CEA760316FD89AE2C19FDF696A106BC20B5A2F8E14613A4633726ADC92FD67B6E219CE1A419FE7F397F153C2591547EE08B19C54C8F04B0F6824EABD2572AF9115486479567A77853DDA31CB84609154BA3A043AD0548204875FF365047BC4B7382FD03AF;010001;0;1;0;;Generated with details from sigtool --print-certs +\ No newline at end of file ++Test.Sig.CRB.BlockCert;0;a5f872f51516a7b95493a152eb79b61d8999188c;e8fe30ff40549bb36227b3b6fa978bc3b7c93a1b;CA5767E912FAC33005614BF5A30360CBB1C194B3B5EA7AE78DF228B76A745AE803F248CFFAE9BD8690935CE5173BB31565D04A931DD2F1D99E17B1BDD35C066F2DD097A87B1786F437156995193D5F1FD49CD855AF0FD9A3BBEA2F8A267770F0F402B28107087142A166C3FDAF673F75518F74DBA6014669FC4377D572F32F58E32F1E575508E547AA2FE25B085B58414562D77F7FE85E92F285F0B52C276A6B68A7E17E9ACBD62DD40ACD1319EE844772EADBACB789A42583953827F2EF6D796292C3ABD2F9533EB07EF196EC7274C17E7FC43B182B543FE1AC4612A995820CAEA2BF3F4FDC4BCC559E95D6180D1B34F51F7D46E40B6CAA88C0BDCDF07E9A8B415E87F57F6BAA207CBC5843D70E5C0A98E643A5E1D8614C3D9C8765B617A1568133DF55FE7E4DC7AB717EAA670E1590569FE0423619DCB062F9E2579717E9231EE44C95DE7218F2D602828C33D08305049BDE439F783B7C478B0F41DB0ADB607429D7CE33E8CB7DC98FE5ECACF21D135D0B4D5F1361BF3898450A9923D00804657CB1A5940B6D25E10A615FC77F68A60A589A2A5BA052FB6B97C22538ED1801D34950FBF4401CB3CAD2839DD3E733F3F0A8F279C886FDE63F5384B3507F03A1A6FF314A32A724D9D5C4794B7A5B01183F7977AACD402B778B900BA03C2E2D52E3A6F1C8524B833701DC6EB4538EDBD516B64BD2CAE8B7AF23312407C0F09421;010001;0;1;0;;Generated with details from sigtool --print-certs +\ No newline at end of file +diff --git a/unit_tests/input/pe_allmatch/test-exe-src/build.py b/unit_tests/input/pe_allmatch/test-exe-src/build.py +index 3db8436ae9..f6fd976740 100755 +--- a/unit_tests/input/pe_allmatch/test-exe-src/build.py ++++ b/unit_tests/input/pe_allmatch/test-exe-src/build.py +@@ -119,7 +119,7 @@ def gen_ca_cert(): + # TODO Explore making this cert have attributes that look more like + # a real CA cert (ex: restrict its uses) + subj = "/C=US/ST=Maryland/L=Fulton/O=Cisco Talos/OU=ClamAV Test CA %016x/emailAddress=rfc2606@example.net" % (random.randint(1,0xFFFFFFFFFFFFFFFF)) +- cmd = 'openssl req -new -x509 -days 3650 -key build/ca.key -out build/ca.crt -subj "%s"' % (subj) ++ cmd = 'openssl req -new -x509 -days 73000 -key build/ca.key -out build/ca.crt -subj "%s"' % (subj) + run_cmd(cmd) + + # https://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl/ +@@ -136,7 +136,7 @@ def gen_cs_cert(name, ext): + cmd = 'openssl req -new -key %s -out %s -subj "%s"' % (key_name, csr_name, subj) + run_cmd(cmd) + +- cmd = 'openssl x509 -req -days 730 -in %s -CA build/ca.crt -CAkey build/ca.key -out %s -set_serial %012d -extfile ./cs.extfile.cfg' % (csr_name, crt_name, random.randint(100000000000,999999999999)) ++ cmd = 'openssl x509 -req -days 73000 -in %s -CA build/ca.crt -CAkey build/ca.key -out %s -set_serial %012d -extfile ./cs.extfile.cfg' % (csr_name, crt_name, random.randint(100000000000,999999999999)) + run_cmd(cmd) + + return (key_name, crt_name) +diff --git a/unit_tests/input/pe_allmatch/test.exe b/unit_tests/input/pe_allmatch/test.exe +index 3f0272eb0dce17f8cc2884bb0675b785a8fe7d88..fe6b3dfea617cbea7efbc5f4642d3e2e220a1656 100644 +GIT binary patch +delta 59750 +zcmcHBWl$VomM&o2-QC^Y-QC@SYk&|SIE}lzy9W&fcMT4~-QC^cvcv4$natd+*}A*% +zi&I}$(G7LJr`~hAORBXRtF>b0L4(#Y;@83`;(>v2fw__$AVJ9Dg@G+Vwr6U~fVV+F +za-3^pz-qxjJDpXM(-1*o;%A{{i6Wd;fWmT3iAmL(UWKJ*x;O{@gw88;IrjOLPnnPkv$B8JJ(;YvWw}Zh1TibY^sD6v^Ju*&Y2OKL_2`AqcZQo +zFBQ6^;&uZ>E9{U064DnL@ikxb2DM6dJZ3X?1A#^kc(*xBtaSUSjV$2G$bL`}uZXJ7 +zd?SMaBwDUHW$Tr|3_fNbDht>$4g%)MR%f`Xd3~Ta59pcks?wdN=;@dp9|Y&K-ENaT +zN5bXfj=Cw${RHc(D++&edq)GXn%(P|VH&k+56bl3Uv|}(RU3YkxX>WR71m}}kRLwx +zD{s9+u;X7KjXa}btXLfM8T1bZ?vkF8M<($rub6x&MlLJ&98-%$Y>)!vRPMPVRnCWi +zAZd{Jm-BzFrG{b^?nH)@X!?^&04=B-ZP@c_v +zX&tq=^J}CB>kAoTT=mo9d52O?jFG*j_gK84U&;nIk)KjpfzBjEbkKo2;^ +zqI*}^r?F&+_fVgtoHCe~pKL<^ntUFv%tY|x!Et;VM&ijVj%!$KAZJuG>bIXg`*Po6 +z%5X=B5Cep$f)b%d2YU^6*$qmZY<~$X1E8FEXsN2$vnL)lFrqHc=H%LYtvExiYs;Yt +zDKnl(rv6Gh+CXJE$5T%uQ@W>3&OcB;rFZu;IKyC`+#0D4RT%$9s&H#VkxA)v#< +zzsr>M4&M_4M@wDBp<6QoA7XkL$#!f#Ty1R(=oX=1$6pm!Hn&f(FG8A0ELa+0I3eN26e_h^LFyIVyc&~0CD*#9;@25wBvef +zQpYhGmu2iYrZtG4&kauHuIy`?0$`_M=>j_+!xsw?InZ3S-*ZDYC|q$qMtyHZe1HES +zkPQ)EEy+;FP4gGA!A*Xk-i^t;j^*j~Ah%}@<=BxIQ!-bT`zR!H?@t7=wH}0!mV)$V#1#f-mJ*-jGyy*eC4~;Z +zad5YF+fr7av{qYsxr>mcE*)*v6!j}OIzqtLLfsIZXz^ll*R42mo|^6ADtBeNuoO5~ +z#E>!=L8(GUth*+$#H1PXuM(tKI2jPG8(n0@iX;rgf+#|W5}alW&zxHCxY=6fhgV>F +zu0AcAZ`@y|;yOVU&3VDJG{W7c+`%*ZAr~_FA?GG{T?1SHt7bz1`Je45x)wwb_V1cb +za?K4e6A@OEchs`Iijpl0aMCmnF1Y?PG8QNYj`5g6S)Gi0UQjadEifv8%&AjUV49c; +zdP@kePv7w>mtkdBdfyzD?`q&N!}y0H>`2CG5ujeDuEtO}rdmLsWBW0=CeveFpHRn* +zFWWQ64etKs0?*wN1PCDXlWV%jVC_eX)*kw{Zf@&qbdI2&idae$eF30VnWk^+kx!L` +z`bJ=nw|hBVg!j6NG4lbCwTt)KdZ(?uu-JRNCuW5X9GeUDa=uy5yke2~ZP&5n&AzTn +zBMOzlBIV%4)st)~%vis-AKl+jHf$jFq+sJo +zX9C(XYgswtD#ORr=V7y&UOwVc3pnKA$}Y+CViaB;(OoI@S5!NwEgHUoT8|pgyl=?V&;*B9t~7Mhxyys{iVoChcyRIruXQ +zt!u%CFiyhG`YTg4q`6yq`|P@#aZLd8P>Kh*au?5bwRUTQU1LS32N_n=YiF`6^&I_H +zhXPD-=r`loDQ71D=17iVm +z#S@2PP)8XqOpzi%p*KTXB* +zVJc>0Q#NKMR&JJejgleHuarub+MdJ`g_PjC9H8QGj01s5 +zjg5m5$0WwGi)W_=Jzk4E*x8r4M>eaFFGw{Xl{J4zT@n{eC?v|xq7Mgps09%Qv_26k +zutVoL*%ggOjjH#}(joXu;W8-K*3_i{OE}_qliPGtyD(0TTZXr#+8#v0; +z+L-0z=l{z6BY8D*p0}ds;$Wbs8>+B7&L>VIu9OdjZb(Kn99Z#;4L~qw!qVx@Vv;Pn +zV!rb!Nc?S_pfE%>01<38E0zC)RKSqH@vcLVKB%f5*1QRLNDxGomJC2A3mQgDY0mu) +z_+Phe`eoPmF~|c|U7Orl2KeZaxrHoW;qnBC_#bFqAQOh9=LoJW@2Q?*Yn603Lvphy +z-PN8r0tKy^SVKfZ3!!nRZLYjm#^h!CI|B+LOP0qujGth%Kjp7vqxO;M02UR+z9{kQ +zaz}S7e$uHgqqsl9pC(tj>!S2V{i@8izBcFqh+9pcRV%^x9Lt#BtX_a{A0+_fBiS+K +za81uXkh&|v0aHpmF_z|TVfa1CvVO8wZi|@Bqh5K{g*6e~H-T^FBxi9*!}%LY=F^m3 +z6#3m9%jPtT)Id1sK_hdwDgf~*Z1JolJHWI!fG8IzKD}tFIk(XrPzl8zy@Hmp;P|OI +ztAuz?LTIs6h}W^T*val8ID&05?!|p6ZbG;+C`+xprRtia5+p#@ChL1=hft)OP$V7f +zlq7f3hKj<^qKaZV9?yw-eR5Hrvct9dJNl}PFWAPww@pi>Q<62=N&paH{e$Oe{b8Liq<-e0E`@baBM>qO|R4gB)g4NZZ#hKcvc$lsaklLw6 +zb>P3a8M^N+w`08X7H7J6`yf>TV2id}d~NT%APeW)j;-a(Twfr*G=J{x$qG^3by2di +zY3b?(O2{MuE)wOK%WEG9bFfCac$Gj6VP?>HjJTa6Z*qkOzIzOxWqWvr@n$(l1ojlt +zC6M`McTGyx3l5K7F})D>EB(`Ooe1~QglCo<@$7VGBTQc_Lb7u-+6y30J>r0YfjV^d +za}&L51Zj$(=StU^f@Mw)S7!~$#aA1!Hfn!6yMn>*yplis7^#lg+V;+)KX1X<1%(J* +zP2y$!lFyy7&lb?PKx-=N6kkF>dzMf1n2!CFP(Vtk!7dGo(sZG+shmH%_-r%jq^vgh +z#OIK}nOdmuJS2eHeliYNXdTsc0}+`j3I?Wo)#Ig*oJC>SkH!?HEY!87yBeMK{OZhY +z1%HkLo$flpG)_ibGUN4gb&#VasKF#mNug?c5?^)yj5Wjh;7*zQGcq`{2@9I9UqPeY +z6JN&f`rlLaB(DZ;Bsviiz{Q>~feb-h^8G3NJ9ZN{R5t#n$n~=TLcVMi?-J1y34^#v +z0gdXz`8{Nc-J7#yux7@jJSi?=jELXD5vRpuWB9+4=?>5zSsT3zMKBD#m)699tZS_- +zy_R2Pd(0Gqp@AUTMI2m*Z9)0^;jnL1rbbB>j!%Ptk0pweK+~gn-IyaT2#Lznj;V4C +z)MVe#wpW1W`Wup1InZ{c-bp3(ZY8llNX7PEWBP}S6oL4?g#SS*oIgng{Z1&=AfUKzG0O#CY1?q4I$} +z8qQX#-~T}>7M%}LK`I%c8Ml}F{1d3&5Bv$L`RU*xlRCOSKw6ezZFCiw&cxHM4UiJD +zIURb+@bB{b4^VLgn_VJ>`)wyzFyY7Q5@S-dW86&QAE&lixsu?|P!0);1f}Uq^z+9p +zGg0+{7?NfJwsA3lY$+!s&`d%Im!-(XuWJ~klh>a2*#@h@d6{nxjq_n78wqF!#bBW2 +z;4R&0e$P>)$HL&B!kOgTSZRd?!?jL9Oi_|oJZ^TJ^aHfFjT;^gAcZ*H&bhz4i)vy~ +zso{>Z0k`#XLcBR#r#~VQQ)3=3|NNBj)N&LtN!K$X!sped=v87vMowdUdEVnU9AGyc +zeqZYruh(I@cZMaJ^F;pDUByrguB`g1up;ytIMl0A79QXBI|32xOrK7De4?c&Pmjne +zg#0chpbAtW5hx}oJ}gWHB!(fG0TM(6n5*GEgL_Y<{*F;}|M1tx!hdHJ_J4y><>es% +zB9)5!mXf#s?+c3cPeHN%MNmjwMl4(=Tuhvt=A6dH%w{afz%0PxfaxT$g>wu9jEZkr +zbRkGXx%NOgYUxpd5rbsA;z!AJnRHM{;dJ~&;&`k!j&0Tp=c-I1aa&nZT`(w$GCy(z +zrrJ}VCBBbD4<`}!B*kt2e8>cS(0k+)!3pxIAAHtdLb|vBbtBzZ?F?~dFvu3>w;#Vy +zS(8V9STaQM%Xx6W2J|s^wqzXdZPd}eHgl;+wrmq?84Ylv?R5SqM;O{XHr#fTe>5!C +zkD04?>OpxtkO*Ti#dqtsWkFQIS$*Y$yv{-6m0fl|F~<-Mt%2@&v_71U7f{8y$;C<3 +zKLWQqEDs>xJ58=S+2WDx6f0Y$cxtNf(hM1Uz4zB(=%Drn1K4QAA#h8;qldA1Y?fr0 +zN}{HSmeBtuelv}RwDmib=m18fc*U#%PQI;sqs+0lFc+4t#o9Q<2=V*? +z2O|S`(RkYEoD%i!QTa!);>+S#1X!%`fFh8q*OooPWUXzTew1X#7LjE3v}iZP+p?Er +zN=OW-W88Rt10aRvOC2_F>>F_E@#`<=o`QA=L+P@-;Zh?=qXLR3Vpp7D-#|)t7HBb^<`;L`{2pI^QuSv6qjJ2`Gp#n&CBWBgc)Q8l8 +zq*7kj(vo@O_t@Z3Z)=Q6n>PBybYWc7jrV)TBzN9vr(h~LP7fc3s=Fg7d@PL*@fO{~ +zQ3zHYt(a@8It-UgHwVq~n;iDha{Ahe5E`l8RnsB4{rPPu8I>|o&AG-dMA*-8hw@;Y +zZx?1n=_FHO7&_9@O!V5``xk}eK{zB%kN>k+h)ATz?Y@JvG{=h|~Lat+PRG2@Fg0z43qPd|^M{mzy3Dk|y} +zc9)J~M^64D*y;)zhr{jYBCS5HN%7#Scd?#)56M@{`f&8t;`Zs_KK86)KlmJ%wbZ8+HlyVIy{iW^G=WFcM~pIPQ^^%{Y>EeJ>p?JIw_1ZDBT +z&X`S@LLR}fIx~&DJ($DherCH2caUw9D@Zq@C?8#(?^RzuzJLaLO_*UX)}6&W%y@fa +zRFO+0dR~f4=`9mNY^#;MM~o9(UO8@>CY;jp)HUxds?xwK^=$st +z`YVpt(dO3}#C|RRuH6wLr7;+o(iB#RCs)!YuLJJp?5#DripQ&rJ*KHs7FVr}+Hw)` +z&qq>@^agZdaA +z)H}pceUxO +z&;h?$mZY&t!^;D6oAg*j0YY1SGUjBaba%a7;u0@5(xTpw%zuZ>M7Dl1C3S1>0g3Jl +zNfTv}+;ihxrYe1tPZ$_zeH(?wLyY_8ui|Zyy8@3^Ry#u`n0G@-zvD>!4@0rP*O>p| +z7DXU=FA;ng3inS#!Mqy^;@wane=(GXP#e@IxK9Zrkc+gH#bB4VKFfFW9kV{O$bD8J +zA>#76AZTE%L2!f=vnFMa@a}8Nla(1Mtidgi5q6*NLMk|jP|_o5t>+fD^aH+w^QV{yQM0jImV`yCD}y)bFd?e< +zd9db*D;^C8)*}UljEQYyHZ=&O7wr_RvQ)hd8Ihw9b=S+mcx{3L4?)}VZG})cXHq;l +z%y(-5ebJc|0wcxg&YIHCKuyPy#FEW`hKsd~s&7@$nK)zfe(_vMNTt%Uteb3pEEsJPunF#r;tBoK20J)IU$u>BLThrVgHiY!){>w7S +zGru)v>{wVw*GPr`KCw0FHxCM5C9gJ>Gp4;$ki5aa8tNSW?+oP|(SV}@YK-;wlKP(r +zq@Zm;Nzqr{hkOg~L%yz$As;w*M{}{yzpp8_KQ+acT)hBef@s3Z!pdySYQ|;qo=kC? +zd|;}c1#dgPU~Gxk>m_NroHw34`DXu#2KuC#i +z(egC81B^YI0c6{%g>QblJ$1BgC=^2~^`QVPp0#^-uxsL)KrSpAqu`ky!^G3`a#h8* +zp={6h*59rnIa9#z +z)7W&u=?iRUhjh+qyES-4J+yp{6WKWT*@IVwe4R>*-zSz^6}w?)>kFCRIxOl#-LMjV +zP};^OH(p^A)1b$+Q8GX=sXb0c)dEM7yl&6x;Vuy>tV;Qp*KeF(2i*_;$|LDnlM`q2 +zaArc$@KN}+zeCAqywz1}J!Z%$!Ql?ri0MBanzUE3fcU(3X2o&1lsInCCWV~dl(kh7 +zoe1>x#Ojt|2V^KBN@6ADybDfj-Ou3A`UEaQt1bSi87J(zv?-DH;Y<2a!S9O;zq7TG +z>q3ig+@BCqvjucqndw@a0ew=}{cya@a9N9TBeQyW2>0h;7Lj6R&!xIQBrvhSD%DPc +zKQM)==nCCxM<>A+)l)Lecl=_af==nqB&lZ`#kAGringDUIqQ-q955m-umR1u5E1G_ +z1_6 +zhwG*2G_3N?zL%|QtcQI3JXVkT`}l|cwmOId`9UN5*EmC|pwrmro<4Xey`>62t2Dqy +zNty}zA|1%*$|6vtT|)y$L=CpSTbYRk-yO& +zyBY;zpZeAhl3ng$L)Px5cTg9>8D8zclb0OO6BKmWLpsoJho`;C?N_&8B91mIh9lC% +zcy!E;q9X%Otz?})impk<)l%|ah=IzqUgDlB4j^=d_xqzks}Ta`YB)^O>6zi2F<4Ol +zhAG1nuz#NM)i8olf&HZy{UIr~4@q4nOaxbKFTHJ}Y&MA`&O@6$4k`R{Oi;Ua9!lzY +z)kgV{lIv#;2psmsS7$#B-gdvh +zMp+*vy7uOliF`_H1yJD4^2I8soooU6OugiKRiK}zW*9=!T-<$o03%5rG_GI1D1$RA +zLq+Az9h +zpl@6#>=UvUJ`t^>3|<;g_0{hS?6~XitTbNp(M|Zj(8T3D#;nGv3FdKWMaee^{5&;xcWckuZQ2{Er_6HqxY7XJQJsm=p?joJ|>4j2ydh(eV +zsjtK^8I>k;70o;^p7dpGh=vNK<85DYc6M2l<9{QrYD7YM^MJCRtrzw|+OJW&LCN~0 +zg_d5(iJ}ge$WIX_@s?DsQz?(*yD>`atf^eKnau>3`%IPiIdGAi99lE7Dwxkl-Idjl +zsCo8(WxxmS+~#HOE$Shx&*-2|(3rFx6{p>zUD%v#3%Tadpt%Bq=1u=u2#do9tiKQO +zl*o9K#&c{c`4364{Z&%XK;4v)MRU^)CI3XJ_alE&s`yTk{5lX4_CCHlGYcGrG}V`x?Dab%bwoh1`JNNYEpjGACtu-q2_AC~cJO?nZJMex0OPVCKZtAU^j} +zXoBO^5%v_!5#@RZLLC_^d;(CeO1VM%LQ%$H6m{t9ALkAf^w0o)?cEUHiew7Ba=0TT +zuwLwZ^TW33z$C3FqSV1>AZ0!O+UhIM%yl5ZPmrOwdXfIv>w@b+kb_`bYu@h_%G=P8 +zzBAiZ^R*uSr%g{uQkP2#-@WlkdCml8e-eafRbXA}#tRUNYqjNZ|MKVbU5lxCB +z3)}qby-m4VQ(`~p8vlRhQAHg8XekjSu>Vm@JyU^c{S%|Seew5J|9wWW|H&x!k5I~l +z$%u`^oWtaOF3fJiY{vHCs0Gs!`eIJtRnKV|I&a*{)I>9ii@;B>!1hlv=aeXO1n%^U +z<{mTQ*bl_x96q%bN5IGhg;66e5?0|pUY!BaRlsTfBymH;K(?@Am5p5>z5j==?=jb2-gm}zmU(k`LCaiv3CdevX_+M#q(Gq^%k+%1*uteQpI&8a1d3JjnZY}0ZkHM)2vb_Q>tqgWnR{UsG!HZ +zN*P)fq|T9wM=`J?7tMIb$$B;0OsUrGMr7`JjmEw1j+v<@OUz(HX=v&$#K966$-f1C +z+k5HDtSm{e0zz7Qg)&p^fZnVhHDuj)co9|3M5`Xfl*lUpX6t(0>BR#s{k6APy(9Eo`*W +zoz(q(EsS&;HWvMq)6-_*eR*i?xhZi#(*JH3?3MwsevVSLqF5^t8aLW+MEiF$eGuCY +zK9jhP{h2=uGg$LCh{z8|Nl3`K5msTiiWWtVy|yY>AR~ghSf|>PNB)Fccnyku1wLE! +zZzp7coDDbLgF&<-XXz47Ur~LKkisgFgYEg*1}_+pVdU|-?V6azwR->J?KzWlE#x(@ +z1PUB~oX;uM+)f7vmJW^AE<5G%+LA6)VgCSpR;-G6dfXuQ>r^8TU;~&G-pJ<6Ab`de +zfvQ6lR-7VG^?-n*cpndp(-vVIfiZIr) +z6gVobt1ZU7Vc(l{!MbwP-`IsM*0cie18KLqPY&b8Yq@AIY}$ovn2g7`vUN%sYN@_L +z1{FWV0_~HS&e1Uo=xSzYy4-zOok1p;&%GuH%a%4alUOXyHB#A@K!jE7>UtCH{QB6W +zH_of!GaiwmwpkvAG>K5yPg10{6x4DS#Z)^oyp5Ee8mjX%Mav^R_+e>2u~8EP9%5F +z1vB1&OrEP5N7j}By|LEQzai6mq~tgJ26=CKQc!%v*^gnM!*G#Wf7s`f4vc|S#Uv?J +zaC2y^%CV8nJu!&YRkPA*RY3td?vbC^pvN?J`V1JKt7!&AY0`BPzS~fRbYSs^%dDkU +zn>Et#ej5e^z#UEsQ~uYEdSA?>1pnwpe?W@;15yXRo3rL4#@-~>?Z+$Xh-9&!O5pO- +zhxk}GaU4ss_%uEsC65tTZM?|tDT@J!+|#Z%J9|;PM~6uizD#oiCpFx~LYRTtad0ej +z+cOOME|L+8$GKf@Q`bSZTvu37ilS)Iz=-vmW*EYds;7L{QI1rC`pai!{++(hm?K&- +zgq$>8$qX*^7Q=KJain@19>yC4^VbqhJWH3>Z`h;2{kXfhOB+8aiM=d=0yyp8wHBj%n#T-m +z$5|miXjJ^+{!)_#&TD!KOn{aH%J9iS)w-*U?}_(q~4GG390(a0!tgaqIHK%&JeGN +z+nSMNm&+l}p?YyT=CC1-(&rCIf#d!9fP8rXpc +z$8i__lX%c4piJGnHmeD|qzO}L*(;LCgkHx08c8plbo-YK<<|F47z{s4R#W&y0!Jzl +zk!G;^14csxbKwAI&MtRFn`LI4ywaZnofI-}jZ^}pvbl7W9B3-;NKEWz0ihARKT{Gy +zO@@7410w~QQOj{d99>6$tEAV-o(DOsMe*2w&27~q!^`7uml&p9JB3$uc?}<|?-LbI +zshe|-1xBy C-QL41f4P8^Dc%grZiyrxvt(#-Hza1Rv#&*0wXuWIR6mVq-aN5`XP +z7jm$DgeQyVE|7v;kWblO0p*eWE2Kc(7l4u(Awh&cCVPGn4K`z7M*omX(fmU)iG}+< +z-^2WG%=g~6&e@Z-_rU%+mBNE}?=$)LImPiOr#L>gq_~XCP0W~>Ihjq3*o@iP{<0;t +zJ4aJ14IiL7ooZsvLXY4FA!x*P=5>x??;$9~zK-Zy><1ak=yYP`2T|+}e6YOZB)B!I +zxP_Ie|2Y*4iV{^s_TZd?q9~wSRw9%}G_ntObYIOphJ*X}=~0^M@NhAfaY5)B>01V} +zTvhS$)tELfGN%3IYtq$sXoDCulL`fZ9v0+xLb>u+wJJaH$c>*l2C<(dQ!wV2yI%%H +z9D+^sj)}gqLkNTmM)f0jPk6Fym0}heVTm`oF&bm8!WzM0MIXNjlqSXU*}zlXg528R +z`E)E-YWurFAXQj0jay7Un2!q8~p^ng!i}eTUhlU_z2x!N4szjFo5{V>% +z`&uVKbW=n~3_O0-xG#sRMzs>}KWL3-DOYS&rYW9%@fBU~L=@c#7E(5>d;DH3`+0IR +z+K6-&o8~+4h{}xi6l0H~akQ}guWd3@dXdp8mL{}@S}w4B*3W1sFJeZEELjMd)IXqI +zthRlp;{p(fP&cg&;$^#ea*not0J4#IbsC%a;pyct3iW_~*Y>2H?Ht&Zg(v-@`Eo#h +zRx?O)68`wxZKFq6fENApL?_qfF2l?u_|`Ws@UH!^qRsV!^t>eRRvrQ6Ji%9r%jn`1 +z8JFeioO;!`I#tM3JL^TTF(p9O-mQH%eHx1HA!qqCXDNqXGX>KDLYj{#)m=ltz_JMC(@v|JV3YgaASz`G8 +zGvHz;gG1NWV;M}RcK|%GJ(D5piPVA`AcRR#sagoyuKLBt8=G|7emaOP1v^zlH`T9K +zSBim0N{B(-zM+LwoqjesLVxH7##H>{3l6AK6K!jax+V5EDHfj>3U&BmQ*t~TYKY?qFa}oJ3~`WPt+H(&7|^EiJI#F$fZA~e +zqUdHuH)2|C?6FCQ`xWs0O_x-k?81KfqH{B3c=Xg9moj%{4AJC<6q?^Jv3TP$t|lY( +z+k?WE>xUA9-eu?Y+F6*PNnTg=gZq<3lX{K_5=*B +z@ROh{&8c8x59S;$>*D}xPEoWNK#8DHauSAPJ(zFGG<#kd7O9QmwZz5FHmoAO5U*M6 +z{HtF2a|*vGsEN+qlgj4~BDZrps4VL|F34*R7@L6K`#Zm7u5c8(Yxp3y?7NqlMn9K( +zjLNwp#m0wTeNlb+)(C+D#I*Wkr7QhlHWr`?3OWIcX1TAmD0aiI^p>MNMzjfbH?KiJMDSB%c{2c|S~ +zfWRdX(C1PB4yZH6QQ8lAH_j70=L}ru?t@w5sdZE}E +zX~ENTqm~MGPV_k6dz(9c`XuThp8#}*HzEUAtyUyeiDy;%Pi51&1`{r@v8!p-AzxCuTL8PG%?E+oK1$;!L+Cqh;Q(#0NQc13}0wKPl9`Qu1l8nn?n6xG8s0o!1!G!y;4m +zVEJn1ol9+xYk%P)iI^^f;|cI(`Yo9gZll7xu_S|%pGjen4FI3A4&0%CuGH6NE7^dG +z42BsLDI5((G6^oD_m1E_a(eFB?(O3u+YbtjF*?9B6#(g<^2Wi_sU->o6&k1Q)&xQ} +zmm+R2zCRHSJ7De5hWtchg0$peHiLg(do`*qsh`j)k#4_hFoHzFu*#a}KhXBSFyA9n +z*O(HmLY5TBI2n>p40;=rZpG^a=RL~^!PoHW=je|GK~syXU70K)%o=tVrjnSck$-Fc +zY4L}pIRA6JC%VoYlpo*y{huiHe&SC`T>>ZGvcH}*D$(IBU1#cr@7%elK=H&u1_4EuzL-;)GXUfy{w;VYR))n&vrUJTv^x`De9GxjmImZrTU555u7$ZoS +zBMT_tJRcyVmwrFkK#Z3p%t|H29;EB}aza0rmx>x}i#H&3uF#En^)3h~NV4l9>v<}% +z8Ld0A25^egY&XnQx@C~suj9Fp8n|gWn8!_;cliJ-)VdynULt2?Qp1Vio)u#rO>E)s +zX!VenGfoDyT)ZOAkYB)<@&{q-udS#Zr`=DODwR0QB2{DA>DQMGqLCEmT2$#lJ>* +z#3q3Cy)Q(34ER7f_W#~e?-Rbb2=ISQrT#y6rQ{01|HZCU2sz&c`M>Wd&OaT+`4LNT +z8grYnvzl|UuyAl1bDEfa#8P!QxQd3)XJ+`EyFXaSu9Bqi(Z*w=Q;vS?F^8&W9WX*U +zV4p&@@qzoLT+q1W)oxkeeNK$BV_9AyAr&qHC8TDS(<9wRIE@qk>DBbZfUy%YDqjMK +z8l54123_KAt})^80GZttJCkr(y0HNoRa<(^7j+fYo$JojNe8N_J`C_y!f%N1T6k9a +zb!tBiEuCOk7q3hpS${k^2BIK*%dmoQ^ElI@PlP_g@-eFLYoBo`lY9eB>^vr#7n%zk +zX$WGE?JjBMPw+M5qV@Yi*8IL(nh6CkVyTUTXIP}Gt%=k96CGcCck&nmZAtS3q@YAE +zP_G_|!Br2S!0M#h5qf}$1lT5O2zb#R^t|HvY}3G{rzzqmn!b)yWj2f~$?i-QNp{;8 +zFcs6_NNXup#bmquA5M+rMQj-KIof6>zct?7QMd8fj%5Cob+ea)dL)!9Wo)oz0G5wybLK$@DDtwNg+6MOQ@JAKNOp +z!*rCk=x$$h;Z(qQbNbLfBo!uW)6ctBGTaEv>*{%s=%vlV;RrJJ<06ALRHh3Tcf`Wg +zRAIjSZa&#FO;jVQFy<@Qv8&wy%cWuGC-+1qWDWuTb#^z%*sS=3&G_Epc9FNrxD8fo +z|NDbCwD5A)o+GClT&$-qm~R}42{OH5u@k`uTk4*T?G{bQ_Ay;jZ~!aw;_O0HqTsrEta2f8$;fqfgPYl}1ep0(c^y}HY3{EEw-C%gM^wF>=2zLoPD&O%M+w@@05i}(SSi>RyO;q#nYPF~`i|~No +zwV8xgNs=aO@Ng*G_=e>+mz7@6^aHp3 +z+{&k?K+FaDHeF{y#~V08Ub>~IZW;uOVI-vH)Xe&d +z-7l^T2XUVLiqBVG_ufa)AoQSVmIaL`?u41a-$Jz&4krw2F5>m$Y`pgY5OETQ+Xm!O +z`n~Fz(uus&SnhfIPa*fR_-OXoU=E8l`XGU=lQu=%7;yF`K8Rh`Wwg|Ws=M^@_vo@M +zFOkVjG=4*vniQO(r_VP5|2nD-1U3`QaekTIF$39o$>hxiH!YJNsE4+d=zE~Qw-Wvd +z-V^`E&3-hBSTJLDuz;~=YD3>QcaQtz$K%@&O^f8ym0pOb>)8xIiYkV@a~5$>&>`_C +z;P(ox+IIUHUW-0sXCI@s^Y1q4P)j~a5E+2m0@&}-7ZL-?*?2o=%=AH`spJ^!ijCNX&s9Gns@wf#oT+|)ZlVj{%f>?&9H8U+I2f3fM(o%8Z_xBWjm>)ESi%K2Vy+MgLcf8{B4R&I`*FDK^SwOcp(fV(IM*a!$5Jez +zqMei<;PY+9s+hQ{OQw{7l;-_)Q)*fHAE$fWG7$fxj`B2t_!o{Ec-k4R_I8D)5gC5ABiJ`9lM4w3h`2LUcM9;|uo$u?@Ar`I}4BSN(X?Fi{316P8GJs^L0E3`tlY_6%ylt +ze2pIl>ELH6X-=jI>UKsQGGmE}%Q6(ZG5XU{71Yb8oR)Q0I3UXLj(i#S$q*KGX4*2F +zVPsjR7*C1r)A2K1NV}Xkfr)swz!D}s*gqI$`9uhc`x$f0a-a&~_*J{Ot0|FQVJa6k +z!74Pl-Qhyz^FlN5%JC0OEuytxEGyJ>1-&ZWEsPP6jn=r;?VNyc? +zpxZF;UZ?BzG=lvidNMB>5b)#z=n2}c^oATxPA}>#Pf8!v5ua=%ju^`=*sO62Cvl@C +zLfFC{+C_63WCC2|Ls31Cr5q_Gh|?q+du +zjx$u+e5G;hqpQr70-q?rYx9fGt;DkdV2=SG%wtJaofvO-j+7*O}>ibkCp +zveF1gBQ>L`e{$0xX`npnU9;02pw0sEl7QQV<>5HobQ5x`5nAQk6sK>(QvVtu&BfeT +z^=uPYJ05f2?e?hKlU~yu-tS35Zes{pAUyTpkesFsRgz&L9?{P4a|D>+^eYW0oUkU3f5JjJY68;jtttw;FI)VBX;Ov^pl=@ +zu@cpSK+`7ja{`q(gEu&cR(%m)gY$WiNdLDO_0f+0h@`kaBB^tI{wpHG@@xHK@wz$> +z3p(!C=cQlTpm~vCaLs~cYm6U|GHa$LN+z2=8?_Oqvoa=h) +zcErG_s)3g+xs6^MkHL1I?)+4OL+6mwUvSl5HK`Hm>ADth>Y)ZNJ7xQcWalmSrb_&! +z36&sS6PY12lxJaZ&}Q2(q(w!7m7Q2gHnq97t2wF^c6kb7$nx93d;S +z*q{JTw;q-BcT9`?txbox#n$ssds-ws8{?|RH4NC=te*^a7PlnBpU^CPd2Q&TJ&E$R +z5p5kyS$McsN<(F_nxekkh8>$2iV(r|s|kFcwqc+ef1+x%P$ket1W+|wfyl^UXM9FB +zSz!S|XFHXH^MwQ^OGFNrYu{u11k13 +zMZ5O^`;cws+_5>d^b+8*naxosE))<$3BQ>wAVuUvH}vT`UHr$sm8M*FbEinUryQp{ +zqlsH{-DD_ouWTM-1nX5nX6641qyR?Cqlu1P^2eRrVzn^|b73L{lkm&0$~Epv)CTw< +zksxR=JAM;_&10?0w5ck%BM5W)>W)NzK#J=>Gb!m*W>FtK!GV8*)cc7)GpYHD+7pWJ +z9m=~e_;ZQXD!6a1)h94xu^LZahB$r~yV)O*ieLP+JU4~^dEpbCbQZN`a|1RSSy5W? +zTC;6`qLg$YI}}F^NPN#exAMVlgT7~G(tykum*HX&RjPR34?2K?tk3drR}g}-PoCq0 +zcq1bBm8MI5yZ}6>gEi7m8o!yukczN|j?g+jKGw?a+BD#VujWT8JTE*8k@#FKK8)z5!4Pg2)%MN(X!4;s2bZaq!baxBR*gT% +zCbaGA=^)dUv?GdYp{h#!q~bNQGZ-mqAX+03r-FzM5*q}>C;xGXax@v(>7ue`(0T#@ +zZa(`v*Yven69Jr-{9|W6I>o&3c>(dCwu<}`R#w=c^LlfFRT=B$~Mf~}rXh3Iav +zK5Xy&n|oDwls_DBqtWXraC8Qyfm}L7rMagAQm@tG*O!HmkXh7M4y9o_Fu}+;F@z37 +zkU6;5I-|8b2?zw@&#kQ$FsBOuPnhk@Zt-#dy4DuPm*%N<6V!(eC@74HTM-y>eW+#X +zVcV!Wy=JPQ`vomm3I<4m4f|kK9ybTy(T~cf_xG0F_c54(<#4;v+9p?jPg5c2q#N)0FP=i2F~J}$2(%K;jEbWr;hnekwwlAc4vCxD`0 +zahdEM!g5A-qV+47_&6j0?UpEm$5h^i)Vs-+z5XOi&5&u&Rx=&p3n`>&#|&H|VP*>% +zT6j*V1&$8+6sA;DwGB8t{AdbBsYqu*3I54h{Ae;Tlmk=25vOtj)-O6`9+6c&kwS9C +z_DDzv3FYszTj=yG4tkuvY0ngoR9Uo;hJ&0+9Kgn|6n--C+*j#fN)2Z;zabTWRC)6~ +z-&sotX&jsVX!0C}{Dv&REkPS#DU7gazN)2BlVBXS?7Y24boKgt-MZ@He9fbi6oh64 +zOw=}-#ed2uu^!rTMwO9aEz9N)X`)tj?MN|@5Rkrx+gP-9>HqB9a=Ep0P=L%oB{J56 +zFK8er;KU+)bZh8!0)~ld^$d7pI?SrlbsK+>d6kb>iwEb`{SnAF@-WQ&S@uFu6vbs8 +z0t?-#W}}|pZvmper|Rj3;)hB2FP3&W|KN3l>F~7qDl&q>b1hSBt=${1*o;K4)pxs^ +zfl3|rVwFIz964Z{ws&R6J?)7kS@I^7NW6VWov4b;ryBH*R572U%RRt0iAPM8@`L&E +zn$pIEpjJ1dAMu7vW;Mb!doWYs+naztHhC%1Y&8!CDxtPwXz*g9Q6>%Scb}?StoX^* +zKu6+~a{yM&Lz44FS=ZG>>ow{UditMFaf%C^f8fk`MJjT(xK{IeFkbFay$0)`oUg!HQi%n|p +zo?#rZYED9~>yLKhUM0>5EI!mSE)-_Mc+V03F%c8rhkWenIokN)z*~QpeJ#M516Zj_ +z`|MG*3{?9)#^*u8-1)}}TB=(O^TCu{SgI|pDdB@qe}}5FM_ITG;N+VBgw%iC+57z( +z{lO@%-;4@7i8};FeNXwN=v7qvBsg%e1b)_1!?}HMVoayw$*lOBQJFD?R{lCw*IZKb +z7}QwLdC`yTqG#F%H$~NBW`*{wqj1C>+I2XIRD~S_9k18cBhR4+2P{K_Hl>Y;d+9T@ +z1`Abdw5tcbzKB+KagGeW;ZW8o^`!^a!l{S?<{l9epL9#^TMfh3!{E=2RIja=E|6Er +z9884Mu{E_R@i#&U09>TSPbUq9+ZywgFI`W){I5a~l`Xy08ctAhHxsof7 +zbHJdP1#43=yZ7*rWl54p6e2Nf*!kMsUUBEQf}XnFmZEAPd3nP~)0Z5>_(X>rHNs3E +zAn3)+cT*<=8BYk53gpzHg+w4nG1DM|L$U%ti%dm8B<1()0dBC8*({|wF2%Atq_64H +zB(^uP1lW@19hUd0emH}9wCJv+Rs{fE(_^H*A~D#d14lRMQTwi^mq8le2oD5Vw@&i~ +zKs_8m6xXg|Zi%xBGz%#W#7H9HJ0|{1eA@&%fml`D{W3YQE6%SpmDX +zS(^w}Tx%2|045b1jC3a;Xk&oVfsaXu@av?nrWo!tLp`VttBr))!aD{0jY#rU_z%=z +zQN6A7!{JaXU=UA1d!FxM_t~DRoNfBq_hE*dIKFO@m=4Rh +zcnA4eJssW2QLJv!-EPk6^ymbl>IQ=5$ax9+;&v7*K!rG=&gKAGN1^Kd2cx+Db4+Tt +zITWsaIrGOqIqKste>$pBw4-=g3wwx%$!^}1RAjqF>}|B+10s|L|$4Jl^UBSeTU+U92BlU2(wG@ +zx5a;z#zw#1TK~+%D%BJHpjF`*nGL5~l|tQ?!AzfX60p8o*Us1c@g3YzMxPU2rBA}a +z3ZU^3>55d~E8Z>kbc~sqOn@8k2gnLqHOyb?X3AkOEENGkG1abljk=>Yp-)bSYY{N_ +z4QiH&xx;<|`%33pI+GB5ZfWU96cy&LyS(2pQe?lHt1G82P!FtOf2^GV?3S$nz~W6@ +zK?99INk7)Eh3XX(wH6&t=+BGn=msknp`^*ZpbT)}6B2H9D~pE~Cs}r!0wp~A$Gmx< +z%KrwbkIo+PFyvn=Qvb~a+wneh)uF*E*#6tj^jCkGo7i!m1? +z2Rr9K8hZ!Q`zyiaTOsRM{ITD$gF&DvIa!iWR+(LRMW}UI0wMdMTHBTE&WaLqqDtdE +zY3U8}+ZsXo<>$fCod)(KWb;wY(3E!efns(>4#O$v!qK8PVO0-BrN4F+LLl~X@;#Mb +zoltpvwwJDlFW=y!1cyOny;WzAB{TrfzNWk@LwOEFXs3z(K$AD$s6*7nGJZKhJwi|LD6uCo;Wa~`aGpMmwP +zuRifXK{%unN$)Yus*;L;B3e9-3lAEL(E4*b6d!%9#`55)lvucuoeMt}?y!GCo|ff9 +zsYkcYOgxkk@)4F?QDd;`GCUtA3Y>tH8yA35tU&#{HMwDj>iKDg1Qz%kS(rGUmcil;13db}wFbm*&)i9Wp!r%jO2 +zDqai{$io4Z?2?S7ur%Ue{Texxbky4*~o_amqQz;Q#a~1<4WJXczm(vBjFfjew~GBQ5Eeb +zi_4X?Iu*?K;>9l(m>13B>}cEfGqGEhZgTh;-u=KvHXO?hHJcj!^!31ud6;&1zhnx` +zY~nF!A%7Bn@%Siu#;!1I=>>`}lXj)Tks&Civ;qR$bd*8|V*MY{NsoFycZ4w26S7-= +zr&?GM#f8|vS#jq{bXTRN<_RA@9aiM5*G%~7+vz7vIaM&4~Wa0J}7qO +zY>%JTM?nNnx>r6YavGNG2hx1mRG~mgn9A5oF>INpvsmoQPyiS)XmG`Z7<<14rwxKg +zm;uCN!=4R9#azF`whHvH%WP+_)%r^jZrDwk+(4+TapX>g7t@ahGp|QC3W4Ubo;s}L +zEriS4$T;5<@m$&O+9y5nP06FT3M_l8tm6+`e< +z#2!401SV1-IFd_fBD|QkVtmpR#>!C* +z#)mm%o$~^o?7Aw2JaL(<=0`)3Ap%Zu)P3unW_{+t{n#i>9kBoh)zF@xv|bQzN)HV@`@vuZY9WNKNfcy88lK+@MUM_nVawNYGJhry8` +z`knk6BT~O#qrXDxggCFm0y{QkVVus7vX!!flik%@?;)={YYzH|A@P!1y +zr>@B7C1%Sd(xp%p%{D=W!Lm_%M4)laFDEDA5hdS?6!9PrX{Ye4jIq19zR+!Xw?=M} +zzw||qp1K&|4!H=jG77b#!Caf`Wn@Ed1Dw5_>$gUm7)x-`oJhv*2~`OlD)xQ5w~)IR +z)2_Pm8AhV!Q=gm?3*2N>>aiu5dLHvQaW#zfReLI-7FHF&{*z1_=egX4r9Rn?HZYMpD0K%rqi|_hRCw1zSo(_^L>=7;H2701xpp=- +zYMVyL9JEYk@thZ}@y)rVKzEW6q-Ib*v^d8={+5k|?z?A{9J*U*Jx_cW0gF_Eo5uf0 +zJ&O3w*TiV8#U1yAut*uO3>CD+w|Ki}JVb=sxzN5*j|hTBk`{g$#Dh_}$axvc>!0W( +z>96bjS4e$)K7YqZL3yX)qgrAu=l|)bzy0G+M>P%HuSXEY;=kh>!~MJjxAoDUEJdWo +zXo>l}ckbsLqx9QR2+jsG#kk-mlJmnzY6q_Z1+ko4|l5wx- +z%ro!&>~A0q5Pz(-)=O4Z%gPMk>k@wjD$*cgws63Q<5jrDQnu}zN6a;Nm1J%bLd~>! +z?mYu!@`y=J2*7LZ3jmQ<=V&Ae_}WNIED5w7v4A#L)}-YCklnT15rp?bFE)y%>rLV} +zBe$dcO1@KGl5VyU7Bp%E2KLI21|m1(njmaTnr>?95W6s1y6aXNQA<+j-jE`0`swR+UC?zZ+5Vg37@ +z`ZMXAndvvDjJS*qxy($sI2f6@SeQ*2|5le02Ruertq^=s21jN+IuO{Ga^G|Y2&|2M +zQtkYdRvDJGAT>PqB1d=!y&Xecp%64l;`GxZyy?>etKOad0gKc$8f2QBo9=V>`8KfF +zmX~CI69ag6+^^~S6T +z>;NOEqye_V&ok~bjZRm&-D*R^I61|{yXEd$O63vCX<@$G6|2#5`)lwLoSGqw)P&*o +zz#ZnxFcc5D`OojFi$BJ5_|;y6P+eirFQE +zR(9?GRiG*1q&bTTcd|pWW(T|4+)y%m?>v4yo?Wi7NlNxqX#3KRW^)+(h +z87!;s~JKn!F#b8gJQ+phK43F&uNj{bO33((Kt^&c7 +z<2nQWaq-O*qr@)C7e82nDt{6d&A5DW+0`1goA&wUe!2nVP_p{$E6CI=eu92|;1|sU +z0_te@0S86oh3tYEASdH77_-?r29u*0KRXq*l+gVM=JEv!y#^xZ7+A7iaBy_6^QEX1 +zz&GUQs1e&HGY02Eb(X}XhF04IzOBy68VkE7+lnu!lAn}cabxgKaUcwz=d{cVah!=~ +zu`(uD(TjhY-nn~{$UJsVQhso+32Yx%;(~= +z1Ago?Xhv~X$?=ir3CD@I1^V`>QevBj{PcyI3#5AVN2RqUPco#Ef!C`Jr!O~T1~8ZZ +z^A}l&kH)W>-AHPgswQ@wuRMF +z&FDG0Vqq!b!`4XEg9K^?zkEep^}KGd-3vyU{1J^}!BBT-&Ddk~j_MWDZR0?Rc`&tm +z@f&i@y_lswU*C3(ZR|i<9K{P%P8ho_i+d#YjC8a9cc9b_q` +z73QLLih3jB4%VdsL^gIBNV)Nbc=ETWf|t^(1jv`}i^@PEHH6})rUg3}7iLs{U9_qy +z4{k2fWS+>}FRb|rgZR4NqElS`q$lha7Xm_P^U>>$nykN-+xKLA>biwk#79MTha6^- +zbx+=27CW{9kNRKF_{F6XE@( +zBhFkn+&=r!=pXwcoRaWd_zL~7j&$HpyTS~5CD`C>vN1cJ97^WfPGUDa8rKh>Njx#r +zkh&YKrH4WRXXbd9qK5-xwG3zm9K9nsaN)RCL=OS0l=mx`?HktYtcYwRpq=0sOTh>@ +z_~MrTlmh-DoS^Vk;H6ud<=!QgF`6YU|9(9ic|2U28_rYpLCIOL*=czV(vsBuJ^5^K +zC;x8rtJJ}nS!$Xw{AgAzAJHMeMVF5rQm(9!U_1|Uo~RWUHL}D9*6W)BfTs=s;f5g< +z#)qFBjP|TAiXBWqgQ>0>J}PLR;uZp&71bduezP-m7-_q%_dUCQJZ_u75LR9$ci)Og +z=%*K|96GZ6n-*`Eh`DE@1&S3J4v7IgHbqymyDoSL*|{Z(g7~^uUrPwrju7lf70X#S +zJO~rKF?y&B1s{Rl4>G4*meZ+|hyRhnl#Sn4Ez`oY5OVg^H)EgmY7qhWL|{K6P&L3^ +zp`|daE(n^U@)`0KHt@HDNzS4~zQHoh<^0P(JjL|C3R5{-dPokHn*Riy$;%JdQo0B%uQ@=q48D-G?U4_SxN~8YgR%abb{A#iD +zA&$n*8E3eH<~YNzONqe5_#39}DsuSL*2OYO6K3eRAY#MS3&#acDcYki%t#eib_=_N +z(RrrPiog}NkK2(ddy_3%LowbaJO!e^{H9!KSza=$y(BmU-H3|ye|>M&IqR=sjy;)r +zHpArt2y>ZZS&wFY8+DesdE}+@!)RCVQ;M4UjEzzg!>~{iGh+(dOB%On-$o~~oP9o5M1r_~Y_xC=1 +z?C;_JU+nME>OlXCS*dhKD}?NS-%@`joHPGUI7c$$WMVNfGBGnXWie!AHT(}ti2+83 +zz^C|VBxqP~-WM<6vigxnj4_AQd&Aqluj-fj=6^9*mvMVUt)Tuk>H@d$l30d;(t151 +z*8@x#WF(cUim<#)0L(I%D`;*vL(TK^Dax`eBLJlXLT}2b!egI#wWdpXhnnVySs!H+ +z51|}x6TRz^qRUr+Z{WM;TD0~PcPn5hoX~4pkEJy}S;1PNl96Sc+#%_C7J;G^tbe_D +z-I&E-2{R=6>zOCHdJMqlY5mCDdcvm^8*HMVZmzsiuM3~$`JKb4A&|H)mGakt2BqC6 +zJHN2**ht80zmOo@ENMkaChs!!mMCs3I+r~{pN`()i{TvArdL(JE)6+R`} +z#i4#(e-*bDvEMNXEUg|MGi3oVaG`v5AQc&d_xF>P<4#-De5| +zB>yl4l8oZmZ;88!TD|*B(k!DChFQrD#QmvStB?U6jP@s|=PIwLtD!CFdBnZq_tA5> +zu58_-b2lZvIITlx>Vc?iFMF&>?shamw+AaoX9ei-hLF%R*_7qC@Z?}rEiqibF$H=A +zj#TS}f)SkW3JO%dBS$N%BPZ+Ee&ZlpJNXpg9F;a-LU}u4YW3C5-(-fG6ctKzusA1g +zM)v;E@vSrjijZ^qFqa7ZJVYhd9o}jsdRAO+$I&v`23Vs9-=h>7B|4&|77BH$?iDC@ +z&{ctC1xd_a*3_2dAj{jLtu{Ta8W8sOgAsmpg3xdiW?tL0dP003ECW;^`MZZBD`iFI +z>OsCz+`b3HJ?u8#Ic^xsw;Z)`QGyUZm-}7Ak7;n_unI*c#xGr!c9miUtkv4cVH9ka +zK!lyCH(U0IX(CN1Np1z+@^odq;AMtoe4yvWhj!&Ox?sXxL6DQs{q5sA#{lOAxW)eb +zU^4>z(JE59`$Sa+%^fMMujLA&o{HNX`dJG6+d_g|b^FW8wy1`TiV{V~Wc)l;L?|!c +zledSnVHS5~uDz+*9zF21*7%yVgW-viWdM_Uwo@oy8qH{8Ryp?wrTbz>~vezHI6{k!!d?VGY +zgy-jRFGc3qN7pF#IuT&NeD}AUDWXYlVI!Emig_+cL>YWwyL3b^;($H1u9>d~DZ&#U^MNLbU~BNEQF5|XPMtxwZB`t7ES2jwro3B& +z%^%XNE^5HY4-#dFY7HlHWJFskwC^H2A%}3(zlFy4ANYO?8VmQI-D}rM;lMcd^mNB) +zdkl}HN+~tSd^+}iEM29TN0+B@_!&3qTI#t0Gz180WO{|p=VrmOH+hW6PI@wwJ#8X( +z**^Lb{1wl_G^>aRmT5fIvEF-g0iZLHk{@fFFy?VEsVD2bKT>nHZ!a +z5ynj9ES^EKNcDHQ4Y%b0&Z-7M2MQC?&al`IzTi2q(Z#46n5&?b&;3JF{|GsU2Fjrv +zV{JkTqx>gL{fn6MiloA-1BhS9ay%EdVKmOx?j#uwr)|5>!eRCRGc4ZJ-LrIbg>9eR%>SyG?*`}?hB1{9!G|dSIpTVzh`-1++-gWE-H@c)VK$l& +zD?FaE*+Z0GI_h2(X&evBH +z<1rk5l=4@&Ka|6%YFW&Ea0%d+TI|V^yw{)_OqYt62Kz_UIxiD~ug@t|O*n;Fc0Z#) +zw=bQ=wbATlq2bDdHf#^y=m4TGYQFvJr=!h5m6i#up`cW5SnZu_5_4+`sgu`}ioudE +z1RE1`!Bepnv2u=|TDm!hyY-fLuYKP+hF7%hvgP9UL6SyE`}zj&qK3iq75{NI25a!| +z8+`vLPkjZ3`G2aZ|42iKz=8P}<*A(!r&+XrpHzQFo-_YF^4yr&n8}QdgUy7^kded4 +z!mfya@#`0psHVk4I>#HSfNr@x`CqJD;Yy +z;4MxZ5=1yGSILYSQaxqBWE8W+d^g3pJ!p^5q$PyB|1^V=vaLugvZM{mv1Nn$&<%r> +zCxWxJz5%wOe;W;Q-(RriC_|CBps=`hGNK9)sqqQ#r4oH?UYqhgKw|{!NCzk2!kuvD +z51Y63&*6@xMqv!nixP`lF9s2jsp+SlqPz)Bs3O=Ous>RB^cI-~DI3YESTC^yg)!_<7v +zV6+t=sQu;g8;2djj8>QUVX0zpKg0qcv{*x~Y{b?*1h{_hljI_TxF6%V^t0SnEQF)l +zQU|yv{-w(!;qC=2T7GDp1Z$?iLbO4!jBgFqSNF^d<`S2$ab1++j|Y^A^LbpsDQ_m0N|-uS8;@7v+z(@uM&+{|z^T(0xx$wD)L-RP;l +z|0b1G$+pgk15N8L)dq^(#i`z*LH94=nH&%#JqFWaN8B;0-0@yE4PAVU&?fyzwDe=G +zl9fpM!hSDTO5D#p_A;S*M<#cSXon%6@SLL!I}rpEYf>R_&?GhtN<##iE_7en8dp*hy_8iVZ(rdN8b7cXK;5@ +z0$Q^=Ip#*1K!G$|3$V|MLU>NR5L9QQ#F-uzAN%2a|6=%q4(=t#qe{j~Iw1GA-+iK7{tKtIa +z2ajXQ*SnIY215@mQwwpdIbPQEYaEn=m#}|+AF3`kq^BSZMbm{#1QXpyM&9*DPSF<3 +z$a4Q$Rkg?Cq`Vmb8m|(;YxAxJR75;aaQhm^wT6dZgsEwDe?v`c30h>04=6op-Zxf? +zG1$f8)auY^h!GcxEU8C^XBVj+v~UG*x}j?1a|JO?CT>y|7;wb8bz6Tg%&wr)9jGF! +z8)rS>Q9>Rq@mg?)sv|*1;RWGkoD|g%W1q#dKt?mL5`IsYG +z;fx*OUsbVt*Rc_*WUDt0-c90#g{AJGZ;b#v0^B8!&rTp=b-Iyg3ir*l39sZfVWg8! +zT3v^Wl+ +z2)g&paR_v2Bzi{z;0F;m5RAeITr@5=-lLezKbntCUrO8v>}6qtGysR>-+mG!V(t;@ +zg)rEzo+>ul7nQJ0gTXx{A=8A43GW0?h3L#!S#c-(#{HC(%9U)?^QzZ1JWt%3EB-dV!#!QaP}oqVPRi9<|4da~gJ(@~BF%4E&v1 +zWn(NJy_I=Lw@?u2?ErqhA%L5>7SAUM%Lumvc7G$3^w_;5rE;2{pdnW(=dQ+IQ};Ux +z(|PjqstE_o?1HGO{E}i9Ar7?eg3(?wX4UDL6oSTye~{`Q +zndi_z8(I9%-!R7q|A|!pBJ_NqR)(7FP7z$d0qj6S))NSgZP%l{^&lORq)bs87ewqg +zsXiZ(9GxXdpW25Ee|;f~gdCgY +zIpp3Zf_lYsXje}nl#ldqK|gKtFLF7r2fWJk7LlEwgi*fXP64x?6zgP?MS8)TZ5iKJ +z>I|}1N1drIsxq8QMPYi7UXQ0KBH>E&PGszll@MQ#KCZ_rJ!}_xR$<4MhI8NPk*fH@5+4X&!Cxn*`nvxns{eQQV|-R%{&@tQuz7^P^WV4BpMmGhtp6B6H)dmGWn*Sz +z)KY+ +zxh;Jz_B^(P+kA7^{Z6Uug6PCPy1YSaEOZ|VaJ)ExI(4pT*h +zup13!K;vK}t#tuU75V5qcwtW+ViSUb3gZKe3H?eSfR9xbyDR}v@HNRG+Q0zO*%>}I +zE#~B`q{Fk0X@^sBvF?19rbr%{qZN72;gv)9)M7%iQGc|y*P%yO_0)=mfAiCsyZ6aY +zo@)akNqR^!0T*e5CY`s+$rB#2S?!4Ef2B-fVFd$g4ZD(Pxt*H +zbN0ZM0j5M@CxK)5tSZOR`-K60FUMshE;W0*P&=<*Wb#u|-c909c&Q0VL<0a;Heqm* +zzo?X?RyST)ub~ViY^F+kcS~x6jz5Yik&l=u7C&mCn4s6HK@GPuM!&W~V(CviN`{Gn +z*3_ou*B&&_$9##mHT2N*93jY|gr+1OmIPdU0od8z_>D#hj$&y&w(G80$7`#FxphxK +zM@=m?&I~-Uk+PP&;V1Fm!JG;CudkHRGBkQ%j}a$J17VRDRW2-o=D5dl2+NLB|-60F-~%ghPEt2 +z+uD%X^y^YiQIKvk2F;{dhAGO!KQ3LH^bsc5bTAwMMA5N&clU@t06Ke2Ju!zarcc^q +z$tjxPa$JTsyZMilBu6JoK!s2`zdWekDu|U9JY5Rio(yp=TU?!Vij%wGj8_AN1$lZR +zEs&^7@y(>TN(6*9ay9qDD+0giw{;qal3^GaY>K1k)h-VBT4k?3Tx`@&D+Hm8i!`um +zM(IrgaNN8ZzK~#@CeI+0^9Xtb_T?PO?^4>t`I}HR53MSNoRRscLgc}^dN~T$eT$F0 +zH-5sk%7F1cj!bXZ3~WXs77y-zMTC}ZLo3s%G{pVco$f+sUfOZSVz>Cijj)n2YMxVZ +zT1-qBP3$9Z={`jiB7$&>Og(D1`j0x=-wf=m6icGNKlVp6 +zg5Q#=Dn}+2u@Y)jvfBWCY!r67#LGE5C6tIDP)K=|0I6UILrF>Xw>1oLX#0`Eq7`$6 +zHj4$OywQ{@CJt;07WKW2(YsjjVlzR@Q(K4$9o=a?Pw8X;DoG$}O^$Bcw*dvZz$mo3*NSLbi4t6X +zvCh2=G7YDYnWnFLO?~KU_0dSw%rWpP)X^8)eCyC(`z@TlIz0&>HRZ4a->~fEMF%(P +z$>WfTG3>UP50|opRPta}=5!C5r&>uwSu@eNz@E={%+T488jQ`rVNks>?Q|z`gQhtH +zM5S8B9c9+sA}rw>&+{K@S2N-V)A(ac7IZ!(6mj12d9xMvLo|K+8MuJz7`>7Q9YM+4 +z7eO1RT&$6iSWXl9Hec$2R~2o!KLUj!#__pO1S>g*aJ*_8zte6XIwviqGH|ye_6u@6 +z6bKl1pNh8bee&^ltpeCsT1wv#CoxkgK;20`-Rbqi(^)#wE*Le?H+n$CZux$RzCfi` +z0kxHFZKnrWIxvFSuyHD-(v~;JaMH+ZxNLex>8IV`Ia@0`{?|8Mhy9)$mundBBc)(t +z4GvOO>%LlrBn13wiVO*)3xCzMP7Adoa+EE^Wq&HM!Jgc{>zk1~mN4RYm$sr(mRoA4 +z^8XP@!A_|6y1rBm%i2`EOkInjb7`eM$bn}Igs3zFNETm +zX|~{ij`+hrB=x^C&uc_;*}ppHrv8(p{zc|_EKZxY4zL?Wo^ez!=p=Q4f)E%;EGbf^jpUobRR#pAYFFf{R +z!WtZeQE5Tfl<(iJX33$)Uf&1lF8X)_s|05?#jx}Uma_qZW|MXY*B1okPN^&WW`}la +z6NHiHlo|pLMJ6dEar^S0fP1#{N{1W0L5 +zC02UQ-|RRXI&Pw9{Cw9w`LS&I;Tt_yAA-K6EGhEGF#)I)KSOiBJDNCC+pTdBMF?{) +zE0c+LkqUz7O8PPM#S*rX6FcDz!E+dO$Tx6$FdlZt!awOE^SYy2@;@h_t5w*OJ +zjR9%F%dD93ejO(;dQQXYTin{ +zMyz5}8(DiuZJWd24Q!j8*J9&Z>C#pW^-Jl{BuH&}8ra8OqlNh2Z%RKoL)8H8kC#Lt +zD|n|SSQRmLqbND=)PZVKz8cR|xHZK{QGP>hquOIaNHl9^?pgO| +z+!Tbe6VD<2F4ju>m02@@T*3R`@}|2j7pl4n{qx7fsDsn|Y@QeU((0G`+yYEnL+nCv +zCx}R#UY1|=7P69wOc0G73ca69?wccK>?#H^s;{evZ|zxd+J*AEc5@H_WAc#63Y(0^ +zE;e7=rN%W35?0(CzlaF-*b0N6bIQ?;9F$BwetQzzS?S3TS@*hyxI&97Ud(-6-b-p| +z<@@UC_^^&H_Y}Eb;x%VeJ14oxk>~9PAZecEw_Wf8zkYIo;j!C9f7-z-@t=8=7YcYn +zXe~qj*cc<@-+`pg7=88zn~7AG`VA@x-X8+v{`bkVV71mDJs~J%I6ZtiYS=f2_2xP~ +ziXFM7NDp8E5n?hWp?o^e?YXJ!ma9J}A&vCA1!_h^vL|Z>H-gh5Jo{VF^H{(!k~Kz| +z%;cZ7qYbm|-|x35GPW|0nqvD9dAvZ_ctb7}TzaX!9 +zf=mUDziz&7IeC09M-Lwg)99Nh!^Ttdt$EkD?E}52zS3sx^veek$S;{vb=8aq3++c^ +zDc_@3Mt(y*?tRG6XMlSO|(*IspjIZk%5LP@jM=Y+PNL$GqDRHxDy6GNosRk~Go +z@-#^8m|dI%Yu-On(oqk%OZD^peBCoFDdo!!pc)0JWlC)G`AFp7 +zLzci>SNc2!1W21XtM|*AI?@G56S;BHJdAbRbBP%yX@}n`KsYssyVIgIP_4&-Z#7u? +zS~M8Hjwy=An>7R0(uUdI2y0l0t_i|ZC7WZ-2EcH;9V3M!6BsQBUL@L5UXK=u0`-+v9N-w)Ei29*fyxA6*$!U&;Q7!la5T!kyV +z(ZeGRixX4n;rOIxJksBw8j6!#3x$JX$J?}F!#W)~-^jR%ZKLHD4@)pjprMZ>I{W1D +zX62zymeL_VlHZ;}U5Io!Lq(qII?Kasg6j`_Z?^Yq-}tTZ(FEFg`7EbXPR{V)bMpv@ +z+>#N)Jau6F39$Z3?VO&zN4%}Iii(`w?(l}6oeYq^-!-9@(&!NtAj;<;%>6rP7V2D} +zv?_n5>1yrkH-EJ{V8lMO1}jUS7hB7m>rJNPpFO!J{F|W-vu}xyKiw|UXw?_#HBK`s +z)Tj3c1(iYLr*|kG9LXccKql-rCx

);6g<=4z^#&GbLNwIh)w_?XFpwse91W98izo1Q?q+&X +zhvthFou3RnjGSg!x=M7kJH=@@0rWB@)C*HW{4tlB3TDP& +z>NZfKfz)M|y5zhtF8icdED#e?_qaP9uNekZW%%!3KX(iC`y-D}_&SbDH%PS(>TPa& +zGt%=*3P6CQc>RP`AeI8z?8*8fbtK?@Gjl|T7x!KRS-cy;HciQ&pYQy+icNa{I;;*P +zycgFY4Sk?^lI4}4;r4%Ibc#C9*5+Dm(6o0?RiU6eygkh_jIKJ*KUT8H4QTx!2OIz6iwx| +zVH2ZrbG-mC^p&%-rv&}Vj-eEtCSCRBlNx>rby$N2f%G9IjWrY!wmAMMi4Z9fAL^))5~sC +zrKrX=J;4iYP*W1=%DcQ(?LO@&N;chb0^g}k{~WFyRz;Q2(wj0opZbE;*kFVxEvvB +z!*GYuLu|vcPql_Dl`CM9@+m1fRLz{<6uj5zt|vfmU1>;BApwY_j>#Feq(2G%`Z;*- +z|G;i@8e2FK{%Mz;^AXsvZx?!dWbA6M?jVB;JR*lmXPx!DJ~i`k$Z7Floyel-aW +zu{GJgjU3_1bjv-lr45bip5QR{%5R{7PdqJ0nHI4q;`oY$)ISHHlJ~XOqZ#MfrP+2# +z!~%y@!@ns5VC^X16u}ZpM63ne=!TA{GEKe&d$}N`%C3N}dR(OQ5v51)>u48Wk%1W6 +zx#en13DsxOf#TSXeyiWhTGeTv&Dsk}49^1iw6BA-*2r(moPbB?Mv +z`Rml{2%@&|g$O+E?Gs)5m$mk6c+N~FXQR@Y;ka>SFqruux!;b8l}+8`H6gWHzyF>b +zYG(x}ooQEt*Pg2SBo$T{%N&^()VV=5Ccv*#Rcp1UuJzXE2{BI6*aQ0ZBvk{)wlStP +z^J>l7ph6ye88E(+64(9Y1CHte{@K1w+y~+Ca0lzOiXU+5&MaLqNhYF1(+2v(?h2?<)Tp83wjGccra)B(o1y$e(Gw=aC>ufv7lxCG9kIJKh?=+JXv7s +zTHwtCu8uANQ^;%Ff!y&xJxKJlRwwhI;f__j{-1@Z|5H}y@7L%LN&WqZ +zOc$5CqMJ0!C3XAO`FbDCZL)TQiZ^9j4CX@RDmlBL_issw=x_Dz>sB^hlTFmWS(Jg? +zEfVccp^Ob$SIfKh@9{u|7x)q(LyM#t1Gh|_V~!bi&ZM5mIlI#zH_!e~tIcSI>eVyju_tJH +z?NwOQ!Ky9qTW~%L<||hHU0zjYtyYu@Vu6c@d-n=Jc?p`!36vVQ*gPvH!#(;cq<*!f +zJq2WoPYha|YPy%6s&8XO@8R@=m>?iv*J4%b^nfgLAG?r2O;QgCzR|~my_f9ZNPVIjG)iKtU?H+h8PUalnQ#NuC~Kn2Y-Riw2%)Zy$pf^SM`hOB +zJ+@PamrjabyAH%V5T&gjNRTx1>BkR)ohQp{FdH +zOJ!z=X{QMDW{kIP1h1VwcBCoX`C`kbE4serG-X=GsGH5pN#V?|!9e$1f3ADWg*VoK +z$I2d6*cgE*LhC-$GBOq6o1#L6|L58isZjyW{~`SRkI+u$Kaa>Tr*0BMnj&y;m>98g{H@n# +z%FOilHec0i-}eWE_bDrvCGVj~vJ~SoD~{uiFt1IC*lVv@26`ooq#{Qf3SUU>M1!07 +zMRtB8DpEn2dnKz}g`Og)nylU^b>N?Q-;>v&bZVZ`l!V2?e13|t5E})@PA^??lT`5P0%-)am`U5Z_b?7WPFK3>9mwa6JXeF|NGad6F +zU2H8e6p5LMC@Ut8tSp8JPn|rem10B6j3fqoT|j78W(>6QK%6969EBeDLrkwvhg&E& +zblR(-7Rtj)g3(+M?%pUM1$p{y^Q?9_m6Izgh!Z^F{tF0-)rw@l9kO#ksY8dbOLc^l +zd@mqozyLOU4x;_rwp<90PJV|)v4zpQZz&z;geP%0$6N%E5+%(~lf6rHfEe!^Wp1qm +zQJKO>+5bn|J4R>TCD_}sZQHi(RBW3SR$Sp7S8Ut1t%{9`lZsQZ%{M*uOwa1-p7-Bt +z&CJ)Vd_MQ}+h?DB$*xk}@|Oc%1g}8y;_~w*Z0%CZTd6EGQsuHm9RQ&>_t~OthH~Rw +ztdIH?jhMDs=cMLQQ?eH%m0YF<&vjq^R#u^$!~Y8f*93br$n!K6y;G;Yef +z#m-fku?_r`9A!q)Rz=(kop#$mp;_N>EOMaLtyVTqmO$g_%6$(@8ZJn;S87wN%PA(+ +zePKOOcmtNdyespYrd;g`13m|4dL-_7Y+6-W#mT~|SuH(?d=|42thfTTH0Oc#tP`xc +znei}{9wv(wuvx<8(teoiW?b%tHK&(YjoJM%A+$9+_~fn-{iQKJ2^x`4dcW7Ator$0 +zK;et@6EofMo~*d~XoYb3fP7bx4_u|(W{Uf*UB7MciuPgc0^q1YWT2M91b>73;nt?S +z3yN?UNuAomiw46OT)BdUL8g-k|4?5wueW05r+T?t(?I-Q(MBl^uEe8U7hR4Yt|OYq +zt{x#5a-HR2vhqXTL4SQ#s?9Ka4Y;Y$BEPJFcacC%4(WSNJj7MLMPaWL2`F}cH@%K5 +z&B=#Ruz_=_8}N?zvf2Pln_R~jhHE?6;5K#OAlU#EdW`-iQGK+#Z;tw$s(v?Nkxbaf +zBBzuqh6;-qH>kkmyv|pFVXDMDH+}H1Pa0`)9OwQ8*m7tD)$~GV$Vs;ruRujk*Ocml;O2&FEOt{>fc&m^mcaZ=Z5sNoZ%WB!}k6cE;nEzxvsO +z_KVTK-r%0rfmYXmek_n+%|u^QKA{Xkg4zN3Tll~`s!;i@63MCRQ^W`Jv;foOQop5{^KP21En~AzvolXXIsTR&`c3#Y$J5dCdeZc +z3;Cw7*>{%mayzt1lK0m>0>09iKz{B$_x(e}#=NcG#!tYqd0N7NyHwQDVB)`b%}8hywTBK3I+ +zsf)$)fp47YgRJH3B_?_B>>heb5~mLAW5xk}gSWej*aB)sX|%e6fL+cM%fx*djww$# +z4+5OsjrRiCcvE6k%Ga!f1Mn268>yN>g?iLp(2b(Jf;i8{?>}W{QQFzgHf`-2VB9_p +zAGX=}z1S@l&!i49mShE^^jHAkBw24B#sg`rgmq9K4MY_nAa?mig_S{gmD7@nxmoQMctknmJdcMTJCOLB|!wrpW0E}Y8=9+H$y(oCC-8w%(jVP&@joi)>>qz){)adMf#l;)1ivfjxPMmAVLmG85FZtE +zkpHNltK&}Nz-%UP%gsvGibzvR9w|^HFGJA7^s?z<=&=KES3%Ga5q>pcZ3DD6Mx=N_ +z4!D29eIAtggQWiMkn!eya|=t#RQ@ND`WFrvh!D&q^_nNuFM&wffNV#n&>TM#*k|Qr +z+(MP@ZaLh6-y{XKgEmmCT2Gg^XQq%E$E6k-!#_B+u=G9ah40)*KiQ51%ZSyFFcQiy +z4_cMsD|6Cf#-$*g+$xq#O^_fdkAPZK^3`qnA_0|uor^~ug>^Q}4xT>{BQUM4zsZ$| +zfj^_xPc##L4;U1matQ>~J`YaT=_*h~8Bcnn5vzFU6-9u$Pqm~*d>m0mlyB^vuRD|5 +zdMlJ%OYg%ZFr#~7e;UYB@nS>|`@Hz#T6&f$a)N#}282L>QZj-$$7T$8HeszVbKdKb +z2RaU^+M9)abMzo51+6lBgn|0)6QOu~zlL{i%W$9N@V3);2KDy}$1xJl6kXC}rFN|Gyea;myGRi%@E%+}+yx-w&n!RLHRWR>&ZlaI%`S +zv9g+)vYT>qaWE$nn?Xnb>S%vu2sL5iD|FG96``=*0Ym~%C@4eW_TZq)8E8ID9Rp?A +zC|*iXcPL;3vv#WdXj8Wr7^|UNVUihwA&buG;&WbH53Txze#Hah_vkpNEy1F)CMU_d +zETa2rWp8S@ck9hdOwRhTE({kIMyanHhwPfzUv7f)-|3149?>yjmn4FT~j&J=sXUzk{mkLd#wDapXv +zgG|S`JXdpxmx>fKvjrnfLCw)L<+)scY^F~9u9q-;Cg!5+E77Ao{)m&tp+OAfXd^)4 +z!{%09J?M#mjGz0~D#nLmxmQQCZAK>ScZEZ%5k5GtycP)z!12E6(I>k!7mo(YtBlef +z*sGTi^f@%5#WKp`EHoyL3x`w4gcg~k@V@tNti#TbH#*2RTT=AA8i +z<+Pgb%+nT0D@vN)1Hxc8HMkDx6{(4Ltm9%ov`gHwLvvz!O|m}vRG5oxPbeygTB>Zz +z5RUbpbg4)j46)o$@;67xiC(JHZGBmt-;oLnMu}qanrI=JlC5B3!B4z^xjpEQohYxq +z1~xciW>lZsktUiYHcma^{WO+2nT_C7`(|*rgNT-z>qMveL=-n? +zq|Y>KRvuVX&xm08^Ez4EfNVA3HT?u_B+Gr2j_AnF5Kp(A1jP?vLPCdu1eqp_HG_9ImR?XpB~{4iS;qdl +z^6c&i$q}-`o1>RAla)id(S1){%2TXMtaF%ua24QD9jDB83XM?*?4ysM9nF;zP@AY< +zvDLJa!MgWgaE%OjR&xpq@k>~O-fojLuNJ~6UMX|4bVcFGWi-ps^Rk;SD6Q6t#$fM7 +zBP4U4SI5z&1DSl)7c*BKv`O=X(e>VF&bXy5{%UAB>Oix62T9FCsDZ*VFL4ROQqlq2 +z;*15+_3l?iQ`{kc!p +zf$`TZ{re_x(N>>4|E*N&_i^+$l!E!YL53x{<`$Tl=oJR@JaOJoOq~NQxVbpRc3MZT +zw2s2?DjCfJ;u@Vk>USuGvm?7QGTiqdM}6_&ZGxkAa(>?p=}5_`ETuf1a?mSQ91}e4 +zx-$l;J{yKEKo@0&&~~sPjs7&kObxw3ca#bp+l<&xCDSq1WA`XTj#_YuY4atu!^nL% +z{P@kUhLxPtG{)sb<4dBc>jd|4Sh&5^G`rrrSx&3gZpp5EMA4Q06CNMuVGVI=HMTF#YZx?P`>r%iXbK@i|i^M8eq&(e;3n +z$OKLrhN>AkmFyNx)75Jm8zmnaEoKO*T&>zuie=SSwDFb^=4&Gl +zKu4VJA-^coRbBzG;b*tLjwLe^AdK@-nKEr=JwL=wtn6x!c8c?}8GIk1FRcXLyx?rq +z@)#hu#I_xjnn0qj)&NBm*NQUkp`HmAJI8t!hvFY^QYePavj(-BL)_YBox#`KY&C;h +zXe~L^pO$+3v!t)M#rJ>Wfw- +zJ^U~EC|0Lou`CN8`Y$XuO2ofD$4Yv;IwlRpp1ae^zFOJI5 +zsP9+zU3CW;5^5yJz-WKT%t)s^phXLjWIdwB_xnzWl1a%of}h%ghGPR6>J6(xOy&2% +z3468RfmI2vVvn4e8wU2}q<8Frrg-D$UJH5Q7gXkQ%4Qp8v`0g-fYx&vrOuK_CiJ{7 +zL}Arup>r7$z|6j*Q=M(%b5t~t;#A9_5c_gD%+;B;HQ!0LHTT2X6*c(4h_}u>=5fUo +zWf-b53}=<8uZ1E(qa~P~!AO8PTxt`P%NvS#tYJDpy6RczJULas-&NhW7Ir;s*vJAp +z<8Hkd?90^DITS19AZG9W9!lvu{3A+*xgz|pqSSwcQtr_R|KcrQwE~%);=j*Rf2w3y +zxRPs3Axse2%{h!sxVYIlnaxi#4O7dt48{fjOdpTJ`#o;?u^ +z4T4r@P{uE7-0Vtp4q-NezbYKxjJ&wXdgJVMt`o=7M?zO}Kx;5JbR}p0tgUy`E1X#} +zNa4VXXM5ViLT^jUOl!TV6M27w6SMV^=-b;JRDDlZhTakMOW1wg1^vw!6Yd27ddF+u +zaL3e@(ISc-goC74X|`9P4kl$_`@B{}Hrji3y4Q%*B0CsA*&!(`t%US+H4tpLw%EAa +zQ`C+2w8KCb7H`kngCpBLi +zofePdT)=jHm7w)JoM1rWH<6!!eOwIwYEnA4?15Rio}DJ1cF)TITD;n^7D6T_X_h*a +zd1;~8K;p*co6)-m0Z96Tms>y90pr8>=d5>amaQ5xK$$fZ-zic^Dk(ucwJSi0{m40r +zziwcXP};I^LZAO?A*Bt+K9oMITJTZpYY7CR7l9|fk^1TDqlm+uXxS7XiM=!L7&mTv +znAgj+NkG17hG!3y`*3$Bg+(T7RPQnkMYir6D|44cRz@IuOvQ&K`BLALk*7RoUak8=U<5hs57;^jF@7_mk0Ru`%Rvd +z9-M#`AxjKJw9N;>*fp!ciogZue)E*j`PXJfu=f%ZsL;Y*y#h~5yi^RedK_W0@TLbZ +z*M5TK?vHrMw_pyXeI+Gb%-hMS4|g~P5RJOIvGvRD~{>O +zf>l?$HtPaaX_-AG7Ym)rs7EC>EvAY5gaWnehf|VdG|WGuzEh1weKkj=E7%8Y+PTEK +zV?Zbz54U#_3TY#7>MOSL4+z+|DTrxL2`RB9L!nqn)&& +zNYgPXgVO+>QS8g4vs}W!p{b1Ea_lg98DB# +z?q_-ttB>t*h0=Ev2Gn)qj(*{zwnuP^Y+mI5Tq|1}P1%xuJihdL#Ro2Lr33k0PWt=y +zCV7LoGKv&-pvkqqWA+4Vw?M@GTBpQj?yWGQfQ0_5#l4UdIKE11@M1~d#0&SPNqR)4 +zgjg(ZcxPK>y~Hk`bR{y}4^@7ye~YJnA4h*gQ-7&ssF%?c9*gTw2vUwb#u9P5wG|K^{RXNmG-v-F6kJXt%647rl5}qMrN!6Q%Xpu5Oo(2sCPN)wh985KKNrJtjo>pDWjYTePkvUmGK2JMUF7X^fUVPy`Ha8M +zdKtzv4y`J2P6%e2co&x6(g$@*b~HC|mN(f3R-I&IOd?-_2KEBj6NwT&kvqA~yt$Va +z*n3piraycKPA>X1rE^}n1EC2+(jNo<;=OIlI^^Ert^d_Ru$T_ix*Y1da2Im}5}Wlq +zz9&7EqK-KSN)i9(8JFQD4V$k5;RrR#GcC)6Hbl&2>z$$S)s}=)OEDeYI3mLt+yMr5 +z`Vj0mQz+bZEXiO1Nv#GI9jR21*TC2*OGoV8d(+0(r?Z`KYEiKiySkHxB=aS%9%qq` +zE`+fx4&QaR5q@9-Q!#9!v~8(5#VFN2c_^59gq<{^(uqD7P3wn%9BZs;3~PI^bwd|1 +zs1s}^$(@iy(h_OML*dhisKdc6H||O&AT0%$<`cMa`QCfL^^AmWfw>0jy%`!K*g_#e +z@GIU>$d@0;EaS8rE6>Y;D+BpfMPMaB!%iS3sLm=&&%DrTbSX?kEg5gZdW1=Y_oE$p +z&oLpCxVvFv4<(c?D${;?Z?N29D)>>m+IJE*lpfKv*nF@X2QK&fj)^J9bdvg@x(>8o +z<7=N)w4|h1S7Q5upc5XiIwvGh~X&{E>vgeJ&06w!?0Uj@xcnYq4jNO>3^}O)Y +z8i7OMjr5jfSJdX7WE}--T7nSc19;!u=9L$LU^#D0Q5Bfe?&}RtZ$1%cABvSM9-}J)S#V5s3O6GZb%z8u!UBVK;I8O +zU*f+*?yV=0xOl7^>@RFTQM^KUYW$t2MlJsFlCO>p@gFbw{)cvB8#zQx^q)-r;2%%z +zLHlw*L4ZL(Ab^qu=*W{}et|h78gZGjeB9HqGI4Nou$i&`M}hngnGDOHG8vY?WHNu7 +zMBrlL=3r(2peZg^w%;tYoV_OCxD_LEmI=mnjY+90tn +z&`_C+)vL;;beXY$GMKZeVH{2W= +zjc(+QToDoOmy7e5l{Fw&rp{{PyxED#ygwzS;@P(~`|AN6JY`s_BnlT!YIeMCkmVYi +z4U{kb^H31v$H^f-NvOZHIH6ynV@To*7a2NC;8bK6{hz%pm^V)EmBU2U~Qc+ +z6`BjeqN@fjd)Q3@Ko?2T;MV1puX1Dtl6>m7L`e($>pJzA@_0i}RHY&ar*`L3gLF1< +zeynt}X5vMsv%ZVY5Dkx-&hPKg%Ms}lBRu3}!*V$KTeJrbTP!pJbb^==(0Tpn=n+0hfsH;8%4xxA +zGD&PZ^fd0Bwod^Za~(=NtVan7mRE%*YGS!htfgF&l0XDcEo-j}tMn5_=asJ@Z?`Nf +zlUp|R_;Xwc)CSF%2N#mtYDE?dc6Siknf8+EY_pWov*e4 +zq?-J9xU5@0&3Ut`%~a;xS*`s +z>!~bxzef%?(+IZF*i@Lom3B={#_{XO(pb&=0OdWVg@yWin +zk`>epty2Wu25f@GFrJ2-Mf{L#=kl09uQWC0le`=M^(WEM?Derfon~ +zrA}rw1aYknsZAcu0}&=jfz;Y!JSO3<HWDGNCm#e#d~w>|N9)1!_tbo8^c0#UcV +z;wGk<$Yc#T+$nd650v^{JpcbIO#SURa!URKr9LL496^~0Z-m~MH4Q8gbWfI{4Krok +zO{_PX_VF^GpCn@P+{oR2laz1gZkt}(z?6%EMPkr-7Ti5K6XmCdfS3A=v6EKUZzoC9 +z6tyy_);!}yGl>39USWylY2|*hqzMNxw4X5~4r5x{OEt0+QFt5{Bl!SLW|@=wqbj3nGy(5-1G?hg+uF(#AVyc$B&Kn1OL5Q +znB%})M}q@ue!R5{HlryG*t|{CgZ7DZCS!4Ksg=~zY2EW0(F^0dSrPX+!Q;hXyfF&6lr1;-a!b%H;jW!kGllvTGXRH`72fJsf!nBaYb;KZ +z=9&4sU$aHlW2l^VvMZfyEsY$>QSI;^SlSVJgddf!?e~$uEk*#&1vUN%)9!hxF`u!u +zb-^NeCDX<^I6ph(yZoJ@hq#2C>cUli-@yJVA2p_@8H98)%T~cK>`~_~y7^4bCs00dz3vl$FJ)pBYzQ<6 +z8dr``JoZY3f;)(V#r;A1sA42>%^xWBpEemN;&6REcIOj>e@dqQg-k}PtH>{r=3s$m +zx;e+H;g^5ja4E}dG26M91E`5ZdAizfl5)x~nskMmfY20#?F-N!YNEbek{^cFFi>VV +zU=$7+0*N0T%>9K3CT%UxE?;qxW8$LbgUy_^O2l94_#6V}N5`88;f6W&b1o~5r9vy! +zK0cz|u6ahkkRku2tkkJeKl$lB`&Eiz0fVWX^PsSgVE7S1OXM@j<52&!cGVGq6X05x +zXwLTM-JLilN2B4LjzoLR#8lkC)tx?`oq7KRInG1_{y8!!$LbVi@+;PLW{Xi4y)U#2# +z61gk0;8HCdJ0xudzmHgtFUcSl=3J=h_A_e!jFZxs36sOnI+VrFjW<|7;D$kKjHVUC +zK;4SC4}&*bLa%ZfSD^h2wF%loJo*hHjA(47bHz@9&JlCB{Q=E_G}&Acy480T>g0kz +ztxHGSz01&F;SfNx$&nW`ZblMCDMfwH2x0$r!lGnGY1%b<((cE{s9G>CIeWLA|HAHj +zvJFR`%LrL_x0~hHahKFuI#DJtD2C+n)Zx~k9vtpQ<>*-PRoIB)@-;_&8u4?CHIC`3 +z^soC9OXN6lXb8W;2Uh^=D|t-=xcc +zkOy8=IQxFx)04GkWMSFXpN=o;YFa~AgxtR2UXx{F=sVerTNGc{bLXc1b=b1BAjxkn0V>K>acTua +zkB1IvcQG`u`3Q?a#tsLpobL{296s5>m%eLK1!icYcmg2Arq|et@~@8FmKlf#%?%dR +z%+Z`0%!zAdzIRBv=${1cZ7PsJRQezZoG#E1qnD6-Y~4O6tzkYVg%rwqgAhs@7G +zW$T9rr%UQ3{syF6`{p303tu9!o}W&TDL(B;259o}2k=a}rh*j+jjou*Dw +z;&$|KQ2B^!Iaq_oJ^^p5@MKUB0|h~~&5&{{3f!3K9p+%>J?c_e(gpN{Q~Mxy#6gao +z&?g_XZ2D{2VRt{eUm(CtfHi~oK|5E)e<d3ri1y8) +zT-nVMRtGWCeqTsqtMAJM^M`qyrBHBO$Rs{a7Ns;xW48}`l@4v|_$s*elr(*}ZhPxD +z`&P!#E*^!6(oEN15&*1pcHo0X9889?6)$sb8=#Ldwe{Aqn@#KiiO+g8}n9-AGX-zH%|Rr>kmH*<4=S0rTXjN}7pi5qc@owiNj;3i#@m=UpN6Hd2w +zR+%-pM!RKHJ;giv1eTKs;*V?5_|#2VjW|L(1A7U$lzy7?rQnV#lWNbZ5|9|?cM8~2Pyzi2!<_zspb{@E_{jIgRVUus?qn0b-;F?wFm|bl +zVO_zCzoRi*D9WiO1lS;20JKwNCw+}pW4E$DEA-&>`Tq$@g$w2C(pIo5Hn8WKB|fRC +z4ZQko4l|c=m|+YiaP=iRud(XF)*3+p$B4TY9FGx)2l@G&d^4^>35{o>c;V +z(?wd1X7R~kYeeVUxxoBI#6hS#)j*r1i=G_^2Yp<;PZ$JT5xLHyuU??7Srd=Ld^56p +z6ku433uHdxeK%6i#Ge*=le|NyOm(*n5DNADK4?D_`-{LH@=g>S%7tZkPga6uPP(xF +zOuN}>b=k9QiGrf-)TbHx=qL!FPLh5Q$v?5>-pSEwV02`{Fr5C +z+7NzlE&HyK*Rmel{0s4-wo5+;k9Pr&r1KoYP&dpsesl=GSDMGl!?jsGor-x*uT3`~ +zergl^aDB^9xrL5{Ro)VXc8b+WBotKuqiRF+bT~#)waYGf33ZcL_UZtP8TapfsUGTo +z45dJ7k^V81`X8<$bc`VV^SqQgCIGtX-^ZvwO){*1nPj-kxlK4(*i6|tOpT0<*vx)& +zRB<=XI}~HgDshisGtB`I1xzO4af}T0_$d9=NY_><+V>NNfW9mK)4AkaQ7hqv7^J=yu)+Q@-d&Mf13y +z1faX^baHpW*8n|F`<(1?IJ%-9)T$B}~}8WauTI)DppOz_@)yiCE$fk1kJ +z`=@CVWb?Tx$Z$hOMN?#Kn$YwKV74AWYsHvCN}Ai@5W=T0SVy}hWzu^x)$XR|@(iTD +ztF*8HB|6^55ey5$Bd~IJ*V5k{ +zrCmaUY;qyMSgy)6XzkSZ7$5_#Cgo;&$t0zEyQdaDqi^Xz5J8wN^nU29mX;8K$^~wr +zFVWvjzA?PcT@)WoM3r3s+p7gj{gzW=Rw}2v7gqcu@Vk1bDtJz9p#$S%+r+}ri++S2PFEK8fu^zyV90Exjpy0 +zUH>wSlFM;l2Soq|3$lbLtcR8cj);ZJH{Gz-1oX$5|nV}OnlI#Kqz|x658xVCcJJ=oC7)(uHb84 +zoQ#|nw)crxPUp47AkOMtn>V-8c4t$nf?pW@vx7+VSMzCiwqUry+#!#ybe=jYX*XJ} +zdVj%q;i%u)s{}s1?Qlp^b}Ld+e3lkh8p=X9m|Q(x7jt4#AS>NlN&{ZDfHReOO8I*z +z_22c*DZziAMt^YBUm}^cS~Yv?ix)4wi>X=&$}^`gu_X56d7I~9u-(Ni%q7~tLCRK3 +zLdI3Dh9ugyZ_69f^@I20K60u6*f(pH0$J6=>yd~2{sh`nob-+1}quduuM7Rb7N;bNp8doD(hLKpTg9u>s +zAdp7#$$MtDaVlAeM{giNB`>;(3;@kq0AD5D`7vFIf{W?yPOyabh4DOa@WV+w|3L1- +z&+1B|XgO|fnPk^^0wel^DXQbZj>YjM_mT;`#pv$9ya?#WiLzr%09!pELV?~n`I4SX +znRvvI24A^LG4c@8TX~d$)ZabC*k;PniV9~fdwF_b2)b!i!5`bQM$a1oN +zl1s*>?H03205ybXkA5`#m^$InJ%#!c;97~;OEtSvanwfpBa^^R&^vz%{*Ll1VGX>z +zrsSXo@Xu#;1v)zg9uM!HLjLBzS0L=4+M8*9nFY>4`{ +zp9)Vmt&D`NlJHpyhOVh6z5_a4O042qBa4t*A{qq^Q$sKwkDCKL(Sd(jDY{Tg*bLoj +z1zU#)eTJ=9C-Eav>aQ&}VXm_0rtT>9Dt_>ehSZWqK3f=s>V=t!^GFK2Jp(?!;-ZZ&F14`FkFL| +zI+eSP646ECwNZJcx>{^vSap9?^~x;8pPG#v`uMc1Ne7gKA+vzK1Bay-+vTqdk}0#^ +zXJAV%_e2GA<%TSbW2-Wbm;n!a;Ft{6VrMBKFnBOU5wXzY>y_X|?kA;|xtAl37k?gswfC#XODF|2?2V@#M$ +zSXe$3GG-=5Y}~BI|3Od^0H?uVgc#UKvp|_^DW5Gru*h4{e$io*oS|FxVNE?|`DN`p +z;)y2=L|=i1PfyMUy3KXCh0JwFrLg;9BO=H-tZrZg3k_~Er3)RDqOOL6qTFE~UZ;iG +zdPN7-ZYb6ldNFf9jI}v!*pYw?s*MIY&qIJA=BacHq(*bJ>fgjS0jWaqm#)DM**chO +zw@Q-Sc1Qm6Qhbg^C1+)fQ-*~tkQ~UK#Oc=g0W?L|KQ_~?0pI^LjhVMRv=?3~2n`)^1?O+Jelc)yyu&Q%RA-*P7Eyvwsntj;rJuXLUC!)o| +zlKL<^m@FPP4np?6rDmLkR#A6+$F= +zVfgy4+FnYRGn1oku$k+a(5_YgLB1Mu``Exizj8a^AVh=m(vT(65`z)snBa1)ob~6{ +zK=4fSfm?*&0_e2I%x{27Z$B_ru{~dZQr=2BSbDRe>*-@f!aNjVk=TEbFUFT|+-JuI +zNZr59l*teu#W*sEntFq(eb;^;3N#Gvv{Pqq1pvo$5xUL`yMH=HsSCzvm&I4=mF%Ey=5%3MJt~_mTUx}ErJj5A2s3Lx_@=O4mssB +zwU9f=KEV?z3Z}0Hx3ls&n}B7d5&5Lo;z_Ql&?(q~CpzH~pw2D)v}iQ5uEm23<`+Np +zfSnzbr#nJAJlJk4QKEDfZ^u5@C_QB*6s8j%Byiy=)gxpx=7>Ea=UlSuhV%spa){(y +zpFt+3It5EpjoThz__YWB{vb!x@665LhRO!GKofX(7;1rkWGXThDZL!e)*jRt$WMpu +zWMDrwBe=Nbf$NiLPOsLJB+j=BXIDdJs;?%d(Affx8;C`mHyIj(H=79$dxQTlKbt&I6!>}*4T%$1^ViDHP +zXkA$nU0j#E+}3N@;*$e07QXqWdnT1<+uUQ2T@5qtjjdIguY9*xnlOzG$H>=kl0p4E +zs8SGLUwyWKhUBYxiK_vItp6S?vmZp!VS{8NZ2j{kUxJWMx~Q(Oht` +zaLJmpFUA2h9`D?$gGWmSZ$ncdEhpFQADb}>ZgtEE5a=zs2!fGCpIBUkxk8rkkR1ef +zXQch?kbAp{b$byYa@tgwUf{(&oFAKuc|TctR2j`&?mUAOwxE%|?tGn6pWX&RE0ci_vf&^y5)4;>PPCEN*kg>%8D?s0{sruN9q*vjatC +z{Qw=yJYn00cWxUa1utwF(PXuFZQZ%Ub@p1RQ$agRssm^^l=ay;U$TBu6mP;EAH)Tw +z5OZTvXD4s#kSh40Tqz}9*3~>_jLi_Qh>zL^paB$@?=r+5-3a=D!9IlwR{$fv*ph7V7Ko|aWu!J^nGNr3g7G^wR<~DmkejVh^Y0( +zhf`*E^>9=RQC(gGaF1a^ +z2maV_X37Ay_0B&K>c8wUX<1B6F2Rhr{}e|33wz9LxcV4}%!pz`xiE}nO7B7rNKDFk +zn`*klGMx#?H_vasc`5?I_p2)gipWCN3EEc<{GS)=S7*b$+%j$~6+$lnhQ^Si(^?Xh +z!xKgL6QqnC{mzkSffzvqRhkhg8|8KG7X;o7oTbMNb?A-2M4b462VSPyDwK}hl&{=W +zbj2*Ersp%l53!5|CJV(V4MWko1o}lFjyV&in3(jefF0Q!8^BOVWb1>*+931(dY%>$ +z`8mVG*HO%6R|R%m6YR5X=!rAu4(kuk@x#x%;6oeo&o-_hmk&S6BPlKlM7p)P^GZ>Q +zjidrkrcjT#?(rVGKWgOfn{7cciBB<+mB{(X@8(;CD2 +z+Zuz&!NzQE%*tYHWX8$D!OoIQyaFQuXckrBAVF4SyGrOgltu!d9~yE=zuY<74En+~ +ziRgRgHRk05woOLh_|?wUBD2PdR#>n1)(hE|cq57hVS91Nwh2HFlgF`X_3$M8S=`xE +zW5|ss8hEMfd)*6&F1w8Lq>bRz)JXeLreQUpq*M!cVC?qWFnO}9nhj9m#zRT;)y(il$=Jy+) +z==@*A8|V64#q<7v-Ou%!DW1;mt(N(0pD?tITQX-6-WPXL(zC7ds!fVMre_msHKEjS +z@TFR#;5E&{89}uB4mK?o7+iKdv!s%Mj#CnUebdVB=LTD$D3<;#D`;--ystpG0lo8a +zV=7-iwiyb%ml;fe$kL`#s+6T9@TL61M=~VFIUDLIfHWe=nC`^gwbtr$ch~;45Wnrj +z60y;*p=Y0@RnUvRHKZpT6tG)9kiUk`dnz6{j +zlT>e0@xYPzVC7-fVPxoaNgIKeS|>4$H%q;ReNa7=tXHT#QUW?Yp_1ySjYCo04 +zO8Cihv{K~;OH~>9R#Lv`bFhStQx}3>IuDlCv2;!? +z@SM{I24`gDZCYL_vkZ`G)itI8QhT5(l1(OhR&gMluL9M+dmJfYZPhN#GLzkMb))(i +zb9|Nu?Mu)C@;?KCIIu)eB~Cd-v{poW2+#+wpNTClKUN@J=F-I7p^3(F=x2-Z;>ds?%9)&+xqbwb*y_H1 +zU9$tE#G*AR{Vd&j-cN`UY@Hs=S|`^&dyZIEENNMYuC(ui3sK!u>9sqMds9l6ws3pW +z?hUakPnK+9p6s}S0#v}j85zuLe1O#d+r#(!IQj#m{*uO6(}WF(q;ifdCe8k0jqJ$gd}r&1=%5PaHsDBehi@+g??~Uq~D%TBoG9Zn1wr +z;w$B~fmTr1$>C;x-vtD7-BFB?aVq_i)nwNj7l+ZmxY1a)42qQOcY8zW8cm?8-G!sK +zlb-|1xX~Lw|GZP$BY!sK!A~>i>(x82hSA`NZW4~W`?&zY0=x_9JOoq`zBqp$H%b@4 +z2}HBKTR{l>0L+gsT&Ikm`f`(r0D|KokJ#sbLG0RsT7}a^FAZR`$LVvMwhBx(Q1l-o +zT_`V5C2rG`)HyZ$4((QJf^u>Z9^1Sz`7K-dlWZ3}DdbmMOJBVZFXYj>sXw-OS2EqY5jcvozE^z%hs5xc& +zFVz!V(=|ZFT9K?=UWVcyAoaiR;cLB1>k>VrvaqMk*<(5-Yp=pMGU0ml?ORIhN|*Y2 +zz47sMFF#zvqf=nsN|!H&iHtE +z_TlTNM_tm^qOlciN2D-bmFz^VI||;Z7rPR(=)0zrOgt*E3#|C62YaPXT%ebHNb~&6$YLB=K}K0a2+fuwP3$rR?w~|to=TD6j98(sb4+3@pu9MY;@hqP +zc=l1Y3@_~fuDt}!MB*ZllM5IR+Azhp`R~iUY7e=e2|DW%wI?JzN=zQ)_-wsTX-NF| +z9UV@tL2L{@eY2f3Yf12y+S7K|5krAu-lyyJSw)9Y86gL*vMH_P0o%Y~Zl9DZnfq3p +z3-C<~*$Vc`z2U +z`@4<~j!$;w`R@-Uu>L8Q`6!-mR)QEKaWFHPv$C488!?-ke~6D+e&76!YFHeiJbh;Z +zHkWdaHx#r(rt1Sdw +zl%kzii-09QzlgfcJ6B+D4Lb)a-Kg~g2*0e}PjxT~OxMmkC>Ys=y- +zpR}XJU6_=8(Za1IBU%28Z)Q!Hx$1tb8)|Ppazo_~K4lgN=rQWqn<5<8YcgGxjhe;&`OhbX0dDRvsz}k{;!5A3~0W6DPG}CBwa+IH~ll#cIPO*UJq!piU +zgz)M|X9F_lez9I(lw7$F2fywMssz?60zh+%-kCqK6q7B__q)q@=m290y1SK42+_KQ +z$H3Ic`e?U6eb##% +zgji_&A~KUplBM_)S-`Ezu~*iHKBL1$P7|x@`!tXLEgWwpINY&i*4`+YYW1p~o5$=? +zF*28EBEozdFqrymIe*k3(oAveEp?kdqGW3}+akFljC^(Ik{>YAP{o)DXg~h=e&kPrd4#7w66S +zC%)g$i_i0Xl6j!x48kqv?lLRO%lbaSb!Lv@xAu1pd#XTRAu(=%85QoN8~M@Ned@!} +zqS@$Ts7sX4WxieI$nMH0xYDdFApRx2qENGlc~97|%DFh|GSp!v)VdT)G&)fViObW +zQHbdsso<0DS@(J9@wsX;T@B?b$O*N$IgjfsGhGOJK63))#7dSzM~9GL-n*b+yy(o_ +zb6Xr|a|!K_satbY%VM=i$12+m)Nr{n&0I$+9y!ty8g^<`kc~9GiK=b-Qi!U8^ji?C +z(Oo+zF`l3Io0*r$Zj9VU{0D>T`x^a3TR*}wwa+4Q0oQ0eZdg_?6RcqJkp0$>8Z5Zj +zTqYsL0XF@=)0TvDJj~PMu3}|Af*uZHgi+qWKPBOxD`b2;(h?VkHh#mrZD>|X9-uqR +zwRzyJboG)c&EIOTqm#`a8dp?t*jHHOhELlJ-aSQF1u!Z#o@R<$tc~lo760bX=os*N +zW^D@iOO`?0dPPpYX`MJ*xP6D&-Mm&N%{;ApReli|kt8+7gq_atYJX=rG*!j*xW0x2 +z?(JFL!@ic>~NGVq*@Gs-q#noTf=jPGHN7_th5@?NY7!p5QV;5IMX&^|j0&i{k>a +z@{?PLtUJZU#syn5L|dzpHuSMF=<3kEVY&*XFCONKwdNY6lP6h0pgP`^%;DV5D9ncR +z13=_<;kai|^;O@O&4X-F{4yl+?2__pLj~o71-4mT+V5fYUrk{S=?kCzU)Z%~M?9bl +z23{esV9K}+!uSS^!)vOUlPAFTB+S()Y0R0?fuFJ>D^=v6hIal<0hsK&In#=)4{ +zXCrSuWb&Q0t}D~>g(veC_4;q*w~#!P{_-=rV|arvTW*amJG>wI4tA18^pQx(XHG&sM;F4y14Hpyh1P9<{050Xmc_@^4w +zuh_lh-%o)dayJU-JD0+R;fuU^RY;w+$KV7zzyL7y)7}v9ug0mP>hgL|(v(#!yWJWdeQ48S^HR|>id +z09@MFMT6IYgCRR8COu97qT{~9NE5HwD}sc91av!4_?^O=M!!wx{G$?~03Id)9)huE +zA14Sq1V-ne7>AUA2gdmRlj~CeoH!vkMVR*@NC?JzDK000E^Y*l1NNU4(aRi0hd5aH +z4CK@I7XiXV$jKdGhalb`;@T3)>Q><05W%kP6`SC;0F8h;1j2n@0K7xojTRdi{QIkz +z_66#!wI5J%so&r3*N?8H`?eKPPYLq=)qLqD0Fp=T5a(^n44`(XtGA`b1A|)udH<6I +zL8$V{n+QyVpHuKTbCvUF +z$lYx1H}0rb7ivMeB$qC|xIdOuFAaVSBWi5ns=T#O +z6C~+q@dpkzxp0xewkXM-VjOcD;q+M5LF+t42(f$XOv%Nv6sIZ_3fuCv(`oUUIunLSD4}G>1K7YJQc>_&{+C( +z;{H({aZ>cqlu*=*SrLD$%y3xkNRVVRj7tR65$-6JEqpOziyz8EA%azMMF9wm#fLt+wi6llkGFq|N5z)%}&|W%I->!Diu{qDR!N5o` +zf}4rZjDxV&c6XYxCC)QyyQiK7k=flu)E@kCC8iBP} +z@MmwmFC3@Dow)mZArDp;NFpDxP2=crQ$10V9Vv5^jqM21f~X#^5mOm;E61WEO@L)6 +zVwR<8V+_bkFg{*&qZsu;QA<2YZt>XC(8w2zorC_;lcTU{1KJvsZcY|9CG9bHkiZqV +zp(WC|isi!8lBxFeBe)iTo4oEi-K)mQ0W*=qFT=p%Ebkb-Z|m0_@|t%+WpP#IY%Eg- +zhlda`?gc@+RPiPqAFWEDr!5^pkK@Vs8M;R8^^_G>Jubpxwq?ey*nS9ckoRPSu9km# +z9>$wI>9}aZ(#he +z|J`+`^)I7cWm&5yZV+Ea2XN)t3QH*LV$q# +z0zibDf)+LAUrqa%$Dpr-r@!lSLUg(}OrOXK?o&eEfNMN2K9s4=K_pI3{B)Cmss%B_0{>#xzsjdTi|SkWL0lr*| +zILen>Sv}SobQyi*M3>_&)w+GQ|4re5TL5JWWCWDvMS~a9kasQj7rS+`d92UJWTiKt +zVG7c2NQg@)XV;s$q+YS(Dkvq>+SF2ylv4dV5M<`|88)}c)4cH5m{|*%kO}!yS#aeI +zbq$9oPEL<>FJt1Z5vB6Dz5WMDuzpa!BwK^J$V +zhASvts)WmZ*J9nY=0zU9qxztu)`o)uTeo-N=$}M_U1$hC)3B39w~v2ZFUf1&mZZnV +zy)zM{sgFnyGm$GNNSIBz)2Ok^QTk+n1-lNeHC5LK5o$F5wrRkSL>m~^57O^1aK^Iu +zAk~XUT>W(dCX#y04Gll%n441Kq}@+4y%DkwV$%|A8EV8D+^m5qiLLCqKZ&0Xh^lku +zu$YJj7l)%0(s1?TLY5y8KHKfpy9IYk^^)i8`w=?KnKYcXlwED8RQEjoRP8iQM-yZx +z#}|=@(HD{Pzg9#rFi<96MC$h%`G0+2{;{AUV!W470H9z@2#j!$F#3TKpeA7808mC> +zP((<$4`{!aUKr%}CD!K^+~HIDUwGiY-URHCr0U +zSY*dFA^zEfPuI4c>5?=9x*T2wk`N?tkE0v0@NFMlG!`~rzv0V!Ge(38-ExV8J5+*z +zLx<;xL7%jO*xFYOx{_=!ukhPt#VLp+rDkocpmp7Jk07; +ztkuFyH^KUed}cP#TXNRytRD7%GQ{{U%G~8oD{8&xgzs;B81Alj&u5Q>*a12i-P*oP +z!L(BBJ{`i>RhsIGC56grM>H*RUIAi1q!Uv`{+J!d57|N?*ruE@0tj=SxA? +z1~xso2A&el21od&+#WeSm5JYR-UyEetTnzpj5_Ccq_n=FAwlVc&KY7*!d{@$y4Lo{ +ziK}##UW@JmhOxzPOlM>Z+m(UZ7gBQKpO3L=;CLE?0l!g|^@-hLy+2=5R{qnBS0!d4 +ziQXU$m;r>xSex_V{hI7vj!OwS%CT#$O<0oLsIVO4xoQK9xwxP@C*qiqhJK<#*5PF; +z;fP0Gwx*sX9`cba=q{=I&rVx${Si_ZG=fc3WQ5!D&p!|mr-MEp;bDHjM+a>7zx6~B +z$fFpT0R^{#M`tDolC`zp&QEsf?}57COxrk$#Vouu%QBR<&7|6Ag?^;C#VMl>H8+Ej +z&5?gf(@G|HYt8n;Au~QJC84rNo=H86s{*g_-%Jt9i`424gc5^Aiy8XGjqiwHt4&>r +zYmjg&DpmahZ_ix_O|!cj?^v3MDR#G~hZRlgdp?E<@Pr5qn{3=;!5_V8=3_(*D&eRwG`Vo@i*6AseT2G^sxz_TE)=|_4D4=W-zqJcoA7;!NI_Sv+JHn +zf-WTcH-2}oVIAwxJFo^y0cR_3Du_?cn`|}MD1rP~VDuE>Us2=)MM6#MEsbeGWlFg= +zA@8Xtft|6rO#+iJn21(U&8xEl-x~~(@y~ouk_9{&LBDs8&|4~dUU`r?vXnH;y|O=4 +zeJOOQ*-{AIBHf2tyy4Lf-J!2M62^-`t%gQ0=8-Ql`*<&8S#8QU=`>b{9e7-p-!Ffb +zq@{Er_{*IO%Ih_ni=lY)3cNGh`ipc0FNE-OE_`by49GjGlHO4jmz2&9`nRZ}g!<2x +z^bc0S{b6ZI3g-Z21m<7g-c<~fcQ&yMgIW*!OFgMnUQ2H;M1oX>r9x}9O8t$i5HHHK +zg*~VZvlATaD;jAb3Uxd-2Tp%bnJM>SJitkk$saj_Hxkv7pNHI|o=sf5Zc9(RD2|yR +zT~+b2l<*~a#k%o5P>Qn|W2TkS0reLZ*&`R}c;-Y-Bi0`c+BY0&l9K$UQvnzZo3z4d +zmg<1i?i0T734Rqrs`8`|Dia4OOo{sj(C6|mw;w{Oh%ELAohn?uBEp+~fKQW2o* +zVt$AivTEZc;0UKVQOy_|1gvXNv5&$1!ey%#?t_-~^@)7MizU_6`cV}A`mVtKE@c4@ +zF%|Q=PmPg_r};HS<(D-ZM?TebIC5)qW5tc +zn!tFyx%&Ith(cBA9ye@@bb1J1bXiMqo2yVia#8MpPt^LB0@ke&4Zs%f$7y`5*db5m +z&n*t%vMIweIk_z<9|JS|sl&*5aP16HhBc{iMpY~^-;{B{X21{VWtOI7vNs}e)_8vq^G;NaUUCGICF|Bu|kHUc)9V@6Pa +zaTV9UaMgSLudZ@47pGqETN>S^&K%E6?o=nDp?8U5fZN|-bdzJNbsqlhs>t9nXR&fF +z3}yD3(#eLfUyoDi*$T=P@mx_aT+QV~9+!#8MFSwd&Te)#&Sk2N^KdABTDIdMeQ$m; +z%kAA?u_bTWZuDBPZY_ei-iyYsYmHhb* +z9jojvPyf}Gs<&^Xs7A8~Jw&KtT~4gDTBVyD_WbdHkx2xJfH%iw5kMCHAF2w^Pl_A> +z{6kgmb2*>zCfs;{A@(2VRsVOkdY@OZCBaqz$o?m=cHbC9P5*shasC-toWFs^YRJOE +zX3WNE%EiTQ%*@302VnJ(oEM8zB}V5wJ$=L!a)i8rpTfa&Dae|4Hb~0s^VDiO_qauE +z?dmdT{}AB6xo_X!^A->)vtJJ!kCu6(uok +z&V)&%-^_$`dw*AV{cZ7S5fyyn1A(7_Eo%4ujal=9pEGxhyZ +z7hBZcrQ4Z}I4yI74HZibjX@D1b$HDLFu5%78+J!=2r>82TahcG;O71AH+^~Kzl2j!%?FfTRdUbU{rxJ<-HSb=;0~onsqUS5Omy4 +zl|&m&H~jlMLl>YHyB$Gew*wU8SW!c;AcHXc|Tg#nUV-U>)T+<{rjej5>dZs&+D+-$+Tli<9Zzp%W +zl_v0zvkv4EHDk(Ihfv52whqvbWPEnY6*xmL?2t6GpHeyC-^9KjCsg$n0$ITqtU;UY +zQewu17NK7y+%@H&y?AI{iLK6xjOk18My#K9wa*u6(gtD?sUlnUilf%a`_>$!S1lV- +z>EB71YF@0?^WYN(vvHl|-fiDouNEBXjE<3b?r4ye)M@$2{mf4YAUn~lt8(PNJTpaq +z0efMOPUBSD(+){;7{%OIOhyya57Te@){W8zd?*2+c%LLeC*{TZ=5IAi9ktsN?afo@ +zJe`(%Ov3-XY|8t$fc3j2{dI2jnFfjp*nMV%-Z5p-IYbSydEai7B&;!|JnlQ+qdQoo +zAuz6i{x`ltTQ4#j@O`Ff*p^ZE2-!4#kV4b#|GM83KyRi3 +z_0}tWyjHXt=W?y;GM8B;GwGe5_KBLj^5m2g|07{8tW7b^Cz0wVV3n~`{983t)E1GG +zO%v0Wqt%1k9H1cAo@$w)DHmx>M5P3kCskG9baC!`bFzMibq2QcnjM!{a6!f +zSsMZ()$>!Rd1YBUsB$^Zd(|jHi+zZ&GD>r9g|av644S%*5d|Cdmgm!sx7_fB_4kH7 +z-3Bv)6!~5wzly{xYx<>O0=2jsXTRc*ZzX?s(Q|@Y*=lXP24Y=M=y3~X}|Ml+U%A(E}%jHc$rQOR|?}VM~q!*74%JK9#KO6mMmE24e4vyu)&)Lp0T#nTS06McMH5o=D3mP33 +zIpZndel3%Ip5xEHVq^MyU;U&0S6_)MH%C8+VtkR94KWqTo+9XG+X&MB$VEY7*I4f1 +zqmK03SE-GV6OTwLckD@O=7f?^A=TWFf+II()Z%BokhMO+>nk{q*2@!kv|%D9=8S>+ +zw}N!waQUqaTh7iY3HefLGlgnjo~D=A{6YAW5%Ob7e615t?ikuDVzZVz<0d`l6$wB# +zZI8lHPrVsa&J(0GDwgJCt2WcY0!yR$7*RLrfnmfQC8KrWDRR8f70;uHupgjpG;LfZ +z+i9~1(b(>z{GNla8pUtdauQ$^*I;_}%EJ<2cgl&xXA)yY +z?*ywjs`B%=^S3cr-SP`#i`iMkzy7LTA!73pkK9oQp`4#5i*wv3o8qY +z2@{(!ClePd3)3G=HHiTeD{MiOiaF*^y?IyPnFYf*&F$u75o7Eh9j*9QZl-YfN>CP=#psB!Op(A{0MR+|&bNz;Qd-pdBG6i?JiL^+?_q+C{*oTu(jHMQ +zn5Ms(**4V;wB&}+iXtBjZjqv%3EGx&jT=S8gWoS-e!?%5tpBFR;uusG@_yHb#elbOQu +z78k9lZH&Ms!+z$Ou)|(%zuKJH;ofy5X|gE|0fpPvUyrjcu4Ulm>9>Lpx%phZxKI08 +z<3c}Y-xFF)nE2{V*s3_FP)S>0or{RFBwmJnhNY?)96By5Pn?wa^@FK-Va9p +z*1n_e!X?K8Oloo*l+7`rHlsoTq*&*f{q-k>+M~$fTzqR_umGR3O^`G_0dz520fp`a +z6UeXUTUV%XrZ|KMh^$^!S+toAfwi_16zhC>2$?&o@4*bzAu0-E7lWJ0JA0uV)#VzD +z-n~)^KI!{!P6Mt{!f9*|Np?g~B*qp5^aKj7Htf^+EYQ<%Z7`kn(AcH|B{R8dZ5X7@Y +z!MeAU6W;z5x4fnx?6*Z*b*0mc%`ZOVKfX%rlG0RZlINdxybyQLPjP9fK3IK;@5R*q +zbQ~}VkEUAc3z`jGrEaePOW41nvWcJXRdCe;`3Sk;w_es=xB=JWeUDyqsT6 +z+v0O32#uR|*q+y>+X#B$PJzID+hKOw7O%ZP>>L6`m_|)$zo>U`R-fB>CXzvG7al!K +zNoz?xJao|j&%b4=-yP}CreaGXK}Ti+#t4#F!;phC3TJbHsz}CEMjToM(3?Lr$f|Q~ +zmoqZ;|Bb1J5!n++eRg057a5%Ne2U%@q7qL<7`z;04R*xLq0`(9o{N+uoLMPF5=cc7 +z6?fG?ERGkqYr%Bat9hrmxKMGTkYjp#4#zqH0mCH8tbquLX6wspT~z*iLgsmI +zsYmU)H{`UPwXeAq?S}klq?b6!DpO`=QrRB;N*v#MKc#5^gA;KJ`yoPdy0wZ +z)K#^=fA4E?iAzzQwt6Zq0HR#pJW3#$&4ho>N(`kFArQ8$j`}xVDY*(=2khNS?Tf>lC +z#1oC+9R^B0JQ|XvFJT{Gj?v!LhE!3jZP`ML^w7bMrW*L!1=Ck5s-VYpJP-(F_|YU! +z0txyOj!L$TlYGf1u^shm=S!nML%`D$6<}U`794z|Dos=`ltd4}5G1N#Be6@5xu+?lH%cMbB&Q!i;id=kl$KY42YA6gS +zC#giT-Yb0ISc|>7*_!sdD(;M22)#or)NQGctBCT6ZjKjdW83v-2^sZnazx0+1EL6dzFWv +zJaZL-st~C2{m~6G6`DL{lJk#^N%?>SRi?LCY%acn2<)vnZV()|Zy^0UK7zSu0gXiq +z4*+b<|1i~v=pRh=KC=o%2LJQS>i;@p#g^no15Wlof>vCb>n!d6zOI=5qAP=OWFur2 +zRwE;0Hg*zF)gg?3y_PnRsi2|2!I0hFsK2YH~i6MLT3`T +zZH=PMzCxQa#NEAC)M&TyKGyxfwGJd>J(*7p99}{TB*17%=Z7=QmKNivd?wmy7$79W +ze!F`MX5cU~p-l3{o>jg!CGDGS71C#HI4eYL>yceP0S#8OTS5MBK>z4E8a7`^`+=ND +zrF-Hkdbe1w10NXQ?I_4GC9X1>@=|(5GqLvAiGd+;_-f!*7x9GW!HF#=IY5z<&MN9L +z`c^)~a4#v@I{|Xz}n8qP56*U +z99jZ)n_J1bfpT~%V9bll5 +zL6lH5KNi<38m0?Bi-2ib5*#BkZ>2`&0h%;HAvY_-TRw;$XeE0`x5dEg`FaGHTG6!8 +z#!yXnGHZRQ4`zPrDTft!^xV@^hBDoeSV>*ZB>RY##R%CR^R+@pjTGYtYx=C_(@R!} +z%pjzxI#rekzucA>W;kK1AnPx0hxkm6#y>-p(SSIgy*8F+@EiWScfuBEG*ZFJvc!fQZF +zPTzugD0m)bR1Jwa54trLx%^UWRx7g}x2AWE?nO0lW}5K>`H9cHj?5f&?R(t- +zM^eTLH4gp+MEF1g8TmuR31i%py7<-_{LIV#fh2IUmlzl6`kcF78v>=In|8pKk1R+X +zunV&Haovfygba#P%Sbkr2yaSiBVFHmCzK&BLwbAr>B>@JCEl*T8D*evb?W;jPo3t!&9FrSj(0lwRJ0QU7s7ngHv0Miq9eQJO>IX9Z4DQOgI=QYnGgTut +z*!L=Vd&evIs%$g}Y;Eo3&4W0T?|52OY-7VLAxzHQZFIGHvI){EPpOtXPSD6UCG+VQ +zbPe|nk;HsFCKrj90ynKKJ~zs%F+f6{qqr$ms_>?~KmtPGZ5bXz=Fv}rg9xXhK-Sj& +zBY9~p(E0?zC|jdfwUrU!5!o5w1qAfNTS6tLG#tpBq@Y^Il_@%CApr5I-i8`zsy)Di2leN0KKZ5&8y= +z=yikJqD{V9@i(^0-OLWm7D+8syf$BGC_R>f%9+lMV8?R(_(6zr8cbhZE8oFtv9r}8 +z_@kztwL}bZ0}}rNm2+^3rz4fX99Jpr!vO1;gYCqaM@V%8kkpP>3Ph6Dm~B-%t~y@D +zAX4i}IxRHg`O%z~+Ro#CVDU%3X$C19Hm+8aiL4HUECL$%R-u~V{o3qomx=5OQ?5Vo +z8yMo~BbVB}J*!qtjBvrZ!Ygzb#!!kJ& +zD+90IhZjq4;ON%;>`;&9Js-0|M)Jx8N_(s`)105EdHe3nAcLcEvmk8De1_7m=zdqu +zFM|r*8$N{DJ$=u-crpV4ysK3;;B3=R_^i8MGWUc%f_|P+DZa;z6%b&~48FEX*H=I< +zAV`yB5He*ab|9;sgn$YfRb%U0jGaSstK?Jp1)wM^0Kp6KvYWvmSmeb$3`&$nW@0t6Wx%THD|-7kDjG|JSm0>%}x_Eil!rOLTHBoI8v?oTR(pBfU{ +ziqx;Xl&-MnzT2(ZkNNM-f>YuDn3b&=d^w(go`hoFFv5eLFR<&K{6?E$CUgPPm*I*+ +z6rvB;4}46}+)0xP!^YH8&x!kWt$lbCO-n(@Nth#$7=;WeE5Y|M2P`i>{rJ?QfTWUp +zTCnp6s#fd5!T-Lkn%yY46DA()Ag%n(J;cuN5$SHs-CCqAJcXy$>YshT0MI?LW!|V4 +z3CRl&dPITi3*Bs@c!Gbi70bV{)qDM~wnA3Ay}M}F+nn|mZ^$tcoL>_)^^H8ns=w73 +z4Y4G#RsU@(Df?Tm&-OuL5xj$^E=&=qjprx9hA%d+kqI4bLhbg%E_aKPep{%CYow>j5{dl- +zYopavtEdc+^Lf#t37;0Szc719#V7RL--Ir?_UHFBI~6&woqWV<%X`^BBx +z=bzzFxIeYg(?*u8dAJs<&4w&`)Kghry3fg8MG98`c#p{09{Z#w%IY%_Ta7er6$?~> +zj}3-+>g7I~Fb{Xgp@()a>i%$NlzSBH3MX;^@i|9DKdF6Qk{y!t^b|SZ{_WxQ|e~GZOG5=Xs +z%>UR7G(!4Ee4Ufi(AdC$#e|E);19BD9?9ZEj3Vqc72}}3w15ey|B14v`TZy=wRT(! +z*FO~y*JFrAi88=B3FaQ;5oSA+LdI)@i;G8QsEw#JsjwiBO+)1Y_o0PmUypj=<;MnV +z5wcXVjykrTU8q`-(AO1I?~ix9-|dC!(mre|)A!-LOBYp}6o*M3!*J@qW|_i$YEW$&eoY4~Ym8qnlEL2#I) +z7wrkjz>mR=yEqrvk11sjz7S^e3PuEP0nut;|Bo-S5YbaMxGY!|TAy +zf@!*==P3|v8EayZrqC8Ciaj=cFv(M-*G9>W=Z2beD#sNBWpJJQuc7R@RlXs2(SfG6s*I~L1u)bl{|Qu`&8 +z63=4~j1!~0rjCH;A(L9DGj!z^KkrR(8VAjzWujxPpXD~W-!Q$J2bssXUk&C0pCd4) +z1`_n)PItvcW(K&)13)O13@pM6yzvlEWj34|*(g+uJqFLM^5Lm>_mVY|7tvqcJR0!r +ze@>q{PG4D|7fWX3QK7XZpIl>}3rFuS#N3!!VRU%utiH0t-!zcu-c +za-hXW0iU?W828lK*|lekhNeLi)f27^hZLdG~As +zYA5DM$;^EWxrZ&;hb~LI4!Kk(;C*;dp#81gqr7gCdULx@uOQ9a9`!34ttr8dlaBa{ +z0V(Te&;~Z)Ch$ONpL843*3I1`Q;oW@`L5W~y&kT74X9LvPuTI8qzt!uOnJ!ysa5#7 +z>gy%=hYhQubh*LA`J*Zh@ah-XivMR>f&Zf)CFQ6f3H*1`ijDbq(#opAtA*f!nchPt +znyapIGyGo2y`+Q31#er44sK-pN5J363dRW$vU$I?**V9Xzc3$ZHeDs2i-_EeI(f*w +zTVsl1+b2uNo2W<;FB-8U_$?$8RQ$5;L42CSeF%CUL?kFOTaQSU|Cky_y8M0*z1SWI7 +z4TThzL58+Bjz*;UTHqRtz~0Y3Zs+2VG3LWTl~rjQn0@oCi^Xu+p&B9i>IC>()Vy{9 +zRjV&bk`dCGI~-CfH7WT{q+a5x7C;0tF;=|NBb(vbAW`!fRW+0t?5d`N`Z}| +z@05`WfMsd7t?$H>>b>bMAX_m)bU4Nz9Iqq5{Jo+?7q!JT&1ufL$1$@t+&X_18 +ziyx;?P>621eZ{!!D4SpZ8Ty9yGK&12@P5UTRRv_N +zJgUOm{MrJ76ia}=$0&ahM*&Z(y6*qJtU8&Px_sNt<5FnYa}Bx&>t4Fggi#J^IHY@o +z=pJ;B76Isvhp2`3HSJ%nc8dtTKd?GA7i4(!i{W!1sMhVFn!^vWv8dy&a+pL>TJsp>Lp;K1Qkc7cey$dgYK +z&oFd;n8RqH+8huN&9z8Q35N*beNVNAtc}GmhvfPZW|h=6NcIa|(_G*BswVY1OXyKY +z7@BMc_)V@2Bm{ZIJW~e8K)XS}J@vM^>deWCtb(SkQEe2GG83cV)sP;@U#O(o0vXN? +zVR=k-5g@Q$i?jr)^NN;L+rcI7{!>-}2Abb+ulI5;T3PUW9jh`aH>2wczq{21gJ0 +zCY=tseLW!#&9l;2dQQBr6jB`S9GFurza3jnMJ3QDs&ErQtu8u|6Vi)^zEy{E +z;_S_QOr9=6_$T;YOy4CX +zo?YuiX^G`Y;uASc>_RZilh@G*^b{dkJ7_h+OfcR3W!6X-?CPhTD}?biw788!6QJKp +zW^n7by7jr(jt=tgsI}l9_=|-q7v1C;cz9epvXSxFV(FoOSr76}a84U?oD@`_Y7eXC +zP;KKd9J}#dh+vB$%8AlzMR5NuqKj$@GHLv}Lmqvx3$gb= +z2DeLRL2qU5=V=;Ts5M&c>xfIk4d)G?;kVM$aQVeiBXC2mG03TTILWX>v^W9hrj&XZ +zcfw!^gPJ2ysugrhTqXVfg$)CBiAKt0sU;{QXINV5d{A7n%<(;JK=)w&rV8!}q)htF +zt8gA!4PR|$EU47vZF}tG+PYdoLE{DE{qMtO16t9?wrRE3RRm-&CXy8sSTX8zwu(u` +zg7rFj2fHcTZ;jMP{(WSi+A@LTo#=qiD1|w+o->>3AqMPRTW88pAV#l75mF-V`+Yyy +zDAJ&=6hkgK*B6W+#DzkWnX{Jg8KMeNetD=4lOF`XeWpDT6?8n{Ep +zzY8nR0fGN9{`Pc7A35Z0P{@dDCOc%g<$iCzpBPOs_i5g}!x(}3ERTAin@ni~RaWSF +z!Ml$a3NYL+-0#;_Xg#-Dv|x>y6fm>2Gau(=qK>F>{J?y}reRvV%+)pv{;B{*tc)bd +z2ly0A{d~AhaC2nyx=TSof)8 +z+4d630HBy`XV@y7$ISiQc=+_o5+j@UXaHOzGMir2r}Zs+?AnV<*Ce4!f%sX2JOuzB +ztfRUkMnz<%u}o#}ON;K$-;MpP59c~j5#unY-q?G_`Q!2E&&i2UxEU(j8~A;~+LCu( +zCBJ9c=-sWD5smGzw_tL(@*gJ2;C}1{xv~3@*3@h(o*Qkr^RNZgB20BNYUo;N8Rd +z48ITyk6m7y@U(WZw*t+Mvehn;YR9^Evv!n#)s#N${5>-xwUN}Bk-qMg-_q;M3q4I) +zlR4__d(b|^wh;`FNJu)}9b;j%MrU6}CA{3{DS5=Hr!>|^(Xf@9^V{!AIvN^sZXM2z +zysCPzps$G2o#^OcF1MAw-eaHG`OIZ&w0A1VBlGU5J_Y1^9qtK{q2RwZxTO5baX!xm +zmdX!kOorMDW!!XlzSV}j6qzcCD&dW@WZDFW7ad?TKv67|lOQv9CI)@I{CNteB~>v{ +zt6OOA5G%fS-k?U^?J7~W|A{RlMK7pjVx%q)Ype#3jrH4j4iC2gWimIuiY`{&g&-LC +zFP=f6WzmC*9o_~9Qn>hjWjunpB-unK;1YAi`~*@;NWpSU7JbdlPRJ+f?@FtCSCu_< +zN;jSzd2{NshZT%vQr!5yZr}&sjzX-Uybe1-b(^EV_(r@rW-O}#=HxQH_p`yn`CKo} +zQW&f1PCsn2kGvLuxe!B@stT0G_^lK1JEb2T7yoSD--gSO>vIH&G!R`=y6k2k18!Y^ +zx1t$17u9<5t0WHPZB!Ly7fv@xzqasX

UL+GK)YkhPN75u(OYw=kOy8okaqo6#2+ +zcn22m``JIPzZ?;yd9P9YX=Xm)yAt5Itzah7W=;t +z)_eW0!aB4nDsVL&N)w6lgqC^D6cSZ16gs4nH?){pW;Da%GWjj69I@G7L7eCo7adzw +zqH5>DSVpzfQDY2I_O~Wvl1+2gUrbJVaTpXYy$kJDt=Ii!6b#rIz-Uy3M%$p0reH%V +zq$LhTn5^`*e5y~{p)&?@Vo +zp-BZWq(|Df6n^dkWpgKhWUlj{t6{cWx4?a0N+xlS2X3@XPEf!dVC6c@qHeDx6-=c+ +zF@gzxKxJz@>Y?)50`Ahb$=q`p;9ukFud}N^U%$Y{_B+VVX2@o2z-r25%wfvPWW@Z(;nmn$ +zjve1-NPN-gGPc-=OG0^Mjvf#KB@wh}oYBI+lM72e@3~i;CR6JskW&Ja+dO4xi34U=Kfo0=0 +z`*B1;?B^MV_Hf9qcb~w%$9A@zUGfsiFmMbp6WZ-O8{i%t!)^$ +ztUSB8L4E*R1ko&tesezeFK>=Dh7VVh +z9K-W%=i=^$4573CGIMF+n+gW`pfvG>25!6MP8o +zt2_z0g^<<(=mfjm#(llv%!E-3J;H38_f=2d52w+cC)kq2y#YWID(Ry#%QS=Kmt!~N +zUJ4)`8y}0)P)xc|FLkWBub}K2<$mE7p>t`7!3eeF7H!tnl4eJLa|Rb=VS@XuD`{n_ +z{QWDzc|1)qt<$MoRe*WWWc;IQfL_ZDks6KD_;ZvfI_r3kvtN4Er(f4SlJ=)DUst#| +zMbPEUf1(XV0POh)?++rFOi>P2M}UA&o90)8*|?7~v;_9IXJPnir942HYvN)Z$oDY +zJ+EK;)0X;DLi5wB{WmxalCjW)>f|oS)E2&kz{&?da5VHONwL&Jvc0ndcaP&oSns5M +zhK-IH7SW;p)SdCpBW#z?zN6>DU!P3M$6LY1CJ$cog~t00Y@0p~SWQK?Z~?a%e9T`K +zL3comI^ejCT{zGJ%k6*hs?14!V`2BC<&7%iCa3mGF+r={1W~DkSP=N`UjfqZ`Ymj` +zsylYZCu#!zc{pzKtb~ko(8ka3iCqFBDam6+MMR$<4xU9D6Ev(J4@aAm&YCji5 +zB}$Y5cMz&6H1dk`d(_u28`VJ4Z-Srkfvc;$F&8>9erVPK(T=#~-i=-d`%5>JQQxuV +zc*w1GbFl`1Pp}ux+;excBR3S2l{+9Mx|Lr!%2yK8 +z-vq15{OS%}i#8bd_9kkcQzFe%yq=4}>6IlcwE2`}?>^@{jjlaXlv4?>Vu>^NZ|UlH +zOZuy>{&@jIW+=?<^*7VTXHXR5%I?zL{)JK*zw66^Y)x>Js75%hztL4&FijZJ!wwf$ +zuRUi5H+Iy(Ek-AuyQB{|zd6R>mrILw7y|r*Xt%~3t4j;+I#;rc9~bZ8wMnFIhhufO +zkLLhZYa#unhPM8BZRu5@9$vy5ZO&7O8cuEh5!DdNHmy-cPI)(I=5Fc7hB{VFW&sjI +zh$|vO#R(TyRK +zgX=pqfmb3XpNonoWL6 +zF!Y&xamL!L2)43Ap7CS2pl{gdE*S$>>DYl(B$-1RyCa%1@+jurHgXSihy`8xH +z>%u#I_~lFn^2E7`&G9O(K{70JYf*j#rpTsSwY5ftJ9Xqi*3ylgWwdyIc$4$Bm>Ua8 +zW~4|9xF;8)RDYgxY?- +zhJQwC^1|S~`)(Vx0@~l4Nx8&HUM;NhuB*zGtTt4wH$fG%{-^562?^FWLc71{>R;Tz +z!1gycFbJ$)xF~$68T;mxj>hoOIU=8-d*DS_pf^O!%Qg;W;N`cj&?=ZiHO8+~L{&lK +zH}Kt~ou}P$P$gmC&%)l_Rs=ZM^+#q!PZs{T{?Ymv2xfRwpB1^~Knze+OjUuky?i5F&_nH1txAgy`?H!}@-nX{xxJlzQwr$%s8{4*V#kSqp +zNn&Q9J-!b8sGzMVY>SVC$V9~}NV7?~i +z7tXNuf0NDzWx&OES{h=;BiIiqNAzLZd$OZ|kt7kjfyB$3cv7;5H2lJs#+$;wQ +zGH64(Rb6LJYIXESv5yPZ@4$p5K-3LniS17uP)hw_m(+|O?I +z%%WC1C2Ny)@96neN`gh&n>ruu8li;qFmrU@$;5*-Rm^9>bG{`>|LAKyLZ@X +zM?-&YpaHvtEtLC3SlGq>i_+fBP!e<~Yt}B&Jg%fmYZOK;x$kL|EGUNK%G_N)R0>4S +zjtlos#iJ%2x89ouDK}_Y)IIlGijHN>t9Cuuvp%cbi#2}@d6Q0k^8R6I$XmF4^@F+; +znnvN)G#%+9ha$DDr~#axE{d#}yHetlynAwtsjAvq;e`i#G$0*B@+hH@P85%v1@m6< +zMVc^h(b3A>x`qamC*ZRJaMQV@D+{O*+5;zfn85d&VdxLl7Wk$pW8)`ZGWwLH5GFu`DF}A_ +zgSq@M5|)9MQRO6gRc*d)f4n=$*<8rJ!Yj7<#Q&C=cHwD~|D-h?7Fq?l8?wK;?p}kK +z>feWWeWKgFs9$7?lp`+^z7DowV!Kl>F7AvEgo!Q$90hpfA-7#mkmz0OOnS@bRVp;pkVa +zm%?;8dPW$tNiU!O6=D6FNWT*n0~Ra;AOTrB70aNlJG4ngEr0>Lr)G#h0*d9qS0o(g +z=KaB!?k@<-H+4LPsh(5oN`a(kuBl-eOJYt11&mpPXskE$n1c`}vss;MQ}Tdos(Q3l +z49NZgy`(IT;JQX76J56%wqS>0qS3g5-zq-n{L?lJ;3>v1$JF2dg|?`PAf`yYpUGuL +zutWsv>&OpEpjz03d=C%ikw8+(%I*R4^KU3k2RkhxT+v2Lq%!!^9|ho~i;d;tFAPA) +zy)oB_`Re+b3dv@=9n&%#RJsR`iNvI+iP&~Noj4}z1xr~WD_d1I53B>_e~0{#GiOrf +zrVbDv0$dp^79ciZg|nvAF+gY?KH{uOj(`3U*Gewxqv^(B764Ol_F$($4>kgTlR^d +zhrL1_#G-$q3WIFOwq6Y7ZrX-Ew|hN~x2_HB7@$uV59Z|vl|>!OI+S5XncGvNl65<{ +zKtO~7!>|&hgI-`N<$6b`27FNx9V%>($@ET>_O26rl9JQRFEjq5n6FzDNf`^oHAc`l +zFIGaul0P|i_sYm}6%*evK1Tx!i0*#c!_M40YT>izi>BDf-jQW{>zNAnlu&Yu^)+EY +zD&WlZ>XUS0G%edFQny|rz}x!|mV0jmjMkEJae5mpP7cysQ#)CP-0qF7I9W+%k>{Zx +zc^WhDiT^%fL4Bu7{$lxBYZDtHEDN?6a~0qi|A|;UZ?R~zK^$!!@RP72z9jCFQcYGk +zS@_{AwNf(8$EWZAMp*2BlVAP({(F8^2kovi;7h2=A(~AbVazm`${Sc;PKSKY3<3P^ +z9f8&Ki?A?r)&SPFkojOGrW=N3E_OO+At*P$!Fwq_OACfs+XZ*bMIwGE@Exs)#*dyXf5CTTTu$Db +z_<*;NL;in99&?ATa)mpjX! +z?_#^YJJSWHH4EG11caj;Z3xEG5^y4@37Rkfp;2@Zx1Gz~;9~Z;437qF#H)z6A`tiT +zu_On|aI!#5AIXv9v;kjcGSVJJH15OgU@XXbpPl30CR==S5==}FgaPKI4qKYN(+(eP +zGy?<`>c0qUDe2G6_Pl|A5Y~Ur9=iGA->X*~^v8n}f6rFG$5($AU9tRAbY%!{#LB^_ +z&%n&4&uGHV!N&dvwz{W7G328upkCkoYVMfHfT`YX(;1;4|0=IT+OtEYCSC`h!7gF^ +z^dWMQA@l;Pxf^pb*8Fq}vajr8`#!vLBn!r(-g-_Cc9s9oNDA#c>&-N)sc{?}klx6! +zX3lgQO=JFEPclt-cvK8}->c5?z9YU&56&7ep0(k&?(mOAb%0^!M^pCv3h?e$7}z%V +z%d=Lvk}9~jQuUQN>C_NL6oBl`(LV7R=M2#a&FJ$!7J}fw%f3jRcw&U9zFC-E4>Ldr +z65Knd)MV06oieYDIA-YyVsplI^!Xfl$ZHu)f7)%1SlxU>ihSw7yk_`XXsOF{Favd%$dC;WnD58I{-KXM +zJ#*F5a6B>(w0b~S3F#KB;7$|RD$-;O{^GQamRx)+lP5j2`>_$T*<%tP9K|jor$l6% +z14bI)L@ONL?NHdWjM@^ZpurEDY-=7RpZ|!J66~80FQD`oIHez%cU&yZ6nJmG2z@8I +z!{$8&hpilcYy1*MrG=kM{$;0u$1MgsuZo +zlb$dFeSU1X^(qgP{hC#RaP~QMO>o +z-2uV992nh5_RlxL|B#15)yx)dnIwI&XMHIKiuNht`w|hWaT3O5CxXW(e(VVma((kc +zFjM!K;VS84Ni3o8o@vK9Er*iaR8Oq2LjLg;Kfj^yEw#oVt#7HKGCL#X(_=q7 +zXtroE#-Ka-84_JhdAh2dV~W-9r#BuE*gq7cW#{RWbkdnbTJLiDC8=GHVA?(AI8jROvSLSfAeoN|le@W= +zh)wPZyb!FLmT^K~0L`6v5;B~7B7EE$=ZnF&ryGGdk=h>OcXWYCqYIfWudUX?B$BPN +z3d7kJT|~Ux2@O{OS9tSe+#Ujk1dS#8YFapE!`U6R1l9=SBxY~)o8vFSU;v#HDjLvL +zfcq&1fl(o_K%kdpVFBg3zBNISYqsIgP4Dbb-A*wQo@L92bg?LE%5{#PQx8u7vbpxs=+n>LE9-kU3o_UO095mx!S +z8e9_2A-WUd9hi3U*Ev1ax=r@C@hGoZ@fA+5u?Juj9wdb(P1NbsV|^wRhTsM9h&gfn +z^>nE@v&Pb_y%wY3Po +zf;}KA>%kEi3oWvn|9ABY{MS7C2U-20d&Tyvdu3T|3t9U?tcl{q(l{^!{Z*lWdLizfTB3acqgqNs1yDE4x^r&P%;8EJhqTsg +z#&HNzoC*f|aDW3)d@JDfio76k-8i_4^D*4eG9B&cpVrMvkI8E-cR47JlPy|f8zbBtnZn}m6)U2>q; +zvVcso!`FJB3vf#e68=C}!B*MLw_XwK!&3hRa513?a<{Fi%n_Pl)^eXNg#Om_5fYU~ +z=_AW0ioon@Uenm{W{%nMCsw00{MJ|d3%K+=LlkG3#m+f7l3`aMwhp^!PoZS7Ls;(o +zTm_wSi|_oFiNNMkkzKp9DMIr`}aj +z1ZUL2#f_Ec7yXG=|7ClqQI?%}o$Dy+4pmMp#U8Vo)QPX{9{Nn0w!bE>a^-Fi2(t87 +zP>Uc$6EDVaH6sE>{tP@V7v4XS)lVDuUy{{7zyD5F&5Slz?KxGYkcPyxTwQV%W$`iB +zC9k0B)kM{0cPa+kzsL%Cnsx_obxZNi4NtzKBy@pJ`sy^2cvkf}w*Y_51Ds=B$~tzA +zUWB!!dZ3-ZO&O7=de2eJOFQH|LI&jlN+N>hFfK8ifNPh|Ql7OX99FGvnI7jloDha6 +zx4*_t4+v%tMqIf-&LQs@b= +z&BDIyYA+$4q;xR1t$%f|;1T{nR{oJqD?yO@|4Fj?hv#ZI8}i@Z3|b(O1%mzW@rvWm +z(G|!4ctj0M80pzrnK>BQj0{+f4gbJbg=-%m3hkj&rVO9p_%Lpycp^=7zPqhQo7ji{{p~cCHko#eM$@2L#i}eYZlOH?bQ3!9X#ZtwW%zDGYucFp%Mh +zT9Z+aJA5gFG9~|%uba!iN&CiY5cP~xL~a8BW*bO6jDO^d>OtQCSG={AuctcJps#lB=>>7y<%A4jy-j=8IFbC +zv`H>9BzAA0+-wyBuFq7Nq^&>7NsmgnLKgT(OF}d<3EmivMkFatTX;t{LT!WJ+&JU{ +z=j4vdlTL%@b82Pr>i3Had$2l%ql904rGsKSF0nEm5nS6%5H~phO90Jz +zB@GfZ)UD`ceo=MLTcZ}cz#;Nc1!4?J&slEx9N#~wT{I(hSTaC{D3L=z-ZndUSP>PQ +zOrQ4#wRU@nXx%g;;{% +z8{HEyLH@*i!CYhXN^BD3S%#<-Kfa~R>4X9CR86U+p4|T +z>6wf=uOWfUU9=Z)^J3PtM;U*3g@A@ex0^}y3acg>?uEaNqnBAXwtmiI1=yAgq>5n3f2U^a1&hDHTPdPx0iMiaPdW0B-)vxSFPxKa$KiTxRJky +zryhHOj=k>kM26*4#sHYPz|_6fdHyf>>eoQ}J-Pa)2%1z4(kI_I^C0KL6AD%C;*rrNum`YPEEPy +zM-00Gy`o$g9tEokC9e$ZByjSnEqEx5rnICHHW;Z$MO~ffu*03|w?bC=Pj@}>N~XKd +zh;g%$AoaL?pjh{Dx)UK#D@~GdQEkE~+Hq~5+Ne1;M)9mNLDIV9>!37i4>4cdD8Lm1 +zO;xTmiekUNe9DH{e*lC!Y~~G~D~Go?!A;&SOQHE3e}Ron+(DoyQBJ23CR{~R=OI1m +zctYSCdXBXuG_jeM&Rd3Oq!qr(B1Qhf-@A+KX!JGdN$!(v&)9q&rM4h+X{_ +z6xZz&_tr0!C(5gqxY`>d*= +z#Dl>=2i;@au4^Q4UOU!qUHt(X?D*7z0gBuEO|^xZbMwg{ +z2s#GJwcg0!&=jQ3`y0k=?&-y>*qtHlrfL)eioiXO+NsA%9sr%iqcyzt)?nOFZcZ^a +zz`)El+;L@g9y)pcV?T_Kv8yLcX>jxu!)aeNL&k%Z=xhJV8Xg(geiCMhF|e%z+1Za; +zsA?ijJjw@=c#;Z*+EPcM>#EpBsqQ}D%Z(rc=nu8aeGWD+6-0b3kUd`BkipwNs-M+Z +z_>B}Bbb|x7Gr;J<|AkjhwSUGdEMcfWn4-E+%FtPz5SulLb! +z^13aPH4+L|{U*=$WE7P^Mc@$`cd`bj38|woY-~a2o~!cs8~wV;x?XRv%j~9~lfA34 +z$Z80*VR4Ckmec(Yf4G74g@IJ=e>%jkfWO=7sbY;@@!cHWCUw& +zb_fa=`1&0spCcJnq8D`>iQ+MhR4zJ`I-O+rSPgXRd_l*--3vh$IGz9gEV4iYWb#PF +z^h{DlWp+Lma*gX)LPC0>g-+RmbaDUG*y2b~OahBcT*w>u&_GtaHm}CCF#Amf0PWWc +zc8^}GgOLs{ICy=c(}5{kT`=YWc*)tQEGFFjy)w0>)*xz@Vw_z +zC{B!o0VED$$U?&F<&E&6H|9_6pEyTu^&Z!qRmUAv$S87Iex7}~;Rvw-T%Q0^+AQQ$ +zh}yxYM;b`nb1dY?W~sNot9PX2PC?`9n^{Q)bJKh`oxMY>uSvp_Hxf_jLm9OaCP^5) +zAdU;)jDa7`M$_JFvFCWPKM^tkBwlmm(GE>++Y;aNA~e&|HP3@R1*Mh}+af?lvD%RQiC7?LqT8aHv5DeY&YYNoJsj2>P>vikBlDAsLV!LNNJwSsEbgJ#gO`F +zqAUE~9#?_HmSaO^eogCQq&@hN=R+9_$yerB;xhUUq1FXWqoj&4Z`mPY0Mj=1S#-4( +zguD5?YMT@5X+=TD_frK+IQ3}-g1po2J15}ex@Sxlp-2`;?H*d4=Q(?PS+>wOBpNkV +zz$wP1!RVODfCF^g^L!pt>+9|*1S$?-Y5`rG0|5~}?m_Kg{zL^@HZX*D>zP-(RK!7f +z^P}g3q{v37UXE)YQ)%+Ldt&`-Sje{0%*O{6~o*3UunPvcd~iuOQ!b_gVU&`D@{ +z(o5^b`n4(i{ubs%u#|QScs}r709HHlZZ_ZMvH6#~meH_AN?tK+bb3#EQLf1!#&}P( +zFcmQ88tjbYPoG!-KKmWJOmSbNRu{WJgR;vLwN&-D@?~i)5liq479$c6I>7?&M3`}m +zORsnBaYEX;(G>%ZpnZ@+P}3Hl%60RuTX=7P0x|)WH|#0oY^ddzKP@gI{i7F+~BMXmE(PO(#uuULF4RzMQ#RiyRJ9fw~B@AH=r0i7H4*eFdeJSEPzBsloe4Nk^)115`jfiOD#@G_ed9_u%$CbGME}P#8LKfVZ`zdhy +zl&o;z+Rwl@(sV8}rQ8qDmr@^Xy;lcJ$P}0}w&|efcd`tRQ_mzGCPJ(-RR-(q2x1hX +z4{3|-D*u^hoP)%B6P0~)RZ8Q(4_Hb3^htY0>y|6bIdhGKbdcUUvtwVE;p{TP!9<%c +zpu0hk!DPM2Ihy!@ND)#rIX|v2(qa{W{svfoZM)zUX +z-u@oiviDtii!)g?uJ!cYFThgE9J*0LW|C;y!*_sa4D#DoEtUGA8cl;vnZ?i9vsGb+ +z7Kdn-IGaz?MkWh8)09WkO+H0e$T^YaY_DleRZ26xvX}~t@XAKa-2^kYlAuv82N%-m +zlmUE%rKRV{RGmeIrRnfPk`HQm_CnPFZC^h1{f1%m_NY}jgmZgdLl02qpSPY9!A6gy +z6yzp$tDOc^^Bk=@NIv~;3c3gdq*!5TFQMx;QQk@T)t7neLk{y}eyQX8Af=m(9bbXR +z1`hYRtGBWh{B#raen4xBin)b{uh~tT3UUTJ7ay%{H5y9$eu=~koNnw`yt7C~vmYUo +zsIE)>Y;e8M1FNigog7G!@BbLDxRL*WS3iwc8XzD4ycfj!(+dZ5n4d2PA^(5A9F)ZR +z`0weJ@WkRziL0I&Ult?+8FCW@n7 +zX&IYo@xoHvKJ$b_=B**Lg6{V`N#U)P9AAYBogXQUx}^JYnuu4~pme^d4h{iAe1;)1 +z8Pboe#d^H(i3)RYP~3N*@rr%{6$TaWMH7bpGUL4NZ}Kp>x=ZaW7weg9rVZ&G$bktB +zr#wW&^n%x8dK!!m0Ja|TnakQ17nSGcKJ2hY;$yHbL+O!z7pEO+au`%y!K-)e%LOH1 +zjDCLZ_z1jhD=#x_4{U|+CoN}td?6}tWH>C1B5<{z)f7|-NYOdkWF6YTbg@7%H>N&S +zzY67>FhFMAVDZ)qn2G@TV!b22WC_zfa^AUV>`jK=Vs%$5GIVam?2{z;dF9Z1RhGGf(BC +zgR|JE*@Sb%+_qxmuyF^RY(1{ks&q~_w>?tDs2XjGyg`0vT6%uDXfc`R2!}BF#=(%R +zVFG5~hyvOc{{;h}g`f8vFoB$np_drZgtwhs;`bhoP#@HIHxJi*a``|#fZ`S;YqzBs +z>B_09eSWkmHP}7^NS-9NiZZ+4WJa?Zz_u;7H1K6{Rq{Em$^|S$z1PhTjrWF)wPT{w +zO&4$6hX8Fr-mQ-8L>XYsvaY@JSv;qp6=d<8n;{sx_$LpnR$n(fz}i>~Q`=v;)&W!! +zWGc4GEt6D}Yy#DQO5}BLy|I?cYj){KaP7uF$E$LwK>BUMTxyw+{R^)C{;=S$ar8S{ +z{Zn|gbW;nwFZJ= +zu{+jee=ZdtKwbNa{+@S;jV)HSHFDFmF39Zwqe_W@;g1iFF%+&RvTTac4x?77pl@XBAr5SwC(g +zv!mZ660_MZfK?EkDRXw@8yVQ6j&YapIY?-@ +z`g&xg%T^Qs9d@1E!eKi>$M6DCQYK-t|l|mINXUXCI`#;i_nN +zuFAr7fl1&fewAckXkpobOnKL+x)QfWF20^+3#&opBo>wJb4nw>uTQ*qH>FF1A+;VQ +zNK&g%@1|Xzw*u^BRxKPG9D}kJuCZy|K;B1*>HN91me8PCXg={kmF +zHJ(8&%ohZTyKY&%qTBMvC$vryNw;+*;|p0Y#vXm}!SF#--2U%j!8eFM!&Q3cZ*cV= +z$gaYdKK?~^wXTMWmGt*?_2=rBfPdsLW>pqQ#s4d}~d +z7-hp)ZY(b>_I;P9Ex8;L*RT+h?2iZ#aQLqr<79M^&->23hyCCuqZtGZM4VLx#C2yw +z7T|-0B)<6dI%{oels(Og-qV{E12(T;(CRO%5$Q5=si&4G_&U96XI~v>!d*X8_LR^k +zd&*olP<$7qL}giR2k_g^O~QgJm<fWgGH1rJQkf4^RE3u9`{SavkMf42u34bB1dHs-$_avZ@ +zGLl~hH??0t!92q+(QVup$3v6F8f;@8S^bO~mr>mu>8%FBFkhCu3~aADs_qwGDNKoS +z4KsQq_0qz9$qF})$|m!1^AvA86|4czQ!KtVp84X3Rfb_wPnt_#*7Y8A{s0$)qG|9Z +zsIwh;h_d1>7n9G|Q%OM7(s^vs6P{&i9PL)dsI4^!DHyolcqy%0i&P +z8SQR^p>b)OnT3e@aO^@Pd<P)6>7XH{hH=*zM+FuG^^UJSWpArTI}p8VC1I)_RF)7bQv# +zhOK;`x7|n7>~@;Nlm6%b4PVw-$tT{O2gvIAOQ=N}T#anjD#+|Dk(RT{0Pw@7?UYJg +zgS5=|)>X252 +zx5UPtMeBnqT17}9+l2{t0ht(RWFNRpR>5cZ?szAlFviqR{nDF-5?@6QzlODH+Zx6-p{nzC$_!mNIa_MCjw +zyWPYM%TKsG!*NZSM3xxGeuNcv==)fsHl`~VZ=6>^t2ga7s49+|2y^Z?8~QK4`v1By +z_-iEngRuV9zWVti^Q(OY%9YK)-%!}+pLsAW&#W$rmEj(!e5+E~%!!E6V8^=q7l@VS +zzjdci-;YZOW^~QymOS*86NLxNJ(FLX;!1LxRB$L$yh_F`@hJ+~opQR@taqJfld1?Q +zGnl|Kju6ZrE2H>q)ps>lMw>$_D`6b)fyk>uK$(&{prRoY;l>uJq~V-7wj0Y2TI}Z; +zKXMG<_c3WU`iqMj8*5?;5GkDf$#G5U?i6-ZKv`=_5S<}wwgOpLwWeEJ)OOI?3W4i_ +zX(0OBMrA$p0O<$tTJ9jIllI~&L~r-A?CM1sYbT81A^OUBX9oRrdkLeF +zvL_)IA*Dt1#{_A9DKm=#&2P{yk!TE%C}<+=@y(XuhL}syo3kJ9xw1RxsmPg>VmMA>~c7RE}c#OA`mh;I|Xjm;~2FP2lM+u{bLs5nO6BL__ +zZtz9&MUP$-HyI|jk<(nbad9lO*meQcxK8CG9nVbRbiL4bHDk}GjYq9F((kRLG848O +z)2t&=M#k%J3udhLC}x2r86Q0BHxBrN(6%ls!)T0S-I}9L|mPGuA +z4o<@thqd>8jtxuZ2(Mr_6C;0TB=hMM-OL&&!GOAwb?^0i%_3*_$)J@70ohbtFS9;9 +z`%D_yQ$e>w(tEf@Wo~v|!+XOxz*lsYsgEnGh9}7;wmN*0o&@wRDUK5CM+{Fakae2( +zwyd~VBjr|4UURS04m*Z#3+!IfGrzSB4NGnZFFnWVT0k*U@%V5gndsV0E+(SMyKlP) +ze7>O|!q+$NW`H#1v2`^FsBcFAF=p>%&y{`c9m9qqNWUi30IX<-dibCr$ic|3^a}L) +z;5Vb_v=8)uGQNsRf&TYeyYuZ;pYGqY)$hsGpOjZWldFF!uNdh~*bEI>4VVpC3=9}J +z{0S +zh}P!18H#V6!DU;rbYt@dTH==W_0qXXzz)+m!OyVOa1sPtA)r6CM0^HRFGEhnv-47# +zNcFRh+r+!?I+JT>hw_pC8mTcYROtl3f2#HPKwHVK@}`1Tlc~4*;q>y&k3%a +z#C8uEo=j`xwJ48DIV1^O8Fr`M*Ul}@Y{g?r%ZQ(Gdp@bXh;O)#U-Kry8L<4E4cDdD +zXq;FwgM~MKJu-pL1$&lQxgd{TJ@SlD$S+Y;om`&~QX|_9H5}YlsX}pJdG7*Rr0_X~ +zo(4<`z!|sS(|P94PK7oG-AsaW)~zZ|bQ&rSl|OD6H)7yVF&pm$@6La!?tI|4AP%BR +zqX06x);@)J;A>8J-)Yq5PU?h9$$cp`!+fVbLn)xN5pMt7&VcCraW*z$r +zpiff-RdO|2toCDKo85(%B)feFe(9(*vg=VBfL}8IDS3R7q7_lan^FhaH3QmrfnmCG +z+)cnf(+X3R6*d#I>ea2QU}1UoJG>lMcn?hv^(BNSl&-dYK#2%5j}>qG0tpl3N4OwO +zJ2lHh6=F5nuO4KX3wW@%+7u9ZRFNEFE6;_<88=O2%AB$GRrgG>{nK3-%DHIi4C6PG +zfP*UB!$ObS>AU>MV?3eGT{BHDevHRE%Aw|Dkyn{z>X7_cxU7T5U3&tv3Up#dH~U&} +zmxI>rGD6zryp&R70u&o`f^YO*_oa1Fnr_d0phc^|?fHR5T`f>Tj_Hj2x=TAiVy|T+ +z(h`n>f@=Eb$8?b-0p1Geo-S$$^{!e7fNo~?q19vYqK+6<&B6Ytl84&kstBXrWBd9T +zlxcB94P!ZX%Sg{`kxjA6x^+lKy(s0e*)b6muH4P +zT$)eXoE$$RusXQyt%~GMR>dH8xLZEXqv*96MwNC!SOPBG>D;K7Q}jcjTn>UwwQFe9 +z8!?^?<}HQ+T0$y4Vk=Mn&!`Az#lI9 +zjMj^;xXRnW6jWVFqpgD%>I(WY*HuMiRNL1x()Y8V-B#2!HkXtMJ)xUL5oAbsH!nX> +zyA7pXU~n6wvER1sXXYVIcY-dE8x|7<3HBmL%Uk*-zb=kh880vvyLYfcDZLhEwnN;a +z1jEGvF_`;jl9f)&hB3dz%D)g<0YK-e#$0U9V(aHosC3qkyLr3b-Rt$EX8BiPLK(4W +z>bY4z$u_&;OMo*D*mg?GZ+5I8UcHn5@GOzeuSddpDNJElw|;GL%m)Gk1j-|!OskA9 +zMX-OQ6oD4lQ#nd54-+ULg=ZR;cFJUBPYE(|iYO!2JSWs6^by*}!;rX01(c}OQ>IIV +zs3+btyWuI!x1!JSibA&vF#O<`I%Cwb(E2LB$j{WKlX4+UzO`|CwBMCaJj?oHj!zzbZ4IF}8|U +z#3(TQ##MjqyJDyR3*QyCsT6)_Beglf<06KuZ#LSC2hNsyK>grrrVD~k+e6rQ<@WA)g?$6iP +z-ZT+x91F_b+f-j+N@_WH$D`^R7Fb}5KHkN?ZMc2+u&er%TC~Jmq*Hzd20Fz3KgkuS +z+0AcY^^phWKM7Xi6X8PtGfL`u}lWu^BNLu>UN!GZ_E; +zYhckg`9tk$42KUW$C!-`ie9!WRh~p$eN<=&GMf!DUI}mZ1Y|F@`m0Sck+Z5KK`2=s +z)aId3NAl>2EY@xrU)tc$mYb+=rHozoi_-q)mU_7R%bViJfMd~D@ZRK=AIE~EiprlC +z+*RO_gP_k62h`{QFNqiB_q+eA_UX{3wP_#c;z875wOIzL<468nr| +zvNTyPl!+kum(+VXqz;g-;<3~!x!9!wCuawF<~iox;Nc%V7}5?;1=GvT?u`?~_v&OH +z2;{d3#2dI@PewR1C5K(|Akm;0Z~pA{7UGo9KYR>1KvB%?Kt)E^AsmoELs@b;+6O9R +zTIG8KOcVP!MFgZr<-xW)4fwd$qeJM#7<{9RW2~gf59D{=RfId+ON~8q39v`?qEz`p +z?OPE0cGtHs=whOX!<6zR-C_Y@5fi;iTfP@eUE?^k%(b4Skq;RFj!l_I{@O6yGZI2i +zUO)8p+v(5>pQp)p#`3t@Gzvq7-aNI1)f3=5KvRrjzNAj%>8MQKP*O!yhCEz`=@h}& +zWSM8*&ly002dXApPjLTB7S3z6LjSzIrB}7Y<>0vlRU4HA9@p#Ok}Q2My&Gk5m#p +zn2Wm0r*`&WQvO +z#*E~8>rmUKvl1#Rn4U^XQ8&TN@*DAw%}+h>R}%(vHkRUvfP+Y#M9Am@l?8a;CCklE +zwQaGVbyG90!}~@2llBXnU4gh^J6E&aS!48vch^t>7S?kwPqj5~T7znSvhGQHvr#8A6c&kI@>RiSfp-$RH42o& +z``{mjwDG#FSHz%eZP1#dM#fYNYTnu@LoC6a0s2x>RQcJNVcbv+Uv0*m?AZp^mzgnD +z0VF+u+qiV#*Nbd%i*-3x3bWcTm3z`;J7?tjr>#HM;^$`QYVr+Ast|paoUBSz7 +z%)c~I)lcs34#b+#@kmo*?Jx-ZeDDPq>*y#lv+i5Pa~~^&Gu0W^xjabyfs+yy{*|J4 +z(a(>3XdTO0&nR!Sszn$c;G&Ir6=J4rx)uAbb;)n?I*Z(OH)J?n2!=gRw!Apg#b6wa +z1mgkZ%JskCt6u}@cfR_k@oG#r{{SvCD-Bhgj;es_7LtU)qq%{!ne=7=8kj17x8N`M +zimY45G6|L^w$Q^>f6|@mAV>^QV#(Le(d{9 +zt*EyyV3;vm=tdIx&nr(P^M3i7O*axInSepF&h|($U6$6e$_uo)+OtOKGoid?N#{*2 +zEIkk+V4zc_1}va?_Vp +z?16Q)UvaDQmUGrka83J5n;Cv6ybCROJd>hf0=um-IcUTI4x!YFw +za#>!DMs9>isU((YHBX3?+0|doZ!?2PLHdY3(cgZlL(T7pCcT8VL+F_{dV_n1fBE_B +zp@IK&+dWgY4sQ2oeQ91LHh?z`X#yasSN@{QBdA3`@5gw8S?aa|oS)ICG +zr#TVs-lt1IjF?$vcGVwuCX +ze5GuRuu`_80#gU~wy(n~{8z*c#Esz*p4 +zTAoFymVPeYXj~Qd>C+GAFauP5@f=CJ$w=QRtST0L`z8pclAy*xuKie~yx<>Marf_P +zWn$EQnLClx3+@^qydd(XBYWCkrD6eHJjVnRr#?U^d>-_V8;K +z>B?(FMW6-(ktEwFUVED5ApE1`2WFKG0*L2A;*(hc~ydIq;ZdW^q+oD%B|<+Z}*nk^SGz +z;CTL@H-nPT|9QOPM27u$yy6trw43>Ry!t)7`jhYKXL$9?cg1GF%t&v{%EHXTYRGQ% +zKfS99q7Q_CLAQE3b3DUl0-l&;`~1WB2S^{#v@aE_B3i<64hP4tz*FJBk0`XOSd +z31bPt9#`8=&rd;O;|8H|fq@YBXlNOlfIzGL2SKCitLqgeMa6Ansa`jkzK +zMqYl3JGqT7SDwjqQJ|BEoWa!XVhE;57&O_0d3odm3~!NZRWyG?Vpdv> +zA<;%jUG2I^agIIoKZclU6-k;)!tZj=TC@0tvFh>$mbFS(RhCHaE^;SD(IJm+NAV=YQw>Jrk(})F)~bXe#ZE +zW5?f-`<#%l*)kAR#8vn=Trs0`igc^5P(+J;#iX551aj%uK0KYd4K6Q +zOPf5_2Bz(MD$DD2PD?_^H-25FB8;76^Mnot*4UlT_(aamCC8Cd?}DxxkWgm)=tr0{nRF8=Q4GW0po#68{x +zy#Z1zNU%Pkk_PU@=^Mkp09U`q(VyY!KV?_J&sS#5GV1--YBG+@y!fZ>Tmryf5O6yq3(OL)1$YppgPld`T_QD+|?}6d&sR!_+l5DyIX^EWk^q^NLrX5 +ztIv6W#m3JHZr{~8-aBCX{_I(Mc(-ot1k}?velpqW4e74M@qz0}h}{VNF_4hxY`}#j +zyS_6Z@pV70yb&fa1X*4WIQVJ5XSC(nald4uYP)*A`Rq1Ok#ns(=25ASc +z7x_J%DNXX<4_CMlQv_MN&!YsGZNcIjyu|m3+)+RE2R#(_Phdzugn~cdYNw*10CAAv +zL4_i6?`8yqE0l;@>`!p@*Rm@vroWI~Rhc4UHh>AUbWh8+acoNCiSIZZOJ^rBn9)Vh +z9m_6o{R6Igv{e(}{e#isPZyi#g9r}y;n<5sLz6*3Yq?y@Oduu2*>%zFd=k{@LC_M( +zQ(G0F7olhy-4UHKS^U$0ruREm?V)ySUnb7rHB6~ajIMOE6qL!@iCDXXDR|9x#0Awf +z2@E=JeT^Or-iwB4gXgcz<95vscHs5=wuODkvjLeREohJDJbq4TskRKN(@*zRR)@X{ +zP~uuL@nsYggz($mgiK3c8@F{P{WLs+R;4 +za4H4OuYKEGuOtqH(U-Rkx|uX0FUBbd=g>V0F{sk&rD@&et2Q-Jboi+f1}NH6$nouv +zmj+EH``>WoQ2R%?@@t0wV|MjFt6lL=!~cb=-A56*VeIe0>d(2=A7ob_Nd4Q!z{bYT +z!p3fF%*OI@%bA7spVxvn?YcU_0a}#>%6*z>VS7Czitj^c0<2}R>Ab8}$HT`qf*+3p +zt~+MZAlz=F5wJA`qKUsjs)hSfxJfg4I)gE;6LC*h#ILZG1Xts=i5Dpk4DXSPz<_p5 +zq*ENUU-f}#K$zq^U4bP7nRc+Kk_}v28(^0jUXz25Nhc1-2^0fVKf8lR95s7%WsoKt +zfgvU=qn7wa0;UnMBl5#YEuiVPyL0o4jc!RRD;<+zB +zd|(XpD_cUvOfG9*W6?MMkDDcTTa5SSC`tLbwk2!dbQ^0w= +zB){kpk|Sun(Fg#O7&;jXwmgie!#FGT9v1q}MvkHduNW$$U-J_cx19Ft^a!cMKVSjuhr)3_huV41*Vth!#(p?q1<9!grJf&Sch(7ru9aJKZvJmP7Vrt|y +zPx6I3msghMf0ORNk_`c5-B)JBGStn&%b8gb38tZ?@7w^=$xCdw2G1ZV^UeD=#0XL* +zcCDKb_bo}*hZl2L7|R6u@}RA0`xQSg(Y3?MLz}Mb=Nl>cZ?v+9!EH3EW}u(4)>MxfaCrr-z=6t-ai3K~(P*aepdSj~D|!-v +zeMjT%-9kkARa}>&io``JH7dq`nFSo-sHMB+niC~pec{0i^FER6)2!Aq#1-H3EA{Pa +zsaX}eZczE#o9y0Zmp1l0Tp#fg6E*z-g6fbhHr555Gs(q?&>o=3g;l5*mC(V41rka2 +ztAXtoempYa9}8I=E;k5)=INrYcKpX#v;)=d_GItm+G2I)Ohk#WHlOHarrJCC6De6C +zt$Oc^pk~p=fFi))t0B=jqs!j-D&B&kt?)BbI&5%Im9`vLNZW=8URZ^z#XAQKCv$CM +zhp{mGw&EHkY#sr#y|d>saa>J{R8mdMBko^6gC>FF746d+J+y8Z=-95nVf~0*nVmy& +zUa~z8nO3rLj6VoHaZm}rMHoMVd6IHbVYdkuZhGSlxm;T2sZv*XA7LD3o(N4f!W6DB +zez_y*cwW_omnbmdY!*x4JyLjy3*X@vzEKW0^hB)Q;FSiH4S9y6Mhi@H5QL(c!U^&v +z)e6ksXg?}?qFv~|2T)y`mYm%i +znI4=hV*P0cEOV}edB}&#>M%gwocqvRNufF*@KBptfkO?H02tv1CYYpaJ!4i27(i29Z# +zr>$pd)_d&yFX(FOc@`A{Ubo;l2au7XC48zx0P7mI&vFh5(LQUM4)zRDJ}|-esk0$Q +zlMXVynK&zQ3IN$G)*syHGxgbk9rqD_F96;>a;k$KVNC5ENf@z#S|AepjA(UK1Allc!*AQtr6IK9KMQyBc;p&zy0{GSP9yqMHDl6G* +zemT`dq-=UONL*)%Ql!*44m+K%W2h;><&UtZ(@h21UTLf8h>6M8IGsU0`iT^Qiuet|%iK1- +zFWW!QCIbHbjjM_9`PPJ#UsQ;77C|;u=dpv*F^q5%EA(yPOsS1gYn>oy7{<9*ZDf(L +zFK#P$*V@K6AsGcKe}pUMzwurD$M1h`T*3I%`e`Hcn*4~&-D1NRQ^D(__3z(-gsbRw +z@oMie9{3GcMcX{cpV|+=wONEpF^LE92=yQU4uRFgQX5-^##V8Y3)&0qv+LlwxWk0| +zurbEtooakHqp)Oofrz~NFd9D1W;WDj2MZyG2CURpk;%j>b+K4ukRW7hVx7v3E^VMe +zcV`#ll})DxHcor4l6U*`vDsLxGo51C`9S~}>DoCIAOr7m{jTGGz +zf6h$;@w)xTd%+~pKeAP~3&Q_Pw(^QW_zSj*Frwbe{ny!w>yK@Au7BLYVPi4mU}85i +z;%4GxVlp!Rr=8$dLCAt~#K1i8xSu3*TBfpOo2tpD1WZGY;G>lXiiuF&HDAY3$X%zZ +zkj=GkeIh(nHaB8R*80C3!e`Xl<7RJ4%DAxn#292FS-!n9rJngHa0iiMmcKQFw2y^o +zr!JN5pRilA+6Er&Itkw~@2KUA7VsSeBoywUjD~zoMbHI!x1?Er+R~qFGgx}UM*e~P +zQ_Fj$6)EIb-iE7e(;+bR=f3+C-Bl^xD%0$$^jr@~4A3ve=sHay>&iHd9}%x!RWmMh +z^d+``Q0I1dIV>T)6>1VI#g9KPhD}Czn+a<)XwvI1^TMD0WSWPei=v +zI=m*PFpMCnUp977FvNydwIx|)&{Qb-{gpUX+2CR{Gm6AiXjt6sNqXD@3!{=N6*TF* +zW=AsDUbK|3^%qaPJd@Z@YZRvO{moXX`1o2ed5(UlW}R#HJ5BsjKZ#Qqe=){)a2g}^6-K)X4;@LG*2#D|f41vW?eCHyXt*s3S +zx>IAjAdu2qjLIuTY)4~!j?mELPO0Os7GfE_RhvtGFnv|-j591CF>EzJL)3@zu(GzN +zd9;Ztq3Iip3gC@KnnpD +z?M{jYCvZ#;{x7lB?~(K;w&METW=G-ps&%4?onI;xGzi8c0b2l4 +zuRKNJZ)rw1vmoKk2*N=bd}OqP2{&&}^i1~bfP%LWwAd=@`sF*B5-;=4<@DZpYmqpE +z6dsR!7=&{X*NA^2p?v9G7n7EZB|O1vJ&2J|BTdoVeM?}CEDkL8Qk+?a5VuF9MoDzp +z27oFIv}(8L;^)1_46J5tcd(UF6eg$KDe-QNB|y5jBJn+RD}98tGLn|Fz-qqUY!C6j +zK*D)hTc^<5K}w62!1$WP5V)qM6aj~2qi8+5o`yc_z{n0tFiiR!&o=3$t)zr(ADFyv +z!u>S`>GPd&wpyQ%qmh!sA>$eN0-W+11psUZ+7^>1b^FC@qT9(?PeDPFBIk3V75ABS +zeORBD==83C$njY4(hq?WDRV-+J<(3zbYa&A&pJq;3s&x0FQ=hayy*|(4_18eiT1K<$wj7T6d7U=TI +zNB@4dD(gkuMfSvFo$7cT$o0Mz;Xrtz_Xq2?-U+2L0;ZL>20^pDK_|CV@1K-+HMr=RgCzF4(l{;csL%9LC +z8&E!Q3{8V$xLy_vJhY3g)up3MP@t3EtUS-~1$wnvG&m1;#1?-xj%1WeCgo@Iex5bE +z!tvanU|eJhMnolU8G>Y!2^a2ow>Ac3SNtg)%Go&O!d3YdZ5DluV`Gb>L>TSk%pK~P +zVG&9GHZ~u==DAM~dMx0EfQUrD=ztKgG%gQGp-e4lAfuEUf--GbhNP?(-o6Hi3sOS^ +z-p-3#?a5mey^JjPG-vkg=D~h017>RLJvmy(DFa^$RV!fME}q(_o!(m(;Xu)50`_eTc?ZLrP#2NUPC5*lM)wk8B0P +zf%r$Z`k%QN+T{`ddzsxW8}xSd@6qZ{`@j!?{^y5+%)cd9OdrPujk!3DOgM~8xVVf> +z{)w!1Tw|L}Iiv0o9_9CGbyl63q26O`$Z)^AHJxYARAw*+0QJemLE?qet?s+ejG)`K +zDekopL~2K*-T;DWvg6Ptz;?6)Gg9PFuWNo4j)NDR-*6mxC6nzzjRziLe48`%rcT*z +zKKUAc$|8HDW)ExD{|GQHV1xG4uvkHa71jpG%}(j@I@Nyjm?Wm`GYmbkI02y2PF&P( +zD+Yl-cqQ0`i)NFL=`8ac!)jKnxZ)<~H~H)H+|jK(EEC|ZJyXEN$4G68GtoN;R)z~y +zcQd~n+v#*Pz`UI;3zR}BLoj-~-MS%@_dv(x18d&4a_)r!DuqoRR{2jTR2P;+I@4UT%2$pJOqM-65%a!#9 +zw7u-r-&^^iB#t`a(y1qE5OZ9epb-uZRL#hR=uN)@=t$0$mB?anu@CKcY$%wFRN*DWK)PBx< +z_Ghxq7S?#4N6OzSEs +z_7ln{K#-vFqtC+PuU$vI(zQ+?87Ih4m2x@*1s3J(>}=?7i!bVvbV;<<9Z1own)(#7 +zFOR!YvZY;by7z4WG=97ePb)8_)eAo+54>m2&o^A1Ejx#VDV9-G`5Icaj6+&%Jmaxn +zyICbWFY}_o+c^yC2gdTa^S`0Q{c7yz4u^W10C-2~Ih@HhPt;<+ybiwHaUR6*v;r>H +z*|yzarrxsbUO6`mjT{fwPb_Uk!Lz$EhVP#J&koW;&t?p1?#S6mTX5rh*>Zd4^sNMw +z(|+)2;upU}?bX1O)t@2T<*g>3Nn0k$VTmQVX?Fg~Y58m>caA)0U>sKjE1THY1}NOn +z23Rx7=!5z7o=My6F_gFq0cDmBo`xGbY8??(A022h*2ti1`UpZd#z9?iX(LEnw2QNp +z&C+IAS9q#`gCAecMZO;YJkQd1uV_AsoxBdmGGc(K-AxrV)Hp7Hkldj`l>?UyVz&+} +z&xrEmbHf|)TFCZ3yPYi$2*L#0qlT}1VNb)aQ0m+t2f-y7*zaBv$srYYZ|EM +z{BrUOuKpohqLEs~|9EWXf$-$Aw!QESTAwmEj2vSY1AZ)y3k!xMsK~;Tiu^Pd;vz%6 +zE9>Xu>6!#VgD92B)+BS!T +z`T2(RY}hv>{`@Rvhi0_)j!OKUGXVrNvHuFs{U*oC +zr%Sk1@-Yb!GfHM7KvFT)9uL7ucap%lIt1(f8I!gKNBzr|?PHEYAc{Q^=_^?IX^0SS +zA*YkKPUOpJj0??BE;pKeD1I7gkAl({d4PiB;{M(B)T1WeI{OzgPa*3w6@CmwvKYXl +zkqZ%%X^x}*3(0;LWP+BFKrOeX|ulM#D^=l}ysB=qWUEK;i`gxROhqB#LrI0{!h^!7%>;u`|s +zWRP$WU)yVmMv_k}jFQuPTyYC>%7K3ZW!mAcs#iM(6+pV?O)??oDBwYNn^DMYW`*tS +zo{P0-Z|^#Z6jE~2_nE&tBykBqY3n)qMGJ3ln}d~rNk^ZY&{gKy%YO#~mUjkx*Uut? +zHWzxrFrMD{u;-qEuvyxD8dtbcrTqjIIy8#~+_4r2nSWnWRiC^Top>0XfTo1BR_F2W +z-v{oTo)Zyn6&S94^=^7YY#onZNy5I)jf0!g!u-;M9ERon(1`r(iGjH&(g0 +zaHiioS$s#2)?xin60OVFjPv{`MDwoj(+Yj~F@coTv-ssFC9qb7^_X%Fo7#E|hE_Du +z6;K0RVo`dD!DJxG*wmxwrmXAe5$^J`3#lXvaYg*xDVQn}X#7On=fgoagm6QmR8XDa(3g*mJ?O)k3j +z_biiHAvg-gVBj7|s9C$z-aW#Zl8WYeCL`*5G!^}B28f@KpT5ay>y1`HXPs#>GW5cx +zAj%yHGPp~#jW{r#?BmXZ%y+0V*|7ZKa|Ln5Uz$5*Ih9UapRS5R)=?b5T-~*>vm^fLunV6Wk +znE$9@NSe9;Hb!DKVq#Z3Tpn~lV-P)-;3_B%*g~Gxyj|*nZ +zL0Yz4dt(7G!m7E^%|FN^1M{^ov9;oSRF{q515b3r2JD1P87xj7w>_16Y|e9%B}Y^A +z($KGtJ#eD5L;I!UyMlMt4rwr=mK5{(7}** +z1SpyVvA)wrQ03KV?FII6H|y)eofosBqLCqWXR2VXTZfADe6g{h^VB{T{jA^CU4ukk +z2*>DuDhl!0F_ekH5cb}eT0nC&f*>H24@oi +z2jW+GbQKY~;O+iij$4Iau?vc&{9V==u7E?gS`=P@d`hp9f`YMew;VMHK>0cyHA2aH +z!VegEFy=_ffWvEXEop*k5I89ICwebJjc7H$1L3rqV;UqpNq+^4=^QiB{Tn+|#Osm2 +z`-?v5(PpDPJEe0;?9Ioub@kL!=Ik2_rrzrn3Sa!uNh2rlA62B=&wb +z2nn+K>#4tNXAjujeM!09orRW>7ucB@+u85fN~DmH4zS*d(|NOA1TOLn1`YS6T>iv- +zFP&sjOg6DvYrMbx2bj^^iJeEp;xs-1tjLe$tQCl=Bfk{JEz(J+U{_UKlPse#Y*EeI +z_+D$?A*Z|5$nCAfOw3G+Q{vg@?Vnlw>QrC)rI+-9d%p1sV6+da%y-Ve;6)U?%9_(p?q*fpA$pA8w7FPpYw-KMp-c5b2 +z8NQUS>VQWxm==z0N~kZT +z!^ntzyV~HR$N!Yp8|iZml6=@1z7S!r`u0PI1Zvv51s8G|&NcYMF&nP;Ek*y41IS}9 +zx2g+8woD4^bF3ZV?BShd3J}yykx-tjx==pX8{i&FM0{hw+BjpvnCcLTx^ +z4iM$G3RO}De=aHBo$Hmat1D>*2qsto^sSF3Vc5uX*^|8Df|5Vksa1-Gf%*P2Mhq{E +z#!%(A9cM58+>(pfj=wrZieFt6hQA7nQTx5WDp5hzEA;J&^$h}o_*TT=aiWfq55T0W +zN3_}67$ndNz?L%X$Tj%pAa=p6iB0v)*CDwuqN#&zc#^J-ylUU1=ipd2v@clzXyH+2 +zLzx1P>1j2CY90oHy@3jylYQ+}%R}hvs|StH!EW94Sc6ivCI^{N{FxH%;wTIcHD?vB +zU*Y%esfKf5papSR*o+XN%Za5gh0z#~SSZgg7$+izRfIINP?B$h6=ET5{!^U53*!0L +zp>Ga>92~oEI=_)v);n(C1gNkh_|EEDXgwzs+U%8y~{qkhLKqGo38@o-a}^~97K&74G$s}Qt-o%MXLjH6+xuG +z4XGi#H?LPC+UQEDPKdpZ42sS(A0v8?>%?Lms+QHtD;tg5sf_H;0-fh!2tWrHSTG&6 +zpMIx?IJ)0<=(DB0xMe+J%J6fn@)$$E+JMML7SDNb2gUR;tSPuRl$?q#Fad$pr35%q +zhSGM(n5ZPSM=fbuDQvfcpx3S<0UdSw-O3(wLJ(sfS#6{?^(By-7$iRINg9{OEU9Y< +zxmNKG2=eCwtavRkoN=Wopk-w+*F^1#Lm{~^i&rSoC&LiVMdk-^KsVenVlI?>_fRaR +z;pw)qAZyJ~+s-68K7VOMZR(6BodYq)jR{IRE<#WSS^d*nLHin{Kjv0Ae{_h#emF!S +z|8<8b{Rq;3&#ky~s-7kOo~-^Z>~zETxZvn)uiG$Tm +zS%hviEb>$eQ)%T8&Kb<@NJ#j=+!V5P%=r#suY-v3bsh%bPTYmQi1AC+Jyp&>b4;jg$>F@Fh0+wJ7R2!^kqvw`DY#Z|NGO{6oT?M^$%auQ{caT5;Giz?-p)k-Y`_E6 +z$~rn;xU~LTd20%ot##y4ZaXD~gPB4MjRE~@unk<9e^yOkoBYzo2AHY@$icXcRb6Z)=JKZ%7g}?u0@wOY__~~1M#@iT +z2^HH>1!#B^z+hZJEf5t8p{#w)7uF$Fn;;`r1$y)@-^zeCZ**Ypq-$0qgGvAj!v^^S +zLu69YxWHM^nYx}~lh+^T`e2scjMlMbICSio^ +z-uDw$os(oVeShGLGG*sdI30pF`Th+XB9DO-g2a0g;gfHsuOzJikT}{t_~m+)#D>2t +zFzyfu4*X__Q@wqv)jK99r+yKDBc_Cyba^x+v6|of1a?T3wS(F*mxLbU{IX+yaa@?7 +z^3JWb#;f*g^`MH#M(pDk^>H)}k;%kR98y@l$#4C0UkFxMn_;nOFX238sK(fLn3KuE +z&DCOTd@Z)?3wGtgmxGzRG&w&}Q8^&T_>?IfV)?&sk-vU_uk>8V3zDUPtJ9H(`XH-B +zCO_o3q`%LtevhL+an(QMR$iRDL>459z?n;=Tn5dp^kk(_*2Iu~oM3vz;}S1n)PKQM +zUfKO)0!HBz+u-t%5Fb%uOFZt|Awqs3IOWs@4}pmV#%4wZTc1u6vTfQ67*V&T`FJGH +zF*Wa@;2ZEeFSV`g^TWt?F%(2eMrI-`V7=tNHIA!RV$rhdD`GL;)wx_O$1fQQJv6q4 +z24y{wUtW_XZA3rlHYgwp!|gU!*XNSv+>O2UCWce#!<33ZEg*AwNswknph)V`(8Q`) +z8e&@*7_}OB$FX50GCN$)h%0o7{QRdkgKOmnDpKLAOZ=!Qq!VL2XEqgI=`HW50ilnJ +zYWO;ZYG;TR*x&-n2P<}MB~xWrpqE}E*x%@+htKfm?N2f4bshbAnp5D+!6HhicMa|! +zz+k(#dCFU!lrtBYt+KHozmxYQ!7MsHndmB+>SxKP8C26i`bHE5>;qwIr-y20c4>=( +z760J)M3*v-ti3(Xc>N=Ftp>559zcw|u4YcKrCG#`r1ya155y>;qO(HIk4|75QLH2v~8NVpl#g +zG-9TGn>Iw3cd>rck*tbjSs++;BZhKJUlFi^EGfoN6xo^Ms*@v%Po5|>kCPGx|Mzp% +z+tXyu5mr|}v0rHX?m~QL9o@MJPzqZGH*4so5PBpr2%75<9UdnKjTFX>&P5yZSsOTN +z;_{!k>Tl#$%zq)bYLka_-x)SCNp{xD-x{TWl)i)5AVwXk2G+m&)%fL;&2O$^cNDe4ta)GSqmz!2ff-nMBR?&C=@~;t0!Hh|1Af+^L@)SrS#$7b +zKYqC%{?xW}K+xP=0WY~e2ZL{bjB&!)ibUapsU~obFxq0v^r8j>;Gbxp`NB1f&bch? +zY?%;2SYg?O9vXLTLGi8FQN48W>|xfl-MX1?DQFU`m$`Kd=IbqHoVwwTn2LM|7S{9y +zHD=SbPKiWptX1N|o$5UXu)&EzHf2g`ghM=|?yAGOstr%PsuJ(`h6-K5y1oDF_Dww9 +zKLuAGa`uvM$bST@{|CWUYAEtw1Xn&qN*zD{9a5;l_X>hYK+9mWn#$2#Aaw} +z!eU^;&Hc}KHNt#VL7NPqn(^0$_1U1{FMJt*(m#vY5?UPA1s&o-q@WN(hqa^GPD1y$RGp8#OWk|tC;k}+!&R%U8 +zPzYyXsT1}R(M+A9rAZ#gD`_^8(5I97&ds0Ff=*-x)$KlQn=ycFRdp8s@Him3laN3 +z%#*(W04~&kZ`!Xb)H(y!%jsTtw@TUhDXMEAb3!CwBbd46Sr6)ykC?1Td_~WFnOTSx +zvR`+1oKkBqpIm`wHjT7K-hyh)ivTcTALvd0C0V(`QHqUj>Rxw}*5+mwxCTIXsz0pnV^dN;jK6FnGm4J4T +zaX@+%1;i4YOD8);q@T!4YkDFDvko!>Z%wrmxJ$b|)H@x0{Hy9gCdj5{lLPIzv06uk +zJf7rg;;b?gR8Z?p_=^%d|cM{kLUh(VwV0d$;Rr`1>Af5A5grRrn58Z=w&P>(O0 +z`f56(m=_gXuDY{6SuH=m4x;4;VF&T;87fDZTO_pl6Kvpz`1kmA#R9_`PxeQD<5mcL +zDcbA0BoK!N_1~rv)9cQA82~GiWlTG=nA5~3`M!n#?#*^@@dX=7L|_A>rR>Chr9OO6 +z2@Zd!#^GPet$xp=Kko(qQ*xzXB`Iqv>y}W0PB%tX5Xn1o$?Qj;{p@z5%q$EYKd|^0 +zc-4@)y#jZBV5y$u$2i$j=zLO0_ytKQSs<9iV!_C5IMo!|zPt*uI(621UZoR?b7IVt +zIMWeqoe6o%YTTxK^UzS2`I*oicXS~11|8t1D!WUC1Ok$^_NXwIG&TkEGfo*&ZU(2T +zIutl79EPiwovP{h2PHkCKL?J4c-t>UiJzgApbsC>yxfc(k;28fb@}562#2to7}Bg1 +z$f3RE@)z2}$X#wlC^oWjr|pXT4EcS*2WYf@K{tbxz81z)roEY8)zvQ4E+>wF2=|QJO8b>9I8skTv!m|7O|7}9A5s!&Q&Lr!XHo-$Mn6xm8KDs;iIMa +za#Am~eXdw!KQqXwMd15&tJX2bDD*;3JI^sTbQ&j1Cmg;kP$J<|Uhw@qr+YVQ(IGkR +zqLbks!Q2R#7QKgBV2~NlXv+cWge3r!?R$I(x1Ho&Y7VH-Mj7hT%@iG$&!K!t-wWXK +zvsSaz^2d-Wv@}TN>`)>eB*=LO$A7{cE~T426k@iEDI-z%H8R +zqqTg0!mGb=TrvNJ<0>hAU`jX5R`zJJH&>n|-5A8j2uT(rqC5wK1#_s;2>mx+dDP*% +z^n+-0AUs*;=FYfgK`-Ng{EREa{MK^Qe#DC}y4ul*)?_7709skifGSCQaSsm-;KTaD +zTtAF#DDqvR*=QQgKTU{oLXKDd-bHRT0DHDs?64V=@cp8yrdncM&PPL2;N?8BXY2ro8F;#U=2wC?yEeItwVe)h~~sU+E$f+ +zf~#W<04N|Ez8GpIgCYNtFMtU@%-1);Isx+3Jr9hNP-PFk>V`mXFwqm5u#Fplo39 +z@m}zsqN`JwjE5O$?yyqE&y|L*cWJt(8`ysLpO7!GO#6_tq)266^Q%M2kmI+17*n?P +z9iWe0ka9$?eO#}5l6NA=k^*0A{JvTFZAw}>Dn{dO9($zUq1)Ex$JHKaERCzjqGQ~L +z&qS136;`)(NN7$9&x%u^r?Mt(pvn%Q(E*(pJ=S%OL1H?M4}-(jQp55 +zsX~bDD=&RrM8)$y740Z3>}_6K`2oZ(t~~HjGX(BiYy(fEByN$q2k?FAY^YfeAAXo< +zxfCEQOir^$y6ZA?ydy*Vu<-f8K1m?IAX}`ApA7J`)3FGzhl3|A$HL9Q+`2p#EY4dX-1vCs!kRh5an*@LQ# +z2&Sp=`Ta~yN=Q`R>l1aNdIT5pwL!bs4Dzw8zH#Hhf-?1Wk?}YY +zRy_Dph``Rvm5)VEpf3C +z8{B(mu0&?9+PSg*5ixj6lk{hJ3pSd0u#8`yD#MH5IghSm&!6(2E}kC92puPG(^pQq +zM|0?KF4EDY%kS%}FyV;b4ghF#p@*6b87-DkZh%Il0EGA-RUFrkS1qdMxMk87F5VIG +z-6AP0in%QwGc_*62E}SZ-Pm%KRP4k$38W&{&zjn#|xu$lS!QIT*5R +z(T^9Eqw=hKkROVaOrC`SJ6;gtFzbKOdqK#O&P-hi(04tyw^OrEmMm3qKjTK52|S2qfty2y+A7OYzkU(_klG(k9v +zZHa7YZB>{@m3>@^N8FNyA}e5PnCZ{Nc2ANQ8U*MpxV6bg3ZymY1`My`?+C%i#sFBA;rH7M+1q2?(s*J~jOc|Sz#dg~59T~&KY2Lh>%F_uC9W-Fcg +z9fHL7FKfuQAJ;vV*(tjNK@XoGod*cX{SY`>+oGnOnh~yI6jM%6)9k^AYQ~HEXI@SO5aO9itU+U? +z5BWqm710t$ZnGqY1d!K3;po#Q29wuk3E +zQjU01=inp};D7ag9Isz_x$vcA%FWZrMJh%eE!?bzNXg3+9*lv}#1?!V;50B?wrK+2 +zZBJd2;KXb=Uml+0InDsA)cBc%JOdtf^|)bW#0s)7gI9f#H1MZZfrLD{%x{!Mgj?BQ +z&OC>P>uo6S_Z!6TM?DIwrhe9Z7bSoq#rwjV!Vb{&|$ycC1yjk5!L5BY)PQz8F5mS +z4>8Vrd?ilb%ENvGa0Af!$YWK!H^Z^}WTU~V?)>CSr`2g5kyU~u6U+)-mDh6dnk1mn +zKjmhLmV-+XNjbf9C`h(_ascyt1+DxIUq&+>+6_itVp9fvn3mltH{V9zabrS~tAGv= +z9Dx>H+&sg@#U0x{!KILy^;@G=CC29m<>`XQ)*S7TdZ_02N%v^4EC}RQMrUIEP+sdM +zl@G%0vE;S2TUFXDjrgsl_ds%73*0M?2!xiJiU}5faZTWJw^N1Kv9vX$M98DYBD*Z52r^_lfSW|>EhtHIO)vMBLrcz6_{{tG +zzH%snwuusKFD}0nkx8!O-izXEcS*+p)^!<4i5m8x`lPOu0Jg8gXTmlC{7aevE1BW^ +zoUqfF#I=)Zbg;v5k;W38s3|uh0GvKs^8t>|`~Jm~m9_ef#_um)Zr^h62@Vw7yfVF< +zOo|P@bX)+ZY9(eIkb;RZpOD{9*XwVWfuP3t$tTjCi^EDt)vOSN{D_mH3vDISp#KOEYs*9g& +z?4NVz%#Hmk>plhOUM}X^#D9+|{o;M`?YZ~6JwCp9ZXav?>HNydo1a-X?i610<7NGy +zq?^m_UmVNu_`Pn*`qO#=4|o%kw71Qkyj08PYlOn`iRG*1=f4a~eg5&g*d5;bGXA+f +zp_dM=Ul6uJH~!(dO@d2*-wj+7Jm0li%-tha}vo4;zdt}ArEuXlv|F2G*5wx>%gPO2J +zp8JX07rS-@8Es?BZs)srN#n(I_5)`&8!~8c<;|XaI?dTcsuQV~Q^@Dic=4pd)cbPxec)E^$tm}`bE^_wE}kwbu%tx2xvS-+#R0v} +zMRL=b_pedPw&(V$Ibr?QDfiFX{>!~ZtL~(*1$r^7_s(TM=iIf(?q&*klRY8DKvehlnfhs0x!a=e+OvKt +zDYFTYKDTm8{Ug55#vRAzRG(X&FZO9C*C`Xp;u~gDVp-a+EfaQL-&3+>&PA^uG;Mw5 +z&f-(?c~$qw)8od!R(XZ~Tg}s6)lX6j^yQk<)FT&bzl?Xm31H)E!XF=vlrs($s$yl^ +z99ho)IwewNhSvD9#IYU=D2~1!>+>%jzr1td%BP-1MSk|LcRAKJd`{oVFU#7`I7bM?!o=$W-;oSt$=) +z-C~gZsIt&5oM)cmyhS$`m7d$BzMJjPQMccFWsF|;J8TOGJ=|n$CR*u#p>ai%rLk+p +z=4j79Rb@}zdQIini%w0{-gA1r3A?D!kqJ-cWi7PsE!Ztw+03l>(}7 +W?Y + + + 6 + + + 8 + + + diff --git a/clamav-1.3.1.tar.gz b/clamav-1.3.1.tar.gz new file mode 100644 index 0000000..239cb2d --- /dev/null +++ b/clamav-1.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:12a3035bf26f55f71e3106a51a5fa8d7b744572df98a63920a9cff876a7dcce4 +size 54554712 diff --git a/clamav-1.3.1.tar.gz.sig b/clamav-1.3.1.tar.gz.sig new file mode 100644 index 0000000..2d6e108 --- /dev/null +++ b/clamav-1.3.1.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJmH9VrAAoJEMzg39Iewam/XfwP/ic9ZUe5KxhdFroBzjm4arRp ++/oMZ68d5sa5TVyDvCDOa1b+ttcV7KtUw6/h3itPKAJ4DHt9gq1qtFK9C5GSjIgI +jGCzwOzD0tPM56hPQQ5fo6md9fb5np1UQAG+tKmd02v1Yq80eQTimdpQr6TuHcI7 +PBg7ku7c3lfqmXgGbb+AsBQr/x+MJTN8QH2VUP3L6iUkl96iSaYN9FTr0VkjeU13 +Ir77fXd4jfcgpBdSJtLjBuCBpjyCSvw2x0Vp3TIjKi4FRGp5x0YkAdoQ/UDMh4+Y +u1gICsROL967/9gEr4d7zwBv5UNPDWO4HNUC5+uBurUfF1WCoF0WAqtuzNpdAYGE +2sMQc7HnRJKo6KchtU5kLZeAqgqL+k70VBTBjgqdi4YzvsX62SatJPHdRvkaf00H +LojUD7f0CpPFtkfftZ16SPAb65x3mtdFfYSXaIVKhWsTJoCFy/HnuXNWnW4W/HwX +RSQTFE3rUad/MEhJzfo8debwVWPAHf4RrNmkOkQ/co/NswUB+3rsZLpcj3ULEcqL +WDx8/lPDZsyvaosB4JIZLJaECq8TTUZswHsV/K7vdO/S994Ndc+QhXPF75lg33hu +eCIUF/6ZxMfKyeJre3KWeUmBKRMZZ4WJ6MEmSomL2BSYLSeRkvHY21v9InOK0w1f +VUaK04HxPJTun12AFAZk +=9gDC +-----END PGP SIGNATURE----- diff --git a/clamav-1.4.1.tar.gz b/clamav-1.4.1.tar.gz new file mode 100644 index 0000000..bba20bc --- /dev/null +++ b/clamav-1.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a318e780ac39a6b3d6c46971382f96edde97ce48b8e361eb80e63415ed416ad8 +size 50078871 diff --git a/clamav-1.4.1.tar.gz.sig b/clamav-1.4.1.tar.gz.sig new file mode 100644 index 0000000..70f22be --- /dev/null +++ b/clamav-1.4.1.tar.gz.sig @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIcBAABAgAGBQJm12IWAAoJEMzg39Iewam/rIQQAKv+zANPKfIta+VJRKkD0Wxa +LJGDBKKifqyM1HiR+YxGMUuElgmpRvozfZ7ifBGvz/IxjPmUag/BNfOl4JVsSAnL +WsOhUMSEYxLtpJUywFakI58O/yDSvYlpzfcks0nAIjfeQkhTz0vqqYlyEXR7aDCe +G/5yOGJtuwAiKclgLCTwqlevZ15ff+3z/UIJ9yAfqM9WPXPQA/lJk1Mp1FmIwVfw +T/0p8kJJj4Z8aH+jXqOXrKnw9L4Acig3axSneN8QcL5tNosMAQOxhkQuYc6g4V+h +vDX7N3G5UdPo6jpGoF8NmLu2VFGfWEymBzftMqYZ84Jli9t9RGN8UBEueGERjMsh +9/3NSAdxeDlR5ELB565a+x/pIOOjovERZdXs9UW8U8NXPeDnIuTTFnqip3e21OGY +WP3ioP85ixzLFDfZVTaLN97ym2+STiPt+KN7QBEUW0cP/wJFlEcXgRHyY3uQ/iET +grCTApBuNdOzzgm9lSka653AexhaFTAXtp4NJ5xXThQcFzJ+urDAc6LfPzyknHDx ++lfI5bMeW9I6E7CbkFOELqInzAk6uMZFxbp4Qte8so3GFdCTPtFVTbS4v+Ctx3oi +r6oIEFLzhbbNz8lX4JrmXTO1WLiy8uoS4xCEEpITAG9iDvPZ2N7iaTiBgI1B4jNN +W/t/iIUkO7udL0eyZBzF +=6wKd +-----END PGP SIGNATURE----- diff --git a/clamav-conf.patch b/clamav-conf.patch new file mode 100644 index 0000000..28112f4 --- /dev/null +++ b/clamav-conf.patch @@ -0,0 +1,183 @@ +--- etc/clamav-milter.conf.sample.orig ++++ etc/clamav-milter.conf.sample +@@ -1,11 +1,7 @@ + ## +-## Example config file for clamav-milter ++## config file for clamav-milter + ## + +-# Comment or remove the line below. +-Example +- +- + ## + ## Main options + ## +@@ -17,7 +13,7 @@ Example + # inet6:port@[hostname|ip-address] - to specify an ipv6 socket + # + # Default: no default +-#MilterSocket /run/clamav/clamav-milter.sock ++MilterSocket /run/clamav/clamav-milter.sock + #MilterSocket /tmp/clamav-milter.sock + #MilterSocket inet:7357 + +@@ -38,7 +34,7 @@ Example + # to work) + # + # Default: unset (don't drop privileges) +-#User clamav ++User vscan + + # Waiting for data from clamd will timeout after this time (seconds). + # Value of 0 disables the timeout. +@@ -65,7 +61,7 @@ Example + # also owned by root to keep other users from tampering with it. + # + # Default: disabled +-#PidFile /run/clamav/clamav-milter.pid ++PidFile /run/clamav/clamav-milter.pid + + # Optional path to the global temporary directory. + # Default: system specific (usually /tmp or /var/tmp). +@@ -93,7 +89,7 @@ Example + # + # Default: no default + #ClamdSocket tcp:scanner.mydomain:7357 +-#ClamdSocket unix:/run/clamav/clamd.sock ++ClamdSocket unix:/run/clamav/clamd.sock + + + ## +@@ -243,13 +239,13 @@ Example + # Use system logger (can work together with LogFile). + # + # Default: no +-#LogSyslog yes ++LogSyslog yes + + # Specify the type of syslog messages - please refer to 'man syslog' + # for facility names. + # + # Default: LOG_LOCAL6 +-#LogFacility LOG_MAIL ++LogFacility LOG_MAIL + + # Enable verbose logging. + # +--- etc/clamd.conf.sample.orig ++++ etc/clamd.conf.sample +@@ -1,12 +1,8 @@ + ## +-## Example config file for the Clam AV daemon ++## Config file for the Clam AV daemon + ## Please read the clamd.conf(5) manual before editing this file. + ## + +- +-# Comment or remove the line below. +-Example +- + # Uncomment this option to enable logging. + # LogFile must be writable for the user running daemon. + # A full path is required. +@@ -41,12 +37,12 @@ Example + + # Use system logger (can work together with LogFile). + # Default: no +-#LogSyslog yes ++LogSyslog yes + + # Specify the type of syslog messages - please refer to 'man syslog' + # for facility names. + # Default: LOG_LOCAL6 +-#LogFacility LOG_MAIL ++LogFacility LOG_MAIL + + # Enable verbose logging. + # Default: no +@@ -74,7 +70,7 @@ Example + # It is recommended that the directory where this file is stored is + # also owned by root to keep other users from tampering with it. + # Default: disabled +-#PidFile /run/clamav/clamd.pid ++PidFile /run/clamav/clamd.pid + + # Optional path to the global temporary directory. + # Default: system specific (usually /tmp or /var/tmp). +@@ -98,7 +94,7 @@ Example + + # Path to a local socket file the daemon will listen on. + # Default: disabled (must be specified by a user) +-#LocalSocket /run/clamav/clamd.sock ++LocalSocket /run/clamav/clamd.sock + #LocalSocket /tmp/clamd.sock + + # Sets the group ownership on the unix socket. +@@ -230,7 +226,7 @@ Example + + # Run as another user (clamd must be started by root for this option to work) + # Default: don't drop privileges +-#User clamav ++User vscan + + # Stop daemon when libclamav reports out of memory condition. + #ExitOnOOM yes +@@ -727,7 +723,7 @@ Example + # multiple OnAccessIncludePath directives but each directory must be added + # in a separate line. + # Default: disabled +-#OnAccessIncludePath /home ++OnAccessIncludePath /home + #OnAccessIncludePath /students + + # Set the exclude paths. All subdirectories are also excluded. +@@ -797,7 +793,7 @@ Example + # It has the same potential race condition limitations of the + # OnAccessExcludeUID option. + # Default: disabled +-#OnAccessExcludeUname clamav ++OnAccessExcludeUname vscan + + # Number of times the OnAccess client will retry a failed scan due to + # connection problems (or other issues). +--- etc/freshclam.conf.sample.orig ++++ etc/freshclam.conf.sample +@@ -1,12 +1,8 @@ + ## +-## Example config file for freshclam ++## Config file for freshclam + ## Please read the freshclam.conf(5) manual before editing this file. + ## + +- +-# Comment or remove the line below. +-Example +- + # Path to the database directory. + # WARNING: It must match clamd.conf's directive! + # WARNING: It must already exist, be an absolute path, be writeable by +@@ -54,12 +50,12 @@ Example + # It is recommended that the directory where this file is stored is + # also owned by root to keep other users from tampering with it. + # Default: disabled +-#PidFile /run/clamav/freshclam.pid ++PidFile /run/clamav/freshclam.pid + + # By default when started freshclam drops privileges and switches to the + # "clamav" user. This directive allows you to change the database owner. + # Default: clamav (may depend on installation options) +-#DatabaseOwner clamav ++DatabaseOwner vscan + + # Use DNS to verify virus database version. FreshClam uses DNS TXT records + # to verify database and software versions. With this directive you can change +@@ -150,7 +146,7 @@ DatabaseMirror database.clamav.net + + # Send the RELOAD command to clamd. + # Default: no +-#NotifyClamd /path/to/clamd.conf ++NotifyClamd /etc/clamd.conf + + # Run command after successful database update. + # Use EXIT_1 to return 1 after successful database update. diff --git a/clamav-document-maxsize.patch b/clamav-document-maxsize.patch new file mode 100644 index 0000000..f28a6c9 --- /dev/null +++ b/clamav-document-maxsize.patch @@ -0,0 +1,41 @@ +--- docs/man/clamscan.1.in.orig ++++ docs/man/clamscan.1.in +@@ -8,6 +8,18 @@ clamscan [options] [file/directory/\-] + .SH "DESCRIPTION" + .LP + clamscan is a command line anti\-virus scanner. ++.SH "NOTE" ++.LP ++If a file or an archive is larger than the default or configured size (see \-\-max\-filesize and \-\-max-scansize options) scanning will abort at the limit, and the file will be marked as "OK". ++.TP ++The archive scan limits are currently set to 25MB or 100MB respectively. ++.TP ++There are more options that limit scanning, please check all the \-\-max\-something options. ++.TP ++To report files that are exceeding these limits, you need to specify \-\-alert\-exceeds\-max=yes option. This will then report a "Heuristics.Limits.Exceeded FOUND" for such files. ++ ++.TP ++Please note that such a FOUND message does not imply infection, and your tooling should be able to handle this. + .SH "OPTIONS" + .LP + Most of the options are simple switches which enable or disable some features. Options marked with [=yes/no(*)] can be optionally followed by =yes/=no; if they get called without the boolean argument the scanner will assume 'yes'. The asterisk marks the default internal setting for a given option. +--- docs/man/clamdscan.1.in.orig ++++ docs/man/clamdscan.1.in +@@ -8,6 +8,17 @@ clamdscan [options] [file/directory] + .SH "DESCRIPTION" + .LP + clamdscan is a clamd client which may be used as a clamscan replacement. It accepts all the options implemented in clamscan but most of them will be ignored because its scanning abilities only depend on clamd. ++.SH "NOTE" ++.LP ++If a file or an archive is larger than the default or configured size (see MaxFileSize and MaxScanSize options in clamd.conf) scanning will abort at the limit, and the file will be marked as "OK". ++.TP ++The archive scan limits are currently set to 25MB or 100MB respectively. ++.TP ++There are more options that limit scanning, please check all the MaxSomething options in clamd.conf. ++.TP ++To report files that are exceeding these limits, you need to specify AlertExceedsMax TRUE in clamd.conf. This will then report a "Heuristics.Limits.Exceeded FOUND" for such files. ++.TP ++Please note that such a FOUND message does not imply infection, and your tooling should be able to handle this. + .SH "OPTIONS" + .LP + diff --git a/clamav-fips.patch b/clamav-fips.patch new file mode 100644 index 0000000..796abc4 --- /dev/null +++ b/clamav-fips.patch @@ -0,0 +1,12 @@ +--- libclamav/crypto.c.orig ++++ libclamav/crypto.c +@@ -145,6 +145,9 @@ int cl_initialize_crypto(void) + ERR_load_crypto_strings(); + #endif + ++ /* avoid fips issues */ ++ EVP_add_digest(EVP_md5()); ++ + return 0; + } + diff --git a/clamav-format.patch b/clamav-format.patch new file mode 100644 index 0000000..d882511 --- /dev/null +++ b/clamav-format.patch @@ -0,0 +1,165 @@ +--- clamdscan/client.c.orig ++++ clamdscan/client.c +@@ -239,14 +239,14 @@ int16_t ping_clamd(const struct optstruc + if (i + 1 < attempts) { + if (optget(opts, "wait")->enabled) { + if (interval == 1) +- logg(LOGG_DEBUG, "Could not connect, will try again in %lu second\n", interval); ++ logg(LOGG_DEBUG, "Could not connect, will try again in %" PRIu64 " second\n", interval); + else +- logg(LOGG_DEBUG, "Could not connect, will try again in %lu seconds\n", interval); ++ logg(LOGG_DEBUG, "Could not connect, will try again in %" PRIu64 " seconds\n", interval); + } else { + if (interval == 1) +- logg(LOGG_INFO, "Could not connect, will PING again in %lu second\n", interval); ++ logg(LOGG_INFO, "Could not connect, will PING again in %" PRIu64 " second\n", interval); + else +- logg(LOGG_INFO, "Could not connect, will PING again in %lu seconds\n", interval); ++ logg(LOGG_INFO, "Could not connect, will PING again in %" PRIu64 " seconds\n", interval); + } + sleep(interval); + } +--- clamonacc/client/client.c.orig ++++ clamonacc/client/client.c +@@ -254,14 +254,14 @@ int16_t onas_ping_clamd(struct onas_cont + if (i + 1 < attempts) { + if (optget((*ctx)->opts, "wait")->enabled) { + if (interval == 1) +- logg(LOGG_DEBUG, "Will try again in %lu second\n", interval); ++ logg(LOGG_DEBUG, "Will try again in %" PRIu64 " second\n", interval); + else +- logg(LOGG_DEBUG, "Will try again in %lu seconds\n", interval); ++ logg(LOGG_DEBUG, "Will try again in %" PRIu64 " seconds\n", interval); + } else { + if (interval == 1) +- logg(LOGG_INFO, "PINGing again in %lu second\n", interval); ++ logg(LOGG_INFO, "PINGing again in %" PRIu64 " second\n", interval); + else +- logg(LOGG_INFO, "PINGing again in %lu seconds\n", interval); ++ logg(LOGG_INFO, "PINGing again in %" PRIu64 " seconds\n", interval); + } + sleep(interval); + } +--- clamonacc/fanotif/fanotif.c.orig ++++ clamonacc/fanotif/fanotif.c +@@ -141,7 +141,7 @@ cl_error_t onas_setup_fanotif(struct ona + /* Load other options. */ + (*ctx)->sizelimit = optget((*ctx)->clamdopts, "OnAccessMaxFileSize")->numarg; + if ((*ctx)->sizelimit) { +- logg(LOGG_DEBUG, "ClamFanotif: max file size limited to %lu bytes\n", (*ctx)->sizelimit); ++ logg(LOGG_DEBUG, "ClamFanotif: max file size limited to %" PRIu64 " bytes\n", (*ctx)->sizelimit); + } else { + logg(LOGG_DEBUG, "ClamFanotif: file size limit disabled\n"); + } +--- libclamav/mew.c.orig ++++ libclamav/mew.c +@@ -787,7 +787,7 @@ int unmew11(char *src, uint32_t off, uin + } + if (((size_t)(src + off) < (size_t)(src)) || + ((size_t)(src + off) < (size_t)(off))) { +- cli_dbgmsg("MEW: Buffer pointer (%08zx) + offset (%08zx) exceeds max size of pointer (%08lx)\n", ++ cli_dbgmsg("MEW: Buffer pointer (%08zx) + offset (%08zx) exceeds max size of pointer (%08zx)\n", + (size_t)src, (size_t)off, SIZE_MAX); + return -1; + } +--- libclamav/pe.c.orig ++++ libclamav/pe.c +@@ -5117,12 +5117,12 @@ cl_error_t cli_peheader(fmap_t *map, str + + /* If a section is truncated, adjust its size value */ + if (!CLI_ISCONTAINED_0_TO(fsize, section->raw, section->rsz)) { +- cli_dbgmsg("cli_peheader: PE Section %zu raw+rsz extends past the end of the file by %lu bytes\n", section_pe_idx, (section->raw + section->rsz) - fsize); ++ cli_dbgmsg("cli_peheader: PE Section %zu raw+rsz extends past the end of the file by %zu bytes\n", section_pe_idx, (section->raw + section->rsz) - fsize); + section->rsz = fsize - section->raw; + } + + if (!CLI_ISCONTAINED_0_TO(fsize, section->uraw, section->ursz)) { +- cli_dbgmsg("cli_peheader: PE Section %zu uraw+ursz extends past the end of the file by %lu bytes\n", section_pe_idx, (section->uraw + section->ursz) - fsize); ++ cli_dbgmsg("cli_peheader: PE Section %zu uraw+ursz extends past the end of the file by %zu bytes\n", section_pe_idx, (section->uraw + section->ursz) - fsize); + section->ursz = fsize - section->uraw; + } + } +--- libfreshclam/libfreshclam_internal.c.orig ++++ libfreshclam/libfreshclam_internal.c +@@ -229,7 +229,7 @@ fc_error_t load_freshclam_dat(void) + if (-1 == lseek(handle, strlen(MIRRORS_DAT_MAGIC), SEEK_SET)) { + char error_message[260]; + cli_strerror(errno, error_message, 260); +- logg(LOGG_ERROR, "Can't seek to %lu, error: %s\n", strlen(MIRRORS_DAT_MAGIC), error_message); ++ logg(LOGG_ERROR, "Can't seek to %zu, error: %s\n", strlen(MIRRORS_DAT_MAGIC), error_message); + goto done; + } + +--- unit_tests/check_clamav.c.orig ++++ unit_tests/check_clamav.c +@@ -1925,7 +1925,7 @@ void diff_file_mem(int fd, const char *r + + ck_assert_msg(!!buf, "unable to malloc buffer: %zu", len); + p = read(fd, buf, len); +- ck_assert_msg(p == len, "file is smaller: %lu, expected: %lu", p, len); ++ ck_assert_msg(p == len, "file is smaller: %zu, expected: %zu", p, len); + p = 0; + while (len > 0) { + c1 = ref[p]; +@@ -1936,10 +1936,10 @@ void diff_file_mem(int fd, const char *r + len--; + } + if (len > 0) +- ck_assert_msg(c1 == c2, "file contents mismatch at byte: %lu, was: %c, expected: %c", p, c2, c1); ++ ck_assert_msg(c1 == c2, "file contents mismatch at byte: %zu, was: %c, expected: %c", p, c2, c1); + free(buf); + p = lseek(fd, 0, SEEK_END); +- ck_assert_msg(p == reflen, "trailing garbage, file size: %ld, expected: %ld", p, reflen); ++ ck_assert_msg(p == reflen, "trailing garbage, file size: %zd, expected: %zd", p, reflen); + close(fd); + } + +@@ -1955,7 +1955,7 @@ void diff_files(int fd, int ref_fd) + + ck_assert_msg(lseek(ref_fd, 0, SEEK_SET) == 0, "lseek failed"); + nread = read(ref_fd, ref, siz); +- ck_assert_msg(nread == siz, "short read, expected: %ld, was: %ld", siz, nread); ++ ck_assert_msg(nread == siz, "short read, expected: %ld, was: %zd", siz, nread); + close(ref_fd); + diff_file_mem(fd, ref, siz); + free(ref); +--- unit_tests/check_clamd.c.orig ++++ unit_tests/check_clamd.c +@@ -363,7 +363,7 @@ START_TEST(test_stats) + + recvdata = (char *)recvfull(sockd, &len); + +- ck_assert_msg(len > strlen(STATS_REPLY), "Reply has wrong size: %lu, minimum %lu, reply: %s\n", ++ ck_assert_msg(len > strlen(STATS_REPLY), "Reply has wrong size: %zu, minimum %zu, reply: %s\n", + len, strlen(STATS_REPLY), recvdata); + + if (len > strlen(STATS_REPLY)) +@@ -416,7 +416,7 @@ START_TEST(test_instream) + recvdata = (char *)recvfull(sockd, &len); + + expect_len = strlen(EXPECT_INSTREAM); +- ck_assert_msg(len == expect_len, "Reply has wrong size: %lu, expected %lu, reply: %s\n", ++ ck_assert_msg(len == expect_len, "Reply has wrong size: %zu, expected %zu, reply: %s\n", + len, expect_len, recvdata); + + rc = memcmp(recvdata, EXPECT_INSTREAM, expect_len); +@@ -494,7 +494,7 @@ static void tst_fildes(const char *cmd, + ck_assert_msg(sscanf(recvdata, "fd[%u]", &rc) == 1, "Reply doesn't contain fd: %s\n", recvdata); + + len -= p - recvdata; +- ck_assert_msg(len == expect_len, "Reply has wrong size: %lu, expected %lu, reply: %s, expected: %s\n", ++ ck_assert_msg(len == expect_len, "Reply has wrong size: %zu, expected %zu, reply: %s, expected: %s\n", + len, expect_len, p, expect); + + rc = memcmp(p, expect, expect_len); +--- libclamav/others_common.c.orig ++++ libclamav/others_common.c +@@ -362,7 +362,7 @@ char *cli_safer_strdup(const char *s) + } + + alloc = strdup(s); +- ++ + if (!alloc) { + perror("strdup_problem"); + cli_errmsg("cli_safer_strdup(): Can't allocate memory (%u bytes).\n", (unsigned int)strlen(s)); diff --git a/clamav-obsolete-config.patch b/clamav-obsolete-config.patch new file mode 100644 index 0000000..3349082 --- /dev/null +++ b/clamav-obsolete-config.patch @@ -0,0 +1,16 @@ +--- common/optparser.c.orig ++++ common/optparser.c +@@ -602,6 +602,13 @@ const struct clam_option __clam_options[ + {"MailFollowURLs", "mail-follow-urls", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", ""}, + {"AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER | OPT_DEPRECATED, "Initialize a supplementary group access (the process must be started by root).", "no"}, + {"ScanOnAccess", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD | OPT_DEPRECATED, "", ""}, ++ { "StatsHostID", "stats-host-id", 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, ++ { "StatsEnabled", "enable-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, ++ { "StatsPEDisabled", "disable-pe-stats", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_DEPRECATED, "", "" }, ++ { "StatsTimeout", "stats-timeout", 0, CLOPT_TYPE_NUMBER, MATCH_NUMBER, -1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN | OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, ++ { "SubmitDetectionStats", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, ++ { "DetectionStatsCountry", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, ++ { "DetectionStatsHostID", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_FRESHCLAM | OPT_DEPRECATED, "", "" }, + + /* Milter specific options */ + diff --git a/clamav-rpmlintrc b/clamav-rpmlintrc new file mode 100644 index 0000000..f538e42 --- /dev/null +++ b/clamav-rpmlintrc @@ -0,0 +1,4 @@ +addFilter("obsolete-not-provided") +addFilter("systemd-service-without-service_.* freshclam.service") +addFilter("missing-call-to-setgroups-before-setuid /usr/bin/clamscan") +addFilter("files-duplicated-waste") diff --git a/clamav-tmpfiles.conf b/clamav-tmpfiles.conf new file mode 100644 index 0000000..9004877 --- /dev/null +++ b/clamav-tmpfiles.conf @@ -0,0 +1,2 @@ +# clamav needs a directory in /run: +d /run/clamav 0755 vscan vscan - diff --git a/clamav.changes b/clamav.changes new file mode 100644 index 0000000..b857128 --- /dev/null +++ b/clamav.changes @@ -0,0 +1,2358 @@ +------------------------------------------------------------------- +Fri Jan 10 13:00:11 UTC 2025 - Reinhard Max + +- bsc#1232242: Start clamonacc with --fdpass to avoid errors due to + clamd not being able to access user files. + +------------------------------------------------------------------- +Wed Dec 18 16:00:45 UTC 2024 - Andreas Stieger + +- fix factory submission (clam.tcl, clamscan.log) + +------------------------------------------------------------------- +Tue Sep 10 13:05:08 UTC 2024 - Reinhard Max + +- New version 1.4.1: + * [CVE-2024-20506, bsc#1230162]: Changed the logging module to + disable following symlinks on Linux and Unix systems so as to + prevent an attacker with existing access to the 'clamd' or + 'freshclam' services from using a symlink to corrupt system + files. + * [CVE-2024-20505, bsc#1230161]: Fixed a possible out-of-bounds + read bug in the PDF file parser that could cause a + denial-of-service (DoS) condition. + * https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html + +- New version 1.4.0: + * Added support for extracting ALZ archives. + * Added support for extracting LHA/LZH archives. + * Added the ability to disable image fuzzy hashing, if needed. + For context, image fuzzy hashing is a detection mechanism + useful for identifying malware by matching images included with + the malware or phishing email/document. + * https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html + +------------------------------------------------------------------- +Wed Sep 4 19:29:48 UTC 2024 - Arjen de Korte + +- New version 1.3.2: + * CVE-2024-20506: Changed the logging module to disable following + symlinks on Linux and Unix systems so as to prevent an attacker + with existing access to the 'clamd' or 'freshclam' services from + using a symlink to corrupt system files. + * CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF + file parser that could cause a denial-of-service condition. + * Removed unused Python modules from freshclam tests including + deprecated 'cgi' module that is expected to cause test failures in + Python 3.13. + * Fix unit test caused by expiring signing certificate. + * Fixed a build issue on Windows with newer versions of Rust. Also + upgraded GitHub Actions imports to fix CI failures. + * Fixed an unaligned pointer dereference issue on select architectures. + * Fixes to Jenkins CI pipeline. +- Remove upstreamed 1305.patch + +------------------------------------------------------------------- +Mon Jul 29 07:03:44 UTC 2024 - Bernhard Wiedemann + +- Add upstream 1305.patch to fix tests (boo#1102840, https://github.com/Cisco-Talos/clamav/issues/1300) + +------------------------------------------------------------------- +Mon Apr 22 15:30:18 UTC 2024 - Reinhard Max + +- New Version: 1.3.1: + * CVE-2024-20380: Fixed a possible crash in the HTML file parser + that could cause a denial-of-service (DoS) condition. + * Updated select Rust dependencies to the latest versions. + * Fixed a bug causing some text to be truncated when converting + from UTF-16. + * Fixed assorted complaints identified by Coverity static + analysis. + * Fixed a bug causing CVDs downloaded by the DatabaseCustomURL + Freshclam config option to be pruned and then re-downloaded + with every update. + * Added the new 'valhalla' database name to the list of optional + databases in preparation for future work. + +------------------------------------------------------------------- +Fri Mar 15 13:52:57 UTC 2024 - Reinhard Max + +- New version: 1.3.0: + * Added support for extracting and scanning attachments found in + Microsoft OneNote section files. OneNote parsing will be + enabled by default, but may be optionally disabled. + * Added file type recognition for compiled Python (`.pyc`) files. + * Improved support for decrypting PDFs with empty passwords. + * Fixed a warning when scanning some HTML files. + * ClamOnAcc: Fixed an infinite loop when a watched directory + does not exist. + * ClamOnAcc: Fixed an infinite loop when a file has been deleted + before a scan. +- New version: 1.2.0: + * Added support for extracting Universal Disk Format (UDF) + partitions. + * Added an option to customize the size of ClamAV's clean file + cache. + * Raised the MaxScanSize limit so the total amount of data + scanned when scanning a file or archive may exceed 4 gigabytes. + * Added ability for Freshclam to use a client certificate PEM + file and a private key PEM file for authentication to a private + mirror. + * Fix an issue extracting files from ISO9660 partitions where the + files are listed in the plain ISO tree and there also exists an + empty Joliet tree. + * PID and socket are now located under /run/clamav/clamd.pid and + /run/clamav/clamd.sock . + * bsc#1211594: Fixed an issue where ClamAV does not abort the + signature load process after partially loading an invalid + signature. +- New version 1.1.0: + * https://blog.clamav.net/2023/05/clamav-110-released.html + * Added the ability to extract images embedded in HTML CSS +