From 15362e9536a98f84cb83ff6e48dae2855a9727d6ab69a9729679f2269a537de7 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Tue, 25 Feb 2025 13:25:11 +0100 Subject: [PATCH 01/55] Add scheduled workflow for devel branch Signed-off-by: Nicolas Belouin --- .gitea/workflows/trigger_devel.yaml | 30 +++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .gitea/workflows/trigger_devel.yaml diff --git a/.gitea/workflows/trigger_devel.yaml b/.gitea/workflows/trigger_devel.yaml new file mode 100644 index 0000000..2e391cf --- /dev/null +++ b/.gitea/workflows/trigger_devel.yaml @@ -0,0 +1,30 @@ +name: Trigger Devel Packages +on: + schedule: + - cron: "@daily" + +jobs: + sync-pr-project: + name: "Trigger source services for devel packages that changed" + runs-on: tumbleweed + steps: + - name: Setup OSC + run: | + mkdir -p ~/.config/osc + cat >~/.config/osc/oscrc <<'EOF' + [general] + apiurl = https://api.opensuse.org + + [https://api.opensuse.org] + user=${{ vars.OBS_USERNAME }} + pass=${{ secrets.OBS_PASSWORD }} + EOF + # Waiting on PR to get merged for support in upstream action/checkout action + - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256' + name: Checkout repository + with: + object-format: 'sha256' + ref: 'devel' + - name: "Trigger packages" + run: | + python3 .obs/trigger_package.py \ No newline at end of file -- 2.49.0 From 8d336f380b62b021088d4286e64c4c115e722e814f153e4ae1ed4f6df1175aa2 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 20 Feb 2025 09:43:51 +0000 Subject: [PATCH 02/55] rancher-turtles-airgap-resources-chart: Update to 0.16.0 Align with https://github.com/suse-edge/charts/pull/186 --- .../Chart.yaml | 8 +- .../templates/airgap-cm-core.yaml | 7 +- .../templates/airgap-cm-metal3.yaml | 1424 ++++++++--------- .../templates/airgap-cm-rke2-bootstrap.yaml | 46 +- .../airgap-cm-rke2-control-plane.yaml | 90 +- 5 files changed, 765 insertions(+), 810 deletions(-) diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index 4c1fe5f..fa60109 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,10 +1,10 @@ -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0 apiVersion: v2 -appVersion: 0.14.1 +appVersion: 0.16.0 description: Rancher Turtles utility chart for airgap scenarios home: https://github.com/rancher/turtles/ icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg name: rancher-turtles-airgap-resources type: application -version: "%%CHART_MAJOR%%.0.0+up0.14.1" +version: "%%CHART_MAJOR%%.0.0+up0.16.0" diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml index df17285..89fd11b 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml @@ -8,7 +8,7 @@ metadata: --- apiVersion: v1 binaryData: - components: H4sICJ1HT2cAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9+3rcRpInDP+vq8DDnllRPawiZdk9Y+32vC9blHu4rdNDUvbsa3ubYBWqiFUVUA2gSLH78/Psbezt7ZV8ccoDzoli8SA7s3fHVAHIQ2RmZERkxC/CVfx9lOVxmrwMrp4/+RQn05fBu3AZ5atwEj1ZRkU4DYvw5ZMgWIQX0SLHv4JgsljnRZSNP48+/Vs+jtP9VZZexdMoe6kejcJVzK+mSZGli9FqESbRS/XPBbyxDJNwHmXwVgINwiP4ZJTfwNfLJ6PR6Elo9Q3+jj4XUYL/ysfSqO7wK2gyXZ5EebrOJtFRNIuTuIA3S/0PkyQtQvxZDSLKCtUJrC5O/lc0KUaTcDTL0mWpP/v8d5Rdxcl8hB/aY8PBzKNk/Gl9EV2s48WU67vShD0YP/9mfLApDYU6/NtkEeZ5lI+rXz/JV9EEK4Y+qYapmbzIwiKa37wMfoguLtP0E/16zX/zK9iXOEqKV2kyi+fqN/gUxzuJzA+lmZIqRvJW5SVaP+U5NS+swuLyZbDPXS1UH3THT6KrOLqWuc9V8yNcoObPC5ha/Pc8S9erlzVqCt0UrZEEaRarf49qy1QWEv/6ColMPy/ivPhL7dEb+JUerxbrLFxUJ4fpfplmxTvTBWhywg9gCa0XYVb+Ch7lk3QVWbtvCr9dWUQYBeF0Sus6XHzI4gR7ky7Wy0S3MI3ySRavClp1Z/EyCqbQP/wntjqJgkkW8T/TWX2sQfC/8jT5QHMzVjtnrD7B6vIiXK6e2CvhcK4mvrjBzsMn/MM0WmURkh1IV2Rr/pG/uXoeLlaX4ddMjclltAzVHAMBksMPx9+/OC39HJRH9v8bWWvJHkYQ50EYwFoDZlNEwfVlPLmEuU+CiyhY59E0KFImQRTwvsdfVukincPKGD95YlV7ZPX/7BLqxfEF1/FigZVl0TK9gq9joGQSITWLyyhIgEXBo0UU4g7VlcG+XsEy14uPi8XdrF+7RooFicNfwYvA5qKcWpZlAj1ienKPoNcZDiOHva2nHaiRXiCjG1eqPoV9DNXgwl0vprIdcTyTdJ7Ef9d150hFbBRpnBcBLURYksFVuFhHe9DAtFLzMryBarDNYJ1Y9dEHebUfb9Msgkpn6cvgsihW+cv9/XlcKJ4/SZfLNXD3m31ivvHFukizfH8aXUWL/Tyej8JschkX0NY6i/aR+9BAEuL74+X0d5mcEnmpWV69wCthc1oPiCsMmB5kFbwIuSoeopkF/AlJd/L69CxQPeGZ4kkxr9boouYHqQnkiTL+Ds8qqjNKpqsUJoP+wQw9yNcXy7jAZfA3oHSBU1et9hWdi7RDVrh7p9UXjhN4ZxktXsGqvue5wlnJRzgJTrNln/bVl5m81gN1XrZMrc1WTuFVeXohGw7+FWe4JQpkJrL/7W/KlGpmAVhEhPhA0lHlWd9qo+mzvueVl0WwNiLk9rBPw2CRTmBvAq3WE1waYRFcpoupGkURxou8odpZmgUkjyBbUatW2gq4MXzFGnV1aXQNmiYrhLlPouNkloXcO1gETS+6UAHLW67wTHF/mz+qlYHMCder1SQt32xJ/LGlZhypzFNAYqzqfOXMsAudGbM4WhA/yNerFYgDeGLMqA9psrjBv2mvlqpWUqA+xloa0NM8DcILOIywGSFBcBHiYYftSMPQg6gg7gP8ZRFPwhp34dI9ZdJs2yPXicJyEs3Uav3bmnZSZdlOSKTXPLKjqnSGH06Dixv4TFGveXhuQ8TSdjp3jhgOZ3USK5Ygo6odtuXSws+qhZYTyWfufeqcBSzHM+4kHVdEelC1JlFJVIA9Als8nMqPyKFh4/CzPT6GejuPxYgWwHcSaAqOx3ga/PfT9+/2/5zKdgkncDjnzFmX0NQeLGIQ40DuEKZ7ik/GIMDFMzjTxlIb0P3Hr37upnMQfAdbOfoMUuwCJBXZf/rkVQswzmUNqppB7oNBYodX6VQGfE1DKcJPUIEMBU76RfyphYmZsoNHj9Xtf6BY/MtOsHt9CR0IdvCfO9wdLWvhb2pNmW4ROwfCz+e4A3qaJRkBT9dnARABxp6kVlXUAM4j9C2GiZjWugnUhT6WadLTJBzc0efgKxSTiWZAvWdjZo35DdTzGVucXKYg7zBHhNFehsDL8hR6cx0tFiPm4tPgGqSedNbTnppCXMowVyGIr10Sb7WcvT96/5J7ikttnmD3UDiCLsAZivy0qLB1XjqoVlyGyTzikcLZuMajZSubvi6CVsuw/U4i6iDu9GBiXrU4Uoy0zC1S7J21925BMbQOZUkEOhMSbZpOcqTXJFoV+T6c3xnaPPav0+wTmphwc4141eb7ZMjY/x39Z1sEYvvMlqlElT48qbAX+f42KKXEj+GyQC+9TpnRTqptIDNhw4Uo8NaptAynfGyFyc0D71mcj3WGPbsZKRMvMEj8O49BWIDftzEB63irzO/j8dHDL8/938GotrCRWxTbcvk8Mr0dLcPViL8KQbiOJ41fKYm8me4jJFzjk57uNCvnqjiqeEqNi6tq3Qq0Grbv0e+inmnF3FKS2+b7ECTANazvpdhjllZbyyhDWyFOpUhgsPLzVZpMUdLQb2pTjBgVbx6HelhVDDdV/WoXKI0vWSZqF0XLaaW7b/JD00fSL5NgnWhVfxp8im5EUIetAK2mmZrW0DbHgVSNVraLLrUTFGpUOfFWiqyfRZouSFynWmkWswiGBRw1CLOLuMjC7EavFZSCoS8hvAkd7mjmb+souwkvFlyjKFAXuA4ivHjB7l+C9LxMp/HsBlejsJoutlZhac0cbZ3jrRZwKmD/hqi3YUb25VdTeeCl8xZWBPALMdzCSsmJ5Gyk5kVRuUpIs3mIlmx6T10x/b1r0ezSHQ9PZbQAUj3T8wXtw/IICzj4+RGcx9gfMdiQ+d7cN3YdH1w7XcptdRnw/G2+AnpeaLUsuU3hlixKA6xJDhzTwYp0ewuSwz5wsBy5b5T7shg9rLXooS1FD2AlumcL0X1ah25hGbo/q5DDRu62Brnv4aFWoEdgAXKgTrflx506Qy0+92/tcSRGj5VnGEUGW3fu3bLjQBVni447be7SkvOIrTgOxO603rgTeKDV5t4tNr2U6BWNh1lp2i00zdaZjubjnuv3/kk6rtymN7ggKDF6lKudol20jENCQ9WWi0LdIaFyi6+rFqe6huqUw8Ia5I5sQcpyl4B/1vxqQFsZjT95jGq5qjVGSXGpPK0a6pMVbIaeovxRGcZkM2cKrzt53alUvO7kdSevO5WL15287jSAGF53qhavO3ndyetOuuCYYbVuojT9wJ9WnMq5Qjgf4WetV7RqBCBMFiy1T/BKaKICPPBz6nbeFQDTom6VuqCkoVs5eB9Fq0V6g+Jli6g/yLvbqo3HjgFa2FFpDeOO5IVAorEar+5aiYAlpMtdqNSmRvOuAQaxbFVhXHdpbWwczET3uzmK42FJa2TBrbmXlTlrbVKr0kCOda4c/M/tCIbzNj7h4kFNtO8S0Yf47TA5phEIjhERA0OxygMPJGpGiYsy/r3OeuloIdH87cfTM1oeSfy3dWQUkVJwGd/yJhz/pbwrOhuQzkgtVvRZqOPPanPfxZ3d3IJkqWyL+jqggvebHU4i6gorBmUupHrBjMyKO+xsq0YNdT1eDqEasEG5uDn9B8FFmhYYMLvq8+Ee5nYWBH9SFSuaMcfX7ZkNXrK8CMfqrV4fFlZ8p9DmrQ5V6a7ClURYOoNATBlKJCxbDAwxZWCIiClDiILFNWzElO0EkJji6FdpimNQSUuPHWcVy30Gmpjy8CEnpjy0WaxcHigMxZQHCEgx5b5DU0y5ZZCKKfcbrmLKYBbTH8JiyqbcZZOwFlMegYmuXAbTuD/oxZRNabxJIIwpDxMSY8pGJHUIkzHlNnTdKHTGlAcJojFlMG0HBdaYsimF7zrYxpRHbHQsl8FT1huKY8qm07RBeI4pDxKoY8pAejoF75gyPIzHlO6AHlPaQ3s26HafY0m5DF0wFaeTkk5d8ajwijUXr1h7xdor1l6x9op1b/GKtVW8Yu0V6+7iFWuvWHvFWhevWHvFuly2qlh342iYMnSpbIqtMciBgcvdQG10tzlE4XQCurBeH4hbYMrApb3J7r8/QAxT7gkaw5S7AMkw5S7gMkwZxK/6IDRMedSL8j6gNky5F9ANU1zhNyxybBeIw5QBa8vxVZcjb2TcmjrfKhtqO1516Ftfv0bBxMK5rz/tQVNyxDYJsyysi4mtHzc+qP3IHOxlMAsXOfcP2Wg4j0o/rS80sPnL4B+/PPnC0gWozAAqq8NmiQFulwvAmhs7K4D6zcP4exh/D+PvYfw9jL9dRB38jyhcFJevLqPJp+YjeFCUh1Wb5o9h00PuPNDLpl/DxJkyAHixNCePHJZ/GX7+mFwSZW46EPaSm/cdF8wj2WR4FMw7gkdGbjrCENTGm2C2zoDoGabWiaYxn3PIT3FCwsUivZZJAk00heNq56014h1jlWAxnq6kOxrcUdL+jtIzA6mqXWIvWYqARKM0GzEFrAxH9YKxCadFmBXrFcpE6brYSkxprVYmEqvZUSGmms/xcg3HCop2uFXqO6hL6qZLw5wWvd58cPILoWgyKuYZ7BVMWvIUepPn6STGg6iricssXc/R1nCOzHn8QTbZ8dE579F2AFUsiNBhJNao0HeOen/D0bUKM2O8mpPARxFj3RqMcMOnedWdBCqY3iBhWLQm2pKcG+wKCyFTQ3gFHBktEs+6m7FZMTUGtYYLEqu21YbM3F0PxTSjjXRafdA1d07nUTQL1wuSboLnB8EyTtZFtwp9PAtu0nVwHeeXFBgX52QE4jUAbcMo9/RuYBku+oyMNi744vngVoACFqs66w26GpIbpVZto0hgc8qeUwmLnGDsrFMDnjHOO907rrq7FsAOgZbpihXNPV4zs3ixiMinImo6to1JpaMtVs5w3El0reRqY/etuXXxyXoJ/wdNOLMSeUSyU0GiRdrRbmh1jyWtRYxxmMBjkRlaujCqcT7RjE8001Qeg0uSTzTjE80EPtGMTzTjE81g8YlmfKKZ1uITzdx7opnAGBNeKSW0Q1YegHlUr9aEiBjIGBFx1Bsk40yh+xlonl2KFEhPZKkKGXmEFCG2kyCYimqb3Bjs+kMKVFlekJSBMl5HE3j3hPbe9yewC8fRWLZiQ6/ZfYY1LdUd04fWJjpxa4ZRu4ne1v0HkInMQpad4UZu41mSFW+Tgs1YnQ0ZmZFAcZTtZxwEP6DWqeRX23ZyCW9eRFGiBKY56HJteV6lEZD61wxbgrpfBEoya5xiZ1P3Y92z362IOzlkcEf6hHxYrG+iZI63sM/7BHNXz46iz1A5tD588d7H4earwFTufKV/abJFvMvS6cJCu5wIuOj1dYJKwDZ45QDTO22v9RKYvAW4VbK4l+zquW1W7+gBqris9dJpSdoN1L/zsTTWHeCnoALn6NM1iaYkqOARGNj3AF277vV8HOz8+GL0DSiXI1YNl1Go+L499Ot4scCLVDV0ogOatboW0m74DPuP7m34/xXjeGEZzDXFdoH5dRlTdy8qddGNxzcNVbUbn8ICr/NfBv/zpx9/PBh9+/O/jPg/P/38T5ubPPtSvN1RSu9KtKdP7O0Te280RCze3urtrd7e6u2t3t6KxdtbH4OVxttbvb3V21srxdtbfWLvWvBhySWTj23tYNKY7bulvQYPz7MGhxLamXbmbBSqQW6ArcrQ69I7JeJAnS0N2i35DOQ+A7nPQO4zkNeKz0D+sBnI4RAHwp/CPgFCtrjRl2bzXekD5YFNGqMKtuA6lT22zayfq13ELrPybQvf7dJ5+3lof3oA9wWrz0zbJGunqoCBkZF1HiVRZgZmGz1KR3q/Os8HsDQ4pYOY7PUzIP5FOPmErZ7/4x/BWGUtobZ++WWEv2WwMOGA/OWX1twW0oQ9jqnakNHnSRRN8+APL3CKs3AC1eemB7At4b3lknfmN/9mvcTO1PBSR6vziPIp4CZOqFV1KHCf8/VsFn9Goi3oliz4pjPvmuk/ywe4JuN8qRYRz9QsxQVLNpVsvu5I0cLl98F5iarnL6mdkgVLHGP75xEr46FBNYdqlOFiBR2FrmSgPzHZ94gQdPGaXsPu33OjwW3vMvBy9wi4oIplbb0Oddst7+rV6U1zmV4Hi7S85xdkh4NVhXxjuSo47ws6W9NbdKPORkIjALc0fZlixGA4owwk5m0WbrNPsNJwh06lc2OYDB1TAZQ+4G6gIHGjXyL73wyDFaJFq75acefPI7yUbz0O3r0/e/2ShVIWj+SkQ7Uri6dT4I2gPC+E1bAdUIWsnXVigPSsBJroLIy3NstWXUqdKUB4galcpuuEPU9Yxpfpq055vopIAA+mmU6ugr1sD2kjqiCxhXbQ7MEeXW8yx5WGyGFB6Ep1C5eh6KHkhru1iJexiFrdc9U0WBABWflmTeQcj/NJseDWgtFIbtLPH+Mi+B6D42GTFrA/trQWGqq85ZK4DmPi6OSdAg+uqIU2kYiBbqfUPmqvzitFqtWLRWq4xWp5gEn1SZF9UuRS8UmRfVJknxS5XHxSZJ8UeQAxfFLkavFJkX1SZJ8UWZe+vB/9k1Tx9myKfFdi9ChXO8UYHTU0TkPVFlhOHRqn4j2qq25Ppaugc9Ygd2QLuvvoEvDPml8NaCvjXV4e4y2LqjVGSXGpML8a6kvLdkoiTS2uf8PkzV538rpTqXjdyetOXncqF687ed1pADG87lQtXnfyupPXnXRZoe9NkwDbPzsf+NOSI4ZUJ8ueQgmNNyUL4M2+QpbnnlIuyBEo7IBG5fIuLWBwqjM6kFKalZM3zaYcQor/oGjXelWt8emt6K7UqIUWSqOXsRtXzeYVYZHDXtglAjQNt0/pkEvyLn9F1413ZKqSQQI5F/gfmeb2Tbi1SSlX+PpzOEEYvTShc8juIAisr5VX4hIoi+3lUSuf6AEjKJGIhmHa2mzCuWw87Vzc4g0FI715X7eOstffHfWu/j1vnDWNp3LJZtCXRIC8AZXXlnIK7HOs3/p6w9ILWIGlRENNImuN4G9Mo23mi0lXd5W09f2qNLvYpRKgodNQuPCsvEfV7TycTs/3gnN07AQZ7pzUJvjXEk7fczootDu4S92DEoasHBOibkIttKlUd8Pl7UhF6x5xw+n406Y2cWHg3UamhbXV4mUobtio2ZIb3z7WsT+kdbR4JOk1T7sNxEB7hb2txSmXoWXOYYNFyVQmcwVzi/9i+Bi3xC+/J9MjLGZeIC8lBoAMAwfBrlT5jBoYBbvc3jMWLLhzQ5vRCxB+UOvvJRo6qNEoH1j3oIVIhp+7Wonfk1WplNqBftl0Lb6OCaCDq03lj+/QxSrOjY2VnIKmU/H8J9I6taHZSj7mVS9HOrRJDailx+5EGHYgbkI5quboBzRkLD9EbDgS92BQhDCCIUElLb96PiYWbRksQYljto2zu+fUzkU0CbFq40U14tiIS4INugwzVKqmJs0GEa6hH06t6cwikn8BTo7peqJwdlOaOII82l0nhEWMf5N96pkb2U6iWUnhvFxfjEHZtPSoEaiX+X51uPsXi/Rif3oQHbwIn3/9FfwxmU6/+frb5998+yL69uvnUfR8+oeLb6bfPp9ehH/YX32a70+y6f4nYDvJX8kINJ6nv3vz/OAPozfPn/eB8mApaU4qPmS0TqjKEY057wRLN+VKrfA73aK0hfw2tcvQzOz98QTlsmkKSxsKGwf157R082Vn9QkXk7VcBsqMuie7PCwf8sZOdBVmMUZBKXmbJNkxGd3NI5zSi3W8KOCZ/tW9cV5FlvN+xOpThINQV3xy8/I/Dt++wTVGvHHQIAcnKFUjuesp/l7aUVOs2rXnN8yHzqiuVfmd6l3jNqe4W2uTeke0HpCwzT35aNqVho1fQbG15yXnrvWjmGFRyuQApfhUPtEMO02USVdbqTTb7hlNTTPunlB3puiKL1QbnZUSbAZrjS4S9bBQlNAV96+9AavOLYV8qad0XdXYR6xsq70j+8OJTmw3rJ9vSx/Liiv1GGORHXYlrTO85y1UxKyxFPUPd9iB2p1IqnfMzty2FHZXJ40dvK1YoksMe7XwicY372gI4vBSK8TBhPKHizytPXFsphF5LtidksZKMclsdcIFyo3p3eQohPOivQC5Ogq78UO5lN1wxFC9wYQeN9VTnzBHOjVNa7mnd0ONZTVJNJns73J919JSc1LIvpWuvb6av48wiY5jD5i6eI8FC21co4CjWDhUHJerZteX6wHNzZzypjN/ams33KU0J/uuXQZLseajPtmk+r5zMnmZ5A+wL+5rgeu2Bi9t/eWtFzXW5JdzqfwKlrPzy26ayMg6c3texFO655WyYOigj/SMo38MI/sqr+Mtpdi0vuLQn755tRe5y73ykfkHu+VerpdhMsIEcKQZWy93ee6xY2CXUax3FUcJNjg9bsWadWWGr1VFPCAXaxAlLORbYqP+SYfad/ZxcQ+GoDOlturrUumXcnbVg1OmILphOkdT6vleQEbm6ziPFBhFa0MYzMtZ8rqGPCuTFw3buUoy0NxNYOoqsnjztSEuA7deGsr1QN/7JgYkqcemu23XBpfzDiZkgn5PylCVv1b3EM4JGo5aqzALV9Mh6WXB2okCNs+Ct5HqpJtZ0+k0E1CYaPhw/1z9sm2UPJLOsZZGqbrU71TjOEZB5+6GpB6IOuUsLAwRLE+lo3rTGKCyVRizVzvdeOe5geMzF2bdktH3jGCl+CXbUtAFvwrmrw32JebaDqvHpQyGpxfFqzSZxfP+KewRDcjcvtEy/b765baWqepSBeqvb6CdC6aXFl3+3DWp2+kKrRe/oV0mG1F3Gh50DqNdrtJcbRPny+8rEkFeuVzQN8S4gya0KtfNwR/iHKXMPGpq2WTFBsiEJRt4s5VHuTlPtjAE26dSX50YDyp9J6MH1VhLaaCdw+odTf8h2o1A6s4HW1FIyfmn/+rnuIbPR9e8mr0HjNEJIsRlPMeL4gX6hmvcxtZ6w8ZJ6crUe4TplxBKbPqyAvQ51U84ZUYezFMJHbtAuzb64OgJS4BD2RcPwQfMakLDC/7TUCuhS8hT8qXAIyxX/hu3kYqcsD4fyeE5CPOzCcdRI3b2KNrtaJ6dH9pInwbP89YnYx+c5iOZnfuA1WwE1hwgKjuYA7Z9NPfxs96Z6LOZuM7RiXKMUcGMudJ6ryyHANVan+5GRgq+1NWhmLoe8v+6vkwXCj2a3TbbLR7pasRMWqJNy1Kp+I8xLHSUI1NlJyfcbL22pj3rXuwiskI5Y8onZzfQOUVd1zD8vdMMMf8uiTDiHue4YFy4OryR4E33i9POjtU617PF35erbRmEJb1cxaH6KLh60Vm3muMzUxeZnPL1BfpYCXHkiUgznRX+RfvIBa9OjjqZg6u5fDifHX7tcNjQhrVly6QW5krB13jo7TLbJXfe6/BGBZznDrevjB/3KpS4Y3FtQw6BjpSYp84pB4yqqHEYGAS4LtagYCGeNmImxFeSmdK85dqCJXCt8XLlgzhCfmQ/yO+EQwD/4dUKB0Te79iqnFpBeltn1D3RAsWoi0f7Ks0JQ6Kvp1vy0xSD37YXmgCHKim8DFjoyItMMctHVo6CTmQP1/uiVK/BvunVIYb7XkIQ5QiE0Y10zjdSUbLu9dIdugZeQ51qAah8vez3KJzlnteB433e1hygXW/2BBRjEPlf8zeiqUgNAjszYH1saaya3b4NP8fLO1hJlfrrUqZ6AGPXndnCsRQnoDdgjFsmWVPdNpyLU42hWZzcLc24/gaayYMvh2acC3TblPqOapWtZARKaU245ziQo19+ZkEonidppz5jtWFlLTeZWlRlKzbK5BFQYlf4omASlIJaRvAv2qSZhjW6jp4iRhShDuCFF8xjMu9KTculMxilrVEOR1mGaMiiYBPzxEgy+zKo8bzdHKZK72oS6m/rnBseguqwgI6xUmt/if7IeDgOcbFYegkxqJ7fjPi6DD8f38WUvpV6tRk5/KwSFljTupHocpv5FQaIPPYPXzvtCeHGfUSUtO3bpyJX3EJGZc/bIhnd+MWd0fHuVPe3duUWPekINxj0EcLW2Fo7QyTq7xL3jKtbU9vvjNp3ITdZkqRNYd71NdlmwNJFj5yqHItcOlzk0V7NVMqKEpCas9RhVCABzyV72Hj0tzUlC1PfiVYt1W7cF2S3vV3BHUaeNaZPG/Zi+6LkHa20OLmbQ0bq1WsNduev95CJkzs6ZFTFLWT8tR0ycXKHh4xduUXP3+4hczfKuaV62xTe8iFjGnE7ZOaYuM7lmOGKN+7NsGPG7tWG/fhSDhrJMLjt1faBq1WrLYN+fFaIclXuyA6xSzfUhPvW3t0jTwaTqOk6rKTH3zM7UxW5XXA1XYh5W0GluEbbD107Db4PvLka1o9EHve5QaiypcXkePMxIH7J9W6D3tsyvc9k7OQ4i38Pvkf63r6Fghl5qYHUaUR7Om2lMO09dRDD+SB26q3xtHUS/20d3Yl+8dFUXbb+x6x1JEbHUGEQ3Jv70jTcLf9OLGDL5PvPFk7IGYIlKkBtcsHTl0PUMTzPoLpa+XCVX5KuzDivIF1nMwqElGY1e13c9PNkTH67olkSRydLZmc8o7pXRZiVvZocPJpU2XB2zTkxbEb/83vzoTy5IHfn0t1zWyKOcsnW5POdxSA4Jdr1+fUbICEuPrp3WYTJfB3OezeLI/NtijqAv0/W2kXgQpy3nUfB49jSMIbG/TpkyGgdvnMA9XeqEQThwt2aFJIWmeSZFT8p1lmiknOLAqEkkRnmkXENCT4uNJ/ErCiYmBnkGoVHehnsIk6j5Hwmrqo8ip8F5FiqY24W6cSCAIVd3bYBrPCS0tYT3LEZOeKzBwAscs2OXAcUjedjJotFEmhg8innSEsdbw4aBKGhR8H5LE3POQeOKP/n0Onibbg63zOkpzmZqABNgsxLg/OxvDnGOlyJPqvOmXSwuE5pa+c8KYRHyMeX6W3e16WI0d5EgsDqXjJVuK9v4AfnjgIHTyOJtOQLXmY9Khc2AWIOWGtSCabsiKHTBjgW+t0+9+YmeIyog/zWjwKke6l7BsvJ+DD+vNuB667jnfYlE/A+BlHjgt9/Rh4nSwUP7wwoYxOExGPaLXGJdm64tVjwbp2HThlVJKiFk6aI4BMuSuneUTE5//GpPEKH6qc/n1tk1QwEKxy0mcghqbRXxi++/qdzdGaOwkzEBFoV53p9uW0bfPXHp1IhdNepVwMRCZZwJsBRcKeQF9xElV9LyxiiulqEN4pb1zg1efCql21ARvFpoeNSzb1jlwiB/SKLwk+V+omv4JJUGZPsN93ZF0GG7pWGCT3fwQFhUi3o8cvgH9jxX3YGrbUdcxh9PHnD5w42gsniDeo3BbXjTzt3uGJea3niHtaOaQzqmSxAQkW5qCLWUEhIKdC+4eRHgCk1JfQBraiyuIA/4aIaJCmcxhgOWyMO1q8QEMNqD/bQ8NkAFelmQ1MF1ttFCgtBDQsFhXo/UKqX/ccptHCIexyaWH9bRTewY/wgQZqL7F3oW71y+O96UQhnzNYJpSSPsizN9vqmDJEsBKjXsSOhdn6rd4Q5/jXGNdOObelvaU3h6btcFTfaYKDtqbQbSTfmHDt7jEE5CByGw5rUQWYxH5mpHvLQtBEim41oPIgEjh2t10QozZxJDsmELroKxNYC2BB7NKy9/2pA0qfxzM4GRwZr3JLEmlx79NrNp1aVnc9asl9Qn/GuAZ1Vdnf+hadsN48WszH89Oxfdp7dCSuFmc3d+Sd77bMCRKH5xwkthTtkvyfUQZXDMSfpn7CjjC97w2rkYdXZq3BkCojPmNlyqkmQdZhhKFdmXSUuFNcFgOe48Yk0DpfcHbH67dTIt7Nn/wiS5UU8nUZJ+Wdl8C3/erReLRDNP3I+xTHiTMGyqAgJQVRv6JlrrYew2TgxHlp0rCFrcWGCZiAGN58sYpLBiP44jZwoJBaEXo7uFsdXVY8B3inoao54Sq2/bt11iTvgMtpwrdvf6fkc/KWa8sEf6lVxJyxj7criSjt+h6TkigRuyU79SBamaBAhORZpVYEsNv4pyVow7+dpOl9E+5NoQbl/f0rOerBBTKGO471ihzklarWmuArXzTaXMXU0OMeD4FyfYo51NtveYCQX6TrRA+FhOVbJENo/JceW5lMijbl06skbahdj5GPxiw9xSmpsW4tnvYAuplg3XyxgcGw1Uu+nBIM4iaRjeuZqbAmTqbLx0SKeaGhwsg4BAahiEEN2TeXPzolcztJXP1EbbeaO9bO1kExoz+p5C+DXnxKKtdQT4LouFEV/hDr+Et38fL5HZjoRJBG3tEKrIRVznYRFSfuAUX8X2iVo0MpoGCS1gtsEZIss5Xvn2TqZDNnAKmExryvo3e54PJbJb5hW1/WQ6usy3hoRp/bWcWxsxbrlnMU/K5qi3H5jkeGnRNNhC8sY/g5Bdd5T/EyxIndiMMPCSjQrEqk7f/lTMuJGB1OY3clmssnyl8E/ftrBY+6nnZfBTzs0oXCGrNIEKf/j0x/i6Twqnv48XmVxmsWFG4ZmEPy34PnBTzu/VPrJPVD3RXL56wwBWu8p3zDTCqQ/92SP//sfHas8CP7Lf5FvsMcHz9r6PEiv5LRJDf2lbFf5D8DYdp/iEfqU28P/yR2oYwuEKaOuaenasJIsPqcl73Kr63rAsvHYYiTQKPCRnxJz3uZ8h+p8ZE8W66ksZh38RWeODTuiTSk4UseqYV/LIcKiRc6HiQs5YJe56mvvuQnr2NYI+OrHG+mAO5HZmeWnHaUUoMT60844OKz/6F6pdYutb8FDJDzK0ofqzmuAFJOk7IiAnHSLi0wM8uhpJH1T/hOGsuxbsR2y6kaUyIGtDOD7jTf6Bv+i0qhrxdI1/B+lMNJrifCV1WmIHpKONZ7/GI7+fjj6//46Hu3/LH8fjL6lf/7+vHKiwgY4HHq8VnqIFYI+FCL3hIrTbCroWe6SyyxFLxD8TFwFyH5B/TJuEobzvHTftU//+ten0juyncG/6bIVuD1UBg+RHT0d63fcz1aoaZoWqoZRtZVpmF/yQ9ee7leryBe6DuW4KDQfYvGMBLmV80ywNHjy+vT1yfevjxD66RomTBoeNPh/yLe/QA/5okd+YGsQrOcigN1Au3vHLUsdvk++1fAB/JmsFwv+K074v2HO/yW77ZBaMWF4wd+i4B4na2kj0q3BDhvUT5EepYMz+K8acrxE6xg/WETFkFoXabriD1fh5FM4V5RQyeX5n2z1g3OiJCO6NhKIwCNMADZdWN7S03KLmwtsf/2rruavfw3+PWAZEZjwEPtEZzc/j/Cn2/Txs9qqWNGd9DGLprADoZnbdFNVUmJeU91f/J+zDnOOdZ8DQ/gU0QWaOmPO08X0tGSOgePX/dCFZb+IJzHymvCn5LzIwiSPtaUZ9UX8359cdQox4e61di3XlyADjlqtyKr+nJW7SZkQpGlX44mVRj7lJITBxw9Hh2evlQE+V2ilPyX5p3jlrsLF7OusZGTxZZCsmjNUMMd3cHni6tmN0hTSrPe1AUkW3PM3lARRVDJHoOuOEFSrP/+bQ6/r1XPXoJEe58s+7FVVBjvQuoGx8s2ojb1Hon7Jo9Yh1ugWwK19tQ/xfHTEPNWvb4D6xmXgXcEmd373hImqysbYqKoMx0hVZVBWlX7MVFUe9ezeD6aqKptiq6oymCX3vupyaoyoso4XHNrqa2dURdRsea+nqY2g1kf6s8aHrWaMDSHaJenUJgDtP/Cnli88nihcIex3dEhg+DMQOhhpu2lVHTPOE8glC1yDcmmInzOGXBnnXeefoXvuJjJUuyCCaWsPuk+SeoK55jXjtttr6e+YiWv7trSGcOLyAmfUatn8rUTAEgaCo2pTo3lbd8ZDOMO8t6UGzK7YsSgs5RJio2JzLytz1tok+b2gMSeaMsYWy/k2rPv5bWB1J33Z5obweCbHNIKDkDx1VJycNXDtACjWKhl/t+pPriHkZv324+mZiRgzEptNDzknEoalV4nsOhuopRmQdUc3Q0k4B+LX5v7WGV7EV+koXYaxe2qQnin4zq5UScDKK2rKv/JNLw3HgEhPxKsm7gkyfKsjtYE4n/hSFissNZyTbEZy2FRlUJWZdgoetWKERaOTDNxXUZaRLw2yTJVegg0KMnnjM5UjQm0XqKR54956BoWI/xGFi+LyFV5rO0/j29qnVqqM+sNOamkAzuHDdNUxluHnj8kl9eemN5F1cvO+NUubKqMBAAXmbSfJdDA8dXITzNYZheRk0TKaxjpenOwUFHrJPshwPi3Rz33nrUWPHbOZWMYkd6TeZndUvr8drTxIhYMi04GAozQbMWUc4tGRCZ/ijet6dRYvo3S9dWTLd7UWVPQq6mZ4mWUhXJHjNS7ggWseC7LplBDvM7Np4GgQMnIwWTnFE/YNJjZ5Cn3K83QSI8/rb+gyS9dzZHjnpxjY8IGdUbPjo3MV+taeUUUVNP1P1xJMRXHL4uivM6ygi0GYGQ8zxiAhscnFxiQM8GleSSFNHpY3SCpWC4nmeREuV8EuWc4k6iC8AhaOmlE/jOdIZQEPKNc2NQl1hwvQy6Zbbknm9X6GZRrTViM6GEv1O0y2IJHTkn9+gFA7GBfohF1zk67hUM4vJXce2ap4nUA/YNx7eg/x0Rh91vZk+OJgaxABFis8E6F2+xgWtSZYWTA5M8nPxObKSsDurVw8xsk1lPCNSotHnmZuO7e6SxfAetGCvWIzyx6vtFmMadb2BBq6dr5LdvpF72kXiDCWk4HyWt3Dz7J0yfATilZWmmZc7pfwf1CxmJUIpl37mD12ZItSJbS6ykrZIkYFBzg5pReBGpWkfPjheKtmTJ0xysVeVVpuBJ8s4MQyZCGPU0DJIMvXoCjzTYxkxzPufCYuAmGwiqNJVAZ1kVRZ8iOMM84iDSlCHGOAf5a416uYQ4n4pzDz/T+nsvoltgaYYEFOiHva6REGieacU3wyBpUpngGrHEttMCs/fvWzmzEVw2oFWH5PhQzJeA1TiDm+J9D1G0VwlersODQgShaZyoDWGGz9ydF5fYdiGM0Q/oEK6C87wS573dDV7w53Skf6JVaWJNM52kIwFXMQdB3vtMiR4wpI/AzvKRA7I7UqpGbi3ILIqHYW6A09LdPHqWGOjv5KCydAz2cCApLfQG2fiQVepqDDs3QMI6cg+DzFKOhosRgpX6rr8KYrJ7Rd1NTK1TDIjgPxr7CcvT96L1mccDnONeITdCdcSNomm5Pna15YKEcC75xHSpflQJatsw3MTn5XHOMvUPcmfA8UehVIXwqbGAsOPJx2yzXIdjf7dCZghHma5ftTvMbaByKPwgzOlSKiUxWB2UfwHi5c8nxcTn9HBs4RDt3FHWcQPbuSl9llE3ra+c5uTc8GfAOgEsZD5fto0riKo+t9NJLBqEe4VUfiiLxPjiH7v3P1ZhpMPnI6uUsaUgOPhZAUE7u/bToq7+JNJRdHap4qVJRKe8i++P6Aw8btU3IZTvkYDRMHFH8sd8wNcLYoPnJyMxIhcwSMeUR6PIgz8Pu2p2cd3xnT/Xh89FiW9v7vYJxbZhEDLj9LJil0MJHbuCJdxpPOb7W55pVS5O8Aka7WhAlwNzdTIrSpN0hqm8KAMtDe+9VNkArJghjyNQcpimybwpsb1QP2ALVaQdMf7KoLhcHW7729SOfxBOSZ9yewszGYi7d3wwhismKwPqo6ZXrS09AmAGJO26Y+G3ZQaMgmOsuqozzqWX7n+DeyxYA66tCckZHpfk5Z4MZB8INCM2APRNMkwghcRAa7bA7ar4vbKOpF61zQeALMrcN2GulsINE4PSvExbAxwKmDO+Wm8hi09OC5m5oyzF+kcDM4b1a3A+Ynl7sd5RCvQJ4bhxddl3uv4wiXO3A01Ov3BBWprWcQdb+ioQ0tuKmzxpuZ0s1Lbl+89PYjzpWlgc580hmhlZ2PpdHvAJcnp2FMmB5NSRjDIzywb4369/lrRFv68cXoG1DlR6yCL6NQnUw2GdQdriID0QRNkv2LcDekMGD0l8P/r9jWC+saRdNwF9hwvxF996JSI92YfdNQYZ/hUHDJg//5048/Hoy+/flfRvyfn37+p+0YuZ32AbCLE7xpOI3whNiar4RCpjdrNecG6PxQOOlJdA1Tqe7mlQ2XjXWd1V/I/Uj3MrOvKQ6CXVW/9gkw55O+RcEtk6doUcv73N5JG4E+dK+Zh7/rt2D1X3zVu1z6bqxBmoC+nBYZeip2XpZXE6xbn6kbU7JLKa8frlnti252nCssMb6+khoGObG4yhnFHd0O6SshOye37V+FMRm4WeZRQiCVhkza4lAbsLNFUWByxJhJMGm0LWYwMxfh5BNhJP7jH8FYed1Rs7/8MsLfai5140JW6jvrLTg/pukS/tXqwVXqjj38qXKgRXTlCJjGH16UsCZVbwkuJ14u+VL5m3+zXuIbUnipt+15RIBg6HqbUNsihEv/8/VsFhOipuS/+aZ/OGdmLDiKZYQLPc6XBueJozlVvGOYzdcdrol2+X1wXpqT85fUWsk0P8AVSVXJg4XKDtW4w8UKOi2oogqKDUlDsj4cxAvEXxtCFWyne+k0DKa+xNUHwa7ik3Q7oH4eiz9svan8x5+JZL251bd5vqIydAQCGd0C9ysIQ7jIu3rVmplcptegSgvLsO47Gb+uwMVZsBMnXvbSW6SZ8mWOoXtnBxABE9HTC8F3VT4qZJrLPnEqVm6CdNJD4yECs3vAncEAhRv9Et3Q4EGIN9Dup/vzAyVf/Co872jRZGF8JyvGqldnfEgLvELSuajIbUkvheryge2WkN/jFKtiImGPu0lPDkKllPXQ+MEeCf1MT2mOzAcyL9SCsGTytAJNiTq3iJexRNG4zHjTwBUmorgenAsSM7cZjEailXajJ31BC+r7dAHc/CgqoIk7WFcN1d9yeV2HMUNwS0L6K2qhW68qCJhzSr2IpmP3VSeV64UnNdx65T36pZEPFeV71gJTXJ/Wqnol0RIgOAhGk8hgrFve2j33+OQvlPS5mj085V2VC8vMcYfeZ2qLSay0mpHU8qSCoQ62YDBiHEoadjUaUl+DWqaTyTrDo1+pMIt4Fk1uJgst5MF6gT0fwnIRUp9GxVYDSDGldfLdIp5fOplnnXy8sQzz87a/uOMoRD1cc8fDQuESGRmcbzN+ai1APV+XCKyfBMIYCV8YOZ+LLyEWe+GRqY7ry1WkhJliA69ORjSBloU+cUzQHu9Sp0bTxTTK7NUT7K5zTuumQnJkAeJRgwzdrNNnaMojn2kxMBKP4kE4j/pdWsCsHieiri+CXZRkcVlHfOjZlH6212SAJIPi4jq8cUN2EXQ28kmWsSF0HMbBXCf2NiTjrGqNuafbmOxlJCxU0JrCAHRiaNek8AoDaHACY3VKe4NFwUlboPBxrhr46uCf96qrxRIUWG3Jtf0VXnd1xmJ+Q/58dBLFk9CZIDa4cMVQT2KBxMiDrGKsyoQAyJZ51Vy/lRkLp4NhvFBKimNIgQ7cFLjVZ+RS5VYxFQNuVHB6oNKPq+ld+FNz5cGaasflMIvRXpiFy3zMKRYJen+BsRG9tdUOdWWcpFR4f1St8VC2eRbx2v2QwlLoDTbi94cfAEdWGyUD44p/IgMqrMg2C0sQI9uKZzcSzmksBbRZkcMgr3HOoVBNDhjsnJCVaS/YeRddR3mBsN/vgYe7ptSg2+0kNTI9opEj+MqebHAW+Ut0oDTqmptI2giH1lzxtEcBD8rpVR6206tMl+06v5BIdLrO3BLTfOny0JkVktVwe2pHZmN0/nSNSWTCCzg4neHr1JFSr955hxhFBTFxL3LQSAt927sbfX4ZfPOsetS6nnqqe+ZcwvqeH/xzrzGUCylT2DuBHTrAy2i68DVXZ6hZu9V2WBkc1b2YrNn2T+YYa4h4cuIhyrzfrYWScXAL8sgLJY+gBmrLJGrVgODl5vu+XgV0Y4HCpdxj83V7+XRj2FgJQdBWCrKkODVj1iECR6Gihj3X0z9NaSb5fiV4/oLkJ7VK3PxM1PIO3pMHwMJaXOQyTz5GnyRoqE42p0Y0aZFs4iKxBww5V8ok0oWsSw3bOlsniWuASGhZeCxNVSYjNpJmhVSDdvktpTCJU9YbznPuMqaGxYpqU3jXTHijrTOUCW/ONlFgux2jJ1lhAIsv+V5skwEjo7kVAyb1GGr81+aN7MKdndphDi7sscR8QxXeu7el0WjOyFfKLNuLgI6cs35wGSbqqDTbB1DTTrQ8aArOTRW7QtS28Vv21WqZpsek9d5ZQnYat74pxyxENLmWHlXSUumYf5+w0uPmpaAUJaD4IIXXRScalavsfVv1/B5v512cewZdfpTivDGHziLgqGzlks+3DWWoLNULdo7TEfk9on2b809uHM65MWcUKS6utoyLNC3wLmG17aX/J1WxCWNA3qDba4gQl3s/J4VeI5oZOivavHVkLkPMPZix6Y6Eo5NopgAFJGNrBVmgkiDCzZJOt+KMK2DhCPR/OMxxf2g0PJZtRsRjGSi/Ds6/vmlSwIeIkMfyWKLksTyeSHksDxotj+XBIuaxPEzUPJatRM5jeYjoeSyDWYxrFD2WTbnL5tH0WB5VRD2WwTR2jazHsimNN4+wx/KQUfZYNiKpc7Q9ltvQ9RZR91geMPIey2DabhCBj2VTCt9PJD6WLyIaH8vgKXOMysey6TRtHJ2P5QEj9LFsEvzqCiR/m2h99/hWxPjuE2Ocu10Gb9u2On1choYr6dQV2DivWHPxirVXrL1i7RVrr1j3Fq9YW8Ur1l6x7i5esfaKtVesdfGKtVesy2WrivVdJWFszcGoMoCKpFq/omd5yEpQ0wZz0L/kDgv0cJRY2tiC9Ke/s7lCsmAx2U4Tod80mOsKPGGL+vlvNmmjJAZSMCLC7FlBWYKYfuHoPxYVaCuIPiMcTihZNUsJIDuTO5YSNzo1qJM7ckJB1lkvJKdVdqUgd5bpNJ7dUKgn86mNQEGbGeMaGhrNgeHBuWNIvm1O5nNNbifXpJp/6InKLK+w53IOeaR4NzsEeQEij5sRi9qBw3HiGkExdIHxKtju2tpqlkzt8NT5VtmE2/HqVrJqUkK91qc92Ut6e9AHxzg023NXf4eldpbz+gPy4C3kj6R6mjNHruDRF5czEsfjmC2Sxre1dJFfWKrI0iR/4bkicc63myVya+SvZGsUKV3ttHK+yNyWv3FMluQTFoICU6S/3rSReu92te6Alz3IL7sbcvcRgpKuzMrobOM3j0zqtJx+c5ikfczyV4RGSjz0PnFIibYegbQ8nx6BtKWdtkXTjj1KC3og6igJ+B5v9H7wRmmCfnOgo04HrYcb9XCj972UPNDorwJodHuL4lcQZcsGu5YA2yaTlo+wLTsCW+d1rqwjjroRFu8Y3FC8Y3BPj71jsHcM9o7B3jG4s3jHYO8Y7B2D24t3DPaOwd4xOPCOwe3li3MM/hVH3HrFWhevWLcXr1h7xdor1l6x9oq1V6x7ilesu4tXrL1i7RXrwCvWXrF+LBG3Lpqvj6DVxUfQ+ghaH0HrI2h9BK2PoHXv75AI2taOtzxAm9y60qfSDrfDHE/p5VLoSnohDJeMe0q6tD8qb4n2YxkdvOOWM7jcI/2i7onKaDy0N1haI+6aG9VtkkUJm9M3AtrbkwzNnRZ0nTWYPCpb8sD0iTAwnuIsC0EzUZECt40yfoOJgEROi8yMBIVuReW/gr9k7ZA5FQ7Ayy6TPxv+9Dmt0z1R7t0FHdGmNTaeTcccKxQWyu72KUmvE0pOlWg3Wk6ZTRW2No5v4YywoU5qJ+FogroKyhFtPVfxc5hXhzzHO/lFxxkK6k4eticBdZ2gw+ByvYSVh2GHJP9IvWhvpfMLc5CBXBWD/BVeoJszkUhPX88MMYVY8gswlKRVzO4dMPQwbzc8uI73jFRVrMncwal18jSnHWCNDu2tr0CzXLwK8w5zK1aaK4sFLgwc8OQyTXNaSLiS0WKOS65s4LXDRYP5OoSGC0zrCHU4E1bSvd2OuDlI0llctIZgupL3VOox0Wp4K/QZZaG44BMJiaQ53AlPxSRF003OmiDKKTnSS0MtoShnJXdrbZ02PzARgWpSTBzmcs0t4pNwUuA+TTPUB7uihnBW9XiY3ip0n6AaEpVmjk+xP34XLtoXSf8MNJybLfSXU9Nc6/Dy3SMeCr+eZWugJnVnL/iYEJfbuF9dKdKcN52AKBiObO8rukzC7ZiO5bJtPEmX+w777i2GXIx1rWMCa7ByrGkjG854lua5PkNzunsLDlWM9l5wscZtNAkxXNaolEaGaO2E0TNm6wWoClEUjCnKiWfUdC9/xnkQw4t4gUuKguowFzpsDjqS4uUqzWD1ttrQeiarS4QdNRzuja9xrxsfYfMNDzpF23axVolWf5a45CbeXlpg72sfaHwIDA4pdIRzmujKG7orydONUlanthXk/oevW4bUHNp+FWYxrqc+kfN79V4ZSqYuG6sXSW5pGA0uc3WvqQ60rYin7T3R8qoeLZvkGxdtuFpFYaYDR3LNusKebvZLqxL52WVkKw3pyLxfprpVEUeS6YG1bcQeUA1HSpoOKZp2qLBVat+Gsm705YLCebfZZ5j95jsU9pWPgKh8WTyPtQPNVWmd9QiZXEgiUlH953GyAFqe01Tq/ag3SRkmh8F2ZN8oZwm85EeDTscnPR2qNB3nE7y9UKpOGBzJL4YNKHM2mjyTvD900NHG5mbVHzaDrRZ9Il3f1lHluGahC6dTy+gYsJUeCHkZz1GAXuCdm7YE99Re3gPf6z496fnuCOMD0To4fWnL2eSxoZ6QFAm/zFNxjCLkmGV6ZZZKAtNo+ZZ108L9YmHQtcKm9ttB1tvhtttB1wlNhlx9BeDQWNclgcPn9jWCuSLo/3KA1dTVHv9IZ/M+7fANVnjNY7c4J1u0Yw+l6IlyoTXnY1w5FMnpgd/qG/O7tIjE3YzvWrVXoK6NwP6uL1O59you18TS+yz96WrE3FicISsHZT65jJYhWdtApqEM98hFSSfrqVqNTblNyplufApjMpjYzThM5gUcGlHYhQLFdQ2Yy1P6oGS55jqqYsy2eD+8lxx+OP7+xalDV2vdddrM78tNtAzOEkSv4lB9FFy9cGhBrYwzUyNJ4vn6QtAvrbaIY8Td2F1c/qJvM4JXJ0cOzGCYm/jmN6Gb+dUcNrRXEZnNdAirJX9jPDJ3mQnjEbm4Dm+U/3Xei2WkCoNSvArFjVasXciH0LoS5wPdXrm6xiGhs8a6WIeLBV71I/RUfMV4mIF5a1g7lsy2RhjWD3J/L1aw74QPAa/jNQ5HR96N22mKsg6BGLjOqKvkmq4tESgkrNI8j51kBCylezjlajBac19HzDSBg2drl+NRMEzucmEKhpIS/MuoKYP4nilmuclKU1gu5IP7IHQ0pBlOyyPzD2ZtdL0y0tcr1suOBCK6EkLMEMIO9MGIknWPlq/KZivnNdRfRXPlwA7hXw+4ehwQUk3Z6lJzw1Q1RczjG0zUa/5SNC6pRwyGg9fWVmmgGf/b8DNivN7pKqy0VZez1QOgie7Y1g5OMRnTVSAB2Q7Zyv0yrCqGooyaez8UFYTeOkXlwZdMUbkPuEM6fkctyPY0IrW0LHx8rC7z5GcW8+J5kjpog1ZLluk7X6/wzokvD6hK4At4J5dHQKFd4criDB+uYmOeHMG/aONnOgLyOnqa6VvXhSCTdUMZm2I531+uL+gG0HCZtqb3Lxbpxf4yREvf/urTfN88MbLZvgxtPO+zGqrSu+5kPu7iJB5wGm221I6xAWufim7OIW10Em1te25Q229YgF+Gn4/vevLfShvadh9+Vii81gK4hRh2+5XQffnaVNywxk2BQb+hMd8xpbmRFlIrm+nWST2EN90Lre/HaPLWbsiiOQkfBlg0wigu214Cx+HK+i4ZHti7VYPJvczIXUuFlhRtzwJzmJrMNngLHM/qkjyeGuzwVDWXs5oJ0xGTfLVIrzkCHv2lsiD625riS9R3YsmQam/Zo4IcsXo6hPt1guKS6dmt+nJXQvM9rMw4ufsDUNrQaxN2/G/vAIyTezgAVSMtpP6tHIBxck8HoN2QRXN/AFbK8u7NIpbRw56FOzkATVNuB+Cc8iM5HIFc8S37NOwItPt2q958uYegZCy6y9X5gZtQqzODnn3WSbQqXDlY6gRpD8KgB1pPhuJ/bUjApmvZkh3lARmoqs7torXpYtZbbBwtNq5ADVw2W2sNPkG8VRvWG9mDXd2DVNnq4ht0lzYY0WTYbVlX5Eq5bDYzZ0IfCoiTCJdN7jC/t+9BYQaV89kej3RPZ9CSQ2RPp0HM1B3GnfBSzk965xrZR9NM+fYoZj0tMVoZnUU6c+pD6GZDb46c2M0dEvc/W7gxZ0wEOnD6HP5V4Bbl4HeGusEi0oO4ylb8AXWVxv0LqT6bUUoWaVyz+MWN6+mAGf5WNJPiZmjpMXjL1eRzhF20vQmdPQlVudUKMKfXJrP+n9+bz+XJRWQFsjiSzTpCszXGHlxnMQiEiY5zeP0GQzZh4eTuXiqLMJmvw7njphx0TFQCp1TnT9baneZCopHUI8eKAxp/9/AHDmy4BIplMKQrlk0xu7B8pxo0CZEkryTJcSt+UqyzRCHfiDKmFg5mYnaWE7kcF5p/IzIQ5rcEeQ5xXbm93XgcjQU5iLi9ihN4FpDjt0aKwrRRBjMZOEnbFjPBNOWNLvhBM86STf4wsIE0Ixw2rGg8HzOJLPJAM5NPdIiFJjActC4CkIuC81mannO0shhhzjGA8W24Ot8z00DzM1EIB3hmYUrVsbw5xjqGTcCsOovSzeI6JRaS8wQRaqokJ9d9zvs6FsUc5j7TPl4vmTbc4zfww8DuwjmSRizji5sCMzqVWJQQYQevQakKsWJjGIDGzcAxtK8J49UwRsRrfutHXLxEDNU/WGbGF/nn3Q5YO41cuC/pBPf/V54muBH2n5Ff1lJB+gwb4TubOKQc0F6KS3R0Vw64oM8Ik4FC5Piw1+DotMDDRSnLLipt5z8+lUeIl/n053OLxJrVYIUbbDhy8yvtp/GLr//p3A6KlGPxXK8+t62Fr/74VCqETg/o22B9BksPjkdTuQ3nfyvwHhW+r1A/pnG+WoQ3iuvXOD557muIEBOLory96FBWK2NQxzBmM7jIovBTpRXiSbh4FSS4/eZQBrhOYLL3SkOGUezg4BC5Hnr/MvgHDuKXnQ1W5Y454D6evDEQhJj+lm1oyFAIFRt/2rmntfVaSzP3vMpMw4h0sADZG+W0ioBFQWIRqr+U4lGHKJVWHmZcUBOmEHyqAgr+hMtvA9nkNEYM2Rq5sBWKQqE4qUo/KJU4TbjqPOPAD7FuqgIr8yKFxaKGiAJKvTeou8iuZRR5HK7AF9XfVrFTHEYz20Q8xiL7HnpYbwL+SymVY+6MRDBnWZrt9U0iIrhn6XQ9GYA/jyXUjqX17vCJco1g+LTPW3pdWmt40iNyjjayaAs47V6yGDC0Mt2VhEO3IBYOg1THpcW+ZO56SMWZuBd5yoCUTLRhhBjU3Xp9l2GuUi4gydC9HoVplAVMlHsotwmwJv8rh/Uj7VTy5Elkrhtw2xJDG9av10O831XZ+ay1jgX1H2+W0BVrd+dfeCp382gxG8NPz/5l59mds+RuFKumouJ6WGn7Hs2Exwktl3ti5oLRZBCdFDCTiWppWL0CslVj1sLfJyGnc8b1z7ljEMGFmI0KSShZKYYtlbNL2w/ZODlzp8TKulMj6M6e/SNIvReUhLn8szLIl389WjPeZzRQbsAYWRTMUSpR8VRAIpSfG/o3rO5D2KicKQJtYdbwtZhCcHWcZ2eyiEkapBnBidVZpfkOFo8ksVvqegz+XkEXt8SVar0e0mn3OCQuo1vtCvtrPdsbfq+WxYaf6/Vz5wxoPYyFljjHDsn3Fd1hsK2QC2uRSkpRhzKtRZAQxz8ljkmrTGkIIZin6XwR7U+ixQjF7p+Ss97o9nKhAeOddYcJaliNTtaqgfKFNmHTAINzPNLOLY+LZHAvK0I6UOAiXSeaAEyOQTUSG4EOHluaYomw+hpz2DJCMc0YXQVijYQVvBW2Hg2qNi1le0LJm4UqRp5Aqv6UXMXhoDppWsZUzznxU7G20maaRIKUMahKsuAB+TAS/xzEtF3TxLNzTexbrnhzv8zW2YZ7lUEtsKWXDJ/Pyl4+7C28+inpR4ooF2vCiRRIhh+hpr9ENz+f75GJVQRwTBc2jMQcXFqiNNeM+4p3mhsajdVdYHrKEa8ybGsow7ZXzJr1kpAOeXmtkwmzFpUdjVcgtL47Ho9lgQxmNY0LRK6q6TxYUE62jfYbWyvLZLBmNB5kj2MkddacbizC/JRoymyNAvB3uAhB72XeO6jKOnPFqjTDFL0nf/lTMlBwXy+iUh+XjNYj2PUvg3/8tIPiwE87w87Zn3ZoGcH5ukoTnOkfn/4QT+dR8fTn8SqLUwJM/W+Dqnx+8NPOLzC+ep9VpKI4Pwy4VcNiRqh6zX4WtAfozz2m86Ba//2PwUHwX/6L8K3/Br0/eFbv/7Blldq+d1Dty4a+50WYFfkPwIR3n6IQ8ZRbxf/J/f6gNglhzWS4AG5WydWZB0OPOBd/B1jvg+pE/cjiBggd+/rNT4mRTnL2KBi255LJYj3lTWXCauk8tsCrhjGbzM4XAhxHDk0WzXI+PF0INB660d9zQ5b7A6eERGYiP95IN4YyJnYv+2lHqX6oc/y0Mw4OrR+HLXSqgE0C2uNDe4yEOCGgGQ3Tc9W9LlE4SdmxB3m/C7UHNSVXRegfSP1EOvCZZShOzg3DatVQSM3k3oAkRmTT/bq13NbfTfzf+6QDobup6BVKObyUJICe1sH5j+Ho74ej/++v49H+z/L3wehb+ufvB4oCJZkCtthhTUeQHgyuFjTkEM8rjSquDvJZin5WQ83F4pRDljHqo3FUMjxvsDDw9K9/fSo9JSsu/Jvh0qHPUQ4PkRE+HT8ddutVqm+aFqqekd3W0H5Ow/xSVbRf7XS+0E8H1fuhvMr41ulzSGEHnL+H5OdhAtbr09cn378+QuDDa5h66ar09B/y6y/Q2+HmS/mYbZWwrwqUu4jv7OzBXxTrAX8OFNyS9WLBFcQJ/zfM+b90I8F/Imx6MbxuVLDiRHUw4v5hV9NM/hCpe3jV8Qy+UURgmHSuchGpP9J0NbzeVTj5FM6lnzqLJv+TLdZw1pUk8GENBCIQCuPhBML2QpyW272tcPvXv+rK/vrX4N8DlqrvoM+fR/jT7Tv8We12rO4uO5xFU9jr0Nrt+6yqKrHPYdK+Gij+73gWnGML58CGPkV04byJWfE8XUxPK2Y/lVWAsm8Anwt/Ss5NcpPBhxLaC/B/f7pRVxWs8OumB9oDTTyYvk5kyU0MFaq9s827nKMcru5VSASQrJN0OZkmwccPR4dnr4fVy5dVbGOBOn9K8k/xasW37GgrUzrEMDMTXaVIMpcZmgPGd3wZOSx6hdKNrp2NUgPTpQ6N7RieD61aBoxmSLq0pq9dU6ty2dDR3w2VnX0YbFReUppKnv/OEZ+3QHB3a2O4L/XAxKvy0cb4rlw2uofb/Eb+XhHUVbklkroqmyKqqzKYrQzJeMrlC1sN95sJlcvtkNhV2fCIcPzA/XRrTWy0YetuLY+qiN6dbzs13t/wiBKQdDzO+rwYRn12RIee9h31Vj6eV5Iea2iCH/VdKWq2kogv6rhjlOxhVAenQKymCEJFY2HFtnU5svfHjOHXTmNEV3p1xKt8NS5Bp7dKHWaNvvE5dqThwUaJwRo/qv3IRnYrUBvPNHSjt35ZX+h7DDUsSbIX/OOXJ6PR6InJ0PIyKCFMjgXx8ur5k09xAu28oouRE6nPLLQntmxXEz4mcHqAWJpAxzKsLk5wAKNJOKKsSsB8V/EovwFhbLnPf2PW52Q+wg+5Bp2lbDSPkjHKoRfreDHl+q5U568Oxs+/GR88KZ92E06BMwb5lYcjLnzZS/UIkTSfyOpTv2miRcUFJgFN5vkYzkSkSrXCJ7i7sC3opuqLzEaG58rNy+CH6OIyTT/Rr9f8t5oM9jjDnRrPzbqTxNf2QpTuIYGkipG8VXmJDB8lslovYGzNy2Cfu6qWlun4SXQVR9eyHPSCGQWwBMyfFzDb+O95lq5XL4M2skhvZBbkhFX/HlWIHwSyxPhXtcZOo+JPTH56B9WOv3S/h5Er9O5qsc7CRdeE8iTBX+tFmHW8+CTgu0zmO0RePBquLCqNrMxI1u7jObt6Hi5WlyGnhijn2GjNZ9EuCrWOXKLX0KtCR1nUX85NQIYMGC0ksF1SoAgIRuXsULVMUGSaUO5qVr4nSbqp0z5lESHoWoJQsxpjMZ8SA+wWBZFkArdrp+eQGUGYCCsLCV2yia+eSSrdhk5ySsC52qtTNgpe06VzlBen+iZTecFx2kW8mc9Q35P79LpigWlqs4iuo9aJVZ/cxVferiSzF48+xZIn6XK5BuZ7s0+8EQPA0izfn6JuuZ/H81GYwQIoItKGEA94RANJ2N1jOf2dXuUNx07tfKStOWB6cItKShPrLt/MgsoxffL69Exfs/NMyX2dca5smx+kJpAnEux2SilHl0PJdJXCZMgKjyn17fpiGRe5sVkVtXjCV3RskYKwwqzUNX/d444cyHc8V4TiP8JJcJqtZkNLW6J6ObtapraV2ZzCd6W9B58xQIukiK/St62iMi3bbR2KafekFJVamzOKltig5EeOM+PosWma0AZe/CmKVjmtCQpSAn4p3LF54+n2EpO0z6p1k8Sgk1ot71zF63oH2gTu+pvtKpHEQCjbs7DP9DqBPayOIqn2omltWFX1Z0mviLydwz3Rjj6lRWP8f6jrA4d7GbYaAYbkTVVNqXUFx9K13BRYqU5VVzu0ZxqDOeYblxnLDey2o+emo87KrLVLJn3gSW4mTlk5A/KTHcpai/m0zsLJJ4Yj0IeOWZA9pg8VsaOGTPrzdtKuwVLpwbwYZhj7D6hPbVasu7xGnuZkkhb8mYpVbBpNMLFcjUaTyzCZ9wfMY4j8DhL95n0yiXaaOBnF/SrNSBLcUVz+KF1x9BxneqDnBvsA89UTVgP2YytJYetCTbWUqP6UhJoKEx8Hpzqqis5n8lPoIdJpNMnUAcR639twlff4nPSHBI2k4p6XdIvboCFmU5c9hqnUB5DzTfnLAFYdCDzKRKUCmfvZGpZrWDbYk+rRojTSzs8VliUKfaOiOR+8KY506TJkcambsypLS5+XCrSl2bpUbZW0U1bxGvi7C4idgUUOnt+eFi7W2D4GPKK91fG4xfJmd/MWpthuq2CzmPUwdkByhyobAq2fui2BNBHWpQ/ps6/SxXqZaJNNadHStp2uBTcmJ+yACQZAiobdbckJAkR6IbSnYKzv0NT3WDf0bamYFNtRDueKrkyBqQoU7Le9fO1tL9724m0v3vbibS/e9uJtL9720lK87aWleNuLt71420tb8bYXb3vxtpe2bnrby6/Y9qLMLMopaDMry20NK9bE9ZlY1HveJuJtIt4m4m0i3ibibSLeJuJtInbxNhFvE/E2ka6PvE2kvXibiGnV20Sau/mF2kT0Gdssu/WfC6/M5x3yG283kbpkPpq0JCzv0gID3kz+1SUwshBUGkImZcPEV/UPW1eLD717PKF3PuZO/Xm/MXf0sCvYziHKrj+87skjj6tTDIrroIhn6xi3h4oGQO+85Q2V3lDpDZVtJqteC2Wvna3dKiEs6ZRgSNJsE8HsDZ7bAmSCiQ7h/0t/JBOd+hcrAs3Q9Py5MtjEuWZ4nAkpUvmOrTfcjIsqbSpjVNqSIssbYj1gAZDg3pbrohkJotu2Qw2YpE8t9p8SOauflK12izJdRXhfNu1QVc4uo9J7hMNx+O6ozd7Rab9zNdUcdvRUWJJ6Us7kxVwYU4Z9im72GA4ukYyi8nKHNrbgFGQM9Wlh9rTRxsUyBzV1KbslimCrcszz+PEHbV/VQxYVpFv/7ExS6qSdKqo5d7/H9qZnwUpWQ/P0NJfkw7BeL+OVAK9HtGK7J4ALJaDW1fMKPU72UBnD/7z+HCtowKM0yuFX+uXW9OGubYs6gg7F6GGMX20wpIQKKl+wpiS8DSca/MFD7V4RKqtHLtWrlFNJmowo4V5j/UI9+IdNvA2bkmY42bzKggvLYYHSNvoQMFSo6E3xpNsWE2XzCPWZyWXXXDokNnc0XLnhIbZBEwJBl60j6rMEjXCftD5T89Vpwekw8vQNbPCQ6BR604HyNgTRrXd23LaZ1Sc+QiT1BmJC79Fq/QUWU4wSxqGCkrKfianRqqa1oRU2gDMKn+KJJUktOQkLtlk9pfeC68s052NHiw078K8dgnNtacjepjvHmBNPrm3Lm08fjgSwukPPdsaDD3YHE13Lw9LyQUjQjtXTcTnpci0p1wf75upA0PajcHLZMCxNm+eBSvBt3WxSek/Lbo6acqF17lvfiJ9EMwsMzdwpbXKh3XVhs+lVjaJmK7NzvKTpup7puZjpv5Lp5Q7DcNwcLhqMja2VMJtdMThcLtwKM67lomC7YHGW1bN7B5+qa0wFNq3+zduOLl2VRICXpvhHhzMKWrkIU5r2rb5mHaCLNS/TkamrhQYNs9E8D6Oqauyk2rORfpByz84PtnqfXkgOnG3o92nCh3cfj36lX9R9kQywphvNrhGbclbdom6QLIQ4dmMz1Nr64Yfj7ltUPmBJTOEeb8KZ8fLVwKV33QS7qgt4PRxQYm+yjukxGxx5RJJGUxrac8UVhmSQFCE224Vl2iomg+y1yoRNsPq8A01ryuuBlQbmkmh8o/QzkkZ7nSsjIXUXK2xtHN/CGeGtKrXT6U4pcbuQNF2vqXvPCsmzfXvzxeV6GXLOXkIi1SnWgXiYppTgSwvKrBxepGvW78309cyQulm8MSrVpgPuzn3tOl4WJSm5tL6XUOvkqbgfmNFRurA2I2y5UpGOJrQwcMCTyxTl5BpwrM3iMVcK3uth+p9gvg6h4SKCf9C1iCNhxYp8O+Lm0VWEifduS95TqcfK951g3iHKIQFnSghKxCw26W8lO/gknUZ7Qc73G3CcZqTFS6Jwdm6C0zCaxrBrOvJDcU6NQqkWmoPHxZpbJCPbpDC5lhatJONZ1eNher/9eHqGxCaLD6ooxHf4EPvjdxi2sPkMNByeLfQ/1R6DpeW7p+7EzjK8D6Lu7KnsdBv3i1647abDOzzomOHI9r7CqY5xO6bjiFPlUPJlh333NkxugrGudUx3hVqhjHh7wfmZ4IxnaZ5bGtMi/gRM/AoYG7K9veBijdtoEmICFYNSbwSI1k4Yz7vZehHs5lEUjBNYz2OeUdO9/JmkF76IF7ik2E1PQU1zrhXQa4AF3AkMM3en8VELgvmGQrUS4P4cJSKT9Ahf72sfwFBmKHeyRDg3v6t0t2nepIZl0QTmGlOzKBnSRV5TR3KcFH/4umWckj+0Xwr+UuOcpNFfB7iMd0DwDgjeAcE7IHgHhF+TA0JtqBO9gluUH++y0Fi8y4J3WfAuC95lobMV77KgnnmXBe+y4F0WvMuCi9TlXRas4l0WAu+yoIp3WbDb8C4L3mXBuyyUi3dZaOuVd1loKN5loYnO3mXBuyx4lwXvsuBdFjZwWbgrTFZ3fwRrtkoHqncl8K4E3pXAuxJ4VwLvStAiaXlXAu9K4Nh970pwC+p4VwLvSuBdCdp7510JasW7EnhXAlW8K4F3JfCuBPfsSjCCrQwcZBIvvJsBF+9mUCrezcC7GVSKdzPwbgaBdzNoprN3M/BuBr8aN4P64d74mvdGeFBvBJ8xJN52xhCfH6SaH2SriUHol1o2kLYUIJL34xIY3TvTJDbBD6oJQZ64ZAEZ5IKjVCpRNvL15BIzuX2IKJ3Q/gdcUlh36R/RdP8INGEUh/e/gzND53+y/HKE368uw1xNMK+AD9YvNRZ+lxlM1FA7HXNy74NTKt4Hx/vgfKE+OM6ONwO9bd5FxXWafeqRzxS3Sfht3JNwQoqv41BfE6AvL6EPcFI4OJq0ah/Ag0xF1v0GkgfFbW3M4be0TQn3RrvXgm3c/cPXX79ofs8SGV981a5dNYqNQqR06uJmc0bwTEz2DK1RstOuL2M43T6kU/WU9aJwsUgnTbtHGu29A53E0+xPUMenjpvs3otup2vuvrvg7pvqkdXTDvq33kWLuHaULsO4xfRUmgd+kXMW4jEr37c4jPQQQH186/mXioLvjz/4+W+qfvgtsqgxHxZhEr2Wo6z/iqH2ie17VDoVJcNxQ5/lmMLp43s9sQFh3SBsQ+VDWe0laMmOawxf5YSciawtxT1z5p5olGeVb6Mlv3Jj9meKd2/ajdsy5vZVNyIaNfyM/d10hZ1Es00cXV+VqxBnrnQl10RZBGJZhBEI5OGmdOmRtmSXb50v08W0aROxnME3BMjzVpYCxXdmsjipH/RK2CyHYOmVChrVkEaa4HoQVcPco9OQWwxsPYuTTMCk691CHDmecSdI3ma6x9EkKuk6sOyAOOFUfkQRM4vkmeQg7+SaRidCZxJo4oo8Ev/76ft3+39OxZSNV1V5zpIhOtzsaU1YhMZTukVchkk8A2F8LLUBPX/86uc2sQgzqosNdw/TsvN9rqgKarVxevsw0DUSH6OOgrgjA7ymIRThJ+I1oagmaLRtO1J2KFe76eY/kFH9shPsssfNDv5zh7uhlUI7ubDpDru4ZvF8jjczLc0Ru0bx/xnZr2dBklpVJJLBWMmb01r3gIrQtzINWpoCUTT6HHzFTh9QKVDpmTgS5Dfw/WfOeZ/COcK3EjC6y/AqCvIUbzKjxWLESsE0uCY/zpZ21BSx1+MqzIpOFVyVs/dH7yXFMi6deaKuV6FJYDN8G2PfeoGeR0sCusl3p8qdZbZG3WqjzdnucOS2L8tuSF1c4sH0SEdKtDsYuVGi7Hc0mBLGtw6JMU0nOdIBr8Xz/fQKD+Xoeh8FVTQL46If8erK98kEuf87+s+mA2dL6i1Hz1npH4wE2Hq+vwkF1IHtfka20uG0KgQoQx5sWiVykcXO4urLcMpsP0xar1XveO8gnenWd3IzEglqBAxopG8CJ81qRA9h1/GtmMvH46OH3FHQ+w021NZ8aGE0WQiNrGnWNpRlj6uVsOFyExnWllibxLyqDFvuvwiwE2VaT4I8BOFKtewlWi/ReonWS7ReovUSrZdovUTrJdpfoUS7Qi/BBvqVaPeBXrLcAylma5XREWv5QclVDYiJKL40z5YNA0A+rItFgDflYZ6nE3SKncqwGm6aeBwXabqIwrJL+y3DOIbEbtxrwIZcd5UCNyZtBmcfrWGKj9aoFB+tsemAfbRGM2F9tIYuPlrDR2v4aI2HBoW0/QyOMQYgXKC76wBnFusrLR3FxgKl/VIa+nwZ5jAbEa4wXccQCbbqJhFO+8K8X1Xf7+wy48HAW8M6NYN1Cuoce4M1cAlXuBGXHfud3RY5gNa9vW25VPoWTLlzzYv3uCAfseu8pKfAFrB49mV6DTwftnSlRss4PrHcTYD95ivEEqKtvYm8GxasP7e7pQ2BcXHyPytb33X7fPcwyyK6DVgq6BbTwaC2JEypXCeoi4NgGc8vyfErMABj3aylA0LH3hZO54G9L1CEjLKl2RUowZQmuX1waAuNSaamlYfDubipbColKXSPrnlr9Y6+NKrS5pBpyxcx28LKQ1IKNBqgJ402cu273jKDbTyisaPS+Ns2vaB/639XqkFpAFGuEdqySNZpWICaCb2ESVlShARCRIj+1FAxKaQM3qNADVGCohsO3a0rkGGzDMU+br9t8I3bSwZ/0qIjOI9d5NH7GXqRfoKDim9t7DXezMnmWbgE1RE0DIo4WWVR0eIH30Gn6s1p//FWvSbFA04DmljmkHLNzUPoXNTNu3MbMZ0acZDideygTnm3obcEsRlZh9X2wjeBFBi+tckqpbivqouvUnOoVhKzlV1vInpPE1t8PZ6PVYjaXnCyThL644zYNOn9ewHHpQVRMRmwyL58rGxpaYsA2V96wOB2M447RQ/63OI+GNEHI/pgRB+M6IMRfTCiD0b0wYj14oMRqfhgxErxwYg+GLFhJN5127tue9dt77rtXbe967Z33fau27p41+1K8cGIPhhRipdovUTrJVov0XqJ1ku0XqL1Eq0Dfb50ifZXEowIz9JVukh7E3U1LgM6rWH5hat8bdLmqhqrTitNq+Pd+7PXL9HxOc61RR1pFCXk6GcN+kxqbZJho5DE8jleiMwWIcugkyK+wh8YOH+quoUXvznnufuvjWTGQ10qhD8v4/klCB/RZxDgYxQpwwV7KqIkQfElcSFOxHkhzjYoJsQoLuL7TTds3foARQC53vhZ55oQ6hV+rgRUlEbQHStqcb2kIQtlNxJR+l2euxye8cmFLBvtvt59kdVPPyzNnhWt3epMy/tW6lIuWapuOykk/a5CsdR8WGNtj88JgkPQI9aJBIDiiWO1R+ltp/YtH5wD+SolJzjzpvapsddA2T+sWs4q0qvK/Egn3ZRF7sbgDO06DyrWaqG895qLPkmnShouLVJo+C0TLbgI87a7aCwuSbYbMme0vjgoZIGL0101liEJn2H2TZ/ldm6daEvDlJLBspqI4Q7o/6mWQ1gxbHAAaU9r6Fd9gexMXOAKOBNIcaSaaeazCIYIJ5QV4aVdO5Hn3JD/AHS6p6m/raPshrg41mrCkOm2m8LVKTBwmU7jGcUitx5f5VIRJpplCYyPHM1BRgCByhC4s+be6A4ui46Exqo8ouX1loNkxLsPVlNupbTnhVMRT9JsHqK7I72nspL8vW9h7VK+EJ5qSl75TM8n9OGGkx3r7PXEIzHltwpztWShnoa4hS6fGmvwA5fKoiujMxenVeLwkgy+Y1m4z/OJ1KUOqGS9vMBo6lmFc2PEZSfNJPM78xu0d8SLvdpRpu15uYgWzI9U2LtpXHWrk2HDwVA8JSl2vcT1J6EklZ6b5RFM0ygvS1jq8BJ5Ux1rXQP9ATmPMWOFcwxUKsR813TUYbcW4eRT3tKYGPiYcsrpOp4nyK7bO9Lvg4Klz0Gwd70h5WB6DmfA9G+j8Z1Y9QTA1rD7ZIHn35XcI6ZdJc+lNH9LkFkoxhipjLLOXksj5RmYxRnOCwerJ0rEQm/8RXqzbPI65uIGIdHDc6+cLQ4oiv9Fs5aqgb5D/+ntA6rAUNttpu0HrqKuqMHBy3o7BYGTzCFHAsVX4ivcPHOOluodtDwniZ2n9sjMrCNrfFv7sJwNvmHNdHAGEVM7B0Pv9bk2Djmma0NQym7FWdlMGGifoPlRJAhfRhHawqw0X2os3fqdKmx551rk81zrziAyhvVeqpPgGq30QO9ZNLmZLKLKh7bhoitUzBQ3Yb9TUTZlmLiE8TeimVSvUmrD5zeV2GTU7Ka56JNUymA9LCxZgTpm7fKgI4W/1KxX9QqxXJZsYzSVnCufPDSUjqmu8/7DFIuz9NqvmHMZOm2bKum1We2fqbvT17vbdd0WWJw1YXl9A4WFi/PEcxk6rVjuV0Pmco96Mpe70pa53JXOzMVRc+bioj9zedSL8r70ai73pl1zGaJjCzm2r2lzGbC2nF9tv0w2ZeiaeCe+EYyvF/8NFegpnq9wfGZGWWyV9FwEBEszp0VFTI4wAOtN5pZM0iC6gcqNPe5tdDfCEHiRhuEjJN0eBrs/G2Oc5QSj6bWgBP2aU4ukMLNIQYA2EYo0n+PlehksomReXLYpf6ZoOwSHK12G+SVto3nUjXkoX7sygH4zDJehy6HdJFOS0GETpMlcvKYKkcD7l0KrnaYuojtbaYLdKQc0Sm/+HmXpMwc5o8mAQ3h2cnLigixugl3CEtOoC+sizSchMKRnfPOHIlIeK/waFtRQg8Ax9HZCxY4TPfqo52Zz4dJveeHSHYHGZcSSe+cbSfeWHGB7bI+W66ykK6ipufsjZexouXRuaMgD4AYeANcuHgC3UjwA7qYD9gC4zYT1ALi6eABcD4DrAXAfEwCuR5D1CLIeQZaKR5CNPYKsR5D1CLIeQVaKR5D90hBky64Icg7Jj3usgiqhzQI7RQ11XYp9CUs1yc82kCs6KWjnFts8ybisDV/XyPm4QWcfKTRvg6ebFYUkvg9mzvtmrmxA5q58X/qtRhgFvHsBA3vOi3gD3N0hULuqAo+N67FxPTaux8al4rFxW2r12Li/AWxUj437255/j43rsXE9Nq7HxpXikcQ8kpgpHklMFY8k5pHEPJKYRxLzSGIeScxj43qJ1ku0XqL1Eq2XaL1E6yVaL9F6ifbXJ9F6bNzAY+N6bNxHi43Lbtz/EYWL4vLVZTRp8Fxo7GA3Sm6tVhWKoJfsXjCNc41xgpwsA52wo04rpN2ut+Q50QiApPEWHAjmRjQsPIpuqIBhQAGveStLL8lrP2wasYlhVcH8in8UYTaPCss1vwvzF8vxjF0/Xwbv0qamlP+0NORUIW7qPCoUgsAzUMUdqsbRxsTdlLJCelujZ3apyIxb3L0Eo8Q9auqA1RSF8yYYC7fJgItsHbUMEkEwTIwmrH2ran1IkX7Oyxeb72nwAi/okVrnvALPSaOGLtA+ah4qjTNWjtmhCmHrRkfoC+BQZRl+/phcUmutwaBcQDB832DQssvIGWbBvHsHKMxwJK8zCsLNIg4iFdqRgq1gTHCDwm5L8yLYeWtRYcfEoTIKD2Hf9TS6owB7dhRUVCDVdU9TSRYDso3SbMQUeUnLouNjjDk8BZ5RrFfoA5yuW/wJVBlGxXe12q0zgAIyCNiDkWAogh7ZWH319jRTpDom2rDLYK3mgrloGXkNewaTmTwtLLbR18xllq7nCCN2Tnh4H8SGeXykQfH6WAWKIcZhOyq0RccK7l6CtGTw6RhAh5Ar+zBpRoqdPM2rRliKfbSRFJS/d7Ar+O4Uk6zZQh/Qy6jspUANQs3AxdD1d5vtyGzex5BMUxqXT3vT69p7p9h2dXx+AOJugoGEfSg0cIbcpGtg/vklhfiKXGRL2Ht6x7ApVAXIs7nvwIWT97JJi9WdCZr/NvnBSb36xnsJm+M6ZBXAIhcKDE2atIf29e/Q6m5cRAgfoP2A9nhdzeCYjqZ7HSKp6Ks97bEogDRIomuliWi3bzV4O3ECxezC/0GFalYileg2CuC20R/OLqHVTbZ5L+IrhMJcF8hMLQfobmwJob8jJF/fFY5dbnedY5cBEIA91zyt/XNCCryP6x+7PNxVkF0e8lrILvd8RWSXe7wusst9XR3ZZcNrJLvcz5VSaX7cGUT7VZNdhvOGIVdQdnng6yi7DKCiC+rmJlQccn1ll/u9yrLLQKJ1XHHZZTPKDbr6ssu9XoPZZQD1nK7H7DKchnd1bWaXR3qFZpcBk9J6tWaX4RMx4MrNLvd6/WYXZ4o5wxoPuaKzizacvOpAwbTLsMn5WK9eCUJ2mo4SSpkggmg8m54mFHxeSPatCmaeHh6hstttMPrX8kLlUQh7msEbsglII+9PYPeOo7Fs4Ybec1YA1hZVl0w/OpvpjQvDMnR71OfADq0K2Txm2VZuBGxc5TMiMP2CTXq9jVl5lbBuZf8aS9olJWPbdqPLELGQI32ZMwe9tMsALQ0xSgN5HIIuGxEso2Bzou1RxbB3r4p+Q4Mz9nw3PJ9dYFG/ISTsl8FzF2ViCKB94WLY3aTeDpA/u9zd2FxwlrF04NiVX3Nb0q3Yd3ZxZtN9IZtc9Po8QeVmm/x4wFVHGSm86YajdIeR21cYPb1A1Z61fTqxSYODNnY+lsa9AzwbVP8c/UIm0ZQEKDyCA/vupW8Hv56Pg50fX4y+AYV6xKrwMgrVGWOTQF0FKhJo9M6+BbcbPhP4KoofVszohXUpoam3C4y1zzi9e1Gpj26cvmmorttIFxYI5/Ey+J8//fjjwejbn/9lxP/56ed/ur352GHFP0Qa3pIbhUJ5fduRm7ejzbj+9lmDibac5UpnkFKGWc5tKxflIDp08Qc0j8t4lHmm2oOHySXc1qLPzOsz80rxmXl9Zt4vPzMvKguM58Y4aZ2itPuUv6tXq7GIEJIXE8FUwBBZHsEzfLkqGAkaLyfpLdLYdLZcOd46mkfYBVhgM07Oo7/gYyr7JB5lU+ngODg0fguwIA64K8iAbvRLdNdAXkZRF0J67Yo8RzjPaccScdhwNElZGG99hqw6laBRpAhGGi7TdcKWCj5dy4mK9XSB9otW/SSYYlV8JUJI3x0tk5sIE8kk9TnYIzGVYSKkMVJkhStQ/VZaH7REUNcW8TIWttrVKLsXNw3apBklWeAct+akWHCLwWgkWtP5bSfwewSRhE1RwFrc8jw2VH3L6bwOY0J8I2sDPLiiFrpYEvv+TakPKP85z7JUrSdaathwph0mwycjx+KTkW8lGXkADWcxipeu6+l79X5V4JmAApIuUeIZoLMpt70VyjVdS8xNc1Fu6kNs4u/VNzUJTh5UoFHbygLvcAw5H8BwLP1UM9QzQeI8VJ2B4DXwr1pVcV5Dje0zwAd6qZT8mxsCAM7ZAHjuSrxhdl7T+HdwQLrYRDdJMXpUasXCZmTnFQ7T11RQILE2ffH47neBU62hjQ3n4mXFKW6qn8BZBTRWyYRQY4WjaKnUU/R8T8XN6QLtI8v0yuSWTkCztXzBXO7mBlmn3dwLKjNh+w6olbL1nhEfvqtF8j0x+Q2GgHJSEb20zlh1UkhwgnUUEQy9hUVctR3ZW0+tP6cubJQH2+79DxF7L2GKE8zJs4rRgJLgCsuvno/R7a3kXScci/zhaBb3dD4fc6yP2PaCl1L9HAnLZZjhdfnUQDaTlNjUGfYJmGicXmA70/VE+bFyMlfOUBSHtS71p03FwleTOn/dKs05s6by9EpSbsEpsTsXRCWxfQ8u1xeUfsm6cM7jeb5f7fD+xSK92J8eRAcvwudffwV/TKbTb77+9vk3376Ivv36eRQ9n/7h4pvpt8+nF+Ef9lef5vuTbLpPyaj+Sn5I43n6uzfPD/4wevP8ucttUukSXBm0RmvObzWiIee9URJY3O+aerJ28ku0xe73CqlCDLxoJ7cANDX1heT0jqleNXcKGtjc+NLzAq4skOwP0Yhxm+jsE6ueAA59lHzJK51/VzxO/HBV7GVKov8SeB6lCivkRrxtT5aF91mcoUifSOCZuhmY6kS9HZF7LSfzJd23BbN1MiEBYEtHsFvuyZ4DsEcDcJsmV7WgLHW2VKZlUbKTkxhDzv76hqV0ovX0iI6pyAQTNkigzcTtlNFdj//HIpNvXxZ3kcHdZe8h4tT9yNqPSMZ2kmD7ZOpbydJOPeiVnYdM8gay8gPKyBvIxo9BJn4csvAWZeDHL/veWubtk3U75cFu2dZR5muXZYfKsB19HSazXjljKqFhvyEnUl8KeDP6ViaIXsZQ222kqB+4ijoUjbnlQbdI8muQa2fKjYmvcPNsqm+p3gHHZgAmyZGRhx1tx29rH3KEqXIrbpC0O3aSnKOdg6H3+mytQ46l2hAUnE8lHYuZsFWYwRqn5FQMt0mppmel+VJj6UawUYUDxLgW+TzX6EDIjuu9VFcv1xhMBvSeRZObySKqfGjLoF1p/kxxNcR2QAGZMtzeLb5b1UjA2vD5TS10ayChprnoN7Iw/dkThx0yJE03S56a5pN+zcPFgIBlySEgppJzlXWA0A6ornM3I5GzObSUYHnbc1dKGqvmsJIs1oqXzut4NA5W6bconPMMheQCJpVWMtZaLmFpiac4xkQ6U3QImBOXoWS9C2AnGeSt4Z1qu3KbtzwucE9cNjHcPwD0E5etA0Dpau8ZBorLA4NB6cHfLyQUl3sDhuLiCg/FxR0kiosDVBSXIYBR5S+cURQ22dAPAiHFZVMgKS63gJPiMhRUissmNL4ngCku9wQzJY3dHmyKy51CTnG5R+Ap3eC9wE+p1u4NhKre4G2gqLhsBkjF5a5hqbgMYsaDIaq4bMJd7hCuisu2QKu43Dd0FZeHBLDisk0YKy5DtALqwQBIKy7bA7biMlCeGQRy1dBjxw2E5b4Br7g8DtgrLo8F/IrLA0JgcXkgICwuDwGHxWULoFhc7h8ai8tgFuMGk8VlU+6yKWQWl0cEnMVlMI1dvVyxbErjTQG1uDwcrBaXjUjqCLHF5TZ03Rhui8uDgW5xGUzbwQBcXDal8H2AcXH5AiC5uAyeMid4Li6bTtOGUF1cHgywi8tAejq79HLZFMKLy2AgLy6bTOM9gHpxuSdoLy73AvDFxSlai8tm2+xeIb+43BvwlzR3H/BfXIYaCIZAgXEZCJrFZTBzHwQOtnkbjkBhXO5n5K7hHFwcAcTUy0O2iROYGJeBh4drVAiWIfBiXO74SuwOoca43CPgGJd7gB3jsm3wMal1OxBkXDYGIuMyYLc775l+aDIug91lHGHK6v50CqtMT1ab61n/+rt/GDAuQ85JZ0gweX0D5CYu93L3f59QYVzuETCMy13BhnG5K/AwLoOOUhcgMS6PelHeF8AYl3uDGeMyBGxMyLF9yDEuA9aW++kUJyfoa3DKWFlbP6TihFxkjMQloFykTbGpjC54QRBRbnrqlpY3fm8TF+It0T85tsPCQbCr2tGueEZr034VKADmKd6J5d1wmlzI5gd96ZN83CBwuLj7oLnY7IdO4Du5NsMDep3Ef0OIpCkaEEH9zjr8Y8+cogGwnNnYS8Qg6MDiqKxak7nlBN8QK/A0px73NrobjUFqnmjvIiTdXhAVk2fj4BiYRJhH5oIS3SqpRbqaFDdQEaGVD9iCNMt+3ATtz8Kmo8swvySWOCfr09a8tQdhC3IZvDIeFmeQy0OiDXIZijnIZdhEOuEPctloFh8Ei5DLgyASytDvDpeQy6BJHoRRyGWTuX4MeIVCnceBWiidcZ2qfgRDLkPnph3NsBRrB5IisFXxeCoklq5/qbdCHNaNA84Ah4EKv5DePO839zQDH6JjltIt8ZgvboJddD3SkUzhukjzSQhL7xlLWGhE4DBrFaLCgYA4gN5OKEwFIkYf6e5GUIN1hjpPb7TC0EV0Vo7hU82oAH34Dy5fdAyIPsc5TZwVo+bg7USemMl2Me4sA+U9+NuaOCgKoVQUSi1/UaDKRrZHXt8o+thVISHEYCOWjHQyWWcoh8QiIJmQVhOHCcw1hCmU/XkauVk3hl4fgfR6nHy3iOeXzhc1ztEzWIZH0NhfDboL2tRH4K0hgbkxZgl2iScJHPgzfmotVD2Xl+FqhX74AsuB2gIePa6e1VjsxUkGea4zV/GcZgkYUyqZyNlxA/t1FaPzCXphx454eFjSxTTK7BUW7K7zNRzhN4Fc36pFqvGq9Fp+htoLRZ+IHkS8hQcyaPSMJAIq1zxKoPJFsIviNy7/iKUQm+rP9pquGujaYHEd3ri6VuA+idMMxBaM6pAx0gETTNPrxN6ydCWjWkwHBD9isZeWCCsU0oDuuLP4M7StTlV0O4BGJzBmOMbcfVRes/fvSzaI0rEm4fXQyFcH/7xXXUE2pDDpXrm+cYHXh7idMp8ib2YtFA0hjgnj3Kte2ZHcxmsKBUpzp3QBoqlENagm3e6YsOCnLCyEkyK+ssnyNLcECFfq3zqabaCxGKcNKv+4mt5lZAo3EqypFYmQZhiIfBx8ELZAbCp2Wys1CfNUztwzdAT5o2qRh3UXZxyv8w8pLBen8FD+ZrPD5MhqSxtDcMmt+CcybwlYRV30hvUuhq4bEfeNiYQ2OHIn5FNAL3ce8T0FKFg2p50TkFPS5V6w8y66jvJiB/56D2cB/OVc6Q8cyGw0CgQIx1vHPQVhRnpciR7AzC1OJMY+xxYj4JTuQgcP0Pl1JoPz60yrIS4qQyQZEMlO15mbqwSWX5s8dmYF1jb4adi3SQj7NV0v0F5/kV6RGdG5GXV01ZsYtLPW2iYF/ze8yNPFutDK8m70+WXwzbPq8T7klFXdNGcg1vn84J+fDYjrQLEAeynoZwfoBkNuJuaaA00t7jUeVgZK9S8mhPk0ZZuZNVw8rfHg5nPFvZWSZXVLMtELJROhJmvLRWpFgRDoHnG0XgXxUoRe8aRhp5/yKZpjIHkuQWDajEXmNuemzDpNFxzpiCPQy2Ka0uxGnyeI/PD8BclyavU4N6K3QPCe/JEW1sKjYCXyoPwkYZ51Ejo3pEmNJBTHrT1g8rlSipFGZI5sYAHZOkmGhOyFlknQ0rplcmIjAVfINpgjbEEiFDQLvTH9KdB7CqwtNlab3vtg5htvs02Y+easF4XH2x8aJJsMPC5K9+7bZuTIpG7NyEnth1r/tZkBuHB557b4NBAWW2LioQJ+2NviqDR3naViqoFFIUoEct/6YWgY8QBjgH2oNe1Yy6OCjEaMNuE+lBa+zR6oLdP2WDV5V7f1TZgnadVEC+3EGRzKxFs6YEnrJnHifcLKmhvR7Ms6mInBSryrPjcqV+30hRqJ87Rt19/XISkVlw1SU/UOqcGo4JqlissQ64pjxqqG0W4rbxWXQdmruNx5VNRjwc4vl7vLasVlePjS8AxX6rvNBMv7znal2nw0ePzlsoFIPwQZYEtZsDbuq3NGrIbODlpUt8iOxeUR5MjicotMWfZIHke+LC6PI1NAudxB7iwujz+LQLlsLY8Wl6Hhlw45tdSrLpm1uNxhPOXmuba4OI94k7xb9nB6R+8yUyPGIe98o2c8A7K1d8/AJnTv6d1wGotq+wF37LDEBfRJc8qCFT9KejSMB0lWgN0enqYAR7SFPAWqms5EBR/opd9gigIceGtygqYZ8NkJpJSyE2x93ioZAmQC1aYv5ynIS7iYNGmPOFmBo9Y+2KrTf/Q+kiBu3HI+KPuxxb/6oGwflP3oFqUPyi6Twwdl63KboGwSEXxkNpUvKTLb1qPuJSYbG/TR2Fx+JdHYOKW9HWmJyCYt2Udl+6js3qH7qGwfla0683ijstvCsVdOGnpfPLbilj4SW5e7Ecweg7MOTbZ302kq3k3Hu+l4Nx3vptPRWe+m4910vJuOd9PRr3o3He+m87BuOp1jaadnGxVHKodj7UlrQy0PmnJFlA5TOUxOOeGFDWCQXsgtHyU1tFJflpleu2Q56UgVU+6DSX6iOqCQbuTKx/TBciGoM99W5aG5Od0apc7DprRFMrTzfOo728a519gxoEJTN5sOhT75G5ZBcZaFcOYpc27b2nUVhd5QzhI2HZWysehWVPQgOtxIwhPEX+HDtP1ksz12LiITHEdoKwu6CDatcZbA6ZjtH6E+VukQIQNIAmKICvSi7mKF7fwA3sIZYTFdaifFa4JJmbqEO2VOQKGNLIct7/VKs8soz8N2uAbXCToMLtfLMKFLKlJgpF60e9MtKUZwRkUYg2AVXihbkJm+nhliCrF/QYD2/lYbeu+AoYd5O1Sb63jRrsg1acuRXidPc9oB1uhQgXoFLHrxKsw75HWsNFep2XBh4IAnlyk65an8TmlGS66aqdxcMAbzdQgNFxhI35nWt0JYEUVvR9w8Al4fF61ANa7kPZV6VK7nnG17nEGbzxkkkuZwJzwVKH3vBTn7HOFteI700kGcaB2xQmFbW6fND0xE8kxo9h0Xa24Rn4STAvdpmqE61HWng7Oqx8P0fvvx9Eyp3zqJScDH1h+/Cxfti6R/BjrzKZXoL8dkNWnXnnJaPMswLRR1Zy/4yKLyxv3qChp13nQSHGo4sr2vKGsubsd0LFmFSSNx2Hdv0bg/1rWOWfUy96o6myDOeAY6lD5Dc0oyHByqW31QJ9eFVimN45KRHlo7YUx3s/Ui2M2jKBjTbRfPqOkewsjRpfFFvMAlRTefiHQFm4OOpHi5SjNYva3+iD2T1SUyjxoO98bXWvNCteZ16hQ720Vn0TA/LMIkIq+THvmscX29qlYC3wBDRK9pk90ZXghW+AZN8FK8Q1RsN5nyQGoijoXibjNxCWhwEiGAG9I5yptdzPgasczlVW5k25aLpwT1jdgR3YponwfyiUILLyGWlTrW1KRxmlDWSN1yguxLItencjluV8dnEG65AsWjDxjWTku5e+FT4uVo8okl9KrkaSfW1qSvd5xXxkWaQqNVUavPUdnVA86FQZV8hdH3Wl26nRpjkD1rFUfm5r16LAiVue1iRtYuc0RpqM+qa3So772Qt6QrHukC4xAQIIQ42SbifVhwqtZ28/swz0IHi2tpAg51+xwPMssiur9bkoMq6jvmhQ5QnziZZaH2c1WSBogLBHi55gNFeGE3J+1Q+23u5HT82ZzIBnSN1Z4sTXL74BDSLiYVglYeDufipsLG+oAmurZW7+hLo6r79IdBvog5xXN5SMrxEvPOTxrRQrTtuGUG23hEY0el8bdtalD/1v+uVINSeJSTakHXPbxOw4LPB5iUJZ4CaTKJF6IuNlRMXHCPuLqy02v8Vd0tOEeiLEMpl9tvG3zj9pLBn7SoRM5jF/H7foZepJ9AWOaTyl7jzZxsnoVL0JRBocL79GyVRey8MYhO5YXmImUc179Q50HpcCvX3DyEzkXdvDuVuevPhErcjE1eviqvfaADb3BCC8E3Zn1L3m3orUSJdUWHWY4Qf/i6ZVDNrg+rS5AqNlmlH/BDO6uvrdVRraRVKCeRiah5TWzxNXp6fojoDmwvOGEot73gjNg0mTn2aFOAmBQVkwGLrJFF1X5kwlsXFRgugXzL+mV9obUTRSxRCoN//PJkNBo9MVe4L8v3Uyov+9XzJ59gM8NpRNdlJ1KfudN+YgcU1WJhrEsfWDZjtD5frGOE66bKVdNXB+Pn34wPnpRjFpQ99PNIOqN2wEv1aAR9fiI3xIHuPGP95mMJHRpX63mClhVsYp6l69XLoPU9rln1RuII1L9HlU4EARPqterGK+oGPUFT+1+anr6JBX91BcwzXNQHwRN5CVrcO9OVEb7GT2DxrBdhVvsQnlIgw0vLsUXITZWMSpIZMcRX6PeW6CZKm+lMIAd520OrEwmrE6tL06CD4H/BUfAhxDTFYx2vo77CGmExLtXFA8/h4VxxPl7wGiqJH189DxewS/myj69W1cKGsSYgTH//4rT0c4UpVPrZIJjjP6tvlYxnzTKxtZFKm7mbJWGH+avSFYVMlLk+VmqYZlzGoJ+0RByeIn/ItEUbVgX8s6ADd54QXDzXnavAPOHutBRQ81K5wJMqd0cTYRZRlPA6sepjM0m1H5VwFbkkVuwFVMXlGhjJDV8Po6ieZvn+FB2s9vN4PgpBbY2LiM7EfSDyiAaSsNPlcvo7zeAaWGiNt9IGHTA9uGVFQuXgIxY19Cwo+/7J69MzOwAuVjG71knTNj9ITSBPJEEOWqKFg2WVxok4xy5iMjuuL5ZxkWtzAUxdtdpX2pNAdPTqC8cd9uc7niu6tB/hJDjNVnOkatuFoLD0lqmt7GhbKVdYeyVhrJmfcem4GaRp4k/67gatV0vhDWgJYULjgWPCW3WPmmRkWkt1EaNbfZ+Ef1on0zZk1nJvD/lV3gwfXr+F5cn+La8Ogwt+xJ4sIqO3qJHKGKWcjMojk3E8zeWPYIKdJ+N+i9qtJMiLmxaQvB6DglzDOlCg1RZ9Kje5RJksIr/+SaSY6l/0dbu+8q0dMq3Tx4Xdm15/BmF0caMM8ufrbHGOVolzqfacnfku9LUR7vw2j8HjWWMPyBGa5ViV+F0bjuRO8yZdqxMF7Qi69ebO93tndvv21X35GjAcpAvtNn0HoxKJeauwbSU09oXetzvEP2yxVysUndw61Ok7iCKYhHMr01/w8eQN1c+W4pnOkyMXq2hElDNvhQqNOIt1mJlABMJK6UY85KoF4zYutOZO+x9EDmhtFn9Wm+QyTT+N9G0nfno7soGwvBWyQT1qfrFOhfSgNjJaNp7mFCamBAHXPY3FDuz6+usXXa9ST4xrQsj8kzulQJ2fj/7wzTcvvtmDOcItG19FHVjMbiEI/cEH3S5VHc5II7NjOvh2qzUVuN9teDYu/jlQSMwaqbk9bppEJGlABvYwm9K3SL6WqnfPSayOQHTChfES52gfl/R563TcAYM/Uy67kf5qhyS6ne5vzrHP52qpoSBJJxpb29S6V0dEXAI++a+4udusx5fWUaHuktgXt70/h5qJKKa1tyVmtVVG1dp9jkYVD3q6AyY/BJzTizCH78M1NE3xwjv44OUqzPPrNJv+vzviTdTWfQ4RHgffZeF8SVas3Z3fjcfjnWdEIMK3sJGkdnf+H3naiZKhQo+juN1RqpP9dmxavdtPBThhE+Pdu2oleNtNLiHKJQaFZ4Lklsliv2ulIiPdG22VGGWoaigd5iyrhYWqYMlxMnIMcCeaCGXzdlLm0JUmeIO2LdX3PRGYVZXY7VagkW5Biqp4/Rl3hbbv1EuJvtVPynBqZITTA1RcftmkxqrCXlDmPVprh++O6gool854KHdXs/aeit6unjBMCOitdOvEpoo9hnhithKqbHnycmujWbSQi42IAHEMFkkbbVyClKAmZ7w5gqVSJnkcP/6gw1f1kBl4qTtQtm5AKD11CYBRVNsWXJ6eBctKT/P0NGfa43q9jFfqUKIV2z0BXDh9mKqeV+hxsofnL/7nNSaSZWiZozTK4Vf65db04a5tizrii8TSPDnBWNg4QgWl32lKwtvHCR48PNTuFWEDSWD1SoBI0mTELoFN9Qv14B828TZsSpoht0R+wrZPTPir01yGKudtPOlshXDCOMKxay4dAjQd48HcoivaXPFDDNNsG1FfCMMI90nrMzVfbVJanwdD38AGD4lOoTcdKFVDvEd6Z8dtm1l94iNEPEn+gScFrdZfYDHFWY5gH3j9ApKm/UykYqua1oZW2ADOKHwqWRPRt3XB5xfBmpZP6T2B5UR+rz2yduBfO3sdYdr2Nt05Tnb4vKttPn04khvqDj3bGQ8+2B1891oelpYPhrp0rB5g+yha38KRq3O59C+VU+mAtt0abDxaHRI2izK9yf+KsmmL9xs+xsyToC7C+yd8I/naXMc2icOkN+qOiNeoBLRPo0TZK7rjKlunpJnXjEpGbifLfF+oTtU2z77IcflufhvW+Y3jdso9aQrdqfTIh/D4EB4fwtNQfAiPD+HxITzuM+BDeHwIz28phAdOzSkGNvRIaP8hr5W8ptTO1rKYfksL1g0dJZwN882mklu10WqGBzktSX6TQTbOp2R9CEEgw1SomcY/J3N2Fs1x6WYKH8TpwrFPwBPXb85tf9td/Z1dWcmxRZqh7BWkCCnjeJ10WoJjSkmWClY82je+bXTHbuBNEZ6DwJc3ZnRd/gmt3gkCK2s7KVTHeAuBh1y//gNWg1O/Tsz7LS6G9gJrpS3fVZCcUp8uXHm3Mn63OU92jMvynBSqkzMvW+PlAdO+06SHdLm1hfeyYzJqHaeZaHBjubx9T/qtg4bQra90LIN+AyEDfvaAfTsLCKXaSqu3ULjAyiMZ2aY4SXbyFjfu8fxAKYMdvMPFh6LPg6L7cG7xnhjZTGB7R+8wwJmW3rkCzPgYh81iHOJVOJ2iORi0pngJH6zCZW98Q/NLGwU3HH845PZfYfv0wMQ2lB/WQhsqfefp0/EL5adPdPiCvvRH4e0WEQw2FCBB/7PRNZ1w2uhAWie7k6wjK3wBKTrGz06i2dha+TwrhHtq4cPXeHWlL+RXvp2+4LTU+/IX82tfX/oiO3BSyxP+GOM6ykuvJayjvMR8VEep+KgOH9XxpUV1lHd9Z1AH7Kjy265ob8JoewwSH/itligA4vG0BiQlDXZGcfkGCc4owAKbPtQjDKbpz3T2N8qlbgI4cDGqo6xfKV6q98VFhPtFD7kVOvR4VqqRhGvlyMomMP1P3qHKGUS5meIqRjM69aOtle/I3+9G8rvA3sumIzSm3NAKy/dKfVDS9waujk1cp5G8itmQ1iIWz1babdKPdgtFb/TEFvvRhQVpiSj2z436w5YcBNrurmUzO7GevmvrCvMp3VqXMCbXYvbbjP8Il+hnQYf6xRYupKRKuuy8DnVOhobZ1jmXJvWudncXS9eSJCX7ZbCzcwvOZIvyMspWLb0Mfh7NZjDLMRxtN3qNsJV/uiY6XYSTT9dhNmUQI5DHxCwft5n6ldM0u3so/7gE75vwQkGJeLT1GTk/EW9gljoIGCNsxHvg6pcpsEEMhAtjulvK0mbMJhrs+6P3tBBUfiu+fmBM47Elze7RptwL1vH0/2mpq0FqaMgzh+gd0arI99Ht5CqOrvcxTS5wiBEOdiQOzfukae7/jv7T2fcjWFicD0dU6JeyZM75Vq2sawfTNMqTp0WQ4P1oXLjAUFt178d5DhLX/ot/+/YP23V3H+bMtIljSr5eLsMszqMON5kGZd0u3iXFFO+SUineJWXTAXuXlGbCepcUXbxLindJ8S4pX4RLym0vqma4uvmn7psqf6Hx67rQuIB6/H2Gv8/w9xn+PkOXR3CfIff67xptdE0pdNpwd0wOSbOQOItsc4jTIJhVf+vib138rUtfP/yti7910cXfuvhbF3/r4m9dmijqb138rYtd/K1LW6/8rUtD8bcuTXT2ty7+1sXfuuhHj+nW5TcfHhQ9YGgQ/dYQFdQeEBS1BgM92Xoc0GHJ/le9hSpbB+Wqp/Rb3/VT/VrOMgLED3UdN7gP93YNV+/HYwsp6rt98xdvpeIv3vzF2xd78eZ85zbQkOxmRVYtm2uqQZdmZDbuN1m/ktdaDNbsTECrzbDA67BJ6BNTNrJEb6321mpvrb47a/UcNtp12Jdr9M/8lr5yjAoktfpY7Qf1syUVNoxMTpuHubYXNHObBzV00bpOa+mrv7BvLP7CvqUfv60L+0Dym/TtV06ColIh8b+El/TIKU3QN21uAk2saKSFmsrPTT4FI+nbVk1JLQ68G7nsetvDb8X2sCXvX2968KYHb3q4+7nypgdvegi86cGbHrzpwZsevOnBmx686cGbHh7c9NDsxXJvfivAvGAOE+gKearECXZ5NAlHyO9eBhOUo/ObvIiW+/w3HrFwtOKHXMM9er6IN+A0Wi3SG85U2ur7whqn0Yglj+DNy+CH6ELjX1/z32qp2GmvzPKRZFD2euL+EEWkipG8VXmJE87bdLReoNzvwb4ox6oPuuMnEUoz31tuMLwKr55bfyojhPj6bMfN5y0T+kgTmp4Zd5/a85rbT32qeBYu06x4Zzo0CpbMlIxbUO3LJ1t3D6p1X7md52sMIcyD00m4gA59XO3LX0fpdbJ/wjmx9zHvQDTdF7fKBjsXe/2tLsO8Ymazfuk1b8FGXajE7+mMMnMWmPg6IXFEO8YWYTaPCk6fQAJN89w1dRCTbcaTsGyMPCn/WGezPf1EL/KbLXUPajpp7iM82bSDzoScVrsYsNh4GV5FJQUec4Cj+YpEp9bhiEGkcUAf+dmmQ1onofJi3Qrlrfqau2uet3Z5iqYn5Df2qVfy2nrBG38D02lJWK5v5mZ7ap0jsWHVzu1+ZHX6zNKZOV98Fi1TjDyME+VmzdrOZzS0LaIwt82P3k7r7bTeTvuF2WlrvITstfaeqxlta598gRgNcBa+iZI5HgHPaw87FE74jo7i1lww/SaOt6CmLNdL6zDLJRUM8m3BdAAee7240aYY4eTCsxoqJV4N/WqyKNgpYA6CXVWX4vF2OJY+U4H75SnGDuVB3JQUh1gutPes9qw7f0y7Dou6wTpvUuTL9wocoRflyqAVWVILdotradOeL0DJjcJqkCMs2TkqykcwJJB9o1vM7hmdu59phimmMk5K8xva3YUJWYafIt0+TMeMOE0Lya2pYsv3jORyzmZt1Ws0VJ5l/HeckK29oWJofUIoVlRZYIsLFDpmRTCxLT34UKHX68+TCMSMpoUpYYdqseXrbEbZ7sW4Nq0qJGPK/8yTq8mCXzdZoCQIMAdC0zaZrrNSPGvYvDZKO+IPBwcNtpbNV7FSMTZZPO80S1BMV8m25T4/b9rmJL3RmUzHI7LHNJiClop6ZpxfAqmK6yiyIhP/HmUpTXHJJrpdYlzFlKYqRuvPzZsYTulNd5XhlykGJTJhTiOmSIbRuonCZ7sOcPXjrdL9Eirom6XNKZmDuD0BGm5CvTdof9I1EBsy6+r1Zx55iaLXlxjFqxWr5psyrtBSt9QmJ9AS+o4u/hoVzCbiHRdsewcSUVY+3QOtb1KwMhrTht5LUJWvP6PMWTItdZCy+gkvGbQI4RpclGkqFthlk0CrCkdhm/coWvPw3VHbPUArpEKtq52h7u09FQlePSGei0cF7KRclBZQc4JP0c0enwSJIC7Iy62Ngm4oR3SEX3P2wkYlSBWXdIpQU/vDCkWwVREcefz4g5YY9JDDFezw1stRLk3io/W0L5QYi6Kac/c7JtSuz9KieJ6e5kx7XK+X8Yr4Icdtz3omgMv34SKe6up5hR4ne3gm43+IV7BUcJRGOfxKv9yaPty1bVFHYqFjCsOnIFwSsi1FNRdQjMhQEu9FEwzK5qF2r4hLK+Aaq1c3hmhoU84I9fqFevAPm3gbNiXN0FnGT9gKsiDpSgShUN0B1G6pymUZZfMIbfOTy6657GRI0l+X6e5O12hKW9bFxns3VfqzhcI+aX2m5qvlhc5bQpeBDR4SnUJvrAukarGvAfp4aO/suG0zq098hCzDFW6xf+BJQav1F1hMcQbb7JCuOUChtJ+J7G9V09oQXZfjjMKnojGhK8+Czy9os3pK74nsgvxeOyDtwL926K6/pSF7m+4cJzt83tU2nz4cCQZjh57tjAcf7A7YAVu4iNbXfxvK2yXVjKtC8iNUBAncxGpARhbxUQuLqCM2KWvRNQmFQyU3lOTpYgqNdrdxKznhisT8h3M5i+eYkjxcwkL9wOcoz2w8a6mjbi0TyhDYxx9VG9zZ5snvl3SW4efTddaOcoSX2jfvG1yCVBn1Jugtv9fDrt3PXtv4YdQ1cz9DAiYjh6CNfbpGe0N4kfLtUvfxT+pwvdKu8+p7MkpLgygLXOTpYl1oVXI3+vwy+OZZwLnpo2yC9wdztDI6dEWPimp5fvDPz7q6Quc09kRsFgeYxf1t+Nm6V0Lec9BVx2Gl+1TjYrJeaG8texCgcmXpOpnyku+qt9eyoMprBqp5qYDHWI1G8RK+fHHwz3tyO3Rt6ZJmvoGBN/v3cEHPKIN2ZLDNsvK2zYswK4DL0721FugLvB7sqLxsOyBNHnqpp3Ca0rxEZMYKnsNQLBtMR7VGi36P7nbpwloWdGd6gWaET6AWo6tZnTAdVWuSIWFm6wzdyvaCKMmViQtHXrkU1W1nfG3fUT18jd5qhUSUKKuZEBkPdVDD0Qe2QgyHfVc6o4AFjdJsxBzGuhZtoqW9GX7VvM++vK4R/24Y2oDF7MbQNmdG0w5gLiZkM6ukM7GXSZYuO27PzMqmRmdmhmPEev61efO4cLqO2pkHCtMpMTIUPOleZu9WPdf8ZpaKoz1MYM5+QciP6mzesKYura/Erpt2iXUBVaAllxhUl3mmjXehb0LRRv4t864epbAdS86NuSgcOct2GrxikL/Fjdha4Y98vUIgNbqoFWm9NXxipySn7rTRQ/YSktRBsN3Ua1/Zdnv0lDPlcsS/Xoh5scxg9Z3mZkj3zRfrjd1pna5TRGIMs6kM9mmua20j8x07F6jmN9RGag60jS8NMEJg2fLZe2j6KGa/dQKVr4kmU7IFsIMKGhTwJgp+lKtMyzkFRR7CbO1ivcBKgReiVzL5AhVpuqCzhmolyTKLYFgwOxagol4BKCXcEJeGDnc087d1lN0wH4QaDeIvWXsJC55OjWU6jWcE+yshP10HXmWZNUcWIQzpaL6Op7CUDFFba+21hwXBPErQthI1e32o4j7Xf7bqk8lOV4IBzc7qe2ijkDuniP3Q4SiDOVJdgWmHHfW3VlEUC7mbvH/35n8Ex99RPdQeW5Quw1yEE5gD8d9uDT/BcixeatoghR3cM24tsGTWWcK3+pZXk+JmMMkcbtd9tiamwlWY5+wXEMtNDlcWLvKUfT6WF+gZqHYBkwPOkBnQr1s4i/SIVSxdyJw4x4av8AKBffAy0O7zQB4a6nXZu3GxC2wy7N6E3BLVPC7IXUd5AHFPtbFXe1Jok12XpsmDTRNrfZSdInvnz0QMKTuhWltTngAyi+V7VgttTgyqvHt/JusA5uPrg29BQ4mBiYEwt4cxdjR9UUzRRfLaVwfPg1fiIAQS/zcHBzydDC/c0RR72CEEAEJbW5jXeiHQGCbEdUQKn6H4riy37FwBomFR4DrW0MO0bLu4JzMy5JA3wa7atiC8hDN254qUzww7+egGT/CL0SG9dQkkibJn3TN2SBd7U2XO01FIvRf4qtzxoQz7Z7lKiyiZ3HSOo+aea3MgkNOTiYZ4hofzlIThtOK6G5Y8dttH7XAqLzpuIrA8sCDwli8i5K4Pzv3cunsu6+A5c400m4fopUvvqWCRv3exj10KzeCDme6Rn+nTF9q/Ee8FdcWcc4QA+QQxLL/2zerSa7h2Cq/Z6qG+6LpucTrP28P+sLhPFe1IdZspbAfZF69XFfYyDo5NuKQEIxOECYUNioczcKBFAaxl3nTvoEqeLk3wKHsXs6tQqI5butUg/2Gboxt38nCF0nKGantzDKEpIfADWAcw58Ddxpr7wMeYZwNZUgJ7f8qB/gbDxXAFWY90RyGAL502aRX71rVWej2g7TJ0YcH/B+4G3CnLJeD8S2JrJm5tSyubKiu5UfMvssIj0Fr5kC3vgDGoMgJUoLvUrsZjKd+NYkM7Eru/Y6pgsAXzQDxjgBWmCa7RSvhE17p4l7JhRlieWJyMFEY2JuCPU/Y9MaMYGdlMR23wrM9ar9uxFHSdq5pTIrEkfuhaY2+FsmFw9O70r28O//T6zYPtDk2GL2tbpNfAAk9UdHbHQe6+Od6I/5ya0Gm0YkaoXAQlaIfC9t+80e+JIEjud3i10nl1ghgVMPyClSwTI6BWzxxUczRLT/AcRgfFsRbx5c0YTwiMEaaOhdap3aW/FHg+oX9CggJuLGZl6jM1LXErKf9u1cmCO6MNaNdtnnyxSKP1sUcxy2hHyyJe4golpRADt2gskh5Iqu/ePPe6Env9ioZ4f70vrVnjshElKCDQpkUfXOw9dBgWSXCTrgM5vm7InHDdc3kW6EV6qN5W66aCHUE6seGBoYqooTWfFHtBJ+ujW0AVrsxcVeWLyUSbsSqnGepaIi4+lljaIvbqpYy49OFYxee5wgSp4ug1BvRYpJNPNMNHuL+HdrFn6WBBPkCZZA7fHaHiSPZ1bFDbOXYwRGNO11mqEztAfFB5QG/IOLFWbzOmWrNlhWWZSDfQX0Z8YLJ1cQ1LdEG8o7d+gwFDboG0JftmAQ0DkRPsUEm7FWY6EmYK5Nj/nSHRaCo06m0cJeFLkMdJ9i4zaMqVA5sgZBGAWKXmSciDItzVE5G0TOOBarx/6Pa94awrp5EpZykzZ90VdJbGQ5+AkXKUt3BCd/AidBnn9sagqe/2/MRCYDLXMcg/X3/1VbD7MZFQHbIMv4bVUNw8s2J12YjottmaA6HKxRwWg3aZ3kISmatWIp1+OqpWHUm9RLCPrG2NrB1Dp2VMDpzDRgh1ZXwPFllaL848uNsAwGUo7YZgy5myfbC0Tqw0VZwpBaL/tgn18fjoUdAJhrYlMvX5a2MZWTJJ52uNiE/2Cz12mxHOWa+5stM+hmWIm2618nbf8Z7G64HeqjheXEsuR23ysoO/LyJQuuI0U7/LtfsDXWnjUEdw7o9a87a5SLtwUBToK9ECVudOOSx/UpU1YPCFAYitlKIWr6QlxBsehquc/KW6dhKjSGItyhjIl1zievN///f/yc1AVuSIHWFu1jhvwO5zpw0WbrARfHAzGmF5pSptpJMeibpkBL1HpRjtzARsCgPWpAsCE7XMpyqhq3LXt+RjfX/cGB5tF7YYU67OfRMlhdf/1MsbswzGR2ERkqyarrtYBXc5YixNyn7sKu+4qnNDFLrtqXQDjklZ5ATIM6x/DgcmaXTU6UxsFGGwiqOJgh9W9h6+apUfkdVkyugocqzTQLAYXBkKSQ75Tjz476fv3+3/OVVKy4RC7glTY0mWAAXEJRz3lNJZg5Acz6K8GEttMBc/fvVzP+0Zj1ISi+5pPVZBr1hrnwiiazc3MKtU2c6uaTgF3q6nMpx1RJlE+2crCHYIAt90/x94Av+yE+xekxFjB/+5w13SqoEN9WG6xt6DWTyfR92OrKoQWAweG+QQGyMOllVdIncy5iq/2lWgNPSzTBuHZkEEiT4HX2nzH1DymXhi5DdQF8E+TtCqnfD1NIyanMXphuo6WixGfG8wDRhh1qFNNaV8iY+4o50QSE2FkYAlShsO4URdl5NpQ+74Sz4Qa15OeDRRMnBl9Jqt8dzeKoNw0dc24Q2b6WyPSGsbREUXzW0TKm6mvd0/2LUpA4nWczWoymaUY+vtoyAf3VDtb5N6SmjbTP5wouFpVUBUwHHAmFjUrtih6G5nysdimHTkQjfljvc7zhF5dE9uRiL+kXqjU3lPusKkuQyYFAe7xCYTsZFt4m64gIN5YgDFHLX+TfX+IGj3OddvDJoN0j30zRdOiFGssC0jbU4W6Xo6QucRpR8F3FAPUASJ1Um82LOVUePft0TJV8SBDxHH/ZCs233rSH23bh5PYW5x/6Y0otNokkUEpdvdN8d5nZaq3Db5Tc1NAHY5PWWRlu52mmZJZuKuJqKrTicSOmyLTsQ/VW6J/NfpCUCYgJ0QLp1IgOWhdtID0dOAvR+lSPJtWJS+sytUtJBWgin/amMkVWJfYNY7PVgM0FLIaDlcW6nV3A6YEH9pmdJezcKBZMD0s1DHaXQamtzJdlytVBmaxEepYnGaEIi8i3EpJSd89gdJKn3X5qrb2txcTTXbMdM4ckpH88wwJnmfZpmHN8k8BnPMA5liHsAMc98mmFuaX+7X9OK46ftNLsP2+yamlkdiZnGkWL95ZRjFNjGrPIxJZQCBHEwpw6m0kQnlQcwnzpfiA8wmw+h11+aSR24qcZyAXhPJMKJvYBp5ELPItvS+zUwhSTqNjjI45SU0cSvBGJU6dUo0gqAIl+maceQo7lADVFQBtHN02EV5a4pV8TGPve0LlZWICxHSELtkL1hGYWIgfFDGgopUWBrVL3G52FsN0rNA6GSOxu4Mz3h/9vpl46B1EDH7l1K2x0mx4BaD0ajgV89vo9ApLej4aBtT90HXpiZNBRmJj4rZVEoH1qHJEjTcr5aVcpVW0IfV19gQAuJHJC6aORMBfpICP8pXKVtXlHd/j4dMpWUrKSD2/TKeY6DvAtkiob6vlxGHElrZq8YKw4Yw+SZhTitM6ecYgkZoL10e5uRLa1WJw9Q0C16hH+VovQoW6RwODJExTcWcrTWLcguFIyXSsBstSXyd3g8G+KUw1OZTyEQfzyNUkubI3SlJQR78RbMWbm0c/NAwkGbECy4U3Adjgu6N0tmoyCJrugmnX49yryJ82/Nk0YKiH7o0e/TZVXpGaBpDpq2WsQKXNrhihwknlFRPmLjQC0SIiEvO4v+Wo/WAg827+sHB2gnpmTh9MeLzI4PAQBFr2iiHjaa6mSkEgs5wy2WfJH6R/ZwdV7rOBMBIGrSi4LQXvGEOesTlXt8HuPfRfkLKbon0Cvql0xTILuSzkLS0poWv1kQ/03BghVd9kps7H2xKhKT88qydIC26Mxw8iAqJ2rFi8RV4Rt0Xq+Pk6aVIt5vnyLTW8tyyJLe8UbMmNr63GfZqW4LNtl6NdPx35WcFdlT6uS1zDzk3Dsrdwzn97IWSXghgzO3T99QypG2ELFuB/mpI47bLCfWICyskr0renXramaArm902EzEogv5Zh4f3AVdVYsnVhAjza0zb0tnhP3w9qMOUlLEvHy2+Y6PJkxDMIGNcAfsmtiXUs8uuTiW5F1i5JPcCSSa5F3A2SQx+CySjZAPUYAdHKaVJ7KP+wGSNd7NobpMUZpvZHK1ZghmOM8HzsGRexbcaZuRhkpecqlwNsQUzFNqpHXQ2hwtCs+G3GAGEu0xW9as0xjsx2GBoX26JSAPSMRiEuAlLNUpmsaM6pWrpCQF2jQhMWkzMTWel1ukR9Bg6W+5/PgjD43f0n5H+eMgGash2uY2V6ZaUszsHjErO0wkTSQIfCqF5gTOjJfJmJIEKl1Uy+PODg3+2jp9JuALRkHMqRDeED8JwS03LpIo7SCgIzN5oFaLacgMCrqneyrnT2EVyBMDBUN80ulgrkOHmm7GSlfXxsCSHVLPbo8OwJOYUEcq/qCzm1k92GnOpizQTQ1raq4qTlTPP1gRFHKeaHPUqDr2Su1jJh9VXGxMdiyiJOdYHp44WlwupyU6dS/d0NQmYM96Wv+pN/Sw41Cwi5TFF7itUnCaZtd4bjbGovsM6YdzLValfh/NyAl8NtesTZvuE2T5h9iNLmM2ajk+Y3T08LD5htk+Y7RNm+4TZPmG2T5jtE2YrkvuE2aXyxSXMplabOI7Ppe1zaftc2j6Xts+lXS8+l7bPpe1zaQ9oyufSbvnQ59L2ubR9Lu3A59Kuli8mlza7pn5IQffoEHjcT8Qjq76S0W/FP9mZx+q3DjDXGmhcu0lzFzm3CWbflDybPXlg46nZTlGwcwJ7LF3uBTvvomtQ72HT7bxfTPGvjmp+wCaT1EQnYA5JTJu0J6YGDl4ojdmYMzGrqKQya20jAkWzK1cvd7vjBR5Oxws8ytYXHM5Qn269qQs+3bpPt+7Trft0678C3ufTrW/CKn26dVV8unXT3d9kuvWWN4elR28XhUflz1veeZ+wHN5BE5973ede97nXfe51XXy23t92tl6fMcRnDPEZQ76kjCEWbKzPHeJzh/jcIT53iM8d0jQ/PneIzx3ic4f43CF28blDfO6Q32TuEJ/Gorn4NBZNQ/VpLHwaC5/Gwq1PPo1FqTwGy4BPY+HTWAQ+jYVPY+HTWGDxaSx8GovW4tNY+DQWPo1Fqfg0Fj6NhU9j4dNY+DQWPo3FcIr4NBaBT2MR/ArSWGiIsr7hv9Iv6glRiSHE5dXMSWPUc73XrdgXzQ3rdkOVPcNgluqbFDQed1q/2fmOvfZar476rNsLmMSzLAQdTSFM3xZT6A0uC5HaIws4rtCtqNMRzzXBoCbkBjpR21kZmwm197oOe1onwAIX5LhuWmPz21SgVsJCWe4IvXqPD9p1XoKKwwrb+Si8hTPCTFpqpxuMCep5uFHaeq6WNIbCkDTf8l4vqwZVMQ/bw7rdQZ8u10tYebibeYNzvWidJQkeY+zYUVSyOhCJ9PT1zJBI7BT7IEA0mw6YkQNvO172dSUMQgWLrNcJQYbhetWjQ2m6FQS2XKl2y8WFgQOeXKaILgILiWRDaAyXXFlKtbE2g/k6hIYL9HYlWGZHwirUw1sRNwfZLYuLVhAJV/KeSj1KGiGupsHxJkDevORSf8JTMUnRdJXzbQZ5E9sZJUjttoIcW1unzZ8XCpBFM/IYJVdskcRiUAZhn6YZKoKLDksZzqoeD9P77cfTMyUW05UE8R0+0P/4HaZM2HwGGuSIFvqLAGEufHj57ilM7rMM8aipO3sqBdHG/WoPOByw6STo0HBke1/RhRNux3Qsl29j0Hn2HfbdWzS8jHWtY8Iqt3BDtLkRZzxL81yfoaKeHCq5Zo/ymlxEE0QEtcKrjBzR2gkTwzNbL4LdHHTUMVmdBMDUVPGM3T/Ci3iBS4rAUdAlHzYHHUnxcpVmsHpbrY49k9UlvY+C1tAQDl5vktX6pfAm+CqfQsynEPMpxHwKMZ9CzKcQ8ynEfAoxn0JsGynE2na6DkgekOOogVjcp6MSrs8qi1NSCoETlLp5F7mmfNIun7TrESTt+hLz5D267IL1+y4gVZ5OYlq6dKs3iFeplcr/kipLPfu+9FuNYirr2gWMk+MHNkm6dts8a6pSnxjNJ0bzidF8YjSfGK0vMZpdhRrf0ilfGjrXSYKtrtRpOlGaSrWlbmTUxhRh0+ipd5BRDduh/vosaj6Lms+itm3zcEeqtA7z2u1Tfj3p5hRNtzS/V1FnlgRtudAtcdkrfDjYD+ofBqKQTH5Ri0/2CGuPETcytAFXzfm0Rz6qqpX2OizGqG6i5cCxcGLLYvJ/09XeYSP/rokijci/ttqI7LFdMx7VzLMgQ0+QveBTFDGsLUt7WiKDOt8eNU47ebtcxzl7CTeFOOMGfqnWj21yz9YJXUPjTXXTeMTXpWVV/D44bF4LxBnlzCQGpauV2po2z++D9wnf+JczxdlJIuo9vKa/spyqpbVNfb5GqM3mds4ocQs6U/OSj2jbkWMk5qG+QpdJpY0x6jB2pnlTKbfsxrt3J/IwNKcMycgVyzAJ5+Yas9PVG9rppBqLNSD5FDxKIFny1DqS3FoJrN6hspYNq8And9w0uWPzUVDJtK63q0kcrzbDPJWghXIOdkbH+1xYtoNx8IHysGMchK2CXa4vyKvCivcBhSvft7yr9+M8B6Vw//nB1//6Lad+RLFJwQRuczngllwXhzNoeZNlcGJ9zzPItMMENCLJIpgAv2Vj3EYZdrpRpApnhfBPE+RM4g5GRauAaPL0s7MxYMydmD+aNJh+Z1ELOv6YJ/R/HL59Y4QthbSu+yTTfvLdqxcvXnwrk9C4vA0IYyF48JpmbGRF3eMtqtzBt3vBVwdfvdhDV95vg3AZfDx71VAlssodfHF0AP/v27ODb18eHMD/+/922ldHu6Njh/boU5j6FKatXfUpTKsU8SlMfQpTn8LUpzCtF5/C1KcwrRWfwrRcKnbeB01hGnGUQ2tQqmMCU1ONUvFz5fXJYyOXF3kJ0zAll1G4KC6NC0xLzbhSLlGxtj7WsWfa+pFOJuvMNhwvYpCNbyYLfTMF9I6SKdppLEl80zSoy/DzcfLdIp5fdqBRPNZUb29N51HXJhcf1DFTzMSVEOTfjJ9ai0NT+hKEOgwTL4zfLSpbzSYHVezlQZuba8kVboKV6UucNSLO36cc3pU9B/lPvOjE41tg+Lytbe2u8zXZsESYU8tEqetmNT1D1oJmrlDyhtFOlDCg7hGytRRkHI4rWAS7iDaGS044qU3LZ3sN65/YWri4Dm+6BGZxkSPvBRkHGc8485m1MRD5JVBtMGfo6r+9KJQJgJPJoa3js5W8tJycb+McdV+pHHV2ljdz4cXgASaR41eUC61L5rEuxJVttHvIiJDKluU9e3awjwSrwvOPadxMDPIFpgFkjVs10hR0rArFhykwg/jKHiwm0yJ7bVdKtLtJ6ebTVre95dNW+7TVX9x5bvsq+LTVZco052L1aatV8WmrS8WnrW7r+ZfP+3zaap+22qet9mmrN05bHRzKtFgSd0k7oSNO5ZXuuqac+kzXPtO1z3TtM137TNd28Zmu2wfsM137TNeq+EzXLn4qPtN1X+d9pmuf6dpnuvaZrn2m6+biM123Fp/p2me69pmufaZrn+naZ7quF5/pWhWf6bpzsD7Ttc90XS4+07XPdO0zXftM1z7TNZZHovH7TNc+07XPdO0zXdvFZ7q+o0zX6KslgMjbTHZdrlYHrWDUH+qIWsCxAQfDAt28Cis8RSNHaq9C0bg7mgcxA4N2NdyN0tFpX5WzxRKe0KHBloYlc8BdQf+cG/0SCTgzRKeKuhJqVbzsDxSE462UNp+O/AtPR44j+R6zK8CmKGAtbnkeG6q+5XReh3EhqXPIPfeKWuhiZAzcNaU+GGBRh1mWqvVESw0bzrTPDe9zw5ch/nxueJ8b3ueGb37F54YvF58bPvC54QOfG97nho99bnifG97nhve54YeR1+eG33gGfG54nxv+LnPD1w/3xtd8CnmfQr6R+j6FvE8h71PIlx/5FPI+hbxPIT8ghbzGltEZ5M0vX1QC+dFo9MRynEWjPmJdJATZrTxPrp4/IZe24BV5/J7I8I74Hh05pw2kUgMQmURZMWLE0gyrixOk52gSjtBi8hJ3WjzKb0DAXe7z32ixSuYj/JBr0ILQCCSnMbLDi3WMcL3UPdX5q4Px82/GmP/dBqEQs+n480iGoyzML22b/BOVeVkWK+PfTi6jySeQfStVPFEoBpxo2NjeNbR38EN0AYrzJ/r1mv9WC4BPFA4xN4tCzHT29uMOEUmkipG8VXmJPcNsQlovrGgp7EtOZNUH3fGTCC+FZAHoFTsKrp5bf6pk1PMsXa9e1kgqxFMEF4wM9e9Rhc7iIKmEx/8gSr9CStNDvH36S8sLb2KB6lwt1lm4aJwtnohLUEHemT6NguXlxPwlL2H2rEWYNVXzBHdtittfe8mht+6VRadRCcuELnxe4SV4otusGNCrYHNNSM4MFCWkryYXJ8w9+eaJvUbe1h/0pWJ/Vz9GRcBfQH9S2Nhp1tgRZinR5xVlEHpbPsS4O6+bH/amsH8lGobWiVqQ3uvdka7/RwNtXjU9qndlauU408xcJWMPF6D0vOBFs0E29tKhWV/V3bnZ7bXNFjUbmrqWmo2MBzrhoknAJkYVxm74XFDyQUwl6HO96+Jzvftc719arvcaHpLyTmK2ERDfEHDxUi2/7pTu1nlYH0MLJG0fFG0PBG2/mnSY3CiozmraALLCq9wR6C0ucL479sm+Y45qK8VfQ0M7So3YUdhz6iStk3gghCaahE8Rz3S9avV+7KeEEgwk5wZoehJupP13tdsge7815KcXvb2hdsljjrck1kHI1y6tieFbLIt6ls7cYCubk4DWq2kElrIXRaPzBhfb8bArnrIphcVZ5eIO7ykI1lY55ezxZdBMQLAtZwFbYjEaWUMbbKRQqbtl42v+rxV4PXieKlgDU7wNKiU8qfpcNmJf2RhUbDVYxFe4uNYFLhasw3JAGAoS2hdXert40p67kJ74Ubebq/uIF324ONGHjA+957jQe4wHva840A3jP+8n7rNnc7bHebrtyyFxnQ8cz9lDifb4TTdKDInXvN84TYeBd8Rluo9+UBzmvcZf9t7WO8RbDsN23XZ85SONq+whbGscpRsxB8RN3mu85Kaw8QNzbLrdMFcSsMM645tvkzOTcpaKLi3KRMOwos9RNombEln57OeNxWc/99nPffZzn/28sxWf/Vw989nPffbzX0n2c33p/co1tqlxwj/WqzF0MPJQybNcnLN05uqGalWYg5idy7ENuutjlpqsitlNe3lBBg80KzXUTYHN4SJ4fwIKyzgai9bS0E2Klyz2TPA3pklNWk34bpFaLfumTsjy8U2YHVbE041kNmHjmGTVEXCFxgaMOQrDpLWFfyzpY5VJbGo1cglvkrubbMl5fNUSxiShVqXwPRX8hNcH6q63ezqbbeydXKs7zsEBGbM/YqEbXOJWEQ+371+3k36X933rUtnMMx+Gckzrv/WGsH7sbS3CtoGZld7YONgW7/6yaMLeOKWwWo6YabiSaYyr7LjlvePQUqtrPrbUx5b62NKG4mNLfWypjy11nwEfW+pjS+8ytvTegkbL7so9Alg17KnmND5BVDgrqmbZCqxoOwXWHneHzoCcje7rL4ODlnE2u81V/cQHjrVvjDKihqHe4xgHhwC/r31gbgXIV7khPrhhiBIxfDdhwpYTVi7pq2/p+qaq0a6iepYbnCJ1KETLjItj60UEI2xa6bYHKEeDBJM4m6wZD1G5BfJFS522d7JMOPqtN0CZ38I+X5fjrquAbbZjXM9eR5Jfo0myiSu2KmMOV7V15jYskG6GJzD/oiLprJ+aQulM7NrgCBzRFKWmanBNXfmX+JHSV31hNagRGi9WUJgmklZEpLmWoKdSd3T6aPUhVgoDX65KHTucR6VO6UTuPvDo1xV4xIzbBx71DRCLDzzygUc+8MgHHvnAI6v4wCNVHlXgEScgTPEeRcVYaIh1wVzn5p4f4IJcF81+UlDJTbqGFvNLMpjEOcM/E/MDARJ4xx6Z47TjgDY3st/+gY+J8jFRdXr6mCgfE+VjoqziY6ICHxPlTAkfE+VjonxMlI+J8jFR1Sc+Jqqx+JgoHxPlY6J8TFRnKz4mSj3zMVE+JsrHRNnFx0SZ4mOifExUywt31r8vOibK4kInaAvchAENuGcsOwA2XS+WLhNz+y6xoWW0VLPxmpR7MmZCvTsfS2PCAyD8FGHa2QhkL7KXoOZecmNqWvmv5+Ng58cXo29+3oEpIUkOE1oK87SHqj0LZajaBb5pUeyGz7C/WUS8Um/WF00OWrvAYJoyEe5eVOqg69tvGqqo6+GYpT2DyfyfP/3448Ho25//ZcT/+ennf2pZNw1r3wfT+WA6H0zng+l8MF1zr3wwXUPxwXRNdPbBdD6YzgfT+WA6H0zng+l8MJ0PpvutB9M9xlCxRxZN95CRa48w9FHFzamEdZuFzd0mUs7avyWtyge5+SA3H+Tmg9x8kNuvOcitKbyoFimtzXEm9JssRfDLPJV4lHIMtQ6eNufFOPhAcdQBGgCsbXe5viBzhuV9AJss37dysO7HeQ6MYP/5wb9+9RWdZUvcwWJ2fSSReu9qtfAM0sGjotmWIoyRCR0H0ipj2KVItSEUeLR8YolxuELgDZCB8hUaU2BG3vFVefIUM7zn6YQi+pqqvszS9Ryv/8+Rd4w/SODZ8dE5T3tbBJotOUWFDjEpRaWFEn1I1/8cT4Y6TLP5RdjD07waC4eW9xv7akRJWMEuOV9M2cioU5U3XTqO8DoJ9WRYhGESUSNQW7igE/22dcuM3FXXTfXqqDBiqq6xZSdTUGbuYzJ9TKaPybSLj8n0MZmm+JhMVXxMpo/J9DGZPibTx2T6mEwfk+ljMn1MZuWpj8n0MZk+JlP318dk+phMH5PpYzJ9TGY/IX1MZuBjMr+YmEwfd/mbjbv8VToFPKrgUR8a6kNDfWioDw1tKT401IeG+tBQ9xnwoaE+NPQuQ0Prh/tg7cxHkPoIUh9B2jUqH0HqI0iHRpBqb34dQGp+6Y4fHY1GTywPVLRJRJ/huKNbBeXCcvX8CfmiBa9AlUyXJ1LfEWqddBQ8sYN3KCQptFTnCSiMI9AQoGMZVhcnOIDRJByh2vYSjr9VPMpv4JRd7vPfqDcn8xF+yDXovTmCPT1Gc8jFOsZUQNQ91fmrg/Hzb8a4nBbW1ZHYJMafRzIc5cH8MrDsKE9UEKIshVWaLvJx9dsnKvCIA+yMR5LcON68DH6ILkBsZ555zX8runNcF6jts3huVopYCeylwz0hWkgVI3mr8hL7htkUtF5YUWzmvsQCqj7ojp9E6GUjM6/Xxii4em79qQIy51m6Xr2s0VKopiiNJEgzbRwYVQgsLo3KBPIBSEy/4pb8S/XJG/iRnq4W6yxclCeGaY786J1pfhRIuCnq4etFmJW+eYIxpSluIO0Phxzryhr/wFBqq7N0Bw1KiZywQsB68K567Yk9zyflH/tCh+1mxdyh3JzP6OKJVO79DxGFwOxTKAsOEf9xsk7ov99Rxiu9VqJi0trl1WWYl4PBP1i/9HX2L9pyqf3WTSAOX+/QsVRdEvXoa+XXz/+Sykr9+r70W61n/Qk7X/Dq2VLCTpqgzvhjWso+RaePXvbRyz56uZHBo8tyabdJIIu5UrBeLlPoVx3KjBkbYeKO0iU6ZPSM4rvSy1pHFD1Aqgqm8rjlOLKLuTQIiwLepPDOAbc4G2kERKwTjKQ8RZPPdCO3lresc1lKY86V0dHETvAUVre4kTC7qdYYMYIrTNDwxeNvUqUl1rPJ+mQHYR4Eu9VamzJ26oBQlG3ylGQHoGpD5XTcQMP1G99uHbRL0VzpGGAURTeh9odSDWRPxJUHPwGf0Tbs46PchigwZLbjMPE7E3lZb8q26KOvJPuZ219RO0jHiEKqjPOPeNZXIqfJh1b1CQWVp3m9i3e/5pXAvFEoul7kimsqnX9cDgluJSgdp3SyRZnEA+M5usbwYNCMrpGU+mri71GW0vUApYZVXkmdxqSBK1IrmRsQg0LVgZjpDfkQqqpwVGivhv+IGy0MiEfZsCJbAvooDDdpWg7d18Wo0kNDH+nwv00wyglXJGIEshDQsDHaL1zCXH9gqYavW+K2SEFh+UeaRqdCIrp6+KNqgzvbbF7vd+dfhp9P11n7nWsrDIcqfXAc1fd6fJLdHczPLNiGBsMyR1HwPQbK6tM1ZVS+AFWlwwFVukB7s15pl1P29yTcSoPo8H6Rg6ZeaHPobvT5ZfANxbHCDo4ydBUJycnJoSvGiQhreX7wz8+6ukKcAnsisuwB+muRh5Q5v+CNBmQAUw4r3acaF5P1gk5gkrOtQcB5kKVr5tPrVVe9vWxOldd8bfZSuUEw8yOkgzR4cfDP4iwKG132yWlkzXe4aI0pxrJe2XevxtMiK2/bHGFDcgna1lErdJfRUblZN+mCXa+wl3oKpynNS/R5grfiz2Eo1oHQUa05Kt6T29vCWhYUiEwOpJ8ExqBOmI6qNcmQMGK03wMdKufwBR552w1Oxhacjurha7zULATWTel9QmQ80sTprUIMh303EFHG0NLeDL9q3re2Nn2N+HfD0AYsZjeGtjkzmna4CTAhm1klnYm9TLKkQdyemeGW3oCZ4Rixnn9t3jwunK6jduaBwnRKjCxUQDp7t+q55jez1NwM4qfcvQY2b1hTR91ldt20SyxljiChGLOnq7stvIudflvIv2Xe1RP51O7Z4sZclFeLEczHCsRzwTofyaz5eoVuHWT2EbE9bqPcTklO3Wmjh+wlJKmDYLtpUHXhBmqkQYv414vypawwWG0fYLPEUF2j2UDX2J12AAH0CwuzqQzWQqJ6IGgA1fyG2kjtprbxpQGRdli2fPYemj5KbOs60WBUUwp4Y0M3Rs3lBCysooYsIzeKPORB2sV6gZUCL8Trb7pTKOh2BlHrsFaSLLMIhgWzY7l36RWAUsKNQhbsaOZv6yi7YT4INRpTItneyY2dTo1lOo1n5IQs9pmuA6+yzJoBFtApcjRfx1NYSoaorbX2Bn0Gyr8marYkq+I+13+26pPJVrBhSJ5Z/HkPjRXaIEb0gqMM5kh1BaYddtTfWkVRLGTCfv/uzf8Ijr+jeqg9Np5dSugMSffKANdF+uNZxSEXO7hnTOWwZNZZYgAA5XZEcTOYZAbP6D5bTRxbsArzHB3RSZZSUXJQWbjIU7afSpig7AImB5whM6Bft3AWGZMjV4zUIEJjw4S4xSbLDLR7MiaWqdcV1I2LXZy4YfcmHCgj87igKwB1q8A91a6IjJrxKTJxqV2aJg9WzJu8PpqB6lrnz4onFCdgtbamPAFkH8v3rBZoAjraePf+TNYBzMfXB9+ChiJwaHtBLGshisV3i1776uB58Ers7yDxf3NwwNPJzs4dTfFNnULetDzw9UKgMUyI64gUPkPxXUUmkdqITmNFgetYO0LTsu3inszIkEPeBLtq22IQ24yviKRq6ZIJhTrBL0aH9NYlkCTKnnXP2CF7mylzXqC4RY/Z1ZQ7PpRh/yxXKePydI2jJZSMORDI6clEO5y3B5OFpZv/9lE7nMqLjnB7LA8sCLzlaHu53IZzP7cAVso6eM5cI83mId7203vKN+nvXexjlzyE+GCmeLVn+vSF9m/kVkWFstG1jVxQcJCQdlPr0mu4dvLm2uqhvujCFHA6z9th1rC4TxXtSAXZIWxH4yFqt7VxcJwbLk9CD+O5wvRqTwngQIviErF5u3hPSget8svHY4bcXhGQkY9but4gPwSboxu3lHCF0nKGajt1sGv6gB/AOsBQ+8XNWHMf+HgZZjGypAT2Pp6heKWqEWoNV5D1SHcUEqzeaZNWTpZda6XXk8IuQxeWuq+EZS1Idl8SW+uB0MMybGUzlJ7tlMG/yAqPQGvlQ7a8A8agynCIlelSuxqPpQwAgg3tTFlt3zFVcNiJeSDeDcAK04TgIMpuWF3r4l3Khhl1IcwWJyOFkY0J+OOUL4fNKEZGNtPeXzzrs1ZMGSwFYZao5pRILGFoXWvsrVA2DI7enf71zeGfXr95sN1h8A2/qG2RXgMLPFFQhx0HufvmeCMeNWpCp9GKGaGKPRDnP5S5D9+80e+JIEgOOXi10nl1EqH3IWJKK1Rd8TtSq2cOqjmapSd4DmPIzFiL+AqJGE8IdEZngGvr1O7SXyjCl5GLsxsNW0t9pqbF/y3l3606lZOrHWEiky8WabQ+9ihmGe1oWcQU4E9KITqA0lgkWFkHsDyaldgLnjUE4ux9ac0aPJ4oIfB+3LToWhEzpCcsEgJzl+OLsMxh1XfbsQO9SA/V22rdKHYuy5V0YsMDQ+WfR2sesac7WR/dAirveOaqKno1E23GqlxSELRX5gIkiKUPbNyU28GOm+IIjQb0WKSTTzTDR7i/h3axZ+lgQT5Aca2H7440kjc2qO0cOxgGNafrLNWJHYZ8Br0h4zD/3mZMtWbLCssyHrOgv4z4wGTr4hqW6IJ4R2/9JXxa2ZJ9s4CGgcgJfbWk3QozHQkzBXLs/86QaDQVGvU2jpLwJcjjJHuXGTRF7sImCFkEUPEAAugOPCjCXT0RScs0HqjG+4du3xvOuiKsTTlTuUpUVxDjCQ99YHvRNEd5Cyd0By9Cl3Fubwya+m54QywETnEdg/zz9VdfBbsfE9jCiF5PluHXsBqKm2eWzz8bEd0220WaAlfunhVzWAzaZXoLVZCS6fTT3vnqSOolQlfM5aYja0dNbxmTA+cYgqRuygNjqpvizIO7DQBchtJuCPa6KdvHjO4AYTfFmVKt6NmmDCXUAERtU+6ATq3Q2qY4kqkPlBTLyJJJOl/Dhd75Qo/dZoRz1muu7LSPYRmCRVmtvB0gtafxesCIKsOQ70s5b5TrxEUESlecZpVcOA90pY1DJXj7VhQJF2kXDooCfSVW29Br/6Qqa0yqBGIrAWbhlbREUMDDcJWTv1TXTiLBIpe0ZmQMjGyEsP/7v/9PbgayIo/sCJGi4nzZzhjcNAFuEFSpbiY2jIW9UpU20kmPREckjPJqQoY+toNG/ssUiVYyn2q0O8FmsuRjfX/cmNnJLmwxJuSgfQMFjtf/1MsbswzGR5h7DDlnGyap3eWIREbGYnOVd1zVuSEK3fZUugHHZG+Gqdb+ORyY95N5yi4Pl4XKLg+Zkcou95ydyi7F/WWqsst9Za2yy4YZrOxyP9msSvPjziBc9LVNeMNmOtsj0toGUdFFc9uEiptpb/edRcsuA4nWczWoymaUG5R1yy73moHLLgOo55SZyy7DaXhXGbvs8kizd9llwKQ42CU2mYiNbBP3nPnLLs4Uc9T6N9X7g6Dd51y/MWg2SPfQN184IUaxwraMtDlZpOvpCJ1HNPwuN9STDYnE6iRelJLzGv8+RElQ4oBgDCm46K5bR+q7dfN4CnM7oSTLOKLTaJJFhOXU3TfHeZ2Wqtw2+U3NTaAYOT1lkZbudppmSWbiriaiq04nEjpsi04UEVVuiSbS6QlAOCOdecoc0lA40aOENrINi1IJkUTRogxEYpviqrEvMOudHiwGACLklHBcWwUHxQqYEH9pmdJezcKBZOWk4Z2GJneyHVcrVYYm8VGqWJwmhFboYlxKyQm/N+F52+du5hpXU812zDSOnNLRPDOMSd6nWebhTTKPwRzzQKaYBzDD3LcJ5pbml/s1vThu+n6Ty7D9vomp5ZGYWRwp1m9eGUaxTcwqD2NSGUAgB1PKcCptZEJ5EPOJ86X4ALPJMHrdtbnkkZtKHCeg10QyjOgbmEYexCyyLb1vM1MIIs0dZXDKn3WnHRwUjFGpUylSDEERLhGJmaaGk0cJQIXlhU1qVY4OuyhvTbEqPuYp+UZHywymxggKLKQhdskeJbkzED4KYE/C0qh+icvF3mqQnkW8jCUauzM84/3Z65eNg9ZBxOxfeo7TMykW3GIwGklOxPPbKHQGDXEbU2eQEdWk1UARK+4og9AQVXFCRewARaxjIto5FBxbjq0oN+j7ZTzHQN8FskUCu1wvIw4ltMDSxwrDhsD5JpjiBsVa0c8xBI3QXro8zMmX1qoSh6lpFrxCP8rResVZY5WMaSrGMHIQdqPcQuFIiTTsRksSX6f3gwF+KQy1+RQy0cfzCJWkOXL3jDO4WoDh1No4+KFhIM2IF1wouA/GBN0bpbNRkUXWdFMmVz3KvYrwbc+TRQuKfujS7NFnV+kZoWkMmbZaxtW0ExhgQD7A+gkTF3qBCBFxyVn833K0HnCweVc/OFg7IT0Tpy/OOSfKFANFrGkjLGxNdTNTmNsqwy2XfZL4RfZzdlzpykwlSBq0oiaYOAs9aSToEZd7fR/g3kf7CedUskmvoF86TYHsQj4LJ5yVpL5e1JroZxoOrPCqT3Jz54NNgOrKL68One/OcPAgKiRqx4rFV+AZdV+sjpPHIa1el5vnyLTW8rwtaah5o2ZNbHxvswTjw1OZKlSj0s8bpzK1wL45mYO9FkqpTTfF+9bIWyduYLpnpaxCBrdL57jYJRyyUlbshgmpwFU/k+wHZXTtbcLj6nVGzfYM8k+ll5UUUsrUWt8l9d52xSVsnkKWBVWHLLLNJPTpY03x6WMrxaeP3XTAPn1sM2F9+lhdfPpYnz7Wp49tSR97b3lhxZPibdsB1b9qvivVoEHLcm3Z4yB90vVh8paUqiqZxAt1hJME1BQFjAzA1pPpVlh36ArYaJYh5+GW2wTOrqQ4Jy3HlPOohSVuOuiGLFxYaoMu0k/AuiQIfh2T0EJHIlQ/z8IlgSyxZr/Kojb4mg56VLXGfqWg6mDSphmUa26WczdQGHDTgnLbpy68k9dqwCNRxV75ji1Ks+acOQXilRKY4aYaRAvDfU/7dThOR4ISTEHnLoGfmjsV8lHquG/HLKZNv7+LKKIr16hExJ+RMU/jfAJ8mFFghOkiEHM8A+FgvQDmKFjESEdMY7YmRkCnbQSq8XTKOCggJ7WZTp6DtD9PyL+KI/3GQXCMfi+TxXpKhtXkRsUASuYlBo8VeDI02FymVMGYvUxUIpa94KRywYdc5TvlykP1XID6gnajmwCOEcQiZ78Y9DhBk9yCB9TS9a+g6wl/wOO+jBYr6T6fEiBFidEznE6N6Inv0R5G5gE7wDREydwo7YAmHz1gIM2MZwXdK5D8YbuVE5Y37PUJa8t4hO4FO2Tbp4WiXT7o/h90CyTMn3ZwTe3gRR1SV2jKP5aAulTd8LBLKEtzG40HXUo0cPW0vEJaanmB5LVEA4OsCmT6k6xGFkSRQrJg5Y6Hj/A6GKv9Dtr46Ns9WVkIoIqps4JLhK/GCWIZFygFvHUaU+iqAtm+DFerqE1e+5qDLGXd6pUGawJOA4SzQIrjjeUCRXD6aWySEyLNQvU7eiCutIvYx5M3Y5MgABjodI2wOsuLeA6HQ7vILTDx5XNC0JpJGoG6KeehtGatRLxXESBXhdszIYYvN0GU9HbPwEivQTJs7YeS+SveerLbJD4Yd0+GoElX7ULWN+PgB73A4ChGTEHlClSUFohiaPBfmycRY8GwZNokewJ6luvrqxZhiwtjCcM6gt4meDWVYn5Zzr4JjR+BklowHi9mCUD2x20zMjdqP9rbC/VQ6h+dNJKIRa5f25zFj41XoLKHSI/3xPtVhVwvbsyVINKeUT+5OTawkLPXLJ3QE5gROGQy4/zQTP2SM98pW94MShqbPKcK8YXvUCRXve0Scbm+IA3C3JOjv8P+xSK92BfIrNHz8fN/3dd12VXtXz3fJ/41nqe/e/PNixfBJqa0fnfT2zqa9mpuvc6lrurb/TiUPqQr6cM6kd67++i9Oo7en8voxs6i9+Um2rtlu1xDXXfrMHfQB3cE7aVJl/OnK02GOXzet6unEwk63TuH0GGgS+c9O3M6XAM4OXA6G6zvzGnz0bpr9pK4w0XTlayD3DLv2SGzZ/w9TpjD3C/braTKt+DPGgy9x+70vvaBzqWN+kVRglWXdxv6L55BXVg4lg/AH75uGVJL0uZLkK03ytWMHxqw7Lx0f0O1Wi564tbUcvv4egxKpkRk7gUnnLBxLzhDqMiELjT3yNQK8kRUTAaZNMnxYiM3DnbZ0C4cjb4YwWHDaHQW4NJlIVenL73JZxJRVAmgWYUpMoRwQ507ZFptMLJs7vzhmCha0U6tXLIDZNGEM65pdxubbvzBNvtqJYl0nMvmlM6VVHt27sl67uYizOaRTrpjvFgpuXfTMlYZsI1LdS2rn109Cv5oDsoLtCBoT8pmBPiSYy+0r0Xu5wcH/2y5HE1COKvhjJLsWnjbzIlymvhK46hVtyRvKt2yoWB9ExVWO+au13zb2G0K6mYj2VVkMkW1JqXbdJE0ngG1H3m1vmRUW/4FDnG887J/Wl/oS0e1zMi70qw51K7USiR9PRiTwqUWv3mRrvCqr/I1Y+VluU4O/vHLE0J5tLLHkK3uVbpYL5Vr1KjCuiR3LZ8leUy3CCqTRtkJTlr7X3maSHd0Rjb1BdYGvVkq/0OS54PDuTKCMVl1Ys5KX6y2DPucYGxBvelmSnB7J+Ufa0y+o1nxSlKGBusg2ZdjZp8c6lFsxH/IkbPPh4yePDhsWrtMJ1ypvx+sX/o6W3dVhX7m6SSmY8CgOnfOG6045VvJ/7oq4YJyv8pYobWeTS2MCZ3Wk7+8eh4uYJwsULBJU22BdBUlhx+Ov39xWvq5iwvbEyRckj/Wbj3CUVaUR5AcamybZw2Gn2yXBvFZQ+2LTwUjCRrMfetEajYFthkAuw8WpEKDU7LMBHqi8iDVjVo5vUinuYNzk+WWnQ3+SadvOsc8TapubWISsZLYBZpByJTVdL+M50IWkUEEPdt1feyJUe3HHetFmtk2MPSaUFe3t3RPj7pICVUiLDbv6VlQV/F042ElwDTpL4yI2zY/SE0gj4Li0GEIwGrksvlS5zGEw2WJ16OSXakJj6M3+8pxh4vbA1mHWmarOYlsm+t3DbS31fEb3mwMAbiN13cnPsstcVkU+kqTiNSAx9KJw9Lv0CKAJT2jqKCbKM1UgmvK4Cp523FkF+PbGxYFvEl5jwa4SjgkTW5Syytu85soBm/jpJKrPufK6GgSXwO8v8ObRdHV6qIzj79Z0Cb1r0lpKOVoD3artRokG8vv1CQGh0ZTkh2aPVbouIGGn21RFzNxjZi+aCPLQakGUjYaAxrzZsVpSFyjUzxj3hHQmNcjGsOSIvY0r3fx7te8o/LeSP53epHXcsGXVuPzLh03ZDcqjvWbwjRC/9dxfglLtbhGUmoP4r9HWUqGjZ50o5uvSJ803SdNbyw+afqvIWm6T7P7206z61N9xD7Vh0/10dPAY0r1YeG9+qQfPumHT/rhk374pB9N8+OTfvikHz7ph0/6YRef9MMn/fhNJv3w+Seai88/0TRUn3/C55/w+Sfc+uTzT5TKY7AM+PwTPv9E4PNP+PwTPv8EFp9/wuefaC0+/4TPP+HzT5SKzz/h808UPv+Ezz/h80/4/BODKeLzT7TX7/NP+PwTPv+ELj7/hM8/USk+/4TPPxH4/BPNdPb5J3z+CZ9/wuefqI7a559woIfPP+HzT/j8Ez7/hM8/4fNP+PwTPv+Ezz9RLj7/RLn4/BM+/4TPP+HzT1SLzz/h809Yxeef8PknfP4Jn3/C55/w+Sd8/gmff8Lnn9h6/glxOpKaqjkK6p55nF+g/FVfzoTq7tF3/Rqs76bGIVs61Jhv4oirkd9WWZySewOs8FIH7cn3mS8GZ754TJlKHlEWDpVw4wJGyNAHm+Tb2CTFhqrI58TwOTF8TgyfE6NUfE4MOxTI58TwOTF8TgyfE6OJoD4nhs+J4UYPLD4nhl18ToxS8TkxfE4MnxPD58SoFp8Tw+fE8Dkxevvnc2K0lseAfInF58TwOTHa5sfnxPA5MXxODJ8Twy4+J4bPieFzYnQUnxOj9SWfE4OLz4kxmGQ+J0at+JwYPieGz4nhc2L4nBhYHonG73Ni+JwYPieGz4lhF58T445yYiC+ukQebDMtRrla7ch7mV4HqCNWIjAF9aVAN6+CYQER9p3ewuoCndBCNO6O5kHMKEADmbHaanR02ldlXHkCPDo04RuwZA64K+ifc6NfIgEHBhAj9mbXQir51h0oD9NbKW0+cckXnrgER/I9xprBpkCX6S3PY0PVt5zO6zCmkAnCGoIHV9RCFyNjnP9pxB7hY/dZlqr1REsNG860zyLjs8gUPouMzyLjs8j4LDKDKeKzyLTX77PI+CwyPouMLj6LjM8iUyk+i4zPIhP4LDLNdPZZZHwWmV9NFpn64d74mk82E/hkMz7ZjE8245PN+GQzPtmMTzbjk800FZ9sxieb8clmSsUnm/HJZnyyGZ9sxieb8clmfLIZn2zGJ5vxyWZ8shmfbKZEGZ9sxieb+Y0mmymydSXXjPnlwVPNoHHeMkagYQJxYJOcBAmRRq6ePyHVI3hF0fDKvn3EMSbw5hMbZLgGrjuJsgLOwgTGnmF1cYI0Gk3CEXoAvcR1FI/yG+Ddy33+G09wOLnxQ65BH0cjOMbGeMRerOPFlOtTnqHB1cH4+TdjzBdjA7TKsTCGo5mHo+5/Xtr+qk9UEhDtKlz97omC9eSkF0a8JNNQNL95GfwQXVym6Sf69Zr/VjPJuRYYc9GaXTZi2QyGe0F0kCpG8lblJRb5bepZL6xo/vclP4fqg+74SYQiksy6Xnqj4Oq59adKhkKW1pc1OgrFFJUFNFb9e1QhrmivpYAo9MH+i/0rgq/Tk9VinYULMxlM58s0I8gU3cSSPdLRFon3Evr9J7iNUtyPWqVBYefKGu/ADEsfTOSCUKiag8aEajyxJ/JD9WfHdEIuqYTK2YPuMGvQwEw9LRTaIC/PqH65ygaoxuaXrc0zEeQKd5xUM2FhvZbLsZV8qq1jU5RFcc3bDF5lEQoXQO4XvDQ3SCNUkiescMCiNZ+Q5BKyrfZHVgfP9GWEuufPomV6xRcS4jzEeKefUd4iE7glU/nURD41kU9N9GWmJnJOS+Qa1tAB1d2vFG0bmnurkNzdd3Y9ENxulq87g9y+E6jtgRDbPcDawwC1HXJ4OEBh3R4GywXZrR/+agA82T3BXj0s5NVDw109ANTVPcNc3SfE1S3gre4P2sphI3dDWrnv4aFQVg9+yeqGC+EO0tkNAjEQtur+IascidEDVTWMIoMhqu4dnsqBKs6wVO60uUs4qkd7BetE7E4IKncCD4SeunfYKbdApS64qaFQU7dNlkeysHarr+M2GylqskjX0xHa0HWsJTfQiguwKZhzsz9n2Up0CnOD+ymtAFQ396VnXlzQs93Jefdo2dtEyXZIoNm4XH9t2X5vEeW0ZVTrO0OzHhDg1GA46CfH1tGqN0Sp7lbH+1Tx26nhPZymR/12YzL3oXY/nMr9kOr2Pava96hm35eKvaF6fT+qdc/mbFep3fblEFX6gdXoHkq0q89ulBiiNt+vyuww8A5V2X30g1Tke1WPe+PzHdTiYZlht60OP1JVuIewrSqwGzEHqL73qvZuqj8MU3X7gXr7qXj/wLz3Csh7B0C8HXPbhfXq4CJ9t9iu94/p+nBYrg+F4Xrv2K33h9n60Fit94rR+nDYrFvBZO1gUa0YrP386faYq9vHWm0daRs6aTOmahdqaTeG6i3hS4dAlzrDlk6nwLvyJkNP/yQfqo/ZTKX2ra4T3TZBE0UsgNQ+ivqne5KuShu+xXLVhSDgBpsj5JKRGDu+jYujvC+RHz1tluFkyBthA/CnTjF2Z9Zx3tEklu0hvr0tNygAEOJH+h9pXqCAuwfnL/tVHn9ovdwBOh4n6q07QT+TPjY+2y6u2a8HBzd3AsH1ALgeANcD4DYUD4DrAXA9AK77DHgAXA+Ae5cAuF8usq1tPRA7E91tBlXM14KDAxcK/LWRRmU4WC3EK8hbcy+9RGM3bP8LZOMSB6QwYBtqxuNkkc7nZLiF2vhcZcPGio/KJvcji5uLOCMMHUdLR5ScRgp2V8WLW/bjpt6EpchyYMERYkaKpWAWf8YjZ12kBGBLJoO02WRE0tAu7RYlBoMUgJCPz3jTKHcABcUrDkjpMsJr83kzuMIMWHWIF/vU9HWWKjONNSdP+YI6MMe0FdDReE1ctqrvibkrRDNtggCHZBSSCxnbeqeNpE1dRTar1pVMwLUSO2MBIAV+dUFRqag9wAcwdyg55bJcG2rFke0pXqWnaQ2LZYVMwFij7fEwJZqv1lbI6wiOwFwrxEUeLWbQURKH4RyTqV4isKwECk2bl+Uh3g3QysONZi+8dALnqkK05Esj2VL6VH9rhyuXi3DLkHAgw5w3svZ4ULtRjOUwf/uyqzhIs3n0ZsSwZGBxrtbDXJS2jEn9QOwqX08mcTIpKmjVLZzKIEmUoas9i9Ld8yzKs6jHwqK+OJh4VKQ/ciByT0ffmDf1XW2UG4uOxrWyqN/QzYrm3oVz02576ZgBAU1wg713Qr1n0HtGt28wV3tfU+9r6n1Ny8X7mgbe19SZEt7X1Puael9T72v6aHxNPZqtXdzQbLVbxwOh2W7B10uJPuURWgK55fglEKBNSn7SokeMNQqq7QwW0r9I1b9YX1wsWrbzSl26a5ciUk3Kym4TyTnNEkvkaJoR3zM2uMhlCNqGYFJGeKMXfPxPVngIjUjmfMBMDAMbneHlF/+i0Eatn5rgRg0W6GBQRHHSkJqqcH91pzjGxyt/1Qf5h84YaNHgvZ7HlLMMgz3L9ox6HxSY1li9jTXBaJerUm8O52UQxKlKMe4BID0A5K0AIPk08QCQQal4AEgPAOkBID0ApAeA/NUBQFooLR4K0qkfHgrSQ0F6KEguHgoyePB7BUfqeCjICjE8FGS1eChIDwX564CC9CiGHsWwYxAexdCjGHrPMu9Z5j3LvGeZ9yzznmXes8x7lg0jrPcsqxSPYuhRDD2KoUcx9CiG1fY9iqFHMXQfqUcx9CiGHsWwrVGPYuhRDD2KoUcx9CiGjcWjGHoUQ49i6D4DHsXQoxh6FEMqHsXQQ4R5iDAPEeZRDD2KoWdRnkV5FuVRDB8DiuExej5scD68k28lLjqi24B4mu+v0fkBV9Y6if+2RjQQocCNNqw3+vEOc8Og+0L6v/u/w69qNfa4tVpeLQ5+Jqg2H1qfYDx3iV1gR9pVzXb1Bi3BTU4BtR6gVRmv4Zsa3sh9T/tBnqwTXDfuHkyvKl/q+7+mvsEfWbqetzlaZlIFIi8UbIDcjRC+R3dvCgvh+fjr8VfPNvNSxBW0cB/cX+j97iGRbffpmjxOR9nTlqHxOF6Mn/9hfDA6GF+s0vHXo3A5/cPXG44EdsOHLP18M2Aw6pPO8Wzcm0VUDOsLfLD9nojU57SLWu05b1Ulzf0iN2vmZ0bKLPngtNQbl2MNypbSFfuloyD0JgqzhLVzWl0gOe1+86ylUunBKJ4yr4QdAu//6zjN5vsgVa8/4z9HKxQW8a9v9s0H42/Gl8Wyyb+gl85yG5PMT29gLEtHrvlefRXwZ1vjnGl+vGy9KyjDpp0G9GrHZt6Pisl+mo8E5aVzRx9FFzFIU39+93H/DRI7+FdyeI/+fvNss42dE2E+frzdCj7VtWx5CZutUV6y5Ut8fVUAB/8JNP0fhLyQF202RnXGc1DEGGoEIZdspHDOr5cK2mY/SkbrfB8e/xWe/zVfX2ha/BWWNswqvrr/fB9X9X52mS9J/hg+De12xlFJWGh4zGd4w4OWI7bhzdIp1fS8wvtbXjEMueEFzScbnlX2dtMbvN0anpjl2yJ6NhpbPYC2KT7MyYc5meLDnFTxYU4+zMmHOfkwJx/m5MOcPIC2B9D2ANoeQHtLANr3BJnc143fNn72Y0ExfzAcb4WMfQHjYSyeTYCxh2Bhqwo8eLUHr/bg1R68mooHr76FCubBq7mzHry6L2LAg1d78GoPXu3Bqz14dSd1PHi1B6/24NUevNp6wYNXl9z0PXi1B6/24NVUvFeX9+ryXl3l4r26Au/V5UwJ79Xlvbq8V5f36no0Xl0EXo2hDHKvfxv86nI1+tLsMr0OUOuouHGx0B4WBeJOMZQN4sBabjwKgbo9ZJdiXoJwxmpOZF/OVwFm0fkqODQOEDDlB9wF0BqzG/0SHejQ8RhxopoWwhGDZpOY8vwA1c4UDoNBSoFHDH9kiOHY4+/RSQoWcQFr6Jbz0lDVLafnOozJdYCwpOHBFbXQrMcT2altDhxznDWpUk+c1DBw5jwsu4dl97DsHpbdw7Jfelh2D8vuYdlbP/0VwbLvtV65GVB28/7Ru1Mbrx3+6QHbtwvYjquP5MIof/15FWc3R/DnJvv9VWNNqtMR/UKO7lXR0+5C6+bX4jjZhRUUnugAwWoRJsahfMtYVB7T3hSPae8x7SvFY9p7TPvAY9o309lj2ntM+18Npn39cG98zUPfY/HQ9x5X2uNKe1xpu3joew9939A9z6I8i3osLMpD33voe1M89H1nDzz0vYe+99D3HvreGrGHvvfQ96Z46HsPfe+h7z30vQ+S9EGSPkjSB0n6IEkfJOmDJH2QZAd9vvQgSQ99b5cvAfp+GOB6ka0reOvml2649dFo9MQS6VG8jz7DJs1pOwtPuHr+hA734BUBs5xIfUccZopKlI1bS2i8oeWbi77EI9ZBM6wuTnAAo0k4QpPCy2CCXISVo33+G3cU7CT8kGvQC2gEC2+MC/9iHS+mXJ8KegmuDsbPvxkfPMH7ANDxVPNsUhrDhuHhqDuNl3bozROFr63c0yLQjaqfPlGQuwwtbTg8envDGr15GfwQXVym6Sf69Zr/VmRnRGNGgDXrVi4t7YXMHSFSSBUjeavyEp+1NgGtF1aENr4vKNiqD7rjJxFyLZl4vTRGwdVz608FNT7P0vXqZY2UQjRFaCRBmmnFcVShr4iIOjgm4k5hEMpfKg/ewG/0cLVYZ+GiNCtM8Ms0IyQt3dZSHsDCWS/CzP7kCSKlp7h3tGyB3OrKGvvApANnFAWbrJcX6AOKmkcykkvYwg5LK8JsHmkDk4mnzCM1IXWUfGBMi3gSqvOCF8NJ+cc6X+zpYKhc4kzfdjO6FqQwwiJAc16BgFl0WXjKQeHPWjup6ztp6q12wNu0u9w1FzKOO+gIdTR2j4bY2rUpHgwTurs0bFRh74cLOCBe8ErbAHy/dB6Z5d4Dxg+Lnn2H7YvwI6ubpIiSm6RyP8Froiu+kxb3UVK2gbcHYrq1LD8e3t/D+3t4/y8U3j8qnBH+T6PKnmo39f4KQBw5/vtDCvy/z12mUU04sr4vkXfFP1EkM3Aa7bShIQQECIacWKbpdYKB4dC/PjCWnRPgTOlyZxwE35O52PJ5l2d7wc676Bo2yg789R4EYPirVmsE52jT7QxX0fCAq2x4wC0MIXpFgNiE7m/LVahFBTXHy/XSEhIEuYaOSzaIhHDCXS9uNIym0uFMRBkJBX0TcRDs1oA5rZAeLUohmkZK6X/wPoUOM6i9fhlt6bgvvhqk4ypZcBM6KtFH70pNOMUfVO2tAZ50UBDPZuiIKYjlKF/H+SUQpbhGKBEdBvT3KEvJ1LxOtM29F3+o0yAwkFg5bLsJMPBNiHUq30pcPKqPBGLBbqeWJEq+o7ycDMSKEBJRQJrtSm+owk/RDYNK2G6VFloLCmvZVKF0GK3XyL1tjJzLcVHFflHLGDGqUBqiWDhUjbfgWNZt+OJm9n9H/x2pqanz/O7bRhrJ688ocZTU1I7prX5SRjrgmVXdUZfZyyZxRhWOLTTvET8+fHfUvLo7AoVrXe0M4GzvqXIklCe0ijQMAi+tPQYIZg9jFKgleQu93NooaAYoMdPKQXhhs1TbaNOfmgUdy1rjD2sUIVBjZWiULaM9582QwxXstw7UfixNooT1tB9UPdBUc+5+J7q6qc+2PdI8Pc2Z9rheL+MVX86Kp2j3BHBhccFk6MEVepzsBe/SAv/zmm76aTqP0iiHX+mXW9OHu7Yt6ghTjCm4lELL6JC31JRcQr0jQ0l4+xi5pgy1e0VcWmGEWD0xy4uIrDccaNtUv1AP/mETb8OmpBk6XfkJ68ALtEkpp/VQ2RMbMelNWUbZPEI73+Syay47GZL012W6u8L+7FK6mUDG24eyj6UryhELuv60NTrS89XyQm9egL6BDR4SnUJvLCt0tdjmxj4e2js7btvM6hMfIQgUD1vsH3hS0Gr9BRZTnCGwF9lRQcS1n2nMel1Na0OU3g1nFD6N2BcJ3WgWfH7R7Ur5lN4DCR4jLZHfay+FHfjXzl5LUAUWe5vuHCc7KqKmsvn04UiuGTv0bGc8+GB3iIjdwl2dEtU2kWLP5Ft1hoq+TQcof30hx7sWDBVYWSn7QJN7CtBvPZuBpI8zqDQHItk0Kih2q4lq7yuuR5yqr4zvz7UU0jia72QYg53Tmu0r7vTDcopAA2E2FeI9zXWtD3ShrppvbN0hN171Oq7xpQHcCIvTeeF++B+aPsr5DzqkikqaElNgO6WV2oKi8ULbRklxdDfN+IaqCM5fJFBWsBrTBWc0xFqJfSCcbhxd2XgBegUgz7ih5Qod7miGVEe2ESRTy/xAYh/Bv5FxaJlO4xmh2ojaNCDdTrN2higbI1DQp7CUDFFba+09GAN10x+1J8DB4j7Xf7bqk8nWiSjRaTr+vKdBAlnoR6vyHs6R6gpMO/tndzRDNsj37978j+D4O6qH2uOj5TLMJYgV5kCBrHaR/nhW8Z/DDu4ZWycsmXVmoeaJcVvxVY3427WjLsPEVLgK81y7jvPSZ7TpRS6mAYznNLtA3NWJQ3/uTLJ3acHKcsVIDSI0Nkx+qnwVk60XBAhYoV6X4IuLXVCBYPcmdDul5nFBNlyd7Ih6alBKgXBL9DTVZ3dHKzJYwbDl9dEcJNo6f8YpVAkMam1NeQLYOXrPaqEN0lOVd+/PZB3AfHx98C1hS5IT8R5aB2n6ophAg+S1rw6eB6/k1AMZ5puDA55OjiTvaIovWjQws4F00guBxjCxo7Vn6TpRIaocM43JXYsC17FG1qFl28U9VSopBBzftVA9DYI5Va1CrXWDJ/jF6JDeugSSRNmz7hk7JA1/yhJbPAsUt8DRdFoXVbnjQxn2z3KVsjdb1zhqt7Q2B8Io84lGMIKH81R80ss3uGHp4vZWeS0XHSoJlgcWBN6yRiJKf6O91ADzENdIs3mIl7UM1iseKH/vYh+75AvCBzMZlJ7p0xfavxHrqbZYsjsCibuMOqd9kbrsT1w7+exs9VBfdOldTuf5VnN3KrOGsB0dRaCdk8bBsYVFTUIPaRk4vVr+Bw60QIz21uBXLORJb1QGPGY4PXWojltYDXKNbHN041UQrlBazhBtjDrYNX028sRYcx/4eBlmMbKkBPb+VJCmeUToI6m5QqTAow0kRKeZTHnSda2V3otwuwxdWDr4PsvF//tLYmt3lIPVvvXlX2SFR6A+8yFb3gEIic42PtOlZoARVcpGEmxoR7Id7JgqGMjEPBD1HlhhmuAarXjRdK2Ld7CCMAGDsDzSZWwpDIFdkD9O2QhtRjEyspl23uFZn7Xa3bAUZNdRzSmRWHANu9bYW6FsGBy9O/3rm8M/vX7zYLvDRAV8UdsivcaYSm172cbmeCMXaWpCp9GKGaG6ohTfLZS5D9+80e+JIEj3cBgZ1dEEqWXsQ6Fi0cSQpVbPHFRzjFOe4DlMpict4qv4PTwh0OOYEyDYKDWdaxUzEFC8X3ajg72oz9XASob51Mg3GhvIQrcR0KSIv8jWHXNJillGO1oWMUW4k1KYEooyjEXQb7Ur/aNZib0XDEOugd6X1qyx3UYJCgglmHfoMAIl3KRr44SDBLtOuq8xAr1ID9Xbat0odi7LlXRiwwND5V9Fax4jNjtZH+V7UD7QzFUVHGom2oxVOc1Q1xJxuWzF0heia8rtgnVNcbw+Anos0sknmmGVbGtQF3uWDhbkAwSUevjuSMe/YoPazrEDCyhCh/Zkqjqxw4GSoDdkjBvd24yp1mxZYVlW0pPoZiR4bGRdxOD2BfGO3vpLUV2yJftmAQ0DkZPrRkm7FWY6EmaKWAK/MyQaqbxivY2jJIyp0kj2LjNogoKFTRCyCFBc2uID8qAId/VEJC3TuMl81tu67VU064LsNeUsZeasu4JeE3joA9uLpjnKWzihO8EKPftze2PQ1HdfAWMhtPPrGOSfr7/6Ktj9mMAWxphvsgy/xgQyN88sl202IrpttmbgrXIxh8WgXaa3UCW+kE4/7VytjqReInRFf206svZY45YxOXCOIfHHpjxwJLIpzjy42wDAZSjthkQsm7L9SMuO0GVTnCnVGnNqylBCDYhDNeUO6NQakGqKI5n6HDewjCyZpPM1XOidL/TYbUZBG6YNFwf7GJYh9/XVytudSHoar/v7qzIsXlybvOxQgIsIlK44zSp5Xh7oShuHSkHhrbDkLtKuTrOzDb1Wp/Vh1xhz6pEZBMRWysCCV9Liaw4Pw1W+Jj+FjnpJsGCvB4VoGlhYlv/3f/+f3AxkhZrIMkJIjjhftjMGN02AG2zEDtqMRlheqUob6VTPfDTKqzAGfWznkgCxkGhlRF3JV6L8diz5WN8fF3V0y3JhizGlotg37pJ4/U+9vDHLYHwUFqHKHdrb5YhERk7u4yrvuKpzQxS67al0A47JXlym1v45HJj3g9dkl4fDbrLLQ+I42eWeMZ3sco/4Tna5L6wnu2yI+2SX+8GAKs2PO4Nw0dc24Q2b6WyPSGsbREUXzW0TKm6mvd039pRdBhKt52pQlc0oNwiryi73iltllwHUc8KzsstwGt4VzpVdHinmlV0GTIqDXWKTidjINnHPeFl2caaYo9a/qd4fBO0+5/qNQbNBuoe++cIJMYoVtmWkzckiXU9H6Dyi8zlyQz0RYyRWJ/Fiz1ZGjX/fEiVfEQcE3krlH+26daS+WzePpzC3uH9TGtFpNMkiAu3p7pvjvE5LVW6b/KbmJlSDnJ5KNDDe7TTNkszEXU1EV51OJHTYFp0wEKrcEg6i0xOAgCI6Yzk74SHKQ+2kh+SBOkqR5NuwKH1nV6hoIa0EU/7VDsWpReF03nq9NYHeIYfNcm2lVnM7YCItI+z3aRYOJKvmpekwNLmTrZq6RhuaxEepYnGqxBJ1VJySEz77gyRt+elva3NzNdVsx0zjyCkdzTPDmOR9mmUe3iTzGMwxD2SKeQAzzH2bYG5pfrlf04vjpu83uQzb75uYWh6JmcWRYv3mlWEU28Ss8jAmlQEEcjClDKfSRiaUBzGfOF+KDzCbDKPXXZtLHrmpxHECek0kw4i+gWnkQcwi29L7NjOFIADeUQanvIQmbiUYo1KnUqQKQowNl4i4RVODcYcaKcjywia1KkeHXZS3plgVH/PtedS4nJH7BHkVipAGTR/sBcsoTBgmUxqj7FgSlkb1S1wu9hZT2VPXFvEylmjszvCM92evXzYOWgcRs3/pOU7PpFhwi8GIUlrCq+e3UeiUFtSWYAuL+9R90LWpSSun0QrMplI6sA5NlqDhfrWslKC4gn6mvsaGEKsvInHRzJkI8OUMScq7v8dDptKylawX+34ZzzHQd4FsUbLARxxKaEFi66y+6JAACyinFab0cwxBQ+DIxqTHqpAvrVUlDlPTLHiFfpSj9QoT1MKBITKmqRjDyEHYjXIL3y41MJYzkvg6vR/0d7AVNLX5FDLRx/MIlaQ5cveMAT7+olkLtzYOfmgYSDPiBRcK7oMxQfdG6WxUZJE13QRprUe5VxG+7XmyaEHRD12aPfrsKj0jNI0h01bLWKHMKbJggAH5AOsnTFzoBSJExCVn8X/L0XrAweZd/eBg7YT0TJy+OOfsDFMMFLGmjaCMNdXNTCEiXIZbLvsk8Yvs5+y40u0E57JLOUUCAY9x0CMu9/o+wL2P9hNSdkukVyA0naZAdiGfhaSlNS18tSb6mYYDK7zqk9zc+WATHrbyy7N2grToznDwICokaseKxVfgGXVfrI6Tp5ci3W6eI9Nay3PLktzyRs2a2PjeZiBMzb1v79VIx3+Xfm5DauZ8GqVX27Ca6dXSUlD5U24D11yD4+9Bjzor4cEaRFuN69SQHKBhOqrpAgS5vgeodHOEV7Gev8UQiqaMph2rWD5lbI1NsLWOE2MJ07Ifh3GFgeR+QASbFOi4NDnnGU+9oT5F6j3YOsDLvrP7R3z0u9Jgbb47Lr/dULl6eZWuyENVA8Xk6wnwz4mSaPM1CKU48Thxy9b06sR5V1nEAixitcWLqLGDxkRLAYzA0y7SxjSxAvFQ6gCIKRTkiKO/XC/DRM6SFYcANd08wkLOI+VkK2ZiCcfCA4rWo6SFh2M7yjLy98TZa5Iu7ODNcKIQJ/C0jD6vKNBU2O0s/oySjI0SQEDBDXWS9L9LR54AQuDhjCmHn3FYt7KRK9AUuVVMlxHajufN4eOzdTINKfkrNn2dpepMtG4RzwzoL5pkA8kqUfaqbbSN2iK5HeXKsgfhbCVrWO20LkS7t0UrLdk2dR1lJbVdZEKuFT5WnLBln/GNBBGMoL4LhIxQYcRN6wlGuFcCCgkp4i5fr8o5fpvGxZRp3KSoF+SxlTjFXiRxAcfEDDpOoblZrJbCMs61t/e0eeEeomJIKxP5ib0w08lknSkoULY4CC/Rnv0ywU3UFT00nE5Z1CZ+pa8DrJQjovzAlO7L1tNwPZ07A1YTrN/VuoGxd7HfNdCFQCOj6UZnlD6Z2D8chXDGQmF9r53PylsVRVNBDKrf7+a82kbetSyaLSiCvo5pQgNKG09mWDMw78iVlHThOMKBSdhKSXYGTigKGHpamySH4LDrTMptUH6ujfBltHqPAb+EJaBu1CXafYdklp1tTrQjTn8Vkh8nr2Gq6qv+McLk6/j40Abs1hjdfLTxW3zWc5fpivQqjZHZAEtBvt0SXgwMm5F9JOZDqlGyjR2iL1VLTwh9cQSqcbiU+8JOuHtQ7VFdLvc/HwTI1Atzv6VEfxTZzL+oTH/WT02p/lDDNjNN3VSTWE6XVVN4cGbUglWv4s1uJT+ZUn+qrzYmM7MyDw7OuSauQ1KTne+L7ptrmhyn7Cp/VZuGah4yFNamSjbKY0KgUOhOJc2s3g0NEqo+wMpgwMtVqUOH83JWNMSqaeyKTzH3G04xx6ewTzHnU8z5FHMN8+NTzPkUcz7FnE8x51PMSbkb1ZX627QnfPY5n32uWnz2OZ99zmefk+Kzz/nsc5UxXfrsc2399dnnfPY5n33OZ5/z2ed89jmffc5nnzPF5yv6becr8pipHjPVY6Z+SZipFnCOR0/16KkePdWjp3r01Kb58eipHj3Vo6d69FS7ePRUj576m0RP9UCezcUDeTYN1QN5eiBPD+Tp1icP5Fkqj8Ey4IE8PZBn4IE8PZCnB/LE4oE8PZBna/FAnh7I0wN5looH8vRAnh7I0wN5eiBPD+Q5nCIeyLO9fg/keU9AnthK3OIVXr6F0C9qUrPWUWg0RU3tPhy31kik5hZ1g2Q+wtYMfoi+/kCLb6fJmj3m2NWu9b6nzyS9gFk7ExhLxhW6bYTnG4TiEVE7MtOhwTIJR4WONDyMeF9wHA0dg+38h2172uVcI7KtE+BbC/I2N62xzWwqgW9hocxtn5L0Otnj03GdK8AQ6i5W2M784C2cEeasUjtdO0xQOcOd0dZztZYR/oNE8Jb3evnrsg2clot7CC4joOL2ZVAlgVkVmFAkisr4yPhlRCI9fT0zJGI2BSxIWOCmA85aIHWHjZcdVAn8dmaASnmdUNw4rlc9OhSBWwFZypVqX1pcGDjgyWWKsV6wkEigg8ZwyZVFSxuLIZivQ2i4QBdVgkhyJKwgytyOuDkIXFlctMYwu5L3VOpRIgRxNQ2eMAHy5iU/eMEhnqRob8r5CoJcgIPUwiNAXTlegogYw65ZtNt7aPPnhQqP0xw8RnEzFrzjENFIJ6DDofa26DBv4azq8TC93348PVOyLN0jEN/hM/qP3yFC3uYz0CATtNBfZAJzS8PLd0/hY51liA1F3dkLPibE5TbuF71w202HeF6oy2qObO8ruiXC7ZiO5cZsDIrKvsO+e4vWkrGudUy4YRbUjLYR4oxnaZ5b0XikU2h0N4ZIvogmIarWJibKCBCtnTCBN7P1ItjNQbEck6lIwNtMFc/YZyO8iBe4pAheB/3oYXPQkRQvEUI4bDcV9kxWl8g9ClrjOUZUb8MDB9G5KZjYo6d79PRyOfPo6R49ndaTR0/nJezR08vFo6d79HSPnm4Vj57OxaOne/T0PohtbSfQEfUuEOUNVOLOHHEt8tsqi1OyjATPD0r9G4AB/ugx1R8SpPwLh3t/PEj+9atBYLV5OomNalk5u1t2hRK7+F9SV6lL35d+q+1XBTF/AQPkGItNEOaHg8qrajwKvEeB9yjwHgXeKh4F3qPAf4ko8OjZyZKOGyA8/DFLM4PybsxTDN6txZ87QI7Hdqi/940f/2WAxDcZGC2KN93a/F6FjlmyneUHB0sIRE4BeVuGn9U/DM4gbjWQj9qcsKD2GMEfaXFZXHWPPExV9e0fWytLXUkLm0wX04oA9990fXdR+7/r8Uvt8q/t1C5WjF0zAlX/syBD74+94FMUrQINymqEBKjs7Wnj1JKHy3WcsztvUyzyu7QgfZTWiG1VydYJcWO8nW4aiPi3tMz874PDynyTnU4YCykKuj6ppmlf/D54n/D1Pu8Fu76GPl3TX1lO9SkrX4KQX0lLA2cElot+zryQI9pMZLvHzE9X6M2odIFZivBh2IvmraI8phtv2LsJwnCZMhbDbpdhEs7NjUWn+zU00EwnZvNwEhQ8LiBS8rSoJUXoqT6wuoU6Qjasgoe3UvpkFD4ZhVXOBmJW+2QU5eKTUVTr88ko2mvzySh8Moqm4pNR+GQUteKTUZSLT0bhk1FUi09GYRefjKJUfDIKn4zCJ6PwySiqxSej8MkofDKK3v75ZBSt5TFATmLxySh8Moq2+fHJKHwyCp+MwiejsItPRuGTUfhkFB3FJ6Nofckno+Dik1EMJplPRlErPhmFT0bhk1H4ZBQ+GQWWR6Lx+2QUPhmFT0bhk1HYxSejuKNkFBjoKIH428xHUa5WB19eptcB6ohawLFTUIQFOmUVVvyljq/T7tlvW4F3VAExA93sZoUECikdnfZVGdAd4duCQwNmAEvmgLuC/jk3+iUScGYYsxJ1wWeWwwmfH6jwxlspbT5jyBeeMQRH8j3ix8CmKGAtbnkeG6q+5XReh3EhuEjoFRBcUQtdjIxDiabUB0TZc55lqVpPtNSw4Uz79C0+fUs58M+nb/HpW3z6luZXfPqWcvHpW9rr9+lbfPoWn77Fp2/x6VsGDNinb2kmrE/footP3+LTt/j0LS3pW+qHe+NrPsuLz/Lis7z4LC8+y4vP8uKzvFjFZ3nxWV58lhef5WVrWV4KUNP4B5XkxfzyReV4GY1GTyzP7+Dq+RNyvyT8e5CRDicEsvnEhvqxIUrEqD7+PBI3K3X/8NK+sXmi0kJM0K+KwVOzJ7ZbHj/Jb+CLZa1T2UU4GYOQd4nIIcR1lVOX7u5Juoi22skF8Cb4naYDGhxlKeUFaelxtl7gbI/wVu/PWbpeUcujYAcBzUvLYSSSwBO6drqQ35gz1r+fpGTrsMdcrxAt9lGlwjkl+BjRXST9cY2ns90W/sk5COjPlX7ON4Q8CfN5Fs2p9ZM1r2AhGNL7VG9R+q4Bg61GeFVhNCpStQ5eBju4eXaGTvkr05Otzrzu41T1kCef5zj48edN1udGne2k1i13nz0mt3VrHE2dllqtThCF0Wel2ud6Q09//7Rxd1iLs7Fds4StdX3bzsgb+teoyPfJOT7+OwMMNb+iTTENhKr1s967VYyQWQlh9bXuew4gUj+KW57YuzaZnzVephRi4W1ttUg/RUkWoSuEIxNr2hn1eiWygGNhBtWvr6ObpnOkVCZQM5Ko+Y3ybfQjWaE9o3qUfXbeTnSb0MtI7rjp6k+dm/ZuO7Xhlh1Uv/lHCwN7aAI8bEdEw52CqJzeLFtFtPvdLo2davq5PKUPTLX+Dja+0TTpD0n1yyhcFJeTy2jy6fH2qvH3FmKXXnm4LbZCENDHQ1DVnf9/e9fSmzgShO/8Cg57HMNGm1llkXJgbYdY4WHZsI8TImCINcZGNrDKrua/b1e/3O0HOLFhMGIuE9x2dXV91a/qqmr5QY4ISdmlaarEYh7rF892FnuHeCpdvZMc409VhfT7Bw/Vx1mSi86kNFk7TnJ2s55tqhTUB00yMflClEh6ldOLy93M1gUW/ei1xQKSvqMlrrv+pLaHOx8OTwtUxzetBLko82H5medz5sHfXRz0cXIr4SutJ99YGHgs5QiT9IFGNGhAPDFxHrdR0n00tupkmnJPbosVbF2nkLlowGKy/qRIRatcIRvgiYWbtL5XKrd/nNe3IPimUO+HfK5Yjmk4r6fdE/7sNO/vf8G1kyvCTfxMpIqbKh9rFWQ0KYjZZhPFCqXxTUJ5gfAjdAUbhDrCiXoCLyqU3PIDkuPHkDixkyyRImbyfOaLsS9fapG8piGZYv5D1RdjQE5UHmdUYU/QHBOuBBaUpiKNZlLBwp2t/CDauvNIodPZ40//qV3TmGpGtzcc2WNDtaddTbN02+48dh6Qon6XSLg+mph3oSPSYjSMoa2rE0sXiXUel+CCKRPZReh7uEpqjgcGbIFT6FJJQRqBBiJGc2Ijcrpp6Wp3rGuoiierOx101WdjqE+H3YEx7GVWsUQLBWAThp7okR7Bm2jPgQjrf5mchDka9TuPcBDw/QsbxOhUbDtb+rLan9hj3ZoiqYwmlqpPbX2c+GgcbAIvWL0D3/Tt8cgc9Ue9vxl/Xywy/dvaC6VrTYZjY4DIaS/8pdhbwARHCXf1tlXxPjPBOGJhisTy1Dd6z+Op+qyrL2lhQ6qGmZgDRmm2Rd2Cf46/F8tJhzVHGkhXt82uqvNSetfVUxgkbhLG7moZyb/irFPxVRS8x+dWWn19mVVNDK3amnZunEfJXePDbBJLGL63wpk/h1gOcOqlf7eFMUEYHDv7u9ZD616mZO48j95Z3TSWwwCUA+5h4295Llp5o/5shsGr5EcKZ/695A2mG8x4m5gx/pWL8GSULCFSS6oOn9eYcPn4RKa039g8JxJJzXOcWhhsg3ngdZpj1TxI9OcU0XRLClJ7yGJxDTepzKOj1MBHx/2w1LFnTxGh45HW3b6riGW09heJ4cz6ZujuXc9ZOTq4RRBvrCYeAYQ30axKfK1TAU+LMEjc5aA0u/2+1GpawSJNF+1luhFdH/769avksoPLJhHMe3IRdZMETqmTLVPqJ9QitMr8Ng76wSoa+Tr4D/LvSEz/ABaGkr7hNASkF7a3600bTbuKrF9tvEjzV8rcCbdRCml4KjKOoBn53rvghXIABtzMYeBbQbCVvsDfQJwx0oul60maQTxh6FRAc3vwisQV8DBr+ZsQYi9E46jphG6wYFerN+9Y79iidXYoX6CE9pDLJVoVQOYKG7Ii7LyYZ7jvEvuZ4RV6S/YSWs9gqCpNRlryNERwBR4zoCHWAFGOUZz2NXNVjgFPLYfhIROnvNWCkEAclFPtXkFUv+PL3YUf4VxY1NqR0ayW8Fkr2s8Lv8iNDvhylQa4G0Y7WOzQqY2IwcAPG0IHIY3wlpDTDtZq7IVi8m+y02hSCb3CSFRKBWL4FUgbxWTouUi33ueeUxw9yna1wKXbfAQ9+MTGn2R6hM0WaxdfGkgXBdl7/sFuiwMO/yTiVEXfdqmBqfvRktJxfRC8Mp8pEFsqsdzO0s3S5gTKOdcEyS+/QZ8SJxkmCgu7J1ARUbXf39H/XlFr4W/iM0kkQdijOsbGg4N7c/ZCBnCkkE7LmH2HayFuueIGCuWDFTR45E08dbnQn/B2lD3T+RWSXEY0eQ3vh1lGQOJEhHd1ouUwxywtpprl78ViE+Khealq6WgfRX9MTI39SDhaSqfJ4JGs4/E+ggHfd+oNIPZRqApFTKweUMbuGtcCaOxKXw5LlrTosmEUjvquDMDYdaEqKGOK9QBV9vq4MngFZ4mq8BVI1gPghK/JlSEcOZX1XAgGrgWi9PS/ZkjSE+gsRGfe5g1BmjhkLo1rgl6LnYEf8Bs/gPWBE/QczEmzyoKecR5fM+SP9WHwx6qqEwOtevRi5rJWMzBJ5zm61RECKUpDmyb5yS6c/9UZNkFiaEk27J8y2vwBMf41NdvsOe81NdzQBpzQdMNEhJC/SOuN0tT0vn5FppzCkJYz5qRxvUB7TiFw62fcOQ5xWfOOgO7NwvOjUazAxpPG82bmuSiMqzD0pEG+2XouDOYyu4k0vDeDz4nhPJ/JRwA3z+pzM/dcTDcuZfBJ9+ObzefkiJ7R6pPeGV294efasI+jp06gApR4zTWBtqKWCgFxi/nqwMMVq4CfE2vlBkseADvvm7OZSDj79dxZFwQax6VWijamWHPIebRuGvb/AQ1oThCiGgsA + components: H4sICHqctGcAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9e3fbyJUoiv/fnwJLmTmWekhKsrs7ac/JyU+x3Rmf2G4v2925Z2xPGyIhCWMSYADSspJfr3W/xv1695Pc/aoHXoUCST2cVK2ZtEwA9di1a9d+73iZ/pwUZZpnD6NPx199TLPZw+hFvEjKZTxNvlokq3gWr+KHX0XRPD5N5iX+FUXT+bpcJcXk8/jj78pJmh8ui/xTOkuKh+rROF6m/GqerYp8Pl7O4yx5qP45hzcWcRafJwW8lcGA8Ag+GZdX8PXiq/F4/FVszQ3+Tj6vkgz/VU5kUD3hRzBkvniVlPm6mCaPk7M0S1fwZmX+cZblqxh/VotIipWaBHaXZv+dTFfjaTw+K/JFZT6H/HdSfEqz8zF+aK8NF3OeZJOP69PkdJ3OZ9zfJw3Yo8nxd5PjTWEo0OHfpvO4LJNyUv/6q3KZTLFjmJMamIYpV0W8Ss6vHkZ/SU4v8vwj/XrJf/MrOJc0yVaP8uwsPVe/wae43mlifqjslHQxlrdqLxH+VPfUvLCMVxcPo0Oe6krNQU/8VfIpTS5l70s1/BgR1Px5CluL/z4v8vXyYQOaAjcFawRBXqTq3+MGmgoi8a+PEMj08zwtV39uPHoGv9Lj5XxdxPP65jDcL/Ji9cJMAYac8gNAofU8LqpfwaNymi8T6/TN4LdPFhDGUTybEV7H85dFmuFs8vl6kekRZkk5LdLlirDuTbpIohnMD/+Jo06TaFok/M/8rLnWKPrvMs9e0t5M1MmZqE+wu3IVL5Zf2Zhwcq42fnWFk4dP+IdZsiwSBDuAblWs+Uf+5tNxPF9exN8wNKYXySJWewwAyE5ePv35wevKz1F1Zf//sYVL9jKitIziCHANiM0qiS4v0ukF7H0WnSbRukxm0SpnECQRn3v8ZZnP83PAjMlXVq+Prem/uYBucXnRZTqfY19Fssg/wccpADJLEJiriyTKgELBo3kS4wHVncGxXgKWa9zjZhE361fXQrEhbPgreBGoXFLSyIIlMCMGJ88IZl3gMko42nrXARj5KdK5Sa3r13CMoRvE2/V8JqcR1zPNz7P0b7rvEoGIgyKIy1VEeAgYGX2K5+tkBAPMaj0v4ivoBseM1pnVH31Q1ufxPC8S6PQsfxhdrFbL8uHh4Xm6UiR/mi8WayDuV4dEe9PT9SovysNZ8imZH5bp+TguphfpCsZaF8khEh9aSEZkf7KY/aaQS6KsDMvIC6QSzqb1gIjCgO1BSsE4yF3xEs0u4E8IuldPXr+J1Ex4p3hTzKsNuKj9QWgCeJKCv8OrivpMstkyh82gfzA9j8r16SJdIRr8FSC9wq2rd/uIrkU6IEs8vLP6C08zeGeRzB8BVt/wXuGulGPcBK/dsi/7+ssMXuuBui47ttamKq/hVXl6KgcO/pUWeCRWSEvk/NvfVCHVTgKwCQfxkpij2rM+bKt/z5hXJIAbCRJ7OKdxNM+ncDYBVuspoka8ii7y+UytYhWn87Kl27O8iIgdQbKisPYRjxXxYPiKteo6argWTZsVw95nydPsrIh5doAEbS/6QAHbc+7wjSL+Nn1UmIHECfHVGpLQt1gQfezoGVcqcI6Ii1WTr14ZdqMr4yxN5kQOyvVyCcwAXhhnNIU8m1/h33RUKz0rHlBfYh0D6F2eRfEp3EU4jEAgOo3xqsNxZGCYQbIi4gPkZZ5O4wZx4ebeMRm265HvPkk3Cln/uqaDVMPaKTH0mkQ6usrP8MNZdHoFnynotS/Pb4nYui5n54rhblYXsaIIsqrGXVttHeSs3gidiDvzn5NzF7A9PeNJ0m1FoAdBa5pUOAU4InDC45n8iAQazg0/G/Et1Dt5bIazALKTwVBwO6az6H+//vHF4Z9yOS7xFO7mkgnrAoYaARIDEwdsh9Dc1/hkAuxbegZX2kR6A7i/vf/eDeco+gFOcvIZeNg5MCpy/vTFqxAwLQUHVc/A9sEiccLLfCYLvqSlrOKP0IEsBS76efqxg4aZtoc3jzXtvyNT/OtetH95AROI9vCfezwdzWrhbwqnzLSImgPgz8/xBPQMSywCXq4HEQAB1p7lVlc0AO4jzC2FjZg1pgnQhTlWYdIzJNzbyefoPnLJBDOA3sGESWN5Bf18xhGnFzmwO0wRYbUXMdCyMofZXCbz+ZiJ+Cy6BKYnP+sZT20hojLsVQzcq4vhrcHH7xA2OcJ6G3b+iGMcRC1ujeuqN0+Ikcy3Q4i9sM7CFhBDXU2RJSDCINBm+bREeE2T5ao8hPu0QA3E4WVefESFDyL7mLGoPCS1wuFv6D+7AhBrS3YMJer09kGFsygPdwEpxQ4Mv5t74fWaCd+0PgbSJFYjiDxt3RKLeMbXSJxd3fKZxf1YFzizq7FSuAIDiH+XKVze8PsuNmCd7pT4/fT08e2j5+FvYFU7OMgdcma1fR6b2Y4X8XLMX8XA7KbT1q8Uh9wO9zECrvVJz3TaZWXV/LZRS1VpXcpagpTB2jb6XaQlLSdbMmvXfp8AR7YG/F6IesQea5EUqLnDrRSOCDC/XObZDG9+/abWjIiK7+pOSGt1OW1TSaxhzWh9ydIX+8g9Xojuf8atOZK4l0XrTAves+hjciV8M5wEGDUv1K7GtnIMmFzUeZ26pECQb1ECRBMR6SJXeT4n7pl6pV0sElgWENQoLk7TVREXVxpVkCmFucTwJkzYMcxf10lxFZ/OuUeRZ04RDxK0guD0L4CZXeSz9OwKkVEojYuq1ShaO0Fbl2hiAkIF1N8AdRtaZFui2toto85zwAggF6JGBUwpCeSsMmakqOn18+I8Rr0yvafsPX9zIc0+GVx4K5M5gOpA7xeMD+gRr+De50dwHeN8RH9CynRj/HPdHtw7Wch2iga8f5tjQM8LnYoevy3ckYJngHLHg2J6KHW2V+h4nAMPRY7/QbkpBc7tKm9uW3FzC0qbG1bY3KSyZmNFjcfhcito/M/VUMXMHVDKeEDHrYzxh85QJczNK2A8gdGjeBkGkcEKlxtXtnhAxVvJ4g+b61Su3GHFigewnQoVfwAPVKTcuBKlFxK97OowxUm30qRdYeIYPu0xUPdvUt3e3GKkV6ztuFQnRfswGZN9S9eWEb9psq+Nq7sWr7OW7pRJfw28QDEnAdbFdL9pfzWio4z6mDJFUVn1miL3tlC+SC39CQabpefIE9SWMd3M3SDIM0GeqbQgzwR5Jsgz3e8HeSbIM0GeaW9BngnyzJcqz+CaAVs3EWTk05orNP8Ktzn8rHn9Ti4dGLwVc9JTNJ1MVVgCfk7TLl1RGx0iUGUKikPZyi35cbKc51fI8nWw354W8kZvvHaMKsKJynMMlpEXIgkhajVxdQIBW0xGUOjUhkb7qQECsegUK3xP6fP62jgCh+ygJbLIcUWSY2aqfZa1PescUou3AI51qdzSP9h+9x+66ISP4y/B3sU2D3Fvoc7giyxfJQQMDCCqLjySWA9mUvX6R85+6Wohdvn5T6/fEHpk6V/XiREOKhFRbA3NOGpJeSE4B5DJSC9WyFSsg6Yae++izn7eM4Iqu4K+Rj0+b3YQhIgQzKxXqZD6igmZFSznHKsBDWVGrgb+DDig3Px81aPoNM9XGOW57HM9HuadZXWsYMYU3/ysoVzRhgjF6u1eXxZWUKLA5rkOsHB34QsibM7YBdOGAkm63lU8g2kDIxtMGwIUbL7RDqbtJu7BNE/3Q9M8YyE6Zuy5q9huMj7CtNuPlDDttlVV1XZL0ROm3UIchWk3HVFh2laxFRb0hh70/ngL0zY945vEYJh2BxRl1TYYxv0RGqZtCuNNojZMu534DdM2AqlHTIdp28B1ozgP024l4sO0wbAdFAVi2qYQvu7IENPusOqv2gZvWW/ciGmbbtMGsSSm3UpUiWkD4ekVaWLa8JgT09zRJ6Z1x6FsMO0+l4tqG4owdX8CW7KtPQvire46iLdBvA3ibRBvg3jrhF4Qb4N4ezfYzyDeSgvirbMF8bbRgngbxNtq26l46069YNpQVNk0HcMgYz6368nO4B5ziNjnlRzBen1grLtpA1F7k9N/c0kUTLuhdAqmXUdiBdOuI8WCaYPoVV/aBdPuNFLeRHoG024kUYNpvikbLHDsNnmDaQNwy/NVnytvbFx8nG9V1aWOVz3m1jevcTS1EpU3n/Zk4PHMhxEXRdxkEzs/bn3Q+JEp2MPoLJ6XPD8ko/F5UvlpfapTUz+M/v7rV19YvneV2l2l5d8ss/t2ydytvbHTuqvfQiL2kIg9JGIPidhDIna7iTj4H0k8X108ukimH9uv4EERD1Zvmj7GStK0H/LkAV52UsCWjTNtQLI+u8+7nll9EX/+KbsgyFw5srJlVz86zLxjOWR4FZw7AinGfjKCv2Rwkl1FZ+sCgF4AJBbJLOV7Dukpbkg8n+eXskkgieZwXe09t1a8Z7QSzMaTYdgx4J7i9veUnBlJV90ce0VTBCAa58WYIWCVqGk29NN/vYqL1XqJPFG+Xu0ixK3ZKwOJxexkJaqaz+liDdcKsnZ4VJonyMV1k+muJKTXhw9ufgEUbUZNPfMCo1LSMrsHsynLfJriReQa4qLI1+eoa/iAxHnyUg7Z08cf+Ix25tzEhgkkDMOarLThTx9vuLmWcWF0V+fE71HwlFuAEWJ4r6z7dEAHsyuEC3PWBFpic6N9oSCkaYg/AUFGhcSBexibEtNg0Gs8J65qV2PIxl33UswwWkenpQfds2s3Hydn8XpOvE10fBQt0my9cgvQT8+iq3wdXablBYWIpSWpgBgFYGhY5EifBebgks9IZtMVG3+PtgqttwjVm97woyHFLRrdtjIENp3suZOwyf3FDjONtCjGgcZ53upnaw60EECZL1nKHDHGnKXzeUJuDUnbnW30KY6xWDLDZWfJpWKqjdK34VnF1+oF/A/qb84q0BG2TkVLrnLHuLE1PWaz5ikGJAKBRUpoCcIow4VCIaFQSFu7C15BoVBIKBRiWigUEgqFhEIhoVBIKBQSCoV0fKUl+0dKJHTwrv4b0NKtiZowuUyE5VBvEM8xg+kXIAi65BrgZkhtFHNKDBJMWGmBWT7U2ORTYPcfU+zG4pRufeS5HEOgIQiVrz++glM4SSZyFFtmzb4sLPmo6Zg5dA7hTKgyDNqA7A14W8YIABPpaCyp/0pM48xZiuvHinVKzoEMD0fZWpQmZhJFf0EpUPGTtibjAt48TZJMJQk5B9mqq2ymDAJc+JrzaaAsloDMyhKgKL2Uscq9+2652Ms7gifSx3QDsj5LsnM0iR73vOrtZrHq0xoO7Q9fvPF1+DkOMJSdr/SjJqunXWpHHxLqsuhz0/j1Ks7Od6L7GaAHp+O1XgCRtzJBVdTfFSV3aeu4HTNAkZOlULotcWHY/95PlbXuAT0FkbREB6tpMiNGBa/AyFbKu07dk/NJtPf2wfhbEPbGLKotkljRfXvpqma6WjrBAdVMLkTajw9w/uhrhv+vCMcDS3utIbYPxM+l2tw/rfVF5odvW7rqVgbFK7StP4z+693bt0fj79//25j/8+79v2yugewr0bXrCsmtHYY6yaFO8kZLxBbUn0H9GdSfQf3ZbEH9qVtQfwb1Z1B/BvWn3YL6M9RJbgTmVdwVUSyx/C9aiyd3jNfi/fimxd+CTqZdiRiZ3CwHTjLlFN0yO8VyQJ8dA9ojhYLOG4qMoaCz3UJB50oLBZ1DQeftCjrDHQ6Afw3nBADZ4WFe2c3qB8o5eXoRZ+cqDoFfUdrRLiV7qU4Ru5PKtx101yWC9tPQ/izy/girXRRtBald0QAWRirP8wTkfLMwWwdRudH7pWu+f2XAGd3DpD0/A+CfxtOPOOqHv/89mqjiFjTWr7+O8bcCEBPux19/7SyBIEPY65ipA5l8nibJrIy+e4BbXMRT6L40M4BjCe8tFnwyv/2d9RI7GsNLjlHPE0q7j4c4o1HVpcBzLtdnZ+lnBNqcbFbRt64lvDHzZ/YAcTItFwqJeKfOckRYUnEU52tHJQ9uX0cfKlD98JDGqSiUxG20fx+xM14adHOiVhnPlzBRmEoB4hODfUSAIDNofgmnf+QHg20tC2hqfQxUUIV5dhon/U5LS3f60Fzkl9E8r575OanFAKuQbiyWKy4Pgq7I9BbZt1lnZ/jfjqEvcgymi8+oUIV5m3nb4iNgGp7QmUxuApuh4w0A0kc8DWQkrvRLpI47Q0f+ZN4prtZ83csETeSd18GLH988echMKbNHctOh1FWksxnQRpCd50JqWC2norneONNj9GAC7UwRpzvbZasvJc2sgHmBrVzk64z9QJjFl+2rb3m5TIgBj2aFrsGBPXdHexFUENgCOxj2aETGRqa4MhC5DwhcqW+hMhRYk13xtObpIhVWy71XL1oWCywgy94siHzA63y6mvNo0Xgsdu0PdxEJfsa4cTikKzgfO8KFli63RInLOCWKTr4i8OATjdDFEnEm1hmNj8KrN6ZItxpZpIctsOUWNjXUsw31bCst1LMN9WxDPdvu9++AMTDUsx0OjFDPtt5CPdtQzzbUs9Wtr1hE/ybV/RxbQrUVazsu1UkxikCdyaWlayu3SzOTS21c3XV3FVSV6WUNvEAxJ3uEi+l+0/5qREcZzWtlipYP1WuK3NtCpahq6S+v6g4JNI1A9A3r7gZ5JsgzlRbkmSDPBHmm+/0gzwR5Jsgz7S3IM0Ge+VLlmSX6qLQxlf27I59WHBbUb4z2FABnnA6ZKW73qbE83BTDTw4zsSO7JrcX+QoW91INrML/ZFgJTMyLGQc+4j8oRrPZVWdUdWeCUBrUSjhJq5e1G4/GdoywwGEjdgUAbcvtEwTEmOzy6/M9eFZXskgA5xz/I9vcfQh3tinVDp98jqeYiy3P6B56bE0QmMgnyntvAZDF8cqkk070hNBXQETLMGNttuHcNt52bn5hcpJmu/1cd66y1y3c6tZx5o1To3HorcjxfXnoyWtOeTcp57k+//Od4xu23jQL2CowRHGxThTwN4bRLkuO5Mvrqr6ZLyu7i1OqpMXzWgo33pUfUZz6EM9mH0bRB3SABB7uA7lxwb8WcPt+oItCu0379D2o5sTSs7LlJtDCvuun4WI7UBHeY+ppuv60+ktM/XzaSNxfWyNexOKujNImubsdYh+HQ0ZHLUSWX/K22+kD6KywV7I4r3JClA9wwJJsJpu5hL3Ff3HSE7/aIV+TOhCQmRHkofjKk7B+FO1Llwc0wDja5/EOmLHgyQ0dRiMg/KDw7yEqH2jQpBzY9yBEJGXMdWEia3oq1QHol01x8UlKaSV+5k7kjx/QFSktjd6TnGdmM/GQJ9B6UhkhK+WEsV6udBiTBlCox2436J4v7jQliuboLzNkLX9JWJkjbrQgCKGnf4ZCWvnpeEIk2lIighDHZBt3d+Q1zmkyjbFr42005hiCC0p2cxEXKFTNTKUGAlzLPLxG08UpJIU/3Byz9VQla81p4yhRz/46o4S2+DfpMA/8wPYqOasInBfr0wkIm5YcNQbxsjysL/fwdJ6fHs6OkqMH8fE39+GP6Wz27TffH3/7/YPk+2+Ok+R49t3pt7Pvj2en8XeHy4/nh9NidvgRyE72CymBJuf5b54dH303fnZ83JdKBltFclJxFON1Rl2Oac2lM9+2aZ8Uhl/rEaUjFI6p3YaW2O73u6+2Tasgrqx8yrioP+UVa5RdGCaeT9dioJMd9a+XeFK95I2e6FNcpBgtpPht4mQnpAg3j3BLT9fpfAXP9K/+gzMWWU7uCYtPCS5Cmd3EGvJ/Tp4/Qxwj2jhokYNrXKqVXPcWq3HUFut/W/sbl0N39GfVi/LP1KfGb0/xtDY29ZpgPaDml3/9ytxVyYtfQba15yXvqfXn3sKmhMkBQrH6RBPsPFMqXa2l0mS7ZzUNydi9of5E0TctTmN15kPMwU7RNWZZyEro5/24NwDr/KqQV2aKn7TPEZ/sdHakf3ila6MNm2f1Y0GfyowxZtfjVBKeoe11pSJLjaaof7nDLlR3LaLeNXtT20rNoiZo7CBnRRJ9Qr3rjW80toajIojDMK1QABPxHs/LvPHEc5j29Gb7M5JYKXaXtU6EujSYPk2eTDgj7Snw1UnsznrJreoaI4rqDTa0tZ/mhnnCqW1bqyNcDzQW9TrDpLK/TvxuH7EX07UnVqMyMn2fYCEWzxkwdNGOBYg2aczHky0cyo6Lqdn35WbgbzulvHKW4Oychj+X5qXftdtgLtZ81Meb1N/3rkcum/wSzsVNIbgeazBq6y+3RmrsKaBzpf0DoLP3y36SyNi6c3texFu655Uqb+chj/Sso38NY9vm5nhLSSmdr3jMp29fbST3sStb/2BX2Yv1Is7GWESMJGP7ucObjp31XEqxXixOMhxw9rQzRaovMdQd8YJ8tEFU846txEb8k366T/bT1Q0ogt4osVWbS2VeygFVL06pgsjC9AFVqR9GESmZL9MyUUkbOgfCoFcuteZa8ln0xAYvKrZLlRq/fZpA1FUE7ua4IS4DW6OGcj3Qdt/M/Naj0921a4PPfQcbMkW/J6WoKp8oO4R3WYHuLgziajhkvSRYO1HA4ZnzMVIj+Kk1vW4zSZ6SDF9u48uuVfJKnGutrFJ13O9U47lGSSrtzqQ8MDuTN7MwhLFUE9WHxiT0WsYpe5qTxbssTdY6YzBzc0Y/c6YnRS9Zl4Ju8fUU9FphXyGu3dnnuFVzxmmkeJRnZ+l5/xb2sAakbt8ITRtf7gpNVce1jHh9C3UiTC8sXP7cDa7by4TWm+egmycb0ygtD5zL6OarNFXbxPmyzhGUNeOCthDjCZoSVq7bAzLEOUqpedTWssqKFZAZczbwZieN8nOe7CAItk+lNp0YDyptk9GLau2lslDnsnpX03+JuhN1+tPBzmSd5PzTb/p52shjR2ZeTd4jTmUJLMRFeo6G4jn6huv8hp39xq2b4ij3+hhrBmHGrdnDWj7MmX7CdR7K6DyXaK5TVGujC47erwwIlG13iF5iKQ5aXfR/PdfAysgG+ZpcKfAGK5X7xjZMkVdKzDtydw5KjdmW7lAntuyRs7uTXjo/tBNimrSXW1+MfVkn78ju3ET2ydb8kwM4ZQ9twK5v5j5y1rsTfSoT3z3SfjEqvrBUQq/tD6De6hPdSEfBNl0dHan7Ifevy4t8rnIss9dmt8IjX46ZRksAaJUpFfcxTp6clEhU2ccJD1vvekeWWew0saIrUyqCZg/g3CKXFYa/99ohcYWzORj5yRNhfKg6vJGdvHz684PXzok1JtdzxGvddizCYl4+pXH0I38UfXrgFoxkj9+YvkjjVK5P0cVKgCNPhJlxdvhn7SIXPXr12EkcfLXlw+nscKtD2xjWka2CWogrxUPjpbfPZJe8eS/jKxUDXnoYXznN2qNYQoHFsw0pBPpRYnE1j8olpqOTtmVgDOB6tQb5CtNOYxqD9JOUUzRv+Y5gMVxrtK28FD/In9gN8gehEEB/GFvhgij7/VqVTytwb+uCpidCoOh08Wpf5iWldeib6Y7cNAFcPzpKXXEbjGbYaQWvVOo+dXZJ66Yl4Pgca5GuKGmgOotwMgmypaLTHvEl2P7Z9i+7uob9w0432D9StRbRAhnhsI+D9lH07rveSZVQU4Than5NT57ANEPGhYKrTJ/saH5TkOq1m7W9OsR+1gsIghzlDPUDnbdhOMnWvc7yQ3EA+1QIoIo9s/ux3PA3jAeeZvWdxSH4GtglX8wg8Ms3ojFQ/+KMTAPwY0dr1WzP8/hzurgGTKr135T21ANYu355B+xhmoH8jqGmhZTc9TtwPr5tZk1pdr0w4/5bYCYPvhyYcSHZXUOKe5WjZAQ79TtTz0kkV7/8zAJJep7lTr2Caj9QIICigqawkOpsycrRMgFI7AtdlNQgldiyMfyLDmmhM35dJvcwfRol/0C7M+xjdu6qa8zNGRPWNShHhQFTtYK/MebLPDGczKEsanLerZVWrRebBPq7uueGR4J7IBB1ap0v0eNwqqhBbKcDEIF9bWuL+PPT69hS1a+25sSfVX0Na1s3Yl222V8hgEhjv/vG60wINe4D4jNa2zVAkTvuAKPSq+8QjH704trgeH0qtErnFjzpCjclExLMHmVrzzh7qP4u863Xi21H6rNrg/Z18E0Lw0naEOZT3+BtBqAuOsbV+Vik0vG8TEYNkwULSgBqrqmIwbmUkzEb4eDJX9dU2059J1K1dLvxXJDc9k4FTxg5uJk5bTiL3bOS14RpaXY9l4z0q3ENTuc/7iWTZtd0yaiOO8D4j3bJpNk1XjJ25xY8/3kvmesRzhdG9LYhvONLxgzid8mcY51Fn2uGO954NsOuGXtWG87jS7loQIDaNaaR+32fQQVfahhVKlaUIHjWWp4lu7d/Uacb2L+SashBsH/576PUoN31Tkq3isAXcPQ/q1yqdYaEN3Xhly/ophVm/jGXg0HU5glSUZ3dMAehOvLz7WjzBQmnq9Z888wMxZ0Wtz8+XC34Izk3+jwAVdsRMnkaGwdE7vqaE+m9HcNbrZ1CRvDvwabbn23DL+zIQ13Wg1Y00oWNhU8aKd4XWDIxDe2Mpq2z9K/r5FpEeqvrqsGNbQQsGUkWTgkA5E9uSrj3N7ZVSADsyjgvxgzcXQOte6QmL6QLpqb9AfgJZ9SrilSxNug9FWcKLZGgJX2xXPWHw2uIq7Sq6A+Mv8VYeiSdSwEbdGbCoOekWKTADvRnC4LNNOXHLWbO/Ch8BeBtb2fHB35OWtTGA6SU2ieeaQfuH/j5/Enf/lPfaPKDp09fTCaT6G9JkStns+s5a13X7XWeuo4xGcNLFeCprlepqyTsq2dKCFNJABmRmjO87sx4TOP5Ojuj5BsyrGZs5lf93BCwa8mS6KN411v8JufQbLryxkXVld7DjV61DffacGjD9rerE3nrlMLt0N2gX+Y8s9nEYk0xhwXSq0yH3j15BuBEFOkN/sY2j7PzdXzee6V5skiVdf+sp/pqrX3nTiW4UD3yOMy4TvcyvZcxNC+NR1W1zuV7J/jRg2CSWDzb2Yq5N5Y6lvxktS6oDhYGhopmTSHCGdYe9E1Z83SluRmspDeHLkD6UPnyL6J9zCPOYhPzPirk7SCiyCcdEz7Pp1aKeqAAnXhuwp8rx1Ty4p5RoCi7xsEh0KTLd0HJBPgDAosFEhhg+rHkTCA6HxLcx1StJ4k+nOX5B66bKFrxDzDp1fN4+WFkQE97MlUJRCilcx59mMibE+zDF+hn9T2TCa4uczr6JW8K5ctmJtPMtuybkvBOwoBgdw8ZKjzXZ/CD90SB2ueJZAJhzyf2hAIOPykAhpSwfQCuSSea19KFDWDe3XtvXKQmmBWb33orhR4u9MwAnUyQzft9R90hHY9PD6er+SEm+UGEPzwgV8yFKl/knfDQBgjxkHRa0grs/OoqYEOnM146xe5J0DUX2hPxJJ4DEOMinmI+zhEF5354e08eYamwe+8/WGDVBAQ7HHSYyFO3clYmD775lw8YbZfEhbAUhBUfNH75HRt89e096RCm6zWrgbzfAu4EuAquNSUbD1Gn1+rnWVou5/GVotYNSk0hZuplO2G4OHvSdan23nNKVCHotEjij7X+tdFAVdm03/QnX5TSflRZJsx8DxeEhVhhxg+jv+PEf90bhGt75jL66dUzvndwkItc6VmVaDnBn/auEWOeaH7iBnDHDAb9TOfAzSJfVGNrSI6uJIJqufkxAaraEvqAMKrKLuBPiFSDOIXXKaZrac4XOlMZuuP6DEZoEWxJZe6n6VYN8O00B0RQy0JGoTkPlADk/HHZVVziiFNnNN9W4bccuXk2jAXFJmcX5tbsHP67nq+EMhbrDHPwR0lR5MWob8tQ6SCFJDwnEmuv8OZEmOJfYt4dOrEd863glFKlaLWetnrQaSQNFteAHNlKGc/Zcty9usgs4iM71QMe2jbKGGxX3BgEgo0PJlUR4erDCCaMXVFFFqwEcGI1Atz790gX8ZmlZ3YFYTIr4ZEk0uQ7oyd+wSaq7X3WnP2c5oxGePTi3N/7N96y/TKZn03gp4N/2zu4FlIKO1v6008OZ4vIhkKpo55mhArXSH55gqrud0ncP+U2NUFeLdgoXzXIq1BkSthUMLHl8uTA6zDB0GpQW2r3RQC8x02wgIlE4OmIbn6vAb69kf0jcJan6WyWZNWfXwnTUf318Xo5x2pTifctjikRVNpAFTooFX9aZubb6wkctrM1JfeOZzNryZpdmKLKiIvvTOcp8WAEf9xGLmSn1c+UfUgiQlQ/JjHkinxWiKY05us3XZ+APG7jDXHd/k7v5+Av1ZYP/lBjxbWQjLUviauc+D1iaGocuMU79WdaM00nuZRrkbAKeLHJu6zoqMl0nufn8+RwmszHyJy+y9705K4zjdh7tP471ClJpzbFl7lu17lMaKLRB7wIPuhbzLPPdt0brOQ0X2d6Ibwszy65xMu77Kkl+VRAY0zDPbXm7WaUfMx+8SWOtvSKZvmsN+GgaZZ9mhkMTv6D0HuXYZYRAumEnvkqW+JspnR8hMRTXbqGtEMAAOoY2JB90/nBBwKXN/fVD9RW/bpn/6wtJBXaQdXhjx3yl+8ySgaiN8AXLxRE30Iff06u3n8YkZpOGEnMq1+D1ZCOuU/KlU7ngKtSzLWv7CDMaFkkjYLHBHiLImfvkLN1Nh1ygMs1WmBKwSuY3f5kMpHNb9lWX3zItVGbjwZgMRUpqFRojbbcs/S9giny7VcWGN5lGg47QGP4OwbReaTomSJF/sBggoWdaFIkXHf58F025kEHQ5j9rM/kkJUPo7+/o+vq3d7D6N0ebSjcIcs8Q8i/vfeXdHaerO69nyyLNC9SD6M2t/8ZHR+92/u1Nk+egQpfFTurd4r65kzZD4QwkP4cyRn/X7/37PIo+h//Q77BGR8ddM15kFzJZT1b5kvVWMu/AGHbv4dX6D0e710mHlue/VPKQ2VqJQMj15BGWV8KDSHC+1hmfa9XVh1bZAQGBSryLjO3bcnWVu8LezpfzwSVdUw03Th2VjytSMGVenYNp1quEOW6SleJDzjgjPlKaz/yENalreszqR+vZAL+QGaHs3d7SiRAfvXd3iQ6af7o36ll79b28hgBj5z0ibJ4DeBhslzcVICO7hDJRB2PTjQyN+XjZCArMdI7AaseRDEcOMoAqt+ejUynZ6sN6tuxTO1dRuU1NSZxGRHtyFMsog9v4/HfTsb/+ctkfPhe/j4af0///Nqbz6vcpoD+Jw1+VI3tyidYbSALxUg5oeO8mElq16oDkjgIXHiKipFM0rhTGLpDFOTeL7/ck3F90Q3mBF+RoRUoPXQGXVBXE92TvDPLV/zMs+d740YPcXmhuj+0H/r2+Msv5dz08bK6M6yLF+f9hUflQdWYE3z15PWTVz8/eYx5SS9hw2R6MvW/y6+/wthDlEPyGWuCAJ9XEZwFOtt7I/iLQongT88e3+1l6/mcP00z/m9c8n9JZ8t/Ag9erob0ikx7mqlJJTwnnF5eyB/CEw7pND2Dt9WS0wVqxrizeaL+yPPlkB6X8fRjfC5zo01HpTf/kzV+cEtU+EPfriNhdoQIwNGMqwd/Vh1xc2btl190N7/8Ev2viPlDIMFDdBPOaX4e40/bzPGzOqrY0bXMsUhmcE5hmG2mqTqpEK+Znu8A6eUD9vwBiMbHhExn6ob5kM9nryuKGLh6/S9cQPp5Ok2RHsXvsg+rIs7KVOuYUVJ8l/3xSillfc9B18RKY/xQ7rMsddE4b/Tgvnp4uptO9fT4kuQSrWxCgXX89PLxyZsn3pp9UruXKof+u6z8mC6XbO1DjYfietk3wZsNI3XzGYqVk2swmfhGXSAXhTDrfW1A6S//qmIVBhRFyzFIuGPM9dpfldhj1s3ueWowSI97Zl9FANWGO9z61Qhgg6idE5p4/IrTrUfs7Rb1BPp6H+Lw6JmLX7++QTZibgNNBJuY+m4oV79qG+fsV2147n7VBhX768/lr9qd3t2byfWv2qY5/1UbTJN7X/V4re9mGdezqXe81zPURsV7xvqz1oedqocNi/5IGdNNSv7Ip5b3Ol4G/CscVXQh4EyewFZw7ZY2hHjKKQuB85gj+oiZDz/ndKjVykG6oiFZptvAUJ+CMJSdM3BfAs2Sxe0443dQm73x2pVGWp5jhRp5gWu0dpzbTiBgiyNJzW9Do/1EOiMYfElQe7HoiPRxJTvE2dUpWRHYPsvannUOSZ4qqIJJZpwukjl0u1DQh20qNUz76hcPIc/UGXwBdxj51qj4U2vh2mVPdEyyfrd4Qs4c5Bj9/KfXb0wkpmG2bHgIic+40pEqjewcoFG4SvCObDlZfA7Ab+z91jUDxbvocb6IU/9icz1bUOlUMa/Kj2nGv7JtlpZj6pJMxQ8m7Qnefa4zIABwPrIZFTv8wR64JLaKWCgU5+yd9grKtmLvRWbj7cTigQV5vyDJVAXLWA0gmzd5o6qOqeMCnbQf3K13UID4H0k8X108QkO09zY2P7WKrz1vPHTvucolPXyZvuLBIv78U3ZB87nq4wK94kGHBYIOigAdylCeZFfR2bqgIJoiWSSzVOdhIE2ECh1GPQKgPnqm7z234LFnDhOzh+RA1Dvsnqogvaf5fulwUMaHarh3f54HJMKv0Ua6Xr5JF0m+voY8RvURVGwqilXJqpKskVylEYEH4jw2JNM5FVEqzKGBq0HAyOFf1aKhL/AKSsvsHsypLPNpGvsEe68uinx9jgTvw2sMRXjJ7qPF08cfVLBabx+or5+tJfqJ0gGIZ76u2Yc+AXFhXMI4mxZxTT7qIaF/99AN/ayItbBLLpFXCCkW6Ajk5SpeLKN9Uo1JmED8CSg4yjT9CalhsDxbFfk8ejmPs4SGhL7jOUhUsx2PJNt6M8syg2l9D92Llf779/oxKzUJ4Y+PMGccxvF5JWG7ytdwJZcXUouZlEyMJjANWPZInyC+GJPPWgsMXxztLPGGRQjfCEu7+8wwjSFYVDA12MkvxKbJir3u7Vw8vMmVk7JKVHBHnhZe57Z+RudAd1FBvWT1yIjx7CzFqr3sVdWkZeS5VqD415/zgDmxkhSLl8pwflbkC87pokBlWFtC9gv4H5Qqzirw0p54TBs9jKGxNVWWyOYpSjdAxqlcHfSo2OSTl093qn7UFUh99EwVbKMyAJJkX5Ys4PGK/xiksRoUFL6JcuvpGU++EKt+HC3TZJpUMyVJ6VX5EdaZFonO00MEY4A7lXjDqxBBCdCnqPDDP+WC/RIKAyRwRT6DI+2jCItEXc5rfDIBeSk9A0I5kd5gV97ef++nBMUoWCmQMlIRPrJeQxNSDseJdP9GClzmutoiLYhqj+eyoDXGRn/09DXfo5BDs4S/o/T56160z24yZK3d40npwDy76qaZHCfDKdJz4HI93avI9+ITgPgA7QuYFiO3OqRh0tLKflGfLMAbZlqFj9fAHMx8X7MmAM8Dye9RXkFvn4kEXuQgwDNrDCunmPUyx6DlZD4fK+enyxgopJ+FVG2tWHOBcRyYVG7gAf4Iy7yus/tn6HsTCgRytYpAr8QbTKSyCNw7izXwWFeHRJ0xNDsvysMZGoIOy/R8HBdA4VcJXW9Y6mMM7yEKkdPgYvYb0jOOcek+vjuD4OkqS2u3TeD5wjpTW8OzJTEAQAkDicpD1Cx8SpPLQ9RVwarHeGjG4sF7SF4Vh7+h/1wH+Mhj4zphSAPcFUBSMOnhruGoHHM35SE8oflapROpjYe0kNX4HG9t31eLeMYXWpx5pHXFds3UAHeLAgunV2Nh98bAP45JnAbGAn7f9fas02sjuj89fXxXUPvwN7DOHZOIAebDimYIfTTEKLbKF+nU+a3WmjxSAvU1JFxsDGEiw42BSNgn9QbxTzNYUAFidL/cB/wZZxJkawOJbKwiQgOKmgHnyLBGQQ0cnKpTleis3/F5np+n03ge/fgKTjZGQfHxbllBStoElgzVpMxMegbaJPOW17H5qbEbdjRlzJoyS7uinNGZk+bAMdKJgGDoMZzhVslMpjRhkyj6i0oDwO57ZkiMvz9NTNKvc5BDffzLUEJZl5LGJsJqbawwkclGEsbSgyE+GoYBbhE8KT/hw9TfiI79BIZhHhcrP73vZn17pLTldr2rHOJYx3vj8aIvurO5ol+tvHtfPY2/r+KsPwnSNVpK6EBLWuCzVgNJxQBS2vaP3nmkpZL56c7HpeIoez9VVr8HVJ58boGqTZMZMWN4hUe28ab/nD/BNEVvH4y/BaF6zMLwIonVzWSDQZlSFRgIJqgc7EfC/ZjiZ9HjDP9fka0HljVDw3AfyHC/Mnv/tNYjGa6+bemwT4Unafej/3r39u3R+Pv3/zbm/7x7/y+70TZ7nQMgF69Q4/86wRtiZy4LqtaJwdWSB6D7Q5UByJJL2EplIlfaVFabObs/FTuFG81se8FRtK/616Z5cz9pawYemTJH3VbZ5zVO0gjMwY0zt29ytwq1PLjfiy59hmPgJmAur1cF+vo5bdYVdKl+pgyX0wsgKMr5hl9R58JNjkuVhIvNSNLDIF8SXz5jdU1mGm1wUP4JFSuE5HrBw3KeZJTd0YBJaxwaC/bW7Ul+GVErUn4xOhZnsDOn8fQjJRf8+9+jiXJ+o2F//XWMvzV80SYrwdQX1ltwf8zyBfyr05GqMh17+TPlgoopjBMgGt89qCRpVLOlPDPpYsHG3W9/Z73Elkp4qXfs84QyaaHzakZjCxMu8y/XZ2cppaKUimrf9i/njVkLrmKRIKKn5cIkSKqGFMbF+drhIWi3r6MPlT358JBGqyjJB3gEqS55sdDZiVp3PF/CpCUdp8phhqAhXh8u4jkmLhsCFRzHjToti2miuPog2ld0kvT06ueJ+JY2hyrfvieQHezImut1v6Iw9BgYMjLH9gsIQ6hIS9eamFzklyBKC8mwLI+c+G2FyLliX0o0u9JbJJnqeksCd+cEMHUkpihfSWJU5SpCqrniIxf35iFIJj0xnhqwu0c8GXTxv9Ivka0EL0K0Bfvf7sdHir/4h3CAo50t4vRaMMbqVxc0yVfx3KpuSN5DGhXq6APHLSP3wxl2xUDCnt2gJ0cdiUpT9SuioxEx/QxPGY7UB7IvNIKQZHJ4AkmJJjdPF6nEofjs+IuWhatkguIE8EFSGPOY0XgsUqk7HP0LQqif8zlQ88fJCoa4Brxq6X5L9LqMU85djRonePCJRnDLVSvKaDmjWSSziT/WSeca8aSHrTHvzqNGOZSV78EFhri+rVX3iqOlTNrAGE0Tk5zccprusaiT507W5/N1+5D3FS4sNcc1uoGpIybBxmpHcsunCZY6WIPBqdaQ07C70bnodTbIfDpdF3j1KxFmnp4l06vpXDN5gC9w5mNAFwH162S10xDMRfz5afbDPD2/8FLPepfeGV53Z3DRnU0sd9ZyjY2HmcIFEjK43874qYUler8uMCN9Fglh5Nj0FJPde439ynaTQ00dd1eqeAWzwyYtOenQJCUrTIkjc0Z8SL0GzeezpLCRJ9pfl1y0UAXGCP7hTYP03KDpAWryyHNZ9ItEongRvot+ka9gT59mIqzPo33kYxGpE77ybDgfjNrUj6ROnF/GV35JYCSpGXkGy9Iw4xoGo1xm9iEk1awajWmnnxHXwiGhn5LlKI5AIIZhTXm6GCt8TWGpXsVisKkkzFYq9bRUA9w/+tdRHVcsLoFlllIrX+F1X58oJjbkVkfXUDqNfeFhZ+StKemJJZAIc+BTjEaZ0uaxVl6N1q9hxsY1VDjJJlWSMZBAJ2qKnepTcKm2VVjDAGsK7g50+tNydg3aslfcebSm3hEbzlLUFRbxopxw9VDKVz/H8ITe3hoXulJMvkFz7O/VaLyUXd5DjLovc0CF3ngffn848bfHqCgXl/wTKU8BI7u0K1GKRCs9u5KISqMloLOK9AUpjXfhgXrdy2jvFWmYRtHei+QyKVeYK/tHIOC+dSjIsp3lhp/HFN6Y4WQk55vZ/cc2HLBWuiEmUmvBYzTfJNTjiBfl9Sov2+tVhstuHV+IP3i9LvyquXzpvNAbKyqqxXJqB0djgPxsjZVX4lO4Nr2z1aobpdm99wkxQgomkj0tQRpdaUvvfvL5YfTtQf2m9b301PTMvYT9HR/9a68ilBsJUjg7ydpzhIZoMvYasxlK1X69ndQWR33Pp2vW+5Mqxloi3px4iTLt9xuhohjcATvyQLEjKH3aLInCGmC7/DzQ18uIrBXIWYoNm03t1duNc61KIIDWUJAWxWsYg4eYnQmFNJy53v5ZTjvJtpXo+AGxTwpLPOULQe/oR7L+zy3kIsd18i/6KKE7TbB5DaJBi2AT94gREORSCZIIF9IstRzrYp1lvmEasaXdsaRU2YzUMJo1UA065VtyYRIqrA9coNzVtBYWKWps4XUT4Y2OzlAivDnZRIZtO0JPvMIAEl/xu9glAUZCsxUBJuEYevxt+0H2oc5e4zAFF/JYIb6xCrEd7Wg1mjKyOZl5e2HQkXI2Ly5DRD1lZvsCajuJlvfMigs6pX4BHVEnvWU/rY5tuktSr49j5mDXEMnvYtToEyzdQ5tryVEVKZWu+R8zFnr8PBSUoAQQHyTw+shE42qXvW+rmd+gZd7HsWfIzq0qwdZYeGYecWi0csdnS0M1W5X6ih3jdFR8D2vf5fhTGmdzHsw7kRM3X13GaZ6v0I6w3DXq645NCAPSBvNzM05bbH5eAr1OKmbgrGDz3JO4DFH3YJmja2KOoGsV1S9lTmvh/bW6Cn5qdLKIc3C/Fczf/+Ewp/2hMenYdhmXjm0g/zq4aPmmlfRuI04d212JVcd2d+LVsd1qzDq2W4tbx3Y7sevYdhC/TtAbetB949ixbXrGN49nx3anYtqxDYaxb2w7tk1hvHmMO7bbjHPHthFIvePdsW0D1y3i3rHdYuw7tsGw3SAGHtumEL6ZWHhsX0Q8PLbBW+YZF49t023aOD4e2y3GyGPbJPzUNxn6NvHy/hGmmOy6j5nwnnY1j9muhdpalrSKZFt7FsRb3XUQb4N4G8TbIN4G8dYJvSDeBvH2brCfQbyVFsRbZwvibaMF8TaIt9W2U/H2uur5dVbzUyUnhV9smqvRW6FSL6Ur3L8f5U5W6O0nMaVpWZnUIinOVUYHZlbtqgX6TZMFXCUR2KGU/E9b/k/q1Kh0GkLsWUxYALN86ulLlaxQYk8+Y1qYWOozVkoJOssEVkoAeg2oywRyaTqWHE+lxFLxSaWeWeSz9OyKQh6ZTm2UHLOdMK5hoPE5EDy4dwzId03JQtXC3VQtVPsPM5Ei5pHKwVZy8B/FftmhuHNgeTxP3IwKoaVT32iCoQjGWLBb3PJ81ecyHBvnH+dbVUWq49WdFHmkkmydT3vKafTOoC8t4dDCwa75DqsSLPf1S6TBOyhnSP20FzJcwqMvroQhrsezeCGtb2fVC7+wyoWVTf7CSxfinu+2aOHOwF/tVXHp6qRVyxeWNv+Na7I4n3gl2VBW+T9uFUN9dl2je+SNHuSj7E49eweTcy4NZjjH+KfP0OmFTv90uTn7iOU/UFZOoqE3mY+TYBsycVZayMTZNU4X0nTn4CSEHph9kxj8kHfzZvJu0gb90yXf9LpoQ9rNkHbzplEpJNz8h0i4uTuk+AeIOGWFXUewaZtKK0SbVt1xrfu6VNoRT9kIW3DPbWnBPbdnxsE9N7jnBvfc4J4rLbjnBvdcdwvuucE9N7jn6hbcc4N7brWF6NNm6xF3g3gbxNuuFsTbIN4G8TaIt5UWxFtqQbwN4m0QbxstiLdBvO1qQbztaP/M0ac+8meIJtUtRJOGaNIQTRqiSUM0aYgm9Z/vkGjSzol3PEDN2Lo2p8oJt0P+XtPLlTCO/FQILqnYFHdpf1Q9Et3XMjo7px13cGVG5kU9E1XmduhssHVGn1XBoAbVY5JeB4fTennt+UjqXqceW9eSJe/CjvogfSwMrGf1pohBMlFe89tG3D7DAjHCpyUG0NFKj6LqIsFfgjuk1IQL8MKleGf1m76ndRkgqsk6pyvajEZRUuj3SnEzMXngYiDPxyy/zKhoUaZdSrmMMnXYOTi+hTvCKmHpnZijKcoqyEd0zVzFkmG9FfKidtILxx0K4k4ZdxeH9N2gk+hivQDMwxA84n+kX9R60v2FtamAr0qB/4pP0eWXQKS3r2eHGELM+UUYVtHJZvcuGGZYdisefNf7hkRV7MlYwhSe3CvpBFirQ53vI5As54/i0uHCj52WSmOBiIELnl7keUmIhJiMemtEuZWBCmqNrdDJ6Hwdw8ArLPcHfdwcYEvgoot01RmK6Ata1Y+J2kK7zGfkg9IV30YIIE3dXvE2THNU25QsBSKPUiKsdMohZOOsgl+do9PBBwIiKYsUAYd9XPOI+CServCM5gXKgq7oGdzR12o9DGsVwk4pCzJVeoxvsN//EM+7EaR/B1ruzA74C4k0hhVG3RHRT/j1TbEGaNJ0RtFPGVG4jeflKpvlixUqmYChxvaZInMOHsV8IuauyTRfHHqcuecYejDRvU5oHKvullaw4Y4XeVnq+7Mk61d0omKVR9HpGivpTWMMGzXipGELOidhZIyz9RzEhCSJJhTtw9tkpofl5KlQ+Gk6R5Si4DKsjw2Hg66jdLHMC8DeTv1Zz2a52Ndxy8Xe+hrPuvURDt/ywMnWdrO0iq36k8TnttH1CoI1P9B5EjBIYqUjffNMv9syXSmobQSyJrStYO/vvulYUnuI96fjU7go7/esRN6Kzot8vSy5EB8GtyKNEclVxeqCBI65FwpWO6StK8LDZHGj90pFIbT+6+fjP9KA4i3QXLGbK3Rx0Y3FddIBi8XW4Sg2vy/6JZvnVevRlLyLq8X2Z6RzNn+JBjyiAz/HRYqnvHzF9RxfJWdiSyh/Wr7JH0Ono+glHv3ZtplnDEuv3XcU64S8BlLoGNmElZDvbrJiL5lfBmxHxuKV0LBtcsf4c/mNFfZoZ5o9m1N6TXIAts1kgYHCwDZMPzZfxh+blwKtRwDANmTvNN+PHlXXJRNgo90SxhUZRORdZa2uDxfx52cUOv8wenD/t9/9blvw+VxBpg2BZMtdVaN5E62ptq4tO/JTcPUy5uq6p3FJBbb7QPsDcVPIBE/ZEto6UKppKjCxx/eZ/aFpNbiWt5/fT9qv3u9HtbnCb4gJWBC1r5QoXU1ok0FSKOafFpKX6LV4Jmdpua9NW3A6nYfRUS/m9GVwcUui2IagS6HEILkyyO3wvIgXsCwQJ0GQylZ4+xf28VsNEmPdWPOyyGfracJ6ay3G1u9SPLGSFg1kOtg5q8wtSFYSOVzKdJSE6s4PRjlHRD6maOMa+z5UMsb2RvVjZ8ayBI5+StOQsKXQtlPKxmaRqOOj+z3IqN90vCaZfB5G//X2ZPyf8fhv7/flj6Px97+MHr7/2vrn+4M//Mu2RNEtiGLbWBh1ArxHUMXWV894HO3hcHvuV2gu7ndkLtuCsq/kdAWQ1yUkV6/N4++8cG3/LWMUINtY/vpa/XTwh/13E+fzg68P4SULT9+/HRsknbz/+uAP1rODLVG232rjJfryq8LmdD5ngtv5uFN65scdEjS2XuMQ7OJTEkOijgRku7cedU53J8YjkJaVXNYnL6v3qglIm1YkJegRI9Uyc7xVlB+uujN3Ysjpnom27OhVsPNaK1zj5TKJC51uwNDWuGea/VKf5AtyuaNUlmS9X4W6/YDyj+iFddGgnlSMnpB8rMdVMHWQjTq0t4GsH3y5ofjqdpAY5ulA4rDyaRdlSZGepzrg41MFzzw4PeFslH7pQ5rNAZYfaCvNOVOHpJpclVO0yrlRzv3olI6uD45P+hZZHTotp+jnp5QBcfRYftFqHO34hc5BWdmfcMbTG8XP/23YDnb6vhHo+o6Oak8bvizxbGa550TszwaAvEjPkZWeo3eq9pnq6b16Bn7Wc+r57DFKtOhGM3tos8uYOko/If4efjnPJY6H0o0u8k8GUzLYRSsUyg0Kfw+8Qf53mzo6DXJzGu7kNMjvrs3jSfvKeQzm8qbz+Nz2tzO+dP1fDnAv8nVcu6O7eZMOay3uaprE7nBPdujwNRSiOuLTXI9p7U6k6AB+q2/NL/IVLISUFuyUrIPYdG+UIf7yIhcH0dXFunRq8Lmt8uWYibHE7tXuyXJ6kSxicksBlgYpppiBYqc3mw0BFeUnV7oJgUtJf2IP47GZp3BnJLFL9uW+Buwlf1Bx8ZKfalzMrmg/vJedvHz684PXHlNtTNfrMNeG6FicxYd+SuPoR/4o+vTAYwSFGW9Mj8SIl+tTKZlgjUUUI3UnfOb2Zy25RY9ePfYgBsOimjd3Gd4sAKVtvBrHbLZDSC2Fx+KVuc9EGK/I+WV8pcKFy94EuKpxJsNHsUR9imsI0iHU5qTlwChN7u6kbUloMFmv1vF8jj7xmK84/cRFFCLz1rBxLJ5tjbU7Xoqju2i/fhA6BLSOcRyujtKtwzNNuVIAG7guaKoUSa1tB8gkLPOyTL14BGwVnYPyyR+vea5jJppAwYu1z/UIYPzRKynBxmiJA1TwUGXTVPRggRUYBCiAf+eo+F+RL4A62XDOCe5aaiXdTthj3z3Orq55j3GADfaYNOPo0VEkYa93s9eSyPY6d1vlyhU5vpo6dxAfY5q5PuTmUAl9yd52K3A0oBkOS+sflg/BWPsQWM89AaT8XoYBdmDwUZ9ZybTNMAf7r5f04bwiwo/cIvZ4lMkxbaeo5ldYxzQxe22wUfKlaFDUv7SRehjYdwoDzcg9jz+TZ8J1YmFtrKbcrB4ATPTLO2OExaGCfOCpmtGQo9wvkzZXKb4eNwJRKdPUhKg8+JIhKs411whHHkGOpxGR1e/iraGM8vIzi23peZZ7aHdU+4HsVYoGl+slOlyzLZC6BLpA/iEJQGhfqLJkgYiXqbE2jOFfdPALnYDrMrlXJJZTFbkPuutZmWZlnbhYn5Jl31CZrqEPT+f56SGwjCv4e/nx/NA8MbzZoSxtct5nBFCtF+98vGdUG3gTD7iNNkM1GsA6p6Jr44xKG7DcDjAFBn7ITai9G65x89UY2hQXf1almCwE2IIN2x4TfD0ZTfNzVzTNOANdL6R5kA5QKxvIzkE9hDbdCKxvRglaGciCOTEfprpMgumLbP0nXIdL67tseF65nSpAb2RHrpsrXBgu2t4FpjANnm3wEXh6Fj2pc/J4a3C0X938xWImbEdK/NU8v+QEjOifWUTJX9eUWEV9J5oM6XbLGa3I8bNnQnhep8gumZltNZfrYppvADPT7PovQBlD4yac+H++C1D7XV8vpGsXYBXU/ywXYJrd0AVoD2TBPFyAtba4frXIwig97F24lgvQDOV3AZ5TkWyPK5A73nJOw65Ae25bzebLvQRBCL1OzEQZt9dchy81THYVG10Q6j2F+jxLrtcCSwNsYIFNPsd05CRGKVhgt99rFTt0jbstQ6iLpQCi8lm599cZKt54Ssp3K7zVQMXn0MoRGwKwzUOqogK9Rd5Hdefn89TmIxXOqudZ9U0uzG0zXGtxz+Wj2oJvZMrx9dRVbafIN8gMPjgL9zBDd1/UqGmb7YyCDyVskKDTTdwPfrZdGGAHlR/4iFc6EgiNFP83Uhw/sJ1ifrwWWrrO0r+uk2tXpljDVA2/bGNiWZIVKnQXoVs/fXIbapWhRt8KuYH9G+fFmDfgOkHaPWqTx9O1w1PfZO9JSkkGqkJorM3LT8XVSMttKjHJwGMFt1V+KYFP9FuMlWHSuVQpQpdBLCCTFIsU2Bnf+jew7Wc59kyJpw3ban4U7ghw3rPL44MhLpLUxoMlutqHg8ox3T8Y4qcr4wxd0haL2nBZ9N1kMon+lhS5cgS9/lPcxTTc1HnuGJ/PC+W4oawm8qsU3xJm3rvkAjaRCCQSrRZuo7s00RV4Zs/OMJO3GlyzbfMrX44P2NNkSdRZongsXhvJTJtLP07RDtbxDtRRbSt8MBzpJjjQ1ZW8depd4SeuukRKrqQ1RvleFkghMx1R/OSZ92YgspFbzjzOztfxueelO4gNrMDjZz35V2vt6Xoqcf/qkTeBwPW3LH/zhQ2XMLENLvaHbdM6MpUB69myWE5b8pPVushUNQbRkyrEOcOEZP7lZ7A9XWn+DKtVzKEjkNew4h+Pt59OkolUsyBuToXkHkQUY6mrl8xzk9eWOInOM6K9uaqHXmpanKEOOGdXVTgamigOW1YyAZ6GQGSBB4aZfiQmNTZZnoBvoKJGSfThLM8/cMo8sY98wMSaz+Plh5HZBtqfqcqrhDwpzPbDRN6cYB/DNuCsvosyzdVlTsSh5A2ienrMQps5l30TE65P2CXs7iHDhmf8DH4YOF24U/KEZXjxIGQSBtJNUmC2LqwVOBgHpSvNKy51TrjcgRPG4XCCWS35rbeIvAQMNT9AMxP2937fUWpJV9Oih9PV/PC/yzzDg3B4QC7TC1VmYtgKX9jAIU6YzlJagaO/8M8N3TkZDJSMgi9+nUSNEDyeY5rGIp4Cbwy4gkqZD2/vySOs4Xbv/QcLxJrUYIcbHDjywK+cp8mDb/7lg51+RC68Dxr7/I4Wvvr2nnQIkx4wt414VI/UkvW2DeVX6SVrdF/9PEvL5Ty+UlS/QfEpSNZKX6m1T+KITZeywoxBE8PsKNFpkcQfa6NoY5EqFmu/OZQArjPY7FFlybCKPVwc1jSG2T+M/o6L+HVvA6zcMxfcT6+embTAF7nSkSsRe4I/uXKj1ds2uPVEczM3jGVmYMzAPQc+HPm0GoNFeoYEdQyYXdpkA6hgHtbiVhumEsnWGRT8CdFvA97kdYp1DZuzhi4p4JtSEtTmMUK7Mm24mjxXCB5ivVANMPM0B2RRS+Qsj/XZoBwjp5brC+NyJYtu822VpoAj1s82YY+xybmHGTaHgP+u5yuhtjpXUFHkxahvE1E1w7kw/SsTY4t1zEdzOnyjXGKZZDrnHbOu4FotK+7IWLjo9JJGkMt9jmw11qA5c8YRdV1a5Ev2rgdUtJHxvMy5SBoDbRggtjy8F3GpinEjyCSNeom8gMknFYu1EHDy3zmBFsJulp7ZJbTJnIjHlgjasHk9GRKYptreZy11zGn+6PSBXtL7e//GW7lfJvOzCfx08G97B9dOkvvz2dabCrmNyFL2M+pin2aELjdEzCX3rak0ogqGmIDTFuyVrxrEWuUgjrEkAJPumNgIrCxAxEYrnW0txTBUeXNhhwiZ+COelFhR9hoA3RvZPwLXe5rOZklW/fmVsDzVXx+vuQZdMpBvwHQ0yJgjV6JCnQFEyD+3zG9Y3ydwUM/WmMJKyhuo5Ws2hbKpw4PTq2g6T4kbpB3BjeXUx1r9j1eSaBR1Pybr74p8qogqNWY9ZNL+IcLcxludCvtrvdsbfq/QYsPPNf5cOwFaDyOhFcqxRwxWTXYwvNwg7GQpUnEp6lImXAQOcfIuA1FxGK1vie47z/PzeXI4TeZjZLvfZW96E0lVGwk06JPiUEEN69FLWzWQv9DqbFpg9AGvtA+WM2Q2eJY1Jh0gcJqvMw0ABsegHomMwASfWpJiBbDaTWEYGiGbZpSuUvqHmBX0+rAeDepW9FiW3wQzVZzkDaH6LvuUxoP6pG2ZUD8fiJ6KtpUO0zSRpHSDuiQNHmaHT+PoA7Bp+2aIgw8a2FtivPEfYe1si41l0Ais6SXF50HVAZcDeZbvsv6kbNVmbTiBAsHwFnr6c3L1/sOIVKzCgC+Abg0DMed9qECae8ZzxSfNL/GjNV0gespHvrZsaynDjlfKkvWCKnAxeq2zKZOWco2WulIwEEbfn0wmgiCDSU0rgogrCt0H8wSBvNF5Y21lFQzWjqaD9HFc9IAlpysLMO8yDZmdQQD+jucxyL1Mewd12SSu2JUmmCL3lA/fZcMYd5qmPccFJ8aUesoPo7+/owv93d6we/bdHqER3K/LPMOdfnvvL+nsPFndez9ZFmlOhfz+56Auj4/e7f0K62vOWVktxWtggFUNm1mhmjX7UdEZoD9HDOdBvf6v30dH0f/4H0K3/ifM/uigOf9haJXbvrXQ7cOWuZeruFiVfwEivH8PmYh7POq7rL+OQrNRJmNTcx1o2RTEgnxh1e4besF5+SF4+xFxQ+nIogVYq+HJs3eZ4U1K9i0YduKy6Xw94yNl8l3QbWxliR1Gagq7gj3QG7kylbM7XZ0+AJoMPeY/8kCWIwTIcAWnI5Ufr2QaQ8kSO4++21OCH0oc7/Ym0Yn14zA0pw5YIaB9P7TvSIwbAnLRMClXWXUJwlkuzmBATn2gPWgoMRSh2xrNE+HAN5aBOLk2DOtV5xxtB/cGIDEMm57X1lxb/zTfZT9mjqqxbU3jJ9oBS+NsVyyiD1jn5GT8n79Mxofv5W8qawL//HogG1DhJ+CAnTTkA5nB4G5BOo7xrtKVbtUlrh0Gh+na2CGHtGI0R+OwZCjeYEbg3i+/3JOZkgYX/s0lfGHOSQkPkQzem9wbZvGq9DfLV6qfsT3W0HnO4vJCdXRYn3Q5108H9fuyimVscZLQJDLLsVVqGHP15PWTVz8/eYz5xS9h62WqMtO/y6+/wmyHqy7lY9ZTwrlaIc9FVGdvBH9RCCb8OZBpy9bzOXeQZvzfuOT/kjWC/8RaYKvhfaNwlWZqggnPD6eaF/KHcNzDu07P4BsFBC7dy13OE/VHni+H97uMpx/jc5knIQaaefifrK2Gm67CfQ8bIBJmUAgPUIa4Smxm1XG3ZWx/+UV39ssv0f+KmKO+hjl/HuNP20/4szrt2N11TrhIZnDWYbTt56y6qpDPYZy+WigpZz5g/x+ACH1MyNSsbsAP+Xz2erAgaRR+qs411YMHKhe/yz6YGoWDryTUFLzL/nilTBSj6iT1wEP5S21GVA78LD3TaG82n26J/LeyptDlT6UGZmySzLPop5ePT948GWgFIxMVa1agz3dZ+TFdLtm2jhoyJTsMUy6RAUWKHp6hEmByzSbIYTFpVIpt7b2xA2qM2B/4RmwNr61WbwNWM6T2WtvXfkWOVNvU8d+v7BG7Lth1L0haqjj/e+dg2KJEkt8Yw12oB9Ug0h9tXEGB20bmt80N8Tdao0i1LWsVqbZpzSLVBtMV/xpGqn1h2HCTNY5U267WkWob3hGeH3i/7HcPjuv1Z5xvew3eP/CYCvI5Hhd9vgbjPn2fx0z7rmarPuWjPDsDTrMzp0xXwUv1XSV2nUtUY8qcnHKMOCyBUrya+sBj0CyZiSLB3IpGc7mb90d54ddeayQ3ebmRVf1Gn9DvHiLiQp2xvfrW5ziRlgdOVOhCgtaPGj+yMtxKl4BXEDq7W7+sT7W9QS1LKmNHf//1q/F4/JUpWfgwqqRonkjK6E/HX31MMxjnERkwXkl/ppDpVzYv1uAVpkDsgY3MYGIFdpdmuIDxNB5TlVGglct0XF4B77Q45L9hWbBBY/yQe8izVZGjQ9v4PMkmyDeertP5jPv7pCb/6Why/N0Ei5Dbl9OUS0JOgN/k5YijXfFQPcJU1F8J9qnfNNCS1SnWqs/OywlcYQiVeodf4enCsWCaai6yGwVeA1cPo78kpxd5/pF+veS/1WawXxie1NSKSScQTCuHQaaHAJIuxvJW7SVSUVTAar2AETAPo0OeqkItM/FXyac0uRR00Agzjj4dW3+ewm7jv8+LfL18GHWBRWYjuyAXovr3uAb8KBIU418Vjr1OVn9k8NM7KCb82f0expfQu8v5uojnrg3lTYK/1vO4cLz4VcQWx4fRCwVevBo+WVAaW6VCrdPHe/bpOJ4vL2KulVYtOtdZ4K2bc+lcucSYoe+DjoVovlyasAlZMGoz4LjkABHgYyrVUhuVUUmPoHzKrPqnViQ/lUEtEspAb7Et7UKHRXsq9M/NuCHEJF29Xa5ONgRztVhV+cgWJg512qmsM0XQa0o8r10v5ZygNS0/R+5upg2OylUNPd1XZD4vUDoTo3dTDFjEV9ANWY3WmdWfGMxrbz9X4WkPbbc7RZGn+WKxBtp7dUikEaO08qI8nKEkeFim5+O4gP1fJSS7YD79MS0kY5+Mxew3Gslbbp3G9Ugnc8D24AmVEn+Wwd3sAnu+Jqjif6Ot4bxTYlYzHpBd+4PQBPAkUvuEKiyTFSebLXPYDEFwpK14By7SVWlUTKtG0N8jurWInV9ihrWGU+3TDN5ZJPNHgNU3vFdUBWeMm+C1W+16kQ4uRF1dHVvbSWtew3eVswefcZakFQbq5HWfn86OqrDs1kwomt1kzSoTVq9VS723UUEufZqkhfHHaHKNnXH0lUFbSPHHJFmWhBMUSWSK4bUfPD1eZmpYW722sbN9Spxpo5cXvtx1+6dt/HZzqt0SkQQqKFWxkM/8MoMzrG4i6fa0DTesrvpUAQ2O17lc449TQRrzs87GOGC5F3GnyN6TnKEVtRRewbV0KWp9YuJZDamm6hCeaQ3mlm9FM2Yb2LtG742jz9qudTMmfRnM/BSSgjkD6vUqXEv5ti7i6UfOGaAvHYOQPZoPFVajlkzi827KEAOq9CSmGKbGwv7UYaW/KzhyryQFsiSMqemwZskUCy03YDS9iLPz/qh2jGPfOwF4Xv2YTZO9NkpGwblKMBrpTFVZPs6XHOLGlZLouUlQEE8pJJPn4QP2XkVhk6mptwrU7+H7dSI+iV7r0Ce6n8mhoAdIr5NpoS4gFvuex8uyxzmkP25nLB33vKRH3AUM53G5OuHj8ybtvly4VcBZ+zICrAOGR2moVLRxP1nDdglog/3VrxYlkDo/V7mgkekbY3ztLuDi0mNxa2qzaqil70uVWaVduVQflYRTlvBa6LtPJklTViA63h4WPsrYPgI8prPleNyheLOnuYUm1q0UbOeVbkcNSH5LVT2g9ZNbEUgbYZloSJ59lM/Xi0xrbCpIS8d2tpbkLiUF+E8xSlEkbLciJ4owHQulZIom2uKlvse+YW4LRaRYjXJyruDKEJipaL5+1cs3QfUSVC9B9RJUL0H1ElQvQfUSVC8ecwuqF9OC6iWoXoLqpasF1UtQvQTVS9c0g+rlH1j1orQsyiVoMyXLtnoVa+P6NCzqvaATCTqRoBMJOpGgEwk6kaATCToRuwWdSNCJBJ2I66OgE+luQSdiRg06kfZpfqE6EX3HtvNu/feC9bmDf+PjJlyX7EeblITtRb7CcDdTA3kBhCwGkYayh7Ji4n7zw05sCYF3dyfwLkTcqT9vNuKOHrpC7Txi7PqD676641F1ikBxHxTvbF3j9lJRARh8t4KeMugpg56yQ0/Zq6DsVbN1KyWEIr2mlCF5sQlf9gyvbUk6grUI4f9lPlIsTv2L5YD27PH8udLXpKUmeFysKFHlia03/HSLqrIpp5K0GUVmN0R5wPwf5WVbrFftaSDcqh0awNRl6lD/VMBZ/6SqtJtX4Sq8+6LthKr2hqQu8x4l4Th58bhL3eFU3/lqak4cMxWSpJ5Ui20xFcaqXh+TqxHnbsuk6Ke87BDG5lwljDNyWvl1umDjo5iDnlyybgUiOKrc8rx+/EGrV/WSRQJxi5/OOqJewqmCmvf0e1RvehesejK0T/dKqQ8M+HqRLiU3eqKKVzs2gBvViNbdM4Y+zUYoi+F/nnxOVR6/x3lSwq/0y9bw4antCjqSyYkzfXGSaZPvSaCgSvpqSMLbcKPBH7xUN0aowhuldK+qQmV5NqaaeK39C/TgHzbwNhxKhuHa8KpQLaDDHJltdCHgjJ4iNqVTtyomKc4TFGemF6699Kg97qm38kte2JVHEAC66FxRnyJojOek85naL6cCx6Hj6VvY4CXRLfTMkZFtSPa13t3xO2bWnPgKkeoYmLp5RNj6KyBTihzGicojZT8TTaPVTedASxwAdxQ+xRtL6k5ynRQcs35Lj6LLi7zka0ezDXvwrz3KvNoxkH1M955i2Tqx2lYPn74cKRvqHj3bmwy+2D00dB0PK+iD+Tsd2OOwTfpYJcV6cGgsB5ISP4mnF20KQAWb40jV4LYMm1SB01Kbo6S80iL31gbxV8mZlQnNmJQ2sWe77DWbWmoUNDuJnaeNxmWd6bHL9FtkeqnDsCRuHnYGo2LrBMxmFgYP28JWCeM67AS7zRRnKT3dJ1hbMVVeaPVvPnZkc1UcAdpM8Q+HLwpquSgBNJ1bbWUdIIu1o+nY9NUBg5bdaN+HcV009hLtWUc/SLhn3wdbvM9PpVDNLuT7POPLu49Gmxf1XKRIq5lGu2fEppT1kRpRD0gaQly70Rlqaf3k5VO3EZUvWGJTeMabUGa0vZrc5i5DsK+48AytuVR7m7Rjes0m4TtmfUZVGupzxROGeJAc82t2M8t0VEyR10tVrJqy3/MJNKMppwcWGphKovKNasRIpet1qZSENF3ssHNwfAt3hI+q9E63O1WtdaXR9LVS994VUgp7e/XFxXoRc1ldSkOqq6AD8LCSKOUuXVHx4/g0X7N8b7avZ4eUYfHKiFSbLthdntp3vcxKUv1nbZZQeHJPvA/M6qimV5cSttqpcEdTQgxc8PQiRz65kTXWJvFY0gTNelilJzpfxzDwKoF/kFXEE7CiRd4OuGXyKcHaeNuCV/VjleTOsDwQFXuAOyUGIeIsNRVqX/FWTPNZMopKtm/AdVqQFC+1vNm3CW7DZJbCqXGUceLSFyslWmgKnq7WPCIp2aYrUxJp3gky3tXXaj0M7+c/vX6DwCaND4ooRHf4Evv9Dxi1sPkOtFyeHfA3DoMV9B0pm9ibAu1BNJ2RKiG38bzohS2xgmx4MDFDke1zhVud4nHMJwlXtKH6yB7n7nmcXUUT3euExtECZcLHC+7PDHe8yMvSkpjm6Ucg4p+AsCHZG0WnazxG0xgrnZiM8oYv6JyEcbw7W8+j/TJJokkG+DzhbTLTKw+kAvBpOkeUYi89lWeai6KAXAMk4FpyMPN0Wh9hv7tjqhUD96ckE56kh/lqfgBLOUO+kznCc/O7qkibl21iWJFMYa+xjoriIX34NXUlp9nqu2861iklPvu54C81zEkG/cdILRP8D4L/QfA/CP4Hwf/gH8j/oLHUqcbgDtkneCy0tuCxEDwWgsdC8FhwjhI8FtSz4LEQPBaCx0LwWPDhuoLHgtWCx0IUPBZUCx4L9hjBYyF4LASPhWoLHgtdswoeCy0teCy0wTl4LASPheCxEDwWgsfCBh4L15WR1d8dwdqtyoUaXAmCK0FwJQiuBMGVILgSdHBawZUguBJ4Tj+4EmwBneBKEFwJgitB9+yCK0GjBVeC4EqgWnAlCK4EwZXghl0JxnCUgYJM03lwM+AW3AwqLbgZBDeDWgtuBl+6m0FwMaAWXAyCi0FwMehgtZsXe+trwRNhx54Ikaov0rM8eYurN3A1U1wDER4xQyn7UjybwaRJOzBDSb1NhMIT1lgV3G5CPHQF1J+P/0jDilF8qD3IxV03lthJIizW29LEG0mAFfEVdri6qgqj3nV8/oyE0GZA0WBKhMLqTAo8jUB2myerzoJ+/jYlw+RrzY5ippD7QJodI+OwEqztJjRNYSSlrA56+tsYhfz5/sYKe8wIzZ6NRemaJANsm0kHA8WDbcQAbEMqeXmZBHpEAmxD9k5LAqgMvC4pARvtlrCyyDIiNytrdX24iD8r/dSD+7/97nfbgs/nUjJtkKmx7faqkDrj1GXdZNrUanAVS8chA3oaoz5qvewD7Q/EXyFbPAU+Jz1rHyjVRBQuxuP7zBDRtBp8zNvP7ycty4Eevh/V5oquOmuibNr1rKvRjQTwIFKoquG16V/UWnzOVftlbdoizdLFevEwOurFnPa73TS3bIptCLoUSjCSKyNGIn5exAtYFgiYuvRgYR+/1SDB1o01L4t8tp6SJHZmBNv65YknlnVXKOWxr4tiwEHWWiRxRpWNeTpKZnWbavFDJTFXLEfJZrIytjeqH+tGiC0RpJ/SbOTaj80iUcdH93uQ0aeK4TJeoQ/hw+i/3p6M/zMe/+39vvxxNP7+l9HD919b/3x/8Id/2ZYoukVTbBuLp06A94iu2PpKjI6jPRxuz/0KzcX9jsxlW1C6pGlsFUBel9hcvTaPv/PCtf23jFGAbGP562v108Ef9t9NnM8Pvj6Elyw8ff92bJB08v7rgz9Yzw62RNl+1wUvYZhfFTan8zkT3M7HnfI0P+6QqbH1+kjALj4lMQR4n27dzSAnCjSFf0yuOg67Y7pd/hiLFitp58KGOe2HsprprstqhiKa9SKaO62eSb80SmZ21cmU4pgXeUHlea0h+EG9auZXPqUyB0WqKMuj3OjlenqB5c5fJlRz9/AlohT2XflHMjtUqpPDH0Aa1NopK3xFRIrlRVyqDWYMeGn90iD011nmUy3VGb9ShlCVSguhKiFU5QsNVfGOTxkYlPIiWV3mxccm/9RKbTJ+G88k3JASEjhUBQ/wZRR6CTfFNlr4SkeWGyCCBy1TWtnJb2lRGs9Gt3O/7QP13TffPGh/z1LYOJnZbi3MMp/52CDeUBZjBnuB2lo5aZcXKdxuL/OZesoah3g+z6dtp0cG7dWsT9NZ8Ufo46NDgO71B/eXLR3cvlsqGlszdcC/UxwRdu1xvojTDi1YZR/4RfZwxGtWvu+Iq+gBgPp46/2XjqKfn74M+9/W/XBnaxFjXs7jLHkiV1m/J17jk7q2XN+K5JW5ylvmLNcUbp+xd0rfwGxD50NJ7UVe+lBYxDF8ld13M8EtRT1Lpp5onWKRbyOUX/oR+zeKdm86jW0JczfWjQlGLT/jfDfFsFfJ2SbxoLUuJOYpX4o3ZZEAW5ZgoD4FgilZeqz14lXn7It8Pms7RMxnGNvv0hKg2LVUkJPmQa/E7XwItl6uoFUMaYUJ4oOIGsbdnJbc4YvSg5ykJSdZbwt25OkZT4L4bYZ7mkyTiqxDxqAknsmPyGIWiTwbMR/tpJpGJkIzCwzxiQL3/vfrH18c/ikXbT+ackv2nKC4lJGWhIVpfE1eB4s4S8+AGZ9IbwDPt/ffd7FFaJUTvS0Z5djZQUQFhW0pm7sj3SPRMZoosDuywEtawir+SLQmFtEE/Zu6rpQ9xFtrmn9HQvXrXrTPgSl7+M89noYWCu1QBDMdNk8W6fk5GmU6hiNyjez/Aemsz6Ist7qgjnGfhN+cNaYHUIS5VWHQMRSwosnn6D7HRkCnAKUD8bcvr+D7z2TnxMCmjB34YHUX8ackKnO06Cfz+ZiFgll0SeGOHeOoLeLgwGVcrJwiuMDBfWi642X8zsufK1E0rtN7a/KdJyS642P8IPGiEjYzGBJGk43AmOXTEuGA7hzlYf4JL8vk8hAZSFTXIjKOedfLQ1INHv6G/rPpwlnDueXqqZPbAwGOXh5uAgF1kfrfXZ1weF2/nJWCDc68YoVIk2ZR20U8Y3IcZ51G3Ws+OwhncnuYXo2FLRnH2WysnVmn7ex9D2DX6VbE5aenj2/zRMHsNzhQOwsBhdUUMQyypl3bkMdsdMIKxU14S5uTbGO/6rxldWhhLKdK5Z1FZQxMjxo5cJqB0wycZuA0A6cZOM3AaQZOcyhgA6dZa0M4zSUGoLXArwI7fsmKPKNUIMuCrj7Lb0hMG8C+IVvRvlt2djkKj5zPI7Qsx2WZTzHecibLarHM8DpO83yexFUPuC2zAwxJCXCjeQDEPFTxR592KWhDEgDTQhKAWgtJADZdcEgC0A7YUGtAt5AIICQCCIkAbrvWgG1Uf4o+8/Ec3UMHOH9YX2nuKDWaIe3H0TLni7iE3UgQw3QfQzjYuk9APOvLHtZ43zllTjMKbw2b1BngKYhz7D3VQiV8s1j6nNgf7LHIYbLpHW3zpTK3aMaTa0fepyvyqbosK3IKHAGLZl/kl0Dz4UjXerSU1lPLPQPIb7nEFLV0tDfhd+MVy8/dblxDsoN6+WtVNsCMzzaBsyIhLf1CZQS1XmighGk1Nb9S6EeL9PyCHKUik7faTVocUUc2mnvdB/YHyEImxcKcCuRgKpvcvTgMQEiJpybMw+WcXtUOleIU3KtrP1q9q6+sqnoQxTd8nrIurLokJUCjYnjaqrvWvt4dO9hFI1onKoM/75IL+o9+tQclASSljkYvJCPAWbwCMRNmCZuyoIgCzDwo8lNLxySQck5YlcsEOSiyPOhpfQIetiiQ7ePxuxbferxk6q86ZATvtQs/ejNLX+Uf4aKS+GQLx9spmRUFjhEayyJZdfiNO+BUN0b2X28tX5g8mZXwfPu99iU4kbr9dO4iXZBOO0LxLXa+IHm3ZbZUuSGxLqtdZgaiAKhNsJQ+rLvEKjGHHyKbrfR6U5F72sjik8n5RIV0jaJX6yyjP94QmSa5fxRxHFeUrKYDkOzLL8EkI+2w7tKXHmDH6L1JgF0FjYdE21mfPbbmR8oPkvMUOcVU2Kggxgs30+QoSz6jnRsoSmmzBSF2L8Tuhdi9ELtHLcTudfQaYvf+CWK3QuzeP/f+h9i9ELsXYvdC7J604FEdPKpNCx7VAofgUe0HieBRHTyqg0d18Ki+Mx7VIXYvcJqB0wycptUCpxk4zcBpBk4TW+A07RY4zVr7J4zdg2f5Mp/nveWSW9GAblFAv3hZrufiOZfoHus+Hm3Y8eLHN08eop9wWmoNNMIoycgvzlr0G+m1jbdMYmKXz9GAcDaPmTecrtJP+APnZZ+paaGhtORq4//eCmY06UuH8OdFen4BTAEWPClSZPXiOTv24Q1P4RjpSnxuy5U4p6A5P0U2Dt9vs0j1lFnDgBlfC5l1rwmgHuHninEEQJD3UtLhqUhLFshuxKL0ewi7/IPxyamgjfb2dht++uGHrd0ToXNazgI9qi/lwaT/HXP5OMUP68gltR/WWl0FOk6Av19nEi+JN4413iIpEHctq1iBZZNy8hkzb2ofFBsHKu5U9VYtSy4HAh2qzgi7iRNuDWXQjuYg+Szn7kJP+iKdqQL2FRyFgZ8zzLi+VTeQfIratdRl6HxxkIM/Ny/TLrYhlZ8qcxZj1jrTCoBZ9DG5EukNgwPQW1JhQ1zTN3C4Zc9oVEoMqZl4jK3gSiB5jnqmnS8SWCJcUFY8lHaERJJzReZ2mHTPUH9dJ8UVEXHs1QTtknGYgrspjI6qWlLkbuftVW01XqKdlcBowvE5sAjATxkAO3vujYXgZtfd6Gp3CL2ec0iJOMNhtRfaDgmXI8SpcSd5cR6jdyC9p2pe/K0PsfapGgVvdYJlWg/0fsIcAIXiFXlt4KOc64wVCQaIslukxQr1npdZjwuKtfiBqMJ7uz2WeLwki3eghf8+q77U/ZStF6cYe3xWo9wYn+iE2VOm90xvMFo+nY8aN5lWs5XCWTA9UkHiZvBXMi0nwYaLAUu6wm2wXiD+WRUQrZkb9IhmeVJWGSx1edXqzrkW+hekPEa7FJ9jWM9KtGptVx1Oax5PP5Ydg4nejSGnfJTT8wzJdfdE+l02sPVXJOzBN4QcbM/JGRD9bQQ+u58IyBpOnxTj/Ltie0Tjqti5nPZvASwLReQilJHV6aoGV92Bs7TAfeHQ7kxxWOi7Ps+vFm1Outz8Ei700NxP3goH5MT/rElLXW/uEH9654ASMPS2zbZJF005DS5eFtspZJp4DrkSKBoRX+FvmXJ0dO8h5Hkx7Ly1j83OepLG5odsrsHSS7gDLTjjoAzCpjoXQ+/1eQIOuaaf15egZN2ab6/ZMBA+QfCjuAm2EVFugrPKfqm1uMU71Vghzr3I56UWnYFljJuzVDfBJSrPAd5nyfRqOk9qH9p6C1dglWl+zL5TTjZtGLskneqb1JKuG8tnGUaxTUbKbtuLPk6lmtqGmSUrrsXgLs8vUdmK2uWqXiaW24JVjKaTD8qFDfWkE+rrQ/9lis2be+2Xy7kN3bZNZfTGrvbv1PWJ6+5xfY8FNm9JWF7fQGDh5r3x3IZuK03uRiVkbjcoJ3O7LmmZ23XJzNw8JWduPvIztzuNlDclV3O7Mema2xAZW8Cxe0mb2wDc8n6125Zs2lCcUC4LnI0u/SsK0KZsuxYWOzk9HwbBkswJqYjIUca85pClxZO0sG4gcqNNuHfQ/QQDxoUbho9wmSMMDT+YYFjiFGPPNaME8zqnEUlgZpaC0r8kyNJ8ThfrRTSnStTuUuDYtB6Co3su4vKCjtF54s4QKF/7EoB+NQy3oejQrZKpcOhwCPLsXJyZVsKB96NCp56myaJ7a2mi/RnH/8ls/pYU+YEHn9GmwKHsb3JzIkKurqJ9yrylcxSsV3k5jYEgHbDhD1mkMlXZXphRQwkC19A7CRVqTfDog56fzoVbv+aFW18Jcmxj5tydb2TuIzlA99gdXObsxBUD1D79sVJ2dNicfQt/h3SxrUsO6WJDutiQLtZ/wSFdbDtgQ7pY3UK62JAuNqSLvUvpYkO+1ZBvNeRbpRbyraYh32rItxryrYZ8q9JCvtUvLd9q1RVB7iH5ccQiqGLarNSgKKGuK6EvcaUn+dlOe4pOCtq5xVZPchbTlq8b4LzbKVrvaCLbFk83KwhJfB/MnvftXFWBzFP5ufJbAzAqTe0pLOyYkXiDLLVDEtOqDkIq2ZBKNqSSDalkqcWsGSJNzZ/iVgG3n9todGI5fZp717Y8wZEF2j9fz8SkkSBishZeawyUzsp81xoNxuGXnfpmUl8iQUQH7jWNwET3vjWfjY1bPNeT2vpVHgiJJRWtYFy7TarNshnl2ucGiJsNW4oO3UR/oTt/swMtZ6UzK58GZu9Ac8InzAI5j0mdbFa1r4xeBbq5Af9eRud5Pjvgy5a8f4gaYZ9Vh9B7pdUNukR3K0qf1lTFJcVaZPdWUfIZPhxhoKuSrlbiUwAwXrt1x4Bj+QrO7B9zmKmt0LLGIQTT/wKkZ8/hBwVH2V5VtFm2W1XbFneqJxbx52fkffIwenD8XddLaaZeOu54ZRmv8JJ8GP3X/tt4/Lej8ffv99+O5a+v1U8Hf9h/N3E+P/j6EF7af3sy/k/57e1Y//3L5P3XB3+wnh38y3XoeyvoOFRlAwB9Sic9avGkcPkhVOLsESkp2B6d6FodD5xzbPbFI0OPdZVzSPzd3mtI/P1PkPg5JP7+597/kPg7JP4Oib9D4m9pIR1jSMdoWkjHKHAI6Rj9IBHSMYZ0jCEdY0jHeGfSMYbE34HTDJxm4DStFjjNwGkGTjNwmtgCp2m3wGnWWkj83b2UkPg7JP7+khJ/c5DKfyTxfHXx6CKZtlj6WyfoTgHe6FUFWmmUHUWztNQZnJCSFSCrOfq0EnbY/VY8DVrTu+lsMh4A8wMaNl6FOxHKsDQocpRllhSTFLet2EToq1Qlin6s4uI8WVmBRz0jPj1jv/aH0Yu8bSTlviTj+PSHR7pMVio7ygEIyB4941pTom1KhCBpqjXqpNJkvy3aXkkRxzNqm4A1FKUqyDDOd4P1ootZxxoxv48JP2dPO9WzvqFIaGbcxdF7BjxFazYC6wMjywcSc9HLDQ9R+0ppmamKOYmVp6M78UtfbJpqi/jzT9kFjdYZ584NuMIfW7RMdht7Z5Ax7+48A/gJhnquC8ovUCQcHy+wI6lXZWjC0wlHLS9X0d5zCwp7JsSeE4yRc17PoHsqF9meyoIXSXfubaowYgC2cV6MGSIPCS0cH2M49WsgGKv1EsMb8nWH8V21YVBs9m5dABRrRjmLOMkVJQdBGtbE3p5hVrl2vzW0MlqrvWASWk0q+QJmBpuJfpqGavQNc1Hk63PMkPiBUn2+FMXi08c632dPD8iCmFCUZKW1LJYb8QI4JZN5k1ODUU7evmxbY8t7taYYpahu299XRbJE+1K5glyiNVXoS2E1rlr0aUDoGYgYBjXschzZzJtYkhlKZxzVcUK6974dtr0Cj4/QMXbtcK5VDW6Qq3wNpL+8oNwFwhLZzPVInxfWTqrMH6yBO/Kh471E0iJ0b6RMyS6pQUv3raYCm956lEvBJjp+zrmcdccs957P+lmcJ5gWRXvMjBirzuCOTmYjBzMqkmrPeMwHIAiy5FLJIDqcRa3dLghDuQjgf1CUOqtASqQalbi71XPMbrE1TdZCz9NPmOJ3vUJKagV2uHPmCPg9U432GVXstp2BxW4DUpv2GF465+eVAfUmDDJ2uz3jjN1u01Bjtxs22tjtBg04drspY47dNjLsVGDlf1i7DT52G35OhxiC7HbLRiG7DYCiT2bfTaA4xIhkt5s1KNltINAchia7bQa5QQYou92oMcpuA6DnZaSy23AYXpfxym531JBltwGb0mngstvwjRhg+LLbjRrB7OYNMe/U6UMMZXbTGoxHjky7dhu2OS3dmzBiUwqoFt5KvI/OmdUzhErRGZMqqBYnrcenyg+VYFbKMLg4VbVa4p5h0E41jefRj6/g9E6SiRzhltlz5RGW3NSUzDycw/RGM2Ebejx+auyBHRAUs57K0nJcSUEDVTONCnasWLfWO5hVuw37VpqoiZR2U/yurcG5iDHfeqJNKucgI7o0wTIQB16TPx7IlQmlfpX8v6gEVHky3FjRL/N717dwpwC1m0cos90GFc1Y+WhYN+nXEWJvt+tbm08ud2yOXJnV1/xQujO/pt28yXRfoCE3jZ+vMMpyl/R4gM2hWo2gzdRQMSaUti2hZxYoZrPkTTc2LhLH2Pupsu49oNkghpfonTFNZsRA4RUc2UaQvhP85HwS7b19MP4WhNsxi6WcpoHuGBsEyiSnQKAzBPch3H58ICnyKOpVEaMHlnVAQ28fCGufmnj/tNYfmX6+benOrTDT2RDevX2LiQr+bcz/efe+K2MBtwERs06Mv41K349sZwaVSfq5o/y3Y8y0+fabFnVptZKerp+tlKRcP1sM1piqwzViqdejVCX1GdxOufKuEUP171D9W1qo/h2qf3/51b9RWOCckZyL0clK+295S7c63xmm/cZiU7WEq8yP4B2+WK442zwaCuktkth0RW653hzDY7IAQLAzLgCmv+Brqvgofl0zmeAkOjEeBIAQRzwVJEBX+iXS+5O7T+KqwtCwVpeYMnjmQBGPA0fQLOJ05ztk9akYjVWOCY/jRb7OWFPBt2u1GLreLpB+UaufRTPsis0TVE3AMTI5bDCQTOGwoxGxqZzcQAYjQVaoAvVvlQ5DTQRNbZ4uUiGrrkHZyfdFy6JNKWPiBT7g0Zyu5jxiNB6L1PRh2w38GRPVwqFYAS7ueB9but5yOy/jlHLskbYBHnyiEVwkiZ3wZjQH5P+8d1m61hstPWy40x6b0V9pzx/63dX1qgnre0svdxbSqzD4yprtW0rPyaO21ctr1q+wUAST8FUdy5UXu3EE7q3RTFoxS2l2jprRlfGckGF1UQP2ooinH8uOwcSMrZR3LNOm5xlyqN0T8Su+5+M0+SkuUmQvffFJv19neKYggOQL5HgGyGzKf26JfI0LxfwkF+UsPkQnrr9pcHDywJkw07Q52nAMeG5BcSzz/Fmm0LNB4shT34HoCdCvRldp2chM3aeAjyL9te1o3OKG/4EVgB98gTdMz2sG/wEuSB+d6CZljKujWBkF2ZGEg9g1FFQiahu+eH33eqNxe4zmAErV9rDmnzbTT+CqAhCremUosMJNtFDSKXqg5+JxdIrqkUX+yZSvz0CwtdyyfExzg5TTft4FtY2w3W4Uoux8ZkSGrwtHmMZvsASV+tVcseqikCAB6yaiShdWuvO66sg+eQr9vKYwUNXUnP1fEnYkwipKWPZrmaL+JEMMKz8dT9ADreLoJgSLXNNoF0e6ZJi51cesekGbVD9BwnYRF2gtn5ms8MQktk2GXQKmOhU4UJ3Zeqo8SrleNBdBS+PGlPorM2Njy6QukbnMSy7eq5yuspxH6OVLTMOUHbbrwcX6lCq8WfbmMj0vD+sTPjyd56eHs6Pk6EF8/M19+GM6m337zffH337/IPn+m+MkOZ59d/rt7Pvj2Wn83eHy4/nhtJgdUs7iX8gNaXKe/+bZ8dF342fHxz7GpIoNXOmzxpIGeUxLLnujFbD5m5p6CgPzS3TEbtaCNCyVb3W6vWvyz+w7YH09LyBmAWN/gjqMbUKk7X4iuPOR8SX/cP5d0ThxiVUBkDlx/gugeVSNcCUG8a4zWeXdz9ICOfpM4r+UYWCma4F3h891XMwXZG2LztbZlK7/Hd3AftVte+6/Hv7fb5d8hYIqz9nRmeZESUtOXAy53Wv7SuVC6+hEXW10SyUmpK+F/2wHrpND97397wpHvntO3IcD9+e8h3BTN8Jp3yEO24t/7eOot+KkvWbQyzkP2eMNOOVb5JA34IzvAkd8NzjhHXLAd5/z3Zrj7eN0ndygm7P15Pi6OdmhHKxjrsM41k/eaY1Qq99SdE2Rge4kK71EEF2MobdtmCjpopkNxph40CeSnBrE5kzFd/EV/pb19B3de6SSGZAW5LHhhj0Vx80POdJT+RS38NmOkyT3qHMx9F6fonXItfS8vgSVUadWQcRs2DIuAMep+h1noqRa9meV/VJrcSeRUY0jtbgX+bzUCXqQHDdnqewulxjVBfA+S6ZX03lS+9BmQQ2FdE3GVwvryMZj2lCF2lQ5btVD8hrLZ9ZW89w6l0/bXvSrWBj+7IbD3hgobMrYBnd5fm7Bw0d9gG3B8R+mkw8qUT7lHKC+PvipiLyVoZXC0bveu0rnag9r1aitwOWymRTGQyf9HJlz3qGY/L+k0x+qJbEtf7C8QlM8gxO9IToknxK3oWC9jtxKssitMyw1TuUuTTw+GZe4baK2v/nsS9x2nYNJ93rDmZi43W4+Jr32m83KxO3GcjNx883QxM0/TxM3j2xN3IbkbKp+4Z3LYJPTfCtZnLhtmsuJ2xYZnbgNzevEbRMY31COJ243lOlJBts63xO3a836xO0Gcz/pAW8kA5Qa7cbyQDUH3CIbFLfNckJxu+7MUNwGkeLBWaK4bUJbrjFjFLcd5Y3idtPZo7jdZg4pbrvMJMVtiDxAMxiQVYrb7nJLcRvIzAzKM9UyY8/zg+2mc05xuxuZp7jdlfxT3G4xCxW3W8pFxe02MlJx2zovlUBv6EH3y1HFbdMzvmm+Km53KGsVt8Ew9vUxxbYpjDfNZsXt9nJacdsIpJ75rbhtA9eNc11xu7WMV9wGw3Zw9itum0L4JjJhcfsC8mFxG7xlXrmxuG26TRvmyeJ2a9myuA2Ep7dDLbdN82dxG5xFi9sm23gDGbW43VBeLW43kl2Lm1eoFLfNjtmN5tvidmNZt2S4m8i9xW2omD4kDxe3gRmruA0m7oMyc20+hmeWLm43s3LfYApuntm71MtDjolXJi9uAy8P35gMbENye3G7ZqvUNeb54naD2b643UDOL267zvwlve4m/xe3jbOAcRtw2r3PTH9eMG6D3VU8c4Q1/dlUojC9WV2uX/34d/M5uLgNuSe983HJ6xukTeJ2A+b3m83Txe0Gs3Vxu66cXdyuK3MXt0FXqU8WL253GilvKrsXtxvL8cVtSKYvAcfu831xG4Bb/rdTmr1Ce/9rTlS160vqeZqRl4rhuCQjFklTrCojMyswIspRTtlK+eD3DnEqHgv9m2N7DRxF+2oc7QxnpDbt24AMYJmjZap057LkRjo/mEsf5+OXf4abvxuYj85+6AYq4xVe0Oss/SvmJ5qhAhHE78Lhn/rGyxsf2xs78RERCLqwOCqqMWRpOaG3+OrfK0n73TvofjIBrnmqPXxwmaMoWU0PJtFTIBJxmRgzIXo20ohkIBRHTGGhlRvWnCTL/qwF2qmEVUcXcXlBJPGctE8785YelNiP22DMuN0kf9xuM9Uft6EJ/7gN20iv5H/cNtrFW0kEyO1W0gFyu8akgNwGbfKgBIHcNtnru5AsUKBzN1IGymR8t6o/fSC3oXvTnUqwEusGnCKQVfE7WkksWz+qd+YXbCoHvLMLRioAQmZz3K/uac86iO5RSrbEa351Fe2jA5COJIrXq7ycxoB6B8xhoRKBw5xViAgH4uECeiehUhoQMPpAdz2MGuAZyjy9AQNDkehNNYZODaMC5OE/iGboGJB8TkvaOCtGzMPniPwhs90mmLMUlDfg9GrikCiEUUEot7w2ASob6R4Zv5H1sbtCQIjCRjQZ+XS6LpAPSYVBMiGlJg4SiGsMWyjn83Xip90Yaj4C7vVp9sM8Pb/wNtR4B7BgGx7EYn81yBa0qY+ABQJjMWYOdoE3CVz4Z/zUwiK9lxfxcom+8JIWA6UFvHo83ZuxvbKdhVEfz12WKpzSYIDRpJKGnP02cFqfUvQ9QVfo1DMZHbZ8PksKG8Gi/XW5hhv8KhLrrcJRnSxKo/IBCi8U/yFiEJEWXsiQxXMeDxC4zpMM+p5H+8h8I/InzIPYMD8YtRkayGgwv4yvfB0r8JSkeQFMC8ZVyBLpeolm+WVmH1gyyKgRc//QQ2zPLbwSToWCCtAj9iz9DEOrKxV9DmDMKSwZ7jB/B5Un7ID7kLWhdKdJbDsMcv/oX0d1/LGT+ZLgVWpzC7w+xPOTiRQ5FGvOZQBsTBDlqG6uI56NEQqZSWNPOgW2VMIK1Ih+9iVs+CkzCvF0lX6yoXKvtJgHX+BvHUw2UFGMuwad/7ScXWNoyCseJFrTKBKdzCkYykn0UmgC0ajUD1Ua3OVruW/foBPI79WIvKzruN8YzV/mgC5e0Zn8zWYXiT2WVoQgyi35J1JtSaKIJtsN+C5Krith9Y16hM430iakUgAvfxLxM4UIWPqmvVfAo+SLUbT3IrlMytUe/PUjXATwl3enf+EwYiNNYGZutDiOVPYwkuEe2/AAUm4RIlH0eY6YAKH0Zzh4gd6vMxi8X2dYDXFPGcLFAC/yel34uUlg+0fjxd5Yca0tPhq2JQlTbs3Wc9TVn+afSIU44KTyzdUcYtDJWmt9FPxvfFrm8/VKC8r7yeeH0bcH9dt9yCWrpmnuQOzz+OhfD/ynSd4gOEvJPHaELjDkYmJMHKhm8e/xpLZQ6n8+pXxLM9aXWcvF2xovbr5X/EepaFV3xBI9UCwRSrE2W6QwClhA/5if9TJKF8LxihcNO/xUb9ES47hLCcPSKixStXkPZfA0n3OsIa5Ao8Usp91NPk8x8cLxA2LlFPYMkIPkCEQ/ki/S3EI8Chci78mPEmjZBKH3QBrUCEJx2hoBkS+VQIwwIlVkCwko1lk2JGguttSBlsQtm5MaBrgGtsEUYQccoSST0Acz3AK9t8DaImON7b0JYr7xMduEmG9OepF53P7SIN5k4HVRsbnvmpAjkdqakJPQD73+tp0A+FB577H4NhASWyHisUq8MNrhqjR1PctFTwNIIUIEUt/mZWgI8QBdgH2ptZ1Yy5uCNEac7cF/KR10m71PO7btrkryvi7rmxBPCq0gWGgHzuhENt6SAStSN7ETP2YsrPkBzTbUwU4MFuJ95blxtWuvL9RKvLdtt76+HtWguG1QE6p3SS1KBd/yUNyGaFc8S0W1rHZXBaO4DSobxe3aI6LuStr6aru+clLchocuDS8tpb7bjLG84TJT3O5QKvxq24CjH5IUYEflpzaeq3cpqpbJDsKpLcpScbsDxam4bVGiyl7J3ShUxe1uJOmvtmsoWsXt7ifwr7adFbDiNjTy0qOYlXrVp6QVt2sMpdy8yBU37xVvUvDKXk7v6n12aswpwJ1v9KxnQJV09w5sAvee2Q2HsUi2L/HEDqsZQJ+0VwtY8qOsR8C4lToBOO3hFQJwRTsoEaC6cdYIeEkv/RNWB8CFd9YFaNuBUBhAWiV3/873rdq72kB16KslAspKYkratDtcJ8BTaB+s1Om/eu9I/DYeuRCPfddCX0M8dojHvnNIGeKxq+AI8di6bROPTSxCCMqm9iUFZdty1I2EY+OAIRCb2z9IIDZuae9EOoKxSUoOAdkhILtv6BCQHQKy9WTubkB2VyT20ktC7wvFVtQyBGHrdj2M2V3w1aHNDl46bS146QQvneClE7x0uicbvHSCl07w0gleOvrV4KUTvHRu10vHuZZueHZBcaxqKDaedA7U8aCtSkTlMpXL5DWXurDTF+SnYuSjooJW6ckq0etmLKeOIjGVOVhlT9QEVJIbsfiYOVgeBE3i2yk7VJesi4Oo0ah0HQ6lFZKxXWdTm2xb917njQEJmqbZdin0sd+ABqs3RQx3ntLmduGuLyv0jKqVsOaoUodFj6JiB9HfRkqdYPYVvky7bzbbYec0MaFxlGtlTnZgM9r0AosezCas/oj1tUqXCOk/MmBDVJgXTRc77KYH8BbuCLPp0jvJXVMsx+Ri7pQ2AZk2Uhx2vNfLzS6Ssoy7kzX4btBJdLFexBnZqEh+kX5R7U1GUozfTFZxCoxVfKpUQWb7enaIIcTuBRGq+ztV6L0LhhmW3UnafNeLakXuSSuONJ7cK+kEWKtDAeoRkOj5o7h08OvYaamKsiFi4IKnFzn65KnKTnlBKFevE27si9H5OoaBVxhG7yyru2vAlgnQ+XTVmaLGF7SqH1VmuWS1Hhev5jsGAaSp2yveBuS8R1HJ7kZoCC8RVjp8ExUjVhBs5+h08IGASHUJTbrT1ZpHxCfxdIVnNC9QFHKZc3BHX6v1MKyf//T6jRK9demSiK+s3/8Qz7sRpH8HnFWUKvAXElkv1TVS/opvCiwGRdMZRT8xm7zxvFzhor5YocJCDTW2zxRVrMWjmE+koi9JIx5n7jnq9Se61wmLXcakqmsI4o4XID/p+7OkAr/RiTLogyi5Xmlx0vgsGYagcxJGa3e2nkf7ZZJEEzJ08TaZ6WH6OLIXn6ZzRCkyemKOKzgcdB2li2VeAPZ2uiL2bJaLXR63XOytr3VWg+qs5uRkObvZZpEuX87jLCGHkx7erBW/Gp3AN0Bi0WHaVFaGF6IlvkEbvBDHEBXVTVo84JiIYiGr2w5cyi84TTB1G8I5Kdu9y9iCWKXwqi6xrcbFG4LmRuSIDCLa3YHcoVC5S7nKKhNrG9L4SyhFpB45Q/IlMeszsYvb3dk17YE1eokB7YTKbsRH5TSVtSfuvM512kWtNeibE2fMOM1zGLTOZvX5KPs6v/kQqIqbMLpdK3vba6MIsnet5sPcflafSmLK0vYuI02XuaJ0gs+6V3SsTV5IW/Ilr3SOIQiYGoQo2SasfbziAq3dmvdhToUe2tbKBpjxORTkrEjIdLcg31SUdcwLjnQ+aXZWxNrFVXEawC5Qpss1XyhCC92U1CHy24TF6/qzP7DTuKbqTFY2uXtxmMwuJfGBMA+Xc3pVI2N9KSZcR6t39ZVVNd3546icp1zYubok5XOJNd+nrXlCtN64Ywe7aETrRGXw510iUP/Rr/aghB3ln7oiSw/jabzi+wE2ZYG3QJ5N07mIii0dExUcEVVXOnqdeFVPC+6RpCiQy+XxW41FPkahDWw/itAjr+KjB2ZqNIYeWAWM281Oq0hy8hI4zcP7R/e/Ofr++LsxcDGwn8mYGYlxmo0fAdkca85rsmAPLLJbiVjZtfOttEX27VWHLOi98SJ73My+r/KPICnwNW0f8HYyfl7EiwVcqlPyIyhgq9lpJSCJL5JUSYwPf9nyheIEKmxN9b32/XOSs3a6rJScf6I81O256Kv+EY0PdLQVYvNKMlqzpC3vtsxWQgNdIYGW98t333Qsqt3fZXkBGLTJEaUP7SrOtjzPD1GeVJ5BUxHw2y7EJ+je+zIhy+coesXp+0bRG7qgSbk1Ih4QTkKymg5Csk/Hp4Ca93sWKG9F50W+XpacfupCzHZCdHRZ1BlaIAnvZ1ReumU9KDprZ2VRBeiIqp+P/0hjfeqy8rt5RJeivLGuToHf0qLXdtDSbZcV5fY9S9HepbnG9mfUZdRqebOsb4nyT5sneYS6ds2fPWWRD9OvVx9YnfyFYkdL6xfxmCqpw475qXd+Wr7JH9Nt8Aqo7CqBQTLgYWDKwFifws+vOQfaT0v952PSQ78yhRtGnMCY/nqJeolOI++JZtvnV1gFXPnav5Irq1KHvIprqeXhrqQccq4jb9cp++1W/H4OxfWFnqgAY7d3v9OTqsMiggSJeE6lecbrABVcMWpZlTzdrZWxsUkLxii/vZI7pguYPv5J/kaSxgp7fEaaPRuqfk1mFGybmVIG2lK2sZlg87WbYPPyBOqxn2AbsnfabILM43WZVLBxhW3W+6N+HVX/slbXh4v4syo//+D+b7/73bbg82FZTBsCyRbepnaTTHQ0qcXm2J7pitrFnLTzNC4p328faH8gZTQqaKZApUF4bx0o1dfV/Co6vs/aY5pWQ+n79vP7STur9v2oNlesFb8mytabbZAufPToQlIoYdotJC/Ra/E5V+38nWkLDt17GB31Yk6f+7PbkIdtCLoUyookV0Zck6FMZJp1/FaDrIBurHnJPmAcW6qtgHU2BU8sG/rRJAY7Z2XFBPFMohpKEz5HdNLtMkbCppgXawFlGxkWsRmFsrkRYste009pGgZK8ZVzGimxWSTqGGRFNzLqNx2vLTHErAAU+q+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/84V+2JYpuOx62jW15ToD32Pmw9aU9HUd7OJyrDge8QnNxvyNz2RaUfZlqK4C8Lhtj9do8/s4L1/bfMkYBso3lr6/VTwd/2H83cT4/+PoQXrLw9P3bsUHSyfuvD/5gPTvYEmX7nOw8LYf8qrA5nc+Z4HY+7jQ+8uMOAyS2XoU+VlkjMSTqiODpc/Ab6tznmO4wp75+U0S3IaKmc6jI38x3agG8A7C2eOwjo/eLTzqK/lVv4FzVfFT/rhqlaELT9IuOg9FuUGFdKHJ34tgXnejkAxVXHUfPJkkAyTyiEQCOQqsSqiwf+i13kx+/yDMfpkvykw8Eeu2rLpD3FyHwBPgNAIKs/wPBUPmmCwjsViALdd0TO8c5HrmGb6/UdG4e1/pDYv3Z+3oYbB3q2yKW8tnQ4wB/k8Pn8OGMmHbpsFyx4gxlB+1Dwdpa/pEzGDgiMXYH37WoFwdicf2zZmTxejle5eMe8fP6aKcZvo7MSqF6G/jcw1twlkEfjbm8uYNbWbTT/0AXsuRqDDdx9cVruIn7IP3lX8G8QqdINxDLuGMXUP8p796NUSlcukMv3Wugj1/gbTss6qzxI6vhrVhRTFiJFiDrl/Wp9kJROyw6vejvv341Ho+/Mk4yD6shwpOPv6N8fp+Ov/qYZjDOI4pYVhbHxzplwFd2StdGNlIr7vY8ySaoKzhdp1gsnTpXQ386mhx/N0Hlp501UuHD57FMRrmjPIwsF52vJEg/0pPnYsvlRJK3Tur9fIVqbRyCmJeHUed73LOajWRyVP8e1yYRRQyoJ2oaj2ga9AQVI39ue/oslQK4y/m6iOfNRfBGXuTF6oWZyhhf4ydAONbzuGh8CE8pleRDK7WIgJs6GVccZMk16xFmHsr0EJWT/0ZqPrLFB0adSmJjCX5pW3QU/XeZZy9j1DYa05P6CnsEZFwoNRHv4YlWuDHCa0rCjz8dx/PlRcxaco5uV4gNa81OXj79+cHrys81ClabZ4t/NP6z/lbFzNDOhFoHqXKY3RcUTpi/qkSJykaZCH5l9NeWQxNTqZxV69TsNdKHQlvCASvgnyty/TvH7KSq71LZ3MTVilABHeDJbEIugLWe0QhSJJSnfZ1Z/bG9pj6PWsJQcb1T5GWaLxZrICRXHKGPHtN5UR7OMMXNYZmej+MCCPkqIfeXQwDymBaScdqrxew3msC1kNCGrpgO6IDtwSMrjsKc/pVNSXoXlO3t1ZPXb+wUxKnKmm6Zerv2B6EJ4EmUnUw5FifZbJmnmRiB5ymJRuvTRboqddQGbF2920c6mYOEStRfeOoIAbzmvSLT4Rg3wWu32nOFd8VkC0nv2NraibZjI1Sxw4qtuZ2ecXMEZ9M28Sd94dnWq5UEkxiQwoCeEjej3OH0jFo4DeIFWljUHg+5+I/rbNZVGrc6W3mVD8PLJ88BPTnFyKOT6JQfcTIRccnq4jslJkjleamuTNaBvoD0RzTFyVOMZQezphi106sOhrPHaCSR8Nt4CKpgeoKM8jVLFFH9szaO6Bcbl0zn9nHjDDNPPsdT9NAQW+qHdTH/gKLDB+n2A+dTOtWRu3jyO3p8etY6AXKWY59SQjtgy3X4jnhCXeVrdaFgNIcefFN1jTu7UjObUksRDZlCNzPvYTckLm8ZdyFC61zofXtC/MMOZ7VEzmkHki/2I/n0VQBW9NOrZ/w7OdOfRXJLGU8s5YSFRZAXqaTrcQT7AAeEnVJOglgPie5KqfEJpuMPHAeMdpZ+VmfkIs8/jrWnCX66HdiAV94J2KAftb/0t5TaUOcYPbTulZSnV/EBvkcam51Z95tvHrhefYmj2/4rRD55Uqqo9vH4u2+/ffDtiBUPZfopcdTC3pV867a3O9LBjM2J2URNDcRvG5INn0fnACFxRs1NDH/bJiJIIwpzjIsZHRwEX0fX+x+Iq06Ac0LEeIh7dIgo/aFzO3ZP39+onGmJ/miP+Lk95ycfcMYfFKIhF0nXGQf9KKxXF0RaqTvz73i0O7rG18wqJKCHc6F1TudEUxBFsUY7olQ7pVJds+dU4BKeRFH4lAmCVH1xCZ/HaxiZkrXv4YOHy7gsL/Ni9v/bE//jrtlzfvZJ9EMRny/Ig3R/7zeTyWTvgOBDxUXsMl77e3+Qp84SJSrve5J2+1c7Sa/jwOqT/lqqVmwSRNPoBPMNUFIO7TEIfLOyQuFecdY7JR2z02xLx+hXa/kcmouc2bR4pTpYcJJSuQJ4Em2Asuk6yXHk0fwM1Vpq7iPhlVWXOO3OKi9uJoq6ePIZD4VW7TRbrY5d9ZNqLTvSv+kFKgq/aJNgVeMcNOY9jmF58bhLle0fQuFM9NM9UxHZ1ROu0aIcallLMeL6WkxViDFCb2Z5uXPQIplLdGVC1YhMIZhtIjCgJ2/XQKoJpoIocP34g/YV10vmqlfuLOVN3UHlqZfXvEBtZ77yahcsD3nap3slwx7x9SJdqiuJMNa9Adx+JoZJdc8Y+jQb4d2L/3nyOaViC7Cdj/OkhF/pl63hw1PbFXTEH5o5eXLuswoTCRSUbKchCW8/zfDi4aW6McJ2usbuFfeQ5dmY/Z3b+hfowT9s4G04lAxDPtf8hNWe8xjzkkqeE9LHoTo+nTpHoSJtnF7atZce2bE9s/H65bbs8pmMMUd214r6fVvhnHQ+U/vVxaP1uZwO9yjtWRLdQs8cJcKG5O/o3R2/Y2bNia8QyeXxd7wpCFt/BWRKixItlGh5AUbTfiY8sdVN50BLHAB3FD7FG4uC2yIg33R/UU3Z6i09kpqoSO91UPwe/Gtv5AgetI/p3tNsj++7xuHTlyMlAtujZ3uTwRf7ZuZObBX0QV9kB/YA2UfWeotUOk506UcVNQGttjWFCQk7JCcB8vSs7UT+DnnTjvxD+LhcL1FUhPdfsTHyibHEtnzFMuNrNRHJ2yXVBGZJpnQV7qzWnVvSTmvGFaW1l1K+L1FqXS3PESRpNUZ+F4r5jbOmVmfSlji1NqOQQDUkUA0JVFtaSKAaEqiGBKp+OxASqIYEqv9MCVThxpzNWwMPKmilXqs4S6mTrfmw/1Bvaaa6ZaJU4cR8synXVh/Uqq/EviV8UxLvJrNv3U9SVlN21XSK/ny68DypsovkHFG3UJVZvAyNfcydpI57mQPKbU3rK51V/FnkScnpeeZzrRhvgk5zbwwpXqwIHd0H31a4Y/IrNBLhzQp0eWNC5/JL6PRKkHq+tnNCfY1bMDvk8fUfgA1e87Le7/AstBGsE7ZspyAepbldiHlbKb67fCYd6zKfKKiTDy9r4uVBTzolbAiXrbW7F47NaEycznGL+8rF9jPp1wwaqHW+4kCDfuUgV1rtqbLuzSBUeqtg70oVZFaOyEg2xTfSSVv8qMfxkRIEHbTDx3eiz3PCfTl3eE2M7UO9u6t3WDaAjtn5ZgEIoQ2bhTaky3g2Q1UwSE3pAj5YxovesIb2lzaKaXj68oTHf4Tj0wMT0lB92IhoqM2dt0+HLVSffqWjFl4oQzwyb1sELrywaO2SCsSSwjUn51q0o/HopHMSPLKiFhCiE/zsVXI2sTCfd4UKzr4wvzZodW0u5E6+m7ngtjTn8mfza99c+gI6cFOrG34XwzmqqNcRzVFFsRDMUWkhmCMEc3xpwRzVU++M5YATVX27CqVuKUUIbY9CQt7qcP4nGk84wHIUTUZR+RYOzgjAUq9+qDcYbNOf6O5v5Uv9GHCgYtRHVb5StFSfCw5Z1kvujFp+elbpkZhr5cDKKjD9Tz6hyhFEOZgiFqMKnebRNcoP5Ot3FUnJ2ou0mI1RmXLF6QpHlTko7nsDN8c2qtMKXkVsSGoRjWcn7DaZR7eGosn+1MTOHc7DVYXTYlHsn1vlhx05B3TZreWYepGePpN1jfhULNaV6p5rUfttRn+ESvSTIPNiBxVSXCVnZwcWQYhLy27rbJ3T5lTd08XmQkkSsh9Ge+3JFv0ok83Kyyo7pfRq8Yjk7AwzlsPVdqVxhLX8szXB6TSefryMixmXkAJ+TNTyaZeqXzlMs6uH8o2TBLWlZvHo6FMIn85tzFwHVeaIW2sucPeLHMggxr/FKdmWirw7TWnLTW9ODF72VLoC86cny1V5iG4in9Lk8hDzMMCpHuMEx+KAfEjS4eFv6D/DCcLOvHw28dgo14tFXKRl4vAfaZFk7RZ8NUwLvhq1Fnw1Nl1w8NW4JsAGX402GAdfjeCrEXw19KNd+mpsa8E5Q+zmn9wmnKDp/8fS9GPhsKDoD4r+oOgPin7d7oCiXwzeL1qVV7WUTfrNNk8eJe7biHSazPPsvD3upysep5VNCOaIYI4I5oi+eQRzRDBH6BbMEcEcEcwRwRwRzBHBHFFrwRxxTYAN5og2GAdzRDBHBHOEfnSXzBH/9AElyS0Gk9BvLXEk3SEkSWf4yFc7jxw5qSjG6uaZqtpMbCCV3/rsMk17lSUdp7dlpxo8hxuzTzXncdeCUPrMUsEiVWnBIhUsUl+sRcrbGDVQw+qnXlUjG/vNIGsS6VP7dbnqtQ5NLlvZCdsMCbyM25g+0fEiSQxq3KDGbWk3o8Y9Byy8jFvUExVckbe0oSpZ4Zr0z4Is6meLZWpZmZDi2zH2SmJo+4C2TNEywnTMNZh5W1sw83bM45/LzBtJpYi+88rlJFRFGf6X0JKeS7wtk0iXcbmNFI31VV77uc0SPZa57VTP0uH2uZGjZxDM/1kE8x35jAa5PMjlQS6//r0KcnmQy6Mglwe5nFqQy4NcXm9BLg9yeeXnIJffrlze7v9wYx4PQLxgDzOYCvk4pBlOeTyNx0jvsOw4MJnlVblKFof8N95lcIfhh9zDDfpMiB/ZLFnO8yuuiNjpNcHimBEXpV7Z1cPoL8mpzrV7yX8rVGkvH99So5znQxCRLsbyVu0lLmptw9F6gepLR4ciOao56Im/SpBt+NlyoGAs/HRs/akkdPES2Y2DyHMG9GMNaHpmHEUazxsOI82t4l24yIvVCzOhcbRgomQcShpffrVzx5LG9JUnXrnGqKwyej2N5zChn5aH8tfj/DI7fMWVdw8xx3kyOxSHvBYlEPuLLS/isqaDsn7p1f3AQZ2r4tL5GVUAXGF93YzYEe1SuYqL82TFqdqJoWnfu7YJYlG/dBpXNXWvqj82yWzPPNH3+GpH04OeXrXPEZ5sOkFvQM7qU4yYbbyIPyUV6RZrDaNuh1inzuWItqB1QT/xs02XtM5i5f+4E8hb/bVP1zzvnPIM9TJIb+xbr+Lv84AP/gZ6xQqz3DzM7crGJkViraPV1WNrzm8seZKrUhfJIsdYrjRT/rks7HxGJdQ8iUtbNRd0mEGHGXSYX5gOs0FKSJdpn7mGQrPxyRcY9Q5X4bMkO8cb4Ljx0CFvwnd0E3eWnejXcDwHKWWxXlh3WSlVJ5BsS5Q80NjL+ZXWxAghF5rV0inRaphXm0LBrjZxFO2rvhSNt2N49JUK1K/MMeikjNK2+htEcmG8g8Yzd6mKbhEWRYN12SbHV3XuHNaVlJEuQD6rXIPcS5fwfAoybhLXI+MAZc9RTn4MSwLWN9lid9/QtfuZdpgC8dKssr+xPV3YkEX8MdHjw3acEaXpALm1VawVPiO2nIvmWv0aAZV3Gf+dZqSHbukYRp9SXiDqLLK5BYo5skJfWM8cvazB68nnaQJcRhtiSqyaQrZyXZxRUW3Rrc3q8siEyszy5mqw4NdtCiim50Dw0wUdE6nUrYMg43bcqJyI746OWlQtm2OxkjA2QZ4XmiQooqtY2+qcj9uOOXFvdCfT9YjkMY9mIKSimJmWFwCq1WWSWCFtf0uKnLa4ohLdLTA+pVQRJ0Xlz9WzFG7pTU+VoZc5RrMxYF4nDJECQzwzlfHqMkLsR4vLzQIq6tulzSFZArs9BRhuAj0qC657IDJk8OrJZ155BaJc9lvLVe1WJO7QkrbUIac0EPQdGcVa5cs24D1dseqdypDbAowWNynCFXVpQ80S9crmHnrr+ieMMqgQQhycV2FqVyzvNhgOq2zeGYffmKozPrp7psLBqydEc3VVdhZaQMzBSuNcwh1FKlXbHV/uHBRkQ7miuXY8FUprFYJU86ncBj11P6xBBEcVxpHXjz9ojkEvOV7CCe8wQqrWxj5aT/tiULEpqHlP37Ghdn+WFMX7dK9k2CO+XqRLoocc8HvWswHcfo7n6Ux3zxj6NBvhnYz/IVrBXMHjPCnhV/pla/jw1HYFHQmiTSl+m6I3icm2BNVSMikkBpJoFs0wmpeX6saICytSF7tXBkPUsylDfbN/gR78wwbehkPJMHSX8RPWgsyJuxJGKFYmgIaRqtoWSXGeoGp+euHaSydBkvn6bLe7MpxpXQXeWs1uqvUXJoRz0vlM7VfHC04joc/CBi+JbqFnlv2o3mwrQB8N7d0dv2NmzYmvkEW8xCP2d7wpCFt/BWRKCzhmJ2TlAIHSfia8v9VN50BkLccdhU9FYkI3lznfXzBm/ZYeCe+C9F475+zBv/bI1N8xkH1M955me3zfNQ6fvhwpf8IePdubDL7YPYLOd2CH1ta/DfntimjGXSH4MccAMdxEaoBHFvZRM4soI7YJa8klMYVDOTfk5MkuhUq7bbxKXnFHov7DvTxLz7H6cbwARH3J9yjvbHrW0UdTWyaQeYNa89+rMXiy7Zvfz+ks4s+v10V3ahy0aV/92OIRpNrYKUk03+sh1/53r638MOKaMc8Qg8kpJ1DHPlujviE+zdm45L7+SRxuduq6r34mpbQMiLzAaZnP1ystSu4nnx9G3x5EXAY7KaZoPzhHLaPHVPSqqJfjo389cE2F7mmciegsjrBg9PP4s2VWQtpz5OrjpDZ96nGOlbuVs5a9CBC5inydzRjlXf32ahZUe8IZTh6qbFUsRiN7CV8+OPrXkViHLi1Z0uw3EPB29x5u6Bhl0uSYhFhF9diWq7hYAZUns7Vm6FdoHXR0XtUdkCQPs9RbOMtpXxJSY0XHsBRLB+Po1kjRP6K3XT630IJMpqeoRvgIYjF6mjUB4+hagwwBc7Yu0KtsFCVZqVRcuPKaTVSPXbDV3tE9fI3OaiuJtlBaMwEyXuoghqN/aA0YHueuckcBCRrnxZgpjGUVbYOlfRj+oWmfbbtuAP96CNoAZPYjaJsTo5kjoxMDsp1U0p3YSyQrxo7tiVlV1ehNzHCN2M9v2w+PD6Vz9M40UIhOhZAh40l2mdFWM9f05iwXJ3TYwJLdgpAeNcm8IU0uqa9CrttOiWWAWqEmlwiUSz3TRbvQN2HVBf4d064eobA7CZkfcVG+u5buNHrE2eHmV6JrhT/K9RIzcJGhVrj1ztCCvQqfutcFDzlLCFIPxnZTp32l2+2RU7THEf96KurFKoHVNs3Ncoe3G9Zbp9O5Xa8xhV9czGSx90rd64DYil06F6jhN5RGGv6zrS8NUEJg2/Hda81R1H7rDDpfE0xmpAtgBxVUKKAlCn4UU6blnIIsD+WjdJFeIKVAC9EpmXyBVnk+p7uGeiXOskhgWbA7ViY+jQHIJVwRlYYJO4b56zoprpgOQo8mTSxpeym7Nt0ai3yWnlGuWAmtcV14NTRrj+DB/JXj83U6A1QyQO3stVcfFkXnSYa6laTd60M1/722+5PNzpeSOJh91UeooxCbU8Ju6HCVwR6pT2Hb4UT9tZMVxUbuJj++ePZ/oqc/UD80HmuULuJSmBPYA3Hf7ow+wfZUvNS0QgonODJuLYAy6yJjq77l1aSoGWwyh6K579bMdLiMy5L9AlKx5HBn8bzM2edjcYqOgeoUMDjgDjkD+LmZs0SvWMWZxUyJSxz4ExoQ2AevAOm+jOShgZ5L343ILilh4fRm5Jao9nFO7jrKA4hnqpW92pNCq+xckiYvNs8s/Kj4RPZun4kXUmpChVozhj9pxcqRNUCXD4NqL358I2gA2/HN0fcgoKRAw4CXG0WpoEKSUmyRvHb/6Dh6JP5BwPB/e3TEu8lpaR1DsYMdRsdjOmQrT7LGA1rDlIiOMOFnyL0rxS37VgBnuFohGuuUtYS1LuLJdAwJ5FW0r04t8C7xGXtzJcplhn189ICv8IvxCb11ASBJigPnhp2QWW+mlHk6BKnXfK/aNV/JcHoWy3yVZNMr1zIavrk2+QEmPZvqxMDw8DwnTjiv+e3GFXfd7kV7XMlzhxkC2y1zAc/ZCiGGPrj0S8vwXBXASyYZeXEeo4suvacCRf7moh37FJbBtzIZkQ/01QvjX4nrgrIvlxwdQA5BnMhdO2a5hBrunUJrdnqjz122Fq/LvDvkD5v/VhGBUaZMITpIvBhfVcjLJHpqQiWZ4+HcHhQyKO7NQH/mKyAs521GB9XKfGECR9m1mP2EYnXXkkmDnIdtem58yeMlssoFyuzt8YOmxUAOAA9gz4G2TTTxgY+xMgNSpAyO/owj4E1yE0MUBB/JQCGZUJwKaRX35sKVXvdnuw1FLPh/IG5AnYpSorq/IKpmQtZ2hNjUWcWFmn8RBE9AYm07AJPoRAXwm146RXhsVbsoDrQnaRD2TBechMA8EK8YoIR5hihaC51wocWLnJUyQvFE22Q4MNIvAXmcsd+JWcXY8GU6YoN3/azT1I5tRaZcNZxih6VagAt/BbBx9PjF61+enfzxybNbOxsaCl/Uocgvgf69UmHZjlvc/2g8E885tZ2zZMlUUDkHSrgOxes/e6bfEx6QHO/QqOI0miQYLzRPVixemegAhTvnIJSjQnqKlzC6Jk40dy9vpng9YHAwTSy2rmyX5LLCywk9EzLkbVNRKNOcaWiJWMn5d6tP5tk5zYB22ubNF1006h17RLKCzrPg8AIRlMRBDNmitUg1GeneeXRuFBF7HYqGuH39WEFZ46uRZMgc0JFF51ucPUwYcCS6yteRXF1XpEe47LGaRRpHT9TbCm1qOSNIGDYEMFahNITy2WoUOekemf9UmDKTVFVhpBBBxuqcdsiFIT7Oldi6QvWarZoa7+VTFZjnmztHNU93MYDHPJ9+pB1+jMd76BR7UAcbkgGqPXLy4jHKjKRYxwG1gmMPYzPOyY6lJrEHwAdxB2SGgssw9Q5jujUnViiWCXED2WXMtyWrFdeAonMiHb39m9wv5A9IR7JvF1AlkHjl9akItkJLx0JLARyHvzEgGs8ERr2DIxd8Abw48d1V+kzVVeAQxHz/E6XUNAlpUIKneipslhk8UoP3L902GJ65quCY9iZn2qyngl7SeOUD2UtmJTJbuKF7aAFdpKV9MGjr3S6f2CiJzGUKzM839+9H+z9lEqNDKuEngA2rqwMrSJe1h36HrT0CqtrMXTHolOkjJCG5ChPp8tPhtOpG6gWCfWPtamXduXM61uRBOey0mb6E79ZCSpvNmwa7hX9uQ2E3JOGaabvPRuZIRmaaN6SA8d81oH56+vhOwAmWtiMw9TlqYxtbPInztdZMT/YLPTqbMe5Zr6rSqRvDNsQ/t955t9N4z+DNCG/VPC3WUvlPq7vsqO/TBGSuNC/U72JvvyVbNi51DPf+uLPSlw+3CxfFCp0kOpLU+UOu0llL7r04AraVCpqiLVpiu+FhvCzJUcp1koixoEtTKQLZuiU+N//v//3/lGbsJXlgJ1jJMy1bcvb5wwYbD9iadHAzGFU6bYWTgaJKhzXWBSmddWNN40Q1+ZwybFqqU1X+U/npW/yxNhy3xkXbjbXFVN3x0IRHod2fZnkV/VEtYPI4XsXEq+ZrF6ngKSfEMnKtXF9+x1ecGyLQ7U6kG3BNCpJTIp5h8/O4MEmio0kXoqOIo2WaTFVOXqXuYSOr/IikplAaR+FjvRaCzSSUoVjkmI3h0f9+/eOLwz/lSmiZUqw9JdNYkCZAJeASivuaih8Dk5yeJeVqIr3BXry9/74f9pyHUkpRjrQcq3KuWLhPANG9G+vLMleqs0tazgrN6rksZ51Q7cn+3YqiPcoLb6b/d7yBf92L9i9JibGH/9zjKWnRwM7xYabGboNFen6euD1YVaMsMXhtkCdsivmvrO4ysccYI359qgBpmGcVNh7DAguSfI7ua+0fQPJAXDDKK+iL0j1OUaWdsWUaVk1e4mSdukzm8zEbDWYRZ5b1GFNtKZvvMd+oM/dRC6z8D6uP7LTJOd1MfrpDEtQgKPpIUZtAcTNJ6qYzO9ttINB6bHSqbQY51qTeCfCRrehwl9BTDNRmvIAXDF/XmTWVvQ1oHLO9NZ0QmVlmfEXFmaOStWnXfN5xj8iteno1FlaMRA1diHnqilXmNmBTPHQEm2zERnqC66ECHqqCARDzlMA3lcGjqNvxW78xaDewP2OFwg0xQg4+M5zfdJ6vZ2N04lCySsQD9WRrIBY3S+cjWzA0XnYL5ELFHvUy4eAb4judBkBsthHwNWwtHt88QsHmdTItEspm656a57bOKl3uGvqm57YkciU9Ze6SzCxtmyQbcV374OrTC4Qep8KZdU+Da7vse06bPOXlc6ZRcWbjqy7VCQ/MYAbU/XGOIN+FcqfSoYKF/BjN+Fc7T1Et/gR23elKYpIdxZyxhnv7wR61tIMWxGdZNqiXyfcAGdD8ItaxEk6djz/YGp0qnY/4CtWUP1PK4+6j58nJEZ49M7LaMFpztK36y1drshuNiSel9NSUDCOSN6khuX3tyF3QjNySVuQWNCI3rQ3ZShPieQj7NSDDzt8mmo87ovXwhFi/tmMYxDbRctyOhmMAgDw0G8OhtJFG41a0Gd724gFajGHwum7txR3XXHhuQK/GYhjQN9BU3IqWYldy2GaaiSyfJY8LuHUlXm8nQQq1PnWVMErLEC/yNedWo2A8nbShnlS6RF9W5H9m2BVfu9hzX/ioRCII04T5PEbRIokzk9YGeR7oSEVrUf8Sq4qz1Ylr5phOmCOUnWELP7558jB60bJoHVjLrpcfcHumqzmPGI3HK371wzYClpJKnj7exdaZ3tSmqdgbcd8wh0rJpDpcVwJp+8WkSm3LWkZe9TUOhEniE2LfzJ4JQz3NgR6Vy5y1Hcrvvcd5pDayVScP536RnmP06xzJImVCXy8SjrCzCjpNVF4XylM3jUvCMCUvY2QWZUBxOV+Tm6nVJS5Twyx6hC6G4/UymufncGGIxG465uqeRVJamSlyAg17mBLH53QMMMlQVgbafAuZkNzzBIWWc6TulLi/jP6sSQuPNon+0rKQ9iwQ3CjmDdYE0xvnZ+NVkVjbTbnr9SpHtYBoe58sWFBggEvSRndWxffHZjAk2gqNVcJlk2vrJOMai+oJAxdmgVkT0oof9e9KlOY5Ats1D45gzkjuw+1LMWc9EggMobC2jeq6aKibncLkyAUeueKjhPWxC7Anpuvs+JxdgjAKbnvJwcuxgIjuzXOAZx/1GSR8VkCv0qE4VXPsXX0Wk9TUhvgKJ/qJhgcp/NTHufnTwU8txYGUy5p1EuQ1f4KDF9FKAlqsAHWVUKLppuS4eXoh4vaAHJvROp5betqONxqKuNb3NstH2lVzsmtWYx0WXftZZfap/NxVzYb8/gbVs+Eydzai5KeSRGX7kjaNomEbZVutpcNqqWy2zzXmiAqr7Fa1WjTNUiyRq8DbLosTKID+SUdN94DhTS3EWm2IEL/WUibOCX/3zaAJU53CvhKt+I6dYZ2YYE68JQ/Jba+rxpzd9nV1xVFklVccRVJfcRRxgUWMC4ukyGJL+j0HRalUDuyD/sD6hdeDNNsUStllgUNrl2CH00LSXFg8r6JbLTtyOwU9dP2C1Eq9E9vlDvQbp5Tihd/ixBg8ZdJyf8pTtFHBAUN9b0ewFoCOcySIB610o3gWO+BRupaZUBKrMSVYFpVv212pZXpMBAyTrc6/HJTa4jf0n7H+eMgBaikAuQvM9KtT6a6LogrWOFMnEsOHTGi5wp3RHHl7hH2Nyioe/Pjo6F+t62caL4E15DoDyRWlzeAcRG1oUs/FR9kBmLwRFqLYcgUMruneqkPTOkUyzONiaG4641Zncr/ND2OtUOndIUke1Vd3B4dhdb0pWJJ/UYW9rZ/syt7SF0kmBrR0Vl/LUa0WY20wirhOtTnqVVx6rZyv4g/rr7bW/hVWEsuOD66mLC4Q0pNdTZbsZg0OmIvAVr/qrYYsuZmZRSpTCmpXyWLaeNbmbHTeQfUd9gnrXiwr8zo5r9a01elnQw3pUEM61JC+YzWkWdIJNaSdq8MWakiHGtKhhnSoIR1qSIca0qGGtAJ5qCFdaV9cDWkatY3ihPLSobx0KC8dykuH8tLNFspLh/LSobz0gKFCeemOD0N56VBeOpSXjkJ56Xr7YspLs2fqyxxkDwfD438j2v1VlH5L/skuxtU0OsBe6xTc2kuau+SKH1iQUkpP9pRGTWfmOCXR3is4Y/liFO29SC5BvIdDt/fjfIZ/Obr5Cw6Z5SY4AcsqYi2hkagaOHbhsb1mo87EQptS3atzjAQETVf5Wp624wVejuMFXmXnCx53aKhA3jaFUIE8VCAPFchDBfJ/ANoXKpCHCuShAnmoQL5xBfKON4dVDO9mhcfVzzve+TFjPtwBk1COPJQjD+XIQzly3UIN23/uGrahlkaopRFqaXxJtTSsLK6hqkaoqhGqaoSqGqGqRv8aQlWNZgtVNSotVNVotFBV447lpsQWqmp82VU1QoWH9hYqPLQtNVR4CBUeQoUHvzmFCg+Vdhek9FDhIVR4MC1UeAgVHkKFh1DhIVR4CBUeOr4KFR5ChYfW3kKFh1DhIVR4CBUeQoWHUOEhVHgIFR5us8KDTt/Vt3zzot4QVTNB3EHNnrRGBDdn3ZkXopqSWScYU+PGqrCEyeepLRuozHVqo9kxjT3aOk05fdrmOWzimyIGGU0lX942384zRAvh2hMrqdpKj6JuR7zXJD0zZTWgG7WblLHaTnt265CgdQYkcE5O3WY09I08xyRolIYkJk4beRZK7Dzii3ZdVtKoYYfddBTewh1hIi29k0VhinIeHpSumSuUxjAR4uY73usl1SAqlnF3yLN/QqSL9QIwD08zH3DuF7WlxMFj/Bk7UUrBAwKR3r6eHRKOneICJEnLpgvmrHrbrpf9QCk/n8oYrPGE0mkhvurVITfdmSC12ql2WUXEwAVPL3LMvAGIRLwhDIYoV+VS7TyU0fk6hoFX6AlKGYs9AasyAm4F3BJ4tyJddSZY8AWv6kdxI0TVdOK4KYC3rLibv+KtmOaouirZukCetnaxBRK7rQDAztHp8JcrlaxEE/IUOVcckdhiEAbhnOYFCoJzh6YMd/W1Wg/D+/lPr98otphMBER3+EL//Q9YTWDzHWjhIzrgL2TSGGAYfUcqX/WbAnM103RGqjrPxvPqDsbzxwoVkGcosn2uyACExzGfiDFsAjLPoce5e46Kl4nudULjWDk1tLoRd7zIy1LfoSKenCi+ZkQlP06TKWbLtEKPDHvQOQkT33K2nkf7JcioE9I6SXJP08UBu2PEp+kcUYoSh6C7OhwOupLSxTIvAHs7tY49m+Xi3sdRZ9gEB3a38Wr9XHhbaqdQXStU1wrVtUJ1rVBdK1TXCtW1QnWtUF1rF9W1uk66DtYdUP6nBVg8p8eVnDfLIs1JKARKUJnmdZRhCvWsQj2rO1DP6kssIXfnCu817V0AqjKfpoS6ZNUbRKsUpvK/pMvKzH6u/NaAmCpIdgrrZH/+TeqRbVuCTHUaioaFomGhaFgoGhaKhjllqFoXan0Lr1pi6FwnxadcZcV0ETFVhkpZZNTBFGbTyKnXUG0Mx6H5hgpjocLYP1KFsdajUqu9qm2hppIsAQh+Oc/FVbNalZXz5XxeWRzTJHpJlVnR+9O+eC7Wp2RLsryc4ZopDy2fssO0LOEqPDw+/ua3R1wMCpFFJQ66IypuRyk0h4pw+5JebmLXZmj6WgWyWUKA5QW4wJOr0r/BkVb/MBkISWuZdLiVj7H3FNNCxnY+VXPFjsjNVo3S3YdF2xUOyp1ppYGtcvr/U3d7jYP8Lw0UGUT+tdNB5BDtm/WoYQ6iAp1ZRtHHJOGstcywaqYS+nz+uHXbyWHnMi3Z0bktahpp0EOFP7bVoFhnZElHY3vbesRdpwMrvo5O2nGBiLtc+0RjdbfSW9vZ+Tr6MWOnhWohOLsGRHOGl/RXUVK3in5lmDYs6xjnDdVlQX9wRvmETh35dmKZ6U/o9akESk4qjJNpP1TKs7zVfcALPJx5U5ZkWKNFnMXnxhLr9FaHcZxQY84MmLcVrxJAlt2zblW/USJrdihvFsM6CLUbN63d+EXd5Uff/Pb7673L8USuVydnMPImWGB/zxvIsMPyMsKLY3oCfsvOYJsUOOlWpjA+Wwn5NGHTxLBhnLUKsSZfRbvWAkYNigKnpU8Pd1crMfxT3tD/c/L8mWEXVR51PSfZ9lc/PHrw4MH3sgmt2G1SLK4k27uGGauJUXp6jkqD6PtRdP/o/oMROiN/H8WL6Kc3j1q6REq5hy+Oj+D/vn9z9P3DoyP4v//c68aObldNh/wbCpSGAqWdUw0FSusQCQVKQ4HSUKA0FChttlCgNBQobbRQoLTaaprqWy1QmnCcRmdYrR/OWt0oCb9Ufqu8NnLakZewyFJ2kcTz1YVx4unoGTHlAuVq62MdPaeVH/l0ui5s1fc8Bd74ajrXtjWAd5LNUE1jceKbFjldxJ+fZj/M0/MLRz6Nu1rIzZo8ytrkpIQyZo51tjJKInjGT61d1ZC+AKYOA91XxnMYha1WjYNqryzsoLPNnZQq8YNVxku8TRIuzqc89pU2B8lPOncm+Jtj/L8tbO2vyzVpsISXU1iipHWDTAdIWVDJFUtRMDqIEsfkXCCrSoHD4biIebSP2csQ4YSO2pA8GLVgPxG1eH4ZX7nYZXHxI+8LWQZpzriqmXUsMHNNpMZguuDo9rmFEUr+5zpxqOj4bNUlrdbd27j83H1Vfs4u4GbsdZz7wNRovE9lzlwMj2XPV3pR54ox3yorlUcV2pWWnBSGNx8LtJkI6lMs8MfSthqjLWRaNYpuU6kY0k/2WrFMFqlqXcXOrqdYWyhI3fVWKEgdClJ/cXe57WkRClJXIRMKUoeC1KEgdShIHQpSh4LUoSB1KEgdbVGQOjqRbbE47op0QlecqhjtMlHOQg3rUMM61LAONaxDDWu7hRrW3QsONaxDDetGZ6GGtbOFGtbuyYca1qGGdahhHWpYhxrWoYa13UIN60oLNawbLdSwvmPVt7CFGtahhnVfz6GGdahh3bHYUMM61LCutlDDOtSwDjWsQw3rZgs1rHULNaxDDetQwzrUsLZbqGF9TTWs0Y9JUh3vsox1tVsd0IHRcCizaYbDTiUYr9C3aWWFbuickNrjTiRgx/Bw7WMwq04Do2RmOlfVOrCUZ+fEZI0GlDniqaDvypV+iRiOM0zalLhKZdU80I9UcsathKhQaPwLLzSOK/kZ6ybAoVgBLu54H1u63nI7L+N0JUVxyHX1E43gImSc0GpGczApQz12WbrWGy09bLjToep7qPpezXwXqr6Hqu+h6nv7KxhegfAq/4Q+bLsgh9UetcqntFxb7UrTlOUPVjiTEN0Er4rYzurGtWLMN87Yc2sHbUfVZHI+wY2ya0jL1Rct57EhyawUQ4dmSaJSJosYNnQquO8YujZNnbFULWOFzs4y6IiRgw4EEIl4tjDTUScO4QVQeFWBp0uBK+PB2rgcwst89h+cpWBEZTkwQNX60dqFUZSspk64qgMu6k1O06rcvi2X3BGDmi+aMhVighremLkLzOsalfnZ6hK6OLyIixn+UUtWUf67i88gOJJ2nvGGU6GYOrCUTBZoBhAKzGgjru0Y4WM2h8jDbMY006rFndfg7c5MQSxl9Xq0MqiT0hF3BSezJpTmsiv3LdD3s6xPM740awfLOkMUQWWye2gEGGFlddmZ55QTobAwAd3nz9LPkh8Po5MQcj4nOzqvzkACtbBiqwpfotwlUj97xCfbQMHa6Xtl49x4T4PhoBMnqwRieN+p1E2AAMWVNbW9R5VDb7DkYbQX/ZuacO8VcZHMl0y6FnhcEykZzrVs7eK+ZXS6Pj3VgWZ5ben5Jeq6ddDFoXpDyJQjZLE3n1lbwY4KapuMUCQlSFiWixnROSWqB0bR2JgtcDaOuADp6/Cqx3rjqL7cumoP14pK55ZVBG0xWPb8E2WeiKnstVn0vlAbjKEjcQZz+uazAz6CxJgTmmOfaVbbc9PNvCf/ILentdLWyAEllC6a8leNABVM9lKVwroErshZ69o0Tq/zRyDv9dtRjUcUTP8LqCYfsgfFjKwgVzb9r9y6cVmnGX3TWcSflZ3+wfF3fS/7GPW5LVGrVABO/Nf+23j8t6Px9+/3347lr6/VTwd/2H83cT4/+PoQXtp/ezL+T/nt7Vj//cvk/dcHf7CeHfxLn9XMVzHtzguIbVzFZdf96aNJxDxWRGKilmzQ1Z7cqRCbWQNRL4mRRa6od7+1dGUkhBE6vvnUp9r3JyCfWkqNqUibZtE3f/ka6clK6KoKapibzDfN6IptdCFuzBqb0TqeNwt61t9oeGq0vrdZWsH22XfPahw16qfyzyqatvJzV20sro5aebWnOhbfFjai6Lru2xfIupbizC3FKPe5NhQpHVREeq0sVVvGrhuqmW4uqL4qYdY9KhuiEuFJvKDZk9YsU81Zd/Ji1cq4+t5X45LrAA5q6g9WrmCnu5LOR0cxaR28Vh+PNYdNfFMA/5IqM822ObufIVqIirnCJ+pRlDII1TiKj8LMqCRfdpMy9uvQob86zQRlgptT1K8ZjVP7zySVcbxSVVOIJRqxXmldVio5YYfddJSlKqVY4N7J5WyKhsCuWmjY+jPnyxB9pFpkk+2Tql+sF4B5LLHMtZCmai1QThOOspO68wQivX09OyQKagocl0TPmy6YC3ttu14OFKQSYUpBovGEUvIjvurVIbveWdCx2qmOaUTEwAVPL3LUPAAikaYEBkOUW3VpB+LofB3DwCsMFazURL1uwJZYWwhrWW8JWtWP4kRKrhUk1VWmANqyEov8irdhmqNfQ8mSLoVh2vXuWbNjEsp0jk4Hv1ypZMeaiKeopNUqnukKz2heoCrNZbXFHX2t1sOwfv7T6zdKA0yqHKI5fJn//gcs6L75DrTwEB3wtxVbFuqOiH7Cr28KrCtL0xlFP7mFvt55dSd38ccKpUkw1Ng+U+QdiEcxn4gqkQrZeJy552gGnBgtMI1jZYzRvii440Velvr+FE38ieJpRtHpGnMxTbFYn5WXwrAGnZMw0u3Zeh7tY1meCVm7pbag6eKAffWVUoi8GTCWGQ4H1x1boE4q7nZJ6dksF+c+brnYW1/rDL3nfGJt7Fw/o94mDyp+90+Uwrc9IXa1kDfA7ly/bPhlMcW0lqJ08pPffTOIn6Qy5D1zpHfsOhY2HeKHxNN1lfa2274unj6KrOrpo0jKp48irp8+wgMkx7xFPehAGmLfPWWEujjArH93Xfrr4em3KRJZXwGWt+Bs3HblW+dS2nYJdjgtJImLZYFXYmXLjmy+/G3KJukqMeKRQOr42C4qo99AWihKSkn7wlMmrvxTnmKMCRwwZHdwwJbBAHRcUlvyMkg3SimpOscpSNcyE8rrM6a0xuKy3UYMtU+e8KPV+ZeDErf8hv4z1h8POUBWnsNditp2+sTNTpipfefMRkeCEFUUXbFzm/gHnLWWDKlRWeURcHx09K+WdmAaL2Ng9q4klROyp0mK7G8bmtTTk5HViMkbYSGyy1dYyEx3b/GFrVOkwDpcDM2NMyyipUnlO2v56O4V6jud56eHGIjFOIsye14CP3d4/+j+N0ffH383FiuTZMoZp9n4EQgMY83fTBaza63wx7kIZ7vE+t3QY84TE3PCZa191bnxKMZkh3AQ623P+pWN97zI18tSLKuJTgJkJ+ZjWwrt3IziYlrWCAjXYCDulUou0Ebfn4//SKN26pvduiAP0tZYaOMbHcvZokdUl3m3moT3u6lvi06031xNgladd/RJ8poxvJ0YqmVEEzbitfPgbkTB1pec16WVbICzU6ayVJY1ZtNSH5YdvOY9S7/pCgn+M3KUtsIOw3S4GpCRm5R7xitOyqr++dPyTf4Y+tasa5OLNQVmRpzwnv56yeXSW6fkX0LQaFa1SVtpsBCtUFCOiX3p8+GpAIpfBgRB/c4rIbXb1AD0V7Y2VthjyW72bAoIXpM6FttmKtmBOtltdK/YfPWv2LzMsT16WGxD9k6rX9F74rpUs9jesLfvlSTbJhWirNX1oW2Rv//b7363Lfh8NAGmDaos2ei5Ti4nOvOopVqwXeEFVy9jTp19GpeUsb4PtD+QUgt1kVOO2GodKNWUeH4VHd9nLRRNq6E8evv5/aRlOdDD96PaXDFDwpooW0+a7UjVfWdSKJ5GLSQv0WvxOVftqhXTgMPDJPIPo6NezOlLcu82CGAbgi6F0kbLlUG+zucgisKy0ItcfPgxGbw5fqtB1gQ31rws8tl6Kv7y2ppQv4HxxLLBEFXrXJJYaT1BSpFgitIwUEQn3ZU58UNlpqAAjJoWdaiBAtsb1Y91I8SW3ref0jQMHZIx32nswGaRqGMQmdzI6OMxZLyFxJnnveXx88vo4fuvrX++P/iDy83Hiyi67QHYNrYJOAHeYy/A5i4xhJriPRzOVQcJXqG5uN+RuWwLSpcJA1s1i/o12SoGOLLdQc80r7CBvkq1XhYIflXYnM7nTHA7HzvyBzsMGdh6PeF6veCG18x1e785pjvM2a1H24+tchIq7zfleDYAKBm+Q2VIABkow3PHVUm9o+u6n/g1y+5rEWoHALH+SROO6+V4lY+ppkWPQsSlAe6EpuneTyWiBPebgmrngWt90PiRGWKrdgkmrUJZzPplfarVomrHKPzKbB+ZAF6LBYASHmkOvOEeiGyZ2k31KioVG5vHHdRf5V5rL8tlH/3916/G4/FXVjIoVChT6BGVg1bZGz4df0VpYaJHlMVKqSIecyw6mmTsQh2NAhXAYSLVoegP7C7NEJ7jaTxGuf8hqvDTcXlVAp075L/RDS47H+OH3IO2sI5BnJkgGTpdp1gLlqanJv/paHL83QT5KrvIgWi6J0C+eDnKbfWhHdf2lSRyUXhNodfFep6AVFTr4CuVI59yVFjuvLpodPSX5PQizz/Sr5f8t9p+NlQ9oqTiBiXE888+4jwdAoh0MZa3ai9xbhUbjNYLS0KEQ56qwmwz8VcJhlXK9mt8HUefjq0/UZuM/yZ98sMGQAV0CtxSgUH9e1yDsqQY0iQa4fxqLSpUvFX+3Pr4WSpFIJfzdRHPW/aJtwDwZj2Pi+bzr/AY5niedeoYVHZ/spY+rhS/oCjIRxgZnumlVIgtzU3XNBB4/TcwCvY5pfEntZd4a/9Y/bHB9LQOlxezxD2W/QYP9KP1S98ob6SCHcv7AM6ppPpLTda31q2rTEdrH9Sn2C2QncWyMrETzXPxtPS9wY8N5kVU33KhCwHBPmYgEP784HXl5w4/aDVPdRvyR/XwSPNaRdRsV6x2JdBzy/845RanfcFBdMbmmSnFr9YeGf/crmRfHG9XWjno8LxDD9P8PKOK0ty3TrlGJSNWHOuLLrwkOlMoXq1nFISLhAL4MdBZ98cye30e15wHSF+tLZd3Q15o5jJzbw/lKiM1qDgQsDpB74LSv7x68vqNXahI5wi11H1d+4PQBPCo3KI6Kj3JZss8zUQRSHcEshKLdMWB9Em5aksw+ohuW/IIYxNp/YWnDnfSW8qz1rFb7cW+umIgGmVqqvoJeFw5YvRDxT6lTrtvlAMR1x7DK+dr0SVWSs6dNaN0Qy/zGSu4JI3MUPuoukK2sePp+juVkKHKNdalUnjEfofsWxHtEfj2UD+x9/pjutzr+ky9yDGKWtNNwKhmHmtQ4ZhKVZvw2k64cXt6ZpZnCk+q8clWidcg6lN41PqGKNdKvX1dGSe1xZs7JHXhhGtt6xRE1Dnhm+SNkjWrxRArxbKVfV/XW0ypcOR1SSYllrE6XKL9U6QseOGSDYu6PZhU4jkcqR8w2w7Q91U6J38BM38ZGgsGGW+JQ+2NogkYrfM0OcsLKSrcrbvRACQfFhqgE38Iu3aBPiV0hBCXCpfMK7WO6qrKSP13PMOpOkTSTnUW7dQ2x5rxsBLd5Ub1LmgLisLuSD4R7sc+JIyD5kWsmynvdfXKneDpIid2cWhPXefVcchlaWy6LbFS6pHe425bPtX6TbXhgqzyem2Ew+P7x9/89pvfPfjum9/hRPS/fhvtU5qHMv2UdITDb6uU6NZljuviRb3LVtWh8mXaxE3K1PBW6KSO2XPjOtd23iyjC528due3p5Y7oL2HrXy4OsLoDgAbrCcgHnBajmvbFXsgbWFbrOerFJOHaPfLkRjUSkqXh8jw46t2HPqLypEsiR10Dnzlxmp3hPY09Tul6mEi/Fr/hl4tLx63j6TXaTIAzdnsRoiKoBCi3gQFkPA5xrrTFXGZtqaxgEkCKaIONSWuTbB173SFZ36rrOWvsbenMsdOVW19tUhOyLV2Ly/3ot//Ptqbp9n68x7ZRFRv5jVXr3sl1snmTpZk5kSc32tPpjJ2eDpLI0/rJ5+Ru69oSlr6+phcNXUkhyppKcGqe+aqHNxDgHYKLP82033WU+kzysuHEUG4/ZUaTuwMNrQ1PiB46rDFMSF3LG4cmX1vvOUXMFsnSLo8t5ziThLZfgf4ks3mp8B2WcVYWy3Hff5fnpvp679QJ2gkNdf8+hkmpRALfc4lgEZCGBxJzznUQR18r+hErq9Ovqlc9Lk2JZVLq/x3zhC/ikRedxEpMv9TlpPGWpBDtkidI1fT07NKSEQ8L3N982WVEA5OY3N5ket7qjsaTE9Ep3wxURVUlETcxzX11FcJhUzUaL7n3PWlbUGkcj+3Dt3Z+wZT8nF29KZKUQ3r6x8KbktewSpCua4gxdYtTFyK/YubB1CtN8vS0IxDJ/UjYc1JdF+GoYlXhndigjviMi6SsivTxJpe7hm6SEjnyDnnsOx21qVErDb/wqR4vfS8UoMXlaSxo5LwBy1nem0zN8Or7rQ4or4Mhy3Lq6aX3jvLSZF2917Je4XYf5EuOR0VBSGfeW0YNxa4TH1bxPen2QjTPeF/mL8hJHicJyX8Sr/sFHq9TIK04bATOZKL25P3hVW1XGCkEmdpOMPbT9GCIyDwGKbiG4eDUOLd04SiV9gtrW0UgS38wwbtVgPKYHTX8hO2T3DGO1GqxMoE6qyIptoiKc4TNFBOL/p33YMQygr80cMvf5RqXe4vvRXg/NJnCXvc84baZedrnjXt/Ba/4bL9JJCKwdWPynvu7yAPeDNXvgKxHBkc57/jTUen4VdA07TANMNK/Lef6Qppupue4ai8O+IEdCCxjegQP+dbmEImqzwIJrDE1B54O+lwwT34197IGU+CzSYMe0+zvZHKbFw96PqiJyXdHj3b25Rt8cBAj1eGF5PoE4z9E4tsKtfo4Oy7JK/Y3LlbRmmT674wUaVlCb0SS3NOHVp+bFWJr/2dIKF0TT5IKEFCCRKKakFCCRKKx8tBQgkSSpBQvnwJxdmlM9ZnkWbysGn9cR2TQYdjmc82chrA75rWMPbS2c5ZgHoe6ihAA4sVWlvGWzkCNcK1eAjANPy8A7QTv59/QMWRrOkbYFa8qTNAYz5+7gCWUxBb8WFbxIyfn6N4t9fclB7ngO4ugeVeYPzwutxT1G1vkWcpzBZHcnVq+Y20vXYN3gAw6+4J7czeLVDeZk291yGs5GFkYN/+YgN/thy0mldNxxZIvI7e9EYHm1n5Aee6LfyaprXO9tas+94Q92U6miSpXxNGsBlo3XeTZ243ry/T3q+1C8SldroG6z5No001ZRNQW03WQrg9Z9ylIVNXafuA/ugT9GRBTxb0ZEFPVmlBTxb0ZK4VBD1Z0JMFPZlp/zx6slux5Fvyy5214uMc3XJIu+T2RQgkrVN3SiaD7fb98maQSLomHySSIJEEiUS1IJEEicTj5SCRBIkkSCRfvkRypy33XWWIZ41sFa3LaH4+1tl4rJ8wh85XnR0NTY0Ysg86sg9eJPF8dTG9SKYfQ/7Ba80/+B8E6UcIaXrYyEBovdCVg9DeLd6Ii7xYvTBzguN0MTV/daQqtLr5aufJCp/HnzELfqXsFw9oldWLUY+h8x7V0wsClftJffOVjSPPmw/60gy+aFYHM6UJxKTfOhFOaKoS0dcC7nk6T9ofNnOw1Ob0SCoR6FKPdfh0Tkem/h8tsHnU9qg5lZlVFEzTS5UFMZ4vL+IHjDQbpEGscChNrO7IitiC25wY0eqsUcqM0pkr1ySrYJmkhdc5n0AExGJllqwX0iyGNIshzeIXlmbxtdQM0edGJQVnqhER2YiW+TydVvnbbrWbXNZ47fV4olpv6jTn+LfQGZX3zsYbDjRrreTYolpz1upwiIr2PdlcQ5xd/XjWlunLnSNs7BZO+0XSkwzEu3VBqQMLVQxNyvegVCZ3P6WsXMEVDERrz77Y98xN7fYA2lOazT2S5/DcSBdNEFdkHFj6OC/GvELrGjQNC12/xtyC6yUmFM7Xq028lU32FuThUSObSYJ7lfYYPU6xplFMI+oLzcpzL9VIW3o/oyrJXOHGXIRcTL5FrnXWS9a79EYKSm6y3JZumPoWCdDHBBM8kxLWRgpVwLKlO5FfyLwTY7mSsyKG6a+JPqmn7R7D1WqnQPiWc9h4wL18yXzsiMsDnAHcsNC05ett8ytGHmsZgyuv4vKy5FKde03+dWFOvXbeKUAB8vg7q0BBKIkiaqu8ZbzYmg4r9+fpp4RKYiGuYB9WBs7BRTE7+J/W3ccMn8LjqKnLMjs03z3qLtopYnT7x+7Ugj0940kUEt4bRyDjT5MKk0XlvpJ4Jj/i3VYk8mzER9OpkzPMGGqZYIhPZB74369/fHH4p1wwDov1lVy1lLRNI7j3pxdo/ZSqra+pOOUiztIz4AIm0hvA8+399136KKy7JpV5qOwaKcsVj6JOV8qBCZHukegLTXSZz2SBl7SEVfwROpAlAE80Tz921hLaI6HMTPPvePv9uhftwxkC8O3hP/d4GpobtS9IMx22SRXp+XnSnfWWuCfkOw6oKhHasa0uMrmFpYoYHKv69ACKMLcqDDqGAlYm+RzdZ90ndApQOhDzABfpJvKBSktJKapqQ5c51mxM5vMx8/1Agsl40jGO2iI2LyzhXnHy/gIH96FpMsOq+Z0XYo69Tu+tMZaekMhaWTh/SLywcHUDSLQUY4f1YcHO8hDE0gL1ToeXefERdX2IjGPe9fKQlEmHv6H/bLpw1oltuXrO6HlrICA3icNNIKCENv+7qxMOSsSo91lL/1yhtot4xuQYeO1bOjsIZ9L8TK/GKvUn8BhjYiHhssum7XaxHsCu062Iy09PH9/miYLZb3CgnJaXIWacbpeyCvSeVX1YAM/IYmbEHzaXiYgrPH7LspLPSTFNy5YL1c3z+TkXbexWVHUd6tj9oZY5/1LZDnPprbgPDXcc8nEZ6nEW2sBNSDkBOXpt12JYT72qI3s4BQ2qiXxdjkC7dwHygk+/288Q6Fy7q88NOvncjHuPp2OPh0uPp7PHNXqy9Ncw7Xba6XXX6fWBGF45tGdJvW45QxxyenfH75jdmPvNjTne3KzLjROLdsaZaVP0I12AfhNNZ0s3dnV1xQ+t7JLVUlVmlnB1mzaoq0Llog2uFTxVY06Ya7I65mrmi1NSRKC6p6XveQ4EL55HP74CgWWSTERqaZkmyjUqAYaahxm80bVf7HvHufmpAcjq9U21fqp14g3jxPka4mjFGvrWAYyaiKIPlOIdYPgXFZ+AMsPMGuQixsTiSaaO5HkK8lZ751ycHA3ZqI5N4pJZKZmQNsG6t7Nd9e2kWu4i6h6l33uJ3qrL6uH7vaM2+fbzc91njirZYweqdJajdvvjbeBy1+VDZ5kZa09aPfjHbVSo8kaXqbUFeaoePGiSK5Ip+8hoJxXBdiAYLaYSpTSp9OowvvqSX4suKQ8L8YFRnmSsaK9VDLWmtinFMhRJDUz6WhzVeG9Uip61wkA1vk2JJ+EZb3Lum5XmtxWFnxHNwlKslVsgWulRVMYf9KwRFCCGg3L99EStmawkl4rarjOgf/Mr5MTNaNOLODsHzoAlhHilwrE+ZvllJqFk61K5a9B0scPOwfEt3BFmdqR3YsumqEWKT+vVGE1TJbbQ+WKMI21KARfAfKFX6ta6iov1Is6oejzOW/WLtgvyh8AScwlwHsB3xqd46xCI9PZ5xRWiE4uWnzZdMNYD7FLB+q+X+UbsSTuIaTwBSX5O+KpXRwWbutxhqp2WSr+LiIELnl7kyBQrpgsGQ5Rb1UzH+sKOo/N1DAOvEvhHq4W1A7Diz7MdcMvkU1Kkq05lj3+UKvej7OdE1ZLPWLU9XcEVFIPEYPvZvOKtmOao6C7ZtrcuudiW5VGJ9vmF+B7Mu8VXOvwUvMobqyh5ulrziKRRm67wnObFDKWkTpDxrr5W62F4P//p9RtV94/kEaI7r4ls/f6HeN6NJP074OS5qkVh9U1ZQd+R8k58UyBbSNMZAQtMVG7jebk4LV+sIL4aJmYosn2uIo68PcvziZigJyBtHHqcu+coYUx0rxMaR0uP4ueCRgrc8SIvS32HlmSRjk4+AWFDsjeKTtd4jKYxYB98e5oCESiuLP6gcxJSbRW+O1vPo/0ySaIJMuTap1Z3ccBCT3yazhGl4JqbJVikFQ4HXUnpYpkXgL2dyr1rY1s3YE27tS5VJ+IeBmyVr4BjMc7cDVfuab7OJAibaKc8aJmu7avXeOwubQl8NjqVP4yOOtbZ7s1W994euNa+NcqKWpZ6g2tU/Pmfkkw4zJ5VNj8wVgFyIT43D9S7LUuU/GvGKal5KKz1fvfNoEVZzlHlCfsLbumRprrRHpx6l1t8FXWAQseOi78pFyFuVVAad0aO0YimaTFdp8SuKW89ydR3M2iyiovzZNV7AvgtnPNlWbmjlU5LnwnLYa3nrCPILyV/gr8w5mGqbRK3VorYGUF2hjcw/6JCyKyf7Bgy6Ut4AIwoGxwXI5Ki9FQPeWkK/xLVUfmqL9gFJULjXAoCE4jH5Kco3FxHKFJlOjrrpfoQO4WFL5aViZ3oypo8qZly4gzhQP9Y4UBMuEM4UM/6sIVwoBAOFMKBQjhQCAeyWggHUu1OhQNxHjRT7CAV7zbcF7i84vV8xcMdHyFCrleddQ2u8jWMWF6QviQtSUnNxA/4R6AdI9LGab8BrW1kd/qjEKkUIpUa4AyRSiFSKUQqWS1EKoVIpRCpFCKVsIVIJbuFSKVaC5FKIVIpRCqpFiKVQqRSbU0hUqlzviFSKUQqhUilEKkUIpXqLUQqhUilDfr/oiOVLPLxCkMoNiFAA8x/Vbe8NqtfxcZX2ia+lpHTUimVSbjHBWC/ez9V1oQXQPwRhkGPkmRG+hKU3CvORW2Y/+R8Eu29fTD+9v0ebAlxcoskVsTTXqr295Olasf0NqTYjw9wvkVCtFIf1gdtblP7QGAO2vo4rfVBVtVvW7poyuHxCh1GHkb/9e7t26Px9+//bcz/eff+XzrwpgX3Q4hbCHELIW4hxC2EuLXPKoS4tbQQ4tYG5xDiFkLcQohbCHELIW4hxC2EuIUQt3/2ELe7GMB1x2LcbjOe7A4GJKpoNlXcbbNgtm3i16zzW5GqQuxZiD0LsWch9izEnv0jx561vN6IX9baOBOPTYoi+OU8lzCRamSzDmk218UkeknRzRHK/9apu1ifkjbDcj6AM1YeWuVKD9OyBDpweHz02/v36Spb4AEWresdiZ9r9sIbSPeOijFbCC9GGnRcSCeLYbdVrvWgQKLlE4uLQwSBN4AFKpeoS4EdecGW8uwezKIs8ynF2bV1fVHk63O0/n9A0jF5KeFgTx9/4G3viAuz+aZkpQM/KrFisYQEkvGfo7xQgmlXvghxuFfWA9RQ735lG0YUfxXtk+vFjFWMsVJUtZkcx2hMQikZcDDOEhoEeovndJ9v27dsyHVN3XSvLgrDpOoe288xBUqWIU4yxEmGOEmrhTjJECdpWoiTFDiEOEk/SIQ4yRAnGeIkQ5xkiJOsPwlxkq0txEmGOMkQJxniJJ2jhDhJ9SzESYY4yRAn2dNNiJMcDsYQJxniJDfq/87ESYZYyH/aWMiWr794Q/2diucM0ZohWjNEa4ZozY4WojVvJlozRGpSC5GaIVIzRGp2SFzNi32wYBYCOkNAZwjodK0qBHSGgE5sHJt2v2ed8lZ0XuTrJe02rYd4DdG06F2aoZctKQdmpCttUwllLbLpvVLxC6SJxf5/Pv4jDSvuoUPdUF2CdWOJnVyBJXVb2mR2mdQCcMkScOuqNHfXJeli+zPyPjXlNPMGr8w5kzM5il7i7b+1U4OR6rW5QUlPKG4gkxajpKDMD92chb1CHeaHssUrYWO28UrwF/QbK+yxYzd7NqT9mlQB2DZTBwzUB2wj92Pzlf2xedmke3QA2IbsnRb90RJzXWoBbKxSZtkVZUQUX2Wtrg/hTlN2iQf3f/vd77YFnw/fYtogX5cmg1MjdCYO2uJ1tK+PwdXLuCSJ8xSEoVm0XvaB9gcSqFAOnrLnY+tAqR1mf3yfJSCaVkNwefv5/aSdX/t+VJtrSsEOSKxm7REjptF9hOFXSArFJb2F5CV6LT7nqp3JM83Bt5jmjmFUza2MwjYEXQqlCdEWaiDi50W8gGWl0yidoT8pEJ3CPn6rQZosN9a8LPLZekqqlzOjyapfnXhiWVmtxRotcWczshHBxEqZjlJSuX2FJKiL2N+K60KymXIM2xsddGVuhNjSOfRTmo1SomGzSNTx0f0eZOwzsmIzFp+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/8oWkGMs2LKLp1Udg21kc5Ad6jq8KWgMTkmtg42sPh9tyv0Fzc78hctgWlS32GrSr3XJOerHptHn/nhWv7bxmjANnG8tfX6qeDP+y/mzifH3x9CC9ZePr+7dgg6eT91wd/sJ4dbImy/b5zXtovflXYnM7nTHA7H3cq0PhxhxINW6+THuyiZHxukchND0O8+NAX62Ny1XHYHdPtcgiEDjvk5JaFDct8pMPQdeIj84s779F4PP7Kip5Ew33yeZVk5Hmnwjw+HX9F8VrRozUMsFAy1mO87QhrvrKTTlAqjdgSg+HqRHBmMLECu0szXMB4Go9RoHkYTTEwpLwqYQMP+W80LmfnY/yQe9BKrDHwaROE7+k6xcqyND01+U9Hk+PvJnhhzC33SjHcT2BfeDkq+FanmEBng69U8hzRmSzzfF5O6t9+pRJmcGIYE7UjXrlXD6O/JKcXec7KxUv+W8Gd85GAFHyWnhu0ElO6jWc8E4KFdDGWt2ovcfyUDUHrhSXlFDqUHDZqDnrirxKMRJGd17gxjj4dW3+qREKkiHnYgKVATUEaQZAXWrge1wAsYX9Ka/ESQEy/4iH5c/3JM/iRni7n6yKeVzeGYY6KuxdmeCBQfMJQOF3P46LyzVeYCynHA6RjxlBV9Mla/8AUYNZkyU8beE9RRQsAm0mn1Gtf2fv8qvpjX8ore1hhMFSI7htyziQO+PBlQrkbDikHAy4R//FqndF/f6ACyhpXktW0c8rLi7isJjF7af3SN9k/a1KoY65NBgmleANmso4SzaxhKiad/yWdVeb1c+W3xsxmln+TJo8qYVY8h3U+YOzZIGNWRYSxN8iZN4tQmTl26/OGHxYxP1ada+VtJUykdroqEvK0sjyjQtKtkHQrJN36wpJuWeQDo3orp01yMBgtkPVyFUL/0Bm4zuD6go17nC9QI9SziurLWuEu9jJ5Gs3kccdtZDdLb7JawZuUl2iAp+OGljMA1itMAfQaXSNmG0V+PGcdn2VcLbkzupk4TpwywsyvJEPMTFtWla5RkemW7k8lSVGbvG2nDzqK9uu96vvN1mspHxRkbcqcWAeAakvndN3AwE2naLet1qXOXOrcVciJbgLtag+ktSOlrSgsxdfr6ePSzqxnwGxnEMLvTM6g5lC2Qg7DCTkU2/6KxiF1OWUDMfExEnxey/hFYaZqTsin3CubU7x+nFf88ibgN9lzFdVUtvFJNZlVJ0DpOqWbLSkkkxXeo2tMbAWC0SWCUrvw/S0pclLY4p2mA3ecThcDMVLLmBsAg3KsATDzqwVbEbgrXBX6dcF/JNIUFsSrbMHIjlw0lEEqa0MHt7UVJXoY6Ce6/LexmL/ijoSNQBICAjYmqokXsNcvmatht8S0K8mNkPzHGkavBURvkPv+vRqDJ9uuUOy3LS/iz6/Xhcsm2ZE9UrW+LJL193p0sP5mmDdWusEWByxONMD+fsirz9ZzJOCnIKo4DfmRPpvNTl1a25+JuZUBMSb8tARBfaXdhvaTzw+jbykFE5zgpMBwipjigDymYuJssJfjo389cE2FKAXORHjZI7QrUhCRub/gjZacdqad1KZPPc6n6zndwMRnW4uA+6DI10yn10tXv71kTrUnrDZ/qCz5TPwoR18ePTj6V4mnhIMu5+R1Yu13PO9Mh4VtvbR9lI2zQFE9tiWmuywl35g29pLPn6Nzgzf5nMOTcJZ6C2c57UvyeYrGsWNYinUhOLo1V8WPFBk2t9CCcmhRjOVHycDXBIyjaw0yBIw4t41Ahio5wp9X3uXpWLACx9E9fI3OvyvJRq7kPgEyXmkSF1YDhse5G5gJ1cDSPgz/0LRvbR36BvCvh6ANQGY/grY5MZr1mCi7SCXdib1EsiJBbE/M8EhvQMxwjdjPb9sPjw+lc/TONFCIToWQxSoD7GirmWt6c5YbD1r8lKfXQuYNaXL0XSXXbafEEuZW7M+ZduWNk+l20C6Oi+0A/45pV4/dsduE7UdclFXbMOYTVXtizjIf8azleonhD6T2EbY97YLcXoVP3euCh5wlBKkHY7tp3rGVXzpenW2Wfz2tOi/X3H1FLTFU1mhX0LVOpzvHHsZPxcVMFmulUL6l7Hlq+A2lkYahtvWlAclosO347rXmKOmf1plOozyjnDCs6MbEMiXVw1GJNSwlN7I85FDpIr3oR3gVofWbbAorMs5gtnXslTjLIoFlwe5YYVAaA5BLuFIJ8R3D/HWdFFdMB6FHo0ok3TuFetOtQc7s5Jkr+hnXhVdDs/YchBg8OD5fpzNAJQPUzl57XS4iFYeStGuSVfPfa7s/2WyV8RrBc5Z+HqGyQivECF5wlcEeqU9h2+FE/bWTFcVGKuwfXzz7P9HTH6gfGo+VZxeSXYK4e6WAc4H+6VktaBUnODKqckCZdZGZzPViHVHUDDaZ80u671aT6iVaxiV64jMvpRLJQGfxvMxZfyqZdOQUMDjgDjkD+LmZs8SoHLljhAYBGgemZNHirQvSPSkTq9BzubCRCyT7NMPpzTiZhOzjnEwAyqrAM9WOS5xY8mNi/B9dkiYvVtSbjB+tKdY7t8/KuCOxsgq1Zgx/Uo+VI2sAgr9jjBc/vhE0gO345uh7EFAkkfcoSgUVklRCnOi1+0fH0SNRvwPD/+3REe/mK5d/FTY21KmCEZY7rMYDWsOUiI4w4WfIvavkHSQ1YmzVaoVorOOFCWtdxJPpGBLIq2hfnVpM83K2Et9V6lqmZLKFvMIvxif01gWAJCkOnBt2wjFZSpkXKVrRo3Q17ZqvZDg9i2XOiWudskxrrhUmP8CkZ1Mdld2dbSWumP27F+1xJc8d6eiw3TIX8Jyz0YllG73yrASkVQG8ZJKRF+cxmvrpPeWX9DcX7dgn7yC+lSmhy4G+emH8KzGpqFwvZLMR64SOaGIXNZdQw72TJ9dOb/S5K+ee12XenYYcm/9WEYFRKS2F6Og8/tplbRI9LQ2JJ46Hq5DA9mo3CaA/89UFFpRxUZ6cblkVvI53DMWGYiEBvmvJtkFOCDY9Nz4p8RJZ5QJldpqga/uAHFDUAdK2iSY+8PEiLlKkSBkcfbxA0Z6q66oYoiD4SAYKSebmVEgrB0sXrvS6UdhtKGKZ6IpSMr1/QVStJ8M8tmGIzZnmbYcM/kUQPAGJte0ATKITFcdleukU4bFV82PiQHszFtn3TBccmGQeiGcDUMI8o2yJVRcsF1q8yFkpo4zBrG0yHBjpl4A8ztgwbFYxNnyZ9vziXT/rTLmKbUUpPdVwih2WCBIX/gpg4+jxi9e/PDv545Nnt3Y2TPb/L+lQ5JdA/16pOgCOW9z/aDwTXxq1nbNkyVRQReeL2x+y2yfPnun3hAckVxw0qjiNJgn6HWIhJFUKRjyOFO6cg1COCukpXsIYfTXR3L0qn4PXA3qhc1Em68p2SS4U78rldoorXWuF5kxDi+dbzr9bfZqwcqv0EW++6KJR79gjkhV0ngWHKf0diYPo+klrkdhdneLhriBib2LpIRGAP1ZQ1kQCJhlVm8Mjiz4VKZe7AByh+mNydVH5LUB6twI70jh6ot5WaKNouWArCcOGAMbKMY9QHuslOekemf+UVzyTVJXeqRBBxupcauZ1d+YTzo6tr0CWaduVyjLNM204wGOeTz/SDj/G4z10ij2ogw3JAAXanbx4rKtP4YBawbGHeULOyY6lJrEHwM+opF/BMe+9w5huzYkVimVcZUF2GUv0JakV14CicyIdvf1XarfIkezbBVQJJF6VSSqCrdDSsdBSAMfhbwyIxjOBUe/gyAVfAC9OfHeVPlPIHhyCmO9/FQcgRciABiV4qqfCZpnBIzV4/9Jtg+GZKwWZaW9UcU0dn4uqkxIrdyXJrERmCzd0Dy2gi7S0DwZtvTuKExula7hMgfn55v79aP+nDI4wVlwjlfATwIbV1YHl7M/aQ7/DdprnQJXdu2LuikGnTB+hWhUhuvy0W766kXqB4EpKtOnKuiuKdazJg3IMqTJm2i3XGzPNmwa7hX9uQ2E3pC6Zabuvp+QoUGaaN6Q6K0uZNhRQA6pNmXYNcOosO2WaJ5j6go6xjS2exPkaIrrzhR6dzRj3rFdV6dSNYRtSp6HeeXfYcc/gzUgR1YZVhavUaVU+E6cJyFxpXtTqt96SLRuXSqXfHFHi/dwuXBQrdJJY7kKs1Z211gEGtpWySaMtWkIn4GG8LMlRynWSVBazXCsC2bolPjf/7//9/5Rm7CW5YieYTiktF92EwU8S4AFBlHITsWEkTHfaCicDRRWKMC7rxQr7yA4q+C9yBFpFdapTwUviYos/1obj1mrEdmNtMaXWPTRlstDuT7O8iv6oFjB5jNWykXJ21euwp5wQy8hp2nz5HV9xbohAtzuRbsA12VsVuXN+HhfmzVRLttvtVU62221WUbbbDVdUthtFm95MdWW73VSlZbttVHW5Aiv/w+ojO21yTjeTn+6QBDUIij5S1CZQ3EySuulqz3YbCLQeG51qm0FuUHVou91opWi7DYCeVwVpuw2H4XVVlrbbHa0ybbcBm+KhI9hkIzbSE9xwhWq7eUPMUwLfVAaPom7Hb/3GoN3A/owVCjfECDn4zHB+03m+no3RiUMnhOWBeqr2EoubpfORLRgaLztMVaDsUZLnR2V77unWNgK+hq3F45tHKNi8TqZFQumU3FPz3NZZpctdQ9/03JaYoqSnzF2SmaVtk2QjrmsfXH3650d0nwpnJg8Nru0yejht8pTrw1lO2yuRpwc8Kkk8dqHcqXSoYFFNBmJrxerxJ7DrTlcSk4Qh5srl3NsP1VwkVtCC+CzLBvUy+R4gA5pfxDpWwqnz8Qdbo1Ol8xFfoZryZ0oJA330PDk5wrNnRlYbxpn6gpuf5sRXa7IbjYknpfTUlAwjkjepIbl97chd0IzcklbkFjQiN60N2UoT4nkI+zUgw87fJpqPO6L18IRYv7ZjGMQ20XLcjoZjAIA8NBvDobSRRuNWtBne9uIBWoxh8Lpu7cUd11x4bkCvxmIY0DfQVNyKlmJXcthmmgnMvva4gFv3jbta/aAghVqfSrDhtAzxApMT09ZwpSFTUEX5J5OYU6IvK/I/M+yKr10q3OgYmROMcVYBZpown8dI1b0wg1HSOYnWov4lVhVnqxPXzNNFKhHKzrCFH988eRi9aFm0Dqxl18sPuD3T1ZxHjMZUYAhe/bCNgGXy++1i60xvatMaiQJrnhqDMgSq5pUp0JEosJkn0K6/5zlyagV/wdwv0nOMfp0jWaQEkOuFVFux8odPVF4XSlg3xbIPyGaKvIyRWZQBxeV8TW6mVpe4TA2z6BG6GI7Xy2ien2NdGV666RhDq4H5TEorM0VOoGEPU+L4nI4BJhnKykCbbyETknueoNByjtSdkmCWdg5tGm0S/aVlIe1ZILhRzBusCaY3zs/GqyKxthuddM0qR7WAaHufLFhQYIBL0kZ3VsX3x2YwJNoKjeslC9H3ntxj9RMGLswCsyakFT/q35UozXMEtmseHMGckdyH25eWXItphiEU1rZRfmgNdbNTWBe5wCNXfJSwPnYB9sR0pTaS7BKEUVMsuoxOJhILiOjePAd49lGfwfV4bdCrdChO1Rx7V5/FU65o2cQXhRP9RMODFH7q49z86eCnliTjymWtmU3en+DgRbSSgBYrQF0llGi6KTluHo9y7C4PyLEZreO5pafteKOhiGt9z6MCccvD9tl3z2qsU/hUfu5Kf91SQ6kzATbXN7BxQZVb2yoHts5G9covwSxyNyaplcllpcs+7FNuLqalkqOqZUNqKZwPTDGwzjVg2zxlrMYzGrZnkdWXFRdSKTjXPCXN2bpc9l0VUquGClMEVYqqEaOqiuBxCH11bk4QdsajdRQoVRgXqxrLJmJcW0lQMezUbLM7IfshdpqF+jTX/tVIfWnss+uqNbpZndFhZUa7afLFxuVHfUuP9pL9npKjvht0cm31RWuF+/qK9nncc65Kj77rZe9d32KNldJvrqUmplgjIgYueHqRY9y5qqkIgyHKVTnejSorblARsRe4JfCBRbpqIdvDwKv6UTSbqJrOWz4F8JaVIIFXquAmqsE4NpX9o6nKtuKMUYS3kl12jk6HHzOIz6okPEUuWAUcA0+M5zQvUKicO7RuuKuv1XoY3s9/ev1GsdhkbiC6w5zD739wxf3174Cz3OPGpR77yjn2zstVO9EXK66rpOJzVOKYErkTGqdeuBRVl7jjRV6WVvYWEnVOFHfF+S1OkykWH7dy7hneoHMSJhvQ2Xoe7Zcg705Ig9Wo4HvArh3xaTpHlMIs/8icncHhoCspXWDuzbhbg9mzWS5JwFESsbO+oAdH3xZuJJ4Nz7suqH6sqfagM3mVWrNXSG1soDKweQsq35RN07m6wokDaguQpSq3lpxMVlo9oU9ARosCKQ+P3MVwugrFvOq4prxXLSRx00W3VKbC1lj0Kv8IpEviw9cpMS10JVYrHqNkvyySrrQuDnjUpcZ+oaDli1bJoPpeO5+7gcCAhxaE2z5xQb3WSMmR1PSVL1ijdNZeR2aFOTwpw9+mEsSPdDCH5KpoJSuUvyLjAuCI+pQN1BhUyGGo0/jdJ1H0e8Fs6//Se4H1+rz43mI34+dymx4ut+vbcuNeLTfqz3Jzniwb+rD0HiSX34rvGRrmq3LrXiq9MHF5pvjCZJg3yk37oXiBwOl7MgQOA/1NbtjTxENH4eVd4guR6/MoubO+JL0gdviP+IJ1kM/IDXuL9Ky/x0NkmG9ItwinDB9/0glMe5ji5ge6+CXXz7VTocq7LfMXs6Urht0yUHz3zSADBVWX3qi4In5o1aytKJf4ofEfEJtrh2r0yeR8osI3RpGUyB7ZxbRHERfMxkLZg+QtsgptZGNie5K2L7UaiqKTNhuTKttX0WRyd1ojTw4dmP2M8iqqmAZO/dfS5x7JfS3VRDa3THlWdtQAEMylylUgZHOJFG0LtOHGH+xyrlZVJ8+9bK/BWKuNYxeLahZbXMXFeaKz5BsXG6rG6SpZafy9GmV47O6RHUd9XLlCkVm7ebSnba14HWFdc8UIHx8d/atlD53GcFfDHSXlMFAVzqnt2+hK66rVtKTQGakAUZt+layscYwi2nzbOm2KAMMF0mx1aYfOKjKbIknrHdD4kbH1IWej41/gEkeFnP3T+lRrRBWakeuHwTmUeRQmkhQdTUgMUshvXiT9Yv1V1oHWXhZdd/T3X7+i7ExWxndSOD3K5+uFstuOa6RLis3xXVKmpPlQ2a+rFnoZ7b/LPJPp6BIq6gvsDWazUM4RxM9HJ+dKq8Rg1ZW0anOxxjLUY4qOj82h2yHB472q/tgg8o5hxRagxH/rIjmUa+bwJWrDkG3Ef8iVc8iXjN48uGw6p0w3XGW+L61f+ibb9KOBeZb5NKVrwGRjdO4bYZxy/OB/fark8+J5VXN8NWY2swJSdR0u/vLTcTyHdTJDgVVFFzqKN18m2cnLpz8/eF352UWF7Q0SKskfa5ujUJQlFf4ha5/1eSN7Ltk1TKJGnSFX7D2cAMikyrUupHb9XJdWzn2vIBBaHKZkI9BLhteocnNXU4I7dRBcTKS0lF/wT7p883MsraD61nof4SqJWqDLA+mX2nTfeC0UCamw0OtO98dWovo8rlks0rS2hZ43eLqmusW9PaRaIQOB1K5gnZveBWUmePXk9Ru7YJVJWm043K79QWgCeFTYrnaRBEojinBdwQXvlkW6KlVBhLbY3d6U6U8d5vdbUg517FZ70bcut7RGrr1OpzR4s9U9cRuPNGcs95Yx3CpSu41DaonddsZs9xvbJLi5ZxXVl7VgKo6/1UDssus2spvxO4pXqxhrULcubtcV6msufZvIBc/TrFZbtuTO6GZinRLmXb8EiUeJak3OmdffzmeT9NcmM1Rqqkb79V5N1LvlE2MKecKgObEO7dY0um5g4IMdimImSgKLDmykOKj0QLJGa7BF2S43DYm58Iq1KB3BFmUz2iKuyGH3yuYUrx/nPWX3VvC/0EjeqN3aX65cibgxm3g5DmEG2wjzX6flBaDq6hJBqb2b/pYUOVcFdxcI2xwjQ5HTUOS0tYUip/8IRU5DZbx/7sp4IUN3GjJ0hwzdPQPcpQzdVm64kKs75OoOubpDru6Qq7t/DSFXd7OFXN2VFnJ1N1rI1X1nvBRNC7m6v+xc3SFvdHsLeaPblhryRoe80SFvtN+cQt7oSrsLUnrIGx3yRpsW8kaHvNEhb3TIGx3yRoe80R1fhbzRIW90a28hb3TIGx3yRoe80SFvdMgbHfJGh7zRIW90yBsd8kaHvNEhb3TIG70JeEPe6I13IOSNDnmjQ97olh5C3uiQNzrkjW5OJOSNJjiGvNEhb/RmXi0hb3QFGiFv9HCYhLzRIW+01ULe6JA3OuSNDnmjQ97okDc65I0OeaND3uid540Wi6j0VM8t3HQb4LzA1a/6ch3XT482ROgsO1cNCtkxodY80Y+5G/ltWaQ52V4AwysTtDc/ZKwenLH6LmUYv0PZs1Wi7FNYIcdJbpIne5PU2KqjkMw6JLMOyaxDMutKC8msQzLrkMzaAnZIZh2SWbcCNCSzDsms/eCBLSSztltIZl1pIZl1SGYdklmHZNb1FpJZh2TWIZl17/xCMuvOdhfSZGELyaxDMuuQzLrZQjJr1UIy65DMOiSzdraQzLr2YkhmHZJZh2TWIZl1SGbtgEdIZt0z1u1L6ndBSg/JrEMya9NCMuuQzDoksw7JrEMy65DMuuMrSjyNiVHFK3+X+ayr3Won14v8MkKZrRadyMJNvELfphXn88F8rfQWZv/QqVuUBOwYHq79FUgEZyxGGpmZzlU1ISzGFkYnJrQBUOaIp4K+K1f6JWI4YAEpJs1yIVLF7+xIeV9uJUSFjONfeMZxXMnPGIcFhwLdiXe8jy1db7mdl3FK4QSUFxUefKIRXISME/TOEvaWnvjvsnStN1p62HCnQ/r3kP49pH8P6d9D+ncfUogRFQiv8k/ow7YLcljtUat8Ssu11c4RDTuZZrDCmWQdTvCq4ES5imfj1HUmL+VXfjtoO6ommCgCNspOAC1XX7Scx4Yks1IMHZol62mZLOIMc/cx7juGrk1TR26qZVCKOhl0xMhBBwKIRDxbmOmoE4fwAii8qsDTpcCV8WBtHMv3Mp/9RxLPVxdXI4omna3n9o/WLow4PYajc3XARb1JR0u7fVsuuSMGNV80ZSrEhIJJmLuYpuhEmZ+tLqGLw4u4mOEf6r4SWJX/7uIzCI6knWe8URkNVRJXzBOMNAMIBaYXEdf2DOiX2RwiD7MZ00wrkXZeg7cTKMxSVq9HK7SJlI64KziZNaE0xwnft0Dfz7I+zfjSrB0s6wzB4ouVCnu2EGCEadFlZ57HWXyOP2lMQPf5s/TziGEBu0OQ8znZ0Xl1Bpz2IcF0qzp7JqrRJO/niE+2gYK10/fKxrnxngbDQRFq9BGPp3LfYXz6+RyDVlGCM1Pbe1Q59AZLHkZ70b91Jyo1jXb7IpkvmXQt8Lgmku+bE9HamXnL6HR9eko5RYE/EXW7WXp+ibpuHXRxqN4QMnXQPZHOGCzV2qJNK6htElySlCA5hV3MSKRJWeXAKBobswXOxhEXIH0dXvVYbxypk1tX7eFaUencsoqgLQZzln/CuLh5TDmrzaL3VWb9AoNogPmE1eb57ICPIDHmhObYZ5rV9tx0M2/NVlpvT2t5qZEDSsrs3orTnY4AFfQZWKl0QCVwRc5E1aa9yFfAJPwRyHv9dlTjEQXT/wKqyYfsQTEjK8iVTf8rt25c1mlG33QW8Wdlp39w/F3fyz5GfW5L1CoVgBP/tf82Hv/taPz9+/23Y/nra/XTwR/2302czw++PoSX9t+ejP9Tfns71n//Mnn/9cEfrGcH/9JnNfNVTLtq0nAbV3HZdX/6aBJhI54SiYla4herPbWFdJpWUUkixpNeEiOLulfju5Zm3zyjRUd1nlDtqN5CtaPu/kO1o1DtKFQ70i1UOwrVjmotVDv60qsdhUpH1EKlo1DpKFQ66qh01LzYW18LBZGi4QWRWrp4jBn6cDqzump5pp9IvufoPBdTLuk/F/knigiQCPTPK8vRfBK9RGYfZ/X/tfety20jWZr/9RQIdUfY8hCk5KpyV2m2t0IlyVUK3xSS7JoZj8cNkRCFMUlwAFCyqqMj9jX29fZJNs85eQOQmQBI6ubO/FElE0AicfJ28ly+L9ZDxC4X5zhptIN0nozzgeZzGpxP0vMBZApQ9BMogmnOFonB8+3n32//tPMi5GZQDuUQJrNwn+1CoZw0/Sl54KYQXiVy+C1d/s/LBuUHQ7vB4KmwPBWWp8LyVFieCguLp8KC4qmw6sVTYSk5eCosvXgqrHrxVFieCstTYXkqLKNgPBUWL54Kq1QeBBWWNxxpZfkZwoNzG2aFCOEdZ+linvPA2VhivOq46xQqJ0wfiXFjYoLWVsMnuXDSyGjeDzu/4PusgURuS0mLSV/7xNozEqTHEVpiUTssa75lhVfVOnzoKpZyT81Z5SGiuEyz3uUeHFBcAwSKKzKkJkirqqiFjVR2fy2KI6cwjvLwkL5JF77TK/Dc6RETcB7FFUlzXEmY230O58t2x15wVDeV9mRYfuWf7+dn6YHFEwLldBiBAf39vCf+PMCYiZOYXLKolFCSMPx1DD40A0sBFGe8syU2RpotRQwCjEVwdUbcJunO6ChJWjJegSHxhK9INvG3CW1uHy5T+8KGuOZ6zUpjvqWAGijLBdV0jKpZJXoGStsIGiitgnMbImmgdOk7GUADvqjbCq6BckbKGEaAgDkZgkD4t7oe1OOzn//lxY+riq/NcVCVLpI0nBsrK60iJdSOkHpiNB+r15hTy3SuCEJwF/Mm0b7EsATS59BeYnxRIpdydgTYeU5xBNismvv/49dPffMx+Kdepa2Al7fAlW1UjXKtFlQwwKkES6FwM9WXPKWbtplX5rOzKlPiptoNthtHjn0LpuIO6YLSZbhkIp6IbxlRxVXLM7rjTJ9+Rad4MPeoOc7S0WLIs6dlPFh1C4cZy+NM46/Qc5LmEJV5nlqvnbRxnbTtz1QwZoEHmmE6fiUOpmuIGZQzUY/Oo6ZF7jSvNLVQNc4i6AxXg6ItUTvsZOEejG3yR1TuCE/t+KTlf3zu7X56pv3z09bPrqSPVouiO6ILytJRXU6BN0R8QYnZCcCdhbIJr9t034Jtcd/D27KqKF1BaFDKnFq3FG3WIa3pAeYptUoid+cntYwho1u5mmO9Tguu9bKDTcYRigalMS+qMSeqKR+qay6Uo7ndUp8aLLhQKgZL7f764b9u1rWJtPXBXzPtyuO9pdJqvvAtH/gX/JDbQXzVR+oSXMzDIg1BR2uyn9QsqK3Eqeq3VFuWdCBO8nclVutcM16o/Ui68C42kH4o0gyOYdovi3NpOBRdhjgcqv9AyxJd5CCZFxty9VYjDzzfu4O//2MjDMMNLUoJzKiIK5GjL5M7RK92NjD6IdhHiGJhWTggoDF254bOwlhjH2QKIywimNoP1SUzkFE4jEI4xu+CKTsJ85ucLVsD+huciLNxCA9SDdIjFrLTSR9WlfNFMhlRfSJfMrja7u+86IOapDPYcftun61G9DkiPm5XBy3ZECzpEi+m+tyG4D1Db6/m4Qb7FBtBN7vB7/H5ZZp+wV+v6W/Rk0RGTVYsrXcp90qfrtQKlAOvIuR3VW6iqANdetoNc+z/ATVVDFLV8JMYvLS81+XQC4OrHe1PwRaPRuTdmhy5xISUOaue+HdYES4PoCmh4sGW8Er/Fdhp8cp8ssiiieoMkvNlmiGOvXzFlJAAwASzmESZvH8DplEK81FGVYBZ+0r73rDEYohRrvsA8TWTlZdWy2MFX8Ul9N9sg9cnpELY2tA78rj6c01VqbxJAueTxiwi2zQf6YB7UAfcgTpQLlND22gFQD9tuWHaL01tqqcKsybl6TBBDw33Aqhl3yIh/mipFR9KvzW1AwEWMTLN+Pqp9fUkBB672p+pnFtqBdSrJeLOsyTFfCF55Ko1bKS5ruRyTpVd7UQTJu7vaGgOL+OpJKdlQ3LGjqUfvjst/eyyAmiYkLA704PyJC+TiPCwqz1Wc63huUHBkEgHGj9/ST9aFqPzTPNZmQ3FttBWtz0DPt6Qks5HBuQh0/cJQ7a0hqmMUVsgH6HJ5FoEKax8GCM/Bu5PUbcMnuShGTj1IakUTQGm6Hk42GcxxoECjJesj2wQ1XbccmyR1BcMGknt/FOPWXR3D8YnolmXk6uSeUT2grAnnRyenuk0vJIBQzNf2voHpMnEI5gzJOYaW9N4NDlSOyRo4lucT5OCYOLivDDRZ+yjuoE5SvORiUD6yJHgeE8RlpbeMlNZ2xL/aySspl0EQuiM4A/VfP+2uf4OKtNmS+a6qUvXSlnq9ocN3RSlrR2qt0NJeitUpB0pSBuIR2mDaUs42oLjvAU9yerUJG3YdpopSdrb+O+KiuR+aUjum4LkHuhH7jTZ4m5pR5amHGkxudxUI+3nVVeKkXtPvWiH192ezMwpna50IndPJdJSGA0UIt0k0pk65M5pQ1p5PVrShbSXzW3ShDzYxIxWwnZSg7QXcEdKkDunA2mHquFyUnWlAKmfiuSVVlJFDssSlGiZ31JpNsNJuhiFYNaWcUv0AiuA3bKkl5bqdMPNKesamE5pcFDi8TQ3paFb2pCMtpfm7ZOKrpNM1Ckax2h1koauSBYqKEENDTaRhDrjQJpBKWxkoK1BKdZM/nlrpJ8dIBkMZ/lmcayd1HNJMs+GgPqG0/FqJ+OGlabhRNxukbmLk/D9nYLv8wR8x6ffOzz53tWpd6kTb8OksZ90282XLifcez7dNkjCfqptJ4kup9m7Pcm2+HDHCbb913c6ud7pqbUR463FabWdHG7rlPpAT6gNgrWeTNsJs8OJ9E5Po8vq9d1OoM28hs1SvHsew7PLO+QvvAXeQkffuqjxWuAZ3C4V3t1T4N0f9d19Ud7dOdXd3VHc3Te13Z1S2t0fld1aKOwcS5SVw6N5fVqds2P9XB3WL7WxW5g5OVysF24OjhXpL7pQX7SmvRiN2NqVmwwwzZ0sHybzkZi36mfAEh/DVsxP4K3X/2E6L014i0VJab7LAnByce1Rk5V5XQfeFHGKsB5ZciX4Jy8Fr0mPtsq4P9O2c8croawPNfxN+YX4oEx5+y3NC1Bwe2z/pRDEo2Orz4XJ8Wgm7roVBG3eRuO19WJjfzs8KnkrEhVPoOIJVDyBiqF4ApW7IVBpk5XuSVQ8icqS7fIkKt8IicrjZUfRrQfczoQ+x6BKnVFQGt1EcGgYZVRm1ZBKvKBNUf5iBPlj0/88lXAhkkrD1Gg2jCfpeIyGW1Yb7atk2JjTVuk+3nFthq/n8LG4Q/HNSDC3CGxHzXxslGAJBVIitZCh4CL5CjvOokgRWwYtBqnZYoTK0FOcLEILZkoA6xUYzTBnhJdeEJrwuKB0GhdIQWwEQr1gK3UE/nZ89XWWCiuN1iVPyG8cqF1aS30wem/LRvUet3ZFYKWdLdioQJsQ98foxjtpIzU1FVZZMax4B1wLrTOZUUwBW67OMX2TI+axvisQBIdGq6FW+LKeWKpkNy3YWJnDGqCM0fr3kCTMnjXJda95FZIijycXrKGoDbNtjHf1NMllSo0Zu3MPPAM48GCa6eMuHbJdNRgtMoU+xCeU3NPf6Gm95cLXSkKljHKaxjIOQcxFbipn3Tfgc0rCgZrqlB/8BKGn5otugUNrJva5p8UqXwyHyWxYVCh/LOuUAn1t5P/xC5RfoPwCdZ8L1KMjm4JD9HvK121oqHanArjLlTVHAtBr0jc0s3JqNyG4NttdHD3AoQXakWe14s4i6iziyDKYqn38p4//9PGf5eLjP338p4//9PGfUHz8p158/GeldIn/9HRQtQcb6aBkqMU90UGtIf5KqCTlL9QUZS0Yi3PomM7eM4t+35c0QnqAVoT/whP4+eL8fGKZznPh4ZFhPnhkKB9CTSI/QjcCacpgMeHxYGQH4Q4KMNmwTgnByxa8/zc6iCCYDu/zDj3RDSrzAhxS9IvAytR+MoFlKiTLzpB+PHCC11QFq6sHqhG6W/mpJsA6JLYYCYtPniBRMSRGlu0M9TZINH5xN9TEvnY6L7Vmb1yG8JNgqh6+0MMXrgRfSLuJhy8sFQ9f6OELPXyhhy/08IXfHHyhBmjigQxbtcMDGXogQw9kiDLxQIYeyNADGXogQ6cIH4KboKWwPZChfsOagQw9CJ8H4XN8hAfh8yB8PgjLB2H5ICwfhOWDsHwQlg/CaiWuh3C68kFYXfR6D8LnQfg8CJ8H4fMgfPX3exA+D8LX/ks9CJ8H4fMgfLaXehA+D8LnQfg8CJ8H4TMWD8LnQfg8CF/7HvAgfB6Ez4PwGWrwIHwe48pjXHmMK8vHexA+D8LnFyi/QH2zC5QH4XsIIHxHEPWwxO4gnuX5wzF6ApJRPlhA4AOMrMUs+Z8FgGZwCdxIo7oxtrZbCAb6CvG/gz/BU7UaG0JNtYiWFjEmcGTe0x6BvOfSagENsR8z7UcbsAKbAgJqLYDkS3DBm168VOiejE08Wcxg3LSPXtqvPClAHYxtY39k6WJsC37MeBWAUFCQ8fFpDCg3snkjNhB2+t/3n28tF6EII2jS/uNe4f3uT0K77pMFRoGG2RPLp9F3fNffedHfDrf75/O0/30YTUcvvl/yS9hsOM7SrzftP+aJDgvxSjzv/Li++XNatG0SFx3ETA+4m7JMS7gG2GpOWS07b0Ql5nZhIDStbkrjLEXjWOpNytkAZZvpnCLHQSt6HUfZjM7pONaYGvX0hy1LpbwFYTKilZPNF3b/X/ppNh4wDXvxFf4ZzkFzhL9+GKgH+j/0L4upKdKgUc7cLzMbn96wb5m2XEPfiacCemxt62iaH02tXoNSM96dBnirY2oP4mI4SPOQY6M45/dBfJ4w3erXt+8Hr0HYwV8wJD3+42ZruWmeo2Dev19tBJ/KWtY8hNXUKA/ZsjtfOg2YGnDCXv0b4hXkhc3aKHZ8SlvosxqZyovWUrbrL6YCEGYQz8JFPmCXP7Prn/PFuZTFZza0Wa/CrYOdAYzqQXaZT1Eb6d4NdotjWFIdDJdpRzdcsGy4hjtLe5bpemUnsNyiFmTDDXKdNFyrzG3THTTdDFfU8LUookazq0eDVsUnIvlEJFV8IhKXg09EaicJn4jkE5F8IpJPRHowiUgeDbr2oEeD9mjQrXrinxwN+o7wf5ua8c8NBv1QILnvDZRawDyfs+8hFJtlUJ67ADuLCjwUs4di9lDMHooZi4diXuEI5qGYqbEeirkppt9DMXsoZg/FrBcPxeyhmDsIw0MxV4uHYvZQzB6K2VaTh2L2UMw6bJmHYvZQzD4CykdAieIjoLgcfARUO0n4CCgfAeUjoHwE1IOJgEIYZQjH5z7wVdCYy9VIB9Nleh3AaaAS8kTKdFQUgKJEwCyAaqqFvAg8ZXsSKuZtBNEFHT9i3ZFdhUuFQKVgTwULsC7fpiaw01x2I2/CjZY1PAHUI9NAOCAIaFQfdrbhOJiyzaCTsu7xrx8Y/jW0+AMEFLFBXLAxtGK/GKpasXuuowTd7IiMzC5c4RvM52sUO76bkp9a9hqvUnYcr6Fjz3mQcQ8y7kHGPcj44wQZB0ROkEf+K8SWLLNMlWvQIo1VAKuOest6JpmxLxhxONUYlmjKQha6DEGJKMC9BsAgBY03CjALmAleR7TlW0wwn0RqiSRjSPy1iDmMYx5PI9ZBQz52Da+sNEtGC4pms79vxMt61Mk4kNlkjkZT1QwxU0A+7KtPSvIzGeD4e9i3UOzYcTr6LY4mxeVNDyMXR4uJ/qMm7R7FmhsqFRORm604PBKPAFSbMtQAItWhdbAHc8Asos6GYKX0orhmVQwuo2wEf4j9QoDg/Ktp30Z5oZWUxoNAjhGok4CIB3ObTWiIzcexz5Q1tr6oTsBpPBrRWqYh/6YVuRqFQCpXFftcgqWiUQmkD41Y4BCluNPnmojtqtzRjDapygTR5gL72KxQiE+yg3uI6kE98AYzqTOtpzHRO/lKwE7QCygp18wMxuU3Y29TJrqIZMzBzMJReXs0M9VXl+GoqvOg8fX03WLhZO+dREO+z0AE83gCQY9wIlFN2twvTVo1CnaDzeBfREOtS/VlPJnTUjOF6RZz4GFCxNQhQnOZmQB5COWUA8BRup4hzD0P8ByIO/jyYsAU6IR7XxqiCv0etWYOZho5zoJBecCLNTAiD4be98vAdMu6z9aAzVqqTLNGg+2bw7rN00mEILjqo54KqO4MgBEwl2ScpqMtmjKosOLwhDqTWaXvVDWgbNjdxUcVgFvQIOJ89oSnq/cgcV2M3YJ7wZiIF27EW7YIpEUMSEGspZXdSLwHVxb5L0IDY5Piu2yEVugbfR0u7XJRXp3btmZMo6/Cz/jdzgvbTS5nJJU5WC0y1sf/9fRjFP6xHf706enHkP/1TPy09fPT/+w7r289G7Cbnn7cC/+D//YxlH9/7n96tvWzdm3rzzYvxCoQtaWxaNqXXJYmJtAjnOLBd88tepYJrbZiooIRiXaqL/GNYfo1tbFeF715WuFK8RwynkPGc8h4DpnOHDI9+24pGWTU/QdvT3VyGfZPzy6zXnYZGH1o9ovzw6/zJLs5YH8uM9/NNYlGx/gL5vxVLYv6g9bJL62teHIS0L3l87e0BdUqWQk8UylSnoDHE/B4Ap5K8QQ8j52Ax5PvYPHkO558x5PvWDTk+sZuvO3OOHpEhMkymqqMTjEe6LJ4QpsWkzCgVbMR0aiwBcE7mM88L1/pEuJ0dImG05EW04PwGLiiUKgFG8UQloBbCgUP8KABsuSbEOHdupgMaTmF5+2aWLtZWK9NxmAIXYesOPQxF8qjz5uPn8oeQZsMjl3ifLBpLzzU2RSzEn8dsh3OJJG1dIVQ4rD1lxEoh6wKay9AaaeSNcw/6P6Xafa2EvKylu5rqrvemXqMTGk8TnFPJGlY3mbrar1TLVE9TX1LD6C7jEfYoOovff2LfIGmP/TUg7P29AgWxkksoYXzoLbBFwKIpl4wCYdb0aS9iUw9wd/6tHX36VvyvYKCfP5G2/36h6ezT/K7G6uOJdtTp3nqNM9M5JmJTPbBu2ImMtyn02OUfQkjeUVsW+OUK3/nxFZyJRsQzOKvhZYx1w+OkTcAwhj1GP/LxTmeQTRPWp6M84EWXDU4n6TnA0hdpDB30OXSnJ25Bs+3n3+//dPOi5DHF4SkUofJLNxnh/pQnkH6Uwotw6VKgNB0sWt63jjPG1dvnl+d/ersV+f7X509aZ4nzVPFk+Y5W+BJ8zxpnifNa26JJ83zpHnOZnjSPE+a19gNnjTPk+Z5yCgPGWUoHjLKQ0Z5yCirJDxklIeM8pBR5fLPDRnlSfNqDz580jzK1G/4QJHPP87SxTzn2fSxJFQRwBzK64LeghEqKobvYXqH5n6jGF7pmPuw8wu+y5ox2ci8Ys1wqX2Xi3pFpL9UelBLSslLmedP8nIUlm3iv4IgZD35A7QAdMxpMbjo8egF7+dnKWQe9RR5yj4nhcHrR3U3SQ8PRfSnbetjN0hkDAJngxF0DBG/1lCvI+1T6eH9y3j4BSdslI1jjoCgoI16bJjkaaDde7oYUkRcL3gHiAEnMQ9kH5USvDM+iGwt2ZOAKROZ+82zpoRTUK0FaAx5RdgiHCzhGG/F8YpK7UUKzDWoo5qgWGzHAyPOSA2QogGEpBccFsNR9d9v4ilbc/lPZjFY06qgWFKrZIiwSGEBpx4EF0ZwlCjskC5USqNbUq7BofiEqw62Hmsm5emSbVX7QicmvqlmtcvcUj4WlOVysjomZa2SfAWlbQIWlBY8Bo2JWFC69J3MvwLX423lZkE5o5ULE4jARAI5RPxbXQ/qwBHP//Lix1XF10aFUqWLJA26VmVnU9yXmtqlIxDysXqNYHdFcB5BUPRi3iTal5jVAslIQzo1GF+UyO2Treo7zynsB5tVyx75+PVT36w6/tSrtDXBYA1YrEb2wGgqqICAbRGWQmFtrC95sfyWNvPKrG+qwvS3ZLqY7gbbjSPHrJ6q4s4IhNJluGQiHY1vGQhdN86iKcZyqVCHTJ9+Rad0QveoOc7S0WLI4Q2ll6GqNsGMJVOUij4TaU+zkcCyzHlzhOPCnrcPBQPzeJ4ifEI1japrhiKUM1GPtiNEWuJX80pTy3TkEXzObEco2hK1s/28YTA2AdxAUSA3HIPmkwZU87m3++mZ9s9PWz/b0GmgtFoU3QmBUJZOCnQKvCFhEEo8W1g8olTCYBNet+m+Bdvivoe3ZVVRunIYoZQEeVvJii3xlqA8MECllnJ2pR9CaZmCSLdyNcd6nRZc62VrFiNdtmQyQmkkY3KCPKkazEBPULqAPTU0tz3Wk+PDujHXA9wa/SCI69Uvbt76MAw3NM8jeCERYjNH6yY3kV7tbKCvI9hHNh1xxjogDHLw9eoEwEhrHGkHVkAiCclVnkF1yQw+IBxGIRxodoMhGFXJhzugv8HAOBuH8CDVIM+yIdPT+iDf80UyGVF9AjIruNqGwCfYMCbReTwRr6fIlz7rF/ocEYi5q+OybgiicpHgHhdM0as8uiG4i9EErBm8wR7CdKKb3eD3+PwyTb/gr9f0txA7UUOT1USNKh5lrg8zagiKglcR8rsqN5HrQRegdsMcadsH1FQxiFTDT2Iw4vKOl0MjDK52tD8FZzta23ZrouRCE4IGEaSZPFuHFflyj5mE1oqpUTBFXlUuvGa/4cX5ZJFFk1KvkMAv0wzpz+S7pvwCGziLSZTpj2wA5XwKc0e6WsAWeKV9e6hZXI4zDJzfh1zAmay/HFeEEOlsxz0HBAlwkM5CHjVf6JjFZI8ScTDKIpXHokP+m62Y6HiXpwuA22RqrFgoaTCclH+s6+ENDYyEQU+17WmGscyIMV0EEHVUgN6F9rpTYgzYsjZS1ndiaq00Hy7bXGpaGzH2HXJkdRibh59obdpIi1+Uyyg9eLUTTeaX0Xc00oaX8VRSnrPhNWO694fvTks/u446argLKxA9K08s2qAnvV57uBbdjyqSgmyVMfxc1ZSh/DzATItPMdvEbPEo7qMbiMAAQ8inGoDm0ScKm508+CtsJZtPnkycuRYCAusa5mOMZ8kfsm4ZAcE9NwlHOaNTD2bJVGqGM0wWYygHQI/L+ui4VW3HLbsT5W5t0Adqql49BMHdPRhyQMHzlH1LJ0HZC+LofHJ4eqZQdHXWRGWpsfUPSJOJR8aaivzueDbi8VMYjoqZNkw7mSYFZSbFOWbGVKvdR30C0TwouaF6w5EDCuiewiYsvaVrSdWb6wiVXNWwdK1aPMBtbsT8rOJTnsaVOWU3hn8DxJvEDXCcsuW/KcXHDmfCny+Jd04/CRwGmWgi6SU4SRAaxUfspAykARaTik7Us3nCVqZ0utkPgg8Y1KZZe/i1XrD5Nr5mE2WT/fWO6b/sr1qtZkNAGFAVhgtUpeECvaGL0Cv6wzJyr1QhBhU3T2o6Amc1wt2SwkMQah48cRz0WXi0laELdYKmjtgOntbIVDVrm9SkwPicQgRfDlGfCUE839RD5jULrBWC2GxSFargciwP9KyclVJwYn0Qd1jRIXGjwDWbaEVGTCsH9TrJL5lQimtAxZA4Yn/EWYoGy8VMRgY2clM5wyM6Citn027IFvBlhCWe5aC6cHpEghNKE9YUUcz1peGk6He4IIEhxhxl8xorBGsCSkhPg9WYfBCvaCQYXCqOY1xAbQs5laOiygskhjHwl4E2hJZvOBmvIRnOHQZErxn8Cf8fCvHW13y3Pxa/5PAraBylU6qje6uPlGGSqWdlb3Pr2NSkzohCwITqPoqPeHtgiwpo7w53oj/aWyqSH/kVHEXSOUJDq0ekzpxwYsaD6/nN1pciRBff5IASWg3VVbzprKbWZl4kohYOcT5llN9PfnI0Z/PNErApikmV0K628oByqa3N7yl6QfN2Yj89yTk8Ghuvl8mcQsh5dqu7A6iQuiCqpxF6NIPwmwL+d4j5CNidB2mcs1/xl5XlQ01bl3T4opggOiUaanGT144peV9QP0hJsruPEOWNPtU9InQHGlSPi+V5jMYb8l2Z6ufSY//Qhbfkq/hrcHelK3QGJn4VjjIQCXNiLayxXKZxNo7BzDe8dPWlc0Hi7W3T3c1GdCo2+7cxUFOUZj8FmyfWa6K/LDc0ug+6ewcaPgl3odeaEbpadGtj0xra2DvtppnWJtpCptEcptjfYafA0foPNpiSDEjfBMuPfo0nkmrVWF80R9A51qPs0ZgypiCShfDiKNa0vEsDgRFggsF6LxP6Ntm/NnuOQDB9mm4ezTZ7EoSuNPnk5ogJJJt4bbPfeWNvAam5hshloaoto8WKZ8Ueys/buIHS0+d8e5eKoR4vK45NiSmJhslvcXHBNH3oQXm2iAiGA6MdjPidlQQp1PqH6EXSYF+hFo2oR3xG5xQ6s32lvfygnAJScZSNuPCe5LLWe0ovEK83vr1ZAat544w3dViNoLTaL9pv/lob+f7PzpAilHiEiwLZKWFlARcnp3xF1ixpo0Tcoxsz96UonANS8uYVaTrBMYm14vIBVMtJfKUDDssRAGvGDQ5X1mDHa/DoSDaC2UgzP6Dah6iXaBzCuHQMv+THJtc2Xhlm5tMZwHSH7IA+YkNJCdVaa+PGGIi8h9hsChSlfV/r9fHOFtxCkiZPMAyR0k/8eqyPxKOs2ymL3PEatEG+e/v634Ojl1gPvo+2FgADJZMy6wNBwOsS/dFFBTYBGthTtk42ZBaZRrnDjdtiXZVs0K4ZdRnNVIXzKM9lgjsNfWIihzB2NA0A/paaBTypHlfor64vgT1PUg5TxSANFDS8GLNpeUjmYoJsQhXpuRRfjHOjwFU2e2eEMMX7cYI2XGEWppYqBlsmuGnE6TexWY638I/lfJU0PowAWNbuU5mrQl8QQ2tE8qcM7p72Ahvbqyhv353xYcC64/vtn5CXCjOdFR1dnGAgH7/t+fZOsM83PabC/LC9Tb154gqigUJ+Fonuq2Ie5TjAbxjq4HoX6WImEb0wZDuaTNKigGEsgXtx1LoWT1rHiIv+qcYIpsjtsWqBjCdfeAJPhHt41yUTCfIwOl60h+d7TueZXARirYCPcdoWRbnlLZnNnuk8pcw+RyssAGy0/AAk4BAnmhuCLSp5be0f3WJLnjjOI1DuWQt4Q8cRfuI3Gkt1SkUmqTQbR+CpJRZnHn3yh2vteIpxILQrozVpS2697P033HQqzZUUioC6rkxb4fSODcsgj9dZ644+cR26Wm3m9jxtKO27ChcYYdPgi44EOpCBSf3gSCMpJ4ZaWPCge6XyD7lZxaUDrQsKJvur8wLsMbB+XQPSAu21yCqAPmR9PVchBdEcVOUMUrywga7u02FC+3LxYQ9PoyyBFWkGHNScgpy+CAJS5aIQC1Zxhd/ptJGJKDrXWGn0guul68BSIfQ5T4V/RKtaQwo+lG4Dm1LxdY8v/cIHeAzsEYYJ0A/2RLKOqsUIBitK2UACL9ockXNsU1VB2SfqAj/as5UwncEQrUTQuIbFWzaAIF+Wr3icU1ppYADCC8vjiAzQ6itCpZfJwB3q9QurzQ0KEYKL1wl1mKcJuMYvF2wUHLw9/fx675fD1/c2NxQ8wmOaFCkltQqryzqmxmvuQhPdOYrntAoK5ySP2gJ1e+/1a3kf1wHRAwdJro5X4IGMoicEVg43YYmxM2aHcki0G8ImjEYnqd0LfCHYHiDUmNOVa3jCzpEazzgeUXYjwWiwzVXgpyTX61TJ4hoOMYe3jumJbOFMQDhDCJ+hHMOIwIfHwRTJF9m38ARNCSnwUAZio2ehi//nXWnIKqNtPAPloMQlxBoMOI436UJF34C8rmdu/0Ugx+ieuFsMG7GW89GKh2G1AEYisAqHPABKOde9AM/oPPaZllRBpJbxg4xWuZPWBEobLyuUJgQxVVbDElOlpd+IyWOSDr9gDx9YGaYcTWwYOlBgGcBsqr23BxKeC14oDRybbADFEMg+G4lGbDLhs+MOOzNklNjc+BpVrZqxfMVSkY7s7BLyFDs0KwL23gSXjsb6S+A2fEo29QKYBOJWMRulgy1fS0O+ljJxDP6kRBQKspzGl4MWfMl0cdS7y+sz5mWxSRDR/l9c6roDrEExzOohV7PUyyVTT/On6+FEFy6yP1XOUlqbVRImmE5ygDaL41EOyhZ06GYwh4j+XJ8Y2PVu3y8UzMm/Tpjy8/3z58HT9zM2hQGSDk3Ch2w0FDdbWqw2WQ/bTTYzSni5qL2i0yyTU6gCs4Sbn4yqFjtSoxBcIDjLfpkdcs3yTS1Wji4wbKrcMyCbKq3XYPfhn0pX2XUBblNl/YBTDgQ3VVpLygq9pUpXQXWA41LlFuRkxeVSpaWYmiI2oISaTuK8DQa684YGm00Y2CB3qbSwjUHp4qivVm6PHml4eT3QX5RusHnS3KXnAJzH7MyVpFmFHf6efNnwqYiN50gFbtZ2zwUA1TqOtbIyiolRux7aQJjairzt4IvmQebsYjTPFxig4KhXAJKl0hBI3i0ewvv//s//zdW753ASmcaAmZPkU/vC0O4kMOS4XAZo4+VkVKrUKCclRZFcG+ZVNMemZecS8bpBaGXqI0HzwgN2NP1YOo6LOhVHuZC1GEmsBypOEvz+2MobBWrWP4iKCHXVdOFaKqjJMaqMBL7WVt9pe5zrcqBb35GuwzbZCBttbV+LDfNu4KT1cn/Q0nq5T5hpvdwx5LRe7hB+Wi93BUWtl6VgqUuyaj9Z25ydlpmny52fHtAJqpMU25yilpHiciepu4bD1ktHoTX46ERZTnKd4LP1cqdQ2nrpIL1WENt66S7D24Le1ssDheHWS4dOaWEjWKYjlrIT3DGEt15aS6zlCXzZM3gQ2AO/5R2degPqU14o6BB1yIFrSvMbTtLFKIQgDon6SS9qSNtCFXeWTHr6wVBF2QFRpvBHccRtAefcUK3uBDxlXQvTNw3gYHMaD7MYcXPcTWvZraNSleuWvqrZhCyQ41WekQtuFlMn8Y64rX5w1dkeBM89K5xQDFJcq0EyOH3yCNbgzKdshdbYQh6c+fogBZGvw7hTqlDIgv8YjOhXPR2mlgnjdEC9UcnWEaWuUm0v9bfmetJCWubia1LyW4isyk7rsPm0F1utUmHz4bFCFeNPJZ/HUXGKgfAUmTGrvMbBjytKO8tJW6vJeiwmLVfKlpaSbovkXVpI7t868hAsI/dkFbkHi8hdW0NWsoS0nITNFpBu828Zy8cDsXq0lFiztaObxJaxctyPhaODgFpYNrpLaSmLxr1YM1r7iztYMbrJ67atFw/cctGyAxotFt2EvoSl4l6sFOs6hy1nmQBQuIOM7bo8X28tSQqVOsXBpkAQ1WgKKFTYNUQno1gzRHwyHnNyiGUF/WcEVdG2a2dAp3KGkQUYcMeVJvbq7Z4gN1AvQ15rnq2F9fNcVWgtm3DUtEkyTXiGsjNt4d3Z4S4yRVU/WibWUujl36B7hsWE3hiEyCLDbv3bKgcscSqxUWNDad91qjbRaWUC7EBNKnEmlem6PJG2+ZhU5mcoI4KJp+FFSJ6C6pvqM65Ql7mNRdx7Q/BI5c2JlvzF2n6ZjCH7dQLLIuLpLaacUkNDie4Hh6Thg6+eDaAcR5g4L0NmFoApOqhHOHmKViV8ppRZsA8hhuFiHkzSMZCH0KeriiG1mimfca5hvqUK2vECNT5nYIB8jk0FKW3ahVRK7jiGQ8sYVveMQC9eyaWF3tYPfjd8iBkFggrmvLFvYs0L04uwyGKtuxHlWX5lr5IQrfeTJgtMDHCdtCGcVej9kXoZLNpiGAvkNSEWiL3H8Fh5hYTLWgGoCUkpjvrHHE7zlIHtagdlMM/w3Afdl+REuDOCFAqt2xDeV0pd9RSgpGUw5bIvPK2PQoBbjnRhNuLoEjiikEQRwbgoFxCGe30ewNwHewYePkuiF8AsTtMcRVdfRHhqMg18MSaaF40WS+FVk+bWfh28MmBEi5A1bSZYiRdVKS84sBEVPKFFS1AXgBL1MCXHztMoEXcEZKjeZrmu2Wktd9QMccb7lgMmMrfe3qpQpkWXfrahFxuIcmz4xUSSow8FQam1CoRxDaG+AVHprISRqlBeJdaRAS/f0B1VBH3F9+QC71we9ZRbs9/YyO4co5g/emJh62qezUczZZmSul/GKfI4HQKguqRMjlMEap8NkwnHGDfUJ0TdY1OHrWUv9fbhOvqy9LH6utsv322oXNw8T+cYvCnBU/LFkK2fQ6HR5osEuQqx4/gWYagOV955FpMCC/hlySQ2NlCZTDG1j61p52luqpIjH5QawNQUTP+DryfSQdpL5pQdY6iFjeNc8uFyqy1PVIL9CYcjp/thu3acZRgJCZ1nUi70rMZoKHAYYLOUJGe02l4kX0GR0XPnETvXUCcq/09xx+MwCbA3M3nlW5TtLEzWAkiEO/nSaQym3LE5q/piMRtFYHTGV19nqdgSNafemcLBBQtpoJjhtHhTo6lS18j19E9SPRB6arZggx2HBT/c65qVVGxNTQdVScwW3iHXAjIqmZGhnSB/FNkv68sC+eRIhTUNJ/aFvRJ8RoS5aPliPk8zDZrH9F0kGeMchWNBnmhUIvogSQq2S1ywhmPOapaIoTBNchkHPTKO2z04FuLAhNVEH5fpcLjIBDgm2Rv4SiJD3gXbrmkE0ymUyKDZMo6rlTTOaxwc/OjDenTAJ55EsHFOjCdI7DhfGJZ11+K7YGJBGMV4tNQOJfclCpwGFZwAQui0Z19l+V2VY6bEDuS/385utQ5e9iy+mGBmeR3oAz8oNe7LbMwQoafULVp+YUeS9hLrTMcOBfVCdqtJbwj2XDtSrsPUU22SmBcP95AJizn2wr/N08A3UWPZXGdHt0Sur4LUQ+cZuqo+6h8icLxMHI90CGt5B+1sdBft9NRkdFhepQksNmxJQdZXc74UW68J7oYnQ/BqhGaj567zqnlLEI8wZAfjaMq9d04AeE5aXG5/3gmlqBH43bo0dmO+w5Rf+kVQ32k/mbjv4HytehqbecpbWeaPqh13oGfEzBa3gp+1QtglDj/VW43sXhoVX2cSMh7Iw2vSCbDQ+1s7xxGHVfmpWjdUiblAVxsJ1ShPEJpBQB6VzmX1ZkjYTPEAVMY+eDovNWhvXKYJk/TInnPNc65JzjXahT3nmudc85xr9f7xnGuec81zrnnONc+5xsvtnFyxvaY54enYPB1btXg6Nk/H5unYePF0bJ6OrfJNl56OzdZeT8fm6dg8HZunY/N0bJ6OzdOxeTo2VTyHzz83h4/HEvVYoh5L9DFhiWooNh5V1KOKelRRjyrqUUWbv8GjitaLRxUtFY8qWiseVfSBYXNA8aiijxtV1CNcmotHuDR9qke49AiXHuGyXZs8wmWpPIRTuke49AiXqniES49w6REuPcKlR7j0CJeWpzzCpUe4NNbmES49wqVHuPQIlx7h0iNceoRLj3C5bCIpvCWxREyXvQLyRilqOnUUEmdQSrsJ4syapVNG4BFvlC9Ecw68TWFrSHcEWGCdJmSKJqMwNKv/pclEPGG9dsYBHglyZ9Xsx9eAUsNV7VhJWcJIIsYIbmmwGdG8oBwT3Abt6w/Z2mQ4tgQrW8zYujXBSGz1NghoHAOQIiaFRageg6LxZZZez3q0Oy5yAaaBzYUK7Ysfuwt6hFZWXju6AYZwOIOZYWu5GMsAjYEquOW+xvV1akNtpdI+PZWgQWH6Et4Qxx/lAJogFMFMSNBeKCLZfQ09xNVsDObnKXPLfnBmwZrt9r0UvImosBcKwpPGCeZUw3iVXwcqsBWspFypjDOFgQEfPLxMIQ+KDSRU6NjLYMiVVUsdpyAYLyL24gLCNxE9qKVgOdrKasLNmcKVJYU1v7eteEU9QoXAVU0CCwyZePNSjDgH6B2mYG/KySWA4bFBquXqw1k5mTIVMWGzZmK39+DkzwuROiZX8ATUzYQDAUcA1DlkZzg4vU0c5i3o1VPxPSTvN+9Pz4Qui3Z9XHdoj/7rSwCPW74HDDqBRf58mVReExq+PYEddZYBbhI2pxe8n+Eqt3S78IYVRwViXcFZVq7I+rxCrw1Mx7TPPVh9dlAZtJh3b8Ba0pe19vE9GgyLtBFCj2dpnmuZanimkMBnBB58Hg8jOFqrfCGlF1gboZJSLhaT4GnODpZ9NBVxXDNVxRbFUETnyQSGFELPQIw5mxy4JSVTANeN7KbChs5yqdxhYM11CLFew4UWqrMp0dbDintY8VLxsOIeVpyGk4cVxxHsYcXLxcOKe1hxDyuuFQ8rTsXDintY8SbsaWklkLnmbbC7DVKixhxQLfy3eZakaBcJdrZL7esAjv3gwcbvE737keOgPxyI+7pjkC21eTpM1MGysndbZoVQu+hfvK5Skz6UfqvNV4G9fs4+kDIeloFe7462Lqrx+OgeH93jo3t8dK14fHSPj/4Y8dEhrpM0nXZQ6eyPizRT+OfKPEWw1lL9uQVMdXgPtveukdUfB3y6W+Aml80zkcelqXZaEBwbQUzj5Ohn0+ir+IcC4IOZxtQjWwQWqz0BVEQcW9qi2sPwUlG9/WFtYAl/NF8l08moor/9L1nfbdT+v+X389r5v9ZTOzdiPFVfIOrfCjII/egFX+J4Hki0UqUjsMrenBq7FsNbrpOcYnlNicFv0wKPozhGdKNKtpjhYgyuadOH8OAWS88/C/Yq/Y1mOr6u4DlB1serMU2LZ8G7Gfn2aSro9RnadI1/ZTnWJ4x8M8DCmllecIYoshDkTAM5xrmElnugRLqCUEZxFLhIAVcLWmGeKiJc2uhedwuEcCT5t6jVdhrNorHyVzhjr9kLzHKiVZ5tBAV9FxPS7ElRYwtoqD7QmgVHhKxbBfdvpPQsDZ6lQStnHcGcPUtDuXiWhmp9nqXBXptnafAsDabiWRo8S0OteJYG87OepaF+zbM0PFyofc/S4FkaSsWzNNg/2LM0eJaGWmWepcFZPEuDu/GepcGzNHiWBs/S4FkaPEuDXjxLQ6l4loZa8SwNDwxfEopnafAsDU01e5YGz9Jg+VjP0uBZGsrFszR4lgbP0uBZGurFszTI4lkaPEuDZ2nwLA168SwNt8TSADmAPEd9nUQN5WplXuJleh3AmU0qHDo3Q1RAwFKhpSbK1DMZuvzGikkjCtv2IQTtouBJNOLMjPOqjHQOuGbBnsrzZ0Nmm5oCsSs38iZUOC4gnyN24UqWM+12tkXm30qHKE+l8cipNOBLPgC0CpsUBRuLa+5HQ9Urdud1lBQcMgg85sEVvsG1kFGazQjbAPhzrXuZVy07mtewZE97XhPPa1JOivO8Jp7XxPOamG+BVH6QV/4rxLCtYzks1yhNPrkW2qrzMQAmxYx94YhDUMSwVUR6Li1BTKlnjMn2omg9qAeqxv1xHzpKJ1zgW18wn0RqSSajGAQ089SHPJ5GrEOHfOw7Xl1ppkxffiOTA+Ib8dIeDQ6cEGyRiEZT1Rwx40BeTAonJXm6DLj8fezbCNzmOB39FkeT4vKmh+hKo8VE/1HrhV4QF0OnXMUE5+ZNDsjLw761kNweiVoHbcUezgElN+BJ3kGeXhTXrIrBZZSN4A+xXwlY1X916RkoR7TO07ghgEMFmo6Z5WzNYAsF5KHw0HZIAledg8vDaERrpkZckVbk7RQKqZRnNsx/NDpCr0BjFjikCTbruSb6ZpX1aEabZmViaXOIfXxWKOxhOQB6QEPCe+YNprRn2kiA8PmL5CvPamW9g5JrM7ODcbkFOBqyGEB+BSQJYkJysokezWwlBa2nn+S1edO6GSQHiZsg0v5gvxMJV2wAZDda0zb3S5NejZLdYDP4F9Hgxi3iMp7MaemawnSNOb8GAb/rSPh5cL44P0cE8sW8AgEMML7XYOuWSRcDcQdfprbsDWnMQjTBL5WGtsrjwlMCx/B3KSOBXMpKE0assRF54PQx4hJk24BX+a4zB1WB8atbhFaUKte8IuCL4YDl83QSIUeE+uingskmgyQapnyyr03T0RZNQYWGDHUms0qfq2omDVnDVI4qPBCgAcWIJIGgEz02FOQc0LK+Fm5iCFUIiOQXwL+v7I7ifbiCyX8RrjWbZN9lI/SC3Ojrf2nXjfLqmtHUnGn0Vfjpv9t50XRzG6c+lTlYlTI2Jv7r6cco/GM7/OnT048h/+uZ+Gnr56f/2Xde33o2YDc9/bgX/gf/7WMo//7c//Rs62ft2tafm7xmbQ3T7mxeKGF5LLv2zzaWRNYRR7jEBAbYkHJN7gTmeq4v2CUhs8j+NW2/xZZHPLXQznkav2rxNH72+j2Nn6fx8zR+nsbP0/h1+GBP43dLgvUUfiYZewo/T+H3zVD41Td2420PhumvNLieHAAKGwBAjKom0ZG8IqBBxym5IA1tRUveNL2SVFjBLP5aaCHT/eAYFFeY4rEe7HS5OMdRqR0J82ScDzTvyeB8kp4PIOad4nhA00pzNgsHz7eff7/9086LkBv0OChBmMzCfbbMh3JU9qemSFhk7ksJvAfz059YxOxpET0toqdF9LSInhbxVmkRDfctsz09gs2ovvV02nm6c0IaN6Cy4akdUeQStJC+W/W+85yYnhPTc2Lqz3pOzHVxYgYiUqWhO0Q8yzhLF/OcR5FIrbcEh0obPy5rI8wBNCrz2kR7kgs7ilQfP+z8gq+zOtXctvMW/pTaF9aeqfPM1B0tdrOyYzWpmhplrQ4rtworkIYS3YZDIQpmY4V7qkJxTVcoLr9NTY5W45Pm1NGA3JULTanaUXlwSOOhC+ngFZjWdJcGZB+iAi5UVVx2e/Kf7+dn6QGrEAKlkAjr/Vz+eYCOiJOY7Jzsh15AKS7w1zEYplYmMVAOJxmeIwz7MHrAfhjh4tQUj1iSjiQwBLP3CdczVmEhaO+Dqn1hQ1ROvWZFYXBLXiooy3mqOrqqVnFJQWnrloLSKrSkwT0FpUvfSa8U2J1uy2MF5YwyF9CtAu4L8Kzwb3U9qEcXPf/Lix9XFV8bRVqVTtwWJo27tDgqgllN+9bTevhYvcaMkCI4jyCAZDFvEu1LtPWDi2ZI2afGFyVy+WUa4s5zMhdhs2o29Y9fP/UNn8Nq+KlXaWuCJ3ikbhM0uLbCmaxoKeQ2BMOSF8tvaTOvzAcNVTir326w3Thy7LsmFbefFEqX4ZIJJx3fMjBvY8wUTbQBynwksAup6Vd0crK6R81xlo4WQ577I52s1W0XZizFUSirpXAGAcsdJYZppy5cJ93cIPCg8N5iMlnFudTVbwvlTNSj7QiR5g5rXmlq/l9u+XX6gKFoS9TO9vOGwdgm+lFFPvLAxE9a9OLn3u6nZ9o/P2397ApZbLUout2kUJZ2lToF3uBGhWLmGlUlDDbhdXWS0tIt2Bb3Pbwtq4rS5dmFUhLkbblwOwTlPsAo21YpUE1cOa0cs3QrV3Os1zObW4wuO7DQHf5dKI1RvY0Rvd1Ze9yRvI7mdgvcbbDmQanYs7T768f1uonPJtK2R3XNzCcP5JY6q8kut3xEX/DTbAfpVR+pC3AxD4s0BBVtrQYPrdpWFg9xUr8raVpnmPFC7UfSgHexgfRDkWZw+NJ+WZxLJ4DoKcwdVd2GFr1TbtBDtDapctdim0EPE70obgXUrVqnUQXVW6nWys18dw/+/o+NMAw3NCS74GpnA+GrglNyJu8NkcBzQ6cR0ulPuNOkzxYDgqkRAe27esbrBod4CoaAS0PErNmGDmtEV/Ib9sS01qjsPBr2o0VxCawkePIQoDiyuSfpJF5rIydsjrPfsTvYC8MMXmBtcbaYQG+H4H76Fc2o8GamZ4CKURoOIfeZbmDywTn/jdwI9eeHKQbQ6d9crxC9XJUKx3FB15Kc/rgGr53+LvhzMR+JP+fyOmVYUyeMx1k8xrefLGgEc4GBvE+lPRufM/C71QQvKoxhleDjYDfYLFBh69jl+6ola+152caRaCF1PvVx8PHTMuNzqcY6pbXi7NO/qd24VUBdrYZarc5oNIJU2Wqb6y/id8hf4yIfXEA8R/IH8QWZb5Fql6FtanTzId+hdVoCjfkyj17AbFTzHeX8mRYiePLsiXGB0OanUfS173T1xzzBFHkkG7QuLoS6Kn7k2Ek8UnOZQbAAu2rBY5Otby3SL/EsiwGvouVKaZp+9XrZ5gx7OQGIdqq/9bDF6Os4N/ykRqi8Uv6HZZSXHuRq1yWm/w8v4+GX2mOmW1yTY6nR0ywP3owR0z3Smynf80w/W9qv3+EWgP77HNjraj9YXkHX6pWX/2F52PhgXNT+bXvctmbdwlRv31mAloWbwnLT27RvUKgaOxWuc/h1VKxU9a1qItD32++XZB5NW+wG7LbRCGhh2UKSTJfsmoyp8cm0zeYjdwXqudz44+orynJK/i8JQl/duq5/zt9jV/nTiQBCF5J2fMQGhwWmg0rzSYNvVKibGQ9kt36i0jTW25C5roYKWS8pUl23bqXJ37Jwq2fotcrtOj6/TNMvIQ/2trdKsFBCeDKfnvDnbvD999/h24soY/P1GH/Ta8VPLUdytWxoVRDRfJ6rAXUg9/PVBSJDhkPUune1COJKf3GhWK87JCcj79A3U5ZIm8OuvfHtml+mva4SOVdJaDu9vl0DylSmCudd/ML2mGysNSEMwtJqVrowSqLxLM2Z6p+HfDv765//DkGznw+O9n59++707Gj/9PPewcHJ4enp7l93f2QD9R+lKpIZ25jZAUqvS9Rx9Pb0cP/9yaFe2e5fL8DNU65kkbPnZVhxiEezkKs/IRsRbCESdb4/ZdUdHp8c7u+dHR6wV7w82fv8Zm//t6O3h5/f7r05evur8RUXTFGAZiJayl+5sfOY6Zqs4sN/O5ZVHL9793r3r3Cc/0dPLGJ8Kz6NC37z/uv3p2eHJ5+ZVN69P9k//Hx6eFZ56Cydp5N0fAPt5nefvTt+9/rdr/8u2tc7oe3/9OAVr/fk/duzozesuoNX8iZl4T2G2OBkfFnso4ZdaThrwmcmlpevj3797ezz/m+H+69ORZt4Hb9HSfEyzXRM031uJqbf9gr4DdX7Su2/7x2dvXx38uHd6/dvDg8Oz9jPn/ffvT09OmAfRr/uncGvbw7fnon3agN7ykbwSB+VA31IQ4lnV/p1WieO3x1Apx6eHu/tH8qrATmRX2ZpxeuIbmEDE4qi4FAc2XKhsb50/e8zvur90cF637RIVAhoMkVLOAE5Zjf9LJoNIWYLfJT8bz3IXluTd692+j/1vy/XdLyYTI5TtgLf7AZHF29TGJMQOiPvmiRM4WfLyHGWnpdcrBBd+2tcweWdY8MHdG78o3wJ98DqFZJadejI7VQIVy6LtJP+JLZXvZLa9ipry9IiHaaT3eBs/9hZ6Xat0vqXtKztR1MTp0DxPswba5NYUJ2kjs61NkLHBT4pbgDijR059MqQ8vc4S66SSTyOD8GnQuFaAa5e2p1sM6fs31r44yhLKyTTYbD3+nXpq/kLRvV62RFqL+dq6Ysffig5oPDa+xy22/IlnowGLeWZjGJQv2RfxJTbL2fp63Scv5sdQpqWfI4Ald+APloab4gBTbNwUEznA7bbh+XxNUDdcDYOh3FW5LWehl/1hrOueTeb3GguLEc34Ge+TWcnaVqUnsBnAIqPjYuLZFIaGeRG4zsQB1aXL9IV77cmrbsixF8zto4ex1mSjji2DUTZiPuYek+xaZqSEl9cMGUEYMMFbKJs25eYfTdkdODBoF+Ox59GsFStXE1J09rQO1dro6FryAihyzFXHHjGwwB2eE0Lhx+FOMsnPAgQRpiI9R5R9OHXrGWPZjkSkXAji+Gz+tpj/fxq2PpGaetA1vcNSOzJF6Bj8a2NxHCEP25oE4Q+YnKRJ+MZqIjihnbyD4SVmV6SZuNoxk+uXKghAChD0lkoZDhJ2Ni6GU7i9r3Hm73ejqt/c0PvwSOn+IjRnRyNpqwm9idXCsymhjeLAqMZfydx7usZxKUPjGaztNAlWZVOMgPBh8MohBjyUpMHprG5shWDt1yOhFL28wb/lTxsQhQn6HbgIuLD/mqH/w8yceBvyk4iSVDz+BgT64HTJCBuMHQcXeTbMjY/lqMQvzxM0pC3Q1zYkPAGautKYD7hKVj8dvg/i4RplLFmP+HMAXIemmyP5IHkDillsLSYrXXePXmfEpuGziWv7p+w48Ih/8f74wPxj0qURsknA+eUQ1zvc1jwZ/Hj7kB0QK2rF7Gyx9GVyhf3rXSoSlpdrS8FY8TD7kbNHfeNdaBybq6rK1WNj6NTy37hb6x7Ne/0uvpXq/JxdHDFQ/+N9XAer23mAuLSo+hRHt3wyHqSO75NPRpN5pesSyu+7ZX7tVJfX7jeHRFwjr52OO4tfU6ftWqnG8IAHlnPN81hCP9Z1ySGuh7HLBYRUo+sM2nyNB51tJDQlbu2XuWSU9j+1B0cgvQgWXO3L2W0+QBIao/UbHMl2/5IDTf8A27RdCNExHr+QVpvwuDg8PXhN2TKad2lqxlz6v36AO05rTr38Rl3mrt4VfOO1rvewnPfvbgGG0+9P72Z52H1sQiYX2cXizofSQ/rOQPfXAevw5JX72JvzHtg3bzKcbHevd6id8vdeXc2Pa1zbWY9b897MNN4JYtefR57o96t9+gdmvXqR99v3rL3rfW9ysq7hSHAK3/kI4F/xaMcEJAPax8OMg12Hd0vK+tbk3AdnW175s5sYLL5j/PU1bKjMd95rb2NNT7yLpdZ4PVu//9PTEArvSMMAA== data: metadata: | # maps release series of major.minor to cluster-api contract version @@ -19,6 +19,9 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 9 + contract: v1beta1 - major: 1 minor: 8 contract: v1beta1 @@ -49,7 +52,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.8.4 + name: v1.9.4 namespace: capi-system annotations: provider.cluster.x-k8s.io/compressed: "true" diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml index 6bf4a85..55d9135 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml @@ -22,7 +22,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1alpha2: v1alpha2 @@ -72,14 +72,19 @@ data: description: IPAddress is the Schema for the ipaddresses API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -97,33 +102,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -145,33 +156,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -194,7 +211,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1alpha2: v1alpha2 @@ -244,14 +261,19 @@ data: description: IPClaim is the Schema for the ipclaims API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -265,33 +287,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -309,33 +337,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -354,7 +388,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1alpha2: v1alpha2 @@ -408,14 +442,19 @@ data: description: IPPool is the Schema for the ippools API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -445,8 +484,9 @@ data: pools: description: Pools contains the list of IP addresses pools items: - description: MetaDataIPAddress contains the info to render th ip - address. It is IP-version agnostic. + description: |- + MetaDataIPAddress contains the info to render th ip address. It is IP-version + agnostic. properties: dnsServers: description: DNSServers is the list of dns servers @@ -456,8 +496,9 @@ data: type: string type: array end: - description: End is the last IP address that can be rendered. - It is used as a validation that the rendered IP is in bound. + description: |- + End is the last IP address that can be rendered. It is used as a validation + that the rendered IP is in bound. pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) type: string gateway: @@ -474,10 +515,10 @@ data: pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) type: string subnet: - description: Subnet is used to validate that the rendered IP - is in bounds. In case the Start value is not given, it is - derived from the subnet ip incremented by 1 (`192.168.0.1` - for `192.168.0.0/24`) + description: |- + Subnet is used to validate that the rendered IP is in bounds. In case the + Start value is not given, it is derived from the subnet ip incremented by 1 + (`192.168.0.1` for `192.168.0.0/24`) pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) type: string type: object @@ -523,7 +564,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -583,14 +624,19 @@ data: description: Metal3Cluster is the Schema for the metal3clusters API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -612,11 +658,10 @@ data: - port type: object noCloudProvider: - description: Determines if the cluster is not to be deployed with - an external cloud provider. If set to true, CAPM3 will use node - labels to set providerID on the kubernetes nodes. If set to false, - providerID is set on nodes by other entities and CAPM3 uses the - value of the providerID on the m3m resource. + description: |- + Determines if the cluster is not to be deployed with an external cloud provider. + If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. type: boolean type: object status: @@ -629,37 +674,37 @@ data: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -668,23 +713,26 @@ data: type: object type: array failureMessage: - description: FailureMessage indicates that there is a fatal problem - reconciling the state, and will be set to a descriptive error message. + description: |- + FailureMessage indicates that there is a fatal problem reconciling the + state, and will be set to a descriptive error message. type: string failureReason: - description: FailureReason indicates that there is a fatal problem - reconciling the state, and will be set to a token value suitable - for programmatic interpretation. + description: |- + FailureReason indicates that there is a fatal problem reconciling the + state, and will be set to a token value suitable for + programmatic interpretation. type: string lastUpdated: description: LastUpdated identifies when this status was last observed. format: date-time type: string ready: - description: Ready denotes that the Metal3 cluster (infrastructure) - is ready. In Baremetal case, it does not mean anything for now as - no infrastructure steps need to be performed. Required by Cluster - API. Set to True by the metal3Cluster controller after creation. + description: |- + Ready denotes that the Metal3 cluster (infrastructure) is ready. In + Baremetal case, it does not mean anything for now as no infrastructure + steps need to be performed. Required by Cluster API. Set to True by the + metal3Cluster controller after creation. type: boolean type: object type: object @@ -698,7 +746,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -723,14 +771,19 @@ data: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -761,11 +814,10 @@ data: - port type: object noCloudProvider: - description: Determines if the cluster is not to be deployed - with an external cloud provider. If set to true, CAPM3 will - use node labels to set providerID on the kubernetes nodes. - If set to false, providerID is set on nodes by other entities - and CAPM3 uses the value of the providerID on the m3m resource. + description: |- + Determines if the cluster is not to be deployed with an external cloud provider. + If set to true, CAPM3 will use node labels to set providerID on the kubernetes nodes. + If set to false, providerID is set on nodes by other entities and CAPM3 uses the value of the providerID on the m3m resource. type: boolean type: object required: @@ -783,7 +835,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -827,14 +879,19 @@ data: description: Metal3DataClaim is the Schema for the metal3datas API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -849,33 +906,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -895,33 +958,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -938,7 +1007,7 @@ data: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert clusterctl.cluster.x-k8s.io/skip-crd-name-preflight-check: "" - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -982,14 +1051,19 @@ data: description: Metal3Data is the Schema for the metal3datas API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1004,33 +1078,39 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -1072,40 +1152,47 @@ data: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic templateReference: - description: TemplateReference refers to the Template the Metal3MachineTemplate - refers to. It can be matched against the key or it may also point - to the name of the template Metal3Data refers to + description: |- + TemplateReference refers to the Template the Metal3MachineTemplate refers to. + It can be matched against the key or it may also point to the name of the template + Metal3Data refers to type: string required: - claim @@ -1133,7 +1220,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -1182,14 +1269,19 @@ data: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -1232,12 +1324,13 @@ data: type: object type: array fromAnnotations: - description: FromAnnotations is the list of metadata items to - be fetched from object Annotations + description: |- + FromAnnotations is the list of metadata items to be fetched from object + Annotations items: - description: MetaDataFromAnnotation contains the information - to fetch an annotation content, if the label does not exist, - it is rendered as empty string. + description: |- + MetaDataFromAnnotation contains the information to fetch an annotation + content, if the label does not exist, it is rendered as empty string. properties: annotation: description: Annotation is the key of the Annotation to @@ -1262,16 +1355,17 @@ data: type: object type: array fromHostInterfaces: - description: FromHostInterfaces is the list of metadata items - to be rendered as MAC addresses of the host interfaces. + description: |- + FromHostInterfaces is the list of metadata items to be rendered as MAC + addresses of the host interfaces. items: description: MetaDataHostInterface contains the information to render the object name. properties: interface: - description: Interface is the name of the interface in the - BareMetalHost Status Hardware Details list of interfaces - from which to fetch the MAC address. + description: |- + Interface is the name of the interface in the BareMetalHost Status Hardware + Details list of interfaces from which to fetch the MAC address. type: string key: description: Key will be used as the key to set in the metadata @@ -1286,9 +1380,9 @@ data: description: FromLabels is the list of metadata items to be fetched from object labels items: - description: MetaDataFromLabel contains the information to fetch - a label content, if the label does not exist, it is rendered - as empty string. + description: |- + MetaDataFromLabel contains the information to fetch a label content, if the + label does not exist, it is rendered as empty string. properties: key: description: Key will be used as the key to set in the metadata @@ -1338,8 +1432,9 @@ data: type: object type: array indexes: - description: Indexes is the list of metadata items to be rendered - from the index of the Metal3Data + description: |- + Indexes is the list of metadata items to be rendered from the index of the + Metal3Data items: description: MetaDataIndex contains the information to render the index. @@ -1408,8 +1503,9 @@ data: type: object type: array objectNames: - description: ObjectNames is the list of metadata items to be rendered - from the name of objects. + description: |- + ObjectNames is the list of metadata items to be rendered from the name + of objects. items: description: MetaDataObjectName contains the information to render the object name. @@ -1478,8 +1574,9 @@ data: type: array type: object networkData: - description: NetworkData contains the information needed to generate - the networkdata secret + description: |- + NetworkData contains the information needed to generate the networkdata + secret properties: links: description: Links is a structure containing lists of different @@ -1498,9 +1595,9 @@ data: type: string type: array bondMode: - description: BondMode is the mode of bond used. It can - be one of balance-rr, active-backup, balance-xor, - broadcast, balance-tlb, balance-alb, 802.3ad + description: |- + BondMode is the mode of bond used. It can be one of + balance-rr, active-backup, balance-xor, broadcast, balance-tlb, balance-alb, 802.3ad enum: - balance-rr - active-backup @@ -1523,12 +1620,14 @@ data: naming) type: string macAddress: - description: MACAddress is the MAC address of the interface, - containing the object used to render it. + description: |- + MACAddress is the MAC address of the interface, containing the object + used to render it. properties: fromAnnotation: - description: FromAnnotation references an object - Annotation to retrieve the MAC address from + description: |- + FromAnnotation references an object Annotation to retrieve the + MAC address from properties: annotation: description: Annotation is the key of the Annotation @@ -1547,9 +1646,9 @@ data: - object type: object fromHostInterface: - description: FromHostInterface contains the name - of the interface in the BareMetalHost Introspection - details from which to fetch the MAC address + description: |- + FromHostInterface contains the name of the interface in the BareMetalHost + Introspection details from which to fetch the MAC address type: string string: description: String contains the MAC address given @@ -1578,12 +1677,14 @@ data: naming) type: string macAddress: - description: MACAddress is the MAC address of the interface, - containing the object used to render it. + description: |- + MACAddress is the MAC address of the interface, containing the object + used to render it. properties: fromAnnotation: - description: FromAnnotation references an object - Annotation to retrieve the MAC address from + description: |- + FromAnnotation references an object Annotation to retrieve the + MAC address from properties: annotation: description: Annotation is the key of the Annotation @@ -1602,9 +1703,9 @@ data: - object type: object fromHostInterface: - description: FromHostInterface contains the name - of the interface in the BareMetalHost Introspection - details from which to fetch the MAC address + description: |- + FromHostInterface contains the name of the interface in the BareMetalHost + Introspection details from which to fetch the MAC address type: string string: description: String contains the MAC address given @@ -1617,9 +1718,9 @@ data: maximum: 9000 type: integer type: - description: 'Type is the type of the ethernet link. - It can be one of: bridge, dvs, hw_veb, hyperv, ovs, - tap, vhostuser, vif, phy' + description: |- + Type is the type of the ethernet link. It can be one of: + bridge, dvs, hw_veb, hyperv, ovs, tap, vhostuser, vif, phy enum: - bridge - dvs @@ -1648,12 +1749,14 @@ data: naming) type: string macAddress: - description: MACAddress is the MAC address of the interface, - containing the object used to render it. + description: |- + MACAddress is the MAC address of the interface, containing the object + used to render it. properties: fromAnnotation: - description: FromAnnotation references an object - Annotation to retrieve the MAC address from + description: |- + FromAnnotation references an object Annotation to retrieve the + MAC address from properties: annotation: description: Annotation is the key of the Annotation @@ -1672,9 +1775,9 @@ data: - object type: object fromHostInterface: - description: FromHostInterface contains the name - of the interface in the BareMetalHost Introspection - details from which to fetch the MAC address + description: |- + FromHostInterface contains the name of the interface in the BareMetalHost + Introspection details from which to fetch the MAC address type: string string: description: String contains the MAC address given @@ -1717,9 +1820,9 @@ data: to allocate an address from. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: @@ -1878,9 +1981,9 @@ data: to allocate an address from. properties: apiGroup: - description: APIGroup is the group for the resource - being referenced. If APIGroup is not specified, - the specified Kind must be in the core API group. + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. type: string kind: @@ -2115,9 +2218,10 @@ data: type: object type: object templateReference: - description: TemplateReference refers to the Template the Metal3MachineTemplate - refers to. It can be matched against the key or it may also point - to the name of the template Metal3Data refers to + description: |- + TemplateReference refers to the Template the Metal3MachineTemplate refers to. + It can be matched against the key or it may also point to the name of the template + Metal3Data refers to type: string required: - clusterName @@ -2146,7 +2250,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -2206,14 +2310,19 @@ data: description: Metal3Machine is the Schema for the metal3machines API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2221,8 +2330,9 @@ data: description: Metal3MachineSpec defines the desired state of Metal3Machine. properties: automatedCleaningMode: - description: When set to disabled, automated cleaning of host disks - will be skipped during provisioning and deprovisioning. + description: |- + When set to disabled, automated cleaning of host disks will be skipped + during provisioning and deprovisioning. enum: - metadata - disabled @@ -2231,57 +2341,65 @@ data: description: A custom deploy procedure. properties: method: - description: Custom deploy method name. This name is specific - to the deploy ramdisk used. If you don't have a custom deploy - ramdisk, you shouldn't use CustomDeploy. + description: |- + Custom deploy method name. + This name is specific to the deploy ramdisk used. If you don't have + a custom deploy ramdisk, you shouldn't use CustomDeploy. type: string required: - method type: object dataTemplate: - description: MetadataTemplate is a reference to a Metal3DataTemplate - object containing a template of metadata to be rendered. Metadata - keys defined in the metadataTemplate take precedence over keys defined - in metadata field. + description: |- + MetadataTemplate is a reference to a Metal3DataTemplate object containing + a template of metadata to be rendered. Metadata keys defined in the + metadataTemplate take precedence over keys defined in metadata field. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic hostSelector: - description: HostSelector specifies matching criteria for labels on - BareMetalHosts. This is used to limit the set of BareMetalHost objects - considered for claiming for a metal3machine. + description: |- + HostSelector specifies matching criteria for labels on BareMetalHosts. + This is used to limit the set of BareMetalHost objects considered for + claiming for a metal3machine. properties: matchExpressions: description: Label match expressions that must be true on a chosen @@ -2291,9 +2409,9 @@ data: key: type: string operator: - description: Operator represents a key/field's relationship - to value(s). See labels.Requirement and fields.Requirement - for more details. + description: |- + Operator represents a key/field's relationship to value(s). + See labels.Requirement and fields.Requirement for more details. type: string values: items: @@ -2320,7 +2438,8 @@ data: or a URL to retrieve one. type: string checksumType: - description: ChecksumType is the checksum algorithm for the image. + description: |- + ChecksumType is the checksum algorithm for the image. e.g md5, sha256, sha512 enum: - md5 @@ -2344,8 +2463,9 @@ data: - url type: object metaData: - description: MetaData is an object storing the reference to the secret - containing the Metadata given by the user. + description: |- + MetaData is an object storing the reference to the secret containing the + Metadata given by the user. properties: name: description: name is unique within a namespace to reference a @@ -2358,8 +2478,9 @@ data: type: object x-kubernetes-map-type: atomic networkData: - description: NetworkData is an object storing the reference to the - secret containing the network data given by the user. + description: |- + NetworkData is an object storing the reference to the secret containing the + network data given by the user. properties: name: description: name is unique within a namespace to reference a @@ -2372,13 +2493,15 @@ data: type: object x-kubernetes-map-type: atomic providerID: - description: ProviderID will be the Metal3 machine in ProviderID format + description: |- + ProviderID will be the Metal3 machine in ProviderID format (metal3://) type: string userData: - description: UserData references the Secret that holds user data needed - by the bare metal operator. The Namespace is optional; it will default - to the metal3machine's namespace if not specified. + description: |- + UserData references the Secret that holds user data needed by the bare metal + operator. The Namespace is optional; it will default to the metal3machine's + namespace if not specified. properties: name: description: name is unique within a namespace to reference a @@ -2395,7 +2518,8 @@ data: description: Metal3MachineStatus defines the observed state of Metal3Machine. properties: addresses: - description: Addresses is a list of addresses assigned to the machine. + description: |- + Addresses is a list of addresses assigned to the machine. This field is copied from the infrastructure provider reference. items: description: MachineAddress contains information for the node's @@ -2420,37 +2544,37 @@ data: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -2459,44 +2583,51 @@ data: type: object type: array failureMessage: - description: "FailureMessage will be set in the event that there is - a terminal problem reconciling the metal3machine and will contain - a more verbose string suitable for logging and human consumption. - \n This field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over time (like - service outages), but instead indicate that something is fundamentally - wrong with the metal3machine's spec or the configuration of the - controller, and that manual intervention is required. Examples of - terminal errors would be invalid combinations of settings in the - spec, values that are unsupported by the controller, or the responsible - controller itself being critically misconfigured. \n Any transient - errors that occur during the reconciliation of metal3machines can - be added as events to the metal3machine object and/or logged in - the controller's output." + description: |- + FailureMessage will be set in the event that there is a terminal problem + reconciling the metal3machine and will contain a more verbose string suitable + for logging and human consumption. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the metal3machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of + metal3machines can be added as events to the metal3machine object + and/or logged in the controller's output. type: string failureReason: - description: "FailureReason will be set in the event that there is - a terminal problem reconciling the metal3machine and will contain - a succinct value suitable for machine interpretation. \n This field - should not be set for transitive errors that a controller faces - that are expected to be fixed automatically over time (like service - outages), but instead indicate that something is fundamentally wrong - with the metal3machine's spec or the configuration of the controller, - and that manual intervention is required. Examples of terminal errors - would be invalid combinations of settings in the spec, values that - are unsupported by the controller, or the responsible controller - itself being critically misconfigured. \n Any transient errors that - occur during the reconciliation of metal3machines can be added as - events to the metal3machine object and/or logged in the controller's - output." + description: |- + FailureReason will be set in the event that there is a terminal problem + reconciling the metal3machine and will contain a succinct value suitable + for machine interpretation. + + This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over + time (like service outages), but instead indicate that something is + fundamentally wrong with the metal3machine's spec or the configuration of + the controller, and that manual intervention is required. Examples + of terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the + responsible controller itself being critically misconfigured. + + Any transient errors that occur during the reconciliation of + metal3machines can be added as events to the metal3machine object + and/or logged in the controller's output. type: string lastUpdated: description: LastUpdated identifies when this status was last observed. format: date-time type: string metaData: - description: MetaData is an object storing the reference to the secret - containing the Metadata used to deploy the BareMetalHost. + description: |- + MetaData is an object storing the reference to the secret containing the + Metadata used to deploy the BareMetalHost. properties: name: description: name is unique within a namespace to reference a @@ -2509,8 +2640,9 @@ data: type: object x-kubernetes-map-type: atomic networkData: - description: NetworkData is an object storing the reference to the - secret containing the network data used to deploy the BareMetalHost. + description: |- + NetworkData is an object storing the reference to the secret containing the + network data used to deploy the BareMetalHost. properties: name: description: name is unique within a namespace to reference a @@ -2523,57 +2655,66 @@ data: type: object x-kubernetes-map-type: atomic phase: - description: Phase represents the current phase of machine actuation. + description: |- + Phase represents the current phase of machine actuation. E.g. Pending, Running, Terminating, Failed etc. type: string ready: - description: 'Ready is the state of the metal3. TODO : Document the - variable : mhrivnak: " it would be good to document what this means, - how to interpret it, under what circumstances the value changes, - etc."' + description: |- + Ready is the state of the metal3. + mhrivnak: " it would be good to document what this means, how to interpret + it, under what circumstances the value changes, etc." type: boolean renderedData: - description: RenderedData is a reference to a rendered Metal3Data - object containing the references to metaData and networkData secrets. + description: |- + RenderedData is a reference to a rendered Metal3Data object containing + the references to metaData and networkData secrets. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic userData: - description: UserData references the Secret that holds user data needed - by the bare metal operator. The Namespace is optional; it will default - to the metal3machine's namespace if not specified. + description: |- + UserData references the Secret that holds user data needed by the bare metal + operator. The Namespace is optional; it will default to the metal3machine's + namespace if not specified. properties: name: description: name is unique within a namespace to reference a @@ -2597,7 +2738,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -2642,14 +2783,19 @@ data: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2658,8 +2804,9 @@ data: properties: nodeReuse: default: false - description: When set to True, CAPM3 Machine controller will pick - the same pool of BMHs' that were released during the upgrade operation. + description: |- + When set to True, CAPM3 Machine controller will + pick the same pool of BMHs' that were released during the upgrade operation. type: boolean template: description: Metal3MachineTemplateResource describes the data needed @@ -2670,8 +2817,9 @@ data: of the machine. properties: automatedCleaningMode: - description: When set to disabled, automated cleaning of host - disks will be skipped during provisioning and deprovisioning. + description: |- + When set to disabled, automated cleaning of host disks will be skipped + during provisioning and deprovisioning. enum: - metadata - disabled @@ -2680,58 +2828,65 @@ data: description: A custom deploy procedure. properties: method: - description: Custom deploy method name. This name is specific - to the deploy ramdisk used. If you don't have a custom - deploy ramdisk, you shouldn't use CustomDeploy. + description: |- + Custom deploy method name. + This name is specific to the deploy ramdisk used. If you don't have + a custom deploy ramdisk, you shouldn't use CustomDeploy. type: string required: - method type: object dataTemplate: - description: MetadataTemplate is a reference to a Metal3DataTemplate - object containing a template of metadata to be rendered. - Metadata keys defined in the metadataTemplate take precedence - over keys defined in metadata field. + description: |- + MetadataTemplate is a reference to a Metal3DataTemplate object containing + a template of metadata to be rendered. Metadata keys defined in the + metadataTemplate take precedence over keys defined in metadata field. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this - pod). This syntax is chosen only to have some well-defined - way of referencing a part of an object. TODO: this design - is not final and this field is subject to change in - the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic hostSelector: - description: HostSelector specifies matching criteria for - labels on BareMetalHosts. This is used to limit the set - of BareMetalHost objects considered for claiming for a metal3machine. + description: |- + HostSelector specifies matching criteria for labels on BareMetalHosts. + This is used to limit the set of BareMetalHost objects considered for + claiming for a metal3machine. properties: matchExpressions: description: Label match expressions that must be true @@ -2741,9 +2896,9 @@ data: key: type: string operator: - description: Operator represents a key/field's relationship - to value(s). See labels.Requirement and fields.Requirement - for more details. + description: |- + Operator represents a key/field's relationship to value(s). + See labels.Requirement and fields.Requirement for more details. type: string values: items: @@ -2770,8 +2925,9 @@ data: value or a URL to retrieve one. type: string checksumType: - description: ChecksumType is the checksum algorithm for - the image. e.g md5, sha256, sha512 + description: |- + ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 enum: - md5 - sha256 @@ -2794,8 +2950,9 @@ data: - url type: object metaData: - description: MetaData is an object storing the reference to - the secret containing the Metadata given by the user. + description: |- + MetaData is an object storing the reference to the secret containing the + Metadata given by the user. properties: name: description: name is unique within a namespace to reference @@ -2808,8 +2965,9 @@ data: type: object x-kubernetes-map-type: atomic networkData: - description: NetworkData is an object storing the reference - to the secret containing the network data given by the user. + description: |- + NetworkData is an object storing the reference to the secret containing the + network data given by the user. properties: name: description: name is unique within a namespace to reference @@ -2822,14 +2980,15 @@ data: type: object x-kubernetes-map-type: atomic providerID: - description: ProviderID will be the Metal3 machine in ProviderID - format (metal3://) + description: |- + ProviderID will be the Metal3 machine in ProviderID format + (metal3://) type: string userData: - description: UserData references the Secret that holds user - data needed by the bare metal operator. The Namespace is - optional; it will default to the metal3machine's namespace - if not specified. + description: |- + UserData references the Secret that holds user data needed by the bare metal + operator. The Namespace is optional; it will default to the metal3machine's + namespace if not specified. properties: name: description: name is unique within a namespace to reference @@ -2858,7 +3017,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -2917,14 +3076,19 @@ data: description: Metal3Remediation is the Schema for the metal3remediations API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -2953,11 +3117,13 @@ data: format: date-time type: string phase: - description: Phase represents the current phase of machine remediation. + description: |- + Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc. type: string retryCount: - description: RetryCount can be used as a counter during the remediation. + description: |- + RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc. type: integer type: object @@ -2972,7 +3138,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.16.5 labels: cluster.x-k8s.io/provider: infrastructure-metal3 cluster.x-k8s.io/v1beta1: v1beta1 @@ -3012,14 +3178,19 @@ data: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -3069,11 +3240,13 @@ data: format: date-time type: string phase: - description: Phase represents the current phase of machine remediation. + description: |- + Phase represents the current phase of machine remediation. E.g. Pending, Running, Done etc. type: string retryCount: - description: RetryCount can be used as a counter during the remediation. + description: |- + RetryCount can be used as a counter during the remediation. Field can hold number of reboots etc. type: integer type: object @@ -3162,6 +3335,23 @@ data: - patch - update - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - list - apiGroups: - "" resources: @@ -3190,52 +3380,17 @@ data: - cluster.x-k8s.io resources: - clusters + - clusters/status + - machinesets verbs: - get - list - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - verbs: - - get - - list - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - clusters/status - verbs: - - get - apiGroups: - cluster.x-k8s.io resources: - kubeadmcontrolplanes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machinedeployments - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - cluster.x-k8s.io - resources: - machines - machines/status verbs: @@ -3246,146 +3401,15 @@ data: - patch - update - watch - - apiGroups: - - cluster.x-k8s.io - resources: - - machinesets - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - list - apiGroups: - infrastructure.cluster.x-k8s.io resources: - metal3clusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - metal3clusters/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - metal3dataclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - metal3dataclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - metal3datas - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - metal3datas/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - metal3datatemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - metal3datatemplates/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - metal3machines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - metal3machines/status - verbs: - - get - - patch - - update - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - metal3machinetemplates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - metal3remediations verbs: - create @@ -3398,6 +3422,11 @@ data: - apiGroups: - infrastructure.cluster.x-k8s.io resources: + - metal3clusters/status + - metal3dataclaims/status + - metal3datas/status + - metal3datatemplates/status + - metal3machines/status - metal3remediations/status verbs: - get @@ -3424,19 +3453,6 @@ data: - watch - apiGroups: - ipam.cluster.x-k8s.io - resources: - - ipaddresses - verbs: - - get - - list - - watch - - apiGroups: - - ipam.cluster.x-k8s.io - resources: - - ipaddresses/status - verbs: - - get - - apiGroups: - ipam.metal3.io resources: - ipaddresses @@ -3445,6 +3461,7 @@ data: - list - watch - apiGroups: + - ipam.cluster.x-k8s.io - ipam.metal3.io resources: - ipaddresses/status @@ -3557,45 +3574,7 @@ data: - ipam.metal3.io resources: - ipaddresses - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - ipam.metal3.io - resources: - - ipaddresses/status - verbs: - - get - - patch - - update - - apiGroups: - - ipam.metal3.io - resources: - ipclaims - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - - apiGroups: - - ipam.metal3.io - resources: - - ipclaims/status - verbs: - - get - - patch - - update - - apiGroups: - - ipam.metal3.io - resources: - ippools verbs: - create @@ -3608,6 +3587,8 @@ data: - apiGroups: - ipam.metal3.io resources: + - ipaddresses/status + - ipclaims/status - ippools/status verbs: - get @@ -3742,6 +3723,7 @@ data: - --enableBMHNameBasedPreallocation=${ENABLE_BMH_NAME_BASED_PREALLOCATION:=false} - --diagnostics-address=${CAPM3_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${CAPM3_INSECURE_DIAGNOSTICS:=false} + - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} command: - /manager env: @@ -3752,7 +3734,7 @@ data: envFrom: - configMapRef: name: capm3-capm3fasttrack-configmap - image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.8.2 + image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.2 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3830,6 +3812,7 @@ data: - --webhook-port=9443 - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} + - --tls-min-version=${TLS_MIN_VERSION:=VersionTLS13} command: - /manager env: @@ -3837,7 +3820,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/metal3-io/ip-address-manager:v1.8.1 + image: quay.io/metal3-io/ip-address-manager:v1.9.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4511,6 +4494,9 @@ data: apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 kind: Metadata releaseSeries: + - major: 1 + minor: 9 + contract: v1beta1 - major: 1 minor: 8 contract: v1beta1 @@ -4538,7 +4524,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.8.2 + name: v1.9.2 namespace: capm3-system labels: provider-components: metal3 diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml index e7f3bba..b12bd98 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml @@ -22,7 +22,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: cluster.x-k8s.io/provider: bootstrap-rke2 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 @@ -154,7 +154,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -300,7 +299,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -439,7 +437,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -495,7 +492,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -582,20 +578,20 @@ data: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -742,7 +738,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -893,7 +888,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1029,7 +1023,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1085,7 +1078,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1172,20 +1164,20 @@ data: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -1226,7 +1218,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: cluster.x-k8s.io/provider: bootstrap-rke2 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 @@ -1369,7 +1361,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1523,7 +1514,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1664,7 +1654,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1720,7 +1709,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1920,7 +1908,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2079,7 +2066,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2217,7 +2203,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2273,7 +2258,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2543,7 +2527,7 @@ data: - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} command: - /manager - image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -2757,10 +2741,16 @@ data: - major: 0 minor: 9 contract: v1beta1 + - major: 0 + minor: 10 + contract: v1beta1 + - major: 0 + minor: 11 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.9.0 + name: v0.11.0 namespace: rke2-bootstrap-system labels: provider-components: rke2-bootstrap diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml index f086bce..408d4f6 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml @@ -22,7 +22,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 @@ -154,7 +154,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -300,7 +299,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -418,7 +416,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -464,7 +461,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -537,7 +533,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -593,7 +588,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -727,7 +721,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -804,7 +797,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -935,7 +927,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -980,6 +971,7 @@ data: description: |- S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + If empty, the controller will default to IAM authentication properties: apiVersion: description: API version of the referent. @@ -993,7 +985,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1024,7 +1015,6 @@ data: x-kubernetes-map-type: atomic required: - endpoint - - s3CredentialSecret type: object scheduleCron: description: 'ScheduleCron Snapshot interval time in cron @@ -1201,20 +1191,20 @@ data: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -1387,7 +1377,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1538,7 +1527,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1640,6 +1628,7 @@ data: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. + This field is deprecated. Use `.machineTemplate.infrastructureRef` instead. properties: apiVersion: description: API version of the referent. @@ -1653,7 +1642,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1704,7 +1692,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1742,7 +1729,7 @@ data: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -1783,7 +1770,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1817,6 +1803,7 @@ data: NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead. type: string postRKE2Commands: description: PostRKE2Commands specifies extra commands to run after @@ -1856,7 +1843,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -1912,7 +1898,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2043,7 +2028,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2120,7 +2104,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2251,7 +2234,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2296,6 +2278,7 @@ data: description: |- S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + If empty, the controller will default to IAM authentication properties: apiVersion: description: API version of the referent. @@ -2309,7 +2292,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2340,7 +2322,6 @@ data: x-kubernetes-map-type: atomic required: - endpoint - - s3CredentialSecret type: object scheduleCron: description: 'ScheduleCron Snapshot interval time in cron @@ -2490,7 +2471,6 @@ data: pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ type: string required: - - infrastructureRef - rolloutStrategy type: object status: @@ -2524,20 +2504,20 @@ data: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -2609,7 +2589,7 @@ data: metadata: annotations: cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 @@ -2796,7 +2776,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -2955,7 +2934,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3058,6 +3036,7 @@ data: description: |- InfrastructureRef is a required reference to a custom resource offered by an infrastructure provider. + This field is deprecated. Use `.machineTemplate.infrastructureRef` instead. properties: apiVersion: description: API version of the referent. @@ -3071,7 +3050,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3122,7 +3100,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3160,7 +3137,7 @@ data: additionalProperties: type: string description: |- - Annotations is an unstructured key value map stored with a resource that may be + annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations @@ -3201,7 +3178,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3235,6 +3211,7 @@ data: NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node The default value is 0, meaning that the node can be drained without any time limitations. NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead. type: string postRKE2Commands: description: PostRKE2Commands specifies extra commands to @@ -3275,7 +3252,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3331,7 +3307,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3466,7 +3441,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3545,7 +3519,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3679,7 +3652,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3724,6 +3696,7 @@ data: description: |- S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + If empty, the controller will default to IAM authentication properties: apiVersion: description: API version of the referent. @@ -3737,7 +3710,6 @@ data: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- @@ -3768,7 +3740,6 @@ data: x-kubernetes-map-type: atomic required: - endpoint - - s3CredentialSecret type: object scheduleCron: description: 'ScheduleCron Snapshot interval time @@ -3927,7 +3898,6 @@ data: pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ type: string required: - - infrastructureRef - rolloutStrategy type: object required: @@ -3967,20 +3937,20 @@ data: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -4293,7 +4263,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.9.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4348,7 +4318,7 @@ data: volumes: - name: cert secret: - secretName: rke2-control-plane-webhook-service-cert + secretName: rke2-controlplane-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -4364,7 +4334,7 @@ data: issuerRef: kind: Issuer name: rke2-control-plane-selfsigned-issuer - secretName: rke2-control-plane-webhook-service-cert + secretName: rke2-controlplane-webhook-service-cert subject: organizations: - Rancher by SUSE @@ -4514,10 +4484,16 @@ data: - major: 0 minor: 9 contract: v1beta1 + - major: 0 + minor: 10 + contract: v1beta1 + - major: 0 + minor: 11 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.9.0 + name: v0.11.0 namespace: rke2-control-plane-system labels: provider-components: rke2-control-plane -- 2.49.0 From eff9a9b0c5ece1f7d6e855d674c332076d6f4b751f301db2e2abbed95d20df39 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 20 Feb 2025 09:47:12 +0000 Subject: [PATCH 03/55] rancher-turtles-chart: Update to 0.16.0 Align with https://github.com/suse-edge/charts/pull/186 --- rancher-turtles-chart/Chart.lock | 6 +- rancher-turtles-chart/Chart.yaml | 8 +- rancher-turtles-chart/questions.yml | 112 ++---- .../templates/addon-provider-fleet.yaml | 7 + .../templates/clusterctl-cm-cleanup-job.yaml | 4 +- .../templates/deployment.yaml | 6 +- .../templates/metal3-infrastructure.yaml | 2 +- .../templates/post-delete-job.yaml | 18 +- .../templates/post-upgrade-job.yaml | 20 +- .../templates/pre-delete-job.yaml | 10 +- .../templates/pre-install-job.yaml | 14 +- .../templates/rancher-turtles-components.yaml | 337 ++++++++++++------ ...er-turtles-exp-etcdrestore-components.yaml | 90 +---- rancher-turtles-chart/values.yaml | 38 +- 14 files changed, 332 insertions(+), 340 deletions(-) diff --git a/rancher-turtles-chart/Chart.lock b/rancher-turtles-chart/Chart.lock index be85685..b03387b 100644 --- a/rancher-turtles-chart/Chart.lock +++ b/rancher-turtles-chart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator - version: 0.14.0 -digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4 -generated: "2024-12-03T09:34:12.871417074Z" + version: 0.16.0 +digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70 +generated: "2025-01-30T10:14:58.692942399Z" diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml index 4a806fd..d1cf0c4 100644 --- a/rancher-turtles-chart/Chart.yaml +++ b/rancher-turtles-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension @@ -12,7 +12,7 @@ annotations: catalog.cattle.io/scope: management catalog.cattle.io/type: cluster-tool apiVersion: v2 -appVersion: 0.14.1 +appVersion: 0.16.0 dependencies: - condition: cluster-api-operator.enabled name: cluster-api-operator @@ -29,4 +29,4 @@ keywords: - provisioning name: rancher-turtles type: application -version: "%%CHART_MAJOR%%.0.0+up0.14.1" +version: "%%CHART_MAJOR%%.0.0+up0.16.0" diff --git a/rancher-turtles-chart/questions.yml b/rancher-turtles-chart/questions.yml index 96e21ef..8f043d9 100644 --- a/rancher-turtles-chart/questions.yml +++ b/rancher-turtles-chart/questions.yml @@ -1,78 +1,44 @@ namespace: rancher-turtles-system questions: -- variable: rancherTurtles.features.default - default: "false" - description: "Customize install settings" - label: Customize install settings - type: boolean - show_subquestion_if: true - group: "Rancher Turtles Extra Settings" - subquestions: - - variable: cluster-api-operator.cert-manager.enabled - default: false + - variable: rancherTurtles.features.default + default: "false" + description: "Customize install settings" + label: Customize install settings type: boolean - description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually" - label: "Enable Cert Manager" - - variable: rancherTurtles.features.cluster-api-operator.cleanup - default: true - description: "Specify that the CAPI Operator post-delete cleanup job will be performed" - type: boolean - label: Cleanup CAPI Operator installation - group: "CAPI Operator cleanup settings" show_subquestion_if: true + group: "Rancher Turtles Extra Settings" subquestions: - - variable: rancherTurtles.features.cluster-api-operator.kubectlImage - default: "rancher/kubectl:v1.30.3" - description: "Specify the image to use when cleaning up the Cluster API Operator manifests" - type: string - label: Cleanup Image - group: "CAPI Operator cleanup settings" - - variable: rancherTurtles.features.rancher-webhook.cleanup - default: true - description: "Specify that the Rancher embedded cluster api webhooks should be removed" - type: boolean - label: Cleanup Rancher Embedded CAPI Webhooks - group: "Rancher webhook cleanup settings" - show_subquestion_if: true - subquestions: - - variable: rancherTurtles.features.rancher-webhook.kubectlImage - default: "rancher/kubectl:v1.30.3" - description: "Specify the image to use when cleaning up the webhooks" - type: string - label: Webhook Cleanup Image - group: "Rancher webhook cleanup settings" - - variable: rancherTurtles.features.rancher-kubeconfigs.label - default: false - description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels" - type: boolean - label: Label Rancher Kubeconfigs - group: "Rancher Turtles Features Settings" - - variable: rancherTurtles.features.managementv3-cluster.enabled - default: true - description: "Use v3/management cluster manifest for import, instead of v1/provisioning" - type: boolean - label: Use management v3 cluster manifest - group: "Rancher Turtles Features Settings" - - variable: rancherTurtles.features.managementv3-cluster-migration.enabled - default: false - description: "Automatically migrate between provisioning and management clusters on upgrade" - type: boolean - label: All imported clusters will use new cluster manifest, replacing old cluster manifest. - group: "Rancher Turtles Features Settings" - - variable: cluster-api-operator.cluster-api.rke2.enabled - default: "true" - description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled." - label: "Enable RKE2 Provider" - type: boolean - - variable: rancherTurtles.features.propagate-labels.enabled - default: false - description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher" - type: boolean - label: Propagate CAPI Labels - group: "Rancher Turtles Features Settings" - - variable: rancherTurtles.features.addon-provider-fleet.enabled - default: false - description: "Enable Fleet Addon Provider functionality in Rancher Turtles" - type: boolean - label: Seamless integration with Fleet and CAPI - group: "Rancher Turtles Features Settings" + - variable: cluster-api-operator.cert-manager.enabled + default: false + type: boolean + description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually" + label: "Enable Cert Manager" + - variable: rancherTurtles.cluster-api-operator.cleanup + default: true + description: "Specify that the CAPI Operator post-delete cleanup job will be performed" + type: boolean + label: Cleanup CAPI Operator installation + group: "CAPI Operator cleanup settings" + - variable: cluster-api-operator.cluster-api.rke2.enabled + default: "true" + description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled." + label: "Enable RKE2 Provider" + type: boolean + - variable: rancherTurtles.features.addon-provider-fleet.enabled + default: false + description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles" + type: boolean + label: Seamless integration with Fleet and CAPI + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.agent-tls-mode.enabled + default: false + description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters" + type: boolean + label: Enable Agent TLS Mode + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.kubectlImage + default: "registry.suse.com/edge/3.2/kubectl:1.30.3" + description: "Specify the image to use when running kubectl in jobs" + type: string + label: Kubectl Image + group: "Rancher Turtles Features Settings" diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml index 5a6ced8..c12ef2a 100644 --- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml +++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml @@ -35,10 +35,17 @@ data: cluster: patchResource: true setOwnerReferences: true + hostNetwork: true selector: matchLabels: cluster-api.cattle.io/rancher-auto-import: "true" + matchExpressions: + - key: cluster-api.cattle.io/disable-fleet-auto-import + operator: DoesNotExist namespaceSelector: matchLabels: cluster-api.cattle.io/rancher-auto-import: "true" + matchExpressions: + - key: cluster-api.cattle.io/disable-fleet-auto-import + operator: DoesNotExist {{- end }} diff --git a/rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml b/rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml index c2bd142..25f4f9a 100644 --- a/rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml +++ b/rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml @@ -1,4 +1,4 @@ -{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} +{{- if index .Values "rancherTurtles" "rancherInstalled" }} --- apiVersion: v1 kind: ServiceAccount @@ -55,7 +55,7 @@ spec: serviceAccountName: pre-upgrade-job containers: - name: rancher-clusterctl-configmap-cleanup - image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - configmap diff --git a/rancher-turtles-chart/templates/deployment.yaml b/rancher-turtles-chart/templates/deployment.yaml index e2d2d09..6a0da62 100644 --- a/rancher-turtles-chart/templates/deployment.yaml +++ b/rancher-turtles-chart/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: containers: - args: - --leader-elect - - --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}} + - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}} {{- range .Values.rancherTurtles.managerArguments }} - {{ . }} {{- end }} @@ -67,10 +67,10 @@ spec: resources: limits: cpu: 500m - memory: 128Mi + memory: 256Mi requests: cpu: 10m - memory: 64Mi + memory: 128Mi serviceAccountName: rancher-turtles-manager terminationGracePeriodSeconds: 10 tolerations: diff --git a/rancher-turtles-chart/templates/metal3-infrastructure.yaml b/rancher-turtles-chart/templates/metal3-infrastructure.yaml index 122d9c4..e06700c 100644 --- a/rancher-turtles-chart/templates/metal3-infrastructure.yaml +++ b/rancher-turtles-chart/templates/metal3-infrastructure.yaml @@ -22,7 +22,7 @@ metadata: spec: providers: - name: metal3 - url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml" + url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml" type: InfrastructureProvider --- apiVersion: turtles-capi.cattle.io/v1alpha1 diff --git a/rancher-turtles-chart/templates/post-delete-job.yaml b/rancher-turtles-chart/templates/post-delete-job.yaml index 277a6d2..9633e09 100644 --- a/rancher-turtles-chart/templates/post-delete-job.yaml +++ b/rancher-turtles-chart/templates/post-delete-job.yaml @@ -1,4 +1,4 @@ -{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }} +{{- if index .Values "cluster-api-operator" "cleanup" }} --- apiVersion: v1 kind: ServiceAccount @@ -41,7 +41,7 @@ metadata: subjects: - kind: ServiceAccount name: post-delete-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' roleRef: kind: ClusterRole name: post-delete-job-delete-webhooks @@ -62,7 +62,7 @@ spec: serviceAccountName: post-delete-job containers: - name: cluster-api-operator-mutatingwebhook-cleanup - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete @@ -90,7 +90,7 @@ spec: serviceAccountName: post-delete-job containers: - name: cluster-api-operator-validatingwebhook-cleanup - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete @@ -119,7 +119,7 @@ spec: restartPolicy: Never containers: - name: delete-capi-controller-manager - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete @@ -128,7 +128,7 @@ spec: - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} - --ignore-not-found=true - name: delete-capi-kubeadm-bootstrap-controller-manager - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete @@ -137,7 +137,7 @@ spec: - capi-kubeadm-bootstrap-system - --ignore-not-found=true - name: delete-capi-kubeadm-control-plane-controller-manager - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete @@ -146,7 +146,7 @@ spec: - capi-kubeadm-control-plane-system - --ignore-not-found=true - name: delete-rke2-kubeadm-bootstrap-controller-manager - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete @@ -155,7 +155,7 @@ spec: - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} - --ignore-not-found=true - name: delete-rke2-control-plane-controller-manager - image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} command: ["kubectl"] args: - delete diff --git a/rancher-turtles-chart/templates/post-upgrade-job.yaml b/rancher-turtles-chart/templates/post-upgrade-job.yaml index 489f63c..b19a86e 100644 --- a/rancher-turtles-chart/templates/post-upgrade-job.yaml +++ b/rancher-turtles-chart/templates/post-upgrade-job.yaml @@ -1,10 +1,9 @@ -{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }} --- apiVersion: v1 kind: ServiceAccount metadata: name: post-upgrade-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "1" @@ -24,13 +23,6 @@ rules: verbs: - list - delete -- apiGroups: - - management.cattle.io - resources: - - clusters - verbs: - - list - - delete --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -42,7 +34,7 @@ metadata: subjects: - kind: ServiceAccount name: post-upgrade-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' roleRef: kind: ClusterRole name: post-upgrade-job-delete-clusters @@ -52,6 +44,7 @@ apiVersion: batch/v1 kind: Job metadata: name: post-upgrade-delete-clusters + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "2" @@ -62,17 +55,12 @@ spec: serviceAccountName: post-upgrade-job containers: - name: post-upgrade-delete-clusters - image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - {{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }} - clusters.provisioning.cattle.io - {{- else }} - - clusters.management.cattle.io - {{- end }} - --selector=cluster-api.cattle.io/owned - -A - --ignore-not-found=true - --wait restartPolicy: OnFailure -{{- end }} diff --git a/rancher-turtles-chart/templates/pre-delete-job.yaml b/rancher-turtles-chart/templates/pre-delete-job.yaml index 5a8ae84..c099b9f 100644 --- a/rancher-turtles-chart/templates/pre-delete-job.yaml +++ b/rancher-turtles-chart/templates/pre-delete-job.yaml @@ -1,10 +1,10 @@ -{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} +{{- if index .Values "rancherTurtles" "rancherInstalled" }} --- apiVersion: v1 kind: ServiceAccount metadata: name: pre-delete-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": pre-delete "helm.sh/hook-weight": "-2" @@ -35,7 +35,7 @@ metadata: subjects: - kind: ServiceAccount name: pre-delete-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' roleRef: kind: ClusterRole name: pre-delete-job-delete-capiproviders @@ -45,7 +45,7 @@ apiVersion: batch/v1 kind: Job metadata: name: rancher-capiprovider-cleanup - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": pre-delete "helm.sh/hook-weight": "-1" @@ -56,7 +56,7 @@ spec: serviceAccountName: pre-delete-job containers: - name: rancher-capiprovider-cleanup - image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - capiproviders diff --git a/rancher-turtles-chart/templates/pre-install-job.yaml b/rancher-turtles-chart/templates/pre-install-job.yaml index 355fb31..00880d2 100644 --- a/rancher-turtles-chart/templates/pre-install-job.yaml +++ b/rancher-turtles-chart/templates/pre-install-job.yaml @@ -1,4 +1,3 @@ -{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }} {{- if index .Values "rancherTurtles" "rancherInstalled"}} --- apiVersion: management.cattle.io/v3 @@ -11,14 +10,13 @@ metadata: spec: value: false {{- end }} -{{- end }} -{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} +{{- if index .Values "rancherTurtles" "rancherInstalled" }} --- apiVersion: v1 kind: ServiceAccount metadata: name: pre-install-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "1" @@ -49,7 +47,7 @@ metadata: subjects: - kind: ServiceAccount name: pre-install-job - namespace: rancher-turtles-system + namespace: '{{ .Values.rancherTurtles.namespace }}' roleRef: kind: ClusterRole name: pre-install-job-delete-webhooks @@ -59,6 +57,7 @@ apiVersion: batch/v1 kind: Job metadata: name: rancher-mutatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "2" @@ -69,7 +68,7 @@ spec: serviceAccountName: pre-install-job containers: - name: rancher-mutatingwebhook-cleanup - image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - mutatingwebhookconfigurations.admissionregistration.k8s.io @@ -81,6 +80,7 @@ apiVersion: batch/v1 kind: Job metadata: name: rancher-validatingwebhook-cleanup + namespace: '{{ .Values.rancherTurtles.namespace }}' annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "2" @@ -91,7 +91,7 @@ spec: serviceAccountName: pre-install-job containers: - name: rancher-validatingwebhook-cleanup - image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} + image: {{ index .Values "rancherTurtles" "kubectlImage" }} args: - delete - validatingwebhookconfigurations.admissionregistration.k8s.io diff --git a/rancher-turtles-chart/templates/rancher-turtles-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-components.yaml index 722d984..c6ef6ed 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-components.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep name: capiproviders.turtles-capi.cattle.io spec: @@ -122,11 +122,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -154,11 +156,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -172,6 +176,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -216,11 +221,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -248,14 +255,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -319,11 +329,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -338,13 +350,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -353,13 +365,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -400,11 +412,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -424,6 +438,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -446,6 +461,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -496,11 +512,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -515,13 +533,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -530,13 +548,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -576,11 +594,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -600,6 +620,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -612,6 +633,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -671,11 +693,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -690,13 +714,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -705,13 +729,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -752,11 +776,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -776,6 +802,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -798,6 +825,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -848,11 +876,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -867,13 +897,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -882,13 +912,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -928,11 +958,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -952,6 +984,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -964,6 +997,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -1025,10 +1059,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -1092,10 +1129,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -1124,11 +1164,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -1140,6 +1178,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1185,10 +1229,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1259,7 +1306,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -1282,13 +1328,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -1567,11 +1611,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1599,11 +1645,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1616,6 +1664,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1660,11 +1709,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1692,14 +1743,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1762,11 +1816,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1781,13 +1837,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1796,13 +1852,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1842,11 +1898,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1866,6 +1924,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1888,6 +1947,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1938,11 +1998,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1957,13 +2019,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1972,13 +2034,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2018,11 +2080,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2042,6 +2106,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2054,6 +2119,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -2112,11 +2178,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2131,13 +2199,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2146,13 +2214,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2192,11 +2260,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2216,6 +2286,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2238,6 +2309,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -2288,11 +2360,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2307,13 +2381,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2322,13 +2396,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2368,11 +2442,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2392,6 +2468,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2404,6 +2481,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -2465,10 +2543,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -2528,10 +2609,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -2560,11 +2644,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -2576,6 +2658,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2620,10 +2708,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2712,6 +2803,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -2746,11 +2843,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2769,6 +2868,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -2778,7 +2880,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -2801,13 +2902,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -3033,20 +3132,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -3102,7 +3201,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep name: clusterctlconfigs.turtles-capi.cattle.io spec: @@ -3276,19 +3375,8 @@ rules: resources: - configmaps - events - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - namespaces + - secrets verbs: - create - delete @@ -3303,7 +3391,6 @@ rules: - clusters - clusters/status verbs: - - create - get - list - patch @@ -3319,6 +3406,7 @@ rules: - update - apiGroups: - infrastructure.cluster.x-k8s.io + - operator.cluster.x-k8s.io resources: - '*' verbs: @@ -3333,15 +3421,6 @@ rules: - management.cattle.io resources: - clusterregistrationtokens - - clusterregistrationtokens/status - verbs: - - get - - list - - watch - - create -- apiGroups: - - management.cattle.io - resources: - clusters - clusters/status verbs: @@ -3353,12 +3432,29 @@ rules: - patch - update - watch +- apiGroups: + - management.cattle.io + resources: + - clusterregistrationtokens/status + - settings + verbs: + - get + - list + - watch - apiGroups: - provisioning.cattle.io resources: - clusters - clusters/status verbs: + - get + - list + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - capiproviders + verbs: - create - delete - get @@ -3369,28 +3465,37 @@ rules: - apiGroups: - turtles-capi.cattle.io resources: - - capiproviders + - capiproviders/finalizers + verbs: + - update +- apiGroups: + - turtles-capi.cattle.io + resources: - capiproviders/status + verbs: + - get + - patch + - update +- apiGroups: + - turtles-capi.cattle.io + resources: - clusterctlconfigs - clusterctlconfigs/status verbs: - get - list - - watch - patch - - update + - watch - apiGroups: - - operator.cluster.x-k8s.io + - turtles-capi.cattle.io resources: - - '*' + - clusterctlconfigs/finalizers verbs: - - create - get - list - - watch - patch - update - - create + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml index d305dca..c0e7119 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: turtles-capi.cattle.io: etcd-restore name: etcdmachinesnapshots.turtles-capi.cattle.io @@ -116,7 +116,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: turtles-capi.cattle.io: etcd-restore name: etcdsnapshotrestores.turtles-capi.cattle.io @@ -195,20 +195,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -235,7 +235,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: turtles-capi.cattle.io: etcd-restore name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io @@ -438,29 +438,7 @@ rules: - cluster.x-k8s.io resources: - clusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - clusters/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - machines verbs: - create @@ -499,57 +477,7 @@ rules: - turtles-capi.cattle.io resources: - etcdmachinesnapshots - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots/finalizers - verbs: - - update -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots/status - verbs: - - get - - patch - - update -- apiGroups: - - turtles-capi.cattle.io - resources: - etcdsnapshotrestores - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdsnapshotrestores/finalizers - verbs: - - update -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdsnapshotrestores/status - verbs: - - get - - patch - - update -- apiGroups: - - turtles-capi.cattle.io - resources: - rke2etcdmachinesnapshotconfigs verbs: - create @@ -562,12 +490,16 @@ rules: - apiGroups: - turtles-capi.cattle.io resources: + - etcdmachinesnapshots/finalizers + - etcdsnapshotrestores/finalizers - rke2etcdmachinesnapshotconfigs/finalizers verbs: - update - apiGroups: - turtles-capi.cattle.io resources: + - etcdmachinesnapshots/status + - etcdsnapshotrestores/status - rke2etcdmachinesnapshotconfigs/status verbs: - get diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index cd93abd..6a50bf3 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -1,35 +1,24 @@ rancherTurtles: image: registry.rancher.com/rancher/rancher/turtles - imageVersion: v0.14.1 + imageVersion: v0.16.0 imagePullPolicy: IfNotPresent namespace: rancher-turtles-system managerArguments: [] imagePullSecrets: [] - rancherInstalled: true + rancherInstalled: false + kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3 features: - cluster-api-operator: - cleanup: true - kubectlImage: rancher/kubectl:v1.30.3 - embedded-capi: - disabled: false - rancher-webhook: - cleanup: false - kubectlImage: rancher/kubectl:v1.30.3 - rancher-kubeconfigs: - label: false - managementv3-cluster: - enabled: true - managementv3-cluster-migration: - enabled: false - propagate-labels: - enabled: false etcd-snapshot-restore: enabled: false image: registry.rancher.com/rancher/rancher/turtles - imageVersion: v0.14.1 + imageVersion: v0.16.0 imagePullPolicy: IfNotPresent + # beta feature, see documentation for more information on feature stages addon-provider-fleet: enabled: false + # alpha feature, see documentation for more information on feature stages + agent-tls-mode: + enabled: false cluster-api-operator: enabled: true cert-manager: @@ -53,6 +42,7 @@ cluster-api-operator: - mountPath: /config name: clusterctl-config readOnly: true + cleanup: true cluster-api: enabled: true configSecret: @@ -60,30 +50,34 @@ cluster-api-operator: defaultName: capi-env-variables core: namespace: capi-system + imageUrl: "" fetchConfig: url: "" selector: "" rke2: enabled: true + version: "" bootstrap: namespace: rke2-bootstrap-system + imageUrl: "" fetchConfig: url: "" selector: "" controlPlane: namespace: rke2-control-plane-system + imageUrl: "" fetchConfig: url: "" selector: "" metal3: enabled: true - version: "v1.8.2" + version: "v1.9.2" infrastructure: namespace: capm3-system - imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-controller:v1.8.2" + imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2" fetchConfig: url: "" selector: "" ipam: namespace: capm3-system - imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-ipam-controller:v1.8.1" + imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3" -- 2.49.0 From 0cb039a9dfd40563545035c7972a6123c139fcd3969496cd636cd63832ad88c5 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Wed, 26 Feb 2025 10:36:10 +0100 Subject: [PATCH 04/55] Ironic dependency is located in different project when in internal obs Signed-off-by: Nicolas Belouin --- .obs/render_meta.py | 1 + _meta | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.obs/render_meta.py b/.obs/render_meta.py index 3ed31ec..67500e3 100644 --- a/.obs/render_meta.py +++ b/.obs/render_meta.py @@ -8,6 +8,7 @@ def render(base_project, subproject, internal, scm_url=None): context = { "base_project": subproject == "", "title": f"SUSE Edge {version} {subproject}".rstrip(), + "ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack", } if subproject == "ToTest": context["project"] = f"{base_project}:ToTest" diff --git a/_meta b/_meta index fa14c49..334ecb0 100644 --- a/_meta +++ b/_meta @@ -47,7 +47,7 @@ {%- if release_project is defined and not for_release %} {%- endif %} - + x86_64 aarch64 -- 2.49.0 From ddabc54ac83fb3f613378177fce0f872ec3c98003f6b4d11ce1e8aaffce720d1 Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Fri, 28 Feb 2025 11:01:18 +0200 Subject: [PATCH 05/55] init versions for release manifest 3.3 --- release-manifest-image/Dockerfile | 6 +-- release-manifest-image/release_manifest.yaml | 53 ++++++++++---------- 2 files changed, 30 insertions(+), 29 deletions(-) diff --git a/release-manifest-image/Dockerfile b/release-manifest-image/Dockerfile index e14d21c..aa889d4 100644 --- a/release-manifest-image/Dockerfile +++ b/release-manifest-image/Dockerfile @@ -1,4 +1,4 @@ -#!BuildTag: %%IMG_PREFIX%%release-manifest:3.2.0 +#!BuildTag: %%IMG_PREFIX%%release-manifest:3.3.0 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION @@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SUSE Edge Release Manifest" LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release" -LABEL org.opencontainers.image.version="3.2.0" +LABEL org.opencontainers.image.version="3.3.0" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.2.0" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.3.0" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 42e90da..5459b61 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -1,13 +1,13 @@ apiVersion: lifecycle.suse.com/v1alpha1 kind: ReleaseManifest metadata: - name: release-manifest-3-2-0 + name: release-manifest-3-3-0 spec: - releaseVersion: 3.2.0 + releaseVersion: 3.3.0 components: kubernetes: k3s: - version: v1.31.3+k3s1 + version: v1.32.1+k3s1 coreComponents: - name: traefik-crd version: 27.0.201+up27.0.2 @@ -23,7 +23,7 @@ spec: - name: coredns containers: - name: coredns - image: rancher/mirrored-coredns-coredns:1.11.3 + image: rancher/mirrored-coredns-coredns:1.12.0 type: Deployment - name: metrics-server containers: @@ -31,55 +31,56 @@ spec: image: rancher/mirrored-metrics-server:v0.7.2 type: Deployment rke2: - version: v1.31.3+rke2r1 + version: v1.32.1+rke2r1 coreComponents: - name: rke2-cilium - version: 1.16.303 + version: 1.16.501 type: HelmChart - name: rke2-canal - version: v3.29.0-build2024110400 + version: v3.29.1-build2025011000 type: HelmChart - name: rke2-calico-crd - version: v3.29.000 + version: v3.29.101 type: HelmChart - name: rke2-calico - version: v3.29.000 + version: v3.29.101 type: HelmChart - name: rke2-coredns - version: 1.33.005 + version: 1.36.102 type: HelmChart - name: rke2-ingress-nginx - version: 4.10.502 + version: 4.12.003 type: HelmChart - name: rke2-metrics-server - version: 3.12.004 + version: 3.12.200 type: HelmChart - name: rancher-vsphere-csi - version: 3.3.1-rancher700 + version: 3.3.1-rancher800 type: HelmChart - name: rancher-vsphere-cpi - version: 1.9.100 + version: 1.10.000 type: HelmChart - name: harvester-cloud-provider - version: 0.2.600 + version: 0.2.900 type: HelmChart - name: harvester-csi-driver - version: 0.1.2000 + version: 0.1.2200 type: HelmChart - name: rke2-snapshot-controller-crd - version: 3.0.601 + version: 4.0.002 type: HelmChart - name: rke2-snapshot-controller - version: 3.0.601 + version: 4.0.002 type: HelmChart + # Deprecated this empty chart addon can be removed in v1.34 - name: rke2-snapshot-validation-webhook - version: 1.9.001 + version: 0.0.0 type: HelmChart operatingSystem: - version: "6.0" + version: "6.1" zypperID: "SL-Micro" - cpeScheme: "cpe:/o:suse:sl-micro:6.0" - prettyName: "SUSE Linux Micro 6.0" + cpeScheme: "cpe:/o:suse:sl-micro:6.1" + prettyName: "SUSE Linux Micro 6.1" supportedArchs: - "x86_64" - "aarch64" @@ -88,8 +89,8 @@ spec: - prettyName: Rancher releaseName: rancher chart: rancher - version: 2.10.1 - repository: https://charts.rancher.com/server-charts/prime + version: 2.11.0-alpha7 + repository: https://releases.rancher.com/server-charts/alpha values: postDelete: enabled: false @@ -122,12 +123,12 @@ spec: - prettyName: NeuVector releaseName: neuvector chart: neuvector - version: 105.0.0+up2.8.3 + version: 105.0.1+up2.8.4 repository: https://charts.rancher.io dependencyCharts: - releaseName: neuvector-crd chart: neuvector-crd - version: 105.0.0+up2.8.3 + version: 105.0.1+up2.8.4 repository: https://charts.rancher.io addonCharts: - releaseName: neuvector-ui-ext -- 2.49.0 From 43c764e69c1058e08c9867129b387f3ef34271aeeed60f7b5be82bc5134c2650 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 5 Mar 2025 19:06:06 +0100 Subject: [PATCH 06/55] ironic-image: update to 26.1.2.3 Aligns with https://github.com/suse-edge/charts/pull/189 Also see: https://build.opensuse.org/package/rdiff/isv:SUSE:Edge:Metal3:Ironic:2024.2/ironic-image?linkrev=base&rev=11 --- ironic-image/Dockerfile | 8 ++++---- ironic-image/apache2-vmedia.conf.j2 | 18 ++++++++---------- ironic-image/ironic.conf.j2 | 4 ++-- 3 files changed, 14 insertions(+), 16 deletions(-) diff --git a/ironic-image/Dockerfile b/ironic-image/Dockerfile index dc4995a..d072397 100644 --- a/ironic-image/Dockerfile +++ b/ironic-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2 -#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3 +#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE% #!BuildVersion: 15.6 ARG SLE_VERSION @@ -46,8 +46,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="26.1.2.2" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%" +LABEL org.opencontainers.image.version="26.1.2.3" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/ironic-image/apache2-vmedia.conf.j2 b/ironic-image/apache2-vmedia.conf.j2 index aa1132e..fd87d39 100644 --- a/ironic-image/apache2-vmedia.conf.j2 +++ b/ironic-image/apache2-vmedia.conf.j2 @@ -10,17 +10,15 @@ Listen {{ env.VMEDIA_TLS_PORT }} SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }} SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }} - - Order deny,allow - deny from all + + AllowOverride None + Require all granted - - Order allow,deny - allow from all - - - Order allow,deny - allow from all + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted diff --git a/ironic-image/ironic.conf.j2 b/ironic-image/ironic.conf.j2 index e2cb681..894b8cc 100644 --- a/ironic-image/ironic.conf.j2 +++ b/ironic-image/ironic.conf.j2 @@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }} # Power state is checked every 60 seconds and BMC activity should # be avoided more often than once every sixty seconds. send_sensor_data_interval = 160 -bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img +bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img verify_step_priority_override = management.clear_job_queue:90 # We don't use this feature, and it creates an additional load on the database node_history = False @@ -112,7 +112,7 @@ default_boot_option = local erase_devices_metadata_priority = 10 erase_devices_priority = 0 http_root = /shared/html/ -http_url = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }} +http_url = {{ env.IRONIC_BOOT_BASE_URL }} fast_track = {{ env.IRONIC_FAST_TRACK }} {% if env.IRONIC_BOOT_ISO_SOURCE %} ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }} -- 2.49.0 From d59f3540a23417216449b40b5d2847320ac113f538de88437947de681798e852 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 5 Mar 2025 19:10:38 +0100 Subject: [PATCH 07/55] metal3-chart: update to 0.9.3 Aligns with https://github.com/suse-edge/charts/pull/189 --- metal3-chart/Chart.yaml | 10 +++++----- metal3-chart/charts/ironic/Chart.yaml | 2 +- metal3-chart/charts/ironic/values.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 7bce2cf..9857b8d 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2 -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.3 +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.3-%RELEASE% apiVersion: v2 -appVersion: 0.9.2 +appVersion: 0.9.3 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -10,7 +10,7 @@ dependencies: - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.9.1 + version: 0.9.2 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.0+up0.9.2" +version: "%%CHART_MAJOR%%.0.0+up0.9.3" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index 37712fb..db20242 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 26.1.2 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.9.1 +version: 0.9.2 diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index 0e153cc..b9e69e3 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -56,7 +56,7 @@ images: ironic: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic pullPolicy: IfNotPresent - tag: 26.1.2.2 + tag: 26.1.2.3 ironicIPADownloader: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader pullPolicy: IfNotPresent -- 2.49.0 From 6531575f1b45359640972f47ed4dd41f8842d8da05bccaeea03487ee27e6c1be Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 12 Mar 2025 09:38:29 +0000 Subject: [PATCH 08/55] metal3-chart: update to 0.9.4 Aligns with https://github.com/suse-edge/charts/pull/192 --- metal3-chart/Chart.yaml | 10 +++++----- metal3-chart/charts/ironic/Chart.yaml | 2 +- metal3-chart/charts/ironic/templates/deployment.yaml | 3 --- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 9857b8d..827662f 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.3 -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.3-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.4 +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.4-%RELEASE% apiVersion: v2 -appVersion: 0.9.3 +appVersion: 0.9.4 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -10,7 +10,7 @@ dependencies: - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.9.2 + version: 0.9.3 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.0+up0.9.3" +version: "%%CHART_MAJOR%%.0.0+up0.9.4" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index db20242..7114956 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 26.1.2 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.9.2 +version: 0.9.3 diff --git a/metal3-chart/charts/ironic/templates/deployment.yaml b/metal3-chart/charts/ironic/templates/deployment.yaml index 4d96e3d..ba07905 100644 --- a/metal3-chart/charts/ironic/templates/deployment.yaml +++ b/metal3-chart/charts/ironic/templates/deployment.yaml @@ -77,9 +77,6 @@ spec: mountPath: "/certs/vmedia" readOnly: true {{- end }} - - mountPath: /shared/html/tstcerts - name: cert-ironic-ca - readOnly: true {{- end }} - name: ironic-log-watch image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }} -- 2.49.0 From da3b39573b5747cc58e0be457c8ca88f2a0acf7c6b8d541e7bda563633fd976d Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Fri, 14 Mar 2025 11:45:31 +0200 Subject: [PATCH 09/55] update longhorn version to 1.7.3 --- .idea/.gitignore | 8 ++++++++ .idea/Factory.iml | 4 ++++ .idea/vcs.xml | 6 ++++++ release-manifest-image/release_manifest.yaml | 4 ++-- 4 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 .idea/.gitignore create mode 100644 .idea/Factory.iml create mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore new file mode 100644 index 0000000..c2083d3 --- /dev/null +++ b/.idea/.gitignore @@ -0,0 +1,8 @@ +# Default ignored files +/shelf/ +/workspace.xml +# Editor-based HTTP Client requests +/httpRequests/ +# Datasource local storage ignored files +/dataSources/ +/dataSources.local.xml diff --git a/.idea/Factory.iml b/.idea/Factory.iml new file mode 100644 index 0000000..35e9e10 --- /dev/null +++ b/.idea/Factory.iml @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml new file mode 100644 index 0000000..0faa797 --- /dev/null +++ b/.idea/vcs.xml @@ -0,0 +1,6 @@ + + + + + + \ No newline at end of file diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 5459b61..55696bd 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -97,12 +97,12 @@ spec: - prettyName: Longhorn releaseName: longhorn chart: longhorn - version: 105.1.0+up1.7.2 + version: 105.1.1+up1.7.3 repository: https://charts.rancher.io dependencyCharts: - releaseName: longhorn-crd chart: longhorn-crd - version: 105.1.0+up1.7.2 + version: 105.1.1+up1.7.3 repository: https://charts.rancher.io - prettyName: MetalLB releaseName: metallb -- 2.49.0 From 78a681a3a32f689cf95d260ae65cc549c8dd9ff923376727f1b0a7d2fe66aaf3 Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Fri, 14 Mar 2025 11:47:25 +0200 Subject: [PATCH 10/55] remove accidental push of .idea --- .idea/.gitignore | 8 -------- .idea/Factory.iml | 4 ---- .idea/vcs.xml | 6 ------ 3 files changed, 18 deletions(-) delete mode 100644 .idea/.gitignore delete mode 100644 .idea/Factory.iml delete mode 100644 .idea/vcs.xml diff --git a/.idea/.gitignore b/.idea/.gitignore deleted file mode 100644 index c2083d3..0000000 --- a/.idea/.gitignore +++ /dev/null @@ -1,8 +0,0 @@ -# Default ignored files -/shelf/ -/workspace.xml -# Editor-based HTTP Client requests -/httpRequests/ -# Datasource local storage ignored files -/dataSources/ -/dataSources.local.xml diff --git a/.idea/Factory.iml b/.idea/Factory.iml deleted file mode 100644 index 35e9e10..0000000 --- a/.idea/Factory.iml +++ /dev/null @@ -1,4 +0,0 @@ - - - - \ No newline at end of file diff --git a/.idea/vcs.xml b/.idea/vcs.xml deleted file mode 100644 index 0faa797..0000000 --- a/.idea/vcs.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - \ No newline at end of file -- 2.49.0 From 5db4c3bc792cfe86788f21fbf4d9ab5a73cef689e90469fb9cde572a8f2238c9 Mon Sep 17 00:00:00 2001 From: Fatih Degirmenci Date: Mon, 17 Mar 2025 12:39:42 +0100 Subject: [PATCH 11/55] Bump Rancher, RKE2, and k3s versions in release-manifest This PR bumps Rancher, RKE2, and k3s versions to align them with SV baseline to ensure the upgrade validation is done using the correct versions. Versions for traefik and traefik-crd Helm Charts are still pending to be verified. --- release-manifest-image/release_manifest.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 55696bd..5bf17c9 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -7,7 +7,7 @@ spec: components: kubernetes: k3s: - version: v1.32.1+k3s1 + version: v1.32.2+k3s1 coreComponents: - name: traefik-crd version: 27.0.201+up27.0.2 @@ -18,7 +18,7 @@ spec: - name: local-path-provisioner containers: - name: local-path-provisioner - image: rancher/local-path-provisioner:v0.0.30 + image: rancher/local-path-provisioner:v0.0.31 type: Deployment - name: coredns containers: @@ -34,28 +34,28 @@ spec: version: v1.32.1+rke2r1 coreComponents: - name: rke2-cilium - version: 1.16.501 + version: 1.17.000 type: HelmChart - name: rke2-canal - version: v3.29.1-build2025011000 + version: v3.29.2-build2025021800 type: HelmChart - name: rke2-calico-crd version: v3.29.101 type: HelmChart - name: rke2-calico - version: v3.29.101 + version: v3.29.200 type: HelmChart - name: rke2-coredns version: 1.36.102 type: HelmChart - name: rke2-ingress-nginx - version: 4.12.003 + version: 4.12.005 type: HelmChart - name: rke2-metrics-server version: 3.12.200 type: HelmChart - name: rancher-vsphere-csi - version: 3.3.1-rancher800 + version: 3.3.1-rancher900 type: HelmChart - name: rancher-vsphere-cpi version: 1.10.000 @@ -64,7 +64,7 @@ spec: version: 0.2.900 type: HelmChart - name: harvester-csi-driver - version: 0.1.2200 + version: 0.1.2300 type: HelmChart - name: rke2-snapshot-controller-crd version: 4.0.002 @@ -89,7 +89,7 @@ spec: - prettyName: Rancher releaseName: rancher chart: rancher - version: 2.11.0-alpha7 + version: 2.11.0-alpha11 repository: https://releases.rancher.com/server-charts/alpha values: postDelete: -- 2.49.0 From dc19c71706a52db0ec2aec73c6a46033bbb595288aa2e1db26c1e49d8eaeca15 Mon Sep 17 00:00:00 2001 From: Fatih Degirmenci Date: Mon, 17 Mar 2025 12:48:50 +0100 Subject: [PATCH 12/55] Update Helm Chart versions for traefik and traefik-crd --- release-manifest-image/release_manifest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 5bf17c9..112301e 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -10,10 +10,10 @@ spec: version: v1.32.2+k3s1 coreComponents: - name: traefik-crd - version: 27.0.201+up27.0.2 + version: 34.2.1+up34.2.0 type: HelmChart - name: traefik - version: 27.0.201+up27.0.2 + version: 34.2.1+up34.2.0 type: HelmChart - name: local-path-provisioner containers: -- 2.49.0 From fb896ffe62b7931d67f264c8f8438c95c96351cb67f2b8a011ceb92625662f8a Mon Sep 17 00:00:00 2001 From: Fatih Degirmenci Date: Mon, 17 Mar 2025 13:16:07 +0100 Subject: [PATCH 13/55] Change trigger_devel workflow to midday every week day Cron is configured to run every night on a daily basis which is great. However, this has potential to break all the SV pipelines as a commit that gets merged to EIB will result in a new image build without the SV team have chance to validate and reflect the change to SV. This commit configures trigger_devel workflow to run midday every week day so the SV team can make the necessary validations and updates accordingly. Please note that this should be considered as a temporary fix and an automated way to bring new EIB versions to SV should be developed collaboratively. --- .gitea/workflows/trigger_devel.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/trigger_devel.yaml b/.gitea/workflows/trigger_devel.yaml index 2e391cf..415ea41 100644 --- a/.gitea/workflows/trigger_devel.yaml +++ b/.gitea/workflows/trigger_devel.yaml @@ -1,7 +1,8 @@ name: Trigger Devel Packages on: + # NOTE (fdegir): Cron is set to run midday every weekday schedule: - - cron: "@daily" + - cron: "0 12 * * 1-5 jobs: sync-pr-project: @@ -27,4 +28,4 @@ jobs: ref: 'devel' - name: "Trigger packages" run: | - python3 .obs/trigger_package.py \ No newline at end of file + python3 .obs/trigger_package.py -- 2.49.0 From e83a9cea3cac7bf0614c6e37ae35e3c81a246380e703b8bae4636b265fce709d Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 13 Mar 2025 12:11:08 +0000 Subject: [PATCH 14/55] baremetal-operator: update to 0.9.0 --- baremetal-operator/_service | 2 +- baremetal-operator/baremetal-operator.spec | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/baremetal-operator/_service b/baremetal-operator/_service index c45ecc3..5ec987e 100644 --- a/baremetal-operator/_service +++ b/baremetal-operator/_service @@ -2,7 +2,7 @@ https://github.com/metal3-io/baremetal-operator git - v0.8.0 + v0.9.0 _auto_ @PARENT_TAG@ enable diff --git a/baremetal-operator/baremetal-operator.spec b/baremetal-operator/baremetal-operator.spec index 94d7ec5..9e2f10a 100644 --- a/baremetal-operator/baremetal-operator.spec +++ b/baremetal-operator/baremetal-operator.spec @@ -17,14 +17,14 @@ Name: baremetal-operator -Version: 0.8.0 -Release: 0.8.0 +Version: 0.9.0 +Release: 0 Summary: Implements a Kubernetes API for managing bare metal hosts License: Apache-2.0 URL: https://github.com/metal3-io/baremetal-operator Source: baremetal-operator-%{version}.tar Source1: vendor.tar.gz -BuildRequires: golang(API) = 1.22 +BuildRequires: golang(API) = 1.23 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.49.0 From c68c882d357c6b996f94e124115a87b4547698cc8a2aa18e44c3cdfa719ecee3 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 13 Mar 2025 12:15:15 +0000 Subject: [PATCH 15/55] metal3-chart: update to 0.10.0 Aligns with https://github.com/suse-edge/charts/pull/191 --- metal3-chart/Chart.yaml | 10 +- .../charts/baremetal-operator/Chart.yaml | 4 +- .../crds/customresource-baremetalhosts.yaml | 752 ++++++++++-------- .../customresource-bmceventsubscriptions.yaml | 24 +- .../crds/customresource-dataimages.yaml | 22 +- .../crds/customresource-firmwareschemas.yaml | 24 +- .../crds/customresource-hardwaredata.yaml | 61 +- ...customresource-hostfirmwarecomponents.yaml | 72 +- .../customresource-hostfirmwaresettings.yaml | 70 +- .../customresource-hostupdatepolicies.yaml | 62 ++ .../customresource-preprovisioningimages.yaml | 91 +-- .../templates/clusterrole-manager.yaml | 20 + .../templates/deployment.yaml | 18 +- .../templates/metrics_auth_role.yaml | 19 + .../templates/metrics_auth_role_binding.yaml | 14 + .../templates/metrics_reader_role.yaml | 11 + .../templates/metrics_service.yaml | 14 + .../charts/baremetal-operator/values.yaml | 6 +- 18 files changed, 776 insertions(+), 518 deletions(-) create mode 100644 metal3-chart/charts/baremetal-operator/crds/customresource-hostupdatepolicies.yaml create mode 100644 metal3-chart/charts/baremetal-operator/templates/metrics_auth_role.yaml create mode 100644 metal3-chart/charts/baremetal-operator/templates/metrics_auth_role_binding.yaml create mode 100644 metal3-chart/charts/baremetal-operator/templates/metrics_reader_role.yaml create mode 100644 metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 827662f..486327d 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,12 +1,12 @@ -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.4 -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.4-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.0 +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.0-%RELEASE% apiVersion: v2 -appVersion: 0.9.4 +appVersion: 0.10.0 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator repository: file://./charts/baremetal-operator - version: 0.6.1 + version: 0.9.0 - alias: metal3-ironic name: ironic repository: file://./charts/ironic @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.0+up0.9.4" +version: "%%CHART_MAJOR%%.0.0+up0.10.0" diff --git a/metal3-chart/charts/baremetal-operator/Chart.yaml b/metal3-chart/charts/baremetal-operator/Chart.yaml index 9fa5be0..ffc076a 100644 --- a/metal3-chart/charts/baremetal-operator/Chart.yaml +++ b/metal3-chart/charts/baremetal-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.8.0 +appVersion: 0.9.0 description: A Helm chart for baremetal-operator, used by Metal3 name: baremetal-operator type: application -version: 0.6.1 +version: 0.9.0 diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml index 6b37062..9c28d5c 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: baremetal-operator-system/baremetal-operator-serving-cert - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 labels: clusterctl.cluster.x-k8s.io: "" name: baremetalhosts.metal3.io @@ -57,14 +57,19 @@ spec: description: BareMetalHost is the Schema for the baremetalhosts API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -72,157 +77,191 @@ spec: description: BareMetalHostSpec defines the desired state of BareMetalHost. properties: architecture: - description: CPU architecture of the host, e.g. "x86_64" or "aarch64". - If unset, eventually populated by inspection. + description: |- + CPU architecture of the host, e.g. "x86_64" or "aarch64". If unset, + eventually populated by inspection. type: string automatedCleaningMode: default: metadata - description: When set to disabled, automated cleaning will be avoided + description: |- + When set to disabled, automated cleaning will be skipped during provisioning and deprovisioning. enum: - metadata - disabled type: string bmc: - description: How do we connect to the BMC? + description: |- + How do we connect to the BMC (Baseboard Management Controller) on + the host? properties: address: - description: Address holds the URL for accessing the controller - on the network. + description: |- + Address holds the URL for accessing the controller on the network. + The scheme part designates the driver to use with the host. type: string credentialsName: - description: The name of the secret containing the BMC credentials - (requires keys "username" and "password"). + description: |- + The name of the secret containing the BMC credentials (requires + keys "username" and "password"). type: string disableCertificateVerification: - description: DisableCertificateVerification disables verification - of server certificates when using HTTPS to connect to the BMC. - This is required when the server certificate is self-signed, - but is insecure because it allows a man-in-the-middle to intercept - the connection. + description: |- + DisableCertificateVerification disables verification of server + certificates when using HTTPS to connect to the BMC. This is + required when the server certificate is self-signed, but is + insecure because it allows a man-in-the-middle to intercept the + connection. type: boolean required: - address - credentialsName type: object bootMACAddress: - description: Which MAC address will PXE boot? This is optional for - some types, but required for libvirt VMs driven by vbmc. + description: |- + The MAC address of the NIC used for provisioning the host. In case + of network boot, this is the MAC address of the PXE booting + interface. The MAC address of the BMC must never be used here! pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}' type: string bootMode: - description: Select the method of initializing the hardware during - boot. Defaults to UEFI. + description: |- + Select the method of initializing the hardware during boot. + Defaults to UEFI. Legacy boot should only be used for hardware that + does not support UEFI correctly. Set to UEFISecureBoot to turn + secure boot on automatically after provisioning. enum: - UEFI - UEFISecureBoot - legacy type: string consumerRef: - description: ConsumerRef can be used to store information about something - that is using a host. When it is not empty, the host is considered - "in use". + description: |- + ConsumerRef can be used to store information about something + that is using a host. When it is not empty, the host is + considered "in use". The common use case is a link to a Machine + resource when the host is used by Cluster API. properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic customDeploy: - description: A custom deploy procedure. + description: |- + A custom deploy procedure. This is an advanced feature that allows + using a custom deploy step provided by a site-specific deployment + ramdisk. Most users will want to use "image" instead. Setting this + field triggers provisioning. properties: method: - description: Custom deploy method name. This name is specific - to the deploy ramdisk used. If you don't have a custom deploy - ramdisk, you shouldn't use CustomDeploy. + description: |- + Custom deploy method name. + This name is specific to the deploy ramdisk used. If you don't have + a custom deploy ramdisk, you shouldn't use CustomDeploy. type: string required: - method type: object description: description: Description is a human-entered text used to help identify - the host + the host. type: string externallyProvisioned: - description: ExternallyProvisioned means something else is managing - the image running on the host and the operator should only manage - the power status and hardware inventory inspection. If the Image - field is filled in, this field is ignored. + description: |- + ExternallyProvisioned means something else has provisioned the + image running on the host, and the operator should only manage + the power status. This field is used for integration with already + provisioned hosts and when pivoting hosts between clusters. If + unsure, leave this field as false. type: boolean firmware: - description: BIOS configuration for bare metal server + description: |- + Firmware (BIOS) configuration for bare metal server. If set, the + requested settings will be applied before the host is provisioned. + Only some vendor drivers support this field. An alternative is to + use HostFirmwareSettings resources that allow changing arbitrary + values and support the generic Redfish-based drivers. properties: simultaneousMultithreadingEnabled: - description: 'Allows a single physical processor core to appear - as several logical processors. This supports following options: - true, false.' + description: Allows a single physical processor core to appear + as several logical processors. enum: - true - false type: boolean sriovEnabled: - description: 'SR-IOV support enables a hypervisor to create virtual + description: SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing performance. - This supports following options: true, false.' enum: - true - false type: boolean virtualizationEnabled: - description: 'Supports the virtualization of platform hardware. - This supports following options: true, false.' + description: Supports the virtualization of platform hardware. enum: - true - false type: boolean type: object hardwareProfile: - description: What is the name of the hardware profile for this host? - Hardware profiles are deprecated and should not be used. Use the - separate fields Architecture and RootDeviceHints instead. Set to - "empty" to prepare for the future version of the API without hardware - profiles. + description: |- + What is the name of the hardware profile for this host? + Hardware profiles are deprecated and should not be used. + Use the separate fields Architecture and RootDeviceHints instead. + Set to "empty" to prepare for the future version of the API + without hardware profiles. type: string image: - description: Image holds the details of the image to be provisioned. + description: |- + Image holds the details of the image to be provisioned. Populating + the image will cause the host to start provisioning. properties: checksum: - description: Checksum is the checksum for the image. + description: |- + Checksum is the checksum for the image. Required for all formats + except for "live-iso". type: string checksumType: - description: ChecksumType is the checksum algorithm for the image, - e.g md5, sha256 or sha512. The special value "auto" can be used - to detect the algorithm from the checksum. If missing, MD5 is - used. If in doubt, use "auto". + description: |- + ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512. + The special value "auto" can be used to detect the algorithm from the checksum. + If missing, MD5 is used. If in doubt, use "auto". enum: - md5 - sha256 @@ -230,11 +269,10 @@ spec: - auto type: string format: - description: DiskFormat contains the format of the image (raw, - qcow2, ...). Needs to be set to raw for raw images streaming. - Note live-iso means an iso referenced by the url will be live-booted - and not deployed to disk, and in this case the checksum options - are not required and if specified will be ignored. + description: |- + Format contains the format of the image (raw, qcow2, ...). + When set to "live-iso", an ISO 9660 image referenced by the url will + be live-booted and not deployed to disk. enum: - raw - qcow2 @@ -249,9 +287,10 @@ spec: - url type: object metaData: - description: MetaData holds the reference to the Secret containing - host metadata (e.g. meta_data.json) which is passed to the Config - Drive. + description: |- + MetaData holds the reference to the Secret containing host metadata + which is passed to the Config Drive. By default, metadata will be + generated for the host, so most users do not need to set this field. properties: name: description: name is unique within a namespace to reference a @@ -264,9 +303,10 @@ spec: type: object x-kubernetes-map-type: atomic networkData: - description: NetworkData holds the reference to the Secret containing - network configuration (e.g content of network_data.json) which is - passed to the Config Drive. + description: |- + NetworkData holds the reference to the Secret containing network + configuration which is passed to the Config Drive and interpreted + by the first boot software such as cloud-init. properties: name: description: name is unique within a namespace to reference a @@ -279,31 +319,41 @@ spec: type: object x-kubernetes-map-type: atomic online: - description: Should the server be online? + description: |- + Should the host be powered on? If the host is currently in a stable + state (e.g. provisioned), its power state will be forced to match + this value. type: boolean preprovisioningNetworkDataName: - description: PreprovisioningNetworkDataName is the name of the Secret - in the local namespace containing network configuration (e.g content - of network_data.json) which is passed to the preprovisioning image, - and to the Config Drive if not overridden by specifying NetworkData. + description: |- + PreprovisioningNetworkDataName is the name of the Secret in the + local namespace containing network configuration which is passed to + the preprovisioning image, and to the Config Drive if not overridden + by specifying NetworkData. type: string raid: - description: RAID configuration for bare metal server + description: |- + RAID configuration for bare metal server. If set, the RAID settings + will be applied before the host is provisioned. If not, the current + settings will not be modified. Only one of the sub-fields + hardwareRAIDVolumes and softwareRAIDVolumes can be set at the same + time. properties: hardwareRAIDVolumes: - description: The list of logical disks for hardware RAID, if rootDeviceHints - isn't used, first volume is root volume. You can set the value - of this field to `[]` to clear all the hardware RAID configurations. + description: |- + The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume. + You can set the value of this field to `[]` to clear all the hardware RAID configurations. items: description: HardwareRAIDVolume defines the desired configuration of volume in hardware RAID. properties: controller: - description: The name of the RAID controller to use + description: The name of the RAID controller to use. type: string level: - description: 'RAID level for the logical disk. The following - levels are supported: 0;1;2;5;6;1+0;5+0;6+0.' + description: |- + RAID level for the logical disk. The following levels are supported: + 0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them). enum: - "0" - "1" @@ -315,32 +365,35 @@ spec: - 6+0 type: string name: - description: Name of the volume. Should be unique within - the Node. If not specified, volume name will be auto-generated. + description: |- + Name of the volume. Should be unique within the Node. If not + specified, the name will be auto-generated. maxLength: 64 type: string numberOfPhysicalDisks: - description: Integer, number of physical disks to use for - the logical disk. Defaults to minimum number of disks - required for the particular RAID level. + description: |- + Integer, number of physical disks to use for the logical disk. + Defaults to minimum number of disks required for the particular RAID + level. minimum: 1 type: integer physicalDisks: - description: Optional list of physical disk names to be - used for the Hardware RAID volumes. The disk names are - interpreted by the Hardware RAID controller, and the format - is hardware specific. + description: |- + Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted + by the hardware RAID controller, and the format is hardware specific. items: type: string type: array rotational: - description: Select disks with only rotational or solid-state - storage + description: |- + Select disks with only rotational (if set to true) or solid-state + (if set to false) storage. By default, any disks can be picked. type: boolean sizeGibibytes: - description: Size (Integer) of the logical disk to be created - in GiB. If unspecified or set be 0, the maximum capacity - of disk will be used for logical disk. + description: |- + Size of the logical disk to be created in GiB. If unspecified or + set be 0, the maximum capacity of disk will be used for logical + disk. minimum: 0 type: integer required: @@ -349,23 +402,23 @@ spec: nullable: true type: array softwareRAIDVolumes: - description: The list of logical disks for software RAID, if rootDeviceHints - isn't used, first volume is root volume. If HardwareRAIDVolumes - is set this item will be invalid. The number of created Software - RAID devices must be 1 or 2. If there is only one Software RAID - device, it has to be a RAID-1. If there are two, the first one - has to be a RAID-1, while the RAID level for the second one - can be 0, 1, or 1+0. As the first RAID device will be the deployment - device, enforcing a RAID-1 reduces the risk of ending up with - a non-booting node in case of a disk failure. Software RAID - will always be deleted. + description: |- + The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume. + If HardwareRAIDVolumes is set this item will be invalid. + The number of created Software RAID devices must be 1 or 2. + If there is only one Software RAID device, it has to be a RAID-1. + If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0. + As the first RAID device will be the deployment device, + enforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure. + Software RAID will always be deleted. items: description: SoftwareRAIDVolume defines the desired configuration of volume in software RAID. properties: level: - description: 'RAID level for the logical disk. The following - levels are supported: 0;1;1+0.' + description: |- + RAID level for the logical disk. The following levels are supported: + 0, 1 and 1+0. enum: - "0" - "1" @@ -375,60 +428,66 @@ spec: description: A list of device hints, the number of items should be greater than or equal to 2. items: - description: RootDeviceHints holds the hints for specifying - the storage location for the root filesystem for the - image. + description: |- + RootDeviceHints holds the hints for specifying the storage location + for the root filesystem for the image. properties: deviceName: - description: A Linux device name like "/dev/vda", - or a by-path link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". - The hint must match the actual value exactly. + description: |- + A Linux device name like "/dev/vda", or a by-path link to it like + "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match + the actual value exactly. type: string hctl: - description: A SCSI bus address like 0:0:0:0. The - hint must match the actual value exactly. + description: |- + A SCSI bus address like 0:0:0:0. The hint must match the actual + value exactly. type: string minSizeGigabytes: description: The minimum size of the device in Gigabytes. minimum: 0 type: integer model: - description: A vendor-specific device identifier. - The hint can be a substring of the actual value. + description: |- + A vendor-specific device identifier. The hint can be a + substring of the actual value. type: string rotational: description: True if the device should use spinning media, false otherwise. type: boolean serialNumber: - description: Device serial number. The hint must match - the actual value exactly. + description: |- + Device serial number. The hint must match the actual value + exactly. type: string vendor: - description: The name of the vendor or manufacturer - of the device. The hint can be a substring of the - actual value. + description: |- + The name of the vendor or manufacturer of the device. The hint + can be a substring of the actual value. type: string wwn: - description: Unique storage identifier. The hint must - match the actual value exactly. + description: |- + Unique storage identifier. The hint must match the actual value + exactly. type: string wwnVendorExtension: - description: Unique vendor storage identifier. The - hint must match the actual value exactly. + description: |- + Unique vendor storage identifier. The hint must match the + actual value exactly. type: string wwnWithExtension: - description: Unique storage identifier with the vendor - extension appended. The hint must match the actual - value exactly. + description: |- + Unique storage identifier with the vendor extension + appended. The hint must match the actual value exactly. type: string type: object minItems: 2 type: array sizeGibibytes: - description: Size (Integer) of the logical disk to be created - in GiB. If unspecified or set be 0, the maximum capacity - of disk will be used for logical disk. + description: |- + Size of the logical disk to be created in GiB. + If unspecified or set be 0, the maximum capacity of disk will be used for logical disk. minimum: 0 type: integer required: @@ -439,70 +498,84 @@ spec: type: array type: object rootDeviceHints: - description: Provide guidance about how to choose the device for the - image being provisioned. + description: |- + Provide guidance about how to choose the device for the image + being provisioned. The default is currently to use /dev/sda as + the root device. properties: deviceName: - description: A Linux device name like "/dev/vda", or a by-path - link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". - The hint must match the actual value exactly. + description: |- + A Linux device name like "/dev/vda", or a by-path link to it like + "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match + the actual value exactly. type: string hctl: - description: A SCSI bus address like 0:0:0:0. The hint must match - the actual value exactly. + description: |- + A SCSI bus address like 0:0:0:0. The hint must match the actual + value exactly. type: string minSizeGigabytes: description: The minimum size of the device in Gigabytes. minimum: 0 type: integer model: - description: A vendor-specific device identifier. The hint can - be a substring of the actual value. + description: |- + A vendor-specific device identifier. The hint can be a + substring of the actual value. type: string rotational: description: True if the device should use spinning media, false otherwise. type: boolean serialNumber: - description: Device serial number. The hint must match the actual - value exactly. + description: |- + Device serial number. The hint must match the actual value + exactly. type: string vendor: - description: The name of the vendor or manufacturer of the device. - The hint can be a substring of the actual value. + description: |- + The name of the vendor or manufacturer of the device. The hint + can be a substring of the actual value. type: string wwn: - description: Unique storage identifier. The hint must match the - actual value exactly. + description: |- + Unique storage identifier. The hint must match the actual value + exactly. type: string wwnVendorExtension: - description: Unique vendor storage identifier. The hint must match - the actual value exactly. + description: |- + Unique vendor storage identifier. The hint must match the + actual value exactly. type: string wwnWithExtension: - description: Unique storage identifier with the vendor extension + description: |- + Unique storage identifier with the vendor extension appended. The hint must match the actual value exactly. type: string type: object taints: - description: Taints is the full, authoritative list of taints to apply - to the corresponding Machine. This list will overwrite any modifications - made to the Machine on an ongoing basis. + description: |- + Taints is the full, authoritative list of taints to apply to + the corresponding Machine. This list will overwrite any + modifications made to the Machine on an ongoing basis. items: - description: The node this Taint is attached to has the "effect" - on any pod that does not tolerate the Taint. + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. properties: effect: - description: Required. The effect of the taint on pods that - do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule - and NoExecute. + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: - description: TimeAdded represents the time at which the taint - was added. It is only written for NoExecute taints. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -514,8 +587,11 @@ spec: type: object type: array userData: - description: UserData holds the reference to the Secret containing - the user data to be passed to the host before it boots. + description: |- + UserData holds the reference to the Secret containing the user data + which is passed to the Config Drive and interpreted by the + first-boot software such as cloud-init. The format of user data is + specific to the first-boot software. properties: name: description: name is unique within a namespace to reference a @@ -539,11 +615,12 @@ spec: an error since the last successful operation type: integer errorMessage: - description: the last error message reported by the provisioning subsystem + description: The last error message reported by the provisioning subsystem. type: string errorType: - description: ErrorType indicates the type of failure encountered when - the OperationalStatus is OperationalStatusError + description: |- + ErrorType indicates the type of failure encountered when the + OperationalStatus is OperationalStatusError enum: - provisioned registration error - registration error @@ -551,13 +628,15 @@ spec: - preparation error - provisioning error - power management error + - servicing error type: string goodCredentials: - description: the last credentials we were able to validate as working + description: The last credentials we were able to validate as working. properties: credentials: - description: SecretReference represents a Secret Reference. It - has enough information to retrieve secret in any namespace + description: |- + SecretReference represents a Secret Reference. It has enough information to retrieve secret + in any namespace properties: name: description: name is unique within a namespace to reference @@ -573,10 +652,13 @@ spec: type: string type: object hardware: - description: The hardware discovered to exist on the host. + description: |- + The hardware discovered to exist on the host. + This field will be removed in the next API version in favour of the + separate HardwareData resource. properties: cpu: - description: CPU describes one processor on the host. + description: Details of the CPU(s) in the system. properties: arch: type: string @@ -594,7 +676,7 @@ spec: type: string type: object firmware: - description: Firmware describes the firmware on the host. + description: System firmware information. properties: bios: description: The BIOS for this firmware @@ -613,14 +695,15 @@ spec: hostname: type: string nics: + description: List of network interfaces for the host. items: description: NIC describes one network interface on the host. properties: ip: - description: The IP address of the interface. This will - be an IPv4 or IPv6 address if one is present. If both - IPv4 and IPv6 addresses are present in a dual-stack environment, - two nics will be output, one with each IP. + description: |- + The IP address of the interface. This will be an IPv4 or IPv6 address + if one is present. If both IPv4 and IPv6 addresses are present in a + dual-stack environment, two nics will be output, one with each IP. type: string mac: description: The device MAC address @@ -663,16 +746,20 @@ spec: type: object type: array ramMebibytes: + description: The host's amount of memory in Mebibytes. type: integer storage: + description: List of storage (disk, SSD, etc.) available to the + host. items: description: Storage describes one storage device (disk, SSD, etc.) on the host. properties: alternateNames: - description: A list of alternate Linux device names of the - disk, e.g. "/dev/sda". Note that this list is not exhaustive, - and names may not be stable across reboots. + description: |- + A list of alternate Linux device names of the disk, e.g. "/dev/sda". + Note that this list is not exhaustive, and names may not be stable + across reboots. items: type: string type: array @@ -683,15 +770,17 @@ spec: description: Hardware model type: string name: - description: A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". - This will be a name that is stable across reboots if one - is available. + description: |- + A Linux device name of the disk, e.g. + "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name + that is stable across reboots if one is available. type: string rotational: - description: Whether this disk represents rotational storage. - This field is not recommended for usage, please prefer - using 'Type' field instead, this field will be deprecated - eventually. + description: |- + Whether this disk represents rotational storage. + This field is not recommended for usage, please + prefer using 'Type' field instead, this field + will be deprecated eventually. type: boolean serialNumber: description: The serial number of the device @@ -722,8 +811,7 @@ spec: type: object type: array systemVendor: - description: HardwareSystemVendor stores details about the whole - hardware system. + description: System vendor information. properties: manufacturer: type: string @@ -734,7 +822,8 @@ spec: type: object type: object hardwareProfile: - description: The name of the profile matching the hardware details. + description: |- + The name of the profile matching the hardware details. Hardware profiles are deprecated and should not be relied on. type: string lastUpdated: @@ -742,12 +831,14 @@ spec: format: date-time type: string operationHistory: - description: OperationHistory holds information about operations performed + description: |- + OperationHistory holds information about operations performed on this host. properties: deprovision: - description: OperationMetric contains metadata about an operation - (inspection, provisioning, etc.) used for tracking metrics. + description: |- + OperationMetric contains metadata about an operation (inspection, + provisioning, etc.) used for tracking metrics. properties: end: format: date-time @@ -759,8 +850,9 @@ spec: type: string type: object inspect: - description: OperationMetric contains metadata about an operation - (inspection, provisioning, etc.) used for tracking metrics. + description: |- + OperationMetric contains metadata about an operation (inspection, + provisioning, etc.) used for tracking metrics. properties: end: format: date-time @@ -772,8 +864,9 @@ spec: type: string type: object provision: - description: OperationMetric contains metadata about an operation - (inspection, provisioning, etc.) used for tracking metrics. + description: |- + OperationMetric contains metadata about an operation (inspection, + provisioning, etc.) used for tracking metrics. properties: end: format: date-time @@ -785,8 +878,9 @@ spec: type: string type: object register: - description: OperationMetric contains metadata about an operation - (inspection, provisioning, etc.) used for tracking metrics. + description: |- + OperationMetric contains metadata about an operation (inspection, + provisioning, etc.) used for tracking metrics. properties: end: format: date-time @@ -807,20 +901,25 @@ spec: - error - delayed - detached + - servicing type: string poweredOn: - description: indicator for whether or not the host is powered on + description: |- + The currently detected power state of the host. This field may get + briefly out of sync with the actual state of the hardware while + provisioning processes are running. type: boolean provisioning: description: Information tracked by the provisioner. properties: ID: - description: The machine's UUID from the underlying provisioning - tool + description: |- + The hosts's ID from the underlying provisioning tool (e.g. the + Ironic node UUID). type: string bootMode: description: BootMode indicates the boot mode used to provision - the node + the host. enum: - UEFI - UEFISecureBoot @@ -830,52 +929,54 @@ spec: description: Custom deploy procedure applied to the host. properties: method: - description: Custom deploy method name. This name is specific - to the deploy ramdisk used. If you don't have a custom deploy - ramdisk, you shouldn't use CustomDeploy. + description: |- + Custom deploy method name. + This name is specific to the deploy ramdisk used. If you don't have + a custom deploy ramdisk, you shouldn't use CustomDeploy. type: string required: - method type: object firmware: - description: The Bios set by the user + description: The firmware settings that have been applied. properties: simultaneousMultithreadingEnabled: - description: 'Allows a single physical processor core to appear - as several logical processors. This supports following options: - true, false.' + description: Allows a single physical processor core to appear + as several logical processors. enum: - true - false type: boolean sriovEnabled: - description: 'SR-IOV support enables a hypervisor to create + description: SR-IOV support enables a hypervisor to create virtual instances of a PCI-express device, potentially increasing - performance. This supports following options: true, false.' + performance. enum: - true - false type: boolean virtualizationEnabled: - description: 'Supports the virtualization of platform hardware. - This supports following options: true, false.' + description: Supports the virtualization of platform hardware. enum: - true - false type: boolean type: object image: - description: Image holds the details of the last image successfully + description: |- + Image holds the details of the last image successfully provisioned to the host. properties: checksum: - description: Checksum is the checksum for the image. + description: |- + Checksum is the checksum for the image. Required for all formats + except for "live-iso". type: string checksumType: - description: ChecksumType is the checksum algorithm for the - image, e.g md5, sha256 or sha512. The special value "auto" - can be used to detect the algorithm from the checksum. If - missing, MD5 is used. If in doubt, use "auto". + description: |- + ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512. + The special value "auto" can be used to detect the algorithm from the checksum. + If missing, MD5 is used. If in doubt, use "auto". enum: - md5 - sha256 @@ -883,12 +984,10 @@ spec: - auto type: string format: - description: DiskFormat contains the format of the image (raw, - qcow2, ...). Needs to be set to raw for raw images streaming. - Note live-iso means an iso referenced by the url will be - live-booted and not deployed to disk, and in this case the - checksum options are not required and if specified will - be ignored. + description: |- + Format contains the format of the image (raw, qcow2, ...). + When set to "live-iso", an ISO 9660 image referenced by the url will + be live-booted and not deployed to disk. enum: - raw - qcow2 @@ -903,23 +1002,23 @@ spec: - url type: object raid: - description: The Raid set by the user + description: The RAID configuration that has been applied. properties: hardwareRAIDVolumes: - description: The list of logical disks for hardware RAID, - if rootDeviceHints isn't used, first volume is root volume. - You can set the value of this field to `[]` to clear all - the hardware RAID configurations. + description: |- + The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume. + You can set the value of this field to `[]` to clear all the hardware RAID configurations. items: description: HardwareRAIDVolume defines the desired configuration of volume in hardware RAID. properties: controller: - description: The name of the RAID controller to use + description: The name of the RAID controller to use. type: string level: - description: 'RAID level for the logical disk. The following - levels are supported: 0;1;2;5;6;1+0;5+0;6+0.' + description: |- + RAID level for the logical disk. The following levels are supported: + 0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them). enum: - "0" - "1" @@ -931,32 +1030,35 @@ spec: - 6+0 type: string name: - description: Name of the volume. Should be unique within - the Node. If not specified, volume name will be auto-generated. + description: |- + Name of the volume. Should be unique within the Node. If not + specified, the name will be auto-generated. maxLength: 64 type: string numberOfPhysicalDisks: - description: Integer, number of physical disks to use - for the logical disk. Defaults to minimum number of - disks required for the particular RAID level. + description: |- + Integer, number of physical disks to use for the logical disk. + Defaults to minimum number of disks required for the particular RAID + level. minimum: 1 type: integer physicalDisks: - description: Optional list of physical disk names to - be used for the Hardware RAID volumes. The disk names - are interpreted by the Hardware RAID controller, and - the format is hardware specific. + description: |- + Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted + by the hardware RAID controller, and the format is hardware specific. items: type: string type: array rotational: - description: Select disks with only rotational or solid-state - storage + description: |- + Select disks with only rotational (if set to true) or solid-state + (if set to false) storage. By default, any disks can be picked. type: boolean sizeGibibytes: - description: Size (Integer) of the logical disk to be - created in GiB. If unspecified or set be 0, the maximum - capacity of disk will be used for logical disk. + description: |- + Size of the logical disk to be created in GiB. If unspecified or + set be 0, the maximum capacity of disk will be used for logical + disk. minimum: 0 type: integer required: @@ -965,24 +1067,23 @@ spec: nullable: true type: array softwareRAIDVolumes: - description: The list of logical disks for software RAID, - if rootDeviceHints isn't used, first volume is root volume. + description: |- + The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume. If HardwareRAIDVolumes is set this item will be invalid. - The number of created Software RAID devices must be 1 or - 2. If there is only one Software RAID device, it has to - be a RAID-1. If there are two, the first one has to be a - RAID-1, while the RAID level for the second one can be 0, - 1, or 1+0. As the first RAID device will be the deployment - device, enforcing a RAID-1 reduces the risk of ending up - with a non-booting node in case of a disk failure. Software - RAID will always be deleted. + The number of created Software RAID devices must be 1 or 2. + If there is only one Software RAID device, it has to be a RAID-1. + If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0. + As the first RAID device will be the deployment device, + enforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure. + Software RAID will always be deleted. items: description: SoftwareRAIDVolume defines the desired configuration of volume in software RAID. properties: level: - description: 'RAID level for the logical disk. The following - levels are supported: 0;1;1+0.' + description: |- + RAID level for the logical disk. The following levels are supported: + 0, 1 and 1+0. enum: - "0" - "1" @@ -992,18 +1093,20 @@ spec: description: A list of device hints, the number of items should be greater than or equal to 2. items: - description: RootDeviceHints holds the hints for specifying - the storage location for the root filesystem for - the image. + description: |- + RootDeviceHints holds the hints for specifying the storage location + for the root filesystem for the image. properties: deviceName: - description: A Linux device name like "/dev/vda", - or a by-path link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". - The hint must match the actual value exactly. + description: |- + A Linux device name like "/dev/vda", or a by-path link to it like + "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match + the actual value exactly. type: string hctl: - description: A SCSI bus address like 0:0:0:0. - The hint must match the actual value exactly. + description: |- + A SCSI bus address like 0:0:0:0. The hint must match the actual + value exactly. type: string minSizeGigabytes: description: The minimum size of the device in @@ -1011,42 +1114,46 @@ spec: minimum: 0 type: integer model: - description: A vendor-specific device identifier. - The hint can be a substring of the actual value. + description: |- + A vendor-specific device identifier. The hint can be a + substring of the actual value. type: string rotational: description: True if the device should use spinning media, false otherwise. type: boolean serialNumber: - description: Device serial number. The hint must - match the actual value exactly. + description: |- + Device serial number. The hint must match the actual value + exactly. type: string vendor: - description: The name of the vendor or manufacturer - of the device. The hint can be a substring of - the actual value. + description: |- + The name of the vendor or manufacturer of the device. The hint + can be a substring of the actual value. type: string wwn: - description: Unique storage identifier. The hint - must match the actual value exactly. + description: |- + Unique storage identifier. The hint must match the actual value + exactly. type: string wwnVendorExtension: - description: Unique vendor storage identifier. - The hint must match the actual value exactly. + description: |- + Unique vendor storage identifier. The hint must match the + actual value exactly. type: string wwnWithExtension: - description: Unique storage identifier with the - vendor extension appended. The hint must match - the actual value exactly. + description: |- + Unique storage identifier with the vendor extension + appended. The hint must match the actual value exactly. type: string type: object minItems: 2 type: array sizeGibibytes: - description: Size (Integer) of the logical disk to be - created in GiB. If unspecified or set be 0, the maximum - capacity of disk will be used for logical disk. + description: |- + Size of the logical disk to be created in GiB. + If unspecified or set be 0, the maximum capacity of disk will be used for logical disk. minimum: 0 type: integer required: @@ -1057,52 +1164,60 @@ spec: type: array type: object rootDeviceHints: - description: The RootDevicehints set by the user + description: The root device hints used to provision the host. properties: deviceName: - description: A Linux device name like "/dev/vda", or a by-path - link to it like "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". - The hint must match the actual value exactly. + description: |- + A Linux device name like "/dev/vda", or a by-path link to it like + "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match + the actual value exactly. type: string hctl: - description: A SCSI bus address like 0:0:0:0. The hint must - match the actual value exactly. + description: |- + A SCSI bus address like 0:0:0:0. The hint must match the actual + value exactly. type: string minSizeGigabytes: description: The minimum size of the device in Gigabytes. minimum: 0 type: integer model: - description: A vendor-specific device identifier. The hint - can be a substring of the actual value. + description: |- + A vendor-specific device identifier. The hint can be a + substring of the actual value. type: string rotational: description: True if the device should use spinning media, false otherwise. type: boolean serialNumber: - description: Device serial number. The hint must match the - actual value exactly. + description: |- + Device serial number. The hint must match the actual value + exactly. type: string vendor: - description: The name of the vendor or manufacturer of the - device. The hint can be a substring of the actual value. + description: |- + The name of the vendor or manufacturer of the device. The hint + can be a substring of the actual value. type: string wwn: - description: Unique storage identifier. The hint must match - the actual value exactly. + description: |- + Unique storage identifier. The hint must match the actual value + exactly. type: string wwnVendorExtension: - description: Unique vendor storage identifier. The hint must - match the actual value exactly. + description: |- + Unique vendor storage identifier. The hint must match the + actual value exactly. type: string wwnWithExtension: - description: Unique storage identifier with the vendor extension + description: |- + Unique storage identifier with the vendor extension appended. The hint must match the actual value exactly. type: string type: object state: - description: An indiciator for what the provisioner is doing with + description: An indicator for what the provisioner is doing with the host. type: string required: @@ -1110,11 +1225,12 @@ spec: - state type: object triedCredentials: - description: the last credentials we sent to the provisioning backend + description: The last credentials we sent to the provisioning backend. properties: credentials: - description: SecretReference represents a Secret Reference. It - has enough information to retrieve secret in any namespace + description: |- + SecretReference represents a Secret Reference. It has enough information to retrieve secret + in any namespace properties: name: description: name is unique within a namespace to reference diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-bmceventsubscriptions.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-bmceventsubscriptions.yaml index c0dc2bf..b12a0e8 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-bmceventsubscriptions.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-bmceventsubscriptions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 labels: clusterctl.cluster.x-k8s.io: "" name: bmceventsubscriptions.metal3.io @@ -34,14 +34,19 @@ spec: description: BMCEventSubscription is the Schema for the fast eventing API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -57,8 +62,9 @@ spec: description: A reference to a BareMetalHost type: string httpHeadersRef: - description: A secret containing HTTP headers which should be passed - along to the Destination when making a request + description: |- + A secret containing HTTP headers which should be passed along to the Destination + when making a request properties: name: description: name is unique within a namespace to reference a diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-dataimages.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-dataimages.yaml index c1bb7b0..fdf0de6 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-dataimages.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-dataimages.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 name: dataimages.metal3.io spec: group: metal3.io @@ -20,14 +20,19 @@ spec: description: DataImage is the Schema for the dataimages API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -35,7 +40,8 @@ spec: description: DataImageSpec defines the desired state of DataImage. properties: url: - description: Url is the address of the dataImage that we want to attach + description: |- + Url is the address of the dataImage that we want to attach to a BareMetalHost type: string required: diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-firmwareschemas.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-firmwareschemas.yaml index 3b3c4fe..774af09 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-firmwareschemas.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-firmwareschemas.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 labels: clusterctl.cluster.x-k8s.io: "" name: firmwareschemas.metal3.io @@ -22,14 +22,19 @@ spec: description: FirmwareSchema is the Schema for the firmwareschemas API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -73,8 +78,9 @@ spec: description: Whether or not this setting is read only. type: boolean unique: - description: Whether or not this setting's value is unique to - this node, e.g. a serial number. + description: |- + Whether or not this setting's value is unique to this node, e.g. + a serial number. type: boolean upper_bound: description: The highest value for an Integer type setting. diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml index 7a39068..0693bf3 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 labels: clusterctl.cluster.x-k8s.io: "" name: hardwaredata.metal3.io @@ -29,14 +29,19 @@ spec: description: HardwareData is the Schema for the hardwaredata API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -47,7 +52,7 @@ spec: description: The hardware discovered on the host during its inspection. properties: cpu: - description: CPU describes one processor on the host. + description: Details of the CPU(s) in the system. properties: arch: type: string @@ -65,7 +70,7 @@ spec: type: string type: object firmware: - description: Firmware describes the firmware on the host. + description: System firmware information. properties: bios: description: The BIOS for this firmware @@ -84,14 +89,15 @@ spec: hostname: type: string nics: + description: List of network interfaces for the host. items: description: NIC describes one network interface on the host. properties: ip: - description: The IP address of the interface. This will - be an IPv4 or IPv6 address if one is present. If both - IPv4 and IPv6 addresses are present in a dual-stack environment, - two nics will be output, one with each IP. + description: |- + The IP address of the interface. This will be an IPv4 or IPv6 address + if one is present. If both IPv4 and IPv6 addresses are present in a + dual-stack environment, two nics will be output, one with each IP. type: string mac: description: The device MAC address @@ -134,16 +140,20 @@ spec: type: object type: array ramMebibytes: + description: The host's amount of memory in Mebibytes. type: integer storage: + description: List of storage (disk, SSD, etc.) available to the + host. items: description: Storage describes one storage device (disk, SSD, etc.) on the host. properties: alternateNames: - description: A list of alternate Linux device names of the - disk, e.g. "/dev/sda". Note that this list is not exhaustive, - and names may not be stable across reboots. + description: |- + A list of alternate Linux device names of the disk, e.g. "/dev/sda". + Note that this list is not exhaustive, and names may not be stable + across reboots. items: type: string type: array @@ -154,15 +164,17 @@ spec: description: Hardware model type: string name: - description: A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". - This will be a name that is stable across reboots if one - is available. + description: |- + A Linux device name of the disk, e.g. + "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name + that is stable across reboots if one is available. type: string rotational: - description: Whether this disk represents rotational storage. - This field is not recommended for usage, please prefer - using 'Type' field instead, this field will be deprecated - eventually. + description: |- + Whether this disk represents rotational storage. + This field is not recommended for usage, please + prefer using 'Type' field instead, this field + will be deprecated eventually. type: boolean serialNumber: description: The serial number of the device @@ -193,8 +205,7 @@ spec: type: object type: array systemVendor: - description: HardwareSystemVendor stores details about the whole - hardware system. + description: System vendor information. properties: manufacturer: type: string diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwarecomponents.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwarecomponents.yaml index 2962d52..656458b 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwarecomponents.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwarecomponents.yaml @@ -3,7 +3,9 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + clusterctl.cluster.x-k8s.io: "" name: hostfirmwarecomponents.metal3.io spec: group: metal3.io @@ -21,14 +23,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -82,43 +89,35 @@ spec: description: Track whether updates stored in the spec are valid based on the schema items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -133,10 +132,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -156,8 +151,9 @@ spec: format: date-time type: string updates: - description: Updates is the list of all firmware components that should - be updated they are specified via name and url fields. + description: |- + Updates is the list of all firmware components that should be updated + they are specified via name and url fields. items: description: FirmwareUpdate defines a firmware update specification. properties: diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwaresettings.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwaresettings.yaml index 62679cf..bfa1b19 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwaresettings.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwaresettings.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 labels: clusterctl.cluster.x-k8s.io: "" name: hostfirmwaresettings.metal3.io @@ -25,14 +25,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -59,43 +64,35 @@ spec: description: Track whether settings stored in the spec are valid based on the schema items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -110,10 +107,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -133,8 +126,9 @@ spec: format: date-time type: string schema: - description: FirmwareSchema is a reference to the Schema used to describe - each FirmwareSetting. By default, this will be a Schema in the same + description: |- + FirmwareSchema is a reference to the Schema used to describe each + FirmwareSetting. By default, this will be a Schema in the same Namespace as the settings but it can be overwritten in the Spec properties: name: diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-hostupdatepolicies.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-hostupdatepolicies.yaml new file mode 100644 index 0000000..df4db81 --- /dev/null +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-hostupdatepolicies.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + clusterctl.cluster.x-k8s.io: "" + name: hostupdatepolicies.metal3.io +spec: + group: metal3.io + names: + kind: HostUpdatePolicy + listKind: HostUpdatePolicyList + plural: hostupdatepolicies + singular: hostupdatepolicy + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: HostUpdatePolicy is the Schema for the hostupdatepolicy API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HostUpdatePolicySpec defines the desired state of HostUpdatePolicy. + properties: + firmwareSettings: + description: Defines policy for changing firmware settings + enum: + - onPreparing + - onReboot + type: string + firmwareUpdates: + description: Defines policy for updating firmware + enum: + - onPreparing + - onReboot + type: string + type: object + status: + description: HostUpdatePolicyStatus defines the observed state of HostUpdatePolicy. + type: object + type: object + served: true + storage: true diff --git a/metal3-chart/charts/baremetal-operator/crds/customresource-preprovisioningimages.yaml b/metal3-chart/charts/baremetal-operator/crds/customresource-preprovisioningimages.yaml index f743a89..dc15c0a 100644 --- a/metal3-chart/charts/baremetal-operator/crds/customresource-preprovisioningimages.yaml +++ b/metal3-chart/charts/baremetal-operator/crds/customresource-preprovisioningimages.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.5 labels: clusterctl.cluster.x-k8s.io: "" name: preprovisioningimages.metal3.io @@ -34,14 +34,19 @@ spec: API. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -62,8 +67,9 @@ spec: to build the image. type: string networkDataName: - description: networkDataName is the name of a Secret in the local - namespace that contains network data to build in to the image. + description: |- + networkDataName is the name of a Secret in the local namespace that + contains network data to build in to the image. type: string type: object status: @@ -77,43 +83,35 @@ spec: conditions: description: conditions describe the state of the built image items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. maxLength: 32768 type: string observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. format: int64 minimum: 0 type: integer reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. This field may not be empty. maxLength: 1024 minLength: 1 @@ -128,10 +126,6 @@ spec: type: string type: description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -147,13 +141,14 @@ spec: - type x-kubernetes-list-type: map extraKernelParams: - description: extraKernelParams is a string with extra parameters to - pass to the kernel when booting the image over network. Only makes - sense for initrd images. + description: |- + extraKernelParams is a string with extra parameters to pass to the + kernel when booting the image over network. Only makes sense for initrd images. type: string format: - description: 'format is the type of image that is available at the - download url: either iso or initrd.' + description: |- + format is the type of image that is available at the download url: + either iso or initrd. enum: - iso - initrd @@ -163,12 +158,14 @@ spec: downloaded. type: string kernelUrl: - description: kernelUrl is the URL from which the kernel of the image - can be downloaded. Only makes sense for initrd images. + description: |- + kernelUrl is the URL from which the kernel of the image can be downloaded. + Only makes sense for initrd images. type: string networkData: - description: networkData is a reference to the version of the Secret - containing the network data used to build the image. + description: |- + networkData is a reference to the version of the Secret containing the + network data used to build the image. properties: name: type: string diff --git a/metal3-chart/charts/baremetal-operator/templates/clusterrole-manager.yaml b/metal3-chart/charts/baremetal-operator/templates/clusterrole-manager.yaml index e55cb06..408a3b3 100644 --- a/metal3-chart/charts/baremetal-operator/templates/clusterrole-manager.yaml +++ b/metal3-chart/charts/baremetal-operator/templates/clusterrole-manager.yaml @@ -184,3 +184,23 @@ rules: - get - patch - update +- apiGroups: + - metal3.io + resources: + - hostupdatepolicies + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - hostupdatepolicies/status + verbs: + - get + - patch + - update diff --git a/metal3-chart/charts/baremetal-operator/templates/deployment.yaml b/metal3-chart/charts/baremetal-operator/templates/deployment.yaml index 4687c0d..53fbe05 100644 --- a/metal3-chart/charts/baremetal-operator/templates/deployment.yaml +++ b/metal3-chart/charts/baremetal-operator/templates/deployment.yaml @@ -24,8 +24,8 @@ spec: spec: containers: - args: - - --metrics-addr=127.0.0.1:8085 - --enable-leader-election + - --tls-min-version=TLS13 env: - name: POD_NAME valueFrom: @@ -56,6 +56,9 @@ spec: - containerPort: 9443 name: webhook-server protocol: TCP + - containerPort: 8443 + protocol: TCP + name: https readinessProbe: failureThreshold: 10 httpGet: @@ -84,19 +87,6 @@ spec: mountPath: "/opt/metal3/certs/ca" readOnly: true {{- end }} - - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8085/ - - --logtostderr=true - - --v=10 - image: "{{ .Values.images.rbacProxy.repository }}:{{ .Values.images.rbacProxy.tag }}" - imagePullPolicy: {{ .Values.images.rbacProxy.pullPolicy }} - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https serviceAccountName: {{ include "baremetal-operator.serviceAccountName" . }} terminationGracePeriodSeconds: 10 volumes: diff --git a/metal3-chart/charts/baremetal-operator/templates/metrics_auth_role.yaml b/metal3-chart/charts/baremetal-operator/templates/metrics_auth_role.yaml new file mode 100644 index 0000000..f5d2883 --- /dev/null +++ b/metal3-chart/charts/baremetal-operator/templates/metrics_auth_role.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role + labels: + {{- include "baremetal-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/metal3-chart/charts/baremetal-operator/templates/metrics_auth_role_binding.yaml b/metal3-chart/charts/baremetal-operator/templates/metrics_auth_role_binding.yaml new file mode 100644 index 0000000..0760da3 --- /dev/null +++ b/metal3-chart/charts/baremetal-operator/templates/metrics_auth_role_binding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-rolebinding + labels: + {{- include "baremetal-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role +subjects: +- kind: ServiceAccount + name: {{ include "baremetal-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/metal3-chart/charts/baremetal-operator/templates/metrics_reader_role.yaml b/metal3-chart/charts/baremetal-operator/templates/metrics_reader_role.yaml new file mode 100644 index 0000000..915f8f4 --- /dev/null +++ b/metal3-chart/charts/baremetal-operator/templates/metrics_reader_role.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "baremetal-operator.fullname" . }}-metrics-reader + labels: + {{- include "baremetal-operator.labels" . | nindent 4 }} +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml b/metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml new file mode 100644 index 0000000..64f39a6 --- /dev/null +++ b/metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "baremetal-operator.labels" . | nindent 4 }} + control-plane: controller-manager + name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager diff --git a/metal3-chart/charts/baremetal-operator/values.yaml b/metal3-chart/charts/baremetal-operator/values.yaml index 6e137f1..90008e7 100644 --- a/metal3-chart/charts/baremetal-operator/values.yaml +++ b/metal3-chart/charts/baremetal-operator/values.yaml @@ -28,11 +28,7 @@ images: baremetalOperator: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator pullPolicy: IfNotPresent - tag: "0.8.0" - rbacProxy: - repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy - pullPolicy: IfNotPresent - tag: "0.18.1" + tag: "0.9.0" imagePullSecrets: [] nameOverride: "manger" -- 2.49.0 From ca510a470afe89ecf61eec38e93638a275197df1f44b480c37230e67d49c8f9e Mon Sep 17 00:00:00 2001 From: Fatih Degirmenci Date: Tue, 18 Mar 2025 17:21:11 +0100 Subject: [PATCH 16/55] 3.3.0: Bump rke2 to v1.32.2+rke2r1 in release-manifest --- release-manifest-image/release_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 112301e..a165995 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -31,7 +31,7 @@ spec: image: rancher/mirrored-metrics-server:v0.7.2 type: Deployment rke2: - version: v1.32.1+rke2r1 + version: v1.32.2+rke2r1 coreComponents: - name: rke2-cilium version: 1.17.000 -- 2.49.0 From 75ae14da78bd6069df519c3dd7df416ec983bfeac6454c5580113405484161b7 Mon Sep 17 00:00:00 2001 From: Kristian-ZH Date: Wed, 19 Mar 2025 11:56:54 +0200 Subject: [PATCH 17/55] Bump Metal3 and Turles RM versions --- release-manifest-image/release_manifest.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index a165995..9dd0a51 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -171,8 +171,8 @@ spec: - prettyName: Metal3 releaseName: metal3 chart: %%CHART_REPO%%/%%IMG_PREFIX%%metal3-chart - version: %%CHART_MAJOR%%.0.0+up0.9.0 + version: %%CHART_MAJOR%%.0.0+up0.10.0 - prettyName: RancherTurtles releaseName: rancher-turtles chart: %%CHART_REPO%%/%%IMG_PREFIX%%rancher-turtles-chart - version: %%CHART_MAJOR%%.0.0+up0.14.1 + version: %%CHART_MAJOR%%.0.0+up0.16.0 -- 2.49.0 From 54c0850acfcc28b95e272b679577c6053ae9ce89b599ccce6914b3d0d1374d23 Mon Sep 17 00:00:00 2001 From: Kristian-ZH Date: Wed, 19 Mar 2025 17:25:09 +0200 Subject: [PATCH 18/55] Update MetalLB and all other packages around it --- frr-image/Dockerfile | 10 ++--- frr-k8s/_service | 2 +- frr-k8s/frr-k8s.spec | 4 +- metallb-chart/Chart.yaml | 17 ++++---- metallb-chart/README.md | 16 ++++---- .../charts/{metallb-crds => crds}/.helmignore | 0 .../charts/{metallb-crds => crds}/Chart.yaml | 4 +- metallb-chart/charts/crds/README.md | 14 +++++++ .../templates/crds.yaml | 40 +++++++++++++------ metallb-chart/charts/frr-k8s/.helmignore | 23 +++++++++++ metallb-chart/charts/frr-k8s/Chart.lock | 6 +++ metallb-chart/charts/frr-k8s/Chart.yaml | 9 ++++- metallb-chart/charts/frr-k8s/README.md | 16 ++++---- .../charts/frr-k8s/charts/crds/.helmignore | 23 +++++++++++ .../charts/frr-k8s/charts/crds/Chart.yaml | 10 +++++ .../charts/frr-k8s/charts/crds/README.md | 14 +++++++ .../frrk8s.metallb.io_frrconfigurations.yaml | 17 ++++++-- .../frrk8s.metallb.io_frrnodestates.yaml | 0 .../charts/frr-k8s/templates/controller.yaml | 11 +++-- .../charts/frr-k8s/templates/webhooks.yaml | 13 +++--- metallb-chart/charts/frr-k8s/values.yaml | 9 +++-- metallb-chart/charts/metallb-crds/README.md | 11 ----- metallb-chart/templates/_helpers.tpl | 1 + metallb-chart/templates/controller.yaml | 2 +- metallb-chart/templates/podmonitor.yaml | 2 + metallb-chart/templates/prometheusrules.yaml | 20 +++++----- metallb-chart/templates/rbac.yaml | 12 ++++-- metallb-chart/templates/service-accounts.yaml | 2 +- metallb-chart/templates/servicemonitor.yaml | 7 +++- metallb-chart/values.yaml | 30 +++++++++----- metallb/_service | 2 +- metallb/metallb.spec | 8 ++-- 32 files changed, 246 insertions(+), 109 deletions(-) rename metallb-chart/charts/{metallb-crds => crds}/.helmignore (100%) rename metallb-chart/charts/{metallb-crds => crds}/Chart.yaml (86%) create mode 100644 metallb-chart/charts/crds/README.md rename metallb-chart/charts/{metallb-crds => crds}/templates/crds.yaml (97%) create mode 100644 metallb-chart/charts/frr-k8s/.helmignore create mode 100644 metallb-chart/charts/frr-k8s/Chart.lock create mode 100644 metallb-chart/charts/frr-k8s/charts/crds/.helmignore create mode 100644 metallb-chart/charts/frr-k8s/charts/crds/Chart.yaml create mode 100644 metallb-chart/charts/frr-k8s/charts/crds/README.md rename metallb-chart/charts/frr-k8s/{crds => charts/crds/templates}/frrk8s.metallb.io_frrconfigurations.yaml (95%) rename metallb-chart/charts/frr-k8s/{crds => charts/crds/templates}/frrk8s.metallb.io_frrnodestates.yaml (100%) delete mode 100644 metallb-chart/charts/metallb-crds/README.md diff --git a/frr-image/Dockerfile b/frr-image/Dockerfile index da39fef..4255a41 100644 --- a/frr-image/Dockerfile +++ b/frr-image/Dockerfile @@ -1,7 +1,7 @@ # SPDX-License-Identifier: MIT -#!BuildTag: %%IMG_PREFIX%%frr:8.4 -#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE% -#!BuildVersion: 15.5 +#!BuildTag: %%IMG_PREFIX%%frr:8.5.6 +#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE% +#!BuildVersion: 15.6 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -15,11 +15,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="FRR Container Image" LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="8.4" +LABEL org.opencontainers.image.version="8.5.6" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/frr-k8s/_service b/frr-k8s/_service index f83862b..30fcaa1 100644 --- a/frr-k8s/_service +++ b/frr-k8s/_service @@ -2,7 +2,7 @@ https://github.com/metallb/frr-k8s git - v0.0.14 + v0.0.16 _auto_ @PARENT_TAG@ enable diff --git a/frr-k8s/frr-k8s.spec b/frr-k8s/frr-k8s.spec index 3d97a10..bb8f1be 100644 --- a/frr-k8s/frr-k8s.spec +++ b/frr-k8s/frr-k8s.spec @@ -17,8 +17,8 @@ Name: frr-k8s -Version: 0.0.14 -Release: 0.0.14 +Version: 0.0.16 +Release: 0.0.16 Summary: A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner. License: Apache-2.0 URL: https://github.com/metallb/frr-k8s diff --git a/metallb-chart/Chart.yaml b/metallb-chart/Chart.yaml index 93514fb..ad7f56a 100644 --- a/metallb-chart/Chart.yaml +++ b/metallb-chart/Chart.yaml @@ -1,16 +1,15 @@ -#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9 -#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE% apiVersion: v2 -appVersion: v0.14.3 +appVersion: v0.14.9 dependencies: -- condition: frrk8s.enabled +- condition: crds.enabled + name: crds + repository: file://./charts/crds + version: 0.14.9 +- alias: metallb-frr-k8s + condition: frrk8s.enabled name: frr-k8s repository: file://./charts/frr-k8s - version: 0.0.15 -- condition: crds.enabled - name: metallb-crds - repository: file://./charts/metallb-crds - version: 0.14.8 + version: 0.0.16 description: A network load-balancer implementation for Kubernetes using standard routing protocols home: https://metallb.universe.tf diff --git a/metallb-chart/README.md b/metallb-chart/README.md index 68692d1..1bf5c15 100644 --- a/metallb-chart/README.md +++ b/metallb-chart/README.md @@ -1,6 +1,6 @@ # metallb -![Version: 0.14.8](https://img.shields.io/badge/Version-0.14.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.8](https://img.shields.io/badge/AppVersion-v0.14.8-informational?style=flat-square) +![Version: 0.14.9](https://img.shields.io/badge/Version-0.14.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.9](https://img.shields.io/badge/AppVersion-v0.14.9-informational?style=flat-square) A network load-balancer implementation for Kubernetes using standard routing protocols @@ -16,8 +16,8 @@ Kubernetes: `>= 1.19.0-0` | Repository | Name | Version | |------------|------|---------| -| | crds | 0.14.8 | -| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.14 | +| | crds | 0.14.9 | +| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 | ## Values @@ -79,17 +79,17 @@ Kubernetes: `>= 1.19.0-0` | prometheus.podMonitor.relabelings | list | `[]` | | | prometheus.prometheusRule.additionalLabels | object | `{}` | | | prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` | | -| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"alert"` | | +| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"critical"` | | | prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[1].percent | int | `85` | | -| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"alert"` | | +| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"critical"` | | | prometheus.prometheusRule.addressPoolUsage.thresholds[2].percent | int | `95` | | | prometheus.prometheusRule.annotations | object | `{}` | | | prometheus.prometheusRule.bgpSessionDown.enabled | bool | `true` | | -| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"alert"` | | +| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"critical"` | | | prometheus.prometheusRule.configNotLoaded.enabled | bool | `true` | | | prometheus.prometheusRule.configNotLoaded.labels.severity | string | `"warning"` | | | prometheus.prometheusRule.enabled | bool | `false` | | @@ -99,7 +99,7 @@ Kubernetes: `>= 1.19.0-0` | prometheus.rbacPrometheus | bool | `true` | | | prometheus.rbacProxy.pullPolicy | string | `nil` | | | prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` | | -| prometheus.rbacProxy.tag | string | `"v0.12.0"` | | +| prometheus.rbacProxy.tag | string | `"v0.18.0"` | | | prometheus.scrapeAnnotations | bool | `false` | | | prometheus.serviceAccount | string | `""` | | | prometheus.serviceMonitor.controller.additionalLabels | object | `{}` | | @@ -122,7 +122,7 @@ Kubernetes: `>= 1.19.0-0` | speaker.frr.enabled | bool | `true` | | | speaker.frr.image.pullPolicy | string | `nil` | | | speaker.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` | | -| speaker.frr.image.tag | string | `"8.4.2"` | | +| speaker.frr.image.tag | string | `"8.5.6"` | | | speaker.frr.metricsPort | int | `7473` | | | speaker.frr.resources | object | `{}` | | | speaker.frrMetrics.resources | object | `{}` | | diff --git a/metallb-chart/charts/metallb-crds/.helmignore b/metallb-chart/charts/crds/.helmignore similarity index 100% rename from metallb-chart/charts/metallb-crds/.helmignore rename to metallb-chart/charts/crds/.helmignore diff --git a/metallb-chart/charts/metallb-crds/Chart.yaml b/metallb-chart/charts/crds/Chart.yaml similarity index 86% rename from metallb-chart/charts/metallb-crds/Chart.yaml rename to metallb-chart/charts/crds/Chart.yaml index 6d070fc..a414973 100644 --- a/metallb-chart/charts/metallb-crds/Chart.yaml +++ b/metallb-chart/charts/crds/Chart.yaml @@ -3,8 +3,8 @@ appVersion: v0.14.9 description: MetalLB CRDs home: https://metallb.universe.tf icon: https://metallb.universe.tf/images/logo/metallb-white.png -name: metallb-crds +name: crds sources: - https://github.com/metallb/metallb type: application -version: 0.14.8 +version: 0.14.9 diff --git a/metallb-chart/charts/crds/README.md b/metallb-chart/charts/crds/README.md new file mode 100644 index 0000000..1300cf4 --- /dev/null +++ b/metallb-chart/charts/crds/README.md @@ -0,0 +1,14 @@ +# crds + +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) + +MetalLB CRDs + +**Homepage:** + +## Source Code + +* + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/metallb-chart/charts/metallb-crds/templates/crds.yaml b/metallb-chart/charts/crds/templates/crds.yaml similarity index 97% rename from metallb-chart/charts/metallb-crds/templates/crds.yaml rename to metallb-chart/charts/crds/templates/crds.yaml index 9341bb4..8ae5043 100644 --- a/metallb-chart/charts/metallb-crds/templates/crds.yaml +++ b/metallb-chart/charts/crds/templates/crds.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: bfdprofiles.metallb.io spec: group: metallb.io @@ -123,7 +123,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: bgpadvertisements.metallb.io spec: group: metallb.io @@ -329,7 +329,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: bgppeers.metallb.io spec: conversion: @@ -365,6 +365,8 @@ spec: - jsonPath: .spec.ebgpMultiHop name: Multi Hops type: string + deprecated: true + deprecationWarning: v1beta1 is deprecated, please use v1beta2 name: v1beta1 schema: openAPIV3Schema: @@ -526,15 +528,26 @@ spec: default: false description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. type: boolean + dynamicASN: + description: |- + DynamicASN detects the AS number to use for the remote end of the session + without explicitly setting it via the ASN field. Limited to: + internal - if the neighbor's ASN is different than MyASN connection is denied. + external - if the neighbor's ASN is the same as MyASN the connection is denied. + ASN and DynamicASN are mutually exclusive and one of them must be specified. + enum: + - internal + - external + type: string ebgpMultiHop: description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only. type: boolean enableGracefulRestart: description: |- - EnableGracefulRestart allows BGP peer to continue to forward data packets along - known routes while the routing protocol information is being restored. - This field is immutable because it requires restart of the BGP session - Supported for FRR mode only. + EnableGracefulRestart allows BGP peer to continue to forward data packets + along known routes while the routing protocol information is being + restored. This field is immutable because it requires restart of the BGP + session. Supported for FRR mode only. type: boolean x-kubernetes-validations: - message: EnableGracefulRestart cannot be changed after creation @@ -622,7 +635,9 @@ spec: type: object x-kubernetes-map-type: atomic peerASN: - description: AS number to expect from the remote end of the session. + description: |- + AS number to expect from the remote end of the session. + ASN and DynamicASN are mutually exclusive and one of them must be specified. format: int32 maximum: 4294967295 minimum: 0 @@ -649,7 +664,6 @@ spec: type: string required: - myASN - - peerASN - peerAddress type: object status: @@ -665,7 +679,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: communities.metallb.io spec: group: metallb.io @@ -730,7 +744,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: ipaddresspools.metallb.io spec: group: metallb.io @@ -940,7 +954,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: l2advertisements.metallb.io spec: group: metallb.io @@ -1120,7 +1134,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: servicel2statuses.metallb.io spec: group: metallb.io diff --git a/metallb-chart/charts/frr-k8s/.helmignore b/metallb-chart/charts/frr-k8s/.helmignore new file mode 100644 index 0000000..1b9a9cc --- /dev/null +++ b/metallb-chart/charts/frr-k8s/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/metallb-chart/charts/frr-k8s/Chart.lock b/metallb-chart/charts/frr-k8s/Chart.lock new file mode 100644 index 0000000..0e74035 --- /dev/null +++ b/metallb-chart/charts/frr-k8s/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: crds + repository: "" + version: 0.0.16 +digest: sha256:b54ee64c5e61f1dd38e89efc87ebd1e36cdb7c4dd7c897d9985040dccd713dba +generated: "2024-11-22T11:40:47.152053909+01:00" diff --git a/metallb-chart/charts/frr-k8s/Chart.yaml b/metallb-chart/charts/frr-k8s/Chart.yaml index 2fa4501..0cb0b51 100644 --- a/metallb-chart/charts/frr-k8s/Chart.yaml +++ b/metallb-chart/charts/frr-k8s/Chart.yaml @@ -1,5 +1,10 @@ apiVersion: v2 -appVersion: v0.0.14 +appVersion: v0.0.16 +dependencies: +- condition: crds.enabled + name: crds + repository: file://./charts/crds + version: 0.0.16 description: A cloud native wrapper of FRR home: https://metallb.universe.tf icon: https://metallb.universe.tf/images/logo/metallb-white.png @@ -8,4 +13,4 @@ name: frr-k8s sources: - https://github.com/metallb/frr-k8s type: application -version: 0.0.15 +version: 0.0.16 diff --git a/metallb-chart/charts/frr-k8s/README.md b/metallb-chart/charts/frr-k8s/README.md index 0418d64..0e6c246 100644 --- a/metallb-chart/charts/frr-k8s/README.md +++ b/metallb-chart/charts/frr-k8s/README.md @@ -1,6 +1,6 @@ # frr-k8s -![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.14](https://img.shields.io/badge/AppVersion-v0.0.14-informational?style=flat-square) +![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.16](https://img.shields.io/badge/AppVersion-v0.0.16-informational?style=flat-square) A cloud native wrapper of FRR @@ -16,7 +16,7 @@ Kubernetes: `>= 1.19.0-0` | Repository | Name | Version | |------------|------|---------| -| | crds | 0.0.14 | +| | crds | 0.0.16 | ## Values @@ -27,17 +27,17 @@ Kubernetes: `>= 1.19.0-0` | frrk8s.affinity | object | `{}` | | | frrk8s.alwaysBlock | string | `""` | | | frrk8s.disableCertRotation | bool | `false` | | +| frrk8s.frr.acceptIncomingBGPConnections | bool | `false` | | | frrk8s.frr.image.pullPolicy | string | `nil` | | -| frrk8s.frr.image.repository | string | `"quay.io/frrouting/frr"` | | -| frrk8s.frr.image.tag | string | `"9.1.0"` | | +| frrk8s.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` | | +| frrk8s.frr.image.tag | string | `"8.5.6"` | | | frrk8s.frr.metricsBindAddress | string | `"127.0.0.1"` | | | frrk8s.frr.metricsPort | int | `7573` | | | frrk8s.frr.resources | object | `{}` | | | frrk8s.frr.secureMetricsPort | int | `9141` | | | frrk8s.frrMetrics.resources | object | `{}` | | -| frrk8s.healthPort | int | `8081` | | | frrk8s.image.pullPolicy | string | `nil` | | -| frrk8s.image.repository | string | `"quay.io/metallb/frr-k8s"` | | +| frrk8s.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr-k8s"` | | | frrk8s.image.tag | string | `nil` | | | frrk8s.labels.app | string | `"frr-k8s"` | | | frrk8s.livenessProbe.enabled | bool | `true` | | @@ -77,8 +77,8 @@ Kubernetes: `>= 1.19.0-0` | prometheus.namespace | string | `""` | | | prometheus.rbacPrometheus | bool | `false` | | | prometheus.rbacProxy.pullPolicy | string | `nil` | | -| prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` | | -| prometheus.rbacProxy.tag | string | `"v0.12.0"` | | +| prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` | | +| prometheus.rbacProxy.tag | string | `"v0.18.0"` | | | prometheus.scrapeAnnotations | bool | `false` | | | prometheus.secureMetricsPort | int | `9140` | | | prometheus.serviceAccount | string | `""` | | diff --git a/metallb-chart/charts/frr-k8s/charts/crds/.helmignore b/metallb-chart/charts/frr-k8s/charts/crds/.helmignore new file mode 100644 index 0000000..1b9a9cc --- /dev/null +++ b/metallb-chart/charts/frr-k8s/charts/crds/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/metallb-chart/charts/frr-k8s/charts/crds/Chart.yaml b/metallb-chart/charts/frr-k8s/charts/crds/Chart.yaml new file mode 100644 index 0000000..14bb828 --- /dev/null +++ b/metallb-chart/charts/frr-k8s/charts/crds/Chart.yaml @@ -0,0 +1,10 @@ +apiVersion: v2 +appVersion: v0.0.16 +description: FRR K8s CRDs +home: https://metallb.universe.tf +icon: https://metallb.universe.tf/images/logo/metallb-white.png +name: crds +sources: +- https://github.com/metallb/frr-k8s +type: application +version: 0.0.16 diff --git a/metallb-chart/charts/frr-k8s/charts/crds/README.md b/metallb-chart/charts/frr-k8s/charts/crds/README.md new file mode 100644 index 0000000..8a23fb0 --- /dev/null +++ b/metallb-chart/charts/frr-k8s/charts/crds/README.md @@ -0,0 +1,14 @@ +# crds + +![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square) + +FRR-K8s CRDs + +**Homepage:** + +## Source Code + +* + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0) diff --git a/metallb-chart/charts/frr-k8s/crds/frrk8s.metallb.io_frrconfigurations.yaml b/metallb-chart/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml similarity index 95% rename from metallb-chart/charts/frr-k8s/crds/frrk8s.metallb.io_frrconfigurations.yaml rename to metallb-chart/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml index 2813767..49dd117 100644 --- a/metallb-chart/charts/frr-k8s/crds/frrk8s.metallb.io_frrconfigurations.yaml +++ b/metallb-chart/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml @@ -156,8 +156,9 @@ spec: the session with. type: string asn: - description: ASN is the AS number to use for the local - end of the session. + description: |- + ASN is the AS number to use for the local end of the session. + ASN and DynamicASN are mutually exclusive and one of them must be specified. format: int32 maximum: 4294967295 minimum: 0 @@ -187,6 +188,17 @@ spec: will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. type: boolean + dynamicASN: + description: |- + DynamicASN detects the AS number to use for the local end of the session + without explicitly setting it via the ASN field. Limited to: + internal - if the neighbor's ASN is different than the router's the connection is denied. + external - if the neighbor's ASN is the same as the router's the connection is denied. + ASN and DynamicASN are mutually exclusive and one of them must be specified. + enum: + - internal + - external + type: string ebgpMultiHop: description: EBGPMultiHop indicates if the BGPPeer is multi-hops away. @@ -366,7 +378,6 @@ spec: type: object required: - address - - asn type: object type: array prefixes: diff --git a/metallb-chart/charts/frr-k8s/crds/frrk8s.metallb.io_frrnodestates.yaml b/metallb-chart/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml similarity index 100% rename from metallb-chart/charts/frr-k8s/crds/frrk8s.metallb.io_frrnodestates.yaml rename to metallb-chart/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrnodestates.yaml diff --git a/metallb-chart/charts/frr-k8s/templates/controller.yaml b/metallb-chart/charts/frr-k8s/templates/controller.yaml index 50badde..e28bd76 100644 --- a/metallb-chart/charts/frr-k8s/templates/controller.yaml +++ b/metallb-chart/charts/frr-k8s/templates/controller.yaml @@ -50,7 +50,7 @@ data: # vtysh_enable=yes zebra_options=" -A 127.0.0.1 -s 90000000" - bgpd_options=" -A 127.0.0.1" + bgpd_options=" -A 127.0.0.1 {{ if not .Values.frrk8s.frr.acceptIncomingBGPConnections }} -p 0 {{- end }}" ospfd_options=" -A 127.0.0.1" ospf6d_options=" -A ::1" ripd_options=" -A 127.0.0.1" @@ -199,7 +199,6 @@ spec: {{- with .Values.frrk8s.logLevel }} - --log-level={{ . }} {{- end }} - - --health-probe-bind-address={{.Values.prometheus.metricsBindAddress}}:{{ .Values.frrk8s.healthPort }} {{- if .Values.frrk8s.alwaysBlock }} - --always-block={{ .Values.frrk8s.alwaysBlock }} {{- end }} @@ -222,8 +221,8 @@ spec: {{- if .Values.frrk8s.livenessProbe.enabled }} livenessProbe: httpGet: - path: /healthz - port: {{ .Values.frrk8s.healthPort }} + path: /metrics + port: monitoring host: {{ .Values.prometheus.metricsBindAddress }} initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} @@ -234,8 +233,8 @@ spec: {{- if .Values.frrk8s.readinessProbe.enabled }} readinessProbe: httpGet: - path: /healthz - port: {{ .Values.frrk8s.healthPort }} + path: /metrics + port: monitoring host: {{ .Values.prometheus.metricsBindAddress }} initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }} diff --git a/metallb-chart/charts/frr-k8s/templates/webhooks.yaml b/metallb-chart/charts/frr-k8s/templates/webhooks.yaml index a84b3b6..7925006 100644 --- a/metallb-chart/charts/frr-k8s/templates/webhooks.yaml +++ b/metallb-chart/charts/frr-k8s/templates/webhooks.yaml @@ -46,7 +46,7 @@ spec: - "--restart-on-rotator-secret-refresh=true" {{- end }} - "--namespace=$(NAMESPACE)" - - --health-probe-bind-address=:8081 + - "--metrics-bind-address=:{{ .Values.prometheus.metricsPort }}" env: - name: NAMESPACE valueFrom: @@ -63,11 +63,14 @@ spec: drop: - ALL readOnlyRootFilesystem: true + ports: + - containerPort: {{ .Values.prometheus.metricsPort }} + name: monitoring {{- if .Values.frrk8s.livenessProbe.enabled }} livenessProbe: httpGet: - path: /healthz - port: 8081 + path: /metrics + port: monitoring initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }} failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }} @@ -75,8 +78,8 @@ spec: {{- if .Values.frrk8s.readinessProbe.enabled }} readinessProbe: httpGet: - path: /readyz - port: 8081 + path: /metrics + port: monitoring initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }} failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }} diff --git a/metallb-chart/charts/frr-k8s/values.yaml b/metallb-chart/charts/frr-k8s/values.yaml index 87731fe..d17b81b 100644 --- a/metallb-chart/charts/frr-k8s/values.yaml +++ b/metallb-chart/charts/frr-k8s/values.yaml @@ -53,7 +53,7 @@ prometheus: # the image to be used for the kuberbacproxy container rbacProxy: repository: "registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy" - tag: "v0.18.0" + tag: "v0.18.1" pullPolicy: IfNotPresent # Prometheus Operator ServiceMonitors. @@ -98,7 +98,7 @@ frrk8s: tolerateMaster: true image: repository: "registry.opensuse.org/isv/suse/edge/metallb/images/frr-k8s" - tag: "v0.0.14" + tag: "v0.0.16" pullPolicy: IfNotPresent ## @param controller.updateStrategy.type FRR-K8s controller daemonset strategy type ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ @@ -132,7 +132,6 @@ frrk8s: podAnnotations: {} labels: app: frr-k8s - healthPort: 8081 livenessProbe: enabled: true failureThreshold: 3 @@ -162,15 +161,17 @@ frrk8s: frr: image: repository: "registry.opensuse.org/isv/suse/edge/metallb/images/frr" - tag: "8.4" + tag: "8.5.6" pullPolicy: IfNotPresent metricsBindAddress: 127.0.0.1 metricsPort: 7573 resources: {} secureMetricsPort: 9141 + acceptIncomingBGPConnections: false reloader: resources: {} frrMetrics: resources: {} crds: + enabled: true validationFailurePolicy: Fail diff --git a/metallb-chart/charts/metallb-crds/README.md b/metallb-chart/charts/metallb-crds/README.md deleted file mode 100644 index 58cf71b..0000000 --- a/metallb-chart/charts/metallb-crds/README.md +++ /dev/null @@ -1,11 +0,0 @@ -# crds - -![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.3](https://img.shields.io/badge/AppVersion-v0.14.3-informational?style=flat-square) - -MetalLB CRDs - -**Homepage:** - -## Source Code - -* diff --git a/metallb-chart/templates/_helpers.tpl b/metallb-chart/templates/_helpers.tpl index 0dc55f3..077a411 100644 --- a/metallb-chart/templates/_helpers.tpl +++ b/metallb-chart/templates/_helpers.tpl @@ -111,3 +111,4 @@ Create the name of the settings Secret to use. {{ .Values.speaker.frr.metricsPort }} {{- end }} {{- end }} + diff --git a/metallb-chart/templates/controller.yaml b/metallb-chart/templates/controller.yaml index 311a559..7403e55 100644 --- a/metallb-chart/templates/controller.yaml +++ b/metallb-chart/templates/controller.yaml @@ -84,7 +84,7 @@ spec: - name: METALLB_DEPLOYMENT value: {{ template "metallb.fullname" . }}-controller {{- end }} - {{- if .Values.speaker.frr.enabled }} + {{- if and .Values.speaker.enabled .Values.speaker.frr.enabled }} - name: METALLB_BGP_TYPE value: frr {{- end }} diff --git a/metallb-chart/templates/podmonitor.yaml b/metallb-chart/templates/podmonitor.yaml index 40155de..eb8ecec 100644 --- a/metallb-chart/templates/podmonitor.yaml +++ b/metallb-chart/templates/podmonitor.yaml @@ -36,6 +36,7 @@ spec: relabelings: {{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }} {{- end }} +{{- if .Values.speaker.enabled }} --- apiVersion: monitoring.coreos.com/v1 kind: PodMonitor @@ -74,6 +75,7 @@ spec: relabelings: {{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }} {{- end }} +{{- end }} --- {{- if .Values.prometheus.rbacPrometheus }} apiVersion: rbac.authorization.k8s.io/v1 diff --git a/metallb-chart/templates/prometheusrules.yaml b/metallb-chart/templates/prometheusrules.yaml index 50bd49a..5998e8d 100644 --- a/metallb-chart/templates/prometheusrules.yaml +++ b/metallb-chart/templates/prometheusrules.yaml @@ -19,8 +19,8 @@ spec: {{- if .Values.prometheus.prometheusRule.staleConfig.enabled }} - alert: MetalLBStaleConfig annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has a stale config for > 1 minute'`}} + summary: {{`'Stale config on {{ $labels.pod }}'`}} + description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has a stale config for > 1 minute'`}} expr: metallb_k8s_client_config_stale_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 1 for: 1m {{- with .Values.prometheus.prometheusRule.staleConfig.labels }} @@ -31,8 +31,8 @@ spec: {{- if .Values.prometheus.prometheusRule.configNotLoaded.enabled }} - alert: MetalLBConfigNotLoaded annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has not loaded for > 1 minute'`}} + summary: {{`'Config on {{ $labels.pod }} has not been loaded'`}} + description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has not loaded for > 1 minute'`}} expr: metallb_k8s_client_config_loaded_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 0 for: 1m {{- with .Values.prometheus.prometheusRule.configNotLoaded.labels }} @@ -43,8 +43,8 @@ spec: {{- if .Values.prometheus.prometheusRule.addressPoolExhausted.enabled }} - alert: MetalLBAddressPoolExhausted annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}} + summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}} + description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}} expr: metallb_allocator_addresses_in_use_total >= on(pool) metallb_allocator_addresses_total for: 1m {{- with .Values.prometheus.prometheusRule.addressPoolExhausted.labels }} @@ -57,8 +57,8 @@ spec: {{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }} - alert: MetalLBAddressPoolUsage{{ .percent }}Percent annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}} + summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}} + message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}} expr: ( metallb_allocator_addresses_in_use_total / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }} {{- with .labels }} labels: @@ -69,8 +69,8 @@ spec: {{- if .Values.prometheus.prometheusRule.bgpSessionDown.enabled }} - alert: MetalLBBGPSessionDown annotations: - message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod - }} has BGP session {{ $labels.peer }} down for > 1 minute'`}} + summary: {{`'BGP session down on {{ $labels.pod }}'`}} + message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has BGP session {{ $labels.peer }} down for > 1 minute'`}} expr: metallb_bgp_session_up{job=~"{{ template "metallb.fullname" . }}.*"} == 0 for: 1m {{- with .Values.prometheus.prometheusRule.bgpSessionDown.labels }} diff --git a/metallb-chart/templates/rbac.yaml b/metallb-chart/templates/rbac.yaml index 8c66b80..318c42f 100644 --- a/metallb-chart/templates/rbac.yaml +++ b/metallb-chart/templates/rbac.yaml @@ -19,11 +19,11 @@ rules: resources: ["events"] verbs: ["create", "patch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations"] resourceNames: ["metallb-webhook-configuration"] verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resources: ["validatingwebhookconfigurations"] verbs: ["list", "watch"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] @@ -41,6 +41,7 @@ rules: resources: ["subjectaccessreviews"] verbs: ["create"] {{- end }} +{{- if .Values.speaker.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -72,7 +73,7 @@ rules: {{- if or .Values.frrk8s.enabled .Values.frrk8s.external }} - apiGroups: ["frrk8s.metallb.io"] resources: ["frrconfigurations"] - verbs: ["get", "list", "watch","create","update"] + verbs: ["get", "list", "watch","create","update","delete"] {{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -109,6 +110,7 @@ rules: - apiGroups: ["metallb.io"] resources: ["communities"] verbs: ["get", "list", "watch"] +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -117,7 +119,7 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "metallb.labels" . | nindent 4 }} rules: -{{- if .Values.speaker.memberlist.enabled }} +{{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }} - apiGroups: [""] resources: ["secrets"] verbs: ["create", "get", "list", "watch"] @@ -166,6 +168,7 @@ roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: {{ template "metallb.fullname" . }}:controller +{{- if .Values.speaker.enabled }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -195,6 +198,7 @@ roleRef: subjects: - kind: ServiceAccount name: {{ include "metallb.speaker.serviceAccountName" . }} +{{- end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/metallb-chart/templates/service-accounts.yaml b/metallb-chart/templates/service-accounts.yaml index c2157ff..826fa06 100644 --- a/metallb-chart/templates/service-accounts.yaml +++ b/metallb-chart/templates/service-accounts.yaml @@ -13,7 +13,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} -{{- if .Values.speaker.serviceAccount.create }} +{{- if and .Values.speaker.enabled .Values.speaker.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount diff --git a/metallb-chart/templates/servicemonitor.yaml b/metallb-chart/templates/servicemonitor.yaml index 0aacf85..a103bbc 100644 --- a/metallb-chart/templates/servicemonitor.yaml +++ b/metallb-chart/templates/servicemonitor.yaml @@ -1,4 +1,9 @@ +{{- if and .Values.prometheus.serviceMonitor.enabled .Values.prometheus.podMonitor.enabled }} +{{- fail "prometheus.serviceMonitor.enabled and prometheus.podMonitor.enabled cannot both be set" }} +{{- end }} + {{- if .Values.prometheus.serviceMonitor.enabled }} +{{- if .Values.speaker.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: @@ -89,6 +94,7 @@ spec: {{- end }} sessionAffinity: None type: ClusterIP +{{- end }} --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor @@ -97,7 +103,6 @@ metadata: namespace: {{ .Release.Namespace | quote }} labels: {{- include "metallb.labels" . | nindent 4 }} - app.kubernetes.io/component: speaker {{- if .Values.prometheus.serviceMonitor.controller.additionalLabels }} {{ toYaml .Values.prometheus.serviceMonitor.controller.additionalLabels | indent 4 }} {{- end }} diff --git a/metallb-chart/values.yaml b/metallb-chart/values.yaml index 0f2261c..66f123b 100644 --- a/metallb-chart/values.yaml +++ b/metallb-chart/values.yaml @@ -45,7 +45,7 @@ prometheus: # certificate to be used. controllerMetricsTLSSecret: "" - # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one + # prometheus doesn't have the permission to scrape all namespaces so we give it permission to scrape metallb's one rbacPrometheus: true # the service account used by prometheus @@ -67,7 +67,7 @@ prometheus: # enable support for Prometheus Operator enabled: false - # optional additionnal labels for podMonitors + # optional additional labels for podMonitors additionalLabels: {} # optional annotations for podMonitors @@ -146,7 +146,7 @@ prometheus: # enable alertmanager alerts enabled: false - # optional additionnal labels for prometheusRules + # optional additional labels for prometheusRules additionalLabels: {} # optional annotations for prometheusRules @@ -168,7 +168,7 @@ prometheus: addressPoolExhausted: enabled: true labels: - severity: alert + severity: critical addressPoolUsage: enabled: true @@ -181,13 +181,13 @@ prometheus: severity: warning - percent: 95 labels: - severity: alert + severity: critical # MetalLBBGPSessionDown bgpSessionDown: enabled: true labels: - severity: alert + severity: critical extraAlerts: [] @@ -201,7 +201,7 @@ controller: # webhookMode: enabled image: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller" - tag: "v0.14.8" + tag: "v0.14.9" pullPolicy: IfNotPresent ## @param controller.updateStrategy.type Metallb controller deployment strategy type. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy @@ -282,7 +282,7 @@ speaker: image: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker" - tag: "v0.14.8" + tag: "v0.14.9" pullPolicy: IfNotPresent ## @param speaker.updateStrategy.type Speaker daemonset strategy type ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ @@ -346,7 +346,7 @@ speaker: enabled: false image: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%frr" - tag: "8.4" + tag: "8.5.6" pullPolicy: IfNotPresent metricsPort: 7473 resources: {} @@ -378,3 +378,15 @@ frrk8s: enabled: false external: false namespace: "" + +# Override any settings for the metallb frr-k8s service here +metallb-frr-k8s: + prometheus: + rbacProxy: + repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy" + frrk8s: + image: + repository: "%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s" + frr: + image: + repository: "%%IMG_REPO%%/%%IMG_PREFIX%%frr" diff --git a/metallb/_service b/metallb/_service index e709ca2..bc6a0ab 100644 --- a/metallb/_service +++ b/metallb/_service @@ -2,7 +2,7 @@ https://github.com/metallb/metallb git - v0.14.8 + v0.14.9 _auto_ @PARENT_TAG@ enable diff --git a/metallb/metallb.spec b/metallb/metallb.spec index 17316a4..f6417e9 100644 --- a/metallb/metallb.spec +++ b/metallb/metallb.spec @@ -17,8 +17,8 @@ Name: metallb -Version: 0.14.8 -Release: 0.14.8 +Version: 0.14.9 +Release: 0.14.9 Summary: Load Balancer for bare metal Kubernetes clusters License: Apache-2.0 URL: https://github.com/metallb/metallb @@ -54,7 +54,7 @@ This package contains the speaker binary. cp ./frr-tools/reloader/frr-reloader.sh frr-reloader.sh %build -go install -v -mod vendor -buildmode=pie ./controller ./speaker ./frr-tools/metrics +go install -v -mod vendor -buildmode=pie ./controller ./speaker ./frr-tools/metrics ./frr-tools/cp-tool mv $HOME/go/bin/metrics $HOME/go/bin/frr-metrics %install @@ -63,6 +63,7 @@ mkdir -p %{buildroot}%{_sbindir}/ install -D -m 0755 $HOME/go/bin/controller %{buildroot}/ install -D -m 0755 $HOME/go/bin/speaker %{buildroot}/ install -D -m 0755 $HOME/go/bin/frr-metrics %{buildroot}/ +install -D -m 0755 $HOME/go/bin/cp-tool %{buildroot}/ install -D -m 0755 frr-reloader.sh %{buildroot}/ %files controller @@ -73,6 +74,7 @@ install -D -m 0755 frr-reloader.sh %{buildroot}/ %license LICENSE /speaker /frr-metrics +/cp-tool /frr-reloader.sh %changelog -- 2.49.0 From c8c20ce47a7e9a73354b43faf863b7f40c06fb7d02699da404cd8732c0a23e72 Mon Sep 17 00:00:00 2001 From: Kristian-ZH Date: Thu, 20 Mar 2025 16:08:09 +0200 Subject: [PATCH 19/55] Add metallb-chart build tags --- metallb-chart/Chart.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/metallb-chart/Chart.yaml b/metallb-chart/Chart.yaml index ad7f56a..d527a65 100644 --- a/metallb-chart/Chart.yaml +++ b/metallb-chart/Chart.yaml @@ -1,3 +1,5 @@ +#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9 +#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE% apiVersion: v2 appVersion: v0.14.9 dependencies: -- 2.49.0 From 3c08af8a289232cf825bba16e3f381a27a04306ea5cf8f84a50b29bdfe328b57 Mon Sep 17 00:00:00 2001 From: Kristian-ZH Date: Thu, 20 Mar 2025 16:30:17 +0200 Subject: [PATCH 20/55] Fix FRR-k8s versiobn --- metallb-chart/charts/frr-k8s/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metallb-chart/charts/frr-k8s/values.yaml b/metallb-chart/charts/frr-k8s/values.yaml index d17b81b..2c88ef1 100644 --- a/metallb-chart/charts/frr-k8s/values.yaml +++ b/metallb-chart/charts/frr-k8s/values.yaml @@ -53,7 +53,7 @@ prometheus: # the image to be used for the kuberbacproxy container rbacProxy: repository: "registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy" - tag: "v0.18.1" + tag: "0.18.1" pullPolicy: IfNotPresent # Prometheus Operator ServiceMonitors. -- 2.49.0 From 2b194211ee155adc79f19677fcd90411f9db034b9c241b11f82e1544ce69ef38 Mon Sep 17 00:00:00 2001 From: dbw7 Date: Thu, 20 Mar 2025 20:28:44 +0100 Subject: [PATCH 21/55] Upgrade Hauler to v1.2.1 and add version to build (#92) Reviewed-on: https://src.opensuse.org/suse-edge/Factory/pulls/92 Reviewed-by: Steven Hardy Reviewed-by: Denislav Prodanov Co-authored-by: dbw7 Co-committed-by: dbw7 --- _config | 1 - cosign/_service | 18 --------------- cosign/cosign.spec | 55 ---------------------------------------------- hauler/_service | 11 +++++++++- hauler/hauler.spec | 17 +++++++++----- 5 files changed, 22 insertions(+), 80 deletions(-) delete mode 100644 cosign/_service delete mode 100644 cosign/cosign.spec diff --git a/_config b/_config index 9de1f11..023dbc2 100644 --- a/_config +++ b/_config @@ -69,7 +69,6 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:baremetal-operator BuildFlags: onlybuild:baremetal-operator-image BuildFlags: onlybuild:ca-certificates-suse - BuildFlags: onlybuild:cosign BuildFlags: onlybuild:crudini BuildFlags: onlybuild:edge-image-builder BuildFlags: onlybuild:edge-image-builder-image diff --git a/cosign/_service b/cosign/_service deleted file mode 100644 index 1233d4a..0000000 --- a/cosign/_service +++ /dev/null @@ -1,18 +0,0 @@ - - - https://github.com/rancher-government-carbide/cosign.git - @PARENT_TAG@ - git - .get - v2.2.3+carbide.2 - v(.*) - enable - - - cosign.obsinfo - - - - gz - - diff --git a/cosign/cosign.spec b/cosign/cosign.spec deleted file mode 100644 index 850a003..0000000 --- a/cosign/cosign.spec +++ /dev/null @@ -1,55 +0,0 @@ -# -# spec file for package cosign-rgs -# -# Copyright (c) 2024 SUSE LLC -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via https://bugs.opensuse.org/ -# - -%define project https://github.com/hauler-dev/cosign -%define revision 49542360ffb5de63f9d2f5856b658651d5538e40 - -Name: cosign -Version: 0 -Release: 0 -Summary: Container Signing, Verification and Storage in an OCI registry -License: Apache-2.0 -URL: https://github.com/rancher-government-carbide/cosign -Source: cosign-%{version}.tar -Source1: vendor.tar.gz -BuildRequires: golang-packaging - -%description - -%prep -%setup -q -a1 -n cosign-%{version} - -%build -%goprep %{project} - -DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ" -BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}") - -CLI_PKG=sigs.k8s.io/release-utils/version -CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}" - -CGO_ENABLED=0 go build -mod=vendor -buildmode=pie -trimpath -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign - -%install -install -D -m 0755 cosign %{buildroot}%{_bindir}/cosign - -%files -%license LICENSE -%doc *.md -%{_bindir}/cosign - -%changelog diff --git a/hauler/_service b/hauler/_service index a7d11ad..542f58b 100644 --- a/hauler/_service +++ b/hauler/_service @@ -4,7 +4,7 @@ @PARENT_TAG@ git .get - v1.0.7 + v1.2.1 v(.*) enable @@ -15,4 +15,13 @@ gz + + hauler.spec + SOURCE_COMMIT + + SOURCE_COMMIT=$(grep commit hauler.obsinfo | cut -d" " -f2) + + 1 + + diff --git a/hauler/hauler.spec b/hauler/hauler.spec index 79b5052..6939ee6 100644 --- a/hauler/hauler.spec +++ b/hauler/hauler.spec @@ -18,7 +18,7 @@ %define project github.com/hauler-dev/hauler Name: hauler -Version: 1.0.7 +Version: 1.2.1 Release: 0 Summary: Airgap Swiss Army Knife License: Apache-2.0 @@ -26,7 +26,6 @@ URL: https://github.com/hauler-dev/hauler Source: hauler-%{version}.tar Source1: vendor.tar.gz BuildRequires: golang-packaging -BuildRequires: cosign %description @@ -38,10 +37,18 @@ BuildRequires: cosign tar -xf %{SOURCE1} -mkdir cmd/hauler/binaries -cp `which cosign` cmd/hauler/binaries/cosign-linux-%{go_arch} +MODULE=hauler.dev/go/hauler +%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z) +%define buildcommit %%SOURCE_COMMIT%% -go build -mod=vendor -buildmode=pie -o hauler ./cmd/hauler + +go build \ +-mod=vendor \ +-buildmode=pie \ +-o hauler \ +-ldflags \ +"-X $MODULE/internal/version.gitVersion=v%{version} -X $MODULE/internal/version.gitCommit=%{buildcommit} -X $MODULE/internal/version.buildDate=%{buildtime}" \ +./cmd/hauler %install -- 2.49.0 From fef712e4e8aa6ad46f1f59644a6d7d53ddfd02ea60d4fa6e4bc21cd756cdc8c4 Mon Sep 17 00:00:00 2001 From: Jiri Tomasek Date: Wed, 19 Mar 2025 15:54:47 +0100 Subject: [PATCH 22/55] Update akri-dashboard-extension-chart to v302.0.0+up1.2.1 --- akri-dashboard-extension-chart/Chart.yaml | 6 +++--- akri-dashboard-extension-chart/templates/_helpers.tpl | 4 ++-- akri-dashboard-extension-chart/templates/cr.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/akri-dashboard-extension-chart/Chart.yaml b/akri-dashboard-extension-chart/Chart.yaml index ed0424b..9b80fb4 100644 --- a/akri-dashboard-extension-chart/Chart.yaml +++ b/akri-dashboard-extension-chart/Chart.yaml @@ -13,9 +13,9 @@ annotations: catalog.cattle.io/ui-component: plugins catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0" apiVersion: v2 -appVersion: 1.2.1 -description: "SUSE Edge: Akri extension for Rancher Dashboard" -icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg +appVersion: 302.0.0+up1.2.1 +description: 'SUSE Edge: Akri extension for Rancher Dashboard' name: akri-dashboard-extension type: application version: "%%CHART_MAJOR%%.0.0+up1.2.1" +icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg diff --git a/akri-dashboard-extension-chart/templates/_helpers.tpl b/akri-dashboard-extension-chart/templates/_helpers.tpl index 3ccd515..b183967 100644 --- a/akri-dashboard-extension-chart/templates/_helpers.tpl +++ b/akri-dashboard-extension-chart/templates/_helpers.tpl @@ -38,7 +38,7 @@ Common labels helm.sh/chart: {{ include "extension-server.chart" . }} {{ include "extension-server.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} @@ -60,4 +60,4 @@ Pkg annotations {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/akri-dashboard-extension-chart/templates/cr.yaml b/akri-dashboard-extension-chart/templates/cr.yaml index 4d84246..e7912d4 100644 --- a/akri-dashboard-extension-chart/templates/cr.yaml +++ b/akri-dashboard-extension-chart/templates/cr.yaml @@ -8,7 +8,7 @@ spec: plugin: name: {{ include "extension-server.fullname" . }} version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }} - endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1 + endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1 noCache: {{ .Values.plugin.noCache }} noAuth: {{ .Values.plugin.noAuth }} metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }} \ No newline at end of file -- 2.49.0 From d57078f9d966f7f5f13fe43bad80ffbeb58015326994257db28b61c7dc7b6720 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 20 Mar 2025 09:28:33 +0000 Subject: [PATCH 23/55] rancher-turtles-airgap-resources-chart: Update to 0.17.0 Aligns with: https://github.com/suse-edge/charts/pull/193 --- rancher-turtles-airgap-resources-chart/Chart.yaml | 8 ++++---- rancher-turtles-airgap-resources-chart/README.md | 4 ++++ .../templates/airgap-cm-core.yaml | 4 ++-- .../templates/airgap-cm-fleet-addon.yaml | 11 +++++++++++ .../templates/airgap-cm-metal3.yaml | 6 +++--- .../templates/airgap-cm-rke2-bootstrap.yaml | 7 +++++-- .../templates/airgap-cm-rke2-control-plane.yaml | 7 +++++-- 7 files changed, 34 insertions(+), 13 deletions(-) create mode 100644 rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index fa60109..c27aa16 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,10 +1,10 @@ -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0 apiVersion: v2 -appVersion: 0.16.0 +appVersion: 0.17.0 description: Rancher Turtles utility chart for airgap scenarios home: https://github.com/rancher/turtles/ icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg name: rancher-turtles-airgap-resources type: application -version: "%%CHART_MAJOR%%.0.0+up0.16.0" +version: "%%CHART_MAJOR%%.0.0+up0.17.0" diff --git a/rancher-turtles-airgap-resources-chart/README.md b/rancher-turtles-airgap-resources-chart/README.md index efa3278..ee1d2d2 100644 --- a/rancher-turtles-airgap-resources-chart/README.md +++ b/rancher-turtles-airgap-resources-chart/README.md @@ -23,4 +23,8 @@ cluster-api-operator: infrastructure: fetchConfig: selector: "{\"matchLabels\": {\"provider-components\": \"metal3\"}}" + fleet: + addon: + fetchConfig: + selector: "{\"matchLabels\": {\"provider-components\": \"fleet\"}}" ``` diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml index 89fd11b..8c28443 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml @@ -8,7 +8,7 @@ metadata: --- apiVersion: v1 binaryData: - components: H4sICHqctGcAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9e3fbyJUoiv/fnwJLmTmWekhKsrs7ac/JyU+x3Rmf2G4v2925Z2xPGyIhCWMSYADSspJfr3W/xv1695Pc/aoHXoUCST2cVK2ZtEwA9di1a9d+73iZ/pwUZZpnD6NPx199TLPZw+hFvEjKZTxNvlokq3gWr+KHX0XRPD5N5iX+FUXT+bpcJcXk8/jj78pJmh8ui/xTOkuKh+rROF6m/GqerYp8Pl7O4yx5qP45hzcWcRafJwW8lcGA8Ag+GZdX8PXiq/F4/FVszQ3+Tj6vkgz/VU5kUD3hRzBkvniVlPm6mCaPk7M0S1fwZmX+cZblqxh/VotIipWaBHaXZv+dTFfjaTw+K/JFZT6H/HdSfEqz8zF+aK8NF3OeZJOP69PkdJ3OZ9zfJw3Yo8nxd5PjTWEo0OHfpvO4LJNyUv/6q3KZTLFjmJMamIYpV0W8Ss6vHkZ/SU4v8vwj/XrJf/MrOJc0yVaP8uwsPVe/wae43mlifqjslHQxlrdqLxH+VPfUvLCMVxcPo0Oe6krNQU/8VfIpTS5l70s1/BgR1Px5CluL/z4v8vXyYQOaAjcFawRBXqTq3+MGmgoi8a+PEMj08zwtV39uPHoGv9Lj5XxdxPP65jDcL/Ji9cJMAYac8gNAofU8LqpfwaNymi8T6/TN4LdPFhDGUTybEV7H85dFmuFs8vl6kekRZkk5LdLlirDuTbpIohnMD/+Jo06TaFok/M/8rLnWKPrvMs9e0t5M1MmZqE+wu3IVL5Zf2Zhwcq42fnWFk4dP+IdZsiwSBDuAblWs+Uf+5tNxPF9exN8wNKYXySJWewwAyE5ePv35wevKz1F1Zf//sYVL9jKitIziCHANiM0qiS4v0ukF7H0WnSbRukxm0SpnECQRn3v8ZZnP83PAjMlXVq+Prem/uYBucXnRZTqfY19Fssg/wccpADJLEJiriyTKgELBo3kS4wHVncGxXgKWa9zjZhE361fXQrEhbPgreBGoXFLSyIIlMCMGJ88IZl3gMko42nrXARj5KdK5Sa3r13CMoRvE2/V8JqcR1zPNz7P0b7rvEoGIgyKIy1VEeAgYGX2K5+tkBAPMaj0v4ivoBseM1pnVH31Q1ufxPC8S6PQsfxhdrFbL8uHh4Xm6UiR/mi8WayDuV4dEe9PT9SovysNZ8imZH5bp+TguphfpCsZaF8khEh9aSEZkf7KY/aaQS6KsDMvIC6QSzqb1gIjCgO1BSsE4yF3xEs0u4E8IuldPXr+J1Ex4p3hTzKsNuKj9QWgCeJKCv8OrivpMstkyh82gfzA9j8r16SJdIRr8FSC9wq2rd/uIrkU6IEs8vLP6C08zeGeRzB8BVt/wXuGulGPcBK/dsi/7+ssMXuuBui47ttamKq/hVXl6KgcO/pUWeCRWSEvk/NvfVCHVTgKwCQfxkpij2rM+bKt/z5hXJIAbCRJ7OKdxNM+ncDYBVuspoka8ii7y+UytYhWn87Kl27O8iIgdQbKisPYRjxXxYPiKteo6argWTZsVw95nydPsrIh5doAEbS/6QAHbc+7wjSL+Nn1UmIHECfHVGpLQt1gQfezoGVcqcI6Ii1WTr14ZdqMr4yxN5kQOyvVyCcwAXhhnNIU8m1/h33RUKz0rHlBfYh0D6F2eRfEp3EU4jEAgOo3xqsNxZGCYQbIi4gPkZZ5O4wZx4ebeMRm265HvPkk3Cln/uqaDVMPaKTH0mkQ6usrP8MNZdHoFnynotS/Pb4nYui5n54rhblYXsaIIsqrGXVttHeSs3gidiDvzn5NzF7A9PeNJ0m1FoAdBa5pUOAU4InDC45n8iAQazg0/G/Et1Dt5bIazALKTwVBwO6az6H+//vHF4Z9yOS7xFO7mkgnrAoYaARIDEwdsh9Dc1/hkAuxbegZX2kR6A7i/vf/eDeco+gFOcvIZeNg5MCpy/vTFqxAwLQUHVc/A9sEiccLLfCYLvqSlrOKP0IEsBS76efqxg4aZtoc3jzXtvyNT/OtetH95AROI9vCfezwdzWrhbwqnzLSImgPgz8/xBPQMSywCXq4HEQAB1p7lVlc0AO4jzC2FjZg1pgnQhTlWYdIzJNzbyefoPnLJBDOA3sGESWN5Bf18xhGnFzmwO0wRYbUXMdCyMofZXCbz+ZiJ+Cy6BKYnP+sZT20hojLsVQzcq4vhrcHH7xA2OcJ6G3b+iGMcRC1ujeuqN0+Ikcy3Q4i9sM7CFhBDXU2RJSDCINBm+bREeE2T5ao8hPu0QA3E4WVefESFDyL7mLGoPCS1wuFv6D+7AhBrS3YMJer09kGFsygPdwEpxQ4Mv5t74fWaCd+0PgbSJFYjiDxt3RKLeMbXSJxd3fKZxf1YFzizq7FSuAIDiH+XKVze8PsuNmCd7pT4/fT08e2j5+FvYFU7OMgdcma1fR6b2Y4X8XLMX8XA7KbT1q8Uh9wO9zECrvVJz3TaZWXV/LZRS1VpXcpagpTB2jb6XaQlLSdbMmvXfp8AR7YG/F6IesQea5EUqLnDrRSOCDC/XObZDG9+/abWjIiK7+pOSGt1OW1TSaxhzWh9ydIX+8g9Xojuf8atOZK4l0XrTAves+hjciV8M5wEGDUv1K7GtnIMmFzUeZ26pECQb1ECRBMR6SJXeT4n7pl6pV0sElgWENQoLk7TVREXVxpVkCmFucTwJkzYMcxf10lxFZ/OuUeRZ04RDxK0guD0L4CZXeSz9OwKkVEojYuq1ShaO0Fbl2hiAkIF1N8AdRtaZFui2toto85zwAggF6JGBUwpCeSsMmakqOn18+I8Rr0yvafsPX9zIc0+GVx4K5M5gOpA7xeMD+gRr+De50dwHeN8RH9CynRj/HPdHtw7Wch2iga8f5tjQM8LnYoevy3ckYJngHLHg2J6KHW2V+h4nAMPRY7/QbkpBc7tKm9uW3FzC0qbG1bY3KSyZmNFjcfhcito/M/VUMXMHVDKeEDHrYzxh85QJczNK2A8gdGjeBkGkcEKlxtXtnhAxVvJ4g+b61Su3GHFigewnQoVfwAPVKTcuBKlFxK97OowxUm30qRdYeIYPu0xUPdvUt3e3GKkV6ztuFQnRfswGZN9S9eWEb9psq+Nq7sWr7OW7pRJfw28QDEnAdbFdL9pfzWio4z6mDJFUVn1miL3tlC+SC39CQabpefIE9SWMd3M3SDIM0GeqbQgzwR5Jsgz3e8HeSbIM0GeaW9BngnyzJcqz+CaAVs3EWTk05orNP8Ktzn8rHn9Ti4dGLwVc9JTNJ1MVVgCfk7TLl1RGx0iUGUKikPZyi35cbKc51fI8nWw354W8kZvvHaMKsKJynMMlpEXIgkhajVxdQIBW0xGUOjUhkb7qQECsegUK3xP6fP62jgCh+ygJbLIcUWSY2aqfZa1PescUou3AI51qdzSP9h+9x+66ISP4y/B3sU2D3Fvoc7giyxfJQQMDCCqLjySWA9mUvX6R85+6Wohdvn5T6/fEHpk6V/XiREOKhFRbA3NOGpJeSE4B5DJSC9WyFSsg6Yae++izn7eM4Iqu4K+Rj0+b3YQhIgQzKxXqZD6igmZFSznHKsBDWVGrgb+DDig3Px81aPoNM9XGOW57HM9HuadZXWsYMYU3/ysoVzRhgjF6u1eXxZWUKLA5rkOsHB34QsibM7YBdOGAkm63lU8g2kDIxtMGwIUbL7RDqbtJu7BNE/3Q9M8YyE6Zuy5q9huMj7CtNuPlDDttlVV1XZL0ROm3UIchWk3HVFh2laxFRb0hh70/ngL0zY945vEYJh2BxRl1TYYxv0RGqZtCuNNojZMu534DdM2AqlHTIdp28B1ozgP024l4sO0wbAdFAVi2qYQvu7IENPusOqv2gZvWW/ciGmbbtMGsSSm3UpUiWkD4ekVaWLa8JgT09zRJ6Z1x6FsMO0+l4tqG4owdX8CW7KtPQvire46iLdBvA3ibRBvg3jrhF4Qb4N4ezfYzyDeSgvirbMF8bbRgngbxNtq26l46069YNpQVNk0HcMgYz6368nO4B5ziNjnlRzBen1grLtpA1F7k9N/c0kUTLuhdAqmXUdiBdOuI8WCaYPoVV/aBdPuNFLeRHoG024kUYNpvikbLHDsNnmDaQNwy/NVnytvbFx8nG9V1aWOVz3m1jevcTS1EpU3n/Zk4PHMhxEXRdxkEzs/bn3Q+JEp2MPoLJ6XPD8ko/F5UvlpfapTUz+M/v7rV19YvneV2l2l5d8ss/t2ydytvbHTuqvfQiL2kIg9JGIPidhDIna7iTj4H0k8X108ukimH9uv4EERD1Zvmj7GStK0H/LkAV52UsCWjTNtQLI+u8+7nll9EX/+KbsgyFw5srJlVz86zLxjOWR4FZw7AinGfjKCv2Rwkl1FZ+sCgF4AJBbJLOV7Dukpbkg8n+eXskkgieZwXe09t1a8Z7QSzMaTYdgx4J7i9veUnBlJV90ce0VTBCAa58WYIWCVqGk29NN/vYqL1XqJPFG+Xu0ixK3ZKwOJxexkJaqaz+liDdcKsnZ4VJonyMV1k+muJKTXhw9ufgEUbUZNPfMCo1LSMrsHsynLfJriReQa4qLI1+eoa/iAxHnyUg7Z08cf+Ix25tzEhgkkDMOarLThTx9vuLmWcWF0V+fE71HwlFuAEWJ4r6z7dEAHsyuEC3PWBFpic6N9oSCkaYg/AUFGhcSBexibEtNg0Gs8J65qV2PIxl33UswwWkenpQfds2s3Hydn8XpOvE10fBQt0my9cgvQT8+iq3wdXablBYWIpSWpgBgFYGhY5EifBebgks9IZtMVG3+PtgqttwjVm97woyHFLRrdtjIENp3suZOwyf3FDjONtCjGgcZ53upnaw60EECZL1nKHDHGnKXzeUJuDUnbnW30KY6xWDLDZWfJpWKqjdK34VnF1+oF/A/qb84q0BG2TkVLrnLHuLE1PWaz5ikGJAKBRUpoCcIow4VCIaFQSFu7C15BoVBIKBRiWigUEgqFhEIhoVBIKBQSCoV0fKUl+0dKJHTwrv4b0NKtiZowuUyE5VBvEM8xg+kXIAi65BrgZkhtFHNKDBJMWGmBWT7U2ORTYPcfU+zG4pRufeS5HEOgIQiVrz++glM4SSZyFFtmzb4sLPmo6Zg5dA7hTKgyDNqA7A14W8YIABPpaCyp/0pM48xZiuvHinVKzoEMD0fZWpQmZhJFf0EpUPGTtibjAt48TZJMJQk5B9mqq2ymDAJc+JrzaaAsloDMyhKgKL2Uscq9+2652Ms7gifSx3QDsj5LsnM0iR73vOrtZrHq0xoO7Q9fvPF1+DkOMJSdr/SjJqunXWpHHxLqsuhz0/j1Ks7Od6L7GaAHp+O1XgCRtzJBVdTfFSV3aeu4HTNAkZOlULotcWHY/95PlbXuAT0FkbREB6tpMiNGBa/AyFbKu07dk/NJtPf2wfhbEPbGLKotkljRfXvpqma6WjrBAdVMLkTajw9w/uhrhv+vCMcDS3utIbYPxM+l2tw/rfVF5odvW7rqVgbFK7StP4z+693bt0fj79//25j/8+79v2yugewr0bXrCsmtHYY6yaFO8kZLxBbUn0H9GdSfQf3ZbEH9qVtQfwb1Z1B/BvWn3YL6M9RJbgTmVdwVUSyx/C9aiyd3jNfi/fimxd+CTqZdiRiZ3CwHTjLlFN0yO8VyQJ8dA9ojhYLOG4qMoaCz3UJB50oLBZ1DQeftCjrDHQ6Afw3nBADZ4WFe2c3qB8o5eXoRZ+cqDoFfUdrRLiV7qU4Ru5PKtx101yWC9tPQ/izy/girXRRtBald0QAWRirP8wTkfLMwWwdRudH7pWu+f2XAGd3DpD0/A+CfxtOPOOqHv/89mqjiFjTWr7+O8bcCEBPux19/7SyBIEPY65ipA5l8nibJrIy+e4BbXMRT6L40M4BjCe8tFnwyv/2d9RI7GsNLjlHPE0q7j4c4o1HVpcBzLtdnZ+lnBNqcbFbRt64lvDHzZ/YAcTItFwqJeKfOckRYUnEU52tHJQ9uX0cfKlD98JDGqSiUxG20fx+xM14adHOiVhnPlzBRmEoB4hODfUSAIDNofgmnf+QHg20tC2hqfQxUUIV5dhon/U5LS3f60Fzkl9E8r575OanFAKuQbiyWKy4Pgq7I9BbZt1lnZ/jfjqEvcgymi8+oUIV5m3nb4iNgGp7QmUxuApuh4w0A0kc8DWQkrvRLpI47Q0f+ZN4prtZ83csETeSd18GLH988echMKbNHctOh1FWksxnQRpCd50JqWC2norneONNj9GAC7UwRpzvbZasvJc2sgHmBrVzk64z9QJjFl+2rb3m5TIgBj2aFrsGBPXdHexFUENgCOxj2aETGRqa4MhC5DwhcqW+hMhRYk13xtObpIhVWy71XL1oWCywgy94siHzA63y6mvNo0Xgsdu0PdxEJfsa4cTikKzgfO8KFli63RInLOCWKTr4i8OATjdDFEnEm1hmNj8KrN6ZItxpZpIctsOUWNjXUsw31bCst1LMN9WxDPdvu9++AMTDUsx0OjFDPtt5CPdtQzzbUs9Wtr1hE/ybV/RxbQrUVazsu1UkxikCdyaWlayu3SzOTS21c3XV3FVSV6WUNvEAxJ3uEi+l+0/5qREcZzWtlipYP1WuK3NtCpahq6S+v6g4JNI1A9A3r7gZ5JsgzlRbkmSDPBHmm+/0gzwR5Jsgz7S3IM0Ge+VLlmSX6qLQxlf27I59WHBbUb4z2FABnnA6ZKW73qbE83BTDTw4zsSO7JrcX+QoW91INrML/ZFgJTMyLGQc+4j8oRrPZVWdUdWeCUBrUSjhJq5e1G4/GdoywwGEjdgUAbcvtEwTEmOzy6/M9eFZXskgA5xz/I9vcfQh3tinVDp98jqeYiy3P6B56bE0QmMgnyntvAZDF8cqkk070hNBXQETLMGNttuHcNt52bn5hcpJmu/1cd66y1y3c6tZx5o1To3HorcjxfXnoyWtOeTcp57k+//Od4xu23jQL2CowRHGxThTwN4bRLkuO5Mvrqr6ZLyu7i1OqpMXzWgo33pUfUZz6EM9mH0bRB3SABB7uA7lxwb8WcPt+oItCu0379D2o5sTSs7LlJtDCvuun4WI7UBHeY+ppuv60+ktM/XzaSNxfWyNexOKujNImubsdYh+HQ0ZHLUSWX/K22+kD6KywV7I4r3JClA9wwJJsJpu5hL3Ff3HSE7/aIV+TOhCQmRHkofjKk7B+FO1Llwc0wDja5/EOmLHgyQ0dRiMg/KDw7yEqH2jQpBzY9yBEJGXMdWEia3oq1QHol01x8UlKaSV+5k7kjx/QFSktjd6TnGdmM/GQJ9B6UhkhK+WEsV6udBiTBlCox2436J4v7jQliuboLzNkLX9JWJkjbrQgCKGnf4ZCWvnpeEIk2lIighDHZBt3d+Q1zmkyjbFr42005hiCC0p2cxEXKFTNTKUGAlzLPLxG08UpJIU/3Byz9VQla81p4yhRz/46o4S2+DfpMA/8wPYqOasInBfr0wkIm5YcNQbxsjysL/fwdJ6fHs6OkqMH8fE39+GP6Wz27TffH3/7/YPk+2+Ok+R49t3pt7Pvj2en8XeHy4/nh9NidvgRyE72CymBJuf5b54dH303fnZ83JdKBltFclJxFON1Rl2Oac2lM9+2aZ8Uhl/rEaUjFI6p3YaW2O73u6+2Tasgrqx8yrioP+UVa5RdGCaeT9dioJMd9a+XeFK95I2e6FNcpBgtpPht4mQnpAg3j3BLT9fpfAXP9K/+gzMWWU7uCYtPCS5Cmd3EGvJ/Tp4/Qxwj2jhokYNrXKqVXPcWq3HUFut/W/sbl0N39GfVi/LP1KfGb0/xtDY29ZpgPaDml3/9ytxVyYtfQba15yXvqfXn3sKmhMkBQrH6RBPsPFMqXa2l0mS7ZzUNydi9of5E0TctTmN15kPMwU7RNWZZyEro5/24NwDr/KqQV2aKn7TPEZ/sdHakf3ila6MNm2f1Y0GfyowxZtfjVBKeoe11pSJLjaaof7nDLlR3LaLeNXtT20rNoiZo7CBnRRJ9Qr3rjW80toajIojDMK1QABPxHs/LvPHEc5j29Gb7M5JYKXaXtU6EujSYPk2eTDgj7Snw1UnsznrJreoaI4rqDTa0tZ/mhnnCqW1bqyNcDzQW9TrDpLK/TvxuH7EX07UnVqMyMn2fYCEWzxkwdNGOBYg2aczHky0cyo6Lqdn35WbgbzulvHKW4Oychj+X5qXftdtgLtZ81Meb1N/3rkcum/wSzsVNIbgeazBq6y+3RmrsKaBzpf0DoLP3y36SyNi6c3texFu655Uqb+chj/Sso38NY9vm5nhLSSmdr3jMp29fbST3sStb/2BX2Yv1Is7GWESMJGP7ucObjp31XEqxXixOMhxw9rQzRaovMdQd8YJ8tEFU846txEb8k366T/bT1Q0ogt4osVWbS2VeygFVL06pgsjC9AFVqR9GESmZL9MyUUkbOgfCoFcuteZa8ln0xAYvKrZLlRq/fZpA1FUE7ua4IS4DW6OGcj3Qdt/M/Naj0921a4PPfQcbMkW/J6WoKp8oO4R3WYHuLgziajhkvSRYO1HA4ZnzMVIj+Kk1vW4zSZ6SDF9u48uuVfJKnGutrFJ13O9U47lGSSrtzqQ8MDuTN7MwhLFUE9WHxiT0WsYpe5qTxbssTdY6YzBzc0Y/c6YnRS9Zl4Ju8fUU9FphXyGu3dnnuFVzxmmkeJRnZ+l5/xb2sAakbt8ITRtf7gpNVce1jHh9C3UiTC8sXP7cDa7by4TWm+egmycb0ygtD5zL6OarNFXbxPmyzhGUNeOCthDjCZoSVq7bAzLEOUqpedTWssqKFZAZczbwZieN8nOe7CAItk+lNp0YDyptk9GLau2lslDnsnpX03+JuhN1+tPBzmSd5PzTb/p52shjR2ZeTd4jTmUJLMRFeo6G4jn6huv8hp39xq2b4ij3+hhrBmHGrdnDWj7MmX7CdR7K6DyXaK5TVGujC47erwwIlG13iF5iKQ5aXfR/PdfAysgG+ZpcKfAGK5X7xjZMkVdKzDtydw5KjdmW7lAntuyRs7uTXjo/tBNimrSXW1+MfVkn78ju3ET2ydb8kwM4ZQ9twK5v5j5y1rsTfSoT3z3SfjEqvrBUQq/tD6De6hPdSEfBNl0dHan7Ifevy4t8rnIss9dmt8IjX46ZRksAaJUpFfcxTp6clEhU2ccJD1vvekeWWew0saIrUyqCZg/g3CKXFYa/99ohcYWzORj5yRNhfKg6vJGdvHz684PXzok1JtdzxGvddizCYl4+pXH0I38UfXrgFoxkj9+YvkjjVK5P0cVKgCNPhJlxdvhn7SIXPXr12EkcfLXlw+nscKtD2xjWka2CWogrxUPjpbfPZJe8eS/jKxUDXnoYXznN2qNYQoHFsw0pBPpRYnE1j8olpqOTtmVgDOB6tQb5CtNOYxqD9JOUUzRv+Y5gMVxrtK28FD/In9gN8gehEEB/GFvhgij7/VqVTytwb+uCpidCoOh08Wpf5iWldeib6Y7cNAFcPzpKXXEbjGbYaQWvVOo+dXZJ66Yl4Pgca5GuKGmgOotwMgmypaLTHvEl2P7Z9i+7uob9w0432D9StRbRAhnhsI+D9lH07rveSZVQU4Than5NT57ANEPGhYKrTJ/saH5TkOq1m7W9OsR+1gsIghzlDPUDnbdhOMnWvc7yQ3EA+1QIoIo9s/ux3PA3jAeeZvWdxSH4GtglX8wg8Ms3ojFQ/+KMTAPwY0dr1WzP8/hzurgGTKr135T21ANYu355B+xhmoH8jqGmhZTc9TtwPr5tZk1pdr0w4/5bYCYPvhyYcSHZXUOKe5WjZAQ79TtTz0kkV7/8zAJJep7lTr2Caj9QIICigqawkOpsycrRMgFI7AtdlNQgldiyMfyLDmmhM35dJvcwfRol/0C7M+xjdu6qa8zNGRPWNShHhQFTtYK/MebLPDGczKEsanLerZVWrRebBPq7uueGR4J7IBB1ap0v0eNwqqhBbKcDEIF9bWuL+PPT69hS1a+25sSfVX0Na1s3Yl222V8hgEhjv/vG60wINe4D4jNa2zVAkTvuAKPSq+8QjH704trgeH0qtErnFjzpCjclExLMHmVrzzh7qP4u863Xi21H6rNrg/Z18E0Lw0naEOZT3+BtBqAuOsbV+Vik0vG8TEYNkwULSgBqrqmIwbmUkzEb4eDJX9dU2059J1K1dLvxXJDc9k4FTxg5uJk5bTiL3bOS14RpaXY9l4z0q3ENTuc/7iWTZtd0yaiOO8D4j3bJpNk1XjJ25xY8/3kvmesRzhdG9LYhvONLxgzid8mcY51Fn2uGO954NsOuGXtWG87jS7loQIDaNaaR+32fQQVfahhVKlaUIHjWWp4lu7d/Uacb2L+SashBsH/576PUoN31Tkq3isAXcPQ/q1yqdYaEN3Xhly/ophVm/jGXg0HU5glSUZ3dMAehOvLz7WjzBQmnq9Z888wMxZ0Wtz8+XC34Izk3+jwAVdsRMnkaGwdE7vqaE+m9HcNbrZ1CRvDvwabbn23DL+zIQ13Wg1Y00oWNhU8aKd4XWDIxDe2Mpq2z9K/r5FpEeqvrqsGNbQQsGUkWTgkA5E9uSrj3N7ZVSADsyjgvxgzcXQOte6QmL6QLpqb9AfgJZ9SrilSxNug9FWcKLZGgJX2xXPWHw2uIq7Sq6A+Mv8VYeiSdSwEbdGbCoOekWKTADvRnC4LNNOXHLWbO/Ch8BeBtb2fHB35OWtTGA6SU2ieeaQfuH/j5/Enf/lPfaPKDp09fTCaT6G9JkStns+s5a13X7XWeuo4xGcNLFeCprlepqyTsq2dKCFNJABmRmjO87sx4TOP5Ojuj5BsyrGZs5lf93BCwa8mS6KN411v8JufQbLryxkXVld7DjV61DffacGjD9rerE3nrlMLt0N2gX+Y8s9nEYk0xhwXSq0yH3j15BuBEFOkN/sY2j7PzdXzee6V5skiVdf+sp/pqrX3nTiW4UD3yOMy4TvcyvZcxNC+NR1W1zuV7J/jRg2CSWDzb2Yq5N5Y6lvxktS6oDhYGhopmTSHCGdYe9E1Z83SluRmspDeHLkD6UPnyL6J9zCPOYhPzPirk7SCiyCcdEz7Pp1aKeqAAnXhuwp8rx1Ty4p5RoCi7xsEh0KTLd0HJBPgDAosFEhhg+rHkTCA6HxLcx1StJ4k+nOX5B66bKFrxDzDp1fN4+WFkQE97MlUJRCilcx59mMibE+zDF+hn9T2TCa4uczr6JW8K5ctmJtPMtuybkvBOwoBgdw8ZKjzXZ/CD90SB2ueJZAJhzyf2hAIOPykAhpSwfQCuSSea19KFDWDe3XtvXKQmmBWb33orhR4u9MwAnUyQzft9R90hHY9PD6er+SEm+UGEPzwgV8yFKl/knfDQBgjxkHRa0grs/OoqYEOnM146xe5J0DUX2hPxJJ4DEOMinmI+zhEF5354e08eYamwe+8/WGDVBAQ7HHSYyFO3clYmD775lw8YbZfEhbAUhBUfNH75HRt89e096RCm6zWrgbzfAu4EuAquNSUbD1Gn1+rnWVou5/GVotYNSk0hZuplO2G4OHvSdan23nNKVCHotEjij7X+tdFAVdm03/QnX5TSflRZJsx8DxeEhVhhxg+jv+PEf90bhGt75jL66dUzvndwkItc6VmVaDnBn/auEWOeaH7iBnDHDAb9TOfAzSJfVGNrSI6uJIJqufkxAaraEvqAMKrKLuBPiFSDOIXXKaZrac4XOlMZuuP6DEZoEWxJZe6n6VYN8O00B0RQy0JGoTkPlADk/HHZVVziiFNnNN9W4bccuXk2jAXFJmcX5tbsHP67nq+EMhbrDHPwR0lR5MWob8tQ6SCFJDwnEmuv8OZEmOJfYt4dOrEd863glFKlaLWetnrQaSQNFteAHNlKGc/Zcty9usgs4iM71QMe2jbKGGxX3BgEgo0PJlUR4erDCCaMXVFFFqwEcGI1Atz790gX8ZmlZ3YFYTIr4ZEk0uQ7oyd+wSaq7X3WnP2c5oxGePTi3N/7N96y/TKZn03gp4N/2zu4FlIKO1v6008OZ4vIhkKpo55mhArXSH55gqrud0ncP+U2NUFeLdgoXzXIq1BkSthUMLHl8uTA6zDB0GpQW2r3RQC8x02wgIlE4OmIbn6vAb69kf0jcJan6WyWZNWfXwnTUf318Xo5x2pTifctjikRVNpAFTooFX9aZubb6wkctrM1JfeOZzNryZpdmKLKiIvvTOcp8WAEf9xGLmSn1c+UfUgiQlQ/JjHkinxWiKY05us3XZ+APG7jDXHd/k7v5+Av1ZYP/lBjxbWQjLUviauc+D1iaGocuMU79WdaM00nuZRrkbAKeLHJu6zoqMl0nufn8+RwmszHyJy+y9705K4zjdh7tP471ClJpzbFl7lu17lMaKLRB7wIPuhbzLPPdt0brOQ0X2d6Ibwszy65xMu77Kkl+VRAY0zDPbXm7WaUfMx+8SWOtvSKZvmsN+GgaZZ9mhkMTv6D0HuXYZYRAumEnvkqW+JspnR8hMRTXbqGtEMAAOoY2JB90/nBBwKXN/fVD9RW/bpn/6wtJBXaQdXhjx3yl+8ySgaiN8AXLxRE30Iff06u3n8YkZpOGEnMq1+D1ZCOuU/KlU7ngKtSzLWv7CDMaFkkjYLHBHiLImfvkLN1Nh1ygMs1WmBKwSuY3f5kMpHNb9lWX3zItVGbjwZgMRUpqFRojbbcs/S9giny7VcWGN5lGg47QGP4OwbReaTomSJF/sBggoWdaFIkXHf58F025kEHQ5j9rM/kkJUPo7+/o+vq3d7D6N0ebSjcIcs8Q8i/vfeXdHaerO69nyyLNC9SD6M2t/8ZHR+92/u1Nk+egQpfFTurd4r65kzZD4QwkP4cyRn/X7/37PIo+h//Q77BGR8ddM15kFzJZT1b5kvVWMu/AGHbv4dX6D0e710mHlue/VPKQ2VqJQMj15BGWV8KDSHC+1hmfa9XVh1bZAQGBSryLjO3bcnWVu8LezpfzwSVdUw03Th2VjytSMGVenYNp1quEOW6SleJDzjgjPlKaz/yENalreszqR+vZAL+QGaHs3d7SiRAfvXd3iQ6af7o36ll79b28hgBj5z0ibJ4DeBhslzcVICO7hDJRB2PTjQyN+XjZCArMdI7AaseRDEcOMoAqt+ejUynZ6sN6tuxTO1dRuU1NSZxGRHtyFMsog9v4/HfTsb/+ctkfPhe/j4af0///Nqbz6vcpoD+Jw1+VI3tyidYbSALxUg5oeO8mElq16oDkjgIXHiKipFM0rhTGLpDFOTeL7/ck3F90Q3mBF+RoRUoPXQGXVBXE92TvDPLV/zMs+d740YPcXmhuj+0H/r2+Msv5dz08bK6M6yLF+f9hUflQdWYE3z15PWTVz8/eYx5SS9hw2R6MvW/y6+/wthDlEPyGWuCAJ9XEZwFOtt7I/iLQongT88e3+1l6/mcP00z/m9c8n9JZ8t/Ag9erob0ikx7mqlJJTwnnF5eyB/CEw7pND2Dt9WS0wVqxrizeaL+yPPlkB6X8fRjfC5zo01HpTf/kzV+cEtU+EPfriNhdoQIwNGMqwd/Vh1xc2btl190N7/8Ev2viPlDIMFDdBPOaX4e40/bzPGzOqrY0bXMsUhmcE5hmG2mqTqpEK+Znu8A6eUD9vwBiMbHhExn6ob5kM9nryuKGLh6/S9cQPp5Ok2RHsXvsg+rIs7KVOuYUVJ8l/3xSillfc9B18RKY/xQ7rMsddE4b/Tgvnp4uptO9fT4kuQSrWxCgXX89PLxyZsn3pp9UruXKof+u6z8mC6XbO1DjYfietk3wZsNI3XzGYqVk2swmfhGXSAXhTDrfW1A6S//qmIVBhRFyzFIuGPM9dpfldhj1s3ueWowSI97Zl9FANWGO9z61Qhgg6idE5p4/IrTrUfs7Rb1BPp6H+Lw6JmLX7++QTZibgNNBJuY+m4oV79qG+fsV2147n7VBhX768/lr9qd3t2byfWv2qY5/1UbTJN7X/V4re9mGdezqXe81zPURsV7xvqz1oedqocNi/5IGdNNSv7Ip5b3Ol4G/CscVXQh4EyewFZw7ZY2hHjKKQuB85gj+oiZDz/ndKjVykG6oiFZptvAUJ+CMJSdM3BfAs2Sxe0443dQm73x2pVGWp5jhRp5gWu0dpzbTiBgiyNJzW9Do/1EOiMYfElQe7HoiPRxJTvE2dUpWRHYPsvannUOSZ4qqIJJZpwukjl0u1DQh20qNUz76hcPIc/UGXwBdxj51qj4U2vh2mVPdEyyfrd4Qs4c5Bj9/KfXb0wkpmG2bHgIic+40pEqjewcoFG4SvCObDlZfA7Ab+z91jUDxbvocb6IU/9icz1bUOlUMa/Kj2nGv7JtlpZj6pJMxQ8m7Qnefa4zIABwPrIZFTv8wR64JLaKWCgU5+yd9grKtmLvRWbj7cTigQV5vyDJVAXLWA0gmzd5o6qOqeMCnbQf3K13UID4H0k8X108QkO09zY2P7WKrz1vPHTvucolPXyZvuLBIv78U3ZB87nq4wK94kGHBYIOigAdylCeZFfR2bqgIJoiWSSzVOdhIE2ECh1GPQKgPnqm7z234LFnDhOzh+RA1Dvsnqogvaf5fulwUMaHarh3f54HJMKv0Ua6Xr5JF0m+voY8RvURVGwqilXJqpKskVylEYEH4jw2JNM5FVEqzKGBq0HAyOFf1aKhL/AKSsvsHsypLPNpGvsEe68uinx9jgTvw2sMRXjJ7qPF08cfVLBabx+or5+tJfqJ0gGIZ76u2Yc+AXFhXMI4mxZxTT7qIaF/99AN/ayItbBLLpFXCCkW6Ajk5SpeLKN9Uo1JmED8CSg4yjT9CalhsDxbFfk8ejmPs4SGhL7jOUhUsx2PJNt6M8syg2l9D92Llf779/oxKzUJ4Y+PMGccxvF5JWG7ytdwJZcXUouZlEyMJjANWPZInyC+GJPPWgsMXxztLPGGRQjfCEu7+8wwjSFYVDA12MkvxKbJir3u7Vw8vMmVk7JKVHBHnhZe57Z+RudAd1FBvWT1yIjx7CzFqr3sVdWkZeS5VqD415/zgDmxkhSLl8pwflbkC87pokBlWFtC9gv4H5Qqzirw0p54TBs9jKGxNVWWyOYpSjdAxqlcHfSo2OSTl093qn7UFUh99EwVbKMyAJJkX5Ys4PGK/xiksRoUFL6JcuvpGU++EKt+HC3TZJpUMyVJ6VX5EdaZFonO00MEY4A7lXjDqxBBCdCnqPDDP+WC/RIKAyRwRT6DI+2jCItEXc5rfDIBeSk9A0I5kd5gV97ef++nBMUoWCmQMlIRPrJeQxNSDseJdP9GClzmutoiLYhqj+eyoDXGRn/09DXfo5BDs4S/o/T56160z24yZK3d40npwDy76qaZHCfDKdJz4HI93avI9+ITgPgA7QuYFiO3OqRh0tLKflGfLMAbZlqFj9fAHMx8X7MmAM8Dye9RXkFvn4kEXuQgwDNrDCunmPUyx6DlZD4fK+enyxgopJ+FVG2tWHOBcRyYVG7gAf4Iy7yus/tn6HsTCgRytYpAr8QbTKSyCNw7izXwWFeHRJ0xNDsvysMZGoIOy/R8HBdA4VcJXW9Y6mMM7yEKkdPgYvYb0jOOcek+vjuD4OkqS2u3TeD5wjpTW8OzJTEAQAkDicpD1Cx8SpPLQ9RVwarHeGjG4sF7SF4Vh7+h/1wH+Mhj4zphSAPcFUBSMOnhruGoHHM35SE8oflapROpjYe0kNX4HG9t31eLeMYXWpx5pHXFds3UAHeLAgunV2Nh98bAP45JnAbGAn7f9fas02sjuj89fXxXUPvwN7DOHZOIAebDimYIfTTEKLbKF+nU+a3WmjxSAvU1JFxsDGEiw42BSNgn9QbxTzNYUAFidL/cB/wZZxJkawOJbKwiQgOKmgHnyLBGQQ0cnKpTleis3/F5np+n03ge/fgKTjZGQfHxbllBStoElgzVpMxMegbaJPOW17H5qbEbdjRlzJoyS7uinNGZk+bAMdKJgGDoMZzhVslMpjRhkyj6i0oDwO57ZkiMvz9NTNKvc5BDffzLUEJZl5LGJsJqbawwkclGEsbSgyE+GoYBbhE8KT/hw9TfiI79BIZhHhcrP73vZn17pLTldr2rHOJYx3vj8aIvurO5ol+tvHtfPY2/r+KsPwnSNVpK6EBLWuCzVgNJxQBS2vaP3nmkpZL56c7HpeIoez9VVr8HVJ58boGqTZMZMWN4hUe28ab/nD/BNEVvH4y/BaF6zMLwIonVzWSDQZlSFRgIJqgc7EfC/ZjiZ9HjDP9fka0HljVDw3AfyHC/Mnv/tNYjGa6+bemwT4Unafej/3r39u3R+Pv3/zbm/7x7/y+70TZ7nQMgF69Q4/86wRtiZy4LqtaJwdWSB6D7Q5UByJJL2EplIlfaVFabObs/FTuFG81se8FRtK/616Z5cz9pawYemTJH3VbZ5zVO0gjMwY0zt29ytwq1PLjfiy59hmPgJmAur1cF+vo5bdYVdKl+pgyX0wsgKMr5hl9R58JNjkuVhIvNSNLDIF8SXz5jdU1mGm1wUP4JFSuE5HrBw3KeZJTd0YBJaxwaC/bW7Ul+GVErUn4xOhZnsDOn8fQjJRf8+9+jiXJ+o2F//XWMvzV80SYrwdQX1ltwf8zyBfyr05GqMh17+TPlgoopjBMgGt89qCRpVLOlPDPpYsHG3W9/Z73Elkp4qXfs84QyaaHzakZjCxMu8y/XZ2cppaKUimrf9i/njVkLrmKRIKKn5cIkSKqGFMbF+drhIWi3r6MPlT358JBGqyjJB3gEqS55sdDZiVp3PF/CpCUdp8phhqAhXh8u4jkmLhsCFRzHjToti2miuPog2ld0kvT06ueJ+JY2hyrfvieQHezImut1v6Iw9BgYMjLH9gsIQ6hIS9eamFzklyBKC8mwLI+c+G2FyLliX0o0u9JbJJnqeksCd+cEMHUkpihfSWJU5SpCqrniIxf35iFIJj0xnhqwu0c8GXTxv9Ivka0EL0K0Bfvf7sdHir/4h3CAo50t4vRaMMbqVxc0yVfx3KpuSN5DGhXq6APHLSP3wxl2xUDCnt2gJ0cdiUpT9SuioxEx/QxPGY7UB7IvNIKQZHJ4AkmJJjdPF6nEofjs+IuWhatkguIE8EFSGPOY0XgsUqk7HP0LQqif8zlQ88fJCoa4Brxq6X5L9LqMU85djRonePCJRnDLVSvKaDmjWSSziT/WSeca8aSHrTHvzqNGOZSV78EFhri+rVX3iqOlTNrAGE0Tk5zccprusaiT507W5/N1+5D3FS4sNcc1uoGpIybBxmpHcsunCZY6WIPBqdaQ07C70bnodTbIfDpdF3j1KxFmnp4l06vpXDN5gC9w5mNAFwH162S10xDMRfz5afbDPD2/8FLPepfeGV53Z3DRnU0sd9ZyjY2HmcIFEjK43874qYUler8uMCN9Fglh5Nj0FJPde439ynaTQ00dd1eqeAWzwyYtOenQJCUrTIkjc0Z8SL0GzeezpLCRJ9pfl1y0UAXGCP7hTYP03KDpAWryyHNZ9ItEongRvot+ka9gT59mIqzPo33kYxGpE77ybDgfjNrUj6ROnF/GV35JYCSpGXkGy9Iw4xoGo1xm9iEk1awajWmnnxHXwiGhn5LlKI5AIIZhTXm6GCt8TWGpXsVisKkkzFYq9bRUA9w/+tdRHVcsLoFlllIrX+F1X58oJjbkVkfXUDqNfeFhZ+StKemJJZAIc+BTjEaZ0uaxVl6N1q9hxsY1VDjJJlWSMZBAJ2qKnepTcKm2VVjDAGsK7g50+tNydg3aslfcebSm3hEbzlLUFRbxopxw9VDKVz/H8ITe3hoXulJMvkFz7O/VaLyUXd5DjLovc0CF3ngffn848bfHqCgXl/wTKU8BI7u0K1GKRCs9u5KISqMloLOK9AUpjXfhgXrdy2jvFWmYRtHei+QyKVeYK/tHIOC+dSjIsp3lhp/HFN6Y4WQk55vZ/cc2HLBWuiEmUmvBYzTfJNTjiBfl9Sov2+tVhstuHV+IP3i9LvyquXzpvNAbKyqqxXJqB0djgPxsjZVX4lO4Nr2z1aobpdm99wkxQgomkj0tQRpdaUvvfvL5YfTtQf2m9b301PTMvYT9HR/9a68ilBsJUjg7ydpzhIZoMvYasxlK1X69ndQWR33Pp2vW+5Mqxloi3px4iTLt9xuhohjcATvyQLEjKH3aLInCGmC7/DzQ18uIrBXIWYoNm03t1duNc61KIIDWUJAWxWsYg4eYnQmFNJy53v5ZTjvJtpXo+AGxTwpLPOULQe/oR7L+zy3kIsd18i/6KKE7TbB5DaJBi2AT94gREORSCZIIF9IstRzrYp1lvmEasaXdsaRU2YzUMJo1UA065VtyYRIqrA9coNzVtBYWKWps4XUT4Y2OzlAivDnZRIZtO0JPvMIAEl/xu9glAUZCsxUBJuEYevxt+0H2oc5e4zAFF/JYIb6xCrEd7Wg1mjKyOZl5e2HQkXI2Ly5DRD1lZvsCajuJlvfMigs6pX4BHVEnvWU/rY5tuktSr49j5mDXEMnvYtToEyzdQ5tryVEVKZWu+R8zFnr8PBSUoAQQHyTw+shE42qXvW+rmd+gZd7HsWfIzq0qwdZYeGYecWi0csdnS0M1W5X6ih3jdFR8D2vf5fhTGmdzHsw7kRM3X13GaZ6v0I6w3DXq645NCAPSBvNzM05bbH5eAr1OKmbgrGDz3JO4DFH3YJmja2KOoGsV1S9lTmvh/bW6Cn5qdLKIc3C/Fczf/+Ewp/2hMenYdhmXjm0g/zq4aPmmlfRuI04d212JVcd2d+LVsd1qzDq2W4tbx3Y7sevYdhC/TtAbetB949ixbXrGN49nx3anYtqxDYaxb2w7tk1hvHmMO7bbjHPHthFIvePdsW0D1y3i3rHdYuw7tsGw3SAGHtumEL6ZWHhsX0Q8PLbBW+YZF49t023aOD4e2y3GyGPbJPzUNxn6NvHy/hGmmOy6j5nwnnY1j9muhdpalrSKZFt7FsRb3XUQb4N4G8TbIN4G8dYJvSDeBvH2brCfQbyVFsRbZwvibaMF8TaIt9W2U/H2uur5dVbzUyUnhV9smqvRW6FSL6Ur3L8f5U5W6O0nMaVpWZnUIinOVUYHZlbtqgX6TZMFXCUR2KGU/E9b/k/q1Kh0GkLsWUxYALN86ulLlaxQYk8+Y1qYWOozVkoJOssEVkoAeg2oywRyaTqWHE+lxFLxSaWeWeSz9OyKQh6ZTm2UHLOdMK5hoPE5EDy4dwzId03JQtXC3VQtVPsPM5Ei5pHKwVZy8B/FftmhuHNgeTxP3IwKoaVT32iCoQjGWLBb3PJ81ecyHBvnH+dbVUWq49WdFHmkkmydT3vKafTOoC8t4dDCwa75DqsSLPf1S6TBOyhnSP20FzJcwqMvroQhrsezeCGtb2fVC7+wyoWVTf7CSxfinu+2aOHOwF/tVXHp6qRVyxeWNv+Na7I4n3gl2VBW+T9uFUN9dl2je+SNHuSj7E49eweTcy4NZjjH+KfP0OmFTv90uTn7iOU/UFZOoqE3mY+TYBsycVZayMTZNU4X0nTn4CSEHph9kxj8kHfzZvJu0gb90yXf9LpoQ9rNkHbzplEpJNz8h0i4uTuk+AeIOGWFXUewaZtKK0SbVt1xrfu6VNoRT9kIW3DPbWnBPbdnxsE9N7jnBvfc4J4rLbjnBvdcdwvuucE9N7jn6hbcc4N7brWF6NNm6xF3g3gbxNuuFsTbIN4G8TaIt5UWxFtqQbwN4m0QbxstiLdBvO1qQbztaP/M0ac+8meIJtUtRJOGaNIQTRqiSUM0aYgm9Z/vkGjSzol3PEDN2Lo2p8oJt0P+XtPLlTCO/FQILqnYFHdpf1Q9Et3XMjo7px13cGVG5kU9E1XmduhssHVGn1XBoAbVY5JeB4fTennt+UjqXqceW9eSJe/CjvogfSwMrGf1pohBMlFe89tG3D7DAjHCpyUG0NFKj6LqIsFfgjuk1IQL8MKleGf1m76ndRkgqsk6pyvajEZRUuj3SnEzMXngYiDPxyy/zKhoUaZdSrmMMnXYOTi+hTvCKmHpnZijKcoqyEd0zVzFkmG9FfKidtILxx0K4k4ZdxeH9N2gk+hivQDMwxA84n+kX9R60v2FtamAr0qB/4pP0eWXQKS3r2eHGELM+UUYVtHJZvcuGGZYdisefNf7hkRV7MlYwhSe3CvpBFirQ53vI5As54/i0uHCj52WSmOBiIELnl7keUmIhJiMemtEuZWBCmqNrdDJ6Hwdw8ArLPcHfdwcYEvgoot01RmK6Ata1Y+J2kK7zGfkg9IV30YIIE3dXvE2THNU25QsBSKPUiKsdMohZOOsgl+do9PBBwIiKYsUAYd9XPOI+CServCM5gXKgq7oGdzR12o9DGsVwk4pCzJVeoxvsN//EM+7EaR/B1ruzA74C4k0hhVG3RHRT/j1TbEGaNJ0RtFPGVG4jeflKpvlixUqmYChxvaZInMOHsV8IuauyTRfHHqcuecYejDRvU5oHKvullaw4Y4XeVnq+7Mk61d0omKVR9HpGivpTWMMGzXipGELOidhZIyz9RzEhCSJJhTtw9tkpofl5KlQ+Gk6R5Si4DKsjw2Hg66jdLHMC8DeTv1Zz2a52Ndxy8Xe+hrPuvURDt/ywMnWdrO0iq36k8TnttH1CoI1P9B5EjBIYqUjffNMv9syXSmobQSyJrStYO/vvulYUnuI96fjU7go7/esRN6Kzot8vSy5EB8GtyKNEclVxeqCBI65FwpWO6StK8LDZHGj90pFIbT+6+fjP9KA4i3QXLGbK3Rx0Y3FddIBi8XW4Sg2vy/6JZvnVevRlLyLq8X2Z6RzNn+JBjyiAz/HRYqnvHzF9RxfJWdiSyh/Wr7JH0Ono+glHv3ZtplnDEuv3XcU64S8BlLoGNmElZDvbrJiL5lfBmxHxuKV0LBtcsf4c/mNFfZoZ5o9m1N6TXIAts1kgYHCwDZMPzZfxh+blwKtRwDANmTvNN+PHlXXJRNgo90SxhUZRORdZa2uDxfx52cUOv8wenD/t9/9blvw+VxBpg2BZMtdVaN5E62ptq4tO/JTcPUy5uq6p3FJBbb7QPsDcVPIBE/ZEto6UKppKjCxx/eZ/aFpNbiWt5/fT9qv3u9HtbnCb4gJWBC1r5QoXU1ok0FSKOafFpKX6LV4Jmdpua9NW3A6nYfRUS/m9GVwcUui2IagS6HEILkyyO3wvIgXsCwQJ0GQylZ4+xf28VsNEmPdWPOyyGfracJ6ay3G1u9SPLGSFg1kOtg5q8wtSFYSOVzKdJSE6s4PRjlHRD6maOMa+z5UMsb2RvVjZ8ayBI5+StOQsKXQtlPKxmaRqOOj+z3IqN90vCaZfB5G//X2ZPyf8fhv7/flj6Px97+MHr7/2vrn+4M//Mu2RNEtiGLbWBh1ArxHUMXWV894HO3hcHvuV2gu7ndkLtuCsq/kdAWQ1yUkV6/N4++8cG3/LWMUINtY/vpa/XTwh/13E+fzg68P4SULT9+/HRsknbz/+uAP1rODLVG232rjJfryq8LmdD5ngtv5uFN65scdEjS2XuMQ7OJTEkOijgRku7cedU53J8YjkJaVXNYnL6v3qglIm1YkJegRI9Uyc7xVlB+uujN3Ysjpnom27OhVsPNaK1zj5TKJC51uwNDWuGea/VKf5AtyuaNUlmS9X4W6/YDyj+iFddGgnlSMnpB8rMdVMHWQjTq0t4GsH3y5ofjqdpAY5ulA4rDyaRdlSZGepzrg41MFzzw4PeFslH7pQ5rNAZYfaCvNOVOHpJpclVO0yrlRzv3olI6uD45P+hZZHTotp+jnp5QBcfRYftFqHO34hc5BWdmfcMbTG8XP/23YDnb6vhHo+o6Oak8bvizxbGa550TszwaAvEjPkZWeo3eq9pnq6b16Bn7Wc+r57DFKtOhGM3tos8uYOko/If4efjnPJY6H0o0u8k8GUzLYRSsUyg0Kfw+8Qf53mzo6DXJzGu7kNMjvrs3jSfvKeQzm8qbz+Nz2tzO+dP1fDnAv8nVcu6O7eZMOay3uaprE7nBPdujwNRSiOuLTXI9p7U6k6AB+q2/NL/IVLISUFuyUrIPYdG+UIf7yIhcH0dXFunRq8Lmt8uWYibHE7tXuyXJ6kSxicksBlgYpppiBYqc3mw0BFeUnV7oJgUtJf2IP47GZp3BnJLFL9uW+Buwlf1Bx8ZKfalzMrmg/vJedvHz684PXHlNtTNfrMNeG6FicxYd+SuPoR/4o+vTAYwSFGW9Mj8SIl+tTKZlgjUUUI3UnfOb2Zy25RY9ePfYgBsOimjd3Gd4sAKVtvBrHbLZDSC2Fx+KVuc9EGK/I+WV8pcKFy94EuKpxJsNHsUR9imsI0iHU5qTlwChN7u6kbUloMFmv1vF8jj7xmK84/cRFFCLz1rBxLJ5tjbU7Xoqju2i/fhA6BLSOcRyujtKtwzNNuVIAG7guaKoUSa1tB8gkLPOyTL14BGwVnYPyyR+vea5jJppAwYu1z/UIYPzRKynBxmiJA1TwUGXTVPRggRUYBCiAf+eo+F+RL4A62XDOCe5aaiXdTthj3z3Orq55j3GADfaYNOPo0VEkYa93s9eSyPY6d1vlyhU5vpo6dxAfY5q5PuTmUAl9yd52K3A0oBkOS+sflg/BWPsQWM89AaT8XoYBdmDwUZ9ZybTNMAf7r5f04bwiwo/cIvZ4lMkxbaeo5ldYxzQxe22wUfKlaFDUv7SRehjYdwoDzcg9jz+TZ8J1YmFtrKbcrB4ATPTLO2OExaGCfOCpmtGQo9wvkzZXKb4eNwJRKdPUhKg8+JIhKs411whHHkGOpxGR1e/iraGM8vIzi23peZZ7aHdU+4HsVYoGl+slOlyzLZC6BLpA/iEJQGhfqLJkgYiXqbE2jOFfdPALnYDrMrlXJJZTFbkPuutZmWZlnbhYn5Jl31CZrqEPT+f56SGwjCv4e/nx/NA8MbzZoSxtct5nBFCtF+98vGdUG3gTD7iNNkM1GsA6p6Jr44xKG7DcDjAFBn7ITai9G65x89UY2hQXf1almCwE2IIN2x4TfD0ZTfNzVzTNOANdL6R5kA5QKxvIzkE9hDbdCKxvRglaGciCOTEfprpMgumLbP0nXIdL67tseF65nSpAb2RHrpsrXBgu2t4FpjANnm3wEXh6Fj2pc/J4a3C0X938xWImbEdK/NU8v+QEjOifWUTJX9eUWEV9J5oM6XbLGa3I8bNnQnhep8gumZltNZfrYppvADPT7PovQBlD4yac+H++C1D7XV8vpGsXYBXU/ywXYJrd0AVoD2TBPFyAtba4frXIwig97F24lgvQDOV3AZ5TkWyPK5A73nJOw65Ae25bzebLvQRBCL1OzEQZt9dchy81THYVG10Q6j2F+jxLrtcCSwNsYIFNPsd05CRGKVhgt99rFTt0jbstQ6iLpQCi8lm599cZKt54Ssp3K7zVQMXn0MoRGwKwzUOqogK9Rd5Hdefn89TmIxXOqudZ9U0uzG0zXGtxz+Wj2oJvZMrx9dRVbafIN8gMPjgL9zBDd1/UqGmb7YyCDyVskKDTTdwPfrZdGGAHlR/4iFc6EgiNFP83Uhw/sJ1ifrwWWrrO0r+uk2tXpljDVA2/bGNiWZIVKnQXoVs/fXIbapWhRt8KuYH9G+fFmDfgOkHaPWqTx9O1w1PfZO9JSkkGqkJorM3LT8XVSMttKjHJwGMFt1V+KYFP9FuMlWHSuVQpQpdBLCCTFIsU2Bnf+jew7Wc59kyJpw3ban4U7ghw3rPL44MhLpLUxoMlutqHg8ox3T8Y4qcr4wxd0haL2nBZ9N1kMon+lhS5cgS9/lPcxTTc1HnuGJ/PC+W4oawm8qsU3xJm3rvkAjaRCCQSrRZuo7s00RV4Zs/OMJO3GlyzbfMrX44P2NNkSdRZongsXhvJTJtLP07RDtbxDtRRbSt8MBzpJjjQ1ZW8depd4SeuukRKrqQ1RvleFkghMx1R/OSZ92YgspFbzjzOztfxueelO4gNrMDjZz35V2vt6Xoqcf/qkTeBwPW3LH/zhQ2XMLENLvaHbdM6MpUB69myWE5b8pPVushUNQbRkyrEOcOEZP7lZ7A9XWn+DKtVzKEjkNew4h+Pt59OkolUsyBuToXkHkQUY6mrl8xzk9eWOInOM6K9uaqHXmpanKEOOGdXVTgamigOW1YyAZ6GQGSBB4aZfiQmNTZZnoBvoKJGSfThLM8/cMo8sY98wMSaz+Plh5HZBtqfqcqrhDwpzPbDRN6cYB/DNuCsvosyzdVlTsSh5A2ienrMQps5l30TE65P2CXs7iHDhmf8DH4YOF24U/KEZXjxIGQSBtJNUmC2LqwVOBgHpSvNKy51TrjcgRPG4XCCWS35rbeIvAQMNT9AMxP2937fUWpJV9Oih9PV/PC/yzzDg3B4QC7TC1VmYtgKX9jAIU6YzlJagaO/8M8N3TkZDJSMgi9+nUSNEDyeY5rGIp4Cbwy4gkqZD2/vySOs4Xbv/QcLxJrUYIcbHDjywK+cp8mDb/7lg51+RC68Dxr7/I4Wvvr2nnQIkx4wt414VI/UkvW2DeVX6SVrdF/9PEvL5Ty+UlS/QfEpSNZKX6m1T+KITZeywoxBE8PsKNFpkcQfa6NoY5EqFmu/OZQArjPY7FFlybCKPVwc1jSG2T+M/o6L+HVvA6zcMxfcT6+embTAF7nSkSsRe4I/uXKj1ds2uPVEczM3jGVmYMzAPQc+HPm0GoNFeoYEdQyYXdpkA6hgHtbiVhumEsnWGRT8CdFvA97kdYp1DZuzhi4p4JtSEtTmMUK7Mm24mjxXCB5ivVANMPM0B2RRS+Qsj/XZoBwjp5brC+NyJYtu822VpoAj1s82YY+xybmHGTaHgP+u5yuhtjpXUFHkxahvE1E1w7kw/SsTY4t1zEdzOnyjXGKZZDrnHbOu4FotK+7IWLjo9JJGkMt9jmw11qA5c8YRdV1a5Ev2rgdUtJHxvMy5SBoDbRggtjy8F3GpinEjyCSNeom8gMknFYu1EHDy3zmBFsJulp7ZJbTJnIjHlgjasHk9GRKYptreZy11zGn+6PSBXtL7e//GW7lfJvOzCfx08G97B9dOkvvz2dabCrmNyFL2M+pin2aELjdEzCX3rak0ogqGmIDTFuyVrxrEWuUgjrEkAJPumNgIrCxAxEYrnW0txTBUeXNhhwiZ+COelFhR9hoA3RvZPwLXe5rOZklW/fmVsDzVXx+vuQZdMpBvwHQ0yJgjV6JCnQFEyD+3zG9Y3ydwUM/WmMJKyhuo5Ws2hbKpw4PTq2g6T4kbpB3BjeXUx1r9j1eSaBR1Pybr74p8qogqNWY9ZNL+IcLcxludCvtrvdsbfq/QYsPPNf5cOwFaDyOhFcqxRwxWTXYwvNwg7GQpUnEp6lImXAQOcfIuA1FxGK1vie47z/PzeXI4TeZjZLvfZW96E0lVGwk06JPiUEEN69FLWzWQv9DqbFpg9AGvtA+WM2Q2eJY1Jh0gcJqvMw0ABsegHomMwASfWpJiBbDaTWEYGiGbZpSuUvqHmBX0+rAeDepW9FiW3wQzVZzkDaH6LvuUxoP6pG2ZUD8fiJ6KtpUO0zSRpHSDuiQNHmaHT+PoA7Bp+2aIgw8a2FtivPEfYe1si41l0Ais6SXF50HVAZcDeZbvsv6kbNVmbTiBAsHwFnr6c3L1/sOIVKzCgC+Abg0DMed9qECae8ZzxSfNL/GjNV0gespHvrZsaynDjlfKkvWCKnAxeq2zKZOWco2WulIwEEbfn0wmgiCDSU0rgogrCt0H8wSBvNF5Y21lFQzWjqaD9HFc9IAlpysLMO8yDZmdQQD+jucxyL1Mewd12SSu2JUmmCL3lA/fZcMYd5qmPccFJ8aUesoPo7+/owv93d6we/bdHqER3K/LPMOdfnvvL+nsPFndez9ZFmlOhfz+56Auj4/e7f0K62vOWVktxWtggFUNm1mhmjX7UdEZoD9HDOdBvf6v30dH0f/4H0K3/ifM/uigOf9haJXbvrXQ7cOWuZeruFiVfwEivH8PmYh7POq7rL+OQrNRJmNTcx1o2RTEgnxh1e4besF5+SF4+xFxQ+nIogVYq+HJs3eZ4U1K9i0YduKy6Xw94yNl8l3QbWxliR1Gagq7gj3QG7kylbM7XZ0+AJoMPeY/8kCWIwTIcAWnI5Ufr2QaQ8kSO4++21OCH0oc7/Ym0Yn14zA0pw5YIaB9P7TvSIwbAnLRMClXWXUJwlkuzmBATn2gPWgoMRSh2xrNE+HAN5aBOLk2DOtV5xxtB/cGIDEMm57X1lxb/zTfZT9mjqqxbU3jJ9oBS+NsVyyiD1jn5GT8n79Mxofv5W8qawL//HogG1DhJ+CAnTTkA5nB4G5BOo7xrtKVbtUlrh0Gh+na2CGHtGI0R+OwZCjeYEbg3i+/3JOZkgYX/s0lfGHOSQkPkQzem9wbZvGq9DfLV6qfsT3W0HnO4vJCdXRYn3Q5108H9fuyimVscZLQJDLLsVVqGHP15PWTVz8/eYz5xS9h62WqMtO/y6+/wmyHqy7lY9ZTwrlaIc9FVGdvBH9RCCb8OZBpy9bzOXeQZvzfuOT/kjWC/8RaYKvhfaNwlWZqggnPD6eaF/KHcNzDu07P4BsFBC7dy13OE/VHni+H97uMpx/jc5knIQaaefifrK2Gm67CfQ8bIBJmUAgPUIa4Smxm1XG3ZWx/+UV39ssv0f+KmKO+hjl/HuNP20/4szrt2N11TrhIZnDWYbTt56y6qpDPYZy+WigpZz5g/x+ACH1MyNSsbsAP+Xz2erAgaRR+qs411YMHKhe/yz6YGoWDryTUFLzL/nilTBSj6iT1wEP5S21GVA78LD3TaG82n26J/LeyptDlT6UGZmySzLPop5ePT948GWgFIxMVa1agz3dZ+TFdLtm2jhoyJTsMUy6RAUWKHp6hEmByzSbIYTFpVIpt7b2xA2qM2B/4RmwNr61WbwNWM6T2WtvXfkWOVNvU8d+v7BG7Lth1L0haqjj/e+dg2KJEkt8Yw12oB9Ug0h9tXEGB20bmt80N8Tdao0i1LWsVqbZpzSLVBtMV/xpGqn1h2HCTNY5U267WkWob3hGeH3i/7HcPjuv1Z5xvew3eP/CYCvI5Hhd9vgbjPn2fx0z7rmarPuWjPDsDTrMzp0xXwUv1XSV2nUtUY8qcnHKMOCyBUrya+sBj0CyZiSLB3IpGc7mb90d54ddeayQ3ebmRVf1Gn9DvHiLiQp2xvfrW5ziRlgdOVOhCgtaPGj+yMtxKl4BXEDq7W7+sT7W9QS1LKmNHf//1q/F4/JUpWfgwqqRonkjK6E/HX31MMxjnERkwXkl/ppDpVzYv1uAVpkDsgY3MYGIFdpdmuIDxNB5TlVGglct0XF4B77Q45L9hWbBBY/yQe8izVZGjQ9v4PMkmyDeertP5jPv7pCb/6Why/N0Ei5Dbl9OUS0JOgN/k5YijXfFQPcJU1F8J9qnfNNCS1SnWqs/OywlcYQiVeodf4enCsWCaai6yGwVeA1cPo78kpxd5/pF+veS/1WawXxie1NSKSScQTCuHQaaHAJIuxvJW7SVSUVTAar2AETAPo0OeqkItM/FXyac0uRR00Agzjj4dW3+ewm7jv8+LfL18GHWBRWYjuyAXovr3uAb8KBIU418Vjr1OVn9k8NM7KCb82f0expfQu8v5uojnrg3lTYK/1vO4cLz4VcQWx4fRCwVevBo+WVAaW6VCrdPHe/bpOJ4vL2KulVYtOtdZ4K2bc+lcucSYoe+DjoVovlyasAlZMGoz4LjkABHgYyrVUhuVUUmPoHzKrPqnViQ/lUEtEspAb7Et7UKHRXsq9M/NuCHEJF29Xa5ONgRztVhV+cgWJg512qmsM0XQa0o8r10v5ZygNS0/R+5upg2OylUNPd1XZD4vUDoTo3dTDFjEV9ANWY3WmdWfGMxrbz9X4WkPbbc7RZGn+WKxBtp7dUikEaO08qI8nKEkeFim5+O4gP1fJSS7YD79MS0kY5+Mxew3Gslbbp3G9Ugnc8D24AmVEn+Wwd3sAnu+Jqjif6Ot4bxTYlYzHpBd+4PQBPAkUvuEKiyTFSebLXPYDEFwpK14By7SVWlUTKtG0N8jurWInV9ihrWGU+3TDN5ZJPNHgNU3vFdUBWeMm+C1W+16kQ4uRF1dHVvbSWtew3eVswefcZakFQbq5HWfn86OqrDs1kwomt1kzSoTVq9VS723UUEufZqkhfHHaHKNnXH0lUFbSPHHJFmWhBMUSWSK4bUfPD1eZmpYW722sbN9Spxpo5cXvtx1+6dt/HZzqt0SkQQqKFWxkM/8MoMzrG4i6fa0DTesrvpUAQ2O17lc449TQRrzs87GOGC5F3GnyN6TnKEVtRRewbV0KWp9YuJZDamm6hCeaQ3mlm9FM2Yb2LtG742jz9qudTMmfRnM/BSSgjkD6vUqXEv5ti7i6UfOGaAvHYOQPZoPFVajlkzi827KEAOq9CSmGKbGwv7UYaW/KzhyryQFsiSMqemwZskUCy03YDS9iLPz/qh2jGPfOwF4Xv2YTZO9NkpGwblKMBrpTFVZPs6XHOLGlZLouUlQEE8pJJPn4QP2XkVhk6mptwrU7+H7dSI+iV7r0Ce6n8mhoAdIr5NpoS4gFvuex8uyxzmkP25nLB33vKRH3AUM53G5OuHj8ybtvly4VcBZ+zICrAOGR2moVLRxP1nDdglog/3VrxYlkDo/V7mgkekbY3ztLuDi0mNxa2qzaqil70uVWaVduVQflYRTlvBa6LtPJklTViA63h4WPsrYPgI8prPleNyheLOnuYUm1q0UbOeVbkcNSH5LVT2g9ZNbEUgbYZloSJ59lM/Xi0xrbCpIS8d2tpbkLiUF+E8xSlEkbLciJ4owHQulZIom2uKlvse+YW4LRaRYjXJyruDKEJipaL5+1cs3QfUSVC9B9RJUL0H1ElQvQfUSVC8ecwuqF9OC6iWoXoLqpasF1UtQvQTVS9c0g+rlH1j1orQsyiVoMyXLtnoVa+P6NCzqvaATCTqRoBMJOpGgEwk6kaATCToRuwWdSNCJBJ2I66OgE+luQSdiRg06kfZpfqE6EX3HtvNu/feC9bmDf+PjJlyX7EeblITtRb7CcDdTA3kBhCwGkYayh7Ji4n7zw05sCYF3dyfwLkTcqT9vNuKOHrpC7Txi7PqD676641F1ikBxHxTvbF3j9lJRARh8t4KeMugpg56yQ0/Zq6DsVbN1KyWEIr2mlCF5sQlf9gyvbUk6grUI4f9lPlIsTv2L5YD27PH8udLXpKUmeFysKFHlia03/HSLqrIpp5K0GUVmN0R5wPwf5WVbrFftaSDcqh0awNRl6lD/VMBZ/6SqtJtX4Sq8+6LthKr2hqQu8x4l4Th58bhL3eFU3/lqak4cMxWSpJ5Ui20xFcaqXh+TqxHnbsuk6Ke87BDG5lwljDNyWvl1umDjo5iDnlyybgUiOKrc8rx+/EGrV/WSRQJxi5/OOqJewqmCmvf0e1RvehesejK0T/dKqQ8M+HqRLiU3eqKKVzs2gBvViNbdM4Y+zUYoi+F/nnxOVR6/x3lSwq/0y9bw4antCjqSyYkzfXGSaZPvSaCgSvpqSMLbcKPBH7xUN0aowhuldK+qQmV5NqaaeK39C/TgHzbwNhxKhuHa8KpQLaDDHJltdCHgjJ4iNqVTtyomKc4TFGemF6699Kg97qm38kte2JVHEAC66FxRnyJojOek85naL6cCx6Hj6VvY4CXRLfTMkZFtSPa13t3xO2bWnPgKkeoYmLp5RNj6KyBTihzGicojZT8TTaPVTedASxwAdxQ+xRtL6k5ynRQcs35Lj6LLi7zka0ezDXvwrz3KvNoxkH1M955i2Tqx2lYPn74cKRvqHj3bmwy+2D00dB0PK+iD+Tsd2OOwTfpYJcV6cGgsB5ISP4mnF20KQAWb40jV4LYMm1SB01Kbo6S80iL31gbxV8mZlQnNmJQ2sWe77DWbWmoUNDuJnaeNxmWd6bHL9FtkeqnDsCRuHnYGo2LrBMxmFgYP28JWCeM67AS7zRRnKT3dJ1hbMVVeaPVvPnZkc1UcAdpM8Q+HLwpquSgBNJ1bbWUdIIu1o+nY9NUBg5bdaN+HcV009hLtWUc/SLhn3wdbvM9PpVDNLuT7POPLu49Gmxf1XKRIq5lGu2fEppT1kRpRD0gaQly70Rlqaf3k5VO3EZUvWGJTeMabUGa0vZrc5i5DsK+48AytuVR7m7Rjes0m4TtmfUZVGupzxROGeJAc82t2M8t0VEyR10tVrJqy3/MJNKMppwcWGphKovKNasRIpet1qZSENF3ssHNwfAt3hI+q9E63O1WtdaXR9LVS994VUgp7e/XFxXoRc1ldSkOqq6AD8LCSKOUuXVHx4/g0X7N8b7avZ4eUYfHKiFSbLthdntp3vcxKUv1nbZZQeHJPvA/M6qimV5cSttqpcEdTQgxc8PQiRz65kTXWJvFY0gTNelilJzpfxzDwKoF/kFXEE7CiRd4OuGXyKcHaeNuCV/VjleTOsDwQFXuAOyUGIeIsNRVqX/FWTPNZMopKtm/AdVqQFC+1vNm3CW7DZJbCqXGUceLSFyslWmgKnq7WPCIp2aYrUxJp3gky3tXXaj0M7+c/vX6DwCaND4ooRHf4Evv9Dxi1sPkOtFyeHfA3DoMV9B0pm9ibAu1BNJ2RKiG38bzohS2xgmx4MDFDke1zhVud4nHMJwlXtKH6yB7n7nmcXUUT3euExtECZcLHC+7PDHe8yMvSkpjm6Ucg4p+AsCHZG0WnazxG0xgrnZiM8oYv6JyEcbw7W8+j/TJJokkG+DzhbTLTKw+kAvBpOkeUYi89lWeai6KAXAMk4FpyMPN0Wh9hv7tjqhUD96ckE56kh/lqfgBLOUO+kznCc/O7qkibl21iWJFMYa+xjoriIX34NXUlp9nqu2861iklPvu54C81zEkG/cdILRP8D4L/QfA/CP4Hwf/gH8j/oLHUqcbgDtkneCy0tuCxEDwWgsdC8FhwjhI8FtSz4LEQPBaCx0LwWPDhuoLHgtWCx0IUPBZUCx4L9hjBYyF4LASPhWoLHgtdswoeCy0teCy0wTl4LASPheCxEDwWgsfCBh4L15WR1d8dwdqtyoUaXAmCK0FwJQiuBMGVILgSdHBawZUguBJ4Tj+4EmwBneBKEFwJgitB9+yCK0GjBVeC4EqgWnAlCK4EwZXghl0JxnCUgYJM03lwM+AW3AwqLbgZBDeDWgtuBl+6m0FwMaAWXAyCi0FwMehgtZsXe+trwRNhx54Ikaov0rM8eYurN3A1U1wDER4xQyn7UjybwaRJOzBDSb1NhMIT1lgV3G5CPHQF1J+P/0jDilF8qD3IxV03lthJIizW29LEG0mAFfEVdri6qgqj3nV8/oyE0GZA0WBKhMLqTAo8jUB2myerzoJ+/jYlw+RrzY5ippD7QJodI+OwEqztJjRNYSSlrA56+tsYhfz5/sYKe8wIzZ6NRemaJANsm0kHA8WDbcQAbEMqeXmZBHpEAmxD9k5LAqgMvC4pARvtlrCyyDIiNytrdX24iD8r/dSD+7/97nfbgs/nUjJtkKmx7faqkDrj1GXdZNrUanAVS8chA3oaoz5qvewD7Q/EXyFbPAU+Jz1rHyjVRBQuxuP7zBDRtBp8zNvP7ycty4Eevh/V5oquOmuibNr1rKvRjQTwIFKoquG16V/UWnzOVftlbdoizdLFevEwOurFnPa73TS3bIptCLoUSjCSKyNGIn5exAtYFgiYuvRgYR+/1SDB1o01L4t8tp6SJHZmBNv65YknlnVXKOWxr4tiwEHWWiRxRpWNeTpKZnWbavFDJTFXLEfJZrIytjeqH+tGiC0RpJ/SbOTaj80iUcdH93uQ0aeK4TJeoQ/hw+i/3p6M/zMe/+39vvxxNP7+l9HD919b/3x/8Id/2ZYoukVTbBuLp06A94iu2PpKjI6jPRxuz/0KzcX9jsxlW1C6pGlsFUBel9hcvTaPv/PCtf23jFGAbGP562v108Ef9t9NnM8Pvj6Elyw8ff92bJB08v7rgz9Yzw62RNl+1wUvYZhfFTan8zkT3M7HnfI0P+6QqbH1+kjALj4lMQR4n27dzSAnCjSFf0yuOg67Y7pd/hiLFitp58KGOe2HsprprstqhiKa9SKaO62eSb80SmZ21cmU4pgXeUHlea0h+EG9auZXPqUyB0WqKMuj3OjlenqB5c5fJlRz9/AlohT2XflHMjtUqpPDH0Aa1NopK3xFRIrlRVyqDWYMeGn90iD011nmUy3VGb9ShlCVSguhKiFU5QsNVfGOTxkYlPIiWV3mxccm/9RKbTJ+G88k3JASEjhUBQ/wZRR6CTfFNlr4SkeWGyCCBy1TWtnJb2lRGs9Gt3O/7QP13TffPGh/z1LYOJnZbi3MMp/52CDeUBZjBnuB2lo5aZcXKdxuL/OZesoah3g+z6dtp0cG7dWsT9NZ8Ufo46NDgO71B/eXLR3cvlsqGlszdcC/UxwRdu1xvojTDi1YZR/4RfZwxGtWvu+Iq+gBgPp46/2XjqKfn74M+9/W/XBnaxFjXs7jLHkiV1m/J17jk7q2XN+K5JW5ylvmLNcUbp+xd0rfwGxD50NJ7UVe+lBYxDF8ld13M8EtRT1Lpp5onWKRbyOUX/oR+zeKdm86jW0JczfWjQlGLT/jfDfFsFfJ2SbxoLUuJOYpX4o3ZZEAW5ZgoD4FgilZeqz14lXn7It8Pms7RMxnGNvv0hKg2LVUkJPmQa/E7XwItl6uoFUMaYUJ4oOIGsbdnJbc4YvSg5ykJSdZbwt25OkZT4L4bYZ7mkyTiqxDxqAknsmPyGIWiTwbMR/tpJpGJkIzCwzxiQL3/vfrH18c/ikXbT+ackv2nKC4lJGWhIVpfE1eB4s4S8+AGZ9IbwDPt/ffd7FFaJUTvS0Z5djZQUQFhW0pm7sj3SPRMZoosDuywEtawir+SLQmFtEE/Zu6rpQ9xFtrmn9HQvXrXrTPgSl7+M89noYWCu1QBDMdNk8W6fk5GmU6hiNyjez/Aemsz6Ist7qgjnGfhN+cNaYHUIS5VWHQMRSwosnn6D7HRkCnAKUD8bcvr+D7z2TnxMCmjB34YHUX8ackKnO06Cfz+ZiFgll0SeGOHeOoLeLgwGVcrJwiuMDBfWi642X8zsufK1E0rtN7a/KdJyS642P8IPGiEjYzGBJGk43AmOXTEuGA7hzlYf4JL8vk8hAZSFTXIjKOedfLQ1INHv6G/rPpwlnDueXqqZPbAwGOXh5uAgF1kfrfXZ1weF2/nJWCDc68YoVIk2ZR20U8Y3IcZ51G3Ws+OwhncnuYXo2FLRnH2WysnVmn7ex9D2DX6VbE5aenj2/zRMHsNzhQOwsBhdUUMQyypl3bkMdsdMIKxU14S5uTbGO/6rxldWhhLKdK5Z1FZQxMjxo5cJqB0wycZuA0A6cZOM3AaQZOcyhgA6dZa0M4zSUGoLXArwI7fsmKPKNUIMuCrj7Lb0hMG8C+IVvRvlt2djkKj5zPI7Qsx2WZTzHecibLarHM8DpO83yexFUPuC2zAwxJCXCjeQDEPFTxR592KWhDEgDTQhKAWgtJADZdcEgC0A7YUGtAt5AIICQCCIkAbrvWgG1Uf4o+8/Ec3UMHOH9YX2nuKDWaIe3H0TLni7iE3UgQw3QfQzjYuk9APOvLHtZ43zllTjMKbw2b1BngKYhz7D3VQiV8s1j6nNgf7LHIYbLpHW3zpTK3aMaTa0fepyvyqbosK3IKHAGLZl/kl0Dz4UjXerSU1lPLPQPIb7nEFLV0tDfhd+MVy8/dblxDsoN6+WtVNsCMzzaBsyIhLf1CZQS1XmighGk1Nb9S6EeL9PyCHKUik7faTVocUUc2mnvdB/YHyEImxcKcCuRgKpvcvTgMQEiJpybMw+WcXtUOleIU3KtrP1q9q6+sqnoQxTd8nrIurLokJUCjYnjaqrvWvt4dO9hFI1onKoM/75IL+o9+tQclASSljkYvJCPAWbwCMRNmCZuyoIgCzDwo8lNLxySQck5YlcsEOSiyPOhpfQIetiiQ7ePxuxbferxk6q86ZATvtQs/ejNLX+Uf4aKS+GQLx9spmRUFjhEayyJZdfiNO+BUN0b2X28tX5g8mZXwfPu99iU4kbr9dO4iXZBOO0LxLXa+IHm3ZbZUuSGxLqtdZgaiAKhNsJQ+rLvEKjGHHyKbrfR6U5F72sjik8n5RIV0jaJX6yyjP94QmSa5fxRxHFeUrKYDkOzLL8EkI+2w7tKXHmDH6L1JgF0FjYdE21mfPbbmR8oPkvMUOcVU2Kggxgs30+QoSz6jnRsoSmmzBSF2L8Tuhdi9ELtHLcTudfQaYvf+CWK3QuzeP/f+h9i9ELsXYvdC7J604FEdPKpNCx7VAofgUe0HieBRHTyqg0d18Ki+Mx7VIXYvcJqB0wycptUCpxk4zcBpBk4TW+A07RY4zVr7J4zdg2f5Mp/nveWSW9GAblFAv3hZrufiOZfoHus+Hm3Y8eLHN08eop9wWmoNNMIoycgvzlr0G+m1jbdMYmKXz9GAcDaPmTecrtJP+APnZZ+paaGhtORq4//eCmY06UuH8OdFen4BTAEWPClSZPXiOTv24Q1P4RjpSnxuy5U4p6A5P0U2Dt9vs0j1lFnDgBlfC5l1rwmgHuHninEEQJD3UtLhqUhLFshuxKL0ewi7/IPxyamgjfb2dht++uGHrd0ToXNazgI9qi/lwaT/HXP5OMUP68gltR/WWl0FOk6Av19nEi+JN4413iIpEHctq1iBZZNy8hkzb2ofFBsHKu5U9VYtSy4HAh2qzgi7iRNuDWXQjuYg+Szn7kJP+iKdqQL2FRyFgZ8zzLi+VTeQfIratdRl6HxxkIM/Ny/TLrYhlZ8qcxZj1jrTCoBZ9DG5EukNgwPQW1JhQ1zTN3C4Zc9oVEoMqZl4jK3gSiB5jnqmnS8SWCJcUFY8lHaERJJzReZ2mHTPUH9dJ8UVEXHs1QTtknGYgrspjI6qWlLkbuftVW01XqKdlcBowvE5sAjATxkAO3vujYXgZtfd6Gp3CL2ec0iJOMNhtRfaDgmXI8SpcSd5cR6jdyC9p2pe/K0PsfapGgVvdYJlWg/0fsIcAIXiFXlt4KOc64wVCQaIslukxQr1npdZjwuKtfiBqMJ7uz2WeLwki3eghf8+q77U/ZStF6cYe3xWo9wYn+iE2VOm90xvMFo+nY8aN5lWs5XCWTA9UkHiZvBXMi0nwYaLAUu6wm2wXiD+WRUQrZkb9IhmeVJWGSx1edXqzrkW+hekPEa7FJ9jWM9KtGptVx1Oax5PP5Ydg4nejSGnfJTT8wzJdfdE+l02sPVXJOzBN4QcbM/JGRD9bQQ+u58IyBpOnxTj/Ltie0Tjqti5nPZvASwLReQilJHV6aoGV92Bs7TAfeHQ7kxxWOi7Ps+vFm1Outz8Ei700NxP3goH5MT/rElLXW/uEH9654ASMPS2zbZJF005DS5eFtspZJp4DrkSKBoRX+FvmXJ0dO8h5Hkx7Ly1j83OepLG5odsrsHSS7gDLTjjoAzCpjoXQ+/1eQIOuaaf15egZN2ab6/ZMBA+QfCjuAm2EVFugrPKfqm1uMU71Vghzr3I56UWnYFljJuzVDfBJSrPAd5nyfRqOk9qH9p6C1dglWl+zL5TTjZtGLskneqb1JKuG8tnGUaxTUbKbtuLPk6lmtqGmSUrrsXgLs8vUdmK2uWqXiaW24JVjKaTD8qFDfWkE+rrQ/9lis2be+2Xy7kN3bZNZfTGrvbv1PWJ6+5xfY8FNm9JWF7fQGDh5r3x3IZuK03uRiVkbjcoJ3O7LmmZ23XJzNw8JWduPvIztzuNlDclV3O7Mema2xAZW8Cxe0mb2wDc8n6125Zs2lCcUC4LnI0u/SsK0KZsuxYWOzk9HwbBkswJqYjIUca85pClxZO0sG4gcqNNuHfQ/QQDxoUbho9wmSMMDT+YYFjiFGPPNaME8zqnEUlgZpaC0r8kyNJ8ThfrRTSnStTuUuDYtB6Co3su4vKCjtF54s4QKF/7EoB+NQy3oejQrZKpcOhwCPLsXJyZVsKB96NCp56myaJ7a2mi/RnH/8ls/pYU+YEHn9GmwKHsb3JzIkKurqJ9yrylcxSsV3k5jYEgHbDhD1mkMlXZXphRQwkC19A7CRVqTfDog56fzoVbv+aFW18Jcmxj5tydb2TuIzlA99gdXObsxBUD1D79sVJ2dNicfQt/h3SxrUsO6WJDutiQLtZ/wSFdbDtgQ7pY3UK62JAuNqSLvUvpYkO+1ZBvNeRbpRbyraYh32rItxryrYZ8q9JCvtUvLd9q1RVB7iH5ccQiqGLarNSgKKGuK6EvcaUn+dlOe4pOCtq5xVZPchbTlq8b4LzbKVrvaCLbFk83KwhJfB/MnvftXFWBzFP5ufJbAzAqTe0pLOyYkXiDLLVDEtOqDkIq2ZBKNqSSDalkqcWsGSJNzZ/iVgG3n9todGI5fZp717Y8wZEF2j9fz8SkkSBishZeawyUzsp81xoNxuGXnfpmUl8iQUQH7jWNwET3vjWfjY1bPNeT2vpVHgiJJRWtYFy7TarNshnl2ucGiJsNW4oO3UR/oTt/swMtZ6UzK58GZu9Ac8InzAI5j0mdbFa1r4xeBbq5Af9eRud5Pjvgy5a8f4gaYZ9Vh9B7pdUNukR3K0qf1lTFJcVaZPdWUfIZPhxhoKuSrlbiUwAwXrt1x4Bj+QrO7B9zmKmt0LLGIQTT/wKkZ8/hBwVH2V5VtFm2W1XbFneqJxbx52fkffIwenD8XddLaaZeOu54ZRmv8JJ8GP3X/tt4/Lej8ffv99+O5a+v1U8Hf9h/N3E+P/j6EF7af3sy/k/57e1Y//3L5P3XB3+wnh38y3XoeyvoOFRlAwB9Sic9avGkcPkhVOLsESkp2B6d6FodD5xzbPbFI0OPdZVzSPzd3mtI/P1PkPg5JP7+597/kPg7JP4Oib9D4m9pIR1jSMdoWkjHKHAI6Rj9IBHSMYZ0jCEdY0jHeGfSMYbE34HTDJxm4DStFjjNwGkGTjNwmtgCp2m3wGnWWkj83b2UkPg7JP7+khJ/c5DKfyTxfHXx6CKZtlj6WyfoTgHe6FUFWmmUHUWztNQZnJCSFSCrOfq0EnbY/VY8DVrTu+lsMh4A8wMaNl6FOxHKsDQocpRllhSTFLet2EToq1Qlin6s4uI8WVmBRz0jPj1jv/aH0Yu8bSTlviTj+PSHR7pMVio7ygEIyB4941pTom1KhCBpqjXqpNJkvy3aXkkRxzNqm4A1FKUqyDDOd4P1ootZxxoxv48JP2dPO9WzvqFIaGbcxdF7BjxFazYC6wMjywcSc9HLDQ9R+0ppmamKOYmVp6M78UtfbJpqi/jzT9kFjdYZ584NuMIfW7RMdht7Z5Ax7+48A/gJhnquC8ovUCQcHy+wI6lXZWjC0wlHLS9X0d5zCwp7JsSeE4yRc17PoHsqF9meyoIXSXfubaowYgC2cV6MGSIPCS0cH2M49WsgGKv1EsMb8nWH8V21YVBs9m5dABRrRjmLOMkVJQdBGtbE3p5hVrl2vzW0MlqrvWASWk0q+QJmBpuJfpqGavQNc1Hk63PMkPiBUn2+FMXi08c632dPD8iCmFCUZKW1LJYb8QI4JZN5k1ODUU7evmxbY8t7taYYpahu299XRbJE+1K5glyiNVXoS2E1rlr0aUDoGYgYBjXschzZzJtYkhlKZxzVcUK6974dtr0Cj4/QMXbtcK5VDW6Qq3wNpL+8oNwFwhLZzPVInxfWTqrMH6yBO/Kh471E0iJ0b6RMyS6pQUv3raYCm956lEvBJjp+zrmcdccs957P+lmcJ5gWRXvMjBirzuCOTmYjBzMqkmrPeMwHIAiy5FLJIDqcRa3dLghDuQjgf1CUOqtASqQalbi71XPMbrE1TdZCz9NPmOJ3vUJKagV2uHPmCPg9U432GVXstp2BxW4DUpv2GF465+eVAfUmDDJ2uz3jjN1u01Bjtxs22tjtBg04drspY47dNjLsVGDlf1i7DT52G35OhxiC7HbLRiG7DYCiT2bfTaA4xIhkt5s1KNltINAchia7bQa5QQYou92oMcpuA6DnZaSy23AYXpfxym531JBltwGb0mngstvwjRhg+LLbjRrB7OYNMe/U6UMMZXbTGoxHjky7dhu2OS3dmzBiUwqoFt5KvI/OmdUzhErRGZMqqBYnrcenyg+VYFbKMLg4VbVa4p5h0E41jefRj6/g9E6SiRzhltlz5RGW3NSUzDycw/RGM2Ebejx+auyBHRAUs57K0nJcSUEDVTONCnasWLfWO5hVuw37VpqoiZR2U/yurcG5iDHfeqJNKucgI7o0wTIQB16TPx7IlQmlfpX8v6gEVHky3FjRL/N717dwpwC1m0cos90GFc1Y+WhYN+nXEWJvt+tbm08ud2yOXJnV1/xQujO/pt28yXRfoCE3jZ+vMMpyl/R4gM2hWo2gzdRQMSaUti2hZxYoZrPkTTc2LhLH2Pupsu49oNkghpfonTFNZsRA4RUc2UaQvhP85HwS7b19MP4WhNsxi6WcpoHuGBsEyiSnQKAzBPch3H58ICnyKOpVEaMHlnVAQ28fCGufmnj/tNYfmX6+benOrTDT2RDevX2LiQr+bcz/efe+K2MBtwERs06Mv41K349sZwaVSfq5o/y3Y8y0+fabFnVptZKerp+tlKRcP1sM1piqwzViqdejVCX1GdxOufKuEUP171D9W1qo/h2qf3/51b9RWOCckZyL0clK+295S7c63xmm/cZiU7WEq8yP4B2+WK442zwaCuktkth0RW653hzDY7IAQLAzLgCmv+Brqvgofl0zmeAkOjEeBIAQRzwVJEBX+iXS+5O7T+KqwtCwVpeYMnjmQBGPA0fQLOJ05ztk9akYjVWOCY/jRb7OWFPBt2u1GLreLpB+UaufRTPsis0TVE3AMTI5bDCQTOGwoxGxqZzcQAYjQVaoAvVvlQ5DTQRNbZ4uUiGrrkHZyfdFy6JNKWPiBT7g0Zyu5jxiNB6L1PRh2w38GRPVwqFYAS7ueB9but5yOy/jlHLskbYBHnyiEVwkiZ3wZjQH5P+8d1m61hstPWy40x6b0V9pzx/63dX1qgnre0svdxbSqzD4yprtW0rPyaO21ctr1q+wUAST8FUdy5UXu3EE7q3RTFoxS2l2jprRlfGckGF1UQP2ooinH8uOwcSMrZR3LNOm5xlyqN0T8Su+5+M0+SkuUmQvffFJv19neKYggOQL5HgGyGzKf26JfI0LxfwkF+UsPkQnrr9pcHDywJkw07Q52nAMeG5BcSzz/Fmm0LNB4shT34HoCdCvRldp2chM3aeAjyL9te1o3OKG/4EVgB98gTdMz2sG/wEuSB+d6CZljKujWBkF2ZGEg9g1FFQiahu+eH33eqNxe4zmAErV9rDmnzbTT+CqAhCremUosMJNtFDSKXqg5+JxdIrqkUX+yZSvz0CwtdyyfExzg5TTft4FtY2w3W4Uoux8ZkSGrwtHmMZvsASV+tVcseqikCAB6yaiShdWuvO66sg+eQr9vKYwUNXUnP1fEnYkwipKWPZrmaL+JEMMKz8dT9ADreLoJgSLXNNoF0e6ZJi51cesekGbVD9BwnYRF2gtn5ms8MQktk2GXQKmOhU4UJ3Zeqo8SrleNBdBS+PGlPorM2Njy6QukbnMSy7eq5yuspxH6OVLTMOUHbbrwcX6lCq8WfbmMj0vD+sTPjyd56eHs6Pk6EF8/M19+GM6m337zffH337/IPn+m+MkOZ59d/rt7Pvj2Wn83eHy4/nhtJgdUs7iX8gNaXKe/+bZ8dF342fHxz7GpIoNXOmzxpIGeUxLLnujFbD5m5p6CgPzS3TEbtaCNCyVb3W6vWvyz+w7YH09LyBmAWN/gjqMbUKk7X4iuPOR8SX/cP5d0ThxiVUBkDlx/gugeVSNcCUG8a4zWeXdz9ICOfpM4r+UYWCma4F3h891XMwXZG2LztbZlK7/Hd3AftVte+6/Hv7fb5d8hYIqz9nRmeZESUtOXAy53Wv7SuVC6+hEXW10SyUmpK+F/2wHrpND97397wpHvntO3IcD9+e8h3BTN8Jp3yEO24t/7eOot+KkvWbQyzkP2eMNOOVb5JA34IzvAkd8NzjhHXLAd5/z3Zrj7eN0ndygm7P15Pi6OdmhHKxjrsM41k/eaY1Qq99SdE2Rge4kK71EEF2MobdtmCjpopkNxph40CeSnBrE5kzFd/EV/pb19B3de6SSGZAW5LHhhj0Vx80POdJT+RS38NmOkyT3qHMx9F6fonXItfS8vgSVUadWQcRs2DIuAMep+h1noqRa9meV/VJrcSeRUY0jtbgX+bzUCXqQHDdnqewulxjVBfA+S6ZX03lS+9BmQQ2FdE3GVwvryMZj2lCF2lQ5btVD8hrLZ9ZW89w6l0/bXvSrWBj+7IbD3hgobMrYBnd5fm7Bw0d9gG3B8R+mkw8qUT7lHKC+PvipiLyVoZXC0bveu0rnag9r1aitwOWymRTGQyf9HJlz3qGY/L+k0x+qJbEtf7C8QlM8gxO9IToknxK3oWC9jtxKssitMyw1TuUuTTw+GZe4baK2v/nsS9x2nYNJ93rDmZi43W4+Jr32m83KxO3GcjNx883QxM0/TxM3j2xN3IbkbKp+4Z3LYJPTfCtZnLhtmsuJ2xYZnbgNzevEbRMY31COJ243lOlJBts63xO3a836xO0Gcz/pAW8kA5Qa7cbyQDUH3CIbFLfNckJxu+7MUNwGkeLBWaK4bUJbrjFjFLcd5Y3idtPZo7jdZg4pbrvMJMVtiDxAMxiQVYrb7nJLcRvIzAzKM9UyY8/zg+2mc05xuxuZp7jdlfxT3G4xCxW3W8pFxe02MlJx2zovlUBv6EH3y1HFbdMzvmm+Km53KGsVt8Ew9vUxxbYpjDfNZsXt9nJacdsIpJ75rbhtA9eNc11xu7WMV9wGw3Zw9itum0L4JjJhcfsC8mFxG7xlXrmxuG26TRvmyeJ2a9myuA2Ep7dDLbdN82dxG5xFi9sm23gDGbW43VBeLW43kl2Lm1eoFLfNjtmN5tvidmNZt2S4m8i9xW2omD4kDxe3gRmruA0m7oMyc20+hmeWLm43s3LfYApuntm71MtDjolXJi9uAy8P35gMbENye3G7ZqvUNeb54naD2b643UDOL267zvwlve4m/xe3jbOAcRtw2r3PTH9eMG6D3VU8c4Q1/dlUojC9WV2uX/34d/M5uLgNuSe983HJ6xukTeJ2A+b3m83Txe0Gs3Vxu66cXdyuK3MXt0FXqU8WL253GilvKrsXtxvL8cVtSKYvAcfu831xG4Bb/rdTmr1Ce/9rTlS160vqeZqRl4rhuCQjFklTrCojMyswIspRTtlK+eD3DnEqHgv9m2N7DRxF+2oc7QxnpDbt24AMYJmjZap057LkRjo/mEsf5+OXf4abvxuYj85+6AYq4xVe0Oss/SvmJ5qhAhHE78Lhn/rGyxsf2xs78RERCLqwOCqqMWRpOaG3+OrfK0n73TvofjIBrnmqPXxwmaMoWU0PJtFTIBJxmRgzIXo20ohkIBRHTGGhlRvWnCTL/qwF2qmEVUcXcXlBJPGctE8785YelNiP22DMuN0kf9xuM9Uft6EJ/7gN20iv5H/cNtrFW0kEyO1W0gFyu8akgNwGbfKgBIHcNtnru5AsUKBzN1IGymR8t6o/fSC3oXvTnUqwEusGnCKQVfE7WkksWz+qd+YXbCoHvLMLRioAQmZz3K/uac86iO5RSrbEa351Fe2jA5COJIrXq7ycxoB6B8xhoRKBw5xViAgH4uECeiehUhoQMPpAdz2MGuAZyjy9AQNDkehNNYZODaMC5OE/iGboGJB8TkvaOCtGzMPniPwhs90mmLMUlDfg9GrikCiEUUEot7w2ASob6R4Zv5H1sbtCQIjCRjQZ+XS6LpAPSYVBMiGlJg4SiGsMWyjn83Xip90Yaj4C7vVp9sM8Pb/wNtR4B7BgGx7EYn81yBa0qY+ABQJjMWYOdoE3CVz4Z/zUwiK9lxfxcom+8JIWA6UFvHo83ZuxvbKdhVEfz12WKpzSYIDRpJKGnP02cFqfUvQ9QVfo1DMZHbZ8PksKG8Gi/XW5hhv8KhLrrcJRnSxKo/IBCi8U/yFiEJEWXsiQxXMeDxC4zpMM+p5H+8h8I/InzIPYMD8YtRkayGgwv4yvfB0r8JSkeQFMC8ZVyBLpeolm+WVmH1gyyKgRc//QQ2zPLbwSToWCCtAj9iz9DEOrKxV9DmDMKSwZ7jB/B5Un7ID7kLWhdKdJbDsMcv/oX0d1/LGT+ZLgVWpzC7w+xPOTiRQ5FGvOZQBsTBDlqG6uI56NEQqZSWNPOgW2VMIK1Ih+9iVs+CkzCvF0lX6yoXKvtJgHX+BvHUw2UFGMuwad/7ScXWNoyCseJFrTKBKdzCkYykn0UmgC0ajUD1Ua3OVruW/foBPI79WIvKzruN8YzV/mgC5e0Zn8zWYXiT2WVoQgyi35J1JtSaKIJtsN+C5Krith9Y16hM430iakUgAvfxLxM4UIWPqmvVfAo+SLUbT3IrlMytUe/PUjXATwl3enf+EwYiNNYGZutDiOVPYwkuEe2/AAUm4RIlH0eY6YAKH0Zzh4gd6vMxi8X2dYDXFPGcLFAC/yel34uUlg+0fjxd5Yca0tPhq2JQlTbs3Wc9TVn+afSIU44KTyzdUcYtDJWmt9FPxvfFrm8/VKC8r7yeeH0bcH9dt9yCWrpmnuQOzz+OhfD/ynSd4gOEvJPHaELjDkYmJMHKhm8e/xpLZQ6n8+pXxLM9aXWcvF2xovbr5X/EepaFV3xBI9UCwRSrE2W6QwClhA/5if9TJKF8LxihcNO/xUb9ES47hLCcPSKixStXkPZfA0n3OsIa5Ao8Usp91NPk8x8cLxA2LlFPYMkIPkCEQ/ki/S3EI8Chci78mPEmjZBKH3QBrUCEJx2hoBkS+VQIwwIlVkCwko1lk2JGguttSBlsQtm5MaBrgGtsEUYQccoSST0Acz3AK9t8DaImON7b0JYr7xMduEmG9OepF53P7SIN5k4HVRsbnvmpAjkdqakJPQD73+tp0A+FB577H4NhASWyHisUq8MNrhqjR1PctFTwNIIUIEUt/mZWgI8QBdgH2ptZ1Yy5uCNEac7cF/KR10m71PO7btrkryvi7rmxBPCq0gWGgHzuhENt6SAStSN7ETP2YsrPkBzTbUwU4MFuJ95blxtWuvL9RKvLdtt76+HtWguG1QE6p3SS1KBd/yUNyGaFc8S0W1rHZXBaO4DSobxe3aI6LuStr6aru+clLchocuDS8tpb7bjLG84TJT3O5QKvxq24CjH5IUYEflpzaeq3cpqpbJDsKpLcpScbsDxam4bVGiyl7J3ShUxe1uJOmvtmsoWsXt7ifwr7adFbDiNjTy0qOYlXrVp6QVt2sMpdy8yBU37xVvUvDKXk7v6n12aswpwJ1v9KxnQJV09w5sAvee2Q2HsUi2L/HEDqsZQJ+0VwtY8qOsR8C4lToBOO3hFQJwRTsoEaC6cdYIeEkv/RNWB8CFd9YFaNuBUBhAWiV3/873rdq72kB16KslAspKYkratDtcJ8BTaB+s1Om/eu9I/DYeuRCPfddCX0M8dojHvnNIGeKxq+AI8di6bROPTSxCCMqm9iUFZdty1I2EY+OAIRCb2z9IIDZuae9EOoKxSUoOAdkhILtv6BCQHQKy9WTubkB2VyT20ktC7wvFVtQyBGHrdj2M2V3w1aHNDl46bS146QQvneClE7x0uicbvHSCl07w0gleOvrV4KUTvHRu10vHuZZueHZBcaxqKDaedA7U8aCtSkTlMpXL5DWXurDTF+SnYuSjooJW6ckq0etmLKeOIjGVOVhlT9QEVJIbsfiYOVgeBE3i2yk7VJesi4Oo0ah0HQ6lFZKxXWdTm2xb917njQEJmqbZdin0sd+ABqs3RQx3ntLmduGuLyv0jKqVsOaoUodFj6JiB9HfRkqdYPYVvky7bzbbYec0MaFxlGtlTnZgM9r0AosezCas/oj1tUqXCOk/MmBDVJgXTRc77KYH8BbuCLPp0jvJXVMsx+Ri7pQ2AZk2Uhx2vNfLzS6Ssoy7kzX4btBJdLFexBnZqEh+kX5R7U1GUozfTFZxCoxVfKpUQWb7enaIIcTuBRGq+ztV6L0LhhmW3UnafNeLakXuSSuONJ7cK+kEWKtDAeoRkOj5o7h08OvYaamKsiFi4IKnFzn65KnKTnlBKFevE27si9H5OoaBVxhG7yyru2vAlgnQ+XTVmaLGF7SqH1VmuWS1Hhev5jsGAaSp2yveBuS8R1HJ7kZoCC8RVjp8ExUjVhBs5+h08IGASHUJTbrT1ZpHxCfxdIVnNC9QFHKZc3BHX6v1MKyf//T6jRK9demSiK+s3/8Qz7sRpH8HnFWUKvAXElkv1TVS/opvCiwGRdMZRT8xm7zxvFzhor5YocJCDTW2zxRVrMWjmE+koi9JIx5n7jnq9Se61wmLXcakqmsI4o4XID/p+7OkAr/RiTLogyi5Xmlx0vgsGYagcxJGa3e2nkf7ZZJEEzJ08TaZ6WH6OLIXn6ZzRCkyemKOKzgcdB2li2VeAPZ2uiL2bJaLXR63XOytr3VWg+qs5uRkObvZZpEuX87jLCGHkx7erBW/Gp3AN0Bi0WHaVFaGF6IlvkEbvBDHEBXVTVo84JiIYiGr2w5cyi84TTB1G8I5Kdu9y9iCWKXwqi6xrcbFG4LmRuSIDCLa3YHcoVC5S7nKKhNrG9L4SyhFpB45Q/IlMeszsYvb3dk17YE1eokB7YTKbsRH5TSVtSfuvM512kWtNeibE2fMOM1zGLTOZvX5KPs6v/kQqIqbMLpdK3vba6MIsnet5sPcflafSmLK0vYuI02XuaJ0gs+6V3SsTV5IW/Ilr3SOIQiYGoQo2SasfbziAq3dmvdhToUe2tbKBpjxORTkrEjIdLcg31SUdcwLjnQ+aXZWxNrFVXEawC5Qpss1XyhCC92U1CHy24TF6/qzP7DTuKbqTFY2uXtxmMwuJfGBMA+Xc3pVI2N9KSZcR6t39ZVVNd3546icp1zYubok5XOJNd+nrXlCtN64Ywe7aETrRGXw510iUP/Rr/aghB3ln7oiSw/jabzi+wE2ZYG3QJ5N07mIii0dExUcEVVXOnqdeFVPC+6RpCiQy+XxW41FPkahDWw/itAjr+KjB2ZqNIYeWAWM281Oq0hy8hI4zcP7R/e/Ofr++LsxcDGwn8mYGYlxmo0fAdkca85rsmAPLLJbiVjZtfOttEX27VWHLOi98SJ73My+r/KPICnwNW0f8HYyfl7EiwVcqlPyIyhgq9lpJSCJL5JUSYwPf9nyheIEKmxN9b32/XOSs3a6rJScf6I81O256Kv+EY0PdLQVYvNKMlqzpC3vtsxWQgNdIYGW98t333Qsqt3fZXkBGLTJEaUP7SrOtjzPD1GeVJ5BUxHw2y7EJ+je+zIhy+coesXp+0bRG7qgSbk1Ih4QTkKymg5Csk/Hp4Ca93sWKG9F50W+XpacfupCzHZCdHRZ1BlaIAnvZ1ReumU9KDprZ2VRBeiIqp+P/0hjfeqy8rt5RJeivLGuToHf0qLXdtDSbZcV5fY9S9HepbnG9mfUZdRqebOsb4nyT5sneYS6ds2fPWWRD9OvVx9YnfyFYkdL6xfxmCqpw475qXd+Wr7JH9Nt8Aqo7CqBQTLgYWDKwFifws+vOQfaT0v952PSQ78yhRtGnMCY/nqJeolOI++JZtvnV1gFXPnav5Irq1KHvIprqeXhrqQccq4jb9cp++1W/H4OxfWFnqgAY7d3v9OTqsMiggSJeE6lecbrABVcMWpZlTzdrZWxsUkLxii/vZI7pguYPv5J/kaSxgp7fEaaPRuqfk1mFGybmVIG2lK2sZlg87WbYPPyBOqxn2AbsnfabILM43WZVLBxhW3W+6N+HVX/slbXh4v4syo//+D+b7/73bbg82FZTBsCyRbepnaTTHQ0qcXm2J7pitrFnLTzNC4p328faH8gZTQqaKZApUF4bx0o1dfV/Co6vs/aY5pWQ+n79vP7STur9v2oNlesFb8mytabbZAufPToQlIoYdotJC/Ra/E5V+38nWkLDt17GB31Yk6f+7PbkIdtCLoUyookV0Zck6FMZJp1/FaDrIBurHnJPmAcW6qtgHU2BU8sG/rRJAY7Z2XFBPFMohpKEz5HdNLtMkbCppgXawFlGxkWsRmFsrkRYste009pGgZK8ZVzGimxWSTqGGRFNzLqNx2vLTHErAAU+q+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/84V+2JYpuOx62jW15ToD32Pmw9aU9HUd7OJyrDge8QnNxvyNz2RaUfZlqK4C8Lhtj9do8/s4L1/bfMkYBso3lr6/VTwd/2H83cT4/+PoQXrLw9P3bsUHSyfuvD/5gPTvYEmX7nOw8LYf8qrA5nc+Z4HY+7jQ+8uMOAyS2XoU+VlkjMSTqiODpc/Ab6tznmO4wp75+U0S3IaKmc6jI38x3agG8A7C2eOwjo/eLTzqK/lVv4FzVfFT/rhqlaELT9IuOg9FuUGFdKHJ34tgXnejkAxVXHUfPJkkAyTyiEQCOQqsSqiwf+i13kx+/yDMfpkvykw8Eeu2rLpD3FyHwBPgNAIKs/wPBUPmmCwjsViALdd0TO8c5HrmGb6/UdG4e1/pDYv3Z+3oYbB3q2yKW8tnQ4wB/k8Pn8OGMmHbpsFyx4gxlB+1Dwdpa/pEzGDgiMXYH37WoFwdicf2zZmTxejle5eMe8fP6aKcZvo7MSqF6G/jcw1twlkEfjbm8uYNbWbTT/0AXsuRqDDdx9cVruIn7IP3lX8G8QqdINxDLuGMXUP8p796NUSlcukMv3Wugj1/gbTss6qzxI6vhrVhRTFiJFiDrl/Wp9kJROyw6vejvv341Ho+/Mk4yD6shwpOPv6N8fp+Ov/qYZjDOI4pYVhbHxzplwFd2StdGNlIr7vY8ySaoKzhdp1gsnTpXQ386mhx/N0Hlp501UuHD57FMRrmjPIwsF52vJEg/0pPnYsvlRJK3Tur9fIVqbRyCmJeHUed73LOajWRyVP8e1yYRRQyoJ2oaj2ga9AQVI39ue/oslQK4y/m6iOfNRfBGXuTF6oWZyhhf4ydAONbzuGh8CE8pleRDK7WIgJs6GVccZMk16xFmHsr0EJWT/0ZqPrLFB0adSmJjCX5pW3QU/XeZZy9j1DYa05P6CnsEZFwoNRHv4YlWuDHCa0rCjz8dx/PlRcxaco5uV4gNa81OXj79+cHrys81ClabZ4t/NP6z/lbFzNDOhFoHqXKY3RcUTpi/qkSJykaZCH5l9NeWQxNTqZxV69TsNdKHQlvCASvgnyty/TvH7KSq71LZ3MTVilABHeDJbEIugLWe0QhSJJSnfZ1Z/bG9pj6PWsJQcb1T5GWaLxZrICRXHKGPHtN5UR7OMMXNYZmej+MCCPkqIfeXQwDymBaScdqrxew3msC1kNCGrpgO6IDtwSMrjsKc/pVNSXoXlO3t1ZPXb+wUxKnKmm6Zerv2B6EJ4EmUnUw5FifZbJmnmRiB5ymJRuvTRboqddQGbF2920c6mYOEStRfeOoIAbzmvSLT4Rg3wWu32nOFd8VkC0nv2NraibZjI1Sxw4qtuZ2ecXMEZ9M28Sd94dnWq5UEkxiQwoCeEjej3OH0jFo4DeIFWljUHg+5+I/rbNZVGrc6W3mVD8PLJ88BPTnFyKOT6JQfcTIRccnq4jslJkjleamuTNaBvoD0RzTFyVOMZQezphi106sOhrPHaCSR8Nt4CKpgeoKM8jVLFFH9szaO6Bcbl0zn9nHjDDNPPsdT9NAQW+qHdTH/gKLDB+n2A+dTOtWRu3jyO3p8etY6AXKWY59SQjtgy3X4jnhCXeVrdaFgNIcefFN1jTu7UjObUksRDZlCNzPvYTckLm8ZdyFC61zofXtC/MMOZ7VEzmkHki/2I/n0VQBW9NOrZ/w7OdOfRXJLGU8s5YSFRZAXqaTrcQT7AAeEnVJOglgPie5KqfEJpuMPHAeMdpZ+VmfkIs8/jrWnCX66HdiAV94J2KAftb/0t5TaUOcYPbTulZSnV/EBvkcam51Z95tvHrhefYmj2/4rRD55Uqqo9vH4u2+/ffDtiBUPZfopcdTC3pV867a3O9LBjM2J2URNDcRvG5INn0fnACFxRs1NDH/bJiJIIwpzjIsZHRwEX0fX+x+Iq06Ac0LEeIh7dIgo/aFzO3ZP39+onGmJ/miP+Lk95ycfcMYfFKIhF0nXGQf9KKxXF0RaqTvz73i0O7rG18wqJKCHc6F1TudEUxBFsUY7olQ7pVJds+dU4BKeRFH4lAmCVH1xCZ/HaxiZkrXv4YOHy7gsL/Ni9v/bE//jrtlzfvZJ9EMRny/Ig3R/7zeTyWTvgOBDxUXsMl77e3+Qp84SJSrve5J2+1c7Sa/jwOqT/lqqVmwSRNPoBPMNUFIO7TEIfLOyQuFecdY7JR2z02xLx+hXa/kcmouc2bR4pTpYcJJSuQJ4Em2Asuk6yXHk0fwM1Vpq7iPhlVWXOO3OKi9uJoq6ePIZD4VW7TRbrY5d9ZNqLTvSv+kFKgq/aJNgVeMcNOY9jmF58bhLle0fQuFM9NM9UxHZ1ROu0aIcallLMeL6WkxViDFCb2Z5uXPQIplLdGVC1YhMIZhtIjCgJ2/XQKoJpoIocP34g/YV10vmqlfuLOVN3UHlqZfXvEBtZ77yahcsD3nap3slwx7x9SJdqiuJMNa9Adx+JoZJdc8Y+jQb4d2L/3nyOaViC7Cdj/OkhF/pl63hw1PbFXTEH5o5eXLuswoTCRSUbKchCW8/zfDi4aW6McJ2usbuFfeQ5dmY/Z3b+hfowT9s4G04lAxDPtf8hNWe8xjzkkqeE9LHoTo+nTpHoSJtnF7atZce2bE9s/H65bbs8pmMMUd214r6fVvhnHQ+U/vVxaP1uZwO9yjtWRLdQs8cJcKG5O/o3R2/Y2bNia8QyeXxd7wpCFt/BWRKixItlGh5AUbTfiY8sdVN50BLHAB3FD7FG4uC2yIg33R/UU3Z6i09kpqoSO91UPwe/Gtv5AgetI/p3tNsj++7xuHTlyMlAtujZ3uTwRf7ZuZObBX0QV9kB/YA2UfWeotUOk506UcVNQGttjWFCQk7JCcB8vSs7UT+DnnTjvxD+LhcL1FUhPdfsTHyibHEtnzFMuNrNRHJ2yXVBGZJpnQV7qzWnVvSTmvGFaW1l1K+L1FqXS3PESRpNUZ+F4r5jbOmVmfSlji1NqOQQDUkUA0JVFtaSKAaEqiGBKp+OxASqIYEqv9MCVThxpzNWwMPKmilXqs4S6mTrfmw/1Bvaaa6ZaJU4cR8synXVh/Uqq/EviV8UxLvJrNv3U9SVlN21XSK/ny68DypsovkHFG3UJVZvAyNfcydpI57mQPKbU3rK51V/FnkScnpeeZzrRhvgk5zbwwpXqwIHd0H31a4Y/IrNBLhzQp0eWNC5/JL6PRKkHq+tnNCfY1bMDvk8fUfgA1e87Le7/AstBGsE7ZspyAepbldiHlbKb67fCYd6zKfKKiTDy9r4uVBTzolbAiXrbW7F47NaEycznGL+8rF9jPp1wwaqHW+4kCDfuUgV1rtqbLuzSBUeqtg70oVZFaOyEg2xTfSSVv8qMfxkRIEHbTDx3eiz3PCfTl3eE2M7UO9u6t3WDaAjtn5ZgEIoQ2bhTaky3g2Q1UwSE3pAj5YxovesIb2lzaKaXj68oTHf4Tj0wMT0lB92IhoqM2dt0+HLVSffqWjFl4oQzwyb1sELrywaO2SCsSSwjUn51q0o/HopHMSPLKiFhCiE/zsVXI2sTCfd4UKzr4wvzZodW0u5E6+m7ngtjTn8mfza99c+gI6cFOrG34XwzmqqNcRzVFFsRDMUWkhmCMEc3xpwRzVU++M5YATVX27CqVuKUUIbY9CQt7qcP4nGk84wHIUTUZR+RYOzgjAUq9+qDcYbNOf6O5v5Uv9GHCgYtRHVb5StFSfCw5Z1kvujFp+elbpkZhr5cDKKjD9Tz6hyhFEOZgiFqMKnebRNcoP5Ot3FUnJ2ou0mI1RmXLF6QpHlTko7nsDN8c2qtMKXkVsSGoRjWcn7DaZR7eGosn+1MTOHc7DVYXTYlHsn1vlhx05B3TZreWYepGePpN1jfhULNaV6p5rUfttRn+ESvSTIPNiBxVSXCVnZwcWQYhLy27rbJ3T5lTd08XmQkkSsh9Ge+3JFv0ok83Kyyo7pfRq8Yjk7AwzlsPVdqVxhLX8szXB6TSefryMixmXkAJ+TNTyaZeqXzlMs6uH8o2TBLWlZvHo6FMIn85tzFwHVeaIW2sucPeLHMggxr/FKdmWirw7TWnLTW9ODF72VLoC86cny1V5iG4in9Lk8hDzMMCpHuMEx+KAfEjS4eFv6D/DCcLOvHw28dgo14tFXKRl4vAfaZFk7RZ8NUwLvhq1Fnw1Nl1w8NW4JsAGX402GAdfjeCrEXw19KNd+mpsa8E5Q+zmn9wmnKDp/8fS9GPhsKDoD4r+oOgPin7d7oCiXwzeL1qVV7WUTfrNNk8eJe7biHSazPPsvD3upysep5VNCOaIYI4I5oi+eQRzRDBH6BbMEcEcEcwRwRwRzBHBHFFrwRxxTYAN5og2GAdzRDBHBHOEfnSXzBH/9AElyS0Gk9BvLXEk3SEkSWf4yFc7jxw5qSjG6uaZqtpMbCCV3/rsMk17lSUdp7dlpxo8hxuzTzXncdeCUPrMUsEiVWnBIhUsUl+sRcrbGDVQw+qnXlUjG/vNIGsS6VP7dbnqtQ5NLlvZCdsMCbyM25g+0fEiSQxq3KDGbWk3o8Y9Byy8jFvUExVckbe0oSpZ4Zr0z4Is6meLZWpZmZDi2zH2SmJo+4C2TNEywnTMNZh5W1sw83bM45/LzBtJpYi+88rlJFRFGf6X0JKeS7wtk0iXcbmNFI31VV77uc0SPZa57VTP0uH2uZGjZxDM/1kE8x35jAa5PMjlQS6//r0KcnmQy6Mglwe5nFqQy4NcXm9BLg9yeeXnIJffrlze7v9wYx4PQLxgDzOYCvk4pBlOeTyNx0jvsOw4MJnlVblKFof8N95lcIfhh9zDDfpMiB/ZLFnO8yuuiNjpNcHimBEXpV7Z1cPoL8mpzrV7yX8rVGkvH99So5znQxCRLsbyVu0lLmptw9F6gepLR4ciOao56Im/SpBt+NlyoGAs/HRs/akkdPES2Y2DyHMG9GMNaHpmHEUazxsOI82t4l24yIvVCzOhcbRgomQcShpffrVzx5LG9JUnXrnGqKwyej2N5zChn5aH8tfj/DI7fMWVdw8xx3kyOxSHvBYlEPuLLS/isqaDsn7p1f3AQZ2r4tL5GVUAXGF93YzYEe1SuYqL82TFqdqJoWnfu7YJYlG/dBpXNXWvqj82yWzPPNH3+GpH04OeXrXPEZ5sOkFvQM7qU4yYbbyIPyUV6RZrDaNuh1inzuWItqB1QT/xs02XtM5i5f+4E8hb/bVP1zzvnPIM9TJIb+xbr+Lv84AP/gZ6xQqz3DzM7crGJkViraPV1WNrzm8seZKrUhfJIsdYrjRT/rks7HxGJdQ8iUtbNRd0mEGHGXSYX5gOs0FKSJdpn7mGQrPxyRcY9Q5X4bMkO8cb4Ljx0CFvwnd0E3eWnejXcDwHKWWxXlh3WSlVJ5BsS5Q80NjL+ZXWxAghF5rV0inRaphXm0LBrjZxFO2rvhSNt2N49JUK1K/MMeikjNK2+htEcmG8g8Yzd6mKbhEWRYN12SbHV3XuHNaVlJEuQD6rXIPcS5fwfAoybhLXI+MAZc9RTn4MSwLWN9lid9/QtfuZdpgC8dKssr+xPV3YkEX8MdHjw3acEaXpALm1VawVPiO2nIvmWv0aAZV3Gf+dZqSHbukYRp9SXiDqLLK5BYo5skJfWM8cvazB68nnaQJcRhtiSqyaQrZyXZxRUW3Rrc3q8siEyszy5mqw4NdtCiim50Dw0wUdE6nUrYMg43bcqJyI746OWlQtm2OxkjA2QZ4XmiQooqtY2+qcj9uOOXFvdCfT9YjkMY9mIKSimJmWFwCq1WWSWCFtf0uKnLa4ohLdLTA+pVQRJ0Xlz9WzFG7pTU+VoZc5RrMxYF4nDJECQzwzlfHqMkLsR4vLzQIq6tulzSFZArs9BRhuAj0qC657IDJk8OrJZ155BaJc9lvLVe1WJO7QkrbUIac0EPQdGcVa5cs24D1dseqdypDbAowWNynCFXVpQ80S9crmHnrr+ieMMqgQQhycV2FqVyzvNhgOq2zeGYffmKozPrp7psLBqydEc3VVdhZaQMzBSuNcwh1FKlXbHV/uHBRkQ7miuXY8FUprFYJU86ncBj11P6xBBEcVxpHXjz9ojkEvOV7CCe8wQqrWxj5aT/tiULEpqHlP37Ghdn+WFMX7dK9k2CO+XqRLoocc8HvWswHcfo7n6Ux3zxj6NBvhnYz/IVrBXMHjPCnhV/pla/jw1HYFHQmiTSl+m6I3icm2BNVSMikkBpJoFs0wmpeX6saICytSF7tXBkPUsylDfbN/gR78wwbehkPJMHSX8RPWgsyJuxJGKFYmgIaRqtoWSXGeoGp+euHaSydBkvn6bLe7MpxpXQXeWs1uqvUXJoRz0vlM7VfHC04joc/CBi+JbqFnlv2o3mwrQB8N7d0dv2NmzYmvkEW8xCP2d7wpCFt/BWRKCzhmJ2TlAIHSfia8v9VN50BkLccdhU9FYkI3lznfXzBm/ZYeCe+C9F475+zBv/bI1N8xkH1M955me3zfNQ6fvhwpf8IePdubDL7YPYLOd2CH1ta/DfntimjGXSH4MccAMdxEaoBHFvZRM4soI7YJa8klMYVDOTfk5MkuhUq7bbxKXnFHov7DvTxLz7H6cbwARH3J9yjvbHrW0UdTWyaQeYNa89+rMXiy7Zvfz+ks4s+v10V3ahy0aV/92OIRpNrYKUk03+sh1/53r638MOKaMc8Qg8kpJ1DHPlujviE+zdm45L7+SRxuduq6r34mpbQMiLzAaZnP1ystSu4nnx9G3x5EXAY7KaZoPzhHLaPHVPSqqJfjo389cE2F7mmciegsjrBg9PP4s2VWQtpz5OrjpDZ96nGOlbuVs5a9CBC5inydzRjlXf32ahZUe8IZTh6qbFUsRiN7CV8+OPrXkViHLi1Z0uw3EPB29x5u6Bhl0uSYhFhF9diWq7hYAZUns7Vm6FdoHXR0XtUdkCQPs9RbOMtpXxJSY0XHsBRLB+Po1kjRP6K3XT630IJMpqeoRvgIYjF6mjUB4+hagwwBc7Yu0KtsFCVZqVRcuPKaTVSPXbDV3tE9fI3OaiuJtlBaMwEyXuoghqN/aA0YHueuckcBCRrnxZgpjGUVbYOlfRj+oWmfbbtuAP96CNoAZPYjaJsTo5kjoxMDsp1U0p3YSyQrxo7tiVlV1ehNzHCN2M9v2w+PD6Vz9M40UIhOhZAh40l2mdFWM9f05iwXJ3TYwJLdgpAeNcm8IU0uqa9CrttOiWWAWqEmlwiUSz3TRbvQN2HVBf4d064eobA7CZkfcVG+u5buNHrE2eHmV6JrhT/K9RIzcJGhVrj1ztCCvQqfutcFDzlLCFIPxnZTp32l2+2RU7THEf96KurFKoHVNs3Ncoe3G9Zbp9O5Xa8xhV9czGSx90rd64DYil06F6jhN5RGGv6zrS8NUEJg2/Hda81R1H7rDDpfE0xmpAtgBxVUKKAlCn4UU6blnIIsD+WjdJFeIKVAC9EpmXyBVnk+p7uGeiXOskhgWbA7ViY+jQHIJVwRlYYJO4b56zoprpgOQo8mTSxpeym7Nt0ai3yWnlGuWAmtcV14NTRrj+DB/JXj83U6A1QyQO3stVcfFkXnSYa6laTd60M1/722+5PNzpeSOJh91UeooxCbU8Ju6HCVwR6pT2Hb4UT9tZMVxUbuJj++ePZ/oqc/UD80HmuULuJSmBPYA3Hf7ow+wfZUvNS0QgonODJuLYAy6yJjq77l1aSoGWwyh6K579bMdLiMy5L9AlKx5HBn8bzM2edjcYqOgeoUMDjgDjkD+LmZs0SvWMWZxUyJSxz4ExoQ2AevAOm+jOShgZ5L343ILilh4fRm5Jao9nFO7jrKA4hnqpW92pNCq+xckiYvNs8s/Kj4RPZun4kXUmpChVozhj9pxcqRNUCXD4NqL358I2gA2/HN0fcgoKRAw4CXG0WpoEKSUmyRvHb/6Dh6JP5BwPB/e3TEu8lpaR1DsYMdRsdjOmQrT7LGA1rDlIiOMOFnyL0rxS37VgBnuFohGuuUtYS1LuLJdAwJ5FW0r04t8C7xGXtzJcplhn189ICv8IvxCb11ASBJigPnhp2QWW+mlHk6BKnXfK/aNV/JcHoWy3yVZNMr1zIavrk2+QEmPZvqxMDw8DwnTjiv+e3GFXfd7kV7XMlzhxkC2y1zAc/ZCiGGPrj0S8vwXBXASyYZeXEeo4suvacCRf7moh37FJbBtzIZkQ/01QvjX4nrgrIvlxwdQA5BnMhdO2a5hBrunUJrdnqjz122Fq/LvDvkD5v/VhGBUaZMITpIvBhfVcjLJHpqQiWZ4+HcHhQyKO7NQH/mKyAs521GB9XKfGECR9m1mP2EYnXXkkmDnIdtem58yeMlssoFyuzt8YOmxUAOAA9gz4G2TTTxgY+xMgNSpAyO/owj4E1yE0MUBB/JQCGZUJwKaRX35sKVXvdnuw1FLPh/IG5AnYpSorq/IKpmQtZ2hNjUWcWFmn8RBE9AYm07AJPoRAXwm146RXhsVbsoDrQnaRD2TBechMA8EK8YoIR5hihaC51wocWLnJUyQvFE22Q4MNIvAXmcsd+JWcXY8GU6YoN3/azT1I5tRaZcNZxih6VagAt/BbBx9PjF61+enfzxybNbOxsaCl/Uocgvgf69UmHZjlvc/2g8E885tZ2zZMlUUDkHSrgOxes/e6bfEx6QHO/QqOI0miQYLzRPVixemegAhTvnIJSjQnqKlzC6Jk40dy9vpng9YHAwTSy2rmyX5LLCywk9EzLkbVNRKNOcaWiJWMn5d6tP5tk5zYB22ubNF1006h17RLKCzrPg8AIRlMRBDNmitUg1GeneeXRuFBF7HYqGuH39WEFZ46uRZMgc0JFF51ucPUwYcCS6yteRXF1XpEe47LGaRRpHT9TbCm1qOSNIGDYEMFahNITy2WoUOekemf9UmDKTVFVhpBBBxuqcdsiFIT7Oldi6QvWarZoa7+VTFZjnmztHNU93MYDHPJ9+pB1+jMd76BR7UAcbkgGqPXLy4jHKjKRYxwG1gmMPYzPOyY6lJrEHwAdxB2SGgssw9Q5jujUnViiWCXED2WXMtyWrFdeAonMiHb39m9wv5A9IR7JvF1AlkHjl9akItkJLx0JLARyHvzEgGs8ERr2DIxd8Abw48d1V+kzVVeAQxHz/E6XUNAlpUIKneipslhk8UoP3L902GJ65quCY9iZn2qyngl7SeOUD2UtmJTJbuKF7aAFdpKV9MGjr3S6f2CiJzGUKzM839+9H+z9lEqNDKuEngA2rqwMrSJe1h36HrT0CqtrMXTHolOkjJCG5ChPp8tPhtOpG6gWCfWPtamXduXM61uRBOey0mb6E79ZCSpvNmwa7hX9uQ2E3JOGaabvPRuZIRmaaN6SA8d81oH56+vhOwAmWtiMw9TlqYxtbPInztdZMT/YLPTqbMe5Zr6rSqRvDNsQ/t955t9N4z+DNCG/VPC3WUvlPq7vsqO/TBGSuNC/U72JvvyVbNi51DPf+uLPSlw+3CxfFCp0kOpLU+UOu0llL7r04AraVCpqiLVpiu+FhvCzJUcp1koixoEtTKQLZuiU+N//v//3/lGbsJXlgJ1jJMy1bcvb5wwYbD9iadHAzGFU6bYWTgaJKhzXWBSmddWNN40Q1+ZwybFqqU1X+U/npW/yxNhy3xkXbjbXFVN3x0IRHod2fZnkV/VEtYPI4XsXEq+ZrF6ngKSfEMnKtXF9+x1ecGyLQ7U6kG3BNCpJTIp5h8/O4MEmio0kXoqOIo2WaTFVOXqXuYSOr/IikplAaR+FjvRaCzSSUoVjkmI3h0f9+/eOLwz/lSmiZUqw9JdNYkCZAJeASivuaih8Dk5yeJeVqIr3BXry9/74f9pyHUkpRjrQcq3KuWLhPANG9G+vLMleqs0tazgrN6rksZ51Q7cn+3YqiPcoLb6b/d7yBf92L9i9JibGH/9zjKWnRwM7xYabGboNFen6euD1YVaMsMXhtkCdsivmvrO4ysccYI359qgBpmGcVNh7DAguSfI7ua+0fQPJAXDDKK+iL0j1OUaWdsWUaVk1e4mSdukzm8zEbDWYRZ5b1GFNtKZvvMd+oM/dRC6z8D6uP7LTJOd1MfrpDEtQgKPpIUZtAcTNJ6qYzO9ttINB6bHSqbQY51qTeCfCRrehwl9BTDNRmvIAXDF/XmTWVvQ1oHLO9NZ0QmVlmfEXFmaOStWnXfN5xj8iteno1FlaMRA1diHnqilXmNmBTPHQEm2zERnqC66ECHqqCARDzlMA3lcGjqNvxW78xaDewP2OFwg0xQg4+M5zfdJ6vZ2N04lCySsQD9WRrIBY3S+cjWzA0XnYL5ELFHvUy4eAb4judBkBsthHwNWwtHt88QsHmdTItEspm656a57bOKl3uGvqm57YkciU9Ze6SzCxtmyQbcV374OrTC4Qep8KZdU+Da7vse06bPOXlc6ZRcWbjqy7VCQ/MYAbU/XGOIN+FcqfSoYKF/BjN+Fc7T1Et/gR23elKYpIdxZyxhnv7wR61tIMWxGdZNqiXyfcAGdD8ItaxEk6djz/YGp0qnY/4CtWUP1PK4+6j58nJEZ49M7LaMFpztK36y1drshuNiSel9NSUDCOSN6khuX3tyF3QjNySVuQWNCI3rQ3ZShPieQj7NSDDzt8mmo87ovXwhFi/tmMYxDbRctyOhmMAgDw0G8OhtJFG41a0Gd724gFajGHwum7txR3XXHhuQK/GYhjQN9BU3IqWYldy2GaaiSyfJY8LuHUlXm8nQQq1PnWVMErLEC/yNedWo2A8nbShnlS6RF9W5H9m2BVfu9hzX/ioRCII04T5PEbRIokzk9YGeR7oSEVrUf8Sq4qz1Ylr5phOmCOUnWELP7558jB60bJoHVjLrpcfcHumqzmPGI3HK371wzYClpJKnj7exdaZ3tSmqdgbcd8wh0rJpDpcVwJp+8WkSm3LWkZe9TUOhEniE2LfzJ4JQz3NgR6Vy5y1Hcrvvcd5pDayVScP536RnmP06xzJImVCXy8SjrCzCjpNVF4XylM3jUvCMCUvY2QWZUBxOV+Tm6nVJS5Twyx6hC6G4/UymufncGGIxG465uqeRVJamSlyAg17mBLH53QMMMlQVgbafAuZkNzzBIWWc6TulLi/jP6sSQuPNon+0rKQ9iwQ3CjmDdYE0xvnZ+NVkVjbTbnr9SpHtYBoe58sWFBggEvSRndWxffHZjAk2gqNVcJlk2vrJOMai+oJAxdmgVkT0oof9e9KlOY5Ats1D45gzkjuw+1LMWc9EggMobC2jeq6aKibncLkyAUeueKjhPWxC7Anpuvs+JxdgjAKbnvJwcuxgIjuzXOAZx/1GSR8VkCv0qE4VXPsXX0Wk9TUhvgKJ/qJhgcp/NTHufnTwU8txYGUy5p1EuQ1f4KDF9FKAlqsAHWVUKLppuS4eXoh4vaAHJvROp5betqONxqKuNb3NstH2lVzsmtWYx0WXftZZfap/NxVzYb8/gbVs+Eydzai5KeSRGX7kjaNomEbZVutpcNqqWy2zzXmiAqr7Fa1WjTNUiyRq8DbLosTKID+SUdN94DhTS3EWm2IEL/WUibOCX/3zaAJU53CvhKt+I6dYZ2YYE68JQ/Jba+rxpzd9nV1xVFklVccRVJfcRRxgUWMC4ukyGJL+j0HRalUDuyD/sD6hdeDNNsUStllgUNrl2CH00LSXFg8r6JbLTtyOwU9dP2C1Eq9E9vlDvQbp5Tihd/ixBg8ZdJyf8pTtFHBAUN9b0ewFoCOcySIB610o3gWO+BRupaZUBKrMSVYFpVv212pZXpMBAyTrc6/HJTa4jf0n7H+eMgBaikAuQvM9KtT6a6LogrWOFMnEsOHTGi5wp3RHHl7hH2Nyioe/Pjo6F+t62caL4E15DoDyRWlzeAcRG1oUs/FR9kBmLwRFqLYcgUMruneqkPTOkUyzONiaG4641Zncr/ND2OtUOndIUke1Vd3B4dhdb0pWJJ/UYW9rZ/syt7SF0kmBrR0Vl/LUa0WY20wirhOtTnqVVx6rZyv4g/rr7bW/hVWEsuOD66mLC4Q0pNdTZbsZg0OmIvAVr/qrYYsuZmZRSpTCmpXyWLaeNbmbHTeQfUd9gnrXiwr8zo5r9a01elnQw3pUEM61JC+YzWkWdIJNaSdq8MWakiHGtKhhnSoIR1qSIca0qGGtAJ5qCFdaV9cDWkatY3ihPLSobx0KC8dykuH8tLNFspLh/LSobz0gKFCeemOD0N56VBeOpSXjkJ56Xr7YspLs2fqyxxkDwfD438j2v1VlH5L/skuxtU0OsBe6xTc2kuau+SKH1iQUkpP9pRGTWfmOCXR3is4Y/liFO29SC5BvIdDt/fjfIZ/Obr5Cw6Z5SY4AcsqYi2hkagaOHbhsb1mo87EQptS3atzjAQETVf5Wp624wVejuMFXmXnCx53aKhA3jaFUIE8VCAPFchDBfJ/ANoXKpCHCuShAnmoQL5xBfKON4dVDO9mhcfVzzve+TFjPtwBk1COPJQjD+XIQzly3UIN23/uGrahlkaopRFqaXxJtTSsLK6hqkaoqhGqaoSqGqGqRv8aQlWNZgtVNSotVNVotFBV447lpsQWqmp82VU1QoWH9hYqPLQtNVR4CBUeQoUHvzmFCg+Vdhek9FDhIVR4MC1UeAgVHkKFh1DhIVR4CBUeOr4KFR5ChYfW3kKFh1DhIVR4CBUeQoWHUOEhVHgIFR5us8KDTt/Vt3zzot4QVTNB3EHNnrRGBDdn3ZkXopqSWScYU+PGqrCEyeepLRuozHVqo9kxjT3aOk05fdrmOWzimyIGGU0lX942384zRAvh2hMrqdpKj6JuR7zXJD0zZTWgG7WblLHaTnt265CgdQYkcE5O3WY09I08xyRolIYkJk4beRZK7Dzii3ZdVtKoYYfddBTewh1hIi29k0VhinIeHpSumSuUxjAR4uY73usl1SAqlnF3yLN/QqSL9QIwD08zH3DuF7WlxMFj/Bk7UUrBAwKR3r6eHRKOneICJEnLpgvmrHrbrpf9QCk/n8oYrPGE0mkhvurVITfdmSC12ql2WUXEwAVPL3LMvAGIRLwhDIYoV+VS7TyU0fk6hoFX6AlKGYs9AasyAm4F3BJ4tyJddSZY8AWv6kdxI0TVdOK4KYC3rLibv+KtmOaouirZukCetnaxBRK7rQDAztHp8JcrlaxEE/IUOVcckdhiEAbhnOYFCoJzh6YMd/W1Wg/D+/lPr98otphMBER3+EL//Q9YTWDzHWjhIzrgL2TSGGAYfUcqX/WbAnM103RGqjrPxvPqDsbzxwoVkGcosn2uyACExzGfiDFsAjLPoce5e46Kl4nudULjWDk1tLoRd7zIy1LfoSKenCi+ZkQlP06TKWbLtEKPDHvQOQkT33K2nkf7JcioE9I6SXJP08UBu2PEp+kcUYoSh6C7OhwOupLSxTIvAHs7tY49m+Xi3sdRZ9gEB3a38Wr9XHhbaqdQXStU1wrVtUJ1rVBdK1TXCtW1QnWtUF1rF9W1uk66DtYdUP6nBVg8p8eVnDfLIs1JKARKUJnmdZRhCvWsQj2rO1DP6kssIXfnCu817V0AqjKfpoS6ZNUbRKsUpvK/pMvKzH6u/NaAmCpIdgrrZH/+TeqRbVuCTHUaioaFomGhaFgoGhaKhjllqFoXan0Lr1pi6FwnxadcZcV0ETFVhkpZZNTBFGbTyKnXUG0Mx6H5hgpjocLYP1KFsdajUqu9qm2hppIsAQh+Oc/FVbNalZXz5XxeWRzTJHpJlVnR+9O+eC7Wp2RLsryc4ZopDy2fssO0LOEqPDw+/ua3R1wMCpFFJQ66IypuRyk0h4pw+5JebmLXZmj6WgWyWUKA5QW4wJOr0r/BkVb/MBkISWuZdLiVj7H3FNNCxnY+VXPFjsjNVo3S3YdF2xUOyp1ppYGtcvr/U3d7jYP8Lw0UGUT+tdNB5BDtm/WoYQ6iAp1ZRtHHJOGstcywaqYS+nz+uHXbyWHnMi3Z0bktahpp0EOFP7bVoFhnZElHY3vbesRdpwMrvo5O2nGBiLtc+0RjdbfSW9vZ+Tr6MWOnhWohOLsGRHOGl/RXUVK3in5lmDYs6xjnDdVlQX9wRvmETh35dmKZ6U/o9akESk4qjJNpP1TKs7zVfcALPJx5U5ZkWKNFnMXnxhLr9FaHcZxQY84MmLcVrxJAlt2zblW/USJrdihvFsM6CLUbN63d+EXd5Uff/Pb7673L8USuVydnMPImWGB/zxvIsMPyMsKLY3oCfsvOYJsUOOlWpjA+Wwn5NGHTxLBhnLUKsSZfRbvWAkYNigKnpU8Pd1crMfxT3tD/c/L8mWEXVR51PSfZ9lc/PHrw4MH3sgmt2G1SLK4k27uGGauJUXp6jkqD6PtRdP/o/oMROiN/H8WL6Kc3j1q6REq5hy+Oj+D/vn9z9P3DoyP4v//c68aObldNh/wbCpSGAqWdUw0FSusQCQVKQ4HSUKA0FChttlCgNBQobbRQoLTaaprqWy1QmnCcRmdYrR/OWt0oCb9Ufqu8NnLakZewyFJ2kcTz1YVx4unoGTHlAuVq62MdPaeVH/l0ui5s1fc8Bd74ajrXtjWAd5LNUE1jceKbFjldxJ+fZj/M0/MLRz6Nu1rIzZo8ytrkpIQyZo51tjJKInjGT61d1ZC+AKYOA91XxnMYha1WjYNqryzsoLPNnZQq8YNVxku8TRIuzqc89pU2B8lPOncm+Jtj/L8tbO2vyzVpsISXU1iipHWDTAdIWVDJFUtRMDqIEsfkXCCrSoHD4biIebSP2csQ4YSO2pA8GLVgPxG1eH4ZX7nYZXHxI+8LWQZpzriqmXUsMHNNpMZguuDo9rmFEUr+5zpxqOj4bNUlrdbd27j83H1Vfs4u4GbsdZz7wNRovE9lzlwMj2XPV3pR54ox3yorlUcV2pWWnBSGNx8LtJkI6lMs8MfSthqjLWRaNYpuU6kY0k/2WrFMFqlqXcXOrqdYWyhI3fVWKEgdClJ/cXe57WkRClJXIRMKUoeC1KEgdShIHQpSh4LUoSB1KEgdbVGQOjqRbbE47op0QlecqhjtMlHOQg3rUMM61LAONaxDDWu7hRrW3QsONaxDDetGZ6GGtbOFGtbuyYca1qGGdahhHWpYhxrWoYa13UIN60oLNawbLdSwvmPVt7CFGtahhnVfz6GGdahh3bHYUMM61LCutlDDOtSwDjWsQw3rZgs1rHULNaxDDetQwzrUsLZbqGF9TTWs0Y9JUh3vsox1tVsd0IHRcCizaYbDTiUYr9C3aWWFbuickNrjTiRgx/Bw7WMwq04Do2RmOlfVOrCUZ+fEZI0GlDniqaDvypV+iRiOM0zalLhKZdU80I9UcsathKhQaPwLLzSOK/kZ6ybAoVgBLu54H1u63nI7L+N0JUVxyHX1E43gImSc0GpGczApQz12WbrWGy09bLjToep7qPpezXwXqr6Hqu+h6nv7KxhegfAq/4Q+bLsgh9UetcqntFxb7UrTlOUPVjiTEN0Er4rYzurGtWLMN87Yc2sHbUfVZHI+wY2ya0jL1Rct57EhyawUQ4dmSaJSJosYNnQquO8YujZNnbFULWOFzs4y6IiRgw4EEIl4tjDTUScO4QVQeFWBp0uBK+PB2rgcwst89h+cpWBEZTkwQNX60dqFUZSspk64qgMu6k1O06rcvi2X3BGDmi+aMhVighremLkLzOsalfnZ6hK6OLyIixn+UUtWUf67i88gOJJ2nvGGU6GYOrCUTBZoBhAKzGgjru0Y4WM2h8jDbMY006rFndfg7c5MQSxl9Xq0MqiT0hF3BSezJpTmsiv3LdD3s6xPM740awfLOkMUQWWye2gEGGFlddmZ55QTobAwAd3nz9LPkh8Po5MQcj4nOzqvzkACtbBiqwpfotwlUj97xCfbQMHa6Xtl49x4T4PhoBMnqwRieN+p1E2AAMWVNbW9R5VDb7DkYbQX/ZuacO8VcZHMl0y6FnhcEykZzrVs7eK+ZXS6Pj3VgWZ5ben5Jeq6ddDFoXpDyJQjZLE3n1lbwY4KapuMUCQlSFiWixnROSWqB0bR2JgtcDaOuADp6/Cqx3rjqL7cumoP14pK55ZVBG0xWPb8E2WeiKnstVn0vlAbjKEjcQZz+uazAz6CxJgTmmOfaVbbc9PNvCf/ILentdLWyAEllC6a8leNABVM9lKVwroErshZ69o0Tq/zRyDv9dtRjUcUTP8LqCYfsgfFjKwgVzb9r9y6cVmnGX3TWcSflZ3+wfF3fS/7GPW5LVGrVABO/Nf+23j8t6Px9+/3347lr6/VTwd/2H83cT4/+PoQXtp/ezL+T/nt7Vj//cvk/dcHf7CeHfxLn9XMVzHtzguIbVzFZdf96aNJxDxWRGKilmzQ1Z7cqRCbWQNRL4mRRa6od7+1dGUkhBE6vvnUp9r3JyCfWkqNqUibZtE3f/ka6clK6KoKapibzDfN6IptdCFuzBqb0TqeNwt61t9oeGq0vrdZWsH22XfPahw16qfyzyqatvJzV20sro5aebWnOhbfFjai6Lru2xfIupbizC3FKPe5NhQpHVREeq0sVVvGrhuqmW4uqL4qYdY9KhuiEuFJvKDZk9YsU81Zd/Ji1cq4+t5X45LrAA5q6g9WrmCnu5LOR0cxaR28Vh+PNYdNfFMA/5IqM822ObufIVqIirnCJ+pRlDII1TiKj8LMqCRfdpMy9uvQob86zQRlgptT1K8ZjVP7zySVcbxSVVOIJRqxXmldVio5YYfddJSlKqVY4N7J5WyKhsCuWmjY+jPnyxB9pFpkk+2Tql+sF4B5LLHMtZCmai1QThOOspO68wQivX09OyQKagocl0TPmy6YC3ttu14OFKQSYUpBovGEUvIjvurVIbveWdCx2qmOaUTEwAVPL3LUPAAikaYEBkOUW3VpB+LofB3DwCsMFazURL1uwJZYWwhrWW8JWtWP4kRKrhUk1VWmANqyEov8irdhmqNfQ8mSLoVh2vXuWbNjEsp0jk4Hv1ypZMeaiKeopNUqnukKz2heoCrNZbXFHX2t1sOwfv7T6zdKA0yqHKI5fJn//gcs6L75DrTwEB3wtxVbFuqOiH7Cr28KrCtL0xlFP7mFvt55dSd38ccKpUkw1Ng+U+QdiEcxn4gqkQrZeJy552gGnBgtMI1jZYzRvii440Velvr+FE38ieJpRtHpGnMxTbFYn5WXwrAGnZMw0u3Zeh7tY1meCVm7pbag6eKAffWVUoi8GTCWGQ4H1x1boE4q7nZJ6dksF+c+brnYW1/rDL3nfGJt7Fw/o94mDyp+90+Uwrc9IXa1kDfA7ly/bPhlMcW0lqJ08pPffTOIn6Qy5D1zpHfsOhY2HeKHxNN1lfa2274unj6KrOrpo0jKp48irp8+wgMkx7xFPehAGmLfPWWEujjArH93Xfrr4em3KRJZXwGWt+Bs3HblW+dS2nYJdjgtJImLZYFXYmXLjmy+/G3KJukqMeKRQOr42C4qo99AWihKSkn7wlMmrvxTnmKMCRwwZHdwwJbBAHRcUlvyMkg3SimpOscpSNcyE8rrM6a0xuKy3UYMtU+e8KPV+ZeDErf8hv4z1h8POUBWnsNditp2+sTNTpipfefMRkeCEFUUXbFzm/gHnLWWDKlRWeURcHx09K+WdmAaL2Ng9q4klROyp0mK7G8bmtTTk5HViMkbYSGyy1dYyEx3b/GFrVOkwDpcDM2NMyyipUnlO2v56O4V6jud56eHGIjFOIsye14CP3d4/+j+N0ffH383FiuTZMoZp9n4EQgMY83fTBaza63wx7kIZ7vE+t3QY84TE3PCZa191bnxKMZkh3AQ623P+pWN97zI18tSLKuJTgJkJ+ZjWwrt3IziYlrWCAjXYCDulUou0Ebfn4//SKN26pvduiAP0tZYaOMbHcvZokdUl3m3moT3u6lvi06031xNgladd/RJ8poxvJ0YqmVEEzbitfPgbkTB1pec16WVbICzU6ayVJY1ZtNSH5YdvOY9S7/pCgn+M3KUtsIOw3S4GpCRm5R7xitOyqr++dPyTf4Y+tasa5OLNQVmRpzwnv56yeXSW6fkX0LQaFa1SVtpsBCtUFCOiX3p8+GpAIpfBgRB/c4rIbXb1AD0V7Y2VthjyW72bAoIXpM6FttmKtmBOtltdK/YfPWv2LzMsT16WGxD9k6rX9F74rpUs9jesLfvlSTbJhWirNX1oW2Rv//b7363Lfh8NAGmDaos2ei5Ti4nOvOopVqwXeEFVy9jTp19GpeUsb4PtD+QUgt1kVOO2GodKNWUeH4VHd9nLRRNq6E8evv5/aRlOdDD96PaXDFDwpooW0+a7UjVfWdSKJ5GLSQv0WvxOVftqhXTgMPDJPIPo6NezOlLcu82CGAbgi6F0kbLlUG+zucgisKy0ItcfPgxGbw5fqtB1gQ31rws8tl6Kv7y2ppQv4HxxLLBEFXrXJJYaT1BSpFgitIwUEQn3ZU58UNlpqAAjJoWdaiBAtsb1Y91I8SW3ref0jQMHZIx32nswGaRqGMQmdzI6OMxZLyFxJnnveXx88vo4fuvrX++P/iDy83Hiyi67QHYNrYJOAHeYy/A5i4xhJriPRzOVQcJXqG5uN+RuWwLSpcJA1s1i/o12SoGOLLdQc80r7CBvkq1XhYIflXYnM7nTHA7HzvyBzsMGdh6PeF6veCG18x1e785pjvM2a1H24+tchIq7zfleDYAKBm+Q2VIABkow3PHVUm9o+u6n/g1y+5rEWoHALH+SROO6+V4lY+ppkWPQsSlAe6EpuneTyWiBPebgmrngWt90PiRGWKrdgkmrUJZzPplfarVomrHKPzKbB+ZAF6LBYASHmkOvOEeiGyZ2k31KioVG5vHHdRf5V5rL8tlH/3916/G4/FXVjIoVChT6BGVg1bZGz4df0VpYaJHlMVKqSIecyw6mmTsQh2NAhXAYSLVoegP7C7NEJ7jaTxGuf8hqvDTcXlVAp075L/RDS47H+OH3IO2sI5BnJkgGTpdp1gLlqanJv/paHL83QT5KrvIgWi6J0C+eDnKbfWhHdf2lSRyUXhNodfFep6AVFTr4CuVI59yVFjuvLpodPSX5PQizz/Sr5f8t9p+NlQ9oqTiBiXE888+4jwdAoh0MZa3ai9xbhUbjNYLS0KEQ56qwmwz8VcJhlXK9mt8HUefjq0/UZuM/yZ98sMGQAV0CtxSgUH9e1yDsqQY0iQa4fxqLSpUvFX+3Pr4WSpFIJfzdRHPW/aJtwDwZj2Pi+bzr/AY5niedeoYVHZ/spY+rhS/oCjIRxgZnumlVIgtzU3XNBB4/TcwCvY5pfEntZd4a/9Y/bHB9LQOlxezxD2W/QYP9KP1S98ob6SCHcv7AM6ppPpLTda31q2rTEdrH9Sn2C2QncWyMrETzXPxtPS9wY8N5kVU33KhCwHBPmYgEP784HXl5w4/aDVPdRvyR/XwSPNaRdRsV6x2JdBzy/845RanfcFBdMbmmSnFr9YeGf/crmRfHG9XWjno8LxDD9P8PKOK0ty3TrlGJSNWHOuLLrwkOlMoXq1nFISLhAL4MdBZ98cye30e15wHSF+tLZd3Q15o5jJzbw/lKiM1qDgQsDpB74LSv7x68vqNXahI5wi11H1d+4PQBPCo3KI6Kj3JZss8zUQRSHcEshKLdMWB9Em5aksw+ohuW/IIYxNp/YWnDnfSW8qz1rFb7cW+umIgGmVqqvoJeFw5YvRDxT6lTrtvlAMR1x7DK+dr0SVWSs6dNaN0Qy/zGSu4JI3MUPuoukK2sePp+juVkKHKNdalUnjEfofsWxHtEfj2UD+x9/pjutzr+ky9yDGKWtNNwKhmHmtQ4ZhKVZvw2k64cXt6ZpZnCk+q8clWidcg6lN41PqGKNdKvX1dGSe1xZs7JHXhhGtt6xRE1Dnhm+SNkjWrxRArxbKVfV/XW0ypcOR1SSYllrE6XKL9U6QseOGSDYu6PZhU4jkcqR8w2w7Q91U6J38BM38ZGgsGGW+JQ+2NogkYrfM0OcsLKSrcrbvRACQfFhqgE38Iu3aBPiV0hBCXCpfMK7WO6qrKSP13PMOpOkTSTnUW7dQ2x5rxsBLd5Ub1LmgLisLuSD4R7sc+JIyD5kWsmynvdfXKneDpIid2cWhPXefVcchlaWy6LbFS6pHe425bPtX6TbXhgqzyem2Ew+P7x9/89pvfPfjum9/hRPS/fhvtU5qHMv2UdITDb6uU6NZljuviRb3LVtWh8mXaxE3K1PBW6KSO2XPjOtd23iyjC528due3p5Y7oL2HrXy4OsLoDgAbrCcgHnBajmvbFXsgbWFbrOerFJOHaPfLkRjUSkqXh8jw46t2HPqLypEsiR10Dnzlxmp3hPY09Tul6mEi/Fr/hl4tLx63j6TXaTIAzdnsRoiKoBCi3gQFkPA5xrrTFXGZtqaxgEkCKaIONSWuTbB173SFZ36rrOWvsbenMsdOVW19tUhOyLV2Ly/3ot//Ptqbp9n68x7ZRFRv5jVXr3sl1snmTpZk5kSc32tPpjJ2eDpLI0/rJ5+Ru69oSlr6+phcNXUkhyppKcGqe+aqHNxDgHYKLP82033WU+kzysuHEUG4/ZUaTuwMNrQ1PiB46rDFMSF3LG4cmX1vvOUXMFsnSLo8t5ziThLZfgf4ks3mp8B2WcVYWy3Hff5fnpvp679QJ2gkNdf8+hkmpRALfc4lgEZCGBxJzznUQR18r+hErq9Ovqlc9Lk2JZVLq/x3zhC/ikRedxEpMv9TlpPGWpBDtkidI1fT07NKSEQ8L3N982WVEA5OY3N5ket7qjsaTE9Ep3wxURVUlETcxzX11FcJhUzUaL7n3PWlbUGkcj+3Dt3Z+wZT8nF29KZKUQ3r6x8KbktewSpCua4gxdYtTFyK/YubB1CtN8vS0IxDJ/UjYc1JdF+GoYlXhndigjviMi6SsivTxJpe7hm6SEjnyDnnsOx21qVErDb/wqR4vfS8UoMXlaSxo5LwBy1nem0zN8Or7rQ4or4Mhy3Lq6aX3jvLSZF2917Je4XYf5EuOR0VBSGfeW0YNxa4TH1bxPen2QjTPeF/mL8hJHicJyX8Sr/sFHq9TIK04bATOZKL25P3hVW1XGCkEmdpOMPbT9GCIyDwGKbiG4eDUOLd04SiV9gtrW0UgS38wwbtVgPKYHTX8hO2T3DGO1GqxMoE6qyIptoiKc4TNFBOL/p33YMQygr80cMvf5RqXe4vvRXg/NJnCXvc84baZedrnjXt/Ba/4bL9JJCKwdWPynvu7yAPeDNXvgKxHBkc57/jTUen4VdA07TANMNK/Lef6Qppupue4ai8O+IEdCCxjegQP+dbmEImqzwIJrDE1B54O+lwwT34197IGU+CzSYMe0+zvZHKbFw96PqiJyXdHj3b25Rt8cBAj1eGF5PoE4z9E4tsKtfo4Oy7JK/Y3LlbRmmT674wUaVlCb0SS3NOHVp+bFWJr/2dIKF0TT5IKEFCCRKKakFCCRKKx8tBQgkSSpBQvnwJxdmlM9ZnkWbysGn9cR2TQYdjmc82chrA75rWMPbS2c5ZgHoe6ihAA4sVWlvGWzkCNcK1eAjANPy8A7QTv59/QMWRrOkbYFa8qTNAYz5+7gCWUxBb8WFbxIyfn6N4t9fclB7ngO4ugeVeYPzwutxT1G1vkWcpzBZHcnVq+Y20vXYN3gAw6+4J7czeLVDeZk291yGs5GFkYN/+YgN/thy0mldNxxZIvI7e9EYHm1n5Aee6LfyaprXO9tas+94Q92U6miSpXxNGsBlo3XeTZ243ry/T3q+1C8SldroG6z5No001ZRNQW03WQrg9Z9ylIVNXafuA/ugT9GRBTxb0ZEFPVmlBTxb0ZK4VBD1Z0JMFPZlp/zx6slux5Fvyy5214uMc3XJIu+T2RQgkrVN3SiaD7fb98maQSLomHySSIJEEiUS1IJEEicTj5SCRBIkkSCRfvkRypy33XWWIZ41sFa3LaH4+1tl4rJ8wh85XnR0NTY0Ysg86sg9eJPF8dTG9SKYfQ/7Ba80/+B8E6UcIaXrYyEBovdCVg9DeLd6Ii7xYvTBzguN0MTV/daQqtLr5aufJCp/HnzELfqXsFw9oldWLUY+h8x7V0wsClftJffOVjSPPmw/60gy+aFYHM6UJxKTfOhFOaKoS0dcC7nk6T9ofNnOw1Ob0SCoR6FKPdfh0Tkem/h8tsHnU9qg5lZlVFEzTS5UFMZ4vL+IHjDQbpEGscChNrO7IitiC25wY0eqsUcqM0pkr1ySrYJmkhdc5n0AExGJllqwX0iyGNIshzeIXlmbxtdQM0edGJQVnqhER2YiW+TydVvnbbrWbXNZ47fV4olpv6jTn+LfQGZX3zsYbDjRrreTYolpz1upwiIr2PdlcQ5xd/XjWlunLnSNs7BZO+0XSkwzEu3VBqQMLVQxNyvegVCZ3P6WsXMEVDERrz77Y98xN7fYA2lOazT2S5/DcSBdNEFdkHFj6OC/GvELrGjQNC12/xtyC6yUmFM7Xq028lU32FuThUSObSYJ7lfYYPU6xplFMI+oLzcpzL9VIW3o/oyrJXOHGXIRcTL5FrnXWS9a79EYKSm6y3JZumPoWCdDHBBM8kxLWRgpVwLKlO5FfyLwTY7mSsyKG6a+JPqmn7R7D1WqnQPiWc9h4wL18yXzsiMsDnAHcsNC05ett8ytGHmsZgyuv4vKy5FKde03+dWFOvXbeKUAB8vg7q0BBKIkiaqu8ZbzYmg4r9+fpp4RKYiGuYB9WBs7BRTE7+J/W3ccMn8LjqKnLMjs03z3qLtopYnT7x+7Ugj0940kUEt4bRyDjT5MKk0XlvpJ4Jj/i3VYk8mzER9OpkzPMGGqZYIhPZB74369/fHH4p1wwDov1lVy1lLRNI7j3pxdo/ZSqra+pOOUiztIz4AIm0hvA8+399136KKy7JpV5qOwaKcsVj6JOV8qBCZHukegLTXSZz2SBl7SEVfwROpAlAE80Tz921hLaI6HMTPPvePv9uhftwxkC8O3hP/d4GpobtS9IMx22SRXp+XnSnfWWuCfkOw6oKhHasa0uMrmFpYoYHKv69ACKMLcqDDqGAlYm+RzdZ90ndApQOhDzABfpJvKBSktJKapqQ5c51mxM5vMx8/1Agsl40jGO2iI2LyzhXnHy/gIH96FpMsOq+Z0XYo69Tu+tMZaekMhaWTh/SLywcHUDSLQUY4f1YcHO8hDE0gL1ToeXefERdX2IjGPe9fKQlEmHv6H/bLpw1oltuXrO6HlrICA3icNNIKCENv+7qxMOSsSo91lL/1yhtot4xuQYeO1bOjsIZ9L8TK/GKvUn8BhjYiHhssum7XaxHsCu062Iy09PH9/miYLZb3CgnJaXIWacbpeyCvSeVX1YAM/IYmbEHzaXiYgrPH7LspLPSTFNy5YL1c3z+TkXbexWVHUd6tj9oZY5/1LZDnPprbgPDXcc8nEZ6nEW2sBNSDkBOXpt12JYT72qI3s4BQ2qiXxdjkC7dwHygk+/288Q6Fy7q88NOvncjHuPp2OPh0uPp7PHNXqy9Ncw7Xba6XXX6fWBGF45tGdJvW45QxxyenfH75jdmPvNjTne3KzLjROLdsaZaVP0I12AfhNNZ0s3dnV1xQ+t7JLVUlVmlnB1mzaoq0Llog2uFTxVY06Ya7I65mrmi1NSRKC6p6XveQ4EL55HP74CgWWSTERqaZkmyjUqAYaahxm80bVf7HvHufmpAcjq9U21fqp14g3jxPka4mjFGvrWAYyaiKIPlOIdYPgXFZ+AMsPMGuQixsTiSaaO5HkK8lZ751ycHA3ZqI5N4pJZKZmQNsG6t7Nd9e2kWu4i6h6l33uJ3qrL6uH7vaM2+fbzc91njirZYweqdJajdvvjbeBy1+VDZ5kZa09aPfjHbVSo8kaXqbUFeaoePGiSK5Ip+8hoJxXBdiAYLaYSpTSp9OowvvqSX4suKQ8L8YFRnmSsaK9VDLWmtinFMhRJDUz6WhzVeG9Uip61wkA1vk2JJ+EZb3Lum5XmtxWFnxHNwlKslVsgWulRVMYf9KwRFCCGg3L99EStmawkl4rarjOgf/Mr5MTNaNOLODsHzoAlhHilwrE+ZvllJqFk61K5a9B0scPOwfEt3BFmdqR3YsumqEWKT+vVGE1TJbbQ+WKMI21KARfAfKFX6ta6iov1Is6oejzOW/WLtgvyh8AScwlwHsB3xqd46xCI9PZ5xRWiE4uWnzZdMNYD7FLB+q+X+UbsSTuIaTwBSX5O+KpXRwWbutxhqp2WSr+LiIELnl7kyBQrpgsGQ5Rb1UzH+sKOo/N1DAOvEvhHq4W1A7Diz7MdcMvkU1Kkq05lj3+UKvej7OdE1ZLPWLU9XcEVFIPEYPvZvOKtmOao6C7ZtrcuudiW5VGJ9vmF+B7Mu8VXOvwUvMobqyh5ulrziKRRm67wnObFDKWkTpDxrr5W62F4P//p9RtV94/kEaI7r4ls/f6HeN6NJP074OS5qkVh9U1ZQd+R8k58UyBbSNMZAQtMVG7jebk4LV+sIL4aJmYosn2uIo68PcvziZigJyBtHHqcu+coYUx0rxMaR0uP4ueCRgrc8SIvS32HlmSRjk4+AWFDsjeKTtd4jKYxYB98e5oCESiuLP6gcxJSbRW+O1vPo/0ySaIJMuTap1Z3ccBCT3yazhGl4JqbJVikFQ4HXUnpYpkXgL2dyr1rY1s3YE27tS5VJ+IeBmyVr4BjMc7cDVfuab7OJAibaKc8aJmu7avXeOwubQl8NjqVP4yOOtbZ7s1W994euNa+NcqKWpZ6g2tU/Pmfkkw4zJ5VNj8wVgFyIT43D9S7LUuU/GvGKal5KKz1fvfNoEVZzlHlCfsLbumRprrRHpx6l1t8FXWAQseOi78pFyFuVVAad0aO0YimaTFdp8SuKW89ydR3M2iyiovzZNV7AvgtnPNlWbmjlU5LnwnLYa3nrCPILyV/gr8w5mGqbRK3VorYGUF2hjcw/6JCyKyf7Bgy6Ut4AIwoGxwXI5Ki9FQPeWkK/xLVUfmqL9gFJULjXAoCE4jH5Kco3FxHKFJlOjrrpfoQO4WFL5aViZ3oypo8qZly4gzhQP9Y4UBMuEM4UM/6sIVwoBAOFMKBQjhQCAeyWggHUu1OhQNxHjRT7CAV7zbcF7i84vV8xcMdHyFCrleddQ2u8jWMWF6QviQtSUnNxA/4R6AdI9LGab8BrW1kd/qjEKkUIpUa4AyRSiFSKUQqWS1EKoVIpRCpFCKVsIVIJbuFSKVaC5FKIVIpRCqpFiKVQqRSbU0hUqlzviFSKUQqhUilEKkUIpXqLUQqhUilDfr/oiOVLPLxCkMoNiFAA8x/Vbe8NqtfxcZX2ia+lpHTUimVSbjHBWC/ez9V1oQXQPwRhkGPkmRG+hKU3CvORW2Y/+R8Eu29fTD+9v0ebAlxcoskVsTTXqr295Olasf0NqTYjw9wvkVCtFIf1gdtblP7QGAO2vo4rfVBVtVvW7poyuHxCh1GHkb/9e7t26Px9+//bcz/eff+XzrwpgX3Q4hbCHELIW4hxC2EuLXPKoS4tbQQ4tYG5xDiFkLcQohbCHELIW4hxC2EuIUQt3/2ELe7GMB1x2LcbjOe7A4GJKpoNlXcbbNgtm3i16zzW5GqQuxZiD0LsWch9izEnv0jx561vN6IX9baOBOPTYoi+OU8lzCRamSzDmk218UkeknRzRHK/9apu1ifkjbDcj6AM1YeWuVKD9OyBDpweHz02/v36Spb4AEWresdiZ9r9sIbSPeOijFbCC9GGnRcSCeLYbdVrvWgQKLlE4uLQwSBN4AFKpeoS4EdecGW8uwezKIs8ynF2bV1fVHk63O0/n9A0jF5KeFgTx9/4G3viAuz+aZkpQM/KrFisYQEkvGfo7xQgmlXvghxuFfWA9RQ735lG0YUfxXtk+vFjFWMsVJUtZkcx2hMQikZcDDOEhoEeovndJ9v27dsyHVN3XSvLgrDpOoe288xBUqWIU4yxEmGOEmrhTjJECdpWoiTFDiEOEk/SIQ4yRAnGeIkQ5xkiJOsPwlxkq0txEmGOMkQJxniJJ2jhDhJ9SzESYY4yRAn2dNNiJMcDsYQJxniJDfq/87ESYZYyH/aWMiWr794Q/2diucM0ZohWjNEa4ZozY4WojVvJlozRGpSC5GaIVIzRGp2SFzNi32wYBYCOkNAZwjodK0qBHSGgE5sHJt2v2ed8lZ0XuTrJe02rYd4DdG06F2aoZctKQdmpCttUwllLbLpvVLxC6SJxf5/Pv4jDSvuoUPdUF2CdWOJnVyBJXVb2mR2mdQCcMkScOuqNHfXJeli+zPyPjXlNPMGr8w5kzM5il7i7b+1U4OR6rW5QUlPKG4gkxajpKDMD92chb1CHeaHssUrYWO28UrwF/QbK+yxYzd7NqT9mlQB2DZTBwzUB2wj92Pzlf2xedmke3QA2IbsnRb90RJzXWoBbKxSZtkVZUQUX2Wtrg/hTlN2iQf3f/vd77YFnw/fYtogX5cmg1MjdCYO2uJ1tK+PwdXLuCSJ8xSEoVm0XvaB9gcSqFAOnrLnY+tAqR1mf3yfJSCaVkNwefv5/aSdX/t+VJtrSsEOSKxm7REjptF9hOFXSArFJb2F5CV6LT7nqp3JM83Bt5jmjmFUza2MwjYEXQqlCdEWaiDi50W8gGWl0yidoT8pEJ3CPn6rQZosN9a8LPLZekqqlzOjyapfnXhiWVmtxRotcWczshHBxEqZjlJSuX2FJKiL2N+K60KymXIM2xsddGVuhNjSOfRTmo1SomGzSNTx0f0eZOwzsmIzFp+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/8oWkGMs2LKLp1Udg21kc5Ad6jq8KWgMTkmtg42sPh9tyv0Fzc78hctgWlS32GrSr3XJOerHptHn/nhWv7bxmjANnG8tfX6qeDP+y/mzifH3x9CC9ZePr+7dgg6eT91wd/sJ4dbImy/b5zXtovflXYnM7nTHA7H3cq0PhxhxINW6+THuyiZHxukchND0O8+NAX62Ny1XHYHdPtcgiEDjvk5JaFDct8pMPQdeIj84s779F4PP7Kip5Ew33yeZVk5Hmnwjw+HX9F8VrRozUMsFAy1mO87QhrvrKTTlAqjdgSg+HqRHBmMLECu0szXMB4Go9RoHkYTTEwpLwqYQMP+W80LmfnY/yQe9BKrDHwaROE7+k6xcqyND01+U9Hk+PvJnhhzC33SjHcT2BfeDkq+FanmEBng69U8hzRmSzzfF5O6t9+pRJmcGIYE7UjXrlXD6O/JKcXec7KxUv+W8Gd85GAFHyWnhu0ElO6jWc8E4KFdDGWt2ovcfyUDUHrhSXlFDqUHDZqDnrirxKMRJGd17gxjj4dW3+qREKkiHnYgKVATUEaQZAXWrge1wAsYX9Ka/ESQEy/4iH5c/3JM/iRni7n6yKeVzeGYY6KuxdmeCBQfMJQOF3P46LyzVeYCynHA6RjxlBV9Mla/8AUYNZkyU8beE9RRQsAm0mn1Gtf2fv8qvpjX8ore1hhMFSI7htyziQO+PBlQrkbDikHAy4R//FqndF/f6ACyhpXktW0c8rLi7isJjF7af3SN9k/a1KoY65NBgmleANmso4SzaxhKiad/yWdVeb1c+W3xsxmln+TJo8qYVY8h3U+YOzZIGNWRYSxN8iZN4tQmTl26/OGHxYxP1ada+VtJUykdroqEvK0sjyjQtKtkHQrJN36wpJuWeQDo3orp01yMBgtkPVyFUL/0Bm4zuD6go17nC9QI9SziurLWuEu9jJ5Gs3kccdtZDdLb7JawZuUl2iAp+OGljMA1itMAfQaXSNmG0V+PGcdn2VcLbkzupk4TpwywsyvJEPMTFtWla5RkemW7k8lSVGbvG2nDzqK9uu96vvN1mspHxRkbcqcWAeAakvndN3AwE2naLet1qXOXOrcVciJbgLtag+ktSOlrSgsxdfr6ePSzqxnwGxnEMLvTM6g5lC2Qg7DCTkU2/6KxiF1OWUDMfExEnxey/hFYaZqTsin3CubU7x+nFf88ibgN9lzFdVUtvFJNZlVJ0DpOqWbLSkkkxXeo2tMbAWC0SWCUrvw/S0pclLY4p2mA3ecThcDMVLLmBsAg3KsATDzqwVbEbgrXBX6dcF/JNIUFsSrbMHIjlw0lEEqa0MHt7UVJXoY6Ce6/LexmL/ijoSNQBICAjYmqokXsNcvmatht8S0K8mNkPzHGkavBURvkPv+vRqDJ9uuUOy3LS/iz6/Xhcsm2ZE9UrW+LJL193p0sP5mmDdWusEWByxONMD+fsirz9ZzJOCnIKo4DfmRPpvNTl1a25+JuZUBMSb8tARBfaXdhvaTzw+jbykFE5zgpMBwipjigDymYuJssJfjo389cE2FKAXORHjZI7QrUhCRub/gjZacdqad1KZPPc6n6zndwMRnW4uA+6DI10yn10tXv71kTrUnrDZ/qCz5TPwoR18ePTj6V4mnhIMu5+R1Yu13PO9Mh4VtvbR9lI2zQFE9tiWmuywl35g29pLPn6Nzgzf5nMOTcJZ6C2c57UvyeYrGsWNYinUhOLo1V8WPFBk2t9CCcmhRjOVHycDXBIyjaw0yBIw4t41Ahio5wp9X3uXpWLACx9E9fI3OvyvJRq7kPgEyXmkSF1YDhse5G5gJ1cDSPgz/0LRvbR36BvCvh6ANQGY/grY5MZr1mCi7SCXdib1EsiJBbE/M8EhvQMxwjdjPb9sPjw+lc/TONFCIToWQxSoD7GirmWt6c5YbD1r8lKfXQuYNaXL0XSXXbafEEuZW7M+ZduWNk+l20C6Oi+0A/45pV4/dsduE7UdclFXbMOYTVXtizjIf8azleonhD6T2EbY97YLcXoVP3euCh5wlBKkHY7tp3rGVXzpenW2Wfz2tOi/X3H1FLTFU1mhX0LVOpzvHHsZPxcVMFmulUL6l7Hlq+A2lkYahtvWlAclosO347rXmKOmf1plOozyjnDCs6MbEMiXVw1GJNSwlN7I85FDpIr3oR3gVofWbbAorMs5gtnXslTjLIoFlwe5YYVAaA5BLuFIJ8R3D/HWdFFdMB6FHo0ok3TuFetOtQc7s5Jkr+hnXhVdDs/YchBg8OD5fpzNAJQPUzl57XS4iFYeStGuSVfPfa7s/2WyV8RrBc5Z+HqGyQivECF5wlcEeqU9h2+FE/bWTFcVGKuwfXzz7P9HTH6gfGo+VZxeSXYK4e6WAc4H+6VktaBUnODKqckCZdZGZzPViHVHUDDaZ80u671aT6iVaxiV64jMvpRLJQGfxvMxZfyqZdOQUMDjgDjkD+LmZs8SoHLljhAYBGgemZNHirQvSPSkTq9BzubCRCyT7NMPpzTiZhOzjnEwAyqrAM9WOS5xY8mNi/B9dkiYvVtSbjB+tKdY7t8/KuCOxsgq1Zgx/Uo+VI2sAgr9jjBc/vhE0gO345uh7EFAkkfcoSgUVklRCnOi1+0fH0SNRvwPD/+3REe/mK5d/FTY21KmCEZY7rMYDWsOUiI4w4WfIvavkHSQ1YmzVaoVorOOFCWtdxJPpGBLIq2hfnVpM83K2Et9V6lqmZLKFvMIvxif01gWAJCkOnBt2wjFZSpkXKVrRo3Q17ZqvZDg9i2XOiWudskxrrhUmP8CkZ1Mdld2dbSWumP27F+1xJc8d6eiw3TIX8Jyz0YllG73yrASkVQG8ZJKRF+cxmvrpPeWX9DcX7dgn7yC+lSmhy4G+emH8KzGpqFwvZLMR64SOaGIXNZdQw72TJ9dOb/S5K+ee12XenYYcm/9WEYFRKS2F6Og8/tplbRI9LQ2JJ46Hq5DA9mo3CaA/89UFFpRxUZ6cblkVvI53DMWGYiEBvmvJtkFOCDY9Nz4p8RJZ5QJldpqga/uAHFDUAdK2iSY+8PEiLlKkSBkcfbxA0Z6q66oYoiD4SAYKSebmVEgrB0sXrvS6UdhtKGKZ6IpSMr1/QVStJ8M8tmGIzZnmbYcM/kUQPAGJte0ATKITFcdleukU4bFV82PiQHszFtn3TBccmGQeiGcDUMI8o2yJVRcsF1q8yFkpo4zBrG0yHBjpl4A8ztgwbFYxNnyZ9vziXT/rTLmKbUUpPdVwih2WCBIX/gpg4+jxi9e/PDv545Nnt3Y2TPb/L+lQ5JdA/16pOgCOW9z/aDwTXxq1nbNkyVRQReeL2x+y2yfPnun3hAckVxw0qjiNJgn6HWIhJFUKRjyOFO6cg1COCukpXsIYfTXR3L0qn4PXA3qhc1Em68p2SS4U78rldoorXWuF5kxDi+dbzr9bfZqwcqv0EW++6KJR79gjkhV0ngWHKf0diYPo+klrkdhdneLhriBib2LpIRGAP1ZQ1kQCJhlVm8Mjiz4VKZe7AByh+mNydVH5LUB6twI70jh6ot5WaKNouWArCcOGAMbKMY9QHuslOekemf+UVzyTVJXeqRBBxupcauZ1d+YTzo6tr0CWaduVyjLNM204wGOeTz/SDj/G4z10ij2ogw3JAAXanbx4rKtP4YBawbGHeULOyY6lJrEHwM+opF/BMe+9w5huzYkVimVcZUF2GUv0JakV14CicyIdvf1XarfIkezbBVQJJF6VSSqCrdDSsdBSAMfhbwyIxjOBUe/gyAVfAC9OfHeVPlPIHhyCmO9/FQcgRciABiV4qqfCZpnBIzV4/9Jtg+GZKwWZaW9UcU0dn4uqkxIrdyXJrERmCzd0Dy2gi7S0DwZtvTuKExula7hMgfn55v79aP+nDI4wVlwjlfATwIbV1YHl7M/aQ7/DdprnQJXdu2LuikGnTB+hWhUhuvy0W766kXqB4EpKtOnKuiuKdazJg3IMqTJm2i3XGzPNmwa7hX9uQ2E3pC6Zabuvp+QoUGaaN6Q6K0uZNhRQA6pNmXYNcOosO2WaJ5j6go6xjS2exPkaIrrzhR6dzRj3rFdV6dSNYRtSp6HeeXfYcc/gzUgR1YZVhavUaVU+E6cJyFxpXtTqt96SLRuXSqXfHFHi/dwuXBQrdJJY7kKs1Z211gEGtpWySaMtWkIn4GG8LMlRynWSVBazXCsC2bolPjf/7//9/5Rm7CW5YieYTiktF92EwU8S4AFBlHITsWEkTHfaCicDRRWKMC7rxQr7yA4q+C9yBFpFdapTwUviYos/1obj1mrEdmNtMaXWPTRlstDuT7O8iv6oFjB5jNWykXJ21euwp5wQy8hp2nz5HV9xbohAtzuRbsA12VsVuXN+HhfmzVRLttvtVU62221WUbbbDVdUthtFm95MdWW73VSlZbttVHW5Aiv/w+ojO21yTjeTn+6QBDUIij5S1CZQ3EySuulqz3YbCLQeG51qm0FuUHVou91opWi7DYCeVwVpuw2H4XVVlrbbHa0ybbcBm+KhI9hkIzbSE9xwhWq7eUPMUwLfVAaPom7Hb/3GoN3A/owVCjfECDn4zHB+03m+no3RiUMnhOWBeqr2EoubpfORLRgaLztMVaDsUZLnR2V77unWNgK+hq3F45tHKNi8TqZFQumU3FPz3NZZpctdQ9/03JaYoqSnzF2SmaVtk2QjrmsfXH3650d0nwpnJg8Nru0yejht8pTrw1lO2yuRpwc8Kkk8dqHcqXSoYFFNBmJrxerxJ7DrTlcSk4Qh5srl3NsP1VwkVtCC+CzLBvUy+R4gA5pfxDpWwqnz8Qdbo1Ol8xFfoZryZ0oJA330PDk5wrNnRlYbxpn6gpuf5sRXa7IbjYknpfTUlAwjkjepIbl97chd0IzcklbkFjQiN60N2UoT4nkI+zUgw87fJpqPO6L18IRYv7ZjGMQ20XLcjoZjAIA8NBvDobSRRuNWtBne9uIBWoxh8Lpu7cUd11x4bkCvxmIY0DfQVNyKlmJXcthmmgnMvva4gFv3jbta/aAghVqfSrDhtAzxApMT09ZwpSFTUEX5J5OYU6IvK/I/M+yKr10q3OgYmROMcVYBZpown8dI1b0wg1HSOYnWov4lVhVnqxPXzNNFKhHKzrCFH988eRi9aFm0Dqxl18sPuD3T1ZxHjMZUYAhe/bCNgGXy++1i60xvatMaiQJrnhqDMgSq5pUp0JEosJkn0K6/5zlyagV/wdwv0nOMfp0jWaQEkOuFVFux8odPVF4XSlg3xbIPyGaKvIyRWZQBxeV8TW6mVpe4TA2z6BG6GI7Xy2ien2NdGV666RhDq4H5TEorM0VOoGEPU+L4nI4BJhnKykCbbyETknueoNByjtSdkmCWdg5tGm0S/aVlIe1ZILhRzBusCaY3zs/GqyKxthuddM0qR7WAaHufLFhQYIBL0kZ3VsX3x2YwJNoKjeslC9H3ntxj9RMGLswCsyakFT/q35UozXMEtmseHMGckdyH25eWXItphiEU1rZRfmgNdbNTWBe5wCNXfJSwPnYB9sR0pTaS7BKEUVMsuoxOJhILiOjePAd49lGfwfV4bdCrdChO1Rx7V5/FU65o2cQXhRP9RMODFH7q49z86eCnliTjymWtmU3en+DgRbSSgBYrQF0llGi6KTluHo9y7C4PyLEZreO5pafteKOhiGt9z6MCccvD9tl3z2qsU/hUfu5Kf91SQ6kzATbXN7BxQZVb2yoHts5G9covwSxyNyaplcllpcs+7FNuLqalkqOqZUNqKZwPTDGwzjVg2zxlrMYzGrZnkdWXFRdSKTjXPCXN2bpc9l0VUquGClMEVYqqEaOqiuBxCH11bk4QdsajdRQoVRgXqxrLJmJcW0lQMezUbLM7IfshdpqF+jTX/tVIfWnss+uqNbpZndFhZUa7afLFxuVHfUuP9pL9npKjvht0cm31RWuF+/qK9nncc65Kj77rZe9d32KNldJvrqUmplgjIgYueHqRY9y5qqkIgyHKVTnejSorblARsRe4JfCBRbpqIdvDwKv6UTSbqJrOWz4F8JaVIIFXquAmqsE4NpX9o6nKtuKMUYS3kl12jk6HHzOIz6okPEUuWAUcA0+M5zQvUKicO7RuuKuv1XoY3s9/ev1GsdhkbiC6w5zD739wxf3174Cz3OPGpR77yjn2zstVO9EXK66rpOJzVOKYErkTGqdeuBRVl7jjRV6WVvYWEnVOFHfF+S1OkykWH7dy7hneoHMSJhvQ2Xoe7Zcg705Ig9Wo4HvArh3xaTpHlMIs/8icncHhoCspXWDuzbhbg9mzWS5JwFESsbO+oAdH3xZuJJ4Nz7suqH6sqfagM3mVWrNXSG1soDKweQsq35RN07m6wokDaguQpSq3lpxMVlo9oU9ARosCKQ+P3MVwugrFvOq4prxXLSRx00W3VKbC1lj0Kv8IpEviw9cpMS10JVYrHqNkvyySrrQuDnjUpcZ+oaDli1bJoPpeO5+7gcCAhxaE2z5xQb3WSMmR1PSVL1ijdNZeR2aFOTwpw9+mEsSPdDCH5KpoJSuUvyLjAuCI+pQN1BhUyGGo0/jdJ1H0e8Fs6//Se4H1+rz43mI34+dymx4ut+vbcuNeLTfqz3Jzniwb+rD0HiSX34rvGRrmq3LrXiq9MHF5pvjCZJg3yk37oXiBwOl7MgQOA/1NbtjTxENH4eVd4guR6/MoubO+JL0gdviP+IJ1kM/IDXuL9Ky/x0NkmG9ItwinDB9/0glMe5ji5ge6+CXXz7VTocq7LfMXs6Urht0yUHz3zSADBVWX3qi4In5o1aytKJf4ofEfEJtrh2r0yeR8osI3RpGUyB7ZxbRHERfMxkLZg+QtsgptZGNie5K2L7UaiqKTNhuTKttX0WRyd1ojTw4dmP2M8iqqmAZO/dfS5x7JfS3VRDa3THlWdtQAEMylylUgZHOJFG0LtOHGH+xyrlZVJ8+9bK/BWKuNYxeLahZbXMXFeaKz5BsXG6rG6SpZafy9GmV47O6RHUd9XLlCkVm7ebSnba14HWFdc8UIHx8d/atlD53GcFfDHSXlMFAVzqnt2+hK66rVtKTQGakAUZt+layscYwi2nzbOm2KAMMF0mx1aYfOKjKbIknrHdD4kbH1IWej41/gEkeFnP3T+lRrRBWakeuHwTmUeRQmkhQdTUgMUshvXiT9Yv1V1oHWXhZdd/T3X7+i7ExWxndSOD3K5+uFstuOa6RLis3xXVKmpPlQ2a+rFnoZ7b/LPJPp6BIq6gvsDWazUM4RxM9HJ+dKq8Rg1ZW0anOxxjLUY4qOj82h2yHB472q/tgg8o5hxRagxH/rIjmUa+bwJWrDkG3Ef8iVc8iXjN48uGw6p0w3XGW+L61f+ibb9KOBeZb5NKVrwGRjdO4bYZxy/OB/fark8+J5VXN8NWY2swJSdR0u/vLTcTyHdTJDgVVFFzqKN18m2cnLpz8/eF352UWF7Q0SKskfa5ujUJQlFf4ha5/1eSN7Ltk1TKJGnSFX7D2cAMikyrUupHb9XJdWzn2vIBBaHKZkI9BLhteocnNXU4I7dRBcTKS0lF/wT7p883MsraD61nof4SqJWqDLA+mX2nTfeC0UCamw0OtO98dWovo8rlks0rS2hZ43eLqmusW9PaRaIQOB1K5gnZveBWUmePXk9Ru7YJVJWm043K79QWgCeFTYrnaRBEojinBdwQXvlkW6KlVBhLbY3d6U6U8d5vdbUg517FZ70bcut7RGrr1OpzR4s9U9cRuPNGcs95Yx3CpSu41DaonddsZs9xvbJLi5ZxXVl7VgKo6/1UDssus2spvxO4pXqxhrULcubtcV6msufZvIBc/TrFZbtuTO6GZinRLmXb8EiUeJak3OmdffzmeT9NcmM1Rqqkb79V5N1LvlE2MKecKgObEO7dY0um5g4IMdimImSgKLDmykOKj0QLJGa7BF2S43DYm58Iq1KB3BFmUz2iKuyGH3yuYUrx/nPWX3VvC/0EjeqN3aX65cibgxm3g5DmEG2wjzX6flBaDq6hJBqb2b/pYUOVcFdxcI2xwjQ5HTUOS0tYUip/8IRU5DZbx/7sp4IUN3GjJ0hwzdPQPcpQzdVm64kKs75OoOubpDru6Qq7t/DSFXd7OFXN2VFnJ1N1rI1X1nvBRNC7m6v+xc3SFvdHsLeaPblhryRoe80SFvtN+cQt7oSrsLUnrIGx3yRpsW8kaHvNEhb3TIGx3yRoe80R1fhbzRIW90a28hb3TIGx3yRoe80SFvdMgbHfJGh7zRIW90yBsd8kaHvNEhb3TIG70JeEPe6I13IOSNDnmjQ97olh5C3uiQNzrkjW5OJOSNJjiGvNEhb/RmXi0hb3QFGiFv9HCYhLzRIW+01ULe6JA3OuSNDnmjQ97okDc65I0OeaND3uid540Wi6j0VM8t3HQb4LzA1a/6ch3XT482ROgsO1cNCtkxodY80Y+5G/ltWaQ52V4AwysTtDc/ZKwenLH6LmUYv0PZs1Wi7FNYIcdJbpIne5PU2KqjkMw6JLMOyaxDMutKC8msQzLrkMzaAnZIZh2SWbcCNCSzDsms/eCBLSSztltIZl1pIZl1SGYdklmHZNb1FpJZh2TWIZl17/xCMuvOdhfSZGELyaxDMuuQzLrZQjJr1UIy65DMOiSzdraQzLr2YkhmHZJZh2TWIZl1SGbtgEdIZt0z1u1L6ndBSg/JrEMya9NCMuuQzDoksw7JrEMy65DMuuMrSjyNiVHFK3+X+ayr3Won14v8MkKZrRadyMJNvELfphXn88F8rfQWZv/QqVuUBOwYHq79FUgEZyxGGpmZzlU1ISzGFkYnJrQBUOaIp4K+K1f6JWI4YAEpJs1yIVLF7+xIeV9uJUSFjONfeMZxXMnPGIcFhwLdiXe8jy1db7mdl3FK4QSUFxUefKIRXISME/TOEvaWnvjvsnStN1p62HCnQ/r3kP49pH8P6d9D+ncfUogRFQiv8k/ow7YLcljtUat8Ssu11c4RDTuZZrDCmWQdTvCq4ES5imfj1HUmL+VXfjtoO6ommCgCNspOAC1XX7Scx4Yks1IMHZol62mZLOIMc/cx7juGrk1TR26qZVCKOhl0xMhBBwKIRDxbmOmoE4fwAii8qsDTpcCV8WBtHMv3Mp/9RxLPVxdXI4omna3n9o/WLow4PYajc3XARb1JR0u7fVsuuSMGNV80ZSrEhIJJmLuYpuhEmZ+tLqGLw4u4mOEf6r4SWJX/7uIzCI6knWe8URkNVRJXzBOMNAMIBaYXEdf2DOiX2RwiD7MZ00wrkXZeg7cTKMxSVq9HK7SJlI64KziZNaE0xwnft0Dfz7I+zfjSrB0s6wzB4ouVCnu2EGCEadFlZ57HWXyOP2lMQPf5s/TziGEBu0OQ8znZ0Xl1Bpz2IcF0qzp7JqrRJO/niE+2gYK10/fKxrnxngbDQRFq9BGPp3LfYXz6+RyDVlGCM1Pbe1Q59AZLHkZ70b91Jyo1jXb7IpkvmXQt8Lgmku+bE9HamXnL6HR9eko5RYE/EXW7WXp+ibpuHXRxqN4QMnXQPZHOGCzV2qJNK6htElySlCA5hV3MSKRJWeXAKBobswXOxhEXIH0dXvVYbxypk1tX7eFaUencsoqgLQZzln/CuLh5TDmrzaL3VWb9AoNogPmE1eb57ICPIDHmhObYZ5rV9tx0M2/NVlpvT2t5qZEDSsrs3orTnY4AFfQZWKl0QCVwRc5E1aa9yFfAJPwRyHv9dlTjEQXT/wKqyYfsQTEjK8iVTf8rt25c1mlG33QW8Wdlp39w/F3fyz5GfW5L1CoVgBP/tf82Hv/taPz9+/23Y/nra/XTwR/2302czw++PoSX9t+ejP9Tfns71n//Mnn/9cEfrGcH/9JnNfNVTLtq0nAbV3HZdX/6aBJhI54SiYla4herPbWFdJpWUUkixpNeEiOLulfju5Zm3zyjRUd1nlDtqN5CtaPu/kO1o1DtKFQ70i1UOwrVjmotVDv60qsdhUpH1EKlo1DpKFQ66qh01LzYW18LBZGi4QWRWrp4jBn6cDqzump5pp9IvufoPBdTLuk/F/knigiQCPTPK8vRfBK9RGYfZ/X/tfety20jWZr/9RQIdUfY8hCk5KpyV2m2t0IlyVUK3xSS7JoZj8cNkRCFMUlwAFCyqqMj9jX29fZJNs85eQOQmQBI6ubO/FElE0AicfJ28ly+L9ZDxC4X5zhptIN0nozzgeZzGpxP0vMBZApQ9BMogmnOFonB8+3n32//tPMi5GZQDuUQJrNwn+1CoZw0/Sl54KYQXiVy+C1d/s/LBuUHQ7vB4KmwPBWWp8LyVFieCguLp8KC4qmw6sVTYSk5eCosvXgqrHrxVFieCstTYXkqLKNgPBUWL54Kq1QeBBWWNxxpZfkZwoNzG2aFCOEdZ+linvPA2VhivOq46xQqJ0wfiXFjYoLWVsMnuXDSyGjeDzu/4PusgURuS0mLSV/7xNozEqTHEVpiUTssa75lhVfVOnzoKpZyT81Z5SGiuEyz3uUeHFBcAwSKKzKkJkirqqiFjVR2fy2KI6cwjvLwkL5JF77TK/Dc6RETcB7FFUlzXEmY230O58t2x15wVDeV9mRYfuWf7+dn6YHFEwLldBiBAf39vCf+PMCYiZOYXLKolFCSMPx1DD40A0sBFGe8syU2RpotRQwCjEVwdUbcJunO6ChJWjJegSHxhK9INvG3CW1uHy5T+8KGuOZ6zUpjvqWAGijLBdV0jKpZJXoGStsIGiitgnMbImmgdOk7GUADvqjbCq6BckbKGEaAgDkZgkD4t7oe1OOzn//lxY+riq/NcVCVLpI0nBsrK60iJdSOkHpiNB+r15hTy3SuCEJwF/Mm0b7EsATS59BeYnxRIpdydgTYeU5xBNismvv/49dPffMx+Kdepa2Al7fAlW1UjXKtFlQwwKkES6FwM9WXPKWbtplX5rOzKlPiptoNthtHjn0LpuIO6YLSZbhkIp6IbxlRxVXLM7rjTJ9+Rad4MPeoOc7S0WLIs6dlPFh1C4cZy+NM46/Qc5LmEJV5nlqvnbRxnbTtz1QwZoEHmmE6fiUOpmuIGZQzUY/Oo6ZF7jSvNLVQNc4i6AxXg6ItUTvsZOEejG3yR1TuCE/t+KTlf3zu7X56pv3z09bPrqSPVouiO6ILytJRXU6BN0R8QYnZCcCdhbIJr9t034Jtcd/D27KqKF1BaFDKnFq3FG3WIa3pAeYptUoid+cntYwho1u5mmO9Tguu9bKDTcYRigalMS+qMSeqKR+qay6Uo7ndUp8aLLhQKgZL7f764b9u1rWJtPXBXzPtyuO9pdJqvvAtH/gX/JDbQXzVR+oSXMzDIg1BR2uyn9QsqK3Eqeq3VFuWdCBO8nclVutcM16o/Ui68C42kH4o0gyOYdovi3NpOBRdhjgcqv9AyxJd5CCZFxty9VYjDzzfu4O//2MjDMMNLUoJzKiIK5GjL5M7RK92NjD6IdhHiGJhWTggoDF254bOwlhjH2QKIywimNoP1SUzkFE4jEI4xu+CKTsJ85ucLVsD+huciLNxCA9SDdIjFrLTSR9WlfNFMhlRfSJfMrja7u+86IOapDPYcftun61G9DkiPm5XBy3ZECzpEi+m+tyG4D1Db6/m4Qb7FBtBN7vB7/H5ZZp+wV+v6W/Rk0RGTVYsrXcp90qfrtQKlAOvIuR3VW6iqANdetoNc+z/ATVVDFLV8JMYvLS81+XQC4OrHe1PwRaPRuTdmhy5xISUOaue+HdYES4PoCmh4sGW8Er/Fdhp8cp8ssiiieoMkvNlmiGOvXzFlJAAwASzmESZvH8DplEK81FGVYBZ+0r73rDEYohRrvsA8TWTlZdWy2MFX8Ul9N9sg9cnpELY2tA78rj6c01VqbxJAueTxiwi2zQf6YB7UAfcgTpQLlND22gFQD9tuWHaL01tqqcKsybl6TBBDw33Aqhl3yIh/mipFR9KvzW1AwEWMTLN+Pqp9fUkBB672p+pnFtqBdSrJeLOsyTFfCF55Ko1bKS5ruRyTpVd7UQTJu7vaGgOL+OpJKdlQ3LGjqUfvjst/eyyAmiYkLA704PyJC+TiPCwqz1Wc63huUHBkEgHGj9/ST9aFqPzTPNZmQ3FttBWtz0DPt6Qks5HBuQh0/cJQ7a0hqmMUVsgH6HJ5FoEKax8GCM/Bu5PUbcMnuShGTj1IakUTQGm6Hk42GcxxoECjJesj2wQ1XbccmyR1BcMGknt/FOPWXR3D8YnolmXk6uSeUT2grAnnRyenuk0vJIBQzNf2voHpMnEI5gzJOYaW9N4NDlSOyRo4lucT5OCYOLivDDRZ+yjuoE5SvORiUD6yJHgeE8RlpbeMlNZ2xL/aySspl0EQuiM4A/VfP+2uf4OKtNmS+a6qUvXSlnq9ocN3RSlrR2qt0NJeitUpB0pSBuIR2mDaUs42oLjvAU9yerUJG3YdpopSdrb+O+KiuR+aUjum4LkHuhH7jTZ4m5pR5amHGkxudxUI+3nVVeKkXtPvWiH192ezMwpna50IndPJdJSGA0UIt0k0pk65M5pQ1p5PVrShbSXzW3ShDzYxIxWwnZSg7QXcEdKkDunA2mHquFyUnWlAKmfiuSVVlJFDssSlGiZ31JpNsNJuhiFYNaWcUv0AiuA3bKkl5bqdMPNKesamE5pcFDi8TQ3paFb2pCMtpfm7ZOKrpNM1Ckax2h1koauSBYqKEENDTaRhDrjQJpBKWxkoK1BKdZM/nlrpJ8dIBkMZ/lmcayd1HNJMs+GgPqG0/FqJ+OGlabhRNxukbmLk/D9nYLv8wR8x6ffOzz53tWpd6kTb8OksZ90282XLifcez7dNkjCfqptJ4kup9m7Pcm2+HDHCbb913c6ud7pqbUR463FabWdHG7rlPpAT6gNgrWeTNsJs8OJ9E5Po8vq9d1OoM28hs1SvHsew7PLO+QvvAXeQkffuqjxWuAZ3C4V3t1T4N0f9d19Ud7dOdXd3VHc3Te13Z1S2t0fld1aKOwcS5SVw6N5fVqds2P9XB3WL7WxW5g5OVysF24OjhXpL7pQX7SmvRiN2NqVmwwwzZ0sHybzkZi36mfAEh/DVsxP4K3X/2E6L014i0VJab7LAnByce1Rk5V5XQfeFHGKsB5ZciX4Jy8Fr0mPtsq4P9O2c8croawPNfxN+YX4oEx5+y3NC1Bwe2z/pRDEo2Orz4XJ8Wgm7roVBG3eRuO19WJjfzs8KnkrEhVPoOIJVDyBiqF4ApW7IVBpk5XuSVQ8icqS7fIkKt8IicrjZUfRrQfczoQ+x6BKnVFQGt1EcGgYZVRm1ZBKvKBNUf5iBPlj0/88lXAhkkrD1Gg2jCfpeIyGW1Yb7atk2JjTVuk+3nFthq/n8LG4Q/HNSDC3CGxHzXxslGAJBVIitZCh4CL5CjvOokgRWwYtBqnZYoTK0FOcLEILZkoA6xUYzTBnhJdeEJrwuKB0GhdIQWwEQr1gK3UE/nZ89XWWCiuN1iVPyG8cqF1aS30wem/LRvUet3ZFYKWdLdioQJsQ98foxjtpIzU1FVZZMax4B1wLrTOZUUwBW67OMX2TI+axvisQBIdGq6FW+LKeWKpkNy3YWJnDGqCM0fr3kCTMnjXJda95FZIijycXrKGoDbNtjHf1NMllSo0Zu3MPPAM48GCa6eMuHbJdNRgtMoU+xCeU3NPf6Gm95cLXSkKljHKaxjIOQcxFbipn3Tfgc0rCgZrqlB/8BKGn5otugUNrJva5p8UqXwyHyWxYVCh/LOuUAn1t5P/xC5RfoPwCdZ8L1KMjm4JD9HvK121oqHanArjLlTVHAtBr0jc0s3JqNyG4NttdHD3AoQXakWe14s4i6iziyDKYqn38p4//9PGf5eLjP338p4//9PGfUHz8p158/GeldIn/9HRQtQcb6aBkqMU90UGtIf5KqCTlL9QUZS0Yi3PomM7eM4t+35c0QnqAVoT/whP4+eL8fGKZznPh4ZFhPnhkKB9CTSI/QjcCacpgMeHxYGQH4Q4KMNmwTgnByxa8/zc6iCCYDu/zDj3RDSrzAhxS9IvAytR+MoFlKiTLzpB+PHCC11QFq6sHqhG6W/mpJsA6JLYYCYtPniBRMSRGlu0M9TZINH5xN9TEvnY6L7Vmb1yG8JNgqh6+0MMXrgRfSLuJhy8sFQ9f6OELPXyhhy/08IXfHHyhBmjigQxbtcMDGXogQw9kiDLxQIYeyNADGXogQ6cIH4KboKWwPZChfsOagQw9CJ8H4XN8hAfh8yB8PgjLB2H5ICwfhOWDsHwQlg/CaiWuh3C68kFYXfR6D8LnQfg8CJ8H4fMgfPX3exA+D8LX/ks9CJ8H4fMgfLaXehA+D8LnQfg8CJ8H4TMWD8LnQfg8CF/7HvAgfB6Ez4PwGWrwIHwe48pjXHmMK8vHexA+D8LnFyi/QH2zC5QH4XsIIHxHEPWwxO4gnuX5wzF6ApJRPlhA4AOMrMUs+Z8FgGZwCdxIo7oxtrZbCAb6CvG/gz/BU7UaG0JNtYiWFjEmcGTe0x6BvOfSagENsR8z7UcbsAKbAgJqLYDkS3DBm168VOiejE08Wcxg3LSPXtqvPClAHYxtY39k6WJsC37MeBWAUFCQ8fFpDCg3snkjNhB2+t/3n28tF6EII2jS/uNe4f3uT0K77pMFRoGG2RPLp9F3fNffedHfDrf75/O0/30YTUcvvl/yS9hsOM7SrzftP+aJDgvxSjzv/Li++XNatG0SFx3ETA+4m7JMS7gG2GpOWS07b0Ql5nZhIDStbkrjLEXjWOpNytkAZZvpnCLHQSt6HUfZjM7pONaYGvX0hy1LpbwFYTKilZPNF3b/X/ppNh4wDXvxFf4ZzkFzhL9+GKgH+j/0L4upKdKgUc7cLzMbn96wb5m2XEPfiacCemxt62iaH02tXoNSM96dBnirY2oP4mI4SPOQY6M45/dBfJ4w3erXt+8Hr0HYwV8wJD3+42ZruWmeo2Dev19tBJ/KWtY8hNXUKA/ZsjtfOg2YGnDCXv0b4hXkhc3aKHZ8SlvosxqZyovWUrbrL6YCEGYQz8JFPmCXP7Prn/PFuZTFZza0Wa/CrYOdAYzqQXaZT1Eb6d4NdotjWFIdDJdpRzdcsGy4hjtLe5bpemUnsNyiFmTDDXKdNFyrzG3THTTdDFfU8LUookazq0eDVsUnIvlEJFV8IhKXg09EaicJn4jkE5F8IpJPRHowiUgeDbr2oEeD9mjQrXrinxwN+o7wf5ua8c8NBv1QILnvDZRawDyfs+8hFJtlUJ67ADuLCjwUs4di9lDMHooZi4diXuEI5qGYqbEeirkppt9DMXsoZg/FrBcPxeyhmDsIw0MxV4uHYvZQzB6K2VaTh2L2UMw6bJmHYvZQzD4CykdAieIjoLgcfARUO0n4CCgfAeUjoHwE1IOJgEIYZQjH5z7wVdCYy9VIB9Nleh3AaaAS8kTKdFQUgKJEwCyAaqqFvAg8ZXsSKuZtBNEFHT9i3ZFdhUuFQKVgTwULsC7fpiaw01x2I2/CjZY1PAHUI9NAOCAIaFQfdrbhOJiyzaCTsu7xrx8Y/jW0+AMEFLFBXLAxtGK/GKpasXuuowTd7IiMzC5c4RvM52sUO76bkp9a9hqvUnYcr6Fjz3mQcQ8y7kHGPcj44wQZB0ROkEf+K8SWLLNMlWvQIo1VAKuOest6JpmxLxhxONUYlmjKQha6DEGJKMC9BsAgBY03CjALmAleR7TlW0wwn0RqiSRjSPy1iDmMYx5PI9ZBQz52Da+sNEtGC4pms79vxMt61Mk4kNlkjkZT1QwxU0A+7KtPSvIzGeD4e9i3UOzYcTr6LY4mxeVNDyMXR4uJ/qMm7R7FmhsqFRORm604PBKPAFSbMtQAItWhdbAHc8Asos6GYKX0orhmVQwuo2wEf4j9QoDg/Ktp30Z5oZWUxoNAjhGok4CIB3ObTWiIzcexz5Q1tr6oTsBpPBrRWqYh/6YVuRqFQCpXFftcgqWiUQmkD41Y4BCluNPnmojtqtzRjDapygTR5gL72KxQiE+yg3uI6kE98AYzqTOtpzHRO/lKwE7QCygp18wMxuU3Y29TJrqIZMzBzMJReXs0M9VXl+GoqvOg8fX03WLhZO+dREO+z0AE83gCQY9wIlFN2twvTVo1CnaDzeBfREOtS/VlPJnTUjOF6RZz4GFCxNQhQnOZmQB5COWUA8BRup4hzD0P8ByIO/jyYsAU6IR7XxqiCv0etWYOZho5zoJBecCLNTAiD4be98vAdMu6z9aAzVqqTLNGg+2bw7rN00mEILjqo54KqO4MgBEwl2ScpqMtmjKosOLwhDqTWaXvVDWgbNjdxUcVgFvQIOJ89oSnq/cgcV2M3YJ7wZiIF27EW7YIpEUMSEGspZXdSLwHVxb5L0IDY5Piu2yEVugbfR0u7XJRXp3btmZMo6/Cz/jdzgvbTS5nJJU5WC0y1sf/9fRjFP6xHf706enHkP/1TPy09fPT/+w7r289G7Cbnn7cC/+D//YxlH9/7n96tvWzdm3rzzYvxCoQtaWxaNqXXJYmJtAjnOLBd88tepYJrbZiooIRiXaqL/GNYfo1tbFeF715WuFK8RwynkPGc8h4DpnOHDI9+24pGWTU/QdvT3VyGfZPzy6zXnYZGH1o9ovzw6/zJLs5YH8uM9/NNYlGx/gL5vxVLYv6g9bJL62teHIS0L3l87e0BdUqWQk8UylSnoDHE/B4Ap5K8QQ8j52Ax5PvYPHkO558x5PvWDTk+sZuvO3OOHpEhMkymqqMTjEe6LJ4QpsWkzCgVbMR0aiwBcE7mM88L1/pEuJ0dImG05EW04PwGLiiUKgFG8UQloBbCgUP8KABsuSbEOHdupgMaTmF5+2aWLtZWK9NxmAIXYesOPQxF8qjz5uPn8oeQZsMjl3ifLBpLzzU2RSzEn8dsh3OJJG1dIVQ4rD1lxEoh6wKay9AaaeSNcw/6P6Xafa2EvKylu5rqrvemXqMTGk8TnFPJGlY3mbrar1TLVE9TX1LD6C7jEfYoOovff2LfIGmP/TUg7P29AgWxkksoYXzoLbBFwKIpl4wCYdb0aS9iUw9wd/6tHX36VvyvYKCfP5G2/36h6ezT/K7G6uOJdtTp3nqNM9M5JmJTPbBu2ImMtyn02OUfQkjeUVsW+OUK3/nxFZyJRsQzOKvhZYx1w+OkTcAwhj1GP/LxTmeQTRPWp6M84EWXDU4n6TnA0hdpDB30OXSnJ25Bs+3n3+//dPOi5DHF4SkUofJLNxnh/pQnkH6Uwotw6VKgNB0sWt63jjPG1dvnl+d/ersV+f7X509aZ4nzVPFk+Y5W+BJ8zxpnifNa26JJ83zpHnOZnjSPE+a19gNnjTPk+Z5yCgPGWUoHjLKQ0Z5yCirJDxklIeM8pBR5fLPDRnlSfNqDz580jzK1G/4QJHPP87SxTzn2fSxJFQRwBzK64LeghEqKobvYXqH5n6jGF7pmPuw8wu+y5ox2ci8Ys1wqX2Xi3pFpL9UelBLSslLmedP8nIUlm3iv4IgZD35A7QAdMxpMbjo8egF7+dnKWQe9RR5yj4nhcHrR3U3SQ8PRfSnbetjN0hkDAJngxF0DBG/1lCvI+1T6eH9y3j4BSdslI1jjoCgoI16bJjkaaDde7oYUkRcL3gHiAEnMQ9kH5USvDM+iGwt2ZOAKROZ+82zpoRTUK0FaAx5RdgiHCzhGG/F8YpK7UUKzDWoo5qgWGzHAyPOSA2QogGEpBccFsNR9d9v4ilbc/lPZjFY06qgWFKrZIiwSGEBpx4EF0ZwlCjskC5USqNbUq7BofiEqw62Hmsm5emSbVX7QicmvqlmtcvcUj4WlOVysjomZa2SfAWlbQIWlBY8Bo2JWFC69J3MvwLX423lZkE5o5ULE4jARAI5RPxbXQ/qwBHP//Lix1XF10aFUqWLJA26VmVnU9yXmtqlIxDysXqNYHdFcB5BUPRi3iTal5jVAslIQzo1GF+UyO2Treo7zynsB5tVyx75+PVT36w6/tSrtDXBYA1YrEb2wGgqqICAbRGWQmFtrC95sfyWNvPKrG+qwvS3ZLqY7gbbjSPHrJ6q4s4IhNJluGQiHY1vGQhdN86iKcZyqVCHTJ9+Rad0QveoOc7S0WLI4Q2ll6GqNsGMJVOUij4TaU+zkcCyzHlzhOPCnrcPBQPzeJ4ifEI1japrhiKUM1GPtiNEWuJX80pTy3TkEXzObEco2hK1s/28YTA2AdxAUSA3HIPmkwZU87m3++mZ9s9PWz/b0GmgtFoU3QmBUJZOCnQKvCFhEEo8W1g8olTCYBNet+m+Bdvivoe3ZVVRunIYoZQEeVvJii3xlqA8MECllnJ2pR9CaZmCSLdyNcd6nRZc62VrFiNdtmQyQmkkY3KCPKkazEBPULqAPTU0tz3Wk+PDujHXA9wa/SCI69Uvbt76MAw3NM8jeCERYjNH6yY3kV7tbKCvI9hHNh1xxjogDHLw9eoEwEhrHGkHVkAiCclVnkF1yQw+IBxGIRxodoMhGFXJhzugv8HAOBuH8CDVIM+yIdPT+iDf80UyGVF9AjIruNqGwCfYMCbReTwRr6fIlz7rF/ocEYi5q+OybgiicpHgHhdM0as8uiG4i9EErBm8wR7CdKKb3eD3+PwyTb/gr9f0txA7UUOT1USNKh5lrg8zagiKglcR8rsqN5HrQRegdsMcadsH1FQxiFTDT2Iw4vKOl0MjDK52tD8FZzta23ZrouRCE4IGEaSZPFuHFflyj5mE1oqpUTBFXlUuvGa/4cX5ZJFFk1KvkMAv0wzpz+S7pvwCGziLSZTpj2wA5XwKc0e6WsAWeKV9e6hZXI4zDJzfh1zAmay/HFeEEOlsxz0HBAlwkM5CHjVf6JjFZI8ScTDKIpXHokP+m62Y6HiXpwuA22RqrFgoaTCclH+s6+ENDYyEQU+17WmGscyIMV0EEHVUgN6F9rpTYgzYsjZS1ndiaq00Hy7bXGpaGzH2HXJkdRibh59obdpIi1+Uyyg9eLUTTeaX0Xc00oaX8VRSnrPhNWO694fvTks/u446argLKxA9K08s2qAnvV57uBbdjyqSgmyVMfxc1ZSh/DzATItPMdvEbPEo7qMbiMAAQ8inGoDm0ScKm508+CtsJZtPnkycuRYCAusa5mOMZ8kfsm4ZAcE9NwlHOaNTD2bJVGqGM0wWYygHQI/L+ui4VW3HLbsT5W5t0Adqql49BMHdPRhyQMHzlH1LJ0HZC+LofHJ4eqZQdHXWRGWpsfUPSJOJR8aaivzueDbi8VMYjoqZNkw7mSYFZSbFOWbGVKvdR30C0TwouaF6w5EDCuiewiYsvaVrSdWb6wiVXNWwdK1aPMBtbsT8rOJTnsaVOWU3hn8DxJvEDXCcsuW/KcXHDmfCny+Jd04/CRwGmWgi6SU4SRAaxUfspAykARaTik7Us3nCVqZ0utkPgg8Y1KZZe/i1XrD5Nr5mE2WT/fWO6b/sr1qtZkNAGFAVhgtUpeECvaGL0Cv6wzJyr1QhBhU3T2o6Amc1wt2SwkMQah48cRz0WXi0laELdYKmjtgOntbIVDVrm9SkwPicQgRfDlGfCUE839RD5jULrBWC2GxSFargciwP9KyclVJwYn0Qd1jRIXGjwDWbaEVGTCsH9TrJL5lQimtAxZA4Yn/EWYoGy8VMRgY2clM5wyM6Citn027IFvBlhCWe5aC6cHpEghNKE9YUUcz1peGk6He4IIEhxhxl8xorBGsCSkhPg9WYfBCvaCQYXCqOY1xAbQs5laOiygskhjHwl4E2hJZvOBmvIRnOHQZErxn8Cf8fCvHW13y3Pxa/5PAraBylU6qje6uPlGGSqWdlb3Pr2NSkzohCwITqPoqPeHtgiwpo7w53oj/aWyqSH/kVHEXSOUJDq0ekzpxwYsaD6/nN1pciRBff5IASWg3VVbzprKbWZl4kohYOcT5llN9PfnI0Z/PNErApikmV0K628oByqa3N7yl6QfN2Yj89yTk8Ghuvl8mcQsh5dqu7A6iQuiCqpxF6NIPwmwL+d4j5CNidB2mcs1/xl5XlQ01bl3T4opggOiUaanGT144peV9QP0hJsruPEOWNPtU9InQHGlSPi+V5jMYb8l2Z6ufSY//Qhbfkq/hrcHelK3QGJn4VjjIQCXNiLayxXKZxNo7BzDe8dPWlc0Hi7W3T3c1GdCo2+7cxUFOUZj8FmyfWa6K/LDc0ug+6ewcaPgl3odeaEbpadGtj0xra2DvtppnWJtpCptEcptjfYafA0foPNpiSDEjfBMuPfo0nkmrVWF80R9A51qPs0ZgypiCShfDiKNa0vEsDgRFggsF6LxP6Ntm/NnuOQDB9mm4ezTZ7EoSuNPnk5ogJJJt4bbPfeWNvAam5hshloaoto8WKZ8Ueys/buIHS0+d8e5eKoR4vK45NiSmJhslvcXHBNH3oQXm2iAiGA6MdjPidlQQp1PqH6EXSYF+hFo2oR3xG5xQ6s32lvfygnAJScZSNuPCe5LLWe0ovEK83vr1ZAat544w3dViNoLTaL9pv/lob+f7PzpAilHiEiwLZKWFlARcnp3xF1ixpo0Tcoxsz96UonANS8uYVaTrBMYm14vIBVMtJfKUDDssRAGvGDQ5X1mDHa/DoSDaC2UgzP6Dah6iXaBzCuHQMv+THJtc2Xhlm5tMZwHSH7IA+YkNJCdVaa+PGGIi8h9hsChSlfV/r9fHOFtxCkiZPMAyR0k/8eqyPxKOs2ymL3PEatEG+e/v634Ojl1gPvo+2FgADJZMy6wNBwOsS/dFFBTYBGthTtk42ZBaZRrnDjdtiXZVs0K4ZdRnNVIXzKM9lgjsNfWIihzB2NA0A/paaBTypHlfor64vgT1PUg5TxSANFDS8GLNpeUjmYoJsQhXpuRRfjHOjwFU2e2eEMMX7cYI2XGEWppYqBlsmuGnE6TexWY638I/lfJU0PowAWNbuU5mrQl8QQ2tE8qcM7p72Ahvbqyhv353xYcC64/vtn5CXCjOdFR1dnGAgH7/t+fZOsM83PabC/LC9Tb154gqigUJ+Fonuq2Ie5TjAbxjq4HoX6WImEb0wZDuaTNKigGEsgXtx1LoWT1rHiIv+qcYIpsjtsWqBjCdfeAJPhHt41yUTCfIwOl60h+d7TueZXARirYCPcdoWRbnlLZnNnuk8pcw+RyssAGy0/AAk4BAnmhuCLSp5be0f3WJLnjjOI1DuWQt4Q8cRfuI3Gkt1SkUmqTQbR+CpJRZnHn3yh2vteIpxILQrozVpS2697P033HQqzZUUioC6rkxb4fSODcsgj9dZ644+cR26Wm3m9jxtKO27ChcYYdPgi44EOpCBSf3gSCMpJ4ZaWPCge6XyD7lZxaUDrQsKJvur8wLsMbB+XQPSAu21yCqAPmR9PVchBdEcVOUMUrywga7u02FC+3LxYQ9PoyyBFWkGHNScgpy+CAJS5aIQC1Zxhd/ptJGJKDrXWGn0guul68BSIfQ5T4V/RKtaQwo+lG4Dm1LxdY8v/cIHeAzsEYYJ0A/2RLKOqsUIBitK2UACL9ockXNsU1VB2SfqAj/as5UwncEQrUTQuIbFWzaAIF+Wr3icU1ppYADCC8vjiAzQ6itCpZfJwB3q9QurzQ0KEYKL1wl1mKcJuMYvF2wUHLw9/fx675fD1/c2NxQ8wmOaFCkltQqryzqmxmvuQhPdOYrntAoK5ySP2gJ1e+/1a3kf1wHRAwdJro5X4IGMoicEVg43YYmxM2aHcki0G8ImjEYnqd0LfCHYHiDUmNOVa3jCzpEazzgeUXYjwWiwzVXgpyTX61TJ4hoOMYe3jumJbOFMQDhDCJ+hHMOIwIfHwRTJF9m38ARNCSnwUAZio2ehi//nXWnIKqNtPAPloMQlxBoMOI436UJF34C8rmdu/0Ugx+ieuFsMG7GW89GKh2G1AEYisAqHPABKOde9AM/oPPaZllRBpJbxg4xWuZPWBEobLyuUJgQxVVbDElOlpd+IyWOSDr9gDx9YGaYcTWwYOlBgGcBsqr23BxKeC14oDRybbADFEMg+G4lGbDLhs+MOOzNklNjc+BpVrZqxfMVSkY7s7BLyFDs0KwL23gSXjsb6S+A2fEo29QKYBOJWMRulgy1fS0O+ljJxDP6kRBQKspzGl4MWfMl0cdS7y+sz5mWxSRDR/l9c6roDrEExzOohV7PUyyVTT/On6+FEFy6yP1XOUlqbVRImmE5ygDaL41EOyhZ06GYwh4j+XJ8Y2PVu3y8UzMm/Tpjy8/3z58HT9zM2hQGSDk3Ch2w0FDdbWqw2WQ/bTTYzSni5qL2i0yyTU6gCs4Sbn4yqFjtSoxBcIDjLfpkdcs3yTS1Wji4wbKrcMyCbKq3XYPfhn0pX2XUBblNl/YBTDgQ3VVpLygq9pUpXQXWA41LlFuRkxeVSpaWYmiI2oISaTuK8DQa684YGm00Y2CB3qbSwjUHp4qivVm6PHml4eT3QX5RusHnS3KXnAJzH7MyVpFmFHf6efNnwqYiN50gFbtZ2zwUA1TqOtbIyiolRux7aQJjairzt4IvmQebsYjTPFxig4KhXAJKl0hBI3i0ewvv//s//zdW753ASmcaAmZPkU/vC0O4kMOS4XAZo4+VkVKrUKCclRZFcG+ZVNMemZecS8bpBaGXqI0HzwgN2NP1YOo6LOhVHuZC1GEmsBypOEvz+2MobBWrWP4iKCHXVdOFaKqjJMaqMBL7WVt9pe5zrcqBb35GuwzbZCBttbV+LDfNu4KT1cn/Q0nq5T5hpvdwx5LRe7hB+Wi93BUWtl6VgqUuyaj9Z25ydlpmny52fHtAJqpMU25yilpHiciepu4bD1ktHoTX46ERZTnKd4LP1cqdQ2nrpIL1WENt66S7D24Le1ssDheHWS4dOaWEjWKYjlrIT3DGEt15aS6zlCXzZM3gQ2AO/5R2degPqU14o6BB1yIFrSvMbTtLFKIQgDon6SS9qSNtCFXeWTHr6wVBF2QFRpvBHccRtAefcUK3uBDxlXQvTNw3gYHMaD7MYcXPcTWvZraNSleuWvqrZhCyQ41WekQtuFlMn8Y64rX5w1dkeBM89K5xQDFJcq0EyOH3yCNbgzKdshdbYQh6c+fogBZGvw7hTqlDIgv8YjOhXPR2mlgnjdEC9UcnWEaWuUm0v9bfmetJCWubia1LyW4isyk7rsPm0F1utUmHz4bFCFeNPJZ/HUXGKgfAUmTGrvMbBjytKO8tJW6vJeiwmLVfKlpaSbovkXVpI7t868hAsI/dkFbkHi8hdW0NWsoS0nITNFpBu828Zy8cDsXq0lFiztaObxJaxctyPhaODgFpYNrpLaSmLxr1YM1r7iztYMbrJ67atFw/cctGyAxotFt2EvoSl4l6sFOs6hy1nmQBQuIOM7bo8X28tSQqVOsXBpkAQ1WgKKFTYNUQno1gzRHwyHnNyiGUF/WcEVdG2a2dAp3KGkQUYcMeVJvbq7Z4gN1AvQ15rnq2F9fNcVWgtm3DUtEkyTXiGsjNt4d3Z4S4yRVU/WibWUujl36B7hsWE3hiEyCLDbv3bKgcscSqxUWNDad91qjbRaWUC7EBNKnEmlem6PJG2+ZhU5mcoI4KJp+FFSJ6C6pvqM65Ql7mNRdx7Q/BI5c2JlvzF2n6ZjCH7dQLLIuLpLaacUkNDie4Hh6Thg6+eDaAcR5g4L0NmFoApOqhHOHmKViV8ppRZsA8hhuFiHkzSMZCH0KeriiG1mimfca5hvqUK2vECNT5nYIB8jk0FKW3ahVRK7jiGQ8sYVveMQC9eyaWF3tYPfjd8iBkFggrmvLFvYs0L04uwyGKtuxHlWX5lr5IQrfeTJgtMDHCdtCGcVej9kXoZLNpiGAvkNSEWiL3H8Fh5hYTLWgGoCUkpjvrHHE7zlIHtagdlMM/w3Afdl+REuDOCFAqt2xDeV0pd9RSgpGUw5bIvPK2PQoBbjnRhNuLoEjiikEQRwbgoFxCGe30ewNwHewYePkuiF8AsTtMcRVdfRHhqMg18MSaaF40WS+FVk+bWfh28MmBEi5A1bSZYiRdVKS84sBEVPKFFS1AXgBL1MCXHztMoEXcEZKjeZrmu2Wktd9QMccb7lgMmMrfe3qpQpkWXfrahFxuIcmz4xUSSow8FQam1CoRxDaG+AVHprISRqlBeJdaRAS/f0B1VBH3F9+QC71we9ZRbs9/YyO4co5g/emJh62qezUczZZmSul/GKfI4HQKguqRMjlMEap8NkwnHGDfUJ0TdY1OHrWUv9fbhOvqy9LH6utsv322oXNw8T+cYvCnBU/LFkK2fQ6HR5osEuQqx4/gWYagOV955FpMCC/hlySQ2NlCZTDG1j61p52luqpIjH5QawNQUTP+DryfSQdpL5pQdY6iFjeNc8uFyqy1PVIL9CYcjp/thu3acZRgJCZ1nUi70rMZoKHAYYLOUJGe02l4kX0GR0XPnETvXUCcq/09xx+MwCbA3M3nlW5TtLEzWAkiEO/nSaQym3LE5q/piMRtFYHTGV19nqdgSNafemcLBBQtpoJjhtHhTo6lS18j19E9SPRB6arZggx2HBT/c65qVVGxNTQdVScwW3iHXAjIqmZGhnSB/FNkv68sC+eRIhTUNJ/aFvRJ8RoS5aPliPk8zDZrH9F0kGeMchWNBnmhUIvogSQq2S1ywhmPOapaIoTBNchkHPTKO2z04FuLAhNVEH5fpcLjIBDgm2Rv4SiJD3gXbrmkE0ymUyKDZMo6rlTTOaxwc/OjDenTAJ55EsHFOjCdI7DhfGJZ11+K7YGJBGMV4tNQOJfclCpwGFZwAQui0Z19l+V2VY6bEDuS/385utQ5e9iy+mGBmeR3oAz8oNe7LbMwQoafULVp+YUeS9hLrTMcOBfVCdqtJbwj2XDtSrsPUU22SmBcP95AJizn2wr/N08A3UWPZXGdHt0Sur4LUQ+cZuqo+6h8icLxMHI90CGt5B+1sdBft9NRkdFhepQksNmxJQdZXc74UW68J7oYnQ/BqhGaj567zqnlLEI8wZAfjaMq9d04AeE5aXG5/3gmlqBH43bo0dmO+w5Rf+kVQ32k/mbjv4HytehqbecpbWeaPqh13oGfEzBa3gp+1QtglDj/VW43sXhoVX2cSMh7Iw2vSCbDQ+1s7xxGHVfmpWjdUiblAVxsJ1ShPEJpBQB6VzmX1ZkjYTPEAVMY+eDovNWhvXKYJk/TInnPNc65JzjXahT3nmudc85xr9f7xnGuec81zrnnONc+5xsvtnFyxvaY54enYPB1btXg6Nk/H5unYePF0bJ6OrfJNl56OzdZeT8fm6dg8HZunY/N0bJ6OzdOxeTo2VTyHzz83h4/HEvVYoh5L9DFhiWooNh5V1KOKelRRjyrqUUWbv8GjitaLRxUtFY8qWiseVfSBYXNA8aiijxtV1CNcmotHuDR9qke49AiXHuGyXZs8wmWpPIRTuke49AiXqniES49w6REuPcKlR7j0CJeWpzzCpUe4NNbmES49wqVHuPQIlx7h0iNceoRLj3C5bCIpvCWxREyXvQLyRilqOnUUEmdQSrsJ4syapVNG4BFvlC9Ecw68TWFrSHcEWGCdJmSKJqMwNKv/pclEPGG9dsYBHglyZ9Xsx9eAUsNV7VhJWcJIIsYIbmmwGdG8oBwT3Abt6w/Z2mQ4tgQrW8zYujXBSGz1NghoHAOQIiaFRageg6LxZZZez3q0Oy5yAaaBzYUK7Ysfuwt6hFZWXju6AYZwOIOZYWu5GMsAjYEquOW+xvV1akNtpdI+PZWgQWH6Et4Qxx/lAJogFMFMSNBeKCLZfQ09xNVsDObnKXPLfnBmwZrt9r0UvImosBcKwpPGCeZUw3iVXwcqsBWspFypjDOFgQEfPLxMIQ+KDSRU6NjLYMiVVUsdpyAYLyL24gLCNxE9qKVgOdrKasLNmcKVJYU1v7eteEU9QoXAVU0CCwyZePNSjDgH6B2mYG/KySWA4bFBquXqw1k5mTIVMWGzZmK39+DkzwuROiZX8ATUzYQDAUcA1DlkZzg4vU0c5i3o1VPxPSTvN+9Pz4Qui3Z9XHdoj/7rSwCPW74HDDqBRf58mVReExq+PYEddZYBbhI2pxe8n+Eqt3S78IYVRwViXcFZVq7I+rxCrw1Mx7TPPVh9dlAZtJh3b8Ba0pe19vE9GgyLtBFCj2dpnmuZanimkMBnBB58Hg8jOFqrfCGlF1gboZJSLhaT4GnODpZ9NBVxXDNVxRbFUETnyQSGFELPQIw5mxy4JSVTANeN7KbChs5yqdxhYM11CLFew4UWqrMp0dbDintY8VLxsOIeVpyGk4cVxxHsYcXLxcOKe1hxDyuuFQ8rTsXDintY8SbsaWklkLnmbbC7DVKixhxQLfy3eZakaBcJdrZL7esAjv3gwcbvE737keOgPxyI+7pjkC21eTpM1MGysndbZoVQu+hfvK5Skz6UfqvNV4G9fs4+kDIeloFe7462Lqrx+OgeH93jo3t8dK14fHSPj/4Y8dEhrpM0nXZQ6eyPizRT+OfKPEWw1lL9uQVMdXgPtveukdUfB3y6W+Aml80zkcelqXZaEBwbQUzj5Ohn0+ir+IcC4IOZxtQjWwQWqz0BVEQcW9qi2sPwUlG9/WFtYAl/NF8l08moor/9L1nfbdT+v+X389r5v9ZTOzdiPFVfIOrfCjII/egFX+J4Hki0UqUjsMrenBq7FsNbrpOcYnlNicFv0wKPozhGdKNKtpjhYgyuadOH8OAWS88/C/Yq/Y1mOr6u4DlB1serMU2LZ8G7Gfn2aSro9RnadI1/ZTnWJ4x8M8DCmllecIYoshDkTAM5xrmElnugRLqCUEZxFLhIAVcLWmGeKiJc2uhedwuEcCT5t6jVdhrNorHyVzhjr9kLzHKiVZ5tBAV9FxPS7ElRYwtoqD7QmgVHhKxbBfdvpPQsDZ6lQStnHcGcPUtDuXiWhmp9nqXBXptnafAsDabiWRo8S0OteJYG87OepaF+zbM0PFyofc/S4FkaSsWzNNg/2LM0eJaGWmWepcFZPEuDu/GepcGzNHiWBs/S4FkaPEuDXjxLQ6l4loZa8SwNDwxfEopnafAsDU01e5YGz9Jg+VjP0uBZGsrFszR4lgbP0uBZGurFszTI4lkaPEuDZ2nwLA168SwNt8TSADmAPEd9nUQN5WplXuJleh3AmU0qHDo3Q1RAwFKhpSbK1DMZuvzGikkjCtv2IQTtouBJNOLMjPOqjHQOuGbBnsrzZ0Nmm5oCsSs38iZUOC4gnyN24UqWM+12tkXm30qHKE+l8cipNOBLPgC0CpsUBRuLa+5HQ9Urdud1lBQcMgg85sEVvsG1kFGazQjbAPhzrXuZVy07mtewZE97XhPPa1JOivO8Jp7XxPOamG+BVH6QV/4rxLCtYzks1yhNPrkW2qrzMQAmxYx94YhDUMSwVUR6Li1BTKlnjMn2omg9qAeqxv1xHzpKJ1zgW18wn0RqSSajGAQ089SHPJ5GrEOHfOw7Xl1ppkxffiOTA+Ib8dIeDQ6cEGyRiEZT1Rwx40BeTAonJXm6DLj8fezbCNzmOB39FkeT4vKmh+hKo8VE/1HrhV4QF0OnXMUE5+ZNDsjLw761kNweiVoHbcUezgElN+BJ3kGeXhTXrIrBZZSN4A+xXwlY1X916RkoR7TO07ghgEMFmo6Z5WzNYAsF5KHw0HZIAledg8vDaERrpkZckVbk7RQKqZRnNsx/NDpCr0BjFjikCTbruSb6ZpX1aEabZmViaXOIfXxWKOxhOQB6QEPCe+YNprRn2kiA8PmL5CvPamW9g5JrM7ODcbkFOBqyGEB+BSQJYkJysokezWwlBa2nn+S1edO6GSQHiZsg0v5gvxMJV2wAZDda0zb3S5NejZLdYDP4F9Hgxi3iMp7MaemawnSNOb8GAb/rSPh5cL44P0cE8sW8AgEMML7XYOuWSRcDcQdfprbsDWnMQjTBL5WGtsrjwlMCx/B3KSOBXMpKE0assRF54PQx4hJk24BX+a4zB1WB8atbhFaUKte8IuCL4YDl83QSIUeE+uingskmgyQapnyyr03T0RZNQYWGDHUms0qfq2omDVnDVI4qPBCgAcWIJIGgEz02FOQc0LK+Fm5iCFUIiOQXwL+v7I7ifbiCyX8RrjWbZN9lI/SC3Ojrf2nXjfLqmtHUnGn0Vfjpv9t50XRzG6c+lTlYlTI2Jv7r6cco/GM7/OnT048h/+uZ+Gnr56f/2Xde33o2YDc9/bgX/gf/7WMo//7c//Rs62ft2tafm7xmbQ3T7mxeKGF5LLv2zzaWRNYRR7jEBAbYkHJN7gTmeq4v2CUhs8j+NW2/xZZHPLXQznkav2rxNH72+j2Nn6fx8zR+nsbP0/h1+GBP43dLgvUUfiYZewo/T+H3zVD41Td2420PhumvNLieHAAKGwBAjKom0ZG8IqBBxym5IA1tRUveNL2SVFjBLP5aaCHT/eAYFFeY4rEe7HS5OMdRqR0J82ScDzTvyeB8kp4PIOad4nhA00pzNgsHz7eff7/9086LkBv0OChBmMzCfbbMh3JU9qemSFhk7ksJvAfz059YxOxpET0toqdF9LSInhbxVmkRDfctsz09gs2ovvV02nm6c0IaN6Cy4akdUeQStJC+W/W+85yYnhPTc2Lqz3pOzHVxYgYiUqWhO0Q8yzhLF/OcR5FIrbcEh0obPy5rI8wBNCrz2kR7kgs7ilQfP+z8gq+zOtXctvMW/pTaF9aeqfPM1B0tdrOyYzWpmhplrQ4rtworkIYS3YZDIQpmY4V7qkJxTVcoLr9NTY5W45Pm1NGA3JULTanaUXlwSOOhC+ngFZjWdJcGZB+iAi5UVVx2e/Kf7+dn6QGrEAKlkAjr/Vz+eYCOiJOY7Jzsh15AKS7w1zEYplYmMVAOJxmeIwz7MHrAfhjh4tQUj1iSjiQwBLP3CdczVmEhaO+Dqn1hQ1ROvWZFYXBLXiooy3mqOrqqVnFJQWnrloLSKrSkwT0FpUvfSa8U2J1uy2MF5YwyF9CtAu4L8Kzwb3U9qEcXPf/Lix9XFV8bRVqVTtwWJo27tDgqgllN+9bTevhYvcaMkCI4jyCAZDFvEu1LtPWDi2ZI2afGFyVy+WUa4s5zMhdhs2o29Y9fP/UNn8Nq+KlXaWuCJ3ikbhM0uLbCmaxoKeQ2BMOSF8tvaTOvzAcNVTir326w3Thy7LsmFbefFEqX4ZIJJx3fMjBvY8wUTbQBynwksAup6Vd0crK6R81xlo4WQ577I52s1W0XZizFUSirpXAGAcsdJYZppy5cJ93cIPCg8N5iMlnFudTVbwvlTNSj7QiR5g5rXmlq/l9u+XX6gKFoS9TO9vOGwdgm+lFFPvLAxE9a9OLn3u6nZ9o/P2397ApZbLUout2kUJZ2lToF3uBGhWLmGlUlDDbhdXWS0tIt2Bb3Pbwtq4rS5dmFUhLkbblwOwTlPsAo21YpUE1cOa0cs3QrV3Os1zObW4wuO7DQHf5dKI1RvY0Rvd1Ze9yRvI7mdgvcbbDmQanYs7T768f1uonPJtK2R3XNzCcP5JY6q8kut3xEX/DTbAfpVR+pC3AxD4s0BBVtrQYPrdpWFg9xUr8raVpnmPFC7UfSgHexgfRDkWZw+NJ+WZxLJ4DoKcwdVd2GFr1TbtBDtDapctdim0EPE70obgXUrVqnUQXVW6nWys18dw/+/o+NMAw3NCS74GpnA+GrglNyJu8NkcBzQ6cR0ulPuNOkzxYDgqkRAe27esbrBod4CoaAS0PErNmGDmtEV/Ib9sS01qjsPBr2o0VxCawkePIQoDiyuSfpJF5rIydsjrPfsTvYC8MMXmBtcbaYQG+H4H76Fc2o8GamZ4CKURoOIfeZbmDywTn/jdwI9eeHKQbQ6d9crxC9XJUKx3FB15Kc/rgGr53+LvhzMR+JP+fyOmVYUyeMx1k8xrefLGgEc4GBvE+lPRufM/C71QQvKoxhleDjYDfYLFBh69jl+6ola+152caRaCF1PvVx8PHTMuNzqcY6pbXi7NO/qd24VUBdrYZarc5oNIJU2Wqb6y/id8hf4yIfXEA8R/IH8QWZb5Fql6FtanTzId+hdVoCjfkyj17AbFTzHeX8mRYiePLsiXGB0OanUfS173T1xzzBFHkkG7QuLoS6Kn7k2Ek8UnOZQbAAu2rBY5Otby3SL/EsiwGvouVKaZp+9XrZ5gx7OQGIdqq/9bDF6Os4N/ykRqi8Uv6HZZSXHuRq1yWm/w8v4+GX2mOmW1yTY6nR0ywP3owR0z3Smynf80w/W9qv3+EWgP77HNjraj9YXkHX6pWX/2F52PhgXNT+bXvctmbdwlRv31mAloWbwnLT27RvUKgaOxWuc/h1VKxU9a1qItD32++XZB5NW+wG7LbRCGhh2UKSTJfsmoyp8cm0zeYjdwXqudz44+orynJK/i8JQl/duq5/zt9jV/nTiQBCF5J2fMQGhwWmg0rzSYNvVKibGQ9kt36i0jTW25C5roYKWS8pUl23bqXJ37Jwq2fotcrtOj6/TNMvIQ/2trdKsFBCeDKfnvDnbvD999/h24soY/P1GH/Ta8VPLUdytWxoVRDRfJ6rAXUg9/PVBSJDhkPUune1COJKf3GhWK87JCcj79A3U5ZIm8OuvfHtml+mva4SOVdJaDu9vl0DylSmCudd/ML2mGysNSEMwtJqVrowSqLxLM2Z6p+HfDv765//DkGznw+O9n59++707Gj/9PPewcHJ4enp7l93f2QD9R+lKpIZ25jZAUqvS9Rx9Pb0cP/9yaFe2e5fL8DNU65kkbPnZVhxiEezkKs/IRsRbCESdb4/ZdUdHp8c7u+dHR6wV7w82fv8Zm//t6O3h5/f7r05evur8RUXTFGAZiJayl+5sfOY6Zqs4sN/O5ZVHL9793r3r3Cc/0dPLGJ8Kz6NC37z/uv3p2eHJ5+ZVN69P9k//Hx6eFZ56Cydp5N0fAPt5nefvTt+9/rdr/8u2tc7oe3/9OAVr/fk/duzozesuoNX8iZl4T2G2OBkfFnso4ZdaThrwmcmlpevj3797ezz/m+H+69ORZt4Hb9HSfEyzXRM031uJqbf9gr4DdX7Su2/7x2dvXx38uHd6/dvDg8Oz9jPn/ffvT09OmAfRr/uncGvbw7fnon3agN7ykbwSB+VA31IQ4lnV/p1WieO3x1Apx6eHu/tH8qrATmRX2ZpxeuIbmEDE4qi4FAc2XKhsb50/e8zvur90cF637RIVAhoMkVLOAE5Zjf9LJoNIWYLfJT8bz3IXluTd692+j/1vy/XdLyYTI5TtgLf7AZHF29TGJMQOiPvmiRM4WfLyHGWnpdcrBBd+2tcweWdY8MHdG78o3wJ98DqFZJadejI7VQIVy6LtJP+JLZXvZLa9ipry9IiHaaT3eBs/9hZ6Xat0vqXtKztR1MTp0DxPswba5NYUJ2kjs61NkLHBT4pbgDijR059MqQ8vc4S66SSTyOD8GnQuFaAa5e2p1sM6fs31r44yhLKyTTYbD3+nXpq/kLRvV62RFqL+dq6Ysffig5oPDa+xy22/IlnowGLeWZjGJQv2RfxJTbL2fp63Scv5sdQpqWfI4Ald+APloab4gBTbNwUEznA7bbh+XxNUDdcDYOh3FW5LWehl/1hrOueTeb3GguLEc34Ge+TWcnaVqUnsBnAIqPjYuLZFIaGeRG4zsQB1aXL9IV77cmrbsixF8zto4ex1mSjji2DUTZiPuYek+xaZqSEl9cMGUEYMMFbKJs25eYfTdkdODBoF+Ox59GsFStXE1J09rQO1dro6FryAihyzFXHHjGwwB2eE0Lhx+FOMsnPAgQRpiI9R5R9OHXrGWPZjkSkXAji+Gz+tpj/fxq2PpGaetA1vcNSOzJF6Bj8a2NxHCEP25oE4Q+YnKRJ+MZqIjihnbyD4SVmV6SZuNoxk+uXKghAChD0lkoZDhJ2Ni6GU7i9r3Hm73ejqt/c0PvwSOn+IjRnRyNpqwm9idXCsymhjeLAqMZfydx7usZxKUPjGaztNAlWZVOMgPBh8MohBjyUpMHprG5shWDt1yOhFL28wb/lTxsQhQn6HbgIuLD/mqH/w8yceBvyk4iSVDz+BgT64HTJCBuMHQcXeTbMjY/lqMQvzxM0pC3Q1zYkPAGautKYD7hKVj8dvg/i4RplLFmP+HMAXIemmyP5IHkDillsLSYrXXePXmfEpuGziWv7p+w48Ih/8f74wPxj0qURsknA+eUQ1zvc1jwZ/Hj7kB0QK2rF7Gyx9GVyhf3rXSoSlpdrS8FY8TD7kbNHfeNdaBybq6rK1WNj6NTy37hb6x7Ne/0uvpXq/JxdHDFQ/+N9XAer23mAuLSo+hRHt3wyHqSO75NPRpN5pesSyu+7ZX7tVJfX7jeHRFwjr52OO4tfU6ftWqnG8IAHlnPN81hCP9Z1ySGuh7HLBYRUo+sM2nyNB51tJDQlbu2XuWSU9j+1B0cgvQgWXO3L2W0+QBIao/UbHMl2/5IDTf8A27RdCNExHr+QVpvwuDg8PXhN2TKad2lqxlz6v36AO05rTr38Rl3mrt4VfOO1rvewnPfvbgGG0+9P72Z52H1sQiYX2cXizofSQ/rOQPfXAevw5JX72JvzHtg3bzKcbHevd6id8vdeXc2Pa1zbWY9b897MNN4JYtefR57o96t9+gdmvXqR99v3rL3rfW9ysq7hSHAK3/kI4F/xaMcEJAPax8OMg12Hd0vK+tbk3AdnW175s5sYLL5j/PU1bKjMd95rb2NNT7yLpdZ4PVu//9PTEArvSMMAA== + components: H4sICKZe0WcAA2NvcmUtY29tcG9uZW50cy55YW1sAOz9e3fbyJUoiv/fnwJLmTmWekhKsrs7ac/JyU+x3Rmf2G4v2925Z2xPGyIhCWMSYADSspJfr3W/xv1695Pc/aoHXoUCST2cVK2ZtEwA9di1a9d+73iZ/pwUZZpnD6NPx199TLPZw+hFvEjKZTxNvlokq3gWr+KHX0XRPD5N5iX+FUXT+bpcJcXk8/jj78pJmh8ui/xTOkuKh+rROF6m/GqerYp8Pl7O4yx5qP45hzcWcRafJwW8lcGA8Ag+GZdX8PXiq/F4/FVszQ3+Tj6vkgz/VU5kUD3hRzBkvniVlPm6mCaPk7M0S1fwZmX+cZblqxh/VotIipWaBHaXZv+dTFfjaTw+K/JFZT6H/HdSfEqz8zF+aK8NF3OeZJOP69PkdJ3OZ9zfJw3Yo8nxd5PjTWEo0OHfpvO4LJNyUv/6q3KZTLFjmJMamIYpV0W8Ss6vHkZ/SU4v8vwj/XrJf/MrOJc0yVaP8uwsPVe/wae43mlifqjslHQxlrdqLxH+VPfUvLCMVxcPo0Oe6krNQU/8VfIpTS5l70s1/BgR1Px5CluL/z4v8vXyYQOaAjcFawRBXqTq3+MGmgoi8a+PEMj08zwtV39uPHoGv9Lj5XxdxPP65jDcL/Ji9cJMAYac8gNAofU8LqpfwaNymi8T6/TN4LdPFhDGUTybEV7H85dFmuFs8vl6kekRZkk5LdLlirDuTbpIohnMD/+Jo06TaFok/M/8rLnWKPrvMs9e0t5M1MmZqE+wu3IVL5Zf2Zhwcq42fnWFk4dP+IdZsiwSBDuAblWs+Uf+5tNxPF9exN8wNKYXySJWewwAyE5ePv35wevKz1F1Zf//sYVL9jKitIziCHANiM0qiS4v0ukF7H0WnSbRukxm0SpnECQRn3v8ZZnP83PAjMlXVq+Prem/uYBucXnRZTqfY19Fssg/wccpADJLEJiriyTKgELBo3kS4wHVncGxXgKWa9zjZhE361fXQrEhbPgreBGoXFLSyIIlMCMGJ88IZl3gMko42nrXARj5KdK5Sa3r13CMoRvE2/V8JqcR1zPNz7P0b7rvEoGIgyKIy1VEeAgYGX2K5+tkBAPMaj0v4ivoBseM1pnVH31Q1ufxPC8S6PQsfxhdrFbL8uHh4Xm6UiR/mi8WayDuV4dEe9PT9SovysNZ8imZH5bp+TguphfpCsZaF8khEh9aSEZkf7KY/aaQS6KsDMvIC6QSzqb1gIjCgO1BSsE4yF3xEs0u4E8IuldPXr+J1Ex4p3hTzKsNuKj9QWgCeJKCv8OrivpMstkyh82gfzA9j8r16SJdIRr8FSC9wq2rd/uIrkU6IEs8vLP6C08zeGeRzB8BVt/wXuGulGPcBK/dsi/7+ssMXuuBui47ttamKq/hVXl6KgcO/pUWeCRWSEvk/NvfVCHVTgKwCQfxkpij2rM+bKt/z5hXJIAbCRJ7OKdxNM+ncDYBVuspoka8ii7y+UytYhWn87Kl27O8iIgdQbKisPYRjxXxYPiKteo6argWTZsVw95nydPsrIh5doAEbS/6QAHbc+7wjSL+Nn1UmIHECfHVGpLQt1gQfezoGVcqcI6Ii1WTr14ZdqMr4yxN5kQOyvVyCcwAXhhnNIU8m1/h33RUKz0rHlBfYh0D6F2eRfEp3EU4jEAgOo3xqsNxZGCYQbIi4gPkZZ5O4wZx4ebeMRm265HvPkk3Cln/uqaDVMPaKTH0mkQ6usrP8MNZdHoFnynotS/Pb4nYui5n54rhblYXsaIIsqrGXVttHeSs3gidiDvzn5NzF7A9PeNJ0m1FoAdBa5pUOAU4InDC45n8iAQazg0/G/Et1Dt5bIazALKTwVBwO6az6H+//vHF4Z9yOS7xFO7mkgnrAoYaARIDEwdsh9Dc1/hkAuxbegZX2kR6A7i/vf/eDeco+gFOcvIZeNg5MCpy/vTFqxAwLQUHVc/A9sEiccLLfCYLvqSlrOKP0IEsBS76efqxg4aZtoc3jzXtvyNT/OtetH95AROI9vCfezwdzWrhbwqnzLSImgPgz8/xBPQMSywCXq4HEQAB1p7lVlc0AO4jzC2FjZg1pgnQhTlWYdIzJNzbyefoPnLJBDOA3sGESWN5Bf18xhGnFzmwO0wRYbUXMdCyMofZXCbz+ZiJ+Cy6BKYnP+sZT20hojLsVQzcq4vhrcHH7xA2OcJ6G3b+iGMcRC1ujeuqN0+Ikcy3Q4i9sM7CFhBDXU2RJSDCINBm+bREeE2T5ao8hPu0QA3E4WVefESFDyL7mLGoPCS1wuFv6D+7AhBrS3YMJer09kGFsygPdwEpxQ4Mv5t74fWaCd+0PgbSJFYjiDxt3RKLeMbXSJxd3fKZxf1YFzizq7FSuAIDiH+XKVze8PsuNmCd7pT4/fT08e2j5+FvYFU7OMgdcma1fR6b2Y4X8XLMX8XA7KbT1q8Uh9wO9zECrvVJz3TaZWXV/LZRS1VpXcpagpTB2jb6XaQlLSdbMmvXfp8AR7YG/F6IesQea5EUqLnDrRSOCDC/XObZDG9+/abWjIiK7+pOSGt1OW1TSaxhzWh9ydIX+8g9Xojuf8atOZK4l0XrTAves+hjciV8M5wEGDUv1K7GtnIMmFzUeZ26pECQb1ECRBMR6SJXeT4n7pl6pV0sElgWENQoLk7TVREXVxpVkCmFucTwJkzYMcxf10lxFZ/OuUeRZ04RDxK0guD0L4CZXeSz9OwKkVEojYuq1ShaO0Fbl2hiAkIF1N8AdRtaZFui2toto85zwAggF6JGBUwpCeSsMmakqOn18+I8Rr0yvafsPX9zIc0+GVx4K5M5gOpA7xeMD+gRr+De50dwHeN8RH9CynRj/HPdHtw7Wch2iga8f5tjQM8LnYoevy3ckYJngHLHg2J6KHW2V+h4nAMPRY7/QbkpBc7tKm9uW3FzC0qbG1bY3KSyZmNFjcfhcito/M/VUMXMHVDKeEDHrYzxh85QJczNK2A8gdGjeBkGkcEKlxtXtnhAxVvJ4g+b61Su3GHFigewnQoVfwAPVKTcuBKlFxK97OowxUm30qRdYeIYPu0xUPdvUt3e3GKkV6ztuFQnRfswGZN9S9eWEb9psq+Nq7sWr7OW7pRJfw28QDEnAdbFdL9pfzWio4z6mDJFUVn1miL3tlC+SC39CQabpefIE9SWMd3M3SDIM0GeqbQgzwR5Jsgz3e8HeSbIM0GeaW9BngnyzJcqz+CaAVs3EWTk05orNP8Ktzn8rHn9Ti4dGLwVc9JTNJ1MVVgCfk7TLl1RGx0iUGUKikPZyi35cbKc51fI8nWw354W8kZvvHaMKsKJynMMlpEXIgkhajVxdQIBW0xGUOjUhkb7qQECsegUK3xP6fP62jgCh+ygJbLIcUWSY2aqfZa1PescUou3AI51qdzSP9h+9x+66ISP4y/B3sU2D3Fvoc7giyxfJQQMDCCqLjySWA9mUvX6R85+6Wohdvn5T6/fEHpk6V/XiREOKhFRbA3NOGpJeSE4B5DJSC9WyFSsg6Yae++izn7eM4Iqu4K+Rj0+b3YQhIgQzKxXqZD6igmZFSznHKsBDWVGrgb+DDig3Px81aPoNM9XGOW57HM9HuadZXWsYMYU3/ysoVzRhgjF6u1eXxZWUKLA5rkOsHB34QsibM7YBdOGAkm63lU8g2kDIxtMGwIUbL7RDqbtJu7BNE/3Q9M8YyE6Zuy5q9huMj7CtNuPlDDttlVV1XZL0ROm3UIchWk3HVFh2laxFRb0hh70/ngL0zY945vEYJh2BxRl1TYYxv0RGqZtCuNNojZMu534DdM2AqlHTIdp28B1ozgP024l4sO0wbAdFAVi2qYQvu7IENPusOqv2gZvWW/ciGmbbtMGsSSm3UpUiWkD4ekVaWLa8JgT09zRJ6Z1x6FsMO0+l4tqG4owdX8CW7KtPQvire46iLdBvA3ibRBvg3jrhF4Qb4N4ezfYzyDeSgvirbMF8bbRgngbxNtq26l46069YNpQVNk0HcMgYz6368nO4B5ziNjnlRzBen1grLtpA1F7k9N/c0kUTLuhdAqmXUdiBdOuI8WCaYPoVV/aBdPuNFLeRHoG024kUYNpvikbLHDsNnmDaQNwy/NVnytvbFx8nG9V1aWOVz3m1jevcTS1EpU3n/Zk4PHMhxEXRdxkEzs/bn3Q+JEp2MPoLJ6XPD8ko/F5UvlpfapTUz+M/v7rV19YvneV2l2l5d8ss/t2ydytvbHTuqvfQiL2kIg9JGIPidhDIna7iTj4H0k8X108ukimH9uv4EERD1Zvmj7GStK0H/LkAV52UsCWjTNtQLI+u8+7nll9EX/+KbsgyFw5srJlVz86zLxjOWR4FZw7AinGfjKCv2Rwkl1FZ+sCgF4AJBbJLOV7Dukpbkg8n+eXskkgieZwXe09t1a8Z7QSzMaTYdgx4J7i9veUnBlJV90ce0VTBCAa58WYIWCVqGk29NN/vYqL1XqJPFG+Xu0ixK3ZKwOJxexkJaqaz+liDdcKsnZ4VJonyMV1k+muJKTXhw9ufgEUbUZNPfMCo1LSMrsHsynLfJriReQa4qLI1+eoa/iAxHnyUg7Z08cf+Ix25tzEhgkkDMOarLThTx9vuLmWcWF0V+fE71HwlFuAEWJ4r6z7dEAHsyuEC3PWBFpic6N9oSCkaYg/AUFGhcSBexibEtNg0Gs8J65qV2PIxl33UswwWkenpQfds2s3Hydn8XpOvE10fBQt0my9cgvQT8+iq3wdXablBYWIpSWpgBgFYGhY5EifBebgks9IZtMVG3+PtgqttwjVm97woyHFLRrdtjIENp3suZOwyf3FDjONtCjGgcZ53upnaw60EECZL1nKHDHGnKXzeUJuDUnbnW30KY6xWDLDZWfJpWKqjdK34VnF1+oF/A/qb84q0BG2TkVLrnLHuLE1PWaz5ikGJAKBRUpoCcIow4VCIaFQSFu7C15BoVBIKBRiWigUEgqFhEIhoVBIKBQSCoV0fKUl+0dKJHTwrv4b0NKtiZowuUyE5VBvEM8xg+kXIAi65BrgZkhtFHNKDBJMWGmBWT7U2ORTYPcfU+zG4pRufeS5HEOgIQiVrz++glM4SSZyFFtmzb4sLPmo6Zg5dA7hTKgyDNqA7A14W8YIABPpaCyp/0pM48xZiuvHinVKzoEMD0fZWpQmZhJFf0EpUPGTtibjAt48TZJMJQk5B9mqq2ymDAJc+JrzaaAsloDMyhKgKL2Uscq9+2652Ms7gifSx3QDsj5LsnM0iR73vOrtZrHq0xoO7Q9fvPF1+DkOMJSdr/SjJqunXWpHHxLqsuhz0/j1Ks7Od6L7GaAHp+O1XgCRtzJBVdTfFSV3aeu4HTNAkZOlULotcWHY/95PlbXuAT0FkbREB6tpMiNGBa/AyFbKu07dk/NJtPf2wfhbEPbGLKotkljRfXvpqma6WjrBAdVMLkTajw9w/uhrhv+vCMcDS3utIbYPxM+l2tw/rfVF5odvW7rqVgbFK7StP4z+693bt0fj79//25j/8+79v2yugewr0bXrCsmtHYY6yaFO8kZLxBbUn0H9GdSfQf3ZbEH9qVtQfwb1Z1B/BvWn3YL6M9RJbgTmVdwVUSyx/C9aiyd3jNfi/fimxd+CTqZdiRiZ3CwHTjLlFN0yO8VyQJ8dA9ojhYLOG4qMoaCz3UJB50oLBZ1DQeftCjrDHQ6Afw3nBADZ4WFe2c3qB8o5eXoRZ+cqDoFfUdrRLiV7qU4Ru5PKtx101yWC9tPQ/izy/girXRRtBald0QAWRirP8wTkfLMwWwdRudH7pWu+f2XAGd3DpD0/A+CfxtOPOOqHv/89mqjiFjTWr7+O8bcCEBPux19/7SyBIEPY65ipA5l8nibJrIy+e4BbXMRT6L40M4BjCe8tFnwyv/2d9RI7GsNLjlHPE0q7j4c4o1HVpcBzLtdnZ+lnBNqcbFbRt64lvDHzZ/YAcTItFwqJeKfOckRYUnEU52tHJQ9uX0cfKlD98JDGqSiUxG20fx+xM14adHOiVhnPlzBRmEoB4hODfUSAIDNofgmnf+QHg20tC2hqfQxUUIV5dhon/U5LS3f60Fzkl9E8r575OanFAKuQbiyWKy4Pgq7I9BbZt1lnZ/jfjqEvcgymi8+oUIV5m3nb4iNgGp7QmUxuApuh4w0A0kc8DWQkrvRLpI47Q0f+ZN4prtZ83csETeSd18GLH988echMKbNHctOh1FWksxnQRpCd50JqWC2norneONNj9GAC7UwRpzvbZasvJc2sgHmBrVzk64z9QJjFl+2rb3m5TIgBj2aFrsGBPXdHexFUENgCOxj2aETGRqa4MhC5DwhcqW+hMhRYk13xtObpIhVWy71XL1oWCywgy94siHzA63y6mvNo0Xgsdu0PdxEJfsa4cTikKzgfO8KFli63RInLOCWKTr4i8OATjdDFEnEm1hmNj8KrN6ZItxpZpIctsOUWNjXUsw31bCst1LMN9WxDPdvu9++AMTDUsx0OjFDPtt5CPdtQzzbUs9Wtr1hE/ybV/RxbQrUVazsu1UkxikCdyaWlayu3SzOTS21c3XV3FVSV6WUNvEAxJ3uEi+l+0/5qREcZzWtlipYP1WuK3NtCpahq6S+v6g4JNI1A9A3r7gZ5JsgzlRbkmSDPBHmm+/0gzwR5Jsgz7S3IM0Ge+VLlmSX6qLQxlf27I59WHBbUb4z2FABnnA6ZKW73qbE83BTDTw4zsSO7JrcX+QoW91INrML/ZFgJTMyLGQc+4j8oRrPZVWdUdWeCUBrUSjhJq5e1G4/GdoywwGEjdgUAbcvtEwTEmOzy6/M9eFZXskgA5xz/I9vcfQh3tinVDp98jqeYiy3P6B56bE0QmMgnyntvAZDF8cqkk070hNBXQETLMGNttuHcNt52bn5hcpJmu/1cd66y1y3c6tZx5o1To3HorcjxfXnoyWtOeTcp57k+//Od4xu23jQL2CowRHGxThTwN4bRLkuO5Mvrqr6ZLyu7i1OqpMXzWgo33pUfUZz6EM9mH0bRB3SABB7uA7lxwb8WcPt+oItCu0379D2o5sTSs7LlJtDCvuun4WI7UBHeY+ppuv60+ktM/XzaSNxfWyNexOKujNImubsdYh+HQ0ZHLUSWX/K22+kD6KywV7I4r3JClA9wwJJsJpu5hL3Ff3HSE7/aIV+TOhCQmRHkofjKk7B+FO1Llwc0wDja5/EOmLHgyQ0dRiMg/KDw7yEqH2jQpBzY9yBEJGXMdWEia3oq1QHol01x8UlKaSV+5k7kjx/QFSktjd6TnGdmM/GQJ9B6UhkhK+WEsV6udBiTBlCox2436J4v7jQliuboLzNkLX9JWJkjbrQgCKGnf4ZCWvnpeEIk2lIighDHZBt3d+Q1zmkyjbFr42005hiCC0p2cxEXKFTNTKUGAlzLPLxG08UpJIU/3Byz9VQla81p4yhRz/46o4S2+DfpMA/8wPYqOasInBfr0wkIm5YcNQbxsjysL/fwdJ6fHs6OkqMH8fE39+GP6Wz27TffH3/7/YPk+2+Ok+R49t3pt7Pvj2en8XeHy4/nh9NidvgRyE72CymBJuf5b54dH303fnZ83JdKBltFclJxFON1Rl2Oac2lM9+2aZ8Uhl/rEaUjFI6p3YaW2O73u6+2Tasgrqx8yrioP+UVa5RdGCaeT9dioJMd9a+XeFK95I2e6FNcpBgtpPht4mQnpAg3j3BLT9fpfAXP9K/+gzMWWU7uCYtPCS5Cmd3EGvJ/Tp4/Qxwj2jhokYNrXKqVXPcWq3HUFut/W/sbl0N39GfVi/LP1KfGb0/xtDY29ZpgPaDml3/9ytxVyYtfQba15yXvqfXn3sKmhMkBQrH6RBPsPFMqXa2l0mS7ZzUNydi9of5E0TctTmN15kPMwU7RNWZZyEro5/24NwDr/KqQV2aKn7TPEZ/sdHakf3ila6MNm2f1Y0GfyowxZtfjVBKeoe11pSJLjaaof7nDLlR3LaLeNXtT20rNoiZo7CBnRRJ9Qr3rjW80toajIojDMK1QABPxHs/LvPHEc5j29Gb7M5JYKXaXtU6EujSYPk2eTDgj7Snw1UnsznrJreoaI4rqDTa0tZ/mhnnCqW1bqyNcDzQW9TrDpLK/TvxuH7EX07UnVqMyMn2fYCEWzxkwdNGOBYg2aczHky0cyo6Lqdn35WbgbzulvHKW4Oychj+X5qXftdtgLtZ81Meb1N/3rkcum/wSzsVNIbgeazBq6y+3RmrsKaBzpf0DoLP3y36SyNi6c3texFu655Uqb+chj/Sso38NY9vm5nhLSSmdr3jMp29fbST3sStb/2BX2Yv1Is7GWESMJGP7ucObjp31XEqxXixOMhxw9rQzRaovMdQd8YJ8tEFU846txEb8k366T/bT1Q0ogt4osVWbS2VeygFVL06pgsjC9AFVqR9GESmZL9MyUUkbOgfCoFcuteZa8ln0xAYvKrZLlRq/fZpA1FUE7ua4IS4DW6OGcj3Qdt/M/Naj0921a4PPfQcbMkW/J6WoKp8oO4R3WYHuLgziajhkvSRYO1HA4ZnzMVIj+Kk1vW4zSZ6SDF9u48uuVfJKnGutrFJ13O9U47lGSSrtzqQ8MDuTN7MwhLFUE9WHxiT0WsYpe5qTxbssTdY6YzBzc0Y/c6YnRS9Zl4Ju8fUU9FphXyGu3dnnuFVzxmmkeJRnZ+l5/xb2sAakbt8ITRtf7gpNVce1jHh9C3UiTC8sXP7cDa7by4TWm+egmycb0ygtD5zL6OarNFXbxPmyzhGUNeOCthDjCZoSVq7bAzLEOUqpedTWssqKFZAZczbwZieN8nOe7CAItk+lNp0YDyptk9GLau2lslDnsnpX03+JuhN1+tPBzmSd5PzTb/p52shjR2ZeTd4jTmUJLMRFeo6G4jn6huv8hp39xq2b4ij3+hhrBmHGrdnDWj7MmX7CdR7K6DyXaK5TVGujC47erwwIlG13iF5iKQ5aXfR/PdfAysgG+ZpcKfAGK5X7xjZMkVdKzDtydw5KjdmW7lAntuyRs7uTXjo/tBNimrSXW1+MfVkn78ju3ET2ydb8kwM4ZQ9twK5v5j5y1rsTfSoT3z3SfjEqvrBUQq/tD6De6hPdSEfBNl0dHan7Ifevy4t8rnIss9dmt8IjX46ZRksAaJUpFfcxTp6clEhU2ccJD1vvekeWWew0saIrUyqCZg/g3CKXFYa/99ohcYWzORj5yRNhfKg6vJGdvHz684PXzok1JtdzxGvddizCYl4+pXH0I38UfXrgFoxkj9+YvkjjVK5P0cVKgCNPhJlxdvhn7SIXPXr12EkcfLXlw+nscKtD2xjWka2CWogrxUPjpbfPZJe8eS/jKxUDXnoYXznN2qNYQoHFsw0pBPpRYnE1j8olpqOTtmVgDOB6tQb5CtNOYxqD9JOUUzRv+Y5gMVxrtK28FD/In9gN8gehEEB/GFvhgij7/VqVTytwb+uCpidCoOh08Wpf5iWldeib6Y7cNAFcPzpKXXEbjGbYaQWvVOo+dXZJ66Yl4Pgca5GuKGmgOotwMgmypaLTHvEl2P7Z9i+7uob9w0432D9StRbRAhnhsI+D9lH07rveSZVQU4Than5NT57ANEPGhYKrTJ/saH5TkOq1m7W9OsR+1gsIghzlDPUDnbdhOMnWvc7yQ3EA+1QIoIo9s/ux3PA3jAeeZvWdxSH4GtglX8wg8Ms3ojFQ/+KMTAPwY0dr1WzP8/hzurgGTKr135T21ANYu355B+xhmoH8jqGmhZTc9TtwPr5tZk1pdr0w4/5bYCYPvhyYcSHZXUOKe5WjZAQ79TtTz0kkV7/8zAJJep7lTr2Caj9QIICigqawkOpsycrRMgFI7AtdlNQgldiyMfyLDmmhM35dJvcwfRol/0C7M+xjdu6qa8zNGRPWNShHhQFTtYK/MebLPDGczKEsanLerZVWrRebBPq7uueGR4J7IBB1ap0v0eNwqqhBbKcDEIF9bWuL+PPT69hS1a+25sSfVX0Na1s3Yl222V8hgEhjv/vG60wINe4D4jNa2zVAkTvuAKPSq+8QjH704trgeH0qtErnFjzpCjclExLMHmVrzzh7qP4u863Xi21H6rNrg/Z18E0Lw0naEOZT3+BtBqAuOsbV+Vik0vG8TEYNkwULSgBqrqmIwbmUkzEb4eDJX9dU2059J1K1dLvxXJDc9k4FTxg5uJk5bTiL3bOS14RpaXY9l4z0q3ENTuc/7iWTZtd0yaiOO8D4j3bJpNk1XjJ25xY8/3kvmesRzhdG9LYhvONLxgzid8mcY51Fn2uGO954NsOuGXtWG87jS7loQIDaNaaR+32fQQVfahhVKlaUIHjWWp4lu7d/Uacb2L+SashBsH/576PUoN31Tkq3isAXcPQ/q1yqdYaEN3Xhly/ophVm/jGXg0HU5glSUZ3dMAehOvLz7WjzBQmnq9Z888wMxZ0Wtz8+XC34Izk3+jwAVdsRMnkaGwdE7vqaE+m9HcNbrZ1CRvDvwabbn23DL+zIQ13Wg1Y00oWNhU8aKd4XWDIxDe2Mpq2z9K/r5FpEeqvrqsGNbQQsGUkWTgkA5E9uSrj3N7ZVSADsyjgvxgzcXQOte6QmL6QLpqb9AfgJZ9SrilSxNug9FWcKLZGgJX2xXPWHw2uIq7Sq6A+Mv8VYeiSdSwEbdGbCoOekWKTADvRnC4LNNOXHLWbO/Ch8BeBtb2fHB35OWtTGA6SU2ieeaQfuH/j5/Enf/lPfaPKDp09fTCaT6G9JkStns+s5a13X7XWeuo4xGcNLFeCprlepqyTsq2dKCFNJABmRmjO87sx4TOP5Ojuj5BsyrGZs5lf93BCwa8mS6KN411v8JufQbLryxkXVld7DjV61DffacGjD9rerE3nrlMLt0N2gX+Y8s9nEYk0xhwXSq0yH3j15BuBEFOkN/sY2j7PzdXzee6V5skiVdf+sp/pqrX3nTiW4UD3yOMy4TvcyvZcxNC+NR1W1zuV7J/jRg2CSWDzb2Yq5N5Y6lvxktS6oDhYGhopmTSHCGdYe9E1Z83SluRmspDeHLkD6UPnyL6J9zCPOYhPzPirk7SCiyCcdEz7Pp1aKeqAAnXhuwp8rx1Ty4p5RoCi7xsEh0KTLd0HJBPgDAosFEhhg+rHkTCA6HxLcx1StJ4k+nOX5B66bKFrxDzDp1fN4+WFkQE97MlUJRCilcx59mMibE+zDF+hn9T2TCa4uczr6JW8K5ctmJtPMtuybkvBOwoBgdw8ZKjzXZ/CD90SB2ueJZAJhzyf2hAIOPykAhpSwfQCuSSea19KFDWDe3XtvXKQmmBWb33orhR4u9MwAnUyQzft9R90hHY9PD6er+SEm+UGEPzwgV8yFKl/knfDQBgjxkHRa0grs/OoqYEOnM146xe5J0DUX2hPxJJ4DEOMinmI+zhEF5354e08eYamwe+8/WGDVBAQ7HHSYyFO3clYmD775lw8YbZfEhbAUhBUfNH75HRt89e096RCm6zWrgbzfAu4EuAquNSUbD1Gn1+rnWVou5/GVotYNSk0hZuplO2G4OHvSdan23nNKVCHotEjij7X+tdFAVdm03/QnX5TSflRZJsx8DxeEhVhhxg+jv+PEf90bhGt75jL66dUzvndwkItc6VmVaDnBn/auEWOeaH7iBnDHDAb9TOfAzSJfVGNrSI6uJIJqufkxAaraEvqAMKrKLuBPiFSDOIXXKaZrac4XOlMZuuP6DEZoEWxJZe6n6VYN8O00B0RQy0JGoTkPlADk/HHZVVziiFNnNN9W4bccuXk2jAXFJmcX5tbsHP67nq+EMhbrDHPwR0lR5MWob8tQ6SCFJDwnEmuv8OZEmOJfYt4dOrEd863glFKlaLWetnrQaSQNFteAHNlKGc/Zcty9usgs4iM71QMe2jbKGGxX3BgEgo0PJlUR4erDCCaMXVFFFqwEcGI1Atz790gX8ZmlZ3YFYTIr4ZEk0uQ7oyd+wSaq7X3WnP2c5oxGePTi3N/7N96y/TKZn03gp4N/2zu4FlIKO1v6008OZ4vIhkKpo55mhArXSH55gqrud0ncP+U2NUFeLdgoXzXIq1BkSthUMLHl8uTA6zDB0GpQW2r3RQC8x02wgIlE4OmIbn6vAb69kf0jcJan6WyWZNWfXwnTUf318Xo5x2pTifctjikRVNpAFTooFX9aZubb6wkctrM1JfeOZzNryZpdmKLKiIvvTOcp8WAEf9xGLmSn1c+UfUgiQlQ/JjHkinxWiKY05us3XZ+APG7jDXHd/k7v5+Av1ZYP/lBjxbWQjLUviauc+D1iaGocuMU79WdaM00nuZRrkbAKeLHJu6zoqMl0nufn8+RwmszHyJy+y9705K4zjdh7tP471ClJpzbFl7lu17lMaKLRB7wIPuhbzLPPdt0brOQ0X2d6Ibwszy65xMu77Kkl+VRAY0zDPbXm7WaUfMx+8SWOtvSKZvmsN+GgaZZ9mhkMTv6D0HuXYZYRAumEnvkqW+JspnR8hMRTXbqGtEMAAOoY2JB90/nBBwKXN/fVD9RW/bpn/6wtJBXaQdXhjx3yl+8ySgaiN8AXLxRE30Iff06u3n8YkZpOGEnMq1+D1ZCOuU/KlU7ngKtSzLWv7CDMaFkkjYLHBHiLImfvkLN1Nh1ygMs1WmBKwSuY3f5kMpHNb9lWX3zItVGbjwZgMRUpqFRojbbcs/S9giny7VcWGN5lGg47QGP4OwbReaTomSJF/sBggoWdaFIkXHf58F025kEHQ5j9rM/kkJUPo7+/o+vq3d7D6N0ebSjcIcs8Q8i/vfeXdHaerO69nyyLNC9SD6M2t/8ZHR+92/u1Nk+egQpfFTurd4r65kzZD4QwkP4cyRn/X7/37PIo+h//Q77BGR8ddM15kFzJZT1b5kvVWMu/AGHbv4dX6D0e710mHlue/VPKQ2VqJQMj15BGWV8KDSHC+1hmfa9XVh1bZAQGBSryLjO3bcnWVu8LezpfzwSVdUw03Th2VjytSMGVenYNp1quEOW6SleJDzjgjPlKaz/yENalreszqR+vZAL+QGaHs3d7SiRAfvXd3iQ6af7o36ll79b28hgBj5z0ibJ4DeBhslzcVICO7hDJRB2PTjQyN+XjZCArMdI7AaseRDEcOMoAqt+ejUynZ6sN6tuxTO1dRuU1NSZxGRHtyFMsog9v4/HfTsb/+ctkfPhe/j4af0///Nqbz6vcpoD+Jw1+VI3tyidYbSALxUg5oeO8mElq16oDkjgIXHiKipFM0rhTGLpDFOTeL7/ck3F90Q3mBF+RoRUoPXQGXVBXE92TvDPLV/zMs+d740YPcXmhuj+0H/r2+Msv5dz08bK6M6yLF+f9hUflQdWYE3z15PWTVz8/eYx5SS9hw2R6MvW/y6+/wthDlEPyGWuCAJ9XEZwFOtt7I/iLQongT88e3+1l6/mcP00z/m9c8n9JZ8t/Ag9erob0ikx7mqlJJTwnnF5eyB/CEw7pND2Dt9WS0wVqxrizeaL+yPPlkB6X8fRjfC5zo01HpTf/kzV+cEtU+EPfriNhdoQIwNGMqwd/Vh1xc2btl190N7/8Ev2viPlDIMFDdBPOaX4e40/bzPGzOqrY0bXMsUhmcE5hmG2mqTqpEK+Znu8A6eUD9vwBiMbHhExn6ob5kM9nryuKGLh6/S9cQPp5Ok2RHsXvsg+rIs7KVOuYUVJ8l/3xSillfc9B18RKY/xQ7rMsddE4b/Tgvnp4uptO9fT4kuQSrWxCgXX89PLxyZsn3pp9UruXKof+u6z8mC6XbO1DjYfietk3wZsNI3XzGYqVk2swmfhGXSAXhTDrfW1A6S//qmIVBhRFyzFIuGPM9dpfldhj1s3ueWowSI97Zl9FANWGO9z61Qhgg6idE5p4/IrTrUfs7Rb1BPp6H+Lw6JmLX7++QTZibgNNBJuY+m4oV79qG+fsV2147n7VBhX768/lr9qd3t2byfWv2qY5/1UbTJN7X/V4re9mGdezqXe81zPURsV7xvqz1oedqocNi/5IGdNNSv7Ip5b3Ol4G/CscVXQh4EyewFZw7ZY2hHjKKQuB85gj+oiZDz/ndKjVykG6oiFZptvAUJ+CMJSdM3BfAs2Sxe0443dQm73x2pVGWp5jhRp5gWu0dpzbTiBgiyNJzW9Do/1EOiMYfElQe7HoiPRxJTvE2dUpWRHYPsvannUOSZ4qqIJJZpwukjl0u1DQh20qNUz76hcPIc/UGXwBdxj51qj4U2vh2mVPdEyyfrd4Qs4c5Bj9/KfXb0wkpmG2bHgIic+40pEqjewcoFG4SvCObDlZfA7Ab+z91jUDxbvocb6IU/9icz1bUOlUMa/Kj2nGv7JtlpZj6pJMxQ8m7Qnefa4zIABwPrIZFTv8wR64JLaKWCgU5+yd9grKtmLvRWbj7cTigQV5vyDJVAXLWA0gmzd5o6qOqeMCnbQf3K13UID4H0k8X108QkO09zY2P7WKrz1vPHTvucolPXyZvuLBIv78U3ZB87nq4wK94kGHBYIOigAdylCeZFfR2bqgIJoiWSSzVOdhIE2ECh1GPQKgPnqm7z234LFnDhOzh+RA1Dvsnqogvaf5fulwUMaHarh3f54HJMKv0Ua6Xr5JF0m+voY8RvURVGwqilXJqpKskVylEYEH4jw2JNM5FVEqzKGBq0HAyOFf1aKhL/AKSsvsHsypLPNpGvsEe68uinx9jgTvw2sMRXjJ7qPF08cfVLBabx+or5+tJfqJ0gGIZ76u2Yc+AXFhXMI4mxZxTT7qIaF/99AN/ayItbBLLpFXCCkW6Ajk5SpeLKN9Uo1JmED8CSg4yjT9CalhsDxbFfk8ejmPs4SGhL7jOUhUsx2PJNt6M8syg2l9D92Llf779/oxKzUJ4Y+PMGccxvF5JWG7ytdwJZcXUouZlEyMJjANWPZInyC+GJPPWgsMXxztLPGGRQjfCEu7+8wwjSFYVDA12MkvxKbJir3u7Vw8vMmVk7JKVHBHnhZe57Z+RudAd1FBvWT1yIjx7CzFqr3sVdWkZeS5VqD415/zgDmxkhSLl8pwflbkC87pokBlWFtC9gv4H5Qqzirw0p54TBs9jKGxNVWWyOYpSjdAxqlcHfSo2OSTl093qn7UFUh99EwVbKMyAJJkX5Ys4PGK/xiksRoUFL6JcuvpGU++EKt+HC3TZJpUMyVJ6VX5EdaZFonO00MEY4A7lXjDqxBBCdCnqPDDP+WC/RIKAyRwRT6DI+2jCItEXc5rfDIBeSk9A0I5kd5gV97ef++nBMUoWCmQMlIRPrJeQxNSDseJdP9GClzmutoiLYhqj+eyoDXGRn/09DXfo5BDs4S/o/T56160z24yZK3d40npwDy76qaZHCfDKdJz4HI93avI9+ITgPgA7QuYFiO3OqRh0tLKflGfLMAbZlqFj9fAHMx8X7MmAM8Dye9RXkFvn4kEXuQgwDNrDCunmPUyx6DlZD4fK+enyxgopJ+FVG2tWHOBcRyYVG7gAf4Iy7yus/tn6HsTCgRytYpAr8QbTKSyCNw7izXwWFeHRJ0xNDsvysMZGoIOy/R8HBdA4VcJXW9Y6mMM7yEKkdPgYvYb0jOOcek+vjuD4OkqS2u3TeD5wjpTW8OzJTEAQAkDicpD1Cx8SpPLQ9RVwarHeGjG4sF7SF4Vh7+h/1wH+Mhj4zphSAPcFUBSMOnhruGoHHM35SE8oflapROpjYe0kNX4HG9t31eLeMYXWpx5pHXFds3UAHeLAgunV2Nh98bAP45JnAbGAn7f9fas02sjuj89fXxXUPvwN7DOHZOIAebDimYIfTTEKLbKF+nU+a3WmjxSAvU1JFxsDGEiw42BSNgn9QbxTzNYUAFidL/cB/wZZxJkawOJbKwiQgOKmgHnyLBGQQ0cnKpTleis3/F5np+n03ge/fgKTjZGQfHxbllBStoElgzVpMxMegbaJPOW17H5qbEbdjRlzJoyS7uinNGZk+bAMdKJgGDoMZzhVslMpjRhkyj6i0oDwO57ZkiMvz9NTNKvc5BDffzLUEJZl5LGJsJqbawwkclGEsbSgyE+GoYBbhE8KT/hw9TfiI79BIZhHhcrP73vZn17pLTldr2rHOJYx3vj8aIvurO5ol+tvHtfPY2/r+KsPwnSNVpK6EBLWuCzVgNJxQBS2vaP3nmkpZL56c7HpeIoez9VVr8HVJ58boGqTZMZMWN4hUe28ab/nD/BNEVvH4y/BaF6zMLwIonVzWSDQZlSFRgIJqgc7EfC/ZjiZ9HjDP9fka0HljVDw3AfyHC/Mnv/tNYjGa6+bemwT4Unafej/3r39u3R+Pv3/zbm/7x7/y+70TZ7nQMgF69Q4/86wRtiZy4LqtaJwdWSB6D7Q5UByJJL2EplIlfaVFabObs/FTuFG81se8FRtK/616Z5cz9pawYemTJH3VbZ5zVO0gjMwY0zt29ytwq1PLjfiy59hmPgJmAur1cF+vo5bdYVdKl+pgyX0wsgKMr5hl9R58JNjkuVhIvNSNLDIF8SXz5jdU1mGm1wUP4JFSuE5HrBw3KeZJTd0YBJaxwaC/bW7Ul+GVErUn4xOhZnsDOn8fQjJRf8+9+jiXJ+o2F//XWMvzV80SYrwdQX1ltwf8zyBfyr05GqMh17+TPlgoopjBMgGt89qCRpVLOlPDPpYsHG3W9/Z73Elkp4qXfs84QyaaHzakZjCxMu8y/XZ2cppaKUimrf9i/njVkLrmKRIKKn5cIkSKqGFMbF+drhIWi3r6MPlT358JBGqyjJB3gEqS55sdDZiVp3PF/CpCUdp8phhqAhXh8u4jkmLhsCFRzHjToti2miuPog2ld0kvT06ueJ+JY2hyrfvieQHezImut1v6Iw9BgYMjLH9gsIQ6hIS9eamFzklyBKC8mwLI+c+G2FyLliX0o0u9JbJJnqeksCd+cEMHUkpihfSWJU5SpCqrniIxf35iFIJj0xnhqwu0c8GXTxv9Ivka0EL0K0Bfvf7sdHir/4h3CAo50t4vRaMMbqVxc0yVfx3KpuSN5DGhXq6APHLSP3wxl2xUDCnt2gJ0cdiUpT9SuioxEx/QxPGY7UB7IvNIKQZHJ4AkmJJjdPF6nEofjs+IuWhatkguIE8EFSGPOY0XgsUqk7HP0LQqif8zlQ88fJCoa4Brxq6X5L9LqMU85djRonePCJRnDLVSvKaDmjWSSziT/WSeca8aSHrTHvzqNGOZSV78EFhri+rVX3iqOlTNrAGE0Tk5zccprusaiT507W5/N1+5D3FS4sNcc1uoGpIybBxmpHcsunCZY6WIPBqdaQ07C70bnodTbIfDpdF3j1KxFmnp4l06vpXDN5gC9w5mNAFwH162S10xDMRfz5afbDPD2/8FLPepfeGV53Z3DRnU0sd9ZyjY2HmcIFEjK43874qYUler8uMCN9Fglh5Nj0FJPde439ynaTQ00dd1eqeAWzwyYtOenQJCUrTIkjc0Z8SL0GzeezpLCRJ9pfl1y0UAXGCP7hTYP03KDpAWryyHNZ9ItEongRvot+ka9gT59mIqzPo33kYxGpE77ybDgfjNrUj6ROnF/GV35JYCSpGXkGy9Iw4xoGo1xm9iEk1awajWmnnxHXwiGhn5LlKI5AIIZhTXm6GCt8TWGpXsVisKkkzFYq9bRUA9w/+tdRHVcsLoFlllIrX+F1X58oJjbkVkfXUDqNfeFhZ+StKemJJZAIc+BTjEaZ0uaxVl6N1q9hxsY1VDjJJlWSMZBAJ2qKnepTcKm2VVjDAGsK7g50+tNydg3aslfcebSm3hEbzlLUFRbxopxw9VDKVz/H8ITe3hoXulJMvkFz7O/VaLyUXd5DjLovc0CF3ngffn848bfHqCgXl/wTKU8BI7u0K1GKRCs9u5KISqMloLOK9AUpjXfhgXrdy2jvFWmYRtHei+QyKVeYK/tHIOC+dSjIsp3lhp/HFN6Y4WQk55vZ/cc2HLBWuiEmUmvBYzTfJNTjiBfl9Sov2+tVhstuHV+IP3i9LvyquXzpvNAbKyqqxXJqB0djgPxsjZVX4lO4Nr2z1aobpdm99wkxQgomkj0tQRpdaUvvfvL5YfTtQf2m9b301PTMvYT9HR/9a68ilBsJUjg7ydpzhIZoMvYasxlK1X69ndQWR33Pp2vW+5Mqxloi3px4iTLt9xuhohjcATvyQLEjKH3aLInCGmC7/DzQ18uIrBXIWYoNm03t1duNc61KIIDWUJAWxWsYg4eYnQmFNJy53v5ZTjvJtpXo+AGxTwpLPOULQe/oR7L+zy3kIsd18i/6KKE7TbB5DaJBi2AT94gREORSCZIIF9IstRzrYp1lvmEasaXdsaRU2YzUMJo1UA065VtyYRIqrA9coNzVtBYWKWps4XUT4Y2OzlAivDnZRIZtO0JPvMIAEl/xu9glAUZCsxUBJuEYevxt+0H2oc5e4zAFF/JYIb6xCrEd7Wg1mjKyOZl5e2HQkXI2Ly5DRD1lZvsCajuJlvfMigs6pX4BHVEnvWU/rY5tuktSr49j5mDXEMnvYtToEyzdQ5tryVEVKZWu+R8zFnr8PBSUoAQQHyTw+shE42qXvW+rmd+gZd7HsWfIzq0qwdZYeGYecWi0csdnS0M1W5X6ih3jdFR8D2vf5fhTGmdzHsw7kRM3X13GaZ6v0I6w3DXq645NCAPSBvNzM05bbH5eAr1OKmbgrGDz3JO4DFH3YJmja2KOoGsV1S9lTmvh/bW6Cn5qdLKIc3C/Fczf/+Ewp/2hMenYdhmXjm0g/zq4aPmmlfRuI04d212JVcd2d+LVsd1qzDq2W4tbx3Y7sevYdhC/TtAbetB949ixbXrGN49nx3anYtqxDYaxb2w7tk1hvHmMO7bbjHPHthFIvePdsW0D1y3i3rHdYuw7tsGw3SAGHtumEL6ZWHhsX0Q8PLbBW+YZF49t023aOD4e2y3GyGPbJPzUNxn6NvHy/hGmmOy6j5nwnnY1j9muhdpalrSKZFt7FsRb3XUQb4N4G8TbIN4G8dYJvSDeBvH2brCfQbyVFsRbZwvibaMF8TaIt9W2U/H2uur5dVbzUyUnhV9smqvRW6FSL6Ur3L8f5U5W6O0nMaVpWZnUIinOVUYHZlbtqgX6TZMFXCUR2KGU/E9b/k/q1Kh0GkLsWUxYALN86ulLlaxQYk8+Y1qYWOozVkoJOssEVkoAeg2oywRyaTqWHE+lxFLxSaWeWeSz9OyKQh6ZTm2UHLOdMK5hoPE5EDy4dwzId03JQtXC3VQtVPsPM5Ei5pHKwVZy8B/FftmhuHNgeTxP3IwKoaVT32iCoQjGWLBb3PJ81ecyHBvnH+dbVUWq49WdFHmkkmydT3vKafTOoC8t4dDCwa75DqsSLPf1S6TBOyhnSP20FzJcwqMvroQhrsezeCGtb2fVC7+wyoWVTf7CSxfinu+2aOHOwF/tVXHp6qRVyxeWNv+Na7I4n3gl2VBW+T9uFUN9dl2je+SNHuSj7E49eweTcy4NZjjH+KfP0OmFTv90uTn7iOU/UFZOoqE3mY+TYBsycVZayMTZNU4X0nTn4CSEHph9kxj8kHfzZvJu0gb90yXf9LpoQ9rNkHbzplEpJNz8h0i4uTuk+AeIOGWFXUewaZtKK0SbVt1xrfu6VNoRT9kIW3DPbWnBPbdnxsE9N7jnBvfc4J4rLbjnBvdcdwvuucE9N7jn6hbcc4N7brWF6NNm6xF3g3gbxNuuFsTbIN4G8TaIt5UWxFtqQbwN4m0QbxstiLdBvO1qQbztaP/M0ac+8meIJtUtRJOGaNIQTRqiSUM0aYgm9Z/vkGjSzol3PEDN2Lo2p8oJt0P+XtPLlTCO/FQILqnYFHdpf1Q9Et3XMjo7px13cGVG5kU9E1XmduhssHVGn1XBoAbVY5JeB4fTennt+UjqXqceW9eSJe/CjvogfSwMrGf1pohBMlFe89tG3D7DAjHCpyUG0NFKj6LqIsFfgjuk1IQL8MKleGf1m76ndRkgqsk6pyvajEZRUuj3SnEzMXngYiDPxyy/zKhoUaZdSrmMMnXYOTi+hTvCKmHpnZijKcoqyEd0zVzFkmG9FfKidtILxx0K4k4ZdxeH9N2gk+hivQDMwxA84n+kX9R60v2FtamAr0qB/4pP0eWXQKS3r2eHGELM+UUYVtHJZvcuGGZYdisefNf7hkRV7MlYwhSe3CvpBFirQ53vI5As54/i0uHCj52WSmOBiIELnl7keUmIhJiMemtEuZWBCmqNrdDJ6Hwdw8ArLPcHfdwcYEvgoot01RmK6Ata1Y+J2kK7zGfkg9IV30YIIE3dXvE2THNU25QsBSKPUiKsdMohZOOsgl+do9PBBwIiKYsUAYd9XPOI+CServCM5gXKgq7oGdzR12o9DGsVwk4pCzJVeoxvsN//EM+7EaR/B1ruzA74C4k0hhVG3RHRT/j1TbEGaNJ0RtFPGVG4jeflKpvlixUqmYChxvaZInMOHsV8IuauyTRfHHqcuecYejDRvU5oHKvullaw4Y4XeVnq+7Mk61d0omKVR9HpGivpTWMMGzXipGELOidhZIyz9RzEhCSJJhTtw9tkpofl5KlQ+Gk6R5Si4DKsjw2Hg66jdLHMC8DeTv1Zz2a52Ndxy8Xe+hrPuvURDt/ywMnWdrO0iq36k8TnttH1CoI1P9B5EjBIYqUjffNMv9syXSmobQSyJrStYO/vvulYUnuI96fjU7go7/esRN6Kzot8vSy5EB8GtyKNEclVxeqCBI65FwpWO6StK8LDZHGj90pFIbT+6+fjP9KA4i3QXLGbK3Rx0Y3FddIBi8XW4Sg2vy/6JZvnVevRlLyLq8X2Z6RzNn+JBjyiAz/HRYqnvHzF9RxfJWdiSyh/Wr7JH0Ono+glHv3ZtplnDEuv3XcU64S8BlLoGNmElZDvbrJiL5lfBmxHxuKV0LBtcsf4c/mNFfZoZ5o9m1N6TXIAts1kgYHCwDZMPzZfxh+blwKtRwDANmTvNN+PHlXXJRNgo90SxhUZRORdZa2uDxfx52cUOv8wenD/t9/9blvw+VxBpg2BZMtdVaN5E62ptq4tO/JTcPUy5uq6p3FJBbb7QPsDcVPIBE/ZEto6UKppKjCxx/eZ/aFpNbiWt5/fT9qv3u9HtbnCb4gJWBC1r5QoXU1ok0FSKOafFpKX6LV4Jmdpua9NW3A6nYfRUS/m9GVwcUui2IagS6HEILkyyO3wvIgXsCwQJ0GQylZ4+xf28VsNEmPdWPOyyGfracJ6ay3G1u9SPLGSFg1kOtg5q8wtSFYSOVzKdJSE6s4PRjlHRD6maOMa+z5UMsb2RvVjZ8ayBI5+StOQsKXQtlPKxmaRqOOj+z3IqN90vCaZfB5G//X2ZPyf8fhv7/flj6Px97+MHr7/2vrn+4M//Mu2RNEtiGLbWBh1ArxHUMXWV894HO3hcHvuV2gu7ndkLtuCsq/kdAWQ1yUkV6/N4++8cG3/LWMUINtY/vpa/XTwh/13E+fzg68P4SULT9+/HRsknbz/+uAP1rODLVG232rjJfryq8LmdD5ngtv5uFN65scdEjS2XuMQ7OJTEkOijgRku7cedU53J8YjkJaVXNYnL6v3qglIm1YkJegRI9Uyc7xVlB+uujN3Ysjpnom27OhVsPNaK1zj5TKJC51uwNDWuGea/VKf5AtyuaNUlmS9X4W6/YDyj+iFddGgnlSMnpB8rMdVMHWQjTq0t4GsH3y5ofjqdpAY5ulA4rDyaRdlSZGepzrg41MFzzw4PeFslH7pQ5rNAZYfaCvNOVOHpJpclVO0yrlRzv3olI6uD45P+hZZHTotp+jnp5QBcfRYftFqHO34hc5BWdmfcMbTG8XP/23YDnb6vhHo+o6Oak8bvizxbGa550TszwaAvEjPkZWeo3eq9pnq6b16Bn7Wc+r57DFKtOhGM3tos8uYOko/If4efjnPJY6H0o0u8k8GUzLYRSsUyg0Kfw+8Qf53mzo6DXJzGu7kNMjvrs3jSfvKeQzm8qbz+Nz2tzO+dP1fDnAv8nVcu6O7eZMOay3uaprE7nBPdujwNRSiOuLTXI9p7U6k6AB+q2/NL/IVLISUFuyUrIPYdG+UIf7yIhcH0dXFunRq8Lmt8uWYibHE7tXuyXJ6kSxicksBlgYpppiBYqc3mw0BFeUnV7oJgUtJf2IP47GZp3BnJLFL9uW+Buwlf1Bx8ZKfalzMrmg/vJedvHz684PXHlNtTNfrMNeG6FicxYd+SuPoR/4o+vTAYwSFGW9Mj8SIl+tTKZlgjUUUI3UnfOb2Zy25RY9ePfYgBsOimjd3Gd4sAKVtvBrHbLZDSC2Fx+KVuc9EGK/I+WV8pcKFy94EuKpxJsNHsUR9imsI0iHU5qTlwChN7u6kbUloMFmv1vF8jj7xmK84/cRFFCLz1rBxLJ5tjbU7Xoqju2i/fhA6BLSOcRyujtKtwzNNuVIAG7guaKoUSa1tB8gkLPOyTL14BGwVnYPyyR+vea5jJppAwYu1z/UIYPzRKynBxmiJA1TwUGXTVPRggRUYBCiAf+eo+F+RL4A62XDOCe5aaiXdTthj3z3Orq55j3GADfaYNOPo0VEkYa93s9eSyPY6d1vlyhU5vpo6dxAfY5q5PuTmUAl9yd52K3A0oBkOS+sflg/BWPsQWM89AaT8XoYBdmDwUZ9ZybTNMAf7r5f04bwiwo/cIvZ4lMkxbaeo5ldYxzQxe22wUfKlaFDUv7SRehjYdwoDzcg9jz+TZ8J1YmFtrKbcrB4ATPTLO2OExaGCfOCpmtGQo9wvkzZXKb4eNwJRKdPUhKg8+JIhKs411whHHkGOpxGR1e/iraGM8vIzi23peZZ7aHdU+4HsVYoGl+slOlyzLZC6BLpA/iEJQGhfqLJkgYiXqbE2jOFfdPALnYDrMrlXJJZTFbkPuutZmWZlnbhYn5Jl31CZrqEPT+f56SGwjCv4e/nx/NA8MbzZoSxtct5nBFCtF+98vGdUG3gTD7iNNkM1GsA6p6Jr44xKG7DcDjAFBn7ITai9G65x89UY2hQXf1almCwE2IIN2x4TfD0ZTfNzVzTNOANdL6R5kA5QKxvIzkE9hDbdCKxvRglaGciCOTEfprpMgumLbP0nXIdL67tseF65nSpAb2RHrpsrXBgu2t4FpjANnm3wEXh6Fj2pc/J4a3C0X938xWImbEdK/NU8v+QEjOifWUTJX9eUWEV9J5oM6XbLGa3I8bNnQnhep8gumZltNZfrYppvADPT7PovQBlD4yac+H++C1D7XV8vpGsXYBXU/ywXYJrd0AVoD2TBPFyAtba4frXIwig97F24lgvQDOV3AZ5TkWyPK5A73nJOw65Ae25bzebLvQRBCL1OzEQZt9dchy81THYVG10Q6j2F+jxLrtcCSwNsYIFNPsd05CRGKVhgt99rFTt0jbstQ6iLpQCi8lm599cZKt54Ssp3K7zVQMXn0MoRGwKwzUOqogK9Rd5Hdefn89TmIxXOqudZ9U0uzG0zXGtxz+Wj2oJvZMrx9dRVbafIN8gMPjgL9zBDd1/UqGmb7YyCDyVskKDTTdwPfrZdGGAHlR/4iFc6EgiNFP83Uhw/sJ1ifrwWWrrO0r+uk2tXpljDVA2/bGNiWZIVKnQXoVs/fXIbapWhRt8KuYH9G+fFmDfgOkHaPWqTx9O1w1PfZO9JSkkGqkJorM3LT8XVSMttKjHJwGMFt1V+KYFP9FuMlWHSuVQpQpdBLCCTFIsU2Bnf+jew7Wc59kyJpw3ban4U7ghw3rPL44MhLpLUxoMlutqHg8ox3T8Y4qcr4wxd0haL2nBZ9N1kMon+lhS5cgS9/lPcxTTc1HnuGJ/PC+W4oawm8qsU3xJm3rvkAjaRCCQSrRZuo7s00RV4Zs/OMJO3GlyzbfMrX44P2NNkSdRZongsXhvJTJtLP07RDtbxDtRRbSt8MBzpJjjQ1ZW8depd4SeuukRKrqQ1RvleFkghMx1R/OSZ92YgspFbzjzOztfxueelO4gNrMDjZz35V2vt6Xoqcf/qkTeBwPW3LH/zhQ2XMLENLvaHbdM6MpUB69myWE5b8pPVushUNQbRkyrEOcOEZP7lZ7A9XWn+DKtVzKEjkNew4h+Pt59OkolUsyBuToXkHkQUY6mrl8xzk9eWOInOM6K9uaqHXmpanKEOOGdXVTgamigOW1YyAZ6GQGSBB4aZfiQmNTZZnoBvoKJGSfThLM8/cMo8sY98wMSaz+Plh5HZBtqfqcqrhDwpzPbDRN6cYB/DNuCsvosyzdVlTsSh5A2ienrMQps5l30TE65P2CXs7iHDhmf8DH4YOF24U/KEZXjxIGQSBtJNUmC2LqwVOBgHpSvNKy51TrjcgRPG4XCCWS35rbeIvAQMNT9AMxP2937fUWpJV9Oih9PV/PC/yzzDg3B4QC7TC1VmYtgKX9jAIU6YzlJagaO/8M8N3TkZDJSMgi9+nUSNEDyeY5rGIp4Cbwy4gkqZD2/vySOs4Xbv/QcLxJrUYIcbHDjywK+cp8mDb/7lg51+RC68Dxr7/I4Wvvr2nnQIkx4wt414VI/UkvW2DeVX6SVrdF/9PEvL5Ty+UlS/QfEpSNZKX6m1T+KITZeywoxBE8PsKNFpkcQfa6NoY5EqFmu/OZQArjPY7FFlybCKPVwc1jSG2T+M/o6L+HVvA6zcMxfcT6+embTAF7nSkSsRe4I/uXKj1ds2uPVEczM3jGVmYMzAPQc+HPm0GoNFeoYEdQyYXdpkA6hgHtbiVhumEsnWGRT8CdFvA97kdYp1DZuzhi4p4JtSEtTmMUK7Mm24mjxXCB5ivVANMPM0B2RRS+Qsj/XZoBwjp5brC+NyJYtu822VpoAj1s82YY+xybmHGTaHgP+u5yuhtjpXUFHkxahvE1E1w7kw/SsTY4t1zEdzOnyjXGKZZDrnHbOu4FotK+7IWLjo9JJGkMt9jmw11qA5c8YRdV1a5Ev2rgdUtJHxvMy5SBoDbRggtjy8F3GpinEjyCSNeom8gMknFYu1EHDy3zmBFsJulp7ZJbTJnIjHlgjasHk9GRKYptreZy11zGn+6PSBXtL7e//GW7lfJvOzCfx08G97B9dOkvvz2dabCrmNyFL2M+pin2aELjdEzCX3rak0ogqGmIDTFuyVrxrEWuUgjrEkAJPumNgIrCxAxEYrnW0txTBUeXNhhwiZ+COelFhR9hoA3RvZPwLXe5rOZklW/fmVsDzVXx+vuQZdMpBvwHQ0yJgjV6JCnQFEyD+3zG9Y3ydwUM/WmMJKyhuo5Ws2hbKpw4PTq2g6T4kbpB3BjeXUx1r9j1eSaBR1Pybr74p8qogqNWY9ZNL+IcLcxludCvtrvdsbfq/QYsPPNf5cOwFaDyOhFcqxRwxWTXYwvNwg7GQpUnEp6lImXAQOcfIuA1FxGK1vie47z/PzeXI4TeZjZLvfZW96E0lVGwk06JPiUEEN69FLWzWQv9DqbFpg9AGvtA+WM2Q2eJY1Jh0gcJqvMw0ABsegHomMwASfWpJiBbDaTWEYGiGbZpSuUvqHmBX0+rAeDepW9FiW3wQzVZzkDaH6LvuUxoP6pG2ZUD8fiJ6KtpUO0zSRpHSDuiQNHmaHT+PoA7Bp+2aIgw8a2FtivPEfYe1si41l0Ais6SXF50HVAZcDeZbvsv6kbNVmbTiBAsHwFnr6c3L1/sOIVKzCgC+Abg0DMed9qECae8ZzxSfNL/GjNV0gespHvrZsaynDjlfKkvWCKnAxeq2zKZOWco2WulIwEEbfn0wmgiCDSU0rgogrCt0H8wSBvNF5Y21lFQzWjqaD9HFc9IAlpysLMO8yDZmdQQD+jucxyL1Mewd12SSu2JUmmCL3lA/fZcMYd5qmPccFJ8aUesoPo7+/owv93d6we/bdHqER3K/LPMOdfnvvL+nsPFndez9ZFmlOhfz+56Auj4/e7f0K62vOWVktxWtggFUNm1mhmjX7UdEZoD9HDOdBvf6v30dH0f/4H0K3/ifM/uigOf9haJXbvrXQ7cOWuZeruFiVfwEivH8PmYh7POq7rL+OQrNRJmNTcx1o2RTEgnxh1e4besF5+SF4+xFxQ+nIogVYq+HJs3eZ4U1K9i0YduKy6Xw94yNl8l3QbWxliR1Gagq7gj3QG7kylbM7XZ0+AJoMPeY/8kCWIwTIcAWnI5Ufr2QaQ8kSO4++21OCH0oc7/Ym0Yn14zA0pw5YIaB9P7TvSIwbAnLRMClXWXUJwlkuzmBATn2gPWgoMRSh2xrNE+HAN5aBOLk2DOtV5xxtB/cGIDEMm57X1lxb/zTfZT9mjqqxbU3jJ9oBS+NsVyyiD1jn5GT8n79Mxofv5W8qawL//HogG1DhJ+CAnTTkA5nB4G5BOo7xrtKVbtUlrh0Gh+na2CGHtGI0R+OwZCjeYEbg3i+/3JOZkgYX/s0lfGHOSQkPkQzem9wbZvGq9DfLV6qfsT3W0HnO4vJCdXRYn3Q5108H9fuyimVscZLQJDLLsVVqGHP15PWTVz8/eYz5xS9h62WqMtO/y6+/wmyHqy7lY9ZTwrlaIc9FVGdvBH9RCCb8OZBpy9bzOXeQZvzfuOT/kjWC/8RaYKvhfaNwlWZqggnPD6eaF/KHcNzDu07P4BsFBC7dy13OE/VHni+H97uMpx/jc5knIQaaefifrK2Gm67CfQ8bIBJmUAgPUIa4Smxm1XG3ZWx/+UV39ssv0f+KmKO+hjl/HuNP20/4szrt2N11TrhIZnDWYbTt56y6qpDPYZy+WigpZz5g/x+ACH1MyNSsbsAP+Xz2erAgaRR+qs411YMHKhe/yz6YGoWDryTUFLzL/nilTBSj6iT1wEP5S21GVA78LD3TaG82n26J/LeyptDlT6UGZmySzLPop5ePT948GWgFIxMVa1agz3dZ+TFdLtm2jhoyJTsMUy6RAUWKHp6hEmByzSbIYTFpVIpt7b2xA2qM2B/4RmwNr61WbwNWM6T2WtvXfkWOVNvU8d+v7BG7Lth1L0haqjj/e+dg2KJEkt8Yw12oB9Ug0h9tXEGB20bmt80N8Tdao0i1LWsVqbZpzSLVBtMV/xpGqn1h2HCTNY5U267WkWob3hGeH3i/7HcPjuv1Z5xvew3eP/CYCvI5Hhd9vgbjPn2fx0z7rmarPuWjPDsDTrMzp0xXwUv1XSV2nUtUY8qcnHKMOCyBUrya+sBj0CyZiSLB3IpGc7mb90d54ddeayQ3ebmRVf1Gn9DvHiLiQp2xvfrW5ziRlgdOVOhCgtaPGj+yMtxKl4BXEDq7W7+sT7W9QS1LKmNHf//1q/F4/JUpWfgwqqRonkjK6E/HX31MMxjnERkwXkl/ppDpVzYv1uAVpkDsgY3MYGIFdpdmuIDxNB5TlVGglct0XF4B77Q45L9hWbBBY/yQe8izVZGjQ9v4PMkmyDeertP5jPv7pCb/6Why/N0Ei5Dbl9OUS0JOgN/k5YijXfFQPcJU1F8J9qnfNNCS1SnWqs/OywlcYQiVeodf4enCsWCaai6yGwVeA1cPo78kpxd5/pF+veS/1WawXxie1NSKSScQTCuHQaaHAJIuxvJW7SVSUVTAar2AETAPo0OeqkItM/FXyac0uRR00Agzjj4dW3+ewm7jv8+LfL18GHWBRWYjuyAXovr3uAb8KBIU418Vjr1OVn9k8NM7KCb82f0expfQu8v5uojnrg3lTYK/1vO4cLz4VcQWx4fRCwVevBo+WVAaW6VCrdPHe/bpOJ4vL2KulVYtOtdZ4K2bc+lcucSYoe+DjoVovlyasAlZMGoz4LjkABHgYyrVUhuVUUmPoHzKrPqnViQ/lUEtEspAb7Et7UKHRXsq9M/NuCHEJF29Xa5ONgRztVhV+cgWJg512qmsM0XQa0o8r10v5ZygNS0/R+5upg2OylUNPd1XZD4vUDoTo3dTDFjEV9ANWY3WmdWfGMxrbz9X4WkPbbc7RZGn+WKxBtp7dUikEaO08qI8nKEkeFim5+O4gP1fJSS7YD79MS0kY5+Mxew3Gslbbp3G9Ugnc8D24AmVEn+Wwd3sAnu+Jqjif6Ot4bxTYlYzHpBd+4PQBPAkUvuEKiyTFSebLXPYDEFwpK14By7SVWlUTKtG0N8jurWInV9ihrWGU+3TDN5ZJPNHgNU3vFdUBWeMm+C1W+16kQ4uRF1dHVvbSWtew3eVswefcZakFQbq5HWfn86OqrDs1kwomt1kzSoTVq9VS723UUEufZqkhfHHaHKNnXH0lUFbSPHHJFmWhBMUSWSK4bUfPD1eZmpYW722sbN9Spxpo5cXvtx1+6dt/HZzqt0SkQQqKFWxkM/8MoMzrG4i6fa0DTesrvpUAQ2O17lc449TQRrzs87GOGC5F3GnyN6TnKEVtRRewbV0KWp9YuJZDamm6hCeaQ3mlm9FM2Yb2LtG742jz9qudTMmfRnM/BSSgjkD6vUqXEv5ti7i6UfOGaAvHYOQPZoPFVajlkzi827KEAOq9CSmGKbGwv7UYaW/KzhyryQFsiSMqemwZskUCy03YDS9iLPz/qh2jGPfOwF4Xv2YTZO9NkpGwblKMBrpTFVZPs6XHOLGlZLouUlQEE8pJJPn4QP2XkVhk6mptwrU7+H7dSI+iV7r0Ce6n8mhoAdIr5NpoS4gFvuex8uyxzmkP25nLB33vKRH3AUM53G5OuHj8ybtvly4VcBZ+zICrAOGR2moVLRxP1nDdglog/3VrxYlkDo/V7mgkekbY3ztLuDi0mNxa2qzaqil70uVWaVduVQflYRTlvBa6LtPJklTViA63h4WPsrYPgI8prPleNyheLOnuYUm1q0UbOeVbkcNSH5LVT2g9ZNbEUgbYZloSJ59lM/Xi0xrbCpIS8d2tpbkLiUF+E8xSlEkbLciJ4owHQulZIom2uKlvse+YW4LRaRYjXJyruDKEJipaL5+1cs3QfUSVC9B9RJUL0H1ElQvQfUSVC8ecwuqF9OC6iWoXoLqpasF1UtQvQTVS9c0g+rlH1j1orQsyiVoMyXLtnoVa+P6NCzqvaATCTqRoBMJOpGgEwk6kaATCToRuwWdSNCJBJ2I66OgE+luQSdiRg06kfZpfqE6EX3HtvNu/feC9bmDf+PjJlyX7EeblITtRb7CcDdTA3kBhCwGkYayh7Ji4n7zw05sCYF3dyfwLkTcqT9vNuKOHrpC7Txi7PqD676641F1ikBxHxTvbF3j9lJRARh8t4KeMugpg56yQ0/Zq6DsVbN1KyWEIr2mlCF5sQlf9gyvbUk6grUI4f9lPlIsTv2L5YD27PH8udLXpKUmeFysKFHlia03/HSLqrIpp5K0GUVmN0R5wPwf5WVbrFftaSDcqh0awNRl6lD/VMBZ/6SqtJtX4Sq8+6LthKr2hqQu8x4l4Th58bhL3eFU3/lqak4cMxWSpJ5Ui20xFcaqXh+TqxHnbsuk6Ke87BDG5lwljDNyWvl1umDjo5iDnlyybgUiOKrc8rx+/EGrV/WSRQJxi5/OOqJewqmCmvf0e1RvehesejK0T/dKqQ8M+HqRLiU3eqKKVzs2gBvViNbdM4Y+zUYoi+F/nnxOVR6/x3lSwq/0y9bw4antCjqSyYkzfXGSaZPvSaCgSvpqSMLbcKPBH7xUN0aowhuldK+qQmV5NqaaeK39C/TgHzbwNhxKhuHa8KpQLaDDHJltdCHgjJ4iNqVTtyomKc4TFGemF6699Kg97qm38kte2JVHEAC66FxRnyJojOek85naL6cCx6Hj6VvY4CXRLfTMkZFtSPa13t3xO2bWnPgKkeoYmLp5RNj6KyBTihzGicojZT8TTaPVTedASxwAdxQ+xRtL6k5ynRQcs35Lj6LLi7zka0ezDXvwrz3KvNoxkH1M955i2Tqx2lYPn74cKRvqHj3bmwy+2D00dB0PK+iD+Tsd2OOwTfpYJcV6cGgsB5ISP4mnF20KQAWb40jV4LYMm1SB01Kbo6S80iL31gbxV8mZlQnNmJQ2sWe77DWbWmoUNDuJnaeNxmWd6bHL9FtkeqnDsCRuHnYGo2LrBMxmFgYP28JWCeM67AS7zRRnKT3dJ1hbMVVeaPVvPnZkc1UcAdpM8Q+HLwpquSgBNJ1bbWUdIIu1o+nY9NUBg5bdaN+HcV009hLtWUc/SLhn3wdbvM9PpVDNLuT7POPLu49Gmxf1XKRIq5lGu2fEppT1kRpRD0gaQly70Rlqaf3k5VO3EZUvWGJTeMabUGa0vZrc5i5DsK+48AytuVR7m7Rjes0m4TtmfUZVGupzxROGeJAc82t2M8t0VEyR10tVrJqy3/MJNKMppwcWGphKovKNasRIpet1qZSENF3ssHNwfAt3hI+q9E63O1WtdaXR9LVS994VUgp7e/XFxXoRc1ldSkOqq6AD8LCSKOUuXVHx4/g0X7N8b7avZ4eUYfHKiFSbLthdntp3vcxKUv1nbZZQeHJPvA/M6qimV5cSttqpcEdTQgxc8PQiRz65kTXWJvFY0gTNelilJzpfxzDwKoF/kFXEE7CiRd4OuGXyKcHaeNuCV/VjleTOsDwQFXuAOyUGIeIsNRVqX/FWTPNZMopKtm/AdVqQFC+1vNm3CW7DZJbCqXGUceLSFyslWmgKnq7WPCIp2aYrUxJp3gky3tXXaj0M7+c/vX6DwCaND4ooRHf4Evv9Dxi1sPkOtFyeHfA3DoMV9B0pm9ibAu1BNJ2RKiG38bzohS2xgmx4MDFDke1zhVud4nHMJwlXtKH6yB7n7nmcXUUT3euExtECZcLHC+7PDHe8yMvSkpjm6Ucg4p+AsCHZG0WnazxG0xgrnZiM8oYv6JyEcbw7W8+j/TJJokkG+DzhbTLTKw+kAvBpOkeUYi89lWeai6KAXAMk4FpyMPN0Wh9hv7tjqhUD96ckE56kh/lqfgBLOUO+kznCc/O7qkibl21iWJFMYa+xjoriIX34NXUlp9nqu2861iklPvu54C81zEkG/cdILRP8D4L/QfA/CP4Hwf/gH8j/oLHUqcbgDtkneCy0tuCxEDwWgsdC8FhwjhI8FtSz4LEQPBaCx0LwWPDhuoLHgtWCx0IUPBZUCx4L9hjBYyF4LASPhWoLHgtdswoeCy0teCy0wTl4LASPheCxEDwWgsfCBh4L15WR1d8dwdqtyoUaXAmCK0FwJQiuBMGVILgSdHBawZUguBJ4Tj+4EmwBneBKEFwJgitB9+yCK0GjBVeC4EqgWnAlCK4EwZXghl0JxnCUgYJM03lwM+AW3AwqLbgZBDeDWgtuBl+6m0FwMaAWXAyCi0FwMehgtZsXe+trwRNhx54Ikaov0rM8eYurN3A1U1wDER4xQyn7UjybwaRJOzBDSb1NhMIT1lgV3G5CPHQF1J+P/0jDilF8qD3IxV03lthJIizW29LEG0mAFfEVdri6qgqj3nV8/oyE0GZA0WBKhMLqTAo8jUB2myerzoJ+/jYlw+RrzY5ippD7QJodI+OwEqztJjRNYSSlrA56+tsYhfz5/sYKe8wIzZ6NRemaJANsm0kHA8WDbcQAbEMqeXmZBHpEAmxD9k5LAqgMvC4pARvtlrCyyDIiNytrdX24iD8r/dSD+7/97nfbgs/nUjJtkKmx7faqkDrj1GXdZNrUanAVS8chA3oaoz5qvewD7Q/EXyFbPAU+Jz1rHyjVRBQuxuP7zBDRtBp8zNvP7ycty4Eevh/V5oquOmuibNr1rKvRjQTwIFKoquG16V/UWnzOVftlbdoizdLFevEwOurFnPa73TS3bIptCLoUSjCSKyNGIn5exAtYFgiYuvRgYR+/1SDB1o01L4t8tp6SJHZmBNv65YknlnVXKOWxr4tiwEHWWiRxRpWNeTpKZnWbavFDJTFXLEfJZrIytjeqH+tGiC0RpJ/SbOTaj80iUcdH93uQ0aeK4TJeoQ/hw+i/3p6M/zMe/+39vvxxNP7+l9HD919b/3x/8Id/2ZYoukVTbBuLp06A94iu2PpKjI6jPRxuz/0KzcX9jsxlW1C6pGlsFUBel9hcvTaPv/PCtf23jFGAbGP562v108Ef9t9NnM8Pvj6Elyw8ff92bJB08v7rgz9Yzw62RNl+1wUvYZhfFTan8zkT3M7HnfI0P+6QqbH1+kjALj4lMQR4n27dzSAnCjSFf0yuOg67Y7pd/hiLFitp58KGOe2HsprprstqhiKa9SKaO62eSb80SmZ21cmU4pgXeUHlea0h+EG9auZXPqUyB0WqKMuj3OjlenqB5c5fJlRz9/AlohT2XflHMjtUqpPDH0Aa1NopK3xFRIrlRVyqDWYMeGn90iD011nmUy3VGb9ShlCVSguhKiFU5QsNVfGOTxkYlPIiWV3mxccm/9RKbTJ+G88k3JASEjhUBQ/wZRR6CTfFNlr4SkeWGyCCBy1TWtnJb2lRGs9Gt3O/7QP13TffPGh/z1LYOJnZbi3MMp/52CDeUBZjBnuB2lo5aZcXKdxuL/OZesoah3g+z6dtp0cG7dWsT9NZ8Ufo46NDgO71B/eXLR3cvlsqGlszdcC/UxwRdu1xvojTDi1YZR/4RfZwxGtWvu+Iq+gBgPp46/2XjqKfn74M+9/W/XBnaxFjXs7jLHkiV1m/J17jk7q2XN+K5JW5ylvmLNcUbp+xd0rfwGxD50NJ7UVe+lBYxDF8ld13M8EtRT1Lpp5onWKRbyOUX/oR+zeKdm86jW0JczfWjQlGLT/jfDfFsFfJ2SbxoLUuJOYpX4o3ZZEAW5ZgoD4FgilZeqz14lXn7It8Pms7RMxnGNvv0hKg2LVUkJPmQa/E7XwItl6uoFUMaYUJ4oOIGsbdnJbc4YvSg5ykJSdZbwt25OkZT4L4bYZ7mkyTiqxDxqAknsmPyGIWiTwbMR/tpJpGJkIzCwzxiQL3/vfrH18c/ikXbT+ackv2nKC4lJGWhIVpfE1eB4s4S8+AGZ9IbwDPt/ffd7FFaJUTvS0Z5djZQUQFhW0pm7sj3SPRMZoosDuywEtawir+SLQmFtEE/Zu6rpQ9xFtrmn9HQvXrXrTPgSl7+M89noYWCu1QBDMdNk8W6fk5GmU6hiNyjez/Aemsz6Ist7qgjnGfhN+cNaYHUIS5VWHQMRSwosnn6D7HRkCnAKUD8bcvr+D7z2TnxMCmjB34YHUX8ackKnO06Cfz+ZiFgll0SeGOHeOoLeLgwGVcrJwiuMDBfWi642X8zsufK1E0rtN7a/KdJyS642P8IPGiEjYzGBJGk43AmOXTEuGA7hzlYf4JL8vk8hAZSFTXIjKOedfLQ1INHv6G/rPpwlnDueXqqZPbAwGOXh5uAgF1kfrfXZ1weF2/nJWCDc68YoVIk2ZR20U8Y3IcZ51G3Ws+OwhncnuYXo2FLRnH2WysnVmn7ex9D2DX6VbE5aenj2/zRMHsNzhQOwsBhdUUMQyypl3bkMdsdMIKxU14S5uTbGO/6rxldWhhLKdK5Z1FZQxMjxo5cJqB0wycZuA0A6cZOM3AaQZOcyhgA6dZa0M4zSUGoLXArwI7fsmKPKNUIMuCrj7Lb0hMG8C+IVvRvlt2djkKj5zPI7Qsx2WZTzHecibLarHM8DpO83yexFUPuC2zAwxJCXCjeQDEPFTxR592KWhDEgDTQhKAWgtJADZdcEgC0A7YUGtAt5AIICQCCIkAbrvWgG1Uf4o+8/Ec3UMHOH9YX2nuKDWaIe3H0TLni7iE3UgQw3QfQzjYuk9APOvLHtZ43zllTjMKbw2b1BngKYhz7D3VQiV8s1j6nNgf7LHIYbLpHW3zpTK3aMaTa0fepyvyqbosK3IKHAGLZl/kl0Dz4UjXerSU1lPLPQPIb7nEFLV0tDfhd+MVy8/dblxDsoN6+WtVNsCMzzaBsyIhLf1CZQS1XmighGk1Nb9S6EeL9PyCHKUik7faTVocUUc2mnvdB/YHyEImxcKcCuRgKpvcvTgMQEiJpybMw+WcXtUOleIU3KtrP1q9q6+sqnoQxTd8nrIurLokJUCjYnjaqrvWvt4dO9hFI1onKoM/75IL+o9+tQclASSljkYvJCPAWbwCMRNmCZuyoIgCzDwo8lNLxySQck5YlcsEOSiyPOhpfQIetiiQ7ePxuxbferxk6q86ZATvtQs/ejNLX+Uf4aKS+GQLx9spmRUFjhEayyJZdfiNO+BUN0b2X28tX5g8mZXwfPu99iU4kbr9dO4iXZBOO0LxLXa+IHm3ZbZUuSGxLqtdZgaiAKhNsJQ+rLvEKjGHHyKbrfR6U5F72sjik8n5RIV0jaJX6yyjP94QmSa5fxRxHFeUrKYDkOzLL8EkI+2w7tKXHmDH6L1JgF0FjYdE21mfPbbmR8oPkvMUOcVU2Kggxgs30+QoSz6jnRsoSmmzBSF2L8Tuhdi9ELtHLcTudfQaYvf+CWK3QuzeP/f+h9i9ELsXYvdC7J604FEdPKpNCx7VAofgUe0HieBRHTyqg0d18Ki+Mx7VIXYvcJqB0wycptUCpxk4zcBpBk4TW+A07RY4zVr7J4zdg2f5Mp/nveWSW9GAblFAv3hZrufiOZfoHus+Hm3Y8eLHN08eop9wWmoNNMIoycgvzlr0G+m1jbdMYmKXz9GAcDaPmTecrtJP+APnZZ+paaGhtORq4//eCmY06UuH8OdFen4BTAEWPClSZPXiOTv24Q1P4RjpSnxuy5U4p6A5P0U2Dt9vs0j1lFnDgBlfC5l1rwmgHuHninEEQJD3UtLhqUhLFshuxKL0ewi7/IPxyamgjfb2dht++uGHrd0ToXNazgI9qi/lwaT/HXP5OMUP68gltR/WWl0FOk6Av19nEi+JN4413iIpEHctq1iBZZNy8hkzb2ofFBsHKu5U9VYtSy4HAh2qzgi7iRNuDWXQjuYg+Szn7kJP+iKdqQL2FRyFgZ8zzLi+VTeQfIratdRl6HxxkIM/Ny/TLrYhlZ8qcxZj1jrTCoBZ9DG5EukNgwPQW1JhQ1zTN3C4Zc9oVEoMqZl4jK3gSiB5jnqmnS8SWCJcUFY8lHaERJJzReZ2mHTPUH9dJ8UVEXHs1QTtknGYgrspjI6qWlLkbuftVW01XqKdlcBowvE5sAjATxkAO3vujYXgZtfd6Gp3CL2ec0iJOMNhtRfaDgmXI8SpcSd5cR6jdyC9p2pe/K0PsfapGgVvdYJlWg/0fsIcAIXiFXlt4KOc64wVCQaIslukxQr1npdZjwuKtfiBqMJ7uz2WeLwki3eghf8+q77U/ZStF6cYe3xWo9wYn+iE2VOm90xvMFo+nY8aN5lWs5XCWTA9UkHiZvBXMi0nwYaLAUu6wm2wXiD+WRUQrZkb9IhmeVJWGSx1edXqzrkW+hekPEa7FJ9jWM9KtGptVx1Oax5PP5Ydg4nejSGnfJTT8wzJdfdE+l02sPVXJOzBN4QcbM/JGRD9bQQ+u58IyBpOnxTj/Ltie0Tjqti5nPZvASwLReQilJHV6aoGV92Bs7TAfeHQ7kxxWOi7Ps+vFm1Outz8Ei700NxP3goH5MT/rElLXW/uEH9654ASMPS2zbZJF005DS5eFtspZJp4DrkSKBoRX+FvmXJ0dO8h5Hkx7Ly1j83OepLG5odsrsHSS7gDLTjjoAzCpjoXQ+/1eQIOuaaf15egZN2ab6/ZMBA+QfCjuAm2EVFugrPKfqm1uMU71Vghzr3I56UWnYFljJuzVDfBJSrPAd5nyfRqOk9qH9p6C1dglWl+zL5TTjZtGLskneqb1JKuG8tnGUaxTUbKbtuLPk6lmtqGmSUrrsXgLs8vUdmK2uWqXiaW24JVjKaTD8qFDfWkE+rrQ/9lis2be+2Xy7kN3bZNZfTGrvbv1PWJ6+5xfY8FNm9JWF7fQGDh5r3x3IZuK03uRiVkbjcoJ3O7LmmZ23XJzNw8JWduPvIztzuNlDclV3O7Mema2xAZW8Cxe0mb2wDc8n6125Zs2lCcUC4LnI0u/SsK0KZsuxYWOzk9HwbBkswJqYjIUca85pClxZO0sG4gcqNNuHfQ/QQDxoUbho9wmSMMDT+YYFjiFGPPNaME8zqnEUlgZpaC0r8kyNJ8ThfrRTSnStTuUuDYtB6Co3su4vKCjtF54s4QKF/7EoB+NQy3oejQrZKpcOhwCPLsXJyZVsKB96NCp56myaJ7a2mi/RnH/8ls/pYU+YEHn9GmwKHsb3JzIkKurqJ9yrylcxSsV3k5jYEgHbDhD1mkMlXZXphRQwkC19A7CRVqTfDog56fzoVbv+aFW18Jcmxj5tydb2TuIzlA99gdXObsxBUD1D79sVJ2dNicfQt/h3SxrUsO6WJDutiQLtZ/wSFdbDtgQ7pY3UK62JAuNqSLvUvpYkO+1ZBvNeRbpRbyraYh32rItxryrYZ8q9JCvtUvLd9q1RVB7iH5ccQiqGLarNSgKKGuK6EvcaUn+dlOe4pOCtq5xVZPchbTlq8b4LzbKVrvaCLbFk83KwhJfB/MnvftXFWBzFP5ufJbAzAqTe0pLOyYkXiDLLVDEtOqDkIq2ZBKNqSSDalkqcWsGSJNzZ/iVgG3n9todGI5fZp717Y8wZEF2j9fz8SkkSBishZeawyUzsp81xoNxuGXnfpmUl8iQUQH7jWNwET3vjWfjY1bPNeT2vpVHgiJJRWtYFy7TarNshnl2ucGiJsNW4oO3UR/oTt/swMtZ6UzK58GZu9Ac8InzAI5j0mdbFa1r4xeBbq5Af9eRud5Pjvgy5a8f4gaYZ9Vh9B7pdUNukR3K0qf1lTFJcVaZPdWUfIZPhxhoKuSrlbiUwAwXrt1x4Bj+QrO7B9zmKmt0LLGIQTT/wKkZ8/hBwVH2V5VtFm2W1XbFneqJxbx52fkffIwenD8XddLaaZeOu54ZRmv8JJ8GP3X/tt4/Lej8ffv99+O5a+v1U8Hf9h/N3E+P/j6EF7af3sy/k/57e1Y//3L5P3XB3+wnh38y3XoeyvoOFRlAwB9Sic9avGkcPkhVOLsESkp2B6d6FodD5xzbPbFI0OPdZVzSPzd3mtI/P1PkPg5JP7+597/kPg7JP4Oib9D4m9pIR1jSMdoWkjHKHAI6Rj9IBHSMYZ0jCEdY0jHeGfSMYbE34HTDJxm4DStFjjNwGkGTjNwmtgCp2m3wGnWWkj83b2UkPg7JP5uTfyNo73YxSVV7cnOvVa5unpX2ZvpTjxcMnso9keWwNsyYTeXlML70ShuMoc15qMTXDrYvCj6mVNTwatwKjA2i759/OL18fH9B6/XpxLFwhxpeyeW48r9bx+0v9LntmKcVrRPyh8etnqt/OGh5bfS/s7B1+3OKF9oqngOa/qPJJ6vLh5dJNMW35DWCbqTxjd6VaF5msiNolla6pxfePcVIN07+rRSvNj9VnxTWhMC6vxDHgDzAxo2XoU7dc6wxDlC/GWWFMUWt63Y5HRQyW3UjbOKi/NkZYWq9Yz49IwjIR5GL/K2kZTDm4zj058QEpVP5+BhdOLRM65VUx4SOkn+bo1TqjTZb4sbqCQV5Bm1TcAaipJbZBgZvsF60SmxY42YEcokLGDfTNWz5mlIzcK4i6P3DHiK/g8IrA+MLB/ovkC/SDxE7SulZaYqSilWvrHuVEF90YyqAXX+Kbug0TozI3ADOeLHFr2k3cbeOYfMuzvPGX+CwcHrgjJSFAlnVBDYkZ5E5fTC0wlHLYerbe+5BYU9k5SBU9KRO2fPoHsqe92eypsYSXfubaqw7gC2cV6MGSIPCS0cH2MA/msgGKv1EgNi8nWHu4Zqw6DY7N26ACg6kbJccVo0SieDNKyJvT3DrHLtsG1oZbRWe8EktJqG9AXMDDYTPXsN1egb5qLI1+eYU/MDJYd9Karop491htieHpBpNcFLyUrr5SzH8wXw1obj4mRylMW5Lz/b2PJ3rqnSKQ+A7SGuYp+ifal1Qk70mir0JT0bV31AaEDoGYgYhsHschzZzJtYkhlK56jVkWW6974dtv1Ij4+QJ1073LFVgxvkKl8D6S8vKNuFsES2ODbS54X12SpXDOtsj3zoeC+RtAjdGylss0tq0NJ9q3HJprceBXawiVWIs3Rn3VHuveezfhbnCSbS0T5WI8aqM7ijk9nIwYyKbqNnPOYDEARZcqnkOR0ApdZulxCi7BXwPyh8n1UgJRKZSvXe6mtot9iaJtst5uknTAq9XiEltUKB3FmWBPyeyWn7zHB2284kZ7cByXB7THWd8/PKmXsTJjy73Z45z263adqz2w2b+ex2gyY/u92U+c9uG5kCK7DyP6zdJkK7DT+nQ0yHdrtlM6LdBkDRJxf0JlAcYna0282aIO02EGgOra/dNoPcIJOl3W7UfGm3AdDzMmvabTgMr8vcabc7avq024BN6TSJ2m34RgwwldrtRs2mdvOGmHey/SGmVbtpDcYjR25muw3bnJbuTeC5KR5VC4gm3kdnWesZQiV1jUkVVIus1+NTrZBK+DPlpFycquo+cc8waNmcxvPox1dweifJRI5wy+y5Vg1LbmpKZh7OYXrj37ANPR4/NfbADiGLWU9laTmupASGqrJHJV5WrFvrHcyq9od9K03URIoBKn7X1uBcxJihP9EmlXOQEV2aYBmIQ/XJgxPkyoSSBUvGaFQCqswqbqzol/m9K6K4k8bazSP43W6DyqysfDSsm/TrSMpgt+tbm0/2f2yO7KrV1/xQujMjq928yXRfaCo3jZ+vMC53l/R4gM2hWr+izdRQMSaUti2hZxYoZrPkTTc2LhLH2Pupsu49oNkghpfozzNNZsRA4RUc2UaQvhP85HwS7b19MP4WhNsxi6Wc2IPuGBsEyiSnQKBzSvch3H58IEkVKU5aEaMHlnVAQ28fCGufmnj/tNYfmX6+benOrTDTrgjv3r5Fh4J/G/N/3r3vynHBbUCMtRPjb6M2/CPbmUHlHn/uKBjvGDNtvv2mRV1arb2oK64rJSlXXBeDNXq9uEYs9XqUqqQ+g9spcN81YqgXH+rFSwv14kO9+C+/XjwKC5xllLN3Ollp/y1v6VZnyMNE8VierJail/kRvMMXyxXXJ0BDIb1FEpuu4S7Xm2N4TC8BCHbGJeP0F3xNFR/Fr2smE5xEJ8aDABDiiKeCBOhKv0R6f3L3SVx1OxrW6hKTTM8cKOJx4AiaRZzufIesPhWjscoxRXa8yNcZayr4dhXQ17cLpF/U6mfRDLti8wTVn3CMTA4bDCRTau5oRGwqp8OQwUiQFapA/VvF5lATQVObp4tUyKprUHYLf9GyaFP8mniBD3g0p6s5jxiNxyI1fdh2A3/G1MZwKFaAizvex5aut9zOyzilrIykbYAHn2gEF0liJ7wZzQH5P+9dlq71RksPG+60x2b012b0h353PcZqiYPeYt2dpRcrDL6yZvsWX3TyqG0VFht5kmwUwbSN1VAEFfdgHIF7q3qTVsxSmp2jZnRlPCdkWF0Gg70o4unHsmMwMWMr5R3LtOl5hhxq90T8yjX6OE1+iosU2UtffNLv1xmeKQgg+QI5ngEym/KfWyJf40IxP8lFOYsP0YnrbxocnDxwplg1bY42HAOeW1Acyzx/lin0bJA48tR3IHoC9KvRVVo2cpn3KeAxxkO+th2NW9zwP7AC8IMv8Ibpec3gP8AF6aMT3aTwdXUUKwclO5Jw2gMNBZW63IYvXt+93mjcHqM5gJL7Paz5p830kxEH10jeaxRY4SZaKOkUPdBz8Tg6RfXIIv/EdhWixCDYWm5ZPqa5QcppP++C2kbYbjcKUXY+MyLD14UjTOM3WIJKFmyuWHVRSJCAdRPhO3aC/LrqyD55Cv28pjBQ1dSc/V8SdiTCultYKG6Zov4kQwwrPx1P0AOt4ugmBItc02gXR7rInLnVx6x6QZtUP0HCdhEXaC2fmToCxCS2TYZdAqY6eTxQndl6qjxKucI4l81L48aU+mt5Y2PLpC6qusxLLvesnK6ynEfo5UtMwyQvtuvBxfqUagJa9uYyPS8P6xM+PJ3np4ezo+ToQXz8zX34YzqbffvN98fffv8g+f6b4yQ5nn13+u3s++PZafzd4fLj+eG0mB1SlutfyA1pcp7/5tnx0XfjZ8fHPsakig1c6bPGkjh7TEsue6MVsPmbmnpKSfNLdMRu1oI0LPlzdbq9a/LPBT1gfT0vIGYBY3+COoxtgmDtfiK485HxJf9w/l3ROHGJ1bGnxPkvgOZR/cqVGMS7zmSVdz9LC+ToM4n/UoaBma4e3x0+13ExX5C1LTpbZ1O6/nd0A/vVQ+65/3r4f79d8hUKqjxnR2eaEyUtOXEx5Hav7SuVC62jE3W10S2VmJC+Fv6zHbhODt339r8rHPnuOXEfDtyf8x7CTd0Ip32HOGwv/rWPo96Kk/aaQS/nPGSPN+CUb5FD3oAzvgsc8d3ghHfIAd99zndrjreP03Vyg27O1pPj6+Zkh3KwjrkO41g/eSfCQq1+S5m+auaSjdK+oIsx9LYNEyVdNPMHGRMP+kSSU4PYnKlcM77C37KevqN7j+RDA9KCPDbcsKfiuPkhR3oqn+IWPttxkuQedS6G3utTtA65lp7Xl6ByMNVqzpgNW8YF4DjVS+TcpcgmwGLt/VJr6UvTw40jtbgX+bzUKZ2QHDdnqewulxjVBfA+S6ZX03lS+9BmQQ2FdE3GVwvryN9k2lCF2lQ5btVD8hrLZ9ZW89wmL1LLXvSrWBj+7IbD3hgobMrYBnd5fm7Bw0d9gG3B8R+mkw+qtALlHKC+PvipiLyVoZVS47veu0rnag9r9cutwOWymRTGQyf9HJlz3qGY/L+k0x+qRdQtf7C8QlM8gxO9IToknxK3oWC9jtxKssitMyw1TuUuTTw+GZe4baK2v/nsS9x2nYNJ93rDmZi43W4+Jr32m83KxO3GcjNx883QxM0/TxM3j2xN3IbkbKp+4Z3LYJPTfCtZnLhtmsuJ2xYZnbgNzevEbRMY31COJ243lOlJBts63xO3a836xO0Gcz/pAW8kA5Qa7cbyQDUH3CIbFLfNckJxu+7MUNwGkeLBWaK4bUJbrjFjFLcd5Y3idtPZo7jdZg4pbrvMJMVtiDxAMxiQVYrb7nJLcRvIzAzKM9UyY8/zg+2mc05xuxuZp7jdlfxT3G4xCxW3W8pFxe02MlJx2zovlUBv6EH3y1HFbdMzvmm+Km53KGsVt8Ew9vUxxbYpjDfNZsXt9nJacdsIpJ75rbhtA9eNc11xu7WMV9wGw3Zw9itum0L4JjJhcfsC8mFxG7xlXrmxuG26TRvmyeJ2a9myuA2Ep7dDLbdN82dxG5xFi9sm23gDGbW43VBeLW43kl2Lm1eoFLfNjtmN5tvidmNZt2S4m8i9xW2omD4kDxe3gRmruA0m7oMyc20+hmeWLm43s3LfYApuntm71MtDjolXJi9uAy8P35gMbENye3G7ZqvUNeb54naD2b643UDOL267zvwlve4m/xe3jbOAcRtw2r3PTH9eMG6D3VU8c4Q1/dlUojC9WV2uX/34d/M5uLgNuSe983HJ6xukTeJ2A+b3m83Txe0Gs3Vxu66cXdyuK3MXt0FXqU8WL253GilvKrsXtxvL8cVtSKYvAcfu831xG4Bb/rdTmr1Ce/9rTlS160vqeZqRl4rhuCQjFklTrCojMyswIspRTtlK+eD3DnEqHgv9m2N7DRxF+2oc7QxnpDbt24AMYJmjZap057LkRjo/mEsf5+OXf4abvxuYj85+6AYq4xVe0Oss/SvmJ5qhAhHE78Lhn/rGyxsf2xs78RERCLqwOCqqMWRpOaG3+OrfK0n73TvofjIBrnmqPXxwmaMoWU0PJtFTIBJxmRgzIXo20ohkIBRHTGGhlRvWnCTL/qwF2qmEVUcXcXlBJPGctE8785YelNiP22DMuN0kf9xuM9Uft6EJ/7gN20iv5H/cNtrFW0kEyO1W0gFyu8akgNwGbfKgBIHcNtnru5AsUKBzN1IGymR8t6o/fSC3oXvTnUqwEusGnCKQVfE7WkksWz+qd+YXbCoHvLMLRioAQmZz3K/uac86iO5RSrbEa351Fe2jA5COJIrXq7ycxoB6B8xhoRKBw5xViAgH4uECeiehUhoQMPpAdz2MGuAZyjy9AQNDkehNNYZODaMC5OE/iGboGJB8TkvaOCtGzMPniPwhs90mmLMUlDfg9GrikCiEUUEot7w2ASob6R4Zv5H1sbtCQIjCRjQZ+XS6LpAPSYVBMiGlJg4SiGsMWyjn83Xip90Yaj4C7vVp9sM8Pb/wNtR4B7BgGx7EYn81yBa0qY+ABQJjMWYOdoE3CVz4Z/zUwiK9lxfxcom+8JIWA6UFvHo83ZuxvbKdhVEfz12WKpzSYIDRpJKGnP02cFqfUvQ9QVfo1DMZHbZ8PksKG8Gi/XW5hhv8KhLrrcJRnSxKo/IBCi8U/yFiEJEWXsiQxXMeDxC4zpMM+p5H+8h8I/InzIPYMD8YtRkayGgwv4yvfB0r8JSkeQFMC8ZVyBLpeolm+WVmH1gyyKgRc//QQ2zPLbwSToWCCtAj9iz9DEOrKxV9DmDMKSwZ7jB/B5Un7ID7kLWhdKdJbDsMcv/oX0d1/LGT+ZLgVWpzC7w+xPOTiRQ5FGvOZQBsTBDlqG6uI56NEQqZSWNPOgW2VMIK1Ih+9iVs+CkzCvF0lX6yoXKvtJgHX+BvHUw2UFGMuwad/7ScXWNoyCseJFrTKBKdzCkYykn0UmgC0ajUD1Ua3OVruW/foBPI79WIvKzruN8YzV/mgC5e0Zn8zWYXiT2WVoQgyi35J1JtSaKIJtsN+C5Krith9Y16hM430iakUgAvfxLxM4UIWPqmvVfAo+SLUbT3IrlMytUe/PUjXATwl3enf+EwYiNNYGZutDiOVPYwkuEe2/AAUm4RIlH0eY6YAKH0Zzh4gd6vMxi8X2dYDXFPGcLFAC/yel34uUlg+0fjxd5Yca0tPhq2JQlTbs3Wc9TVn+afSIU44KTyzdUcYtDJWmt9FPxvfFrm8/VKC8r7yeeH0bcH9dt9yCWrpmnuQOzz+OhfD/ynSd4gOEvJPHaELjDkYmJMHKhm8e/xpLZQ6n8+pXxLM9aXWcvF2xovbr5X/EepaFV3xBI9UCwRSrE2W6QwClhA/5if9TJKF8LxihcNO/xUb9ES47hLCcPSKixStXkPZfA0n3OsIa5Ao8Usp91NPk8x8cLxA2LlFPYMkIPkCEQ/ki/S3EI8Chci78mPEmjZBKH3QBrUCEJx2hoBkS+VQIwwIlVkCwko1lk2JGguttSBlsQtm5MaBrgGtsEUYQccoSST0Acz3AK9t8DaImON7b0JYr7xMduEmG9OepF53P7SIN5k4HVRsbnvmpAjkdqakJPQD73+tp0A+FB577H4NhASWyHisUq8MNrhqjR1PctFTwNIIUIEUt/mZWgI8QBdgH2ptZ1Yy5uCNEac7cF/KR10m71PO7btrkryvi7rmxBPCq0gWGgHzuhENt6SAStSN7ETP2YsrPkBzTbUwU4MFuJ95blxtWuvL9RKvLdtt76+HtWguG1QE6p3SS1KBd/yUNyGaFc8S0W1rHZXBaO4DSobxe3aI6LuStr6aru+clLchocuDS8tpb7bjLG84TJT3O5QKvxq24CjH5IUYEflpzaeq3cpqpbJDsKpLcpScbsDxam4bVGiyl7J3ShUxe1uJOmvtmsoWsXt7ifwr7adFbDiNjTy0qOYlXrVp6QVt2sMpdy8yBU37xVvUvDKXk7v6n12aswpwJ1v9KxnQJV09w5sAvee2Q2HsUi2L/HEDqsZQJ+0VwtY8qOsR8C4lToBOO3hFQJwRTsoEaC6cdYIeEkv/RNWB8CFd9YFaNuBUBhAWiV3/873rdq72kB16KslAspKYkratDtcJ8BTaB+s1Om/eu9I/DYeuRCPfddCX0M8dojHvnNIGeKxq+AI8di6bROPTSxCCMqm9iUFZdty1I2EY+OAIRCb2z9IIDZuae9EOoKxSUoOAdkhILtv6BCQHQKy9WTubkB2VyT20ktC7wvFVtQyBGHrdj2M2V3w1aHNDl46bS146QQvneClE7x0uicbvHSCl07w0gleOvrV4KUTvHRu10vHuZZueHZBcaxqKDaedA7U8aCtSkTlMpXL5DWXurDTF+SnYuSjooJW6ckq0etmLKeOIjGVOVhlT9QEVJIbsfiYOVgeBE3i2yk7VJesi4Oo0ah0HQ6lFZKxXWdTm2xb917njQEJmqbZdin0sd+ABqs3RQx3ntLmduGuLyv0jKqVsOaoUodFj6JiB9HfRkqdYPYVvky7bzbbYec0MaFxlGtlTnZgM9r0AosezCas/oj1tUqXCOk/MmBDVJgXTRc77KYH8BbuCLPp0jvJXVMsx+Ri7pQ2AZk2Uhx2vNfLzS6Ssoy7kzX4btBJdLFexBnZqEh+kX5R7U1GUozfTFZxCoxVfKpUQWb7enaIIcTuBRGq+ztV6L0LhhmW3UnafNeLakXuSSuONJ7cK+kEWKtDAeoRkOj5o7h08OvYaamKsiFi4IKnFzn65KnKTnlBKFevE27si9H5OoaBVxhG7yyru2vAlgnQ+XTVmaLGF7SqH1VmuWS1Hhev5jsGAaSp2yveBuS8R1HJ7kZoCC8RVjp8ExUjVhBs5+h08IGASHUJTbrT1ZpHxCfxdIVnNC9QFHKZc3BHX6v1MKyf//T6jRK9demSiK+s3/8Qz7sRpH8HnFWUKvAXElkv1TVS/opvCiwGRdMZRT8xm7zxvFzhor5YocJCDTW2zxRVrMWjmE+koi9JIx5n7jnq9Se61wmLXcakqmsI4o4XID/p+7OkAr/RiTLogyi5Xmlx0vgsGYagcxJGa3e2nkf7ZZJEEzJ08TaZ6WH6OLIXn6ZzRCkyemKOKzgcdB2li2VeAPZ2uiL2bJaLXR63XOytr3VWg+qs5uRkObvZZpEuX87jLCGHkx7erBW/Gp3AN0Bi0WHaVFaGF6IlvkEbvBDHEBXVTVo84JiIYiGr2w5cyi84TTB1G8I5Kdu9y9iCWKXwqi6xrcbFG4LmRuSIDCLa3YHcoVC5S7nKKhNrG9L4SyhFpB45Q/IlMeszsYvb3dk17YE1eokB7YTKbsRH5TSVtSfuvM512kWtNeibE2fMOM1zGLTOZvX5KPs6v/kQqIqbMLpdK3vba6MIsnet5sPcflafSmLK0vYuI02XuaJ0gs+6V3SsTV5IW/Ilr3SOIQiYGoQo2SasfbziAq3dmvdhToUe2tbKBpjxORTkrEjIdLcg31SUdcwLjnQ+aXZWxNrFVXEawC5Qpss1XyhCC92U1CHy24TF6/qzP7DTuKbqTFY2uXtxmMwuJfGBMA+Xc3pVI2N9KSZcR6t39ZVVNd3546icp1zYubok5XOJNd+nrXlCtN64Ywe7aETrRGXw510iUP/Rr/aghB3ln7oiSw/jabzi+wE2ZYG3QJ5N07mIii0dExUcEVVXOnqdeFVPC+6RpCiQy+XxW41FPkahDWw/itAjr+KjB2ZqNIYeWAWM281Oq0hy8hI4zcP7R/e/Ofr++LsxcDGwn8mYGYlxmo0fAdkca85rsmAPLLJbiVjZtfOttEX27VWHLOi98SJ73My+r/KPICnwNW0f8HYyfl7EiwVcqlPyIyhgq9lpJSCJL5JUSYwPf9nyheIEKmxN9b32/XOSs3a6rJScf6I81O256Kv+EY0PdLQVYvNKMlqzpC3vtsxWQgNdIYGW98t333Qsqt3fZXkBGLTJEaUP7SrOtjzPD1GeVJ5BUxHw2y7EJ+je+zIhy+coesXp+0bRG7qgSbk1Ih4QTkKymg5Csk/Hp4Ca93sWKG9F50W+XpacfupCzHZCdHRZ1BlaIAnvZ1ReumU9KDprZ2VRBeiIqp+P/0hjfeqy8rt5RJeivLGuToHf0qLXdtDSbZcV5fY9S9HepbnG9mfUZdRqebOsb4nyT5sneYS6ds2fPWWRD9OvVx9YnfyFYkdL6xfxmCqpw475qXd+Wr7JH9Nt8Aqo7CqBQTLgYWDKwFifws+vOQfaT0v952PSQ78yhRtGnMCY/nqJeolOI++JZtvnV1gFXPnav5Irq1KHvIprqeXhrqQccq4jb9cp++1W/H4OxfWFnqgAY7d3v9OTqsMiggSJeE6lecbrABVcMWpZlTzdrZWxsUkLxii/vZI7pguYPv5J/kaSxgp7fEaaPRuqfk1mFGybmVIG2lK2sZlg87WbYPPyBOqxn2AbsnfabILM43WZVLBxhW3W+6N+HVX/slbXh4v4syo//+D+b7/73bbg82FZTBsCyRbepnaTTHQ0qcXm2J7pitrFnLTzNC4p328faH8gZTQqaKZApUF4bx0o1dfV/Co6vs/aY5pWQ+n79vP7STur9v2oNlesFb8mytabbZAufPToQlIoYdotJC/Ra/E5V+38nWkLDt17GB31Yk6f+7PbkIdtCLoUyookV0Zck6FMZJp1/FaDrIBurHnJPmAcW6qtgHU2BU8sG/rRJAY7Z2XFBPFMohpKEz5HdNLtMkbCppgXawFlGxkWsRmFsrkRYste009pGgZK8ZVzGimxWSTqGGRFNzLqNx2vLTHErAAU+q+3J+P/jMd/e78vfxyNv/9l9PD919Y/3x/84V+2JYpuOx62jW15ToD32Pmw9aU9HUd7OJyrDge8QnNxvyNz2RaUfZlqK4C8Lhtj9do8/s4L1/bfMkYBso3lr6/VTwd/2H83cT4/+PoQXrLw9P3bsUHSyfuvD/5gPTvYEmX7nOw8LYf8qrA5nc+Z4HY+7jQ+8uMOAyS2XoU+VlkjMSTqiODpc/Ab6tznmO4wp75+U0S3IaKmc6jI38x3agG8A7C2eOwjo/eLTzqK/lVv4FzVfFT/rhqlaELT9IuOg9FuUGFdKHJ34tgXnejkAxVXHUfPJkkAyTyiEQCOQqsSqiwf+i13kx+/yDMfpkvykw8Eeu2rLpD3FyHwBPgNAIKs/wPBUPmmCwjsViALdd0TO8c5HrmGb6/UdG4e1/pDYv3Z+3oYbB3q2yKW8tnQ4wB/k8Pn8OGMmHbpsFyx4gxlB+1Dwdpa/pEzGDgiMXYH37WoFwdicf2zZmTxejle5eMe8fP6aKcZvo7MSqF6G/jcw1twlkEfjbm8uYNbWbTT/0AXsuRqDDdx9cVruIn7IP3lX8G8QqdINxDLuGMXUP8p796NUSlcukMv3Wugj1/gbTss6qzxI6vhrVhRTFiJFiDrl/Wp9kJROyw6vejvv341Ho+/Mk4yD6shwpOPv6N8fp+Ov/qYZjDOI4pYVhbHxzplwFd2StdGNlIr7vY8ySaoKzhdp1gsnTpXQ386mhx/N0Hlp501UuHD57FMRrmjPIwsF52vJEg/0pPnYsvlRJK3Tur9fIVqbRyCmJeHUed73LOajWRyVP8e1yYRRQyoJ2oaj2ga9AQVI39ue/oslQK4y/m6iOfNRfBGXuTF6oWZyhhf4ydAONbzuGh8CE8pleRDK7WIgJs6GVccZMk16xFmHsr0EJWT/0ZqPrLFB0adSmJjCX5pW3QU/XeZZy9j1DYa05P6CnsEZFwoNRHv4YlWuDHCa0rCjz8dx/PlRcxaco5uV4gNa81OXj79+cHrys81ClabZ4t/NP6z/lbFzNDOhFoHqXKY3RcUTpi/qkSJykaZCH5l9NeWQxNTqZxV69TsNdKHQlvCASvgnyty/TvH7KSq71LZ3MTVilABHeDJbEIugLWe0QhSJJSnfZ1Z/bG9pj6PWsJQcb1T5GWaLxZrICRXHKGPHtN5UR7OMMXNYZmej+MCCPkqIfeXQwDymBaScdqrxew3msC1kNCGrpgO6IDtwSMrjsKc/pVNSXoXlO3t1ZPXb+wUxKnKmm6Zerv2B6EJ4EmUnUw5FifZbJmnmRiB5ymJRuvTRboqddQGbF2920c6mYOEStRfeOoIAbzmvSLT4Rg3wWu32nOFd8VkC0nv2NraibZjI1Sxw4qtuZ2ecXMEZ9M28Sd94dnWq5UEkxiQwoCeEjej3OH0jFo4DeIFWljUHg+5+I/rbNZVGrc6W3mVD8PLJ88BPTnFyKOT6JQfcTIRccnq4jslJkjleamuTNaBvoD0RzTFyVOMZQezphi106sOhrPHaCSR8Nt4CKpgeoKM8jVLFFH9szaO6Bcbl0zn9nHjDDNPPsdT9NAQW+qHdTH/gKLDB+n2A+dTOtWRu3jyO3p8etY6AXKWY59SQjtgy3X4jnhCXeVrdaFgNIcefFN1jTu7UjObUksRDZlCNzPvYTckLm8ZdyFC61zofXtC/MMOZ7VEzmkHki/2I/n0VQBW9NOrZ/w7OdOfRXJLGU8s5YSFRZAXqaTrcQT7AAeEnVJOglgPie5KqfEJpuMPHAeMdpZ+VmfkIs8/jrWnCX66HdiAV94J2KAftb/0t5TaUOcYPbTulZSnV/EBvkcam51Z95tvHrhefYmj2/4rRD55Uqqo9vH4u2+/ffDtiBUPZfopcdTC3pV867a3O9LBjM2J2URNDcRvG5INn0fnACFxRs1NDH/bJiJIIwpzjIsZHRwEX0fX+x+Iq06Ac0LEeIh7dIgo/aFzO3ZP39+onGmJ/miP+Lk95ycfcMYfFKIhF0nXGQf9KKxXF0RaqTvz73i0O7rG18wqJKCHc6F1TudEUxBFsUY7olQ7pVJds+dU4BKeRFH4lAmCVH1xCZ/HaxiZkrXv4YOHy7gsL/Ni9v/bE//jrtlzfvZJ9EMRny/Ig3R/7zeTyWTvgOBDxUXsMl77e3+Qp84SJSrve5J2+1c7Sa/jwOqT/lqqVmwSRNPoBPMNUFIO7TEIfLOyQuFecdY7JR2z02xLx+hXa/kcmouc2bR4pTpYcJJSuQJ4Em2Asuk6yXHk0fwM1Vpq7iPhlVWXOO3OKi9uJoq6ePIZD4VW7TRbrY5d9ZNqLTvSv+kFKgq/aJNgVeMcNOY9jmF58bhLle0fQuFM9NM9UxHZ1ROu0aIcallLMeL6WkxViDFCb2Z5uXPQIplLdGVC1YhMIZhtIjCgJ2/XQKoJpoIocP34g/YV10vmqlfuLOVN3UHlqZfXvEBtZ77yahcsD3nap3slwx7x9SJdqiuJMNa9Adx+JoZJdc8Y+jQb4d2L/3nyOaViC7Cdj/OkhF/pl63hw1PbFXTEH5o5eXLuswoTCRSUbKchCW8/zfDi4aW6McJ2usbuFfeQ5dmY/Z3b+hfowT9s4G04lAxDPtf8hNWe8xjzkkqeE9LHoTo+nTpHoSJtnF7atZce2bE9s/H65bbs8pmMMUd214r6fVvhnHQ+U/vVxaP1uZwO9yjtWRLdQs8cJcKG5O/o3R2/Y2bNia8QyeXxd7wpCFt/BWRKixItlGh5AUbTfiY8sdVN50BLHAB3FD7FG4uC2yIg33R/UU3Z6i09kpqoSO91UPwe/Gtv5AgetI/p3tNsj++7xuHTlyMlAtujZ3uTwRf7ZuZObBX0QV9kB/YA2UfWeotUOk506UcVNQGttjWFCQk7JCcB8vSs7UT+DnnTjvxD+LhcL1FUhPdfsTHyibHEtnzFMuNrNRHJ2yXVBGZJpnQV7qzWnVvSTmvGFaW1l1K+L1FqXS3PESRpNUZ+F4r5jbOmVmfSlji1NqOQQDUkUA0JVFtaSKAaEqiGBKp+OxASqIYEqv9MCVThxpzNWwMPKmilXqs4S6mTrfmw/1Bvaaa6ZaJU4cR8synXVh/Uqq/EviV8UxLvJrNv3U9SVlN21XSK/ny68DypsovkHFG3UJVZvAyNfcydpI57mQPKbU3rK51V/FnkScnpeeZzrRhvgk5zbwwpXqwIHd0H31a4Y/IrNBLhzQp0eWNC5/JL6PRKkHq+tnNCfY1bMDvk8fUfgA1e87Le7/AstBGsE7ZspyAepbldiHlbKb67fCYd6zKfKKiTDy9r4uVBTzolbAiXrbW7F47NaEycznGL+8rF9jPp1wwaqHW+4kCDfuUgV1rtqbLuzSBUeqtg70oVZFaOyEg2xTfSSVv8qMfxkRIEHbTDx3eiz3PCfTl3eE2M7UO9u6t3WDaAjtn5ZgEIoQ2bhTaky3g2Q1UwSE3pAj5YxovesIb2lzaKaXj68oTHf4Tj0wMT0lB92IhoqM2dt0+HLVSffqWjFl4oQzwyb1sELrywaO2SCsSSwjUn51q0o/HopHMSPLKiFhCiE/zsVXI2sTCfd4UKzr4wvzZodW0u5E6+m7ngtjTn8mfza99c+gI6cFOrG34XwzmqqNcRzVFFsRDMUWkhmCMEc3xpwRzVU++M5YATVX27CqVuKUUIbY9CQt7qcP4nGk84wHIUTUZR+RYOzgjAUq9+qDcYbNOf6O5v5Uv9GHCgYtRHVb5StFSfCw5Z1kvujFp+elbpkZhr5cDKKjD9Tz6hyhFEOZgiFqMKnebRNcoP5Ot3FUnJ2ou0mI1RmXLF6QpHlTko7nsDN8c2qtMKXkVsSGoRjWcn7DaZR7eGosn+1MTOHc7DVYXTYlHsn1vlhx05B3TZreWYepGePpN1jfhULNaV6p5rUfttRn+ESvSTIPNiBxVSXCVnZwcWQYhLy27rbJ3T5lTd08XmQkkSsh9Ge+3JFv0ok83Kyyo7pfRq8Yjk7AwzlsPVdqVxhLX8szXB6TSefryMixmXkAJ+TNTyaZeqXzlMs6uH8o2TBLWlZvHo6FMIn85tzFwHVeaIW2sucPeLHMggxr/FKdmWirw7TWnLTW9ODF72VLoC86cny1V5iG4in9Lk8hDzMMCpHuMEx+KAfEjS4eFv6D/DCcLOvHw28dgo14tFXKRl4vAfaZFk7RZ8NUwLvhq1Fnw1Nl1w8NW4JsAGX402GAdfjeCrEXw19KNd+mpsa8E5Q+zmn9wmnKDp/8fS9GPhsKDoD4r+oOgPin7d7oCiXwzeL1qVV7WUTfrNNk8eJe7biHSazPPsvD3upysep5VNCOaIYI4I5oi+eQRzRDBH6BbMEcEcEcwRwRwRzBHBHFFrwRxxTYAN5og2GAdzRDBHBHOEfnSXzBH/9AElyS0Gk9BvLXEk3SEkSWf4yFc7jxw5qSjG6uaZqtpMbCCV3/rsMk17lSUdp7dlpxo8hxuzTzXncdeCUPrMUsEiVWnBIhUsUl+sRcrbGDVQw+qnXlUjG/vNIGsS6VP7dbnqtQ5NLlvZCdsMCbyM25g+0fEiSQxq3KDGbWk3o8Y9Byy8jFvUExVckbe0oSpZ4Zr0z4Is6meLZWpZmZDi2zH2SmJo+4C2TNEywnTMNZh5W1sw83bM45/LzBtJpYi+88rlJFRFGf6X0JKeS7wtk0iXcbmNFI31VV77uc0SPZa57VTP0uH2uZGjZxDM/1kE8x35jAa5PMjlQS6//r0KcnmQy6Mglwe5nFqQy4NcXm9BLg9yeeXnIJffrlze7v9wYx4PQLxgDzOYCvk4pBlOeTyNx0jvsOw4MJnlVblKFof8N95lcIfhh9zDDfpMiB/ZLFnO8yuuiNjpNcHimBEXpV7Z1cPoL8mpzrV7yX8rVGkvH99So5znQxCRLsbyVu0lLmptw9F6gepLR4ciOao56Im/SpBt+NlyoGAs/HRs/akkdPES2Y2DyHMG9GMNaHpmHEUazxsOI82t4l24yIvVCzOhcbRgomQcShpffrVzx5LG9JUnXrnGqKwyej2N5zChn5aH8tfj/DI7fMWVdw8xx3kyOxSHvBYlEPuLLS/isqaDsn7p1f3AQZ2r4tL5GVUAXGF93YzYEe1SuYqL82TFqdqJoWnfu7YJYlG/dBpXNXWvqj82yWzPPNH3+GpH04OeXrXPEZ5sOkFvQM7qU4yYbbyIPyUV6RZrDaNuh1inzuWItqB1QT/xs02XtM5i5f+4E8hb/bVP1zzvnPIM9TJIb+xbr+Lv84AP/gZ6xQqz3DzM7crGJkViraPV1WNrzm8seZKrUhfJIsdYrjRT/rks7HxGJdQ8iUtbNRd0mEGHGXSYX5gOs0FKSJdpn7mGQrPxyRcY9Q5X4bMkO8cb4Ljx0CFvwnd0E3eWnejXcDwHKWWxXlh3WSlVJ5BsS5Q80NjL+ZXWxAghF5rV0inRaphXm0LBrjZxFO2rvhSNt2N49JUK1K/MMeikjNK2+htEcmG8g8Yzd6mKbhEWRYN12SbHV3XuHNaVlJEuQD6rXIPcS5fwfAoybhLXI+MAZc9RTn4MSwLWN9lid9/QtfuZdpgC8dKssr+xPV3YkEX8MdHjw3acEaXpALm1VawVPiO2nIvmWv0aAZV3Gf+dZqSHbukYRp9SXiDqLLK5BYo5skJfWM8cvazB68nnaQJcRhtiSqyaQrZyXZxRUW3Rrc3q8siEyszy5mqw4NdtCiim50Dw0wUdE6nUrYMg43bcqJyI746OWlQtm2OxkjA2QZ4XmiQooqtY2+qcj9uOOXFvdCfT9YjkMY9mIKSimJmWFwCq1WWSWCFtf0uKnLa4ohLdLTA+pVQRJ0Xlz9WzFG7pTU+VoZc5RrMxYF4nDJECQzwzlfHqMkLsR4vLzQIq6tulzSFZArs9BRhuAj0qC657IDJk8OrJZ155BaJc9lvLVe1WJO7QkrbUIac0EPQdGcVa5cs24D1dseqdypDbAowWNynCFXVpQ80S9crmHnrr+ieMMqgQQhycV2FqVyzvNhgOq2zeGYffmKozPrp7psLBqydEc3VVdhZaQMzBSuNcwh1FKlXbHV/uHBRkQ7miuXY8FUprFYJU86ncBj11P6xBBEcVxpHXjz9ojkEvOV7CCe8wQqrWxj5aT/tiULEpqHlP37Ghdn+WFMX7dK9k2CO+XqRLoocc8HvWswHcfo7n6Ux3zxj6NBvhnYz/IVrBXMHjPCnhV/pla/jw1HYFHQmiTSl+m6I3icm2BNVSMikkBpJoFs0wmpeX6saICytSF7tXBkPUsylDfbN/gR78wwbehkPJMHSX8RPWgsyJuxJGKFYmgIaRqtoWSXGeoGp+euHaSydBkvn6bLe7MpxpXQXeWs1uqvUXJoRz0vlM7VfHC04joc/CBi+JbqFnlv2o3mwrQB8N7d0dv2NmzYmvkEW8xCP2d7wpCFt/BWRKCzhmJ2TlAIHSfia8v9VN50BkLccdhU9FYkI3lznfXzBm/ZYeCe+C9F475+zBv/bI1N8xkH1M955me3zfNQ6fvhwpf8IePdubDL7YPYLOd2CH1ta/DfntimjGXSH4MccAMdxEaoBHFvZRM4soI7YJa8klMYVDOTfk5MkuhUq7bbxKXnFHov7DvTxLz7H6cbwARH3J9yjvbHrW0UdTWyaQeYNa89+rMXiy7Zvfz+ks4s+v10V3ahy0aV/92OIRpNrYKUk03+sh1/53r638MOKaMc8Qg8kpJ1DHPlujviE+zdm45L7+SRxuduq6r34mpbQMiLzAaZnP1ystSu4nnx9G3x5EXAY7KaZoPzhHLaPHVPSqqJfjo389cE2F7mmciegsjrBg9PP4s2VWQtpz5OrjpDZ96nGOlbuVs5a9CBC5inydzRjlXf32ahZUe8IZTh6qbFUsRiN7CV8+OPrXkViHLi1Z0uw3EPB29x5u6Bhl0uSYhFhF9diWq7hYAZUns7Vm6FdoHXR0XtUdkCQPs9RbOMtpXxJSY0XHsBRLB+Po1kjRP6K3XT630IJMpqeoRvgIYjF6mjUB4+hagwwBc7Yu0KtsFCVZqVRcuPKaTVSPXbDV3tE9fI3OaiuJtlBaMwEyXuoghqN/aA0YHueuckcBCRrnxZgpjGUVbYOlfRj+oWmfbbtuAP96CNoAZPYjaJsTo5kjoxMDsp1U0p3YSyQrxo7tiVlV1ehNzHCN2M9v2w+PD6Vz9M40UIhOhZAh40l2mdFWM9f05iwXJ3TYwJLdgpAeNcm8IU0uqa9CrttOiWWAWqEmlwiUSz3TRbvQN2HVBf4d064eobA7CZkfcVG+u5buNHrE2eHmV6JrhT/K9RIzcJGhVrj1ztCCvQqfutcFDzlLCFIPxnZTp32l2+2RU7THEf96KurFKoHVNs3Ncoe3G9Zbp9O5Xa8xhV9czGSx90rd64DYil06F6jhN5RGGv6zrS8NUEJg2/Hda81R1H7rDDpfE0xmpAtgBxVUKKAlCn4UU6blnIIsD+WjdJFeIKVAC9EpmXyBVnk+p7uGeiXOskhgWbA7ViY+jQHIJVwRlYYJO4b56zoprpgOQo8mTSxpeym7Nt0ai3yWnlGuWAmtcV14NTRrj+DB/JXj83U6A1QyQO3stVcfFkXnSYa6laTd60M1/722+5PNzpeSOJh91UeooxCbU8Ju6HCVwR6pT2Hb4UT9tZMVxUbuJj++ePZ/oqc/UD80HmuULuJSmBPYA3Hf7ow+wfZUvNS0QgonODJuLYAy6yJjq77l1aSoGWwyh6K579bMdLiMy5L9AlKx5HBn8bzM2edjcYqOgeoUMDjgDjkD+LmZs0SvWMWZxUyJSxz4ExoQ2AevAOm+jOShgZ5L343ILilh4fRm5Jao9nFO7jrKA4hnqpW92pNCq+xckiYvNs8s/Kj4RPZun4kXUmpChVozhj9pxcqRNUCXD4NqL358I2gA2/HN0fcgoKRAw4CXG0WpoEKSUmyRvHb/6Dh6JP5BwPB/e3TEu8lpaR1DsYMdRsdjOmQrT7LGA1rDlIiOMOFnyL0rxS37VgBnuFohGuuUtYS1LuLJdAwJ5FW0r04t8C7xGXtzJcplhn189ICv8IvxCb11ASBJigPnhp2QWW+mlHk6BKnXfK/aNV/JcHoWy3yVZNMr1zIavrk2+QEmPZvqxMDw8DwnTjiv+e3GFXfd7kV7XMlzhxkC2y1zAc/ZCiGGPrj0S8vwXBXASyYZeXEeo4suvacCRf7moh37FJbBtzIZkQ/01QvjX4nrgrIvlxwdQA5BnMhdO2a5hBrunUJrdnqjz122Fq/LvDvkD5v/VhGBUaZMITpIvBhfVcjLJHpqQiWZ4+HcHhQyKO7NQH/mKyAs521GB9XKfGECR9m1mP2EYnXXkkmDnIdtem58yeMlssoFyuzt8YOmxUAOAA9gz4G2TTTxgY+xMgNSpAyO/owj4E1yE0MUBB/JQCGZUJwKaRX35sKVXvdnuw1FLPh/IG5AnYpSorq/IKpmQtZ2hNjUWcWFmn8RBE9AYm07AJPoRAXwm146RXhsVbsoDrQnaRD2TBechMA8EK8YoIR5hihaC51wocWLnJUyQvFE22Q4MNIvAXmcsd+JWcXY8GU6YoN3/azT1I5tRaZcNZxih6VagAt/BbBx9PjF61+enfzxybNbOxsaCl/Uocgvgf69UmHZjlvc/2g8E885tZ2zZMlUUDkHSrgOxes/e6bfEx6QHO/QqOI0miQYLzRPVixemegAhTvnIJSjQnqKlzC6Jk40dy9vpng9YHAwTSy2rmyX5LLCywk9EzLkbVNRKNOcaWiJWMn5d6tP5tk5zYB22ubNF1006h17RLKCzrPg8AIRlMRBDNmitUg1GeneeXRuFBF7HYqGuH39WEFZ46uRZMgc0JFF51ucPUwYcCS6yteRXF1XpEe47LGaRRpHT9TbCm1qOSNIGDYEMFahNITy2WoUOekemf9UmDKTVFVhpBBBxuqcdsiFIT7Oldi6QvWarZoa7+VTFZjnmztHNU93MYDHPJ9+pB1+jMd76BR7UAcbkgGqPXLy4jHKjKRYxwG1gmMPYzPOyY6lJrEHwAdxB2SGgssw9Q5jujUnViiWCXED2WXMtyWrFdeAonMiHb39m9wv5A9IR7JvF1AlkHjl9akItkJLx0JLARyHvzEgGs8ERr2DIxd8Abw48d1V+kzVVeAQxHz/E6XUNAlpUIKneipslhk8UoP3L902GJ65quCY9iZn2qyngl7SeOUD2UtmJTJbuKF7aAFdpKV9MGjr3S6f2CiJzGUKzM839+9H+z9lEqNDKuEngA2rqwMrSJe1h36HrT0CqtrMXTHolOkjJCG5ChPp8tPhtOpG6gWCfWPtamXduXM61uRBOey0mb6E79ZCSpvNmwa7hX9uQ2E3JOGaabvPRuZIRmaaN6SA8d81oH56+vhOwAmWtiMw9TlqYxtbPInztdZMT/YLPTqbMe5Zr6rSqRvDNsQ/t955t9N4z+DNCG/VPC3WUvlPq7vsqO/TBGSuNC/U72JvvyVbNi51DPf+uLPSlw+3CxfFCp0kOpLU+UOu0llL7r04AraVCpqiLVpiu+FhvCzJUcp1koixoEtTKQLZuiU+N//v//3/lGbsJXlgJ1jJMy1bcvb5wwYbD9iadHAzGFU6bYWTgaJKhzXWBSmddWNN40Q1+ZwybFqqU1X+U/npW/yxNhy3xkXbjbXFVN3x0IRHod2fZnkV/VEtYPI4XsXEq+ZrF6ngKSfEMnKtXF9+x1ecGyLQ7U6kG3BNCpJTIp5h8/O4MEmio0kXoqOIo2WaTFVOXqXuYSOr/IikplAaR+FjvRaCzSSUoVjkmI3h0f9+/eOLwz/lSmiZUqw9JdNYkCZAJeASivuaih8Dk5yeJeVqIr3BXry9/74f9pyHUkpRjrQcq3KuWLhPANG9G+vLMleqs0tazgrN6rksZ51Q7cn+3YqiPcoLb6b/d7yBf92L9i9JibGH/9zjKWnRwM7xYabGboNFen6euD1YVaMsMXhtkCdsivmvrO4ysccYI359qgBpmGcVNh7DAguSfI7ua+0fQPJAXDDKK+iL0j1OUaWdsWUaVk1e4mSdukzm8zEbDWYRZ5b1GFNtKZvvMd+oM/dRC6z8D6uP7LTJOd1MfrpDEtQgKPpIUZtAcTNJ6qYzO9ttINB6bHSqbQY51qTeCfCRrehwl9BTDNRmvIAXDF/XmTWVvQ1oHLO9NZ0QmVlmfEXFmaOStWnXfN5xj8iteno1FlaMRA1diHnqilXmNmBTPHQEm2zERnqC66ECHqqCARDzlMA3lcGjqNvxW78xaDewP2OFwg0xQg4+M5zfdJ6vZ2N04lCySsQD9WRrIBY3S+cjWzA0XnYL5ELFHvUy4eAb4judBkBsthHwNWwtHt88QsHmdTItEspm656a57bOKl3uGvqm57YkciU9Ze6SzCxtmyQbcV374OrTC4Qep8KZdU+Da7vse06bPOXlc6ZRcWbjqy7VCQ/MYAbU/XGOIN+FcqfSoYKF/BjN+Fc7T1Et/gR23elKYpIdxZyxhnv7wR61tIMWxGdZNqiXyfcAGdD8ItaxEk6djz/YGp0qnY/4CtWUP1PK4+6j58nJEZ49M7LaMFpztK36y1drshuNiSel9NSUDCOSN6khuX3tyF3QjNySVuQWNCI3rQ3ZShPieQj7NSDDzt8mmo87ovXwhFi/tmMYxDbRctyOhmMAgDw0G8OhtJFG41a0Gd724gFajGHwum7txR3XXHhuQK/GYhjQN9BU3IqWYldy2GaaiSyfJY8LuHUlXm8nQQq1PnWVMErLEC/yNedWo2A8nbShnlS6RF9W5H9m2BVfu9hzX/ioRCII04T5PEbRIokzk9YGeR7oSEVrUf8Sq4qz1Ylr5phOmCOUnWELP7558jB60bJoHVjLrpcfcHumqzmPGI3HK371wzYClpJKnj7exdaZ3tSmqdgbcd8wh0rJpDpcVwJp+8WkSm3LWkZe9TUOhEniE2LfzJ4JQz3NgR6Vy5y1Hcrvvcd5pDayVScP536RnmP06xzJImVCXy8SjrCzCjpNVF4XylM3jUvCMCUvY2QWZUBxOV+Tm6nVJS5Twyx6hC6G4/UymufncGGIxG465uqeRVJamSlyAg17mBLH53QMMMlQVgbafAuZkNzzBIWWc6TulLi/jP6sSQuPNon+0rKQ9iwQ3CjmDdYE0xvnZ+NVkVjbTbnr9SpHtYBoe58sWFBggEvSRndWxffHZjAk2gqNVcJlk2vrJOMai+oJAxdmgVkT0oof9e9KlOY5Ats1D45gzkjuw+1LMWc9EggMobC2jeq6aKibncLkyAUeueKjhPWxC7Anpuvs+JxdgjAKbnvJwcuxgIjuzXOAZx/1GSR8VkCv0qE4VXPsXX0Wk9TUhvgKJ/qJhgcp/NTHufnTwU8txYGUy5p1EuQ1f4KDF9FKAlqsAHWVUKLppuS4eXoh4vaAHJvROp5betqONxqKuNb3NstH2lVzsmtWYx0WXftZZfap/NxVzYb8/gbVs+Eydzai5KeSRGX7kjaNomEbZVutpcNqqWy2zzXmiAqr7Fa1WjTNUiyRq8DbLosTKID+SUdN94DhTS3EWm2IEL/WUibOCX/3zaAJU53CvhKt+I6dYZ2YYE68JQ/Jba+rxpzd9nV1xVFklVccRVJfcRRxgUWMC4ukyGJL+j0HRalUDuyD/sD6hdeDNNsUStllgUNrl2CH00LSXFg8r6JbLTtyOwU9dP2C1Eq9E9vlDvQbp5Tihd/ixBg8ZdJyf8pTtFHBAUN9b0ewFoCOcySIB610o3gWO+BRupaZUBKrMSVYFpVv212pZXpMBAyTrc6/HJTa4jf0n7H+eMgBaikAuQvM9KtT6a6LogrWOFMnEsOHTGi5wp3RHHl7hH2Nyioe/Pjo6F+t62caL4E15DoDyRWlzeAcRG1oUs/FR9kBmLwRFqLYcgUMruneqkPTOkUyzONiaG4641Zncr/ND2OtUOndIUke1Vd3B4dhdb0pWJJ/UYW9rZ/syt7SF0kmBrR0Vl/LUa0WY20wirhOtTnqVVx6rZyv4g/rr7bW/hVWEsuOD66mLC4Q0pNdTZbsZg0OmIvAVr/qrYYsuZmZRSpTCmpXyWLaeNbmbHTeQfUd9gnrXiwr8zo5r9a01elnQw3pUEM61JC+YzWkWdIJNaSdq8MWakiHGtKhhnSoIR1qSIca0qGGtAJ5qCFdaV9cDWkatY3ihPLSobx0KC8dykuH8tLNFspLh/LSobz0gKFCeemOD0N56VBeOpSXjkJ56Xr7YspLs2fqyxxkDwfD438j2v1VlH5L/skuxtU0OsBe6xTc2kuau+SKH1iQUkpP9pRGTWfmOCXR3is4Y/liFO29SC5BvIdDt/fjfIZ/Obr5Cw6Z5SY4AcsqYi2hkagaOHbhsb1mo87EQptS3atzjAQETVf5Wp624wVejuMFXmXnCx53aKhA3jaFUIE8VCAPFchDBfJ/ANoXKpCHCuShAnmoQL5xBfKON4dVDO9mhcfVzzve+TFjPtwBk1COPJQjD+XIQzly3UIN23/uGrahlkaopRFqaXxJtTSsLK6hqkaoqhGqaoSqGqGqRv8aQlWNZgtVNSotVNVotFBV447lpsQWqmp82VU1QoWH9hYqPLQtNVR4CBUeQoUHvzmFCg+Vdhek9FDhIVR4MC1UeAgVHkKFh1DhIVR4CBUeOr4KFR5ChYfW3kKFh1DhIVR4CBUeQoWHUOEhVHgIFR5us8KDTt/Vt3zzot4QVTNB3EHNnrRGBDdn3ZkXopqSWScYU+PGqrCEyeepLRuozHVqo9kxjT3aOk05fdrmOWzimyIGGU0lX942384zRAvh2hMrqdpKj6JuR7zXJD0zZTWgG7WblLHaTnt265CgdQYkcE5O3WY09I08xyRolIYkJk4beRZK7Dzii3ZdVtKoYYfddBTewh1hIi29k0VhinIeHpSumSuUxjAR4uY73usl1SAqlnF3yLN/QqSL9QIwD08zH3DuF7WlxMFj/Bk7UUrBAwKR3r6eHRKOneICJEnLpgvmrHrbrpf9QCk/n8oYrPGE0mkhvurVITfdmSC12ql2WUXEwAVPL3LMvAGIRLwhDIYoV+VS7TyU0fk6hoFX6AlKGYs9AasyAm4F3BJ4tyJddSZY8AWv6kdxI0TVdOK4KYC3rLibv+KtmOaouirZukCetnaxBRK7rQDAztHp8JcrlaxEE/IUOVcckdhiEAbhnOYFCoJzh6YMd/W1Wg/D+/lPr98otphMBER3+EL//Q9YTWDzHWjhIzrgL2TSGGAYfUcqX/WbAnM103RGqjrPxvPqDsbzxwoVkGcosn2uyACExzGfiDFsAjLPoce5e46Kl4nudULjWDk1tLoRd7zIy1LfoSKenCi+ZkQlP06TKWbLtEKPDHvQOQkT33K2nkf7JcioE9I6SXJP08UBu2PEp+kcUYoSh6C7OhwOupLSxTIvAHs7tY49m+Xi3sdRZ9gEB3a38Wr9XHhbaqdQXStU1wrVtUJ1rVBdK1TXCtW1QnWtUF1rF9W1uk66DtYdUP6nBVg8p8eVnDfLIs1JKARKUJnmdZRhCvWsQj2rO1DP6kssIXfnCu817V0AqjKfpoS6ZNUbRKsUpvK/pMvKzH6u/NaAmCpIdgrrZH/+TeqRbVuCTHUaioaFomGhaFgoGhaKhjllqFoXan0Lr1pi6FwnxadcZcV0ETFVhkpZZNTBFGbTyKnXUG0Mx6H5hgpjocLYP1KFsdajUqu9qm2hppIsAQh+Oc/FVbNalZXz5XxeWRzTJHpJlVnR+9O+eC7Wp2RLsryc4ZopDy2fssO0LOEqPDw+/ua3R1wMCpFFJQ66IypuRyk0h4pw+5JebmLXZmj6WgWyWUKA5QW4wJOr0r/BkVb/MBkISWuZdLiVj7H3FNNCxnY+VXPFjsjNVo3S3YdF2xUOyp1ppYGtcvr/U3d7jYP8Lw0UGUT+tdNB5BDtm/WoYQ6iAp1ZRtHHJOGstcywaqYS+nz+uHXbyWHnMi3Z0bktahpp0EOFP7bVoFhnZElHY3vbesRdpwMrvo5O2nGBiLtc+0RjdbfSW9vZ+Tr6MWOnhWohOLsGRHOGl/RXUVK3in5lmDYs6xjnDdVlQX9wRvmETh35dmKZ6U/o9akESk4qjJNpP1TKs7zVfcALPJx5U5ZkWKNFnMXnxhLr9FaHcZxQY84MmLcVrxJAlt2zblW/USJrdihvFsM6CLUbN63d+EXd5Uff/Pb7673L8USuVydnMPImWGB/zxvIsMPyMsKLY3oCfsvOYJsUOOlWpjA+Wwn5NGHTxLBhnLUKsSZfRbvWAkYNigKnpU8Pd1crMfxT3tD/c/L8mWEXVR51PSfZ9lc/PHrw4MH3sgmt2G1SLK4k27uGGauJUXp6jkqD6PtRdP/o/oMROiN/H8WL6Kc3j1q6REq5hy+Oj+D/vn9z9P3DoyP4v//c68aObldNh/wbCpSGAqWdUw0FSusQCQVKQ4HSUKA0FChttlCgNBQobbRQoLTaaprqWy1QmnCcRmdYrR/OWt0oCb9Ufqu8NnLakZewyFJ2kcTz1YVx4unoGTHlAuVq62MdPaeVH/l0ui5s1fc8Bd74ajrXtjWAd5LNUE1jceKbFjldxJ+fZj/M0/MLRz6Nu1rIzZo8ytrkpIQyZo51tjJKInjGT61d1ZC+AKYOA91XxnMYha1WjYNqryzsoLPNnZQq8YNVxku8TRIuzqc89pU2B8lPOncm+Jtj/L8tbO2vyzVpsISXU1iipHWDTAdIWVDJFUtRMDqIEsfkXCCrSoHD4biIebSP2csQ4YSO2pA8GLVgPxG1eH4ZX7nYZXHxI+8LWQZpzriqmXUsMHNNpMZguuDo9rmFEUr+5zpxqOj4bNUlrdbd27j83H1Vfs4u4GbsdZz7wNRovE9lzlwMj2XPV3pR54ox3yorlUcV2pWWnBSGNx8LtJkI6lMs8MfSthqjLWRaNYpuU6kY0k/2WrFMFqlqXcXOrqdYWyhI3fVWKEgdClJ/cXe57WkRClJXIRMKUoeC1KEgdShIHQpSh4LUoSB1KEgdbVGQOjqRbbE47op0QlecqhjtMlHOQg3rUMM61LAONaxDDWu7hRrW3QsONaxDDetGZ6GGtbOFGtbuyYca1qGGdahhHWpYhxrWoYa13UIN60oLNawbLdSwvmPVt7CFGtahhnVfz6GGdahh3bHYUMM61LCutlDDOtSwDjWsQw3rZgs1rHULNaxDDetQwzrUsLZbqGF9TTWs0Y9JUh3vsox1tVsd0IHRcCizaYbDTiUYr9C3aWWFbuickNrjTiRgx/Bw7WMwq04Do2RmOlfVOrCUZ+fEZI0GlDniqaDvypV+iRiOM0zalLhKZdU80I9UcsathKhQaPwLLzSOK/kZ6ybAoVgBLu54H1u63nI7L+N0JUVxyHX1E43gImSc0GpGczApQz12WbrWGy09bLjToep7qPpezXwXqr6Hqu+h6nv7KxhegfAq/4Q+bLsgh9UetcqntFxb7UrTlOUPVjiTEN0Er4rYzurGtWLMN87Yc2sHbUfVZHI+wY2ya0jL1Rct57EhyawUQ4dmSaJSJosYNnQquO8YujZNnbFULWOFzs4y6IiRgw4EEIl4tjDTUScO4QVQeFWBp0uBK+PB2rgcwst89h+cpWBEZTkwQNX60dqFUZSspk64qgMu6k1O06rcvi2X3BGDmi+aMhVighremLkLzOsalfnZ6hK6OLyIixn+UUtWUf67i88gOJJ2nvGGU6GYOrCUTBZoBhAKzGgjru0Y4WM2h8jDbMY006rFndfg7c5MQSxl9Xq0MqiT0hF3BSezJpTmsiv3LdD3s6xPM740awfLOkMUQWWye2gEGGFlddmZ55QTobAwAd3nz9LPkh8Po5MQcj4nOzqvzkACtbBiqwpfotwlUj97xCfbQMHa6Xtl49x4T4PhoBMnqwRieN+p1E2AAMWVNbW9R5VDb7DkYbQX/ZuacO8VcZHMl0y6FnhcEykZzrVs7eK+ZXS6Pj3VgWZ5ben5Jeq6ddDFoXpDyJQjZLE3n1lbwY4KapuMUCQlSFiWixnROSWqB0bR2JgtcDaOuADp6/Cqx3rjqL7cumoP14pK55ZVBG0xWPb8E2WeiKnstVn0vlAbjKEjcQZz+uazAz6CxJgTmmOfaVbbc9PNvCf/ILentdLWyAEllC6a8leNABVM9lKVwroErshZ69o0Tq/zRyDv9dtRjUcUTP8LqCYfsgfFjKwgVzb9r9y6cVmnGX3TWcSflZ3+wfF3fS/7GPW5LVGrVABO/Nf+23j8t6Px9+/3347lr6/VTwd/2H83cT4/+PoQXtp/ezL+T/nt7Vj//cvk/dcHf7CeHfxLn9XMVzHtzguIbVzFZdf96aNJxDxWRGKilmzQ1Z7cqRCbWQNRL4mRRa6od7+1dGUkhBE6vvnUp9r3JyCfWkqNqUibZtE3f/ka6clK6KoKapibzDfN6IptdCFuzBqb0TqeNwt61t9oeGq0vrdZWsH22XfPahw16qfyzyqatvJzV20sro5aebWnOhbfFjai6Lru2xfIupbizC3FKPe5NhQpHVREeq0sVVvGrhuqmW4uqL4qYdY9KhuiEuFJvKDZk9YsU81Zd/Ji1cq4+t5X45LrAA5q6g9WrmCnu5LOR0cxaR28Vh+PNYdNfFMA/5IqM822ObufIVqIirnCJ+pRlDII1TiKj8LMqCRfdpMy9uvQob86zQRlgptT1K8ZjVP7zySVcbxSVVOIJRqxXmldVio5YYfddJSlKqVY4N7J5WyKhsCuWmjY+jPnyxB9pFpkk+2Tql+sF4B5LLHMtZCmai1QThOOspO68wQivX09OyQKagocl0TPmy6YC3ttu14OFKQSYUpBovGEUvIjvurVIbveWdCx2qmOaUTEwAVPL3LUPAAikaYEBkOUW3VpB+LofB3DwCsMFazURL1uwJZYWwhrWW8JWtWP4kRKrhUk1VWmANqyEov8irdhmqNfQ8mSLoVh2vXuWbNjEsp0jk4Hv1ypZMeaiKeopNUqnukKz2heoCrNZbXFHX2t1sOwfv7T6zdKA0yqHKI5fJn//gcs6L75DrTwEB3wtxVbFuqOiH7Cr28KrCtL0xlFP7mFvt55dSd38ccKpUkw1Ng+U+QdiEcxn4gqkQrZeJy552gGnBgtMI1jZYzRvii440Velvr+FE38ieJpRtHpGnMxTbFYn5WXwrAGnZMw0u3Zeh7tY1meCVm7pbag6eKAffWVUoi8GTCWGQ4H1x1boE4q7nZJ6dksF+c+brnYW1/rDL3nfGJt7Fw/o94mDyp+90+Uwrc9IXa1kDfA7ly/bPhlMcW0lqJ08pPffTOIn6Qy5D1zpHfsOhY2HeKHxNN1lfa2274unj6KrOrpo0jKp48irp8+wgMkx7xFPehAGmLfPWWEujjArH93Xfrr4em3KRJZXwGWt+Bs3HblW+dS2nYJdjgtJImLZYFXYmXLjmy+/G3KJukqMeKRQOr42C4qo99AWihKSkn7wlMmrvxTnmKMCRwwZHdwwJbBAHRcUlvyMkg3SimpOscpSNcyE8rrM6a0xuKy3UYMtU+e8KPV+ZeDErf8hv4z1h8POUBWnsNditp2+sTNTpipfefMRkeCEFUUXbFzm/gHnLWWDKlRWeURcHx09K+WdmAaL2Ng9q4klROyp0mK7G8bmtTTk5HViMkbYSGyy1dYyEx3b/GFrVOkwDpcDM2NMyyipUnlO2v56O4V6jud56eHGIjFOIsye14CP3d4/+j+N0ffH383FiuTZMoZp9n4EQgMY83fTBaza63wx7kIZ7vE+t3QY84TE3PCZa191bnxKMZkh3AQ623P+pWN97zI18tSLKuJTgJkJ+ZjWwrt3IziYlrWCAjXYCDulUou0Ebfn4//SKN26pvduiAP0tZYaOMbHcvZokdUl3m3moT3u6lvi06031xNgladd/RJ8poxvJ0YqmVEEzbitfPgbkTB1pec16WVbICzU6ayVJY1ZtNSH5YdvOY9S7/pCgn+M3KUtsIOw3S4GpCRm5R7xitOyqr++dPyTf4Y+tasa5OLNQVmRpzwnv56yeXSW6fkX0LQaFa1SVtpsBCtUFCOiX3p8+GpAIpfBgRB/c4rIbXb1AD0V7Y2VthjyW72bAoIXpM6FttmKtmBOtltdK/YfPWv2LzMsT16WGxD9k6rX9F74rpUs9jesLfvlSTbJhWirNX1oW2Rv//b7363Lfh8NAGmDaos2ei5Ti4nOvOopVqwXeEFVy9jTp19GpeUsb4PtD+QUgt1kVOO2GodKNWUeH4VHd9nLRRNq6E8evv5/aRlOdDD96PaXDFDwpooW0+a7UjVfWdSKJ5GLSQv0WvxOVftqhXTgMPDJPIPo6NezOlLcu82CGAbgi6F0kbLlUG+zucgisKy0ItcfPgxGbw5fqtB1gQ31rws8tl6Kv7y2ppQv4HxxLLBEFXrXJJYaT1BSpFgitIwUEQn3ZU58UNlpqAAjJoWdaiBAtsb1Y91I8SW3ref0jQMHZIx32nswGaRqGMQmdzI6OMxZLyFxJnnveXx88vo4fuvrX++P/iDy83Hiyi67QHYNrYJOAHeYy/A5i4xhJriPRzOVQcJXqG5uN+RuWwLSpcJA1s1i/o12SoGOLLdQc80r7CBvkq1XhYIflXYnM7nTHA7HzvyBzsMGdh6PeF6veCG18x1e785pjvM2a1H24+tchIq7zfleDYAKBm+Q2VIABkow3PHVUm9o+u6n/g1y+5rEWoHALH+SROO6+V4lY+ppkWPQsSlAe6EpuneTyWiBPebgmrngWt90PiRGWKrdgkmrUJZzPplfarVomrHKPzKbB+ZAF6LBYASHmkOvOEeiGyZ2k31KioVG5vHHdRf5V5rL8tlH/3916/G4/FXVjIoVChT6BGVg1bZGz4df0VpYaJHlMVKqSIecyw6mmTsQh2NAhXAYSLVoegP7C7NEJ7jaTxGuf8hqvDTcXlVAp075L/RDS47H+OH3IO2sI5BnJkgGTpdp1gLlqanJv/paHL83QT5KrvIgWi6J0C+eDnKbfWhHdf2lSRyUXhNodfFep6AVFTr4CuVI59yVFjuvLpodPSX5PQizz/Sr5f8t9p+NlQ9oqTiBiXE888+4jwdAoh0MZa3ai9xbhUbjNYLS0KEQ56qwmwz8VcJhlXK9mt8HUefjq0/UZuM/yZ98sMGQAV0CtxSgUH9e1yDsqQY0iQa4fxqLSpUvFX+3Pr4WSpFIJfzdRHPW/aJtwDwZj2Pi+bzr/AY5niedeoYVHZ/spY+rhS/oCjIRxgZnumlVIgtzU3XNBB4/TcwCvY5pfEntZd4a/9Y/bHB9LQOlxezxD2W/QYP9KP1S98ob6SCHcv7AM6ppPpLTda31q2rTEdrH9Sn2C2QncWyMrETzXPxtPS9wY8N5kVU33KhCwHBPmYgEP784HXl5w4/aDVPdRvyR/XwSPNaRdRsV6x2JdBzy/845RanfcFBdMbmmSnFr9YeGf/crmRfHG9XWjno8LxDD9P8PKOK0ty3TrlGJSNWHOuLLrwkOlMoXq1nFISLhAL4MdBZ98cye30e15wHSF+tLZd3Q15o5jJzbw/lKiM1qDgQsDpB74LSv7x68vqNXahI5wi11H1d+4PQBPCo3KI6Kj3JZss8zUQRSHcEshKLdMWB9Em5aksw+ohuW/IIYxNp/YWnDnfSW8qz1rFb7cW+umIgGmVqqvoJeFw5YvRDxT6lTrtvlAMR1x7DK+dr0SVWSs6dNaN0Qy/zGSu4JI3MUPuoukK2sePp+juVkKHKNdalUnjEfofsWxHtEfiwCPXrj+lyj3zC9v4Sp8DXoJYC8HCvqyP5VKIWte6bwFPNRdagyzEVrzYBt52Q5Pb0zCzYlKJU45P1Ei9G1LDwqPUtUs6WekO7clBqGzh3SArECVff1kmJqHPCQMkkJWtWiyHmiqUt+wavt5iS48jrkl5KbGV1uET7p0hr8AomqxZ1ezCpRHg4kkFg/h2g+Kt0Th4EZv4yNJYQMv4Th9o/RZM0WudpcpYXUma4W5ujAUheLTRAJ/4Qxu0CfUroCCEuNS+Ze+oatYrc9eGXQ4fP0NObDhQw9KtOxCI9ecJbIezKQtyBpmoyFH8LAyZAyAsMP6dZ0Ywk9YhAF97R5yGeX8ZXUlSZ2MPfdxR3dZWopLV1PMNd6nhUAaVDhu/U/xEib0MH+ZhWwuHclKALLeQEA3glAQv3Y9MQPqLmRSw0Ku919cqdIPEhr3+JAEhd5MxBA2VpbOsusbTskT4C3c4PVBw51ZYecmPQa6MjPr5//M1vv/ndg++++R1ORP/rt9E+5cUo009JR/6AbbU43crfcV0eq3fZqmtVzl+b+JWZoucKnRQZeG58DdvogWWlIsrQ7i341PKftPewVXBRJAb9J2CD9QTEZVALvm27Yg+kTZKL9XyVYrYV7a86EgtkSfkFERl+fNWOQ39RSaUlE4YuGqD8fu2O0ACpfqfcRnxHvda/oRvQi8ftI+l1mpRJc7ZTEqIiKOTOa4ICbrg5JgegG/Qybc37AZMEUkQd6ouqNsHWvdMlsfmtspbwx96eyhw7ddv11SI5IV/kvbzci37/+2hvnmbrz3tkRFK9mddcve6VWFicO1mSXRhxfq89+8zY4RoujVzTn3xGcaiiWmrp62Ny1VQqHaosrwSr7pmr+nkPAdopyEjbTPdZT2nUKC8fRgTh9ldqOLEz2NDW+IDgqcN4yYTcsbhxZPa98ZZfhHGdIOl65nKKO0lk+x3gSzabnwJXalWvbTW19znMeW6mr8NHnaCRmqEWCMEwKYVY6HMuEUcS8+HIEs+xIerge4VzckF6cublKtm1KankY+W/c0r9VSQKDheRIn8JYksba0EBwiJ1juRWT88qMSTxvMz1zZdVYl4478/lRa7vqe7wOT0RnSPHhKFQFRfxt9fUU18lFGNSo/mec9eXtgWRyv3cOnRn7xtMycc71JsqRTWsr38ouC2JGKsI5bqCFFu3MIE89i9uHkC13rRUQ1M0ndSPhDUnURYahiZeGd6JCe6I695IjrNME2t6uWfoIiElLSE71s4xhbB3VckVr5eeV2rwoho+dhgX/qDlYK9t5mZ41Z1Wk9SX4bBleRVB03tneXXS7t4rea8Q+y/SJefvoqjtM68N48YClykIjPj+NBthfiz8D/M3hASP86SEX+mXnUKvl0mQNhx2IkemFKJP7ipWmXeBkco0puEMbz9Fk5eAwGOYijMhDkKZik8TCvdhP762UQS28A8btFsNKIPRXctP2KDDKQJF5xQrm7GzhJxqi6Q4T9CiO73o33UPQigr8EcPv4RbqnX5C/WWzPPLNybscc8bapedr3kWAfRb/IbL9pNAKhZqPyrvub+DQgbMXPkKxPptcJz/jjcdnYZfAU3TAvMyK/HffqZLyulueoZbkoITcAI6kGBQjCCY8y1MMaZVHgQzfmIuFLyddHzlHvxrb+QMwMFmE4a9p2jlUCk+KgddX/SkpNujZ3ubsi0eGOjxyvDqG32CsX8mlk3lGh3NfpfkFZs7d8sobXLdFyaqtCyhV2JpzqnDEoCtKvG1vxMklK7JBwklSChBQlEtSChBQvF4OUgoQUIJEsqXL6E4u3QGRy3STB42rT+uYzLocKCXzSZOA+Sd07CGsRPTds4C1PNQRwEaWKzQ2jLeyhGoEa7FQwCm4ecdoKMe/PwDKn52Td8As+JNnQEa8/FzB7CcgtiKD9siZvz8HMW7veam9DgHdHcJLPcCA67X5Z6ibnuLPEthtjiSq1PLb6TttWvwBoBZd09oZ/ZugfI2a+q9DmElDyMD+/YXG/iz5aDVRHQ6GEMCnPSmNzrYzMoPONdt4dc0rXW2t2bd94a4L9PRJEn9mjCCzUDrvps8c7t5fZl2Dq5dIC610zVY91+y02tTNWUTUFtN1kK4PWfcpSFTV2n7gP7oE/RkQU8W9GRBT1ZpQU8W9GSuFQQ9WdCTBT2Zaf88erJbseRb8sudteLjHN1ySLvk9kUIJK1Td0omg+32/fJmkEi6Jh8kkiCRBIlEtSCRBInE4+UgkQSJJEgkX75Ecqct9111m2eNjBaty2h+Ptbpi6yfMOnQV50dDc0lGdI1OtI1XiTxfHUxvUimH0PCxmtN2PgfBOlHCGl62EjZaL3QlbTR3i3eiIu8WL0wc4LjdDE1f3XkdrS6+Wrn2R2fx5+xbEClThoPaNUhjFGPoZPY1PMxApX7SX3zlY0jz5sP+vIyvmiWUzO1HMSk3zoRzgCrMvfXAu55Ok/aHzZzsNTm9EhKN+jamHX4dE5Hpv4fLbB51PaoOZWZVUVN00uVNjKeLy/iB4w0G+SNrHAoTazuSCPZgtucSdLqrFH7jfK/K9ckq8Kb5NHXKbFABMTqbpasF/JShryUIS/lF5aX8rUUWdHnRmVRZ6oREdmIlvk8nVb52261m1zWeO31eKJab+q88Pi30BmVFtDGGw40ay192aJacxY3cYiK9j3ZXEOcXf141pbpy50jbOwWTvtF0pMMxLt1QZkVC1U9TuodoVQmdz/l+FzBFQxEa8++2PfMTe32ANpTms09kufw3EgXTRBXZBxY+jgvxrxC6xo0DSuDv8bUi+slZmDO16tNvJVN9hbk4VEjm0lFAJUnGj1OsQhUTCPqC80qDCDlW1t6P6Oy0pzq0FyEBO42udZZYFrv0hupwLnJclu6YepbJEAfE8yITUpYGylUxc+W7kR+IfNOjPVdzooYpr8m+qSetnsMV8vDqoyPgHv5kvnYEddTOAO4YSJIy9fb5leMPNYyBpeqxeVlyaU695r860qmeu28U4AC5PF3VoGCUBJF1FZ5y3ixNR1W7s/TTwnVEENcwT6sBKWDq4h28D+tu48JUIXHUVOXZXZovnvUXbRTxOj2j92pBXt6xpMoJLw3jkDGnyYVJovqoyXxTH7Eu61I5NmIj6ZTJ2eYMdQywRCfyDzwv1//+OLwT7lgHFY3LLnMK2mbRnDvTy/Q+illbl9TNc9FnKVnwAVMpDeA59v777v0UVioTkoZUZ06UpYrHkWdrpQDEyLdI9EXmugyn8kCL2kJq/gjdCBLAJ5onn7sLL60R0KZmebf8fb7dS/ahzME4NvDf+7xNDQ3al+QZjpskyrS8/OkOykwcU/IdxxQGSe0Y1tdZHILS9k1OFb16QEUYW5VGHQMBaxM8jm6z7pP6BSgdCDmAa5qTuQDlZaSUlQV0y5zLHKZzOdj5vuBBJPxpGMctUVsXljCveLk/QUO7kPTZIZV8zsvxBx7nd5bYyw9IZG1snD+kHhh4eoGkGipXg/rwwqn5SGIpQXqnQ4v8+Ij6voQGce86+UhKZMOf0P/2XThrBPbcvWc0fPWQEBuEoebQEAJbf53VycclIhR77OWnrpCbRfxjMkx8Nq3dHYQzqT5mV6NVepP4DHGxELCZZdN2+1iPYBdp1sRl5+ePr7NEwWz3+BAOS0vQ8w43S5lFeg9q/qwAJ6RxcyIP2wuExFXePyWZSWfk2Kali0Xqpvn83Mu2titqOo61LH7Qy1z/rXFHebSW3EfGu445OMy1OMstIGbkHICcvTarsWwnnqVk/ZwChpURPq6HIF27wLkBZ9+t58h0Ll2V58bdPK5GfceT8ceD5ceT2ePa/Rk6S/62u200+uu0+sDMbzUas+Set1yhjjk9O6O3zG7MfebG3O8uVmXGycW7Ywz06boR6ps6kZpKFq6scvRK35oZdf4lqo3s4SL/7RBXVV2F21wrUKsGnPCXJPVMZd/X5ySIgLVPS19z3MgePE8+vEVCCyTZCJSS8s0Ua5RCTDUPMzgja79Yt87zs1PDUBWr28qhWRK3JLVVzNOnK8hjlasoW8dwKiJKPpAKd4Bhn9R8QkoM8ysQS5iTCyeZOpInqcgb7V3ztXc0ZCN6tgkLpmVkglpE6x7O9tV306q5a467zQncesleqsuq4fv945i7tvPz3WfOcqKjx2o0lm/2+2Pt4HLXZcPnWVmrD1p9eAft1GhyhtdptYW5Kl68KBJrkim7COjnVQE24FgtJhKlNKk0qvD+OpLfi26pDwsxAdGeZKxor1WYtWa2qYUy1AkNTDpa3FU471RqQnXCgPV+DYlnoRnvMm5nwOFeVPEQERUbdhtReFnRLOwdm3lFohWehSV8Qc9awQFiOGgXD89UWsmK8mlorbrDOjf/Ao5cTPa9CLOzoEzYAkhXqlwrI9ZfplJKNm6VO4aNF3ssHNwfAt3hJkd6Z3YsilqkeLTevlK01SJLXS+GONIm1LABTBf6JW6ta7iYr2I8VqMZzhv1S/aLsgfAivwJcB5AN8Zn+KtQyDS2+cVV4hOLFp+2nTBWC6xSwXrv17mG7En7SCm8QQk+Tnhq14dFWzqcoepdloq/S4iBi54epEjU6yYLhgMUW5VMx3rCzuOztcxDLxK4B+tFtYOwIo/z3bALbHuYbrqVPb4R6lyP8p+TlQt+Yxl7tMVXEExSAy2n80r3oppjorukm1765KLbVkelWifX4jvwbxbfKXDT8GrvLGKkqerNY9IGrXpCs9pXsxQSuoEGe/qa7Uehvfzn16/UXX/SB4huvOayNbvf4jn3UjSvwNOnqtaRVfflBX0HSnvxDcFsoU0nRGwwETlNp6Xi9PyxQriq2FihiLb5yriyNuzPJ+ICXoC0sahx7l7jhLGRPc6oXG09Ch+LmikwB0v8rLUd2hJFuno5BMQNiR7o+h0jcdoGgP2wbenKRCB4sriDzonIcVo4buz9TzaL5MkmiBDrn1qdRcHLPTEp+kcUQquuVmCNWzhcNCVlC6WeQHY26ncuza2dQPWtFvrUnUi7mHAVvkKOBbjzN1w5Z7m60yCsIl2yoOW6dq+eo3H7tKWwGejU/nD6Khjne3ebHXv7YFr7VujrKhlqTe4RsWf/ynJhMPsWWXzA2MVIBfic/NAvduyRMm/ZpySmofCWu933wxalOUcVZ6wv+CWHmmqG+3BqXe5xVdRByh07Lj4m3KN5lYFpXFn5BiNaJoW03VK7Jry1pNMfTeDJqu4OE9WvSeA38I5X5aVO1rptPSZsBzWes46gvxS8if4C2MeptomcWuliJ0RZGd4A/MvKoTM+smOIZO+hAfAiLLBcTEiKUpP9ZCXpvAvUR2Vr/qCXVAiNM6lIDCBeEx+isLNdYQiVaajs16qD7FTWPhiWZnYia6syZOaKSfOEA70jxUOxIQ7hAP1rA9bCAcK4UAhHCiEA4VwIKuFcCDV7lQ4EOdBM8UOUvFuw32Byytez1c83PERIuR61VnX4Cpfw4jlBelL0pKU1Ez8gH8E2jEibZz2G9DaRnanPwqRSiFSqQHOEKkUIpVCpJLVQqRSiFQKkUohUglbiFSyW4hUqrUQqRQilUKkkmohUilEKtXWFCKVOucbIpVCpFKIVAqRSiFSqd5CpFKIVNqg/y86UskiH68whGITAjTA/Fd1y2uz+lVsfKVt4msZOS2VUpmEe1wA9rv3U2VNeAHEH2EY9ChJZqQvQcm94lzUhvlPzifR3tsH42/f78GWECe3SGJFPO2lan8/Wap2TG9Div34AOdbJEQr9WF90OY2tQ8E5qCtj9NaH2RV/bali6YcHq/QYeRh9F/v3r49Gn///t/G/J937/+lA29acD+EuIUQtxDiFkLcQohb+6xCiFtLCyFubXAOIW4hxC2EuIUQtxDiFkLcQohbCHH7Zw9xu4sBXHcsxu0248nuYECiimZTxd02C2bbJn7NOr8VqSrEnoXYsxB7FmLPQuzZP3LsWcvrjfhlrY0z8dikKIJfznMJE6lGNuuQZnNdTKKXFN0cofxvnbqL9SlpMyznAzhj5aFVrvQwLUugA4fHR7+9f5+usgUeYNG63pH4uWYvvIF076gYs4XwYqRBx4V0shh2W+VaDwokWj6xuDhEEHgDWKByiboU2JEXbCnP7sEsyjKfUpxdW9cXRb4+R+v/ByQdk5cSDvb08Qfe9o64MJtvSlY68KMSKxZLSCAZ/znKCyWYduWLEId7ZT1ADfXuV7ZhRPFX0T65XsxYxRgrRVWbyXGMxiSUkgEH4yyhQaC3eE73+bZ9y4Zc19RN9+qiMEyq7rH9HFOgZBniJEOcZIiTtFqIkwxxkqaFOEmBQ4iT9INEiJMMcZIhTjLESYY4yfqTECfZ2kKcZIiTDHGSIU7SOUqIk1TPQpxkiJMMcZI93YQ4yeFgDHGSIU5yo/7vTJxkiIX8p42FbPn6izfU36l4zhCtGaI1Q7RmiNbsaCFa82aiNUOkJrUQqRkiNUOkZofE1bzYBwtmIaAzBHSGgE7XqkJAZwjoxMaxafd71ilvRedFvl7SbtN6iNcQTYvepRl62ZJyYEa60jaVUNYim94rFb9Amljs/+fjP9Kw4h461A3VJVg3ltjJFVhSt6VNZpdJLQCXLAG3rkpzd12SLrY/I+9TU04zb/DKnDM5k6PoJd7+Wzs1GKlemxuU9ITiBjJpMUoKyvzQzVnYK9RhfihbvBI2ZhuvBH9Bv7HCHjt2s2dD2q9JFYBtM3XAQH3ANnI/Nl/ZH5uXTbpHB4BtyN5p0R8tMdelFsDGKmWWXVFGRPFV1ur6EO40ZZd4cP+33/1uW/D58C2mDfJ1aTI4NUJn4qAtXkf7+hhcvYxLkjhPQRiaRetlH2h/IIEK5eApez62DpTaYfbH91kComk1BJe3n99P2vm170e1uaYU7IDEatYeMWIa3UcYfoWkUFzSW0heotfic67amTzTHHyLae4YRtXcyihsQ9ClUJoQbaEGIn5exAtYVjqN0hn6kwLRKezjtxqkyXJjzcsin62npHo5M5qs+tWJJ5aV1Vqs0RJ3NiMbEUyslOkoJZXbV0iCuoj9rbguJJspx7C90UFX5kaILZ1DP6XZKCUaNotEHR/d70HGPiMrNmPxeXsy/s94/Lf3+/LH0fj7X0YP339t/fP9wR+aZiDTvIiiWxeFbWN9lBPgPboqbAlITK6JjaM9HG7P/QrNxf2OzGVbULrUZ9iqcs816cmq1+bxd164tv+WMQqQbSx/fa1+OvjD/ruJ8/nB14fwkoWn79+ODZJO3n998Afr2cGWKNvvO+el/eJXhc3pfM4Et/NxpwKNH3co0bD1OunBLkrG5xaJ3PQwxIsPfbE+Jlcdh90x3S6HQOiwQ05uWdiwzEc6DF0nPjK/uPMejcfjr6zoSTTcJ59XSUaedyrM49PxVxSvFT1awwALJWM9xtuOsOYrO+kEpdKILTEYrk4EZwYTK7C7NMMFjKfxGAWah9EUA0PKqxI28JD/RuNydj7GD7kHrcQaA582QfierlOsLEvTU5P/dDQ5/m6CF8bccq8Uw/0E9oWXo4JvdYoJdDb4SiXPEZ3JMs/n5aT+7VcqYQYnhjFRO+KVe/Uw+ktyepHnrFy85L8V3DkfCUjBZ+m5QSsxpdt4xjMhWEgXY3mr9hLHT9kQtF5YUk6hQ8lho+agJ/4qwUgU2XmNG+Po07H1p0okRIqYhw1YCtQUpBEEeaGF63ENwBL2p7QWLwHE9Csekj/XnzyDH+npcr4u4nl1YxjmqLh7YYYHAsUnDIXT9TwuKt98hbmQcjxAOmYMVUWfrPUPTAFmTZb8tIH3FFW0ALCZdEq99pW9z6+qP/alvLKHFQZDhei+IedM4oAPXyaUu+GQcjDgEvEfr9YZ/fcHKqCscSVZTTunvLyIy2oSs5fWL32T/bMmhTrm2mSQUIo3YCbrKNHMGqZi0vlf0lllXj9XfmvMbGb5N2nyqBJmxXNY5wPGng0yZlVEGHuDnHmzCJWZY7c+b/hhEfNj1blW3lbCRGqnqyIhTyvLMyok3QpJt0LSrS8s6ZZFPjCqt3LaJAeD0QJZL1ch9A+dgesMri/YuMf5AjVCPauovqwV7mIvk6fRTB533EZ2s/QmqxW8SXmJBng6bmg5A2C9whRAr9E1YrZR5Mdz1vFZxtWSO6ObiePEKSPM/EoyxMy0ZVXpGhWZbun+VJIUtcnbdvqgo2i/3qu+32y9lvJBQdamzIl1AKi2dE7XDQzcdIp222pd6sylzl2FnOgm0K72QFo7UtqKwlJ8vZ4+Lu3MegbMdgYh/M7kDGoOZSvkMJyQQ7Htr2gcUpdTNhATHyPB57WMXxRmquaEfMq9sjnF68d5xS9vAn6TPVdRTWUbn1STWXUClK5TutmSQjJZ4T26xsRWIBhdIii1C9/fkiInhS3eaTpwx+l0MRAjtYy5ATAoxxoAM79asBWBu8JVoV8X/EciTWFBvMoWjOzIRUMZpLI2dHBbW1Gih4F+ost/G4v5K+5I2AgkISBgY6KaeAF7/ZK5GnZLTLuS3AjJf6xh9FpA9Aa579+rMXiy7QrFftvyIv78el24bJId2SNV68siWX+vRwfrb4Z5Y6UbbHHA4kQD7O+HvPpsPUcCfgqiitOQH+mz2ezUpbX9mZhbGRBjwk9LENRX2m1oP/n8MPqWUjDBCU4KDKeIKQ7IYyomzgZ7OT761wPXVIhS4EyElz1CuyIFEZn7C95oyWln2klt+tTjfLqe0w1MfLa1CLgPinzNdHq9dPXbS+ZUe8Jq84fKks/Ej3L05dGDo3+VeEo46HJOXifWfsfzznRY2NZL20fZOAsU1WNbYrrLUvKNaWMv+fw5Ojd4k885PAlnqbdwltO+JJ+naBw7hqVYF4KjW3NV/EiRYXMLLSiHFsVYfpQMfE3AOLrWIEPAiHPbCGSokiP8eeVdno4FK3Ac3cPX6Py7kmzkSu4TIOOVJnFhNWB4nLuBmVANLO3D8A9N+9bWoW8A/3oI2gBk9iNomxOjWY+JsotU0p3YSyQrEsT2xAyP9AbEDNeI/fy2/fD4UDpH70wDhehUCFmsMsCOtpq5pjdnufGgxU95ei1k3pAmR99Vct12SixhbsX+nGlX3jiZbgft4rjYDvDvmHb12B27Tdh+xEVZtQ1jPlG1J+Ys8xHPWq6XGP5Aah9h29MuyO1V+NS9LnjIWUKQejC2m+YdW/ml49XZZvnX06rzcs3dV9QSQ2WNdgVd63S6c+xh/FRczGSxVgrlW8qep4bfUBppGGpbXxqQjAbbju9ea46S/mmd6TTKM8oJw4puTCxTUj0clVjDUnIjy0MOlS7Si36EVxFav8mmsCLjDGZbx16JsywSWBbsjhUGpTEAuYQrlRDfMcxf10lxxXQQejSqRNK9U6g33RrkzE6euaKfcV14NTRrz0GIwYPj83U6A1QyQO3stdflIlJxKEm7Jlk1/722+5PNVhmvETxn6ecRKiu0QozgBVcZ7JH6FLYdTtRfO1lRbKTC/vHFs/8TPf2B+qHxWHl2IdkliLtXCjgX6J+e1YJWcYIjoyoHlFkXmclcL9YRRc1gkzm/pPtuNaleomVcoic+81IqkQx0Fs/LnPWnkklHTgGDA+6QM4CfmzlLjMqRO0ZoEKBxYEoWLd66IN2TMrEKPZcLG7lAsk8znN6Mk0nIPs7JBKCsCjxT7bjEiSU/Jsb/0SVp8mJFvcn40ZpivXP7rIw7EiurUGvG8Cf1WDmyBiD4O8Z48eMbQQPYjm+OvgcBRRJ5j6JUUCFJJcSJXrt/dBw9EvU7MPzfHh3xbr5y+VdhY0OdKhhhucNqPKA1TInoCBN+hty7St5BUiPGVq1WiMY6Xpiw1kU8mY4hgbyK9tWpxTQvZyvxXaWuZUomW8gr/GJ8Qm9dAEiS4sC5YScck6WUeZGiFT1KV9Ou+UqG07NY5py41inLtOZaYfIDTHo21VHZ3dlW4orZv3vRHlfy3JGODtstcwHPORudWLbRK89KQFoVwEsmGXlxHqOpn95Tfkl/c9GOffIO4luZEroc6KsXxr8Sk4rK9UI2G7FO6IgmdlFzCTXcO3ly7fRGn7ty7nld5t1pyLH5bxURGJXSUoiOzuOvXdYm0dPSkHjieLgKCWyvdpMA+jNfXWBBGRflyemWVcHreMdQbCgWEuC7lmwb5IRg03PjkxIvkVUuUGanCbq2D8gBRR0gbZto4gMfL+IiRYqUwdHHCxTtqbquiiEKgo9koJBkbk6FtHKwdOFKrxuF3YYilomuKCXT+xdE1XoyzGMbhticad52yOBfBMETkFjbDsAkOlFxXKaXThEeWzU/Jg60N2ORfc90wYFJ5oF4NgAlzDPKllh1wXKhxYuclTLKGMzaJsOBkX4JyOOMDcNmFWPDl2nPL971s86Uq9hWlNJTDafYYYkgceGvADaOHr94/cuzkz8+eXZrZ8Nk//+SDkV+CfTvlaoD4LjF/Y/GM/GlUds5S5ZMBVV0vrj9Ibt98uyZfk94QHLFQaOK02iSoN8hFkJSpWDE40jhzjkI5aiQnuIljNFXE83dq/I5eD2gFzoXZbKubJfkQvGuXG6nuNK1VmjONLR4vuX8u9WnCSu3Sh/x5osuGvWOPSJZQedZcJjS35E4iK6ftBaJ3dUpHu4KIvYmlh4SAfhjBWVNJGCSUbU5PLLoU5FyuQvAEao/JlcXld8CpHcrsCONoyfqbYU2ipYLtpIwbAhgrBzzCOWxXpKT7pH5T3nFM0lV6Z0KEWSszqVmXndnPuHs2PoKZJm2Xaks0zzThgM85vn0I+3wYzzeQ6fYgzrYkAxQoN3Ji8e6+hQOqBUce5gn5JzsWGoSewD8jEr6FRzz3juM6dacWKFYxlUWZJexRF+SWnENKDon0tHbf6V2ixzJvl1AlUDiVZmkItgKLR0LLQVwHP7GgGg8Exj1Do5c8AXw4sR3V+kzhezBIYj5/ldxAFKEDGhQgqd6KmyWGTxSg/cv3TYYnrlSkJn2RhXX1PG5qDopsXJXksxKZLZwQ/fQArpIS/tg0Na7ozixUbqGyxSYn2/u34/2f8rgCGPFNVIJPwFsWF0dWM7+rD30O2yneQ5U2b0r5q4YdMr0EapVEaLLT7vlqxupFwiupESbrqy7oljHmjwox5AqY6bdcr0x07xpsFv45zYUdkPqkpm2+3pKjgJlpnlDqrOylGlDATWg2pRp1wCnzrJTpnmCqS/oGNvY4kmcryGiO1/o0dmMcc96VZVO3Ri2IXUa6p13hx33DN6MFFFtWFW4Sp1W5TNxmoDMleZFrX7rLdmycalU+s0RJd7P7cJFsUInieUuxFrdWWsdYGBbKZs02qIldAIexsuSHKVcJ0llMcu1IpCtW+Jz8//+3/9PacZekit2gumU0nLRTRj8JAEeEEQpNxEbRsJ0p61wMlBUoQjjsl6ssI/soIL/IkegVVSnOhW8JC62+GNtOG6tRmw31hZTat1DUyYL7f40y6voj2oBk8dYLRspZ1e9DnvKCbGMnKbNl9/xFeeGCHS7E+kGXJO9VZE75+dxYd5MtWS73V7lZLvdZhVlu91wRWW7UbTpzVRXtttNVVq220ZVlyuw8j+sPrLTJud0M/npDklQg6DoI0VtAsXNJKmbrvZst4FA67HRqbYZ5AZVh7bbjVaKttsA6HlVkLbbcBheV2Vpu93RKtN2G7ApHjqCTTZiIz3BDVeotps3xDwl8E1l8CjqdvzWbwzaDezPWKFwQ4yQg88M5zed5+vZGJ04dEJYHqinai+xuFk6H9mCofGyw1QFyh4leX5Utueebm0j4GvYWjy+eYSCzetkWiSUTsk9Nc9tnVW63DX0Tc9tiSlKesrcJZlZ2jZJNuK69sHVp39+RPepcGby0ODaLqOH0yZPuT6c5bS9Enl6wKOSxGMXyp1KhwoW1WQgtlasHn8Cu+50JTFJGGKuXM69/VDNRWIFLYjPsmxQL5PvATKg+UWsYyWcOh9/sDU6VTof8RWqKX+mlDDQR8+TkyM8e2ZktWGcqS+4+WlOfLUmu9GYeFJKT03JMCJ5kxqS29eO3AXNyC1pRW5BI3LT2pCtNCGeh7BfAzLs/G2i+bgjWg9PiPVrO4ZBbBMtx+1oOAYAyEOzMRxKG2k0bkWb4W0vHqDFGAav69Ze3HHNhecG9GoshgF9A03FrWgpdiWHbaaZwOxrjwu4dd+4q9UPClKo9akEG07LEC8wOTFtDVcaMgVVlH8yiTkl+rIi/zPDrvjapcKNjpE5wRhnFWCmCfN5jFTdCzMYJZ2TaC3qX2JVcbY6cc08XaQSoewMW/jxzZOH0YuWRevAWna9/IDbM13NecRoTAWG4NUP2whYJr/fLrbO9KY2rZEosOapMShDoGpemQIdiQKbeQLt+nueI6dW8BfM/SI9x+jXOZJFSgC5Xki1FSt/+ETldaGEdVMs+4BspsjLGJlFGVBcztfkZmp1icvUMIseoYvheL2M5vk51pXhpZuOMbQamM+ktDJT5AQa9jAljs/pGGCSoawMtPkWMiG55wkKLedI3SkJZmnn0KbRJtFfWhbSngWCG8W8wZpgeuP8bLwqEmu70UnXrHJUC4i298mCBQUGuCRtdGdVfH9sBkOirdC4XrIQfe/JPVY/YeDCLDBrQlrxo/5didI8R2C75sERzBnJfbh9acm1mGYYQmFtG+WH1lA3O4V1kQs8csVHCetjF2BPTFdqI8kuQRg1xaLL6GQisYCI7s1zgGcf9Rlcj9cGvUqH4lTNsXf1WTzlipZNfFE40U80PEjhpz7OzZ8OfmpJMq5c1prZ5P0JDl5EKwlosQLUVUKJppuS4+bxKMfu8oAcm9E6nlt62o43Goq41vc8KhC3PGyfffesxjqFT+XnrvTXLTWUOhNgc30DGxdUubWtcmDrbFSv/BLMIndjklqZXFa67MM+5eZiWio5qlo2pJbC+cAUA+tcA7bNU8ZqPKNhexZZfVlxIZWCc81T0pyty2XfVSG1aqgwRVClqBoxqqoIHofQV+fmBGFnPFpHgVKFcbGqsWwixrWVBBXDTs02uxOyH2KnWahPc+1fjdSXxj67rlqjm9UZHVZmtJsmX2xcftS39Ggv2e8pOeq7QSfXVl+0Vrivr2ifxz3nqvTou1723vUt1lgp/eZaamKKNSJi4IKnFznGnauaijAYolyV492osuIGFRF7gVsCH1ikqxayPQy8qh9Fs4mq6bzlUwBvWQkSeKUKbqIajGNT2T+aqmwrzhhFeCvZZefodPgxg/isSsJT5IJVwDHwxHhO8wKFyrlD64a7+lqth+H9/KfXbxSLTeYGojvMOfz+B1fcX/8OOMs9blzqsa+cY++8XLUTfbHiukoqPkcljimRO6Fx6oVLUXWJO17kZWllbyFR50RxV5zf4jSZYvFxK+ee4Q06J2GyAZ2t59F+CfLuhDRYjQq+B+zaEZ+mc0QpzPKPzNkZHA66ktIF5t6MuzWYPZvlkgQcJRE76wt6cPRt4Ubi2fC864Lqx5pqDzqTV6k1e4XUxgYqA5u3oPJN2TSdqyucOKC2AFmqcmvJyWSl1RP6BGS0KJDy8MhdDKerUMyrjmvKe9VCEjdddEtlKmyNRa/yj0C6JD58nRLTQlditeIxSvbLIulK6+KAR11q7BcKWr5olQyq77XzuRsIDHhoQbjtExfUa42UHElNX/mCNUpn7XVkVpjDkzL8bSpB/EgHc0iuilayQvkrMi4AjqhP2UCNQYUchjqN330SRb8XzLb+L70XWK/Pi+8tdjN+Lrfp4XK7vi037tVyo/4sN+fJsqEPS+9Bcvmt+J6hYb4qt+6l0gsTl2eKL0yGeaPctB+KFwicvidD4DDQ3+SGPU08dBRe3iW+ELk+j5I760vSC2KH/4gvWAf5jNywt0jP+ns8RIb5hnSLcMrw8SedwLSHKW5+oItfcv1cOxWqvNsyfzFbumLYLQPFd98MMlBQdemNiivih1bN2opyiR8a/wGxuXaoRp9MzicqfGMUSYnskV1MexRxwWwslD1I3iKr0EY2JrYnaftSq6EoOmmzMamyfRVNJnenNfLk0IHZzyivoopp4NR/LX3ukdzXUk1kc8uUZ2VHDQDBXKpcBUI2l0jRtkAbbvzBLudqVXXy3Mv2Goy12jh2sahmscVVXJwnOku+cbGhapyukpXG36tRhsfuHtlx1MeVKxSZtZtHe9rWitcR1jVXjPDx0dG/WvbQaQx3NdxRUg4DVeGc2r6NrrSuWk1LCp2RChC16VfJyhrHKKLNt63TpggwXCDNVpd26KwisymStN4BjR8ZWx9yNjr+BS5xVMjZP61PtUZUoRm5fhicQ5lHYSJJ0dGExCCF/OZF0i/WX2UdaO1l0XVHf//1K8rOZGV8J4XTo3y+Xii77bhGuqTYHN8lZUqaD5X9umqhl9H+u8wzmY4uoaK+wN5gNgvlHEH8fHRyrrRKDFZdSas2F2ssQz2m6PjYHLodEjzeq+qPDSLvGFZsAUr8ty6SQ7lmDl+iNgzZRvyHXDmHfMnozYPLpnPKdMNV5vvS+qVvsk0/GphnmU9TugZMNkbnvhHGKccP/tenSj4vnlc1x1djZjMrIFXX4eIvPx3Hc1gnMxRYVXSho3jzZZKdvHz684PXlZ9dVNjeIKGS/LG2OQpFWVLhH7L2WZ83sueSXcMkatQZcsXewwmATKpc60Jq1891aeXc9woCocVhSjYCvWR4jSo3dzUluFMHwcVESkv5Bf+kyzc/x9IKqm+t9xGukqgFujyQfqlN943XQpGQCgu97nR/bCWqz+OaxSJNa1voeYOna6pb3NtDqhUyEEjtCta56V1QZoJXT16/sQtWmaTVhsPt2h+EJoBHhe1qF0mgNKII1xVc8G5ZpKtSFURoi93tTZn+1GF+vyXlUMdutRd963JLa+Ta63RKgzdb3RO38UhzxnJvGcOtIrXbOKSW2G1nzHa/sU2Cm3tWUX1ZC6bi+FsNxC67biO7Gb+jeLWKsQZ16+J2XaG+5tK3iVzwPM1qtWVL7oxuJtYpYd71S5B4lKjW5Jx5/e18Nkl/bTJDpaZqtF/v1US9Wz4xppAnDJoT69BuTaPrBgY+2KEoZqIksOjARoqDSg8ka7QGW5TtctOQmAuvWIvSEWxRNqMt4oocdq9sTvH6cd5Tdm8F/wuN5I3arf3lypWIG7OJl+MQZrCNMP91Wl4Aqq4uEZTau+lvSZFzVXB3gbDNMTIUOQ1FTltbKHL6j1DkNFTG++eujBcydKchQ3fI0N0zwF3K0G3lhgu5ukOu7pCrO+TqDrm6+9cQcnU3W8jVXWkhV3ejhVzdd8ZL0bSQq/vLztUd8ka3t5A3um2pIW90yBsd8kb7zSnkja60uyClh7zRIW+0aSFvdMgbHfJGh7zRIW90yBvd8VXIGx3yRrf2FvJGh7zRIW90yBsd8kaHvNEhb3TIGx3yRoe80SFvdMgbHfJGh7zRm4A35I3eeAdC3uiQNzrkjW7pIeSNDnmjQ97o5kRC3miCY8gbHfJGb+bVEvJGV6AR8kYPh0nIGx3yRlst5I0OeaND3uiQNzrkjQ55o0Pe6JA3OuSN3nneaLGISk/13MJNtwHOC1z9qi/Xcf30aEOEzrJz1aCQHRNqzRP9mLuR35ZFmpPtBTC8MkF780PG6sEZq+9ShvE7lD1bJco+hRVynOQmebI3SY2tOgrJrEMy65DMOiSzrrSQzDoksw7JrC1gh2TWIZl1K0BDMuuQzNoPHthCMmu7hWTWlRaSWYdk1iGZdUhmXW8hmXVIZh2SWffOLySz7mx3IU0WtpDMOiSzDsmsmy0ks1YtJLMOyaxDMmtnC8msay+GZNYhmXVIZh2SWYdk1g54hGTWPWPdvqR+F6T0kMw6JLM2LSSzDsmsQzLrkMw6JLMOyaw7vqLE05gYVbzyd5nPutqtdnK9yC8jlNlq0Yks3MQr9G1acT4fzNdKb2H2D526RUnAjuHh2l+BRHDGYqSRmelcVRPCYmxhdGJCGwBljngq6LtypV8ihgMWkGLSLBciVfzOjpT35VZCVMg4/oVnHMeV/IxxWHAo0J14x/vY0vWW23kZpxROQHlR4cEnGsFFyDhB7yxhb+mJ/y5L13qjpYcNdzqkfw/p30P695D+PaR/9yGFGFGB8Cr/hD5suyCH1R61yqe0XFvtHNGwk2kGK5xJ1uEErwpOlKt4Nk5dZ/JSfuW3g7ajaoKJImCj7ATQcvVFy3lsSDIrxdChWbKelskizjB3H+O+Y+jaNHXkploGpaiTQUeMHHQggEjEs4WZjjpxCC+AwqsKPF0KXBkP1saxfC/z2X8k8Xx1cTWiaNLZem7/aO3CiNNjODpXB1zUm3S0tNu35ZI7YlDzRVOmQkwomIS5i2mKTpT52eoSuji8iIsZ/qHuK4FV+e8uPoPgSNp5xhuV0VAlccU8wUgzgFBgehFxbc+AfpnNIfIwmzHNtBJp5zV4O4HCLGX1erRCm0jpiLuCk1kTSnOc8H0L9P0s69OML83awbLOECy+WKmwZwsBRpgWXXbmeZzF5/iTxgR0nz9LP48YFrA7BDmfkx2dV2fAaR8STLeqs2eiGk3yfo74ZBsoWDt9r2ycG+9pMBwUoUYf8Xgq9x3Gp5/PMWgVJTgztb1HlUNvsORhtBf9W3eiUtNoty+S+ZJJ1wKPayL5vjkRrZ2Zt4xO16enlFMU+BNRt5ul55eo69ZBF4fqDSFTB90T6YzBUq0t2rSC2ibBJUkJklPYxYxEmpRVDoyisTFb4GwccQHS1+FVj/XGkTq5ddUerhWVzi2rCNpiMGf5J4yLm8eUs9osel9l1i8wiAaYT1htns8O+AgSY05ojn2mWW3PTTfz1myl9fa0lpcaOaCkzO6tON3pCFBBn4GVSgdUAlfkTFRt2ot8BUzCH4G8129HNR5RMP0voJp8yB4UM7KCXNn0v3LrxmWdZvRNZxF/Vnb6B8ff9b3sY9TntkStUgE48V/7b+Px347G37/ffzuWv75WPx38Yf//a+9bl9s2snX/6ylQmqmy5U2QkpN4Eu2Tk1IkOVH5ppLkZO/xeHsgEqKwTRLcAChZmZqq8xrn9c6TnF5r9Q1AdwMgqZun+0ciE0Cjsfq2el2+72995/WtZwN209MPe+Ff+W8fQvn3p/7HZ1s/ade2/tzkNWtrmHZx0lAJy2PZtX+2sSSyjjjCJSYw5C+WazKldKpSMknCiEe7JGQW2b+m7bfU66YWTS3sPJ7tqFo825G9fs925NmOPNuRLJ7tyLMdVYpnO3rsbEee6QiLZzryTEee6cjCdFTf2I23eUKkoDshkqGKA0Dog+aMqqblkbzC8Z6DccpduWj/nKZXmBHAM9C/FFqgeT84BmUfWhXrIWKXi3OcNNpBOk/G+UDzOQ3OJ+n5ADIFKPoJFME0Z4vE4Pn282+3f9h5EXIzKIdyCJNZuM92oVBOmv6UPHBTCK8SOfyWLv/XZYPyg6HdYPBUWJ4Ky1NheSosT4WFxVNhQfFUWPXiqbCUHDwVll48FVa9eCosT4XlqbA8FZZRMJ4KixdPhVUqD4IKyxuOtLL8DOHBuQ2zQoTwjrN0Mc954GwsMV513HUKlROmj8S4MTFBa6vhk1w4aWQ07287P+P7rIFEbktJi0lf+8TaMxKkxxFaYlE7LGu+ZYVX1Tp86CqWck/NWeUhorhMs97lHhxQXAMEiisypCZIq6qohY1Udn8tiiOnMI7y8JC+SRe+0yvw3OkRE3AexRVJc1xJmNt9DufLdsdecFQ3lfZkWH7ln+/nZ+mBxRMC5XQYgQH9/bwn/jzAmImTmFyyqJRQkjD8dQw+NANLARRnvLMlNkaaLUUMAoxFcHVG3CbpzugoSVoyXoEh8YSvSDbxtwltbh8uU/vChrjmes1KY76lgBooywXVdIyqWSV6BkrbCBoorYJzGyJpoHTpOxlAA76o2wqugXJGyhhGgIA5GYJA+Le6HtTjs5//5cX3q4qvzXFQlS6SNJwbKyutIiXUjpB6YjQfq9eYU8t0rghCcBfzJtG+xLAE0ufQXmJ8USKXcnYE2HlOcQTYrJr7/8OXj33zMfiHXqWtgJe3wJVtVI1yrRZUMMCpBEuhcDPVlzylm7aZV+azsypT4qbaDbYbR459C6biDumC0mW4ZCKeiG8ZUcVVyzO640yffkWneDD3qDnO0tFiyLOnZTxYdQuHGcvjTOMv0HOS5hCVeZ5ar520cZ207c9UMGaBB5phOn4lDqZriBmUM1GPzqOmRe40rzS1UDXOIugMV4OiLVE77GThHoxt8kdU7ghP7fio5X986u1+fKb98+PWT66kj1aLojuiC8rSUV1OgTdEfEGJ2QnAnYWyCa/bdN+CbXHfw9uyqihdQWhQypxatxRt1iGt6QHmKbVKInfnJ7WMIaNbuZpjvU4LrvWyg03GEYoGpTEvqjEnqikfqmsulKO53VKfGiy4UCoGS+3++uG/bta1ibT1wV8z7crjvaXSar7wLR/4F/yQ20F81UfqElzMwyINQUdrsp/ULKitxKnqt1RblnQgTvJ3JVbrXDNeqP1IuvAuNpB+KNIMjmHaL4tzaTgUXYY4HKr/QMsSXeQgmRcbcvVWIw8837uDf/xzIwzDDS1KCcyoiCuRoy+TO0SvdjYw+iHYR4hiYVk4IKAxdueGzsJYYx9kCiMsIpjaD9UlM5BROIxCOMbvgik7CfObnC1bA/obnIizcQgPUg3SIxay00kfVpXzRTIZUX0iXzK42u7vvOiDmqQz2HH7bp+tRvQ5Ij5uVwct2RAs6RIvpvrchuA9Q2+v5uEG+xQbQTe7we/x+WWafsZfr+lv0ZNERk1WLK13KfdKn67UCpQDryLkd1VuoqgDXXraDXPs/wE1VQxS1fCTGLy0vNfl0AuDqx3tT8EWj0bk3ZocucSElDmrnvh3WBEuD6ApoeLBlvBK/xXYafHKfLLIoonqDJLzZZohjr18xZSQAMAEs5hEmbx/A6ZRCvNRRlWAWftK+96wxGKIUa77APE1k5WXVstjBV/FJfTfbIPXJ6RC2NrQO/K4+nNNVam8SQLnk8YsIts0H+mAe1AH3IE6UC5TQ9toBUA/bblh2i9NbaqnCrMm5ekwQQ8N9wKoZd8iIf5oqRW/lX5ragcCLGJkmvH1U+vrSQg8drU/Uzm31AqoV0vEnWdJivlC8shVa9hIc13J5Zwqu9qJJkzc39DQHF7GU0lOy4bkjB1Lf/vmtPSzywqgYULC7kwPypO8TCLCw672WM21hucGBUMiHWj8/CX9aFmMzjPNZ2U2FNtCW932DPh4Q0o6HxmQh0zfJwzZ0hqmMkZtgXyEJpNrEaSw8mGM/Bi4P0XdMniSh2bg1IekUjQFmKLn4WCfxRgHCjBesj6yQVTbccuxRVJfMGgktfNPPWbR3T0Yn4hmXU6uSuYR2QvCnnRyeHqm0/BKBgzNfGnrH5AmE49gzpCYa2xN49HkSO2QoIlvcT5NCoKJi/PCRJ+xj+oG5ijNRyYC6SNHguM9RVhaestMZW1L/K+RsJp2EQihM4I/VPP92+b6O6hMmy2Z66YuXStlqdsfNnRTlLZ2qN4OJemtUJF2pCBtIB6lDaYt4WgLjvMW9CSrU5O0YdtppiRpb+O/KyqS+6UhuW8KknugH7nTZIu7pR1ZmnKkxeRyU420n1ddKUbuPfWiHV53ezIzp3S60oncPZVIS2E0UIh0k0hn6pA7pw1p5fVoSRfSXja3SRPyYBMzWgnbSQ3SXsAdKUHunA6kHaqGy0nVlQKkfiqSV1pJFTksS1CiZX5LpdkMJ+liFIJZW8Yt0QusAHbLkl5aqtMNN6esa2A6pcFBicfT3JSGbmlDMtpemrdPKrpOMlGnaByj1UkauiJZqKAENTTYRBLqjANpBqWwkYG2BqVYM/nnrZF+doBkMJzlm8WxdlLPJck8GwLqG07Hq52MG1aahhNxu0XmLk7C93cKvs8T8B2ffu/w5HtXp96lTrwNk8Z+0m03X7qccO/5dNsgCfuptp0kupxm7/Yk2+LDHSfY9l/f6eR6p6fWRoy3FqfVdnK4rVPqAz2hNgjWejJtJ8wOJ9I7PY0uq9d3O4E28xo2S/HueQzPLu+Qv/AWeAsdfeuixmuBZ3C7VHh3T4F3f9R390V5d+dUd3dHcXff1HZ3Sml3f1R2a6GwcyxRVg6P5vVpdc6O9XN1WL/Uxm5h5uRwsV64OThWpL/oQn3RmvZiNGJrV24ywDR3snyYzEdi3qqfAUt8DFsxP4G3Xv+H6bw04S0WJaX5LgvAycW1R01W5nUdeFPEKcJ6ZMmV4J+8FLwmPdoq4/5M284dr4SyPtTwN+UX4oMy5e3XNC9Awe2x/ZdCEI+OrT4XJsejmbjrVhC0eRuN19aLjf318KjkrUhUPIGKJ1DxBCqG4glU7oZApU1WuidR8SQqS7bLk6h8JSQqj5cdRbcecDsT+hyDKnVGQWl0E8GhYZRRmVVDKvGCNkX5ixHkj03/81TChUgqDVOj2TCepOMxGm5ZbbSvkmFjTlul+3jHtRm+nsPH4g7FNyPB3CKwHTXzsVGCJRRIidRChoKL5AvsOIsiRWwZtBikZosRKkNPcbIILZgpAaxXYDTDnBFeekFowuOC0mlcIAWxEQj1gq3UEfjb8dXXWSqsNFqXPCG/caB2aS31wei9LRvVe9zaFYGVdrZgowJtQtwfoxvvpI3U1FRYZcWw4h1wLbTOZEYxBWy5Osf0TY6Yx/quQBAcGq2GWuHLemKpkt20YGNlDmuAMkbr30OSMHvWJNe95lVIijyeXLCGojbMtjHe1dMklyk1ZuzOPfAM4MCDaaaPu3TIdtVgtMgU+hCfUHJPf6On9ZYLXysJlTLKaRrLOAQxF7mpnHXfgM8pCQdqqlN+8BOEnpovugUOrZnY554Wq3wxHCazYVGh/LGsUwr0tZH/xy9QfoHyC9R9LlCPjmwKDtHvKV+3oaHanQrgLlfWHAlAr0nf0MzKqd2E4Npsd3H0AIcWaEee1Yo7i6iziCPLYKr28Z8+/tPHf5aLj//08Z8+/tPHf0Lx8Z968fGfldIl/tPTQdUebKSDkqEW90QHtYb4K6GSlL9QU5S1YCzOoWM6e88s+n1f0gjpAVoR/gtP4OeL8/OJZTrPhYdHhvngkaF8CDWJ/AjdCKQpg8WEx4ORHYQ7KMBkwzolBC9b8P4/6CCCYDq8zzv0RDeozAtwSNEvAitT+8kElqmQLDtD+vHACV5TFayuHqhG6G7lp5oA65DYYiQsPnmCRMWQGFm2M9TbINH4xd1QE/va6bzUmr1xGcJPgql6+EIPX7gSfCHtJh6+sFQ8fKGHL/TwhR6+0MMXfnXwhRqgiQcybNUOD2TogQw9kCHKxAMZeiBDD2TogQydInwIboKWwvZAhvoNawYy9CB8HoTP8REehM+D8PkgLB+E5YOwfBCWD8LyQVg+CKuVuB7C6coHYXXR6z0Inwfh8yB8HoTPg/DV3+9B+DwIX/sv9SB8HoTPg/DZXupB+DwInwfh8yB8HoTPWDwInwfh8yB87XvAg/B5ED4PwmeowYPweYwrj3HlMa4sH+9B+DwIn1+g/AL11S5QHoTvIYDwHUHUwxK7g3iW5w/H6AlIRvlgAYEPMLIWs+R/FgCawSVwI43qxtjabiEY6CvE/w7+BE/VamwINdUiWlrEmMCReU97BPKeS6sFNMR+zLQfbcAKbAoIqLUAki/BBW968VKhezI28WQxg3HTPnppv/KkAHUwto39kaWLsS34MeNVAEJBQcbHpzGg3MjmjdhA2Ol/23++tVyEIoygSfuPe4X3uz8J7bpPFhgFGmZPLJ9G3/FNf+dFfzvc7p/P0/63YTQdvfh2yS9hs+E4S7/ctP+YJzosxCvxvPPj+ubPadG2SVx0EDM94G7KMi3hGmCrOWW17LwRlZjbhYHQtLopjbMUjWOpNylnA5RtpnOKHAet6HUcZTM6p+NYY2rU0++2LJXyFoTJiFZONl/Y/X/pp9l4wDTsxRf4ZzgHzRH++m6gHuh/178spqZIg0Y5c7/MbHx6w75l2nINfSeeCuixta2jaX40tXoNSs14dxrgrY6pPYiL4SDNQ46N4pzfB/F5wnSrX96+H7wGYQd/wZD0+I+breWmeY6Cef9+tRF8KmtZ8xBWU6M8ZMvufOk0YGrACXv1r4hXkBc2a6PY8Sltoc9qZCovWkvZrr+YCkCYQTwLF/mAXf7Ern/KF+dSFp/Y0Ga9CrcOdgYwqgfZZT5FbaR7N9gtjmFJdTBcph3dcMGy4RruLO1ZpuuVncByi1qQDTfIddJwrTK3TXfQdDNcUcPXoogaza4eDVoVn4jkE5FU8YlIXA4+EamdJHwikk9E8olIPhHpwSQieTTo2oMeDdqjQbfqiX9xNOg7wv9tasa/Nhj0Q4HkvjdQagHzfM6+h1BslkF57gLsLCrwUMweitlDMXsoZiweinmFI5iHYqbGeijmpph+D8XsoZg9FLNePBSzh2LuIAwPxVwtHorZQzF7KGZbTR6K2UMx67BlHorZQzH7CCgfASWKj4DicvARUO0k4SOgfASUj4DyEVAPJgIKYZQhHJ/7wFdBYy5XIx1Ml+l1AKeBSsgTKdNRUQCKEgGzAKqpFvIi8JTtSaiYtxFEF3T8iHVHdhUuFQKVgj0VLMC6fJuawE5z2Y28CTda1vAEUI9MA+GAIKBRfdjZhuNgyjaDTsq6x79+YPjX0OLfIKCIDeKCjaEV+8VQ1Yrdcx0l6GZHZGR24QrfYD5fo9jx3ZT81LLXeJWy43gNHXvOg4x7kHEPMu5Bxh8nyDggcoI88l8gtmSZZapcgxZprAJYddRb1jPJjH3BiMOpxrBEUxay0GUISkQB7jUABilovFGAWcBM8DqiLd9igvkkUkskGUPiL0XMYRzzeBqxDhrysWt4ZaVZMlpQNJv9fSNe1qNOxoHMJnM0mqpmiJkC8mFffVKSn8kAx9/DvoVix47T0a9xNCkub3oYuThaTPQfNWn3KNbcUKmYiNxsxeGReASg2pShBhCpDq2DPZgDZhF1NgQrpRfFNaticBllI/hD7BcCBOffTfs2ygutpDQeBHKMQJ0ERDyY22xCQ2w+jn2mrLH1RXUCTuPRiNYyDfk3rcjVKARSuarY5xIsFY1KIH1oxAKHKMWdPtdEbFfljma0SVUmiDYX2MdmhUJ8kh3cQ1QP6oE3mEmdaT2Nid7JFwJ2gl5ASblmZjAuvxl7mzLRRSRjDmYWjsrbo5mpvroMR1WdB42vp+8WCyd77yQa8n0GIpjHEwh6hBOJatLmfmnSqlGwG2wG/yYaal2qL+PJnJaaKUy3mAMPEyKmDhGay8wEyEMopxwAjtL1DGHueYDnQNzBlxcDpkAn3PvSEFXo96g1czDTyHEWDMoDXqyBEXkw9L5fBqZb1n22BmzWUmWaNRps3xzWbZ5OIgTBVR/1VEB1ZwCMgLkk4zQdbdGUQYUVhyfUmcwqfaeqAWXD7i4+qgDcggYR57MnPF29B4nrYuwW3AvGRLxwI96yRSAtYkAKYi2t7EbiPbiyyH8RGhibFN9kI7RC3+jrcGmXi/Lq3LY1Yxp9EX7Gb3Ze2G5yOSOpzMFqkbE+/q+nH6Lwj+3wh49PP4T8r2fip62fnv6t77y+9WzAbnr6YS/8K//tQyj//tT/+GzrJ+3a1p9tXohVIGpLY9G0L7ksTUygRzjFg2+eW/QsE1ptxUQFIxLtVJ/jG8P0a2pjvS5687TCleI5ZDyHjOeQ8RwynTlkevbdUjLIqPsP3p7q5DLsn55dZr3sMjD60OwX54df5kl2c8D+XGa+m2sSjY7xF8z5q1oW9Qetk19aW/HkJKB7y+dvaQuqVbISeKZSpDwBjyfg8QQ8leIJeB47AY8n38HiyXc8+Y4n37FoyPWN3XjbnXH0iAiTZTRVGZ1iPNBl8YQ2LSZhQKtmI6JRYQuCdzCfeV6+0iXE6egSDacjLaYH4TFwRaFQCzaKISwBtxQKHuBBA2TJNyHCu3UxGdJyCs/bNbF2s7Bem4zBELoOWXHoYy6UR583Hz+VPYI2GRy7xPlg0154qLMpZiX+MmQ7nEkia+kKocRh6y8jUA5ZFdZegNJOJWuYf9D9L9PsbSXkZS3d11R3vTP1GJnSeJzinkjSsLzN1tV6p1qiepr6lh5AdxmPsEHVX/r6F/kCTX/oqQdn7ekRLIyTWEIL50Ftgy8EEE29YBIOt6JJexOZeoK/92nr7tO35HsFBfn8nbb79Q9PZ5/kdzdWHUu2p07z1GmemcgzE5nsg3fFTGS4T6fHKPsSRvKK2LbGKVf+zomt5Eo2IJjFXwotY64fHCNvAIQx6jH+l4tzPINonrQ8GecDLbhqcD5JzweQukhh7qDLpTk7cw2ebz//dvuHnRchjy8ISaUOk1m4zw71oTyD9KcUWoZLlQCh6WLX9Lxxnjeu3jy/OvvV2a/O9786e9I8T5qniifNc7bAk+Z50jxPmtfcEk+a50nznM3wpHmeNK+xGzxpnifN85BRHjLKUDxklIeM8pBRVkl4yCgPGeUho8rlXxsyypPm1R58+KR5lKnf8IEin3+cpYt5zrPpY0moIoA5lNcFvQUjVFQM38P0Ds39RjG80jH3287P+C5rxmQj84o1w6X2XS7qFZH+UulBLSklL2WeP8nLUVi2if8KgpD15A/QAtAxp8XgosejF7yfn6WQedRT5Cn7nBQGrx/V3SQ9PBTRn7atj90gkTEInA1G0DFE/FpDvY60T6WH9y/j4WecsFE2jjkCgoI26rFhkqeBdu/pYkgRcb3gHSAGnMQ8kH1USvDO+CCytWRPAqZMZO43z5oSTkG1FqAx5BVhi3CwhGO8FccrKrUXKTDXoI5qgmKxHQ+MOCM1QIoGEJJecFgMR9V/v4mnbM3lP5nFYE2rgmJJrZIhwiKFBZx6EFwYwVGisEO6UCmNbkm5BofiE6462HqsmZSnS7ZV7QudmPimmtUuc0v5WFCWy8nqmJS1SvIVlLYJWFBa8Bg0JmJB6dJ3Mv8KXI+3lZsF5YxWLkwgAhMJ5BDxb3U9qANHPP/Li+9XFV8bFUqVLpI06FqVnU1xX2pql45AyMfqNYLdFcF5BEHRi3mTaF9iVgskIw3p1GB8USK3T7aq7zynsB9sVi175MOXj32z6vhDr9LWBIM1YLEa2QOjqaACArZFWAqFtbG+5MXyW9rMK7O+qQrT35LpYrobbDeOHLN6qoo7IxBKl+GSiXQ0vmUgdN04i6YYy6VCHTJ9+hWd0gndo+Y4S0eLIYc3lF6GqtoEM5ZMUSr6TKQ9zUYCyzLnzRGOC3vePhQMzON5ivAJ1TSqrhmKUM5EPdqOEGmJX80rTS3TkUfwObMdoWhL1M7284bB2ARwA0WB3HAMmo8aUM2n3u7HZ9o/P279ZEOngdJqUXQnBEJZOinQKfCGhEEo8Wxh8YhSCYNNeN2m+xZsi/se3pZVRenKYYRSEuRtJSu2xFuC8sAAlVrK2ZV+CKVlCiLdytUc63VacK2XrVmMdNmSyQilkYzJCfKkajADPUHpAvbU0Nz2WE+OD+vGXA9wa/SDIK5Xv7h568Mw3NA8j+CFRIjNHK2b3ER6tbOBvo5gH9l0xBnrgDDIwderEwAjrXGkHVgBiSQkV3kG1SUz+IBwGIVwoNkNhmBUJR/ugP4GA+NsHMKDVIM8y4ZMT+uDfM8XyWRE9QnIrOBqGwKfYMOYROfxRLyeIl/6rF/oc0Qg5q6Oy7ohiMpFgntcMEWv8uiG4C5GE7Bm8AZ7CNOJbnaD3+PzyzT9jL9e099C7EQNTVYTNap4lLk+zKghKApeRcjvqtxErgddgNoNc6RtH1BTxSBSDT+JwYjLO14OjTC42tH+FJztaG3brYmSC00IGkSQZvJsHVbkyz1mElorpkbBFHlVufCa/YYX55NFFk1KvUICv0wzpD+T75ryC2zgLCZRpj+yAZTzKcwd6WoBW+CV9u2hZnE5zjBwfh9yAWey/nJcEUKksx33HBAkwEE6C3nUfKFjFpM9SsTBKItUHosO+W+2YqLjXZ4uAG6TqbFioaTBcFL+sa6HNzQwEgY91banGcYyI8Z0EUDUUQF6F9rrTokxYMvaSFnfiam10ny4bHOpaW3E2HfIkdVhbB5+orVpIy1+US6j9ODVTjSZX0bf0EgbXsZTSXnOhteM6d6/fXNa+tl11FHDXViB6Fl5YtEGPen12sO16H5UkRRkq4zh56qmDOXnAWZafIrZJmaLR3Ef3UAEBhhCPtUANI8+Udjs5MFfYSvZfPJk4sy1EBBY1zAfYzxL/pB1ywgI7rlJOMoZnXowS6ZSM5xhshhDOQB6XNZHx61qO27ZnSh3a4M+UFP16iEI7u7BkAMKnqfsWzoJyl4QR+eTw9MzhaKrsyYqS42tf0CaTDwy1lTkd8ezEY+fwnBUzLRh2sk0KSgzKc4xM6Za7T7qE4jmQckN1RuOHFBA9xQ2YektXUuq3lxHqOSqhqVr1eIBbnMj5mcVn/I0rswpuzH8KyDeJG6A45Qt/00pPnY4E/58Sbxz+kngMMhEE0kvwUmC0Cg+YidlIA2wmFR0op7NE7YypdPNfhD8hkFtmrWHX+sFm2/jazZRNtlf75j+y/6q1Wo2BIQBVWG4QFUaLtAbugi9oj8sI/dKFWJQcfOkpiNwViPcLSk8BKHmwRPHQZ+FR1sZulAnaOqI7eBpjUxVs7ZJTQqMzylE8OUQ9ZkQxPNNPWRes8BaIYjNJlWhCi7H8kDPylkpBSfWB3GHFR0SNwpcs4lWZMS0clCvk/ySCaW4BlQMiSP2R5ylaLBczGRkYCM3lTM8oqOwcjbthmwBX0ZY4lkOqgunRyQ4oTRhTRHFXF8aTop+hwsSGGLMUTavsUKwJqCE9DRYjckH8YpGgsGl4jjGBdS2kFM5Kqq8QGIYA38ZaENo+YaT8RqS4dxhQPSawZ/w/6EQb33Nd/tj8UsOv4DGUTqlOrq3+kgZJpl6VvY2t45NTeqMKARMqO6j+Ii3B7aogPbucCf6o72lIvmRX8FRJJ0jNLR6ROrMCSdmPLie32x9KUJ08U0OKKHVUF3Fm85qam3mRSJq4RDnU0b5/eQnR3M23ywBm6KYVAntaisPKJfa2vyeohc0byf205Ocw6Ox8XqZzCmEnGe3ujuACqkLonoaoUczCL8p4H+HmI+A3XmQxjn7FX9ZWT7UtHVJhy+KCaJToqEWN3ntmJL3BfWDlCS7+whR3uhT3SNCd6BB9bhYnsdovCHflal+Lj32D114S76KvwZ3V7pCZ2DiV+EoA5EwJ9bCGstlGmfjGMx8w0tXXzoXJN7eNt3dbESnYrN/GwM1RWn2U7B5Yr0m+styQ6P7oLt3oOGTcBd6rRmhq0W3NjatoY29026aaW2iLWQazWGK/QN2Chyt/2SDKcmA9E2w/OjXeCKpVo31RXMEnWM9yh6NKWMKIlkIL45iTcu7NBAYASYYrPcyoW+T/Wuz5wgE06fp5tFssydB6EqTT26OmECyidc2+5039haQmmuIXBaq2jJarHhW7KH8vI0bKD19zrd3qRjq8bLi2JSYkmiY/BYXF0zThx6UZ4uIYDgw2sGI31lJkEKtf4heJA32FWrRiHrEZ3ROoTPbV9rLD8opIBVH2YgL70kua72n9ALxeuPbmxWwmjfOeFOH1QhKq/2i/eavtZHv/+wMKUKJR7gokJ0SVhZwcXLKV2TNkjZKxD26MXNfisI5ICVvXpGmExyTWCsuH0C1nMRXOuCwHAGwZtzgcGUNdrwGj45kI5iNNPMDqn2IeonGIYxLx/BLfmxybeOVYWY+nQFMd8gO6CM2lJRQrbU2boyByHuIzaZAUdr3tV4f72zBLSRp8gTDECn9xK/H+kg8yrqdssgdr0Eb5Lu3r/8zOHqJ9eD7aGsBMFAyKbM+EAS8LtEfXVRgE6CBPWXrZENmkWmUO9y4LdZVyQbtmlGX0UxVOI/yXCa409AnJnIIY0fTAOBvqVnAk+pxhf7i+hLY8yTlMFUM0kBBw4sxm5aHZC4myCZUkZ5L8cU4NwpcZbN3RghTvB8naMMVZmFqqWKwZYKbRpx+E5vleAv/WM5XSePDCIBl7T6VuSr0BTG0RiR/yuDuaS+wsb2K8vbdGR8GrDu+3f4Beakw01nR0cUJBvLx255v7wT7fNNjKsx329vUmyeuIBoo5GeR6L4q5lGOA/yGoQ6ud5EuZhLRC0O2o8kkLQoYxhK4F0eta/GkdYy46J9qjGCK3B6rFsh48oUn8ES4h3ddMpEgD6PjRXt4vud0nslFINYK+BinbVGUW96S2eyZzlPK7HO0wgLARssPQAIOcaK5IdiiktfW/tEttuSJ4zwC5Z61gDd0HOEnfqOxVKdUZJJKs3EEnlpicebRJ3+41o6nGAdCuzJak7bk1svef8NNp9JcSaEIqOvKtBVO79iwDPJ4nbXu6BPXoavVZm7P04bSvqtwgRE2Db7oSKADGZjUD440knJiqIUFD7pXKv+Qm1VcOtC6oGCyvzovwB4D69c1IC3QXousAuhD1tdzFVIQzUFVziDFCxvo6j4dJrQvFx/28DTKEliRZsBBzSnI6YsgIFUuCrFgFVf4nU4bmYiic42VRi+4XroOLBVCn/NU+Ee0qjWk4EPpNrApFV/3+NIvfIDHwB5hmAD9YE8k66hajGCwopQNJPCizRE5xzZVFZR9oi7woz1bCdMZDNFKBI1rWLxlAwjyZfmKxzmllQYGILywPI7IAK2+IlR6mQzcoV6/sNrcoBAhuHidUId5moBr/HLBRsHB29NPr/d+Pnx9b3NDwSM8pkmRUlKrsLqsY2q85i400Z2jeE6roHBO8qgtULf3Xr+W93EdED1wkOTqeAUeyCh6QmDlcBOWGDtjdiiHRLshbMJodJLavcAXgu0BQo05XbmGJ+wcqfGM4xFlNxKMBttcBX5Kcr1OlSyu4RBzeOuYnsgWzgSEM4TwGcoxjAh8eBxMkXyRfQtP0JSQAg9lIDZ6Frr4f96Vhqwy2sYzUA5KXEKswYDjeJMuVPQNyOt65vZfBHKM7om7xbARazkfrXgYVgtgJAKrcMgDoJRz3QvwjM5jn2lJFURqGT/IaJU7aU2gtPGyQmlCEFNlNSwxVVr6jZg8JunwM/bwgZVhytHEhqEDBZYBzKbae3sg4bnghdLAsckGUAyB7LORaMQmEz477rAzQ0aJzY2vUdWqGctXLBXpyM4uIU+xQ7MiYO9NcOlorL8EbsOnZFMvgEkgbhWzUTrY8rU05GspE8fgT0pEoSDLaXw5aMGXTBdHvbu8PmNeFpsEEe3/xaWuO8AaFMOsHnI1S71cMvU0f7oeTnThIvtT5SyltVklYYLpJAdoszge5aBsQYduBnOI6M/1iYFd7/b9QsGc/OuEKT/fPn8ePH0/Y1MYIOnQJHzIRkNxs6XFapP1sN1kM6OEl4vaKzrNMjmFKjBLuPnJqGqxIzUKwQWCs+yX2SHXLN/UYuXoAsOmyj0DsqnSeg12H/6pdJVdF+A2VdYPOOVAcFOltaSs0FuqdBVUBzguVW5BTlZcLlVaiqkpYgNKqOkkzttgoDtvaLDZhIENcpdKC9sYlC6O+mrl9uiRhpfXA/1F6QabJ81deg7AeczOXEmaVdjh78mXDZ+K2HiOVOBmbfdcAFCt41grK6OYGLXroQ2Eqa3I2w6+aB5kzi5G83yBAQqOegUgWSoNgeTd4iG8/+///N9cvXsOJ5FpDJg5ST61LwztTgJDjstlgDZeTkalSo1yUlIUybVhXkVzbFp2LhGvG4RWpj4SNC88YEfTj6XjuKhTcZQLWYuRxHqg4iTB74+tvFGgZv2DqIhQV00XrqWCmhyjykjga231nbbHuS4HuvUd6Tpsk42w0db2tdgw7wZOWi/3By2tl/uEmdbLHUNO6+UO4af1cldQ1HpZCpa6JKv2k7XN2WmZebrc+ekBnaA6SbHNKWoZKS53krprOGy9dBRag49OlOUk1wk+Wy93CqWtlw7SawWxrZfuMrwt6G29PFAYbr106JQWNoJlOmIpO8EdQ3jrpbXEWp7Alz2DB4E98Fve0ak3oD7lhYIOUYccuKY0v+EkXYxCCOKQqJ/0ooa0LVRxZ8mkpx8MVZQdEGUKfxRH3BZwzg3V6k7AU9a1MH3TAA42p/EwixE3x920lt06KlW5bumrmk3IAjle5Rm54GYxdRLviNvqB1ed7UHw3LPCCcUgxbUaJIPTJ49gDc58ylZojS3kwZmvD1IQ+TqMO6UKhSz4j8GIftXTYWqZME4H1BuVbB1R6irV9lJ/a64nLaRlLr4mJb+FyKrstA6bT3ux1SoVNh8eK1Qx/lTyeRwVpxgIT5EZs8prHPy4orSznLS1mqzHYtJypWxpKem2SN6lheT+rSMPwTJyT1aRe7CI3LU1ZCVLSMtJ2GwB6Tb/lrF8PBCrR0uJNVs7uklsGSvH/Vg4OgiohWWju5SWsmjcizWjtb+4gxWjm7xu23rxwC0XLTug0WLRTehLWCruxUqxrnPYcpYJAIU7yNiuy/P11pKkUKlTHGwKBFGNpoBChV1DdDKKNUPEJ+MxJ4dYVtB/RlAVbbt2BnQqZxhZgAF3XGlir97uCXID9TLktebZWlg/z1WF1rIJR02bJNOEZyg70xbenR3uIlNU9aNlYi2FXv4dumdYTOiNQYgsMuzWv69ywBKnEhs1NpT2XadqE51WJsAO1KQSZ1KZrssTaZuPSWV+hjIimHgaXoTkKai+qT7jCnWZ21jEvTcEj1TenGjJX6ztl8kYsl8nsCwint5iyik1NJTofnBIGj746tkAynGEifMyZGYBmKKDeoSTp2hVwmdKmQX7EGIYLubBJB0DeQh9uqoYUquZ8hnnGuZbqqAdL1DjcwYGyOfYVJDSpl1IpeSOYzi0jGF1zwj04pVcWuht/eB3w4eYUSCoYM4b+ybWvDC9CIss1robUZ7lV/YqCdF6P2mywMQA10kbwlmF3h+pl8GiLYaxQF4TYoHYewyPlVdIuKwVgJqQlOKov8/hNE8Z2K52UAbzDM990H1JToQ7I0ih0LoN4X2l1FVPAUpaBlMu+8zT+igEuOVIF2Yjji6BIwpJFBGMi3IBYbjX5wHMfbBn4OGzJHoBzOI0zVF09UWEpybTwBdjonnRaLEUXjVpbu3XwSsDRrQIWdNmgpV4UZXyggMbUcETWrQEdQEoUQ9Tcuw8jRJxR0CG6m2W65qd1nJHzRBnvG85YCJz6+2tCmVadOlnG3qxgSjHhl9MJDn6UBCUWqtAGNcQ6hsQlc5KGKkK5VViHRnw8g3dUUXQV3xPLvDO5VFPuTX7jY3szjGK+aMnFrau5tl8NFOWKan7ZZwij9MhAKpLyuQ4RaD22TCZcIxxQ31C1D02ddha9lJvH66jL0sfq6+7/fLdhsrFzfN0jsGbEjwlXwzZ+jkUGm2+SJCrEDuObxGG6nDlnWcxKbCAX5ZMYmMDlckUU/vYmnae5qYqOfJBqQFMTcH0P/h6Ih2kvWRO2TGGWtg4ziUfLrfa8kQl2J9wOHK6H7Zrx1mGkZDQeSblQs9qjIYChwE2S0lyRqvtRfIFFBk9dx6xcw11ovL/FHc8DpMAezOTV75F2c7CZC2ARLiTL53GYModm7OqLxazUQRGZ3z1dZaKLVFz6p0pHFywkAaKGU6LNzWaKnWNXE//JNUDoadmCzbYcVjww72uWUnF1tR0UJXEbOEdci0go5IZGdoJ8keR/bK+LJBPjlRY03BiX9grwWdEmIuWL+bzNNOgeUzfRZIxzlE4FuSJRiWiD5KkYLvEBWs45qxmiRgK0ySXcdAj47jdg2MhDkxYTfRxmQ6Hi0yAY5K9ga8kMuRdsO2aRjCdQokMmi3juFpJ47zGwcGPPqxHB3ziSQQb58R4gsSO84VhWXctvgsmFoRRjEdL7VByX6LAaVDBCSCETnv2VZbfVTlmSuxA/vvt7Fbr4GXP4osJZpbXgT7wg1LjvszGDBF6St2i5Rd2JGkvsc507FBQL2S3mvSGYM+1I+U6TD3VJol58XAPmbCYYy/82zwNfBM1ls11dnRL5PoqSD10nqGr6qP+IQLHy8TxSIewlnfQzkZ30U5PTUaH5VWawGLDlhRkfTXnS7H1muBueDIEr0ZoNnruOq+atwTxCEN2MI6m3HvnBIDnpMXl9uedUIoagd+tS2M35jtM+aVfBPWd9pOJ+w7O16qnsZmnvJVl/qjacQd6RsxscSv4WSuEXeLwU73VyO6lUfF1JiHjgTy8Jp0AC72/tXMccViVn6p1Q5WYC3S1kVCN8gShGQTkUelcVm+GhM0UD0Bl7IOn81KD9sZlmjBJj+w51zznmuRco13Yc655zjXPuVbvH8+55jnXPOea51zznGu83M7JFdtrmhOejs3TsVWLp2PzdGyejo0XT8fm6dgq33Tp6dhs7fV0bJ6OzdOxeTo2T8fm6dg8HZunY1PFc/j8a3P4eCxRjyXqsUQfE5aohmLjUUU9qqhHFfWooh5VtPkbPKpovXhU0VLxqKK14lFFHxg2BxSPKvq4UUU9wqW5eIRL06d6hEuPcOkRLtu1ySNclspDOKV7hEuPcKmKR7j0CJce4dIjXHqES49waXnKI1x6hEtjbR7h0iNceoRLj3DpES49wqVHuPQIl8smksJbEkvEdNkrIG+UoqZTRyFxBqW0myDOrFk6ZQQe8Ub5QjTnwNsUtoZ0R4AF1mlCpmgyCkOz+l+aTMQT1mtnHOCRIHdWzX58DSg1XNWOlZQljCRijOCWBpsRzQvKMcFt0L7+kK1NhmNLsLLFjK1bE4zEVm+DgMYxACliUliE6jEoGp9n6fWsR7vjIhdgGthcqNC++LG7oEdoZeW1oxtgCIczmBm2louxDNAYqIJb7mtcX6c21FYq7dNTCRoUpi/hDXH8UQ6gCUIRzIQE7YUikt3X0ENczcZgfp4yt+wHZxas2W7fS8GbiAp7oSA8aZxgTjWMV/l1oAJbwUrKlco4UxgY8MHDyxTyoNhAQoWOvQyGXFm11HEKgvEiYi8uIHwT0YNaCpajrawm3JwpXFlSWPN724pX1CNUCFzVJLDAkIk3L8WIc4DeYQr2ppxcAhgeG6Rarj6clZMpUxETNmsmdnsPTv68EKljcgVPQN1MOBBwBECdQ3aGg9PbxGHegl49Fd9D8n7z/vRM6LJo18d1h/boH18CeNzyPWDQCSzy58uk8prQ8O0J7KizDHCTsDm94P0MV7ml24U3rDgqEOsKzrJyRdbnFXptYDqmfe7B6rODyqDFvHsD1pK+rLWP79FgWKSNEHo8S/Ncy1TDM4UEPiPw4PN4GMHRWuULKb3A2giVlHKxmARPc3aw7KOpiOOaqSq2KIYiOk8mMKQQegZizNnkwC0pmQK4bmQ3FTZ0lkvlDgNrrkOI9RoutFCdTYm2Hlbcw4qXiocV97DiNJw8rDiOYA8rXi4eVtzDintYca14WHEqHlbcw4o3YU9LK4HMNW+D3W2QEjXmgGrhv82zJEW7SLCzXWpfB3DsBw82fp/o3Y8cB/3hQNzXHYNsqc3TYaIOlpW92zIrhNpF/+J1lZr0W+m32nwV2Ovn7AMp42EZ6PXuaOuiGo+P7vHRPT66x0fXisdH9/jojxEfHeI6SdNpB5XO/rhIM4V/rsxTBGst1Z9bwFSH92B77xpZ/XHAp7sFbnLZPBN5XJpqpwXBsRHENE6OfjaNvoh/KAA+mGlMPbJFYLHaE0BFxLGlLao9DC8V1dsf1gaW8EfzVTKdjCr62/+S9d1G7f9bfj+vnf9rPbVzI8ZT9QWi/q0gg9CPXvA5jueBRCtVOgKr7M2psWsxvOU6ySmW15QY/DYt8DiKY0Q3qmSLGS7G4Jo2fQgPbrH0/LNgr9LfaKbj6wqeE2R9vBrTtHgWvJuRb5+mgl6foU3X+FeWY33CyDcDLKyZ5QVniCILQc40kGOcS2i5B0qkKwhlFEeBixRwtaAV5qkiwqWN7nW3QAhHkn+LWm2n0SwaK3+FM/aavcAsJ1rl2UZQ0HcxIc2eFDW2gIbqA61ZcETIulVw/0ZKz9LgWRq0ctYRzNmzNJSLZ2mo1udZGuy1eZYGz9JgKp6lwbM01IpnaTA/61ka6tc8S8PDhdr3LA2epaFUPEuD/YM9S4NnaahV5lkanMWzNLgb71kaPEuDZ2nwLA2epcGzNOjFszSUimdpqBXP0vDA8CWheJYGz9LQVLNnafAsDZaP9SwNnqWhXDxLg2dp8CwNnqWhXjxLgyyepcGzNHiWBs/SoBfP0nBLLA2QA8hz1NdJ1FCuVuYlXqbXAZzZpMKhczNEBQQsFVpqokw9k6HLb6yYNKKwbR9C0C4KnkQjzsw4r8pI54BrFuypPH82ZLapKRC7ciNvQoXjAvI5YheuZDnTbmdbZP6tdIjyVBqPnEoDvuQ3gFZhk6JgY3HN/WioesXuvI6SgkMGgcc8uMI3uBYySrMZYRsAf651L/OqZUfzGpbsac9r4nlNyklxntfE85p4XhPzLZDKD/LKf4EYtnUsh+Uapckn10JbdT4GwKSYsS8ccQiKGLaKSM+lJYgp9Ywx2V4UrQf1QNW4P+5DR+mEC3zrC+aTSC3JZBSDgGae+pDH04h16JCPfcerK82U6ctvZHJAfCNe2qPBgROCLRLRaKqaI2YcyItJ4aQkT5cBl7+PfRuB2xyno1/jaFJc3vQQXWm0mOg/ar3QC+Ji6JSrmODcvMkBeXnYtxaS2yNR66Ct2MM5oOQGPMk7yNOL4ppVMbiMshH8IfYrAav67y49A+WI1nkaNwRwqEDTMbOcrRlsoYA8FB7aDkngqnNweRiNaM3UiCvSirydQiGV8syG+Y9GR+gVaMwChzTBZj3XRN+ssh7NaNOsTCxtDrGPzwqFPSwHQA9oSHjPvMGU9kwbCRA+f5F84VmtrHdQcm1mdjAutwBHQxYDyK+AJEFMSE420aOZraSg9fSTvDZvWjeD5CBxE0TaH+x3IuGKDYDsRmva5n5p0qtRshtsBv8mGty4RVzGkzktXVOYrjHn1yDgdx0JPw/OF+fniEC+mFcggAHG9xps3TLpYiDu4MvUlr0hjVmIJvil0tBWeVx4SuAY/i5lJJBLWWnCiDU2Ig+cPkZcgmwb8CrfdeagKjB+dYvQilLlmlcEfDEcsHyeTiLkiFAf/VQw2WSQRMOUT/a1aTraoimo0JChzmRW6XNVzaQha5jKUYUHAjSgGJEkEHSix4aCnANa1tfCTQyhCgGR/Az495XdUbwPVzD5L8K1ZpPsm2yEXpAbff0v7bpRXl0zmpozjb4IP/03Oy+abm7j1KcyB6tSxsbEfz39EIV/bIc/fHz6IeR/PRM/bf309G995/WtZwN209MPe+Ff+W8fQvn3p/7HZ1s/ade2/tzkNWtrmHZn80IJy2PZtX+2sSSyjjjCJSYwwIaUa3InMNdzfcEuCZlF9q9p+y22POKphXbO0/hVi6fxs9fvafw8jZ+n8fM0fp7Gr8MHexq/WxKsp/AzydhT+HkKv6+Gwq++sRtvezBMf6XB9eQAUNgAAGJUNYmO5BUBDTpOyQVpaCta8qbplaTCCmbxl0ILme4Hx6C4whSP9WCny8U5jkrtSJgn43ygeU8G55P0fAAx7xTHA5pWmrNZOHi+/fzb7R92XoTcoMdBCcJkFu6zZT6Uo7I/NUXCInNfSuA9mJ/+xCJmT4voaRE9LaKnRfS0iLdKi2i4b5nt6RFsRvWtp9PO050T0rgBlQ1P7Ygil6CF9N2q953nxPScmJ4TU3/Wc2KuixMzEJEqDd0h4lnGWbqY5zyKRGq9JThU2vhxWRthDqBRmdcm2pNc2FGk+vjbzs/4OqtTzW07b+FPqX1h7Zk6z0zd0WI3KztWk6qpUdbqsHKrsAJpKNFtOBSiYDZWuKcqFNd0heLy29TkaDU+aU4dDchdudCUqh2VB4c0HrqQDl6BaU13aUD2ISrgQlXFZbcn//l+fpYesAohUAqJsN7P5Z8H6Ig4icnOyX7oBZTiAn8dg2FqZRID5XCS4TnCsA+jB+yHES5OTfGIJelIAkMwe59wPWMVFoL2PqjaFzZE5dRrVhQGt+SlgrKcp6qjq2oVlxSUtm4pKK1CSxrcU1C69J30SoHd6bY8VlDOKHMB3SrgvgDPCv9W14N6dNHzv7z4flXxtVGkVenEbWHSuEuLoyKY1bRvPa2Hj9VrzAgpgvMIAkgW8ybRvkRbP7hohpR9anxRIpdfpiHuPCdzETarZlP/8OVj3/A5rIYfepW2JniCR+o2QYNrK5zJipZCbkMwLHmx/JY288p80FCFs/rtBtuNI8e+a1Jx+0mhdBkumXDS8S0D8zbGTNFEG6DMRwK7kJp+RScnq3vUHGfpaDHkuT/SyVrddmHGUhyFsloKZxCw3FFimHbqwnXSzQ0CDwrvLSaTVZxLXf22UM5EPdqOEGnusOaVpub/5ZZfpw8YirZE7Ww/bxiMbaIfVeQjD0z8qEUvfurtfnym/fPj1k+ukMVWi6LbTQplaVepU+ANblQoZq5RVcJgE15XJykt3YJtcd/D27KqKF2eXSglQd6WC7dDUO4DjLJtlQLVxJXTyjFLt3I1x3o9s7nF6LIDC93h34XSGNXbGNHbnbXHHcnraG63wN0Gax6Uij1Lu79+XK+b+GwibXtU18x88kBuqbOa7HLLR/QFP812kF71kboAF/OwSENQ0dZq8NCqbWXxECf1u5KmdYYZL9R+JA14FxtIPxRpBocv7ZfFuXQCiJ7C3FHVbWjRO+UGPURrkyp3LbYZ9DDRi+JWQN2qdRpVUL2Vaq3czHf34B//3AjDcENDsguudjYQvio4JWfy3hAJPDd0GiGd/oQ7TfpsMSCYGhHQvqtnvG5wiKdgCLg0RMyabeiwRnQlv2FPTGuNys6jYT9aFJfASoInDwGKI5t7kk7itTZywuY4+x27g70wzOAF1hZniwn0dgjup1/QjApvZnoGqBil4RByn+kGJh+c89/IjVB/fphiAJ3+zfUK0ctVqXAcF3QtyemPa/Da6e+CPxfzkfhzLq9ThjV1wnicxWN8+8mCRjAXGMj7VNqz8TkDv1tN8KLCGFYJPg52g80CFbaOXb6vWrLWnpdtHIkWUudTHwcfPi4zPpdqrFNaK84+/ZvajVsF1NVqqNXqjEYjSJWttrn+In6H/DUu8sEFxHMkfxBfkPkWqXYZ2qZGNx/yHVqnJdCYL/PoBcxGNd9Rzp9pIYInz54YFwhtfhpFX/tOV3/ME0yRR7JB6+JCqKviR46dxCM1lxkEC7CrFjw22frWIv0cz7IY8CparpSm6Vevl23OsJcTgGin+lsPW4y+jnPDT2qEyivlf1hGeelBrnZdYvr/8DIefq49ZrrFNTmWGj3N8uDNGDHdI72Z8j3P9LOl/fodbgHov8+Bva72g+UVdK1eefkfloeND8ZF7d+2x21r1i1M9fadBWhZuCksN71N+waFqrFT4TqHX0fFSlXfqiYCfb/9fknm0bTFbsBuG42AFpYtJMl0ya7JmBqfTNtsPnJXoJ7LjT+uvqIsp+T/nCD01a3r+uf8PXaVP50IIHQhacdHbHBYYDqoNJ80+EaFupnxQHbrJypNY70NmetqqJD1kiLVdetWmvwtC7d6hl6r3K7j88s0/RzyYG97qwQLJYQn8+kJf+4G3377Db69iDI2X4/xN71W/NRyJFfLhlYFEc3nuRpQB3I/X10gMmQ4RK17V4sgrvQXF4r1ukNyMvIOfTNlibQ57Nob3675ZdrrKpFzlYS20+vbNaBMZapw3sUvbI/JxloTwiAsrWalC6MkGs/SnKn+eci3sx///A8Imv10cLT3y9t3p2dH+6ef9g4OTg5PT3d/3P2eDdR/lqpIZmxjZgcovS5Rx9Hb08P99yeHemW7P16Am6dcySJnz8uw4hCPZiFXf0I2IthCJOp8f8qqOzw+OdzfOzs8YK94ebL36c3e/q9Hbw8/vd17c/T2F+MrLpiiAM1EtJQfubHzmOmarOLD/ziWVRy/e/d690c4zv+zJxYxvhWfxgW/ef/1+9Ozw5NPTCrv3p/sH346PTyrPHSWztNJOr6BdvO7z94dv3v97pf/FO3rndD2f3rwitd78v7t2dEbVt3BK3mTsvAeQ2xwMr4s9lHDrjScNeETE8vL10e//Hr2af/Xw/1Xp6JNvI7fo6R4mWY6puk+NxPTb3sF/IbqfaX23/eOzl6+O/nt3ev3bw4PDs/Yz5/23709PTpgH0a/7p3Br28O356J92oDe8pG8EgflQN9SEOJZ1f6dVonjt8dQKcenh7v7R/KqwE5kV9macXriG5hAxOKouBQHNlyobG+dP3vM77q/dHBet+0SFQIaDJFSzgBOWY3/SyaDSFmC3yU/G89yF5bk3evdvo/9L8r13S8mEyOU7YC3+wGRxdvUxiTEDoj75okTOFny8hxlp6XXKwQXftLXMHlnWPDB3Ru/KN8CffA6hWSWnXoyO1UCFcui7ST/iC2V72S2vYqa8vSIh2mk93gbP/YWel2rdL6l7Ss7XtTE6dA8T7MG2uTWFCdpI7OtTZCxwU+KW4A4o0dOfTKkPL3OEuukkk8jg/Bp0LhWgGuXtqdbDOn7N9a+OMoSysk02Gw9/p16av5C0b1etkRai/naumL774rOaDw2vscttvyJZ6MBi3lmYxiUL9kX8SU289n6et0nL+bHUKalnyOAJXfgD5aGm+IAU2zcFBM5wO224fl8TVA3XA2DodxVuS1noZf9Yazrnk3m9xoLixHN+Bnvk1nJ2lalJ7AZwCKj42Li2RSGhnkRuM7EAdWly/SFe+3Jq27IsRfMraOHsdZko44tg1E2Yj7mHpPsWmakhJfXDBlBGDDBWyibNvnmH03ZHTgwaBfjsefRrBUrVxNSdPa0DtXa6Oha8gIocsxVxx4xsMAdnhNC4cfhTjLJzwIEEaYiPUeUfTh16xlj2Y5EpFwI4vhs/raY/38atj6RmnrQNb3DUjsyRegY/GtjcRwhD9uaBOEPmJykSfjGaiI4oZ28g+ElZlekmbjaMZPrlyoIQAoQ9JZKGQ4SdjYuhlO4va9x5u93o6rf3ND78Ejp/iI0Z0cjaasJvYnVwrMpoY3iwKjGX8nce7rGcSlD4xms7TQJVmVTjIDwYfDKIQY8lKTB6axubIVg7dcjoRS9vMG/5U8bEIUJ+h24CLiw/5qh/8PMnHgb8pOIklQ8/gYE+uB0yQgbjB0HF3k2zI2P5ajEL88TNKQt0Nc2JDwBmrrSmA+4SlY/Hb4P4uEaZSxZj/hzAFyHppsj+SB5A4pZbC0mK113j15nxKbhs4lr+6fsOPCIf/H++MD8Y9KlEbJJwPnlENc73NY8Gfx4+5AdECtqxexssfRlcoX97V0qEpaXa0vBWPEw+5GzR33lXWgcm6uqytVjY+jU8t+4a+sezXv9Lr6V6vycXRwxUP/lfVwHq9t5gLi0qPoUR7d8Mh6kju+TT0aTeaXrEsrvu2V+7VSX1+43h0RcI6+djjuLX1On7VqpxvCAB5ZzzfNYQj/WdckhroexywWEVKPrDNp8jQedbSQ0JW7tl7lklPY/tQdHIL0IFlzty9ltPkNkNQeqdnmSrb9kRpu+AfcoulGiIj1/IO03oTBweHrw6/IlNO6S1cz5tT79QHac1p17uMz7jR38armHa13vYXnvntxDTaeen96M8/D6mMRML/OLhZ1PpIe1nMGvroOXoclr97F3pj3wLp5leNivXu9Re+Wu/PubHpa59rMet6e92Cm8UoWvfo89ka9W+/ROzTr1Y++X71l72vre5WVdwtDgFf+yEcC/4pHOSAgH9Y+HGQa7Dq6X1bWtybhOjrb9syd2cBk8x/nqatlR2O+81p7G2t85F0us8Dr3f7/AXZhbEIgJwwA data: metadata: | # maps release series of major.minor to cluster-api contract version @@ -52,7 +52,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.9.4 + name: v1.9.5 namespace: capi-system annotations: provider.cluster.x-k8s.io/compressed: "true" diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml new file mode 100644 index 0000000..24ad3de --- /dev/null +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +data: + components: Not Found + metadata: Not Found +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.6.0 + namespace: rancher-turtles-system + labels: + provider-components: fleet diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml index 55d9135..2b1068d 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml @@ -3734,7 +3734,7 @@ data: envFrom: - configMapRef: name: capm3-capm3fasttrack-configmap - image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.2 + image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.3 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -3820,7 +3820,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/metal3-io/ip-address-manager:v1.9.3 + image: quay.io/metal3-io/ip-address-manager:v1.9.4 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4524,7 +4524,7 @@ data: kind: ConfigMap metadata: creationTimestamp: null - name: v1.9.2 + name: v1.9.3 namespace: capm3-system labels: provider-components: metal3 diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml index b12bd98..223302d 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml @@ -2527,7 +2527,7 @@ data: - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} command: - /manager - image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -2747,10 +2747,13 @@ data: - major: 0 minor: 11 contract: v1beta1 + - major: 0 + minor: 12 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.11.0 + name: v0.12.0 namespace: rke2-bootstrap-system labels: provider-components: rke2-bootstrap diff --git a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml index 408d4f6..f463869 100644 --- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml +++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml @@ -4263,7 +4263,7 @@ data: valueFrom: fieldRef: fieldPath: metadata.uid - image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0 + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0 imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -4490,10 +4490,13 @@ data: - major: 0 minor: 11 contract: v1beta1 + - major: 0 + minor: 12 + contract: v1beta1 kind: ConfigMap metadata: creationTimestamp: null - name: v0.11.0 + name: v0.12.0 namespace: rke2-control-plane-system labels: provider-components: rke2-control-plane -- 2.49.0 From eacabe4d71034a5151446f336672cf1ddeeb7f0ec8a7d620a5815a174315a970 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 20 Mar 2025 09:58:37 +0000 Subject: [PATCH 24/55] rancher-turtles-chart: Update to 0.17.0 Aligns with https://github.com/suse-edge/charts/pull/193 --- rancher-turtles-chart/Chart.lock | 6 +- rancher-turtles-chart/Chart.yaml | 10 +- .../charts/cluster-api-operator/Chart.yaml | 4 +- .../templates/control-plane.yaml | 15 +- .../cluster-api-operator/templates/core.yaml | 2 +- .../templates/deployment.yaml | 36 +- .../templates/infra-conditions.yaml | 9 + .../cluster-api-operator/templates/infra.yaml | 10 + .../cluster-api-operator/templates/ipam.yaml | 73 + .../templates/operator-components.yaml | 2431 +++++++++++------ .../charts/cluster-api-operator/values.yaml | 9 +- rancher-turtles-chart/questions.yml | 28 +- .../templates/addon-provider-fleet.yaml | 6 + .../templates/deployment.yaml | 2 +- .../templates/rancher-turtles-components.yaml | 20 + ...r-turtles-exp-clusterclass-components.yaml | 793 ++++++ .../rancher-turtles-exp-day2-components.yaml | 659 +++++ .../rancher-turtles-exp-day2-deployment.yaml | 106 + .../templates/ui-plugin.yaml | 16 + rancher-turtles-chart/values.yaml | 24 +- 20 files changed, 3446 insertions(+), 813 deletions(-) create mode 100644 rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml create mode 100644 rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml create mode 100644 rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml create mode 100644 rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml create mode 100644 rancher-turtles-chart/templates/ui-plugin.yaml diff --git a/rancher-turtles-chart/Chart.lock b/rancher-turtles-chart/Chart.lock index b03387b..f91502c 100644 --- a/rancher-turtles-chart/Chart.lock +++ b/rancher-turtles-chart/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator - version: 0.16.0 -digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70 -generated: "2025-01-30T10:14:58.692942399Z" + version: 0.17.0 +digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e +generated: "2025-02-27T10:39:03.203623466Z" diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml index d1cf0c4..cd0d1cd 100644 --- a/rancher-turtles-chart/Chart.yaml +++ b/rancher-turtles-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension @@ -12,12 +12,12 @@ annotations: catalog.cattle.io/scope: management catalog.cattle.io/type: cluster-tool apiVersion: v2 -appVersion: 0.16.0 +appVersion: 0.17.0 dependencies: - condition: cluster-api-operator.enabled name: cluster-api-operator repository: file://./charts/cluster-api-operator - version: 0.14.0 + version: 0.17.0 description: Rancher Turtles is an extension to Rancher that brings full Cluster API integration to Rancher. home: https://github.com/rancher/turtles/ @@ -29,4 +29,4 @@ keywords: - provisioning name: rancher-turtles type: application -version: "%%CHART_MAJOR%%.0.0+up0.16.0" +version: "%%CHART_MAJOR%%.0.0+up0.17.0" diff --git a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml index a8e8fa2..d72ca73 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.14.0 +appVersion: 0.17.0 description: Cluster API Operator name: cluster-api-operator type: application -version: 0.14.0 +version: 0.17.0 diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml index 6d4725b..0ffea2d 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml @@ -38,12 +38,25 @@ metadata: annotations: "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" -{{- if or $controlPlaneVersion $.Values.configSecret.name }} +{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }} spec: {{- end}} {{- if $controlPlaneVersion }} version: {{ $controlPlaneVersion }} {{- end }} +{{- if $.Values.manager }} +{{- if hasKey $.Values.manager.featureGates $controlPlaneName }} + manager: +{{- range $key, $value := $.Values.manager.featureGates }} + {{- if eq $key $controlPlaneName }} + featureGates: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} {{- if $.Values.configSecret.name }} configSecret: name: {{ $.Values.configSecret.name }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml index ab732a3..f7b6b16 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml @@ -38,7 +38,7 @@ metadata: "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "2" "argocd.argoproj.io/sync-wave": "2" -{{- if or $coreVersion $.Values.configSecret.name }} +{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }} spec: {{- end}} {{- if $coreVersion }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml index d41d412..f8af47c 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml @@ -65,9 +65,6 @@ spec: {{- if .Values.healthAddr }} - --health-addr={{ .Values.healthAddr }} {{- end }} - {{- if .Values.metricsBindAddr }} - - --metrics-bind-addr={{ .Values.metricsBindAddr }} - {{- end }} {{- if .Values.diagnosticsAddress }} - --diagnostics-address={{ .Values.diagnosticsAddress }} {{- end }} @@ -100,9 +97,15 @@ spec: - containerPort: 9443 name: webhook-server protocol: TCP - - containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }} + {{- if $.Values.diagnosticsAddress }} + {{- $diagnosticsPort := $.Values.diagnosticsAddress }} + {{- if contains ":" $diagnosticsPort -}} + {{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }} + {{- end }} + - containerPort: {{ $diagnosticsPort | int }} name: metrics protocol: TCP + {{- end }} {{- with .Values.resources.manager }} resources: {{- toYaml . | nindent 12 }} @@ -119,6 +122,31 @@ spec: volumeMounts: {{- toYaml . | nindent 12 }} {{- end }} + terminationMessagePolicy: FallbackToLogsOnError + {{- $healthAddr := $.Values.healthAddr }} + {{- if contains ":" $healthAddr -}} + {{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }} + {{- end }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: {{ $healthAddr | default 9440 }} + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: {{ $healthAddr | default 9440 }} + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 terminationGracePeriodSeconds: 10 {{- with .Values.volumes }} volumes: diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml index 43ec717..4345d86 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml @@ -53,6 +53,15 @@ metadata: "argocd.argoproj.io/sync-wave": "2" {{- with .Values.configSecret }} spec: +{{- if $.Values.manager }} + manager: +{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }} + featureGates: + {{- range $key, $value := $.Values.manager.featureGates.kubeadm }} + {{ $key }}: {{ $value }} + {{- end }} +{{- end }} +{{- end }} configSecret: name: {{ .name }} {{- if .namespace }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml index 1320b6a..6fa5a63 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml @@ -59,6 +59,16 @@ spec: {{- end }} {{- end }} {{- end }} +{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }} +{{- range $key, $value := $.Values.fetchConfig }} + {{- if eq $key $infrastructureName }} + fetchConfig: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} {{- if $.Values.configSecret.name }} configSecret: name: {{ $.Values.configSecret.name }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml new file mode 100644 index 0000000..b262433 --- /dev/null +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml @@ -0,0 +1,73 @@ +# IPAM providers +{{- if .Values.ipam }} +{{- $ipams := split ";" .Values.ipam }} +{{- $ipamNamespace := "" }} +{{- $ipamName := "" }} +{{- $ipamVersion := "" }} +{{- range $ipam := $ipams }} +{{- $ipamArgs := split ":" $ipam }} +{{- $ipamArgsLen := len $ipamArgs }} +{{- if eq $ipamArgsLen 3 }} + {{- $ipamNamespace = $ipamArgs._0 }} + {{- $ipamName = $ipamArgs._1 }} + {{- $ipamVersion = $ipamArgs._2 }} +{{- else if eq $ipamArgsLen 2 }} + {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} + {{- $ipamName = $ipamArgs._0 }} + {{- $ipamVersion = $ipamArgs._1 }} +{{- else if eq $ipamArgsLen 1 }} + {{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }} + {{- $ipamName = $ipamArgs._0 }} +{{- else }} + {{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }} +{{- end }} +--- +apiVersion: v1 +kind: Namespace +metadata: + annotations: + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "1" + "argocd.argoproj.io/sync-wave": "1" + name: {{ $ipamNamespace }} +--- +apiVersion: operator.cluster.x-k8s.io/v1alpha2 +kind: IPAMProvider +metadata: + name: {{ $ipamName }} + namespace: {{ $ipamNamespace }} + annotations: + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "2" + "argocd.argoproj.io/sync-wave": "2" +{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} +spec: +{{- end }} +{{- if $ipamVersion }} + version: {{ $ipamVersion }} +{{- end }} +{{- if $.Values.manager }} + manager: +{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }} +{{- range $key, $value := $.Values.manager.featureGates }} + {{- if eq $key $ipamName }} + featureGates: + {{- range $k, $v := $value }} + {{ $k }}: {{ $v }} + {{- end }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- if $.Values.configSecret.name }} + configSecret: + name: {{ $.Values.configSecret.name }} + {{- if $.Values.configSecret.namespace }} + namespace: {{ $.Values.configSecret.namespace }} + {{- end }} +{{- end }} +{{- if $.Values.additionalDeployments }} + additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml index baa3d76..c04c850 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml @@ -3,7 +3,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -126,11 +126,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -158,11 +160,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -176,6 +180,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -220,11 +225,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -252,14 +259,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -323,11 +333,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -342,13 +354,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -357,13 +369,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -404,11 +416,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -428,6 +442,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -450,6 +465,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -500,11 +516,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -519,13 +537,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -534,13 +552,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -580,11 +598,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -604,6 +624,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -616,6 +637,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -675,11 +697,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -694,13 +718,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -709,13 +733,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -756,11 +780,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -780,6 +806,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -802,6 +829,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -852,11 +880,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -871,13 +901,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -886,13 +916,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -932,11 +962,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -956,6 +988,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -968,6 +1001,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -1029,10 +1063,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -1096,10 +1133,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -1128,11 +1168,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -1144,6 +1182,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -1189,10 +1233,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1263,7 +1310,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -1286,13 +1332,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -1548,11 +1592,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1580,11 +1626,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1597,6 +1645,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1641,11 +1690,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -1673,14 +1724,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1743,11 +1797,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1762,13 +1818,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1777,13 +1833,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1823,11 +1879,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1847,6 +1905,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1869,6 +1928,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1919,11 +1979,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1938,13 +2000,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1953,13 +2015,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1999,11 +2061,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2023,6 +2087,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2035,6 +2100,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -2093,11 +2159,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2112,13 +2180,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2127,13 +2195,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2173,11 +2241,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2197,6 +2267,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2219,6 +2290,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -2269,11 +2341,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2288,13 +2362,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2303,13 +2377,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2349,11 +2423,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2373,6 +2449,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -2385,6 +2462,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -2446,10 +2524,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -2509,10 +2590,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -2541,11 +2625,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -2557,6 +2639,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -2601,10 +2689,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -2673,6 +2764,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -2707,11 +2804,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2730,6 +2829,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -2739,7 +2841,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -2762,13 +2863,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -2963,20 +3062,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -3012,7 +3111,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -3053,7 +3152,6 @@ spec: description: |- BootstrapProvider is the Schema for the bootstrapproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -3150,11 +3248,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -3182,11 +3282,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -3199,6 +3301,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -3243,11 +3346,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -3275,14 +3380,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -3345,11 +3453,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3364,13 +3474,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3379,13 +3489,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3425,11 +3535,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3449,6 +3561,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -3471,6 +3584,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -3521,11 +3635,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3540,13 +3656,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3555,13 +3671,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3601,11 +3717,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3625,6 +3743,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -3637,6 +3756,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -3695,11 +3815,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3714,13 +3836,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3729,13 +3851,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3775,11 +3897,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3799,6 +3923,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -3821,6 +3946,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -3871,11 +3997,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3890,13 +4018,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3905,13 +4033,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3951,11 +4079,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3975,6 +4105,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -3987,6 +4118,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -4048,10 +4180,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -4111,10 +4246,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -4154,11 +4292,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -4170,6 +4306,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -4214,10 +4356,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4320,11 +4465,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4352,7 +4499,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -4375,13 +4521,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -4484,7 +4628,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -4581,20 +4725,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -4720,11 +4864,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -4752,11 +4898,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -4770,6 +4918,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -4814,11 +4963,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -4846,14 +4997,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -4917,11 +5071,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4936,13 +5092,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4951,13 +5107,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4998,11 +5154,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5022,6 +5180,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5044,6 +5203,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -5094,11 +5254,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5113,13 +5275,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5128,13 +5290,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5174,11 +5336,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5198,6 +5362,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5210,6 +5375,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -5269,11 +5435,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5288,13 +5456,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5303,13 +5471,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5350,11 +5518,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5374,6 +5544,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5396,6 +5567,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -5446,11 +5618,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5465,13 +5639,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5480,13 +5654,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5526,11 +5700,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5550,6 +5726,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -5562,6 +5739,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -5623,10 +5801,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -5690,10 +5871,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -5722,11 +5906,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -5738,6 +5920,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -5783,10 +5971,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -5857,7 +6048,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -5880,13 +6070,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -6142,11 +6330,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -6174,11 +6364,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -6191,6 +6383,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -6235,11 +6428,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -6267,14 +6462,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -6337,11 +6535,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6356,13 +6556,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6371,13 +6571,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6417,11 +6617,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6441,6 +6643,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6463,6 +6666,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -6513,11 +6717,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6532,13 +6738,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6547,13 +6753,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6593,11 +6799,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6617,6 +6825,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6629,6 +6838,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -6687,11 +6897,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6706,13 +6918,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6721,13 +6933,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6767,11 +6979,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6791,6 +7005,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6813,6 +7028,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -6863,11 +7079,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6882,13 +7100,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6897,13 +7115,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6943,11 +7161,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -6967,6 +7187,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -6979,6 +7200,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -7040,10 +7262,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -7103,10 +7328,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -7135,11 +7363,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -7151,6 +7377,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -7195,10 +7427,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -7267,6 +7502,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -7301,11 +7542,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7324,6 +7567,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -7333,7 +7579,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -7356,13 +7601,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -7557,20 +7800,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -7606,7 +7849,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -7647,7 +7890,6 @@ spec: description: |- ControlPlaneProvider is the Schema for the controlplaneproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -7744,11 +7986,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -7776,11 +8020,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -7793,6 +8039,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -7837,11 +8084,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -7869,14 +8118,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -7939,11 +8191,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -7958,13 +8212,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -7973,13 +8227,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8019,11 +8273,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8043,6 +8299,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8065,6 +8322,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -8115,11 +8373,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8134,13 +8394,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8149,13 +8409,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8195,11 +8455,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8219,6 +8481,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8231,6 +8494,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -8289,11 +8553,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8308,13 +8574,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8323,13 +8589,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8369,11 +8635,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8393,6 +8661,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8415,6 +8684,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -8465,11 +8735,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8484,13 +8756,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8499,13 +8771,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -8545,11 +8817,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8569,6 +8843,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -8581,6 +8856,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -8642,10 +8918,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -8705,10 +8984,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -8748,11 +9030,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -8764,6 +9044,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -8808,10 +9094,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -8914,11 +9203,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -8946,7 +9237,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -8969,13 +9259,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -9078,7 +9366,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -9176,20 +9464,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -9316,11 +9604,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -9348,11 +9638,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -9366,6 +9658,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -9410,11 +9703,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -9442,14 +9737,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -9513,11 +9811,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9532,13 +9832,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9547,13 +9847,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9594,11 +9894,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9618,6 +9920,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -9640,6 +9943,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -9690,11 +9994,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9709,13 +10015,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9724,13 +10030,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9770,11 +10076,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9794,6 +10102,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -9806,6 +10115,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -9865,11 +10175,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9884,13 +10196,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9899,13 +10211,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -9946,11 +10258,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -9970,6 +10284,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -9992,6 +10307,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -10042,11 +10358,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10061,13 +10379,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10076,13 +10394,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10122,11 +10440,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10146,6 +10466,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -10158,6 +10479,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -10219,10 +10541,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -10286,10 +10611,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -10318,11 +10646,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -10334,6 +10660,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -10379,10 +10711,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -10453,7 +10788,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -10476,13 +10810,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -10738,11 +11070,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -10770,11 +11104,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -10787,6 +11123,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -10831,11 +11168,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -10863,14 +11202,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -10933,11 +11275,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10952,13 +11296,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -10967,13 +11311,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11013,11 +11357,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11037,6 +11383,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -11059,6 +11406,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -11109,11 +11457,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11128,13 +11478,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11143,13 +11493,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11189,11 +11539,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11213,6 +11565,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -11225,6 +11578,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -11283,11 +11637,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11302,13 +11658,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11317,13 +11673,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11363,11 +11719,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11387,6 +11745,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -11409,6 +11768,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -11459,11 +11819,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11478,13 +11840,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11493,13 +11855,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -11539,11 +11901,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11563,6 +11927,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -11575,6 +11940,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -11636,10 +12002,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -11699,10 +12068,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -11731,11 +12103,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -11747,6 +12117,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -11791,10 +12167,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -11863,6 +12242,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -11897,11 +12282,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -11920,6 +12307,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -11929,7 +12319,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -11952,13 +12341,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -12154,20 +12541,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -12203,7 +12590,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -12244,7 +12631,6 @@ spec: description: |- CoreProvider is the Schema for the coreproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -12341,11 +12727,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -12373,11 +12761,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -12390,6 +12780,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -12434,11 +12825,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -12466,14 +12859,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -12536,11 +12932,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12555,13 +12953,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12570,13 +12968,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12616,11 +13014,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12640,6 +13040,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -12662,6 +13063,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -12712,11 +13114,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12731,13 +13135,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12746,13 +13150,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12792,11 +13196,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12816,6 +13222,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -12828,6 +13235,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -12886,11 +13294,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12905,13 +13315,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12920,13 +13330,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -12966,11 +13376,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -12990,6 +13402,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -13012,6 +13425,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -13062,11 +13476,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13081,13 +13497,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13096,13 +13512,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -13142,11 +13558,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13166,6 +13584,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -13178,6 +13597,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -13239,10 +13659,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -13302,10 +13725,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -13345,11 +13771,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -13361,6 +13785,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -13405,10 +13835,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -13511,11 +13944,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -13543,7 +13978,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -13566,13 +14000,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -13675,7 +14107,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -13772,20 +14204,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -13911,11 +14343,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -13943,11 +14377,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -13961,6 +14397,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -14005,11 +14442,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -14037,14 +14476,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -14108,11 +14550,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14127,13 +14571,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14142,13 +14586,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14189,11 +14633,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14213,6 +14659,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -14235,6 +14682,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -14285,11 +14733,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14304,13 +14754,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14319,13 +14769,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14365,11 +14815,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14389,6 +14841,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -14401,6 +14854,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -14460,11 +14914,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14479,13 +14935,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14494,13 +14950,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14541,11 +14997,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14565,6 +15023,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -14587,6 +15046,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -14637,11 +15097,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14656,13 +15118,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14671,13 +15133,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -14717,11 +15179,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -14741,6 +15205,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -14753,6 +15218,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -14814,10 +15280,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -14881,10 +15350,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -14913,11 +15385,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -14929,6 +15399,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -14974,10 +15450,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -15048,7 +15527,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -15071,13 +15549,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -15333,11 +15809,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -15365,11 +15843,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -15382,6 +15862,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -15426,11 +15907,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -15458,14 +15941,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -15528,11 +16014,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15547,13 +16035,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15562,13 +16050,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15608,11 +16096,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15632,6 +16122,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -15654,6 +16145,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -15704,11 +16196,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15723,13 +16217,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15738,13 +16232,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15784,11 +16278,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15808,6 +16304,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -15820,6 +16317,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -15878,11 +16376,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15897,13 +16397,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15912,13 +16412,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -15958,11 +16458,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -15982,6 +16484,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -16004,6 +16507,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -16054,11 +16558,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16073,13 +16579,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16088,13 +16594,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -16134,11 +16640,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16158,6 +16666,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -16170,6 +16679,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -16231,10 +16741,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -16294,10 +16807,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -16326,11 +16842,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -16342,6 +16856,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -16386,10 +16906,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -16458,6 +16981,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -16492,11 +17021,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -16515,6 +17046,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -16524,7 +17058,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -16547,13 +17080,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -16748,20 +17279,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -16797,7 +17328,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -16838,7 +17369,6 @@ spec: description: |- InfrastructureProvider is the Schema for the infrastructureproviders API. - Deprecated: This type will be removed in one of the next releases. properties: apiVersion: @@ -16935,11 +17465,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -16967,11 +17499,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -16984,6 +17518,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -17028,11 +17563,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -17060,14 +17597,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -17130,11 +17670,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17149,13 +17691,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17164,13 +17706,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17210,11 +17752,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17234,6 +17778,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -17256,6 +17801,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -17306,11 +17852,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17325,13 +17873,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17340,13 +17888,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17386,11 +17934,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17410,6 +17960,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -17422,6 +17973,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -17480,11 +18032,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17499,13 +18053,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17514,13 +18068,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17560,11 +18114,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17584,6 +18140,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -17606,6 +18163,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -17656,11 +18214,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17675,13 +18235,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17690,13 +18250,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -17736,11 +18296,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -17760,6 +18322,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -17772,6 +18335,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -17833,10 +18397,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -17896,10 +18463,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -17939,11 +18509,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -17955,6 +18523,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -17999,10 +18573,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -18105,11 +18682,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -18137,7 +18716,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -18160,13 +18738,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -18269,7 +18845,7 @@ spec: minimum: 1 type: integer metrics: - description: Metrics contains the controller metrics configuration + description: Metrics contains thw controller metrics configuration properties: bindAddress: description: |- @@ -18367,20 +18943,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -18507,11 +19083,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -18539,11 +19117,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -18557,6 +19137,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -18601,11 +19182,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -18633,14 +19216,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -18704,11 +19290,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -18723,13 +19311,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18738,13 +19326,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18785,11 +19373,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -18809,6 +19399,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -18831,6 +19422,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -18881,11 +19473,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -18900,13 +19494,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18915,13 +19509,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -18961,11 +19555,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -18985,6 +19581,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -18997,6 +19594,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -19056,11 +19654,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -19075,13 +19675,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19090,13 +19690,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19137,11 +19737,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -19161,6 +19763,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -19183,6 +19786,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -19233,11 +19837,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -19252,13 +19858,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19267,13 +19873,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -19313,11 +19919,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -19337,6 +19945,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -19349,6 +19958,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -19410,10 +20020,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -19477,10 +20090,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -19509,11 +20125,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -19525,6 +20139,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -19570,10 +20190,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -19644,7 +20267,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -19667,13 +20289,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -19929,11 +20549,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -19961,11 +20583,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -19978,6 +20602,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -20022,11 +20647,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -20054,14 +20681,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -20124,11 +20754,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20143,13 +20775,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20158,13 +20790,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20204,11 +20836,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20228,6 +20862,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -20250,6 +20885,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -20300,11 +20936,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20319,13 +20957,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20334,13 +20972,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20380,11 +21018,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20404,6 +21044,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -20416,6 +21057,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -20474,11 +21116,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20493,13 +21137,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20508,13 +21152,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20554,11 +21198,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20578,6 +21224,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -20600,6 +21247,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -20650,11 +21298,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20669,13 +21319,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20684,13 +21334,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -20730,11 +21380,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -20754,6 +21406,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -20766,6 +21419,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -20827,10 +21481,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -20890,10 +21547,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -20922,11 +21582,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -20938,6 +21596,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -20982,10 +21646,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -21054,6 +21721,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -21088,11 +21761,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -21111,6 +21786,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -21120,7 +21798,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -21143,13 +21820,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -21345,20 +22020,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -21394,7 +22069,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -21517,11 +22192,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -21549,11 +22226,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -21567,6 +22246,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -21611,11 +22291,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -21643,14 +22325,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -21714,11 +22399,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -21733,13 +22420,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21748,13 +22435,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21795,11 +22482,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -21819,6 +22508,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -21841,6 +22531,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -21891,11 +22582,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -21910,13 +22603,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21925,13 +22618,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -21971,11 +22664,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -21995,6 +22690,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -22007,6 +22703,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -22066,11 +22763,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -22085,13 +22784,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -22100,13 +22799,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -22147,11 +22846,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -22171,6 +22872,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -22193,6 +22895,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -22243,11 +22946,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -22262,13 +22967,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -22277,13 +22982,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -22323,11 +23028,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -22347,6 +23054,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -22359,6 +23067,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -22420,10 +23129,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -22487,10 +23199,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -22519,11 +23234,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -22535,6 +23248,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -22580,10 +23299,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -22654,7 +23376,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -22677,13 +23398,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -22939,11 +23658,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -22971,11 +23692,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -22988,6 +23711,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -23032,11 +23756,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -23064,14 +23790,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -23134,11 +23863,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23153,13 +23884,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23168,13 +23899,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23214,11 +23945,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23238,6 +23971,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -23260,6 +23994,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -23310,11 +24045,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23329,13 +24066,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23344,13 +24081,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23390,11 +24127,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23414,6 +24153,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -23426,6 +24166,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -23484,11 +24225,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23503,13 +24246,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23518,13 +24261,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23564,11 +24307,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23588,6 +24333,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -23610,6 +24356,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -23660,11 +24407,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23679,13 +24428,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23694,13 +24443,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -23740,11 +24489,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -23764,6 +24515,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -23776,6 +24528,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -23837,10 +24590,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -23900,10 +24656,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -23932,11 +24691,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -23948,6 +24705,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -23992,10 +24755,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -24064,6 +24830,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -24098,11 +24870,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -24121,6 +24895,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -24130,7 +24907,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -24153,13 +24929,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -24354,20 +25128,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string @@ -24403,7 +25177,7 @@ kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/capi-operator-serving-cert' - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 helm.sh/resource-policy: keep labels: clusterctl.cluster.x-k8s.io/core: capi-operator @@ -24528,11 +25302,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -24560,11 +25336,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -24578,6 +25356,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -24622,11 +25401,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -24654,14 +25435,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -24725,11 +25509,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -24744,13 +25530,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -24759,13 +25545,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -24806,11 +25592,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -24830,6 +25618,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -24852,6 +25641,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -24902,11 +25692,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -24921,13 +25713,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -24936,13 +25728,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -24982,11 +25774,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -25006,6 +25800,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -25018,6 +25813,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling @@ -25077,11 +25873,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -25096,13 +25894,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -25111,13 +25909,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -25158,11 +25956,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -25182,6 +25982,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -25204,6 +26005,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -25254,11 +26056,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -25273,13 +26077,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -25288,13 +26092,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -25334,11 +26138,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -25358,6 +26164,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -25370,6 +26177,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -25431,10 +26239,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -25498,10 +26309,13 @@ spec: key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret @@ -25530,11 +26344,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry @@ -25546,6 +26358,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -25591,10 +26409,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -25665,7 +26486,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -25688,13 +26508,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -25950,11 +26768,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -25982,11 +26802,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -25999,6 +26821,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -26043,11 +26866,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. @@ -26075,14 +26900,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -26145,11 +26973,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26164,13 +26994,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26179,13 +27009,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26225,11 +27055,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26249,6 +27081,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -26271,6 +27104,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -26321,11 +27155,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26340,13 +27176,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26355,13 +27191,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26401,11 +27237,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26425,6 +27263,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -26437,6 +27276,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: description: Describes pod anti-affinity scheduling rules @@ -26495,11 +27335,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26514,13 +27356,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26529,13 +27371,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26575,11 +27417,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26599,6 +27443,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -26621,6 +27466,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -26671,11 +27517,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26690,13 +27538,13 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26705,13 +27553,13 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -26751,11 +27599,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -26775,6 +27625,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -26787,6 +27638,7 @@ spec: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object containers: @@ -26848,10 +27700,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap @@ -26911,10 +27766,13 @@ spec: from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or @@ -26943,11 +27801,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in @@ -26959,6 +27815,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -27003,10 +27865,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -27075,6 +27940,12 @@ spec: For example, the infrastructure name `aws` will fetch artifacts from https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases. properties: + oci: + description: |- + OCI to be used for fetching the provider’s components and metadata from an OCI artifact. + You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub. + If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used. + type: string selector: description: |- Selector to be used for fetching provider’s components and metadata from @@ -27109,11 +27980,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -27132,6 +28005,9 @@ spec: desired version of the release from GitHub. type: string type: object + x-kubernetes-validations: + - message: Must specify one and only one of {oci, url, selector} + rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)' manager: description: Manager defines the properties that can be enabled on the controller manager for the provider. @@ -27141,7 +28017,6 @@ spec: CacheNamespace if specified restricts the manager's cache to watch objects in the desired namespace Defaults to all namespaces - Note: If a namespace is specified, controllers can still Watch for a cluster-scoped resource (e.g Node). For namespaced resources the cache will only hold objects from the desired namespace. @@ -27164,13 +28039,11 @@ spec: GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation allowed for that controller. - When a controller is registered within this manager using the builder utilities, users have to specify the type the controller reconciles in the For(...) call. If the object's kind passed matches one of the keys in this map, the concurrency for that controller is set to the number specified. - The key is expected to be consistent in form with GroupKind.String(), e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`. type: object @@ -27366,20 +28239,20 @@ spec: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. - This field may not be empty. + This field may be empty. type: string severity: description: |- - Severity provides an explicit classification of Reason code, so the users or machines can immediately + severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: - description: Status of the condition, one of True, False, Unknown. + description: status of the condition, one of True, False, Unknown. type: string type: description: |- - Type of condition in CamelCase or in foo.example.com/CamelCase. + type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string diff --git a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml index df56237..0c47267 100644 --- a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml +++ b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml @@ -5,8 +5,10 @@ core: "" bootstrap: "" controlPlane: "" infrastructure: "" +ipam: "" addon: "" manager.featureGates: {} +fetchConfig: {} # --- # Common configuration secret options configSecret: {} @@ -19,13 +21,12 @@ leaderElection: image: manager: repository: registry.k8s.io/capi-operator/cluster-api-operator - tag: v0.14.0 + tag: v0.17.0 pullPolicy: IfNotPresent env: manager: [] -healthAddr: ":8081" -metricsBindAddr: "127.0.0.1:8080" -diagnosticsAddress: "8443" +diagnosticsAddress: ":8443" +healthAddr: ":9440" insecureDiagnostics: false watchConfigSecret: false imagePullSecrets: {} diff --git a/rancher-turtles-chart/questions.yml b/rancher-turtles-chart/questions.yml index 8f043d9..973cc33 100644 --- a/rancher-turtles-chart/questions.yml +++ b/rancher-turtles-chart/questions.yml @@ -11,11 +11,16 @@ questions: - variable: cluster-api-operator.cert-manager.enabled default: false type: boolean - description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually" + description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually." label: "Enable Cert Manager" + - variable: turtlesUI.enabled + default: false + type: boolean + description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually." + label: "Install CAPI UI (Experimental)" - variable: rancherTurtles.cluster-api-operator.cleanup default: true - description: "Specify that the CAPI Operator post-delete cleanup job will be performed" + description: "Specify that the CAPI Operator post-delete cleanup job will be performed." type: boolean label: Cleanup CAPI Operator installation group: "CAPI Operator cleanup settings" @@ -25,20 +30,31 @@ questions: label: "Enable RKE2 Provider" type: boolean - variable: rancherTurtles.features.addon-provider-fleet.enabled - default: false - description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles" + default: true + description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles." type: boolean label: Seamless integration with Fleet and CAPI group: "Rancher Turtles Features Settings" - variable: rancherTurtles.features.agent-tls-mode.enabled default: false - description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters" + description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters." type: boolean label: Enable Agent TLS Mode group: "Rancher Turtles Features Settings" - variable: rancherTurtles.kubectlImage default: "registry.suse.com/edge/3.2/kubectl:1.30.3" - description: "Specify the image to use when running kubectl in jobs" + description: "Specify the image to use when running kubectl in jobs." type: string label: Kubectl Image group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.day2operations.enabled + label: "Enable Day 2 Operations functionality in Rancher Turtles" + description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore." + type: boolean + group: "Rancher Turtles Features Settings" + - variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled + label: "Enable ETCD Backup and Restore" + description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles." + type: boolean + group: "ETCD Backup and Restore Settings" + show_if: "rancherTurtles.features.day2operations.enabled" diff --git a/rancher-turtles-chart/templates/addon-provider-fleet.yaml b/rancher-turtles-chart/templates/addon-provider-fleet.yaml index c12ef2a..c5bfbce 100644 --- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml +++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml @@ -10,6 +10,12 @@ metadata: "helm.sh/hook-weight": "2" spec: type: addon + deployment: + containers: + - name: manager + imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0 + - name: helm-manager + imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0 additionalManifests: name: fleet-addon-config namespace: '{{ .Values.rancherTurtles.namespace }}' diff --git a/rancher-turtles-chart/templates/deployment.yaml b/rancher-turtles-chart/templates/deployment.yaml index 6a0da62..1955d0f 100644 --- a/rancher-turtles-chart/templates/deployment.yaml +++ b/rancher-turtles-chart/templates/deployment.yaml @@ -26,7 +26,7 @@ spec: containers: - args: - --leader-elect - - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}} + - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}} {{- range .Values.rancherTurtles.managerArguments }} - {{ . }} {{- end }} diff --git a/rancher-turtles-chart/templates/rancher-turtles-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-components.yaml index c6ef6ed..7aae90a 100644 --- a/rancher-turtles-chart/templates/rancher-turtles-components.yaml +++ b/rancher-turtles-chart/templates/rancher-turtles-components.yaml @@ -3385,6 +3385,17 @@ rules: - patch - update - watch +- apiGroups: + - catalog.cattle.io + resources: + - uiplugins + verbs: + - create + - delete + - get + - list + - patch + - watch - apiGroups: - cluster.x-k8s.io resources: @@ -3450,6 +3461,15 @@ rules: - get - list - watch +- apiGroups: + - rbac.authorization.k8s.io + resourceNames: + - rancher-turtles-manager-role + resources: + - clusterroles + verbs: + - get + - list - apiGroups: - turtles-capi.cattle.io resources: diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml new file mode 100644 index 0000000..c749175 --- /dev/null +++ b/rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml @@ -0,0 +1,793 @@ +{{- if index .Values "rancherTurtles" "features" "clusterclass-operations" "enabled" }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: clusterclass + name: clusterupgradegroups.rollout.turtles-capi.cattle.io +spec: + group: rollout.turtles-capi.cattle.io + names: + kind: ClusterUpgradeGroup + listKind: ClusterUpgradeGroupList + plural: clusterupgradegroups + singular: clusterupgradegroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterUpgradeGroup is the Schema for the clusterupgrades API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterUpgradeGroupSpec defines the desired state of ClusterUpgradeGroup + properties: + className: + type: string + rolloutStrategy: + description: |- + RolloutStrategy controls the rollout of bundles, by defining + partitions, canaries and percentages for cluster availability. + properties: + rollingUpdate: + description: |- + Rolling update config params. Present only if + RolloutStrategyType = RollingUpdate. + properties: + maxFailures: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of failed attempts before skipping the update for a given + cluster. + x-kubernetes-int-or-string: true + maxRollouts: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be in update state (non-active) during a + rolling update. + x-kubernetes-int-or-string: true + rolloutDelay: + anyOf: + - type: integer + - type: string + description: The delay between subsequent cluster rollouts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. + Default is RollingUpdate. + type: string + type: object + targets: + description: Targets refer to the clusters that should be upgraded. + items: + properties: + clusterGroup: + description: ClusterGroup to match a specific cluster group + by name. + nullable: true + type: string + clusterGroupSelector: + description: ClusterGroupSelector is a selector to match cluster + groups. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterName: + description: |- + ClusterName to match a specific cluster by name that will be + selected + nullable: true + type: string + clusterSelector: + description: |- + ClusterSelector is a selector to match clusters. The structure is + the standard metav1.LabelSelector format. If clusterGroupSelector or + clusterGroup is specified, clusterSelector will be used only to + further refine the selection after clusterGroupSelector and + clusterGroup is evaluated. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + doNotDeploy: + description: DoNotDeploy if set to true, will not deploy to + this target. + type: boolean + name: + description: |- + Name of target. This value is largely for display and logging. If + not specified a default name of the format "target000" will be used + type: string + type: object + type: array + required: + - className + type: object + status: + description: ClusterUpgradeGroupStatus defines the observed state of ClusterUpgradeGroup + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + turtles-capi.cattle.io: clusterclass + name: clusterupgrades.rollout.turtles-capi.cattle.io +spec: + group: rollout.turtles-capi.cattle.io + names: + kind: ClusterUpgrade + listKind: ClusterUpgradeList + plural: clusterupgrades + singular: clusterupgrade + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterUpgrade is the Schema for the clusterupgrades API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterUpgradeSpec defines the desired state of ClusterUpgrade + properties: + className: + type: string + rolloutStrategy: + description: |- + RolloutStrategy controls the rollout of bundles, by defining + partitions, canaries and percentages for cluster availability. + properties: + autoPartitionSize: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of how to automatically partition clusters if no + specific partitioning strategy is configured. + default: 25% + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of clusters that can be unavailable during an update + of a bundle. This follows the same basic approach as a deployment rollout + strategy. Once the number of clusters meets unavailable state update will be + paused. Default value is 100% which doesn't take effect on update. + default: 100% + x-kubernetes-int-or-string: true + maxUnavailablePartitions: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of cluster partitions that can be unavailable during + an update of a bundle. + default: 0 + x-kubernetes-int-or-string: true + partitions: + description: |- + A list of definitions of partitions. If any target clusters do not match + the configuration they are added to partitions at the end following the + autoPartitionSize. + items: + description: Partition defines a separate rollout strategy for + a set of clusters. + properties: + clusterGroup: + description: A cluster group name to include in this partition + type: string + clusterGroupSelector: + description: Selector matching cluster group labels to include + in this partition + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterName: + description: ClusterName is the name of a cluster to include + in this partition + type: string + clusterSelector: + description: Selector matching cluster labels to include + in this partition + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + A number or percentage of clusters that can be unavailable in this + partition before this partition is treated as done. + default: 10% + x-kubernetes-int-or-string: true + name: + description: A user-friendly name given to the partition + used for Display (optional). + type: string + type: object + type: array + type: object + targets: + description: Targets refer to the clusters that should be upgraded. + items: + properties: + clusterGroup: + description: ClusterGroup to match a specific cluster group + by name. + nullable: true + type: string + clusterGroupSelector: + description: ClusterGroupSelector is a selector to match cluster + groups. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + clusterName: + description: |- + ClusterName to match a specific cluster by name that will be + selected + nullable: true + type: string + clusterSelector: + description: |- + ClusterSelector is a selector to match clusters. The structure is + the standard metav1.LabelSelector format. If clusterGroupSelector or + clusterGroup is specified, clusterSelector will be used only to + further refine the selection after clusterGroupSelector and + clusterGroup is evaluated. + nullable: true + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + doNotDeploy: + description: DoNotDeploy if set to true, will not deploy to + this target. + type: boolean + name: + description: |- + Name of target. This value is largely for display and logging. If + not specified a default name of the format "target000" will be used + type: string + type: object + type: array + required: + - className + type: object + status: + description: ClusterUpgradeStatus defines the observed state of ClusterUpgrade + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-leader-election-role + namespace: {{ index .Values "rancherTurtles" "namespace" }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rancher-turtles/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles/aggregate-to-manager: "true" + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-manager-role +rules: +- apiGroups: + - cluster.x-k8s.io + resources: + - clusterclasses + - clusters + - clusters/status + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - rollout.turtles-capi.cattle.io + resources: + - clusterupgradegroups + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rollout.turtles-capi.cattle.io + resources: + - clusterupgradegroups/status + verbs: + - get + - patch + - update +- apiGroups: + - rollout.turtles-capi.cattle.io + resources: + - clusterupgradegroupss/finalizers + verbs: + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-leader-election-rolebinding + namespace: {{ index .Values "rancherTurtles" "namespace" }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rancher-turtles-clusterclass-leader-election-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-clusterclass-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: turtles-rollout-poc + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: turtles-rollout-poc + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rancher-turtles-clusterclass-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-clusterclass-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + turtles-capi.cattle.io: clusterclass + name: rancher-turtles-clusterclass-controller-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + turtles-capi.cattle.io: clusterclass + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + turtles-capi.cattle.io: clusterclass + spec: + containers: + - args: + - --leader-elect + command: + - ./turtles-clusterclass-operations + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- $imageVersion := index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" -}} + {{- if contains "sha256:" $imageVersion }} + image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}@{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }} + {{- else }} + image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}:{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }} + {{- end }} + imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imagePullPolicy" }}' + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: rancher-turtles-clusterclass-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane +{{- end }} diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml new file mode 100644 index 0000000..657e22e --- /dev/null +++ b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml @@ -0,0 +1,659 @@ +{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: day2-operations + name: etcdmachinesnapshots.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: ETCDMachineSnapshot + listKind: ETCDMachineSnapshotList + plural: etcdmachinesnapshots + singular: etcdmachinesnapshot + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot + properties: + clusterName: + type: string + location: + type: string + machineName: + type: string + required: + - clusterName + type: object + x-kubernetes-validations: + - message: ETCD snapshot location can't be empty. + rule: size(self.clusterName)>0 + status: + default: {} + description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore + properties: + error: + type: string + phase: + description: ETCDSnapshotPhase is a string representation of the phase + of the etcd snapshot + type: string + s3Snapshots: + items: + properties: + creationTime: + description: CreationTime is the timestamp when the snapshot + was taken by etcd. + format: date-time + type: string + location: + type: string + name: + type: string + required: + - location + - name + type: object + type: array + snapshotFileName: + type: string + snapshots: + items: + properties: + creationTime: + description: CreationTime is the timestamp when the snapshot + was taken by etcd. + format: date-time + type: string + location: + type: string + machineName: + type: string + name: + type: string + required: + - location + - machineName + - name + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: day2-operations + name: etcdsnapshotrestores.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: ETCDSnapshotRestore + listKind: ETCDSnapshotRestoreList + plural: etcdsnapshotrestores + singular: etcdsnapshotrestore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. + properties: + clusterName: + type: string + etcdMachineSnapshotName: + type: string + required: + - clusterName + - etcdMachineSnapshotName + type: object + x-kubernetes-validations: + - message: Cluster Name can't be empty. + rule: size(self.clusterName)>0 + - message: ETCD machine snapshot name can't be empty. + rule: size(self.etcdMachineSnapshotName)>0 + status: + default: {} + description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. + properties: + conditions: + description: Conditions provide observations of the operational state + of a Cluster API resource. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may be empty. + type: string + severity: + description: |- + severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + phase: + default: Pending + description: ETCDSnapshotPhase is a string representation of the phase + of the etcd snapshot + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + labels: + turtles-capi.cattle.io: day2-operations + name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io +spec: + group: turtles-capi.cattle.io + names: + kind: RKE2EtcdMachineSnapshotConfig + listKind: RKE2EtcdMachineSnapshotConfigList + plural: rke2etcdmachinesnapshotconfigs + singular: rke2etcdmachinesnapshotconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state + of RKE2EtcdMachineSnapshotConfig + properties: + local: + properties: + dataDir: + type: string + required: + - dataDir + type: object + s3: + properties: + bucket: + type: string + endpoint: + type: string + endpointCAsecret: + type: string + folder: + type: string + insecure: + type: boolean + region: + type: string + s3CredentialSecret: + type: string + skipSSLVerify: + type: boolean + type: object + required: + - local + - s3 + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-role + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: role + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-leader-election-role + namespace: {{ index .Values "rancherTurtles" "namespace" }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +--- +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rancher-turtles-exp/aggregate-to-manager: "true" +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-aggregated-manager-role +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + rancher-turtles-exp/aggregate-to-manager: "true" + rancher-turtles/aggregate-to-manager: "true" + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-manager-role +rules: +- apiGroups: + - "" + resources: + - configmaps + - events + - secrets + - serviceaccounts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - get +- apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + - rke2configs/finalizers + - rke2configs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - management.cattle.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - etcdmachinesnapshots + - etcdsnapshotrestores + - rke2etcdmachinesnapshotconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - turtles-capi.cattle.io + resources: + - etcdmachinesnapshots/finalizers + - etcdsnapshotrestores/finalizers + - rke2etcdmachinesnapshotconfigs/finalizers + verbs: + - update +- apiGroups: + - turtles-capi.cattle.io + resources: + - etcdmachinesnapshots/status + - etcdsnapshotrestores/status + - rke2etcdmachinesnapshotconfigs/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: leader-election-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: rolebinding + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-leader-election-rolebinding + namespace: {{ index .Values "rancherTurtles" "namespace" }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rancher-turtles-day2-operations-leader-election-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-day2-operations-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: manager-rolebinding + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: clusterrolebinding + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rancher-turtles-day2-operations-aggregated-manager-role +subjects: +- kind: ServiceAccount + name: rancher-turtles-day2-operations-manager + namespace: {{ index .Values "rancherTurtles" "namespace" }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + turtles-capi.cattle.io: day2-operations +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-serving-cert + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + dnsNames: + - rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc + - rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local + issuerRef: + kind: Issuer + name: rancher-turtles-day2-operations-selfsigned-issuer + secretName: rancher-turtles-day2-operations-webhook-service-cert +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-selfsigned-issuer + namespace: {{ index .Values "rancherTurtles" "namespace" }} +spec: + selfSigned: {} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-mutating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: systemagentrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert + labels: + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} + path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot + failurePolicy: Fail + matchPolicy: Equivalent + name: etcdmachinesnapshot.kb.io + rules: + - apiGroups: + - turtles-capi.cattle.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - etcdmachinesnapshots + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: rancher-turtles-day2-operations-webhook-service + namespace: {{ index .Values "rancherTurtles" "namespace" }} + path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore + failurePolicy: Fail + matchPolicy: Equivalent + name: etcdsnapshotrestore.kb.io + rules: + - apiGroups: + - turtles-capi.cattle.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - etcdsnapshotrestores + sideEffects: None +{{- end }} diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml new file mode 100644 index 0000000..ad0f3cb --- /dev/null +++ b/rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml @@ -0,0 +1,106 @@ +{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + control-plane: controller-manager + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-controller-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +spec: + replicas: 1 + selector: + matchLabels: + control-plane: controller-manager + turtles-capi.cattle.io: day2-operations + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + control-plane: controller-manager + turtles-capi.cattle.io: day2-operations + spec: + containers: + - args: + - --leader-elect + - --feature-gates=etcd-backup-restore={{ .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }} + command: + - ./turtles-day2-operations + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- if (contains "sha256:" .Values.rancherTurtles.features.day2operations.imageVersion) }} + image: '{{ .Values.rancherTurtles.features.day2operations.image }}@{{ .Values.rancherTurtles.features.day2operations.imageVersion }}' + {{- else }} + image: '{{ .Values.rancherTurtles.features.day2operations.image }}:{{ .Values.rancherTurtles.features.day2operations.imageVersion }}' + {{- end }} + imagePullPolicy: '{{ .Values.rancherTurtles.features.day2operations.imagePullPolicy }}' + livenessProbe: + httpGet: + path: /healthz + port: 9440 + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: 9440 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + volumeMounts: + {{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + {{- end }} + serviceAccountName: rancher-turtles-day2-operations-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + {{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }} + - name: cert + secret: + secretName: rancher-turtles-day2-operations-webhook-service-cert + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: rancher-turtles + app.kubernetes.io/instance: controller-manager-sa + app.kubernetes.io/managed-by: kustomize + app.kubernetes.io/name: serviceaccount + app.kubernetes.io/part-of: rancher-turtles + turtles-capi.cattle.io: day2-operations + name: rancher-turtles-day2-operations-manager + namespace: '{{ .Values.rancherTurtles.namespace }}' +{{- end }} \ No newline at end of file diff --git a/rancher-turtles-chart/templates/ui-plugin.yaml b/rancher-turtles-chart/templates/ui-plugin.yaml new file mode 100644 index 0000000..3929ad4 --- /dev/null +++ b/rancher-turtles-chart/templates/ui-plugin.yaml @@ -0,0 +1,16 @@ +{{- if and (index .Values "turtlesUI" "enabled") (index .Values "rancherTurtles" "rancherInstalled") }} +apiVersion: catalog.cattle.io/v1 +kind: UIPlugin +metadata: + name: capi + namespace: '{{ .Values.rancherTurtles.namespace }}' +spec: + plugin: + endpoint: https://raw.githubusercontent.com/rancher/capi-ui-extension/gh-pages/extensions/capi/{{ index .Values "turtlesUI" "version" | toString }} + name: capi + version: {{ index .Values "turtlesUI" "version" }} + metadata: + catalog.cattle.io/display-name: CAPI UI + catalog.cattle.io/experimental: "true" + catalog.cattle.io/ui-extensions-version: ">= 3.0.0" +{{- end }} diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index 6a50bf3..23665a8 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -1,6 +1,9 @@ +turtlesUI: + enabled: false + version: v0.8.2 rancherTurtles: image: registry.rancher.com/rancher/rancher/turtles - imageVersion: v0.16.0 + imageVersion: v0.17.0 imagePullPolicy: IfNotPresent namespace: rancher-turtles-system managerArguments: [] @@ -8,17 +11,24 @@ rancherTurtles: rancherInstalled: false kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3 features: - etcd-snapshot-restore: + day2operations: enabled: false image: registry.rancher.com/rancher/rancher/turtles - imageVersion: v0.16.0 + imageVersion: v0.17.0 imagePullPolicy: IfNotPresent + etcdBackupRestore: + enabled: false # beta feature, see documentation for more information on feature stages addon-provider-fleet: - enabled: false + enabled: true # alpha feature, see documentation for more information on feature stages agent-tls-mode: enabled: false + clusterclass-operations: + enabled: false + image: registry.rancher.com/rancher/rancher/turtles + imageVersion: v0.17.0 + imagePullPolicy: IfNotPresent cluster-api-operator: enabled: true cert-manager: @@ -71,13 +81,13 @@ cluster-api-operator: selector: "" metal3: enabled: true - version: "v1.9.2" + version: "v1.9.3" infrastructure: namespace: capm3-system - imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2" + imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3" fetchConfig: url: "" selector: "" ipam: namespace: capm3-system - imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3" + imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.4" -- 2.49.0 From 2a3c37b31d57f5145aa4522321c4473b1e45e719c076fda7689265705b84ff7e Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Thu, 20 Mar 2025 16:50:55 +0000 Subject: [PATCH 25/55] release-manifest: update rancher-turtles version Update to 0.17.0 chart --- release-manifest-image/release_manifest.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 9dd0a51..00bd71b 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -175,4 +175,4 @@ spec: - prettyName: RancherTurtles releaseName: rancher-turtles chart: %%CHART_REPO%%/%%IMG_PREFIX%%rancher-turtles-chart - version: %%CHART_MAJOR%%.0.0+up0.16.0 + version: %%CHART_MAJOR%%.0.0+up0.17.0 -- 2.49.0 From 8e56e1edd3e98e2b429b34fa48098a5687dc866560b57fdd543a1c4839d67233 Mon Sep 17 00:00:00 2001 From: Marco Chiappero Date: Thu, 20 Mar 2025 09:06:03 +0000 Subject: [PATCH 26/55] Update the IPA ramdisk to 3.0.2 Force nmc to run before NetworkManager to avoid race conditions that can lead to undetermined network configuration. Signed-off-by: Marco Chiappero --- ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi | 2 +- ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec | 2 +- ironic-ipa-ramdisk/root.tar.bz2 | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi index 686ba41..dfe043c 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi @@ -1,5 +1,5 @@ - + Cloud developers cloud-devel@suse.de diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec index f52d842..ceda68c 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec @@ -19,7 +19,7 @@ Name: ironic-ipa-ramdisk -Version: 3.0.1 +Version: 3.0.2 Release: 0 Summary: Kernel and ramdisk image for OpenStack Ironic License: SUSE-EULA diff --git a/ironic-ipa-ramdisk/root.tar.bz2 b/ironic-ipa-ramdisk/root.tar.bz2 index 6eeaaec..958587a 100644 --- a/ironic-ipa-ramdisk/root.tar.bz2 +++ b/ironic-ipa-ramdisk/root.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:ccfdbc7c36bfeb2fc11ea8632d0bdc869ee31bdf9a0758c1432fb672a51e1476 -size 3866 +oid sha256:4b0a38766de3d82718c47b1efc1eafae8bbae7d15235ba7feaa7d52f4a6f479a +size 3315 -- 2.49.0 From e439f489cad63af6672aa3c8faee12da0f7a1448423bc5458df23bdb35457b54 Mon Sep 17 00:00:00 2001 From: Marco Chiappero Date: Thu, 20 Mar 2025 09:43:17 +0000 Subject: [PATCH 27/55] Bump Metal3 version Signed-off-by: Marco Chiappero --- metal3-chart/Chart.yaml | 10 +++++----- metal3-chart/charts/ironic/Chart.yaml | 2 +- metal3-chart/charts/ironic/values.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index 486327d..d7f6529 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,7 +1,7 @@ -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.0 -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.1 +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.1-%RELEASE% apiVersion: v2 -appVersion: 0.10.0 +appVersion: 0.10.1 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator @@ -10,7 +10,7 @@ dependencies: - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.9.3 + version: 0.9.4 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.0+up0.10.0" +version: "%%CHART_MAJOR%%.0.0+up0.10.1" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index 7114956..4dfed9b 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 26.1.2 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.9.3 +version: 0.9.4 diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index b9e69e3..e061b6f 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -60,7 +60,7 @@ images: ironicIPADownloader: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader pullPolicy: IfNotPresent - tag: 3.0.1 + tag: 3.0.2 nameOverride: "" fullnameOverride: "" -- 2.49.0 From 3d1a70e87a0542ec3a7f6ef98b69a6fc2f961a5839b9e4055884bee87283a60b Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Fri, 21 Mar 2025 15:31:31 +0000 Subject: [PATCH 28/55] rancher-turtles-chart: remove stale file This was removed in the 0.17.0 chart but I didn't notice when rebasing --- ...er-turtles-exp-etcdrestore-components.yaml | 760 ------------------ 1 file changed, 760 deletions(-) delete mode 100644 rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml diff --git a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml b/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml deleted file mode 100644 index c0e7119..0000000 --- a/rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml +++ /dev/null @@ -1,760 +0,0 @@ -{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - labels: - turtles-capi.cattle.io: etcd-restore - name: etcdmachinesnapshots.turtles-capi.cattle.io -spec: - group: turtles-capi.cattle.io - names: - kind: ETCDMachineSnapshot - listKind: ETCDMachineSnapshotList - plural: etcdmachinesnapshots - singular: etcdmachinesnapshot - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot - properties: - clusterName: - type: string - location: - type: string - machineName: - type: string - required: - - clusterName - type: object - x-kubernetes-validations: - - message: ETCD snapshot location can't be empty. - rule: size(self.clusterName)>0 - status: - default: {} - description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore - properties: - error: - type: string - phase: - description: ETCDSnapshotPhase is a string representation of the phase - of the etcd snapshot - type: string - s3Snapshots: - items: - properties: - creationTime: - description: CreationTime is the timestamp when the snapshot - was taken by etcd. - format: date-time - type: string - location: - type: string - name: - type: string - required: - - location - - name - type: object - type: array - snapshotFileName: - type: string - snapshots: - items: - properties: - creationTime: - description: CreationTime is the timestamp when the snapshot - was taken by etcd. - format: date-time - type: string - location: - type: string - machineName: - type: string - name: - type: string - required: - - location - - machineName - - name - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - labels: - turtles-capi.cattle.io: etcd-restore - name: etcdsnapshotrestores.turtles-capi.cattle.io -spec: - group: turtles-capi.cattle.io - names: - kind: ETCDSnapshotRestore - listKind: ETCDSnapshotRestoreList - plural: etcdsnapshotrestores - singular: etcdsnapshotrestore - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore - API. - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. - properties: - clusterName: - type: string - etcdMachineSnapshotName: - type: string - required: - - clusterName - - etcdMachineSnapshotName - type: object - x-kubernetes-validations: - - message: Cluster Name can't be empty. - rule: size(self.clusterName)>0 - - message: ETCD machine snapshot name can't be empty. - rule: size(self.etcdMachineSnapshotName)>0 - status: - default: {} - description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. - properties: - conditions: - description: Conditions provide observations of the operational state - of a Cluster API resource. - items: - description: Condition defines an observation of a Cluster API resource - operational state. - properties: - lastTransitionTime: - description: |- - Last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when - the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - A human readable message indicating details about the transition. - This field may be empty. - type: string - reason: - description: |- - The reason for the condition's last transition in CamelCase. - The specific API may choose whether or not this field is considered a guaranteed API. - This field may be empty. - type: string - severity: - description: |- - severity provides an explicit classification of Reason code, so the users or machines can immediately - understand the current situation and act accordingly. - The Severity field MUST be set only when Status=False. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability to deconflict is important. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - phase: - default: Pending - description: ETCDSnapshotPhase is a string representation of the phase - of the etcd snapshot - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - controller-gen.kubebuilder.io/version: v0.16.1 - labels: - turtles-capi.cattle.io: etcd-restore - name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io -spec: - group: turtles-capi.cattle.io - names: - kind: RKE2EtcdMachineSnapshotConfig - listKind: RKE2EtcdMachineSnapshotConfigList - plural: rke2etcdmachinesnapshotconfigs - singular: rke2etcdmachinesnapshotconfig - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state - of RKE2EtcdMachineSnapshotConfig - properties: - local: - properties: - dataDir: - type: string - required: - - dataDir - type: object - s3: - properties: - bucket: - type: string - endpoint: - type: string - endpointCAsecret: - type: string - folder: - type: string - insecure: - type: boolean - region: - type: string - s3CredentialSecret: - type: string - skipSSLVerify: - type: boolean - type: object - required: - - local - - s3 - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: controller-manager-sa - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: serviceaccount - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: leader-election-role - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: role - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-leader-election-role - namespace: {{ index .Values "rancherTurtles" "namespace" }} -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rancher-turtles-exp/aggregate-to-manager: "true" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - rancher-turtles-exp/aggregate-to-manager: "true" - rancher-turtles/aggregate-to-manager: "true" - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-manager-role -rules: -- apiGroups: - - "" - resources: - - configmaps - - events - - secrets - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts/token - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get -- apiGroups: - - bootstrap.cluster.x-k8s.io - resources: - - rke2configs - - rke2configs/finalizers - - rke2configs/status - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - - clusters/status - - machines - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - management.cattle.io - resources: - - '*' - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots - - etcdsnapshotrestores - - rke2etcdmachinesnapshotconfigs - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots/finalizers - - etcdsnapshotrestores/finalizers - - rke2etcdmachinesnapshotconfigs/finalizers - verbs: - - update -- apiGroups: - - turtles-capi.cattle.io - resources: - - etcdmachinesnapshots/status - - etcdsnapshotrestores/status - - rke2etcdmachinesnapshotconfigs/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: leader-election-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: rolebinding - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding - namespace: {{ index .Values "rancherTurtles" "namespace" }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: rancher-turtles-etcdsnapshotrestore-leader-election-role -subjects: -- kind: ServiceAccount - name: rancher-turtles-etcdsnapshotrestore-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: rancher-turtles - app.kubernetes.io/instance: manager-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/part-of: rancher-turtles - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role -subjects: -- kind: ServiceAccount - name: rancher-turtles-etcdsnapshotrestore-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - turtles-capi.cattle.io: etcd-restore ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - control-plane: controller-manager - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-controller-manager - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - turtles-capi.cattle.io: etcd-restore - template: - metadata: - annotations: - kubectl.kubernetes.io/default-container: manager - labels: - control-plane: controller-manager - turtles-capi.cattle.io: etcd-restore - spec: - containers: - - args: - - --leader-elect - command: - - ./etcd-snapshot-restore - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - {{- $imageVersion := index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" -}} - {{- if contains "sha256:" $imageVersion }} - image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}@{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }} - {{- else }} - image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}:{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }} - {{- end }} - imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imagePullPolicy" }}' - livenessProbe: - httpGet: - path: /healthz - port: 9440 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: 9440 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - - effect: NoSchedule - key: node-role.kubernetes.io/control-plane - volumes: - - name: cert - secret: - secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-serving-cert - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - dnsNames: - - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc - - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local - issuerRef: - kind: Issuer - name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer - secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer - namespace: {{ index .Values "rancherTurtles" "namespace" }} -spec: - selfSigned: {} ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} - path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config - failurePolicy: Fail - name: systemagentrke2config.kb.io - rules: - - apiGroups: - - bootstrap.cluster.x-k8s.io - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - rke2configs - sideEffects: None ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - annotations: - cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert - labels: - turtles-capi.cattle.io: etcd-restore - name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} - path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot - failurePolicy: Fail - matchPolicy: Equivalent - name: etcdmachinesnapshot.kb.io - rules: - - apiGroups: - - turtles-capi.cattle.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - etcdmachinesnapshots - sideEffects: None -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: rancher-turtles-etcdsnapshotrestore-webhook-service - namespace: {{ index .Values "rancherTurtles" "namespace" }} - path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore - failurePolicy: Fail - matchPolicy: Equivalent - name: etcdsnapshotrestore.kb.io - rules: - - apiGroups: - - turtles-capi.cattle.io - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - etcdsnapshotrestores - sideEffects: None -{{- end }} -- 2.49.0 From c610436551264a8010edeb4f997ad46eb5ab6dabe52b61ac2de8f5adfc567963 Mon Sep 17 00:00:00 2001 From: Marco Chiappero Date: Mon, 24 Mar 2025 09:04:27 +0000 Subject: [PATCH 29/55] Fix IPA Downloader version, bump to 3.0.2 Update the Dockerfile to be aligned with the IPA ramdisk and metal3 Chart. Signed-off-by: Marco Chiappero --- ironic-ipa-downloader-image/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile index 3a22750..9bad185 100644 --- a/ironic-ipa-downloader-image/Dockerfile +++ b/ironic-ipa-downloader-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.2 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.2-%RELEASE% #!BuildVersion: 15.6 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -26,11 +26,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.1" +LABEL org.opencontainers.image.version="3.0.2" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.2-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" -- 2.49.0 From 53f09dd00f6956eabfe8bc88cd048231466c3b2f0834b581839fe90ca944c503 Mon Sep 17 00:00:00 2001 From: Jiri Tomasek Date: Wed, 19 Mar 2025 15:48:00 +0100 Subject: [PATCH 30/55] Update kubevirt-dashboard-extension-chart to v302.0.0+up1.2.1 --- kubevirt-dashboard-extension-chart/Chart.yaml | 5 +++-- kubevirt-dashboard-extension-chart/templates/_helpers.tpl | 4 ++-- kubevirt-dashboard-extension-chart/templates/cr.yaml | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/kubevirt-dashboard-extension-chart/Chart.yaml b/kubevirt-dashboard-extension-chart/Chart.yaml index 3137422..16f6f91 100644 --- a/kubevirt-dashboard-extension-chart/Chart.yaml +++ b/kubevirt-dashboard-extension-chart/Chart.yaml @@ -13,9 +13,10 @@ annotations: catalog.cattle.io/ui-component: plugins catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0" apiVersion: v2 -appVersion: 1.2.1 +appVersion: 302.0.0+up1.2.1 description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard' -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg name: kubevirt-dashboard-extension type: application version: "%%CHART_MAJOR%%.0.0+up1.2.1" +icon: >- + https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg diff --git a/kubevirt-dashboard-extension-chart/templates/_helpers.tpl b/kubevirt-dashboard-extension-chart/templates/_helpers.tpl index 3ccd515..b183967 100644 --- a/kubevirt-dashboard-extension-chart/templates/_helpers.tpl +++ b/kubevirt-dashboard-extension-chart/templates/_helpers.tpl @@ -38,7 +38,7 @@ Common labels helm.sh/chart: {{ include "extension-server.chart" . }} {{ include "extension-server.selectorLabels" . }} {{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} @@ -60,4 +60,4 @@ Pkg annotations {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/kubevirt-dashboard-extension-chart/templates/cr.yaml b/kubevirt-dashboard-extension-chart/templates/cr.yaml index 1ecf20c..dc75767 100644 --- a/kubevirt-dashboard-extension-chart/templates/cr.yaml +++ b/kubevirt-dashboard-extension-chart/templates/cr.yaml @@ -8,7 +8,7 @@ spec: plugin: name: {{ include "extension-server.fullname" . }} version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }} - endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1 + endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/302.0.0+up1.2.1 noCache: {{ .Values.plugin.noCache }} noAuth: {{ .Values.plugin.noAuth }} metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }} \ No newline at end of file -- 2.49.0 From 48472176f20062f45219ab078a4c610ec2de33fe4863a7785e7bbcd8bc5c7f74 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Mon, 24 Mar 2025 13:32:49 +0000 Subject: [PATCH 31/55] metal3-chart: Remove stale files I missed this in #88 - we need to remove these template files to align with https://github.com/suse-edge/charts/commit/00421ca826f02fa259158100f72c7f1a91f230e0 --- .../templates/clusterrole-metrics-reader.yaml | 11 ----------- .../templates/clusterrole-proxy.yaml | 19 ------------------- .../templates/clusterrolebinding-proxy.yaml | 14 -------------- .../templates/service-controller-manager.yaml | 14 -------------- 4 files changed, 58 deletions(-) delete mode 100644 metal3-chart/charts/baremetal-operator/templates/clusterrole-metrics-reader.yaml delete mode 100644 metal3-chart/charts/baremetal-operator/templates/clusterrole-proxy.yaml delete mode 100644 metal3-chart/charts/baremetal-operator/templates/clusterrolebinding-proxy.yaml delete mode 100644 metal3-chart/charts/baremetal-operator/templates/service-controller-manager.yaml diff --git a/metal3-chart/charts/baremetal-operator/templates/clusterrole-metrics-reader.yaml b/metal3-chart/charts/baremetal-operator/templates/clusterrole-metrics-reader.yaml deleted file mode 100644 index cad7903..0000000 --- a/metal3-chart/charts/baremetal-operator/templates/clusterrole-metrics-reader.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "baremetal-operator.fullname" . }}-metrics-reader - labels: - {{- include "baremetal-operator.labels" . | nindent 4 }} -rules: -- nonResourceURLs: - - /metrics - verbs: - - get diff --git a/metal3-chart/charts/baremetal-operator/templates/clusterrole-proxy.yaml b/metal3-chart/charts/baremetal-operator/templates/clusterrole-proxy.yaml deleted file mode 100644 index db6d71d..0000000 --- a/metal3-chart/charts/baremetal-operator/templates/clusterrole-proxy.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "baremetal-operator.fullname" . }}-proxy-role - labels: - {{- include "baremetal-operator.labels" . | nindent 4 }} -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/metal3-chart/charts/baremetal-operator/templates/clusterrolebinding-proxy.yaml b/metal3-chart/charts/baremetal-operator/templates/clusterrolebinding-proxy.yaml deleted file mode 100644 index 5207b62..0000000 --- a/metal3-chart/charts/baremetal-operator/templates/clusterrolebinding-proxy.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "baremetal-operator.fullname" . }}-proxy-rolebinding - labels: - {{- include "baremetal-operator.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "baremetal-operator.fullname" . }}-proxy-role -subjects: -- kind: ServiceAccount - name: {{ include "baremetal-operator.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/metal3-chart/charts/baremetal-operator/templates/service-controller-manager.yaml b/metal3-chart/charts/baremetal-operator/templates/service-controller-manager.yaml deleted file mode 100644 index 64f39a6..0000000 --- a/metal3-chart/charts/baremetal-operator/templates/service-controller-manager.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - {{- include "baremetal-operator.labels" . | nindent 4 }} - control-plane: controller-manager - name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager -- 2.49.0 From 083c753a0ddd2a4a9e70933d72483dd0f66e8b2011cfe767e76158334759bbad Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Mon, 24 Mar 2025 15:46:23 +0200 Subject: [PATCH 32/55] [3.3.0] kubevirt update to 0.5.0 --- kubevirt-chart/Chart.yaml | 8 +- kubevirt-chart/crds/kubevirt.yaml | 280 +++++++----------- .../templates/kubevirt-operator.yaml | 54 ++-- kubevirt-chart/templates/kubevirt.yaml | 4 + kubevirt-chart/values.yaml | 21 +- 5 files changed, 175 insertions(+), 192 deletions(-) diff --git a/kubevirt-chart/Chart.yaml b/kubevirt-chart/Chart.yaml index 6fddeb9..ef55647 100644 --- a/kubevirt-chart/Chart.yaml +++ b/kubevirt-chart/Chart.yaml @@ -1,9 +1,9 @@ -#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE% -#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0 +#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0 apiVersion: v2 -appVersion: 1.3.1 +appVersion: 1.4.0 description: A Helm chart for KubeVirt icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg name: kubevirt type: application -version: "%%CHART_MAJOR%%.0.0+up0.4.0" +version: "%%CHART_MAJOR%%.0.0+up0.5.0" diff --git a/kubevirt-chart/crds/kubevirt.yaml b/kubevirt-chart/crds/kubevirt.yaml index a0bd71c..0093721 100644 --- a/kubevirt-chart/crds/kubevirt.yaml +++ b/kubevirt-chart/crds/kubevirt.yaml @@ -231,6 +231,17 @@ spec: type: object type: object x-kubernetes-map-type: atomic + commonInstancetypesDeployment: + description: CommonInstancetypesDeployment controls the deployment + of common-instancetypes resources + nullable: true + properties: + enabled: + description: Enabled controls the deployment of common-instancetypes + resources, defaults to True. + nullable: true + type: boolean + type: object controllerConfiguration: description: |- ReloadableComponentConfiguration holds all generic k8s configuration options which can @@ -412,6 +423,23 @@ spec: description: PullPolicy describes a policy for if/when to pull a container image type: string + instancetype: + description: Instancetype configuration + nullable: true + properties: + referencePolicy: + description: |- + ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are: + reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM. + expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated. + expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated. + enum: + - reference + - expand + - expandAll + nullable: true + type: string + type: object ksmConfiguration: description: KSMConfiguration holds the information regarding the enabling the KSM in the nodes (if available). @@ -470,8 +498,9 @@ spec: features properties: maxCpuSockets: - description: MaxCpuSockets holds the maximum amount of sockets - that can be hotplugged + description: |- + MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own. + For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets. format: int32 type: integer maxGuest: @@ -577,7 +606,7 @@ spec: description: |- CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, - the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 + the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150 format: int64 type: integer disableTLS: @@ -640,34 +669,6 @@ spec: ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. version: v1alphav1 properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -696,7 +697,7 @@ spec: domainAttachmentType: description: |- DomainAttachmentType is a standard domain network attachment method kubevirt supports. - Supported values: "tap". + Supported values: "tap", "managedTap" (since v1.4). The standard domain attachment can be used instead or in addition to the sidecarImage. version: 1alphav1 type: string @@ -874,37 +875,10 @@ spec: usually idle and don't require a lot of memory or cpu. properties: resources: - description: ResourceRequirements describes the compute - resource requirements. + description: |- + ResourceRequirementsWithoutClaims describes the compute resource requirements. + This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field. properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -958,10 +932,8 @@ spec: MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. Protocol versions are based on the following most common TLS configurations: - https://ssl-config.mozilla.org/ - Note that SSLv3.0 is not a supported protocol version due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE enum: @@ -1091,10 +1063,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -1411,7 +1386,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1426,7 +1401,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1594,7 +1569,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1609,7 +1584,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1775,7 +1750,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1790,7 +1765,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1958,7 +1933,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -1973,7 +1948,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2164,7 +2139,6 @@ spec: BatchEvictionInterval Represents the interval to wait before issuing the next batch of shutdowns - Defaults to 1 minute type: string batchEvictionSize: @@ -2172,7 +2146,6 @@ spec: BatchEvictionSize Represents the number of VMIs that can be forced updated per the BatchShutdownInteral interval - Defaults to 10 type: integer workloadUpdateMethods: @@ -2183,7 +2156,6 @@ spec: precedence over more disruptive methods. For example if both LiveMigrate and Shutdown methods are listed, only VMs which are not live migratable will be restarted/shutdown - An empty list defaults to no automated workload updating items: type: string @@ -2491,7 +2463,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2506,7 +2478,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2674,7 +2646,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2689,7 +2661,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2855,7 +2827,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -2870,7 +2842,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3038,7 +3010,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3053,7 +3025,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -3516,6 +3488,17 @@ spec: type: object type: object x-kubernetes-map-type: atomic + commonInstancetypesDeployment: + description: CommonInstancetypesDeployment controls the deployment + of common-instancetypes resources + nullable: true + properties: + enabled: + description: Enabled controls the deployment of common-instancetypes + resources, defaults to True. + nullable: true + type: boolean + type: object controllerConfiguration: description: |- ReloadableComponentConfiguration holds all generic k8s configuration options which can @@ -3697,6 +3680,23 @@ spec: description: PullPolicy describes a policy for if/when to pull a container image type: string + instancetype: + description: Instancetype configuration + nullable: true + properties: + referencePolicy: + description: |- + ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are: + reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM. + expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated. + expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated. + enum: + - reference + - expand + - expandAll + nullable: true + type: string + type: object ksmConfiguration: description: KSMConfiguration holds the information regarding the enabling the KSM in the nodes (if available). @@ -3755,8 +3755,9 @@ spec: features properties: maxCpuSockets: - description: MaxCpuSockets holds the maximum amount of sockets - that can be hotplugged + description: |- + MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own. + For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets. format: int32 type: integer maxGuest: @@ -3862,7 +3863,7 @@ spec: description: |- CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, - the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800 + the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150 format: int64 type: integer disableTLS: @@ -3925,34 +3926,6 @@ spec: ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding. version: v1alphav1 properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -3981,7 +3954,7 @@ spec: domainAttachmentType: description: |- DomainAttachmentType is a standard domain network attachment method kubevirt supports. - Supported values: "tap". + Supported values: "tap", "managedTap" (since v1.4). The standard domain attachment can be used instead or in addition to the sidecarImage. version: 1alphav1 type: string @@ -4159,37 +4132,10 @@ spec: usually idle and don't require a lot of memory or cpu. properties: resources: - description: ResourceRequirements describes the compute - resource requirements. + description: |- + ResourceRequirementsWithoutClaims describes the compute resource requirements. + This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field. properties: - claims: - description: |- - Claims lists the names of resources, defined in spec.resourceClaims, - that are used by this container. - - - This is an alpha field and requires enabling the - DynamicResourceAllocation feature gate. - - - This field is immutable. It can only be set for containers. - items: - description: ResourceClaim references one entry in - PodSpec.ResourceClaims. - properties: - name: - description: |- - Name must match the name of one entry in pod.spec.resourceClaims of - the Pod where this field is used. It makes that resource available - inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -4243,10 +4189,8 @@ spec: MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections. Protocol versions are based on the following most common TLS configurations: - https://ssl-config.mozilla.org/ - Note that SSLv3.0 is not a supported protocol version due to well known vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE enum: @@ -4376,10 +4320,13 @@ spec: referenced object inside the same namespace. properties: name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string type: object x-kubernetes-map-type: atomic @@ -4696,7 +4643,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4711,7 +4658,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4879,7 +4826,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -4894,7 +4841,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5060,7 +5007,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5075,7 +5022,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5243,7 +5190,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5258,7 +5205,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5449,7 +5396,6 @@ spec: BatchEvictionInterval Represents the interval to wait before issuing the next batch of shutdowns - Defaults to 1 minute type: string batchEvictionSize: @@ -5457,7 +5403,6 @@ spec: BatchEvictionSize Represents the number of VMIs that can be forced updated per the BatchShutdownInteral interval - Defaults to 10 type: integer workloadUpdateMethods: @@ -5468,7 +5413,6 @@ spec: precedence over more disruptive methods. For example if both LiveMigrate and Shutdown methods are listed, only VMs which are not live migratable will be restarted/shutdown - An empty list defaults to no automated workload updating items: type: string @@ -5776,7 +5720,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5791,7 +5735,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5959,7 +5903,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -5974,7 +5918,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6140,7 +6084,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6155,7 +6099,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6323,7 +6267,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array @@ -6338,7 +6282,7 @@ spec: pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set. - This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default). items: type: string type: array diff --git a/kubevirt-chart/templates/kubevirt-operator.yaml b/kubevirt-chart/templates/kubevirt-operator.yaml index 52f2b62..bd06bdb 100644 --- a/kubevirt-chart/templates/kubevirt-operator.yaml +++ b/kubevirt-chart/templates/kubevirt-operator.yaml @@ -606,15 +606,35 @@ rules: - apiGroups: - snapshot.kubevirt.io resources: - - '*' + - virtualmachinesnapshots + - virtualmachinesnapshots/status + - virtualmachinesnapshotcontents + - virtualmachinesnapshotcontents/status + - virtualmachinesnapshotcontents/finalizers + - virtualmachinerestores + - virtualmachinerestores/status verbs: - - '*' + - get + - list + - watch + - create + - update + - delete + - patch - apiGroups: - export.kubevirt.io resources: - - '*' + - virtualmachineexports + - virtualmachineexports/status + - virtualmachineexports/finalizers verbs: - - '*' + - get + - list + - watch + - create + - update + - delete + - patch - apiGroups: - pool.kubevirt.io resources: @@ -636,6 +656,12 @@ rules: - '*' verbs: - '*' + - apiGroups: + - kubevirt.io + resources: + - virtualmachines/finalizers + verbs: + - update - apiGroups: - subresources.kubevirt.io resources: @@ -844,6 +870,7 @@ rules: - virtualmachineinstances/userlist - virtualmachineinstances/sev/fetchcertchain - virtualmachineinstances/sev/querylaunchmeasurement + - virtualmachineinstances/usbredir verbs: - get - apiGroups: @@ -992,6 +1019,7 @@ rules: - virtualmachineinstances/userlist - virtualmachineinstances/sev/fetchcertchain - virtualmachineinstances/sev/querylaunchmeasurement + - virtualmachineinstances/usbredir verbs: - get - apiGroups: @@ -1264,7 +1292,7 @@ metadata: name: virt-operator namespace: {{ .Release.Namespace }} spec: - replicas: 2 + replicas: {{ .Values.operator.replicas }} selector: matchLabels: kubevirt.io: virt-operator @@ -1279,17 +1307,7 @@ spec: name: virt-operator spec: affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchExpressions: - - key: kubevirt.io - operator: In - values: - - virt-operator - topologyKey: kubernetes.io/hostname - weight: 1 +{{- .Values.operator.affinity | toYaml | nindent 8 }} containers: - args: - --port @@ -1325,9 +1343,7 @@ spec: initialDelaySeconds: 5 timeoutSeconds: 10 resources: - requests: - cpu: 10m - memory: 450Mi +{{- .Values.operator.resources | toYaml | nindent 12 }} securityContext: allowPrivilegeEscalation: false capabilities: diff --git a/kubevirt-chart/templates/kubevirt.yaml b/kubevirt-chart/templates/kubevirt.yaml index 430e87c..7cd8b15 100644 --- a/kubevirt-chart/templates/kubevirt.yaml +++ b/kubevirt-chart/templates/kubevirt.yaml @@ -20,6 +20,10 @@ spec: {{- if .Values.kubevirt.uninstallStrategy }} uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }} {{- end }} + {{- with .Values.kubevirt.workloads }} + workloads: + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.kubevirt.workloadUpdateStrategy }} workloadUpdateStrategy: {{- toYaml . | nindent 4 }} diff --git a/kubevirt-chart/values.yaml b/kubevirt-chart/values.yaml index f5ae221..2f3c89f 100644 --- a/kubevirt-chart/values.yaml +++ b/kubevirt-chart/values.yaml @@ -1,7 +1,24 @@ operator: image: registry.suse.com/suse/sles/15.6/virt-operator - version: 1.3.1-150600.5.9.1 + version: 1.4.0-150600.5.15.1 + replicas: 2 pullPolicy: IfNotPresent + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: kubevirt.io + operator: In + values: + - virt-operator + topologyKey: kubernetes.io/hostname + weight: 1 + resources: + requests: + cpu: 10m + memory: 450Mi kubevirt: # Holds kubevirt configurations. Same as the virt-configMap. @@ -14,6 +31,8 @@ kubevirt: # Specifies if KubeVirt can be deleted if workloads are still present. # This is mainly a precaution to avoid accidental data loss. uninstallStrategy: "" + # Selectors and tolerations that should apply to KubeVirt workloads. + workloads: {} # WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates. workloadUpdateStrategy: {} # Optionally enable ServiceMonitor for prometheus, see -- 2.49.0 From 98fa8835f791d4690cfa0915caa1bd500108694a20b035bc322896d30b3d7e13 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Fri, 28 Feb 2025 12:25:36 +0100 Subject: [PATCH 33/55] Install both ramdisks in the ipa downloader - Make the different ipa-ramdisk packages installable side by side - Clean the ipa-downloader Dockerfile from what seems to be unneeded - Get both images in - Use zstd instead of xz for better speed - Check sums before redoing certs integration - Add value to metal3 chart to select between architectures - Get the two ESP available as well Signed-off-by: Nicolas Belouin --- _config | 4 + baremetal-operator/_service | 2 +- baremetal-operator/baremetal-operator.spec | 2 +- ironic-image/Dockerfile | 21 +- ironic-image/configure-ironic.sh | 2 +- ironic-image/inspector.ipxe.j2 | 4 +- ironic-image/ironic.conf.j2 | 2 +- ironic-image/prepare-efi.sh | 51 +- ironic-image/runhttpd | 2 +- ironic-ipa-downloader-image/Dockerfile | 22 +- ironic-ipa-downloader-image/get-resource.sh | 68 +- ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi | 2 +- ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec | 8 +- metal3-chart/Chart.yaml | 12 +- .../charts/baremetal-operator/Chart.yaml | 4 +- .../templates/configmap-ironic.yaml | 6 +- .../charts/baremetal-operator/values.yaml | 2 +- metal3-chart/charts/ironic/Chart.yaml | 2 +- .../charts/ironic/templates/configmap.yaml | 6 +- metal3-chart/charts/ironic/values.yaml | 4 +- metal3-chart/values.yaml | 3 + .../shim-15.7-150300.4.16.1.aarch64.rpm | Bin 0 -> 425452 bytes .../shim-15.7-150300.4.16.1.x86_64.rpm | Bin 0 -> 489336 bytes shim-noarch/shim.changes | 1099 +++++++++++++++++ shim-noarch/shim.spec | 90 ++ 25 files changed, 1310 insertions(+), 108 deletions(-) create mode 100644 shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm create mode 100644 shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm create mode 100644 shim-noarch/shim.changes create mode 100644 shim-noarch/shim.spec diff --git a/_config b/_config index 023dbc2..3a0f922 100644 --- a/_config +++ b/_config @@ -86,6 +86,7 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:metallb-controller-image BuildFlags: onlybuild:metallb-speaker-image BuildFlags: onlybuild:nm-configurator + BuildFlags: onlybuild:shim-noarch %endif %endif @@ -112,6 +113,9 @@ BuildFlags: onlybuild:release-manifest-image %if "%_repository" == "standard" # for build openstack-ironic-image BuildFlags: allowrootforbuild + + # ironic-ipa-ramdisk are noarch packages that need to be availble to both archs + ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64 %endif # Enable reproducible builds diff --git a/baremetal-operator/_service b/baremetal-operator/_service index 5ec987e..a4725fd 100644 --- a/baremetal-operator/_service +++ b/baremetal-operator/_service @@ -2,7 +2,7 @@ https://github.com/metal3-io/baremetal-operator git - v0.9.0 + v0.9.1 _auto_ @PARENT_TAG@ enable diff --git a/baremetal-operator/baremetal-operator.spec b/baremetal-operator/baremetal-operator.spec index 9e2f10a..5e31967 100644 --- a/baremetal-operator/baremetal-operator.spec +++ b/baremetal-operator/baremetal-operator.spec @@ -17,7 +17,7 @@ Name: baremetal-operator -Version: 0.9.0 +Version: 0.9.1 Release: 0 Summary: Implements a Kubernetes API for managing bare metal hosts License: Apache-2.0 diff --git a/ironic-image/Dockerfile b/ironic-image/Dockerfile index d072397..ea5e3e3 100644 --- a/ironic-image/Dockerfile +++ b/ironic-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3 -#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4 +#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE% #!BuildVersion: 15.6 ARG SLE_VERSION @@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base -#!ArchExclusiveLine: x86_64 -RUN if [ "$(uname -m)" = "x86_64" ];then \ - zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \ - fi -#!ArchExclusiveLine: aarch64 -RUN if [ "$(uname -m)" = "aarch64" ];then \ - zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\ - fi +RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools + WORKDIR /tmp COPY prepare-efi.sh /bin/ RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh @@ -46,8 +40,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opencontainers.image.version="26.1.2.3" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%" +LABEL org.opencontainers.image.version="26.1.2.4" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" @@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\ cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\ fi -COPY --from=base /tmp/esp.img /tmp/uefi_esp.img +COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img +COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img COPY ironic.conf.j2 /etc/ironic/ COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/ diff --git a/ironic-image/configure-ironic.sh b/ironic-image/configure-ironic.sh index dbf8a67..8ab2404 100644 --- a/ironic-image/configure-ironic.sh +++ b/ironic-image/configure-ironic.sh @@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then fi fi -IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent +IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}" if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel" export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs" diff --git a/ironic-image/inspector.ipxe.j2 b/ironic-image/inspector.ipxe.j2 index 7616b12..c105178 100644 --- a/ironic-image/inspector.ipxe.j2 +++ b/ironic-image/inspector.ipxe.j2 @@ -5,6 +5,6 @@ echo In inspector.ipxe imgfree # NOTE(dtantsur): keep inspection kernel params in [mdns]params in # ironic-inspector-image and configuration in configure-ironic.sh -kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot -initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot +kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot +initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot boot diff --git a/ironic-image/ironic.conf.j2 b/ironic-image/ironic.conf.j2 index 894b8cc..58bc69d 100644 --- a/ironic-image/ironic.conf.j2 +++ b/ironic-image/ironic.conf.j2 @@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }} # Power state is checked every 60 seconds and BMC activity should # be avoided more often than once every sixty seconds. send_sensor_data_interval = 160 -bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img +bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img verify_step_priority_override = management.clear_job_queue:90 # We don't use this feature, and it creates an additional load on the database node_history = False diff --git a/ironic-image/prepare-efi.sh b/ironic-image/prepare-efi.sh index a293187..d4b2f2e 100644 --- a/ironic-image/prepare-efi.sh +++ b/ironic-image/prepare-efi.sh @@ -2,41 +2,26 @@ set -euxo pipefail -ARCH=$(uname -m) -DEST=${2:-/tmp/esp.img} -OS=${1:-sles} +declare -A efi_arch=( + ["x86_64"]="X64" + ["aarch64"]="AA64" + ) -if [ $ARCH = "aarch64" ]; then - BOOTEFI=BOOTAA64.EFI - GRUBEFI=grubaa64.efi -else - BOOTEFI=BOOTX64.efi - GRUBEFI=grubx64.efi -fi +for arch in "${!efi_arch[@]}"; do + + DEST=/tmp/esp-${arch}.img -dd bs=1024 count=6400 if=/dev/zero of=$DEST -mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST + dd bs=1024 count=6400 if=/dev/zero of=$DEST + mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST + + mmd -i $DEST EFI + mmd -i $DEST EFI/BOOT + + mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI + mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI + + mdir -i $DEST ::EFI/BOOT; +done -mkdir -p /boot/efi/EFI/BOOT -mkdir -p /boot/efi/EFI/$OS -if [ $ARCH = "aarch64" ]; then - cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI - cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi - cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi -else - cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI - #cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI - cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi -fi -mmd -i $DEST EFI -mmd -i $DEST EFI/BOOT -mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT -if [ $ARCH = "aarch64" ]; then - mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT - mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT -else - mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT -fi -mdir -i $DEST ::EFI/BOOT; diff --git a/ironic-image/runhttpd b/ironic-image/runhttpd index 4622f26..e5b8dcc 100644 --- a/ironic-image/runhttpd +++ b/ironic-image/runhttpd @@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS # Copy files to shared mount render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe -cp /tmp/uefi_esp.img /shared/html/uefi_esp.img +cp /tmp/uefi_esp*.img /shared/html/ # Render the core httpd config render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile index 9bad185..1122428 100644 --- a/ironic-ipa-downloader-image/Dockerfile +++ b/ironic-ipa-downloader-image/Dockerfile @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.2 -#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.2-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3 +#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE% #!BuildVersion: 15.6 ARG SLE_VERSION FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro @@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base COPY --from=micro / /installroot/ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf -#!ArchExclusiveLine: x86_64 -RUN if [ "$(uname -m)" = "x86_64" ];then \ - zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \ - fi -#!ArchExclusiveLine: aarch64 -RUN if [ "$(uname -m)" = "aarch64" ];then \ - zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \ - fi -#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release; +RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils + RUN cp /usr/bin/getopt /installroot/ FROM micro AS final @@ -26,11 +19,11 @@ FROM micro AS final LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image" LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="3.0.2" +LABEL org.opencontainers.image.version="3.0.3" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.2-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" @@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released" COPY --from=base /installroot / RUN cp /getopt /usr/bin/ -RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp +RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp +RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256 # configure non-root user COPY configure-nonroot.sh /bin/ RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh diff --git a/ironic-ipa-downloader-image/get-resource.sh b/ironic-ipa-downloader-image/get-resource.sh index 2b11a24..4a75f6c 100644 --- a/ironic-ipa-downloader-image/get-resource.sh +++ b/ironic-ipa-downloader-image/get-resource.sh @@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY} export no_proxy=${no_proxy:-$NO_PROXY} +if [ -d "/tmp/ironic-certificates" ]; then + sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256 + if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then + CERTS_CHANGED=0 + else + CERTS_CHANGED=1 + fi +fi + # Which image should we use if [ -z "${IPA_BASEURI}" ]; then - # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package + if cmp "/shared/images.sha256" "/tmp/images.sha256"; then + if [ "${CERTS_CHANGED:-0}" = "0" ]; then + # everything is the same exit early + exit 0 + fi + fi + IMAGE_CHANGED=1 + # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages mkdir -p /shared/html/images - cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs - cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel + cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs + cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel + # Use arm64 as destination for iPXE compatibility + cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs + cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel + + cp /tmp/images.sha256 /shared/images.sha256 else FILENAME=ironic-python-agent FILENAME_EXT=.tar @@ -25,47 +46,56 @@ else # If we have a CACHEURL and nothing has yet been downloaded # get header info from the cache ls -l - if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then + if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true fi # Download the most recent version of IPA if [ -e $FFILENAME.headers ] ; then ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r") - cd $TMPDIR - curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers . + cd "$TMPDIR" + curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers . # curl didn't download anything because we have the ETag already # but we don't have it in the images directory # Its in the cache, go get it ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") - if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then + if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then mv /shared/html/images/$FFILENAME.headers . curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME" fi else - cd $TMPDIR - curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME + cd "$TMPDIR" + curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" fi if [ -s $FFILENAME ] ; then tar -xf $FFILENAME - + xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd + mv $FILENAME.initramfs.zstd $FILENAME.initramfs + ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3) + if [ "$ARCH" = "x86" ]; then + ARCH="x86_64" + fi ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") cd - - chmod 755 $TMPDIR - mv $TMPDIR $FILENAME-$ETAG - ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers - ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs - ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel + chmod 755 "$TMPDIR" + mv "$TMPDIR" "$FILENAME-$ETAG" + ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers" + ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs" + ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel" + + IMAGE_CHANGED=1 else - rm -rf $TMPDIR + rm -rf "$TMPDIR" fi fi -if [ -d "/tmp/ironic-certificates" ]; then +if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd - xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i mkdir -p etc/ironic-python-agent.d/ca-certs cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/ - find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs + for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do + find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}" + done + cp /tmp/certificates.sha256 /shared/certificates.sha256 fi diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi index dfe043c..594b8c0 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi @@ -1,5 +1,5 @@ - + Cloud developers cloud-devel@suse.de diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec index ceda68c..3785871 100644 --- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec +++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec @@ -19,7 +19,7 @@ Name: ironic-ipa-ramdisk -Version: 3.0.2 +Version: 3.0.3 Release: 0 Summary: Kernel and ramdisk image for OpenStack Ironic License: SUSE-EULA @@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX` cd /tmp/openstack-ironic-image/img/build/image-root find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp cd $TDIR -gzip -9 -f initrdtmp -INITRDGZ=`ls *.gz | head -1` -gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz -INITRD=`ls *.xz | head -1` +zstd initrdtmp -o initrd-%{_arch}.zst +INITRD=`ls *.zst | head -1` ls /tmp/openstack-ironic-image/img/openstack-ironic-image* KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1` diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index d7f6529..bdaef46 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,16 +1,16 @@ -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.1 -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0 +#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE% apiVersion: v2 -appVersion: 0.10.1 +appVersion: 0.11.0 dependencies: - alias: metal3-baremetal-operator name: baremetal-operator repository: file://./charts/baremetal-operator - version: 0.9.0 + version: 0.9.1 - alias: metal3-ironic name: ironic repository: file://./charts/ironic - version: 0.9.4 + version: 0.10.0 - alias: metal3-mariadb condition: global.enable_mariadb name: mariadb @@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg name: metal3 type: application -version: "%%CHART_MAJOR%%.0.0+up0.10.1" +version: "%%CHART_MAJOR%%.0.2+up0.11.0" diff --git a/metal3-chart/charts/baremetal-operator/Chart.yaml b/metal3-chart/charts/baremetal-operator/Chart.yaml index ffc076a..d9b1527 100644 --- a/metal3-chart/charts/baremetal-operator/Chart.yaml +++ b/metal3-chart/charts/baremetal-operator/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -appVersion: 0.9.0 +appVersion: 0.9.1 description: A Helm chart for baremetal-operator, used by Metal3 name: baremetal-operator type: application -version: 0.9.0 +version: 0.9.1 diff --git a/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml b/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml index 86ed040..550e610 100644 --- a/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml +++ b/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml @@ -5,6 +5,7 @@ {{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }} + {{- $deployArch := .Values.global.deployArchitecture }} apiVersion: v1 data: @@ -19,8 +20,9 @@ data: {{- $protocol = "http" }} {{- end }} CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images" - DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel" - DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs" + DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel" + DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs" + DEPLOY_ARCHITECTURE: "{{ $deployArch }}" kind: ConfigMap metadata: name: baremetal-operator-ironic diff --git a/metal3-chart/charts/baremetal-operator/values.yaml b/metal3-chart/charts/baremetal-operator/values.yaml index 90008e7..07bd439 100644 --- a/metal3-chart/charts/baremetal-operator/values.yaml +++ b/metal3-chart/charts/baremetal-operator/values.yaml @@ -28,7 +28,7 @@ images: baremetalOperator: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator pullPolicy: IfNotPresent - tag: "0.9.0" + tag: "0.9.1" imagePullSecrets: [] nameOverride: "manger" diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml index 4dfed9b..c6c7aa7 100644 --- a/metal3-chart/charts/ironic/Chart.yaml +++ b/metal3-chart/charts/ironic/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 26.1.2 description: A Helm chart for Ironic, used by Metal3 name: ironic type: application -version: 0.9.4 +version: 0.10.0 diff --git a/metal3-chart/charts/ironic/templates/configmap.yaml b/metal3-chart/charts/ironic/templates/configmap.yaml index dafe310..c5846db 100644 --- a/metal3-chart/charts/ironic/templates/configmap.yaml +++ b/metal3-chart/charts/ironic/templates/configmap.yaml @@ -12,6 +12,7 @@ data: {{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }} + {{- $deployArch := .Values.global.deployArchitecture }} {{- if ( .Values.global.enable_dnsmasq ) }} DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }} @@ -39,8 +40,9 @@ data: {{- end }} IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }} CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images - DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel - DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs + DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel + DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs + DEPLOY_ARCHITECTURE: {{ $deployArch }} IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }} IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }} ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}" diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index e061b6f..f62e089 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -56,11 +56,11 @@ images: ironic: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic pullPolicy: IfNotPresent - tag: 26.1.2.3 + tag: 26.1.2.4 ironicIPADownloader: repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader pullPolicy: IfNotPresent - tag: 3.0.2 + tag: 3.0.3 nameOverride: "" fullnameOverride: "" diff --git a/metal3-chart/values.yaml b/metal3-chart/values.yaml index b4ac0f9..e7c4f1b 100644 --- a/metal3-chart/values.yaml +++ b/metal3-chart/values.yaml @@ -63,6 +63,9 @@ global: # Name for the MariaDB service databaseServiceName: metal3-mariadb + # Architecture for deployed nodes (either x86_64 or arm64) + deployArchitecture: x86_64 + # In a multi-node cluster use the node selector to ensure the pods # all run on the same host where the dnsmasqDNSServer and provisioningIP # and /opt/media exist. Uncomment the nodeSelector and update the diff --git a/shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm b/shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..d780602d8aa0dcb039554acdd69057dd39f1adfca3450822955abca888f23afb GIT binary patch literal 425452 zcmeFa34BvU_dgsqfg)}wsDNI})&fbhFCdV%6sVM~3u~d=BsXnno5Un7EsKC6vZx>+ zDhdj+2_hf}il7x06;Tw$4HX5EML<~vW%+;4%)Lpv0LAC|zrXkWz4G~l^yc0>bLPz1 z&zYH{D~|21rNX~P!8}i)T4&N&@SoP8)oP3yomr!!d)56{Lsh5ZqmQpVSVR7;zDjk= zFZjDNK6UZ;m-xO(rK)i~zsCQn8n@%q5Pw|9|5oAM8aK<=iS&RuimxY>N_fwt`kaXT!_GDbam%kg@Px$58 zZD$SVe*Wa^jRRgh`AM@!_KrVm?6iDy@h_`xSTXzC%@-fq`?)VUWoXTDdzei&aw;wheb!LazAUfSTqeIl{OnRGW zafl9^(IrVXx5@30=-Q|<8%S@36$J8;7CznjS=|pFXWopLg>9Jmz#B=$;<0X_xi*k_{V5Kbtdd z#Z7yJQ5LK5V%(e36Rlf4AM^eGp*>pOzVZG8r|y1a|L0@BN$z*Y?ghub{w>>=@qX!v z%;F9AOkXz0Ib`VRZ%&^$-1zLqKCi{B(eG{a?F+4n|MZMC#jj4kA$xnk@Y@ev6DB`@ z-;@!rb!fHCw)V!Pjq7$hkFMUbynV+ryM{bBa>iSCCY>{__v|R>Sa(MEJ)Lr;@B95# zHf2-sfv@f>z3%AVj~9QsdwGNTJ5)_$>JiHR{r4{h{>8w*82A?h|6<@@4E&3Me=+bc z2L8pszZm!z1OH;+Ukv>J9s?}KcInb3KQMt9m`W8DhqJ3xFH`KS3qFX0y&S?fJ>$Yh zi7hB`HpJmnHSwYAL-?j^yu+?3?nc)XzoYvUcSDR%b*FrNRK9K}UmwFa;&7@N@-@Zf z=>6I9^>KXD{TJlx6Zoe4i{$H*^7Ur<`iy-2qkR3ReEpkzeHPz z0N=oGorCf<;SJYyUz4vX?uqB?ekNbv$nV#qeyKm2BRpR(MZUfj-+-asBz$8$wQs{W zo~^e`zTX7j^!)eu#vIm0Y?R&q1K)tH_8t6wefpiQY2NUBeZntY$Kf08*WZJ0YTt@) zv|s-qzWw;qhHpIIV3~YPc*6B9aq>0MAl_f{4Zi99?)b+0OMb#Pji(2{UP|Mj>r{N> z{iXCfT@RG+(>K9CNWMQ@zRt!s+FLpq-}L-YeAD}z_F*mgx_y#=7zQZ@c zR2^8GmZ`WJlT z-Iq1;^?rQQ^O!qTjbs(Y`&AV0$A8iB{;ZU4sRG>;3VfnV3a|$SPf!qrP{32{5eo!* zLiGC!JWes>@p*+%o)~H`jLeg~LZHaoUJyeesn8z^3L&51^W#_1>xz*|Bxg}b!r#77 zo)m~~01Wj~u* zIanKkJO}P1FeDWa2r5wwIP=U#RSZWu`bs8R&T!PvwWXHrN3>z}6#n85CeGYLIjVRX>0Y1=6~PSZ9!-kzgl-z@G~Fikx|udn6!vyq*w$&=HWteEQSv5n^0EuO!68#Iz8cK7Xm;4)_X%d@10S z3e-Voz~c`UNTFbYQwoIS>ljZk2SX9!;)T%+x&ogQWLFr>6#~vqS~QfICkYOzz&BC| zh5%`y_9o$YR6|S}yVii~N3HASAgoXf8Db ztV!%~YK0n6o)nAmgXkzge?=i72pSIHPs|IkgwO5PaP$RpJH@t)Q+igbgAO%=Owf03 zt&5MP2?OXYyRfGNQm8246DwnQHF*#~Q(j2OK%;$G zn`*PxZG8?h({(A+}`{FtJrU7sgwjFb1S7`33d;LM-qAJc=PT#{uXy(l}9W zxTh9EA8$b^lPIM^a-!hOlbrbi6HJm!X@XyL=8L(KKx7sa;v7L|3!Tnl(CJL^;dT_T z!{DeZfFRF7_yxBo#_b_#CI72^NTs^>6Mj*L^a}rX{f#qJH9CC=@q0+sFptUm#G{Ev zCoG!4{+It=G@<2$qYEx6FIE0_B|Y(Yh0hFnD)QURX^^8+`Sr|4@%^YuK;o9H$;+$PB?8Ffyh71=*Y)VV~H!>Dqa9WJM2 z*4m72(V^3uEl#(YvU)b7MQ=75&3c{N;MTg`2AgDdiB{2SHQ{lm!D=uVv{su{1qCCy z+$O!nrn9+RPKVxY(ixFTbm`2ZOKXwbXiG9W97dZ~(mE_QlUeJKOggPw>(rTSPABOD zv(BKGkam=;7D;abBnHW$ce%8ZBpOVj%VDxuwK^?e5uHd_8Vx3`Md!3wY(}$NXLf3x zD!s$(vg)lCql9+MR)KZnJh+~UNq}%Mw8KO)#}~IYl;}GUUF(} zrvCyS-N=EuU2fpVBV9C znO2Mt1xwcl3#6b13?KQq!e3;|T=rjpbl?Bze{2wyYYsHQfKwCj7XotlFxUK#DQ)^M zj_GW**%*(O?D*6WV1MH~{7-=478CtRaCp244l$UgVt++_a}5jo#B3xztCEF;$}a^9 z)Jb7QtpeNy9!FfVuh1Wmg0K&|c?zW7Vxbg_SMJd-T|K#w=8@m}ilwBR=~l3ZSSphiQjQyDd8jh21W|0a!|{jD=<40ymU1uNO?dG!KF>l#(7Cu#$^Zco@oJj}mIXOe@IqB`~ zIms)^a=L7==d}ByET?7NvYfl#Da*ONtv#pSK=v8-khW~tggy3Qz7h7JKT7tY{pXft zzwx>~dtJbuy?Sg}_Nw;wY-yl9yZ5oOY`fQ@DkBW4e3p@RP*VR>qc$M4#!}uuj6u|!~lr*_wz$Jz3j1tI2^96EM)rakWV2~AQ zxje9t?!kOfCbUsk97!eE10yd-pqIZ>zW4v9ue`a?W1`Lg?u8#juJIK|d?oN4BR!H! zDipod_VAtudi4ts0vqAJW#QX>H}8( zNoOG7a|JxPMbfD9oOUf8Q~{q_$YQYo7Yhk#n3R`TU`KShgyjAyYQ0vkSHrM2SOjlT zp#zZ}7L{QBmCb52S;<2tf87%d7LnJEm_P}*dpdloZ5lVZV0u{22c90+CP^U*Uel^SJDDI-8rK6iOg34u`&ib63TT|=$HnI%V; znjqmC9$I8zJSOLWD0bl~G^4;zgQLIw2r2+Kg^1aCT|%+PDG9|=ASh~pWd@hqSAZxB zb-|}zz_erf^CUD@;LG(mY4RWy{0Kh)A8yR85JzrFdj=C(F7d)h#MK0sCm0I&ay%|} zKk7COkKvy{@R1|WB8ho0!i7Rluuu#k=0x`*E%4u1v%Jsthy(fjXh<0=H7W>0S`7UU zfeSbDPhko}1j@~l>7D3LEytxI+@jZM4OTrmOmrjIDL4y!LBe~QB>L64qCZSw_!ZMc zKNG_kI3{^Wlzu}T4|IrTfchY34;FF5bcbivDdu1@sC5Lf+VFQP##u9XsEa%sG?tvG zYtvpp=vHVGrnRUi*nJIAsgq)^L?MV>5n*#4%%O-`C$FzPnhN^B4+W3{pb`pQvM47D zT_H%tE(9Vb>Pu!|MS@t(4vWF1LoA1pgv$j+qCR9oq%MmX&QiOgd8xof&HIAtfK(uf zU>8t2`VTV=Lm?+BMqdc_0DJ{ApzAAQ1}zb8`nPLCUbM&OgVx(J+=63vA`O$=`qz15)A=>=z?)F1Kz zZ}}a-@hpleWcKYPh()11U%)d8lfnXa9w~@UjW)?5YF$ECABT$i_7~=WMtuQSj^7!e zU@Rzs2^C^i7zmg*Mj7&zrXWZps5et2$|R6?%s>=EBnd?!=oS6JJWK@yXDrQivFHuO zGMM@%rxOq+r`~B0U3k^&LL}Gaal54e#f+UG3ku_+V=tsr0T2vH#|BvFE5ZZCz5>{= zLBUnT*aeYRXa+=f5lJMRqixaTG+7KrA(a|%6@fL?YOhaCI1KZ+&rf+0CIPrcV(Koe ze*}?nd{_q(snAW*69`*&Kri8E)hy;yVm0Sry2YRql21_`{Fa=jpnF$UrHRntefwk} zPMqE+IVB?_r*BG5x3t9W8J*O*{g+~ zEN#GeiqOwB%jJ9KqSC6D5c_l?z@`^1Xa-tB5(=e2E{PAHP;AoZY#M}+*>HJs3f?QU zcaa}bQW6V^97p;BT+@143m!ywVCJ#m@-UAQXy(L0Hc;<@G;`2GeG@a2dkDn_L90#B z8;1&f_Bsfuyb;P?AiV}^49AShHO3lIBiqE2Z@1`j?wKxTw6lOyFSZ$DwZw1Oh1%k zmiTf*VO{qn;2{YrOJp#7Kq9k=l9LF=X{b5sR4X|U-qs1dNKR1-L_lW7!??xI!+lUt zkQ&5HA^Mr#vFV+9hh9jRn23Tn>E+8$10K>dSt<*hLGnue5ieLBCY!@-V>2xZ5McQ< zBH{^_E`o*UB{fJt5L>|^$4fFYkXL2UTn(RiLuYiE4F;Rg)f05Wp=ZfqHJ59$wg=${ zWR4Vt-dSmQ38K+paTwTacM!T26v3n;KnkToU!ast7t|9oPdsX;2>gOInXS&V#Sofk zMej074u^?#nM3)T9I_qI9<(1iMXHCn7I;z;jW(UmS?NjAc$BmT4&|=hMP4V#WW1zx zx{X-q#1N=16bm3u)h=HVrTl=%)I`wE@r&I1DVgeGU?1VWMTv|;gRZg=6QKuA2UhzTQfp(BEn2s&`D%xMwY~6Hlt~nUQTopAn{GPMpB7*K!Ot2iYD0|WHZ_(C}>!Y5@@3D z_69shX+z0o#h?oPOsL~2_7J&MFilyi7B7&zXD{e268;8A%KeQ z!1xmOE&N(U<@xXO1w9rke{X5tv0`s6Ki+o zp)SGc^cBI#W31M~XeCTkkAqngNIm;T!gYo{?iKL56|a-zt{y+LCW^&So?j{uc?&ip zS{TybFtoZH&f3VAyngT~ePlpPXr}rc&l&+Yk0PRilP-bBX+S0|wL|HR2>ZgW$c0A? z{FNWPNl&<=!B>kHSql_t_7#XhhX-b$pLeM)l?nAC65$B7GpRHBnxdfVM)fTa@KmWmmO1H;NJN5}6VS*GDKt`o z`$fu^TZFRE6m?=bOMnBHS!E;Saz<=I(%^tPs-0@hAzqQS3Czvv6ER+sHJ9FPsK6&3 zn7eja3C5VbNJY^b^rMYtVilUwV!Cc=*n;Ndzk7O&taW_D%1BDgoo zTQv~-lD6@~MIlY21UWl&6Dj;v%Hnd=NmxxG@KWkU3>QDxt-0y5gGxL0KYY?0Y!uLS@01AxDx7auaSu_;k=240W z%bHw3F0RUJ)Ts1M^qABee95Ll;Hqci$sr6;H8 z3}Z2)GzcXK*8x;PAqM7oXq;|}^GPf{BnO?y=@|*PCj?W11?14M9Hb|TAcqAG7*%1y z<)YxVEb-;&GtXfufiaFTiYPPZN3P;zNd&}b5e9I>#70yJ{Ym746E=8JqMqv5%!)dx zqHzi>A)!vbCcr|eY56iqAecF!+>u7JJn{zng%!mTpOlA6(PK#D>GWFaI2qgnca|n4 zD?N=g9}8Y6?k$?2WN-&uBPtpywX^yZm!veLvl;YOJvEdr75gaLMJ;jKqQ=6c#ilkE z)Itt+A!tL6krW{R25k6zDAD9?#bO+4VI;Bw5;cclI`f$oS`spmc`T4%1-i)HB*l)_ zloW|k2{S6ZgvKzntO}TgUAPjKvt)t~b-oBH^E<39)P#v}WeD*^X+V2qs7&`W=#uar z4HN}nh_6xowwe$Vt~|xaBM_l?o~Xgl{m6@l8I(*5a^5IN$zr2QB8Y|V3gl!E%j6Jc zKIkgIi2F7l8%eX#fh!DvSV=Ro=QO9}Z&!WZc9oA4GaIj!}BT zq02YY%Zke7A@IUlW)ihMSziw@qm9?(3q1T1=Q2xB?i9p;r{YB>0tP&jDe(v*I7YDQb0Q!F ztSE8~xgn=7z>;c6H?{mYL?nX4A%^5I&0%IMyB?TR5Jw246XbDCToIcE)v}mUL)L=~ zSe8T${D*&sMNegfN|#YG62UyD%>~QEs>r$y+_IE`rCC&jAo&Gx)J$8Yp?Hq3FdXSp zxXWt?#h^D>jiP9mL!!|Ay8O=Yg+a)%vhL$S|K^L19+PjP#}Tn zlnPihnG_DwVYH%yt+(JEiYBYpZDa4qA1*YiB50BZ^&iGpkpaIo-= zhz_UosHVbvT(nd0np}H~6x@6ND62&1j?geeOf^& zd)$h34o;I2>L5*=(Id52PS=$FDQP+VQ__?AWTbFvCW@nlLKrkEw^-DhwO}@46@bpo z%@S5~0_s4#9(`hY3Ai12AU^bXQSieJJx~JzkZv+n+#a|Bbep9EWMTxtV-*0yB+O03 z;&PboV%=f0HKeG3W(TGigJ)fE)kc{c^vxbKm|Q5fvO)kM6$FdlLmY+WQG8_!Q?W2# zWQOvDyiX%SDBoH&@NvszjgUNH}945UL%V^vP zWHUNoFH$lQ71a@^2cS^J8+8evmne?bCbIWIDps45c%BuYu_;1A3YHOaQep!A7o;m$ z&SI4vtAHSKV!<-`;GDc4jaH1rpi2ku7{##KS!e7o)t%GPAy)eZk$lSw!O5h85Ke!h#cH+~fNo#DBK0B*QC)Zq(u9aTJU0z(SGz+|R!5#}OCk+tZJ`Bn@%#IAH$nIm*ZK8_(US;>IWyfWryq))o2dvY?W z_`utcO&Sdc66UMX>53X1%TUI}D^d#F0Ul$yHkN#2o$6rU8xY9B$Vl5G#N9!lx&!1L z`}FC>N>kW#7L(Cvb8yP(z(XnCP#zx=t8&6n@_a;1H1%vc3p^-fWG_3l4yQ|ti6c*# zY&kS(GAVB%u&Qs6q)LdRFPel4>UMfmt=xH73=P0&oS9SrH+F z(1gzkM+K4q+36xLA3myfAS4_}Iu-#3oSHN&EmAJIWiW+vDj-*Gg+V&Nks_Z9wmT(I zp<$BG2-&Lsa(X`1>-GVwV16>NbsE@1 z;4uV-DBFOPRe5;KMl_X<$N&{%$+i^Ze?F`nOfZVdU@W3ZdOHk*g{u8X+-M42#14FQ zH6J+dD37!mPe&Q7ln|nMgy8|)vo+Lwp*1Nc)o=`O1aQh$yWx!f=&0(ZeYiR=JCWTC8~ zV&2dQy)IV$n8V{TpaI1N1skw+z=SuFCnbz%=!(@gF|&c%#EYn`=0k^08zFaOBj=jR zg6L@!6Xik#fcnUFW;S}b&ap>kX5X+`O4LwAiq@#5v}-qz8?(w}#v=8{e3&Z89<~wQ zkm<45hq~URK7BH&2$6UOV9Sw7;v$(^so;T-h$tLyu%r}d<>YPD(r{q-C>|C{?)VM^ z6hR4~N|6=CvX#9whH|f#M>%XF3Mf&50G04U4OSW`Nt%psr6w$2q846+p+x6Eo!rW% zBG9bNZfYxQ#wC`3&E&kkjwYM&J!A>66^oMMf+CkhDP+kN%XAzMPf?i;q>Fq%+Ku6@ zqM8ZDr_wAjBjwzK;M)R1k5USsL)F}}_=}!7T|^2qYl843ph+quqKaCoE2Zc->~bgv z=5Y#f={=GL3oVdtfRSn9A~gW=2(Ta%)lcXMO<`IF__8y@gc}45>~oTAh`Nyk%8IMF_)C9wjaD(+Ys!RqAU6)BQuJgwF<~??1*=#n&{06UY@Gl`C^%Zg z0x3zQa8+nnqmj%UIW|%ultVJL4PzK5Y%y<}Dtb2(oWzTYzlL?n6pT`k%3g_PMI)h% znRsTF5QjefCuUx+|4OKgusOmfl@_3!o#xX>w8-a^M9Z}Y#@KKxTR}z>D-*iLKv@;& zHWP2k5%lt*E?ABbO|VQ@gawn0WdK3RT?BIngRDvwGqZ#&v&)6Is^WJG*<%&Rgh%{9 z_0^1VF^Eu7SS+avod|1}Qe1%0&n#R;U(i~HYYuu{zG<2OxoMIFQK2tBOflc*61`Hf z3<*(b;dRD|IQ(X7i(2`l45D4mpLVtOwn5+06eROWs&@n05fv40x! zVz88#D0*s>*k17~tB!tE@ur0a%=zaU17TG)M(XvS1;MInjR+t^j^~s2!9;)guof4{ zve8&!E{*g)&7~4wBE5`S^|%4U2F64Bg*>?|juWg(#xjeq7s@xGTS}0a;u)$)FsG__ zEF_o70H{WEfsGf-Dix#M$h-qCW&f!o{jY=-{*|zm(+Z5#subS;O4zEC3RMWBe=YTUK zd)XANiCThB>ON|K07ZVCAt&mcsFfKki6CfASf-Ys*Oz}gkqkePMS3c%`-hFl#v~`R zWItcAUC^=ms!PFG37OT1t+&*2>I>2{p$uAQhv!R{)1cZK>mmFM-N9J4QM32&!O9M%J^< zZL=68qhvEVbUH(10?lN-RR9dRevTpHKOR{KstY7pb<@_;nhB@@-B$%6}`&( zK_JlLcAISumsPZxB4C)vUzEXs>51wcY%2yJf}^5lg^WyUo5imYR3{*#V(NsIL|&4^ z8Z#Ir12)ssqRiiAj_!+uTDc*k{#(mvmP&^xy#d5Zt~|3Pwu^<%Ud94?ztE19AQ zllipeV8B8jJ%d56mE$ZmMV)$W&;QT-b@ z1(M4W3!Q-dG23c^EC}QO&go9&{v&7j-sWJR!s>Gz-K&Y-2a+9ju5IJUH zXa2yQ=pBM zu$s7DT}}zB6%`zwsB2W>%KK2^mxD!C;cAwLS4XRGwXDK9V6qBVM@X2%@=r{FDq-PD z9FYjc2H<<7M)Wz>fYCNQtlE%~i^5A`10eG5)$E5WK|p4NI;z`fGlF%lHL3MRwO$`J zE7xj)RM|fnA~L&HAVn-Ai#9}}I=%+uh4rb`YR!CU8YRu4`Xi%IV;R5J!m*Bc5Ub1O z=>#=Hi6R5kl)yv17p-T96o+VWL;*yG8&AHFgqPD1%raBnXLUn(pSYZ!!TUwIlnqe; zw1PDX{WM}){Yu?1y-xtk9q}4}*io$Xn~JO{<&O3!P$=-tmsuVI5eimIXqY-bO&$7TeS z1vLN|5FATO$xu_`MxBw`y|+3!0x502rBiE78YdEF7-cwLgmpTOEL-kM3YN1qCrM4ib)h% zN2w_p)$A#ZgF!`$LO^Id4apQ9G$NETcD>}AqE!WhN=@kiSoc?60D;G3*~u6X)&1c$ zFIXyZh4nsou{?8Gt7q*n#v#)SL%X`UqcAjUJYIDrfWSr>NDlMVHER7??l=nPL=|CD z4)X=^3LuF*7hY+^fz^t2VsfD>X)eqRE!sortg;Y04-Or-UMd4# zJ$Et;zC8K=#Gi~(STcoF0Zlc1NWcR~_;fOA^uZ0N>^nyA2QP`HjcImyH5ygOP;D!! z8gl4&c2)vtC6+E|3$R$Ka3E68MLi?QCMKDb6AoCJLo_8+<$n_1@OwFiA@?&}(M7G6 z^FLv%U)8N(`?LfT3>I=M!jvfQAf=W{s0cDz{<66zP~=Ah{s>o$5m`V_L~*lBMo7z( zz{egMw3;W{I|J;rT?f*CtZ0LmH7oUfVeVnFAPP(#?zx)lOt6F_P3S06-4<0LqSV<| zDmo>P!#O?wD)+SCcdP~tpn7e^M8&W0?=rn)d@*0A-9lp3H15@-c8 z*fjhI8o(tB2ZeuQg`~V58WwZDgo9Oxt)nZblts{vQZ#^e>0V)OAS`hZ-Zh4e2$K!= zQB~7btr&M?CqSZQGz@;W10`3hYza?T%whO6;#3~N zs%*1FDZvQNWTWRwW^ff)yjr9_j6cF2aQIJ5u`0U#kMbA5Go3aZ zO~)NWc2_`AxdW$)!HDB~{gSX}0*nP+G>AdFL&CAH9pkWsom{;({_U3TRPPa z@o!~~M8-(Zs8I+JFnd!j*JjZ@CbWI9M}rOm864%uo&W*XwDP*VCLQIxw9J^6SF~kH zLE|d*wk0*M!R~=D-C$T>cH2z=N}e&-u{3fX#8d)~2v~xbY3DY?MwsbcSz1)*Et*Td zh((^R^7v$ECZsC6w9t$)Awn}9L90SLY>Fz*pn+*n*056dRqlC)JBA2(5gt$SCebDj z>3kO0-R@)>qdV0*r(0lku)ugpn!gRS3IfaMD{)L7(**r|lk zspZw*VG!gexly9#sX|uRpfFt}3^4Arn6Qf{o(o{dUTi1A`mNX|f6!pmVb>k(n$N`& z+fxE<<0mk8#aC#=JV8PTi@J-dTfTpwvIIWr9-BRSQ|2T!9XzGeReXYjV=-!tEUPP0 z)dQ76U`Y@1;T4~D`LIcLNX_=Yp+~^_KqFQ*hy|4}(m&0Yn?l9wYL*LD_pY?ZA^6Y6qGE$;<1rf7zFW8#rcsaxLmjrgivMnKCfdzw#b=J zJG6ie<*li}AN-^YMh9{g685rU5|2`~Y#q3=%?|W#SQ5$!713Ktbg6+vR(L&v#48S! z^a2hiC2`M|EfmqF^q6m7m4zI#7mwp2fJAHrgthBB9CjdI5K1W!(u;574a)-~CfcS{ zn8pt|&V)D}6A}^&{qzf|9C z^VQ4jy(-fb>sUEFM`u&(uxB9lw5b^QP|EI^)+M4*7RnJvQ#3$HZ?X(mLQycl4k(tN z;(Ou|TUGuw3{Rd^xQO*-WY`d48i{s{12UP;p`E}9Nl6J#_pD#L_Ci?#BzQ;CVO zE#{S!mC`@89Ioh+dyUsvEz$@la(~=piZw5AlvoCKO58HKki(R$68b zKfYVp5U2tSpdi_S=k6)$ZRJgiaEDNO+QpvdHXXfzAI#}>97hq+D-#73b5wj3oh&WpGI(M?j zX=lgwC_WNXxh$(KH(|EgY-~3%m~Z40Rwx1CLIYyQf-!}R_9;Q8xKAJw zRxnzn3CV5Yumy>ob9F3yO|waZ#UjiCP7k2;sMt3;a$#pJT8hqAJA*?3Ks2j! zD@;CJJl_)v_h!Z}YAohOy~R?lJ4ZG)k)DlY2VzmR5V@iBEO(NFo!QMsBzaLpnL}F| zK_s5 zA-qAQ$zU__{doZ~Qj?{Amez^}L*Z9gIofbm@-jZH@+>wxHCyA$p{ojV=DXZRxSK)< zI#WB8%^EGTafE@$ypA)<^(GQGiUq4EN{-{WZi$&GEev{-jY=^XAM)yLSi|z>GMsCG zJb^9LPfo<1S4kghIUe&Ked-5}EfO6Cf4Z9>KYBcyEIgzLWgaQPM9Ij+j`ri&ARwp(TmI;J; zI=U>fp|z|D6^jKFRT*S5TeMcI$!bz_DrCVwm>BZzazQmtuRz$VVth>5*GG*YDOM11 zI;}Dm8h%nPvZp0ev^9vPQq+`132_`E1zs!m$5~kIq*H_ZQX#(`mNeyLKG6k_d~+qi zH_K)G$aeG%8&U8KF}XaV%T*0214sj|5O^Ly39?YDMD{et$|ga0Tam0*?37lX%>bNi zj9*pCvW06rlBF2z5mCv2;dO)9h6Si$VDQif0N{ah9x@~6OWF0C5hR=4%LW)3qNp4h z+k7JGC~vZdHf2@F)6H>wh@2MVD_Qo{Cm!mKnJwsnpI^m-*(5;u`GS&HIpI(wQ;u6M zgmZ-2@?}i(?xHI8ux5nC^VxVW&kRTb0&#M150suuJ`D?*L>97WoS3sz*}|rNqlB5f zeJQM4rqcL9vdVx+Q@J57sGbYWvS2>nQcAYFXt!_*65>b;tC1Z&M`Dh;PWG(MNhxzO>9LdlhcAz-JqCIBXuxJ-eM1Xd-qtKetn$n*c z2c|WUi!dZ6Wrc(WWZYj#2mCkH>*XZ{WB?hTEW_ua618^xZ+_w}3TzxQQ!8F9 z0{V<)U|kAE4fggzg$TSKLI(Ym3&O+39buD%JgXaMi$EM+O?9Rc0w_9RZkNIUnh2LWG9PWD1)gHV*(Hd`byGP*|S@UQoRNSwZ!% zrI^=p2_@w@b@jwc)O1{)>j^qp6d*kTW0??$1OX0U1(X!ZR;meT=Q(bg$rG)Zd9WAC zN!9;?l%giWqrH+q1ezGBRTm@athA8LL^J{Yr?fK?`BsJoS9#L7LWZ9ZPi`%dS7L?d zfO)dJutATke8bdVjvlU98W8chuV$!-MIj$CG^07dsN2g88 znIsGV8>oRul&$K+{x)cYsyXCfO1Yyv5lUfdfvJBAh$_d`vHiiRHK!l1N9lb%1IYenlkv6nm|%glhl zR*6n*6b>)8*yDoM18vH%Qc{AJE+dIf=hq-0g&oB~9EvVxoM{7Ebz$?G79%ERW?>`t ztiD|l+0ukcpq1ep(pJZ^%#om(iSrrO&|H{d)NSd2a?n{8Ut>iGA$3FPT|^rxr{<63 z8n6(r0zw3;VnPKR%=|D`FvZ?tO1jCwVi_qrHXP+~{Ge^vSqLMs`Ut*BC2^lZ^OUZR z)S*@Cj^rKQ&jmNKvt|J#?NbR!47Z;}1(a?L7G5$Ou?|3wm!~bl54BAg2%`ss<0(hh z31$ipMQ41KzKCKg2EM9K{?sZ?Dn@6VHTZEST~4=TM(@lAlVw)K3WE-S%9NM2QE3V~ zxh!g{B~RqKS+pYy9fZ3hN2kia5h>vCT{ExkV!<6`6yTYu6%V3P%@o-pvU&?UO4p)> z!`QzzG9-(J5YN0w#tWdrLRhXONe}{87OyGuo!GZ;O7E^Y1JYA7Qy4RFiC?kAK?v_A z-6k8`q_T<`B1g7Yvuu=xc?rx^#rxctr4SA~Xir{R2e^2p6g%IWDd%u#8RL*85UQ4# zxQrI%07)4H+a?*StZ*V>Vro~NT;dBSg9W9P$h*#n!ywDWg(}Svku%8k@LtDehK(a8=FcgflW zrn-{t;PcwcLpsanE+@LG%>fDuK^+(!DqQ5_Oh{T4i(!wOsWa~86CG73V+hYYV>%)x zS-r7wU*0FC&UvHCMhvX3rh2b%~YmvB~CJ5nYSg}2#m*j|ZBQ~1UftlSe5E|W5V z)oN@}#3Cy@2HEA?FMs>8)Eas0^4x;HD@Hmi!9aYEg#&VxnPTH9OK-j3MM{I*;F{x4W&x722KNeVr>_|9S)pDZ%;|#lQm=Ch>AWmq5 z7fiNtya&$gp_E;O(W7XPPuEB=H-EkSYnZNXWK)Vb%nWy^ZHf^ys){zOsvH*4qs$f2 zMo>U!HkoWh`~Y4F5pinJSVy^|slD2`pq>=)Wqx3hG%gWr%5X>XtkpFm+ z7PC}yqM49&Q2<@;NnQrc_Jbg$!)Aa|RNSMGgK@ld>a(15ygYdVzYMa-WbqOvCKiGM zs@+|kztpUtNtnw-(LA9qJ!@7)gk}KI{o|8F94PgrQk(X-FIBDgJ z)oL>s^lWzrwX*RU9~}xpAm%GR1Ax^&pR(Q~oEeQ&Cw5~pMy7bBMb=cGK1tB!tP)Yy zGkk9(h$OZY_$Jw6TbsrZkctA|avEGQJx8njvsk``u-PF2NE;a3UPEA`9Tq;}~;=a{J|cN$bB zB_|qF4AvB;X=uTgijlo6CD?^3xli9g>8ag&WUA;rg(P}~&uO4Iyh_oK?1HtycB4W( zh_}eD=s~*29%3e%iv3RjB}DznV8ahoFCL@`k^iJJwgj9>lAxq*FMor&DR(!z3EmxR zoi$0<^0*RIYPamE$q~FxT0xDd4e~=SHAJ#H2w_WgC4#z-UQiE!!6vA?=9E7-vlH&P z5ywInlr#~tHduUwm=w;P!VT0zVjY{BZCHtB+#+qil!u$Xq96oV`J22I)VDz1$Zb(B zNu8_mIf5M$5|{$eu#LA|QUcYIcIXwU*y*6Rnsrw8a}KYCR%i4zI_DwsC64ew?S((x%F7yNs~owR(@IK^m}}&l2Iy?LJ~Zx$ky5~3XXp{aX zzEJ*E;;-#-HG%YmI; zwN{5@!`X#4gIO}`unfv=a5!){q}!=8N;<1VCng)+qU3hC9HQ0cGMn8lHWehhy5Ljy z(xvnC!%Y_~qXrJf6#V@6^$TjM?y1ojKZX+azqq%T^Y=?bRkt_%p|UC$pof}u@?s0P)F1c9u{E9ErmY4M#T97)cPa9j(;-_2Jy72YujeF&8?ECZn z<%R)$7Jsg}^UX8k9(m`3xZ-_>gpM1|jEvdwe$N9-+p7Qm{>Veo+k964@*l@9Q z{ea$S152D8N4+-rxq&(JmOk=w&S}eJ-J}Jdr0lx!$ALYb?2u(|)bGzT$IrF=e$h#N zmw{vQmvmlfDQo)eYYlgO+HIYa+~Um+aBM+kQvjnMttI%$%}t1ySQX}w>vxk z(*JP%XJ(kzPMC4z*rDx);uzJ^U0wU^{o(1Daeths@k@&f_gx&(bos$%&64BZ&m8c_ zhSje;6MxX|o?d&V>a_N;nXwyV|7!T?@l|Wr4|w3>n{k~R{Ggfev%SVoQyzG5YnPiJ z9258Jgrs}6O^Nxobl1|_^I|8@tyS;t_GjiddnEgrtxw-H?ZY2(3zM#Yd+d+K$))us zJ$7f~V}~D`HRH2qZ|(p0`NZ+5jeoxHh1N}qdtcZvHTLLdH5?C|6MHv1|6`90&!+zH z>L>XR)&K59vv!}WZ<&1J)Y=E$-4t6UJ+}LN@!a%VmVMUw6GF^`_c=>pFcRdyKT+$J)g6l3;8v^m2Vb|%}6cj*Dhn=(^FeK9nx%H z_xcSD+MOvolsNWS*2xcz7bh<3UH0m2k2kyY^os9_?l|&OQI){&Ua$z58P3 z?KMW-q-*^C#Q3AxC+~Qte*ctHg9gMun73$*^^SELrqmg@zj)D+_D5^39g+D(w}Z*) zD*_#M{Mm9!lkehhsNdQ1!@EzL6HH^zsWrpC%>3<+1z)fGV`3ZI?6|Lv)_-Np0(;XF z{@P{Rp8MeDV(YMFXSX~scHHe3yPX@6<=tWMpTBf|-;2w}{qXhawEX95KBaDc$BtPi zzC8KWBgRJ?JTto4eS1`O3!C0&(MsPfJ$k&;qB*NamMr?Er2mp5!#~{|^aZ|OwP1wr z)&1w+uQ@LNuSV`^D}*=Zr2Tfhf9<;mr=|bg>td}IH6J^m-P0lS_=d%4SyS5&>@sxe z=`X&reY!j=?PSxHN3!eQw>0PBUV)aGXZtjIV&UQ1?RwO6x^KI5Z1J}D`**rOZAHIT z<9$bc&vu-b@XTv#_l?>!DZXzgdBlqMZg?f*P2V3Uy(c?u`>p-y^?zhdZt>WJrXT+O z@g09mirt$u{hJtZ=EO@yCq7u);^_wch8;NjakJY#%s%j`%KMZ(&?ULwzO>A*KRWi) z;u+`GcF*iOw8alQKivH1!TEXasr|$|)cL2|ADy$ov+vBVO&iB<^FMTtRIk^%MkU8r z9W5Fkxcj8W@B-caW1_}bV- zyJE&aeCy;Ew_lh)%l`QD^EWSU5_|HypYI4Z``U7%zhi3Oxb=q zrDW{1r#JL(J5rVQ{41TF=o7lw@hQ)xUHP}&^yJ)ukKc8?$kzPjUpoHQv0lR)XTLDv zy|RScAMdsFwh<~zbKSkKZuJ|E{Nf$2xo>Ck15@m0@3*Q}-uvF_W-V?!{bPf_Yi}B{YvStp<6m9%mHO~6mPhk;Z7}M)ebW7o z&2?AJ-m(3|t#{P;WmL`ioqBt3&W~@r|HeB%S^lKsz^3t^-g46y{g-!n_Lu25HTCc9 zkaywO=G*Fiy52m{wdj}CyT<0XnqAz$Wj;K@aQm`tg`?EAFoOM8eGXd~c^3I-hQF zq|7mT*|XZEJJa0_7k@bQg?mm7X!*r22Oi%PxLx1oz4p^SAKCf&?yi-|>EHRAHfnQE z>$35)4@~L*;0=!kyYwdq_@NH+-mX!_-wpu!9UD4rS{;kcmi+^h0v)0b0XNzY2 zIDN#yFXtCd-LH*Rk6rV^^jk9~ExrDU5nt`kn-crug_*;5ZtL*Zyhcl3csPEa>-gY1 z_kTU+`JZR^Uv%;DhBx1EPp=bm8`plLowvX6q@m9Kn~%9Of4}J5@z#bHmz_;mbNcwN zmXue&c=!9JT@PLV)1A$?fByJ8rytxfrsMUm9a z%^L?_=`iSn8?)QJ*CnO)#K->Fwm$QrvE7dUs{i2C12qqsc4Q~s7n;{_rL{onHFNHi z=C^MCyyonV=9LdF8gcTQ`|Zp za%0tthsNI0Qx$jjSG_(yIB%#obUgi&9q*X>_`8m~?cq9w?|r*Z+dZ#9^Ua+om{_x%2nfm=hmKpnw+_o&|V&1PgW10x5GalUhlJ4E7 zRlA>mBtvu4_LE;uzNdJ_E z{Bn+J*~vNck3X>H&7t?HpPW8u&6+GjLif8`zx$bKOUB+B?QiXU>X-L!wr^{;{M}2V z4mA6_Mq0y7!xKI~Ik7bTSljcjOp05*zsbm7yIlPG=XFCiO*J@Q9#nh9E3tEm$Iey7 zH26C1?wuXAlh)f>zql}|U6(+|uOAI`)1u$yY`LJs5f)nR6-rj%w(*<{$if7zC?(R;5h8#{k@=2Z6 z3l1##eU$pHF`GM`6g7_?pZ)qhGiEHiw0Bpp-x{qR)v)lDcZWNI{;>@neWS;r#=oWo zk90p0_ssK`R(2`t8dzLZvTwLrsqF--uY0QwjCFz zKD}tit?K!@H=AwwEWhriLx+b++egoO$<%w|b?-PlhkH+dB-uB1eai!ncmAsXb&uR) zoV&pI*XI2PtkZugUDM;8?>^Wue{-QD-j1xK%Y`+OVw<_$A%XnIR>mz6u8nli21#76h@XmswQzw7@w_{_*Po__b{ z|IpSQy#2ME{>fV(=)3mB%Qt6fP4E15d+(exvG4q*^QFXZe8?Wt_^sVXx;NU>s$=iu z*9V(_e}F}gmVwfSStn@zgjdeg~+J6?F=vvV!a4DYh~=J$sTT-estt+@7#+U>s2 zdTLdNA1{bMtHwR~X`rJj)Y;g&)pyh9&0Ai$KH1u$a88qH*Ued7P;xkV*PUITKGduE zO{&!&e&6u3DN|Fg`z~E|(AvBA)CI$C=vG+k&u>>Z%Xz=QsmI0|D+?FaYtZce=lA{I zcJc=~1DmZmIP+MRc<8lx7p+sDUj4~Y`!CnOu_d#cFYnXEDXZJoTKfBUTgLA=*u?I5 z!}|K1Cdm)Z{bIv~n_Hz=^AGO-^-L>O;jkwruQ^kvj`du>9=ESbJzz9noc3aa{ViGt>D zSL@+mC-;nnhl`f9?%sChde0*_4}PrMSI^bow&sLtR?CbzrT08Pd(^>RZ&o$^rufC@^Rte&`+R+@BmMJF%^&v}<{G;6qPYL-Lt8GWH+GxQ%+TwZ4{v#P zy}9lWtxs)R*=FUqenr!3Y^kmKY0~oKN9Vp?=Z7&ZKOSHD_Po-GA5QCEv(es#!?wJW zedypA-{ecydBx;9Xj*wJ#WQ!KDS-hXv^Lq)8acHth>FnFJr_VU2WZR zT;8|;ST%a^kNb`W_RrdNyMOdsb^n@Jr`_(O_Z+GF!mBslb%!CaCHTP0EgPoQY1_Wu zAK%wK^?KSbV?OFtn$m2dCI4n;SwH(-CU?z+32=7Sjob9pH>)lzRIPli>5X+C(wt8I z>iL^*d9>x6ohLVlJqsSVE>QHy6Fm>UJa+pdNh8E38y?=@>8p*y-rL%4Y@l=AguezQ zts%7i@I=*{;;lloL+uPj# z=D?2`u<%xb6Kh*l@n?>$b*$mzO@^eQotCtLv{n)Y!M$YmuI5o_k^Jpx2*t=8Sx6^`N!KJ%JJTt}I=4=qal% zKK}SeU7y%=_=egqr@Yedqo6!;~pIwyFz%Z{b$o}U*5c* zf9J5-Coy|?!Msnz7ybQj+H;7Dd%@`K`SGr9{?Ki$y8bgs$l9X*!3SGIWklUr*H z{%Op(b?r-goZ2<9@TV=w9Xs`I)oIv0wvjI;b!-^gb~N+(es{jL;P-wVzn%7SC+8QQ z?&E(xy70)UCW9|ria*=`*H%RrN+$GOI_BO_Z`426?9CRt_x@;q{IM-{dfqX<&XO-a zdi`saK3?7G`=_pJCDwfR`?3ycS;yABvG$KiH+*(r!J|FadHQ{H?}h#&zHN7F*MhnI zT2HJ0V~+iz|GtMCpBb1ovBgu@Tkl?6cHNmVYZr{!o!0NIJ6A0{eyH{x=T_deOE=iF z(74Kf*YsC=oO`L1| zB4tv8xy^qFo=snT@3&ieCl>eVFx$9m(%IbfSxa8})YLTo{^niIeiq0TTMcbrmi0vI z^{>BF=RVcBOLu+h7__Y0w=1?ja(ctB!PTbjjjn6bJCJ<0{ob<|em(llrZmmpA2)H_ zvhMWGckb`?N`o((=$n*1^P=bQ>%o=Jd|&h7;|qUWJ8a-Xwf9@|j_ufbS7NOiH@+^ihvZ zYZ7;<^OI`rkg_*c#6I`N>W91Jf7tT=r)I|Ve8!&;cj078EpJQf$By3@<<{RHd%niQ zySh!kd&~_Nla7zrr4DIlJyKHI?Tz319UE}>nqKE`oUzHZdsxPv8sE;p`-LZj4;`sP zzr26y)Zs5Y=GgbxkMm~j9I!n9vHeoqLqd;TH?E#{%c$PdethV_PoJD_v}i=VH-m4i zAKdTy{GY~7{q(lF{TBV2w9U2fk5`ty_tKW{X5}4N`E;wIt#7s3=TFUPy5YwMRMX#F z|JV(W-n^y3U#W(NSC1aGXWF=hx??{)T~>1Ro71IF*ZV&JAwb^0-k0%dnEy}M|295R zzs@$N>*~Ueg^In}7yo1~5_U-p9Dng!_KojcJ&*ZD<2>Me_w>XN5NQ@i{{}j!+FabY z@pynMXi7!B6xPB9-}Gw7-lY2{$#=P&j(w@}Jzohnu?GUxS<#rR=GwQp2^xkZH}gR-O7GwGQAT4j8)Y9MNCfV8GLsC0h3dG# z|2(hic*tmSog4xE<)m$>VXmwLImW{hkR|=}mWx;XSdE6Wo`*^)8U3RS^){SO2h}oru&Q~}*(EBn2a#CBW04K5g ziPQ^kou*ONCl&FzR@Uz(=b;4+#qS+;xJqKI1tN0x8eLULc`>d!IcEn>;%^kdv4FuT zlkw%!Z;*9YAh!(SdwGRVXd#0-wyzm|3@o2-%IdZ{Kns9#4RC437+5RHg^b|~yxOyV zc5Bxq{k`ctF2~Cze>g;JI>khNIKNLb{j}*x8s|F%LH#Pb36*a~A;hc7ydum0m+%-Y z+JJv5bYyZukLx{s&x6L`Sl(@SE&MT99Rz?#mU|+AV+cFMu(u?tBs)J>*oz59$GY?2 z&Xm)rzi96ZS7I8inRkI-J*coWpuykhDI7_j<;?hML8Q6?6nQH6jb?_kQh&P@n}Y+i zg`O1#m%G|{kcU3}_%I*-ejh9>5aFMh`U81}BPQ*|{l13hs^VbbAsH|3S&mp5qFp5A zRWYMkC;oSD8@4+fLu)PI_s8Hy!A5p7Z6KGG>(nr{W)D*YIY@nxuG4)*`J##O85K|$ znp$8Fu-y3HhG*W?+*yAM5GSnnJHQ}TWjcGl|fRbK;la(a+oU2{YNEmxb2Y`(69bBhI!Km5@l(7|(6 zPKbHG!U2PX_1>S-n;}geo@w8~;j7R(=dnU$Oq@pQ%^W)8%4-|kJ1&KcCHMGhf+c?| zb()EOxRG_#CToD%M0zcR7Fd<4xf_tKTSqGO$dD*^PP`c5(NYCPbhr4P@7p5ARljDB zOKLhn19p-Z{^fgClPYv<;xmMc{fT^GxGOH(-ap{YT!VNK`MRd1EeM6r#Tl#XPK;{4 z5b@lKs9WjXy{E!CM`dHIK2vA1dwbU{7;z=$b~ckCDsftx<7#ixcKkuXzf)Q{l6elz z2jhUL44h2G*EUa;%Yxg;MTHjiNnRddnKclA#(iFAt5dKhQcxu+R_1QbL33OYeSVc4 ze@)xnkMG9&3M{K9KkSz?c>mFfTe}u!U~+KDkxseS2th%Q?a*&8-Ahf8@+uNQfs`8` zZbe+cyrxdYDb5atw<}Pjr&R*a-;$j@0@pW4#a1q!!2)~}>Rk>VN|wJ*9P-A?$H{I7(E${bhB0V9@Rh-QYE*&dn7_Iaw?0AyQnjvtFS1Y zT7ss3rDu;(5z{&eieR7(y64IKu)Cbd;=y;mWV9Na4~CmCds03SH)8_k=W`ODsY+8okyj7%2q~ z3B#}EFSo~|jT^z|ylGhy z7q*?-|EX<6%10|V07D{zE?dPP7R$Q7a_oK{lJ_9Ffs-lpWL9kA<gb~X~{C#Pm zs4P-!cVtoWE3wR3>iH*JX2^%_2O2Yql^=@N?hU1V|0=0-STfYmx5Za6kWhmkEZDp& z9=g=6n5*#IgN0@5O}+iVQQlw4?q7qAjfp%`tg15hGQ7=vDME&U|K+nxfsG}XM`IcFt)h(i>B~Kimjy4UFyLhk{ z(X>^*&@Fp+Xf^Y8BZX0EUv?3W1nb#dldo$N*#Wn#-oTT8T0keUrYJc!bp?2h$G&ul zZijdP!5nq%E};hR%m8(byQjFzG%N)dLwM{I#i|T8Tz!-TWu%Z47!`=E#}nr@=3UK( zD)yh8`C7IT9+C(L#kfYjRNJ=&d8`^e-1us&M{?=uElQlo*AW!*7s}=kHAuZN&DA~B zkz0;!iASER0yymPb1!4q?WlO>7WO8KK7OurQm6R{3cpE0Ez4Lv;4a$GfCb!AGLPOL z2Qej>I>DS;t=qYYG1dbA91msg_I^QrMi~ z%KwaQ7^gU?-A5KF04&wK@6f`Ise#1?KQ7eoWmEaIglH@m=GD-S3NaQ78%kBIW9Ko| zm{0hzcji0Me7ng(Y;lc!y9m#G0^>T@AB6?t*#Ib*rIV}^+X9a*9mt%U?I4#*xM;Vm z{nujD8=r3Do!U+#=6hlsBT8TzA>q8fM>Q?$nEmKS)TlH8Q3u0+i=5DBz9&6jS1DSZ z!cWd-UlZPbP7my{Io@zCyvbBLH|cT6kRU}om^r19WQ!m zygXWdi}wTJ{L<$(`92(wz~PbMyDc z0b+|#oq1RHJWq4nMO`%?0p(aVb;>qyeGHwnCGx7+gVTrYy=4k8JE=I{f|>kM2l0CH zh^I*_HQ(yf5Z6HCCGvEvd}NO0HN}jP-(ufT^mhy8UZko{Eh0%Kkz~hq$$C<~W$NsT zp=DTBM0?%(-wI`PFz$rR=|ViW=@l#Ht`fwI$x6x80xnr=vFyO|3~iW%LmCr`19sYZ zH%oI`-=$080&(F;Zi_fijheI1#kZ|68dBXXtx0o+2eSbdX4Z8MU*agLvfrz<1ye!$Q6=egzp#{SrF%Nok`$F;ciX#a4RWQ>~HQw^F_6K zHzLDHD20!`V#ULl52HtUL;^`qc|>mrML|Le)yE@|W_(BJyw znrVVXRQ9(7=FFTL2Q|W9{P#z_qTHmJBxIk=d@ztcaJWvFWC0fP7D&Z)C3 zL2@TRU`U?22OpjIIG6#H!D$?SnHF|Brh@MU<4;R*cFOv+$@?_tHuyXUeb!-XX>&m- zjKK|VGK5KKCn@zY6AisoTGtAKJTX+OtIsuXgbv;-$Rervb4rwFD8|?~i0L4U$DYY( zz5;S@g)~S~t56>ZupCl~Iq;P15wi)ww@?4{Sxcjgy%{q?GuczIa)-!R|(W%xbFWRy4>Du@UZEm8SIo|+g5g$tPbm0Z~w$wRS zRCKY5^81(2O-Dy@1N{pA{S`;d6p#1$*X9aPJyIJGcj2+A9)mt z4U&U4WB({fWVu^+CQMhvRiOuE)U|c6fLFbEtf94x)_dZK?_}B z!?rZR*prs|HPid{Pfx?W+72HiCHwNUE(V%AG~13{_p&9g^f0V~>PE*K?d)1&57uxv&J zv0j^>$!=57&|rCQ;xUu03?IsTX`3CR1bCxNE(1$4I%sbxX`8$~$pQl{XTPLgdqw9v zRnF{poZ{em9@AyqxwOB()?YHdAPvuBLVCZegM{v(%vZLiO@~{d?gh#(wn1Rfw%0-4 zg_W~Xz$5?&->CJk8U>+gmIW_pm*X*k;a*p5NMiO*zC1uc?I3W?lr#}&vE-xW=I5x%)%IEz?}%Asf0aT*8S z3lU1cz<6}RTUZM!mCt}lLrSk>ohvIkY&iw?L~01@^W?61na;GhKQcG?V)&7d`Af-W z=TaUu<0@P7*t1EwDKHlwFn9`&mN4cp=c2A5_hM0d#ouSK_h zY+ncMC8JdG^&fmdG;qYA6>?6NE7P#7#k*> z__l>Ew@qtN2DctIBkdbj*?-b+MF^b{GE(EnoxR4V1zd+6H0j$E1fgUVv)&fLr|IMoai;kEOLNe#sf5LEv`>nzI&}BwTzBSM0jor3;09tHD7CeS&)#A{(33J>I0HY z&>b-fnMmoT#Kq7Hx_|q#A>NesF|u{310bG5J9XRyN})u_)w+ZFu9l4Z!J?W@0uH&s%71E4+)`l-75H z#nxg7;9B7T-XcSIVuw0=eY&J?T*&4UdZZ-^r7MHoV@I)!=jUEn+L3mEk~O`u)! z4h(-pMf(RK7hN4sxP1l=#Fu`S)Ea9+X-A*6-6l&bP7Q0Lp=B_W&pK}0RAt=}IUPK^ zGi36#h~P(*-$>!BVoneGmtXPF_itO})+v@A)-ioO&o%>*GPQ5JV@)YYcmUy&?B}|I zKN+I#J;*YpzdP>GihoL;X`-UhSw4HV&=ol#%U7|i>(-riPa~!PLQ6r7iT-B$MSbDO z6rdccfYGU_=7S01`+%4x?%fs4lo0>BckOo_N`io((3V@)=fn8JG1}Gp zg{t`LTy&1>^Xd#n;?f$RY~B@>EMd=$m$Zqj59&oTx;;@bX*F;@1r3{#^-mmb$lKJ< zeb#u3f*QOg2$fXG8Z7esy8-)7@B1?;*H?$$xni6w*;zHYAU2>DsJy`DPa6c!t5cuY?X)*9iv3lCm=qhx=sUK;T6=P4+LE2LB$8eWZ{VyTSM6)&<* z`-4L6P9 zZ@s*KD-^<`Nj`CU;vRXLuv=+gt$gvlh{Vi8qa}Zz`^K%UdUgD8hDqHh)=;|=S8&AJ z+ADmagI4Vfc6ai8u$Q&f;qiq7ViQ$DWb>DH<3qx`Wn3Y9G!JA5;>oXq+dylU!YW~9 z-{Re^Rf3~5rHU@%5ot;>u_HwJC@y^FguC&jJkt&+SQr8sfExOmWnz`NU6Lf~6K!n*Y| z2Qz1GGOe>wPJ(NY$`cB{UxJGOKtA5jY*B5nSCE`Rw(+6GR&l!)oFXMQ2vFZgRw5=D zJlE*h@@n#pO4H9K81>YpSD4=3?nQRm<8>TY;oCo;1)?Sp!JtJDT1r2 z^QVp{oMQIi>*DYA9$?mHN1R>C^8(p}o!oL9T-vb7jMx<0wrX8HQ(_CzPw!mA|in$`Qv0U8vp zLhIO^X}dgu&pk1sKXe%1~gZ@ zhagg8^WNFl>L2F1cEw|3r6GRw2jBA+&jKMgHndAJO0CZfqMzQX+ofDPi4j~%cX88`Iddu=k;BUaja*r3%_1dM1JGYbETr1UsB$V zF4THzP@aDJA_P{azMctl>{2oz)qilni`yo}x%i%(z6Jhw3Nd?U!F=ZY`2~>tttH%8 zh!_xEV(r-*t|^HQK0lSRR&amVnfsK!PsDvYK@S0sJblh*)6qF53Q{DkkknKLLIeDJ z=Ex6NFDRvmPK2*m4bvuJe7PNC8)?7x*=*Q^Ew5c?Zzpj*7WjiD9=;24$jR-8{Vtgv zhfH1q=pJti8xtA#Rl1yp4r2K^KRx#_cz*kTn%!+RgN?3<-=0TD9e#ZaPy&{4bF}~Z z&Lc?mDNkJm#LWJ0<{k%6-szrSyx^9O^`qcXNM4;>1NiR35^wy6W$*w;UA?Hpsv6CS z$(0&Nn$e5rz@IlaUj5|Vs>l`V%Y)gl|2mIpcO-KaJr`q9G18NbhhDW`w&=1Vb7QYHzF&z( zmrUbDRU_x~5Min$sIe4+1!BDdo5(0h+mnIrbJUfAr%>{vZstWw;MZ^JChmUG$MP(k zz!wu;d+iTNEv*H)HWo#;1|Xgiefn4w{zK=#d_~jCzl9U-2By?>+X3NA({6e@PdM1k z%Z*er>B3^p7y{WgDwG^}zxr1HQ!plB_oEUL_C>Qxo-Q*3Dsx?q`vbwsAi*HqlZnl% za1#K3JD+C7U>t!#h~t@|Jx`0I-vA<{(5?1r=a@OUDj>RiB!S14=z$-c*Wh5Z1=JSmercrCsn0s-$TH$MC>Bb(^H%1BwOk zPI;11<QmyV$y@;wJa7OqdKozym0vJz{%sBAkq*^)3#IJPu`1 zgd!F0zv_gUf)j)Ov)O|zLdw(Mhqgg3`|*gY?4mLnf{>_fcs3iR=*w=69?tJL2C##A zZ>Q*R@wpYLw)3uaYjUId^MeSV|1(89Q3&|NM24vbUGSc04~#|WrgPPhs`F6fsSTYl za`B)DiCKxB6QB{j28Ub)5?17&Cc}YtouFlyTfNjJS5moTsHDBp6&>Wo+#I^%1cM}o zO$nou)TvhTpcEa4k{P_Hh8F0!R$kt*K{F0)072WR)0Ray(t;KFup3>dxrcinRa6Vg z$w@xuW6Yn1nXnu}bhx+Gbnj>l%M;&pHjvtPlI!bDj2#__%}5HBm>>ND;I}13{&U(L zs)-??AQvq@CiRQ9XXJAnijpI4LSbnOXqY?!D0G033%SrAD&Kf6;I(k25mCdb_8@lS zHvo}2fyGI=F!w<6rfFmQNBm+n0O|m?Ng|jh^i!HF{Mt2nYvREAQsLOr2Ot<>f$h=? zU{#dCGOMnx$zeM|NYe>_F-TpOlf2b z0A}jAescKIdn9&2=M3@%sXj4(nJs1GW9BggY3N@#T{$n!a4cE&?1j)*S+SS4yEXxt z=NUSy64bAr8B35zNYBJcEbR9Z+86@cqa!Mjtv3Gt(>qDcvD}LiA{&N>Mx7c^9TmdZ zn$;okpf-EODW|?cNz$S;a%}oS==O)F=&1@wMUk3>2Z!BS-s?Z-qc(UAlJo4VDTs>& zFJGI@*tbZmLZU|4tTDa5z))JPH*{{~+x#kS=&9Uc-n6YArkFhU@@+agL)Bz7sN?mr zyU{Zz9GKk-kAAVCkNYHr+luVnZTI3_5f!#n}654M2C_m8jsYG%uf1hoNQZcHZc6EM~{A{b^?S| z^yNPYTRR)jYFx2vEixdx2JIWrqQCqU2*Pv2Mme(9O_D{4rq3cb$WEb~tfPptzw5u@7TA5=7OsnzgXzkt}Ae7$(?}njqB9=vAuZ7>NLc3ygw8beO zMTON6=7BQ%snl75t5lY5xIop8Qk{@Dmof}&(YA~q_{U4wk*JB`def=kjaJWC^WDxh~aq9rmj{x$qm@7(-l(&roUaJ&bO2hRQ;DiW{ z=7=KEgdL^_=Rq2u@0nDo2PInADey*!2_ZJH+`p8$x7n**3y{KPAoRrTY^sUmzaP@QWyVIKmH|K#>)g^%1XGPgrlc4e1aC!bLoQn`|oD_w8bv-YH|J+D} zKt1}R1-(4f=&1_*+C7XyVs&CIv`Ny@bLCYl=J}q{^h&>?S?`PfvDm(l>e;S@ASx(A z~DAo?6Pa4XR{;1?lXY`NT{%IIRE2&89)+_Pk(XqKQ>@`EZG%_ zHZ9oI9qn@c@7P4VNZoq(N;|)!UoTMU$XvUYT(Nj}Nw>S&!=ysp07ax|FN82)THU*k8Tjpm#ydJ?oAP?&JLj8;;-xjPJ!cvfC}VC65&Er*Xg^vsY}#z( zn;2a}kml3Vq8PY@2{9&9SzN6%wI_VNAKOAK7`CtrbCC1X<*J_f@A&w0CZIRA_gKn- zL`Caj%6$vV!32@Uqoov@wF1S+IKw0`j)AE<`^Q*iE7w$q?Lj{hN>=tNizA;}4wL@k{Sx4{f#a-aBOG7&9i z=W2cD0$c^nObZt`TEX?cX8GnPppkZxWKP)GaPEyEz51OfR;%Xh3gQc;1Q6ZMh(xv1 z-m9{?TOeZ=%}6*l{$^MoFN#V8yV<{Dsfbs5Xj4X4xk8@Df~mT=$1Xk08elk!cdf?5 zX+q{g+w$-lAn`XfkJK!^k7IZ4Qs@CZ<)wtd(#&uTOLke?hwYuj5mba8H!`t*zRYuY+VVRcn3+6kF-qfoR&BkiF?U3%ntCa}%e9jp9t zU&{Z-f!0nuhWs;00hAdV|C6?Tf$+sNPC%=9qN}(u>B*>?uL4)!zuyL4dovLnC!x*i&@>xxfE{f#j4J{e$Sv~fpyx-?oGQb;Ql3aqx68uu|vn#a*NnM8%? zxm2~?ePs&g1A>!mTJab$Ya;cW3n~nC0W$_Wubr#r3s*jvxxQhZ#Wn~RkUhg&X(^jt z;!;(Bh{yEhDH~0rUQ^Ui+$2?aIj0|3sEZpC9PL_iZ^L>%((hK6<}T%6#6a5V6FeKC z{Swemx8DFZpuMHw2&IYthb2bUeg|)e&5LdPx_STp4l3-4mgyG(_8PJ64-qgclzp?# zfJ%zpwIzTg3~iE19`=WH=rnjX@}SXM6nHRklAABSf0@W1HxJkCH8_0Y4dtv#!Z_d< zE;;Aj&d?NVAU5_Pjo}#%U0N--;A-&3Idp8@htP`~FQ86P6)yLAeU#-K)I|!{FIrI| z132bLBnif#zFg1B2%=~n;bH52?Mg{t54~3b&Uz;DRH2Cq# zN@S*pnPP@LFPgEHFJDNs2!P1~` z4rn0>Pf=5y-)zSZ@F4&0klG{uQ=Nz4B3eTEFc;K9urTaJxGSYd{QdE>P@>-uQq^*; z*|YK+1}sEsGq7Yf-Kx3om<@`|yBc(dR<{qZdLxE=<6uMaANW{E#$iD}q?zJC$%!^n z9j?1fewe*t+z>GXOmB?2auA=h)k_8Fvp34L-i5+UZWXqshtY$$6R#s+Cfy{x)+lzV z=nycf#1npV^IBzX7t?d1Zrh@xe-0mXPca>|V@Jo_4`UjWya+TzCq2asV~d5k)C7-y z;?FH+luuGYe$MkSgixSf%7S>sy|Ch+hCpoxgSqPVa%T+>@jqK9hi7IwczFhj;hgz~ ze0F3;vsY8dNo%pfCTAME@h>D0=DK)JmUO?;{9&AFrdrwVvia~CKe#%9m!5qu<7~5S zPqWPwkcu94&}&-s`5>XXjVfM;<5QEVevUk-^{$rGsv`INSw;uK%iEqHbW^Lfd)|>R z!OEbJdT|Ae5=GI(o@7W1%L-~KAwqy;9{2M=5V{-~p%xt=~7);UiQ5}DiE~%MzHoXAc7+Ds33OGmUe_QqyN(R zYn1(Io5792>ZsSV1w`#$$4;l2(n5-@+}TkkMD|WI+zgY$MhPAi( z90{|C0$3D(?F2&#S0h@(f{kz0_a5&la7A+}AtezLjjNN%v?s#6eok?J$obB)Xqben z76U;k4bJP0Z^mpj%qEy!fd^h$=@l)&#!D7|Z603GjPm~M$WfEdON{UkK+n77ZUL^O zN%GqxRks)DA73r|vGY=gs!Yq)=p2OFW|D?tb5-8b$6PBVXD$4u;#VD40= z)a>2DL`h#yQNYGUmX1Qu;f-dD+-Y-%G#mM>Z+$cvE%R?b7R~L1qgw1dn}*+-lPn6>Hbe zwv~x#?)gFP&Y?0>#c0oD$cp<#i~>Xc{x#33cm9h8JMY74_yaF&ftMp8R|ERI(aD>0 zW?`vmi5E3#G4~9a5yL`7u6sMd{j(=(DUqMhSV{NXV9SeMH)0153POAHz#nD)Y&-7d z0$O|RpR6wHuq0L(n0Ysu;T%9hBgP-u)cGl^zz+;8a)IHvj;jYJXZyM4ft1+a+J*{a zU=ngMk@==kNDPqpAEq~OL(XoPn>>tL{b{jw$`7}YDmJfslQZ8_Us~GnE}h|aw}@Jv zNakbi+GQmJpnE#vz|Fm+60HqVQNF~EIUAu{t(cJ^zdb_>A|NP4jtP^^Vg|E`~&l^8;#d} zzB%P;1-d0t@~(|J8sKF)8V}xw5_RA{E+hfPJKOqE3(J6Kw~}VQ`);4dPFuv_ybutU zjgi3`w{!O=io9$^{d`W|BGl>j<*!KiQII~KVvSpOMr4u@U+zIeo*zAyM?I%p0in48 z{+oCbJxX?|T0Iu)ptSnhL&O&Tr!5&28YV?Pnh5%4#w*-D{nmljL8_eyeMEP`f|#D) zb`6WZRA!Wo^pysOKwPs)|8mwBTXqbzBbt>eDTRiBp4I@9A+CC(E315C7$|nLT#^{I zS#bxL*jmOlnNLuBJMNFo4lIkC+H4jJbCO`{~bUAVjG_iSv?O3Q&nmQwcSA+~E zsd?q0H^F_<6IO#4hOpvN*7#q`#2M?0cE)5eI*+u77um9n*}S7FR>3PrSlUwUPFlKG3i3bxo{o_2Laj!&mgWW+9>g9r%3!$9jS0{JD`4e~a}&(^*oul%VQ3GVUPgVyiiXJO$eP)k|k#~$pc{}-xEqc?zL=W8I!ViEK%bH zR7~&46M>|kRsCXCEqV1n-EW7V^N!2s;lJWRo&UF7SS|nB%Y`}0MVFN)(N?Sq5wAb- z;|N@nOYT%!EW+u_0%Qe?&Sj9YW=yLca8M61jfRkv8=ux-xG(Ci)m@gh5OO7t{vn-G z59kFaxM|Jvsf=cn9z`s=jrH+lIQW&{N6}j#cD&5Qe%_>|~tX6B1!}Z2z z885md2YgMP_+Ubc+BBqu^#n9nc&^T+MkiA6$o~s|&zav2#P`OUUv**+bs<>&)!~uK z0a;K5?W6g;X4$HLNFKME#6t9|NgX#xEl%+IpwPDG-Zh3-lw6+4_2?AI1C@`a+rYK$ z|LfZY%lr3PEttOuQ z4WLLlHt_zOrZOCMJKv12V@26!DI{kV zYe_nv;ZL6u6juazE=<;&=du1&o}GCJ0=s{T{x#Ah^$K;Ac%fz%?21b%u*`wDGX)Z1 zQ#dvhmr~Ub0zPkC4C+XXtDUj$(?9=^zs@Zs?bZirwv(y$&5;n$e6$o!`>is{0wNdG zsz}4t>7Z6sUg>`|&5`-Nhi87!)#S{qL|GbjV#mQ|x5m(#C`j-1WK~!++(M+8)n$x| z+6toFAbSaH*=oj*;0--OfK-}K)gz^Z&yqCFHh!@#`YYBy|9Q+yn)C9IvNfq-GuAJ1 zA{CFrNo!WUS;T*vp^|}TE0kpIzHJG{WS9J+#-P5aB9=A#m3}Ky94(;QeLXCEk^}(I z;55pup6YOo1Usxz*7N%abgcU!6DekYGAu)k%+ENpcJ9mQRxL9i0?#)$e1a!G7MJLt z;NsN+Yt0)DCp)P=m7aj&WfD|oB7$|){MbzJrX7WhZ0_QM_5W)oGIv@FvDjfS>W>j7X7@M}sb9N6cZC|k1~)8S%rdz+zR zje4R4BUu!7%^Ts{=|jhA&ryIc0WOSJ#o@a0 zQ_)ezPo2}+2>pIH#|mICVQi2k%2B1UcPB-s9EG zxG(Q(nBg;@HR;7UNee&RTG1A)UWuI5npG3EN}YS0T5dY@_bgna9W7&;sf3o>Hs+7<^kivN)?$wlD zX{JleZheh9r2;iHBHF|?mX@c(CIl1Uy9{nj-8Q!VkiMGg+^>uxQFJhUe$(*d z5tUxnf5vdPTRge!2~~z)JzRjCM)&*+K$kSIC`Pv3L}xpOJ7lCK47FAt?|$H%4!$4T zA8fGK$T>AXxBcM^lO9A);oEDcRZXgN7pydJ7*kgWgajj|Lspaqn!7DmXMini-Uh{DP(#&WK&w z%XdlCm#ePkii*lNwuV=po?R$MzL7=iSTZ`E^kOUu^#m2Te@5=^dZ_8HM_ORcQjkU1 z1ZUQO72_T?43z|+=TFSU-V9UF1_VMMS@{wp#E6Gb6GJOo?a&Ia7_OLomFNlyAn{P- z)jDy8;vGGNh!en3w0msF;)QefQ2(9OO$Bg0Y7zWg^XO1@=zyXWMQ>5B5*jC*({}DV z)Y;b~=ATb_X1|r1;)g*#?sLd7O$#o*a3@TyE4xVHUj$6`U!H$3Iv~zon>FI_;jcon zXtz8OL*a?XRhAmvS$sa*pP@MDQD>e$QnjVdw&2?@xYNYG5flxE;@KdG8>D=5-Lvn! z>55>5xcI2CIr zci6he@@7-Q{B&21WbXB6av}Vy!dMaB^x07ukHpnkY4g#lOJf|);?pePsS1?LC-ohV zbfNY(z1og_vygvd{77${C`%8UTHJ4JDaV*AvmI;5p_bu>9fijK#m*>W?;QrYcEYoP zzH3BWeLz1`G1IBGO?Whef$dsxo8}Pp+nXJozk#K&C6-x^FIP$*GYTLCGnueQ4%?z&kfE>R-{mj-hbQc1NH8hl_tV{`dyq>v|lf-Jb(01+o$a$ie{;SsjsW^_P%neriYXz<7H_!|T zNZ5%Rpg0tAY1|ipNVk^UJebUY`^alwy7`6NB5k;13gR|>rDg%K8jIvBB^PxIipi0T zPX9#&?uIt8GjEVKgeov6Hqu?4H@AO(dx$YeU=Bfbbp&2nKcj!{_{q9Id9x5i9q^et z7EryWjmJ*aXWdItjNJ)MunY_eKA(G-dZ6Z30MI`#nz3xD0k363aF0mo-X_w22{WD# zi!z*bv7UHgh4O?#8Zp;IBwkyd4%wn8lbq%gX;_9;{psY8bP6VY-q(BlY4RD8arE0u zxVS<_?WB~kiQ)}|Pld^CjG+bAYEb#;`EoTNnOr2KYtiwB)irZ|Zzr-V-~zPan>$03 zQ7u4GepJFbLb9DUD(GpG?}u%ZXy%JMaY)-s@A)@ z*?<&7?nm28$YNud0+~ub^z@syWbSS-Sbk8NSy9~7bkOkCj9H!!lOnjJb*I;^+G|7c zU%gRn5>&HKtMz}N;8OYy=E}D}bUw-3hRVR@r!fT7(Jo)Qc0^8vXCl=^BN02TjMz-( zO83~j*G)*iJK>uNroEbB{d3&}k8uWn<97?zKJ1~-L1L6D!qnq3WXhF*9RWi)r-AE( zO9>IE`qzP^17qTYQne#~%HZWB(7;-H{Ua1}h7FO%2U+O zPFhkzB@nn(vA~k74Nl$NL!*N-d~NMUWOQ(7+ZGn^O!(mR-YktTboL_6tcn=W(U(R1 zB9};9?gY5(Hp#T{3$((T!?c%Rd*1PmE>CNOSVyek-6s|dr>tYgrwOP+P!l24!r7`k zP$p3`Dgn+{6x@GG&<$k1SWc}KhMVdfoO${?BH0G(bcwR11|=A9!x}V8L{vdh1ZtzC zOIq_d84B65BC&ZWtJuY4wzxzwF3aFm6kf~S#ZNN}&dbW+0LFU6y!7Crl}ifh{qGR{ zOc9$qTx(~X*Kl`gQ^i|SlgeE5@I~nxq+}+vYhn|^aoO11H181G@R zh^HzICfY^tawZO1DsKyMCa?1H>Q$@=&c7c4Y6@JyilDly^Nv8)1#=tA6aGqM{_78 zG=7`f`H-fvVB>NbDraYvaSL)IEJK?i3G_W)FGB6QM}uFseDK3fZ$IKz2bERe)Da2T z{aFMSDtx<>#Dqk(mIEy!AHfeRz5p{o%)dqELEodG-4mwW_1EzqA>mo$1N~9# zJ!L=a%Pq;k2xjF09nN(lCion*n%y2CKMisDD0b2^06$>`3&T;;4N<5z99vgBrEA0u9ss{i`iDl3LkmO~dgzlL4@RS*uY$ei4 z6Ch%?f)s3(goqTmaEHG!T0euGm5fx}ay)m}G^f4AG{YM4pZ>p@Ze~xV ztg|Y!aWw9`kBz4U=wL5+A+cU4w^L;}#$Y%w2l-00VFBn29#If(V^X?rSy>iRA1EDK z>Us#=(ff@%%Y2hln9M2zhXQuC)?Q8xuh_<%v!{l|qaF7QWbpR|8K*r*ymv9a0$=vM z9KOeqzi@S)LvHq}_+%Ksox_mQDsmW4K1IS<^H~BhW)+%k-t82Kka92zZB_AzRun-4 zHgod|i>`__=s9bW!9ELF?E-D+^zSDje!E$TrR`a@bPWw(W|iUn?eF*t*}lpQ$RT|T zOEZGzwl5zpb6V^ntg#Coub~OuW+bAthnfv5qBt454HI#al)^a2tKYTfs#99wM+}3N z+ISjqH-qo*7r!A z{-DgZEWkx!X4_J!*C{y%GFpsqPFbAKv`{40{RKRq&g3!f6gu-3!hw8GmLBE<5l6?! zDYNsRWIj+_sGNqui52ev-51+ME+ba578T%Ju%aS&y&z~Q6%ALjm)K~VC@&XT2*n_g zFM_gpt3fxe92g&t>RdNIIBS+V@G$=P7A{bBg-$(dN|C`^|3UVhAipsbB-yJ#TCIPT zZTtChQBFU3T#ZXaJ3LP3)rD(l(X*^aWgo=*mRuY-y))0j=TD{c^yv>5E*$$da9MO3x-jp@EoU761O<4q}L}cKlbevjJ z;V0+1@qW(N?0@_k82WZ|Ni(MSPYzf7(iZDlt77>TD>AM%tQO5ZvD9)oCX3GO zL;|&XsNF`CaTO+QC6ZBi5b(~vMAPjoZTuuwQzg(U4~QO)1O0HOL}*=^rY|MFtYmV5yqT^j-a6YP{MF0wK^Fi7>cC@D#PQok>x?C z+jK6=hkXp71!@nojPYoE>wZ+96q9cfl+$IMFwY`jE1#}t`)1{82^y+vjx?^IaOA65XWccW?ufBXD{K%UFkg#L*^v=o?Ra%8uSExQk#26J+=1cAX zab-z5&x>>e@B~JTMHqT(zke3{KEfB`%(e#0F0(Ilu(`cV#SWXV--2z+gJ1=wIijes zSj2?rjaR#ZDc(af9H<0U^w1ahtiy-Gq%hWKY}pA8F1YJfq`{&-oTHrj$?NtM=q|yF z3*K8s*4D7yXGbrQ%u7DpJ-5mHE2u}H^2Dpe79(fDTRrN&{2t23xLwE+2Z_)(nh{DK z#?@NF0(GGU=aKL`89bm>tgZ5@4MF6V;7(Us6~Qcd?&=F3ttBFLt+YW9NbAXYbHYPy@(*g@a?SS>)qv|? zqy*`F$axi4TpNH$cUghwa1Yg0o?o@#r=hq5Q3WStySPd$*-vl1E@iD8LUoM=8V^;* z@kPjIdP>Je^j$+SpYPOjfnC5t_OrRXZ!%jc?1^U6lBNXUIH1bHY6FJy%`;*}H$E{N z7;Z#z7?CF|%mUlK?~4JuCu{A$*vH%wCno>yJl?F^hLE!nP#9b7* z8I}4e?IuK~N9-)Up4Sp_+@_2u_sDe}KPS>!?Zv9jNQ!~W-pJQmugswzL{OfVoKZze z?m#j-YR&;2s|L_uv{8(bjaR0WN<;H}4<+gU96E~hwpls|lYX^zCU$7PEn~>9?uFT5m5p(&2>3g!E>=tA9$B(TFPc7I^ z25ig9)8eKiJy;AnssivD?@OOJ1HgQX6*#9GY**O#fp$s{($T5-sh?m{VgK-Cl8(F2 z`;Ix`D74lvGhxOZOjf^};>)m2a1ESftPq;cl|VIssP91n`8}4f+d&_{|6opSE%J2- zGgv1$K_S()rGRf1hb`133tv(9v*sg@W~|f2Zkw2?orXjQx0GO%={s?3QXB@*=?(WE z39?1j^?ikR^dJX9{RhUoET|3VFd`>qWjYNIsPZRN=zB@xUNQs;d#@+EuQmy@#JV6wZ1bU1 zBzy4w$_SAsnl8g^b#RR-e&wMRGAuR!&5H$E34y^7{Hb*`7fB4PfM7TGF1vg)p~u+A zQ86j6?sxMNx-v`TFT~cRa+D2(Xgp#Aih+dbO$ZP~`2d^w_r!JP{YqR{_FDE*z5Kac z!?v9+^o)RN;B3iN6Dk+{AiZOJlcJ#b-wNLfwlQ?L_BSA4wD}r7z!4lwVcYh zDbQM=<`BG>yf-WM2iI8Cb61stl&4pxSpm0M2`R5IhYgK(yT;rM73w#JPI(z(BG#L`DfMF`a)`t|$mf14s{QUoDsI;CI_>Q>n*-tM)_#Y=le z-)vaR^m;|fd_wawu!xH$c&UUcgkmKvUkA!9tVBLkrV?-rYUt%p4O4%@*x*c~f$-_3 z+hvkdYyXdB_|dkGr(N;lOhd2H!;7&3%B?Y`GQ6uG&OY8>H|;L3CN{eFGw%mfS-BkC zkoUT+eyjr7r=zShBdY=3{C5dPe=+*`)1k?I0%S!40O}z4N$Fa;7Ct27;*--)0`{iD zLFooe2p&m78kJ0<<_Yo+ zE=nwUvwsZBQZ#f|n(Pq?F{bN?tLy7l(J$IV zf6>Z0d4C!-mLm0cMXm|alC-5c@3nD9C<}2c%7+s87na!6@9b%Ud0`Z1HfGH0oWN#c zn{17oo{*PR_k_B4qiFN`!7V`<;%(6wt=S3G4-rMxeLKFQk5T64gkpnTuq*mvIO*1I z-GJA)2}#0eS4s~3?|M2v+_U`t>?YUs#pq070NT7L`3^`%One-XvO&74b;zO%SI%xm zt{iW37?bLb0!Ug^(h$zQ*V1g#Y6Vl|@45!F@5bh4GrezP8m@}yscg|*(TZZROJ*4x z!TP8CP=0*kQ3N(ISWa>jq-~7DbdOjVqnu(iq<4M0mE;JU4ke@RBC%NuNlYto={A3W z&;IOcWQJ5_{>wlQZ;u&+$;p8I|WngsW>UIuB0H0*SZBkcM^(vQHfc<0TFaiMN+RZT6RBMa?wsbJ7%zti9 zAF?gTun$~Bi7rI#uW;Xse8XG3{`H}XY$sL*y*oV3r7tZ@#gMdblFN z-uqoY?rp0YghqZoQjC^gMbY}}w?a6g7ax)~BxRyKk3UGXbAsI;{EPncKSwyH-|A|K ziDfw9GiJGi4mG-43u4o%o16sZO2E7DLTVPaDebCK70L!!s1FJfQii?JK1VQq6)8d9 zx~6N>nmG3?<>JM>w?1s%O`?^Z87?(#(TmGoIjgY2V#+eDdY0f#;gCZvVeK(_UqF`ARZSI>(tr3jb6@h;r*&Yo)*^K0G(gaJVIMTXvkl1QbWCjxF74jxk1ZaE;} z9O<1>K~)waU9|r6za6#Ub7R@BAv1-VL( z;C0~)lL!vQWJz51i`ilu*B<>Ix9bpp_X0_&;9is8&@53Yug>P>9Km|5#{R%f};xQ*edj~2+sXb(hi%RAP5!zty z+XR$EM%deHgxkd}ad{Ceg_q>`6Bh9cy58Z>{+99feNal$&9+smR6&k6sdFc$A6P5u zWzGTb(&gX?{eav?y_H6NC({Q6y&;s@^8xG%HPptBk~R$HUA3Ph1*nC%!^U3>-Oy4n z2x7RUUsbL#rN+ooM@d@6f{*>5W}m8H*2n;KLe`on#8+eiqBOD;>eNRoj;s#FbEbB= zu1YeC*^7f zG^#c9RO&WqN#Oh&YQA6u29d@^HY#vA^c_U4D>W~?TTWK{!qi8@9~%XE)onR9YURgS3-sKKUDY z#K$$Z%T$J|21-5%=hWKq;dqMQP!4H&g?+}H;#^uZatbwZvr_D*8OJ0d`sjSxLIY)? zwvPKW?b{AI1)MvkccLj|nK_C57tO4`KJ?GgiYs@ASviaEgK)!zr-~VI0OWWP4}ARe z6bk;(DI_5mJQ>80zjp3==O}>_2f3o9BDNpq?}!V-?i+rT51mA9iuvlzwp~hz+XB)B zmQF(cPJlku1P7gBU%Sa^x-{9w1nAUsEnQ`Ui$L(QFJW$dEr0f`=N}zhFpcC#{d*80Sy)vWSJqq>VtW6G z1U=%t#iWo=>tVw5hd?Z7Hb9YO$3es9@|{O$ilmBoQacPEz}~!0lu)?G%o0#_=1}C4 zr(gS@M(pp)l#-yNAy=8Z#2Zn@*3RDi`Hh1pl+9eW1rUS!uf zM$#nI;c>T=Ad%T2V*qCFtC|rpp}S+uw?T&OrX?(w1VPErhXXM<&$Gwu<`Sh=oZ(=D zr?`->W*kA|x}5#D@!VS9T^qAkjjjP2;gAyg>i-qs_$3^TMFa(lfE%^Fz%MzUVL&2R zNM8jJ{@5j@%1XShP!uvgQADzliQeqV>!iNGmI2}0o{@qVC0UkNa1vgJPuI|3TV0xP z-~#>A!o2{z_zHsL?;h=>h)sdYz^Ycd z=0|*;VLXJtN{$!cYkL&O9HpT>kdw4w*SvX4&0b@3%i}s( ze0!NSbofFH2vhO$@)FwV%NWB9q$q9Rd~FaGOFhLu{^B1AqmCCyY|o^v8}reWMV4P$ zBMNN%pBHPV*3feYrjUE+9he%epg=fKSBcXI{kFQd&#m#?%4uLn;m`Pr{9m|*{=f5` zWNNFU@GP(9FERcvUVU4w{pJtM(hV`}v(@qHE>fW+{-e?g); z;b?~skYNpZ(Aj@WQ~sR~fLr6} z<2d={JekOzA43avoh0|V97$c`;_4Ys^?m~NJTWT}q5V*e0MN4WD5JQ?kV z`EleVntBZv)tKE~Z43N9nh5}|AM3s{-TEP}+cSYG*tv$9QbPJCIUaH|bUqiYMQS`s z8ng6A`W7g!ch93k?(tI=#l}-g+*3x;Tlk%ys<+N6O3ZP?)0pp9nxbN zJNa(|=2od*?1J$%(Dan1PcB_WJqB|>Ds27=!fx}^O=RzIAz2fM*t#JPRi3jE>h-&d z>~wIFh>2FSBV*(r-Ma7ECfC5C@zv1YW4uqKMxX?M&?G|&P!iN?9D>poUycjzwhD-E z=RT4&fag~+7@vA71OthO&mW20IeW_LSAyF|3qNz07&*lgXrcu5P%wrkG2kHZdoNrM z?KF=eAe+Ch;q827!VJB5l9s%w$1lx*Xx`5)d2;yiWwkl{S>AC%Bb$d6#`DuBI*m_? zrH#MmK5%FLGJ7MgF>*FFGF{Oo4_@&hnKNmDB;#lJ(3ZeEWJ#DkQ9d(*o2BNsQvyZ7 zdkhgpJ5Txu-FwPVBT$M?ZEH4CFwn5HK`REPAp=w1T$)WVF8{s_2}&`6T)(_Wm1Iur zZlpA9MJOsKLwk4%hgXRa3WyVvHQi|N?>z@FF*jyXLYI!H z4=Eql1tTBzrI1>Q6<%x&8)quu%(0hkD#k>(jmg9xz0RO|G1Kd_#u6f~5!CE9Wr@aL zH%uFc=l@`mH@vgoid;JTguS7+NRwJGFwK^pOm=8#dO?kX$P$5>?DDh5fnCSD45`d< z?o%DpG3R!2nPw3Ao|{h`9jMm6{nza>nUweaOGixwWjJL41be5+nFLSXJjFt^)(%fy zX9;EjW_QUkURd`n=2q180wAhzgQvbI4;JAsgNBYx84tmc+K9XY5YTthY3g9Ao@snow`q;%m%2?*!&B55cneIA1cntbPJBt(HZr@ zx`8PN=*UKE1F=!0@Ee-5M)*?*0Mv^t4qj5^}h-LpU(XmN=&^?%IIKB2Z{ZS+)pidr0HXJFWm{Sf4tz`6$x!E zlR)`$fU&#+QJQ!zbuBplG+{&>u;c%iI_TU|QUrpy55WS|G*iiTo>5GvUs&5N-#ohp z{P^1}BW&F+-^D5c{^+bX2!z5>9{W`GAT19l^y#)bA6g1_dM@eh2^C!KZkXTV=W8Sy5PKoI3qGKL|;R z#^Q#m=AAwd*De|>Pf$nlM!Ra;Wz=NBB;%!&ceR2UdcTNj>k|t*f(nuJCp7#TtuAbk z1p}6^%2L>rJZjZU1Woj&;cDNVm4F47E%d{Jj?Mh<#=iKUC4zVooQYUs=vZTHqgZ?f z)S+AjxRbl$8``KaHBA>Z7%fy=`1@wiLVh-}zDGEdi_H@mQIBi$V^IZZBT%2?pBj!~ z#kd_QwS7vZAu*W~>VC6JqE_n(qelG1=eV(2^ed^Eo|S`MtGGeT-% zw}$C&NIhK1{JbjN%A1;{O{*4wY8nEn+dV7ul@~kLqkxrAU>BtUWTt z2=A4rGbd9m-b;VPfuyofVDi7t83T_%pR#kPid;bN#-+^g$B2ionXS0Wn#~s<2`SQd z;-Hs7Ydw=c>uHxFpbF1Yqev~vtOvem+lB-8u%c7zsznP8Vwe!YZ7;2{-5o_Z>d4wE zGDQtxTq|ARx_0CH;_K8A%Kc*;U0SS(ed`HedMKQkeVPuPiitP$JP3_rNh$;dK?HZb z)&&(r%dD6!K#RrJ)@P>+*i!tq@WoveVrSPXuXA~V^AnxH|3Lu8Cwl6R>*;2m2wXr5 zO%ThjM!5is;gBu63Eq8p<)Fyl{qTt^S-36(x=_Xko*bG^HI`&dog_9LQaEO)nwAk& z=1_e*hS>_Al5CrPrUoWs?;a~3`jTNN0W0;-tfk2s3<*Q8pB@OB7^B2VpG-?9c|o{v z)YAml1;n?ov10-t+?#oF+fTCTRN5&wR-(b`^OZNhqRpm?FOWUh7@SHwOHA|NZbqsc z;I>{%rpHOcP|6NJV=@&DHy5v#Jw|ASoRQ<}zm+&JDXkvI%2nyPJlo{Bg6S#+vVGx) zO%wZos#TFK z>E@R6b(Ld`av zFJuR$T1;mJ750Um4s%=$C+-z%bddzU5`%OFXOocp*@ipd4lx;=jtI*WQ3=yy%K(Q< zybtf8nNrK8kJ%ar(i5{PCfpp{-pp;K=6Jmwi$k^L^P;;m{GhRK@53r-%h6NlngQ5R zWtxW67#J`Az+!p`C`{kl$oJB&f8iJwRCD0XsnUx)tp++)5NG?!~p-sdYm+ zS>!=Il27Q4yrnSx?`@TwAY`y$aD@wh{lc)E|Dh=+K>Y zFN13=ef=hgDj6JpvIwmveMC8v!|;?gp_6TPHlj0rNqBtS#fB>BePf2N>C}5gY^IhC z5IidS^38mzp@|-r(XhM+uXk&0{`QC6V1*yc!u__$?@Vwh2BQY&U_}kQRzgU?dG^6_ zI;TsD=g|TyMe)U0BmEB=11V^0ySxLlhHWN>)jg({FCK~0RrQSG^0FKPib{M((Q`y- za%O63^A@cMm8CbDUC#AhaL0PK?t!jwjFbQEd@EDDes?vv>PzpRcD(o5<~U;#mB3SD zR?AB(O4rCbS7)`cjbQnnT|Lar`-Nv7I=nn8+JzVw51#XjUpPTqM5io%b~aOGUj>Wl z)>#bZa=rm_b{Z2f3c79wcJ8P*?BJu8Qu@e!CdP2O5M8ZE1wAuj^Nx+uWFUaG3mzME zy4PY=j(e(?@IF>`$`XC2aN{plSJN2PZQ-yKfx1f9 zdKZV4eORtzFMJ9gyC5?9<;F_5I?yE*T=F5@QW93sK}-bP8_SDI74iylG&KJN^FVoY zfYH<$#m&~>-=z2((%(3mN1>TBoD17n(2U%1%5|FU@UitbJF(U_)5ufZIbI&wgC)uav3M@Iz`rXi$g{qN>Bx?xklr}N%G(V-L#%)_2KIa~D*kDq+S;-3j2)rk&~b* zyUmyf5V(~gYBT>D#+y{P*H8QA$BI?+pceY_!p~GYFTBi0cFjIKc+iAA3McdT#b#~C zF|6Q;P|)rd0}RdeNW$iRqu7{BxK;eBHk-1-d!?b72J^)1AANOr z3+107Q{q@9mv!)j2>AO_481enePFPhRp&k4azY}h?PgkRk+8SO0otJlqF`kWYh(Ah zIN2EGBz;w2;*WC_cL2xynV#9X^p29|)nNPTLfZq1X5lGcqdF!4`x~r)Vidf;8J+zO zS2i`A=JLtqtm-y^2Mnh;33&MRy>94I0-&VIYH~vnyn5O)1mxsx(>nBikkRLl#OC;m z|33vVICjhjas7#aYS3sqDDAhhgB_K@|Gxsp3(kdmDC_>7H z?#Z%E7XOOrIfgl^@7B~nt;}_jCmqolfsf7>5=D)0anV_U-^dg28sD~0ADOUiKmn8| z%HBUKryF|uL_}M`KK;WmN+-cR)@H$6KM4imad;_sQI(*F`_PqeNQkT|L8x_Ek$l?d zYgT|&jUs$r3018>rOoq9!R{o$=q2MfFG>65@<^sgz#q&F*CVPf76u2`;+j+%hhLZn zugbK+P=iZcZx2=HmgXm~bai}npo0AG80&`;hB^(B@l*4P34ZOg%etoH`J zQR#Cy+uJhcJ1_2T(rq5fu<5BH-YwO}qZ=r@&h6hSsK)bP}iB?J@y2~BIgX3{SBG8K?q zppG1S+0ZBj7|lZjSqC(aoOb}!hZ(t-OYgqI@pF&|@+R0Rp_aEtM(_Uh=ILTpgA^G4 zl68L7I*eCRFg+*Uj}&X>O!WC^(M2e6>T9Mq`7tf@K@idCcXX=+lx1+<`w|7#g5JUx z5-BSBIJrRiD&33mp03m@xz!{*GyAQqbp1-*CfAt|gr6Pr>NlS3sa-snoZ`kt#Ix)< z6-TuT7;~G|8EAc~)vS&T{zLwm&c=9Ud^~JX^`vVYxYn(WQ)R zh%6@Af1cWW*T5iFC{fbi6$j!&5~~yu9-v<(c|I(1s1W=ZAdg)t)FQBb1nk^$?hR6k zd$%%rI$WTfLyQQ+=pV;<{u=A}HPlwE?=dre`>cJ+I9!XemSh8ngv8z4C~XJGS&$$2mTOT+|3%Hbn zKPN-we@#cE6-D>Cas|ybSv2V|{0b{ko1HaVRV|00GY0S66RO=gs0l+Xe4GI!C;scE z;H)xC!kP|raepRHFlMN@k&VStea``xZWI#fLN5eAQ`*29K_c|*-}{XqBvgS?&+P$X8qG`~ynrkIfZ2lk5`u=wO5(f+Cd(5mJ;95DJu z@b0RuNUq=+Z>FElE?H)6WCxeW!e0RTaoYMB{9+~fah(692+-{u?9MgA2mv3e%_!(m zuZh|kZEwuFK;{M07Beh7+z}B^Q7IVi7BtLf4%-V-90F#>=;~|z;ll#EE$x|Y(_lCY zTfR;yx&&?wv2U)%Ubfg4aJPZ-5!f2LcHBMIB4P14O(M56+W=#F(GQX}>in{27OJEb zeGeRAq-V*$vhC*{OTq@f|LSzfKvbwIgKTqrZGL)g%F5RpJ(dk5NgoefSCEEXE;_y6 z$96}M?RjDe;)zB=L0 z+%~|{Q6UnjnFT{A1F7jgnE+^q?V^q7{SY#)*#~iPFuOcjFhfPu!t4L!fXBP)jAP1xtf0wX>j z@@$`Aq+bL)-w_I?%3Ndbi%eFnAa-836c30h2H-R}L-XC+UO?8i&kvm6P?;5|J#0u=4VL*Vd|4fpjESiWVgpxK9 z3-()U8{#2w)780AI%-5Cj%BC%DQXB1m7jn5XVp#G8RDGo!B8%4=O#y*uw7dhA`o%n z|0b3)p9Tcgc`dMrnIRcj(hY2S6PR*Bd46hDDm(ZC5yBurmO}jpkJl&`$?*oUFcHWg zaf1j*bioxyk6%7m{Dl)W`mN|F=YCZ5f0-9{2!bcQJ=AewUmyRP4OBhyHEHN15)fcn z65=pI<)OP9ysml4-Wi(!TX^2~RYwJ8)?Omv6}V8qboNMm6AuGixN%_lu-iXgt#kgD zp7L&2+K%&iMie(Gd@2t00P_q0=R!yK_p<~}gKacXF)k7SVVANOe)X4^MD31aEB2n~ z>a^rMuhm2J;~wW$6~28cH!f%sw?J=rb_>HYdH@fGlSm=A_+a%?)Roaxu0#-g?i&t$ zvkXP*`F_H)GPxvXb5+{oA}cVpvc<$Z^zB8V%bt_$VU@1~m*m+5rf~*^3|d6q?LD@%e_iyd1sL zt}~a{BU4Yl;msNCzW&iE1}b(D$}>Av=LD+0qd#Al@0p9}nKc=}8j6P|O;C3KJixOS zv>&Z->E9!$G#gwJ&%l$BYI=7a>mKrea((?7GsMdWAnM>xwb?yV+(wur)Db~jZz%9m zOAowf*l+4E*aIIOb!bXnefgd+^L_M@j6CJo`@@G)Dc~i`=#@LQFy-RQ>0)2OZ;K-7RIe zB5Wb~ZTSF2v%;L*yczT7CNF7x#e6op?P+QuE1&ax}5b*f(G<`O_7b>zC)g__Z>KCLJ9Kih>;RP^tTQ}mm9yS2p8=c zPrcch5bLIgAU76eQ4dJiy=G#rIZDbQQq}Ah>5|?!*`?>; z4Qk2lo!f{JWk6DNh|@DG%jpu(j)(^k1b*X?g`vP7wsgI#l0V`_ilCydo0zRd+fN^E z7WI$?(0!a?{BYdZ=>Jc+*N@6oMSI|{`e3?E1DZ&dn^(aU(sRLry%Y_F2ur^wvQL!V0c|Oxhjr zGa%BL|AD|eY<$3YHluxEGg6S>OLbC24G(Bf(apC4XBFNe4FD+6ENtr@;Cq35e~_g& z{>-&%`6IN)fuAF zcfPx4U=lZU021&1q3QWhc`;2IOj@LevPx5Eb0uH4Egx&X5*WD<%@iYtzk- zyhn-(Qc}1w+Kltvi@wu0!eLcumPIA(0LI(=x`(%1F+=Fx+JxdHVub~iK$LxA+0(}~ zTVnmFsm|p%>XQv1kPnXPWp6r^K`PE(Q1#ngI6dx$ty%iWgCITOGU}~UpWPg;W4TtY zcp~uCsQh9HqH;4LcNA_Ktb8KW{%fv%;fmpHKcx~~?Va;Qmw$262MEJ-TC*zAeWP&Q z0n=wD7VZtR`xB_3VRz^7Clm)UHeBC6&_EyFWDTu7mFSnFrG7m^(&r zO!_|${t0C0=J~N0+SCi~x3Y*zT`>G;wA^5x%)b30VhTwuUD$ z)rG2*rx9S)NIcI%sS7(d7j^^Rc5W<3@E2eEd25fUaJ^$Td!*j)_Tu<#%`lnU+k3#$ zen?_?Pxqq!FwLevw>(>bT_^Gu201TLF*_kE2H3*egeq^d-U+#;-a|3Z`qrqdzz9yi z4SGDjnt3ku$Ar`y{J<7u)PU&WBpgrrACS~6oYIbbLu_e#^VES=W;s8j7PT9(EZ6oK znP+E*e?*RmIkBip#bmlZl+)Zt#Q!Jnt3Hbf+`y}7m>3a{AhV++bN2h}u3c3L`l`y@ zO1hbPjkpfQ$ye6)JU642y_l_Rmp6mSfLX)GOt=oD zgCbSZ85v#gC2oRf1I8F8k-K2^BoOW5>ZXB?Ule6ZXs=SB>j%iAw<5XhCHH%d zBEmr5!(OleFxi0&K}gdAZHvM2lUeT2F1)KmXqfw36ABGJ%=XcId?cWNZL_*2Nf(dh8h92_W>>M-MV=__wY;192Kp`#o6E@yb)CaIxJ2A- z^WddsrA-Zw;$pcH&Z?b->)wMk-#^vmf;$V4veMY4ZG9jwnzqW7= zpW+u>-%FY+ILaViyi7>czZw(-UB&u&Cg&7Vatkz~zD{`SsFjZg)kHgs`N5ZlMy=Ir z8fNhd&*OEoxD+|UEm$K4-GE48u%w*5o|;gJuia$8C4BvQKnOtvET>bwCEuf@-y*ZI z`lClkm)(>>V2yjGRE$uYXswK3-EOnYp6gK0$J|4NL4{S`K$70z+imO;&?d?0wBc8U z*xD{5} z5QD5|WD5SKzcLQ;gmI=nXJnS|u_H?XcXenJ)&hqZ2}rU$3rP!JYB&z^yJgqrr}~NS zaj0J2Zoz2#B2IU^Pgg8{wo|no_64xGQh+E;0_l8$ckxLH5g3zM>!}+dB%&frY=9F4 zb|5IHBb6_OEjum3pA3e0iVqgJD)EWC305#a50St@iIrT^?fBEPC)bEagTY)^Oo2{o z8dTlX82#*+XRV)`sXz)sNb^TZSAqY$M|0Mz#{XJuYHu2Lc2EmoTHcdm&pu4;zOhEIi(XCjk9cEzth7fxI z8tg>MY%JOn6HO|$Nw-GJbHbdVqBelfrXiEH9n4zM!Ycy6xG|nS2m#6_F$7HDW|E5HfLuw zRG+cq%8WSoO@*#6C-k1P%l?%sS~kTuyEMx%B!ASo(N-%xSfr^Gp}lm1M;=>3jV<^T zLIDG9Sof+09cW_Pj|6qADR+#6{KGwfR0=v~tb#z|6(k=8a&37}tNeZrtmb^HwZ*9=J@PyDbA#TUT7NQm#*23Smc(fY6n#)RPoBjt|Y< z>LS2DA}S9pK?;qFH8{SHgVbgu=AJ*@CLF0>iHSMLC~t#-o*KFzxq+XDJwKFV-HVVV zcs&VG(8LvpXloKPWa3B3%t&>G44x#6={Y4QN#1Q)^+DMD9odT7hWL4TO3Um5{Tar` za+^?J5VO@{l4{KdH00IM?05vGfj>3*ppiJ+K0$t@o@qW1n!3MVfr34U4#_bcFjK`h zPZSiuqv?m?{;s6hM4lg$DX}RZz~s4hIJFHyKOJ={lJ4>n^FndycPF!J{}-FSxhQ=3 zO-M>i6YL;6^}Qlujwx|U9z-?lnTE%f4b%K8slq!98+u2$kJ872lsG$8La!b|lJCvl9UIY=*>2?6d`G%o_zk3hC>2GF0`M#y!Sa?si{^wQbrNQ=U-FjG58k-v z75w;AZ$UG21Z}ZbP*UuS=yDP?wBJ-`R1~$Sb5y~PIGXACis$#{bV0l_sP2S_=u#}E z4#37{c><`;hNh$v%e`?Btm0FpavYq(EmP7d>odA#(Ta|o&m^M$*8?*S4Bd78I3#1X zVF<=29iTZ`}TTE>o)jO*HDK3*`!2G7O}OKl2RBNYq8J2Z}* zA5wKE4SB!Jyg@+M9@_bWNm#qY6Lk?WHC%AVg9r5rEabCcltH2=b=ci}57Q~>m|{Zl zrq1vD%DH`;;Ahm&(9tfcfnkbdQdRwMEsuoG>D{OW-0e*7AAm=O!0o~i~<@Y;Tr)qy-gj)#>E7rGq679EC<@0x^C05xM85SvRt z!T>dtqh*}3@=k`89x;`n5DV1&$a9q(<3!>VjhuX=X!?Sk*HNoI7^o^j%j{TQY9|v# z9%xBhsY0Zj?zRT{t1viK$%<5#Is@8(#$J-gjZ42`7P+96Gt|npMdFPh+oB6&KSe{X zG60}%Ol`=`_3-(0pTc&P#7)Xf=>{J0Rp#Zfv{l^;Kepf4y3SEf;GQ9a2a}gyziS-L z0iSr|XSi>2EsCKDoydj2E$lglmU*YgF9Zfy&C>qQX5oqQFziaHdiDhZcKRO^o?=s; z(%OPV0uo!BB*?F5Yq3z=&URpRCteL%ht8MPRnhfLQNb)N%#VfjzzSpcSP9|JnM za$NT~_IP^<2trte8E=_pa=p_08kJSrm-Zt)68c_q)i6-^6tgN^M*(k${x9jvG4Hm8 zraHCMex})mw(Q~+GQ76D;1p;(1mm6zu3B<#QA#Bjdd#!DZU;Avz65K@nz6js^%7Ce zn-7Vq{YUr4w{{Ie;ddCnqD<04#5_z1XAED@SvnqmeD4v^czN4^7~98XD;2}PKLAE z|NlTayDlBxh22diKckMM}t=GLP4O0ko?e2S8|hqzp6S z&JuM0>}VREY1GzjA%n%a@Skv-*?X(L$PH@i%bS@x+2fOSIIgC}x`Iv1=}kGJTNP1v zut^t^^+&L9tH!9wI@70&FIAt1A$GKIwIzrHm5g>br0u6kP2`~>xdXUMY?DQ|aI8KP zGI#B-NTY^WmGI^Qx)f4C3EsF2ujYN3rUgWl`yp#ZGC-GOS5h_~vW_y9=g2*b%T z@WQ0mYut!jAz~Qzj3fH(?Iz|bRC#mXU~M1lj0}+hKd`-6)B&n$Ol;)8q@|>#67(9m z8uvW&T#ad~>VD(MKF0 zT1nvri;upJ)ezE`{1cy=wSO(xK>oCnWN)52nn646?Oi&Q4;Qno^foZ}<>9Q|n^&t| zgQH#W8{fPu)FL2&HuzTHKs9=9Vr?Yz{IZCzy-xcx3!<`n_r{_=v#pcT*5AGE)gkm| z9--Uvi175$wA-66n%7wH0gh!a^cyZU&yYC&IQt#dZJ-;1sBYmj0MiY{Rsrw8#WoRk zyM{YYyS|<{hlLX~4QMiY|K+2M&|yrjwZ=i{t*e66ExN400CDGg;D?6?>X1WZ%6`!* z-R7>XHqR4YAjqK2)>iK6@k;eCo|6>Oj1!tvCyBCrLI68J#J|xh`rT6a9Ai6!O4Qx& z2){jwx95#rkfWf?s+@L!-C&1dU2POhoKPm4M^YQXU%1D_9~WfAQKLj9eYdlO?Q4Rt zLeX|I+&sA7DHcBYs?B9n^He7~XkuKh;~~0uBAWnKmhBsF-6LSR=fc@3jr&{Vp%K4` zsjQ0Ze1}6#wxMsxMH}%CBY;!2eoJt7!OzmPUfsqUtyzR=wg>I=E?yv2jdFjG0=BWgnVm%BXmlJMF4=xw2jz zXu2Y0KCt}!QiI3BBNLAjay4i;hq_^UE6GppiJenSf)=>V14rcK+j+b6_W0NrC^-$9 zmpU-JyFkFhfv5u&y;EXh15zE)hX)mT(EzB!X2rP};`%}w`sc5&nvGJ2Ga~&Hl94|n z3)qEiwIkqH+u%nZ=Lc?OC)IEYZPefkxn_gfD_Ry-{u4b&aMG^)*&gdkYwsqS*skp7 zrs%P9dumEy3-jRJ0GF)xpsiq4u~F|@rdU>xyUiL7JH|$3 zuJ$O#86Z|t>cRX`pOqo7Ull!7(ae&)CxRM;-)Rh3;9qrJ`5HM+$OyHda8sMQe??7c z@ms&-wLgX>eUXpLuy_(iB7-0PLo>?%LIz+GVR3=Q_>ZuPW5q@O{gf*AN}u;e>LOzi z%xR$6ESs3`=a{z^GLt$h@12%Yld)6Sl#BBNC*mNAfh-Z_Ucq5|LQZ0t0r^3WQe_ug zV5P0;65yE%BtJtG>*zzvLPjuJLTycPzh?tHYjZ2iJs$6xFX z@%-LnxyvtA-}ZgjD(r~lvn!xRD}Tj~`zyg*W;c?+MxW#Li=fu-p6@5Y_0l23cZM1J z)+Hh7CTat=6RV@V%rG4~cPoJY43$>pwqei@n}m%xT#rT4Eh)F*3GWuJaYOYH#c zLD;o`Vyb1wVsWyuLQ?NQ-m$FhnTwx|!|KD0UFd$*=#iH(a%P`w=L*ZViIeNb}Y#dDM zW?r4y@(`*B{z~zqo)U@@?f7V3c<@ z3PxOV?K8P`Y$U;SMYt+3IM{vG2GHdg23qESVR3;twr6czF6WZ3#H{mD&_xqgv$|3=R=H_AUSEfUh|{xsULB7R>5jb~ zZRY006!yC=b^fR&eeC z#B6mTyL+n531c6Zg~^3jN?8BJ9>Oz`lbweR4MtMoJ_wKNmaNkJYSG+XTzhiUl2J2z z=8t; z0|{ro15Nu(2KJB)1M6Z`!`Xh)MvUwA*^bxZWLwXw>8%Jrw+>y4rTWpRf}8UvSVYsF zyV2FuUeL2WnCSj$3YoI*@jBe|zW9ym5BU9?e&pF3wZqAk54`Ouf0=JBZA>Ll_FZY=CJiFJhRSJvUU3I}iCr zzJ_{pwoRUo7f2dfvb?!tqJmCXVvCOg);f?*R2Fz(7&xVKXW`uY-nob_M+;myql(eP zN~MM0Y^(PBxDgRsjEl1r{>jbI38>K#Rgy|gl>!6vc}TUQ5^6{tNSmQiTJ=q47GH*R zEkNXAIt6}iDm&FiE}eUAAGw8q!h^g~BPDgsFGR3KyHH3R*) zoC;9#;2i^7)+aL$n~F}zn`8G{ z_lvryuMz&YkiP&8MAR&&82=!7_w0z9Umpm&dXA$zQt57*F+rQ2soIcz>zDUf)!-u6 zp#W)qnHplx!jcIR)5qby-mz?WG&3lLW|paZOOK}MQ%<+w7WZgj%C?|P$-diV`cqK5EiQ+g^(4ZaNS@`m zLRv-9tdwB^9-|04>Y0ZT*6NS}w|yGDfij;VTd(DHSlEjz14J_J4HL_C(zPir9b7GuD!icBvUfspJZOi0zPKH2d!F>cD7?N^WZ}~*sX1Vu=L0^f+LbDH$cL-`71R67 z7oW>|^Hk=V(LRh&R~T$`hZy_Ux*Mr~%)U$t=fZKI%My9{Xz@9GDCtMho%wEGFqL|m zc75SUXHe(1EJ6^)5~BBYL#w@Q^G6nqUEy`ypD*R#Hu}nIhU|S=O4bJ}AsWf8QBT`# zo{Tkna%-wT@A5`DgZB6yaB)!eB>HTYAd9@@++k(37xpUtT~YHQnGO8(p-qjy$aE^L z{fY(xz4`FDMj_#NOh@ZE%kvOp5`$?;lHfSO<1j7C|2G_*`dnDQSHUx$5NY0AdJwVU zDY+4f;I<4%S}(QxA{PJny4o)_OnOgx_D#iZ0{!!ZR?Gp0-Js>i(L!Pb6c%wfSSqP` z)E(30WzQ-!JackUb{-!w%PSC57sKwCJ@>#LZ_JBara1Bt_{XGwt;OhIwn~@t!!ZC! zTS7C7l{35VkbBKBJA=TSeHkxE5pmos|8BKYMC$c0m`T^Af%F$;pbJo>^tWZz5Bj7o zpopZ1b)KBXqqbqAO>c3Z%}E}9;!)Gc>sS)5bFV}}1eJ(Ebt)+mPfesMLBh`miJY4_ zVJ(A{{t*OWa=9_tMWu#HJukJPRUP@Iq@z+p>R|i}g^v##DF@2wu+^#UEi(f?2&8Z1 zyZxfPkRYO0NXZ21piTdT)2XqQ(>i=(%ID=!#?v=c{^BaOSBTjFR@|$bq-;Y~-40R6 ztb8`ni#IP@G0h1o)~VlyWy$))S_HDhQ*Mo!<{qFCmX$jjo^U!oo{kS2mvorO&9vd| ze8lkX7OrPS9w;a%iC9r;~1Bi2*-P6 z>q>6j?YTY{X31?|w7J){ZYxirRdt-hSla;z@l2eHVPu;kpEpy(;BW>yU?}zqd>$rV z7}*R2bp@PkUJ;}-H`g2WeCdL@Pbd}R!uHjBZXa&1h7I}--DI%t!Ax5@_;vTejo0iK zRoom7g?f~lG9_6yM{(yYJe}HLoN2rQy)naynu^+aNZgAL@r@G6$RC#Q7kJgxBM(<$ zUB!jFF7*{C8F}W2)ywz8U;wDlsC+P(>*WteKS>r1_POI|Km?0x^|nEGB6LCgufm)L zKL`*t&7PBs{G+n06b0hZOA)bnU@o~2k9mx0*ds=UQZmDyocfs^z~IeGk3u0N0r~th z^6c6A_rW+_mHz_*tPU`Ww!G$9+_zGjSII!Q#iqN|ml2B8DCX?O?HpQDWQD+1(M}B3 zL9PD&>2RLxrvp1(Ugbsmbj!Y)KJqyd zS`*ONRvX=+2 z+7v84(Cuefc6%Z5T>^Rd*JxhJV0$Kmvt@n+gE9a+mO8!>#-XoWhbO6aK0fCuf@4QV zJX7zX$rpL_T)(=m7oCoB*Jq}!vMEoUw5GTYR829t$edF9{nl&8heSkAv#DQ@VI{FJ zDteM2(0K*;+H{bwH4ukVkB*AzLJ>z73p+BOQFH@A9fF8Z<&2K9{Ef|!7!z$YUK_$XO!I9kOS%D*pnfK7eIL{OopAxCrn?%pHYh9^uW zTj2C*o+m1i1M~jDcD-qb15ly6HjEPwh0*rC>_RCi#$nL zQ%su_meU>`c?9DwMef;_waBK4Y3TP`m}JsT=0zbgM0GD)Sd;ofWLm5TrSADw3Yn{d z!K3v&=_?tt2zf0(RbRl*+D`|FZ;F^=RWt<(Y7GD=zV%*8vG%JhA~E#sCi$z9>OohR z)uj&cmtm7GOB9<1SAQDvE_?bHJfWOQHdxTh)v*@=daUjs@iJ^iI5glQssyD>3XCd=^B;oOeVv}pd9BxJ znF6T}B>Kyvx0_`#XZF#K=O;=bPy+dWqq4X%WTRP2d*2ZBJuSiz!b5%v{c;+B=TnR1 zvR~}i06Qj_J~2O%0nS%h^8F0TyQIDGQL~FZ84d!SD^3;KIrPsI4%#`;^XZo#9{Ouh z9S1a@ie~ZSOHS`Wrd_gC{<6^GlmUKqf$Ch{Y6S{hai;q{tKeVHe#NIm94?M&!JT4o z*AeX^gd`j5)dN|mQaS^!5iOLI%zar%Rtf_`&vEc#Tu-)RP(W}G!ZA?iAI1?i9KFxJ z-Ye*+a_c~glxp7B;y1Zh`vfQC+54U@!;KFSZgs+n&90B%R%F+b#8AdTCiENg!w@YT z8BP8#YWkmeW2%3UkvJ@)y68#UKbR_s)M^-@IqyX25_90As`oBt)R0S*G2cK0nmd5D z?Hdrt{H^|0m|vXx-Xr9(A(DEpQeo2y-x@)8o6z*ko(s)O1laH)5g>W!?WPrHD$(n@ z3^X|)L+*oGB)chN2^7x!4WhIJ_q#(6uZXU;UMEY+xZLUA{BrYJ zS#XJiN2HUv^<4JvIG{KfXnIz1tb|RU^rL8X&GoHX#*2)6SI=qKQ#Tjy`ONwjEKu{6 zrYA08Me7Q6c9sbw;-We5otpC4LdUnp2{G@6)JkhrY{R(I9ijM5FSpqaw$$SFgeBa- zJrF{O*#<^oR*OV7Sb#5ffem42i!nRj@fKn5cc5zaZQC`9sY_99yHS^*+;mDV6dv#G zi+7H^>4A&m^ld15)ma|0B!ESI-n%$Umo9#yWx44@b!T8sIJuhIbP&`b| zM-rj0=E|OgKbAZKDf=I?Yj8|i)=)!bZcjEKzQxl#w{zmbwI?sA-cx9RM3gJ-71Qpq z0|telzB>-kH&dr{EnW_-twmQ?Rc$%>{(~kiqO18O!H-tSmQ#4;N0=J5DT~tNsvp?ln5jMwn9GQ%TmauL-krvNP z*qp?WIIiBAErSi8&Vso|xyM4HfP&$|m=kAn^QLm+s__cB?Ot+PSMjt_)r%(rjgeVH zfhSK`DtmVs4_OHKzmbiVk>>&B+x4kzsu>$=lun9%gTF2A#gt+dKK%4;00cImWxj~g_km~gN^{4WD1&!_jwBs_2x5lh>apk5 zS|Dq70=-FFYq_=Focfd|0|r4e{6Do3ol_j*KiY6t5aMbnY4bkNE(!gYDvpLuBDt}Z zu>7oy3l_)jsanA84_<7|c!PaYj{FwA;;2RNZaQKA0!bTDQ-6 z9BA5~t^kheHLi?(w!t~0bNd6)u?3ELgiw6zuNQg55gd+8>Ks%6PSziZHG>w7cGh6o zj&~*-ZN((-DpXWhkpoUDrg~&u>*iRa!@6G3LVjFhQ8a@vjG*7QG0Yap>$THqfb8qD z!t4>2Lp(E2s6NrgAGaK3EZy;*-22kHg`l@MwER zu_ug;?WJ|$qW~LTFuukCS`DxK|0#MTI}V8Qmz#yLP=~6v^>gopeceY`=5d@x+vE5> zyMi6b*Ntl8j;*g=PFfD$$u2KY#6(F;SY~iOj5MF^f~Q_Cv@V7LCmW%7LoMmAswjJw zjQ?bE%7%J<9pMOu91|!btmMw6xiUa6Fk5Zr2WyL3q73O3VfETA74s@(G3kq>4W2A+i3w+fN{D^K$v5ceV8ssW4>i&q$XEht_HQZaa>jl*TAF4tE2L zdNP*F#I7Bj+MRwj<3)$lXVQF{wQsZ6JDuYLlkOHzF;&T9Ns>2r#u{fka_Ti$o(GG2 z_eY(cGA{3@$SMG_Zj8v1i#&2q7kLAW#D7J8-peEb;dXm6z~`Jl(VDp=#55GAhTRMW zBngi@kT~0|A|%MW8&~8JddU1}l{pCdVu<~d`X}+=+AnmC9E>kZ3Y)(0N}m_s5Hp_l zzWd}?0R(K{E6o<~;S2QPacGzAow&d9eqIP-g(t|!>DtziCS>d=l2JVL%MN5a7k`8C z$9I+j>i$Mx(Mtx~v&o|w$Gj=f`wVTB7UuHAR0xnT$iEfA{F%;&ocwQh{ds{frZZIm zryPPekH^Oi<-k5-8cueA@A(bMN~Zy*7QVH4CQIJWO__immClRO8NAjOqBGv7Z8TjoI z1il%|;66UjlKI{fD2-3crdz0J;G=Q}1%t^A&qGqd!r%gsl$W=>Ltt_arJPbw#{vef z265(zAYxsus1r1^JCQN2cykaV9`F%eYiHD@G9a0PEWd4p4*7i8S@I(c**gI_1;#9h zm~I@)0(O~GJ*;`<@-48k;;xv#=qB)uV0lrcQHn{Ys$mLW_*0%7F5CusoaBNx` z$|Y#%hnmsPBn$so^F7PS^)ZFHw->q8n$8ByEAk5m4M_46AuPaCan`=1Qz8~{@UNh3 z!#rBx;FVq%$_qt^G0|j&~{v4tLXfjHC}+Aihj&s1oXlRQU7#z1h|t~_0jWj2*A2Z zdoy_3h4+i@f9J;$rU>ZqQS}Y7>~sX*9EhzOka2a)wtG-)qN348?<73yhu=?HNbW`w z&QT<mI(otGZ-ud~?Xg%Lf@0jZFq){Y%M zW8mIVy}550>aa^hbxhWJ3GaZi&#E_j2I_r=xzds&y=1_?tw6Ap`l zX5#jstNP7no>B_|^x3m2(^f=iQrz0!7GA<^p)~tzZ7aF^($PLXLx2=$VVQJTVAs7{%(t$Ii676aK=Uu4(b5 ze;yUhX3D=+pNph3Gfakl7RHuIt-AA^&#XWxUoL6tI*Imno%zoo3+7ryh5dx(>kkBWV7B%;WpUcH0@dKu1UabN)6Fw($>nK8|HL;UNb9$TLn7V< z4`4xH0yO{~K3$S=8U#x!!Ar)PDLKV_+qnVy`7t9B(h630fMW(&dVUL&NM9m*=u2Qn zMc8;}nm0elL=1N&6iOV2{VeDMEJC^CR%r!a1#JCbf`W#FIRFkgr&NNDIYA(S0eyS4fv_U!fWw#~k z_zU$-j{#7%poC~l*0n6iMxq?%oo4_KkmecJsM$*cJj=hp=R75okGe6&@i+8I8$?8u z&F6-OSl|p0{*CfrY<~H2>#rrjI4hm5lTLH}A){FnU(LL`E?Zbe#8bB@|4)R} z$)EaOX0h}>_>i2V!tFY?aYy&|T%byY+~DP`wa?mE!FJq^%*Hv)KxlXrO{1*%)Eq`S zS)>;7_-3#`S@Cz?7Z@g_W&S68J=o+%1~AVG(RgSWbyBlwD6GgexLMv zwD!eXBw~ZoTN4(D`WoFfIP3?H$7KtzFz%<1ed|PC(x7+EdcG*Z<_R)pq443oU|XRt zBtUBCbRF2376HN5?ZR26d)l?1J+e|`w9;O{9>-#gRXLUp{(RRGuLu&Z@*zFfVZ>Lh zatvAtGc?(&W8bRVBoJ=`L%vk<v#Gphd@+(X5Kpo?+Z zp#>iWhua+I^Cv_PNCW=+%RAf9{uDs6!^7s@Tb{*v%j>KBKFmRT6@TiiVUpJjxt0vW z=%jm=_*6f$4acc|6M?coQY1#-9;xg~uB;VXZ};_$RA~}!xNkyt^*MMo$o^oJ!SVC^ z2YZoZH1wS}{y~BZ2#THrcexg$;w#Lm##iaH1+zkL(T3&uo6~@xc+xQ2oCAB&- zyO-EFbog_J`$FvS2(LGBTXTPs&DTmiEeFC$EX-{$cDO;7J3KhH$LFQfDvF{qS^qE(-zrT ziYVx4qJm@_CE{kY`+(hEWs?EW@0SPMJkd5h^qeRRa;W;t58*FBbDS!sFW32j1}d?s z%mbL-DuHsL4`EFBBp9hIDX8cP)Z{xj5#_2vOaMRSPf^VKUqLuS$n~*KXll6BANU)X zTVfT`L2GzDDv}xm-dlj=v68d*Lt@fZ#7v^WxkMJ6w_G@$61a3E&@GsFA}5CpC1S2t z@2QH1J?TnjhAn@7@srtDAZNQ69u{G9{5!;0AKPsa$J>4 zXU*yyV&q?cyoiu~ewV1yX3$z~n?&qYA?@ZLJ=Z*H{ONLpBHzC_M*MPHYEQLJih?be z5^7c1MMMe$u|gpprJ$ikJG&!m9&L&#!%FnC97$QH3EfWK_vz#xXHF^P;m1R}jLnNY zGU>YCjwU=(9&tup50y?5?8|Y+h_|KYg`zhaYr>JhYi>Rx{lOf$cE6@`Lu$6w5qf|- zsqOW~jt_Wj?f{GBq5PO$)SCq;oRppuo4J&8sZ0} zSQPVq%)!dxB>Mam@MVt(hvf7a-iUtJG`Emgdx8Md%h5pFbp&~VvY>-8LPTYBC#1g= zN)bGN8aiIPzVri6_6#*Z{eIp>7*49m!K`g0!CH1D06RqctCgi5LuaB@rTKNMFzc_3 zd100Fb!3bnoJQ}}Rw~>=m!CK0n(Q~t8D8q87tIFcV$Ie`@OIDcm0Q&5j5Mocn|m78 zpX)#51ke&_zT=c8O{dF)_@{wEAc5EE1TCmYs~k?413`D+p+ImZ1(&ckG({l!=I|1Ue)d;lr>P zbviyHBS1Og$?P4JqD_;MCEWjLGKyZH;dA2j#|6n_?Xy@!*5FiF_Cq(x)ov?Y4BTXH z*W{XRpGy1>4L_-bi=3rY!==J^Vs%cb{HG<}-p2Ar?e#~wVCccJHm4B5@fW!pHBZxu z(hGuNJ)2klkNalX@Q~rH+*icki&VMj*I54cm=x9|nAq$gcv7bPuo=w?5-h507RO>K zUVfOBE<8(Vjy-zLEl6j1eBz_XuCVMYVM|;Bn6x|h{83KTG$$H{9CKR3b^{pKc5a=$D)+6)S4h&)M8wYPoiQUUc{h4YYqgR^^&7Pa3 zNedrNEv*8<$6NlKucs0ddbPS7m}n3VI#X+RU?Pg;=4p*|DQGkaR}bWxncC?)QI;;V z9yv(%t8d~!c%NG_6^ErY4HWLFqWv6$_9i*bEvmN`YK$WlvptMbT|UQ_bd9hXA8R7_6<=@kaE8f&2nco%Nh~d69prD z|M=OQUNk2;2j)-AqDYvb9xnsQ>u0K{rtH(;OA`waKaJIBB4-QM&i;^#|K#ry&Y-l3 z&KZr4LW8wZ^%0)5c>~cTBg&}Qp@p6(i{oDFKx?x&2H7HhQ)gF6li6rSgBu=rB#WV1 zkr2gx^CsuIhhg)e*XM=0!@FE~ZMCGA9kRO@NW9g=f;fAfTODoQ2Poz^S4M4`g4Wx% zB!M)yrUS(*RO+i{F!afY+sS-N?Gx&xQ?|55i96}hZL?@+(agOb!zLemQf1B)Plxvj`1nuaLK z4hw@*(~;L$Sz-hVMth@tg3x|@j{;Ly$-c;oKh~j;pWD1rJ(tB1+fz}SI)^cg5|9T! z?wsQDyff)Q9G44;>wEKRSCGc#&t>bZSgbM(f z8$MohHzIUZDwSeCJwq&;HEj*(m0gK}lU`&&?V_|V&>5eFW??{^Markfd9?UNQ9MsRDsuEU!>#LA`Y#2`RN z5Z+~L+W}iyWlO-Fo=H*|s|=`95q#J1Jbh7rI;}_hA`z)Clxaex;Mw|$DsqeQV8_j% zOowHCIv+1iX-Z1OdCFv&>gXJ{8QJkh?uK+si_hE80&n#Ja)qHDVu7Vn&T%Oo6N?oo zdS&ltW@+fkk;SXab z!v}f!T7mg#n5j(>%3B%NkjArA+mK)V)CI@6p&2w$2^;NR~dK@I; zOea|zDhlB~N(=LISA3t7LZmzT>UMFw%1XD{aLxbZ!-B00LLztDH-nt+j5kv(z~Voz zXsnu7tT(WI$X2V4y`#CRSC7eFJ|q08R>FguQ>|%lfq-Z*^KOH42CFbIhorxbN7?5B z*H79n`bY-XfX1mCcFScLQfBaqp|=Jg>&}xqQE=Dig22vvxPKHQb5)jTjytGRaQr+} zBW9imCYJnF4K}DnL7v?=b0A@bIm~f6g?X?nKNAdJ5i7s_Ft|lG%==O{Mk1R&=(!u^ zv`rfa?2ktIImxSzRz_2Y*hhKKmc4)q-gbL8}__lW6-#L|fzRC5vIar176oj)EJbjJO z#U!_t(n!8R>`P%xevcJY#isEwcSYD;Yqphz@BqlN5FqSmfVk@Rre}wfpdEB&!Mg(x zZO9vVOQU-B0030({2DfF1WvtKVA#?5utdw!iszCx_YgL$Yh#)2hlS<>K2ZrD*^H5 z{T$SiAo+Lu2hM`y&4K{1uA38zyXd3ycU!fezw`_wi8>N$pNB=Wza|?#2HEu^)pQ;dy;&e*U z2C9>bq8XU9QK|;nfVjckYygP(uK2=rKerG}H`J}x+%Tw#(vF#&SErMa|3b4pn>>NN zx4!=k?%q#GG4-*IqJhX))L0!n|4l%rvxoB@YlhtkWoFTg}5d@qddrY=Km=4fG2 zE9+M63uFEBRfk-SHSRPO>^+e^ElK{1f6_Tr&{vO$g!Rnqm( zm|2b5hHYs;Fc&`aB@;4_GmFN17OFDC=~{Ruj6n?KVqlUVkj5rNt3sSr+S^EHaB^QK zRd+sdjS&;#JO@g2zorf$Eb&pocNy2gn5{z!v7uoYN>OgeCpuEPAg#Tda=@{JOU9;nCI7o2lH5EXn%r zr6Olo`(18Z5|dtAgr*J#Eo4o>TYN0iV&#tjPwq_^2B#R-rQVYL|w0=*@g9DWX7aHE}B5;LCyCYUtZQg z5YzMknb5NJ3Ko!WL%{o9P$F53ELrgo%We-7o`MAOK^KiB8YIf3v9Uwx|2rjSt`L91 z)5ECcGK`b`G`@yE>YJ0J9M?*qLy84*NEF*6PY*%FfI&NssCG|-=I8L^szy53WTlkB zz{$44Qu)hjy7h-O1HZU*$P5XsRB7)FepWI=NTDaMS$P6ncy{=|pu1rL&%5cDLhphY z00dV}?DpC`>=FD#+9WJ`9Lv4=FCV-BMkYrhdLk@#l!L8ra`1LrAJS*o{3f5qb$O!T z-&Fb%rQm(&t7?QPyM67;yK^1b8k1}ART=aGLTZ6iFr#U?7WOcgXd;FaGQDpW6e(lT zoLV}9X$m7Bi~^4>ah0vpXrdGX%HkwC+Nx9}Z$gD@9*Vn0A%RJ#Cf!6l_2%zAz!W|Z z%+DKbcxlQdo__OBy3Q{LVTH_8o|`1SRrpX^Db53lDk66bhY10Ri3oA{dwiMww+CpZ zKruo#uki8MjOQWpsejSPDm0e66I{g6AXsa=N0(5DUd?HpY?VXKqn=(|jKP0d#u z4W3W2tZ>DQS7NNgZC-tdJ*a-ui9^3ZH$ESiS*W%rYH!17!#mHHaFK8h@`kJ{$2!$l zOx(i@?{m zqqMhM9lJ`S>IuDcRlEl=JpZ-pa*+;94Rx6GV{!nAf=cS|kUThVAt7L-Ux8?s=4*>^& z#^JVxX`@SZmKb!+n$T*Y1Ps9c+BqtVRZ`lI0avHYaUu56C*NqI#gkaHnoe?<$>8h1um_E{P@BYZ z_dg$Ubk&p0iVrz`XMqC1+tATv$Q zwyFC;7QEi&p4I98UXwyZiY{Rn121db76&yQ08QGb0<&({a6&8dJ;1pK#gk_FQMhWk6Iz@;0}=8Op?xTN88 z6z5MtE8{m6J#;EEUF7!nvT^9jmh@=+p7#&0g)%0VL9W0O#bw=A)1oRJpHDup+p|1C z5Jo+~XKTt*7;CYzr#&fIQxhY(dH(=6$^1l$pgv?|1IAB>4r%QBj(oQiPynRbs8GBT zP{SNgtdvegMQfw4dR45qJQaD=q>r>ct9BlU zN@6GrOO$w1(sa=%DW(=_@_b@g8prb95<`+%H#dT_#iK`}CfC%9DWj(e&0-Gbd5Dya zt~GAKV_2ExB!uQzWSv<~gZZvKq=~GNL(fO8NlxF;`2(n4c_#=vPRfZ8?4czC6uOqn zTp1jo5!0P|rfmvh4Zg%qiA2JW&bek*GdIeIVKCvBE%ui=NR|q(%KUJXiVYi|IT?p4PfA5LM8=c<{t?v$AP-I-u-Kfn;M$ z;tDwu5OX}dftO+Ow8pVpU8{Y-&{z4tQ6)*pcU{#JZjqe@coEK^ckAoD6~Le|>{;2` zo6%kIhD89hlGmc6vkCp!N^$dyC&n0XjO%O_EFfwQap^(L&$0|cB~ErrsbXoVFxbNB zTav?R<4nfxd8?g_RR$8an!=}*>_R{Qbk?Kr1wl@2@ZmTKhKgcXdPf`^2pVXxJ%~1e zX;N$IY9#eK1$*|*lwX2`l|d<^5@X+z0KI5clB-CohiwsP`_sBEg=iN=5$MGeiIBX0 zh#(@$W8j`{@y(i?nx=?)ip(7ZsblS}9L%P*E!I_dDI>$qYUmP(=}PDGk0W9dlM^+_ zP4o@^Y2i|`s=x)Q#}MCM*Eo2PjSm=YbQbG-d4IHoAK$ik>aKnlb*r97^I}2}%W|@q z5V8qmr|?&$A!IjnH21m%$z*8;r4M}p9_t2Xlv_I!FXzr*BtTf(sADMwr!!pk-G%ZE zN{a^Ysy$r6 zhR!OKMJyhdt`Fu>nePamV;HK(i;4u}mRPjSks6YKZk~GIBY#m&8|c-uYe|7LTjTtA z4>D9fRX^PZ3hosax zcGp=D28S^;*Q{^i$`44z{vozWU$d&NR5!$P)us`}o~p1fZSU+vhfHk6s+9l9WgruL zswZzv>+N65ZIN}H^JX$w2mx5T^BBd+8E0gyPvFBnL^vcVq>q}pqE8W z!g)(m-F1YAAWdOkN`EMX&6c2KC%FsHGHA~1Ip;q^Sw++>9R`g*0M2fk)wkhJQTkb0 zRHRS~9u0KY)neEK!QeVcsgNM$mW>zQ(~pwCV$&O6`nf2)4SxOn{T$STLa%#(M_{7# zWK@`3DR`p``k)eE!j}kxjBCgcs-YHvg;u9OGDbd0f$!ol&wu`HO>d0J$tyNEt{>Ya9Hp!Nx2N=Bp*$L)i{cNDvPG~QK8Tjvu*QZcvm|uAI7&7stA8nb=~)6f=phM zf8uqs9=9`iwJ-C$*XnW65yZxGoN7)N2%nT7$Vk0Y!40&0;Du`0GUUj+$;xiThWvqE ztq?*)faD<9n^XQ8N{cCeN+&iis0C6aiRK+E-0~JiyiFylWXV5|>arP>vrNgBNXe?tzRFt1Cwu8(eO7ME8Y*30{@0v@CXmFmG}C!% z+F=FiFJZk{g0TY>+@}_2L#k234m!pcIuc8bnAEz)!I8hRI`YcH)ZilDp2M4d z4z)_Kw9TltETZ&|{7p5@O=N%vpcz^3r;ALd*kgY~7G}a4QOu5ai`6lmc}Yt>ic00< z67zG1P|AP#;L*FyXu>TxmzeO0PP7NyXz*s-2$*)RHgoT^=pH;Z0xEEmtD6KoOgMwwF* zwu%*XKT!SbVi}xP*m`B8kdN?t4L6RqIJkcKthOCdibrd`F8b#nW=Lw_Y?0exEE_e2 zI7WIXGfP=}`JsR>I(0spZQ3XU(hy)nSFzDvJw8sH2Xp{*h-f=bw6^MHJlOnSr@VEH z_0CTn0G{VaX&S|q#tJ5`RKuA>%FhRS>A4~uwTL&*Oy+Pl=&xe2vt}Yt(daw{9^Yk# zbHTZMoRV`&*g#KCa@A9GbYZ17HJO-~&670154Qi6m}{8Nc!%%Y{2~*~H*6=YrJl3$ zn#b1`y5yPSfVjuv7ossobm!N};f<(2^^82pk@Sp!vt9E{GqLG;ukB3B)h4_~Ip@XZ zu4cS;5$AYaJL$W5@?S-(73JBYGIjK-E5Jw#&bjuu@K7MxQaix%JAwpEa$~Ag-PyZF z-^n5QSD<$mz8j2j$VC!%$5T7Rqp2SXhWCo#&`a-ad(HEb56BN0RZ`^=sP0Nym;gmU zy1&3fDSJES*@F$!Ts-EJRwdD2Oo9eWQ>P3h4^>uq%WH>{yKC4%QTqCout+=#dgV}5 z&?ExtbUx7V=l<4uk9l4|xBtkqkD9@ZyV1L7!MsKzIOuG$0{g7kl3*I?kpXSrc+E@& zZ5Y`_@yJwvi=X*ed6s)K2nlgBpuB#`2sAfcKSkC4EPCR9d+0T~R*CG4k3Bg)nLe(K zA37g450+(H&DuZKfg5EwIWAL2Ubic_-XpAr%d9?`Ev+FFsHaLhu|cH{i~7b$LJnS1 zX1epp0+f=>^#fQ@#P3wrf1LC8M_HUTy+@=o)aLEW-e`hSB>EKXlEZvTwBtJd z_8<{=ai*R57Lm_YhctYP*%b4U1?lR4Ij2d6ct?u`4G!UqXgz23>D(gxECd0jfr8vj zuQ{ouwnIq#fsG{95(~?Ha>UY$xE8=dw7jA+#9MiwA5=GY^_cIV|M>uY-F_^@b#W!7 zN}2egy`b($9rh*ojtA>5vhOUKcE9x^D3Y-iSpagAWVZ`W{Kb+_dt2#gj_(iS!7T-5 z1qODXVUY*gZHlR7!7om{jXc6FwSx?_CcF_`vL+2zbW3 zq+h7c0H2d)9HwC8BfSqBm;X&**$oVkh+H^{UmT5q3)%V+(z6%XYrg^1F<2ScpHjHk zP#3BzlQtA(G~We`tkhc*k>Ac{%?Z(|nXdi{R%Fr=l0LRi7>TVF-fPS~u*n|HHiQ|^ zN)VlcMh((|9`|!F!MtUN6s(%grN)(j(;EQv%~Q{u&a{t$ zEW!i7U+^liGIYKeOG6DjZ&QzNFjsfjTN6S&XbwSU3i5?XW}R6ZE2RliYvcm020?JL z*RJBLoKd7sCWvxWZfOScSk_m6#V=QtD}bK*g9Mw5N{0e$FC4pHGcTJof*%0!`?^JG zQNm;usLQ5aFE}5!)3qx6hpfkJ2EKMmJ-u($LU7eB(`J>`S!MfXL9@s=OGoIv)Ix!1 z-^shCWA=Tj)-c5V62x`VUVxVMSX#Pa5fGEbU}J=y3|Nvcq-8=cX5fa$*^$I*pK#I` zI-}?iJF4x4CE=ha_NhkdD+pYIf*HtamgC+`F@>x#JfBZ(|8|q#;l#p%0LaPUDR@JG zz{XEMg4Lv+jQT^euE4oti>!+cb%!sdGz}q8&qJYkOQgH`LPGQvV6qWWJjInE$y0o9 zZy6_wFhpFwr23w?v)Ap*VY$!Aa-`vZ6ot4Dt;_=A37B&MHMoXqzT$f<*@X{fxaGi; zr;^I?7|!E>u1~X^CsxH-V>(Ukk5Bp`O``5BJEckCIy5w_dQ~kuKC7 zNx1Q9ARE1lS`MgKI?l|>f?(G+Fk2{sDOegWU`mGq;+39)_p=a9uN%*^eZ`%b{+27< ztR=3~OaV)DuHnlSh|uPMH^i1pVSjBDZr=VWWFhDoCQn>w4lXcU5VZ#G5(o4kON>DF zI3%{3blebQJsZ=b4H<8(aoBH|q_uA$Q}2jCkE`*@-^lK4uuTX)NjVfFVB0P4s@N9V z;+asIMXRu%dX+I*Oi^mP@F5a_s?SQ*UW}sRQA6UG;IZ$BR-A6l0$PyN$dRroDS+3# z6LPzMdz=z-=7ET)0&gEBuc235Vv;{OL4)~l_i@YeySvV+KPFb$#<70)e1+)*!S|ec{>Ml60!PZ95d;=rNqVGf9^%Fb~l{6-oJ= z(fPnQ^$DTQX$I*R?`azO!$O0oaut5<>h%N?$qqFElUPNas4ILP5g=Th?ES(-o0opaJZj?#G%CJQHABN?w>cRm}yFhB>6t)U(L*1 z%SQlXd)BjA<$U8~xWy;ah7_cxP|gKIY37gM|9k%9#s4yjdonMg0)^YQbr~z>yRwhY zk8`n)$o{Igjcwf{eQ#WR(KD+i(-H*@*z$e`_`dH8JgoP%nJpnv1NErvh8W} z62L?IjvT!8GLqIvG@er7U9C_c+%|W4F!$WUP8G6^+}RbnP$y!e5;BZ@F|bPunzp4v z2ttm2HF5iJL4B3<=V9NFwRI$;7abR~6J*Gb%IS=$gCof~joIIuJjOzb7~-Q|UU2|z zOHy`nemP4He1Un>P7Ps99Y3sQ!qRE+>o*4iH`sbPajOL*L(UWF0H(cOcSBRaI04$`IyGx-*TTZJ9W#6ammxA zxholo#CBDFrW9%|O|^M5%4@PaG$c(+IMfqDRUq76gpeWd*9xO=Dwhykr_FfXC|tvYFc}oZ!SPp2(y7jwiyO2P zq3I%mt?Z@$`aumpM8apoRNJ!i|3FGwJ~DXea6D0~DoBDTW;Lk6Ej@M1@DC(#u5w^P z8}04irza2-W5cgcJa4!?fN za%g4a0~^}e7LwP$8~VoUFMj=XtVKkCXN2hk&}{){=sPJY&j=pWOz5;w(5O_eN@ziA z)L~3xa5HLjw?pEXP=!JTOr>!1aVpVwF;nPo>qJpXP2?1md@M8kNPy+2J!rezj&x zVFQWKVd=tWL;plANne0g&cyZbe(~g1hYj1)BR+>}9V&{vN|1wd?bzN{BJP3fF*33#|TJy$5T2 zp_p*=Z+T%9uTa2SwsRd!(2pa#$E^ez0lr+xbauIGcH1Zr>IjwoqF5Qrhbc|-WT6Yl z!MWwQ+b00)=BhF`9&qTMJ4LD5DxN5<jAcE_$x5-3F`N)dtr;HxtMbV44~J7h9tTcbx$C2>u^`5Rtm=A(s{Zy7n@~ei-EU{jaX6s&t13Tc*G`V5 zMgs?0*BFkdN{vR!)b-?z(1@g5=SC6l1gygSVwVx+Bumb%;7fuq*iv?IwJFos(p|J# zgW~G5g}&E>N;Xo0p#2O?QM{g4hNs^s&NyV`;Cg?y4yo|FLRz)wk91*wxi06ArWfAIr-B+V`a4K+cw?S?gKM*W;h?(Y8C z)a6;FF)Z?q>RNLQ0NtYe#d`V3zWCOuHzPEv($N(v>7l*jSwlLihG}$uPz;1r{1Vav zx!`~MH4}_RH3J_@bVuNbl33Iazw zlFl>ra9^o+kF61iLa_CqpH)A@b{2wIq6@0FTm@;RqzHEbm6LOjFE;0)e zmNfV8@@_Fb_7>ufb+=Wj<`z75rpvTf#0vaYcvj2Xz_VTUX;rAwgOWF?@0E)rj%1s313K5lKu5m;2Rzbg#}%Nv^Ep%=UO8R$#2f+--gJ7QBaF(8o2R~$>3Y;(_wh6H4s!_ObL6~MM6JIp zkY8aXHxfSRm+H_f1qZQd``ta`TJSnUX>m=!un075@GU7A4vM@u--pWCdvBQ@b*5ZJ=HI>E_?_<_y;{KsnZuZWg>OfPn%=NMb-k^D;@20C=opmjy80fHN>d&K{j zN8Vy$<v?gAl3joi>v)-FfHtPYGZJIM*Rf&`s@1!gfd&wACyoX<_2t8vsyN-m- zowQBzgpG*xq8j>+FBN3S;;7}1iD(`hiKNs)38OSzYDJ;tcgI4J!7Ramyepk0Tk!>B~K|vZJQ`Mk)bzP3m-kV!TRA}I8C|z z7NDiRvjbhOeA!D?%_{Q|fw?VA39(jpGP*5ZQqyGDslBjCV4 z`o%kFlmnPFQ*WcZebW=%FbPXyFDL;yKzK zjYUhTp@>!K4k=SUv}-)(H&r?B3n+4Q|KucAEunLDx6Kk0t&f*rktV$B%>Mi|-EOx> zfpH61jxT?UZ0LM?<&j0H6QaX|W>yG(WmqUWM{sO=G>M0X^v`1lt&<7Zq4(Sc@R|)_ zKZcmyv<1cI2!})qtXJgrm^yNAz1vuL!Kc&5WgC(?TmUXj)TowPRJ~+#_LFeV!@QU% zSk~HOX;H(B$!dHltWv& zWLU>K94q6qc)T+~y&{lrIpbJ7#h79-s<%D6vsAe6H+8E2qv@7^|MoFYf!e`)O5osxb${*bn2OSKs3S%KKAUreKn4vm;MI5ynD>uW@Q&B`D7ov+ketY) zEn}pF5|s+P{ky&gxSaj1*3pvj?vE1B9*zbktS1?<%r~;fG#H8?J(g>dIGV7o0FE(u z6aVTn^jQLBwfKWN*ZCp<+2dp@jRq&rJz2X@3jAC*MKzp-r83a_5_VJjH)XayP6f+r zCI{5pOoAr=N>G#qVyZ)p!J7N!!I|ve=q_j~i7-!3K_)I&QCQkP;7qt7-D>U+7nj5& znGNhCZah=q{`?mVyR8PU)z*aR$L3(fKlC~=#72c?(gVgqLwCm@urPySa`9YQ@b%S+ z!P4D1Gii93dEF>Px6>U0%EsS;JU&IZ)?&+RN&xN2KzOw695f9yrTyVkWfzC*24;Nm z82U$|j)>!&6GPH0N;CS?6W_Qzz>9TB2obQnx>Z7TXY9?~InbzfFQKZlM_OPAm=HnK zTK2@=PqNC5(O-ii4aNnG7>77X<)$9+~_i} zYP-TEVnd7M;!SwvjP8+#tTG|VuA&7XlJx`l%xop~czto_f3t00&uNcDWQD-P4Ql*s z+;Z4;Ay|Jx>q0>>I%@KKi1&t|(b$;j@m|i7W30X1GTT_q+K;z@D4QVA09=kMZ^A5N z*S-uSG6gz9X567CrDQv4D@dL_MUToH7hdd@U5&TYc%pmIafles)lv;ohykrS0A z%j~@-#L+T5r~_GgtM_QTQ-9!iI0!+?kgYIqw`P=<&o#{*|bSC1Ka!3U6`9cB(< z`v)l3c`B(oNeF6Y^5L$1=-c_R}nBkS00(Q}yjP}M?{SpE4 zGL@%!?gvq4?|S&4v4=GM@xp*3V3fx^{5=^{zQ|BxPBZUY2YV2t%7z?adxc~QxMm3C z!0=1Jnd(?PWLfiV$-*XOzl+Uzvzj)Cv|$3x5W;x5a%&gN%C^_$X0Zl$PWfijeK#Cv z8mu&57fc2?VQi96TZoI#wY^7)fG8X|Oe&_)$gVw}(fgZk;Xm=&08DR9U2+|;M*VmY zVj+0qOoAah54Ho3#;3Ji$vvm!=eaW|+UUS3d0E?$|9t186h#}E#T{2F#!~FZkyCVH z0V&7uSo@2|nGUOp1jZX|0g8QqUK^P#@Jgt1v7ea7{I@crL2riJb~4MuA4cfQH3zkL zW@zAQjp;;;u^oyCmWwd)%}vCr=*;;yZcz6!>5J^L>**iX@mRSmZf1_!% z_S?M+N_MH&0-H7pP z^fS4OUCj;()OW8i-y{1%J!f=`fjYL9BOZA||DA=I#AKSiQ1z6Uu{})xMIGFKQy&6?*R=4*i7Gx$KNy9NBX{v;CAm`&R*Ky z&NGDCvjsX_){}I--$Hthw_2zOX)^C#TJ<|dd z0OG9~kYMv7cJ~!Nn$=Cor+|ZNxzjbIPw(i;U$;*JAra{;-x#N=bq?v1i)i=(GQgv@ zr+YRdf+aK;nIjMWm6Up#cq0vY_U|tG4&!acxLHizNPh1_5zT z?wqy^Br`!af8zk(+5X*-QW&me#0*571Gx#3NO@PafOGwW<`z!EiZEU6f3l(3JYO;6 z^VbeiR7U&o&K7a4^{i3bwYc;k-=`M^Eu7+EMbD+yEItZ4KOP8R5RK*2mS_PiV*Qi5 zfhZq(iR&9s$UI)8W@%iEcz08$?NvGfCj!oO&j5p4Et;5L*_~D6Eewp=4lx?V=#A#RI7Gh z%KDDu8mrNR0BNG*#$sE-Eom@*!YpVMWnf&y7ro3`Ges4_k2;Oh33N&Co-mGA77CnZ zrb6EEhMfrWGspy5JPTZAZZ75m?m>*0aAD9w`&4)#k%b>>zh0$ws}XbK!M6c0*7Pa^*+F*?$D()+QCrkxt2$gM1K9`4^rg7 zPDo@xLMC#G{b_+7+4OBZPyvD(@3)CJomM=V8=b6wu@221xFh6P*e~lLyu~J))8akB zjR-!ZIYM0|0}5Rs$z^^M9{*DPQ`DYOwM85O{-P4h1DJQ>SjMrhB*Ufd7gwcou7&os?Mja)X?!h3jRxa6#rjrBZ6Bx!q`A9`{T0b zrvU?;Y>&ubU3q%1uCe0VO!^?-6Ib%{fxP0cX0QyYRv`A7VLee7?X>d0SxH65G;Kk* zx5DuB(7tU^mddh2;yRE(uA^O^&$As8Mc!geHbdI@mT5yjgsPr5Vgkr$Z#+2)3jo!S z6gfx6CWEo`ciV|h{+vc%O>gq(u2692%{4QpP3-Qw>n#DOFB zm~uP+Bzc}`E~zL`9CNlddSdMU)l&f2_!(tvTiZmious3UrMWcI0lP+845R;ZSo|;Btr|M86o(Y&{%$xbwauX$R$reh z+DI{dDt?u&8U%iH+7hgNIR^$xARndB&?a(y&DR`3Ogfp@(w_aT^h%$aPrkJ@Cketi z))E8?hm35L@}E2(LS`|vX*7?-rf0;|yaB^375hEWW8PEFnSc74iOyzBsas(m3~Mo} z$G1_X3YvmdzYcN}C)~)w{u~P1%F|ObimO z1k8458Wy2qt;R6!+~O(&fqjbOtAmmK1zont`?bh^SD}tsibf#|>Oy!NYx-D#gS~L_ zs{A!=cZeiFSr z!pn;E7RlPPkmvrxQ7Nv5WUtLn4 z`%mRS1+qs@k_+9zV)BBUwx^=`J}1to06i8w*lW@wvE6IeP&#v)t(UzPAQOk_B5?mK z=dla4hz(kg?W{l6rX}4hq}2;xPIB~vV-w(N&}pu8mOh+RMv#fPh713{HoD+dK?Mvg z)JTWz=k%Vnbbsa)N~Ok=ShV(notN6Y>$&$8+{$=M$+VmQkR z*nX^`9i0S{r=Cy3F}rYgtdBZ$;tb<+zu|)u%^--NBfm7s^zUJr(7!WjY|c4xC6nwm z_}^bZY)J{NhL-mI$%BHa{hI$Fki8nlrHP3wQh&C3SDJ@%r4Smy;udP-mm{Kmq(4U3 zX~l_snkh-7)8y?XDpW67v=z92l*1TKud~a%n6iVC<^VjE-Qg0sH=)o`^kJPq!c;93 zwHE`43_Iza7%(HyFo+V4$I9jkDqQ=z{D-OgphYUrDcIa7!nbWW8^o;HBRPmqAk%t* z6vyzsrbAng(JegKnqZ)Iu#I?&(QN)BF7$Nrk0Zr)NjT`d{%ZQvF$A++C2+N`9*7@n zHPV!w0EW-)^2(=+Fe@$qZOxK`V|QyAi4QXR{_Jj7ooe~eS z&TqiMxfD&Abu##r;0c8~-d|Ks$Ne>Pr(jPv@@6anrQ!Gcu6s=8ihPml=oUjnY570Q znt+~1Z+VV?jd^b(QjS)^-2ELqavjG;VPlaEu9=s?#mcF*!4Nmsq;vSGy2Op7;u)NT z9TTfTxNcB%E6@=nP!6>Tc!K^VIO@BY|Gh+({1^V>KU6pq4$1DV1opicXS9V|9R@_f z%jS8n9c(NS3Ng+a&X8x}_ONJ%Blc~N9OES@f1@oUIO^ys3?sDS4r1;nT+A%%2vtY* zyE;Ay_bAGqI<;3xWJgho$UT*-f)|GZA0}&q#ce77(kP28duK`T!d3_K#-rrw6+VN6 zsTfQ)-w?sTD@Hh>fP+uU4|R?sB`Jlj8W}%dA#wU!*<=A927@en7k%^+wi7{%OG-%j ztP>oY9GQP7s)8uihA#=trW?&RbM!`u#fFVQ>+XQl&Mb1|F($S7F(U{jT#>xaYOz zv;u1qa--yC&i&sDjhOQrSjW13Q|JAOR4!N-8H$jjp-Or&x${ITD=&^%OE@8E!RANz z6BFeulN2LRc?YS}#?9lg-t9>XU=lbX-}sUdOB85J?Mb15HgveHOxL2s(q5@*OkQ^D zlwKktfp`EClOSIpOX*pOJDl7|pI^n?ZLJTpW9un-IdsGY{#}tC@ShG6Bio>sB6(0V zegs_=In4mz5Ao*QDI|m9M*do{2GU@W!R{7Cg%R{1r6Sdid@{?lr6@R~{rhiQb&~h_ zA;U^DWg+Odpbg)v0hy`FVSCWvUiC;V@9&7(J4=A2#zJ8@n~r2%uGa_9=~|kyEC)k7 z{BTl)7oMfbm5r10lB%d3R_mKjl3jI&6R;@{il|Zi&>UR;@9JTAx)FYrR z)(g>lrZal@I4*YQW2F9x#`=GJcy-t-L>@kk|Ci6uB?Zp)t!HtgkF=oSdhKu>-Z_=E zu4B`^j60Q({8MI4#g!MCGUW+huBdVAIY)5(S%Ac=jbP}%1mJy~d+Igsdj}^b6M0O1 zByUA>?^=_?!ohRMqe7YGAP)pu0>VLQZ+Y2X20l+ujHFLe=# zoivul1fptsfd8*GNd{y}Er)zRDDsFKpa_?(92`L%cl(#zJ~iHsVmB*mWcRBh&(&FF z4Vcx-j~UQ%#yH6K18KI7p}Iyh&mGmofM|Bp6Ak@F4ga;i`)$O|P{7$kl+?Z>#W3+33fFgepHcj8242@w-eh4nO zWz;4ODQ)&SUFb4vfee8@)>HYNOqD76OHv1N>m6OUR|#_bMNBzx>;>M4u4}=TiQ^_X zt_UiZa#_pf*imN3%pHy08<}mMU03DkCRfmC#>-lW-fxbsq9`Eo+Mu;a_?%~Bg^G)y zF0Wi|scE*OT>1X36ZX!W3m~IBdN+Rz?^fRJ>@I~_ITF2x^`@PK1vPZ!&dzAe2R;MR zXn8!%d=emRj!Gm+5wVY@Lzpg{d6ZDh#O6cg(=B^I0}(zf&~T%3BTtWRmX8pklT%xz z)X@}BtC-Nl^>b~;oCMUNuZ=p`{&-8#$9CQ{Wlv~+PM&?U%?|7jRbnLI>c%Suy*-Cm z-Z8g07jEQ2d!p@Q>~lEn=wYZ*^*seFzft?m+WNb%ODE8;50b6=Tfc@nJxd=?|Pkj@Q`N5XZFXLtM|$*5Jx<_()C<|4G8{p&|h9 zT8JXG(@|t)kt#E<_9@_!-|Gq{y@{M^NK(j$QKCQy=6RrUqS`J7jy_ZEIMMSMu$G`o zyu{GOCE-hjctMXjrWXsTd&xKL)7US85{TJ@LDlwJgeV^+Oj@Axn@D9%`XCFX6K~Lm zis6kzF{u;b{Vzc-BgU4pLGZA}o7nJC&&-km-JS0{qC{EQz-h>?7CS1_w%0j z#2@JW6!JfK7k$^fs{Bb*^_6OH&SVu$nAE3UPVjX+UJ%GPO%4mgpmYO(2P`1RbBU`Y zRcJS`_3jQA@gHSgM(Muc=AWgnt0ShidS3np)7(1SUn{mm{a#dl<4d|cn|7OSVKE3; zFQwsD#+LPsHz1h=ctiy=v5CB8@c}lOEt8+-8Mn|r7drrZQnm}VA#%$Do#HN^pb;wH zv|yuJRS?JEH%KKI?To?n7zVn&VcW9&g+xb12Cz&0g;@7qK-T_!F5!}RD4t$x1+9cw z>lYkM$!Kvy9*b6&K};o@-O&imx*uyBLgKjwDxL~=PXwSrWO&FNN9cH#Y*ADYL-1)C z0kEyz`Q6whAG9;vl_`M1U7>9s=q7lINYG+bZO-jD9*xn0 zap<^rUkwNKnt{WH5|Rp9SqA|GDd8*-=P|rrIDE)U;V7C?e~&pcR~TJrP?&A3#+1#u zt5B?TCOnLa!O$d-WFlR{$$SVI{n-~)p<-x2#dUf5Q$xX8l}4hEpd=t&X*$DZ#Xn&L z!wxyVdUO}xj_c(H`=3J@Tp?YM`Gy)hpKLVr_2`89sQNk0Zg^FQ-ti7}ESWXn8e;misG}O!{MCOYI@P&?; zt2QkQQ>T@hD*||4M~e@$97{1}AF^=u@sX1ezXZ3>v+X9zI$sELnJ z42*y-kx+d8oXkSR_p^w9z!Fpfe}5n!vSI%{46ZhgJ|DIIZom3hBG9Ch<(!}0B8jXVo^mglJO8JAKYF*G z2N#Q$(kbQ(kW1w~heY;)OdO6DVv3|0222xjY7>v*kv7&~&ZSPMMOD$q=54z2m z;$T~LSuXV-C}9G3NT7&uqX-WDu(GvcOhS7A#*}hO6@#DQUljw;Otc*&AcRN}99Ci# ziSgQw2VYzmS?4av#LJ-Au6>#xi(TM;q%nBlkxmeCU2_F^aUKs`{LaU zDOeB(f}JQe@IN{E^pOUc!z2x*?zG(Fp>FJv&VX8L>ZI;yP1VaX3fi({c_N%r@kmXD zdUmntMnE;X&1>`ROA0VP6>3bnuT1lnnuW8Ays1rPWVbdVHn75z$38?q%&s zjbfHyG_Jpb8s0%sdExB?UN0$$dLErDJ`LCjcsI|F+tvrvjih$jPy4t=rD}lsYA%NW z7D9ae3$4r-D7?;*(hg4h)CNUON<^jy%S88q((m?se~GGQJ@wzK%HtByV*X^jS~hPJ zsh~IM8g-SS&a6rW20&4KnY=H^WrXPp0~}aM2Z*T%O4MkY>=XD_5Rinp*Y;0ahQ(rr z5`iu=PP@w0a`={OkqmGh>>*#Edy737fp!`9o@1f=4*wzL3ent%Y6_x?A>>Vox-&NXc&>Sk!m9e0p?S*)o^>;Z ziqpTY4JORBaRE$dQQ;+fn!;n+#I==3#qgAYRdm4{@z}lJ@X2>ktf-$QKG{+KSIO-e z)VFu%WH9@Te$9W^z}A*!W;TZIp3UYc|rLziZ{m-4#U)qI4x_S$VIZ~a_{o#rDoa^j~IBbvFO{UvJR_y+Cs>4s;4 zn^%gAYaGjrPw^k;iXbRG7KhWm%i~a}DD2qc+2nmkyPfF&Q=tQG*exU+uAM z9nlLHQ>*+7pJRu_*<~YrX_LYj+AFgs+_h2U!G{#Ze;klCjx98BKmm*_jCpS4tiG#K zd}!iFYeyfEl3L5qK>(EXZu@PT6YOQn7AAMSRz{=Rid3d_U0`%*`97Hc3|OSEWeSb@0Vej2ij3z859M-9EiCE>1zedVEnFn^6Kct~Ge6VUq_6ppDR(DimIcg7yB!xe+% zIpls91fd*>6nzKgSAyfbbPUxL(u|P}6Ync`kA+zf5M6Hl~ z><+fDd{6EsG1U$v`_;`DjRKS;5xPKW-n@a4t2wjIPt1?N)&_GI(O?ZZ9(-K5r5*zS8U&#qStQn@`e)p%!iAUd9vUwO8t` zj|NafsCes$ra)8f0 zb(&5Fw%p!iXbeS`H=#DKIS#HtdKjND6^os!?6T%965&2JFt${8LyPEc`0y576QQ#; zGH6FF*gzd_``*>lUpX~_J4eP-%&1kDqm9aud*;TsxFz>jn>$YholWVmd~Pe#%&4Uv1ECpeLS)Ztoq`+dODmxIaet{wh{3zCo0?0Fnn}n z#Ed}4|52*(Rn*C+8lAQ0Kgj}bkV(h1*1VaZ7VmcIcA1-$QsgoGobD_VJo)R_FqSw% z+k8H1{)TCQl9D}sK$fc|)(AcEmSYLPQO-HKO<_IZe;+8rQA~b7n#SCW?sADxZJHOD zK>s7Hbc{EdFTP3>?mlwYi5M%mJ#tGme)ml$#P$0p0tm9wqrKvu`6<5_il8(H%Nbf` zR-XdNpEQR*{Deq2Rii8o$i6Ie!W)3y%+PX-2RpE)8mi}4hMbU&rCMc1?~l2CiDo)` zS1o(1J@C>%;AnqgrgoT74T~=SbnLX>-wJ2Y=9(hF^XLHWm7!*CVJYQ9|D*e&$4q)- z^RRd14x+f%`pDiMRKUdSGQ8uts>8FT9UyTB&>7f0Cl@K_Lh74e@QgurkVkD_bva?tl$Z*kPfK!Dzr|2L4DILUc-6zkKJX3od|N&{m_{B-QcLeh_~H z6`fe<@WJq{?*vR!PjFHY+yY!WurcQOTK1!T2l~_#Nz|bEGZ9|4Z*fGC13>C5H+g{0wk0t_gHc@O?Fh?M4(sP4|`!N?zvC`M}>Cyk6 zz&f#voiZcNWYPHb1I5}fKLav{yW?@KH+_EiT|@(C;^^OY>K*ut23z&$tFNEC;6DqU zpL5ao{$nEL^z0M_aS!K@DWM9`bx&Kr*VXe)gzYQ7jcn@$&)8>|iLU#f7&5GI5G5te zMd54mP~FM;btA+Jd3FM2Zb+s(V4p<$%qIHSnWXE>CTibMZ>#z5oGc#Fh(~YmXEk9a z-|?K4r6nFDEFU0t-8%6jg{x1y8#>XC@M|*{jvQI`U3Z0rVpM$Ac~km=B`M- z0W)y#`Q+_3fvR9r+D3wnW53=b z3Lu+yhEng`n@`I^5`J(-T?R?xI*VckGtS+HW^&BmR&tbmvb2`#l|~*VkC5vY7}{Q- zH5WX?%vV=gFauDYTN|iD5x+QOu)z1u2HR+({I4I@u(@5qB8I|(gpwtl9K9XHthT^^ z>j(&u^L)MR)JGB@P$i|YG~c|dD2&QQq&|M?`$EZp=lp$)q8F(s!}o_cVj2mg$8U$E zgOuz_2nu(rGy(GmE3ycPkts4HI!}fNe_|6k;dxL-z5?Okp|Tt#mMv^~)P=uyxV2^( z=t=(q)2_X5KEa+pQsHcDXsxyLMSuekK8q+WjUA&5y$YaPv6el#6l_iCdK)TpK%!#TTLG;YamQ)RmPX%+vGEGC#~`R}vvG*2TTh-= z|NHX`du^_E@Hrd9>a6eght+&kGH>N3W8!O&2|9B0KbD(ctTptlCB)Ag0}X3edr?8n zYxc;em8)DGe?t~c9^55gh&~a&A}JG4uKETy^rlziZad<@;xDi=vrem|Ts(TJejAmmk`@T887{iqg5C!44XDZT%a^t+7%grQJB3Q_>fE0}Cr4wnk-$}#COgps&>!9GzY%6Zi59oW=S zcMpz{XY+`a&Z25i;$V#Y!XH34%65Id*`*{l$qt+~$R7=(B1O;KO6*4NTQ;1KvbkNB zH*i~*Kn$ZmJg8?-GQ<`Bz7^Ykml$(N=0Qj#!8CuMQdQPwj^pBN9* zxT^H7(eEWX9^5u}Sj=c;s*O7T_CvWFQq387c9w)=#YhsHz&g6B%@wG(?}m?oG%Abj zp5t)A3@e1BqPu{4{OCd{MD@4L-XMIFjmcKBaiMDVDxZJz%s+d34mx}%m)3t4*NrG# zL+XEHvktPWhcVVBemq`@G=@YFm(7^{{<^9(?X*cs+N;Esq}kI>{|ko2XoQDjncH%L zF!c`1MOS(_gX)T;EC?{o#jgscSID*<{#<2Iww~2ku)^46Yq~t zb#XErr8C^UEgxz-T(YF!tiJ1M3!8z|Ln}nToyl)c|&r#6KoXJSXy6b#tTD~ zOu9cvj+_c#ZyDAdtyKUx-%>Ul1L=OiOthK_j}rAB)We%>v1IJ3DWtYj7>SN_u5@03 zt$^k@iKV(;I+AaKIT1lms|KOnESEK9dEQRUj?olGNd~v;RX6j!au_qxY5PF}pYr`< zh`59fD@P4=%-qxufgX|YE3v*4J8t5*P;(o+FHL$4M4F;nC|7^p@m+5O8B5lRLkWiZLy z?A;~W^nr7kQ-Z-)s06!eZ5=GjZlh8>74mFV2yuU-A?xeS<1$FLye_So_crAbjhiz; z89siWL2eP5et~b^8(C1?wcdDNW1pvpeuOh1!viAkpHSxz5WT@L&I=tF{uGDOD}
~8W%3%_Md_I@ciL6FsMK|*lf9-jo4)XeBh0;B zXz_a}CMiEk#VL<@uZ!Ct&MlhzdEFCDqR|1awBXiP_o(+~AQ(e=&nk_SKQ*5xvs==Snz{K2Y|i6>d=}>YtOqAC1GN97sMR(78J38iH&UVURLGb}8c+H52^3 zoLq2>BoAcL9S$7QIn2TFpWX`|{pi1~)IN3_0UIzqETURWxWGt{GQ59KeoePqzmyzkLRXIx+S+T8cJB zv{Vqst1E{9B-d}t>5zyPxk!(as8klyJ0I_5W;FYej`DGwJVLb0OXHyks~I5qn8RCk za@Q|`>gL+X0r@<0$|ya`_3L@`YmDM9_gK3 zFGVIw?^>@AdTL;3x8Cr8XuQtfKA8f6hKW0Ca%((234dp`4L!u((37}{s-KJF|o8B%N6%oxXw~s*0j<0hsbGO~hdQYa&@uIgysEZ?0 zL+zs2r*{=)mRYY^zaMc`&HTU;MJD(O!m^f#=fO-;8R)*$*2x#vh?3vkn;guhM-Ivo z;YLJO9BclV(<_EJlDHNW!?#d6l=5RIdg-j6w)(_*j1 z(p{QOOGkGVIxgGMJS615-X%4b*g)U`{%e z44Mkmx9Z!GqeQO4uRAg%ldYWIL1BPn$OHCY!XgM4MBp+d#Y^Uts{~)OLC~zAW#%36 zY0%@Uo~id-6n}-TNY;4WL81!9%>@PS;OJZ4u%u_@NeMx+kFa4aw{q0GBK#khoseHf#`25pOJ9aY@r6{&DNmxtnHHi>MVRoBm4 zz3Ij5bR{u?R4#e=kdDSG|tT^Jg9ny}}rqs1QvGeN; z_rU*g0sZ&M&!#$9*+zZRRWSNiQH85(edSFj46s9|mLNfr$M*B{KfAWgDMa=->HyJK z{a#mtuM#E=9Tl2O>Th#|2)RcQlBhgv+(y?h)!mBRm^qZYMJkA?=1e%#5O(^1uki-}H%T26(6v$fChl||A;?e-08-x#{ zA6gr1ua(kRwkAs4nQQAUWTkYwYF!-bYzP`~I0Sd!Q@8H%ek&)0qvhOukmO~ID>mKP z0b8~^`YM?JG*ablZQ_oiPP^ru_b7Zy3=seO>7ev!JZ@Ib`6#rVw9g}&ZE+5I1i$MY zV~8w*p53;J=QPXMVzr!?-4=p^UBtFStEw>&2TH<_juAhUnofSiB%`1SE`UdrV+)W4 zx36r3?}1d`n>(X}GxOX4zIK;|qY2)%C0j3bmdTG3v_q$&2-zj8PnWW<2m|_GWl>}3 zO0!kBJEP|`Fh*wu0Ts2KG{NC7R4*ZOSx_+52($&=hz(Lzf1VaVBP6eP%xUU`pgx^b z#Zw~Ow;lqI2zT+K3ODVt`37{|e&^G3)NnD+*L;xSlwK&yUEQrJ4hvcELWBN{!HU-NVqS# zodo;1yHTs%2My^?&*3x&(H+QDnX#9!Q3-i=8@>Nn&LuOwhT<;S2BU4X&|l>!r6PS7 z&h{&)_j!2+{l8Jr5*tmSve7|eYRf~FT`O`sNVn;klB4cIRSuE)2BkA*(+DH zsK+1=*TV$JU4f&P_ek8)Eqc{|akqDHo-=?C@kAAmTXg*0nWPzUcc^hCUI5C!*v%+X z-O0u8@O%O$_NHH3<O;||oCj56Q zLRcfW>UW)$fpr);oNMop(VxrbV8yK<0IoIJ4xPn`nqW*1SV`i(pN9R50yKu8!DZ0P z(SGcc_Rfs^SDv0Uc_1`MWTq^bP;}Y#(uthMn1UWwWXuAtbMgpCkOJdxXJ4y!fSkZQQdDo% zLN><0`-Y4_2NUSkKB3_-$Fw%e4id0kGq4Dn1n=iP&%~j3v8^{FzZHd*1%sfX<8Ib0Z)jgKQmBL2 zY8GNxV(P!D7p6wIe^J&(%=4H5&Oyz{!;H#|pgIXb!o^7eAX!Ec;z5%YQ6kWovG}`1 zZMOWZ;{9;>6KyObl;db5X*k{>Qu7tyYQ>%ztQ+b1%Qg5zuXGi39aH6c^|dYE&cJy| zd~TXf8S-XkMXKNaMbDRVkI*-8^Z`*tBF@y-lYHtypn`o^dsW37GBwzkT%TS*1?0A^ z*4lSTA}+K%rSF%M) zi#VOa;D=G~^IPxsXA#c^D=;PIE2`~;0$=AoI%o|%*F!6VpT@NXN-X%YfN5`rSdYk* z^Gikg51JWhX+-*bt?BIpAj9R&Rlx7>urK|sJeq-Mv2?e&_Q7yE&zU>a5wCAzAvj6V zy_7iR*76T1Ij~3h-0F{W?~;=r!V2vFHeKw09zd{ouL#G*hOmw#gmpbuE2idG2j0U0 z>pC3p&Z7ru0!gTZ|I=)nuq+#t4V@?3ke()*@S-HR%>a-}ni2pS2&9h_ZVB}Z;QK@7 zm1znaZQ!i5{arI`_<`}tB{cr@TojOgs%Ma_PCK1iICk5UV`!_~p-z=2a5%~=m9^AtRU4eRaf&T)7P^siVAM*}hJ&{*#bMq&mdBu1G-xB)i@Tr+c{FFkhN22B2K$pQ^xmhLB=bHt>`a zo)#rKxPb|ItiY0Q@KFUAhuWh=mfbGZlwp?yYe6RJ9^d4k$Xm;cHP4${lAs!Bq39I} z%jC=I1gxnkYGJ!&A8!DkBQ&{9>;XRq9bW2|X`q<0lGTva9Ylc{K)YeHy~O?#5d>H{ zFvI8%iHn7QR7&rmMoT?XM z{G7^N;Btox_z0~iXk+p!6r|;ARKEyzn>LTtSJ1!cRLS=e6zPpzU(OQ(DQhdy2Vmk=V(vCV4JDXvb@3wN+-zAY#S;WmxQWU&SL)U4)% z!HHb~T#OUpeM3f{tRtsbty)i`uz7mu%R(MgI!dd4Bp32{)}LclfZI-RIKc>mfN%K6C4S02DlQ1cBHdN)g&FD+?bdQ*6>8BEXyW$VHq#35>yp|!R-BP z9g%_62eFhS71kOII0*KMD}Hnzw15>e+71#HLQdk39rkfOU?GACX2v$H^WS{_NBio0}7d7WGa$4zz zQ#KAffE3F+!myrwA8}$XSDl)w5yrb$JZ8|wkuWL>u(JsH-39}kv>6uiOC=$z$fYW_Wpb8BYIBM^zSOy1adHYv= zv9+XyY~l}9Qy^diwq$0n#~B3+(xj_aBmKkK=Zjud4~--1Rrj~w-XbuiSQU<^WqXp1 zFZ!^(HXl`z$zOZQ8eM&lJLxb4kdIJPL*ATr06FiErr?jS29{qHWAIIKj_f(Er9d(x zqsdd)3LYljxM#@&;n?8~=D$VM^F`Rcp9A5q^uGP8eTT^4CV6pr#!4XE>8XMQ0sMso z8pUjzU$dW*di$7HdFZkkSrvgtS5Bb&ZWgptuvAf7Rm|<^?U8C&BntE(4?tK>{e#O{ z7_Seoow6mxd~#%27AXSFT2lHOd)PCag;xeF@25yFIY!xcWcl7)4uDPkG%SzOTLSuJ zkdFtau>6#?F4|;E^paV?Gb}?5Us&Wi$glHAU(@S_w*P@y!YaH`$lX$#6DZ)jPKXfL z3(*D|j*8hg-~N12*ZLD8D+CSIk$I|=n(^lbcl<%;{s#=#mYLhLG@*G=Ob_mFy;t*2`tZP#I$NGb zp~|7(Cjbqo=RvF@M^Eg7^4UxxbFP!XlPivhmMnx#TYfeDs2U~U5)y`*hkCqRev0RQ zt)W#5L7P%SCA?*^(3Yp>lYTicUjy(5jbQ_EFgKF!dS?7C7=DJi{H2+O-!^=);SQw4 zK8T#Tua~`ZKX-iG-h|hc28GG6f`+UT6ui1-hX0V1^kAx=nT9Ac+vmG$WLYF;M@Rry zBeflG%=7EsOpKP{7SF=~BhSSO5t_6VHw3R)iz`-oz);&~&QWqT5l)8^j&)ZMXtY$~lK&?5 zLN;{v+$-2QD)giURF2b-DXM5$YGB>*sS`NB#n@TLJz1QV|2%n51+_d_BER~(cT5cW z;b_pX@uqvhm_k>zP*oBL+_2D_I#jOtCE?ylp;?AWzOBa3_{{mha-1nfk$0R&X8y>T zR++%asQxC41e>`uBE{q6y~Ka;ggL>>Lm99nEu1O zMvfLUNZkl9TwH~^$ZZE4a2M>ZrLimh_;vw+5oITWUT^9P>^O{X+vcH3$S}mdK8Kpm zJ~!FB`~T0-(+VCIlLXN|p1k;@l7hgwQ6kr`Aqe z2D}6}Ye~c|arU%DaiSeo*qU#pb3OBz*H(4(U1jjRefZjH0fVLeC)9y?j5YhNeJ7P| z@Ze{W5*-pj(D!vJ2pr{0rMgXCP>iRoo4_o)qP~8I^*58!;(`m2m35GETIIY#Y2F}x zOmP`}kCkq+$XV*A+nQM-ZB@n&V>wOz1p(uqaq7R_EL(-sTu-i3Gr64NJ~tu{6!?#9 ziO5H@Q|V880nKY|DhH9Xf?PxPw$#T8-0q68Dm=3UAw$SHM#uk$6d(k4B@Rp_;_)%$ zFJD#V^M;2yRTw4hZ}&-WE!+o-#kLRUHWZdZh)o5%T@1FSLv}x5dnaRoIe{G+ahMtj zjcDHPQ8GcMA6oph`Z?zSB~OhE#0MuQuaf1IS?JsnCn*^!s{PK`Y-4S$|A4=P1}5&O z=ujeTNy#Mk1~fh?%v%!on9aK`X+*Cr**D`lnES`!)=0-gZEW|Mb0Cx83XKDIlUwyY zVQ4iZ!UT;gD9D#^7BGf?T&jfGS{gwxT@c>vALS872VCY#mXiHcFvZ_>(}kNo{6GIWlIVURVPSvaj zXZ-r|3x=@5w=i2SOXLRU-wm}N1qp6NWK&#z{wuCmtj$XNReqmV%V*d8W8A0foA0DX zUZ=ctb7?egw${pS)6YOJz7;&iAy*c*oLw2O&7pVi-5#1~w8cQU2@Txm;Ms!T9%#$J z`Cimb99&LhME)H8$5tCUd|cjm_2L|S=IuzR$_fVC-@;CqKiqzie7_>bF2;&!}^TjsVGwMuJf(D>(k*KwkC!9xOg(4 zf9{m_JMdgdXgg;^`5V{F*mfUXBZSsSMtFNH=M9FKy2&Mnq&qV5b37jx2tp9raBw)( z_|+qdFVDuGMpH#0gVZovLZ+Ol0;v_<_M1hc>~jwpVdQr@e3f+s)LG6ya!umv$OQ*s zemA54^COwb)F(QS?$se_lK6lZoL8MwI|Y_}@33A(y8W|)*gRZ`4EMh}B*P<2V+(tQ=}EQK-x@-h`C@)1gTfG*yg(;Z<~9o0WQYoQ!EFY0DLPxR5HV9tJSJtX zMjQ~*V=gqY0{nYV7iS;m6OQT)si=|eHPHpYF~X~^3glTnk-a{{s{B5zpqoDbsJv@H zy?&cOrT=D)7ItN?L6#iyzOpkBoS!L@w_g)>L3^)~Z5^R-q1EU$!fWE)$HK=y9Uqm2 z!Y6#^7p?UeQ%?CwmY|d8G1WkRKYd-wdvzGw&vel7uVO)P`YS%A5>7lbFg;xE2F=vK zwcL}(4w~Ty*x%{D=Mh71TDP~&I%8u2M&VlgcG)L9b~Mkq^Jf~dJH$U9;lT+Y-5dYW z7Tu#8*PGFXiwYX3lwh*Yo51egGK4D&!zIOv($+Zk)KFN1+nnQ7XS>|JxKr!;6_zCS*{o;NV=gTW03SSwk z!Pf~}#=a{ukI8oRDtqthFaLkC%Tdo<;m3B8Vb>hZH$9jU#|A2+h^K?!)@5EujTf@D z4Soy|WoL>)gU~%Ud^3<$$w-1-s~btxJ^309>~Y^KyhAjVWgsI}M^jyHS2MFm zxd@PbeDN11>;%;W+9#y2Qi$ynEq!dlRMmRqga--+#d;mTbOapU)#Q_IcNXZWaS~D+ z`a?(0g*xt#JRR$S`{LbS_U&8<^5EKzFR+4b00|)W6sAt+*=*A(2o!bhUacmt-`G6L zJ#H9zJO@mN*YV9~x@N~rtRsJRzKO$Np*vWMzH%4c7ad94H+p##dkwO>6PMJeKgBC2 z>4~M;OC*POs+@2>Pm62l3wjx(R|-DuZ8SCnW^=2aF+Egw86%h@J0wh3#7&N4Elz#t zBJ?T;6?tXB?YUIBY5s_m+25yFGq@LCU7QL^wHsZ;CP0P$8B3y8IoORBquDtW&+6Z& z>Q+abo(lo7En$*F)2g3nhlRAc+zUcy$=$ONYhQ#!qIDaOpJqaWUxN3y*;$_aP*DepDS#m_t9C+fpXD-gYv6pw!j(qkmaUim| zB!C$YisV=uVQcatCi6APV%;+FV-hyUw1gt3 z`?y^z&h*I(ZU8%)jG=fqLxvQSSpiLmqJ0&ZkI-z&xUNc)DqM61EWF7QUrCS=zQev$ zpK&BzZo+Q(Of?cyZ?#AfWZjBZcoUwv-%LmURh3E1AM3zYXy0LME}1B06Vj0_-%7{S zWZsI(Jf8c|I@Z%87{2vbj=cA*yOIuA-IJlcIrWf~)4U?q$G; zY0uDWSCq~z1-!z@v()lp1Q_CR*?sTn|VfxFO4*jVK#JE;RS3*z4R+#O2J)9JDa(( zfz=8Ur}%a07oqz#NX!A|humJQUKZqvRGd8`%6A`EP>)a_I*!`ulzvi2qLAdZgO244 zQWKgd=y;i^nT6fGQ(2f#rT9~r9@Zl3K&;6#KmxQ*Zo%-yz6Hs)%Gp!c*O8aR zE)%DmhI|hsOqk^*X0T8?g(r2{)b(`1#bWX%oH%X&&fqP4>#=2*L_rD?1n7Rp0k*BT?BQ2zy#iD=a*p0!v*^;k=O^>tTY>S`VJ?4$e%-ue*h)k zw-mNj;k#8Ki?U}D8N)#@NeV;W35d9;06^#5*^+xqvAqYOYbwz^*WqCz(IQVZbPxL` zl+FDZL<>RGK*@Wwk-S#Rlclh{T`RasrFQrH@0JoQ02}YTCQCAyh+ptHxBKu-uQb|k zfRw*@&-XKWXvuNz(zM^J?E4bDyjd;yLy}s`_eNv z3F-guE~y#Kr!E5YTDT^I%o}Y%7e8BcdV)l|Pj;nB|rE=k1>z{dh zhbYLeql_+#7qF#M!Mi={iz!QtV8QZv0MBRmT*EIp3|)Jt8p1Q z$t%x~5**Q!e(^FWmy|GYyELdi;=I=0+dF`h+I9$U5I=kPC{a7O-5WIw9Y&FDssG%Z zXs=>RQcZ9;hQ6rsih-ea&aqo%4RdSX{r7t&_!Kb{=+w|!(7?Kyx}K^7bGeMN6`^4W`_0svKM|UClA#j=@bbS z2sv_qQ|s|>I^7ntxJ-ij+}!mBWz z4ETeeS*(|44k-j&n-@6$D8$uH4WFB^FH`hUts;7p){cD5j`-d2Wpu9!pjMAW@_5Q$ za?~yg#dBq%tW)cpvQ~BNsv~w1eSSTVq2{gS8&=J8nnYXg0$a;@&(AU+$oZT57s2e< zkKP4_3vDiN>ty@jQM7)6l8L6|`{}(*lvOf1adbB7i}UZu4Ctc%Z`9%xm^gf=Q}^x?zthw z^Z_hQhzv8%vo~N%0jQp@nFBfcuikOtocXu_(u8g+foV1InrwQH_vT+R&e|m6@K7^^ zbevsbO6F!}*8v(ucSedn-FV$JszI7X29UlWO=Mf=s{_~2C@OuXKYY-UG)qnr%Ae#> zNRb~V!tDja{()}&z%3c|`8I`nb>+?4A&P6xwM65%mI8di&QY%b5v$Yo1&*SsX0n z{b#N1X5*g$*{MG_87VQ27WhXZ7c_|B($n7GSVJvfl>-(5dJ4OUfk1SIOaWmiD$~=vO3{MAC5GJ$xg^y?(Ij;cseg78n z>`cfax}wfRCkR-i6Fy`Ty^PGyha#Rk1p}ur2MyyP8ut*0W;_T`GttvvEdu{dehoP~ zFCiCctd!dhc2hfgJp=&IATqEmXCbTn%Yl7}lJXu_g&z8ZgJz3r#F2BZ5t?Gj8HbvlE~o zxrN|9+^MwX^kD!RXRv;+AY>Ej_yd>dlG79ac{7(nR?np;zBg(aALaOJJIz!qwY<*2 zmFcT&1&IT9oujeJGxLJAC2RI7U4BaYtnI8}U^pE+d~Q6?h@&#-1MN&l+eiv7t*Lya zPX&&hNc*BcyCI%Kouv1^x*k4~cKs2LLnT`cdO*U*X@ukyokuB{7wi->FE%q0L@dF2 zrqhbg;*geQ@0nTBOz2@$p|lAP3MeJIDqB}<=Z-BPt%NgdO8QFR97QiR3DB_Q!FNA!N2^0aAq7m+tE7$th>L0PCm3^lQ$koV4oJah zhA?oU8&>as$SW4JXgJQ=rgCIUnO|Ks6oEPs{#=C&6$c!K`SUjr0q_H{769P-t_XL2 zz{&_YcSD$T_ytOc#X)EOwf!3vV_5eRWX(?}JgBq-S{lRBe?-cHVtcK8O$n-(-=wKZ$4y+UmS_Re zLH3{s4&AbZgq(iN{CnZ5IIMD;W^*ChneCV>d`Xm*kh6v|G6#;)L(NOtY`bN;FUdxT zGnOYna2^3@Sdv_8H;;)g9Q$+VT!MSGCWqHX`<$3zK&-vZdMG$HSZ;-PNKI_Fu?N?^ zn06@|J8X(5MQ8`!XSgxLl%87YlOfB*wppH|qp3>WE(i#d*ed1~?8G@u40YnB9~ z$#H+!M!(ye`thz}iQFpoSXM^~YMtc~hlYy>{(E?Ni&IQ^i`~kEjqGeuq)^G2i9(D^ z^GFA)Pm{kOQ5eg%QL0pa3d@2kk^pG-zBAoMTpS^N(sW1TyOk-R`9yD+Ix}uS&{2jB zKNR_W-W8w8)SS&M`td3V5^I#tEPLka8%RS~$$j(`Es>r*SHe$C`SkY%@`4eLrPS_w z3^Ur5|8x;A3q6ANMxnw6q4eQ!s$fYrdHT8~OkFFoTDIHj%}fesMg%7p8rD9;TopnP z@C1u!#Ep$M1TIbcKqAZ3xFEfBc2MH7qN-&c_Uz9OA9(Vh2nxza>m(AF#nwVtZSH|6 zK@;O`Te)0F*$<3c$dtA14?x9HtI*o%Na{NS6OCe8v z3-m482;{kITZh(rMCeNP%K$vHdno-mx;m+ z1Y?^~=3;Pg8h}-ACDt#iz^_EHiCLBcV65CXhLS+8aB0~VLXv}s>)dP3Z3TvY8u_Cn z3VpH8L@O!(i{IQ#9J>++`K(-qO%h02-B$5$671lo?2CB8oK)m)6uR_||J*LZKQ3@) z`CTjABa!*bGKG?`>A0w~Fn|dsfqr2HXq5`a)^`4rQln%015YLr2>g+t4vLW28&{}z zuQHJsA&ke5Jbj-pajhFVA9Ej6=WEV{K}6MsyfuzZ_9pGWm&qnxY8ef*tPJssRPy;e zhR)su6NtaYAFsuacWq>mZrU$o(~bs9M7`ZP)Fj(CwSQzVgd6(2yK^_+CJ#&EOPn!E z5f3p|wIYS}`uC*4!F5XNu~|$_6}oV#N{`5a>4Qm&`m5wJi4%b5^6kaZ#QtwrnbcG2 zOOO7Q{=uqSHQv!oC?SWhgNGh!@_93YwHFX_VJWW5a~WDN+HCmq|FOiqpH6+=&0{zy z`p!_VA_GKWV_u<9O>#CpATUHT>r>HN@D_*#bd2X@pbng}&)I}rDa!XHUqmgCSt$Mn z2uiYoQFNkV4+!idsB2l)`zl_uva)<3R%aJL#up6XpZP0*6Dm_~iUIU%9AC<*Q$gHAUB@tyZ`jBbsKFP8b%v4^(0Upq{=faL_w z3YD%*7eZY7+$}@aVx|F&9IrNsBP)h#Kqh#ur8jWxqY5U^KKmi7vPBfJro zy}5LmA`#B>$`HBWhDkj2$=q`mIV4&W5nAn4^0(hhji}AR>}~&rAkmy#d;?qEA4b5s zP`m`mqzdGTZj;6uyyOX*p0>%1<~Kdk2TH0z=F731+W+JROz4D65vY)&QA$J`Xymn1 z-GvjFGzNQ@*D?Oq?KEeh62h~@g$ z%;ts}?X^K|Cw8&-$j$SQ38nshqh;2+(IZ34?_5-lIIRgwyo-VdW&cpX{eqaGog7Yp z-^%2qgX8S{Eo9s*s0q&oSgEs$-Z2GLz2j)0RaWo|idX0$|$*%Q|@1i-NL6w3XIJt_0t*o-+qO zN7zYY@R6&}i2Tu%6=5VFwWyoBU`^KlbF{-v;wAN#`$6OK@in(((^v%Z5yV}J(>1D` z2gRyR@=Uk;p;4x(Q8gG6=gEHSZWn{P%WeDq6O6;KX$H5GF$sW+RObXP;~%M zSyeF1p`(Q~5D{Kpu>Onn8f9taL=HSr-U;QWyUTl^YFuCgv&_c|F&NG%Q})~ko`^sc zsG!e_*ojFcHE@>TlPv;6pZ5SOv}DKDXfY1ee5|zRGXPm=!K_~;sN1s-%4wNe3%bP8 zT0|RcBSN7xwM?O9WaQ5*8(lAJToNslVe*fCWJcmG)s0?u%-bda0$?U{Dgs#*`bcVV zx#W)N2ZhUNk2>fYh5bVE7iXt?fwXHD(QBVic_Ne}Y-(4`*4~x??$(ElhE*CGx)F+0 z*X{B4uWw~e0y==s{(+aTpFCIu3S+liSs(bmu<2Qut6q909RNZj35(Z*vpFD@_j7#e z(p+4@^vOMh4Q9vBAN?30-}9e0msYqf0X9bL#&KoJ8_rXqaRZ0c7$JiMC-d9kO-Z|-G#seNu!)$CB&bDQt(C1iUnbrMm)yuzO*2G-Acc+zW3tc*B=V>c0 zh0HV}8+h&9s;=w+1BcQaXEL>4m1wElTKT%RAW&Jza|`4|L00&3!WSoJ3#!}<&K6O} zA(R${xnLy=!Go#0r9|Y!@xiTIR~Wkp1EfN9vY+otOB*ZVK#!Y>Nr%-&|n^{~(A zC>49o<)N%P%Uo*TJImQ(xy$eVSr&N9fHF_Xi<_#FxaJAC7M!4 z5FHVUCU|NX2PaQP_HZ=>k^$c_rw>o{EXC8Wd+~s@!uFouI^QEGACqm~_c!9V7-tQ_ zYG^Q+*--&u<`TXso%{>`_=owfy~io?@fml|H0Ml4iV6m3RQzv$jjhVLll48PSq$NZ6}zoA?4f_6rGG9X-lrce0Nenz;@GG`8Gj z@U3Dz1WA~ij5r`aIm)L~Ij|aFxW^ocomN!yhxu&$$Q%xzh*-H~Z*gY1kO1_POi$Vswo@6Q+E{a>p%UhJmdU zJ$aRb)eJQ^w2;Y);OcKtPqtFD-si#1zl_!T>B9d2 z|6{w|(gyRa)dZ;MzAD(mEe2+HZmfUoH7NhY!1Hm}R5)u*0x_RrDg>!mygS~?>?_RQ zbOZ;ds_0|v=eF9EQX6DwaH}7$7YqAu`mSniDd3qewq3|(?FTNnfu4G{u)ZMQ6ei|~ z^Wa@ZU&_;AKfsgiZ1eyRdePs;GQiuY;%KNE91sDMInfdeahpPji{cWDJNK z^a*F!K4XWf^J`?FOla6gqW9=sXQqa&#!49C~pAKZ%fn}G0t+o!e}w3&=5E0m@2tbQ(2;! z%r?)eQVcxaGq&1^T3!K*cNE&XqC|Rfr_TJbvl?h%`(SXZ?FRby<>4kV$q=>rU)ixj zM<#n3n^=0KLi~J$m-1?&nt53T@UT$od@ffqo-8`h+lk{7RjN7M%f80*NN9X2Wc=CN zuCdxY!gP>)j}yR&mApAcL4c{?sTj>@Oe*@CLRe?sXAJs}KaBfiH*Feas4Xfay_=o( z`WeEe*~V%XJ4C}pUi7Kx?|gk8A1}S;*ufJI3pLw}h%xlMUMeTNUm~5~EHiuJBhXN8 zwB(2foO&)|*0T#^#R3YjsZCyg?LWSc0=Ve)DT2~Q!R-`H1a_VseOg)fek^})g3As) zY?8oM)-S`Ld}8s{vz7+)L}s|HSrFc9n9E4L2awG5CVRYNmv&sxDNIti?tZD?+EoL6 zYq3Bao~YEhCjDDd;}Q-i7`e?lC)9wdD92x%^H5eKu|f1pmlo`M2)lUrjlu#S_0)bZ zo@O&()8L$3ZDJ&q407IOGOg~YM~Q51SKvE_7DN|V)K>*?wGc1arhjh#FnIj8d5C_s zg$Xt9K!Vdc-|aGHwS24TPaMf=dxmh?Ui`jt)+aKQ35PZAB05aRM*cY2WYf%74wKv2 znBMAnv3xR{_Il>yAI_1>q6}5H^x>^NFl0XXGvDU_Q0Qu7H&<278Q2WKh|FBO-N;vA z6uo2Wm*wX1pXswg3<+121eZ@iRd_@%FXIzZSKWDS zK4K9zyrFiAjssDw0q) z_uweFok@IICw6Rfoz3^~VR~y83u401?_=7ra`AQ zx21o1iU<|12{04BsmpM*(838`x%z)s)f#;vsP>0MiZx1?eU`>azSamW^__Vd0lf>$ zlg_D#+c*UxJHIVTE|gclXY1QRGq4gb^*6ew@H=(-mf^cc*64&iPR@Tb@oEr>2kEqv z=(mDY1IzK1fpT%-N8?BM=^WRqJjB<_bM8!^9tTvd0UY`HsZVpY3WA>_C~5JMLO42r zq!zG0>;$Gt=1D(7h{yPCQR41@bqS3&H%);y5EfC# z3l)uaC1p^X?*3EYfSA^;t4 zgNHw)DTS8AyZzaAVw84o938wzFLYNsE#H zma>1B$rW>9{!>%EmU(x4EKmiU<3Pzum1h+iW-ygZb%%&sLZXZ|O$reUYC7cPf|sf8y$)9*y?7dkMP_cy34Yp1WG5~T8v#E|)AR!Vz*JG+Z3M8IB24PURO;$C9o!4)=w)o-u zv>#VGG64msYkao4GnXS?-|6i;?~F=5@eN7b7v);JN^T$Lzt-Ey3^@7UcSMBIGZjF` zO*3t2=+1uOf=pApAPfV;CuPCGv#L zM@7jxn!Na$b3ROjOTN6qi=fjo>PeooH zzYX*UkW6h~TeZU}f}BfLj~For6vqM-a~X&LLqNR0DPy|upEePKk>{p#|2#_^)+i4- z?PnMI@8%Ps=im4gXZf)QB5<3oadmdhW()07Qjb;hI+)ZLAM2vlK ztbBw3phq`d;c51T7|J%@9GAM-1%G$~A|Qq%YQYezFdMxIsoeL-57V}+cv&41XeK8$ zwGdR)J5s*5>dF9MGa^q;1(|l-{lse^(o^LLPtdCwIbBMrQY2s zWUflZr6xp8Wxb=>qa>LcN`xx}Hm+oXH_;!1RP%}+)ii+Gjnmh-9-XyOvo9l_%40)8 z{Bs>4&AT}17(|~9k9_!zwj_$|#W9c{C_WI8(wKi;jSYtCzR#;ye; z5IQzw0r7o0iI*gLn*B5!D(yM&;;S8c8zRd>Ho#>kNKjD}c^5~u5t~Kg5B2y#WWBr_ z=PJ1MX`w<*CalgRxD_tR_4~071lgfZ&`AV8z%gLY#CQ2vaRwS~Dy`$SaT`Mad47TC zzY0t4uvULKJ^t^WW|7sDDoe)I&r%BrjlO5BLf=*!W?xn1Y-dbgDVvx|9Vm-Aae*f-5 zxlE@ll;oQ@ey+zqh9_xuCbo3GAX)c^nHtLDY`QAHfxKw?_KHwyyj+x8&RJl7ju2qB zScWDg4jQg1&*qvG=M<~dD%$R^@bg)k67N|ou%3onVMq#-0U*pnHDB*GGSqx;f4LFu(ku;?5kEm zO+}siQt}72a_Q0EpdcD~5kQTLEz-PNP;5UYQSI|j@iz(rlV1rUN*A`szu%+@E}jmg zH(QWisNur?@1s!Rz@8pPsr5wpSa&boKpCSp&2lgZmgbg4M$$T-n9k;bSbY7d?x=v6GFb;uq&pp!t}>SAxx?HUuX zAQLl`37LQaY6BqpUL*ZRjBnAcfjoCghq|EW-2M2~+|}WSL3*!G5xEI2%n2l*Ute+d zQIBoGij=>{>7Oo?q1*h2pPnn~YupvY`3O>}LwMl!Hl5lrb}vyJwe8Ub9&H}+(Q2PX zc<0Z6y{EdW_0#sNjoBR;rdn8n;;tyBgPV<|ksj*^Yi^I`XS&`%WrnXre#X;QGN>E@5XcY}Q6l~8DY(j>H&3(L@V z?3Y;6he>v$*XPIFRXOr|1nMbA+uLlTMeblM`kvv_`Tu+1L;f0nP6gt(J@@;L5N~dg zp-)f@bC?}#$c3#(EMEh))mZR$uKMex;f@8|@Zoe@T-H{qXhb@usRw>-Gs|>0`cy# zcde>a#Dq2){eYcSvH3?0)LrWWX4AW#OA2QYcyGi`9bPf1Ypsix0Rn?x3yV4|YPPz{ z6*2)M55iAvUyek`#P#X=WY^$Z%mqy&fS@F~wOUM?XE;0oxH@+kBqtt1PY#_V>{2TM zo?;Y0#tv8lUW0jq+u8T1i5)sg2q*Zg`uw7sgBcgpWJK~AJesZYi=R_7@&I1upH-kZ zpLcr-f9$r@quh0m&ztLTwUUiBp&;>9#NC~_&^$H&nu-<$QvM2 z_|(taq2meM<|R4h=f-2`q_yW;EBegz`37PSXeW059wl1r^H$5zzEuO8I9%>uKTsjF z^t1-y3ak**9zoh3p4VJdjrcOo1ZGyU=7D&;Q*f=+WF!kDHXM^>V5kkJ`KY1NM>k3{T zRtvtnMNH;Ft==%YR506MEcs*fY9ZAfAsm|ULC5JzV^}9Pb~^0*{?8(0e_p0d{Pw*7K1rCQwL4Jou`djf#fXle9p%!nL@c z6lLOn)CU@>f<0wGt3m`$vX+7c(B~8>*y9v-t9uzuOqNo(l8v0X>j=tGkj^&fP)jv- z3y;u_qfd`nij8SEa7KNl{sq>m(t&Fe*#&Nrh?<)CCSQ5(dOF96dInl~Z!d;4#zOK{3_;IZ>tGf`C&dw*-Bc)duUlLnHVX4t&%zgQf+ruVR@_R@3 zfITOg>iuV&CtgA6DNGXQB@{t0<23Rp^#`#L;9Ahr;?Y;%+m+C3oE{y=>(w@ZD!U1A z^#iQRU6$bq0n=ddTBHX_82H{4(V+noQ!iKRTEJK>miv4o!O9mBWZAW{(FhIU$^G8M zMB4zBikDJEK>&Jm@h!q&FR?=gpO@`WxF)L0;he@zqafdF&aKl6Q zQdsM`!SP?cca}7C!8}d~X7PV2RAMFgHQ!HHAN&ZVjB<;*gFg0YV5j?q1u?bDqMUaGS_G8Qvowilbz zYhD5p=u#Pfgu*(jN%U@bKxqnQw}xZT)@3m<;(Rf$Db@cqvWRX~h5IrL$seU|gg%z7 zZjPUBnR&>WY>ZA6fC}JeF$H-0H>Uxi6M|ZvXBQ_@0&uqazr5kz<`@k-tdVY~{B>IO zA5c|D#aWmE9j5GK__SsyoQ%5{UT&{tjjhQ{Y6I?tnQESU?pbqCHFT@QoRn*YR;N{H zn~o+@z^q$1jcX3G2Za`1Q=sPz*!Va-P$(j8M^Um^gpv%capER*HV(*}-Gz=~gRibz zFL(W)0ha*xkO#3C!6Rb{UBZmfal&Tu*PjvFJ?Mk2IJMhy#Jxx1SPQ{bikBpSF)hxA zzE8pQ>Q!Il<8lJZ9_)ZKaf5SxX^owZsL;W#%?vQ&p1>|o0ccsx;q*6u?j8_gQEEE? zP9CNw-PY+(6W}Y?!U=K)Njz=BA6J%NTO9J)$c4-P8UmmzE zkp*#e{^hZ2X&aFu(bbQ81=`?;ptObTL9g?f(s3GEzsNO2JbYJ+ z9e8*igd5%8yFN-PhI8TAfwk^`FO0)D!fJ;o@Br?f4eGmo0|gGbq*L7k?bD!HNq&{} zC)^@k6m1^YgiKEa6g##M7TzqL=jz>ec(is5lj?F;^pNm)iKD1bCa~cH`36vxesGQdhUL8x4Ir4W4jtHmGFZhin?@ z{cuNkwqY%tuH`s{?ZQ_9GYv4K8 zTrV;6v%V6wSK?w!z!F^4gc987+)btuLqsqWm2k7DmlJIU<7&n=xf875Tr(2NHvaNb zu2xkI*AzT9!lEwnK}IM8v3QjcISYfkI)0|K|Duce>+-X21n6?*5jAT)u?rT1vI~Wc z$GrR6eBY&>I_2kmM&3q{SkGOJcCl&*kF+St{6HtMcf8Q=l|r6Su&w0K*=X8VTlhW6(2T5v|5a3Z z5QewTG8g3qWq=xqM^uYr^6n-A6ND&Ec+sWk)ITe7-gkCnDK7oLj?6=2uP+73(3%|C z)_|Qeo%s5lk@*Rg?1~h*hYeeRT-M_(@lDg)>6 zz`?&iwjFug5kq*-G}-wEeqZx2HD*dA*z*fU42*mDiUZVgn%gCMDZ8EP`Y|1;O*STK zrvN@AJQ2s!<6CHAT~+wdd!*cs8dv=e&YXY?D)Ln}f9PisV9mhanPbHZ!{&F|Ie))T*=q77AE7ZwnM24O7mK7@QP4;0vJ;&VivGl;!{Q*ps$wxmSMXU zD4Ww|5*3Zev+3sXo%{Ha#1(ZS{)Q;|Njf&P$G@aF{Tgr2H%=A*o-aqCxqW`QJ3V6( zb?X-7`EQ<@G#Bb%KY$vpkDO-Y>&(5Cg+@K;{wWS!NwMnBpLaiD2%qGxR?qovia~7R;qhW4| zZ4>8k`Z2l8W!Wdzt!CZAEomiGNUMGMbK(%&Yb-Zmaa6J8ze&-AnD$v&PQP&l;{-J; zi1$l!))_9->z}6cw$7k8s!i^L2qjG~no(oFKvGJ6AagI77fzKacCko)`uB&+*Q+X? zs>lnr+fMsib$SU^$CR_{ke~kHoa;jHzZ>h=0PXXZ!tK*nat6{$@;R(HKThvbHRaJq z>4+W+`t7mfB@MFLmY4~3Hv}Bd7xb}W1ApcB?=8J^J@_5j7VremUVkk%Xa(rhPBL?s zu9^zZKg^S{yIH|kj>@!%*a6FdZ9z&VtT566N2_f{wF|TlkxHdE6+~ftyg=QR$vK|5 zuf0}@bI#Qr<7iKO=+rwYbUJH76}btwou{a}qrE9^SfXr+sxw8kN0*bkpm#%obAZMdrU=^ z1+tpvVBqP@-@TZoz^fu`IgKRdV!1YCgSpZmesKDydWFg1Z&E(NvVZF_6(-}qj|>YT z4k1<4uo_7y*|c1RdzD@Y7i$EQncbs?GQH;&MC!3of0Bl&yfy+N6u@)7*+_5jkq!q5{(%)BCyN9b!H zuHd+-cC_%TV=(vK^gx(OGN4GfS>;bOA?E932Dyub^iyyavXuauX2f0hae zQ{pTrlcaK*)1kDNDDfDuIDcm_&-bUJeR9@9rUf4<27gpGG(gkOhU)u6wdPMOFhex* zc53twAqWf`0cWl{c-NG3Z+Brit(9bMrHrpT0Ac1!rhs4QUW|lW&YcO$$JrRG)(mr@ zHQP3_Cx8H$L^46q_@;e)rSlRh2I>kf(n1uo$hoee%YcUTn@r~#F$gIjz(kn(=yT8= zk^T^G8;89Ry$5;Hjob7iOp1MV$1$CTFh{(0=1Q78;PmKm4g-8kUoLZ_OU1YQz|K(Z z$Mdvxi@?z#n9Yp2b#_d(sWAvLWk9#6V@Dc zsYrkz-BTz$i)5SdbVPJmxj`-%{|Ma!t?{qhb=IIm5S3y1VO$BK~%iAOP@(xI=^r4k%}x z8)luyhfq{e;*t^e6vthlzzrx$;UmdWk4R?shD|q$SX~ZIU@#BT;id1!lr03Tp)rFq z(aO&0x(?^4lQeH+p;EAK8^6YDP#l*-!8FYmYB%uTTaSoAQZ#+2^#{JC`UcVGDcq7G@fUn}f_< z5w$^H*tqH3Wg;tVb4@B~C#d*n$T?^(%P95$kA9%j6^bwzA>u=rJ*4QjDa6Gi$q>I# zzu(=uN$O5ri;NhU>}ih0v0P`M^5H;OC_)l|zz#kBf=TnXgjZSC%>Ljc2g!#z^_9HR z$%5t5_IYdE0UWlUt6}>fgPTd_Yy&K0DV3cxa}QRv981l8`0=}+mb$se6%~3(;FeLW zo!oJ+B~u7$3x2cnfMoJj9xJ2lpoI2$^E^o9USUV^0H4OA5nFc@61owGdRdF9a(Tyz3E3s1b4JT1!!ns?5htnmAL= zc!cgp|NRr6nX9bz;GXOpjrCu@>2)b#xQY`44#{TbKEjp+pvu%%J>a1jTgb3&gAIrs zXWcID-&fCCvp=(8O5-5Oj~4`KOi_R6Y#7C%d~M)zTea3n@)$ar$)de$IpZj8Qm?F={4(?{-ZSv|hzf&FzqB}?|&+*P&s zhvRpN1(P*_`T8iXZQhNu(5sz6+tfH3@b)k=-MHnfm5GycI0rUuo!}2!6i~7-j0E13 z_cKF(&hLzxLvh z$+aHb!?ophHJ6vwENE@g#RVqezT7BgZ(gk)`e=9zWNUH*Re%DtO{{JimIuBXzoi;Q zVd~JPg~F@s(UI+i_8`2vjVg8=$HA@L0M#n2p4wOY!tpcI{VVuA?sDk*XG+EaVZR&9 zp!9w1ja^x<7TB$sRknK;H&+2~NVLzjqM_Ynv+QFrE@6X2c^oPH>N$g_tTZ^j<{mPA z#e)s17rudgj)>#;8l9l^1W12;^c=N6I(Am#vvgnuu_BEdAI;!?;hWF$J>(b0RY4V- zFEb|xJ)Dj?0~29sBN>dB+x~=XLVU@r!EZiH9-Lx18;}XdT81RlV$+uOQ1D%;oGpRc zx)v7CwT}tif@Sq4eqvZE=W30#Cu)R1k3zR#;%p~nL+I29mu%&M#=eIod+l2xE-IXr zN&Z2TLrb;Gv+_D;@D(8SZ3FQ+-=sSw#r2~bES`MJ6)P+8O$K5viQyb8wVTgOg7GCu z-sktp)(k)OXYUX0LOGq}RLGD_GyYIk=A#DBGgxqKrD_8|QeCZ(6;1}Kff+U48Kmr( z?ruj%ofvV&mhUIszlaAJX---Hddcpc5*Od?5R*hkd4fgN*=0V2vspGfb?ql9^XGlS zy6mo3xbL+w)G8^q8OJW7CaOdoHvo0M5twODMEF?QWWTVk^FO=LSe>f5>1(VS?IDBJ zVpwQ$N~f&BvYpAXd9_@YObsP?B^z{vSrva<<~fBVW0#5Yz(>V~TNdF31NG~{=E;GN z((vQ*rU;-1N~<1yRmu8p+~q7!ek{09Ww1o(^3JI>l^sGzPtS#2I?aRgd^>Hj;0pEn z-sUK`x<}#?ryrHbfvWv9td@>bIgm`X`T-&S zWRDWmgqqx=6daTNCU)?gy@Sd4_SdNxepjIrxwPAnx|L=be-e5@cqc97ImAlrPug2$ z>71eJyO9I`FS~2bJ@R0nbqe7v(8oujCb^y^OJBPYJ%X_b^r-vxb^=Y{pBMNk&=>_N z?KU8snU=A=d%Yu+yfV-vl%AG4q^4`BYq*;hP2h0(1IWy$zD&UY&#h<$eG^$pK@{&1 zQ53=E5K?~y?5eAQjk)di@hgi94EM*cqPO78VM3Au^_HE52u;|Ifb$?c`P6c#MLm`1 zpb3u#guA10y-dhG$kZk93=OAkJD)5A3S_dQ$oTsBU(e(>@`z4gY0j4XCUqsS z4ioA8b{z#cb^kJHRdkW2FqL=Jr6BTUKP={&qNp0IlGpHTXa$-ASudK(B<6V#1C~JM zD8(($&dAuVWSmL~1&58jwCmw1Ch=hN*m^JO8jg^l;2?STCKW0l+>Z;cw;JSuhpo-U zXFoqObU&#y-zXIh_cm&kbnS{bvk8!XNWP$ARv$`2l}2KFB!dL=zBxZmZLl&}W#SO5 zN4A@uRPCYH#QINQ62hS%c5Vuc1fvafA$+Voy}3mEZCvIvZ@M)nxAVL;L(1n&gT4 zF{Z7>!fQTI27q;G{qo9&Z{Yv){nusy)!6kGj+CX_ls%NzR%e!{N)}i8`%AJX0-S_a z6mJlF&Hh-yCP;Bn7p}sQZAecAHsGHbzctY5z;W(BmA?cr@16xPXS~;(2N}DhqL&zK z4~h7Nrn9gzP+|MgC#N34^aq;0aR<5V6LI17fM1`S>!R@3-5bTI#(hPzyA?!9k~sF!hPRYUTlHAgAG!(N;7SGRVNv`z;akl`}pgFvji z6rXkircWzA43y;WkPiVy=#09x>!|L<# z$z~J$mwDQRTrqRlDn+qx_u^NmmPeGM5R2x)hnz@bTQtRSGVvt?BJkf}z4L6m)Ea+$ zIxuF8vHJu-Ummz=;${4?h)FuLmqw-a%E+#Bu^TXzYMWdhr#aCDEx-jhYu!|7B9RXj z0UZ_fxJtY4hiJ%~3DMKG3%FL!@=vlSE;sY)UI(0QDj9@Nm6wcihoubP1#)92<4qZI zI9(mGUi z-7x7~T}0b9(DkCTj6l`do%P<@olqTY6+W&59*vQ}338Y3iWaiU6rnSLWY=rTail>C zsB4Z!l!RCoIt_?--&4xy_$LJ=^>Qei^KEl=Br_;QqQAO&-lD#qVdd4@pUe`;(pnW55a@Mz z;xFtv^6=o%+0|PDmK$8;7@`RlhN#ztSXq7OAWoAon;`pu@=B*n;b9-@{>D-~iAs3bC!$u6U#-(s; zz^<3sm-&+XI|OLdi%#fa;ClDzJ5jUvs7iH}tSL^7aZ5~pIdDhxLEXY}%7AkaBFRzh zq9F~rp+bHner(i^<0E~|hkp(lg^ZQ`)f^S80Y?pBCqe4AU%X$v2M;IyIP1zBq$sK| z=4AmP1r+8QyF^E466j8UR7~K)5cAanpE^tpm>uN4id?=xC zN~>Lq$%Fu5G-HcM0`1#JeR-k)K~(c^k$P?%!M5h{v}oYF^X;<&`nAo}I?NC4d2sQU z-6Z74giyl2=A38SlA2MV>3gNb_>Y5!!iba`3SItdi5Q(tbaW}11G`m0MR-in6%)*@ z{=K!NJ=vP+U$KTBTQcOzCnD!v(tKimCfnku_gNk#Nx2? z0dLO=F}$E9Q7$)J@-Hu`cw|JrQ?K1F*Y1r~HE#|{FA%3zzgk>{!gsZG_TH%{?Apbw zN#Jz$Wg0ami=`(S9Mb;&w~vrJ^(yn=3;X22lLR%NwAb9Ed>`VzinrO22FBaMS>_)@ zhK6DhkQ52YE>)}m?coU%?%C8o9*p$2_3*OJsddCx5YcNFy5~${fq*OUpKNVMxl=R zq9gkBpO9Vgo|?O}Mnuf!2*;yuRhA&ll0YY3X-nGD&wx#(T(**vPwj0P=6|*!yve0`41+^CT+A+I zE#L=aGvb^hr0wi9YR_es6oqaccbMV4AS<&1U233dW@F=2;{W9xBXk*&269EFzG8}x zYOUzkGpE*{ueV72gDBRY)%JYbwS^M;f~T2t%-EKCGQg5ufy{&TBGI)mM*^p5ILDEi zf7HIESACXSPV|u?Fn@}mc7QREr!^L++1BzwHXJw&ImCm7msdthUbv#r8oOv6f*wfd zFmh23Y@{NcI`<4zR)_}IkD|BHP7arMu3wwegS>wtE&^j~9GCKGvxW}pBFrUQn;=3D z)u-!ex~_csuT{H zE)u-VxL7=LxeUUzz6%`XJa>!T#FzP&aul+6yBj?u>?vn==5P4iBzghg8u|k!6Ykr| z`?Nv*ZWE%&$l{Q!K2(QWal}?~#^d9@vV)Z^a7nU0YP!Om!ttFfkZ_gry`h!MMxI=* zg5;hGHb}HqBe~KgW*->LgZb50VV&69M9Z&wCWWYF)kC89vI;gwruGScA`2QB&$i65 z_hisR;6}<8I{3TgEuUMV-gZCCQBSkg`j761T9PMDBT~-BH3l!Z8x2Xe9^C?0pT=Po zPfv_?1#2sIW|{&1nq7u zu$}OiWLL-{1gpPtl^2ep{@l@Nd6PAmQVJ^NJ$CDPBCJ?v=N=m%&VRpqiw+QU(A5#q4= zYrSzg#^WuEwD#@M(uF&WbHDM+l_mZC8#TU&E%>V6MO4g1n zGYW)(gBUTxD3crM{pfg`8B>b!#Oi$B$Gsx}2vprxr}$Dv4R+}8c)N)H>n5Gr@b%lZCj{kSc!v2e6NuA2R3F9r* zA=}>1(Y?UOmbFaLXtRL~sP0OZuHhtsAp0AwJsVT?ckn-oiZ*FiN-d=~cz6?l!Qk)T zJqQOj4ydr#;-zBX0=3Fk{k2kQ_h0Q*aE<)cn%)zE9~BAF=6B(a)ekkTYyt|RQ!dgQ z`5Ns9-kW^5xN3ShLW4);T%;H{&-QN9ztlT|KYXR#*~t|$v;hziq^)A{3OvbokP<8X zHZmn)B%#J<567_Z`nelhnHi6RkHyJBCp%h;PBCOG-PngD+p1G`Sa@NpA)D@!(?sNU z4M;Wim%C>2)g@tVx_?iM(&98WKS&?;-~d{d1WQWF*#l0%szXyhYb1WS6L>;!re)YY zEI&j@4S@4=H}WxpNwbAhXR>tBOzLK7vxNb$iNM`20caqKOBquN+@tfw2$LIsP4^9! zhsWQk7}#uHZ6!#{UZR=+=&W-TgT2AV32@G{YEc%J$yj9EEV#sagUN%+i5 z+yTg+bDh=rhFa0m4U_d}bGQ|NN+vZEtGs@Ii-Y%o55k62_1dk}P3ZCTc$vXn5>hS{ zC2d^Q)YUOU2{SeSrFmI_({xx$n4sIJV#fA;U)m38L;n904cMq_!%aA9&9W9*K1lZL zo9)4wq(d z=t~0Ri+kcICrCzLna)(_H-Tf(8i#}g1flI)^peL2=3u>Jk9j!GQSCFDmGliv++`b#}pY~>#nayWwA`YPqs^jx2fdSk^nKHZ zLlFM;c<5D`46ZA;lc6nj~!){ngR~&L3U+xizN~_ z?oT3FD@kn#&tH5?{5s%neabsfRyRsEp z=s}s*P~#SSz%8qp$B+q`-1P&#I!)tUR#(&&TBZR$27VF}A7l@ZZL=qzP4%+|jXOCF z2w9L%9oc|JQlj;^{i8h!1`4IN4kL7$?gl?HyXpR;r+Mbk^5{#)+}*}Ocl?Zl6*bx*PWiOUwKI-)2z2~3I)BB>VA`)3abFk@ z7Gcd!fiQp*jJoS2l#VWFQbl}jqo6*r%?v>m`<9(%62vnYph~}|T6P!a#{a+Y{_Mp_ zUheAuj8l$o!Z*52%mgI+dJFaZ+B@k$2t)E08Z!}lw%g{cg7EybtScbRJCbX&$;=0oL=7VDan$Vgq z7jrvuJvyD%dw5TQ3P`t^2o8}tZ%Wj;aMuzBoZ!8FwR2pPBnJVipY@H`8OAdU+3~JC zau0Ris)279*25UA$f~X(%W*sXLg+#-D!;|Asb+ikr_P<=Jac->Wf2W#>QP|}7X7#q zC}uYpEA%MuYHPC9#X|Me+DSWhUSlq<+~sZT4(y^1nHj(oT@&<}zpJWX67?l*Oy!#N zMC;?~2&(_cOxG}?Bys&$ple--fGNW=V@j$`FatP!JVV%$c1=VU|AU!NdnqAE@5A1h z4Knk^^V=_tOm%|_g*<-~9UTi>>DvOmruCaP2Cng9)}uFhJ>Ue{P7^QK&;L{)LXQ^* z9HXX5K8)PVZB`s2(jMU+`ED})Cb1$4bR`J{QKb`Et8ZM2v!f#!SqGg-O z;-sCAQ?1P2(9lzsq>snqmzPniW1Nf&68rMcZEw{MljVvfQ?7B9p zcZX1jfG%TRLp1g(MQG2d6CBEU02I5!i9%HQcS!)K2Xsl+Tf}bwi&mS@*viTQ_)>rTCjr2q&P(FY67kXTXtCEKz-+onUspjD>< zr59Mb^uBFBC^w#@(@7N8afN)4W2Sl~QC}b?l)(s|Q58u#^=|SH({<*4V{vsKgOcEJ zm|%oHZ)@{Yd-tX+@p}p`^e@yqcm|#_+AoUrjc7+ejYA+8ba4KYq_rqi1B`rjE^N;e zMP&%H>EQO61D40LW0}MHt?|zcKiW%6YsqD4B_#!=c}n|sOy<7PZ7@nLBFy}@H@`+# zMkL#Iu!bP`$jj+3RPv{85^3tVEtA8wVBmsd?MP4ZRWGzZPSsWN;^HKKn?{F-LT<1# z@5O>5N_VXg;_N#u;_@fcF$HjOaIu-TfeZ2<_)*8hW8CNz>TQS;vqE1~v4N1ha*SE9 zouUFyWeM=kOffpi<@cut;@syDS=|wCZ#U5u)YyMpxIhN+X?YRGe+nsCW-k;fG3ZDn zaa=0z?9N$4K@zjc`EC?hFr$o{jg(LK%oAH6`_Khoy?Kphasrw!YSw^%v1O}o-8=9u z;{2N*(KTcvZ!W=uV*=RE8VBvrc_9Kvc$(*kM|^73wi%G7NvJ_Kbt)b0mIEO11mY_X zQsO_n#wmC`BqUrZF4*HbadZ|Y4?W{ShIy^DCaow`;IMWOhs;fklt$kFABvX_@5o<%-$@O$ zPwpLfMjnwH(Mz4x3iP)cGtFNlQrYcZpH}p8CBmt*!B|hxY=4`Eg6dgeF6#sLp=SI+ zg`5Tsl}TS;>G^CkbyhGSp$rgptFfViVc3ZCGj%%vkz+<5kFi4O*akuSrE&i~TzW97 zP*ExatQ49;M&d=ImC*$TmJVUisfI|a&wmUN_-2#}qNqA|l04jk2{k?MQFL6QT*|iF zgw1o2GOyesk5K|JN;5+M1Wm}dz4rM<)VSue5uOS{Wia#eKU~F~ryzlyNC6G%i+F+a zVmYI~TcRT+y%C;Oc0f#Y5^IFij^vpQArC>ufz>S&VD7EO<8!8b@-(sau$7i%O^;~= zi6t!ytbozXiB6I2e8qlNg6GWRp~}wV?W7q@gIKE;`!A0N`p5dp^eT&ux5=B#!$Tj{ za>3>pC=;W-NvfXkH^l(~n=WT`Auvsgx|IIsIbtwI*Mf(umR{(3-|V}^k@=C)&#ryz ztvm_b!+dc2wq^Z7eZ@46H&?__4D4_5&rFcCdu{z%=jcBNoFCy`wOks)V3@_yiwfWu z->84R`gTyO<6dP-r?J^nW=napKgj=_u#k+|2Ahih_2nnGWWtD&9f*%CNhat$H3ver z_n-}JO}NPStB@74JCUdGaZ?uiJY4lPEo0$YM7`}FMU7b3;a`2@@t8;sq5XJ9soZPG z#p+3mpofgu;#zkMpQXiD4gqvr80&ZQhBjit8qN^_J>kXH%;V*9nE}^G)b*p)u&ZfX z+Gk-T(uM;nJ!wnDR=(_rlC|hbV~j?-reMGqr^T9|Aph=EO>Mjg*+XG2q6TL<-t0ak zjD43bV0uij6E(J&))9Fwqoix5Y$d2OfTLGIk}C&NqQryJz^)E!ps{z)JOw^P-`)2=y)>MF$~!hwF%eEo*-0 zi3DV)u}~Jpz|T9o!QMQD3U|Y7_%iE_&V&m8xe3Aq=*Uyh?=FW@$zI-6)f}0-kepv zwKvtK64(9Ub9tDhia)rZk)v^B75JJgkz<_2|H-FA*qMGcE3Va<+Ro%H{kbI(zHpR&@mVzR?tlLn3R=WqM*^odFJArsoeLKU{2PYf%xv zpRmE(f-$~rfbs|d9E0kESQ@&OZdf6|-cBWY3Je)QPA&f}rpqVfyblucYM>^JW?u&L z1oG6n%IBIRfwu9b*&L1$de(_@f&VB0@khU61##lMHC=IGa~S-=dtk%L`;$1=mYV#Z zV0ZZz&VTd#&{r*dha2`TPn3D?B?GE%qTa8}idoesSs51ZY1)rvP&~;s3=DH~obkbZ zW<*%cH(i@CSUG4EY&@YR@0nxl!?Il6V=C~~zc}(zws4c5#h0!IFe}?zIlETL{ei}Y zNA7td+Qd=U!wC1{@@8RJv62+5Rs3HV--Og%>X*8+rP$j{wmVpNHx2#ZP`TEVd{?>N@ldKxl-z8`tS>C55m2vE|T4SDnx_<0>0=L?*v zkI2@By#L;T6VA1}F1LpGBt60@X&kM7m$_74JYdps($VD}QnD4*?il|obvB|e!b&2m z&Z&S%4D!+4ME)vkW|;c%!8WJwc+_S{g)D@Wy8(CBda?>X3RZ-6jmRH+;Q2<{%v?T* zme!937pbl2cyPn>4BYI~2k6Ko01q!|p7OtA1VARjt!!0Py5pzS%qFTrY|_0Q9wqXs z&=E4C)>A+xGwGF(J|TYeMCPEzKy(aU)3FZn7h6!bHZolLfQ)LlRstkE8JUdBE_@-O z1$IH+r9OxF?`Xp=p{efepd7rwe1+m0&gJL0j4LmGI)#N<1C|&(ZH%yW0F2TQ5R&LB zjS%;J&YiDX7c(*3(4X14*bDcD;0LDep`z_zVK8w+EcGb+S6f0|TYeG`kVh2iaxp{) z#a2a7;O%m5hy&<3wR2-%p6+wc9p{jHi#fsd6{nli|G;9iQmDZ45W)ZdwwqZf2_FWT zB!BGVMhvL!g};=R>{NCOt{5Vbyf69J6_GY&-49MEyj>y?QIIv50CJ_tAHF4XLA0b& z-OW&#@O(mZVxW_GFhBwyL=43P(9{ijVyUHjU-$sd&kZ{lYN`u-=zY%`=%l8-L|61iY`nGQmH zF^V^-+;uIbzIV@Yg^W%Ei-c!|Ty&m@j?*zqe+;3QFdK!XJ@AdG4)2uE4DaXs-^W~i z{sMRd>8C2Gk&mYB1<8t?`(-*4d2v-~T>rK)7#jjgv5R&n*_Xyi5pqux8%7EZsNBE6wsKbJ7K0!qVdxYj@;GB?0?W73d^i!o6xGg{MlGqF{d*~f88 z7t(5Ers7VB4^QJy8#xe~vEL#yehxwiAHvaaRNP4{LcOZMNBe8$HBO+ygW)QIrwY{C z87qqq?mJzPedeccKQ55K9D{#)PiQ~q4qu;TczRP1FmEdOxw8r>ua{**E?{~cqe;h> zbBS(Q2_Z(AwH8~CFyE(dpGfazh*eTT2prRKGYz!&l-*6)$?Bv;8>WGNC}AxTJ^$3A zw;Yeo&h6?VLi&Fg8Z!u|9UDeZw`L;u-{%4NLH`&b9aO4ei* zy!n^e570>&vS)cR5Wem^%W9wl%3cuff$QS}!ACLI(YHL0T8JN89DOvpGQ9&I?>Z}c zIdG}YYkz_cY$3@5+bg)j3Q;I)5n_0}%a|b1Poxr~e=GysCELBA=GOHZ`U~bV0U)ST zAD&N8t6TDde^DD2epS}9V*4)4Ax>s9{oyd4sz6X?2^K0b4mjcCFW?C>SwsIPrL#Kb zXB3F=G$nt|RMu3Wa{x`_&CyIqI32hMdyCN(=d}M{({1aS{WYz4VKG55|fXcqV%B=w=9yeYNmsqqFh$ev&&6v$LE4 zF+k40xN-%i%V43hMtag^(iG(e2NYIC<}+s0fb=UBHM3~whpga+(!`YRn*aOIj;Kaf z8QhxVA7yfsv|kg#h}`adCFo~KeiBu4HfB}Eqkw$f`%DJF`$>kAG&|CeI$ zE_1!ne7^$&$OLXE=apq>23TS0#;z*tAO7?42jrvR9(@Q>v6&rtqkd@%qlW{wK!L-I zy{fqyiZducrh!G}=(gQdeTv7N*tcgk)|8Q6^Cdn8>V&Wl&HlClC&~ zkgeusx*?q(2k4wdKmBnGkVqGJWZkgxhTia zF8VqV0`R(Ul$k}^U|ch(3owC((jd0O;gnkcNdmx{$DqHrA&p@Is4Fxj*p*(9Khg> z2`-broaeg@;wi3Ls9q6?I+rh=0>78Yz9FFHa`EYpWtQn_UZ0M7ygc(I;L_Fmr88Ol zM>nO<*IWJ(ntpDQ*8kjiapagw#W3X{yM@3fP^rUz%i(aiJli%V_Ra=$^|H~p>UU@t z|JEa%ip#Db*29IR%{uenzELpUR^>JP7^NQ%!Ur}hd!$?J*MyC1k#Y)Q4Oc%SdGhAb zS8W{Dle)AY0~Pc9H|ImoI=+&)MaGlkJMb)adMTsXC#aR@bsC(5`lSURYZSs(Z?V5w z=lbhTDCVYF=I9|HtTOw56+fqkb=zyg0h=c4%pg34)1Uh4|SbY2MZY+Tw zPp&rI+jh(qr(bk4Vq}h-pHnacYA_={2B)34f1Sx4Qe+o;vVje5ai8>~-h$$-@Clf6 zeUz$r@fZkrW~IV0$8~58NG*Ll^)uz4IqmTSGhp=LUZI0vFH2Tq{=H-&D1aCMQEZ46 z*`e_Y;e)BB9JEwu0Vrn0OmlU>S_)lIc+dj+y&xAi=tCxkL@C>nA}iqznz2OZx&>S9 zNH5GszZo;?ntCzn}Nn`vVq$=Vtpz{cG zi~e{9Y>n3SV2gBWupA}ROXg?{f+;v>;3xkAi^~K!GDplymelO^7rZMFhvepbZz`^% z-uv>Y5I8SWE!~t1HcK-yHYi%2OSD~QOh;My0v&qwe5;W7zF_5U8!zyvL%vS3=7qAZi<-1@B_<7>gLNMX+J9Pmit@nR zV%s4U)xLs9y#*F68AEVvsXX}8F*FUB_7p9ONd=N7Uh;prHb9W)<(d z8mfe!-k+Jh-_lv1Ll({X`1g70UYl_hL$vDnl=ZzqopSp~w%habVN;^Dyk1WNLZl#M zr>Fv4^8sD3-)H;J&_(al`tLgOpd7mg)s{v1Um#c`!|I#`r=zi1=M>Szei~&!n~q~T znD6U4+q*lU?~cKTvEMsT`!}0 zHk*4d=#v=Z^Jy6M)C*7d4Ed!o9jWaCf9D+D!Z?O-?wb{;YS{okIyEp5^}20`u_NJx zgW&O^Xh1ZhFGRdLCwulPRodWUH_mIL5-HqeZ3>OAsUuK65@$x|rk>hzcrQ?)fykz0 zPW9`{e1}z{)fwpCy^MdbQhXuc-909oicJzq9*|0h4EXQ7yN4s^I*gBWt-3Ac7F~S( z8q3xuh5sb?$0Jx5r`=vzWuefC*e|tsoG8w_I1q}<+W-cKTGYwXR-f7mGk)vRs{94_Ptp&knf@Oqy^%}#hO9g zt@FfSV>H>yUZPSl=a6O1{qjnS5v+>XNmqwfZ6-DZil64(8gkjO(H%<=UKRw}_VM4e zJ$?{_j1B9yUW_sp)(zjWc*c5kI?)i|Y3cH84?|29&W(ItsRO&Bs<~Gq8+8kpg~H=5 z3Rwx7@4-z5VOT0zfz}GJCiR_hz@mRX?e6@@tMg}aG~H_mrkP=>N&lB>_X!>rHJJL@ z$Q!8cX`%vuEU)ylr?!1Zl|={1lMb1_A8hYMcagY>k(&pE-YIMAeHO*76^8I78d|h& zt}`smZQbu>n9`$x_${IBHQ6$NOW2_9p%%N67YyT&uMw3sC#ZKE-*c>krc;b#K6#K) zYHQ;7^RH6+e;TY(xlLE7G?kj7EToXv`~nKbq?WRz$uG83TR#HE0UQ9xyA2n~q0#e` znhC%;QROdc828#-Un$^zF-iiI%p+{bo{ZnKR2GZ_?ouqaQrW^4WA-2(2lgt+CKdN@X3{DgZ}}+YxAgvy9!-A1lKkI%&ih zCC#?tdGNWQ8CLv0MwamAJYVy5jWSG8-?3c{ z4l2y=RLjB~^$CL))rl#ip!yXxL-YLwdvM%;*#IO|R#D#0d7iUL0L`Sl&~44gcvJ3D zhJddH)N8Ln=$jXPeDs%eWvEZgmqE0I+NgT%trq6+ zL(d#xgA?G|4=@KO-}~mpaQl;)^eB$1l_8ix@?kV@d28mh-uI(92h^a7+)AtCsA#7~ zE!;P;8REzmXCr%bXL}f@sN?zZ2CX~XeH<3Kw*7uH*6s{`D)k%Tg#v~atA57}Sd)T{ zyFQUF%xGg>hUJcqEI9T|t|`JEC0;D0J3}_Oaq&Qp2sLV)BE1<|&MGfcFiwKBw{z4- z2o2_ZHeg{JLG=Gx1jdr40r414UJDVVjH@1pyQIT3V+ps8IMi4u(h3L5%BlihJsa?? zakx)5sbY)Llb~@n>4}2qC%{8n^0(HStXrk$8G_X~wPGJc*7h(^;`g!`jLXZpAYp9^ zhfyAA5LbwP+0t@{ zmp`xgE-nz;S2O!aZ{1?F=S%Iy5JDtOzdP0(NW|?*1L$bOlSFD)hafcRvQpbWmPP#! zd%39=40`7!*%7?Yt>w7|TC#Qn`;82WGe@BAdN@QHA@t5n3?pZz8B=Oiul1RaB*3$@ z$I}tc=jcpXk* zASO`NBPiq&9oG1hrk(t)7uiR}+CtbCMl|D|Y%Ei>lGlmDkyLvV?z?P)5_N)z6i4b2H znZ^5s+Y?K0g&Eag2zfS(EebZLIs9RPT^GIsrq?k?6Lr%Wxg-o1C4PU9Wd)2FLbLa9;q09HPpw5^HB0~I}eoysyX zm30xft@yV#K8K`2j0e4G+_p4d>nTVA^wJ;@vP*bZJ?d;(JWWPH12ku! zR4=C4QJ8c5Jz;w=L#OcgY=@-<8x*}L@pr+x@u3!J^%VqjJq^0OXNS?jud^z4w2x=k z<*q()q$UhkpzzmS+kQTBVr%XICbHs zcYZCo+|~)>+hO=5`_(8MHaBZDDO+yT$Jn?a7p1 z?rBSB*a25<>4wP-kGN_axJgepK403;m8HKe@lAVUZMGvC@EtOkR!2fYeoyx@kQXHb z?w_1DBqC*HgYh&WW?p9A-jpaCfmu6y^_u@(x^M7cZ&LCQ6>``aZ( zUMuGkP6J_;_`$~29#4Wxfh>}nOx6~@Vy^z}C}2W#g}BHItU}!fy;4Qx z1Ar>W7&kB0vSO2(`EgDv!i_{AMz((YK{NOBhFQb02cKvQUl;}tQ}xD__nv=4)Q6A` zQL@iCZ2ISDx?{EXjbrUVO3Xu44v9?@dcFKmuqM$B^-kvv8ejoh<6LRZ1fQ2U80L^-ftw6sr9z6ph=t7#}dgyV6Xwcov+m>fr!} znH*a$JB3X)T?M~G#yj*+{q+2srLdoHRlkYfb4CPE<{)&@OSMzFHOG#cHuXGOofZiB zu*b@<7P=unzQ;jz9mC!>W#VC%%ah)pw9H(me-~X^HP@-Z-Lj%pYduPoNC{vrXyKqb zOFnwi`NC_$6fctl1fRwateGT~$jLC3L7>!pv7~~XW*j_#?qf`8_*-)|7Xr*ztW+mr z+@cch#C(~14z5xseCzy-28-$_CNJM(H}mkjhi#<&MRKucVr)K(5WnHl+%C*#3iY_o zbbNzqIYMZ_q@9+#`0;c-=9BFqTMqOA}w6sIR& z??GoUoNh033X+X_?gnZeV~KIYB6){I9rR|Q`V7w(%bfwyEKER9xaZ_(jx!-N6lCqWY#3A zJCc-+7es!N?$|p*+|>-rZi?m-V~$}GH4|9j^TwCbf)n?d%AM5jtjJX7AL@!Nytvy& zkqa!F9auLZ7e_eW9Mq#`{t`Rln{#K(p;qWbGJ-g8tb-cJ`;sePr=#7ppTs|%JgoZf zF|MS)%!~p4%d?#_|IfGux4m+RPDk#YLq)fq#iVzv$+KZO2JZjtq!@ZtSNL7}e$J~V z3&GVmbgs+X4PIfxNbx1$dp{JfXzr-|e)z!6$KFW=KBuUw*u^c*7~c%7acjbDWnrzoG|da^aA zKVbEBOH3Uxw2I&OT@PW+i5=E8Fl){*DQ2y>?ci3Bw$zI!MU&k$ zQ6n%A;1M9Iq~O3v@2OC`Dx-T##xQAXvCrQ~VkyfB>TN_OR+UBjcK&H@zt&VTF(AuY zpfUE9jgc8g?8hHz{q9YkKLCKOIAoDe1?f3Npy#HWwUjt5kov;KjIJ&-s``&KwDQA( zEBPxPPE#WN>R~hR4RqBh$B_uo%{CzpMv zdouMlrY6fOr9|y+(i}j!Tq*Tn;(m(aPbtSH+%#Oe?dK~KPmI2}$K40?QSPS`7Q~^A(Z29u<{(v|-C+qO=B}}=->G-Qv3U0$ zdAcTC0)~^jWxL)^8>0cqiQ}MQf^Vml`yBFq+DvYa-Lc4J9d;Ij&Izd8JrLde;fohT zH?%>faje8;EV%Ria@?;*e1X^UADFwZj8>1d)m7jRaqpSaP~C{t%bvNSP^mfdY@;hf z;$roE5OaGQ<49?fD7*F8aZup8NMekf^nxDc`#Nlt3%uM-&MM{gmE>QHIK6>^f)2oB znPVI27`mpxAieMi1E$f2D`3n4?>~jNd_l?j@)4j_HoYl->@%1v$AqjDYpZ%P4Xt^} zPP1@AO89(0$x{SvT|BdTmj584u(2+1rMrqM^&LXyweV21KJKT3e0(k)2v&NgL9twf zJ|XX-o5~@_ssC*=ks=ws3`6s^)8ydw3VYs|kwn8np{cwnTH&CR1r{Q?J6PVII373V zOf$a(IcYSD^nh5;^$QK_pr%9~)r#&rxxLF@L#^Ql=-k^41~e?|hm7Lu_Oo$H zakn};^kse!BkHlLGiRDJI_8*?{AO#AfWe>0v1$pMt^7!sDBN`Ctg>k4c-fEF&+fp$ z{bi*7cJNFy1;*FXy77pdK7N4P5Tv=mbs<>B0=cT~35GFyH){qfyp8YSS>m5fCb88Q zIsT zQ*TwICU=y7b~^3lcPqoMZ`}WJ+FQ2^v7c8N4Tteb&;lX&UGN~$kVz|fRgT<0zB8d! zXBQRL_;aKoxMsV{8O$>1ux=;4RuxgvPEIyTrja=C-tb7EF^fUUdE1^rz*J^LkP&Y4 z^qt#c>l?M9y>mx&+s^{`UA)j2Y>I!&Cs-4aM`mafDjLL-Lz?q?znv4mOvulYh4!~w zCftz1wT8+i5?r1$DIPmGNWHh!K=!f9yoZBFtszkiOYCbdLr3}8Q?`%u`wrwsC!f8B zCEi(%%^%?WR!|%P@b2+Kmo<3(Q4`PZ#}bx!<(}^2C7@1<>Cp13UZ9{=&2SQB*H7^V z+3bXa`_$5v5U{p`vYvZ1vP3vjlXXhF$~A@++Bqt`2@YdtZoY$0rS!)Q6RNU6lboGt zzxrdHDSa*k5Pc601g81Tf(v$arp|z4J+d-lXvQrS2~p^Brd++MW&x`}FH`BX+am&E z-G)skd^&m7m4;gGCtz>6J8c#zbNGkiyZd}7lx1+#yI(5;bnd z8`>h=K8V5y-jIudXRxoOk-t2;vV1dkqL4frcank?qPo+To zt!;XTn<2eI_*DuDE}@_OB0_J=x!X7)B^yELkCH~N!0VfwVoayK106jZPH!7a6@ykO zjmCi)?%JhhD*Q}Jp9nt_OtyntjvvJ1AKaN!ArRBTKO_B9C>WBFRG~1tFA*uFFPGX|l8aYO>a~RIqba zuu31VDJNsou7nJXU14vcwMXoqMSKeqp%vl+*_vD^vqp7F^*26CkQLZI!XN=BIxE*SN9QIqoRY!PvOcxjgiRVuA?+jOMI!T|NyxmEu6aJ8-OA;i~& zVdugK7bMoLZDQMXw-GAVa}>+$Up1tZ^%S4|QRT_&UidYB{ z^eZ?d#$h{{+BRo!Cy@Icoz(#+z%sLf?co?L`_@X{fm?1JgVkU&9w(9O*L&vja!Ovt zoObt((hKd?F&#M=wD4Y<3oQAp zRO0Q;iOy}a2jHoo0qdB=Gn8T~(fqFLJh#fP2gFKsHqv{&8eWkIf{0-0sl=)2KcntM z*KM~)$sbfM{&3PkU)=|Fe z&FHm}P85=#0p{M-;SRl9({uqup1omDyBJ1n*Ty!8vqT?dBSCxstWi zRTgi%wA1Odw%l=frx#<*F?KX70Jn()!}{Lpat(FhXVSO=#fa_-xbYD3Sh?tvl2r|2 zZU}{1U7D?_6JhNMa#sY=m5BPX{0n~Gs}<4ltO403s;`2-FD8tAJlj;m%8j%BoLWc{ zX}i#mHu5v;m%&tj^*}h*4u843ay}3eM>cjQ{9Yp;wH@~(D^a7Xb!gX#C3BkMNEfDg zzKMYydOjT~^a+H`IudYY9bwf*%|v65=sjHsWA-k=GB=P?vOWn476T(bg~%be^@&2* zxR;cnKaE(XR3T={4M7$$|3!l%T>&)6>e*j`?>_&&}ZvA9zY((A=iWEO)MGVGa$2lCp0Hu z2kc*Ye3FuDv-(sY{{O}Sc%3UccTKl*)Hq9z119S>2843shImtW#}$3dS8B(}GYHj1 zEsa+uQp86o!5;@THA*gwl9=mU!N=%FT^K(g3;bVEF1zzBc|?I*@;gYW_beXykG`-JBIQey z^kQkl&0YkIlNGx1$$=3V;!F5vKS6}7CLfx#E&uI7rA=v#g@AJ84jSe$jsn4`ea1uNMb zSfk*l&o=#s5saYK8)^pD#eK5Q?($vEI0t-QEoZ_87zd36KaGZHP7G)Hk0P{oldQY; z$STK^h@#bK9>gY@E3LA~!3C^;1Fk!$8wUy)w}`Dn@qKB1Hu^r)?0LBhP)*Sni)oDAA%Da-9XgHtn0ozbcH^bZ>{n<{f&_*z9-bzy0+o0Nj z&@Se@hIv>va68Bg*znk0Z73@-p#*!Z@xXiLT1r)zODLsE`$5XnuZtdxAC{AK>G6|{ znlCDg>qQpL7oiQ){?8>b%?_FL$}$Ao8AXh4n=Bmlp63M@I5V#fgld;v7vnm~{KZ&m zc7v7ly{{XA2-YEdPfHW0!lnXX(ti*2JA?~yY#;LZt(Rh0pudk@|00g04%B2#E7hHA z&KA7m6LiL+31Jm!e$}}gpMwIfa=46xW2+LJQwoi^eDY%GVa-pK_xlsIG-0iK1c;~1 z-?F3n8OEiG81P@yXFii^Cz*CP$+v=xz1 z-EXdA47FC&8%7Ls3>!gQp>XgXm`H8ktzW3PF0r&?4$Z8T;zo4 zQ2$itn25Nybj@&+W?+N^nv2Hmxs@c@E(Cu-Nh`Q(;{T=BRuQnPVy69FUt*@w3GmotZu-$h7j)w z(!p@RD(c~L&6}uiiO;0oM3TNF`x+Tw#$E1*I^|6)I!KRDjC&ibK-H^o5-FGgBAIv1 zwSpmd1$_jdQ@Pnuwz6#LQrS@dJCKA!v6h7m!nuI1J(e1`{SL9k$0iAXLrqxV8gKrl zV*#e=kc+sF%ykWT8x3pO(JUK83I8<64hv&AbXdGgL8y57btqE-)XObty!+M3NTOnt z$+I`Ha*zvaZ&*bWE^LY9 zl)@tMx&zc9vT&x21w@-?sK7j!qy$`T@JNv&6n0kLF#-=b%npmqyuST z{5%fJ;E=&dYV+vL76+6`XtlPu8?aGo)V&5qGZC+0yA1>6&vB&)0i#908(EI5j%TlP zW0httoACeYUuC>o zms09(c~WD|sdKNMRp7#z%b9|^jsd1Qz{M2Z_d}ed^(~WiQ8bYVhOoW;$Mm~Mcts&5 zWy@*=Z0~mKu{mt>BQ+veci{*Yoi~U`kOxMjN(VpLDeqtiSYsAKJxB>@z>_ad)o*Kv zvGFIrO&HSaX72T;f|OPrjJ!_MXR?Au$qPG_MoJ?lzNtHv5tO=;m1+j8CB^E>UhALN z_^Ut!SyCGV_3-5inLzpka>|%KgkdyT*pC$-+X^X!ET%p+qVzK$_M1`DAOXco+_m;) zTMvNA2_84hROdjqf*--&FSy$_Y~Mk354%$&ErJ%rPa+bbh_N)lO;B=y+-{b>yD*d3 z9%%u$432>Yb2(UEwUFtIXb&K6)QScsA3;z)8k(OCH}c1R0=1wav=`y3yh(Xc%bzFS z97>E;^NTlkwPG)HH`b2SsA^rU4-4!lvuCXp=Y}Y}-a|8DSkU974J9+u9fdzAfWJCV z@zE*5Gn-Qfz*tmtg)r?_+d|E&lI=*Lq5AdwCGl}p1IB1qhQtn-f*>L=&w=}rg|(E% z7j`F8m7W}BeR4%(2(B)!{3rBNH*7e7)y~Xi5>$C%;b`jYpexVw)AAC7r>`56gc}Qk z9rqr+fB)j??y5XdHvcFkHm6x`V*)u@;~9o^rMw3tz!WJWC#ZYv9JkmLjc_CzD>kX0 zj&IripLLMMsVO=CR94Re<%YeeuS-@jGK4d?Og$abrz-sH2FpOCRfYd1(`OJBL!xG> z@ZcvG2*CAABjYyW#t0J8kW89FHp`Gia>B{^Icq1;JGs*ibO)dd!XQOt6f~UrNCxG$ zkV&B2r_kNq@d-88GuPWrZdLHfkB0nNqC$ddIN(Rg;2RfI4G^cqmVo;`SKrq5enWkD zw?VTIM@L)jvz*LZt`5{vpR`MM6@J{;2-K4;+uso zJfFZp{vD zuM5WhBqvpU=t+YH;<{$MM@g(VEK4*G2j%0}oSd;&8wR4?<`A^KoRODN`{dEPx>U$R zm^hJX?Mnyb980=%Jz4VPvx9|cZ2?fz;=Vlzm%}t0>+@NyOIH3-908c8Gi8VID1Ji5 zPTo(U*fYaDg@p$XW8!kD>Wum<@C zrjIP?5*}*Gu3z+*T6eoEhzYVy`z(!Qt$Mt9M@xMy#ET1%! zYJhR3Ht08>RjY$w*SQgw%nbjVGD9fq4e3v*7f*ciDVOyYaCW$7oc|Pij1zPbHSJ>7 z?m+8#5`+7P5jq&hM4JlOwEsIetPz1Zn~zgD$)HsyNw6#>)=oC{$6N8iWn;RqxsPh6 zYKE*Tbe62t-g?eXQ7P5!fd8wbT%c*wWYY(v zaK+)f)T|mjO`Qp;Lh9N)YNVL%$6z0YB+wTe*?K_^F{1!RRF(L0p4Yerp3I1FhKwY) zPK%Ofr71$CO46hRk+;Ro>_$}~A2<(b1E5pR^S4#FnDC*0E$^9qw!M-|(eDWrA>@w? zSwbbziwXg!UtdU3w$I``*n(|mFwo_fTMa>NY;FglRmxEf!x=`MVAUX~X7uXMv)$LLsaQ315_5Dzc^Ti-khM_cKc(lJ|L8>NLs>$dH*6j4Et^vk~MYbt?2c_b-DG+CefUIU;)u$rcP3Mb;oH=*VpKin?m^?GM+s%PfIH3iT=X|e2gN#y3{+5 z4emPZuZDQ{__Pkfgru>L3+@%2Z;=Udi3lj?4Z=MxG~xB~%PH)~jJuE5$DwXQ z=nDFM2SXvyn4!42tq@<>*{-|_AL(v9%+H8c9k(e$>m&Fm z4|NF1c_X+1!7u#?e=fw=5mfb>z3d-O%UwJ@Tx)n~WG>sTb~Ybrf0n{=&~h!iKSOl$f%QKJ^{Sm~N9NP}4In57&nE8E>s%<#^kj7Y|c3 z6^oxdq=>aZ3GFzw07S{mE zkf&Sh!a_rZF1HVBGbn1lhVGsuY!Wnl*_{Fab0ptI7FD-pNoW?D=T#8u#RbDMPD(X8 z8&blt84HZiZ2`8kq>kafzI4K<+`WulX)@-)-Cr=b=aGx8s*>CHbUY zSfb(`SUH{x5o}zO-c#%};1$@s!Sc`TqzKkyGeO1)VHZ!P)urE)FOq;t1N*hvAl2$; z?}fnXZ}4&TrKo-EtP~(mEe#(VApz#kZ^<~i`ky!Y&Oq@(UgLYL&k)s1I#cLz+{kGG zQeNfkQt<834zYlp3>lGXV znr(;-9zE?R#Q(Pvh^fFO4Tj(5;4y7dIFGlZ>?Z8I(8y*6bYt}#Sj>>6G6@mf4hbUs znc}@`G4=9(Z21!sUMz;Nl>8QS=CI4uSi{~%NRX6c_@GQ1h2p7RwF@)YZ|^+dJYd+l zmq)<^?$umcaNr+O^4fXBsH=|P9{Xe!p_m9Mssw4Ol;bLH8d=ON^x5`mm8E{vMZ7l= z%5n7&jgoH1K|9WytQyBu5>pWbYfjv=6Kto)6y^kBpLC*RoSFPp% z|512fLd*|Hb7VVQr}50a5i(Ft%&yYnJM@RCkr^#@JLj36Y!x2xw)LvnX@3^%IO%I1QI!ZtRVaPYk0W4IYMsUcv#s2^8lweUxZFgiY&9rbiWK7JwTX-G_3P^@s zGvN6_7nSx~w|}=Z|3j8YX=(a>M`76dURe6&BRU5#&;Y07BG;rMozu)2n0;=(2)9+_ zjtXmv3&9iT!fiBIYoF&=QV4m@bF)f+VzgV%{V=>b1f2}fKj|O!Y)8yqfwL0i%^6DuEQwAsOAW~tuK3FRM%c?0 z$6g^HdEnbiCGAN1R+Y@2EBq%$Uv;Br#6up(f+-vLdDLFXZQyT#v=o>B6Us(G!c-FS zExdk9wP|v_^m=Ij36{$wI-}F#9qA1=zYSvHqSf9j2}#fC{pLt}Cw6YB$n+klex^=o zy{RCCwxeZe6$G<-GJNdM7e8!r@Q*-wz#T+q?^GM1oBXgWR62&Mts@J=s+Pkch1$bn ze4H~2<^^nGJ9x)}^Pr?PrYL7GMDO6^2`|h=r*E$Eo|0WJ(K=o0Uj65N=;i}tD@kV^p+i&wQ~`?scor7K9o>gVxc0xNx(?81ISf^)!)Da++)?xBKnmTQ*V#|GeISEUFSFrBEZJ} zRhV*mFz6hpjjfREp;sMWTu2W70PU32pgzqn&KU6>?6es^@0bnivLszM zJloJ!gv^&v~xKCO_LBF`$_ zJEu1L2Fvg}DcF+-!xclczU|pt^8C|)!XiG}_mmz1xsK9+aDmWyVf)tPi{u}(McW4g z8{FRf&r8vdiASo1Kr%vGY9NPvtJrIa_*AGJ?X`y~0Kyakanuy+vY);{82a2bB{SHX_J>x=5Xh9>j0yMc}S#?j5L>+Xz86~UXY=lMp6qejI z&j@n5?;U=zHQ_F10}C}VuuNdkDi$Z$-*aq7 z>H_`tr-gApRiSew^Qi#Kd`!zrU@397Ll6-U`OXr~`b{j@L_IWWJU<&@X~M}y$p_HJ z=*C7!Eg`klZs$gTnX*6Hg4NPaUyi&}VU8imBXT<16^BB4eb|RWm0kP2OhGgT0AF)% zwLt6ux9MAJ5vEU8%zT^0Hh7g2p28Qz-(yHU3Ih*X0)^EqRikbkcpwEc0vY3wxR(;;Ts5*IGaLr0GV|fN$Ts>EeLPm%YN2>tE`3K^NxY1ORfnbR=w+ z0lk{_STvv#c)P)1@EF zHa%C3yZedwy8zlKL%?xngccr)62N2e*R`BqSkji9W~)gTT1T9CYj|~(ycM75b7dq) zi>8w+)6e`Un!tjPaC{dc-z-~Vx?3Kw_O@^GzWI#t-84zsPO@v-2<1e3s=~`yQeQj!ITUeq}A*# z$@0u!ILy13hSqqr%iWFIvA0*E`$NtPG@U|{T}8^=PCqQ%BDG2{fCQdeZLgoo9i&K` zQH4}V8C`UBu7a1K61dQUMXMQ$DRX>TX~db(l_@o=`jH2cl%4&}D9G_Q%~iccGu&cpZ~f(Sn$i= zNSn7M8gb=%DE+g)Xp3`cQ^evdI>BHO}s0 zICq3~la!Yw40`{=%HhKplp8OA!9@4JyjAnRXV03fS%{54#Bw0czB2rP>ax7@%=i43K$QN1^l!tUmM_<-iVHi`|rd>V=4 z?`u@G1Za8iNM9AmCDWAVYw-}I<`gXZ-&gUhRdsT%qXHJv$YK|m*^AF>04W*J-AVR=K0Pn}bcZhQ7oR&xTVmN}U z{vwJQ`-B{wdIwqRxn6Q`>-hSG(1?hSJbrN@0ZeB@T6NK9e4>e5*8eSgwMIJ&fs+YU z75YQf%(Op0YF$Af>rb40^9+DnP3s-)v0M}C#Ej*(6Jd^Gcy zEQpND#SJ@+Kn+J&PaNQG%a6AKZ^hadUA}2asDobZxg4AeG zqaEe=e&PFmNH)BihC7U%E?hKAB(x62N(W>Bp2T3 zZ{|?{>hq?y^|4DPf`gZyimXj=NZ;cORPK1@L_yt|=eR%YSo#G|{ zFWCMN>uP|jjfJnd)S!5}5nIpZW_DD0kICq72Urs4A%AH!IEd4)Pb2}rCObg8K( zHBu;-i)aR$yNPzn{4xTTKR*hl$c#Us1m-tahC~y5#Ro;Ma7(*=4LD-oP*i9)#%aZO zI|oPj3W4j?XB@u|I!YU2SDi*)D8ol@ExA;9gdnMQu|9MKgKQ>$X^YyB+IX;D@s!Qg z>3YZzGxZ;P!np3!KOyO(ZHz-EO|GfF=@dvd7&+_Fgfww8I<|4k`RG}{D+3fMB+9PF z6goSp`|pU)zD+u}1H^A^;!me`Sy88P;&1>zGD1*mi|x^_TBTU+>EuL>4%mG?@uy9>q&Eltq!%Hm+mc3u z(}S_w>Fl+5V5>p;mkM0r{GFjYyWcZ=HNXX-p1t_FciaMs zhKXHQGyS-4-2KcAAS4rba##ENMtZngO{EejgNLQsq+Q~Wmjqlt`rV5RX%K(Ldaph; z*sVdduuYk*p_Ki9H!d_h1FKsCSfFy{Z~hXCG)j3PH_V4c|^tek*i*YI_1osW7kH<2l;*RYFe~y6{ig%efeNmo&k3 zjdf71T1#^@H2MpuEO2<9O-)m}2$OX()xvykDp=~4fEyqj^QHU4RhiSf0dY1|Ngr+B z@{GJ!yk9SabL7SN;cU z(wB4jzE~shfPjv@-#ZwIC~TE>woo4zCahv)Z0gam4f_eBq7lj;S=;dw3WW`hf?%xP zaoyc$-4^*r&L2AI>YuslF|K%%6Q0a3kZCh`aS&7N@~hk0&sjsV$F4+5L3lPY2(I0R zc|19hPR$akr%1)e6J#X3KGd!qJ&%u~Cy^U`3Z9H?$!T+3y|DTb7;W!;32EAT{f}&& zYU_^*sm*AroB&pU!vbAh6_U3Z6M8z6vg)h2xZ)y<9%TNUR5>G|--oO}<(dbsMsA~t zLvEQQ8~`;y%D);%Iu2`6wTxFzwBNb9UTZUsDyr)ONmGHnxNT?cy3`O}k#DPY_$aqE z=m`GCb1arF_^_Ihuic8Tg}tN`#M7zmM5deYxK>l!f@_LmM*_vnJHrL?Mkut=6rHifGS_rF{Ii4)%tt(BM#i2AB|JpdMogpRoJf?jkQ|2tUv2~ zkAI)d>Pgpa(^iK!td+WJlYjYl1`{W&c(hvvGa>#_cBpT&@zqF7H}BF*ce6|2%!I%} zUJ~eMMrjvy+effr6EnpEtIQ#dDzHklozovn5|{^!zV7aP%|t0~zZW!h5ZN9sKCiN^ z*YdY|t28Th@|uwMteK*&iZ*<}6Z*gJ6-9yRA=Oh7CCjnc=)Krd^zs=UQjg$1nWJx< z`m2+B&F*Nb*P$``NJW5Gd6R_~2*_;HVQI`x#15p?*TET1OQX<-@IteICgf`DZJ&8; zQYf^EiRPNrMj*E`XT@J4{!dR7%vzZn)WzPsSZYXlZYS<&oMBzS&&JphK4C~_Ca@Z@uym{+z zJT}W3fh8YpAS|qt8P5%{ebG=k+Ox-MS+0W!u_`3_5v8LlqOd1?}S&$ z7%D%L0H7f>51@;^+nHm(%nRctGWerE3OMRyY`sgLYQ=h306PHy^`V9EGThCXXv-Z! z%dA>vy!@V5VWt1p{!6BePx*?G++~DsY_kKxdsBt?iMSh{E@hC5EB~!H=;jD{vdOrB zdgW8i3a-^T_z|IRe2TGQ)yE_M>gn%TJpJQp={ry9eZwTXQKzTb>b|LupI$C*C<>5} z0q=&JEkLr5NfwGZkY|Gw0-Q0YeuE~UHt=^)E{y8kjlkQ&*fnM$p~(Ekg}$g}s)?av z&Y&a|RJD{nyK?9($5V#bXsY@79qwXZ25?G8`I|4|3yEi~2R3`Xd zGMi`(FTms+iN+jGvu-S&r55k1S%u5HpO5k&tu%T*mY_Ht_ku2W`FIOv>n(O_UEFG9 zTJxpCFe&K5msr2EvGy3}@)MXogOo>em6OVV$M%75$g{eryT+XrEi;r8rukL{kogKP(JcVdG*fX-y=9$)UO#TA=-5R;Ci%Tfg|acFDh zOGQL`HR7j9@jRAp=cP2w>s!r;_noOqgS8I*njL}J>Z*-uKPu=^Zt5{3fC+7Y`4F|s z16r_JVkcq4oV=w~f?fTbn|4$9+cUYNfr^4G%o+df1fMYHyw-^iOl1K-kz$#HX)y*F z*0_gQsOMtWL<8-=z&kFl6k%}TE~!k$3R4Y~rBcZVZ7~?2>gfjO^WTrpD=vi66Ogfv`G9zPSl z{0Ew}N};fdOoO_F`b+(wXz&jUyukts#i4d#^P``!U7^0?IXYFk-S6R2RVEM&?(%na zL3thGPY%svD3o~vNpq99RhYK`j%$P;o2!Lz&Bgx8{5r}amVU_^0bxZ}`zMCk;w(h| z8+rc}h`pmG$JhN_STs!{EvGF>4?kQM2XmuJGvA|NiLzN&%w+a_Zmpn2#L^$72@a!j ziAt>DIl2ZaMHbIvq!topPIHCk z)~BK+8z?N@+EN(~e@@~8?wf}|D}DvC@}=$CsqpzvO?{i1wOy8YL$%Fg=qRzLkaB_y z%p{)GEWn1{4k#lHLwneqyYn-xnc2qMw@rjePv5bIXP-e?Al(-wsWivd=!3F&Et-}R z1BiMroAork-p$?0Hc2duki4mwz-zZG)Z?{FXg!8+b6qaes3DmP73eo_pFcNJ=)T9U@|Tb2OSiM z%a#m8YQ)AW+0W|H6)e7S19hq^TFfGU>=@ISv8YK`fqz-Eoi7tP{}zgeM{+r*!cDkr zS7bsj{V*QA&B}`wLSwtjkxU2-aDz$7RuqF$rrxT3IB3dhhqR}&yrrrG2Bq&;94+_^ z!Kw4Z4AuDF3#J;41i#!E4Sj%oM1|(jnCx~-$`Kx=Z?-vFqyGjs#5{5+=gE$pIY#B4 zqP?(JYeav&Q|fg2Bt$WQ8G4oO#&fz;*XyPLY?VU!iAMJ7%Kn(!{0Vn#7C%>O+_h?C z$SsGZeoBW)saEv}VZTAb8W-sZoZev~ue ztlL>Py2EA2BlvHqP=?fmP4aJaxWSu|k;<;)D-B-;B2kS`su&8H-Ae~3;nf4l;%=+x z>U{bfds5=K!C^0Aj*O&X+tfkzfwImLGy)$ooRvAsWxC zOjr0D6A8fx1%8r{L>Baq;)ZmpDRzTBSv?(|ZmoGQQbMDoiT3@+u?87TZQsZ&fnYSL zr1;guY8 z*MQm>5+`e^`Xlu1KqgC3GYBAUK$L=dzr} z-B<1GYmD~L`T}31c2~Js&ecl!4NNU^7TK`x1ODMJSr8iIxwk?rSqAjBf{E`YQQ7G- zlfpS=FK=XSPh6myXlbC4qWe|ZL7Yq*1h3lP5VIKd71wWDEWwmYS_RI6j^el0b#ixG z`I8@2s=e*D2Dgg!jxjLZ$)WaR zsFa=G2@c*~uN~(NDaR|@3P7Xgr4HMLue+q-E#I)xbp>6!dv__y?t}cpQo%pjADuBX zM-P+vx>W>zum*@Eh}?wc!M`3KZE!v;Ngos1-H7S+(*4Dn3PyOimzz_Msl4p7?p z^jShFAO^+h_imt7vlxeAA8rBE0U>%F=T8(}4erEuSd9C5LuE~v`$&K%&QuX9C3A{9 zj{PdT6h`tQdpnwK{}te4-oqJme?Y}MUeu)(-QBLO{taWbv~p-PWm1e#9^qNIB(gh| zQ`joFku4+p7!OXih0Gr_hQ+sS{SmvqG+UN`rO(sR#w#*|%Juo=_Xoxx!+m}C&U8<2 z$3e4!T+_0 z!E1D0D=I3pYU!w6iv!Dj0tkj>pe3?TeOI*z;t8Y(i`SMuri^@=ZZA6(sP|rE@}{zA zmUR?F4^k6Zb1xBCH?1_wdxxq9kP=G*C`0-AW!%Yb~s5JWm(x!kR% z+?;b5XkSflUTEwp>P34m2@It0G=M1bFnfGHM+XSR4g4)MX@JME?JI|jt(m+rr{$;9 z87)T3iwY!vo_u9sfk%hBuPx5;yGUKF*RC0~MfXioa6UkjQxu>?GTPwa7a0j*G0Cfv zB_?$IME3!1Bb>Lv2S81xgcgr?z%FpstN%HpgdTkGrlwTIO|%}Uyc*MIG(sXiSkMZM zuT?pH*~wPX4F#vLInfCjTy$V=wu|I zT9XmW=tcRImN;0th2(Xa9(a~lsmohEk+I@aTRGn0j8~ilSsHfMqFPmKkDm=ccvAni znlFwU@XCC^gGyFvgvr;|B!2wp8)yC~Q=eEg^}oo#6drDdCl zUd!0K*hch>L3E#ZC`o(Z_)MQ-Er!u^HphDS8zj#$dbFfv{kV8jg3<-3SMDcHNw!zwfd(46G$A40*fnx*>Ge2bjbKJ(NdRm zLug{C1fbkXKz!XL8dihECo*`X6ACt7r{H7Kz0bJpgE?4)?k zYzXxElqQ+&vpvdq%hYOgkIl@73S>ugiYowOo%NeIbt6t7d5Zu#S3B|x&gXS;A0K3V z-=~!Xobx9P&L7|Y37ek(R{sm{C*SO*Y9LjTAm<*~GV7);}{tB5|399NwG*^E2zRiu)TE73fzmd`w>5r8y{mM4JH zmPkw=o6k4y=+S!@r^QMTzu%gb4Y)K&lAqZTQ2R4ViAnAX!0G$Bo2Ke)PijUooMwPW z>Y{HDC@;$)sN7@c6xz~ObX2&;X8y(pISH}S%~|84Bv3Or#X7E*p4vT5E`PFJWlBGE z@p5cADb6VfLAr+MDB=l=x#h_nT251>YnppFvN1ZO_NkxXFk)uwWV-`AYhLC*~oM!KssZqIwtcm6+#1u~!Rt<(&nj7RKfx{$mt>~IP zG5n_)zuhaC-u?MmjZ>Z2N6d9WtMZ-{#4PeZ+i)($J<-Uaxy1g7QN3gizAHgE@@9FX zEhCy_3RQ*=J{x$!Z0SNNf?1Hu2MxQ$RpLJG^L{#u*PT4<5xm}yx9aiIG{LpC>avit z8o<#SZCVbX=;CL!C4WnE?PX6FS3FhEV~&kn0dipf93h`NB;qPURNVqX9vaK-xP{Z{ zBOnwJ&#wJjt=Qj&hi`ajsn!mhKsVmZ4XHUQ%qk~Z^uK}>AWbUTT6B8n1lQ5^rqN`_>7dYJ{9GvwR4i)tqtY9)M>(KZU_cI(!~N z-%|@+^QYEA#}SpjU+*MQ5Ie6vl&w)UOkUry7An5Z603vcxBVmB#Be zGa@5blT?{4#VhH;HF>U9VfIK0C%vFjlG+jt8NQ|hxj^-{yjxovDWnQ`u+9mKZa^5d z7)}-mi_Bi$00BL_Rf%o;~p#9hVKL51^xyUqS z1Y8or%;gG_o9&N=_c!-q}Go}I=wQjdQ|ZMawa6$Z$Die3>UKstEg?8u1vTBg>zZ`D_ahq!Rp zO&79%k0)?iKbrG(v#H@#+rHaXRZ&{GP10O+R!O;q1qxtZaC~u44-gI9Wu$e)C;nJ} z-BvW%S@XO#Iq;}FZyyO6e<+#$gV)oQzhUj$^Ua(y2k(0z4b-Md5&X;`prdu~o2XGH zZWROv)ej>NG{x12IGX`O3-W6@l@u<;2CCcQ^f|6y4OXL>C2Z|Oq-!r8IUzM}nNzg~ ztdfZ{dHM2DC}l)_BKvG{_Y80ylD1>U=t?GVQZv6zFObnV?J61!R+dV_D)i6B`-{E^ zHWs({LDXjG>V1H;>XnW)LELvWnX@wk=>sBWbiZlny$0HVICL_bi-aTTLhK|Z!sUjqv;1UG_@Y_s z$L11eU}_R?i-cd1!{=HD9h zOg;3ks%{irT*JHak{Rovnm)Mb^G@xF4gERYy0416VDD{mv#n>mMJDz!XSZMiNlq#Y z(QME8=WM#08}!c0%nI5^MqP`VAoqm~1wMU0a|ux#rmt$kk**wuIJh2WnlJ#P9^&xJcf@d^hz+(Ww^(}GsGS}3 zjL{hJhi43B&bXSsjju_*{R)#C@TKzh2hJXie(_v_4C{&p(ykoA8^=v?v}rF1H}8AZ z)8l0P|A%S6^+a}xtyQ%gv=stkPVCPx1m{e=rG+626g0Rc-!!WTB~wUIe-4Q8Dm$Hb zmL|(Lvb!d#%sTMt#h(Dkxt(L5o2pco7L>^#&t^DKhVXo0LHvNlvOU48|*g z>4xMpIABA>h2=#wnT4}#2X!7g!!Vhg4QSfcy_+%X^V%*6rPXfunqhP{z-g!2DuiD^ zjnFt2ygKP-GNPfb`=JV=Ec|pXsxLe0{2k!DE3B*m+R08=b06}9MxKs9w4ne;{rnQB zAuzMj4J}@O0$eAgtX`ppzn!blujeHHOIyG-CacVoVoSjonFb3Cgs_^{Pc{(c#ml-@ zV-V(KO~9ZY$bbjcuP5-10X20r{>nx zTO_$|p+|pHZFCYfKj) z5Br4gXx%EQEtJ70I0WcT6ki*sTs=t1ma0^k4s3ZunZ1wfl&yNa2JBERj3y%!Y^IX5 zc5ae!O2qv32c5>GdBDLkHJI@^8Ngx&j^c9LQ9Uh2lM~_l9W*7WKe$d!iG3*V$UC3k z|L`;#c#4}SqFxRSFy00538k?BeoRVyDbbFD06eW%zk16Bv1_qK8HHMp4f_fa0QE3B zdY(}dHijeItL!xK=wT<+J!F!!K?u`n!{WTnM5A-M0>5*?BQPH9a0J6+7W?h8)~?U-^KQ;SOHImJID9j<%k%u3KK7>Uz{RP0Run zvPe5Nd4I1EbPLW8&oKp9hMA~2-u#cKH?$Tr_wfp)dhk-=F_Aq}fR@-(-fHq@Zia*` z2u}dc%mycMDc~=wwMbF;ma>4B$u;Nand-9M&72gJO9SwrhRh_mxtO6Z9u)&7t{BvX zf3J%jM*Q`c>?DlB>{)jxjY9`h$SC@8C-hoFQ8jE(6W}d}`7eHo#Oh6X{!>|9=|i>r z+zB-5E3uOGGLHh)7OdO5@18kDP4_ugfGz27(H1Is&RRpbuY^d#m@ z&T#6~YSe9fa)p(qR%zU|A9`6SL^A zXI^DBD^NkAx-lMs@up>eZH;CR2jlp=1H1-Z)Jnjc=8E}fgGz2UMJ-AU8;HmKoq9R& z_WPA-bsS)ZJW#sZ9iq~WdFQTPFO*zlm1Jn!zS^ECiN4;b&>$ zPv%=1{)8s=4$LZI57Qmhgv;`0)u*`-9*~V62Z?KXYRvfIshS&tZu?WEPo)KD_VLs@ zn6ElYq_ar@@!l5{2~{T-^m9qak;WkudX(E>J)DcPct)QE!v(!zzuI6CB&P`69fiqX zOY#QW@k=>mn3R6aWhx%Jdd8B2l)qNVRlzE(ZF&)^l)d0-aupYkCv+e~N?PlX4jljTyZRCHBkK-nuU(f~&s%B(lSc=ZVW|N52o>NT8Xf50K`s62hl|eSjeo6%U4#4Oz$4O-I@#=@B#!k zADZ1SNaz}Zu;=k>T$F};RJpbO`_2757ym^VM4uq+iDx_#EM@8K3m;@;gl#>zl(}j> z$LEzDQ+sb{?JyV$t0=T?hP^0eD@EERLyQ2x5F+9g`{i&N*{R)vU>4SQCKqamL51U) z)u6kv2%|B$5&>zo=<2Li#26q|YG}2KWU`j4^4!CJt|SBLhn4)ecf+*kmV~`!X{D zrGHF`^=S5vVCl?@#KbJJwnaF@@Jr{*CwcDn2EqF?nby7fEruU9dLU107p>_d_S>(m zJQ5FbjYeGtrlGNC60a=1@Bd1E^TvJf0#9TSDr5Iurtb?sBz2^Lc8nM<+$YijIJl+@ zbN$MS%>B4um3V@ilHk2NO2OVlJH_q^{N7V`leyE!;#oLsCFKKpX`*O= zX6h}nQcfJ&{h;iY#14?tnBH$oD5L%Bz3N{9#im>WW$;R!1KwUe3MY`Ey6+l<@~Pcp zT)*i$U*zDO;ZVv1T*VM?I>`4r)-o1ZH!LorI2*rBS2U9cngxI2ASaJ;v;Jf_D z-DX>_8y>@(QNd1-hYEZd+ozL1&y^Vik2ljvtEdj(^!eu=w&YWP{*UT0Rp^BFI7QjL zP?-uDT9g&X6{WZUzL=+P@qQ0Wu zua^Zx{<}784HTaHu;GQM9c$x|9jt)2l#WfVt6s2ayMOBr@Pvq~&4W&ha>RHlSOuc{ z*C(e5?E={~MNW-449-60X(fe_#Y9r=9Q=&m2L9bMZkaPOhK7YPZe1LBj)>RkvJ+Ay z(;~L;m+d#kJ0C7~!hr*r-?`**h()K{lOITV2~KYFJ#~oEh0SMsYd{i+BZp1ejSE2iBEVMYxmJX4eA;s>V?yBoNViDWV?hl!&j^tvz6R<>8})B!9=UK zm0N8w+=!}2-6bWGE@Bv2=?rS+PR?na-+@rvcB;vu zpNFpMv40*~Jj$RO@DWdsqnwn4-0jh~C>!bf$R8=UGAQSBf4)SxpQ5WVkQ6M*ICvUq zknUQ+L-HcE2cSz9B23=C-YAOg{yYRmn(aN0h^wwxXX*>O02u4J`uY+|l_}Q^lGHS{ zR;db42kiKNK1vaf=B^5Tjb_WQdEvVJg76AffSOHh0f#?leh_16g$z@MYYyGt`Y2?~ z!M=jXFwoEmpb6421022xa zCfT0NWKSt$B6r+z0=O!-E=j)@?Td{e05`+1zbwI+WJ!41OY{e<7Wy7oG$Lj~B(r!X z#@o!dJ^+`culSIjp`0;;F3Ek+Q^~bRwVq)m5-mcthGdkz>XWT`s3|k6=S8A4GZS0e8bfg5I1a*X_cDLk<_%^9wBfQn80NLE$uCe))~2i()WK0L2D}n%LU+P2B$K z1(&S&y4k2C^U~C%ZQ#61L*33oSBZ}oC)h(N3||oTLgM6A=ZuteFJnXon`^H_)Z&eo zAC>4TUV&rpe<=1=t@OzU8Nsd!HFsQU>q#@LQ<>rn3La&edCk}D@Es6MgGwI^>gMCo z+@Q|R&}DaJps1d)^KOM&A5956h*X!O0`6JEh!Pm5LH414zj}>jHRlM&R9Dz?OIpuR zAQrV4ZLB+ywZqWL6t6Lx-ulrce%h%`5W%bL4u7>RaZD1pB zd{br7c*?8c2*~S0nh)%o2;L}eZ-qmUAtt2}q;$36;7{ME{(o`r8&d%B^=!3FitVA` zLP&gsK@MAhGcg1FJn2WlGR}U#g65K)vaP=_I60MIZz)-~4`v?A!;4#lAK4Ip#TXjDdfi!hiKyv!0;--p(JdpSHeklT9I{jCNTv*uj&+ZfT}^7bIS96uoWaa z`#h#Gi|d6#KOe7zPVjCUFAd-hJ9bTHh~%SvuOD1#ZypBX&)R0c@(hk79@uj@3c%Fa z`7tq$Cv3*jtDp2e-njF9D8wS(z4vwZufQ2Y`8eF z@i^2ry}&NcTt`Fg9N#$G*7ji>L#B;9!3 zqXB_Tl%jU|-0qoi0q#cEt^2wDWS9A`!gLAeZDR2#&db#RtLcyic@Ks z%E1gqe}NJ?Xead+@L@wRH%w0`R+N&hgo1!YS0WNOsK>wlgD0Q@<824q9s9w%%sQp# zJ`Cw|36k~k#-%E$G|+t#XT$fEx2p;ZW1J$(gTkcah(6c~aZW%z*8OYU4PKNRTNR9( z-)Q*(W=9>E59NK!ldow!Hi!VR@VvTZqqbl2d_>k7+?LNyEb*}dR)_Je(A`Xe@-YLN z2I5dhIsw{{Lr^7VI=iVaHiR|*A8O*a{p_G`9gKKG^*z6ByrUwe0D=5{a5@A9RSYKA zO9{0g*QfcfCe7zmQ(5d8sS7^iZoXXRk5Gd-1%S(fK(f}78P={pZj=W7x1*a>X{)>3 zUB9Fzt?^nYX-$Q?p;F4D`4$PEp^T!`>z++J={Hj0~6)0;ih@dC5byAy50zh;} zdG#}W#d5t3zjeQE4Scne0IPA#oW)gNxWkrUHix~RrM2PY>m{uOFt#l=5Zo3SE95(x zf)*MO5n@W-!D-sa?ibyp)KUe$O4Lr`h zIZ_av7c~IuNM?%Up>Zk!vxv|1DZVFzk#y?+%4#j@@w(2s+3dN-4R!8 zU%9IBJ?Nh7fr)0gFI!Pho{`Am+~><(?rovww_|+R0HBK}|NITK=#G1mS6-2U1T$N6 zZIJne*?ba`1@Vqb+l@k|N%D}DKbc>XF=#1S;iY=Ra(Y$alRxhy2V{95(JK+L{YlFX zxQi6eG4-ewJ~K0(U&nk7F72sTn|4#E&2VWM5xC|4&%^Q}NE-B%ESr|bXlFj(EKILU zLZ;7-=ONErS!@YEA2A}Z5K3oHA+?beYhWCLnWkyTmaRU0_ZZ(tzfvqTAVf*)o}_-O@*vn9B(1TXC{w$;Y7=j9rd{j! z5$**VVu-6P!?%+njqh+tqy*lXgrg!a0H~$WSR8jZ&~|+@O)ur9eHSUO+ql(oHvC=# z$&miWP13>*+a0W3?~IFYh9|0>qcZHDrOvv}qjQXk2M*5894sTd5~<%-?pP+?c4iW5 zGIAg+gG$rGz&-eB zjVjgDQff%Nw)TLEj1;7-{m>hqO9&P=)9iF{o0|rRv<3KM&q-3!j8PH)b34)W*zr=3 zQT)9gd@lb5pnq&p1-4hxQe+kqYamABCDrzd9s#v0WcCnZ0t0Hqcg($+u1+erdPo#{ zE>qYUkF4qt#IT4pOuB8y43@RHYOEjEe5!wykd z)zcAH$F=E;WAhsIQFFHjU1LUxY zS?3C5v+nnnn?TRVuhE#3ViKyI(~&l7(?%haI!-Y)*>MOR6 zF6+;b7UBnNvW>t0;ym4R287C`R$eJBE`-cI4WX_PdzE+KOAH$|esqdBQ(lNa4S{5Y zTZFa2AbT+a3r0kdjp_Wbq{$4Sg5Y81h{0Zrms<1qa>LkQ)VTFZm%|9`L+%V1-c+Y- zm;{CHolls=3Y@~z*Z0#xyK4tl_%I|;#x_S(yb!=n1~@9OO~i)nD+?_d`9<1pT#tnI8S=c3kyHvcL&CIsNO;C9AUbC{Rg#&ll&;o z!>Whq!YYWdk&!)XBNTjch~IZkc1x(L;xhZ6PPbs05onIhmKMey@1YaNyBKUihO!FV z{-^>Ugnns%?7}c_aa#+(r+b;T3^Tk|B~57;*-cGJBkFzHo)OHcpvtcVGMt>f;#~V` zdv->M#598Jhdy_c@_`n=gZkY{UIM^(iHKERwFVQdczD8rtb|hUB^C5PEL=iQH#i2i z$F#(=A0o1g(Y~k}KcWjSda_y@_aT!eOQZlPS%}lj#QZoqFHUjYQwA<)^nDA~S1e5I9CEu7skIl}~pPz|B6j9?<_t?m))ol*!Axri2{p!3m) z7(OXnh%j8AP<}tMTC~GvEq?pO8sV4S;0BFW`y-1d;N=7wV;voh2ginnC-;=2;ZSj1 z5h;2<)6Z8paYQvO%K$}Gz+@*Rl)nv3pS|CLf7#?Rdf0mtDe`xIk-$Rn+x-tBAqUp_ z9rNc;8z=;XQyA2`4Tfcks@Ael4O21wl`zM_DiKo$ z%T@(zm9{&%7dP2ETKphkX0sSL$S9Ua|7q3raf|w((z~TF#~KFsF>9g)+ zLfH177d3~D*ggKnONtOjE@J*lgv5D>Z8>=RFNSmFOd|46$PKIn3}NjxOG>09dhw#W zR`h?o0wq0_W&VzaQsK%wCc)-Dr8LfsJnEuW`wunp5L(nlJh*>J2>3<1N3?T;6Qj;- zq)7`ze+j2;WynoF~eB( zYU%2kD+NhIAXnxvF7`Tz3|i3}TDHNNEPq)S6yZ_eyI42q0tb4};262N7)_GHpn>rI zS%%7#Hg;xIE=92SMtNWGqxYSApFqXn}D zXIDsLe(hwoT8vsxi7~O75;K1&{2=c21Tt8O=5?H}h zxvY>jHvdkb)5rK2_1{L|A$F7OrX<+Tj)_9^1724oxiy;zN$Q^gem|&+q zp&qJrdMEi%ZS!i77RP*m>BP6+-y!E|tz(@(JIQrX+j*_aqMPa*NdYK{d{<}YwF{(TSNXW?L6b~ho#LN4^ibX= zs@>{eO44R4sOQ{9n%%QTV>8&xed#KoehnbU%}J+ z22EmWS47W;nrB>U)8@C~$C{>SQLQ7V(X{@2rFS>i#8L`_=~*`b)CZfHj4l&U4P8~} z%>EqJogzB*zU7=Jlhg(*uSzd{JE1-*Om^;a}yF}I>ylWt+ zquo6we+Cre(H^&|t*D*us_8porwNUjlhgNdVQfKvkBRX(KECdmk#OT_?R2jNv= zuo8$GnC;e(mhW7Wp4nl3d0$}+k?8VJ)$w1aN%dEV6Y0f?c_j;S0bCtrk~N`IHZRXy zt#cBC=>slP4L4)i6iw_0Lb8?KLunYU(4r6o)F5U;I`9NG@#vlg z+hh5$mZBQk=S!n+5P0j*v4QI)ucVF2wcli3wOdKd5ns7E2sRr`$3bs2e7KXG`Fa8j+UGSg=YAvd`jnGbqpK_+O4CQj$ zpScpay}F7!KvH#ys5?3hHn+3}1oyoRNej?YP{g8=tMyM-M0dpbOF^q%? zlK@8v^lqsjPhc~VjEH=hYG1^ZY#G$Tk$KCD&J^nyEeFMf^q1DTq6%ZyH(dlDl@`jz z&4T(tE}defm%qKg-+`` zsKatGcW7e(&KG`C*lw+({9GA|9(0pa9tyPzuY3lrwNfae#-4J z{O+=2@WT=1HtFhlh>zQ|sw`^Ow_rxTqIZ%YayRZcEXxzJA0#4FI`J-;Y|(vCMTk(I z#`F#J*kuX3F#2Yff&78OF9!xzK7+O`FV3A^aVvkom)S9Q`xIDI>&-TlWxgj(DYC$) zuZ9O=E^PW`rdwJ#yFhLBh z+k+sn*e5GS&VPw+fooC}4s`aS2XD|!-xD@XM2YSUOnN3CJW6LUQ7)N((SbK8AcPK{ z>BmOwXv{12s)02M#aghZg=W%i9kTqg$T}~&PeRZs1?6Pzr2!Fo@_Ej!>PLJVNenX& z5+9@E05HBp5es&?LM@g_Bz5Ffsjy!8K~X?+nuf=={#9wZXi_?1CJZYAvPb3k{`&17 zn{e3ouqOr{A{_L{mB2c^Je?QuCYcxNEE7o&q7~I{!l^o6VCqZSR|^92{?Q&r1$_SU zBTQS0q7efH|4K<20>Z(L+6t#S{LLUdSvz1Iw3?3k;xeI6fVag7GvsCcJX1L*jFTF4=3VH` zJ(W}yfwkP0upo0M1c2E>l5Ev98ekYbv?nIEIoL{a8?H{G%Ja9q#w1+zhDld|2^+z& zd)2V$rCdr}ts!E?Wew{oar#}SCSA)+Qg>W=OgKP_aVZc58;_BKRxyp*)zMPFB;;}E z41C28Y!;sMZ@ItkfM`Y#Eo?Y~tQQzB4{stK$A(Ks25-SiiGZAOtOG< zaz;n>kEtRB;1wDwD_E@zupGU%2f&BxH%$eMdQs(_m1s-E*etz8P3gXCCBd+bFA0K7 zI?mY5%2U;(BwJ%CN-$Rtm{~yS$Aw5AMVakR2DDp=lSlwc=>ZZJJAu&+^BQ875Gqtx zB#x5%ez_F%Oz*?$A~we#@Hi8Q`fGx=T^A2@%}h{)(3<%gfN~MGHnU>tI%{L9(>cy) z+X$ZkEr0y-uLZebn=g5Tzn_`#e$h+g%LO?BZGx44!3L0(i$&(lX_}ROhl98XRcQd? zw0gvv$x8Sf5b@R?J=Em@GrfaRXVj(8%-%Mr+lG%KjsL7|pudHYA<9WYsQly7A?#&D zuPJhFR~-sPBK!oXfyF)wy(O>NMjQ#QL*A{6k{;kJ5$K(sZQBHZDv7GO>^%p$MXjZK z5bL%M-}@$gWo=yMR28kl?j<~=1zRdNY8ZAPmIB+i`MpWEB}u3AB-+FJ3a?k!#wP~! zGRe2Z4zO|o&BYnuSJ|%$Vz8pZ_VkleKKIVt3-YSKAE2k?_wXbxX2cvCFbhjtT+AUk z-WF8$g4ACN(4@Mw>pS2|6CCIZDE3tr%_wvvbD>#J0lR6rb`4vooiA53UJ3w-_RpYa zC^eZCC==nTKxe-LYlk3;8k!5rY?P zv#Gzl@DnDUg@GMm=Rp}I7w!BoT)^qVGzV0Xg*pnP2eUrSu#5$*u;)WLtV4ngjDgQA zdNl&nE;5t5pO{yu=hb(Fw7m;b!6S^px>JVJfh!NpPch@r7a}IS=YG3SwqCAk0w$ zh&^A5afqo@!!k&0TM%+3d#WaKJG8HbN76YphS|*&U<5B{CN_({`6Z>FA(qgNXu?|9 z_T#Z@e6lmgVB(q)_F!9yWDQ_;%!{PMOyD94q_~=huVBH;pMO!C zr(*tfIgU2XBw0|4IU~^kQ$Vc0SS+#T2`WqP%9AF(Mlh&PyqMR{&W>Yy)t%4hg#Bf2 zvLR@`5bD*k0; zU%ehTqsZyeQr8o^h0t(sxDLL@Pw=`MS{)O(ThjR!jtBQrQoX04qcr;(lVDr=iMpfT z0^~zdf>YL|8S1Bh!gsT(s6FqixvXGsp~qpZ^+f#?16m{x1yk-z;l3I(Nn4+=fyxda zt7#y0dZvPXlPg4dj>tJX7O$QMU@F8Q@Yue@Re?N>31~d9 z->l*<%;2;#HcEwH+BzEV#IgM60QO$MJbeUl%b)CvkUnz425rps&jSgUC_4Zyb)5R< zm_Bo>(`K>D{V@xK1QY2n^&fOv@YoTgQD1+d)@OM4nYaomo>AXYj8nC# zkUjGj00`XKL&fx0Vby3Ky<*?O44@ii{MS-7;k@79LMRlv*~xTSERvz(*OtLK*Yu}L z==PPV+k&S6oPglcX2^`f^8pkSI&1*j;VY~?kHhIWuq}-W&rr<4Hxx?6Z_>|-*IX@6 zmP1711g#8Qw3qAfLu2uL*77c~WA!&DQemi9%H4se4xmB8s5xiTmef4?^<2~BQ=HrP z@E3X~io$d;ALn)ErXjztYE9wh0US~@%Yw+u$`y2p=Kw3;d%yXbh?64w?;EPq23FHK zB#uWhi8BR&{dx_}9#Oal^rrO{3O^a~p765)8Ing(otOH+))$UOHMW&v?n=I~a*YPRY)Qq;26fYj?$6V68mn6bGi9$lPM{`ts}N9}qa| zdv}Kn7yB=Kmpt0;GD8^<6`qn9fD18duKj_B{N~V^p%xY^t@>F1i0e!B5D17%?ipxM zx@->{Ww+`b@hENFTq$DSS^uJr=JU@D$1{-XY(j%r@35Vq4fQjQ-*`44e zFDn#qreRhNy7txV8xq{g)>jhl^P%I6b8GWTHGxhyp!i=)% zQ*%mA#+%YHm{3CFvjkJS3o7#BXi68CFLX|=RLQh#2qy9e-3V9= zQY)+1YZ3vq&x$p1Diwm*CK6{NM`RK_Gf2iCB2YLFhqVjfdmxa#EuGO@Nr)t91CC$> z6ntlsFiJ-i?NQJVbSLh~&Ecrm)F<-q9a&7uj+&)?ipkH4&)gsG0>unILtdD452;%m zydXty-Cnof^J%y(jYcq9KV4=&rO+E>`2L^yhxZ!#Uj(T;g=G44++0V z5Q;QHHaPU!?ft$;L}4~4rvk4bZfg&@WB))({haE#2eIM)kh7#w3Jk&4O^E5Y`5F6| z>YLJ;T32Iso;pYUKs@+O{d*pNv5Lye7TFRm=R@`h>0gg5+aGS}S&K=g4&)_eiT_Y5 zC!&kX`w~9c)LW)H&Y=+mB70=*H!SZ~U!gacZ$JFFson-wYw~uu5G*p|Ff-CwIU%;` zD;E75bN_TgZnXX8&N>w*Qz1Xr=1P|pM6GZ=hWUyn6D%;S9!1D2wTW!?V*EV!=YQ7X z+I!T%z@leBtY*DrOrA)@attGz(ydv8oJsu}x_cmW+%2@V0XN19T!0$ma!hTHSV&2f z9i|4qkhqQFHH32)I^}pgW_K`W(SwEuPC_vwlFd6@BXFxxj0k?l{W~89>QV0aN0HXW zAV{WwCXW%p8LpG)}nc*B^r{SQp`tDbbas zs-t&qvSu+svLaRr+Mzm1#CDAaR;UJMWJG)EdQj(4ily=z*qi?AFt42WX0$=^ka)#^ zb2Q=Q5rBHx&drS8irSrRSAyB@E6FO&O(NF&*nWepT#E14j!CKtVJRxtscA*t`#N`k z>xtyRH6~6wB4FT8B$3hTGv689?$8jUiD4-)vfpMzCj1x$!`U z%TfnJ`9TUme!6+N;9J1vL-TO7JW;igLqy7%p<&IX1JPbYLX4Ew|DfD?gB?`N7o+S| zWVHOU;XJyWu0h?xYAH`ER91?MT-9#JzAJ#n07k5G6oWMrbq4s7^Gj~3)D&_ZM8zC6 z>2=#)3iTp3BzAr+T|bHAK`yb~;aPwFagiV^bZIeZBxaUdCF6xtbc6uo5$$oN^_?rKqNE~(IrfpFg87DR$M=QfiF{w-0`mI< zvYA2&m-><0-X;%R{5}`8oMcUitMFssO*jj+cKe=Jv4!N0L$yGVjv%Tb*|FpR)Qy@%N#T1@7Q(Nm}rqWJEo zZ;Izzt?PiCudGS`NQdiPZo`ldvRbdx6IANuiV zvV1h!FfkMD*hyiE4!V3LtvnW+Mwa}93kV|KoC|LH9=pHAS+nVkr%$<3qJClw?f1}i z#akSQ9KPMm%pdU0bq&^aW!Gk_xw5yfi}>eo1N~_?o-M;}(mcANQt$z*Hjq~XbvwW@ zK2f@Ck?*r}n#%iTW=29O&GjB)3k!@PGn(5g{z^4P)w z_qvaMhayFD!P&+6{f&YhAcq<)ns^q>8qHXlGEwiYd{7Xqq;Yri=53lss<8NS$@h=2 zvs37o;9zc~jg~}ctcsfm%c7%LCR9YTAl7Ad%Um#}oIVjbV1a=(33DwPue&z{A2Mg8 z>P1ZL@KH(9E6ya7$wD3~w)dqv99=AbTCM!JT9NjAa1?3CuhGf?F_7I7`d$BEIA9aT zl!kg!8edt1FpaHZfaOwjtc2NwAAb=7Xng&`G{`rf+URtIFK$Iq!D5bmO@a=YXnXj+747e?OAxHy5EfRg(>Oz^5 zTo(tWIs2%AV`B1h+9lN1;7gKui;;fw7N3NPI;d`X?k3d$T(j;1cDb}2j-2BH2u7BB zIZ`LBCKcfp$YLybv0L#@tbym93e{<8DRH$s22{Mb1+IdTyuD&3Uo1qd|3~D5MhXH0 ziLWTPm{m^Qu@Ey`q8BgW@(*t}==|7xOd`}GZh&ux@J2C@5g>}L(q69FqSB)Q!_p$2 z_V;3LN+rFLsm^Y;kd2Th+VsHL@S}JU+cqg{TlN>t&EL&=umlg~^lGjI-2_A;o5>?&L60g>7+M#5@2vS=!?T(gt}vO+p_fbRx%8fv9ySwQnDIF!cZ+d1)|2CZKs%O;lc-sTmxW zUly34D(tc{#hAp9?OszuZ60T9`llZR zka52jQpT7HoVUTYe%qSAtWmcyN9<~y$L6d^yED|S=QW(P*}#Kue?4|o@R}X{Obj%PXlj-{QG(x_5b3<%^*4yBY z!lp+QW91Wvr~02KV5VpXaf%R}{2Tn=CG0*I)bdGGsV#!&Wh!tZLK`|Fw%FV=_m^lg9=?*w<*dBK&x!#_d zP3ZWCaR6i8KPF|jR*fSDhSXvdCkBlIX>v@ZhJd-{l0SKS52feNw#>2jguRW|^Ch5& zl=>?nl(FlwG{kX$hskC1yFmB%(C7|E){|tGtTztfxvizjxDy;Ud*cZR3TM?_cL_gn z^4z|Q)+sBFqR!^J7vEd>_uM{&Svf1KU*2TfE3~73wEPbMuF36(hM`Bb?@3sx|JLhV znV=K*NOXQ#<+UmXX8pLeQ0E2r!q6GtR0Xm*i&4nzJpw1JbzJCkYiDwyMkb;EBU#;C zqki_x>j3>`vD&wiGk2BpQ>S+=)lf_K1x>;z%qWZU5&8 z&K-D`kWZ+j<++yQ=c4Fl@s&7hCOkP@gQk{0Ps|H$>+zl@HK$cqLxz1RQdD3R`}^;I z;nUCz+?}%~a6#_Wt}{WhfLx~`ukyU>TlP)=P-7{fAk(O}Y<2j$VHm|-mp`*gEa=ng zkcBGJ$5$`i#M5gVS^T@sDW@;tHJejSsIG((u{&Qlz>CtPnmo={Lrg<&>p ztDSTS8^t<67dIa95uI6@JE{iVfZ$5c#{4$b#pw$Wz&ARSI&OW)%x7jq^Y`a@Q3zUJ z4Yf2`uyc66Rxq2d=U-kAFGKk3AxT%+!(ycwMDA`@0q*LUXbex4!gD$WIbZ0%_fbha zt?k_8Fg;`+-XHE+Tg(6l&pmeo2+F@fU9xfK7D35i`KgoE&lB;L(a_-hYr11+-+WUmx*dvqp79@>(+?F4f#Fn81OCLtDUkWe9rfaS}j* zmC@DRj8YBA|F`z#;A4B@C2H=8Y@s`oj7a+byCa!AGt)RL??fh4X8)&V=2=r>7<}%S z>CgL%4FyJr(rB@)YFn6TREz}A5@r3~EZsJLz9-D2bUR}>h&85L)O)GYNUaCt0Q3G4}U$?=z45Cr5I1`l1&pSS;hruY+=j*tqPqQYzjAAkIX z8CSN>FoH=ha;B_trf`sB@m)6@Km>It${G9V?3TgFhde^Ue0Vd>+PZiYu6d2QWZ|ci z$-f01C~(TOyfx$27b{CSlN7%5p)qidjIeY%JGzl?nl7&Cl+`#Ny2nW;vqwUW6-0=_ z_+1zNi=rKMAo;75D4i`N0VNO|l@kJh zJf3;vX;PqNG95@Lu?PWixI7y{t5XsnkV^;mL~2ZjN?;e0;ZQaBUOMzIFOBq^voM&x z*6CUGZAtG?^n&f+ueJrH#UEhiB&@ik?oCm~C~HZiOxJo}I_y@HK0ro{*h_ln{x|n; z*wp)15f6o_@0Xw?0P+)@z#d9?4+=x8#yg-0#e^{y0vJg>Dzz(=sE03gB`8MZ!j z^F;(IHmo0rK8T~@P`BKh4RBfy>^i=$QlK0(0$Y@f z_neFHW{Cn>vCF18vBDR>PKS&_y@)z=-+hx|7&RSOX7%}QICspzp1>~{5yWUnMZJj~ z3Z2SBq_S~kgE7E%Gc8hPDzlVDvE72h@+9e&71Hm*+_HZ-18OVY78LaSezBa8>;kR| zdKmu8jvh$p45Di+;8vB@#OmB;6-UrG(7jN#9v9l$IsUdGtx6vioJv*~Jkv&8+cEtf zEE8uKgQF}ZD?KF}L49$@-b$=F%%4<%^;^s;<2Q6f=(R>fv|C!2HwG%BldBl0pLMqf zaAem0=^9(}v4InA>O~CT0@J;(mmJ}122aur*qaS=IXb<8+L9c@ClzXAwcU!oeZt7Y zI1dp~DiNYk2DNyquchs^=65)4mj|FHA71@?Vwkz;rUjPA8@A<%jsxu8=~1|CY8m?( zGbeKgZqsQGTmALX;IISy*bg14=z+f#S!jWq;jwweAcylpSaZT`a{=w1SOb zr+eAK!hc}ay^$L1VQ=RS;pO!WQ!sorg=6TzQKE&`IZ&tO?mATwFFt=PVpj>WcjQOF zi{|rC_y@D4hvi0i-GE0?U`^ob={0OP#0&{93Xa>JoF$n#jKqiX6{A?m!T74^0q4n0B4@;BG^7=TJM$n=!eYHkUYvwkov)C05KWj>c^-%Z;1^lz2 zzPdSrNx>53Vcm%wP2{H^EXcjI#cSx}+)cv?YKSX>#{8f}ibHA3 z0eJ*VDJmOn{rov#A9|cue9HhX7GHUul&_Tj2su4R=Cwf&Vw!Bd`rHfRpAkTrUm4Vl zp)4H^PK5fGZT{H{c&m_w-lZ6pzO6d|Uhhpjn5s$0t&0P*43~XadUhRiX7i=x?@kjH z`#KX-k1|xl=HuM?OdI0;6X@qC-Fiq_sdk9DOswH|RiLhyPaU|-Bfhy1|5}`)dKbI= z6Z!?pgBL>$5SJ4zGfA{YZ}<*thdan~Q| zymAl01-B-IzV8n7DPF&fTCS;fCK{qwa}nN`9kvt+a}I)}k&4aUpjZp)wAR7XB|9*; z%hlhE`K=Z^CrXjXJA;F4RG~-L=`Ngv1d1dpMHaD-O_o_VvBv>C`&%v*l+f-F0>v@z zt&b`4xd6s*g?!$CX{KorIVm}bs-s}3i=LBwVNLM6%S9Xx3bdG7mq!*Hd^~&X!@~r8BZq~%eg+EVAHxb<&RG?;}}j0J%G!d83hU%)Va{6>W7A27@!ko3YvlA80V2ZFZOz%(Db zXQ?p83wXmdSp-V|%Hh7N)aeXy9SSW5rcqvfg{)iC0JQ~d zZ`4{Y17%<6ccg!$s>?#!24Vc>gJPzO*`^g$v?LjY%cvwb0lXk(={d_Gv(Ih{4i!s( zzkb>Lh=0VBOS><>axB-&clk@KDTOGts&o8-YV4=+Ob3{W{gHhDIrFqgewAMEnSLkD zu$qLTsW3504k5eGL=(fvZg)_|ES4(P|I6`gFuYy^!9#!1wotGn^|@|yiW`rbGOEIt zRx5qaw;sNQGrZVxs(^97DW$vAhCK0thn#@P{Xx5TvlErTQYUWsYz*Q?C|U&>@TXauUv_ z3ZKG2QGC9zu@A~0TdmVye$BOM&WVU?uc^Z5{JpF)cTACL@rJ~|!3zo{py77G1w9zh zw!^Vs0Qy*7#A6k<)dPSq=h$;)%Fv(BVJ*Q&!OCJerGdzI1dO$)jmTN?IhP8ki{g1( z?Oo!LjC~F*C4IPyaGHIIcT`Dc04w1LVo6dfN8Db_` z_{i(by*eW0S{GVtX^6iW1H3FQKtVh<-qWl@r3ovqcDPIkVB$0W%vM%%-yfWIMD}VN zlXu|6P1z}DxAwt=d&duS%0JEiy(k$~4stU}meBxfJTiN($GrcCs1Pq#D(`~Z(f zHVp%`%6bf!$8g~?^5|6ny%1~=(D6~_bnnLzxsPw$C)WnlJC`{n7fl#o^G6TrLx>Js zF3c(SOR{yZ&5`=(%1=57&3@t^nshmSo*r;8w>O4&1%hOK!P& zhe%^6{JgZg1GOllHi4%Buo7~f-1}Kq7WdjMv&N%Jk}5)2{xZSbG}!+-T}$@~vCfRs zrUO56Lzp67-n|g$TMX$XQ2Q&DW1C&H5Sdn1 zGObBFJF7|@A~$@~dh4s<8IoE#y3h!+iZw>Z$Vii=PEurx#Kzs^1_KZzJ{MCQkqi>0 zLWp&B)_?zt&363*;0=dy`K$XYtz9u<`+T(j|JyBFta%zCtj3+_l92MH&|DL@@FysDl^>?k%q-i90R>$gTDD3UYT}8 zxFEV7l#-fBZ3?D_${nN%Lz%wMO*oaylQ@+O*iEsfnbx~L(%ZN17%%owPi|V;9ugqm zP09qcF7fVT!AWOq@t4A~#2w%_xO?-=t+-@a5Yk5(nqUu55`q}RpBu%TjPIbIP003T zz6pLY3(N(?!lYHGs1&UlhmJEvw}J1Fl@)e4Vi$9HaZ4gYXs z^~`R44F1BXK(`xf%X@hDCpk2}7(hUtE5xcOeQ6#?4eB0&d6z;&9wj+a3g<^3RxvG3 z9*joiAkqUL+-6R!;zh7F3lho+Nr|1(Yg2;K@3Ud&(ZOn0>p-KGFei{%eUV-RaGZnSlx_B`XiwpH$`I zDALD1BF<;3pM6S9OEtifPv}&h*1fGIVJOJlMf$i?LV{;Q?&POuO1Sc07L3B2>`FR* zZ8`kQCV0A#&dN;E&oxjUpv?R2ayok6$$dXk^L@y5#cF+9aujGTT{H@Gc(J4;m=K-* zg03FT>P+@$8VlzE6)p#NselsUtg)bCv(zq~bzg_5pHGUY$GHocIx?`>9tC!BC=>hF zX=~r6+YrH#0vB1PGB?v%iDTuo zszM0IIY$%b!+RS@a$ZHfcg=oqUPCK)^yPPlOji3EbP%t1+(E{!#z9a|KEHRMkSd^Z z5E!M~%RY@GY=#VA;y6cC>+uMbZl(sDpzQ(K!8E0~!x{4S$fmoS?TzhGxnYB_u}k3~ zEAaUbbHA2t4$Uk&;_}7pPnkshDvniiLo(7da?#C)D(}soVc>|jP~0F0w?WM2osYJf z4MR`gt6SK;ra-j?*c|<2NR=nYpoKo_Oji8kc=Oo=HvP7%%x2|zlgv=(^31%}${#`! zFd95Xh3<(|2k);Er>%HNj(39E9o#y$$u7I7j>Y#ie%hC;0=q8|4a6eY?y7jiW5?@!Sq-i! zdFzwEcPB=9J#_Pk_dqZHNa*hg=Je5qI*5QKdas#|Q4>Z6Cr)9&`13|}AGCjGo#PP> zAM1nt;|hxT?ux=qE+FN@U1f25qkVE82tt?8mFR*;72o0d;cqPP-pA_E6rL;?3N_RX7K?Myq8=t6w<=)4sZ37g-iDR84LH!Fwx-F4%+~P zg2@-baDKQVvNB2o$S2obB-kb>DADlVv=8*K^-1(XbcPjvXy{l(-ijbSMJ-C^k0t-i zMYDwTX5iv>5o0i%1O#HC_d$-YuwfL5y{oTRDUeFN>YgrcV+1a1wa*>lYQuNBvlx2X zV)T@P@;6YIYFq~0(U>LK%Bcp=dZxSD;k@J#`;gt>jSx>NP32DhV|$_>3K)1LvtZje zK*ZS5Y4T+L}MF&G2hq@*LRf)$XQ-bVD+W-yR zztI(*OzWCU|HQc5^NqkhC6xL@NFHwn_Ne4t4_3r2P`H@=asksh*rtSU=(Q?SkgQSG zRNI^bYKWWYbyd~1UoP9&hT0fXoiK-0*&it{hn+qz|YK2PAdBV#^Uj zOUak=H?nT1n_(vfMBkV3dMj^hCSQ7zO}wX1{F80!5@H_^))W=uP-F~BB$@Qz0Vdv| zdJi>vQ z{QaT?tL1&s5MmgY0xkIq5g-0Mlc?4<$J?Y%}rNl|$C5Cr~d=;bR-FS`u zDc|Bq-JUvouS)g0*wpi(kX`f%sL3?DK@2+$Nk?I}jo-VFT5H)$PV9wDv|Zm+By9hKYAo)5%$S*= zh09S9d!z_&h~O#cS#Sh~QY(E?o$xC+n}+?7-|qZkOqf1j9b(x~GYRJk9j{6H_Ulxz z&#EwFT??VnYRl8^OlWeYcpP@|6l{t?Dicx|C-6@boy%*jqjPq$SBMk39oErU@7k@O z`fdhpY^@x`f~J%Hh*~OS&Rrpv%U{Fr2TCDQa$rPN>E7bEuiw4@DL@cX)1Q1NinGxm zh&q^B@0@*`u~=1zpfKCdI=*g~SXyO^!w;m6vDekUVT0~hHA%Qgcj9czHi0YWbD<Zwj*sLV$jjqLsK*j@y2$X1j6GD#T)@GeOb#c|R*bIbgRrezaoK`E7|D z91)tqWH-u!a+L49##Ir(`D6TqYog|7Zb5RHZKU+8ClH$<8gi9J#e^5xzYV#CssW>~ z^SEv#U}g)ZF^Ov^U^EC*dVMh*(+}-g1XQ&6J_lhn*Uw{|LZ(Z$K0EU6h4-7ps{8)P zRE{79`VMePm9#efwj?lbO~er(H>Z+)PHDt&&W_GA7);h|;*CG)=n+ksJ1VMTh-@&J z^-zWNUMx1-Fj3ZCgXP)zR_@aU4uv3aVA#I=cE5bFae#~ENMS(DAD0;WjhHesgxCGa zO!v964D9ZqTc<&BO)d@Wqiv}vlGCR|3c4mw)h^-V%h_SvOU!$CBN8ETIvX;_H;LIz zjKdI(tF#{M#x&JunJ_3IUZh4vZSIW#k)r_}WfvD+wG8@3q>TFw^ACfxDjveG8LR

9c#_jEJ5)h`VT0itWFxU38YqrRl7;B5pg)@8cn+6b_j^w0-&0 zL4ywT(BLGHd4Zcg?Z-+Udkxl&nI`8*4!D?YOC9$zMi1jRal2`m9k7(kQEn z&S+CrW?@uq>+IZuDa7Hw6n787bdN}p_dfUKlj3)areU2hjpgHaP-dR>FE4J|$%PCI zrxe#b=ENVIB=?s7Y#568=k-$wByt3K5}aG{?tUJ{0ws64KH1?=DOMK4mH9e}&Ckj8 zgJnYqke*s|IZ2 z$&1;gh(+!OWPog|2sex>Z)ntLDswWgTaG9IqRA(e=YU% zkm8SQ_UEdmReHwfccE;UFD*jxAd)AA{$IYlAt)RmfvaCNP$@*#gq4F`Y(0sFw0wMXjt9wXZHNyvhh#{8XU*d#F7aU5 znv*@#H$PxHJQ+RANkQo`x{FUR;4J781VY-xhF(XLGx|IoU2Vt8K7$Z-jwk&SoSB)|QS^|4 zB{q=FgV5*qR9&}HJdY;L!PU8j?)3-8o38jX;aD%~Si($-`~#l-#&L03g|L;%XBs}J z(dC@!lvFtn8H{C=Xq#1=rycp*%{YkWT?*|9?b;titpemtz^Mh*2()b5J7Oyus7pFE zlt6kn?p=d&hCt%zPzpb=YX>&`eBX=PiOXh>+rbv!dyp{+pGHq-aA$1nHZ6VRlBl@hj>8!*q8GR%{iG57)T!B-fk$WB7C#tzczOX*U?b3pIx|RIjEF}1* zNXlLYM6t(9<5S0?8kg~^$lsnYs{ek<#fkqBQ=*8?G!@!aXAy@diT#0+av2-~-5;GX zJLlg(tdkusB*@su@b49d8|eem5-7wA=J}B;-JVR|m#YeJ2wi(df3J8Jbv@oY2u5?$0T znrMvclnuOsnk9T$dvgqwiicw|Wn?b#eCXSIQi?zZE>B4Ez6{KY<#@swFUf`6GhTxq z(f2(hchG?B>N#Q1@5fuAjf$%SYNBT~>z*RLJR#cWfZe!#OL_FvTng2~N`?zFOJwaV zx)-fW{p$$5{yf5zGn@?afW9 zV-niA0uKop5Dv0qd9j8N1CV(p)!E5ZcGIDb^!IO?LzUlYe~zqgLN2x91l|j9KK5)0tBmOAv~Q;jBr5CZmxKqhJN-Wd=mvK!f-$9}rA)#nY( zT$l|Q(pwY10|hacimFV{{X)#GrO_r;p}&WtygJ_SMc{%o9QJO(Ts`c%F#wJMx7`=L z3|H2D*b$>B=RRp`XJzL$E0Tr0!sw1MTV9f8NH^|hQ0-U z)b`v2i}@vtc8_Fe zB#Aer-jcL9j{s13AB>?PcK@-Ug#Y*_^oNm({xO312>{xGYlmm6OqX%7(`bc=miBUw z2>n6e_`~0i?7U@3m7R1{#?+ymPt6+?@l9#(2ixe=Vmo^V19z`Os|D+XTJ&i_{o(_c zFwLT@LW~LD#^Pckfn@XjMOZ%V5^-d!Gy8V$I9vz777IwRz{QH;C-n*z{hL0m3e z-~xXCnRbckRZ)JQppj}FJ#n=w;@mE#cFWYwrkQH^ zp|94h>l*OQDPyrESs9#4Cn94O17Hk6mW%;ne$f>_h1~q;**@I=Xm?Lq_NB1J?Fo@J z@!=h`lJb;|9qBw|)>AfYn;|cu3Ki=L5gtSD4w{SqIgUxiT-fEizx%&pKQdPA+e^g&nJuk^Myg0|~M_#Wrm=9-sBSvLZ@VEpz zO0^f@=-UQ{GdhJ*b&|q(KNtgY!j#3du3Jy@#DGA8@aj`R=Yr&zer;Z31J|WM^IBTa z+S}*4{w@u2TGC<$;dp>+`N(-f(H4SZB78^1!n?A+@@%#JMSvzR&JT;=0C%#rR+>q_OT*pzcSIGvaXmwf z7axI+XsRmUlJU0&dA9c%T$x*N9YfqQ} zwYV}{$y6Paua}J5TT>Pj6iJ%ao5)_QGx3um7FL{6;DB&~O!aqb9J7(0=jo~mC<|Xa z70GxwTY>u}l7+QNl17b+>=2Dy^m=C19_{BU0x={m8Q+Yk?1OMLeD!BMXK(wPxSbdZ z-xCn`X01m?q@qL)-V}%+Q+3y!JHNMo+>28O&J#N^)=wrbD)+Qw146R*6N~&MyH?DL zYg}y-6aR%J_QVaB6b2)EWo$Utbn&%B>ca(F&n+9b*eZE8IrVVD@~!r&m+XBRJhq`A(oVxb!{^t<90TIKD(U4mh za}X`#^S$huAA|qPz8XfKgY{s$NH+(GaAwwA9V*C*@&zCp-Y^_(%cxFxkAdIQMRV$5T;u}b-cBPw7!u>S;?z2YA9~R9^s6-V^Vmf+E7%JbHcA`g-OuEqgPhS7&PL{^?8J1kuG^p%#a82BGH&QEJyjg2u=r>4y7q$zZMZjzlMR zeKbs6q!}lJ_zNGAA%PqSWe6XLN6GeIO20;8y%s(8Sf43h<0epWG3{OrleMl_OvQ5x zlv(!8s=+ILilmreoRl#*alxAxlbZdY{@33YvdKnxzi@DrFIqzhxA>M}GvDD6Z+UcV zKjM_MY6K-wQf3xn9x{Vt<`o^}LnP4Mm!4?S%c0*zdlqV^l%x3(%YUf=w$+rZ4+Ohs8FmZgl>%iW3R;wZfim}5Ned;%#i zPN_604{%~*UA0*3FKS;MERNpgq z4D9K-u}P{ehAb+`AtGw=RCu;-VZTO-NRZ!pb2s|C6zjDt#sIV-Tj3#z30o%k(-iR| z!%^F?r^KNPSk1Vfzl4aXkuJjYoaq+Pz5B+AJJ$Q-`s&%}IA9=xIXi3&b<-brCg4|W z1d!?w#q4$j<^kx@(D=&*`j)~8T-+%oDJY;keq&X%;@9Alk!q$kh4&B8#_QhN)OVif{CweTN|9If@DAKBuuLAD@ z;Rc)$G4WZ5l7CvZAXYBIf@L85SbUJMKsgiOOuP@S$56kB)Ce zFkXmjTNF&9yOb9b+%_QdyOe6{xnG1T<>pYNhX?XA=O3cVm^c=!6Ed<8$|=Rj*GnMI zj4)5z73g&yiq- zo5%JH$`L4wx#1<VP0$PsSo%S)SNcqYcf)WH0-=g2#hBm%Zi%qP}e=2#s{LLEAf zA)?+$8K9A6{3ZSB31zu+s}?d0-VX3 zr@IXX=?*yrL-k}V$HkX0UMAlnwME|bMa%}OV-c!IHjFHL+K6phb7H(suTy*(P7ht? z|D}6Vq_H~DfEQJ8;T1+Q&?W9w1hp%Ki^6d@nf|udcWO+@>Ksz7IpQ9MKlMIphm5Gk zM_>vE&O>YdC0=}k0~AXAy^=l+mdSu#FdR4#pd}K~Kw#-cuk|Ds9<*u9e4&l;?bjq~ ztd$BH2l}2On?};NfKkECDTE>L7xr)20-V2UDta<$Wh5R*FvP;kB~y%1lbz}Z07M}# zA(jhL=ycmFRPPI|eCpY)r&f4kb~w|h!k>Rn)2zL91Srm?O!8F&r~5Aqh?b5qQejS7 zOb7gQp_CqA6qE6qpYfoz$A2h8ZcVUW`~-C0WcwsUPhTfdYQ;b1$;yZ|fd90cXc*!e zDlkx`glX;QBX^hsA~9%KF4A!wc_RzlCtn36c?dV;zubzNIfQ=rzxXy1b%0&Qg(J6X zifdHpu=)}|CJ>^1;i+LMNxlKY{Zn_v5Vs~oeKhcAt(5b3GFy zt2pjE>H`)01_eF4dR!)VhynMebu7c@DXYkwkt+WRt1j-Vz@&;uvMClavY1kS@(zA| z;a&HeaY^y@@_8yPA=V#;ut7NUh+xuCw1lchyW4blb-2{8_-k-Ts^%@J&(%ssEy(_z z3%=wJU-^1kD2#7ZGZcMX3WuaK`!!qzvy^WQmoGrMmpBC?2S{S_TFlXK5~jB}YL+;o zWK}#cKv&!dzSt)lN4WhZDFEd(=$E1E!e*HchQLu-IAp2f3i0>{SIV8@gBG1N8}PEXD?hxNig@FgY{B#E7cG?LjTv)9m}C$_O=wiVrm$ zx$k8FM?kp0e``WJC>2VK#I=sZkQMdmZ>7TYY@yjSrS`yLW>DFuAe~-Wjy`F9RoT4R z=AK`-Tei@wMbN(JV$leQj5dhxLIL0`v49wNYSQ)>Gl#_Ml}=Tc&nx?nFKYj`ShpYC z=-$u{K5I|5NTF$|0D}p~Evl1w9tyMepc9iLE|QP%Cxc zhs?kn%wbYgPkZ9~?MR@q+tGgjwx@MH?+)NY-~&v2yFhCe(#&Zru*m=$x^adnAe6%6l!*GdRkcB{DZZ4$&k?ad3y{V`+78?$I{0tD2WTf zV|^hZOQmbmb(GCgls zkrE!PiZ#vyAW!zSfbA!q`5)_RJV8#*m9oO zmwdI^|F6f(9>((1`_TESZn7{$EgdhI>=AeFuySz}tc}I7>Wj4)>{z(4V)^C_uBu$a zMZGZ*&4S?B+n_SyoxlU|gn0Ryj=wNX*Hp}7rnVQj@AnR@=bgvJODYj+bl(xLb{Ai( zJj2>A$>O8@3u6?9Cu$vI^+S6W0NkEMZwinkrc@?qJcjy&5Pdg>3zR#;U9Qi>gi#q9 z;UUC;U3vCpNKkj4)Le$Lz^$L|?brnLRSnrh;%0X^H=N3e}=b&PkJJ-AlK@*-KkP z!55JK%#^Xml`P1#2FDh6)KRLCQTB1VE;XilEK#En_gwSOh}75-eO@==MZwHXzdl zu-XUgjR7cJA@Ug>kP!3{Hcaq*1}KV7fH;40v$Q{R=%ca_ai{`*6Do(`mAicygmsa6 z9Txv!U!<{%)b1Z8gb5)RGNlqTn~o{3yASqggI0VT%?N)O_e1#$>rTcD_@I-!bmo$f zuiSQ4r>-c1tGL`2^zTC)0(^mPTzUVc_{MxMqyaM_Ni^?2>ihrC7sD1$^jo140*6aj zIW9w>WtY=8QbsTS7YzL2xN5W1pP~)8QADh(67^bNDpF*A_I)=c=Q*Y0b{RxoWZ8Q5 zX_j8x(*!ZvpJ5%{FCDcI~M$t0|V0nav{>+~>2Q$m*28EBmB z8W-`eiWK5M#e}JsFO}JooKG)NmTSYL@-LCsw)C~&*o1FV;nnT3FqIybmE;2ea(k7V znd;YeWTKaf@yhlSyOcgFf^8Dv#4!F2$gf|1i9b_{F_TAYz-43Bd)E}+oKeN2(&DEjsNhmmObD{kZE9s z`C~Zn1=tfd|0NFPY6Ukd6XpzO_Y>-52h*?O+%xPogcC10;HVVtvw~Go&D0QDhPbL? zPXU(|JMj=cAXgOz#}e^7fJygcmw==LmXmH)sc#hfBsB2R6CxcpYip)#qFrT``qK$~ zEdcTgXjd&bC*Lmt=&xau)lO)UC)?p9-sxWSVK!-+oQD~KZ9CX#7f;vRp2qGCS;wCv zHz%uUoFw>B=2z`%0-E^6UAIK5*x&7DwXqy$Fzf@DC9Vx?x#}9O^+k9Sb!-{%&C-HE zhyXiZaG<~4Ryc=(O9||KSs=B5n)DQ=fT^3Af3$01n1&-)ZW9n-E9qJL$F&(HQ*hKb zH$czcJ6Rg~;JR#3;!xA}CTXg3%3qcRP9w>788Fe4?7j)EIN>8(( z%cNSFG!>OMU%pD!pOdrE8MQ!gc0X`j*_LmFOo6&XHz3!Ac-U{kdq}E#=o^fYRpc4x zu~KV{wF<1;eL_>vLOS+cDhHvo7PhY&@lt@r=Uich4yOYSCXEh&G^mZ!Y6V7%4nYrJ zN0CMj&q_0Fli2JG3MK-mUoN=r#`!X2G^dv}?0fZm=#&XD<5@m}@|&PRd^t)Ra_|lP zT}5ugazZ|H^w#2yb%R&u4(e2MZ&Y(=7mYuL&vD=Kacc;w={va8o1fT;sxUK=8MG>U zXA(bLtCvCZyR75`29ou@5aY@OeF__CF3(n>%OOCRupr;0G%@cFfZN1&;|kG$;F=Gv z|IUTWB+OspF-v>C;?|T3i+_}>KKV2o5kT0=66kYbs2!$i%^ycS`av<7N&|@78$|ev z`ZCXfR*I5doCbxR!C!bk)Q$;sHb^3m0S<}I4qA~DI_j`-u+X;08T^wd_h(^ zG{z%SM9xohvp*lF!rPUCxHQ^iOlU9jCEo4Dz~G$HZYyA3==lP& zc=%Z5Tp~^PD374}b9xNhT|S6D@L3%x{$uyhL?iCYoDe_SzCpuE7%}F!tXZc zw@dEy>;sDdvI!*d$q?jR6OV|mF)@~V0z9PO#34U{7dS*z>GLi$MgqC%8@M=2z?*Sl z=-or?zzEA-G`>+w2{^GDNY&b7E>%~Q)Gi})kg&70&~gcl`9D@5ra1!~<<0)gc`uOe z#!`}O@`dzB+p2sGdc($H1mAZGO7tRki6F}}T7J|%o;V=Pp*IFgJ~S=U;RnZ)-6T+i zPin%64_7;bGrlD&3B$Pqqx!OxFIu zuR($j+NK1WuP*I6YcqN2)}-P%YHliX3pYIqRuCQaJv#H8926nTc29MmPqFZdaJ$67 zpz<>fSC`O81|6S^hT#g<&aEdfYsIs{w-;J6%Hgg2@?aq^6xB4`T!7bWS71&_DR=uD zLAN*iS2|iJnU}XW5w%=q{8nwv2OQy@*m>X`<_3ewkUTxy08F&S-*FaUtmC@ zHUY=Wji6)Vy1M^491O)x8ea0O*fQACuTs&COnNVkeXrl600ZHWrmz#lV)X$CSyk-c zUM5`p|G_kuTXdyCyUk6I+GhQc-ARNFH zLsgSA;AImyORvD@F}oV9QQq3kyou&aV9L&Gt}0!41HJw(%nGKaCjTF|B-o;$l0h#& z6&qOKg4Q*aws9EsI&H9wl*2B=-g5i+dn=-NA4vbAV9fJpd7X$4YwZE0VFiHgSL*&t zkz#uEJ!Fe)IofG|@}Kysj(np? zr%IQ_<$(OG9#RCegh|6g2UQ{u+WPVTieDF^mNQqzKYDvdcArizA7 z=TXbXjrWo8&D`Mw*oVb_HHRZ@IalVR*Dai@DMGNgBsY?rwk11^?c>@p7{w|Cyar|c zDFjx-;t3+uhC2=uV*r57i15Qfjf@q%Sc>4PL;74neysO+MEpTG?5c`f&=sbPqgp2+7*o*09^N81yBf^lENvSbCVu2)nZ7m*dLfZtdj}b5p1lQ zLhO-QseQ2O1>P=-8q{E~AtDm3EM4E9s8HI7S(aoL9`_uy9KCXWjT+LF&NsbyctfC9 zO{HiH^rUfRo!pwc2Vq4nkFiR=b&5pQQkaW3ic#{kG9h(=Z&^d71($J{^`Q$}ilwQ$A_U$o0LXm)EwC|?5Ryp!mYT{NRJC<0Nq96vFxfL*=WS8K4ZX8S_yVQq zq@MjqPE((wJ1>NI%Gc!5!_G$9$5N}%#Z%X%FetvZnbH@!cK|AY-wfZXm>y8_+O=IcqYPzBED;@a~lR**6U@> zYa%eit7qdRNspA4KKY@j_eVx(^i!MZxHT%oMM>Mf_fMc=WzIiF6-P-%mFm1lyt&|y zI`Z5Le52v)7(DF#F`-WuA1i}k=NgBt8`rC;n;MfD6l!rWp{McC_KqGtj{S0+@B|F3 zjI>|(yqPMnxZ zTYmk+T=!NoXB)vMg5>;3m|=kPcP=F9pBoL+BtWE4-CM;WtG*@hFyL_#a)z#m6_x$j zQ)_cwekN4v_hFTBbHASo(=*Xku%N@O!A7bJE$8S{ALW=`3EK#Xxh#`l9vSJI1P0)2 zp{VkYI~01|3A@>TdEcUWGmb4P&I^haVc4+W`9GQ5!k^-h9x;y8Aqf2+5cN5!o4W98 z_HGzNVCq_dAA7^apg1o5E_D*;eDIDD7;=P>n(58Y(X8?~XTB4dT$;c+-S-Sx=BIc* zPRDm~YyaQ^qehZjIvZa{rD#TzG58n>v zRdDMXd7j|4OE;yL-FZX$H;oCqZ>Z`w+*={mv7aKA85ky#!&mhnF8HjuUY^kuyRnB& zzS>jjfaddFmkUfKHdr!}Kz)|cXpmKAs2jO7E$7a0!qXDOP5Y&RJG2@DpTTL@d^-S> z&rFiRxJh7-o-3_X4>$>9NRR-@?D(*Ru@}vCqZ(C=ZN?|(D^Ckbmafq8dSXt`wf*RM==Wt zX*ZBhRRRyZmtPFNC3`0l({BB%u)qHErUG6?X-8H#U2o&-b&UU(cE*|Br$2dIzE3xL zK?_*#SG|9b2~B}r1g^@|9X@m@21_R7_7vWor=ybIJ=>c`{frc`S>=$5KNn->NXPAR z=jsZ2AG;VBzROT!=OY;Kgkz^WIGGqil#2{t>rhg1z5I>qTh@YYsa!s1P~W6RSvVsa zSWH7|AG}-2lv-<_F{|Ft;vJA zPBK|4)g=;iW`$5W*lTzim?oG|$v7ygj54eIF^^4Nh~?rPX6^w+oDPPC;JUWK%s>6a zdf~3Fsxy2Bb;ICmA;d4&@T8I$LJ@$>FfDWnBe#!u>cKNqIPU%{W6_!a_8Q@+CsRMN zkl~3`-t{yy8(r5Rv+n$QtG`51Y`-(#v;rEbrt<}Q9P2%phQ#)RFR+{7vzCo!Yaw5R z=F&X-nQnu0!1*?<0q_1}L8kRN!oanmY~yez8*R3A_9Mu}iB4W@2`;}l6tx6z=4T$! zA$yv7WlH_av|qg|E*N;*#SeU_mp^DRR3VO2LSXE=4ud3a3y1#WiG}TF((kVE zM6aKj3v$XW6!R=(IUW5I${nt;=UfVE=EMhInwHT7Q!^wY!Iiw6BcCmXUvFB$<^`o_ z!VC&L=#cC&XSdF8n&8k?Cvalj6(rQ61 zf?iQsXyU_f2mmvfmY2!vf;Y>nEYgJ>4i~gYvd-k-!eJHP@@b>j1l~U>7-ykNK2CNa1_PfK@!r z;iJXk`c;oT!~U7r%4uS!W0QlhG9F!jZ?IWFni@}&^ql+>hV1>$6(Y2UU+LG5SR$MD ziaW^sa^SCfhP@`=MS(Xk_0QcQ?6d&ITA$nThMoyZ3r5pzd!TZ3hxu26(uoG2#AZ9e zR(C82lzr=0_&H%GA`e16r$%qQn+l2T_@$3Ld;X*Bw>OtGPa{?c`pb~3`tuw5R9dZW zgxZ&F8xvYjDF5e?w7b^tV*MZ%J(Tb4o|eW*;o7X@waQ33ZG(1>_*6rpkL1?Uo%0U| zN#U||hD-lRy|1f})LSS@v4K)&3Oti6D@@IFEX$0}qARJ0j;moA$ zOd3nJC1l3$<&@y*E}^z3{%b)v=8Q}5cH1rVhzvo&NA(DcHxF%x7iy<~*>pK4Q)8(B zafd@0!EY!PYBcdxoJS=+8Wn+#GEkiKfuFqVvgDNULs;z(nmUZX!2(R%9qG$Sp|MmOEZP}a_Z|CJZMt34N=kU%L6xQ3~ zawx){;q7HzFpl}%1S%w(4myx=6-=G+iN@Xr7BHqU&-UQQ62I2xWrs#p^QMgnoV6)H z=MEizWmWNNDVa8MpR2u7WnF4D4j26*W(xllMP157sg5=#mS$0ca?#x}&yw6xWK`tX zay%4v(YyHS_X2#XcnR#KbNVm2au=Xpd)_e@8O6Gq+Y)PWKl0KAKG_;rtWBy6d{6OR zxL*--wQSpOXA~sWhMen*qfljQ^o+iE@b1Z#Wu7co57tnlM4N#VMt7Dm_5=Yp!1F00 zP`&yQ!Dzhk@U`z^v(U&BxW$pruTnOW=ciNw2O_X}9QHN$7rH2;ao6$O5J3E&I9$Jy zm2JKjuDQ1NW-a7ir6|PPFa+@d5RzxvjjPGtp_R8FI42p`F=N-=CjT1bb%$U&V*N8Y46%GyY zc$-Wd0G}MB5EAdIBMoUs30L~nE!}{}!lS({I|vzWd#HEaz!(=U^dYaTq~9o4t7a(O z{*2a4cdH5VpSC-Uu>dkc%&7R>jahs^%=q1p&?izEb~9~2#m*~Stp{Q)ZI4R!%L#MF zJ*<03J|7JXJQymLVIh?XA|O%cE@|gpA<}yIkU&^n=ayqagPIZjY}C=&ruo$3$4jfZBCR% z!$ms^3%OVcH7jm{45_p9^mLl5&nOE|{&hE;CBe_a&h5hVR_ORYte?}+1*-Lg4FaHr zbAX95)Y`g-Lfe5KO5-%12c11aCBZ+m`R1-apPB)iX_T& z|2RGI2ue#%asjDaZrx%6)jL>?Z_8g-I#52$~Ios zaO_fL(~Xd}T_XUeqiw;kRn^peS+5Js-!L`6`m`_Muw1S$*Ag1bd9RckL@!p)vyaN# zB~6nw!ObHAxK`ORJ^)fI3nhU=k{+sGz<6yJ2pUK-58BU@P_dFBZ z)N)e$6xKAP!5;{$z;s43)UnvTz(}2b2*w~5qgmyqVqA&8sL9H|E+Ma#ODXb!&iw&Pe~ z^ZyVdJVzIs;XupcfH_nZ3;-9*=y_{Yy)Jn{OZ1fQVwl@t<+j+!7gFi>V=KI@jt|ti zDX-D7(+_Xm0ry?IU%)7G|rC?bdmtfGLNe|od@!KS~hmQ&E+4SQTOL?>Z>}{zzK(;)%D6IyXPHRkl2emwWiMX&R*=jESYHb* zpSi28#ROclc{2EajSn;n=vT(<)buzgpw2zd8ETsts-%H%01GqtC2km3`_&j8(7kx1 z;LO-g;%Pab1pB8RW=^B=cPzmUdf1d1wK&Omd31VAwexRu9&=Wm|5$cYwt?tImP2xf z0h9&Zw(a4`f`Xh=tZq;6?Kyc6LY*D#Hd<`g@!GPKyly)Alo(Sccb_Lj#Rer$fTnfL)m=ys>bYuNKFIiHm2~QSRpXq(^$R-Wu7bM)o107n`SqtlG zECk40a!|%}yj2_NUdT^FEvUTEGLk$e_mN#el~BH1(LPn4D5lskbm-c+dLKb7S`}qD zT~guZz|K5Q-NnT7HXPLEa+{HJY}3&G!@v90(^5^-6?JIRD=l8-9@K$nE_4|G|t*Ks+o zC7#_c5aqlCA5~Zpv)HPzsY1i~En+^z0(jPe(fU^x20~-{Coy5?o9YixJ||L0e>z5d z3^x+HW2q7I1c*9&HshKTpL?x$~0bG~!hH2<8 zN8C80Da&s$%>!-#SjV%HGkV-W8JmN#ZS(`h8s3v@$-`9wuf|#TGT|`InF4ze+fjD{ zVO^>Tz`JQ>2gUydD5+*qo78SD6EeB?QiTQp82zq?Dqcl2$$5GX4n}x%6VC5i>D^Kh z28dQ7&+1g?Aw+ZiwbJ-UhvZW-&{j%myy zDp~cFRHQT7W>uFO0sN=RUbZkBORH!&uvNbUvJ6&_8!EKQ;Th;2sP1*?KJ7CHpNYkalak@DX=wIqO3xsexLmBkf+aJp z>%sxx3u2=wJgIgF6s-JKGCl}48u1+04d(%l0u&qr5*9`)H+Az13iMgR9`=MsD*1r@ zrkW~)%cY+17&BNFAsXqI=(@)8VYNkJQ^6~2!7B&PpG0l(-1@Dp50ALshVSu7;TP~e zL}0NuZ9iw=(o6lKB2WRPVwHpZ`SB`yRMXU_Bg+vvy~)|uCP#v^m_6$Vaw)*iyziYol_a9+2moBxZ?;G$1h zKl*R&t8cHpdPWP^ z+8cjfHSZo_Co#O-f{S>{sWhc&2&IYcda(?D%cw*CdM};M^?{i%w~#*&K;>ZwCcn)Q zFEMFVAnERua-AwlXvdy&%bFc5n?b6^`TJy;TK3WhYWQAg9<#bj~&Dk}rTC|E~pBBUl8)b^S-Q|OO z@&)@yL2zD+Df2S@)bFMrTLV;2%8r&?0han0_>b>D@?Opo{z-|Ea6HB!1{hnGbWA6W zm~?ZxT_hi0FQsRGrSb=ssJz!yo#otf*CC(Ao?o7!&B0Blz~}V+*;U{+o5g!Y zslf)oBDzW7Px<$gnWQL#@FWz({L@tHcBpCzKa0xVx4mFb9jyJxo`tI2q(t!|bYgN} z!-YoYOe2l>L)^QEYBuok*&*zs{NW@W|b|ZDN0g z5DpsEbF_4xH~(b~>#9t>n&>fQt1j_YMA9wb^@Qm%jaH|tZt@E3hP-86z^-W$Zk{XUZ#cB}F_T~aipBUc(=o(cE-kcFu$Ki5vcQX4EvJ9_A7B0zdoq9o>G zI0H)@c%kKz2XFo^9t{8rXYP|m9u(#$O!sNWO89`O>B5rWT9UBO9p5(*YSWf%u^tFm zwkfb1ufY>G8wk2ffNU(J9J=Z4gniD4Q?YN7BYEfaGIPLOHJ7*cyG6c=Itp+I(ulSP zT5g-9^^3>+EUO@+n?2`^kE;kr?d4qoqqJda&0M?{xhxI%6HzmfC;#a3{rtJMBuG4L&)IeSA&v1wKYd{h2f~`C;yHw@UK$z9R0tx(N5+oEx3eiC;Prnr@Y}z_4SZMOOCT#d0l>_ z%y#XfaPRPk{emL5jT=R z452T6P12gpcpEeXRUvtm`=M~;0Q8RlF!{jj;1=m_m!L{pp~JxKh|oBCn2?AzJ-I*g zR#iAIL56bHs~n-|Wy&ecmwUZ!j!o2LR^n|$s&1Mu0#&HKZK=gVoNEnz1x|C=s5wRQ zoll_XCp6#8tsnQCBzuAbON>rdKw9TxFjs9|hvjhBV|6Cfo0msXlNAdTfCH4q>f-3R zZrMWgQ}HepltkHQ94=_FmW3Uzc*?SqGmZ4$Zn>8AyK5yt{_3?S#-BQ~@ZG$vd!;ZV zyMC$zOYy=md1`#59jc@QK)qIvg18G#x@Tzkk_GkU+3OTbkfVvXwh{J{!o13ri+wkE z+aRA(W_phGAW(}v8G~G5^$U%^ea5m#p}lIA`Uf+w%)f=>tlC7z8N)01%qr# z@vXS>FQ%Q<^aRG<>psuv|Nk3EGn>J?P#S9-`x?N9nUulLDkWz0Yk?P^P}tf|yji(K z!9-CZxt+h^ly>yO(py4 zUgXOw+B8?nZ08MME`oPFZWR0ot?d}7_0%*qS^LNs_bIGw%Y6y@FkTOAmX=wTi9T`4 z#rTWq*wI_Q@w+VaDaewt+BqyrjyAW+qUt#M)L65~FP)^2DrtgyOPCu(8pUD>2iXB) zWwR;v5&^*Mk(b1op;&)*1|G)zKf@~j5Tb2VO zavORoUCTMg!9skSkBX}e@9jcN7Jr5S5HflSxaLOwMo+@&WeyI{jhhrc3uqHDx@{U1 zXx9W*1lwtXz~56?8Iaqo^(&2ic|&Jm zOzC=F=-si#vY+@T{_PPB-lSgdD~3Dnw|JtDr@e)>zp)m}a}%JCE91~oE4+};~R=O2XZK&{|bYVdnUm(wSD9l!hP`X`Zf0cbaSolU(mvS z`uA5c9ra2_E7=bOP=F0E3ufQocLaFlK;`Y$JOMg17f2yNlGbG&-uIc87p;p&W2G>v z<3y=cx}U5udMjyyq&OmW+;CS)4K7k>AtGC{S{Dnhk#CsARB+~*d<+Z}ehnDIrbq(pv7>4tjoeE?G9k&XymhL)>vM1rZUa%hzIRs+9|E#|O+DYi_9upr415buY zV*PCkrf>c!^y=0vOYli%SK$Sj#5grK1n34_W$Ebc;#y>ook<-Wb<_{DL*M9I*p>gQ zjWX}Z?JTsg8PV73wPp3J#8&@d_+hi*;>{x1w}e~e|8LjDXUf#p`7r&~-O0c`62X!( z*dsg@O^E3Xw<03|EZ)}$8W6-Nsbo>x5EviD_~e|K*y^oNTHj- zRw8E+ikVm)>QLN6?2qf*^S4*{=W@3z*%y4~?C^SoveL>Le6%YqA}Fs%e)Vy6VT%6c z8=;_m2u^tNPZLHVmG1RAPwsMTWrqo#9=;}@@B$RttOgNStqg0`X2G*Mo;BHtM|F&9 zI5Xd2+}h{~tKV3Kh5fK@ck5j2AL~dH&q&>+)Ovy6(C2Fvits8PQqm1@SF6?sI!u1tF$%Yg)2d(=5@o>g1$bx=NfOd$y3HvP)w_{eeQCMF9@n0 zIsrwkFTVXHezlqt?#oh?^pYwbNh410YH07tR6)oq^&MrPO2ClW0K0LllZku|?oX6b z6kh5uJtnyQH9v#~NuQ+XkGY_bWkDMcg`7q2Hws+|QE@pdNFw(^F`M&afE*o!su$%? zIys4Vr8VJ&48IW`{TvKoRpr;Yd4@fuN9I7|YHx43L!_|wqUe8hDKP)INa+)Mi~F_o zewrcMI>!|ho4nEk49VygHt1I;l(cl>@1{`eY!D~VVv#76K+nVn)zme5cd#_4=zMt| zaTVI&YrNg6!DX|uW&Ik4LDQhygwsOc2KVW(xvg)z`c9f<{E70vi|DCRaFR||H+`SAr)z-m?HSJKq^J9o^h+_iT0iNo4@oQ*wQWqJ0&xS z>i-}{o66`paN6+W1lvlNivoxdUI*95+MStUhXIUtJJEh7faRL%iFP|0pU#F!L10?Y z+i4m=k4hf6j>qaxzEYDwMgdd&JqE(|93v1WYboWO1RtlEavx$9?9@so2hKmS+<8R* z|5!<8NBSZDy4<+PuDKVW?lq~!T;r-6sWF8)KYzKce_OM_9;n>sb#gNG1&leE0Xi;RG~J z-jf<6iSh+tB*%eAwjioE2?#YSq=P;?s7zs%Oi-8tB#B1T+O`L62;Qwvo1cFE#UiNq z7HQ+aq7)la#O^=z@;~N(0MzOFNcM7( z|G$)fm_+FG<36!>jBJiOBL&l&m@xvUjg|nZ%P(i!Ga<+aPp=tya{4yss2me3Pb0K& zVMO(k+zQ_9g563Js%KmddQf2`6@X@l(_i?K9h;rW9H4Fms`IgzBSx-78no-3Q>wJucvo^ig!#d2uB_L$~ zpu;+9fY@X97aQ;@$(fQ4Yeb^kO4h;-?0y)=Jm>kT!~spmJ!XVu_jyCc0fRbzwI}aq z6rh^OHK91laI`7zK;v=B)RB|U<8a>O1^BcbmQMv4ztz7d67Wm zk9}O>x`Xbt8jdJtc3leocuRM)4^{Y8Ce?T;KA}2Up^Y}i>EyH+1)9cK1Q4Obg@V)d zs5rC43AK{U*yVTD27zFg|M_J5;_5!31=y%GtJWiVnl#JjJAfCEQ${3V6|@}G$vN@d zjv${j_S()T(aj-fiZf*D?XG0YibrfO8bm8mqSz3c4Z+KLNX1pOMoQIbqFB^ld|y;O zDSn9*|D~?-=Y`kgM35|4(du>jgjX zig)HHDg|@a`dxNu+6`U7({D9Y0LtH;?Y;TO!Iqx8faj@g9M z?}@&PTPn59ChQ=jOg2?tGno#otQv~V#bzN7Q&=-U!$T+5VkLv0E|}M?%`|ArS`u*w9Y+5o0^&qf<=%_eOIJwd@rPNPHeQ`I$<3Pp4H~PxaIiJQD8=P&oS&3 zg;;D{I^BNtvy4`&VPr$M5hJjL(~}B=_R0ZgYuxW-(E?$Zq-dN8{GfL8rsL79b8S$Y_Gz%S=NSlm&JF86-(&HF)dZYIy-O6KicI2f?;}$rkmOS>b^^0wAwHp)IJ%7y~b9WxDl+!Od$+Q}=orTWb@-EaPo223$kyFb^(XQ}HOQyDDlpNC) z3jv^Cet|AV?(j&Zw2p{SXi+SV2v)msS?$er=SAF}ZhwWsu+`Hl74%TPma8n)m z$FOEAj*~}X^Af+d`xKJakpti5n<9|R7c^2WaGgEQFwMeOK}VKR&YcM+8}`HZoN(e? z_;df4?rpuv;Ku8EdD&9uw|HUqy0I0~&&Q<%)%Il1P;275McF1bnSwLKTyS8oLLyVx zkendc3KO2R2K;P{U1`+Y2opdQ zPI=Cni4m2y5B(*WVvm@Q7K9|I!9}S_am9Lq4GiV!H@3Q43xS$Nj7i?EyS8lZv(ZhP z0;!$s<@n|hjOM8co!~r%;i`~QEH4bDN;x!zDTmC^B#46^(G&{EEcTLPyo<2)6x|r^ z6B;6uWKtoIeuHscffKA(vC|d#Fdx**`ZBI=4*h?_%!c8ivg`R4VS;D!vJP6zr8;rh z+OBo9u$U<6WD+SFs~{=U-6kPwQ?5V5+kH+c8t2ToxJnc~55`InFqEu5p%97Ewv||{ z8i5b-T1b18DyGkhtV}c|W3CTQY2kK1#l0BrYu*YnL;GoMt{_EbBZ~0x6@mk z?;iQzkfXd>rji$6lBcWp9*A1j3)wL~uK zjO2j+DZo6ojD$MBc{;y40tXH;bE1ug=PJs*I+agIsT($vJMN}_)BcjAwv2}MYfx?P z$1MmLT0fz7#>)V|mTl}O&smXF$KAEhz78rbyt5oN`ujT6#^Q)r3}462@P)iHTc1^q zzTYHndmqYRjtYI$`2qt-0lxooq_~8zyL7~i!qs)q;4O%)EQ&{uswYYA?!dxuT?GvY zk}nb+h7bGmpZy`_i-#li1W<)|3=Ii!b()|V2}h&qXS{X^b+NdbAa9bn2}ZaHUIlBK5e& z&9_NXDxu2*W}}6n-t|d>F4R& z2>U=;-H&^A*|!FG;NKEX+nlY&;RcR0xP#>$`{^Q6P9b~KRF}1;-%O5i#>8~ITLYdF z)jm7WK-T%QcL>ryh<@EkZV(}ToS~{A)nIqI-OO#Gr~2;EY_l?MnS7YOgY%+SWa;&* z_A!>6b!vw6%Y5Mj>Y<@oMT>%cEh3h&c?;sBTs}&xiuq}ReyWkyKBHgW@bP1TBmhx4mwpx z#*Au1ekTC-Xq9M3(mHV-NKuwAs;qDq>m09HbeNf?Qj9|?NQ28a|GFyBC+hXmy z_YD3himGniARyc`z@!TKUNHozHd;5G%X+V!#gKFG^z$t>^utXYgUjU});H2*W5KBAhQP!ygYN zeYp~*!dux}Y%#&}Ex!8lP zT+u-rH1HWBBz67xg*KKk1s-?Y$*#}((`HQQF&`reyIY&Xhv`^SPUMYtNzvh=Cd)n4GK zdS3)$JSRt(QzSBo`*eUScRgm$SxwKnkk+vuZKBenr#lpr zi~qw(_U0-OMfUU{1)c?P2P9IQjT5^Q@L4<~@9YJDhKOQ|in^*;xats8kV6*XjnWXC zNJW2wP*FBeHTUrhYu%N2%Oi=VLy`Fx_`}MNdwI{REka;$!#Bvp^gH=+`_xT$DJUfc z2EMo`2pt?n&Ty=aN3_IS^mMc{=xQC+Uu7|>Tl%^grVw#eADEf)M~2dzR28GD`7n{H z@(a{y%6;V9)Bw3z?m1V{euN>-dZk-)#h32tjymx)BhUf>Z*D+&R-yl!~TZ2&* ze`oAGz+Bs@%&v7ECB32lgv0;3RnG8->dlfNVw){($M)NfRjpEj*XD3heJ6?ei*!EL zo6#NZM$v3qM1BG#&D5Dog#-)lwDxxaL5N245dA+HyIZ~7aUoxGsgq4rd{sbpI%H; z$0C%UP1={*>nadX9$BFGjC4`t-3(+R^{dv1d<;JIPdXEclDr@tnS>C`@r_j{=0cp& zq{{U!28Kb58;Ih0wNS!(PiF=F`;K}>S1=(0 zz20Um3e__gR{dSv*7g6lw2<FqkEQhJ)QD#q@sMT{`@&4ER9w;P=Yq`$$BF;Dv6>-~Hx{WN~bf?oe zTd>!5rDPYA2w5EZHBqrO;f52SpFi=0ZyG3TIAfxz*e;wNq9d&BX#|vdewhcBCAW~0 zW{(;JlsX~tnQlv)Qb<>xfM4wpBy(&2R;n(jOJBRVef{15*5IZiCJdfn4(^cOSgDSi z-?b0WF=G3GYMCavp71EQ90y!gtU{D{gk@r%(?wQsWnp1@Q6Wp*Pm~)HdljlTNrrzU z>#~RbTN6C-{simlZaRypD@ShY4r?=yNp{{yv}(m`0E#!-3}cF=mLcYeM?5{KXmBvh zKN0>h-GLS3Irs`VicXeTK;lD^@rwB*ee7==*zMRhiUyWupT#*T7Pr_4_a+xRQ7#`( z7tcMjI)uI?f@P1huCfNk!&6bfkkn2wd!=q0$xrcoOK(4S&P9s`(<;Q!D+$Pj>O>{& zkIs2D=pu9drJ#ES^McXY^s6t4qnX90NGSW;2$q&tGKpDM?Y0+Sdh^EIEiEzy5DMK&%K4l-lU;ZGd3F#gnnnGrY_hy7J zfdYgN6bLEnD2<_?R2y}YhtTmNbh7swm`rAa4L$oa4aGJ=o7*zhUpX(64Rj*rR@?Tu-0>yXXqP@(3uZO|) z=v50Qv5spjL!4WmT`UNQ>UaBrJeWsW8uM3J2huB(-%cVlI?dP2p z5XLhDSN?u+YV03YVqrblaBx!|Q6pz}MXDJ5#gy?C9uB1wb?7))ou-Hnp`QdIKgrRt z@BLKbX%_*I@l}Q7B2}(h{>zzEPAUMGEd*<(3r}esh)7jYn2sWEDCdixGFkQ{ZuQ<0 zrYip0c#>XeiK1{e9tmyBhn@H5@La}_Qu~d57}KmgzF|TzQ~I%*5x_VqWS&Te9wFzm zu9r&-?l?)FAiLKw>2r))e2lac{qp8)-Kgr1wtAoHZ6WITTqc0)U2Ak8;l7Z^r#+er z676_V#lB@_JUdqn&S5s+>Vk%j7_@#}(Ruh0+XZ)$Yjpg+aP#Qh`Rr$Th#v9+a4b!| zcdkG@v|U4W3sUnPb>d|yNB{XgB-n zRT{@+lj1^E5QXjAS*gH%c4HfX|*W-eOz?ROkgj93r~r?T8EdCCvWrwR8Uz zOe5xIakROahUR|^vET|3?zl;{Kbd;}IC2lj)VpzoHLu8IS6vcA1$5|M%;Yiu01*T$Lxu#P15p^!m@@j?EX9WpUgO~XUl(HXcP`Z`C1l$G zwzjewjE(u<;lfk*Q)9z?OTvr8-0=a4cQh}|mTu?eM(EY_ob6UKaJbWm%y7Ka?OzD4 zuFt_~Jy!u8b#<707W@X&q6T4rS=*9`he){jX2)@X>FY73gwI6WTV2;Is z^&Ci6>OC*u-)SK3xB{0=GQl>L5SSzKk~(>N@w)?dzCA%-a5*H`XBG8L5Kuy$;~;5QUVozacj^b-f;g<42I!=3g&Jda$4Zg$xuv{}JW5Zt1rDS$ zdWB>0zZB+j0M4U;3IA}B*$#4X-k58LRVaBHHS0R_tiRba<#^0AdzQnXlKf}C+KbS)WXPLG$idVbP{Z3n&O}$hXYb+-lKUFYLY=4&?BYXjJ!sXlV zI>-8RS8RvGy9$cDd+P^Osh#Jd^BK35>WCAFv_d5H-uE?2-ZH6T(fr<-pxX-0k?a|ZgfA6`*X>7<^7ah#`}mUP!p^=`O?l1KY#8E zit(?wYf38UTXb66JRK+@^r^gC(n99OQLgt+hU=e33U+F&T|F{t(i$xt_ogD|3zGNY z;+2PE3Cm&!7(dQLJ>}}x!+6c1Vs-D~>pBY9*9Enw9*6M>ykz?^HS@rFD7Q|Ar^}VTDe>!29tgK9XGDUca(gg?v9d;FgC; z&gdgbT=)LA!~>p>$cd~o{I;MCJ+moq|BIB4zyDHY{(Y1@ycNPDwJ$mwM{V+iv_~=u z!q|-$(zk7~_dRGn^PBNf(;tQ<=G45;_2l;j*mXv@1#@Tf4PT$V6*|*c5`w%W0#;S( zPQ{tAhY6Nz#W=bySz53ehuAk2HiQdRlZ|6RRN}(VY&XrF>Hgh^(Y500n-7yLeE(la zikRrX^WzR!FVm8iw_B>CV^fP+S^6C_Z$jKWpW)V^i7K&$eB{UF{w)rZcZ1U~I3rnB z1~$l6L^hsON!U4IL#T^@;0kR-`JSKnBCBv%FKlJF{q4mglaLx~@9F z(MDW=ouoUYA5=~=M84t3Z9ThUNNx+{;>E>)O&rX%ksBdP(&*K$IP@CKL-Q^q>RSdl8Nr!Q>h**z%4t(+1O|9u55fb z_*DE}lh@NFbcu%8Kf#oJSNNMT0S?=>4NJ0YjxxN~M8v zeL;{Dd-0o zE+T8Odr*AKOR|abV||J#RuYAm`U^dglVq!^4ow<6Jk47f?UoUzFq5{pBz^bh#FINByNE=H?&$RpM(2}A6sk~~-z zk+Mo26y^q6u26t4_95$dZ3l0>$@huo9Ys_PQF<5ysMU5&MhK1=L2&tim5~Y6qk&z= zx5GBj^nEDwin3ur^gCB~@>{gYUM&yON*5uHNi+$vqp6l=#FVZF*(sQxLh%3j8ot}6q#WgKSe!u-a==C| zISogbI=Ol*bNWubHvUa|i2V%uukbGL4{E?WebL+C@cmPlnt8)jM128iSfg;2xb9uXdLoh=?6FH{^hjfwyeG3j;*9-dksfuQ z70(v^=!#TUh3~YBBUG3xq~_L`%@T1=HW)@yS{;^)eMl>VCa+W+qsC>?!h^yVV$nzH6K!97}@{^3nA2^w0z?!NmQ zN_^(?NyRh}a{)qOo#Ay-h34~GeGdboPlrzjK*;P4>L~}o;(Ju=B9iak`>} zih(khZeBrUIGfe^TUHT>0GvYT6*sIlM4<*cE3(xY8B)vx_|mP4q3-trO*i^Vd;#Biw(L_wX#G^&cY@Bvb5iGiJ|0< z;sg5YpZ`$>{pOYNJ4|S7RN4Lm^M+uzpyE*bDKj)Ye=wNZFr2h(iHyh7R<-&5Y(~q2ztNwA5pzRpA;~rCQ z^?O#0T@ID~2GxX1@!t`vpQ~<`19OSaEmiYA-aQk{Qj+?1)gl3<5u>9OO~m0{>c`LN z3;i;Lf}(_frY}-Ea^wlHa*;a^Kvy&yeHyJ7slG$pCyyF#DOCvcOL@>ivfkwqCdd~t zj!D?Prp(Ou2St~GWgc$CdeF*Q2Y0FhH8Q7nHsA@fFLqCD75GSfiUqPl#3sWSZ%aI> z@~6x_vy2H9P?;MIaGtZkbS2uk;1&*X1^=P33Ob0lu9s9i1Q0GKKwY5$??-1BGi*cJaX48{f%j5QrVIVI8{^Dd zU$Dp9<~4zx z=<(NlL*t6`M-g{6;JbU==4_ON(--#z{lcf_T(S%=GI0-*5H}JcQ-Mo$*Ip^NeN5fC z*5CQASG6Q9;K#ojO__o;_1gsEX)Jl8R=ZG7g4O**f)Q3pu0Xo3eokjC9JFfeef(9N z1wg%|CSetS2DsK7geAp6-TV1qdanPNw7PCoOQVq~nVY;t5|_CKe8=$*5tZ*3vJBaA zxq8{Y6QldR!f~jWiR#S&+q}V~)A5bD#9%?8EOeKo0(>^$8Whd7^s#!;RvBPzF0KG1 zJh~d_W%Ph(gmlf8-lZ}DO^xGFizdzdv4;1*eg5(5w#$B2slv(_ZaA<@fmAuwk2%B8 z!Y;*k+1i-=D(9*0moiULm$^(QA!A4#n0!QNXx+i3f7c~MB{8-8=FCb@_KN=)lw=lh z{N`H*zPpN+VX(zvspgOA(ZF`GGM}JylNZI_24e=aO9na03y<)xn!}0B@eRykE6pb! z#xM$F6n3s`JR3|k?IHH7@tYv8|JFEC|M}#1M4c_!JWXm=2lODWu>&)ADZ}s!(GkFh zouvohDNpzW6S;Mb6J={Ze2kW-Y`J|%y&~J&Bp*wvTnl&9ES8m@gPpjWPho1P-Jl@c zK!zd{W8glKsHfb;;pJ7r-|ca$!cA_7fAV3_S8g`3@Y;YecnS38>vsEvRLCEZmop_S zK5&>hR`)L>@9ENtZRqZid5ZU4goJ_0cu+M~pnGW)Me0~!7uhhYNteCAlj28En&Af{ zOm0n^K?^3F0^Zr5x^rvwg1w8#$iB=NpreB86%{4p^sd>oX$Q zyG}rJ39MzBm+-3g+0djMM4Z50P~SP4hHQi#C(WGA)DN)(p<-Dz!2_4{@vn_{aD~1o ze+nErfg7WRq*bR5PMiD`m~V)o$Nc=(5JpB(b?@1*TK+T}DqXQj6e*cY2*`OQTbTu$ zdM2rOys%7I$7spQ5M2-&%a5?l6~;Ce9E13^O{Mk3@KkJZIsv3TVci@(tdoTAG=KjfO(@VluF~0*+gU;^eSFtkJ8&rF z4}2eI&DWP8C(;P%w`)^j8KqnQSY}60K=6dSJ_#1?bf|z4+(U;2_a|*@*)j4IPegrS zgtiMwY#HJ~ zww;kDnW_5^hYOoqpSIJ9#_yn5s(SBE>5As2r3*ollxuVkjLue)#TOD1oj50}Od>+3 zigXaM#FYE%9+c~eISf;-0pHhXHVcpGKP`WIZ1+K}_Hh*-h*b1y=Ok%W<$10#M|s zTnuOYw!u_|v6?&<#9-?QY>svSvrW2JCM?kSXayygSG-0`t;pJ&?(o)@{bZQyR6`~1 zPz6w5fsvnBp%f+t2ksau&Z`eM#GA16Eb$C= zO7C876L8T1GcUIK#CXBn_PO?iX1F!j$-IEbSE%BG`!rgNztHSSOZm@4Z<1GEJHRP^ zGrQY?;Zy8j;QR#Q2vvnO%d4ZC+%u}Iuf30))L&;TiTe~J=5ZUUQ7p-#-XH-NSONBa z#)ddr37cfG z{IBZGiM#w9aeG%eCXzdAr(fZ!Br)M!Q|9rx21EpVElGjUz9^X2eWQ^FDo|zlzO8;` z*qvOHvmXxeO}eu%1*{R~+wzr!z37 zIJ(wuJLBLnXBL~=s{rQRy9;;LWI0gn=v);d1YkweMnTu5@*&f0kq_Cm0PV_BjrB)Y(4F-?)#TpeT=i1Q;Rvt+Uu1tBzws=Ex{~fMdx~piYIu zlzVvI0d*czFRFw)rVU6X^Nbl7tku~g$rwf7=u&l#v zHOj&4L$WMKPMWe0Z{1|Q=V47!T{V6Ut~z(EzFHe@jahx!Z7lxgly-u8;w_W>SA^Ml z*PrI$_-4eB@bQyzp%8vNL3Dkg?nkU@-q-hl#}YG<#oToF1AQf3)uQlOoIWi#Qwy*; zJcktAFvta5DVr=;a7<_iqhFkuG#bf=I$$|r0#J$qnBjjUC}sCLU(277wHo1lQE(>F zJqv4p&se4JZV2PmbT;POUn)o%p38T(m4tNiF!??LJZ0#hS-yy3c&?oQbiDj&g9C~5 zncV7v?Mk{5m_Pg{4vNk_T(!ssk!*tcDn7}!1~F_oB<kI}CB8VJ5M++Y{2X-V6Tt zc5l4OJO{%A{n=gzg`}XaT$pE^L=GPA)HwsKe&_+QdlM7cA(Uz4N+-IWpN+PAKL0eg zNrrWuid~k2p0ZK_Z`@**=NHgT;J0G%<1336o{>{H`me;i8PPFN>@uF_=uutf1*2D9 z!EiHCDY5qWYva;bcRejl3tLWH;LH)re1&2R8R^#2s|c0M!y+dw8zmo9L>WA z?lV^tG_)BMpun%=)>r_nATV1z#+~?6!Z}hQQUH+jRyA0zfijFqxgkA@TctN%t;Rw$ z2@~b235Cz zzw48`l?zrnJklqi_IR1nO?PJq_$6R1qB z47u^)ot|Zejgl@FjzMo!OQ5!^ZekB1Qc0m6F-jwd-%?Pyx%~3MW?X4!$eGvP1w% zsacS5L7jQ@6(v3J9@~zoPKShRK&c#p61f5`cC( zkh6dL-98+V{esQs>eWZ6PSOx01(um@^%3+0P8t0sq2H8U^UD_S!8pV_zlCy47Jy#$ z-tSJWzv##_BwKJ{m&?_Nd&RHO5L{YGqxohq>kGn*&LELiG-^k58Z_1>9u_%RBs=EP z#8gm}uTvra*l==(@_4wCGdsf;7s=5W8ehR9bCQl)aDxXD=n)* zr0)g@!mce4F{*WWg7d|hi)kKt2UOK2eXp|)t|qRxFj*Dt~MxS!A=#THk30BW-v0f@we`p;UH5$g(u%qltD!VWLll!u^0Pxc(QtBUmXwRGue zUjP>76fa!ELe$a&c5;3UfxL#tTg_kH4ezK9!F;dKL|v{uqlR|hLesll#as_9bsv|E zA87WgR&@vERHSw_zPVf44yH$5Ef=HVK3p z=VZVH2_k6F9m#ZveOhhwKPkZ*!>JoTDn)7BW&yj2z%D~W=BN7&I;0!pv& zUfvqaIfQ4W_0z}&PoW=fpqvHxxJI=v*d%Rr6#>_K$0OdcG$8a66ZUIFw6>^IX6}6$ z=S(V}w1IRZIHGqI)SZ2SJDMbp+{wF_FwfbswrGM<>ss6@sJ?k<8xGg$_|k8|H}Wais=$58?7)}HI38VD-vX-9+Prt6s~1Ehs6gvK-dspgYPfS*+IBHS}UjL z$?TW4o_a{sgb39B|L$Ecs>zFLbQZONh~B>mGquLR2`L^5(*sukx{;Dkfq?j%u=fKV zVjZyCfYkgELHCW?01!xekngR=gfJ2C zl=%iNzeFJQ!G6}Qt!JeYKLU6<&=1AT99bTdbBP2(`m#)p+SIEv!N95a3;>U^IPK$@ zR7JWSP1GbmFPwuw!{iyg{8W1B;l_ptzK6%MlYYd^rrB2W!H>OzLzPhSEGALySMwe% zwNKc%d99tqFH|34rahVe?lD8-sP9Td=f2(tz-!SAgaGolh7}mK7X(_uH&7nNd}L4W z^cb-Wud~&(Lh`J$S-_|d(}V9sA&iDl&Wh9dhF%>DF?G0swLvVgbYlV>eI-~@q|)-0 zd^BBjaNEMo-2+y%)B;G=!DOW`i>njU=ws;-$BZ~4<);*(==`)Oiz5lht%99W9%yd> z@01EI{1Ow19OLWudo9wWfs?9~ht$Nft5e|>3)DPj3mt=JGU-T~v$aLWl-_w;tETwIL2jvbK#u}TSYCObHG1(W+06@yp z(G2!GjGq$0z2Jxc708j=unA}tH*_*ek&!(5gV%#i*qLLCn0b3k25^iO7hZ$pwMKK| zoPJhT?U~MM?;ee+IZ6KeZ!bl_paN~EIIl-|sCVcl?}n3Jc&RZ=@}V8H$q(6@r_psh zd_erNFbbbs#g+ae(EZPC<=v@^t9^a|vPP_zuGk#X-*G`$fcm!rnB#%bF;Gc1hc^F! z|5nDR3qRr1Z?6|_fA>cwc<|(ruKO;{+?X$G#$o9qi{q<)yc@cZs(Ny&Ta8hVL*wV)fOk6Wes zsV(-wX_h8Yo(KgwuDlm%ldi)a1P8QnK@UcSztuKa@?g+;SbJrPm}Z+nMUU2Rz!lYF zy3IiAD;Be;lhO>PY07Rb!S7_`8=9xg^Vv+oc6*{5M-Js%TIJ8Z^VWtOu8XByv16Cj z728aJf>1b`8oQ%gz-utWy9CMr5g>zob{{5SSVEOaC;!gdp^gQQ$y&rpRa6wQh_hPa zPz0B8dfO?5bz5FiosBH+k2mXl2;Vcu1VPHE_L=&P?nX0oSjHw>Rn^j{luhw$B+TC2 z0*bh9C!Q=;6Jm7N=u|IbsD{H9K}$3%6FU1)<=M6RdxQzRKsy(zsxWbW)%ww?jxspq z@W6RpwPgTyNfM!y`rcIwTGE;R#`_F$@Fo2Rp(Vk*phUKO+({aN27d1K(|Xn5#&}1P zU!U!r+Y4?wvPe2P=s(gpGbMpjA>G71ffB|0AZAIm%HulT5UW$@Drlq#ZwD&o(UFuv zUEdlLj#!wn`fv4QIpGm_@oalGcHrHL*oC_>1%9p0SfF{y#b{Ferk|N9TecH<(qe)K zAGKGu1^SQpAlls=6>b1GK;K_4!Dk!zY{(kL{U3gUv^&Wk9rcjPpFE`{oXlCA2P8}I90m@wnF2^%cpkz?F=ih8tA@q&M=^9V~SI-Bm z8*B>_Qw87zWa&0Xjgb3*C<=rs{XTNCHByafj-b(#$FVUcxR5zd^jjRiH17h769|Ke zZ{r_oft7&(ly*66n;6D-GEtCy_+0|F`?_OOg0Nw}+|FgCT3lHBC)wUudAG{gW$~os4dVVOGyV`8Wvu5oHm;C}0O+}DPS$H*{ z_h|O`CTD8=E<5>Pqy_*IdL4P)yKodoIU>hwYEXP4K~Q5FGrXABl{v5vOX<1xtkAyz z)T+rk|9!)<(bP}xBP<{|E>s$I)#PK5*)Vgj*qorA3=v96aJNJJpg&x5gvJ0UJy_nDCXaMepxqltMQ6kLn*}wy{k?lZ^ZZ09 z12j-ksfRE;p!Sl&Wjkp2 zHh`OS&Gd~teljNdpg2XgS>%ebP!E#Zw+8@Cvj@Gxf68u&gqfJsg{tZfew?Z_5c+V^ zCAqg$U>?ZCdWV|cz4T^WHTKJ_N$TT7>?9RbCAeF#N5qQ%QTKx#_0)KQ0pBxfvW?SL zD+*VIlx&o%I~sbXa>@8W^c(CFWowYFV#`EC-Zp=o1;2-V`S-lcc;rH5;<+GdtK05+ zCA2xO!3XGpQuMq}vE8XUfW>ZIZ_$ph(Rsy%tV8h{L)K_2`3kuJg?~D)NbGS}0S)8O9;(O#m2!Ng? z!lpFcDC*y?q#}Cg4cF=mKt8Il3(aFi|wlzkFm6w zet+GCVP%EL@?Hp`#%^u?K`rlcAXxkLLkkDdo{Lr4+02$MN0e+53Be>>FT(LV@~l0Q zySU4Ea>zy;0ZGGlOBYCTb#blj1+YbErUbEZxe$ky>GlRf%YsMoN&TPx9w`j=o0;O^ zEoScr0}lrfHcI3|P7mj#GNcbb$N+oqOSbxssV}Ia^8YH#&#D|P*BQLg=|9Z=qnB{2 z%rFcP-onLV1c_BeLBbuZan`PD-g^Q z(sh-@W;M$1&2wRb55TcVws0gq&Gu7eSa z8W~4nnn?B4f^mM)EL?`aYET>4AmW}!kVTYRht?$|q(sPT$(L&nWz*Q(QIy8s=356! zes!I)~RL@u48|9QVHq7Rb{ zT(S7mEpXE(JVE8Nuxg&ECml(F36_1Sdd^4V;gC6vdxLY%RZ*mC3j!ZL&U_%x7(>UU z->in-*Wfv!JVxopeb$aQ$oZ!IHI$Tfl5Z4jl^-74P#vWHqcC`ZQ$xiy7q}|- z3DB$Rj`V8QaFu=$PH_Inr4gx@yj_6T@G~3@k24T`Ku?r~zN9DK*_7mUzIG| z6(R#T-FqVz$^tb!X;$hl+QVrV%xt}j{j5YAYZ~)@G@6mhAyU6CgkK4{m-GrL6`j#JsxzV4^Z#}F0?x4G_k0f6wE%SEuuca&-wFYSG5)1+|a&a#8LGLwIze|x+B;=BB!aQ7^v zOT>ajM1uQ_@=ko?JIZSw-v)AD-L23=3x(w{g}zjkn>*CpjXC!=r%5F`8@CGRZJE>$ zs6rhq><_!BWk({vMIer9GTY5~stq%^sKcc9}1@ZBr{;j7_suwIi2;?O40T(4)xL&;+8U2LJ!I|aQOzzGgi zLb#9vJ)N;9#!O5wvf08EO$`FcnsX|xd|AtdZ?l*NP8cAw+%DJ1?LuRH&3zYpRKG~t zB6S>xuF_Q7*pwzokbMrGL7@Vy;>QFngSSS}n#q(y;AdNWQ}uo0}-nHEBtICvMK8XA( zFJdy)00td)KrRqOu0qVKF9IDV6p0IQ(iZYHw{c#(teXI9>C6vnuQ8b9%K4al07h{v z8N6X0L(`Jj#8>>v#xg@XG9qV&E~mW~*u*;7**xMc5}2-QXGw@P7O9R5TKa!o&Ka%+ z>0Xt_ZVU!#>Fx}vQb&i!HtRI2(}!^9Z`yGhp(cmmb~+tG-1Ig^9P0|LLX1mDE>}=> zgqv7*8FFV?|CqD@YmbBtdhh<{EFjLiVN^f>(i_^-5-#HJk#SQ zVy5qA6;k&EXK3>)LTxYxbbci@9^lOeD(@2|EWZIa45t^*rPD<8GAZ3a`ELQ{Tbjkh>IF+3qblkw~-d$_>KSPdX^v-)nQZ>{L>#qLz=f~S3%gfF(6Jrv*4$#A*f_4L7v%0UO^zlj63quC<$>>l>Qoy(a!kUwh zS!trBYQ)tInSa_6=w<^>%DurUoU3#w`n91q#$iKd0LtgkK{auSf7cMk&_E2#zOm_m z-joz(5T;K$gUdyl+1fpQS`I|_fvc;tPSPC6`8ffq08bus<`#>;mv(%Jb^a`9`}{q5 z2z|&~s{O6XuuTUVMH21n9lwcP+QW4#7YRTB_yJ9qEOH34mzSW;K;vm7w9-#*O3CL4 zTt??gd(t|9(~EmJNtAYY)8WLwM0Oo`-bvrpXr0v-S|*j4>-P&K!+wV;5i7vp%%m*O z!D!V;;hEf*O1$$}^4tp?mmO1O=+>-=Ok@TqwxQI}@A+Qd^o${kq&|_$?JI&8*LAEy z{jPxWEC1I{Uw}xJS=D+#ryJMB_08lA)>Gyfg)!&Qg|$ytDMPjY`o}G_K^f~8`X>}D zO?LTu@<)!UpJq(O6MmG|dG9_!fv{tGLS905j-*oU)OXR~V0&rv1!G(-D(HJH!wi0(i8o%V8CvD5G|T zir^_EOVeO)Z(5E&hdkKhj04CN2xO{r{&!I~&5V5cVHr(^T%0L&oIYY}<3w^QwMN}d zIu!2})EvSX_^vEws9H}`qgwjTyo6WP4emcI954FN9cIq|okACbGowi3A*#JRvqw9x zpz7txCeCNp9IzhD){0Fx@FsImKa=-R7~q#IaQQB9z@ zhIHYM%4*Q3EehXXVahn?sj%|-j;*qjzTYZh3*Rmj18q)!Fs~X~;fSm&z1nN*NEp|( zgF76SViW+D#-W=}h`t=d|BDI4?QS3A6}(21e}rCk#F{ zSHyHE&Y9e15M!~rNxuRiez!k^n&;2VT}aJ9WdkGx$}2$JS2Fq8;mbjyHrRAZ;k z2F2hLSnmmU$kVj7*V`lzOCUlnR%MXg&8hWnHGQ8L@g~iw*VeLhp!?%98B|{8bK;LU zV{VWvtt~|W$N{^nA6LZlVr2=5c(zGk#h)_(S8YOFNzNrZX{Kl~*cuW|iylDu8D49% z)MDhg$QStkTrynQF7jB#&C5MO5Y9Jo@WT@A1fHLDObFU}sX^vGj8GP^NG=YRA?b{R z0*OzF!XItjks0&*e2q|QUqkG(p$nbJk#3B}YW7KH%-a1iB#_w`D@KMn_9cJw5IYBW z{W=t?E*|pBUVE>HL&#WiOe+P}rXH%&NUgyK7n$UKbk; zv)M1lTtwKolH%}$%4!{jtuC3P;7{Y(ZSAg86}`NZ>s?up!h^66zRn5ujDeu368Gyg zE=am+R$A!>Yc%|T@^LvlrnGa_>JnrfMg&+g({s4sYqL1`rQOqq#L7e&mH`*)Q z=w=P3wI(nJDOi{U#Sg*TIE9NI812FV^-S?=J<0s35?-v%b_k*Nd>$LTm8ktaf#9yez6n6=HT+q6EUVgW2LR#X;dU*6!Gat_4 z`Sh>95!|BfsPOgFg?&ys%X*44UsBpLK$Lp4nr1x#y4X4&4zC~WP5&ZD7Q0<0e*C0Z z3)mFp$O34ursJiA$3YO25+|Pj=EiS35sH>~9V4O~{F>dqzy&_mU=>tYYAUzwo{27# zvFY)pQO`}Nm1fT%jR)0;GWS9Rf?85_&-y7ZHk3_&`KOxK*JGFEwV&UU>U}YQ&v*%N zl3)4P8xVpkA|WkKL7?W?_+Ym6JIXL@XTP40qnODp#iN3DO;#RTy%7|DS>wPb*ho(b zbhR?%x^kSmNRAwsSW`@440~BOCDlVqitN)HD3I_GEe9148`~ZI1e59WwrC@!Mc$}W zDD*wqoeicx2@p}XfG`OdTmcW+0IO<+XS@ju)OMD!^}CYK(%F@VWp@XPA}5qFb!=nF z-;pM(+l%oGB$g^tYelgI*nf3J{n>(Hn3iYE;dW>C%39_k5pf}FWXMu8qYg8gB3+yL z&DS$$FE7@^e%F+`A$@D8Uaf@o@$P%S(RKSP^a_+jNScpiZm2QObts@Xq#`)+&6X>E;DRWexUalgeQ zytaJtHsqim_pMoM3@7>Kg=NMxt>2e{>aqF7N0qM$$;_>7}!AD$%_KXK`-5SD>- z_63e6UWL@K6J?{6-$0A05S(yvN1o$ zd%C6r#VBv4EBG@(EM9F3M^loT8%dlfHRf*;_-L}peDYfBq>ifc>ji4nwG2RZ%%PYS z2PO^Syt!>9ZrgaU_^ssBH>Otb7aUTv=xloN3rO0Zf1D8OlGL*a@6 z(Q46*B%dXUz`jbuTE{uCl2StUUz8rvyc*RGz-aP3d9g$i^KcUA^-5)icUIzt1~u52 z3R#|dD7sc3q~q<3@1y>2s@Y>9AYHMsx@a7x2X)`Q#Oo}1^f?mU`!&jhi4?s3T zb1AB805a00np^hzKT(9>2wgCTt-hdTMs6eX?zY{d4|3q^zIGs0O8ws7(`2zLF&>g9 zOqP$Hy3J1*4lA=}FcTIm+H1>#yVgdeG4sW8WRH>+JNBA#C{08G)v%y22eyIFnj_=Y zCo2Dx@yd+x(=Di_Id)>H8A|X1#T+es09@P%q96gBI7Rkf7Wz8y(SoH_6Bldl2^u8- zllZS)iCVGC?`tDls zW~r9m?CzYKMLEMLiWNk!kC~l+0goU;cvSx`{J4+C4DEK-DY)0`N|)|gyteh%=*L#_ zFes`ZpTYKIJZoqgTY2cU0ZkcV*tDq^(PQCj&yIDW5~L2GEU16l-X zQ>6ZvLAD=4;8Lwbi)Xvb!H5EuIm_)m?vb~;KVNluU4C7!aFs4JDCp_CeD+z5c;uk< zL@EMGJ-U!TOVt&tq>$ji2$}^T=(hM>YalFt^XVaZq2bu^z9KCc`^aBwhx7-$DBuYqW`<( zb8=X4rM=X5K&%ei7pmY^d3C06xP}oAq9WN2nI0(bJ-_L2cfI%&aA6phLV6;F>nCpR zBwol39RoP?oqlTMNPVN3U<{ECWgF7aqoK+g;gSmqhIVY~=J$L>cxBb-!wR#FDK)}p zj$SwN7$44p%(?#EajsDq^tc`FdeOrhx4#SJ7`1kVu-~=c%I;xc;2#r?vWZ=w8x<}l zG?&IZV$62L4Gb?dS(8w1~r1S>dParn$O87SIZ=e%1h*d0A zQ-GVU>BSo7lb?3~+GasB$nKl*r>p%I_NjVYP&4az3$ozxbS|m3Q&!S6Nr~ z6_m9&n(OUA>OX6R9S@C2pCI)06%a4wp1C<4o~wb%BN{L=FXnyc_py{8MPUYUn-6CF zyJa`iyVd2I_!y*cOJy7I(o6^UVDvM3gP+xh!4O0OufFKoWX@+1EJ1eDRO-z$-op^T zj9L?6(el$UladL~?>qK3!O4|crJ1u!=O#$Xr=40!PD!W=`MF)+&|uI4)FAnSVQv2j zU3e>5h-JmrfnQFhLL=2HSY@y|{H^>P_&T`epG>Au4e+b}ZRGe&HDZ3l> zUV$QsBM8faB#+Q4k%ol#n#JiXl%Ijq@+f7^wA)y1NoUxIk=coX1>i!|s4fMT16}PD zT#tAZ4RG?b57FI8zq-%aA4heBulW!GQK39K_8I=(rgc@atbe7qGH)O_G_4ZYt?H$S zQ)LcrIm8kZAVisZB{wiE@Zz>geJ}nDnxdC-WM%m@SAYV2+QwW=zM3}6VcqvgD82R1 zhyD4ANS(5cRhZsB`nkA3|1Pe?>{7v>#bV6A+C4hK>}^U(cZ*PLc}{PZ2_BOIhGBN$ zOVaMKZ#bJb?}j#B2!dGB1=I}D;6{SA>C#Oj-rq`6HODT70PQ-qK-ces;+fI8Jx_$^ z&4ASf8ufH3go1P^Z$npc1xy(XylOGu8to74XDanh^>!e#9p~iDD~q4>^6Zz^Akn<} zWw``l_P+}nfY`l}3l%G;IKTX7Lw*lc*xfEA(aO{HBc1eSsmDqi*MO>D+t<2k$*g!M zd^P{UG-~2ZhxYI`^e1E-nRMGiE8JJ21kak3wH`z61v79g+(!?q%o|}c7WLQ=W`S!@ zW9v$}lP&Gz?++Lg5~7hAuWXh8c9_~=(LHOCV>su-sG>CAp+>L}3(=t6B_W#s#KZE^ za6M0?-`yPSzfs*Yk!lK3Tf3G{?s?$4`zzBmE0!DTIYgFMb!liFDw{16(LH<8gXxsL zJQyH*BUo4uI|u*GyxTzt*c#?9Ho~`)3Prencn>SRUkx-VfSYTVnZ1S68Ab+Do0xW$ zyU&WtU(Out`oaEKb7$>5pe&EuU*(?5Z$*^r#K}lQlSY+j*eXq37H?Ei2W806(5g@W zYLwCu$@^g!8>B?cfGLscJ~Qs8?QmLmf4+8PFa6sN1F`Awqn*^@%{Q`s$pjRe;*$27 z3&%?8j_UE$a-LmBbl0s{YJfCN6(?6NCJw}JY6_*8j&|iI>QO7^_5_0_rq1n`Yv{+O zsQ*6@F8P#NM}VNjCMSeSyWn&|WRVRxG^qU>mc5cuMU58Om_;G<$Q@>}RDVD=azp&_ zhHf8~BpcZjeb>U9z-n-i2lyE=+&@vo0Krk1q`be5$rRZOz-FezTL)Ju3_xaoW5Vb2 znKv^VG~KlLu6|II6^Vh5`zDLBGM0QeOLnht3s@)xxi$$Jk-kXy9bD}xipU#K828ZO zV1RW?c7lGj?_MV5B_rABK2dtJY8)$U!9$Seyb{NdZBn;{^7+*`M1Y&aX^DUlTSs*< z$X94-T!*MQ6dsr0L;uTLD8h#tMo?gqw+jJ&C;W*n4>-k%kxQ`~v9#DTxkIC%mYWB^ z5`-m3u$eY*C4;1?e}gl(q)KN)kv@n}($GGSa?87o77_w)&R#qnuCxuU23*_9^Iews zjk>XVPH_WBhK~cwI{^D2v@lk&Uaw!nfi^7cdl(>VP@gf)E}}B}+A|SMGKJDvVV{)~ z$cQ332lpnkxsMtWK7dm%;nNE#5}-Vc8m3cj;?qMy%S(SF`^2TnW}?CdhkRSQc&1g{ zVK}uMPCtXI#Y~nFeJkt%tTJ)=nGTS3FH7e7(<6wcmUe`fpc<9VbY?GG6?D3r zm2E8V-{Q0xu^V=xvgOx^u#Gyi{qD{UUB?NvAqRJ)ztMiU7AanEgLF}ae6)v$*Q#82 z*j6BpC5T>y2=i6Y(pYpB_qv`$0kg0q@PiLs^+aXoc%#X0ft_}-v;Y16%NMQK33|9}k@VFr?tjH#EIL-608(c< z6c(GFJXgrke{w^ifuYP!?$(%I(++>OKouoNdKFtL&xJv;idL65vfhn}zQh&zTv@>{ zo;6{`{MGLY0`x;yC6p5M&Y2+LT}6N{CKR^cax-LCC=D#enA(iQn^L3!pL^G&2bQcg zlCS!=_K%*zT?wp|=?XM`c-&f>ZptN@sV9g9I^TDf|2Wm^yHZV9{oP@mv0ey_K z$F>FM*2)@@^n!b|0V{GG=!ea+y&7_uOEK?Y&v6pSZQ&Uuj{fcNoKOu1^lW|_uy^yy zE6w;k-fO>|w0Z_4OTrWjJ?7nEOoeY3r6k;e;q5LljM^~!NXPAi^(p}eDVBqe38Y)1 z>p+(9D?T{er6tX^&wI}$7oXtEyaa<0n2 z%W1QVDVwQUM&Vj#duY{nJCW;|=Ay8Ja`s|i^0fWXibYkVzTh=1!hzX4PCA%-Pies1 zSBo~3$CD<;TtWqjc1C8e@Q2rza(NGVD}B^H)9dz?v)`gf^;R_XV#8mSZ};K?J!!=e z3>f9aB{_5C@9bl z;n0`<4da`;vg!DWb&#>`dKlL#`rO5K3>wyO`=2Yg*L^|ns5QTYPcgWThJSN!B0AL+Wt!lz)z0y&k{qJpT8aSv}1GZ z+)$k|tz0(~ynx(~d)CyP`es*(fF7ZuoFf|B9dF=Czt8U^cWs=$2j4`lLBWyc*Lyxnxn)Axk|b ziol7lM{%X{JB#f}mz6mUHMdi^Y=L@@KG4=dz+(yz0hDUth3l$z^LuSX& zyp++~1-kAeuC%PbuYk}@qn0`UgGmSE?m*bJCN8^*Yqg3zH8dHBDE&xp*m*8^H5-2A zQ2y~jLMuNQmc%5hB=m5bjE!Z$RMyEo5H8BzhCzWuJwJK@tZ>uwF?^gm)7tO7-e4c0 z-T=X*`wR`#)(NdPJ5e4negob?nucJvHH{?o4{z6jEq>P$_a!u@D>I^CC#=M4vYIgK z8x2KOS}P|5Nah462nEM@j(h-ko&Jm6D`r~4v@W!`tzFvu$-ReH3CCvMYXn0JUf(ks&v=b#SuYi}&NcF{%q^m|g(+ z+*3V}M@-r_jK)&>Gol&InO28d8U=(;t~41XujLwV50c@BS1z@V8X+dW4uui*W|cuiQa6n?(AVzg5G#_f*riP_QN zzU?+k`L|X2ToQG|;@aaXKHPV~#}_Q7f{p6?L;K=5(Hf;rJ^Gi{v~1-O>mn3#{6jARy)eE1lQs-vk;$c4znJ^$G6 z*cXN)WyYxFafnQ?hD|Fu3liT1*RKP0Uj*ra`G`=gpx64GZM#%>5Hhq+?LAAfDY|3r zH}Y!X!=$}t`RUU7r#dvJaRK=jN%VrYj?0sYf^@G2lo0Jg;g)u-2m^`7!8(Mh)|oc{ zhYCC&vKV1IK;^CM!C@qjn>2g+UhEg;0vwXvnWYhHU+vcCp(_l{8hPaAaR2Ium=zwn z4WEC3H(m;nM4Y$_Sl57^5;Rl58`EEs9UX%hEHm#+Vtg<*yV^uzTc0|aWL>li zk7I{&oR(1xhcEt+EnMe1i0z_h+Qb-`ZlN}^68;gSg-Kj>98bX(KkYD}Z6(fEInJYMAiBjTZaOb+tI+bD&Lznud zs1%KU8$a*Wo={_}9f#5us=Q}KI-4c5nubT!oQI#fr}YmgG<9Hv6LlY-U!*?nA6ANp zIY$}CK663FruIij-)@Y{9WW(2)kORT)y1#VuaPO!9Nq3H8o%zL;?Yx_IgQ7uJWo^A zbww@dP_l}uDvat!25i|d!RC3xXv_Whuh2aoD3Bwm0(?2rWimcivAAIjNy0r+=%c?i z%r#fQ7LZw9cdma*uDLlYV}vR8)((Mg?nFMqB=jq{4I)Jk;=ef%8XU&>7Ekz?rFVi` zfUIxa0yh+M2#RA2A73S*NMg>Ba;{9ykoWKvSkM_Tx`vSx0-j!hSF}tJcj^M`I%ju3 z4AK!?$%XrTi&GaX4sBp6Y+b=i#gv;Q9VOrA0Uk9jRRD5#5~ z0o=P4)OMV!@tQZyxTG?8aFYMAG69paFA-$^J`2+S&eVXcjFHrZe!i zseOaAE?I`hTR0<1o057t)qVs(N7+Ns(izH9orAAa61xZAcUH!n;Xq>bjGX`hI zg(6O7Qjs3LZ`HT6Q?QK1h;p)0qN+n0)UY87Z`Hoz+qY5Mn3|zanW`w?+8QKNad3%s zP`5uc)MFb(2SV1jTIiLzH>Wk;iE@b6fTyL)?d6hYJKx zU9x5)--s6!G-**EgXFBjqoF~B{|f51^j}1E!Jvb`-tluZn=6RoL$k>?j#Jt7dF#2G zXA?u5hrQz&ft_}dZdJD)W%%%six(=_8X2y}ncDwvgDB&{Q@=fB+x7DB{$Vb#CqFT9jR*PA`~z%cIk2i`|mU1qLLYECogPVZ26 z;fticAfZ+NQl!pPybt3~wmX*^g&_08&K;m3tsD#miQO@zYVgi9XukQ=Lcyc1bi*af z_pYv5Ka>Y51@QFePd0u`D8(p0guWTef+@0mtn0}PC1a>#;K78^Q2}&q6cu^vANQ(_ zXbtYy@Ifc1N7U}@ai|gvQxQAa+yuuyk~iM%qUxQKG`Nv3TyxJLhz!esuaL_g#{;ph z6F;4BTM*XReyW2HP2qXuIgos$6bF+tO^aKpiFp1~_S&jH`r<$ZabCg@ETukyBkL0iSWY`$3kCkXP!F1K zJs~NvIlskVfT_FN{rpXaH9t|CF1|H+duq+`OkpVXNKuz%Bi6FQ#W#h>ExUE7&_CQA zjasGl*_EKr0J;g&F}CB7w|Tu``m<({da5_Q7b)+ZY5kys!N}=olyCG)QLdYlZdF*! zNg8B_;?7*q@crehd%i4Z!9;9UhY`DkVl9-nXIPb8Gq@b`N3Aop3QhjnDYs61dBF(1M{sVd+3(>VDrNFA|k4qev z%p$d?i43w0Y@GOUmDXY4sxh@BAtVUnea?fc5^>5|p%{`qX*G*F`~a{M2SqZ?r4#FM z`@_?kVTmec+u#?MGsMtORg)`Z2$;8v&i=^DE%2UCXL9dU)S5^hJoGTG>Lbs|2P0ME#R^YzsAvZAJgkedLynEuFt=05l^477aiQOoB_ANp%3{JW zsd*D$6Xf%tOR$QeM7k_&zz+bV)yo%_`Q|;)_f-A;YC%1lW8c#-e#EBO;-<|D!lT$i zn~60t=9luvoa;H>6w)xppsL>j_rT1wu{htsYsR^B$BntOcs>fLO--U%<@fB}Kz?yM z?fj4fq={9%ZVLXLq_e+x-?mrh_FzwJqS7{@*A#&Yc=wjXmot`K7l>F$ajM`d*}Ux8 zfVkcaqdbwoxL#e5JIKPby2HFvF@SQ z0>9|5a%!WkDCKz{8GGna)qHm^bl*pI>0KUSR&*wMjI)2JzIclB7BPt4sc&{`UW{_P z7(+Hgoo(~jxgVk4EH9m(v1Z*6Sg4dVDRlh&Z^Kmw#poR|Be9ADkEsKMf<6?^xX$F73#8h$W(klr4LW}(^-rD5U{=OKh z{F_T6_*ap{8wXiB;Ut9E?}Q^_zBvUv-|Hs0bfkkAxkm#f+{P&8qYl{2ZOt7R2J?qm|{Rr8y&VWa?ZbN9R zPsZk5>#M4GcO73HZq-^8CccU=6Yb_^hAZ+xSi8%e>P>Ik{_T}{Fbc7^>sI6Hx*O+0 zFncCOd0pXs0&^tJks77$P-6Gvz&s=&i@Pum~`?RjHiJ632@L()6a|t?-H1j zIh&x=VOX(cs`Z!FLd;oNuOaU7=N}DxXQp^-pk`o66-u-ITe4i!-w>2|LvkrN4BZvx zckeu5kCT_YK_YME)CQ>Y$`XfWZj*=VOR-6e`g=?JppSU|oLK*I&|b})T0Mpr?m7MI zKD@WY`UEc!BO62%ZUV=g+Pd{e`(9KR$8q?qHu)4DCpi>*6?pwuK#4ozVV7hrLETId z8R5scr%LeQYdLH!amP%)`WcXwuInyO%^!QDacAy77~6^=2*)kP1;2>+XG}jS9p_u%k`tg8a|OQyd`1t`5iqsN3jWW zF)K4q*82VKclR{nK0;B*p(BzMV9w^AW??NDjhsD^QzNft=z(oSO=aTp=IA9~Hb_78 zS6d>Bq-P^;J3UFcbji~x!t-D4!Jypi5lco;va5*jgWu_IYX=LyOdtQEwYuD$f#O)j&SQX@vx!o!QWad~*E>aefuU}0Y_ zsgB(RhZ07?SDe6N#WnL?NWz(pwokus!mq@SZ%1GGU#i zQY1s@@U4^;Ey8IXCo+brl2-`Y4!Ag8G>*0)NrNvtV$%JD*!N;lPepSg!c&fW zz|mL@J91kW{MQ*Py<9S3-M1SgJ0CV|q{W>p11lmT{Qa5XxNnK{_TMBXNd)h@qk$I1 zsJGTnuNAks9j$_5zNrHTetkT6UBYxn;O`rivXlfFv*!bwEo~^s+q8k*0WoOF_ZB@` zB?Rh7R?jOm7i2r~OKO04foPn|X4zBqM#8L_TTZ!6W+Au5&~x_fNLXA=jf@9<0HB>= z6Dz~r8k>geH2d+(7ij0H5d`tkMM)gYQnpDA!A^`0f-ssQUt@1~15E--;pGYjyPEk^ zdy9P?C#R$v8BSz{skxYM8N8()YI`0<@{nmG=te|u=X1_o(||N^8MhLbLGp#H6Cj2L z{Y#IL^=Cx3eHjL#deR+ZinP;FN$+(DY z*}HrQ(MceC5F8s%(TBDeu@KFl!Vft8_9>E2&UeUXAbp01q8dIZrz05+Jzgi(0Jip_ zmnf)#j6>2QL^Dgu0G*=N%Vk%#ShN-gkjAtfjTW6T=<_4F*-yh9hjqAR;fJ2M@Tqs*|xOEXC2bF z;uac@8NQIJ4~ssBV**b#Ft6-$8y&qQt)Ud~AYf*js3Uj}1e%vE`J4<8GO@^mRLo|$ zBz&>6-hh5r*!Nw)e{f#59lww;akM)X8w9R_6Dq>x*W0dWn%tU06u{B81^Fy{ojvC#>P{%WW?9_BSWb7nBDOxkHFnA; zCG0Oe@imYIWlvp1?1;cu{D3;kz8%LtU0`i7H@x{snVB3lc^HeNjTpxrF@G|6trW8_+?w;1eW82fJEQ?X_BCPlnof~^XaSA9Q{_a!RO&NRe$*MmJe@^Tc6ID_#yFsTOI zglj8M#Kc3hrWS;!O{VO^e4dd4JES6^?mFax1iRlnnv`&xw_-r8C|HO{4W)IKuKxxA zaAN`;c}nfP1c&z8d<)0KL$wD0_GImC;T_5%hr<+fvp!e8VA|ri+!*RW#;er-jIUgKprinBWLpn?&!sX_+x> zH#Kmik5X>UYuB@f9Q%l8kv1oz#sLd| zk47z+7#7bI{{F*1p>pjmFMUL_m|qnDgmIJVJp{kvWW9k6-I6o$!U{=V!>$Gp$m%Mg z_VN6m6aS+{ohN?8MQ<5Du=5OMW6RS%*XA2BW_IZOQyW{ki8?*GHMA z5X@p#N$e=*Ems2lOGEr?*8$6(cndI8N?%3UJj=-SnB^b)U23PAsT?d#Mc>7(? zporyCW`L(t@Fu*gH5L-us!sSt)hj~@z zj8)?bA_oIUw=Fgrw%w~h7HM3*#rK52^uzEigZ+_@R3gB3Z(10xQ(#x>j7g|%Uj)zZ z)Sj9I-i0OuPP>N)bo|h_RDM3<6!l}jS~GCnIqw%>}@VN1}~ho`M)y|23<6B znRC5X%KQZE;&HSDVY(hzL#NGP|F2Xg(xmm;RF#QjG=M5GopBU&z1QL#-E+<+HcOvC zI{ArLzSQV9V)NL5aS5mZgc`U`ohM@$@>lSnp>QH~0&Arpw@*7J2sBt@4~qYdnL;>x z08a;ElVYa2Os*dYPDR>q5kN@H4K0m_$o|LczjAez?#QjKkxQ8VH zLdIN!!x22lx`cbvk^M_vnH)K4bv|UI(etAja-hTbYSuTWq#2VtVObtAGW}1Zk;@U} zsKMy2N}C_`T=^mcNxX}4Zw+fbeaiob2AH4<8+z(_1(+TZ2vW1V?%)dUt%bT%@P~v@ z4ZeTt#Op8Ev~oN&3?pdOHXEOCTN+c^pXEn_mf!it=%P@%KMjipAP(nuG%zkgR0RUm z&TX>`k7*Zr7`^()tq)W4a4CTb{@w$EFztRjS=}zpWE{f+YPr&q?gZB$m0u4BB%k`u z2X>Gq@6=qh^^^6$3K0r7tGNIxO~Mn#e2K{}Q#1CHKV6jW@*t4(LgG`J)=J7B+ z+Y}^agvN$Xp-&G1K_Iog>Wv0*&D<99K4}l6PaT*wmi~EfEKXaTUVnI5ZlaSpIf_D0syS|paSImp2n~Wu(eVaJDgYVrn%n8 zBJWgN%i3X-8s^4h*JY6CNSiP+F##}`Y3R)I`lUq{&5P|CR%;+7U{o3}X+(24#OHgw zmRE8mIG(oyLoC7Og^Rm;=+vshiwEqxPC;M={P}_8O!U%$uk^D|^r1+1Dv)KcmOjs? zAd{;6R7zWXJU&9&jg|+)mK1!OaXt0tIVOm-={ArjhZjBl2TGWn`;!q%Tf!0k#0MRP zA1C7;qyP8&j>;ZL?dQGMXG_}G7g$s4m!g_|+1P&5hk zB*={I{m|Le1y;hu20(%{mm2M6%d+)*9QQ&F(mk^&HZs&x6byEHwO@p_U%}Yk$$#Nc z9_6y!eqGGI4_0gd&ak*fcu0&vP|WcPIJePyi$hHTEShl$IbH6VC?_vx!q^QqGt4u? zAP?IR$BD*yDx4{r`OzF~V*(SC-p4%bwX-YfOKqlF!HLODWiMHkMWG!2)t%bIri`uO#Nhx@>n;}onrS_3uE^l8Hvvd z1i^n^(=~=y$2Y>DG_it^e5;~Wr`VkYV-m$9#3(>eFXPAn^;0phxsIG*kIhNiv7%B4 z^dL58qau{BOoaq1H-<(Blfq`BVHT-icc7QHT(Sv#f$BP0y3=apn9ZakM6t2T8pKH;*5GsZ{csAb&_DB2h_wVhi?xa=TsB;}%e6I< zNvV9BXJC}5`~j$%%97(m%%I&NIf6^qiRFiIcu=I5piJ25&C6fa-v{EQPJDHs&1)~q z8~m3Y2=39nGQjxDDr~;?tB6;*h0>%Lu&Q(@BvaD^G?qcHrX%x%@riCokofUjU>nD$ zZ^#G40=n^+oH*{5Z^9?H)`sS897Aazl@a4{sM{Tnzga5Lu+egQz6%6|6bWyT4K?>g zxvv{an7Fd6GlWl}z#JMJ58SAXa(Xg_qBVkM7PdnF!yg>6y0-6o-jH&1J-vJcmoEO#ji60nWRs%oiy@jl822Nu_`L6T=B@@cXI5_~F!}_Xbs*wGCs! z>mGiJ7xNd9So&n#abgJ}!RRRLhHw@Pe2|*f#bX19cw0rz7xokVGyR-!HVotWmRJuq z?*QtEyaN4i6u9XUe-Qm!iuY^+Za!xOtr0K^ZWda1JBrXXIR=Yt*1>a}P^%Vl(~~QN ziEtJ;flQre41qSvq;So9w}{oFMSN%&5!+q%UQ9#p3LG zE^$_|BJ0y%nS&WFOf_pZJWz-FKw=W$t?J=q*ZiaogYx3Eu5B7)J ze003Uf8R763tyyRQzNyWb@pzrMn+MI3sK9+iNtZ)b8z2KYUs@7M-z&=ahSXR=yp!* zG5CgSr9t2#6O@%Ay@lIx#|j(cO89N!es71wyR6!WP9rb7&W2h7~a_gO4@{I*ZZ zJ}K(0uQqObRRo-!7;2R@u0nUo1>;J&I6*dIm>4VlHD1L znPm;T&lL7JZC*!iEa3T!O>ZUxI))M=sS&-$T6&_W;@dLO6|#>kJ@1J@Vp)zHMsrS7 z6S1J$H_1t2hc1-3`Ax}V&3gdU0zQf+ zxcgz}y}x9tZj@^{jW$_g^cpzK`T??E79Z_$+wjQx$N>=c>PUgEDiQ?wwHaF1H&hQd zzWO5%Qt98&Xl-(uF7`zn-ZVl8Mxed8+%ToV&R8iK0!`(D2nVq#q6TNvYAebWgyyJB zWhZ|#{znW5U76UIi~s<6VdOCvRs~`$?u3Am@M1ahwqunflKow6hIjrjLcuMlRrl`# zbN`pH$bXO>qoSJd=>4fRisMVbw|og}D0R}gdp`9J^YyS+~Kse*6Oymxm^ zv8Rv2-Psr|lg;%Z=xU>y?bfJ&^g)<$JS>nWJfRhx8=;Arx~4r${IoQc44HcTyrD2A zog%<2+OedZ&psqf$~0&`HE{sl_)(H9{YFsiBNh1tFX9;sCrPP!0l2nrBWB%*mT$+t zDbOR~yaINZoUON}YaEXU`JfRV@zY2LFxIBw!?D4~eT*I03>f<0sR4p~cuxoazup!} zK|{g+6QYn_JP^q5k`W2uXz;Z{>VcHHYaSbURZvGmk zt;S7xE!FR3Ay2_K!J)hcO6UIY`g}>W@4O&lbmH)YuN@eK-t$AcI`(xwU+8Pzg3BNQ zbTE)>MTK_{q_j|%DX)^lTWI3NN-4NOuPI_{hWFwD_Y1#;CRth+UJ`(Yj%nHKmTY42 zP+{HABCq}HP!D1m6kEuZGYOvPA-N3bX`1ZCF3r%?t+@mN)nNbr=PQX3&qFk~xIJX} zb$%ym7bzn4&c(tVk*Rj{tKD-2fk`8)+Ph|Eac@E*{d$988efJ-FDzO!NvGVu5-lrEQqato%Xek5$(ZQiL-m(m zbs5B-l-K6Vy1P|e3y^G)BzWmNYb1oA{lIrn2FB?o$Z7mCM1eXTvZHHDnRe|lPHDC( z!%^3jm;MawyYJfM-sS`w7#h>>iHwb5{>ZGCqVKq%BzuYFD)bPw?F&5#j*{uG&12R# z#8yBbU6*EItJgu@EQ9z&1%lZ>eSkODCOsCtyb z3vB+`ZKa0il8*G=&1^+#7oJeUMA9mF^rq__OPrD%0h#|G6?%T90q{GMGC6JcC_XY$_zA}#hLu@NvS z-#Fg;U25AzpBBZ^Ll{u;_Y1~rRLK$$JHwq&W&>z|=1jJzT7yC5Kei~4FbZG9>+Fp7FEVby9deC3?bQAYz(> zZnO60zpiZmk$Y`R5@7tHRQNv~yTslC3Jhrj6}uixG+|MMaU zVeZ%vlmQ2bjNFP-0_#RNu-8T+WPGy#5k-{70~%OrnjgILc9epbHVcI^Ds!!#~*u3VEZc7 zE-D7`KS5S`$gp>E9sU2~ZR9z8ddL|9e=AA{opx50D~^@$ivmuhVxhG(10+o5lCD+I zl}q&3waiJDU#i&xS|kAQr1LwmD);2Bp*Eb;1zT};L)p( z%KMixC5Jlo%1tY;@cVxa?Dtf9GEir(GRV_|mEF4~OT4q1g1V7mfif~(^;kqvSOm7) zRN+-!r)H|2+2(KMZ?eU#o^`q%3zZv2?GX9Pko(D9Fve?QU^kY^gjDG@dkP|n4QYvU z&o=}xr~TY}>finGJybphQCQAb^|%)xDp^ z|FFu5l5@L2q}=Cu%tlba1$F8m$HdH=6po!&9Gq7bihGu7pE;y`o_WC)0_jPW;AlC> zt{=OAQ(+u4*Xvo?;eiVZX>yha1E)T+1v@89nAu&2Edh{9mm_=Kk!hexT#BC0LJPe` zzxGgTyUar?;oC0-;X4H+>~P6`t<^HYwZfeLVinySJGqc8pS<7k_%Q(M+K%~day&5mRtP+VI!l;=|Myu@!jx;lCG^%KIUmP1e~N$RnmIq>d~aQ zpt-+JR-`cPilcHkc0$4<)YzsWQ)kip8cqtGNb&W7Pq1h{r#iEvK3(E4A;A4*QK>#G z22`r%PwQl2xbfPY*4qapk1&e&s^ki ztc=~oxlWMJ&xA%s2_YT;nCh>n?ufBd=f~=Puy-XO4{<0*ffMIO_e-2gCQpc89JVo| zUaYyJv3!vbT??Co7A<#Yd3;|ug|%+(Mf2}B1;Ox0Zgw5F>7+LyaHBX!8I-AA6N$Qf zvPg=zsx=XvKmE3`zvjpae{Q2043A#ZB5(-PrYPQdu_Q<_p3a#>OnIcX~%Lx+l8;=hp0KC^dR^F1F0F z_4xq4S%V6B10!#|(=w!5K9WLLe&NAjo4Qx3jnXGv%ZKV zS?Dj;v}5AVzg^1iEZjO7Eov6GpiJ>#3X+hYj|ZI0c`D$LiP3;Lvb%N~@=Y_b4knBj47t{-Mu3(Jd$n+GRm4MB^M?~-bq;TY36E=9rgl}DjKHHY#9_-F-89Q!tJ0*h zBXWpjvbM=dCs-L?umMOcJ zz7b&0wZ|I}*%l_xoZxG{uhL&zUVpUlR{6Vipj#if|7(2hoa;DFa2!d{Hi1FrA(du( z2psUkVLwzh3)!ecRy3r)WrE0+A-rB9k{!S{(0WqSR0>Uyc@C1S+v_B*?FwQyTt@JWY-uPz6-36Wvr_E^vY@zHJEO=}|Uv zd%56h^!Z`>^+?NU#h8X=Y}Np&wO&N@o&z%4Sz#StTM4wZT@I;fCqgjG5Ky$2;sc3& z63UzAwe3Tka5}$Qr*7h!EFn4pa0<82uVXc z^3%EAZdCK@x8|fa?7aAi3;v&X3-#X`R8>M^>11qvxg|UvkKmRH&V7%ZTs3*E;xY_l zr>(v)UY8pHdE;RATyEj(@s*wuzT$1l@vx+>!~9nzQtih@b=)`ois%%^ag?+%XFTUp zIEZ_xK|(@(cqs~#0HsZW>=d+~9DY~W%^jKH=LGyBjE`A@`%3p+)Y3UQT%dW^}OobN-(XH*YNQ2nk)i>AZ8Iv z;(#w(Iu4!sVtFiB)*h_lc$I)@@6>e&Q>h0Ym_-=$5v1Bz+iI{cHPB6ngtRJxJKg`YvXx~Vr+q|;pbk2R*_W*yr=<1^<;u; z4U9%Lk`)IUy_9Cxq~Z#o>xv4Lbl0M9tuM-rE0vi6YlvQvc9*ujk+&2Mg{*QqTThfP}T>totbjbr#<#yk}i3gkVG3PYRaeoyR+9lj+L9?A9`NeazjK?y~n|D)rp0 zy5t9aIK(;_JQ&D3A?xl2w&HHKZpz&K0Wfwe4$@IMz2fWR!m#;3j(V)g#jC6UK~hEq zo0CiYqGXRIhImn%g0Abh8Oi>cD)Tu9N8f2v1+Q$6^kFl5;G+GRACRXv`nXmp`ZaN- z>8+GbI?VQ7p^$hgII?H)6=BQUh^fIqbpa)KW0eA<@86sH8aW9$TpEm?b`TCMtrnFd z$S+!^tJJX!-ZiTQ-$glot&{Yg{QHp5r&~$vgGaKI!4*cPcdDA_Ku-Y(5MTP(FiJbM4}qXumFSC9 z9~%A@A(NM-o`bIv{}gU;`ir}?TIGYWv|N8^{VuNm4#GbDtoCw;P#vZF^x87^0(IEV z?9_-8xcpDbnJ9xdq=mnHJ8KInb&wi8T5_AYYGS*newV?7zRjnZR~uwGAen+vzp{y} zdXS-8!1@uDF!JMvJ`~%oRR(LZ&RPM0S4_-JhS$3G%2L#? zyNZoj7?l@%FlRO8FrqP~3Nm5bVxIZ(&l-EbgvZA#ZFlpEO8k(GI?0`adDMkGyAZX= zk?b~H9ol3bXhBvBr3y~U9tfnUwuM%6SvaoDL%2PV_x_QqhT>{+95|M*wkq#uL>l*r zrSH}nlRV5W#^eZXZLNIA4wg~jR(;7FaG=eG_X?)fq!3nacXzL>r*y0?FxZc)6F`=b!7D9StsW zB15W{h{h=*wJXK?!uS4IJkWjCuwY4e)?;RJC7``ny5=h#Pm}NsAG%#@KGBJhv%kyf5C@3CrU@M`v`?B=J@j?-K5dfk3t2V(Y%g;`>Cq7M!vnl z$zm&Zzzu9_(r`2>WU+=F;}YCIZtlLvt;bfgBv{2Ujxc*lON`d6?Xsh~{E6vMSl_{^ ze0`c);BkeuDnqXFZut50$OD?v&J~*iRh;-?Z#P^=H$HXZ ztYf?*MG$hb#!6SI8w18XE>UE0%Srzg=;bj!=OG{?=l+t&N4x|F8?_)?vCd)C(6#*T zkcrwQ|1G^JFw|~{OexFp!6SY09xx2s)d*H!`$P7>Xr`e;8HO{~8jB6-*M;wqXC(Vt zR4{6A=HQMbgZlN0l#e-u=pnK`Nqfoa;B>vtgTfN*`1+ zrmLQG3)*Hc82UZ+(?a1E^~ZPRF{Yhe-~s4?f=)a!|jQe zr!L3gQHBOIBIfpmvO96Jr|djAsX_Dc)cgd$Ae2{KAaUE$$Q*>MPTA0OAwp^-dRD`P zEE_Q@epncKE=CY9m2pfY=_uf8(UjnZ^w-i*I3kaIFoyS&PQnL0>q#N!AU7R011==c;;ncrf29b#`|CS+dAF5s9JM zY^nUVYo7+MtdbD9UzBo6Px#vgz@004)Lp9;YtF`paF={%Gsv7SNX~%?{C=G4$6_Y5 zakCWe5wc8ki;=h~VN7=ub%%D%D%ff-*3exhgdU<|*fZSUY&QNO?)N|7oWWtDF@)%A~fu7XUx~JT7zPcYwDw!MtdtM+fsq2I9LYY-dE@?R(!MOpi>k zY~`+h6*n0-BJZ%Og%(J3$VM zjy((rZ3~$jkkSXCn`imfu&P$%+L%C8{H0=>`)eam-*{b)b~yHF5yJodMhx??tQNJ`F=DS8b&&3->%DH>K!xz*gW0SOH4(9?I!I8AC&y`0T_U_eD z7?5;BR*sfL<~`?f@w8+`r$#m=(?Q7FaLUdXRyM(Y4|TjvX>JTL zP-($smuGECAH~k!iauq(YpPltexa48>N}EdLDzU5xO)p@g3P2sQR8xOJ0DSV!W6Tv zoq?#7Fm%-u`w&!38eIA34Ka{aDTwWFQrYIS4!z2|n>>o8xJ%z|aHB~0%vTVk_PNkI z17>E%p34CfdykUN(0+J`l3Q`Qu<}TPXv_U|Ig)+U3E;PYkoi)wP}bBZudv;LxY&Jg zeeg>zz~njzv%z$1Dh9ZwQXX=& zX7DPT6udt}A9)vQM3LOoDlnt&U#{P-#IZFM5gq{AeA}G^Ju}E+&^+2vCq-d{FzXpz zapY)UiVb-Gem5&KD+GHvV)O{cN*Adu4_#fD5uHbX%dV0mWo3Vn0&04@bk>^rLHL(6;Qffz?l93xisn{HY}Cl z_En-(Ij5C@+CkI*vMRogwUp$(V&%!PQ}(Mtlyc2gJVvEiw&dEeYy`}`TlgKX=1Y`9 z9zppRvwM)9DJBAHYiA~9X}1Y(Qiu+(XKw(>*@G&M|0kGKsH|*=_&#~JqDdaqcL*@ooz!zLyZZnbF!6!iRUdwa zG7e!umdI$<70Hg@Gp~Mz58o4iS$*Jtk)AD|)Fa(C8M~T3q%V|M6O7DAb!azCt)qO=?|2Mq zJeyew!tmbEQXn43ul-#)`RW5UTGAWRs}*v^afP@yd|amV6$vM%7$xauux|eT3A_P& zC@&w=vLI`jd!|66lj~Fp_eo8c8(1wWxO)g1!*-8{$kxKYY^oF^mVE+=lis$%MHX)y zNdAxwpfk73q^4PAuD!6Z4x2`KwIFjG6H{1!>l+6tw_il2AF)*I;O};)g@qsN`_7%m zdbBV$)LC%;qRX7*b#F_`J^aoCwl=RQ)5_z)l7PJ{PzhwB9b0 zLKw@!lsD+NL#{+aRb#)O=Ey<={|MO;Uj!#->|5Q!aob_N(qf7rh4<~tN^lPhcKWj1 zjjr(i18f7S`!hNXDfE3ZYx?zd46|kD zH=m7Z)-IezMua0TtSq7TB-G>+{_;XB_>9a^H1`hHKywyZMakTDC}SJVGvusTTYy$Y zgTBSPuCx0(i|CcK28;WthA{P-0(Y!mh75={C;Y z6b#z=pI|y&tRi_@1I}(GteNgGs}jl-j7HN&M=il6utSZE$TlQNMAn^K97{!?wAOlZd$2fes zDTI0pWzt?_O%M08E9UQ0$a-|fkuEW{A_Ks~@1>Rd99!M~_H`&gwPlP&RjV6i5QJi7 zp@gcSf2H)QaSph3`qopMqmBOO*M6M zytENw_>2_KeVlrv2hn>d&{Mtp$06l~>9U0v{Zm{7Ybyp0zTH;wo&+WY)QR&ZQQ)K( zDYQ(65y?n=-Ng9h#w>@fIT1vo+TfRm*I$imk)A#*g_<}J>0O=r&^ZEuwee zVz`NR0h!8Aj`)St@CJc;G)1k6mhARCZ9J++W`TO% zh(h#T*wAXDFGfk-P%9hCE1Xx>J%c;lQBgN;Yc8f`l+ZkKh9ufc;HPOu_#o;2lI)HtPLsUO6ua*9Gm+y0FUY#Un%|g5 zdU8fxTnQ8MhNmx7ao>Xy082dulLjFE`)gQ$W+r(@>`m-4W1dfJl`pDC$wK!~kV(Y- z@s-S~!LW%fJ=+UF zu~$Pj^p$yyg2D|JLr*dtS$W>?{5j6J;&N_dpWc5&Xc*0)6S29aHcuIK^kyZl<-e)HXgB>TEF-?-J?k8=bBrMwbM5*{2T(S3Zd zl!2chZ8(WPpD-6q!&Ij&Qb5SxGrmP0yN$Q&jFJX*E_>7w=zdl%HFMt8{tdQ&Sz)E6ieDU!Uh3Sfw~n?som+{ zC*ffEjM@>OkD|;uA1BWA?hpQ!`otVREE(H(33$QJzk`LYa*8bm^EoyzXyb5X(*&DO zzWW~)l7~$9{qSs&AP=dixeiZ*bt)>)|Kkr5hsCS(mtaV3k{brXD3=n=_#GW$Z&QX{ z7XTU5UrDGid&M|MSz96oWsec%**-h$I92U0*ea1njvhwcxqPV;%3f_N;%y1h6fVV{ z&I}XVMJYMCmSsr7p{Ap@c!2X_odMDPWiI|(`RFuRw)Uv1V?`-^L8zs2^>$=14>pvx zIRb4iUg_5}`=2>>gx4fK9>jRYIAiMsvkzLH;B2YIqDMIu&t{_Oea z4e`tylU|kZM&6hTv}=uVl0<*$2aZAL%2t}|+9kkg_h~fYIZ$6kAQ0rtc$BYV2RFwS z#=tMByubuVpWN_KQ6f1)6yWEz>vy7nj&x{{MTDKFi|`K^kx<^N#N|yDdqErjh{N0f zv}zX0cGI6elLL`fMR&VfHT-ELWOn=+stYUnM){_Bg)E%@1EwL$UD|idr0Io=fj`)5AE8}^(pHZ*8KQ_9Ei<37t{c6O-_=IQ2@GPmI* zGz?;&z-7)=mcH>4RHu2=RbJ^7)sdj4e7!%=IAxX2bUhD0g1gtQ47}D7E{x{@ojaTs zt=y|%XxMm}`>ojL|BV`VD7BPO`BbB}ORWd{I=;`vd_tM+*@xyP%HoGc>}IQ0(~Cmf z15vjw%jW@Vx-3?1F@Ga)%^I02o*1h`0k3rUIw*|g*J6>F%1VkSs>3S$HA!JX{-X&1 zF_7M`_`fc=G`+#GKq8>k73a({|3M|DPf`B0oHiZU%pO355|vW=>kTU=Av|=ptV9Zy zj&COjTMiFs+N%j%ZrbtLn-b+Svy7wl;jW)b9-!K%<`vZX(O-(2g62Y;@@_0axX(V^uwmy;>OI4a@%Km>1vjT4FqS zR9WJ?&gw440?@^Pt4j{VneB5<3a|~=02W>B&`6+S6PDfOl41^(%CQqJtn+v%aZkXV76R za6uo28WRaDMz45{5{|PDXxoYlwZ8bR{(w)V8G{lkW|+pA_8{~?jIhkK2Kw6lcdUml z*&#|N8KmmcMQ101+(R+2P-l8AHV6fTZ#~VM0(N)7-E?#U#BMC0`oZ;y&K8VR8YETF zD;q?&ET0dnBsPGQR!k;724)_*@i30%|2kPS3Vv5e7mJarN#3NkUlwLyN6%hF@1FCBO@|PoNYaDVbc3{&jH9&3td81$m zWOlwkqR$AD@Pa5~5STNg@t3mxf!p`}7ADqigv3v(GFhW}4lc$VrjKNHZHDyyDxO?S zjPKjhQ!;1})ShY+CAeVMhE|d?dn5^5hs_u3jvF;3)&;R3H8OsKGM*~mVE=eSs8)Ac zXe%$|=P^v7u_UHU8v6g=o@~DO?x}J)HL+L0&X?;vy z&uXm-RjSCt?&#@wDQ{(#(uPwJ+A#@nY=yUmu80@1l0f{N{lA zMsuqyK#|2DH3IF+*S|)SMrRbH8za{}WHMwXkH$F74Fl) z6s&W^#m6zf8H^OtW-TY(5c=#P^!)BCmfLn^s|FzAn}I;y+&$gN718B%aYhctbuyPq zlR|Wl4D|Xv|C#2E>b~2em0h$Czs-rgVsbLM2=9t1nA8NscLm zak)o5E;WnVoSIm6ZD#gLDNR+K#v#}8J?D7um*4ujQ5>?5bN2x}MIUuP!3FDkpdsMk z^7tEF>8h_-{zS=#mBWt=P^Wq`o?g%Zz4nVC%qMfEY~qzPRs0uQ1@m*BIHKU@@te0+ z2X{HO7eg#&vMG!Wu`7={qp(TQ?p7`OIhTAOI)X_ z7O!?ngvJArQO4S+hy7g~Eb0l$4TZLBs*e(HsE`nPFhJTHmw_h5zX86;co-d~bv=W* z?Kz^>cmfE+QG45&LW@SPZadM?dz*PIXrmy)1`LvGtbuLl^6|A+?5cOq2BZzV&7gp1 zbe*gC1ZM|U5=Oj;R2uHHDa6Ch3QWI0>jymT>L38)NXJO zp?4f=eRku@#k>RWMX#+_xCTB4yQ*s@Z8nEiVomB(CPqbeP?N@YW6^W8N$^1K2oc0q%{6tB)wXR** zL|@0TX9jG6TCMu4BKjh_PT0lyTy0AMmBL4Y8*9abArr8~b&)GmTX&f`N|#>H_|fZO ztB`9sBfrmVGO$Vdvw%Pk_3T`)x3W@4)_Y0_p2w5)PfjaBc;!IqG_aXUW*p1o@Fft@ zH%T=UTWx-DIg@`>C_u~Bu|v(Vh2a#KrU=Fif+_0)U8t;Gp!{CR>#2QlT!tYz(JpK2 zzGo;bdDnh=e9gxp+}oSH`1`ozkFw8|jR1IijEQZgg5W7M)N&dp+y(q()n`a1Q8-cT zvm^dXn~*nD?v9~pmmTEDlO(NwT+vnQ+GVd9UsKqEYKqcP?CfS-m5^=ehR8ui05abPN5WT(@>xr)F}b1SRYSR zQ1J(y{EOZpExrvQIv_*QD}KJdks#kb=mZQpJb>=|BA8_-QAo<`>t(DYGP(dyQ&TOw z%(&C{H66mCl!KW!;MUMoHf|NeXL%@p49N}(p(e^fqOn{mg|_EfNF|hR@FP0=xMA~E zh8<9&JRrXMor2b20rrgKz%=?&YAcuZg}@W40b0)1sH79r;K=FL`4EZ~ArNu?FcAU{ zC#QHb3Hc9TM@+*)Pg6X-s@MmAfIY&$JILzQo#xkgDevR@+H9Y#O^GNIkL`cEXd6bH z?5`p74Z)6=FNopTjUwQ**m10=Z)QXaCZnpKf}NnB)5H0H=m379Z*jFoM+M z4x49dCfQ~R2tLU3Jw1cB6W{8=GWzHeWmLQvYxBX-djxA0jSFD?1+mo>jbX%xRkN@i zGB#&lZy-6JLSC@8X|R2cbnwAsd_b5qPfvDRYeuWb=7g$`guR5XvL|?e$ac+jdwB+f zS}WsBo5BO!1%p{lZlTi=IN^7wD|7Y9js)s)U76DOaGQ?oYJ=*;Hi2`N1kcKP;eK!^ zj`;AHfs9YaUx5f`w~>tPn|SAQ)q$>tchZQ#9RJ=rs0vBM8bxG0X)$h-kn>P~!T5rb z6e3a?hk**LofqpZRN)I6{E;HbH8ihUH)XiSS>@{8O7nF6zfp8Y6DHO@WN^7#@WhF{ zAU{l%3tN3J?g(t^{{<#mXt_lZ%iFa>KA(-cranN9SsN#T1UrgfqdFSrBvP+ZZ-0AM zE0sD{QJks-5YzqsZnxzxPx)wU6i7`=1~u;gp~5h9Z6M^P%^sW2`AQL7zT0zEaoKW$ zJRHiI1mFG{tiZjJ7~_-w$Ch`9wL>28qBN?M@J(7qEvN$&&);4UXsfd#ezw><1eFo4 z+>-`p0dFXsoFV{vn~$Owj!aDL*a>}(B`Vaa4S&)4jN*RLyM$>?ZjkM~E`NM)GFGlx z0>-?NC$QXB`1Au~(8L4bbIBS$$|L0&<;TYv`Hh;8j(V1vp=k-jzN+A_1h)0-M2;-T z0B2>XmQPOx4FpDEG!t{1ZhFp>lVvq1>~AldHufY^1Ruth)PpCKt8eF@)VmC#m@dB5 zt%y^9$0pg^OAx|iZ9*NiU1mUWu@UIU<;hFZsy6n8(x4;(N zU*gRR{ao|zhZhJ_dA{(oeKpeIpGYo80&HJl!l@}pgnGXMuN@AO1}#*hjy zI%H+9ufFzd!5059s}G+L6haJOGvFVCFW;CXP)rtt9L31`=NF3N7)7h&bVMngQqEla z$UKHPCxmYjYRP2Qy!L;0A&$zh&yoWm zt>5ps*>mD}ws$iG$bfo#)m7X>h*9$$sKOuqL^7<=c%$eKci~O#68P%$E+>F2#VnWT zQ`+3KN136~BUB+sw?DYZ7C)iSq})u?=D%I8*gZ|D+r32>_~{%|&ohk1xe){7iYg-r z+#yh{BPlc#ivbig0DJ-do%UIq(Bsh;*4H#A0jqId`!TSTyW?h%~bbq=Ut$QM)F0>dB2G7pU6-C1oEE2uqKHp z9-4I)yL`qzfP81}Dt-WI99D;(2groQ6(rcn7iimZ~((^??nMvv~b<-R1D3GzjYQ^n?iQDDiK$h^%@6(|af60%MWh(c?SH_mD8mo1#OBm3=&nv(ApksE3R@^Hy zYAU+P58wFotZx0l%%nLkmKM)pk%yJfbe4su@bmMwH8s|(Z%~ps9|;7zd!sNTfg`$s zoB9GTjk(m;5kN!C@M+vX<@5z@Gmg3chfuUxkZ2zY{pI39>84#Rggz>E(|QycgMK2KjOw! zG1<@!?wKScdw;+V7{X>n_|1@hlbpBmNr)sw3RB34LZ$n6X{W1D*!eOE1St3@!g-m7 z&=lqQmUY}s%wBXpT~!*HbW9G$jf_n-^9V0HSz9&O&u{(MFkwu1iOGNllk*oMxq|L+ z%b1UF0)@qzD5#CM`RoIRqyn3UD90Z2ESOU$OkgGYMccHU)MVkbjCs!!_T)g2A8qY~ zc?9uwhA;@H=&5dLrN`BU{D)|7!Anc}LLKev2%b+>BE-XAdybyCTn;qx+;*fgOgfuP zK*6G2uO*R8=~OUHYMI=@#8oakJ|3|>c^5koyJ)J zHIbGy#h{Eio&l$UN9IZVi_=SlzXu?{nd&M7ZmCMTm-+F-j39Qpf~;3|Xj0Q>#Q{c$ zN3NBxc${$RmNr&JNcj<+Tn0iqW{pFac13oBk;Tdb{B6PqzTiCalSEkvPN{tuczotO zE(`W}3@v+T!n7>5JGJ&3ELQsSIsy(Co@eFPr;D8XOGAPKIAW@(Kf|D5GN!kPp@jR> z&@TTR276!T0?JeNKbqr;|_mKqvm zQ+(I)Q#Qc(UXZI%xWJ3GPkhclh)`#wOc27!xXj?K&JkfEOPPsmWqQu6ddFenbeKBv zr1N>K=bcLyM|wVSZw_c&cx!0-^N_16WOEHayEUUq_EhV~qYZAImQrB{QtcggPJ@7w zBwfgpy}_sH!_t@r1_Z;dYw55jYVGS|P>IOdb;KW4bSFO9U|BBIVXH}mqyGn|0b_** zemP_8MvArfe9sn+*`vt`bq5SdGzcc{T_mAw2ps{!5c*K^rDnfkPMqV<5!*C+l-ZAS z=H?6gS-)v1E|EnrsIpel@qvvQ2T7Q!2Y>OehfJ%K`D-D#)o* z?>fTkD&vt zJ+?(t$w5`R>_rL^8ZHpEsy}UdiN?zUE#i{09DS_*3ZN&Pp8M+Poh;+xi9MPT7!Fct z>ZzH=E8g;JBWg}YoCsTU<;((w@cHZf&=q3NUixYJ3ccf3Z zxMM9SWivzmVXwdPOq+m>fVEn2Ca;1+GvBH>A`{`F2>po`X|hc8k3g;Vm-dr%rV&9A zW`vQ8d#-0m#_k~|0IBip^Lf8gw#hemO&8?ArZ!c%E?J3zF5IhjY1vB}WQ&K_XhJ~1 z&97YnM@~@6GpjxmWw~7%GV%O{amwHgEQs982io2x7g!1=h-rPoZnR>xvGlIqmwzuv zRonH}5_E3gEklib!V9n)1Y=uosyA?akPuAkv3NZMS|Jb@r#|P=RxQ2FCKL3+BX~NY zQ-7d63R~+`)MnDTXkn!Ll+?uv#ng}*WWQ*IU!9evE$Z+=<*t2BCru#`GO`)!gI)$Z zA|L_Y_An0%vGh-bJtwvykIgt_3x!*xa$b0NT`HsEqysh@2&-ktQ5h~tGEUE){^cEAsx1^P~!uC1^o=53~wh; zOHIsmH$JiE-P-D{_XqYcRKgcYKLhQ|u(^7M#1Y>Lm3UJj^VdJ3qsc8@IL(3>Gao}F zB9t-w=++06148FZvF=7fxR!@V`r?gqtE>~m3e+1Fy`MsHR`}~WLWO&v(AajY z?wMC&ueqT>DmPcg?+>3SU!EX0P)``0v+%98d>LP>BVA>Eqb*LJ!eJIiGjlHB^Nnhw zs#pk{d2smC2LvQ&{owe>{BuuMOqBVWlZ1N0E*It`{(;0zWGzu)vLFhm&+qY+@jY;Y zAJ}ij+ZhZws}4#M-tF@_Kc`>ab1S#HQ1b@~Z`OR*7_j0%LecS6@5baBr=I!=FPDob z-Icxutj|sG7Bm#|6ciYwi43x5^6qb{6ae8QUgXP*>isrV;xUfmOK|ReeDcVV9RKHb z@l?|$dr#_~hZ0V%slNL|6m>d;@O>>PfF7`~Nmu;n{9n}Z5{9kp)Wdm!Z&_7m4?>}! z$}jsh7nnjxhsUAxi6oZ_2r5B$4!6(hCqo2ENk38OBuTnVqTC(|%>}lAblN<*sjZL9 zbVUQ~9Z)wE3C`9qR4|zYxoE=o3mDn7W-_xc@E#Z2iZ5CcP$-0&&eRVYg?WW2>@Q@= z1nVIJ?42wu@J`~-5q%Ctj!dB3c6kumsOh_{r|v;VUcCMPqK9pR)fFb6gG3wd=42Ew zAkfBB>elo)Vs1hvEw>#bS%}1eNw>_BsbFz9{uzCQ$SffeIS~tP`kDwivTW(&o1W)L zX3C0PSYGmXa>V=0C{Kr{Yl!RwhAuK^g_Ikt)0eSM<2=*rJHygjo++Z|p2FR!V(?81GBxd3pfRGBm0`8Ar=j$%(MYbe1ycnX{nV~a)f+j_#N}gLz z(fqd`K0RJK)@0r9H&XdBWqmThmO}e`vv$LFX!2=(gM-iic!61C@uh=hS&GO-ePw~n zxb&yKeoPSM?Zou&m$P31x}(w}yhy5ugtlXd97Tgd90ieDM%3UQNH(Z|Mb;pHpHQm5 zQyNYSU_Q;Na8clpekn0mkIRn<^#4;ow>{|Wi%n$~aH7_XlB&Owd&Zexi<}1_e7}~j zREeNQ59kRAlja!lXDW2u%!-hc>3(!XC^&<(NQUg^12b~$6Zl~& zE>D{mFb3*Y{$!^HMH2E?reTk}5Y4nyb1m^{c&A#h+NKA`U1~lHmv9*;4Ns`>a}JB* zIq^zdy2vbUYsz^l!%aYRY~7l(g{lP8oQ9F#%KR?JI6Ck`(km7ZAd{P&frZCJcKGN) z>gjmQQ7r)k&zJDwgE>653FD9YR%Txv8pph;e9ccUhFLxnz2hOliJv21QVvzl;eCos zBSIGE{lB~BF+Vb*2B?C%V}4ZEfFGh1rq}unou-EP2}P`Cs;&eX$Neu|N7w$H|AB!!CsP4NXWyvN=I#cBYXwIy~3BQO2`F3gT1 z!p`yndtu02l|5J2o*>#~@8hQMx0%72MVyH9rI1ksQZiyYrtv%goNqD`ZL0m_K$uPl z(f=KIF4hU#?2Li`59S=-{P5NRqTC4+?yg<6`)n>@)wIuB8kwuZTcvi?`1`c`t4;hZ zs2w~3>e|uYpPz$MwR&znkq8>J!En8cZhI<~nATTeBL=L3ht^af?#c9^Ir!4tV4s6P zom~z4#HneW7zsyK;oa(HPqS&Ykg7Oxl69hBfHMBxuxQmsmP?~z`0;$*He_>R#C+DcUPjyFzHi(It(|uZ zj;A@W+58MY2p;LmFy~Gv1e^hGwXg{Qq2o79(`b4hlZf^$)eU_23 zHfg{*j?w@j;%d<#6Sz012u{yXdkifS5QBQK`_%?s(t_CCgqc|l1N9J1nfFYb*0%qBJV z{r07i;GZmI0a44g^1U{-FLn`~0Y=BF2Vv}LhrGY$0@4t~Q$Wi3oBD9fjp-OkhLD@q z$^Ich&uRxUFMoL`rEEgAiq$e8jz!$`Vzh~R&|V$j;a3Jg4`p_l)ks*>^Gw2nKv{U& zkXHU@*Rx>XnG}Ywj1ywIiz0d80uxa}G+w<2N1>J$wM{?|-b*u$W3y2?q)aNRJIqha z?5E1xMM&!y>$$CAtb9lxOBK3(32{&7#og$@b}UJ}y+KSWP7Q>?+@VIsbhYM?Z$Y_R zZ4wgJ)&L8^0h5Qs|@>O<_K6X~I zTt(^1X^*6=FgXGrtP6(cJ173OlvPvfprgcs`xj5|Em)`}_uhpL^!5OUOSls_S}UTX zN)L?EsV5nw4y?;=Ic~@N!p$Q&%HF0iC|3l#_Qi&P{as5$Z4_fkBJ9bkn7@tC zMTEo+uxPKwIc(x&!ZQMcZ#f4#cg4;M9}>$yZX8KGq)FGMsJ9|qS)Ev^vo3#)#y zHl65!1L--R{ToS;C6@C$ejXn4%&sQ!ZLnBfA?BQoiX6uSBUQ$4WmClr@~p5|N(RN% zueahuI{jvSl4Sg!7lB$6lJFvH^eS6R-rwr=$*!#oh0HkMl^id^@~4|5_^_Fld*}_hd`?z!q)mtFtIzy7Kj_VV z1USzdm}bH2`xg|F^ZNAmzeKEc3ZGK(#-0fANH#KKXIsSi`!fOG6G9+*V7a$4ARsq= z**<-O;6n(ogx)j->7OC9i557otSFb60H}BCiZ12c zKsxS<G1M(QU(13fU9NL##}7M9sLP4SUI zFl@?kha^_VNulX0o=a+@!ktddv_@u$jVbxJmT!KZI3@xolM}vJdbYvKMjTI2NtN*P z{VLD0m(u|De;Nq6M8*v^i_la4p#dNI{dU$N}ke!^QIyRURg zqokn6GRtZp3k8&sLsD4h=s~;ZwW^C&RAWvs1fH5CNHuwL4rDv=mTs+P=Ba6{@Kjx5 zg*59-`TA1mFCm{DyM!z9VE`s0$(DAH4`H4suTc2qIX%gl@~>bjer^J)=-Sp)&sF?* z2sM8yd=r^3zlH$}`VI#*S1+F%{B2()Binv&*nZ6QUo`!}mA&FpZyC77l8YaELpT-6 zN~$z%k^9+@@pK?j7zStnj+%4?6C0@+;G>N}(DeHL3%W1~e0&-jjx2@(Rl(z8B%BKn z=k0k)l+{;hZ!v4E7yCMhm!G^r4!is3s+I9PBbmz}V!#L~Hh`q&HQA@?0(!qW$0R%2 zCrM6oO@{Yc05Q(X8;{CyM^k;m87x(ONL+_~9DbddCHChn^sG5d^5NwCsi90!+7wHX zw&<{ka0&|DuP?tVCcBQQjycLOVx0lNAazGd9{Di`@7SfoJ!$_@m@(M>0VgjKT1eVpzqm1;r>>ZVQ ze_aOP5k7SCm6gJ;b;+Ns)3y#_BPqD|_p~WyoQ(UwTvL`2&}m#FVAbcN4z!fXdB_=B zf%3p}n_rLVQNu-f!rLxXIq4=z&bbo=-EDk>1*7aX77lSdrxs6r6wS;fThZ!R;^Om@ znaAPw&6`nsy~T$k8;i*C9Fy%@D(MA#*3DXmx{=2LYknb#xVfYPa!Y?r@~O#*uNU6- zu|Q{!#97sEha@9l288mn>3lU$_;l1-vLof-P1G*v+vzPan zs!!uCkUF9-$Ve$~Ax^IZ%y$FtaH%e&kv%_hMh#lKm+{=ZGz2rn^13Uk5N1zYX=-nXKw1VG7&4I!FJCY# z3K;Q7Oxs>AqeV%$6_hK!TnxK{;7<+6C?MBVL*=e;*3OcXN$_4G)}TTHW_K-OvyH_2 z|D&}x3e@pYixJN*;yRtIF>Z_k1Ocs5$i5C322j(SUs1%D&lT~_-^!kw@HmF>xf$i4 z0D4h{oM^=g!eqE5xw?of+UmVU8i{2A$T0hx!9#X|;(_KK$APH^mKh_>d_`j%vwHW& z*YBH@h|ofk!k?qR?TD;y&4eE|4h7YkT&i= zf23V|1j!qk(RJN#T{fyO-aqJ#%mTNhbUD%g@8$av%vQ~9`JotS!&Di>VVZ<-;#Ep* z)qVcCJuo zL$S}bEK~hXS&_KEglyu{o% zK^YiyxYm+7d?%!u?+HY4%T6NB9vzT2b`EKQxiQoby{aH6yC#9DF`-p(Plvz?L={c} zfd{U?Z=iXLD?b$>J~?z`pWG48-9e0P@V=hAY|E~oIJo>w&+RR&nuW4hcdT$Wz!Ij9I~j?Nw$;Pn2HDXI8p5fv)( z6)yfO@?79LU1eEM9;}L5eD@oTifE~`d}()Y8A9R!5RPY}^a`;VS=lQ(QI7yA9Zr>d zm-8;d?WH%Z_r`pwSYf70!9|i3iGU=e(zU^5XL10<*+rrp1ZfqJGWp z#r*#di%k))I*WrK7Qp*I%G5Z#kSi3DWHsKfNO;?ZsbvLO+%|KBRVE`z?}i*I>J}Vfpg@W|`+;I9VP#HkjxAFso?8nh*i$+Mb12AE~c$^Vw??4aV^z09WRN z9kMKR;iR~`cIo|h<_ROri^!KKXRbJH%oCN>iYH3G9R`bb?*v43ryX*ya6H`aKbU;r zN2P@MLr`CLvc*mQvvo8B<^mJ+6M4nF`jGa0)m7@EM8%*%A%vU5%}+POu#^`JuCNHT zKO!hJMH~ON?%%6saMvJEW??tmr;gAjxJ^4x8Y=O@T9AaiM?5tYFEn;SMP3MSL5Qhn{e z2;%B^hWpRV7U)WapJsop-tD$?WB+oCdlGniP3mrkqn5jk)Bn{;cPc^FW=T%h5-z_m z2q3*aDp|a}uznQ5x-BoIQ9OT^EdBrQHBV8$!xrsd;|mhs*`&%Fm9)O(Hvr;OlkV?@ zIkCs2`h{Mu?AfAUMp;TG@KmkFiBBKbZgnsoY}L9P`5M(=HW}5Vw0ELHZ2dQPlWm%Wyy~zRM@c$mjQuzZKXY@ zki0{YNf6;7kD8gNeZ1Gz5`|@0>d3x|zcoe6g@l|6T^=h`O5v$?Z(g#2>NDw=hQ)eW zyNG>sT~R*;TuS})7sXHNbJyz`T}}J97m2zg^{TyaRHo(K-GyL{>zCAxFeYa+0@-J$ zefejk;v57+4`H_#g%Sm)z$o_&@&>p-sL}#_nNd5`M2r7yV9FCUY}ig;uqP_(zo2l} z)_*(bI{Zr73InZ4!|{4-fF|9B4h!DzNxJO3xrmiySB6F{v0XJ|^N-+Ben3meketcM z!V-^*!Tvh-oOYr*$7MjYEOEPNoSV*Ov@JyR*Z=g5;{$L70OFhuB_Up zQ}f)6w=s=|ta!0+;b?Z!kl6Ez@XopeW=?Lj8qNkUV2fbq)QAEFj2+4*crbUUCoxU@ z+P0M3`&d$)Rjz9K4Vrhd|J+6a>yndp{X_W8p&Y-LgWLpTbZE^=rkHsE-;mTu87Uv& zoVy&unbDeTi8f&`p(4U0LV4nFOj=>9?EOHgAav1t1pOEto!8tGBZ`pi z47$1*Kg#_VNsra85J#P#d4*GOfCGt#G}GNxVpOyV_qm{p@K@bvsAEFd^R+oeQ;#j) zxil|LdW090#SZ~W&0591vXXA+(l;0;^#hDqIS1tkxyov770gAD58GkZd_1YCGE>xa z?c2P40oZ2}Qckmue$|euPtH6zrqM$rsN^SkFgezT`_Cza%pR z?Qz)PXIA#&BbWBDfgO>L?=JC{$)K=ZK2lyd8N zYSb3{m6+U-DCu0TQ(gF)WTY6mw>b4i1HOyPcx-&OPLwfG+P9QSnF1xQ7$f=u@x%Zh8MP#@?5L|ZJ!6s~O}=ua zbB`GU8A0JqaxH)`1LJe=C?@jLQwG0JDy-2y9EJkcg$q-XCY)&?b07yLQkRL3UUU&o z#alJ2Gc}b0j)4X^qEKlB*(dL+RuYWPv{kV+v)JSX6a<7~C#!d@3ef^O70zs+F9y== z+&KUb&l*ahGkMs2Cy-T9$!izq9|3ecB2n_T@GeMi^9}t+`7G1_>n2z-ny+r*#iI1- z44=rT%MHHw>{J?{vJJvEZK(;;5Mch=)egbjE1M@j3Fd;lkvyL=Zf7g_jB~uttoi8+4yJR9pA*&=2UXb-d>T zvF6^g>)vrueDDVE9`D!evxl(6NpnYHPmjqcCv%|Mj9$)m8m-`zZfsv~a(G4N=4`up z?15(F9LH_YsA>03RcozBP2k!#Ke2y?d58J{hh54?kRpC_^*#ywJA*Sih9viitm6e* zK=#0Ubq^$a3r2MCeHcotVXgh~tf(c{>P;22A@jP`szSPpNzA9>-^GG|pOdGi2+Trd z&0H(80x{Xl)DZJ1MJh;2eR(#)pflD$vaB&umtLk}L|^RkR!=X6U?P)|vPKqI7l~BVxFQ7skENmgb2jGbY0NafxykCStNePy$>t|VV*3iryJX`Z;GMdIu zy){`ou@HQa(ZFP+sn%86eZvBKMy9EHE@I=7(?jOx4L|8y<3jY3gz%L41<^H+I`(Ma z@3E^glb|AydKv1t3?;RfDa*IV3I;MJjPHGD`w%1TF%a1!4}-UQK25TT0PDGDV|B zV*(m+UxR*n43S=)&IBC1T~K+opy{CRHVe)jz7e3!kTf`0US{u=xbb~f!`BrP9FxdM z6v;|OD`wOf73eYp$9b=60T;pSbXx9Hj$^Z;9qRx!1I?WCZF(10{N z(wHgiY;(!#d@mdorLiDq_^AsElJSyI6uWRR-~ZF<&9>^MPiYjfbvdiaEHd(Qb(RDo zh2gCRG!056ae1?yV!h9c9(+{oTb~3gVf>gmreTyk*Wg88173YMe0xNJkgBKwiCO*D zz_|OiT2Wmi5fZq65N*`jq;|zEzv53rY~ff zXE+ny9)Vdkj0-91-M!7Yb}i<~r3+Sow*v;-=80}cHjD7a)x51JX~fnb$pR>+e+bMv``0KS>uo;H zj-`*<_6$CPj>j|M#kp2k1QR7C5%S|-K^n{2{Fvh-h$0uj#^cBbf3UJS!We@w5eS$L5zXyh;n$ex55yl1beCjhTJEA5M=&#ZVN~gUnnlfV2;3r7@ZL2s=Az zD2?HYm>KM+cR9Brld17R4G%XDCd~E;x%Ik6u+U} zl5HpEavF}cbT9%lc8k#?C_tYF! zZUbLQlgGMcTo+*<#wg+DT$Xza>zIdE0gS|mH9S>MC+-1TO#yDmS>!~cf?nYS zFvl9SU-L}5q|8(ou=dV=!HD`h{9c@kr;HA{27mggO0Pgo9$(n!e{=w}qI>f>vJu6i zB2^PT-H_InrgF?t7;D*NJXTo_5ds=I8;)H4x#A1_?D>$X2C#%!#>lNujr91`N_9|L z;UOEIq=Ehh{6tR559@f^ho9=ag2x^()1~pqXBpgEj8s=2jf-ljqOb|pAb_4gm*y1i zMy;-gI(Y5F3*3QppjFANh`o3H6q+yv2rXitMi2Fw-(ED z>qRtcHHV1KaL&l->UPo-u-1$UfrRedG?M&xXfbc6o(gyGA-Y-ST+xJV8UrV9gtW#p zAN!$KMl|KR$o(gw%7h4MU z-SS&`B7T-aP5lF?$kZ!J_4GcXZ$`4eM1ADs0_AIC?+L_wFW;z$+MuzAs012cm2~s; zj5C1)IoyTPX;Mc_a@IB_rnegsqn6|Qru8)p5Z3e)dyA*leEk3W_)LXXKjWINcXtt> z(RaySo#05z2dgR>dNng{X2(-PGH#E9QpXK6kAjK3999|YIe8z(6&8l_GzLUL+F0od zsD<`FY!}Jy$X*JzPz~?k@(kGH!HWcH#q>7B+Z(`e@Evcq@oOKc9hyd4muEP+l>2$} zB|6bA*2RV}R{l$g+i|Tp>>YjH&_H0b#KC@I+z^ro_^rUXy!h(sE+70=s`~d5hvyUH z6_5NBXb?jApzIZa1U*WaDy3druY?S+_gtV0pA)_E4dKb59#HRhMwM5_0p$BR&w! z7Z5+~$ZP)3e20dMGmmxToB_Vlc}s8zhWxs&0qU4Md+_W=ZWCG}Jl`}xP6#%mzExpk zjKCV1Ab}(K^aWZedIF@yz4I#`lU9|%*(!dqK@q3LT)j#p^B8D~rzKhn+mNHz??Q(q zb@Y@FXSFHz%~f&s@G|R*rjxrWQ)!^?>(<@@`w}pL0a>i7LVSDN+I8WFn^qKte^N8B z&&5O}a{6vee?{->w6%dK#-U^oes|tjpt)i3`tjnq^D2CqQ6Pa9gHnHI$?`Oy^aS%( z*(7lf_bgN*^MowW@w_)I{IIBZJbF&?a=&RhfvNixX?HA@cA{f6N1%$Mxu`mERUnYt z_wF*TvNMry?C#|*@0kgQ0GML@R`beQ;Pv8fUxKv?K~`Qamr*#Nq7+zF^{=nQ%{6 zr66!wQ;9S{W$fNZmxyMstjoyt%8A640D(=@5`2{97!>lb1dS$o>X)s1pT)D(RU#<$uHp0yDK zF-v5nNPQgJijR$`#`H&JJ#s7co3|W@Bq)WT2xf^! zY$YE>O_6F7Ni8=FoXUN~YMc8hVAM*H;;>r$LepyS#AF3QL%j_Ntvb*G(E^Kz+5Az! z^(ws<(Lc!yK1*NlF)n~FP-o(m{~?VTt&f*Twg>B4FZgx$6YSKyUI-KK8AF(H-TGRm z%)_g+fC+Ebuv?Wkk>Dk@x|t%^Kt*$xoqeV9?DrQ6v)U3zn|J?i{DSWPP_|wbFg??s z3UWXULMI+P=R<^XM(%vn#F&I^nq5-@K^I4wL!nu+;Q;I&Z%S3LN-tg+=UK6XVV!y4 zt;^$!jc4oox514^)Wz%(9Mhe1Lak;1tqynviv+sKfIxvS;sM=B7M#qcx7@o)X8!Xe zd9T9%sjckz(>1>^tNeGS(hY`+FMEHjap*(P=eg|3*tE9 z1`~`QM)t8Iq0o1F*o0T<)40~m7V_Bon_7o`W9k%KdFuZB zC+sQ#5~6KB=Xthbvu2M~{s`t1J zcqjn2zQk*sthIL&ii4LVtG$afhR!&{wndy_9;g@#srwzZGYxam(iT54NfSKJ;P$SD z^~?PlCh(nvZnmVH&PPey^6`|x9TAC%{vpS}a%$~L78idYLJZv0RQ+u7Q5nQK(3)EN zlum}E@{}Ouww`V4pNO9$Mrh2Zha|Nwa>yk+iNmf7sYUKD>DDrz$We{jiQbmNs?>rg zYJI#C!4YnJu9XNAgkizVo*rFY-9nZyqh5xu_2cf>Jfij~rgljkb9iuY96q?94Tgtj zKkSJ$*&YOJo~_QOqsFNrg1=0@IgiG_2QvFQSpe?6GMLZfpG+P~I^?V7U_38-kqQAl ziQBoPted35nrq+b+lOl=zXX;n%qQ{th)L!cBzWq3jjQS27-FnCyw;1Z&r^{gmnTxK z|CS%1x^qSo%G_V+>@h#V)M)q*5nZPykRV;bL}LVpfuT5CyWT1k=SjFv9ItN}kp1XJ z#hmRo)N;J8qkiMEp`JGz>HPHnf}k_+F27(S5{sFmHknCCsgR4!Hr`HCb*4a3xSN0D za{z8!%FAEI9}jVr-JLeGR|%0nyD136}SU_Gb+65qw-5 z##y=5Ev6K~Yq88WAaO<*Ob(jvzq|e>OJ7eid&?c3qTasTAS4I!Qeos9)kI;L=989V zuEh~#p~$=vt@v7oXdVZFR|gUM4|4!V3*=EsRasnC*rx283lvxeII~w$3f3-4tQSP! z*+$TwF=u!$Q=^!&)F)qN`mz$yMVT##W4&%l*o12=_iMjn6G`ocQ3aD!K{P9-4Uaqs zMa4w%LJ%`xo|6=ruQS>on2?TuZkibIz)|l1M@` zeXn{z_WBKh{ASRG+dDff)_fFvP6;NX)^!If+clL3Wg!WK!xwD|Z?f8hp)(J$Ge`dt#@#!lAE22B8<(si6T7!Gm79LK#ajBwiSWAq=oa zGoc*6SqC&uRdNTr{#HTsfYi*G;#~WY;qap$4NHT7L9d?CwXo9W_^mpris9&`7WF)Y zg(_hX?W7Q^1nLdI{`e=>wq|>_ZExa3H$(O*^ZEyHp`xEmdtUq+XO=l6e_lU*81Jx2Ja^1) z16-8z{<^)`$@Dq{KdnMR2n~?E$&N9(U=fL54I{Xnnc^Yz>A=ZVU!L-3ON9= zhnz2qVT4LRhz@Qpx3|pefJyk#c3iHkwXnNveSE)dG@@PvCZ@Sb8Jz$hL`wTKcT%hk zTwWP623E48*MY(_l>A!tswSE&G|JFNd(C8T)PU(=A_|SiQ|Tw(kO6JGFozREu3>Tr z|5FVhtiqr*!r6$~E1#3v9|%6%Lr+H70+^9sVCMe|gyg&%R`=u>H05`oG%_rZ*Hn#j zHXbqcEDU`!!7i?8Mt1YGYLSf6nk=9ko}1uI#Q~m8yuj5R`CU!o&nn~)q^1?e4ZHKb zJ+}Y2!3PWmNPNFJJcZ(hV5`wW3oSvNuzK$Qs=0kbS6erp@%IXaS9w{g{e_Orj)(D- zR;>LE3ww1$TCxZC^_vdW__9*@MOhokz0(q~5vGNs&U(B-C@xX#rn8Gz52;mdT|tU6o=o zX`mFI(BI_w*;sNs-1e%Q%zG9xFwdCSPg*DcERMC1H&v5~)4z?3>h*eKiH2@Osq$Ia z9(sJTL%&DFtrn1ym<3^YFBBUHdZaH)Sx!QuTiBmJ9z+cZAO$FwDhh+ZCEt5FhktMA zrXzohwgYy#}otE^tj30)VWIKunRvQbLyNd z)iO}l`k;w!jXjaZbNQ*dcsh=pahdFPO`pWik%(Os(`8|Y zo^oMo+;Kt!_jaw1{_0>-0f8Rm+b(_j!}ktL$^cIfYt2kTk^`7hgh7@qrb zJxbcTZu$^z*U0=x&!g=QZe)Lr>jqGMx=`_yrrxEw24Oh4?h8&P|EI!vkTH{DBag}$ zX)tcR;3%4o3bh0CyYYe;m|!JrSg6WS5;;w^3z}zvEnT{}wqt3Fjdfp7A}3F3Z%~Uk z!_^Fxu00DR@b#BXMX+>7ZYUi+kY_!{;~io4fefR_a@GI`W)5!G%%#F+LxI&$filqi zxodJK;#wrjEiUJaoxa&wR8LX*D}OHDwwAafs3;<%c!E-QKW{KQDlucu=B;lOV0^-_X2^e5lE5FXNa(bHo3the%>6bY2(xKMB2F6)Rn#UeHNdXjm+?9_nr zBxs#?Jur4N+$a!{YFC?J3*g|rJB+l&bZP*eWmWI+Zf{>UdB{GX{KNb!&W!>C2wsSk z0%GaSp*d@0r7P8Wc_5&#kZ*e>-5fC+;k*^7PM=|`hb}SIhwJ_s=@pMbZ=`qOWCWDP zBp?*2qacg`@qHl#PAfz|ZZ(48MEZoN8qk5F5-A+SYxomH5zaJBQ5$eCu)tb7ZVxYX zG~y;W4TJAz(L=@S)^=eLJFPg?q4DpPB&aiX+A1guMrn>kDTFr2I!kJ9L0Gb+x7)lt?buaw47a-25e2 zihG@Ok=s}Z3&1>`Mapag^~8>cXsjs2YFUC$a|McMvg=n<5T{@d;lok&^tMcZi^>vu zS-i~}j7m!YR9B2R8%Nn{pF8bPV&G{b8&Q-2_c*dIk4!zX#*tz3k+}xMb${-Qt#---xj_TF@TzYvv~sTDoC~ z6O&q>*Z4Ikm0I=cX!e5YauY*-KrzqQ%^CAnpiqHyDrD~CnzftZ%07D1VewjBCrkj9 z5cfRn@a{$kSoVbT=jd5`IuC!oor%SEWic2|*3}}d!wrD?Js38_$Z;-&yy9jwL7Vm) zf!^@j&TZ>2$&*qD&&Xj4X*w8}ht78QMUi2|rOO)Zu^_;II?j3xRt|Ox?ct|kr-Y6i z<(7J(H-2SM`=?KvXet3jdzF?H*Zcm!WY3N1<@{LJvtd0dc1lfx!7 z=bwviQT2EGg~8#{$WZ|anGr42GAz*i$3#maBu}xnvJnT8#?egGEXn$dr(!R|0564; zwObA;v3T_pIXqUErI;vm98qQ%uSQ+4z`3X^Z8cG0FtykQ{fk~rF=Z8?>;HIqUcW#PX8G~)plKTF#(Pc zu!Z^4e4`tiX;<56W%b2$T@d{r zf}dDzFkEX8qo(KkXN`L4B%i#B&_bmXK02Gb1Qc*?KK_Gurv>0kj06yc-!0lyICBu2 zMWeK3a+@DW=)?EwCVr#g&RT%+zHwv>)J7KM2p|(8h||Ul74K^R5taZC@!T1(n||Aq z6x7$eH|%BU**hUv(F<@VgM8=bBO9)4+126qyzuz9ctnMKxyagpC@f25x>_mQRaQA0 z2J5znzs=zg@~(&AEtqXXe9UKqzP{R9<0)ikYk0qxjyb{m5axov{JSu(8vqIKU_A`y z*Q@^4=P;J_tYGbF`IxJizZa#ZN+2f1wyGom(tCM0s1qKq%o`mtoxLmfz7I?o?lC|_ zQM1z^7%GLH7}Wmr2C6gYwLT*lHV0^b3h_hr8=9Z}dSjmPme9v1hS+C>o*}}I(-WUB zI6edfmEo0Ek+e z8|Q7mGww*0jpFWJ=sL*T@G@kiFDcpeMio4!ugl;CQ|$oyfz3oF{}^fw-!CshS0$*M zMRL`(qlA%=566~RMQy25%{$>jXk)WxSBqDh{b$LXTi~R5-jp!iCAU-}-cK@uZ`Vey zu(33xV76sS*!Iet1WA27AlS5DqvI6hd;XIEG9;=59HMLP$DB0TEkf9E%^AL*`0q91 zcnL2~_}ArcyYA8c!xbe^yCMBi`ItSrQr`+FTDdN)^e#2K!<;3BiRD;V6vK6#rg~sk zrY_6kf-+snx$*UP7fmIf6o$k|oy^M9sB*Xoc;rqnFO}zQ2d^;NmZCDPW7yWYZ=v%v z$$Yd*dSUny(1at@n5e``c3-Hy`z#da6pryS<<6ZYpC)e*_I}Eh=`$ zxf4{UCypKnflm_vut&zx5Ea0)2qTxUn!Bf!5B(Pc9TYUw;Hv*H3JL#9)El<2)V_Fzx1ZP5e$A zFrqp7hG`W%-8L!ovt~@%<}he!S`xZuWzhGs1CboTG5OG7%RqZaGJ!cO`niil0)2nE z#}}_?IV(;5a2jd&Ji2Adr))39r2_^i5OD0h2qk82gv7-0Wv+w9E&`AlL$e#Z? zwZT1KBu&6SiqgMKd$N}ZmCD?HjAJ$SP zP6Y%zTY>>4p^0aHxC|kw3}=(|J%*v6KtmGb(q_|4!ebF{!mWqvIbD)sG&X?8QSGU; z4%El$pQR>sM@(jPQ!x6{Cm|oFUP?jCRL>8#TOph!fRfV&B|sD8?ocF&rAESMFRr39 z$C;QLK-BZw`Rxuhu7#gs-531j>bB@h34HZ5vh0m>HE_e}DDbTA6E%{p=Hd8oRh016 zTG#BkB<2AlCH)>Qei&{-O2W2V;5H%cZ?VJg-*6apP>4eb8ngR}4NKb74`l=69u|;F ztQ4^RgD^;tc}_~$VgZZ%cV5e5X5;dQ%nZjj0}k zyU(vF(v%`7wU|v?sS}`V%tE(v^c=tZIE}G7`X+ssc|~?u`49Ev;S8gfZ-hb_ZgNaD zH$(F41-G_bgD?&QNLH_N@abc6Na8&vg-vI>B8FZWj|L@9<)p~EJKWjTWy#{;*}Q(9 zqD?mUjgGX25A9ifFuiYe_f$W3wP!^;FRjrRZg*3IQhuj^jvVnT!cX}G(sH%tYr9(r zIxCHo6lF(pS6@&M5!*&=%2~yP>8KFQ6+{#_K?$uB?UE$28qtzAZvE&`?qT_xkaAG3 z!bF)eQ#4d;zM*gE@|odMYTOO}xKYF{l!7pHqW#p`QXlu-X^CBcC1wVe(r|@2G%^O; zLR_42>Iab!%EG2o24l{!t`15sZqTQ_m)4ibgIvQgFZ(C1`GfZ_kNHdMDp|v?=|%}% zBylGSaA6C%JX!7KaHPq!FSC=kn_1wKPikOo`Rri)vpd9MMAJ38E^K z_H-`vSoR;RX~imHbBbxM_|j6VMpx{OJW9!=?i;aSSurPbgo(n-H-aR6%~dmwvgFo# z{x}@urS&K`0soESkYnmfqg!c@y9$vNf4D28*Ul5y$Pc>5ZEh^|uBL)2bgOU9t4yz} z$_SC6y8tyOPj{SzByP9aW8=o@-~iJ+xxwR{S5ygb1~)jTCTjz~$S~2>+Wz8;?*FmS zCaY>mtQ0}jNFunuQZm{lV})rY>OYH1QKT zDl5_f|5y}?v9h?$PBh}0o1oQ(JPY-Fa&n=Rd!~5a35o&4B-EtwJZV#x5;gUX=!Uho zl$~m9V@H=_;DXoU#SkJ~i?AKl5v6hLgX|@BV2EM-eAy0s`k90AwYZB;UKib1cMQs5 zUMgGc(v)PF#^logSifgZ+tetwQ_V!Q49hj_2?|Z_n@4$wnpAjj(@Igw%jaX;T4OlvGI0y1&QG-S_-wOO`0!=OBk`sr`mQr84? z8cg#VGi!C46BhV->YQF7II8>*dCXRRp@)w3@ zY76NrEWsev_lol4c6!i*e9&L zfQnMk4&YhGq^zzh>^D<>sHL~^{rt}-vcIrAMNg;2-f*XDSZ$2d!?R%LRlvN8I6oq0zDYry?f=e+WJxsIR!f5eUT zeXCO3&tIOna|b5E-&^TUgLmUWN$_b9tmD85H;|26@_0`k+TkJP#BTyuAurB=BT1D9DZ4%ze+zQ5tPtj=t^P66$!Z!n&VWY)Zp>^G8p4~ zbNWgSZF)GRc{q)OcC9Up3Xs_$B0vYMDPLl9YsVL{IN@MBb$x z#8|uM!$x3td)=1~8C_P$W<#1*l6VT8K3_Tt1Aq*YNG>;cg0LBEOvc@=uT0PoSuR8I zwpU|A5bO+2R4v+gYr0cT6H&?aNPPV089M{=kC`BKqDy>FDl!~ZFEa{mzC=^9#)y~Xx}I99L6>$ zS)p>oYcduF(!k24(y(|2*teSQz|s~7ZG5E8+nPE(?r|QU#f0BIURj_ z*U9vd2z+8*RfewWSu5pa2mlh008)Nng#a1adnZ)}Mx)_>uvr8WDXc1$!bG0`P$Ra| zS%<}v@NMZN?6r&LHl(iu{w3UQk{j(17W|LhKeejPB&(fZI1|RQAhupic1TO^Z<6PT+36S=q?b&aBpPunl?$46f6~h zXjc~Dt>Iwplgcw$t8RcSVy%$ME>wd0n{>s23LGyzkB2x@ANp%il%5#SRwER2mB27` z2=&wNQ9v7W;PaAw=@dP?!_&l!KgT1WEHt(qaS(^hD64k}+GG23hF!;?90+RTE;M_i ztf)PwWU%KIijOnz8V#49;x53As$y>`{W#Mz*uWdfW7=T=nwkZ5P%NWZzICcQd2l5Zqn9mhCpSEjV?m8@c zW21NDilbWt)j$0~YT^8#EaeK2Iv?V>J2 zgIl7uWRlZRfywI*d3qNTqk9nTJr8=1Z(6$ZzP9a2(Y!QeXh`OV@?Fa=)YJ%x%D#>j zCE?7Duq`r}*M@heAE6DRE9bOORNHym7)+~d#u7JQlCT~^?CP$o9|S^hcFDA2sob*^ z;P3`Sa0b9$Y?nCzfvWpaXoaJ&fJbS(KsL}=UIP`e;33E~wSn|34{Gcg>+u!m_3h4+ zAZ5(qJGf9DBPK7&=#p5s!?B&&Zn~=H{yQi`$otwr3Sj5mn*k-Mla;(uux-fI1$hL4 zy9S9_v_7~; z>Jm6~&2yhk*n-J6Nrc*R(F#tR+pUqDz4S(>`V4d%I>RNoWNMa)VJCi~v&LNnKYo(e zQsr_vO|Os0N}0a6>gbT1_JSp{@m9H|Cw(*I)E(6umtn98> zALU%hOBUPPJGdWd0W`6;$=|0*azg0(l(iYc(>8pcDU)*APXUf+Ni7*l9CID z<8OiMGX(RqP=D<4Fh%O@eX=QRwcEcdh6Yfd!#C_Zyl}M+MvG)h!@0PfH_KnzQa0B_tV# z4)s+p+YP=#y4?Zg1Oy8hU-6$(%I-)hlDZmg?)r>4p1$;8!nBWQX@|V~#t<*cA zv+YLQLi&7oC!wIxm0%0<<%DD0f^oS|Q2u5I#2=w`F{0Jr6u^~-i|tJWmQq0NTc`xw z)9O0%>!x(20)ES8^hw=67@i9C9SsVhWP;!`25DxX67BXjKa339AHTVeg(Y-DJRr9B zmz9+_>xL~eswlUrKs7qVhu`xh@o6uQ-w6)*!MOmoBMjU)*v?+2x0-z4-9o2 z<8Xlq8LWV|arr0oJ;+HfGTOiK@{-Sp8@>q#`sa^2X2Wx@fKqFhK_@<`{Il1lbX^gS zS)JDEcm#t#W%F@x(*BZcv8`rKa+NT4dg=+N?8T~Hb|o8s-%wD^#5DlWSz!oR|)DpmWc12m*B(8z$~D4VAqwXn?Sjap$_+ zMA}}BvxKHJRh*S_LRLI)=|oL*2~)=i8m`&z%j8;|a`xTmOgJ~*3Cre*Tq~!(bnRba ztTHhcj5xv`ggS-sg;?Ni(Y`+7db6IdV69&V2T17X;JkSjpj`CP6jyNY!K zrg}jX7GBdX6ExlZx~AebsaJS|dgOvJg9?vp;RFkg6pG@5wLSHqyVzQ@fG)aV3pg497y^fXW0>%^KGz@D8dCYoP3MU;8 z+TccNhjM~9&apvhJ-y*NIGa^#uei5(dE6ryR@;Oi_GC<6!5+ptNhkKlm(<{-T?mFP zbmplp%Uw(%uEG;f#$PnLt>dTTu=po6xzb&LCS=!Twz*!jf4lrK-_iw95jnWPUc4k= zwk~&q%R{`Dtn*%#Y`M2`SKw3H@{mnhx;WR1>c3E|a|xzo#@$}aG`!5P_^2q_Q7og^ zTYvE|L1_{p0X{jBwY_?wLKBw`crfIHd&41VX>H0QQ-*HzbI-gSona0cRa>XI|AOTJ zxc@-HlroYj(x)LunrN3nbqCJwZC(zT<%uGc*e-VjP5)r|ir z8A$sOlaQig4DEbbh9MvmfPg z?Crm(T$MO6dDQcq_gJ;gaZTk7IR$dr1sx*&kk0^`tURUxW6BH9p&!ckk!UcO2Z3pKyjY=1cMSlZucqRU3dY9nRvR0CM;)12tDaSsGPF;Cxv9ZNaZxCsEu^ zq@{v~r#*a}zT0AdME_NV)+Q2qe4RyM#9c;G>mhWE4E)+_*b;Ya^F}O- z&Gp z03l{($t~V8G}iEJbf9Z@UXyImUX~g*yNslIS(eh`WmTq6PXCZ-PvgBO^dzGAQ?!Y* zN_uXI^{sAP5T?2H&q1aCu59;|pzTEQcH(9@QK?x1EVZNgdGhmDf59302v}{G4_@0o zP2W(3q#Z1oX97;tPyvmG++7Sekc);s+@Am}#EitrR~~s@L*>yNLH}+4OH^3 z*|aV{G2M#cTM%ytm{VQDr()8309k0`b&RlKW-EO54v}-8cUvcMh8<8gGNwj{X4bov zs|z{i%c+S#1#MSdp(X2c-zQ;+Bz@BY&-H~S)6T!Q-0fx@I??wCX&=kKxa?g2AEDdt zd-i?a{3Nl1ejuVwXX}4Xrea`!Oz^OLD)O`vMOF@9cgC?7RAI55dGoDfxxsUHabMQ5 z9ZM#r*&GS_x9Q97PZLApy4(vEhbc6Z5Atr?TGeJfnu=?;*HsiF^J6lI#2vxm8cG5x zu?Quj?tEi};yr4*0xQH$DXqIcnEij=Q*^^_zGr=h^+c5gs2OF4ifa=Aa(y$l$TBWn z*Uuo%D}-=xewC__TDJ*S#;d-87upDFhaPDhEV2tC<#^B>aZA1LJ2aj=FqfKgtMEy} zHe>#1kn~_;c~_2a)vw75X&xVxXl+nn;3^GHc#_}Fv7&s6Z_a;E?I-YLTti@RSM9mQ z+BCb*eK*@pMWSvMT@rQM+%7vcx#ghDkmVz8FV&D@8ASl^cci z&@$IIWU^DG-CRm*XP~R1a{c?PMhIGp!xg!8RzS?PCh%5aF95{Fg|sKUv|r1Sq7X5| zX6H}0?Q?_h<)LF(7ftY)gcw`dUiFDmDyG1|46T9EH2m4)sCd;6O9)8061sB%Y4kRXl zp1sOmLTJtMxHzPT5~M*sK>2%M zklz%<#3Y5U+c*FC@oY&7fwTJK?ac_k1(+2nJbm8_LID<5AuID^Fm~7wp@m4hjrzYN zK+{wfAVeU%fKpvu$)J0>@ez&)_|JCYDe7gI%#azc#tamLprMTGYrAY`(GoYbZ+)%bjlR zswWl_4|fmocRbuOjBj4adus|v1L}m^d)s;YZ^Z!$b|mGw+REkOB4D}74`Ad4ABcfK z$;#yRi$UI%*x*5!qA+217ni-u>+k;3>WNV|%e;+MO^Y2TsKQ6_olw2 zC=3iDrI` zNX$HVDaSu=C3L&~l78;VC;MgoKqX~7^wRo_H4ksYZ4WqWcKh!Vceg@UnUATa6HZ)? zE9{lEa0t5TIk(R|0ohU_gQ^unZ;z1LpE6CySv2+5H?($JIjk#hDkcLtAT{mcWnurf zt?)GKeBcK-xGBes@trHKl(Di93#0hOM@;p0k7q(QZHUArm2I(*uF57uPRGLQel2ZQ zC@eBvXPRM2E8_;7*4ZHe8%VKufrprjm3Lod0bMcUImmjlAo13Y36O$9dl)LGAeJK# z^l=Ros@xR|tc>Tafp9$Ih3_Fj4OqD&}@E_I-G#omhtbQulzJgGW<$R45L(+qv1NG z{;XAhakuq#CU>rcFkM+&nlFG(N0lc+`vy%69yr{j1(?PY0W`y8A{hqYc(iFKY`~Gi zJUt~eWA;LE5J}az2FPxov>QXapBH)_eb|Qur!{UapNejMxmat2N!l~BZi8m-9C}pl zh0Ndt<_-#N>gPga@s|$SGcM1wt#d7?FEN&#Wb3PW4mA#jd|AZp<`jHn@!>R0v&VgT zs;39Qgg#ypOKzXbeF4!n81$yDzh)?8t50_+L@D>#)6L*-=AKZGc{n|+^He<=@50CV z?a#dpVVjO{iR==Z(!_J@50LuE({<}Vo5qj&E@1~UbMJYnH*S;)yLVzi&yCr~RE8GF z8J=P_ncxv5znSc-=l1pY3Yl&?Auw|F?GwZCf^b2_baTq=fjkF0Mj6bf6~!*BD0V2u zGEZP7mgGUN7DkirFbn0ku-Y>JSD1AJfC^ns(XC>G5zi$RX{wK0ZlIUXv^QhWA`7R? zDca77fc{7sW6F}xPIhM|IM0ju!Ww1&%GFRBR}jencI}~cC;an8Lkjr@^-fb9sw7h3RhO!U?PC-T8+*cef&RIU;U`wApkYAU z!7YTgLAHi46<{hTJ@W~b4)zkZyE9{CHd^~_f61h7p54(zE|v;koGeQ?9^WL@D7y~k zB2}s@FYWMP$8bfrrQ;M3WdgP8V5Ir4X&v%azc`EgXcDY4CZ8894yyHx!`P>~*-pd* zD9nH0Zq`gk^)4YbxpvqU*lqG>bod&o!mtKi0&|z`^4}dT07InV*Z^aw-X!;zR9nF z*tz#Wg9x0dpOkmP6XA%pR9f)PRn>96Knj6bfC%BKb4i)IcqJ;aNhyw{JOcrju}qdd zOcDOF^CmsNg6Bo#nPeeP`sQuLLxUR{wvnJY9W|gG9oWuDjnr%nXjaB8!p%^aNwlSq zm3Y(#cKbYVx(v_L7JEI86v%&G4EjFkckLa62_3+njm7pIytRrrqke3F@;DI4fWiB_ zR}Phc_87@|whWA1DC}f5!<2aAv_BQT@bT&zyQmApDoGOZGt%?7lpDx16T+-VNy8NM zJz|#(S5}1~EQ8mFC)$;syeOvWsQXD~Q&Tx&-Sx4+z^|#ICja+5c=zS@bSzIV9I9i( z$Bwdibc!;72pSKSGz2SfA!%^|br;^~^GC!cIfZmFk&iCevPv}~-{w_g&;W_O?&Yf; z1=L_ZV#cWWUN=TJ7xu<85@(nSWN?tI5Hvd@ZI;yCK=`59VjO#u1F=($6VBaVWwH?; zdT4olt@Yuaz+swPa`m7Q5t!lx@P)<@s`q za^0?IEzWAE6^v3n4JqR_rxd)dyJu&ZG5IO5oDJ7p3rA#myz7aw&wN-$$oDR56}BSR zt}t|T(mupksYR;`X%H<;EEP(=0K4Bn3WNhO0Lx!+#HmXn!S*~*I26G0aTn@C^b$(` zw=O^xD7=#OyOqz%(^b1+`ASrQVQwelzw!XdGNs|m3j^{?UaZ5#9r(Lvv1byS1jq@W zaJH#M{vf$79RUw?qtib+m?}M{VT;pb$&T3l9=Zh+()L$JOim2WEF-#$L!Shv3<~5y zl3jq?XGN%b|C+*)Y^+mqSCgAAZZ%}iX83dU!3tY?imYXsH$oKhSdVDwEQ$QWQ}3dt z1UzptMT7WicX!Z^`!rp$c}rzYv|~Y&YFzXc3^9b${=6IxgXGL5BJ0+4_W+IA_lN%93okztQ){NHOeLjh(cdzH+)D_}H($*=HRVJV>) zxqm+WbljGg0VwbSN^YGmH>JDf*y&C>DJvp#xEEwJF17d%di|{pGsroIu{siT0j$VE zNfp#ubLh1uF=O!}b1EXItr=F!8x=1uIYj2?2-j2KwFM_?eqZ-CQ{_MSD>IP zE5E_Bx%i-M^JuURFV`t(6OUR zDL4b!Hc>W>m-F*2S({OB@+_gvte>n7KA$&m8a_iY!;(-(0vqM$5>#CYP<#!xqO-QC z1#;4GU_~udNY|U&DgCEqPVbJyD}m1L9jHn~uk&-A&#imka5eaua)!Vk^A*J}cI}{T$BWv<9viSUbP0|5F5(1IW*{3<98%pJ4{KTH{T&#Ut_beZ9i#{U{DD(r;||5K5H)z5;+V zA}!};N{qHZHq%yn^tV_8=MG)pJ7a89DWq50EbD&%SZy4!OJd;y1Kll z!giLzx|V;$@!a=jT=Y&uLrk)@|416~4f8mqedgI5Ycr^?CF@DO$^C8gyo`guM-$GH z-Y1h;MQw?$_SG?aAo#BFzHH+H09zo;2Bqrd><%auYMQr~@lF02|0LuFe*P#oW1ZFQzlB8= zq$soqp8+7{Qv^3)yw#JVN`&C?URO zRAqS&Ri*5ar>`1#uEJ0YGPOUUl9Nb_5Lu53orZxl!(#vD4Bmn_SLhUuGEZs=Bg*l*ju;#^_>$ z2)prD?w?4*awvfTe5V|CvCI7U92r|YzS^GUP-F%{oW%qmxinY?R*y z?!ne}+|eQ|0sCO?4-ITQT!eHA=!gTwJ5N03t;hC0sSn1(hVBnbTYhiikfypSx9gG? zDvREuOqTHaCYsc>X#F-z2Xuzm8q@Ua%#ikGD|u3eHZ!c6N*VNlM(Q$k;WC16yk?q$ zcr1Q78MbnmrB9bVQF=rkH;Z4J+sV@)*{;f>A!g>{S;E+p-ONSOSi#aqD6Aq^mgB*SXcSyAr5XRS(?N-Qt9OM5YuRgJCz9QxF)thwB!3#O=#xjd2b98f zt5~>;SEBKQFAP&gV2mg3P{5ue{1&u36nl#$#rXWT$IW?{pJeA_r(vjvQH!mhy2->} z*cjc)*6>=^$5vT+!spPme)J@@SnHVL5fFExU4-*#385|HzqnWFPt+^vlYairJIB&HUi863Xo@xCtjdP3KWPhSU-I zlGudU5>C*b<3bKJLZX3}*W#+!!-5#2L_;CFs!Hm;BZ+%Gkl1Q(ug2};gVaN&r+ktf z1_&i%p`@d}W~E78qg=I-1c4{5kQ*BnOf&K}JLVUle57R`H$j##N5VLj8O_EsNxOFS z|KM#w(X3crK?5Ob9)l)0H}-v1z*HI8B$gBk%*Qgeq;JT+o!X9bj@;N?=5Rr2#~I!i ziZ_+Ewe%jqgOG>^g=?k|`Q?Z(Ni!DlECmg^O2^qu`e6*NR&(rd>7O`S(y72@s{wSo z+_8HQ2LstAD(7nsbmlP4ualz6S9}@BA{0=A6SgE(9C_Enw}MG2;CKDy(5b+MX99iBDLHS>?ws=@bi`i6`d?_ z+=0Xv=qgiCY-dkbCrH|^E1LDK8#akUpx&#e6yH*^@7jwT)7=&t>z64eb7c$G-ExVv z?b#xbW~~g`xerlwSOwj^ti^og3sh)*3IMPeQDKSmLQZJh=Qc0yl7w}dCmn=l{l(jF z<^4FT{wXOWc=~Pse<;c~Y>dwxlVcEDvpU{DY$IqGh&Cq{Ew}e|jQ-wAygiW-ob@$i zeTWS^I=T#b(r=VL8Sojn;d6an0z_Q-r48;C^-6j+yW!$h-E9N|Te{V;g?KOk#j|4_ z7}7ntksRA3g^z1LWS#3;a<2~Tr)(LzAq;#bJvYri4BSNXX)$0ECpINdrlR(a54uZ> zXLG6ezHu97s-m;R>gWrKW_qO6n(LN#T8ge~tVu6>uLCjxI*JMQ{gw^UDsfmtd8AYA zczYG=zGYM*TdMU7EWst=x>6qLh~nB2H0d~1>pED^^0~NZ?Wwa{f)7`N0FtxV`0w^w z9iEkwp7+9ZkFI^2EB&wmfpVIg*T?0)=9tuHyjLw&o!nb#8^H(daHk%^FS3+EY(8Un zyO+6lCJo!4Dbpf5>XI|-*6J+6+!-?Ii^~pyF;ex`uFh@7D!X`Nw3dq69qYuis16u| zCiG$>eei`wRtzm@b4MRxr!^(bjCQiL%w?#rm-+QK@3lX~?V3ewLW0RPhP@nUEzie^ z(Y%26o0!xeGJdzL$E^k%G6l!(tyOqWuI;azPXT}qX*!Ak(`ob0DC7Ayif_r6lcw&h z8iM`Q1wAxciu|$>@u&fj(azBFpKjm-IRiv@hbNi#Y38?#OqqFy5Wavg&%8WyBcHF* zXpwv6dj%Iav$)Wd$qAY7`kVQMY`-po?99Yt*;0A971*fm$3hMpDx+==5*T1zeZTyn zzcNn3_+wau512vrZF1%hcUKbRrfM`Jm}k9kd@yXRe4!*CW9q@+b~ zMEh_imY!w?xogiAFtwuI>Xd=sXXOmN=Ne`-vmdD}o8!s8imud#-x5C?m1NQ@{~5J$ z#-tuX0ZnEHsjtuGFLVoe{GdbJKwF*QtvYu*Xw^1USnyIAq+N)Kzmfq+otoNca%_^B&h0Ij|nM$L_SYzI9JU=`{oEZGJ$ zDFiWw;CLCzqNsYYGWob(;T8*bu;A*|h2H8|wZ>S(|2@j0-8B}d3IizX0|H>iKgSV` z^4S1CmENZh=nx~6rfgo;cZyQQ%n$`J24M7(fw-tN zm0lAoalGf=j&V3PZ$)XS??!B9Fin2tN4PPJ7|z*OL79D<(wDs3Oh8RD>6I5in}WDg z>5c$5y;l@eW=_Z2*nA^H4rPDSiU0UGjxWQ^WdF+0YlN%q0NzwzR`>!d{k}t|)d|ecOna z#DqR?NzSzZ7b3VLO+V>c5Dk=1N7>b!VN)w5ji&d_MwZdKQw1SX^ZX|Q&Kv0>KdA*{oXYb1>Zo4pZ;t3#kx7T@BtOe+*tAjmqoNDb4L@L0{w8km$CKQPw&UZ0KT^?M&`hJo#hPjqq+ZA_2$Oh^q@+Ja4u!bHdDWgA3Y z(wU&b?W@UkdBTFItm)mwO+H*_B{H$STBgN@X-p|xkl7d~u8On=g?p^fBy!0S_jiq3 zex^M~)}s4H3|9=DTxapFc6f9{$=iQ%;2Jq9;zXoQ=t2)}yoMCgvm>E}Y(WgXun&Au z>e`bas7q3KB`ZL)B%e%%B-zcOaz|p1TX2go6?rDYQJgBY@uXC=QSX zqdvoP>Wuea2BU~(IE7(kx~?VTsbXWyEji;+aj<>jUY2s@dlhcmP>@^HP5{spF~Af- zQzLl#d5x}Z#kxUQY(UK)!6xf>Om=Z8OP<=gg-}?OAg1gYYKR+bEU{MP!NBUx9e`Hk zm~sjxH`1jDeAbH_oa|q52Ko60?Ul^62s{v^Hhj~7rBRT@?#(FCM7XuRKv{#?C01hw z4P)sIG`TrY+fdbQSzaI8Iw<2UkP%!LBkoM`sjCf3Yk%vuAF2))*tgX-CXR-rj- zfPkb)zXs0=QwGy_`E-d{M0$ED(cUv@|NQpC8kU^_y3M|Skj^%vu)k+J3J|G+>BjfG zLnK{m)?WWT0LrK8bb}NL5NSJcxyTj(RKBP#5|V7^2Wj_}d5T2MBIqZ9n0-3IZ{lR0 zC5t!3`~+)6ea79@uvR^lFG5R^0>d%e?x|%LbTxt~iH#o`aT&K@+G4^IS!1r=UV<%6 zx;Hl_M2p|q(1B^uZKu?%XxPc>dpfnHk%5J8VD4pJ93Z7VH3BGqK5vp|hKX`M>xciY z>(_51uXf1(959{1byrW{V9$IezmJs z0Qb)rk#2Gy`U$wbBNrKS=Aqx!=vRW@2V`>vvgribTpj`1c>D1(ERdBUET17kgMdm@ zFi`1L#=KLVW99rbtP{;%Rlqj(2vC4~9}TuVzU=d_m|MO9vB_HE_!NQLdeBwX*;Mb~ zQh??Tya4I{?ET~xA!&H{CHbLGvb+^QN%Yxv1#(c>cs3=nY?^lxHv<{tu$%us7Q{n7 z8FOi|$wkdj7|w6tJE-CiWRp`O}w}jX`xJ& zAkT<3(h{#Sal@hk=B9?gWgT){8Bmw;^Qxz_QoL5km&g)**ZmEps_8Oca^f*{xB!9gc{*#h4MJ>{r~~3r9$1v2x=;9GSp0DA__h; zhgg#e&u#Bu!E!t-&4!pT7~JHj0xuj!tChM*AanS=TUqi9DbmX<_+M?jN`o1|4_-kj zpkhE>0cf z(;N(U5)`oM$yQeVMn&~}45tu*lxYA+t$FikU9K~&cUT_i?6nbDsrQi0=ag}8pfhBL zna6#UQRQyVCZD(#Tdss|tmfb#H$rDXzKY6u&xqT7k*-Txv*K$_k58H&;oU|`={+`^ z>PASxL`i{?DeejoZ?lEvR2GR;gyBNH!w|30BY+l5;@pW5X(-9kdj8YXUCFx22+$yK zNy|3CLYXav_qCPk%(9TP|ZjmGYJ z>6EKE1c2e1AA9#0?&i9dqK>3<{?YQs$8g?6;K%o|ok~-{S^ZICV4$fKE|@uNhwV-xbr6MMZb4iauB*49xjllG>!IAj zHXYxhYY~X0aZ(um@VUP=`*2Z~{5Yl&8IVS*Of8Ux?!f;7`9x)eP2ew;4w~PmrLeFLS&Jz#jd#2HPBMs@I*#+QuI4NYb0^OseMZZE-=i595!BEisaD4vw;U(Img|$B`cef}=iGHvo-`xOhFtN9 zv*ow74kbINz}Q!`QwDl0vNId}>gv8ooQRcCc6s=5k8<6%Zj6@!L=6rnY{!YX(OyVK zY}kUx&P$PVVEpPte-|yd_zrzC07!{J)3&sR#W6vtPP@->OV>XzThfH$}6Y>tRg2}Cgd8$fRBqN==L(}^pd^RwnmKM;=-Ep zcz{7rgY&DHXvi&)gmfK} zSPtt`M*SjGWxpv*`U9s6v}A)#p=j7;vWtopg%L}=HKS=8Cj~G!uCFq%P0i6+p`fS| zq3TbfJFZ2)$R>|t-?Is!Rw8_H!m>teCMTOT_xs3f!g<92A$_hQzCysBG((r85hqL7 zH0q!J*S7OB8||-+aoEm)rSNNNAk#&ZQ#ty9n_Ll(%)0_X*PL8_r_lgC{B8=|*dU_H z2YAzQ60uqYMI$_~fg`U-(e|!(Nzu!t$s*n)<8S`&yfO?Z7cblZ@n|hP-NTRT=F+%Q zgLu?$dqn{q&B%W|Vf!l&gJ(C+!}{LkN^oYZGD#jc0FCnyh!AW;7<%&haeuNw;FoxJ<#FD#dN2hxnr!~3 z&q~+V#8b`O;xNbmugZyZ_MyIS^Kl-Bh^(i5dmL5)un7Q>xbN;r^rN`BlBNZe@k5xx zn46Q>u1|_P|IF>H2eA&P42R*45zPX*9?w2piLKcjuC}hCPGG<_XX@|e+#ClCIXn73 zY~6F=IN;hTtI48}k3Q(@{*PICDxS4H4vyVXjiACgAq2i!Su2sBrAod;b1v9SE0^icBe& zfY%O>ApqOzMJc$}H8EuG3k4XynhS}CjEx2rW>>lSx}S}de13a@t8Jrs-*#z07Ye_u zem9a|MvyK58%y+rnYoL{xmmP4gU7#3eSL!*CxEhB1t~p?V?WMXgUcX6%*@>7`;jxi z2kGFukA(_JK~6I%Xnl6edsjXDVHfZwAQN~(uIK(}8)u~km^EnKP32Ma`83#?0izr!&Ivbs9J-EF-{LUO#AfHm!8O=PR&?$6g*C6vTgg+Oi z+Spypr?*cNyTW})gqL1{+ENECq~D?r)Wl!I+YrLGl)q+I^T@`kc_EoA;zF(!wkZUj zgC@%?Z_u+-ac8(fN1%eAl@b$G6yzYjazEZ zsbF$AB`l5-l3{eCRwhXmyvXJIw1600T~w>! z|9Eicqz&p_Q{>jGmBnC^M_&M{cjv1=B0=HANKxNJZTde_bje_Yp9X7IdB_X_SLJ|i z(LG}S#3~PYYlamXto1M`1?oO7s25E9`0b4RgYuB#LT&~Y^JWbSkI!wL;zfG3|&pv zjs2!BQt9Q}xlaab7eW>%bu)b2<_A-o?=D-J(OdmBGD=lJ5MIdNY{i+bd4bOK&S?I_ zN`>#rT3!RJ-+}kcoI(G{fT>uJp)Zqko-ZqZ_6F8-c|{9kntu`S2${;h7T>=u?(>j( zwk~6-v3C>TO}xsZYW^y7NCOGr(*?|0zIFnYv6oiO7Q({602+jx+d(%qsU1MjX^N5Q zKL6dh$QufrwV>jBxInP_Xg03J5GVbpQd<7ryIv;l(bm=WKaH!&b$7x+!{_zfcaIqF z-_4K1OrN(E>2IF9SFM;&2TOJCL4yw=N{2wSWw+31IMS-d9qjbJ!rJkn_=qdgb~^vc zciqk`$x8JpmC1ANSG1pR@NWCHOtmv31qs#Q21h>SqZ&M>CiyQ-TaUl}bc z%1$EHw^rA=o#{hPQwqdz(RFe5Y#0np%|XZ^4QXnYWRTU5 zs~4_2&i$cMr2>s(WR5+00hz4lP|r%)j?b{c39g%BSuO} z)i_C(I&o7sy~;_Xw`80un#WpbDSApVVUevFj(Q@C0|TOo9ZhLT{?GhPvLT zWxj^>3nY#Pj=^!rAWQWYswLL|+$WL_20Q@prF0JeNG9n5%T=BwajYW!kgBASThp`o z%pAd-_Ud~TtIaX2=3_vsj%-XHN{iY_un$}YX%+LPi4#}czR*^Vf_p!mRXjLfLH4|f zBLpLJwLcseVXLN8@|`m6`ZL|R_2Y1*Z}_3>-h*dT7vV(KW3Hk9eMnbd%jqQElvy^< z>V7UpwmBg%v_z{eZ(Zz6R*JKg5S<SbT^38Y<`5XhpCidTP4 zWt}gU+$d4^haf-~_*)m$eb!k^b)e8%4&DZ{C2!JmgyK4aE@THEY zwo(D{QwsrWrfhP`YTy;}Yrr(33ikc=D8`taidHVR;l9f+o<m-9@_Ve8SXH~iA1|y#Zw&hy`MAC? z-YG}oZQ<7DRS;g!iBNttVP)FOl=>jC4)_zPLc{r#r@ljp#z6VVg*-4!KdcU_{hhWx zfuSUbg7>KB%kpOD8sP`DJu5C;SwWwXSiIl_|70Ps)RB_CmmNcmP+LgW^(O4a`Z0(k zI%^xeyntM43hQ5f$acxf`e!dak=wT?NXXKS=d9L`AjL#(u&apan0FmU>Aj&(j~|YL&EvKe%grCIFq4a5AwdFG2OqU9+v6tGB>X1GPk7-u{)Xrbr+v zMZOxSljlYVKO_8-xn!dn7=t#-5&!$3?WY^6aQcHg3DHzYtjk2>$~d=I^xW^@7GKyx zinfEZ{usO6>|<^oZYuZ8JO6Mj;;`X5S;2ngSUm1dWo?KRVwL4_1N`!&dpyueot;mF zcLAx6GW0xwMpto{luWzGkbEF#d?oO&auI*a+!)r$x#nct3rhoLHW9bnGE>BIV-5Lc z@_`&w;xndK`w|J3s;z6wW1n|~l9P4B!VD15Uc;(^dy77+O_u7!9p5^re&r{1a%s}1 zkQkhW_MMh>DP;q!eTMVd8z}p%t+GE#ioz)VAvs1GYIUwt(kiC)Shjt4Z&3j|aci8q zk14ot$0i1ex#I?FKUXe}DAsEvU};G<`ER+NRbr{bHFaqh2_8czPKA@-ae17Y^Zv+# z8zdLQiJG0Z*I43d62NS;q%~0md@Nl9c{6&;%9Im8(-?g(vH#bl7npk6(SN)^Z?cE( zCNt&fJDCn4gpR|nj-3|kb5)f~MxTaZ?$GRpn(3B5@nR%}5_LYs`e`Jt`W=(o5#>5@ zxs$oeYpV2FGPO|`O~7d>n`2?HegnNX?H(FknVHNcbQQZKnpme6wN97rz|}c5dV0k zyv`UiL&E7$nQRrk;zo7MNwP~jq-hmECsZoH~sI&S;t=(SG*}F zr4wH!I$0y1g==^wO-s2+4bs9yMqtD}mRHoyUCy16^l$|PC16PIjzyp21dTyEs73To zxUlfZ=|EHFt764C+#gX39}0wF&tAF_y39^;mxZ%Hw`&;4w;wx*tP*7R*-_ib#0uGt zGG-=JMCdO9A@DOkU>y=mK?=#}%Ws zHA|8UTm5h`|Js*|9fq0MYd6!YUd}v9bCu2aC(J92#qNq|_}>GqI$gD#8j|U-aWwbg zD6bIPpw>`_z*$06g8+0LR}NU$6;@>yw5y3Q#0u3vPkwL7&e6~m7$Qm2c?L{toWD&F z+lRZb4@O&F-3O$CC9m@|g%L|!-$eQHvds5_(sLa#>+@Z6vg|~ft!#Df`n!lYCekRe zp3oC3SOtH^tNX%wm>3G!Qk-K9KKx*`a#XHtTKpFoVeZes1&c{v4HbR$YuKrxJbI~z zjMbTd8*H%3g9mDSGRY7I5h&MkR?^UW(dH5>9`Pfh=?=AK3fTXPSDyyf>lbn6K^Xj@ z;*S}>>Vu4!ya*Z7vz}-@T1>R&BYaE(krba8cittLsI>)2gH{#DCEzeu5=)f5k- z?lV6Z&(c|o@dK>EXU=%hb%reWbT9}iQ_&Gi*JFeL#xE&BxIP|X^hoNI#Xi^T#5FdZ zB0mrIUz(&a4Ut(mpOa~VQV1S849keS4B%0L*x)gy9wkmRO6gy&5$N-3WmA^@pZ7or z$O`MF%=%_^9y0$Y7M-b?j8~61 z#*`}|*>Eo`Oe<&4u6M@( zhhduf1uG;;JWI#tzvNTL=7_o+Ftz7NIeP#Qq=OZthaXbi-+%EwOt_% z(Fi3ne(qy*ee`|3`binYt%IiT^>zcZ&ieK?#iV$K7_%IMdLw$>rbv&wtvlE(eq5Mi z!I(O+{kI-m8@w+oA$57M;}`X}M`_HA@NG4rE~6xWH(y-m9C5F9kRhRf(|5L3Hi%K> zK8y{1cbaV{b~N|QUXmI!l}SlHztSX_S;eES{sKd$BuhX?USch4o;e~o+T z)|colCAh4Z&VEQ%y5I$y2Z5_7IHJs%ebQp>^}a1n^hP}s^ab#Fv0Q@&Z4bn{qD_7r z!V4d>1|~gA6PQ)U?kqryl^&a+_ph|pxgTO^)3=%5167Bn(b+VC_4%FWK$>du|P^|-JSuCs441a>~GXw!y zCuGBMEo(pm`#%V`cNIQ( zQru1J0q4^5EPJHUlI7>&OewrGMgVdMHAj`62TsaqPhplO3J_uqwon718pH^S7 z&bZ3<6x3>ZleY0=6?ISS?sHBvMBiMEop)#*L-8s9TTrG?d9ZRwgn9x0BP~U(zBGSn?f4&3j~dt0*Cdkurpwo9 z;M*TWoE7nDTBe}bLWe(Kom7CT5!M1_I|2}+ydk}#$mb13p&e3Yg^ZrZKyXuG?R=XU z!qIb{uGOB)QcL6;W?Rkc;dUanTzz;k^(R%BvCAUm(w$oy-lo#`M^2L@Gpf(uWY?!a zr(b70B&uwX%=zAcLq!37^-|6fv9=twL?dRtVo^>ySfeevZHRaNcrm*LeVVZ8xQY;F9DC8!iQ2Q3KPkSLlc+c;4ai)gxP9Psf zv(5DOFaIw77~L|C!zd|qJGOOP6$WXZtc6-dgjHwlSiYbovsJXVoZ!M|k>JqE9a1Y7 z93Moe3f@2OL`N~7@Im|G`w|@L+u_BphP&D62?8kac*(W$YvLmKeGvLGz1|(}z}%3G z*@`~(T(cvpB|Y!K0SkW=bwP$_-%DTz?dLd7+Gmb!*u5O84TTmvv_tA&02^w@z_dsY zi4fYf|Kt&DcZRd(M|T@~gG8-U^^|`S?c9?vYyATcZ}#vxI0s3W({?&y7UDLwqL^Tz zy|FOoiUehx*@=>Rw9T7xmR@Z(2_aSGI0Jvsk~N;Dv((;VosD{f?EK@FQyipMi1J$o z$h(bw;>)B8LM-bL@LJB~8uGQu2vfj`$#x~N<-&=0^{H0g=3L)=A}a013~jVKyj>3O z2I4Ci6?4;PH&kEE;55Uu#m|h+31YYLCu!|Zhsc8NqbEPL8Dj?|z<_)lT9~CEpYDX9 z#ru9!o_5{)=!~Bi@*K|(q@oygG;Vd=TK@MUsXbfR7**h-aEZJ{^=O#5M960^0R)z8 zSlrX}dS}pBO`3lwAV=j74LHU?e(x8$%cSl_1;JXvn=N+s zJ&6CF>3A=gx}Vd@+*Wtn3KZs1!f0^~0KO*PoN22GylS7MRe#nm=EFtmYhwZC!s~@kol`Vq!zFjjgHOZ20#G77~chUWtIT>)t zsQz%eUpUU_=?GcFBz>a%2xaEQV?qMo;(l=4_zs8G$Sl2r!=BoSxAi_c)hi1mgkj#)SXHAm)&Y*GGvzg% zpd*;~4L=cDa$?@;Xk4cDWc_67?&9kiqExIyMxvSUg}eSnZ_3jo?7Ruh_*rga#j+w1 z)v;J;f52gc)u3|)(%!@}{RI%iAg+2OM?K3;fme4CDjxS1^d;U{?sL*J)T>S@rNtuL zEOUGG;IqQ^Fdn8OA@Fhb3(EA1Sqj3tOA~u7k<1Tq{A9nhf8ILs89Ie=u{@q z?D34itUXm5Xs1i%&YZqzVMdR@Fn)2JrmltO3mNc{)XQB|rMfU0&Y^CaPeTR^v#F8$RR621L25HXAfMOY^ z?T*t|(hD0i>kgOOJNrx<;e6+f2A2{=pM(#XQX^@8(8qQLIOBz_W90}F1*e~KY{Bc#BN;_C57xH` zyK`5?v3YHqH~8_^gTl;vGt#8;@=LAd1nIys4B+K)f-lP-X$7bTD@>ei~gdv`vqXiB1{cV0tT3Vcx_J7o)d+^~_-Pr(K@(q$LF~ zOAU1)!H~K*xokX%d3Zp5AiE&9De_-o<7rohrc zOE}IK=kZ)RcY5vTDe9I(gEwySzB4CN%3U@M7;-;pQf7#UMIbn9g$yqL8j3$_8d2UQ zWMJRedfNJAS@c09!0Vx-o=hP1t%_2ncXitM{;+ai`ya!<$Q%Y>P30 zivb1k11ow_( z!g|7^Q?Dsl7y>swOuUdg{a>Dk&XcKbiBmVAK=XBSi&61}4gZg|N30g4`FQlz) z%_gngNh%k}sk3oSnA7~x9l>)I6%frR(ktf=y1KFt6(bkHV@AwOicuc8au-y#C;kO+ zGo!tSCo|fSv6m=`*xHYVywAM8)#gy-YrKftQI~Fchh_jIsi(By5)C#UDy-sdh-nIgdd33*z6}j{pWZMl=n7rNP z@K`6SAqX9QFEqywOArxj>rVfV$$O)`$`OFRKgNphtP=+%RkwIpXu*~NL~!arPD28) z5ipDHz&{oAhkslQl92yluflu8>?ZjpI;SgCEPvoZc`awnX*ZZXn;J3Wj=tso>74GA zgg4|7Q4-#asW%XUWlO&L2aR-5$~7nUN&mcxCf?k8cC`8zt|Xe>z7`q@b1-dGG!P#7 z-3t1gg!vFssQ&8REkaUg^+Nl;y$*HjSUl>D>kWKp{7yfPjL4-z6@-m(2Yls#UFT(y z^qps#t&cAo*7cxpk|4u;p_KuN*6ieH_b+Ck6ar0W-=c-uqE8{u}1BR{AbAwaBRfZx@fcJtcl$&hk$Kz(TeRd?`1NS(%XZdu+a~OVa=1fEQksRPW*I(&i zFC6g4IG?&|-c$&r%TyE!y&slHUK-3^MU>_f-uW4k&BOmb;>)JE`w0FApZHOMsY*;- zGl+C_0owoUDi80b!2wh>%WXu-mQ*jTFaV-%)E}lif^vi)E<97t5pJ71`SnG>DK2LR zN|$ALJ~!uRNsNd@&8Xt^jEm}ds>dF1=X%q{FJmnVJ4E}Wlvo~|83t;<6&PduBgnA( zBLw_c>1}i!nup7ZN$m{n#+T3(aq6E6Qp(GVH49I}~bJd7=cv z?-a{l>J*Tle&IEMAhImh(s%AsMOa~~h%{7P(xn|#!egfXGJ112;YcMq zb+a~ljNz~#F2yJN8pG{RYb}t-{+L#U{iUYFR+kb%W~zbRP0zgLHxhdhX5d8<_JE=w zjw1`niHyXY=P!Wsf)!Th=Gz2r0zrA#-l}UFnCO4RLvt76yP8425RcYHjBhJBe^YFr z&Rjw6@o;~sJ3E}NLU|j1bp3OxJBwydB#T%hk{q^k2fPM&u_21+#C17;osEhIE$>Ep zVg>2>u!F!MI(p`VSx>HK63;k28!|c%Wwt-t&fh}SK%y=mu<#F&1@8-UEuxS zHQTN2Iq!tuD+Nd_fIK42Av93>&O`fAL5#ZAY1Tw_ZMnvd1YnQNU7HFquSjWNA&c63<9-b z8aA&7_WIad**%5U%;Jl-Oj*181JXW}OjzRdbq^Io5pY`YkG7)s%#KQD@0rlJ-!M1X zzkFd29E^*qT{_f<(uV)CZLb(|w~oD@WyFbtF|G|*5(a-Dz+%GUAZO|t3MTRzw3Azz z0!hF(>`65C`$RR}9#sg)A?=)nl;7lv$-K#u7?k!$=rh~sXW>v-%5Zij9p}$r5aswA zW&_>3nFb|Z^XjzIa{lvtj*&MN3&_YC^MiB5R8nEaCm*8u{i{A$CJ5mmYZnl>$KC(i zOI`i_Kid8Ql^o_%t`s&{xXh@EGyT(NP!?zw&c)xJXF zG6G|E*o@=;Aes*;+|K{M)RJ)_;OZeC$6`CIsh)QjS5BWow;Wx!SB`7^4=d$$+7SQx zb&VG$nzax_6z(B#Ikdc2u++xXj;> z1i`92L^7_O=sm3@3w&m5C5HWh6cZ!XK_zjdT0Jk=7G?vrV^#$-3Rm0_x1hHfwc^r9mi^#PJsbFhI zu&s1BtB4QoPYo!kAh|OR1P2Yjz&DdN@}LwD0{<;Me3bFEpl5+?Es&&KlyULrpwR>P zCzsYft3&Qn+FOp3o*KHeU*t>%x45kbz-uy3ev}ijci7|T0q9;jx^#^$Flfs`8RIT%4?YmI2Kw;7g(PMa`tKK=A}@IJU650+M$*t*~T6^ zEP0>a`HfIW&15GV(=R9g)HmLRBAFdvBX6{5ujMyKtmFTN0|z=K3rr$k0P8f%Rhe^3DptHiOyr6T8>BBO43DuMpRyU+^GE#J>*`Y@vcA$A}qEeLPp1Qt@zzRk-89 zTc&0VULlfOSse>E?6c7!ku0uJswl320L&lNs608h4*stt zTodIr2uW82sh-)DMwj)KV~fNA5xXk{bz7T9!RM()+rQ4(0jhlKOV8$9XX^%_t>FTA zJEbapNpiuS`x$$YVV1?@@VBDpy#az|@XaOWPG4GBIb<8jT;u8<2aq-rA>C{5x&iA7w`>HiX!7yDdZ-yBCuh7jFWr}oTk2E{Wf*gH z!x4tbRyUlsSC{oCCRrFYH0!U(Ojwv&#dDT$p*WDw&ULajX5Aj`J|}l;X`!#R%J?33Ie3y^V>Vi2@@SAKk4h%&`X;^J@32cq)!$IoCNf~q6id(sPV@2V3lttR5?^- zTU_mFYT6SS-Sbvu>ED!4Yus>9RuIR4$1T7p8pZU}UpYVw6%AL}YeEwq^J>hh3Qs6G z71tWQ2XAc~$S1W9mS&~At3bLPrdK6Fd}8$BtZz6MknbO+Zg5bz8$PdrhpnG;QdeBz z%~VJ!5NXb8Ox`^Wl;b5wFU2QNgQ*)#4$8Aq2HU2jZSF4gW1#A+VsGUW6}&*+hGZZb zaLk1HC9pKZzhaNKH4fjliGE`6(KHN=ZANTB(Fxq_@YZHPMvK~z3)pSW0SK;-s=QUb zx|z2{3Ig4s$x%D{(`wR*Yr!Va=HZ?>>|wJBUCwf(QHoPYH!+6~px5W%L58Q4%aSe! z;uYroz=4#r!Vjvi&O~|V&TO{WapGZL$j&iNN0cT$;O!6_m*L#6UX2OS1$+FbYI$k9oclctybh278EB@gQBBwcSRBIY~TLiW9xi_z-@vP zda?AbuiXeDqd$qkifkahRxK-5Y9S^`{}wGeVHZ#@7t96LYtP2IY;w=Ad4f>wYRQOM zf8u@CJ%)Xlf|RS)9vMCHbnpnej1A3wB$+fr_xqNoKDh^+bBL$=hw#fL&eWR%?y$KZ zzaMw*dn4AUzqo4_5s6;7#}laH3Xo>#qX?}nK6hJ6d>p?r7Kqam^5A?JgVF{JxvKH*LUC;p$(WAosF*_~~%s|f6;GgC|) zNy(tE7p_C~-AXo4nW=5)UOyn$%5^40mHKZ#q$M*zZ=AM{T=Aa~b?o?{_;U}nnUVGm z7$MQ?q>3i}#=&8-PJrO`taY;Rcv23=YOtJoDJ6Ut_|80fcK8>zA5IXI(cm_;;gi)p zD3NEY4;M|pfMe+i^7*1u?~D(^tS@Ihl-X9+7j?Zkun*(Y_7}>7#DdsjjC~MB3^);PRH#ZX*S#~$@v$;?dc;9VYXef` zew4*FO;&Qtk6vSwqOv>m(TokQj-IX+Rne>~mh%0x0MnEV-9Z;Wu3j7V;g`ZH5{2mA z2O;659pX(D->0seGq;AqH^I)K`pmI1XKwGfBd1TkPKvq=>w8Km?xZ7;%EUuAU#^+> zWY+?Ib=y5EYG%=S>1d-|fP$nT>WBp07(T^KjvX6A%Z8roR&sTk#z>r2$MCYEU{giMu3QP6fHv#qKsEg4n;_zwNo{> z5?0)F#V9!C3LH;r&Gb;3Rc?DVo&`?JiU{{p9pHKcKt4^8%E~to{#G0LG2ySf5251r z=O*ScEZwtrxw9aI_CCEtpAz3bPzCp~=dc(;776XfUIYB?&0U!M(a#Oh!)+K`~gmY8j;#Ys{ z$jr;_Wg?Bwy%~HeD1QDBDbQ8w`XN*!o6ar3bMC_EzkTDU-O^-k155@v@pT3M-+d>* zr~m)Xyny-r`UF-3c1soZ!*iuI-UpXd+@IV;$#VY<`fEO0HtM!O5zsM1tBQz~ zs*1{@$51Dx=)G=3PV9o@zWM_ z*?Mi>bX9E+0@#BZR}s&PP*QwZy@e*m;$5Dq9FN##x?2M)``)Nn*j_q%dYDt1icloD zNV5i;k1JM^Bnej#FJZ2_(@&E-L;JqS8*e-!zT5sxAc6T77R@d@bSw~1+G12A-2Daq zdmjGs_hF(S0~LWCpWtxaa)6_L_I6Xza#5>{IZtB(fLMvhq!aR>lFYPw;)8&Nr7>W= zMC4T!+j>4uZUxsv^wIb58v!EjzoJn|;c@9J%%^YW*VTg%gv;HC3qg^s9Rd~`=&JFB zrQ-^*(Cl=r!6b_ZcB`22lp~Z*c2Q{!{cmKkgNC0+hul;5Zi1hd%t~xx`N!;#^eod| z_OB=L*mYg()#&nglNMNk329f&>UupZ`~%DYu#>^U@%Tf#!^U5*bH$H9x~B6%9+{12 zl3xf&Y>jvo^k`_RSX7-UNZf{>DUTp~>lR0Oj(P}sLai2QPPp0oWTuqg?F}N6_D}WG z?$jQ?6VW5B1y&G?|6s;zmrH;}dV7p~DO1J=lO!qTdk?LW7)NkZxvj2oY39-jR~fjt z0MlO6;Z^;3>DLf8yUi_XA*4iJ;liub%y_p%syD@A0kB5?M7j>;ZO&B#!x|?LrppA& zB3%iMo98*S;U(>HhJc)Qn|N|l>@6X`7Ha1@W6=dioCa(+vPR@pLD38@J55J@_calk zsYoA_x~U`>AJ%>Sx=6a-wn^qh#R?^{TA+~!OO-^P%YsqY<#;x6TD|$J23AXu`rA3& zUVX@#Tq5;j?uiC;yKa!TB8wa}PnHFL!gx3RZ{4>En4ueUjwO9Y3;~uwH&eC?>U= zjYI7PDrOg|KBFL47&?>g;+Bf6`AA*3!p;t`A| zshkv1Az3Od_!Z}lBJ9Xs=W|poV%j}YaFJ7AfB`2u3cYuy!uOf zPy8QaC*~=B5rh{Tc)XWGh=a0|pwh7E(tGGLOaH;yl;wX7Q`b}T;*=iRxY}4)aUpC)*wU zuNW6fCuKX<9r6!IR2G_sZU|}Y6?&9s2LSSCba|qnI=p1iB%Di{Y59&bjezuN(K)2x zIL1Q@MnrQVp-bV$NtE}1Z?y?y621$BF3R^i_+Pg37A-Rx3xSdLRqha(ZgU33xmLSn8#|l3QyxG}P|o zsmAYPGt-lg(2g>3{(6x%w;Deb(l@W!Zi&73n{ub~vNk)*WSZ+9q0cZb-3w|dvH4k4 zk~7sSJMB%_UfT_=yEL9lw`aVcxMYV$-a$DlP&$yq&=0PsRZhCfM6ZHP!c~{P=Pqy^ z$rZm8)X`GZGPLS+GW^=(1<*ay(q+$~cbi;6Fpl?Bf=K1C(r8Z(a=q%pVwU9re&CRm z1kIy;2&+!4M^>WtVIQIQbRyceb;}=M^m#J#eFPtsSt0#9MToR%&?18!!yd2T2cy#( zOUgR8O-?gwqIkM-7qtwI-=7vjIxw?&Et4qRcT{LF5%)o$(SbT@%qaYLuC#8KKUClw z4iQ-yVxw22Reo-gwrDObC^{0f%f@phQdSX0*5Rx}jbJGFi{MQXsO3k%?-XBbI+Rfm zuwmybquxR>xtT=xmiUX>HomMMkLO%~_}LZRy}uSc9`NBCy8J(oV0!>|yA8@b>VB~f zE9{WaMpNapkutG&*YQ@j3BiPjH)g!S-X(t$+t%6B_9hrzAc`^;HMfZw^M{dR;|^Vp zA&eI($UfFc)ZlQ{M3KQSA^lks|0Dt|>$0#*M*@!_Y(IJpowo$u-PH*xpvn z!$f;f1g~<*axq6NDlt}zG_Jl4eBZU4h-=w>gQp84!>Hc=kQ3ukSaaO?jE|*Qj#k-vjbokG2K> z&ayCO$3M<;A_w6OBjBJs%|FG?Z<1h&eeOD9*9OoIDFU{e+``uB@WbB+6cpSWp<30% zn#H=Xzwi@);X9#`$C*}gXj;)w^J`Mr;=g9Ojjs?cqS(v32CA;%hZh=BT+#)i_W6XG zgZ^#Q(#pYqm`YO5$8JKqd1Rbd4#l+@z|b<)O0H^c-IxzNNB+^l+UPbAfI3^ zOKz+$Gb5I;#1OWT<~$B}2{Aly*WV_;@j*NPmI0a+7N`3c&*LdxbA(SVhFEM5A$|tr z%Bkn4PW?$nc>nk~5 z#BRw3CD{w`;BeJM7Q`XKV(~M~C;HAb`uOB+%=GnOSy-}&Yk8g-9qsJKtT8_G=vusGq*D`ZVKZu+u%2V5a7$Eh2 z5GMl@U(I(=`osE{B&vrV4~O|s@mplxjImByHH;&zvF-Kq;sZ z4ikybF(kKyUU(#A7Wa4U;@}*q;5#P2t=%-vQFN@o^2GiL9Zd}}M-cbUK}tEv8<-ApFK#X*Sx z$nD6v20!d}_svaWds#om3=dMRPQ(Bw1I@7!%|Xnz5Wf_A>Ab!`L%hI^O*x*{V`N$6 zL`xOfT8A@MtI#{i(P^hg1rKi^iRZ~D*7mtKr@uaK+#$TnBK{f{-ShSQyl4K7*)7Ru5(r3R!72#oec zMSkGK9befTcI`(k(TiHnjtG#|V*-bzH8)UZ>vQN+(`o-8@i^Bw#;v&?_I}I5rbamd zD_2y($oFJswLX8@%k`(TD%G2}mKLFUuvv|80Q6r#!68~2 zDH^qMQ467~R90tV$98_cPf-mn({W=>YK@ohk)u2>Ly99B(=|tw{XxLUkCDU-b#3SG z&gvRqj;FkM%ex%cAiH; zq|p6{7A!?w3REJDY&BIlc_BWiOe7<4r~X798^~ zaX+iYk3A?xqaBsolAJ@#oGwg8DW(Z(g_b_)O9o;S4Yo*yCJpC}X!+W=?XjVq$xXe9 z|5~bkT!{hM(&Ts3`mkMeo3szMa8;|svG3KD7WGEDFHFJNMy z-~0U>>bP<3OV_JANT-j49SiEhng(C%4N34mZT5)at*8JhovaB%C>L66hasCzHW_gD zB~kvIkyEU2$ZDB@WX)e1AR{Yq6zM${?bltDL$}%LwiSBi<}J(+92&&~8CU?X4u$&d z&P2}*y{T*x%ih-(DUeYjM;hkt<6pJDz4nN2Gu@gwx#n}FiB!@mh~zw`;t{Atc5ctI zrl5kp)>`YNxTMxI<@q!7YYZgsSkhNyY(60}gREmS|9qpZ*02URM+6aPyN)chfbD>n zA>v8KvWT{jM-3dm2({r#4_)#&pf1-M;q)xZo{BC@-i~+lKSkWhObkB8+v+dWcHeIV zaF(`gj+12DkyozNE5;mq1NH=3BXz58QJv}ZmQN4U79woQZ`#>wgeV)P{NgRD~1e#-PKxDCZPuR{xx)MQG=BX=NrQXWzKs7V;}5x=|lH zEfXmE@@EsO!>Uki9Wucaz>F4`Cj%FX$L`nCHtipo6IH^yobm#7!dS|5Iv}1rSv!C? z*k>uU2tb`;6Bk;?tHs*R7@jK>ZzA#vsPoX{yU<7i%2P}H7P&hP#+kTi)wyQRDa+w7 zL@R)_Mv3ypU=NoUJ}49NQd(rvBj7UTB~|1s0KG6*tLgTHiWT{!!zTm~k0A{qs0mPX z<5d7^y-f%Kbl3(nsp@MLoKsZ{t%W#H?%ZywZQ4$oX8I0O^?gJb{kok^$vY!=Cqov? zXgfr##vX^DKhv})%*LBHO_u5n;6BK}i0U#~yfFtRVhhqVNBNO8Mt~d ztsw~`oG80CxToT4PqqB%-ffGTFt)(aVCz%{YT&0c)!`3p@RR~Tp$R0nLAi663}4PB z>l>I`ej5GXAMkfNWv5*y-*v^LXb4FHx-3u4-6>uwN>*bS^aHz-{73k^TY)pVab6!FiJZ^<^G(LUd?_j1fVPT;keMqesOUYFoOTW zi-sVpJ&#K+G>RVXc&7A-rScj_f!i%YmUD6bBGV+-5^A2Vx5-_AnLYF6KP;~okw1WM zRre*1qgEzmVo~F-!F9su2O9>j(GJ$D_r z){u3<%eL8xzO!%FRP3U7q9M@(7N2D;NP@G6X0MrU(R6|Mm7tBCuLmFiFqz{hB>R3< z3=BFff#D6tdYAk6(%@jj1cy@?fX(gennxxl>N2o%r6-YPG$kjy5%|DDqry zF;$Mh)l$ZDG6SvAtaI6tscsEDMHbmCM}NaWKp*bzPck<~+Mb+RdN{iO7ps=7y31Ye zxB!d(Ts5xgcQ3=acRT+dcVP*|W)Lud+Bko@@i{lTp*iE9;Kxxo9);Es^&~thCtLUF z(4&uzo;bI8sAheJnZDWF`*gn_mh)OrSRJBgDWc26Kf>^Xz@K*kL_%#%UdeRSxsmC- zsh%ZfAd=JSKg}WYa6EU7L))QbxD=6|}Ld8$ek*q*~~1LJj#E|^Q<%TOgI0dIH#H49!~kyGhWaK%AL)6r7Bv0kH#vqKnU zd;3uskW`W>MMQe#i}a|(j0~L<2dHyi#4`Tr^Dwa5ly~wh&2t5LF7((~@Qv;W}BS?bKbkK?*#YW@r zu@=@>-hYSONCS8ngVc)@YVHUvveWxhkbkJCszLK`vMs5V`>HJ%db|GE(GO>PuRf`9 zH;HWTV`z|z?NAOR@P#^;zpk^5yAS)MlYKINIx(Gp5U?!~d87o4)KUC(h1Tx9mMR%rK9uX_UV1oQq*S{pv`P z{qLuxMVWMU-Ot4!c==rgd-5_G6 zBH|>XaA8-phg%EC?8L8(8`TH)t3RVoHj63R^o;!w>9Jqtv3xe)1|OYeiw2tVp%y8b zpm^%R!IB^FYcuJHo9Rfc4VH1c_Vle&C_87^)Hc26`9k?boc!&mvCv0t&$?g=(ZX1- zorTRraJ7c_q<^}7n2XaV(xqE+fVFi4<6mjfr&A=76f?T2pCa&7Htks7|}YiaZO+CgZ**?3 z2QVSnIUD3cBszCu-Zt2AlP=_FH$LwFQ%|MZ@rHp7t+ba>G0UHCp~TB9kppd5%^|I5 zJM+yi4L+-JIk3N#2w9Zp-o5@dSCbxJ+1U8H%qGM~Wb?OSp}6oyaJ4%R#dH8OK4Dmz zcAg%H%>f81KqkvmdIgY*j-`~5TZ^t)mo5#-lCyLMs~bd#%yrVtZ%55a=sOx)^C?+?l>vM~)e!4-dt8 zL)2o;aT@d>3Jx^l!KAPUe+s*kB6I2{G1OJ^a--bDL?J7`gF~ay`q>9a&iQsm;RqO= zpoKwq8r{SI9S@l$JuFS_wjJgzVh+nxGeN#344&g*!A-fv`!PC&iBHIoR8n2`k(_Z8 zxS_9-DacLcV)acR{zw`t0}}f&TVmVj>&XIcL>6L%UAW9q<~#hNqnEL1{KWLi zE%cjOL(Ij2t5^JrEHjK+F+VFs3WDt=cltjCd1v7%!ahr#*c|W*Hs@&OPxL|murEud zrHE;IT?�Weq~%RoVx7i6hjo6;`Rt? z8&P-u()MhG?4dzQ%08e$ZP)(4&*C^i`$WZ{?`FT`0*rODbp8BqnUD{%e5de&nTK%9SW)!u{K3x<9WtP_0%5ng!*%z zKx(KINKKO(cAju;Q0hbXUbcj%#b(V@mJ=f^Hw^94;C4@n;7@)~u+P$)0u@jUD#LpM#SvOl8)GHHu7ZvrFC*m$e+aR* z+y$2$_ZEOgULZpP&WLf2H}Hh082IO(aI}%KdJJPPklR({gt1j59ZiZB0jC9j=7IMl z*Ut1#JMp(~TS%Hw!c^iJmG5D!CKPS%1K#uc!(>sq6_q zW{@+1lIZYI#@>&(fiItN4Y%2H(138`fZCBAVn*SG)a%NeBcvb7L@My0XOnF@m^->y zh9et7fNv!4^!Lf24bo^3@tuH5SLs!RX(V9C@>09Vus~n7L+0;oz`buuwywD3om@tK z6vm959)lj4Rao<20H1ZBb#1I+L60g!K}N1*@N=3Zd?u^7Ip*78QF7Y|#xt%fK(>8_ zmmZM8)6_yB3%8}n{e#sB;|o6D;wFbwiP7FJM`lHNgNrY<$Sz4`Hs)2w;`50IMwD;s0pLTm%e-7!*ik)QXRcfe`6%=GZ$?esX zoPmnvTS*l0)-p+d5x)orsJj5>segQm=pDDoe_!{HxyQjjJ-;QVwO&m{bM;H9*S0%Ui&vxQ$(~?j;eqrm1qSgepK8Qb-^IVNZ&3ipvrG zYpLc_$TTq&BzMf-HI0R}siQrGI6K-w(mpzf{E#zaQ1G8;iajmST8(LkVepb&9)EQ^ zZ%MVK_H}_&L>RYRv|aeeiTPWMQ|;QejV3`%grSikdr^T}i@;UGJg?8YP>S({$KOtX zJB}q4kjTfy7w!=W?isRlEVrVbpho!8gy5Dx5Cp8yVWOOlu6aAzY7edYCNr^>bNZ@U zvS0@#HIGy1pM-`zDNfQD@)L~uke_II*yhdrN$D5Gsq7A|=t%{r`xl9p#4m~RY(}$9 zfUR9;1RS}IV;bU3zn{DKcvSmp%SE)~gpzB`2FiUDAI}xEr}FgOhTr0=nqz|vfzB@{ zHGf#1%>jmi8EL>J z`OHkAh5vbxMvcIwb3`^Y&iW|kRsY|IB5E30v2tl1&#QkT>1gkyoLmcfUL-BUpSCq9 z^+-|(!Dvi3?%zJ6k9=G-HF*m2lCX}nq$I=GrNhjfN@{55mz0~+hc^yeP{h@b6gJiO zyViNtEE2Yfm$s%3^<_+uF7X)vt;oAMEH2*jJ!9&(ZWj;1*p|Lth{RKcHXDebsS)r`40SnAS*u*`}Rt~}>rC5Zl& z1W_y^cerb$3eKAO+`m<)7Bgsnq$e1PILb@XhC?yZZAy0p=1=-xGCIC7+#3#Roz#+6kIMa~1pVM`tiz_d zH(prPWSW3qL;50UqkV5H#}QruPuqdW8bE{=_Ju?)F8SDT@jF_o9cf!_xF)E6#U(qZ z2&(8DM9;YR4fzwJX%ao~{VzM&!mx`6k^`Ww7)%a6IkGzq8B2Oh_$(K}V)g9zTOqC` z$TBZO?{|=)r-4ub%q#`kAkI%Vf>Hx0R5n;tsSJDT(~35JAL!3a_hVkuzQKmZ7n2Jr zDtyl6;sroS+ozg~C^`= z%u|T68n}ao%NykcP$W74T-gxz#od2C<3Mc%+5KRyr~G!8XjVy_5WX)V){pp_gK85? zY>L`mRw`Bw^ou0wBG(3BqT(~{_9u>*T6XjeUX!E@^wuA7ZnoySMeHvbI0{=oP?ru4 zubCWDZpBo9x+L*;acw3kD~w+`m9!@0Eby=un)6`syzm03@37$91E(}Gb<-PKW-Gpl z&@cpuT^ZMlu}SUS+Fsu!c=`;#Wx6&xj`(%zPy9c%0zi+iADt)c%3{g-9{C?W2_?iW zG?2GkWW)?D%IO-c__0ag{T;5Qhv(WMz$IpFIlV(7l2&%yv+RK5++cJRdT0Ke@M8p5Gx57xI|p^ z4~R{D$O?&t#e3zNSdbuWY1=-6Vr*B)ch^)8i{^i5yTEX>is)&|jfV5zb%h1k;n{)) zfO3A^=VB90al8nXii^+e-_Cc89;%%oGPKEyx=EfE&HKL`@gs!GEf`z6f}s0_{;>Si z$iym>w|b;*gw4reoD04>{469IuA;v8q*>u`ffU14tn~n?E6JevQRBiZ z#O2YH@l@IB%b+5b0h>__TW_6TRX7muF!|_UkmIqP$9x5g41V8p*Mnzq6F6|R%3F$+jP;sOa`At;n z(kgT@kTTBBnS4og>KAXzd%*j!M-Zn=Rz`xeHT0xpPm+DNgWaz6bKnM=H-LoB}^gu@ct|*4|3j`A(zxrJs*Fk~v zP+78#aeG)20{*xjVyqlJd!;|BI27Wy$%1+7W_3o^Q_wwjvEV!feq|O8CJ1@ zbPin?|J4HtQUPB4;1vWHhjD{kfF_4Tdf1FijiG4mKeJ}ZOSZNbTZqw%x(1`c!vTSw z3d^>9zwSexrtpg&DFf$tpVuoCc2-;tV3(V!k=~*lCRr`g@XYGeSG$B-Bv^QsmCE%W z-l(%v<9Vg{k#zp?sWtE)Ro`qXZf#PY6$}H?=*eDy>_lgfVc9Dq>(@8sz(qjB>PLR* zg1hQx@CXBf`KR%}>7vQ%V}oE<6cXM@fxY3u;(jel_B_VJNd`a#lsH8RvGR`E`6bHL znUl5F$qWJA6yqb+v%QZP0#b&?sZ1h<{mDmaAhg-s)vSf2nUG=kSFpf1?UnihD}?zS)!AuA9kBiZgJ)skj6h0AiAG%>N%SZ6vON$@^3x6UxN~V`6oMhBr(Bm@tZRI}HAvu7qJHF~SOAT-RP{B_D!1ia^gaZ( zRqyZsmU%+|zAt`28@k39B{#Rcb`Q0*u?{BOG>h(?Bkp35^5%Wj9{|5&N)94{N zM;dw&i0ZwqPO6KYQkcC2#~ znR9%9t0&mSwU&`44Bb-E zk7EJOuz+H=Q+fDlcrTmmTvnF~O4thnKdc^x7T8u8##lN5=bUEjSgG~y=T2ZLdt5QN z#VYOVR3A1A0`-yN_*j!y@`OaFCrAq^T@7eH_S>PB@x3NB)$%|Q@XmJ7_+NpHZ^W%H zv2vSVTwy(fo52u!Ak-|VJ{fg&TfmT-_q>vnrVLsQ7V$z39j2Xwa%rS?P8o@d$U6q{ zWgC8uqe0j|BJ=4<i(pGX;gS}HW#jD@x>_{ekQK7F! zt7#^X5FsOolsgMxH;ob-=8Rl1#HUA&`CR$NyjYpK?Cqv#&Xj>vOX($6w3zY_fi?GH zMu2GiHMu9~y9qxvV~(okH7Lk0(7E`|1krX7Ka{g#&#UfHikCT81TL<@0N(n95vR%s zbOQ5W`4YnPdY-i{Bn&`RLZQq2|5U)vD(_3huvoO!6hlsZom`)WlcMJv9k<*TUTaeL zWd&fELD(p)p?9zBeh7&xn)%R@5rE+VkM;|sNvmt4moR*a{~THx#Sk|sayySKes$9C zoID$EUcAzg@h;gSHM60U#lpdQA2f8B;W7EakN0Y3cy`$K#XhR6eQUbfOQGZvm^Zx* z{|Xt|WW8DYJB^y&3_?^C04Wh5Ib0Tr>}X)0(SuM-M>^j1`JmUr?Uhdf#H8$;kwbE^ zQ-?5mhhyoScTp~PmXPstNsm7fW$Z>XBjl8k%dW*v*ZqCAR581y7{+*1Ke*m7)(?$J zfjxj*-Si%ZYahb838n?F_PkvfHLu*k-{N1;AGeA3n&vdJ6U2tAJ3925taIIt0zc`8 z#rNhcBoJn`;pFF%_n&IgDmRyd5_vB1?bgH7UUFW;`?w@7?g!yCoqA_^`}`Vni>90o zz&Y}~CNd#Erz?$QRJH(!?0T1Hy;Y%(k-R^)Qea_yiU-YAmm~ry8)~wH8mGc7+`Q*x z1j9Oy2SC@bO?S3Kk|+!(B%ZJ`nMr`+k<5A7L1462TRccn`iidGuUB^pd2c4T`mtLK zGI=OhKKRJNeE5gy(dfA+GOF%JRHt^K-wv)Gzd)W`syWziAU4jiB_pK1AQ|;H#xBD0 zOHK$FiD4jCitXlB?Ovvt#a+e-Q#h-}*}_qhR?R7p+)|#IPz&#JDAzkoaucnW6d%fP z45I1b@ImMxeHEa-!~a=T-X7xcAwwo+*Nx!cS}STQ4MVI9jlha_Q>G5A#UEORNVL)P znt;uo=z)vVQ+qE49RW8w90=^KX0J?HF*KNi(FKRB)8ntwb8MafBBCnd3uEt+ZmT%E z+FHl?stlS00A&d zm0Tiokir`1-fx5=Us$UmHsZD8^;W>q#4Ptdt~BR&cHk#|dT?Gw6pzl{XxIeD*G59%$xY@Asb%*9n~vt{i0f~9y~)L-S{n2&hnGK8uB zf2s+uk=uH#N$Qb!n@!! zQrxrkDBRb^IDlaER=15DxKE!waaR6 z_LXbfaZY$uV-dmjf@5qd<0s5U6&6?OaEfPO@b&vkJ`}fnJemsPagi5hT*1r1FOOo$ zL$9A+7Ghp!?tVO@$^+HA{fYMy9k!9)(0S7t{sRKcsjRfbM6l`;KCB(i_;MjBk#-*B*_(ng@@H{K=#3Um*5 z+!vetS1Kz=S!e`WOV1MQS7yFsO4EG_5<}-2QvZE{O#`M42}s>sD{g`tN8Blo13ix=s04pDg56V)ygZ z9lFpLD%5(~;QMm0=oosu%3PaLlBXl=HhfsuX7Y<`C*%KZn1d0iaXK!xChTWEDC}Na z(k>ijXS>o&_P>(8bScm^5)7SC5G@*x4C!N9j*=~U5UgHS!`YQ9D1e+(b(|)AL=U2; zJyXiM%g&)awkG|F;u{90CTkG9{F?GO_v!HU(x7j5&&pVj zePL6Uh;ZNET-vWmu+?H)Z4YbZv)`;Kk)(4mx(D?I$=3LP4WUHSM>#}+WU&5YcYg6} z?Vdu{nK&|srVng&Ho}Seoz8RK05Re-_?R9am-}v=-qObOK9^ETSoDI%4LHMo%bLkT z&NBYP;b#!8&Ib6=5y=<;NE6i3|i-V z$F?tK%M8?f?f66_X)92apsi+8QYtx`#f1tR38u+<3-q3D4|C&RBa}>j7piRHtU& ziuf(}u}f-w{`r8koGOzo`J%FZu2DKw=igcew3hG}cI{j`;%0%VDKAdjw6^la{=nKt zy*xDPvhTog>E7+sLi1+rS&Mlfqkf-9W`9qICFb_oW|vq$fa2A?aNZFB>iML_GsO47 zsY)$bM(pk(xp|?KZM%&JPPRX9y~|WV$RtuB)Rj(GN@Rsy03gG{V$anN4S)A~NJ#MN zC>gQ&#C3|ye8SF%^A1gVNApPp*}gC-1hR{~ADlTXk{fXrT;KA9$h9IcV`$QXK4@+(tgO}AHvg|5}?%II+-b*!{ee1f?SmAd5# zcdc@8$%Y`YXLWkA#29;nuU$xQkclAfF$A_g4w2>D^OW+3R{fv3ZNN07zH;OSMTc^% zwsy=~zPem54*{CS0SaiFF!>gHFlAD@C^T} zgdMR6((st#=mDBuZ6u;VNF~3{B+8VA{<2-)u0Ur~0F`()CP%`%4Rhh`B+q1N;Qp1; z9t^dU8;8?aOb)*0ZApCSz4h6A^o?n>Y9_!jC=)}0BUK)Cr08|3J3SL7$@#{QDYj^3@ftz%B++q@I*AWMWaUT8decLOvNO4l+h|tIGAN#hygf}c0vs$X4Gjx$8rYZHNBHvQ1_9aO zU;!KeG`zPrL@|PrKU9x2lSLH+rNId1JgQ;T^pHnkcB90r{)Wu!PMHF8vW(cNV>|xx zGnSemDTON(-V`ZikujTMV-tP^iN(CX)V4cmW-@H`%3|2(Z$GVJ@}QBy0@SpvM9vcy zsprpXmMw@Ajg_Lj9bLQa=cZPqhC$zEFi-*IX#E*H>y*~?!V>5B3!iW_QY!qudsc!( zhe0PJ)~C%C&F_fnzcOlvX@EY9kEvFb;E-7TVY`i4MFLx}AG6~mK(5+-2>pkKO6Rei ztd}n6GKM!k&Rwi7%Ak6oMuM^_3>T~QkBj=RExADtd?km+G4R;bO9%!qAIw7JE9d_X zAocQ8R~7GG4*VVo494ynMam_TW<10sn((H>M#*JFv;Abv*rYeOI1QZlSV;tbJ1E8u zy;zqsDl5uKH*kA35z_zh0Zg%=`_7A6hljd4p|GZcmL3kpG_8w$eEhl6QEPe;H@J@% z#NnQvB~|n94`NR^+OnQND&f|YY?f~L+f;y)J%^c-Dny|DsCXxvVx`b{Owj; zYafG5+ypZcLHB=Y$VF5W_DZ8n)R`DCQ-EB4q7p9<22z)ff$C4~`?8@pHfF~_qjXlQ zh}8#>6-UkT%%f{JH$`{rWoDW=`h_Syy&^l#DTbS@CxZPO6pIc{gv2-)bc?DRxWuce zZ`(E)Y@pz&EJ!r+Lnsb#;uTu7uee+g-K?M+>8*s{?@-dV}t z!z7Tj3sK{WWRX4|`- zjP~g#0&qhE72)LD`A~ErOL=e&K1OwGcu#&fzeGGQPVEH67asf$)inN6TAFzUJ zAvN;SK6phtE_pYIZDnqTB_FM0JGa^;{X>s(_j%qq2Xun= zo`-_B75>i#UHJkZiAasl+bw1mycA)TY*@Gni+WNX5Pj=&x=y1<6T7>h zMa#B#wPt6@zH@{%IT1PS=)MH18)JA}od2-B+d9#*>?xf12dD-eM zGVD;GcZrSSxkY9(&-(Ex>jYwMcaG#MuGOccC|2KKY+UuEr-p+rScF17&f8-wh5Xn< z3=Y@V*lG(r3pTGlP;lkcZH!MQ= zXN4+PpWzKEi{Z5WqYrifpE)w8qC{Z>3ZuC}pAvamE6TcU{msTh0S{a_8D&4Ypw^Ba z4oXm*4dJjJFJt4(;~F68Gj4~JCgdz_h_Jv@pz2&f%0%d>gA7dfV2ysHiPHf5&m!L*DvbYWnq{57FN^+^{%Fk_K_;kl$-Uapbans_}Jl@8qm05y@p94Bkp zNZc;GS=;C5ZXcv;K2TvHh)h+!@p4J|lBrMh`i*!kLxbi#1xz)VW}8=X%=cyxLANw* zCz}Ixv?w<#+0|yG2F@n%^Py$sLyZ>l>{|9_oRr}-;c!>{ZQ{4*M^?x@k8zLua@%00 zZg;5#hl7>FT@I@*_{h7>y6pPS6-MpexhJ^emh&gZNJ3lQlZy?Cc|MJ)&fOj?U>To{ zOVj$XEyd^@kYCJ$q8QeUM(}XdV2j$S2NUT@<&iG*iBEvqfLv=Hs{vhDvc=3G=q)kkoPDKT^d)d}#LZ`IH3sP`Lej0FOKs2IWnLuFp3ram zIQR^3$$uwbTCug{L6!h1W!j!X7O4f@LMwByv#GH{f;LSm^7_KZliF^z9!P8KshYdT^@&Ibz7DQJGm^`4Y#qwdg>^%FBoi>br%sxz zgl;)}juHP3zLFfym=R;IiXjirkWeTzAPl5&ZzF5vk#B-p5$OzTB*6H>jSC%GA$`&z zfT#{nd@ZZ@knqgDdi=Oog0}%9;?{cE!<{1Xg5b_r z8<28SD{yl%J#hG&gD0okP13d`k!39Xqy4-=4|GrO?0urZDMo&-A|1Y4elMac)_hsY zYD(xAPnZ*+srEZOQFg6l4A(c;GQYjYRG-%HA3xWlW#OcXNqk;t~k z-V6T1xUrLJKdpb%HN(b&^WDV-o`%3K;p#K&aSj%7aMH5&d*6hR2;?#eJTF_Ekwuuq zm+mvr3EZuN%1|gAxof6c4$LYfsL9;%gddkUfEI()2PNFG!gZsau-Z?W)Uo)H3+)I6 z)NEH~TlVvxhlX0j9<^_rSy2On&bs|_76ggEC;cC^E>uOXkr>AhNYR&A;;SP=uJ$wN z^{u|A6nS0-R1eKcbXjm*q*6_uQ^M2eGxy((Kqv|1OjmkVujWX*OK;J;R@a9uA)ZgY zAC?IGK~T_Hlzi<~7y$N?QO-KuRsiRYJR7UVv3zL384rofBJq{cgwvBWq?KUQKx3BkHOC41%Mo_S8a3Mls zV@~ck?!1|cdy&UhXIoFH9wtjN)exGb3c;1)snCew=Qe=Q8%-ZCC!pcuE_OxUm@Man z5zUGTx%WKqBQ9xddG|Gg3TFw_an6v+Ug@5rxJLS$_L%1$JXcS(M&m8R({;q2NL#=v zfm3t?vw#Y!yl_>)UkPOmO;oiLug?yoSY;AT|Mtb31P1uat@RU1#MA6!UEEqea&`ls zm)4@O;tV412WMQLDsD0w^lqZY^nAUoqT2wtp$hSH*W1X0zA*kMc&cbWJ9$PsYhnyc z{E!5oPxKpvFOq0p^0nkQlGT+DQ%b+-ehRJH9xFg8T@YJXdiKwp-GuKhu3NG;;cF{q zlC3?6GH$V$w3QuqT5DTLjrlm$#J`C9i=nj}##wC=X=t6CW3n_M6OgVn+*HoVJ?NeOd|l?zj0|EzW&g zQ-|%GAu*I!`D4jfa2$vrvl0`b0;zEyZB;V07r>)tBC&d*?CrW5L6`cq#O@f9L-_va zJA`dk2}5EyB2skw&-glAk%Rq>M8f$-vM*(W$GnnlB&iut?9Be=8R%)l_)KcXQu;t8I{4l+1%QYBI~D%- zvnD*(*0%b=&>RT2;JgQlpuYRqmYGmkvhqaA7=a9CZ04oO{&njzU#*vQ*>I`PsAN__ zT(ANFE_gp#B^~Eh0Bni^{%Gorf;80ebW~Bn|A~@qluTRm2~?1v2bnQ1IsJ)^-_fXc z(#W?U*_DA1(@C{!X~ae2Oxc2XMFCp+U21cI!MyE+_t4L`Kk3(7jUS$^8a|M~?>Q{Q zNoHYr!)gHx!ZckVMng3fD~lq<%TInaPFKk%52`=}2TjQQE8X(4+HK>7qYTA%9e;p} zwP@(&+iz!R5TavXStMa9JtIn#f;4BcjoClUpdNMF2f#rz)R0EZpDutB^=jU`Llp(l#&Tojz=xAxme} z5cWdPv*R@spW_eC59>d!wJTyG6LN31fpZ$#>TxGhpI#5ClVOBh$j#2-PFjHKULp3B@5Ao*KB8MUTUNRd2eH(gO)|DvL9QyO&;SrUN4cA(A zJ9>DrhOZw#&R`a2W(s7siIQ~W@@{GZ)_}|jN08p#VZ`dNX>MBB@3$*1L3%!TY9aaA zC)c45`Pi&E^&TTAbwoo0?ll3^D_LEXBHf9|mZ2I5>Dsw<-twtsh0U zz5?pgj+rB|)m+Ke$uND1R<@s|q=utm;C<7w{p#sYJ#3*)#%+h9{-Cy=Ay&XESpwMJ-<0C`4+#pYyd=KS!b$Y`*RiIR0M zW3`K7CdrRYQeTXT=tjt1^2!sBa#wmR+{?o7Hs?vz^C2K#X-K$#QnWsP(sU^x9BSHW zCz-}qN{_undrAF?X`>A@jW~u}8|6h=*!P6}tTgU(^P;iE2*sTFbeRu*e=z7~Y33G& z{MlIvx{&zKz}`0}lc4K)2(sMz@c@J}qqdLPNyYsEpnkSwP!{1{ z<4Q^_fi!cXB=l_1>cCiGRHViyM~s6q{xrkJx&eqe>vI-J+NxK=UjM>kL3T8Y9Q~jn zoku^9c4R=jz@RGpZKT|4p%(Y)jZRdBnuaK|)Ov-~ck*_?lX!5#Yt9x{^EHX*?xPxM z&CUX*oTEkCDFjn6*n$Y(4Lj(iG=sA>wZ^t-Y9i36EFO!Vf?$<<*2g`YAnd!$r#HRQ zXr`mgXO0qNlrVvK&cX)1J8h3mOkP4IG|K>2F)zw#bL+c75O`60cb2JtY!UTaDnuIP zHllPMvt5w)cb=4HepLujvQL)VCMhjW!CXWMugkMIvxDzG337q$D7Zxe4cj*Bv@Ak? z>qTRG&Yi%%fY~V*Sp46iJj%SsGAQbG^YMaEcgv&^P@m+yZDQs_SaP^U=y5>?e>4nJ zn_Te}u;B~{nD~phQJ$vf)GARRZ72pn{wrQL6QKAJYb;gth1|}ty)i85J4oc!rNd^4 z4qKQLVeJ`VTh1$UvjXG*+e76SjsSSI38qrAE%3bXtejxHV zxO#$V!LCu#V)s8h#y0d(UpNw^_>ND2mKZZhNj=ezqJj zU*OqLIC(n1DSS+`ri|{3LX-@osjkkx2W#kG==2@u9ad!K7AoP%K@@cOqG9*aftX;D z;z-{fL;Ls88h$pC6Pi5p{Ng^YIV5RetGY zJJAe9yGzr*h1tpyY4k_;*KsyD20e$C2WKZhc+^y`-6Q&E;}%#EBccG(tkBw=_uoB@ zM^?hzExAOwoI<qgko&DtIn3NujBFXxoDXq+dyaHvuMrR|-_O@l^gvCqyTCZ|tWknsvOC8k zi}eB|=u>q*tqo7+1W13IAE8J~CvQIogyJ3PNopjMes+Yc(HyT-Y!%3d|04C!W4FJ@np5qt0V4ub-Gxr=y9SmfAj+S)77`p%OKYB7-`rukjAD1 z#mHO*HEraeZfBIt${O6zvQpW`?q06pbQt5Bn4g1B+Q_@P&|X33`JS90Up1K*DZLQx zwP|6i??Ap9F$L35P$Uj{ZX4Ld_W&K<;Vm&UD-sU+x+Vtk2x-M-5_HA?SumT*U=RV9 z8lL64GvKxQ=XvR&ZELh?ax$@l)*t25jJA;eoI0V-!2PKUxsW0rdJ%|l+}7x>>~bX> zQsBgUQf2wt&Fz@po&P%=CZ_S!IZB!E(Hz5J2gkOH09N_L84v!0lrku%E)?j*Zw zs3}@j>|G_tFUKkucz+>Ols&l9@Bd(tjBEeL+qEt3PTAaS@WYcqSO4ZZo3jc-M=VNQ zjk-#*Md)StIO|tB;nzwmbA`VdS_6o3T}o&@^>eXsR!4B4J;kkqm%N5if|BsTw9AzG z8xo#{-@KHm&7!#4SKom@J{O7Sgh6pJU}dXKmj{a3zNZj#eTg2t^EO^9*3fx@S`bIb zFcL#FG1r=dv3WA~0h_N~;jTx&fbEOoFQscl62&P9@Hi)T+XJe?D@UJ%#;4P^!51Ty zQabU9`l$S6ftXe`U80^UfLqaW(O-;iPFNJpUrWjW=W^H}-k zVAE1H2PL$26}W~oKa%)1RRl3+vr&&J;j-a3D#(cENN|1IO6BFx4H&XkvYS( z*oWlE-5#ZVRSmh8-@iG4AET1DaXt?;RFfZJ=r^nIp!PdV-w=hs@hO#R7YKL-ysi0WyJS z=NiWn2HkL)&IwAZsebQ70mZpi7q$C<3K~LQNV?-X#~E2f0cQ->EJ3ZVydJOO8x{!0 z68)gt1aT}8S>Mf+#9hxWSg%U{Qu&D(8Ggf*BfUk_8Q?P%ih3N zV>L&Kos>KIw8sbw#Y~!H-+M4AoJyl;#EB*brmL2_N^Tw&16>BW`+$x50nNeX& zpXcVD{w9X+0Ti1ud|ujH*>dZfxr_cjruZCvKs38mET@JHsV@==X-=P+F^1|}hJmd`4i2APHB)vM&$XZpVd}FFc z3y6#0RoCF+nk9L`UIk3yevU(c-+*Z!!=bO0c)>j=JDS8nLbz+btTmH!<(oJga~d5cx!`zq|aVgH9ra< z)ljC|cv;3xQx-D^f@Yp5c`vB^4-Y8>6(C8G<IQxFfTRrA-&=1l)Z|&f4NSjSK{P zW)1~h(Qmyl0Qo)k*Zn$|C08~5WwudGR-z2Q$BSkAU-&SUY`Q$tJS4g{*!>ZJi^<)P z!MlB$udo4UXBC(|nE9*}U#E&4nOg!Jv9O=6 z8%tr4ZCKQDWZUVIiB)T^y(pljLOw6ETN*)$SsyF?c6k(h;trnV21hjLXXKnr! zYYe%K*(NQqFgfX+2u9E~TNMkuDP2cMS3tpG-yXfVB>dMy zB2e`{xvt(E1pjVkze1ImJ7Y!cS_1R6vJUVyc=VNkKC>wI2~c{H)qa0^)SE1Ygqh9Y zolSx*Yh?IwA%jaNQtL2XnabHm%Nhihv~C)+EuJBdhq9>}ue`xW&3IuDgzxKU(snq} z%Xv@AF_-sVXTXg40yUxfF37||oqXv9=&T|lG&#Opt+m-}d!E3Ww+`VS_{NCU3sqr& zhJdv(t3A<5l(i-19*Eb_fO&k3eUtbRloAdttzU;1U|E3WTpHybJ5j9i72ty?a)=gn zPuZBSfpI<3gw^CpyY3$ImAP z4VRPjy_IuTa^>gWF2g+iw9ypnbhgK0^f*OW+-j5jg^^Nz!nF9js{VWTZ9F!)Az)aIoh&Bn+fEZ0522h5s*a2>*!dU-Pj2j7%(!Bxk&s`_^y9!_HIK;7Ct6h6^#xnT|hz zqpyy&LGXm`5aJcsJG+t~k$grO)yIf|0#n%d(RtZRXnC#v^nZeke;l1G4jUE5=vc1g z(#?C>-7!CkEAsB$&)a(}v>EGDUWK?P=O10YK|PJ@a^6qMe?|8%Tu#ZK$%jiW`5=ZXm}n{T+Pyd^AD#{gDd!-pvG!-&WR72)n<9;bNVi`(1)guvol` zmit^-*v6vWya?c5H!=-{g}u%8=f7Oxq@F(`fi(E+Kz~jk&b+R3mk``z18%VzTSOuy zlDinqaCisH#zAgW)p0x85e0sT_v4*Lr2 z?UEvqm9O&8iHz$ZF41rsB}k|U4!{JonO=sI4-s-0$khe+78}a#YIfCuOa|<%W}{7Y z*7F}?*ccRYip9cb0+4GF9z0NJwVIonkq{RaAHu{7_+X*%Hx>EVdjI@7R;#w>k#xPo zXYQTQu>U8)UJa5Qg6XWeW8SbDC{kx}@Yx?-dG^+Et|$k#!j|Udm6j$RrE>;b?dj*1 zkJ%6I5vkFj?fIK1lrP}cZ&$mr)KtB8 zBANacU?ybOG15bQ&BEP=6Hgm(4ULT3(ojrJ$p(`{4_#nUa7A3qX9+wRjaYOx9Hd;! zord)sk*K=0`>d8vNT5$YaY>;H)bGoO{C{qj@gTB+7Dtcq=*GVY28I^D$n3osqtCPr z50(fpfw~e%2Qare-fm9ev&MA}7r<5IT&OBH`0IrK~NTB9;RW6B>{Swg5Fi%D?>3vsY#?3Fsz~?=e5Qiznw3}M*lU|8j*OxHQ^mX#8Q+v1_|brHsQ_H+=(MJR6m>q~#4&e$?k2d8o>JPRo;!H-8dwFsVrXXQcMHHR zvm7@-IBm+dypDkF;M&L4Au%fhlinD5Sd0iCn9^n?-q@F6qV~aA8ip`Jj7|D-WRDun zUa>sE?wfafrOcvGZoD3q5o2&rV0{#Ru%q&(H;BhpIPO=@s$>JsV2NfhTXz=Er(;Zb?*~PI^B334(HaPnY>8vg`ME`?-`*4+wPoSFUh;A#BLPK>X zmjto>V1iGfw6ExoDFZ!~!MX<%0pcqry0A5IbX{|Nnv_Ea)J3$s2T#n4cD9`48YR5p z2Ha$*Cp85khGc1TQoX$irZh8h|Ds%-15k^I3fH~oR*gCr;0f0x37W672)V$}?#Uri zuDKkZ2F=p?fkH%WX?R_L{U1Aw(Yio$O$>oouv*@RvtKIidz$`3f2 z_0bdjo=kmzzl^2hh8TT^YIIl7M@@0?+e2}uyZ9vQvGmZ`5=-Y^_wxRJ8<4*=WL808 zMc7Bn=8H4tiy9UAF?|qsXY6${?$-(r_;De{>}Ef(aG~((#OJ_H)1kc>do^`Na)H9v zud!nXCNB`>+nQ@7MbZLW!x+eNpkym=M^h7~1L8~^&r34=#poGeg3xjloW`~RcGM{- zBdc>YMf&@aw|T13@AlS0dkQjzvRO^b zCsdP~Z25j@CoNoKchuxai!mD3){U> zOPN1pO3jrf4ILy7#CUV;$25u>X%?f76?Fo=Jj(3t|`#R-=<7hX_QEg>j|6vwKzYMR;t16O?FkDHVrBL zZ7Ed+xjQ~G3abQU@Y+XP!5r6FMQKaklebdIZ@QT7)bjv>q{v?2-6RFimKR^`aI9Pz zVR#)LK*XXlFz9UME3UQtY&@iQkTSrL>3(ShUFhh;r!oeo)-{+7&;J7asTxJ};Hm!N zSRe@kmhmjYo4JuWvs=DXx6YZ4CA8pb;k7=VhaxKy*?`K>Ii?&?R5Ws{5_`t9zxRC^ z(g@2{sxRnVT{w{ozY6Z}YFXP)Cmh5mu!c`w5K1+Gg=+f=@5a^{|Fn24liLSC*eDc< z70HBecFmwKp)pQPVAUH^xrttzoukCt!x72fek27Y=6QOo$j&RYY& z#IS9^dMbije(Fb3KJm!$Jzzz8LS0_UNNj6%# z#JpmsR%-wXcln!G%=;=x@YB~PZKD8;n)02eh5x+@< zcrxpjyNnEFAB4Tw*P}p)5IX!Jx|dbPMzn}s{5off=g4>aM{V}$P)_?R8Q<}jJIWY? ziNK21%=K`WxoceWkyNyfe3;32HJm@iNc^uR1Hx1#>^etX5*JF$vHFKsTU$kMwMNgb~evDu-z>N{x}=po%#(g3b$x}CMc>5poFyg zL;a|LipH&(ma8Z(BB7$vUpA36K@yvX)#yLg+aehorm*-3%nAmK(WXKkd{_QW7o#ji z7pk2!p7bE(YB;9!INCs@Xt<(d?d3shjGJ;wT)&9$_342iD+Q@_h~Hr3%{F1?Z}V99K{Vf7CY<%y3Vo} z<)CFvP0Jg(pS?x`>WJ>w8D2Cms=t2)T)0)2JrIe8^0YE`gF4%s@@9q+KZ|>Q3y!_VgeUGC)v%3EKM5TklSt4?EEg_(XyLx`xwIw64vErf?(?Jr5 zd+seE@D)#p(fV<^)Xm6OnElD217u4I>?y<;1Ri4H0$X;5X+n*JsTPPHGcB0uV{Um- zOLmdUp16So#=5$m$A`POb*)$s1W&&8-l00p@T_91;Msn5lS*;NtwXd{kuowt zlVEMyGx6)Of3`)}d?Xol-GDm|EWj3a$kdPTvF00ekUsSWsl#Fu-~?dmRP$&~%Zfet z+8juiP}qOiRG^Dh&cFmQ4E2J|DSTszy|OF~$x4;73Z?6mTVSg*Ml?M&NvE008fzs@ z65#YmUg!JElDbAVx5V!8>c-$#_&S7VkI-g(yMyk7>bF8QH)c^>Mn{6(q`*S-zx-SE z?9MxB+c|aEtNf!Y>42BgZ!!@Ztx9c$=##TP+!&o1Z;XXGGcGj@L@^KC^S(rOSCY+Q ztzT`JMq@Q6ADhgLy6-4G=xpMjnE)xi;lb;ac?gKRdC?id{r9~IT)Uwi)@8)lDY?m> zT17)cP1L9>V7@&HMG_?Vemw`21K_%3S9D@{X|7cFL2?O&t950_^+5!)$`AmFu@>I7 z+EeKl#~Hn9o(c}bRMjy72{|jZe0UI+_?X!-(J~BL{X~gOOh)lfhmiE!0faI!Gb8$$ zh_b!X84>gVDU&~!NJEx>ePjQRJ^Ny3VYg-gkw&B7p3!r-6`QKGP`< z%#Ob%lPQA)k7N+bI*WlT#Hso zY^Ty7lVq_l7}yr3N3=ovD;8CGhz1UVtvD~$UWtB;TJ4SjNe)q1+EeY@30phPqfNEp zNQOSB5}~17j^z`qRYm()E0(TX#gMHvdEDhr;&sw29~}2>u3%mgIk!mh_`q%6*eAqv zhNzYy?^*%oZ$$+&lWZjubz)l4qd z+*sJ_$Sh5lHWeo59mW{0KIc!Ked1o?Qvc^t$7yHF#nCdNOz)daNFF+ilx$e8yG}lS z!?cm1moLmQ@=p$oY{r(#F(cecn$NnZ8 zc3^H{^N9xWZ}t1Jo$@MA`*xbdAxgrKT`@C0jWE{S9_(WpkwWh4a(|)D5Y)B~=!BtY z8t-fW3@6_c zEkC)zdyDGn8%73bA7rpet>9}>Mn=>>GW3qtd@c}aQU5SA{|NR2yoi+YVI$DYg5d`J zvmu5ScCl&>=nw@6hT7i3fHG8ub}@5ZvM+_SU_1_mgr%KTr|ocFO%W$0)X+by7Nqr^1Cbxb~MwPp48~+!>uxt*Xa< zZq?|m5yD&zPa|MoT@zHnXUOo8lK!E4^mbEL-YpV}a8F}kN?O*_KUq>ev16JQmEhND zg$}jjN**5Anj5#Ne%;>@|7rMNY=JNMIxh8QpfE9eNzn)3cwn>HCU!leZ*{X%%thOz zM^NM5jPfe0r#S2f0qq)H=aC?Qd68MELzu!!J_n7US5vTmFZC@l@}qzqGfg?*@Ee#l z@}PDTqKqn~?P}-Z(<3;a+GTGW(|gEmn;aI7lkXab)g_%TDk{JIQmF;1m?`>5KmOzG ztI{VgYQuR{Je9^BDqBta3hs_7!l>)w1ssu}xE#;zul0l2q)l-(x&qv%QW+o6*oCc_1 zCyr0O3_B}*DrsfQqt{&g6h|3)GOD;gk1TD_?o*t1I+I0TFJ7N!^IQk9*j2zzIuZAn zHf)2Cwf(FwhoLoR&kZb^c|Wbq&R*&v9JR1s9Neuh}XVgR2yDI8VuiB zlEyoq*$=|rvC_;rQ5{L3|B)$HOqHh2Ft=8FsiPnkN+*-WtJz~pgo`qB$O`Yr!axOU zN%4x;z-XwRAi}a!q@q@sM3=5_4I~_IZ3Y{!qFAQ%#aIWh97Hr{R1x&5AkRGwI4PEu zM!iB$mK378tD@YDDkC!*?T8(cRdoM33Tko(QMRSDgZD45UR}E>F2YkOEqDVWro5Q* zro*d8?+04xC&5XDVt;`F1#bzcpMglRT2smGC&7|WkY33#ua$Qm=35Mx+_7DmF)B&Z25?~FZ!I)IyK(QZ`R+-Tr6l_IOBoS9IPTuw4 zrb-*wIempiTJ0vA`~v@-N7JIRGoL=X;mWVc9@;*Be!i^cC&+MDxz?}naE{TR_?f_N z?`LUliaktYFOuvMrrYV*A#hR?v6x{_L_%t?WtGwInkt_9{0|sJlf4dUT81c@6@z~} z-J#YUN}YWM`uoSN8Vf`BR9>}2jZP!B-y@7rJja>7ZupR*PSes+T0V$w|F4ihlt&T# zz;ro*EX$X2hU&^Uf7Rq58qI17>iI!NXLLz5 zFDkzSRV0^zj#OGQ%o7BI>BSeSh~)4Lwqq;y!Q0xlxwxCV91YMZzkhVU)Bhbx?|uEt ztpaR`LP7C&BHU+S;(wwj3*2o35-X9qa*QjAC zc^Tlf)7(nHveL3XT79my!h?3f!Ft{rh~Nt({mkl$j!wK@#wYi%n6VPxdd|z>V&ZH@ z^@eJ)ljyYTeQ}*f>?q7?LL=#n5&M_@WtZM)Dn(zNf8!VRR4Km~4(}ZIlQ#?uK zTJetoF0ZA^K|ErrX4tE{JTxBLg3I}Yuvg)a?&iS~lA`XcpLMBMa??voyTy*?xX3-* zpjdtopoI{jmd~d%kv#s8C1rdZ14fY0Q@&3F++)}zgzp4Zl2Kv>=X-<*-*;6e;4>(O(I(tGKeviZNqzc?xOqb=yK)l-@xCHxX z!?0>yBfsvpZ;szULgPRsIpt6BCxS0nfKvQm2s|+Wgb|PPSdDgC2hgp>r)a6X*3nEH zaa%@w6>Gk+;S&YYI9QY1!^u#?taU!h46jU_GeQ9@0*ivWnOg2AIrKZ{T= z7|nDbYm%U(xcdC61F0_6^!Rt>6zs%~t)@V^H|gYF$t|%F_myp6e`TsI94fqTcf>5a zKc4l@!PSy+z8(tmJyJ`9IU-$`(9>m-1k;t^DD^=2+X1y&9Ml5&jQQ~`iV9`p2aJsT_C~$ zYXx#nbKMIbXFBjVkZBlx0eJnz13W@ChDdUf&@dzTmXjJ>#SMn}+K2MGz$6@{gw`Rh zD4^4F=I5_Fc-9n&xy_fVA=UXuwrAn;mw2C^Qe1M-gZ>a{&jGrNsL}#UwO9QuRwnE> zYH3z*N5@4jRtV6huelI}LO>^is3{d|_s)nVYo1?=3lyy;$pNPPBE}2?lswYp+g#iS z+7zB42<<|<6#LxMNCKis{K{ef(nA!uY4xVUB!8+FOLxz zwcWer#8CCm6(!jQ(7-78SRg}?H$akg`my$;Vzf^ziFMl(zNMk%aH~p**roc_mRPfr zn9Xy%tLk%B)MBH2BI>AS#~sG)$-PB?kEc>hpaGd!r2+w$B^>ncCf8qI?4~#Fvnxqz z6|Hd)Sf?w@pGi%lTI+Hg6?q<5M1}3CpQ6(&^4Qm+PR9Hj#>HyI{ScJ4?vz7O(S$xd zC~mxY_wkovF$T-Nq4EhwdSN8D@P1FJlSTGru8^8pIh9Q@&pN&gs0A|Z7pH%7fm;%& z4ibVIx{U#X8U-vHF)7|h5z(SDv-Cxxx;)1zaYDV!oNs5DNURhIWmCKWq2<|sE>STb zbKSW1^{4I@#}`PSjOuUjrTj`U%wrl(Pm*5+g1%Q1Wx9NOvSAfA@RvR>1I#fr?n@r$ zxcV*?r#f5jT3L7#zrj}?x)R%wTUX%#*cFetv5~OJe+H9@E2HE^ubY+YrN~wHfJ~!Q zEE5{uHJpnpE4!aXKk4&ceBliwl`wtb`g>{CLV|_N7#G5s5X>pO-f%0E7h{-wy78Q) z3)t|H*%RxX=)b4tezsHbo?#`JF zxUl=}I6<0KrKeh0@%Wr(X~P|0Rl=U=_L-8v{yH;`4a6;uC3FN>Ou3K_yrRaGAxV>@+ftp@-?yHb6I-0svJ<)`8rzs8$7O zzwTN(RgOfrwi*ulAe}Qti|+ENzz-pit_lq+o+C{0bUdF$36}t+ALiU(lC0uooqOD$ zh#sTxO-zp!NlS3mnnAm2iry%o$AHMwW$zC8Yi?}8<1lCeU+DcY+2&*n2&1dFB?5>5B zh4ADrzWzlZ{xKe8zvyQ?u6tRCnRR|GpA6Bs18rJZ!4Z9kM=+MP%(qqW6>h|b>K>BV z4ujlGq{xP17B3hIDd_j35doFWd&QKX=wk>ZEJRT7EwQ7)2!OmRE-PTVhM?(x5rL)@ z6*!*(uUZm(tB&2@L(hRWaq*Yv!F11~<6lwWmte@Sue#f$5mU+A)us^5-DE~%IOwtN)(A`b5TD=kShrTN$beK9ix!7#*m z*UB~>=d?m3udtcJVAqU)NwDYEoX@j)e`QBbU(=TK<<+_3Amc8|g-;Ku~GASIua)lC>A=`=Q^~@`>DE))yrM(fD8Ux7_EO)({)ep6f<&)=&cTV@R ztx5lw8;6Q&P$v^(DgQ9vwbGJ1z5##+{h||D3+4Y%GZMhsaSwLTha>=7p_ciB)F4qS z(QPJ9q|YAvV7hp!HiQQH+&R2_XX6jSM0N@}00%?B|3Z@p(YujhzIDTI^_f&R8j4>t z_t)Ftq5hx?-XD0&&#@t)DjL!f&=AJ}9i4(lWp{ygup^FJfZLj?yTs3t~k{yt~& z50&7w_zz0MH8Tvsqp+8MCSyfjGay~h6>9xmd_WXR6k=?qT{es*#71dY@}ZV-r=)=O zAWTI2Los8G_O3TWXhyp4 zUZE}8?wr1(I>9^r>M`1O_guuT%@hY)wt2I0NYNij&lR~ht z23WuZW|?7>Y(iw|Dy#nK+JVDZN&Ql+x7gFn3v@puNshB5GbQ9=519=jMiUwY1;p(~ z%27<+wwkuPBD!y3oLEJD6Zs|}Xn)=-t0?XiAO6lSn2IIKni*6!u-wi6{N?|T^`t3` zl-=_ti#X0+DO3nL zxGd$fMiU@%P06mZr1q%bT_kQV4O$8>;j7LNQwn*02b(Aq5mW>9-yYZS0H{2rk$2<5CB@=z%I z1~2Kw|IF$(25u!rx*KJ1aJJ{XoV8i~n8es8pJ%0UvWggcV|m!dX4Int48K^@#G@Tf zR3zhuz@%?TFk-(NaJB=IE?Z|k)sfP8*s~C_hqfy6;<1&9J{5n&S-yb(^uk=5p-KWS^YU_lH5pSxMK)bpW{$tkdZMwbub9Blp;@xB%7*E`SCsj>Wvp_0_5sH$4-#I3 zMLHg3YSDpIt6spC*dOdImf0)@-jNkV9<(afHQzN>&fayY=6Gc>G%YbrB4RBKQ92S8 zim|O(`kYtLjMxRc3UFcFTF3zsBcBGTFaX?Bt2nYJn*B{tpLptuA}Iyz?+J-jL+^n6 z9BAQX2@O%_(GmG5uM|Ww*H<4>8b8?ej(_5omEmKY$u4zt*DC%VRGS(e;jI}F34(3Q zAu8#BBJB5tT)UyAMKarBE7VI=ju^uI5Nn;j=CAK{@Gi=Nn%|BW@)$wXGKCG#&g9|< z{dE8g9tdAd*hW#~MMjMxu}ui_#?oS0c#|-vrW*8S46ItyFy@;e)z|a?5UF!w0LsTs zJqu)Rf%0-e{P$B2x4;Q+DcfwH&vs@L4 z(bb>gvam)Z*Cwg__nOpFLV*EL#wT={YC*9WvCx$6Crw2`DJgJnO#bR2vx3c8(zv|X zsy>&sXnKG9`=mhF50enlKs~wO&K)vj)jW3`=`3av-Q|q6irKHo5Za%SAK7_#K|Qz zCL_aww*Epw0eXGPuPg=v6q%sYSAH;kNH~Y2@Q8=D{%gYGbuoWnEuwPrW-Tmt1wX?? zl4#D1bWCtC4bV+Ax!ZYl?X>fhdFoamTzXSO)vluEv74VWB%G!XC{y?3%RXu67{<;O zPD|VE=i$nizc8wf^&zj2Fs9?cDXa+rS;uj--rFYz@O0rCR?hBPI>6tQFtpLalZqXRjQ5-NAM@(jR(p<-rrMXiQ^TS6!tUMVfUV< zdgZJ71-)Vi!~OasyaQr=%^3J!FGCOOLngZgxDp7qSE@jlK!m*d0kk)M+EfP*Y6znv zdFljR*yuZjb{HhWZ&0lA(V|5l0-kjqk50#Z=0#VcExyc|{M%f4V6qz7m@jV0OhwL-WjqwU3SC zosQBdoVNK1?{gdUeA%XfL-1s?hJRK9v!ur!j1w?nv_wUMsY761QPLkX-w#4On%rYi zAbDR$NLcd<_?La}Q-mF0P2e!1yaTrx4Xn9dnV&*dtd`1epr#bwSE2c#FD)xBpu1Ah zK3Gcw)`z5udpR(R-GGcSI3JM5CgPsK!34M@pe{4XqD2}9S(e@;4D4f!V0XMb-0tcp}HP1Drnl)LuiZ zTecD#6n*h4^9sGQjaOR4>EERyysd_ghWDQ4oq_sp8c%#&{zZsFb_+T=kCm>wBEDOj40-PS!SKih+r83u%!gGp)nizdQwMVk z(e2}Ku9z5c@vuB&I7{c(V1-e+LIk3OEq$EDT@(2Ws?(uuGzQmQMr$m&9pwGMX+j z>BLDzPHgqjv<~YNbOg=aG|^n||{J$`M&_5Z@j$#$&=GXFU7rx)&GJtcSol^5h{PNN079fO`o;`RoBTObw3C z%Z4(prI?feIC4*`TA7!WR2mZG$Z=8D@#}s^5cH~n-z+QRGFh9x)0OM%skZjBGRi~j zW$~I&!yyGfmW@&~#3fWCW8<)@P~W#X1Ht3AaoJL(%m9j_0aLAGAF#IcsyED?XT(*( zw{$j9sV_{(QK-E=O3}(hOP{lj25;pfMHCiJl5Y($zZm*1cfj2Ee31fAzC>oXEFcBC z!TzaN;h>9tUFy*H8P5pg|6$o78iMF|Sh=5zDIMK1o;1l`p=f{jwpQk?(r@Nf+9O7? zvZhqc+vH&EWol)Dnt=c+wlY56Gm}}qd0(;wTgiv~fX45J| zbHa*I3Fw$WM#h3t@{)ty7CkJYWkaD#+s0%qXhA(;2v!`RCTq6#()D-^iEo0ze84 z)DIa6ALqMZFJ9Zl*81ESv%#$X{t~1Cm~zJLZJgiGHm$n4(KAOS&f!$DKRwCgX&0x;VA0w>^Vy^TQzaf9f$ZT-t;Qpj4vBx%Pe{x z)fTc%YfumyHP4p}{#>V7d~9|J?^VYE!_OnkMEt`V=szfynofj8sMDuH4WbPG1JYKT zz@+r#as$haOXp#D`q4GCgi$3B<{duleUTeOVAKu)edz4I)a2F9GbKEOR5w7qR9g)BeF#V&>IiebX_B8cE*DxiBGWN zXS~9K#nUhwIBDp4=T$sUbZ&(#7*%Qs;y^{Dw;$?XBt7uj@R`ak%DpzEU_~mE!eho{ zchO4?3dPG)V=!V!7SFpNG9;OE&kPVL9q3brEElGPtwE6C3y`!3rU_q9*-Mw$gVoAznycla@aNYe>O&R-Fx8%Lxh1E2O;p zjDo-8Tz&@2W+qo4a5ZRgAhd1dGhM9*ojbXCWD;>yr-bWRNLyQUQBPxy>&1>IFaL-G z{^4XwP1Yn3F>Rgy(p+DAbME^Dw8YGVITaO*F~!tuIK&^v^^J3QJbblcLPZ*?D{2*G zoWsD@<2k_TbWpP6FI^&l?e^D+lZlN!Gt38^4{4LZwe;?a*i2v&IXA^@c;chfb`D=<$ z0m06n?LHyQR2Bmj8L+I4Bzk0b+%pKM3NOjuiE zEx@MWt(o3-YXqkEVTj)eZE22|#yM+v9gTV~CAP30^^O3MTxjkcXUlQ-zQ6dhjmpbb)4(EXIlDTI@)OyziSUUj06IE5z>ik)=T$>Zd*7G*vdladTY ze@*k>WTeM+=eE>{V80mV(KNY|8tjb6vLES*mwP@9!;2^b;t&^+-OBS;P6JlE_*4ow&E9H^FmPw({RQRI-J9J> zKv)LC2-AZzbCiqRmP0Rvo)UW)5!IcSiA1Y8ejel7-@*K>)aVBby2!SK5_04ak}YLvrlViQ z`AE97fwP;_{1*egjsKwq?DH^#JUG<@}6QdK5`$7yD z>BHW8#z4E%R}7eFfEjWpeIt(WF@xycposLN7(^V^**VI5Xm6Zra+TV6GlJ@iV&DJ$d)9+znHpqy*c%FI{1NUCSw)ep`FffG> zFM+x};mGDq{Ivo$QUQ-#a_0Wa-1&b&r^()sHuUp&j?fVIl0o-_hN9`HE0;CLPf_}s zL*kA{ghQ?oD$^EU=TCjd9+HQ#O609ZR3?;ZlXpIh=s|{kk!vN|CmVX5+5;%)ZvbVf zw_2zARVQ-o6Aa~9J5429d-hfi)gx#%bKt$NT3U4lkS${E<)U2Q8O}RD0v-T$oXhW{ zC=XH9&<((RkR0ONi~b1sFi!_qjK&1 zd-!H9q*-y!B;?j3+IjwgNdw4(>*@t{@NfZs;Xa*hOX3y-fVSH~^%k2c2@GS2N5YRc zf!(o`3`3-4O6S6lj5bi`BIKpoQ+H=fdK~}pyaxRav6n7tRv(cil?Ih=X2y$t~mJz7^NqBOgbo}nysqb|BU9%Hs>0>Bn~r^TWLTC>DoMqyCMQh z$$62$uQ#~xqGewZbP%f{2Lw3_W&XjObGrR6`eF6{xDv}XN99+Hbld{+*s$0Pq*mr) z>llE%pTAG?n$`KO|9l$FfFJI#TIJ0X6AIb znGU`CKf@JiM45vBYO{EE*KWgnU8k(_0eo1Y@w{?Sw)b6)`SBpNxP12lRXWP|Lkw1q zrO=z6vdKQpwI}#bA@=g%A0WEr&ejgEo-1A^_b?pa-e%p@JXA;2{<;#j#(%M;guJbL zK=OJ~_Mre7PDUTLBx0<75GTTkq`dj1<_7cXbO{MB6`0%xubM z2b3T0eK7p~KMjUID()F#K-EW~yTDwl_yumeHH^t`&eCEhR4hDd*kJgB+2qAd$1mQ* z`(!3PqSwse1X7zh*)5=Tj1vkh32(93FNAfP#bj7@I+Gwhq%)JLCPw|O8{&P+Pvnta zBi_&4-xliP!_=PZp$eo1f|vN!W(7+woCJ+q+STa3XRLyfv-*eEo zRGO1~lmL9KK#Fli6XK4YTrSfYpT#k?sx&St;2eu@c?Wi(>S_w``t>1}M(fQV&Y_Uz^Q zK;;b?aaJz7=HDunPk;6n`Ual540Vi4zH{WR@sd}L`Sn6*hEAKdrk z?ng^l;$-e0OA0PUnaeuU0bXV+sI{^^-ry9o7AM6F>*+K6Eu^yE#!MfH)WOgUreb{U znvXdaA=m&fixmHs3eiK5zpE*=sv{C-SeT}w+=v{G?Ika*+L0DyCIIb2N|Ja$(o{lXT0@ufFxc^TCU*GCY4V<`qT4xfhS5wp^b?Bq^NEgh!r`wpOArj zLK@n2aXY`2W%0Fd*GWf8jt?hhmt3DF)H35Bl=g^Y>6s6;EgkZfX-ZrwioH`$Rxaqb z6p9d&*C;xEJ&0jqPY2-}dMWhTS8sCr%>=sy4pD?gz(i@O>Ubfa`Kh!N_hY_lgwD)D zi&2**La-L9dj}!H5^<}Onxao-^x7sk*7g1#)I>+L*N*174o*V%`?vy4WC5qNr8OPy z+V>G@$znAtm9Nat<#REW77MICq@tWzUVwMw^s3fG-eZ~w^pycjdIF2GzJlEuOF!y( zqdzz>6D+baqm@_4s;4!^>z6O2YDp|vC1%^pOJ|2>YOj5oG1$F z9gL$Xrg2L-+RCt(G*!tnoU%%9la3d#o;jS&!n}JPHg~KDnrEY8N9%dV%marausd2iF>Sfd#q&x7 zR#roCZXfQ}9!d%tbMr2n3}jTa?y(AGbg#mVxAYR_n^l7$RDgO~p>JmrF za>}tXYqu@Wh0iv^n!hG8X6h5l5VMyQ3KE|AQ_cNPMrYQLsLISUn&o%IeL~EFMQhI-o0{H;VQAlOvVsu^>Muz2W_O|%cR6^asmVE_W|q+peX_n zhYZ5I`UvOw#vEcJr|u7dkKtJmK%wnyZNTXXzC58@dL~Qe=dZuIE#iYK2O#%t5ZjcN z>op|5m9~z!XvT#6?~u{!c;R~!%X~@ZCx7v76%O_tq#m};KNze^GUp!~hUAC~$~Q!k zi`IYhy|HW?Mj*y3c4c?w0>>`3(tRtE{baemBBTFMWe zw;(lztN<(vQ0&uZ&<fWJgU3pi+fh#C9N#oG$`_!cilcpj{pdMESWKSMuU<L}zsL=;Wrc-(qzzcu@C$#Q zAG>@nMJIo7Amu8;gK*!x$hI1(br3Q%uN0dqZ+oT=?_Zvq^sEkbvdtK^hd*p;4HtaL zQwZ$`8J=2O>9_W{{S&l5eYwJ*>rx%M^V6Gaes{Hb}9@?E*-NK z&9Y)@r{0X;Nl|i2=4C>BsBe6xI<5@C;c!9b>)SKc;?IN#Ot(d5dKu!e2eh?qqk~Lo9+ zn7r6gd^^=cPqrC&A!gaKAy7pGb!XDesoZ@ai_|gX)@c`_CjRqq5PqLJf!?G>U6G zCuN;_UBxdZBe5-wO2_-!wX)Y`sOS~BD@HApu?t=MmwZ}l`>+*6t;LEvc}GxXXEARhDI@+G!Ub`h{ThYvWGnxOHSWO23_C7 zNi%1~ZQ8JdRS@$$;eL77R~VzRQ|J^HH-pEKa}hK#*hg%;iH1=NRNu?|A|7EKmUiX=17AMVN*%$7_@`EF4+JNMBVl{xG7EZB}PT+vK@~zUt(Ra zEPaZqJK2TWuom$-CyAUTExdyhhR5v`fi)-k30G?XI`kjZmwwR!dzxy_*9Z*DAUHTI zHCJWchJ;qfZ19zoW=L`NCL;-%Evl%zsM{wPf4~{pet#$B%gLk~?Nm&Qi%REHMU^3q z3!201m)_o|FOr*g;qi&`Z@a5T^#z#|@YKvMR&MoK3yt;gS&|hgidgzsBJ^$mdnRDm zE?{}vSN4*^;_8?RtXo0KEqnoOuQ>4tp3r#?nV#wF(Cg#WRb_BTFPN|IY<&8KR#Nlr zQG2cND7Q}y$VRFZXZ(iw;k z7>%l$X}vRmQG}e^#?_4z<8M8<7muWL=U@5Bq9 zOS#sZxQ*1BPqXMRpsuV=C*^MhDAF5T><1sDlal$p-6Q=PtnW$U_!%pMfx^UZwJyu+ zQu=wbfNKbv;xcF|1vSt=wfAQg*c#*6kd5t zaiD^nb@{l5VB4Hk2~TQU^a+tcen7?ci)av7km2FI!>X$@z z3LbVm=ik|k60W|#als?zpYz;aQPa#IEWZ@M(+}(}MecOI;Neq6`Ml1;W!g6uEJd8C9loA z^GcIOVt$5R`0iC1o#)n}p`fFHF#%CBd!oVXh3O9#>c>wi>iOSM#y{p2kmbVg^QV5@ z#!RPr)GF=l7u_!%KMCu+mLya7&n=20kTAbpfIW6Kc9?7}OsZW*%>)~tFJ$M36NeLe z=FvYEaoNcqkwc7fJH(WNnv7D2{^c5V8@w!?Xd{E*&+g8G{>N7myu?B7X@=C~&QsOE zVyJcFFgv#^vVxyZv}8vc(hq+2knZ4Jog*t^vH=ozv7=1rX9BBp_X~{x3*NJ?&J&SJ z8tFJh1nKx`tPq)fxPWGKWm2?{=<#zD$F1+&@6xnS;BThPIsxXS^&Q}u_+K8LM`aMI z%khbGMHJwT9HYXMpofmec{MIy=lU^?#j>VXoPxY=t?A3R0E54q0w|ZZTqj zmA-j9RyrJiqg?W>l~}_eg=BLWQy&|Q>TaCk?pRD`(}(@A&$D}VHvbr;`_t^5pcU^f zp0x6X+|(Y5e~)S^d@MMfN`OMxw@dXHFC>{7W)31*^j>vYTx-O+4XQn>m)*pO#Um%9 zD|D(G-K{7kU2n8SH}nWna#J$B97iPo*IC?AWEzE&gZZXZ9+dbi=` zs`v!F7Y*BhYx7hoz|yw0DF%mhNr0XM2tD*a1lzluCAJ(>LCIcshm^_S4?1Sajcb4P zCICgt3Xxk7V;XnaaFqS52z+3uLP|!yyYMlf3K&ZIq;f!%9-zBmZ~4B}_7`DUoB>=y zEKJqIBZrY3d%XfcX4R5v6@jlI-%1lvy={*C>u?6H4sD<*d$47L~ck(O#u zbSaI-eRrt^kx9&ThIvof3{wIFCbE8v3sDznT9j%B7uC_y&6GXB%YMvd{waX2DzZ|mR7T2N&o+`i|ZA{2_e{A?iogaxfF#a@JvR!9sFXVm32=Ok15t z(`&moYe{R~S5+>c2)Drtp!O{DIeHsK$CEaojOE)CND;c!&m32Blqd`KD>__77BgT6h35^$2L|EkD} zEkrA#C8%jIZHjKFUq=DTI4 zUnwdrOV-ptSu#agq8(W%N_@H0Mni*q=np%WRhe6Dqt46q;j+!0`vp6l)pl8W{C5Ne`)V$y)5$t0Gu;sHfb%HE)GjFtrYG{%N zz#!MgoQKnRZ6H@XUf{}d_IR%8OrtW+NKPQ`d(tU{tEBJbVj#7JGCIn$=IRZ($dCA$ ztQ?br#4^@kSjAlHa5B-=+Au8NQAe%PQ`ggnykuK$-|Fl6kS9(aI?6{uZg4WeFx$lc zR?A^ep%2nFDHOJgfqI1220^yYm{57Z*lb@>N)HZ8HVldn;3Ik`?IrBXO$Q@WhxmYG zgEe4$Z3-Of+hyu0NP!Aeja(_CBr6yt(fbe%1L_>o+=FnEtvFN{Cx$L?0BW ztJE|>ibwGj=&7#y^Qaa?vca7g>Cb<=bl4XAmAgdW`Fu3J{;>#Lwn=a!8CQE@(5QmV zFhLG)T{=nUA3fhsWCfC;EHOSOW!NH=k;H4)gr(_)MQkdaIM;CSFTS8S0^my+vZhT2 zJiE+&*5zohzQMprF&ET*5hA!*xmFlng5Hh?C~{?}a-K3T(f|BVGuA<1I}0S2e!Fd( zS9_n<9eL&ooCIu{WJ{D2nA$^OSo!IIzekn@i~k{8w8t2l`l0#P;3nma{$2kYqUb*o8?fUek<=jRtPE+bFF(8dVubvvHiTtpiwC)+Ok4 zFaiCe)QzJ5GN&wkeb;({Y`muxh$!B?!eNSGWSoeZR< z$4(b`Q$m#9j8@=eDl=a1^=UJ*D$H^ zzfzSK`~FPh690WrYCo+L$KCy6pH=Z#Y^X2~ZdAIsENJ#z*bp}VqatIc(Cdg{Zddfp zn0Zt!TeghltXli@CZ4jr(^Av;K@a?CeyAdTMf3%(?xfSl-HPPL!-zM?N^C#{*kOLL z6LPTrz+ITL$tye{Zfy5|*E>zxM&1RIZClHm5<-ydOjX7*=JaJ{ycsUB+c>CT+uP^Q zIl>;{>#CoYUA<2QNF26ul9LJ@dYSRX>^5@-9mqX~%-}hGGYh6IjI|RhQ|P|@hIUd2 zP(kjJ{u#l}v3i6x^jsqM9$MdeaN%%iz6%ZEJNVm{2ZH;T;m0@r2gYMa$sfeZuEZLZ zL5tPO+^CFvO|@Lp=EN%KE-ckgT{2?o8&wM_OJnU|lx@m(qbDGc*8XwoFg3_B8VP5> zSLx0vvnM1)(ona9hPA)8EKiHc7mu$|=w7B%P%!a(k9dhqEHDS3UD=RKjh_!4BdO=Qo@WgwLHR$L-tma^ywa2=F6VZ#rjj;{x(sCWhskanG(+7rk;_19OfwuA((zSuKoZKR= zG;vY30N9)FlOPl#&djYFkTJYsgcOTePfRH(IbS%B4T5ga^6qsFtY61tnQvxYVb_VRs0m zqw+wl$?q?<3xnupVd-X_mWR&_1fi3NTu@I!D_>Xfpz^`2;KtI78=yY%3VED-*ZvP@# zJpO^{Ng+e*u?MDzD_ak<>(i8-`f#^S)6Zx$NDUWa%6RRc#oKQsZuUtt-L{LtXAiOl zFPN_X*EDLJK(-iHu}aoh6|f4L4U^W>G}(?ch0->q%ChNgX~-~XGY@q?psO(nDDtJV z76lsPN{mLs>9Q8gcyk)OVc4~2I83{E4AGVcFR@uBOjsKWtw|H3Ev30Tzp!F2Hq-?` zAKkjHK0OyIF63?_ zGhLU$WU5Mn_n-T32gP3A0W3HZkBz0sf_q5V$Oyy3vf+-lQ6!Q` zldVqWt=4Y!`nfNrB-|ENwGn@MYz}|D$7#R{kD*B(mZGh%@i0XozI@zsY;M=oW}qE> zg!k%Y-ceoh&;If`leSA5b*MIzK(S<)zmjOgBQ}zuGc>`?Fb%IENU;LxGpHNy_#tT7 zpGWNXT3ER%1G|HEF8lb8-ewfX0JfMUGP{8ep{QXYGX{h3d&P_>hQpZmS^hWYL3n7L zR3Z2#2vPMA#q}$FRZ!#}DmT4(1$>|0++CM%S22As@V1Q5sHMcu$*zv_L6rmrWWPmI zL*_Z}AA@KuR9GDkW>9p+CcsNnRQop;%uxku*8>`Z$IsLZ_cq+R6j6v zV%ztL_Ze^G1UcYZeZWU6u#eQ&HKy+ZX4@;UtK$n+YN$0Ww;s8h^F8hBL@lu5`rmbe zcMrRz=HLSEC}{hdr`n)z-sm^k5EhN_4C~+teWpB|x>^NvhFuxY-%!9)&OrOLiX_Y(^g}sDPVFW8Mn2z|^hD{iQ+yfEgqm_WZY1 zdILI7#M(KtrLngVlBR8!3U|&u*0!&`R(4C}mdToXnXAS&&_*Ule0|N@0DaBt=ffn` zapq(i36tyhJ9uCI?B!p|aV>_=cPng!ESi;62PM{hLQ_+Y_`lgjPlSeqI`>)p$hTr=r){7Jl5hS7&iWgp3MF87oSB=*Cy@s|n_Q zm9;-`3}6zHFsv?N$R7yziWY-3RfwrGfN;^mDr;-@VQXt6Fs1=WC{ejNhG(GsB*>ko z>>WB86R5krxLhiTL-T*3QaWBla1pJN_v|C{WFk|q$iSpQZxL`r zaMP~WRt$B;T(9s4+xrAPqdx9bGve4Ol-a3az(M&o2-5EFVr=dxhca zk`HSGUaW1D(V15K@2xdwFtAp1)Yu*v`U}JCN|QJRf}i|t;sg|keVQS#=muS~>!0E$ zZc-79kaOw?m1-#e+abHj0ibWzu$IS21g+p!3eoVbV4 zxV4A*MWc5F;$}6sT(T0IkF7Ge^uu3en_mA;3cH)008%W zKz=vedJIuyGdwSLbI^Dg$@-yU@aH*IJ4p*u1iKaTl|p1>!UOwreRMsRgZ~??Yo3Q>)jyTcs3D!W%s#K~97_fnZ?P(^y&>>!~w$03S+$V8yMGuu%+Vy*2w9e_K-03a97 zeQ_|+!`h3Z8mkQHH?sj&;1h`9#B|X7;~G^Gtg%qp^_mYsO?fyM992+n_jTK&A32Vd zub~d8!lxfR-kE@c2_eVArBsFbxu#~dOfY)3aokvWOU8qL0P}#E_s=_wvVJ>wc;muW z39(hD>Or75aLHq2?GKOqY8Y#wvZ!?oLlskOvmw7-=j*UonOYxO-~%ERxp?@9UnoXU z@^|^b$f&2l72zAy4UajS2`4wy2R*Hs;F%|=nS4*+-yp~BuD)DVWtESNs$gU$BfkL5 z?5{b)T(t?DX}=w1FPwz_hlz?gOz;V`Tq(26LPY;j?E$R2NxGhPIX*LRt7+(;=Weh$ ziBzVxB5HI*(9-V-i)V!#W*W=fu8-MP2F*}nk4PUPQ|G$bLE~qgQ!F32jSQ->b0)g` zDGuLuv9?+X%%fR{jsWU>uk;|GVRnrf@8&XlGYzJ5lQAKZpa6@Kl#;W}ENrN3d*Y8| zXx?CKS9eanS5NSQrd6sU4@;NF;hxsXaQQ^5;l&&-`#u(Beq%}swG0C`MUZEaqK~Rx z{Hn)=A{gPD&<^Syd!r!i_(JGxMs(*-XKkq1pu#MMP27o`!A(khyvkOi^YQx@QJJLM zeRA6%NL7qf|6YU_9L4gFu6{hV5prd9^40>aIBBbx1K9t$2)eF0SBR5fLRLFOqxP56 zgp_NMzy7p!4Yc&1G1u7 z&3Dz@8ZNE&#i~Luoq7Su=MP&AEYRhi(;@Z9?Q2O?T{e+E_}TIPbZ3d$7OCoKdIiui!KicV7({u^ zL?!sRK2&xB=GeQ-JI<(u?`fp75j$NMj$h=(gaJq*ayBk=5-{B+LvnoCn?d;&k|Brf zx0D1s2scD;C`R>~;f;KN-cddyW#%@L!R&2Mh?4d1{s0d?Ehd|^(&~It1@%SpPYGjW z+R0!1eyQE8&6eC)OUVm(gZ?SZq3EAOg&$n$VTAkIz=rg!;fT>e3R+9m)9!Tj3@^?| zrh2>>ZGm+ne#?06=RG>}l98y5;IPwmd*9nfiP1MPOcS#PoRJp<~^`G$s#weCivjMKllgZ2eq4G)Yzd;k;_fa63u zssY@8L-s>h1^rMJe&%@*fR!5$Y?3ei^nmQsXK3T&9AsCM#~k=lTn4ju~td>ip@PYt*=rT4aM-Z%BkLK3q(KrUM%BAKOR1g?BwiM z;r&f9RJXsK>Yrw(lU0Zn2F(c2DR9gcz!aK01CdtHBuxz58k=T~m-0@xOj70`JGdK0 zj0P0tTi*5@XU4YlSMd30MMunb)6LpkaqZBm;WeV&=-iK_47j! zrFDxi9kIu!(>R}ztjfIhG~RC+YxI-IXq}YQyT2m8r$vqP_d!estY2p%G{=wnXiYxc zp7+h1<`k9JgaCV@F|V49U}caC_2k2oGdlH4LY(U>w`x(i$(p&Hf5G{K?K6?#FIajR z7N=8Qu3_6>fsA{C7Ub*?<99X}RCELxKWC68dJdx;n`-)`OU(6P680bIjl0?`q#WS!0ZC zzk^QbY05e|kI_6u&;w8{cjZbKTMm2Jx6Q~f7br1<7RT<5aIsrwin)a-o9n4S52dO_ zNtL)M>ZaaOwVA5^B|VMPv_<&&&ECEu_qPJBUI~YC$t)xpiYSI|A!jhSWc|`XzjMID z4+_s1DF=O9>tu~>VnTVur+m4-Mb9&E6@_WC9hCRA zRkGR4#oS#+*lZMqCLNY$k%qAig_^_v%>qJCL|DJfrSQD-UxUSbHwT!TV>O=;Lf!*sa)xcN{X8;cu! z*w*%!EH6RaB+#nCP#r9*O1`ah@ z_?q!s&TK@uuH$zvUyAL9#l#1Y{KV<#s{{i5-S(H~^~#!Z_{`j$snSHWhVS&1(!l{? z#mbb3Xups=pJ2`I2?1bFo2erX`+z}gV?>o~C`C>x>WoK9Iy(FXYRGt&ah=(bFys_C z+cHx=JXASb z8BnjclS*wsZ212o*lE=k&^5bH%0(eM)ZzYhK4Nwj~Ui+Y_`Cb2-{;{ARh)@C8J5**i46brPa0lBv|PcIXEae zbr(nh*wYaBl7vJXjTWr5C`k(GLUJ2nC4t)0yy0Pv*|NgKQ80jvUDompzHf-1w@{l* zr7*y!hqhn=N8kC-TX@9$Jv;eTQXKAk!x~E{xJ9*o$Xf?#m46B)EZ!%L6}}-qhdpa_ zvpZLtZ%EE(D|~099xAa!(DK3%)qOBH1QQ9w*)g& zVUhrT|6Z`d#&a_U{tjXb`sv8q@%$YL*Es*q;p-0kzYI)c^6kR>8N|m9vzP{}AQNp2 z;pI(6A%tu#!zV$B%qRD`Ph?~v5D}=e)%&I$%|L)bOLt)W`gYW$=vnT_2;!9lXK4-dQKD(yGeY2y z`3pbOD7esQ_<6*fF3DZmSh=-G6@FG>P7vV<;s8*;sBSVJBm#~7l~7sD0Yw7;kC@l= z*!Vf>SdPH~8D)F9+wJ#FC~;j6^FPG?9?yuVD3j~6ovI-ItPsiG8|w%7kt|$6=w46e zyPa(uJOep@)d3<8bsr;}h5@PaUTf7O&;>7J8Dn&NZ-xY;GB)D7eZa&^b#EK9W$_Iw zU3yh=R#}Vx`)*CCL`CDEEXwhvl~+YzYoJw8DL3oHHGK5mden+2BB?G2h1;CKF_xlc z9SX9;NC0A)t;i_g`AlV4muvQ>z!+zaK`$e_fejzi3z}0nPu2NvXl;>z%r=m!&xHd% z40(Xx$MOjA+X@vFK| z07k2`YYw?aCC!iOLxOdDuXPjDiaaU+=QfCX&MIlvX{FuEH_!n_ScKNh6X%6uh3gGq zLt~$)wR-p#|iWer^p0Eh^h5DQT?K?=OFLFX|PY<`Sr|@pp>i8`$Bg^O>ab zh%XUq(n2dx%mIjNfNUDEpZW2VHh`7GUwwaXO23D*3391fJ%KS0b^~+?vV1;dbt&8V zgc-KE)S@%0DnhP4-4sBdZOem4!8ySrwd;I{IkmajSMVDX|TA9Ji=jOGKD$CJ2s59Zmsw#i&Vzp z;RE)K4g)=B!b`>nXOp`D);3wU7-0Q5LfMh|bNt9V$Y%RsN}5l2<=^H|Yci~^Vi2y` ztv8K@kMfnIA98WPEP=F^ev6Ald0&gZahCfN1q!+ZA~xE*J`t{$uF%QXOWay8i7^nq z=8ID8%lNKu(tsmBtUyCrYskZ=J)9V@hVch!FdP3aXTf)Z++8(1>U81(wm(ByG8Y!T zc@9r*LHNM*Pz$*51dL@aqouOJDLN{3OG61>a8M`!*@Q^GbUhv8PY^y^9Ik*L{$Ir6 zpU(cdOc$^jyw2$c;rPqusvG|HfL47~vlfry>#Js_$S^`lYxG9S&dm=p&hmRAwOMW3MWkP05myURYg4(A=y7(ls*JdeQ zsb~&Z^&C)?&?%HLRBT|<^b?&<9C2;1vRP}$fVZqeE3nQ}Yh&}OzFW2c$PQ9`!qOSZgVw2_Cdu7z{#|n1^Y5;rDT}cP zgLe7&;iLCss5H-8I{{wIVn0*aIulP9&gST14Gm8?q>~HWQMI~9#Y}-edYH5(rz-^k zAyCyTe*j$hjKJ`c)toTstk65BEVu|`U*)~I?l5F^?ujzd)@o{&*Fw}80+F@j_(SGP z)}uz_k=U#-YOn({QJ@aU;&c!QK(%||wv_>9(X5x7?cGOnxMuz(W{R04pv}_>8O)Dfq{Wr_Fv9nC&xuJvSO zBQ5bcxTZdOk(;-4tnVKTK=YR{Puw)eH_n$!IrS1~t~Ef9NrEp>kkHA-m%-+zM=xyU zpH5bB*3yk`lo7z_uGq-*qEgq%ScE;yT`;zg|8nQgvM5!HHb(N+nBaL9^(-AOO@ zQ8tY9VoLT{=gOVb!1<2j_Nb5SdX(%|sT3^r)`JT-Mfnbh)>6*c*t~7iFM#QB(johm z_L~JUnQ~dUn@W_fs#&n`R%dY)3*by8u{8b*?F%nB882vi=0w~;bVITMDghK12E}Xz zuIkcA(nys8pKB>%bE$+>fu)Ce**=M^owdrMz~0~pUfqnYH7s4F8&Z}X6xdO{W;n?iwq7h7 zZwFDmWI=qzpcftC)v23O)ggn?$d<~fZ~!oCoQ57dv2`2B94tknV_BAO%k#847q!4c zE&@`$&vxRk^Z#cReLDyOYQ1Zff!7wwCS5kNbw>pBMq^I|@L&1<=3hc~s!Ckgii%ge z>fXhwS37BmvCye`%I)A>nq zZheL&%n@J3t;0p<>XVEs#R9BEB!K1u&slNBP~0(*P?14c4?l=YdzThJ<3U^io!4Qf z;h7VYJR9X(tBOasZ#_4GByn_&F4-r?EpuA(_6nA>{KeXNyMh-y0{4zAQu5auDKe)J?iEHXK{so_M)S*paERgPlFY_Pejnv|XbO8zpn z3l88Q_~2|dbIR$|#V$y}k3eTFg^cmJOrHAqzDq67tUYJc=;FrA<9-< zuzC3vur=)zz0rfS?zIMnZEARa;1PDW?Xh#^1yQ|lj1n9IXsL-357OE)msu(ZK^6j} zAZ0l%nIgsFpp9^+H(04N&3>9ci=d;GvH|3|ixliDxYP!C!lUtJmrq5E08}FW3l0?4 zwp$}T6_-LhM+`FkB+Qmv6X5Q}w^4_y1U*ghn<{LBF+bsU9k~mpJQIR(Uko~8_A`a^ zEeWUWryn<#SW2zRWbl)<4F5C2^JBsPmCS{-?sbL?qJ9qry*h&pVwjwgc&c|_6$RY7mFTvui zSS7`dk8k2uBfM@tzVz%yPpLIkO6pv@QWy~H{fCp6SS7xar9UDq^~Upw>NtNA-&_tS zzkX1DVza8c&fI~YO=Z6=E61q%N4;~@pK}%CBHo&bvaR7?qum2op?W=54ckkZ!$u|M zvK}jkzuS}*;gj%H9ibSFx9{{`77%S#%B+}ApoZ@EeGgOZx-%$nw*_20nci^9DEr;acY_j{d8#3sQt<+V7Nl2zqRpgI zkfUxi&_z1lxIF&RaHqkrzCLixa@sZyFNe?!%KJ6(uf)rzZ}}~_5iyB~Zodq?J5BY7 zNNFtCw@KkwhKNE2J0VdIKvb9E7tD4#=_!qk_N2hd`YB6mr=%kSSO`n`QRS37mGY3q zW|5KHtwLTYDjJ?vTJ5${K*6<>?3^3I@OTvu{do)W2Dh97xu_94xTj6(=r!G@h~|3q zL93GyFw~BYDfp$M2EDpg=M^If7vjdb$v4!PI%J2S8VE5NCKb_{7BVV6E6ttK_<)3)heioSaKHmeE&|EC~m* z$!F)BkhXcCN6xx+cQFeLLznHC7CV^)@@otg%R`c{xCpm`9cPcR&K|MlZ@788@eeYz z4QQECevdfg6B*yqkr~Lxy#x|t`+q+CzWSk>%@ z$>b z<0E%Z-U2zkq3xE-LemNIAMgJD$Y$P}Oy&(_gd6AXN!5X)^|Ny9Q@Vis?%1WB>qI{OdMw!J@744E7S{bhXw>XrM-;XespTKf zAgr*{T8s>g+o7G{e5T)ukLoL!IM|yZf?RPhSa2n$04l*iV%7yma8%7CRPr}*8mD4n z-({ybs8W1X*sS{#R;O++CepUe4X%j(DC7Hgj%UA!jeGH7lcR8r@vhWtAi}p^6R84q z7CGx7DDCL+Q6hU-kyoQ`m%;0;3+TJr+4DC0Bx2b#yJi=XBnBq!??{{U!gK4z%+?}! zjd{v`#v|mgd8$YD5}<4@$5qcjT@v;!aNs@v6XSp6S1E9Tng*c__f(qb*)nF4!fotK z>>VyIFY%)X%jbNP$87DN@wVgf{(H&=srKa^gez&vxF8Fiue{p{ZcW&~{(h-xQG3dI z-wG^;P13cka9ZJ1OtfHj#mwo7Erb+S+I_N#er4{}T!w}?WzS9UtaaID$enjnzA}-{ z7+qX*OA$In|YHRuX-M9qQ9>}sdhU+^KlTIhqi4J*fdNs3&$28 zY1E2fc6Y>8)QRZOXL%gU5NIY+9IR5|a-VAH7|A=lhSZrt4t=o-FUgb;HRt8t>+fY; zZS}Mo|7}ZpZILnC>X{wy#gqUfb(JK4IWetdi4+S$UPMQWzzk)wA;Q(C+ew`ci79c)}|CeEHKo9t-#;1N|4sY${T+0}E%YyVPbJ%UcnB$jQT zlrNa9LS?m${10jcF#&X9Wp#tX_UEL#)imyD7pYYj!66HqL zs+RYJ8TmBP3LD{3wymGuBslftA6&O2D*gM`e%RzauZJM04N=XGss9=N z%ZNWPz{}2j>eR}=XaMh@eu_I78(U}hz1=oYr7zhW!NN*QRxt;n_n*0BMA|)w;oNFD zky!XSto~`$Xi&cw(3$AzaWGwyAubBSo`uRvi41F!c3mqsaKz4^mictc;>mh)s!oX! zuAs#xDP=_WpcZS;GRni#od1hgMKpUYbWbcQ)6d+O=prFe8oB=%;D$t9SBoE`0k;7P zaf{F{9zx8xS?6oPSrA1-dukc_ErfUNqiU?HT1?CnHWj|>1`P6Q!|c0;{GQaq94_wA zSTY3JULM-omUhEx?6GvtEu`F*|MHkjB-d&JoO-zU&|p+G*7$14?tSY>hksl<+EQwJ z(6oo%UMeoblSsq+#wD!1@Y|yPPA57X8f2iuo4YGheMkj%8+f~7QZb-oykQUZ^bLL` zTo7!JTgG>x&vzx*=!-{%z{1}J211+xaS9^-3@lqU@szm~d)4xuopA)3>>VP8VmpA_ zR^b6L`QC?`a>ZTsAYK9yuFR8MfSgp&j@E{JU`6kXg?wQNlV3Zj`OFzF9QuAoWY9T= z*OZvj7@>UW9Ckpnc%0v|W$AOKl4+6vuhQKTfSHJVLDBwxyMXxz9$>i-Q@(D?dC9Z# z@SvL4!lO5rv75};8n9jA%=F7Lv7q4Z*#Uju9jzyLE;>R%X|n=g9~g)z8w;5aBFxEA zy(jkCsA`-k_m^gV$Mqx9#dw}>&%oB)Vs+(YqcT#OhAT>NP5*5A9UBgG0_d}OnQJcs zgjmiZ2Y@nnggt}V*d;Y|!$yJl9izg7w3FOFAdRt32X&+T|D1=^O2~TJ{l%jPuW`vo z^~)MHDIT?`SgVEBw=0kMdq)h_JN@M>ZK17}fRIOk)#P?0zJ)3FFSaQ84f+hQ{gc=y zWoGwQ`dwf?#e$ie#trf|;~gRRLl+dLB55@%~jdo|XFG@QYi19NwHK_U~ zNxZSy`^li`fsMGj(TB(g|8N|ub^2hk-Oadlk?)`WwfoJ`9=vj^ugW2vdUB(=0}eNI zb{&_`Fv;mVYr-}~mt#>=4!E2q3R+=A<)K1xd(P^LfNS7FBmjVuN@s7p*Xq*RwOGns z3gI~UbG-YUxmfJI)^#%5Tlz0_59q$b?A5&<a<;rNK zGLKi({O0^&{%64|W*>caYaIE+J7LZwLePiUI@p@TsN2~MzUUop*j(y;S2cVdZ1E|j z&)PcQssiN0!^kgvuc*cr>AeRJ87M_Ca9pt?H%g4)pEtkPe*wNGM_ft@`v!}ACdobE z@#BL9B#@{!??yFrx;yoZ;t+wvy7z_G0AJe*TkWh2NnK5N3h3{{K@%tBR>YZP?T?Qh z-1i_oXukCWUCvrSs zF4vUZo$y2Wwh3#r#I4NfmLqyQS=Em-pK2o0#o8=7f-*$^+|;l@_C03a8fH0wks(qc zRcQMKpmYCx+N!Rg6cc64GLH`IJu^QKPOyiP?~@CQLOa-37A-gtJ*D{#LKk!& zD2H%Maf)0iQ?5;%9P?Lt8AcF??F(4U2G_O zF-b0)!ftk%Re`|sBCzlvQp|a=GhWX@J)brAC^f-GMU2a)y{6%26%KO`$Z@s}2NB7R zSW2N03al5`BJUNUv})XbsOraOf# z)=f1<85SHKzxk#fF%o+e-h+78M|1I*8G(ibo9&E7MYHv}P#bz$cW(OI1g;VhYC=9u zzT)=Y@9=LaS{STXl1$o%pe)(XOGu^d_4o`2LX@sFRK6EW3rntM8_gnS9XS1YtRQy~ zt;DI|0Lc&s_s4FNnTJR&lGbo3!f2PJy~ej5-SadSGsuGv zoC#(^;%wnx_>~8BRU;<#%4I=IzRZzoiQU>~sTr2WkSkG1}i>}!}2F+8oHjS+`$wd5asjJ+*rf}4`p{;k7!LzFGMzU$@ z48Z~0;2|<2$1@R-1Tbco0d;1jjM#Pbyk7IAU^e3z6$0&F!pkbBh3}!}NTlQvKgIYd zk6eggSY7V+QTn?|LO2C(^bEm5J>hcUTcFL8-N7Gl>Sv_et95oI>iu%s^TC*VcEnW$ zvr-?Ki&Hv!vsI~TbA(|py9Q*>-GYS?F{3J=#qD_DC}`ZtaK7Hco{YHDNO zmrCXXK8}zxM@4YNS4#)KQob*84i3@}w_&juY^a;lWtt`@Vd5+p2^3X`-E!jHLBqF> zkV8-m081_;Q3Na^CXT5(C68-B&ly1^=4`hPJ%#SPJ_2TJ#R_#_e4^+aB?+>FY>ZxM zjVuO}=XNKqi>wiuPZZNh6*n4ANJi$Io0w}xgkl8uszZvq?gqEtLO__bU6t*&Fo403 z13yLcK*|c5p}j67rWdJC_Ns-2>`Mn|`tUegnJdd1x8^(J9(blTGq=kYP|@q8#mHBG z5z}w~*f1+SluH#N{fFLH$UQqN--O^{sZ55VpF}QL_Aa#K8ZJ{2I+=3jG%FhOIfuz$ z=CYAm6@+EG{4}Bm#`xe=PyA@u%(d)+;vPat$Yzx|+;$8r<~#UW-6}@$Mvrn==a{=a zBy{ID9waMVNDL=jtiIWl;F)zocY@u%!3b%2=13;l;j>}i^tPA3fPZh*&Ks!YPAsHL z)80);a3Z@A_@)!$TtH$b{3yY7O$Zi#aZmyyM@qdr2z@mx0&Yi?%xhP=v_PtBD0VaX zjJ%d^((pSH;^|myfs>@2`0WdLDvGBwB|c31bCJDSz}#I|-aRtPDBi8}%-$W}qAWrQ zTe%JtR9dp>t;k*o(Za=G@dcNIHa?G|88Tyy0z*C8Z)&`HEf}c4RiKniEIt>gECCB! z5v9`&4wVVZGe2;x@!uO#)O2$;PRj+a6c~;zqKR_ab3-5Xft1Wvyp%~E_ zq{5VEw$YGhme!_RuMWBg=}P>2hqD^-e8JA|pfINhUT$(0Kz+(}5Vr3@R6 zOM^&weCPL1jTM}z^4}c1TIGA0u=0XD{iCN{)?bu{*l3d@)t*E0%~Z}4eegUGf|b5$ zsZ($5T^jr-q4x?rs)zLKlnMJ(lcr?W6V-5nCTCM$qwUSc_YsmKsW?yP0-0Eih;}Sc z4=~HJqC7(4D~eLL$=re#m3rWYDE9os*R;zQ8&)|hs`JF$f9ThDszuS*)a^=oi_M_n z|H;3o#%0S)#_b1FiN1*=fy1(kL=Z(ZCHHl$bPwe)j*oPSowf{*Fjbicw@e)zHyn=q zMXxPR{z-~Vv<+*RxI2xBC~usWjT)=zW01}%v|`ra+7;OrUmNo#u)DPr$b%!9+EHQ9 zO#5!yrz_~w+=*x7%p1V@@ASNO#)r|LyC@V2o`}~7I8?Gb$~PRXR@8MMy2kyaxe=)S$(uzxZ}yt@0iu4&9VTW~QO7@hxFxSUoEX_&=FcvK z)p^@QOp{RD(*qVszFO8cF^l}%8+qZU=~vy1Ie&-GTFf2+_eaFZfHuf(>)~IG|^KSapgR2T*~f zb^^LpY+3R{S>Z&H-QQqS#?X#ToRo1TWjF<0`^KTLI-PNH=mCSqf-CA`p~ zz%F?@Wrg%xpqjjwqsZDnBbQ>IQ|Dk1{!zD>tX9C%DnvI$i=e88kTc*w%?uR%$xYf( z(|Wh2qd5o&_gn-*+9y`%G7&EjhQV)j+@ zFwRR%$M{;HS1WM*j5@_F#lbr!f?k8}2-|^kr_<<>H4HN<@fmeMv!C6_0;v8#5B{utCUEMrw73R;2spvO zhse;R*#}8?Ul=EX&GE8&Mq0$b%`8`tF_zT+EcG$rs&?jo3Il&k`(t9PrV02HSKaP5 z9$G41&l{(55oi9IlJE|~9#Px@A{+Pq}^bu zn)8OOHzN>?sH$?Fn3My%pKK;$U{mM%HlNZxol{(5MeVXy56Q+DUV%qKZ^ z%HB@u*ku*`{C(On(8t@NS zU2^dOb|e1+7RvmDYuX%Q{qqe8V>amsX$`y=7|P1hXMVEzkndoo$NkB$dzJt|P0;v+ zm3Y-xFk4}vE^DKF;;s;dV?(yF{itq^Wz`umHrr61QQ)p-w_CthcU}NWHvp3qh$C%v zluxLJeI@F?Nn5J)CK`TI+LB+C(FN#|MU?C(9U1*?qBXi&skR+Zk7Wg zgwlFBHo1JD$t3)uk(rg0~bm#hb7c8!@650q(v{}pB#>> zVi=wyo4_(5wjR>FnS(=~Vr3avcsZ*!-(&Arh=rJwi&qa>9+|M-*LX+;wz6~$TePAK zOL!jhchPOy_~pXY=fbZeLs0%6B`vg7A$l}W=|t2WXjxOmnADx)W6FojNIzdko0!nZ@3K9LC(>q&k=hSSRa#ta)8*s3Ypg) zJu%^&1`smn>+q>Lf#nYqcZv-d83jLti*Dk=OYl(_+ zbM65K;cK5m;V;44?1(?#!p?FOahwiEcxHMFuEpMjHUZiSg%ih(N7jszB zAFiK9ah)4bY$;i%ksH~;7#X}9r4Xots|^s7k7X392#g<`S5l+G!z zG*}J13SKyU2=2)EbZw@j$q-N5;vpol9nD2EK=1|Jk&LBYZhE)8v{w&J>_JV zNM0ny#G8UCNpvUJRIZoEw=g;scb}71roJqF?)smF^QXSqf+bkHu12Grtcz`Xxaf!6I#5*xo^_{@Rc9MlY_88<=tg* zL+7#J4P;-tXmkinkyk1YpI_vorWcWMp>e5X;|t%N%5~jEyyizE6Lej#Nl&A~Fu%O? zPi$8V&w1(poIJ4biAg#gNKlM85Tn!^qRCOLX*R+{;T|5Ew8Hx`M)YwR5mjmkz#g8) zuVg-&574us_CYs_En$K2nlun7u@Zypko0l5BOU=k|0xQuIbyLdN)rWzByRO37!-5L zHXD2SGBU01`7ut%|CibMms^rFmEry+&3|>?QwSi=G#WOowZta$brJ-8P&rek=Ks*? zh02eG$qN~}v4#*S%)kJv)&|+LbyJ483RFVqe-NoZKEk10bJeH#=p0Mu+wUjDyU;~a z#s;-D0*q?voTI0uI6m{6S$o~Eg)%)2$Qjty|J=feuFX#n7_2PH(mwsv^wZ;hj2`BM z39j7>+Os5K1Gjp&6vhma4SWh-XpE$M>tcVi|X)l#Ry&40);5M#~_O(-c9u5*ja2;@b9Xa9*( zn5r+vLL{icx%KxMu{;Q}TRdywLG?6^?G+y+WFFAa(X>DgJg{FKWEEvYqR+%PT0#5< zNLQAbG9{0Ng;(6`*W&)XGFLgZtqVgJEjl@DlsnKxG<{fii@M5atUbsjQbKYoE_?rxtxGVp)*w}x=r7A#u{hue;2PleRJUbI1`Mh5ImkSG6oGzUG(2t?Hl zw&WClJs|2a_7>Rc)&z0Sae#+yC6sa@b9JTSVS=KR2-W6OY1R2LaG-M8QLqj7EmKX< z^@1p)up)Mo%5VyM8e{btcbZ#Awm~Y)J(5{n+{m(h8=ACv8}#e>@QxjhypT(qQRH|C zaCg{4wnZuF#L#P7AX=9haGwkxY)r~DWHo@3LDH7LjDR0k9k zN8vtC$iTJ5gk%RBDJw^YPW7wfD>+3^NqlYcu3m5F71I0J_QiiVTUBX}pBjLo6|vR< zu-XtL-te&=FIu9(oH#tx9A(?z-~W+;T)pJ7H^B~IcONs{Dpmj!5f78po2`mphgP|b za!x%QPJ;E9lt`5BWjN6zFKaJ_dgXYB%;zU)NPiSv5qqd!zTxu z!lrrL9Jl`hqId#TPd!X_%KW{KI1%KfPJGmzGmN45l`RJr68K`fdp-ivifY$O9Ic}g*Ol}F4YS~MbRs{5+i89svu1X)KH`e2xQ1D6 zjW=vOeRSF2FT^U52ru`jVCx;EPa5DgZ~0tfD4O`UH&&54mRFwhwAD;LP5kkhtp~$$ zcY$^EI$OW4gnDY(W_VxNN)NV(LyqF9Amp6-^FvtV(UJX~Wr%z{X^8diXkX1;E)Gv7 zU^Dv{S?{N26Ks*?!g;-XI;+ebZ>?Y}yB=CtmS?n1Ql@(S?Iw_!sUSdX2Vx*Zh-qLi zp0hQEN^hsCQD_CI^-s9M2)X#urM#gPOm+81%fLtZnT~E|LSqHr0PJA~4%`U^9~Y7? zg{kJd{aZv&XuUn-+h9pa=tqf|wur1VgOOd4M8gY-;0z*qMojGQOx`e&g&@H{ZQCz1 zR9T158*x;Jv(I^N8bzI zea2=7R2Y)DZ!i6S8QBi;od+Q1+#~=|ZL&=32XECAD#Lq0(aOSQJ1A5nW|YkDr*=v| zT+gV4r@(~~u4dS60d!=U(ht^OWqu+qUaCQpVt{L^qQuFlARxO8x&X+n1irl{(b6Nv zh7|}F8z_Zz|P8-?jc}CHg0V-*mjsnCM@Oo}j=SRe0D1&q|>y2KzsNmT~+TS1~}&>k`^{^FF+)!HSF zJ5bUg=0-=;A#P-D!v#%Eu%ruB>f#NgPS@+Y;jOHW9JY~h-d<426kzlpNB%2)f@y&9 zE5g`v-%AVKQ)cYup&(HOS8H+WHW_hGzsY^P@0P5oE?U^^9Tva{@|`_WOtry!Fh#ad3_0nfVLQKSaD z0dr8=TC*%|Qr?jJAFzu#b%RT^)OKeuk<`#D-}F9>kS30DWBHQ<(X+`bhpY z5fX%rvoAb{d#Vw&fihh11m{68t!GvfJuBNx0zKKR+*!Y}ZUjGtpp&~C9g)|t4!w;LMp5i4Ew zEA0$(k7io`R=vDZW?cr9WuSgtD5Mh1!R^3*`LXa=r}~eIT!Vi-D{FRf6>?Vp7*wQ% zh?8utg6N=)zJv8fVNb}Al-3`CkQ1}Yeaw_j0m!i^T1OP1=;i1;hIo=&6YuO?^l-Tj zU1g*SEZ#lpLC|QZ$17R?2mkTjH3_da6Em0;cE*Yrdu$8sJXOg7HNaskqF&tbWUl-X z6YNZpfZ*vGRl4+L`3Rc{RVIZ|29;DtTi3JeeHG2wZ@(a3G>z9$!GQuj*WPFayh)*z zzX4V%3Bli`CtKYSCvqxa?^0UR-#8d7TYj&ttwYhGn92s;jyZ8d`3|18CZ&IouJO_0 zgO_+l>2#|lJ_Xqp1G1U`_o6wuADcOQGqn}ck4gyu&)fwS3}Tbm!O&VGnArC6^X?G8 z=8jN+={;38d@sE^JnC~sXlcScTqBpd*=S=u2qI>z`g4dK&Mktmo_qMd>saNa$}7Q_ zPXy?`piiB>5!LBjRmcIBd17o{mVFOV>=7I%H(J_J$iK~1x_7Np=Fn~7rN%?sbGGQ% zI7Sw+ek9ZBpujd4C4ppr&)nA760TA9Pc7-ik^T3>1RvU+V(q-!VYVqW6DNcPQ}!i) zavr_-kbSqM)hYl;PK5_GzrT_5!%OcM?BMnh%%2qe&0k>AcY@$dodUl*M5mHFWE-#D zHiTabIG@~XSRC7{_vE@wle^NDIaQcbF9Mp@SGVX@cQ<6raY;VruYKwtycXqKSf{UD zimODLu(F77y$4}5l(TA9b?=8B&cWUcmMc#K(DaX(0t0m`w;Gcm*C{D)2FhbwEttHn z34m`h^CPfCzIed-(OP1kCu~5>Kwx|?4}uK!xR=;5X|mtc#V$Tx78mJAO=>>LbsJ{Z zMeIR;QGNL`4r>872hURIKCc_eoOxI4ft9L%Fd-VW@(WW~#M4`(s-K1zz3&GL zN#3S3mS`qbIIu`8-~MIsv8b63y4@uxJ`nO||OH>S96lf-5K1609!Exe7eDCa!RC(nQ>`HKkH^(T07-9bOW;{Cc`yv&u+-2u_eKb< z6*hth67K&g=NVw+*-Wn{G@MnMu6;2gfq~dGYmHE8gaRfA*=7ae9qh`tFjc9};e16w z;ByOceOk4mflv&{2UJ1e$6!?x&iZ{*0A1z-uq&sU(CuhMXIlB-e<9`{%MM72c07{_e5}mt%Q{T!^Du7e+jG+P=pLeg&bNtDq zGwuBC3(EVqmnpt=$iNOmF~(i}DK4rt)^waq#bK+P_jfgoadng0eZ8(kO$)7xfZT zIW+CK(_z=uCRFtl4!ffO;rNYA0FqK6WZY5BgK4DB zZ0$zFUOd}{1sM?ssY}CXwcuOoM5+YWQJIz8CoQs<2Nu5n3;-~1=%y;K56P`#>&LY@YsBU(qF#5dOudN=!$+t2jYbJdr_st*4s z9s9AnLBV_M+VMO1e2pS5+aa|oq8kTyIOla6(56NhpIK3WofmyMlr8H_+%6m4ki z5KF`kaKAx!WVI`n)kyxUeYQ3ZPvamE2rY$)V3T)tMo4nC7%aXZI7Ki|WLD@8IhXnR zAy@r!3G-9};U{dI3uSq0yVy6t`P$zSe59w&>5|%B2Vn%{(}G5lwv)R1DJNQ9`CrS1 zFV3R%?@@ZEV18c+cc)O0(cnQXjBvT9=8R+(VfVjAqkS?(UW zvUN^-gC02E(>95_yJ^LCOOst5%(wGbt7Ec=-)+8q-!hP8bPY5+f*hY!de)W4NID)m&?c$PnH0Cy)bA3;Fh9HY1k$e@cq!0Z&Bky+szej}h z60*DesStLvN{p00{Z|X(-^1(dA7ow-PC;uZ2P`O0d{YO3(${bIiOY-57;4S)CDdki zlnWhak<7DNYOCYqOz3?40j7O9?V!<~yM!ui@IgR(o8^AiX>|(Gn=4k_<)K#Jpz)}U z+l-M*!-pinV)=J6oPiR5P_W~tXb*OLL)NiDb3h|ZTp+yLjBnbJg~=!_d|?*ifW~mb zc+R|yCvX#7ta5~w=CDK}RuQV&ZgLL7|Bsw?h#`v`jS$|DAP2??<*i;cu2=O`Nd$Q< zM6WRx$N$c>9&mTr|8x+bvX}}@;NgzBdo|CJka%22s_F!SbejZ7_^E>Q`O5XC?m|zc zZag7YgKomQD)m+}-Web0#`r(9@=pM4mR8wU)%|XZkZ|dLl6N|BAZrc&uSe|U1w&uu z@ekVs?WM?@ZA^iX5N5d;e$HD{|D1Dbkpf`Z-VB{qeHwm(kR{4HVyjvkdxfJ*=hqi#V-lTy+oLYVXkJHy2Ek-LIEtgYQUluK@wj(WJ><* zCCx58;nai;s|=5(0Kk+H0)5P~du3pJPO>noi{AHX3uPj_4tlWRQ7pw~ZP~U@SCc=s z+yi@%nLM}3K4Y@GiHo4J64(p$C&96IY&ZK60)p;I7&E3kZJnZMK=e9V7d8-hsu}ik z1o_wH(jfSrX7P(ND5$U(Itl$mvR+_Q425-2ay_W)20&+$#&NeKKBY{K*z_m-$Tmum zl!FkD&>&0B3zr8oQzYzfm;@-b(P!USZiX0Am;kT#fmY-(Pd@6GGR zxqwkAF^V;o13VxqUJZ$6^%=SxHQKQMS-9Gy~_;FSVYbOFZn+Ws;|YHHe98r0e2_fhAsgH zg{6dQ%diA_P~_%hMyKeso_5CXbq`n3b z>=>vQS61<>dUYpRY)%Eli*`M zSPw38R)g!YG8ibO57o{dzBnuqYlg%-d*I=+B zX}A+V$7XZGki*d4b3>%ecdPfHc%A5F{^=?vW49lJ! z#56@ZHlMVCht1A~AM9T!&*S87q?pyAUhnWjf##q$uJI`CF8$O>KUmLBD9xa+);^WT zXdcNt#Qd6JLQKk{*YMe;8w)Yyl2I&H`Vrb9BNah`31awJ4B2249o}%ue_f*SfD4it z{6d4Nsip~3J*bFH9@$4Td;k<^a9o76;g{k;Lo{A(P-2mVC4bweQu>^%e;h)ownz1@ zmgAp{{qVL*Yt^!mzcOqs5%A*U{{E+vTv@F*Me*In$CSdb+{gD0W?0rv;HcGn65_%0{84gJtLX=l=x`m<)mb}3&q;L$+>=Me+PX%plRh znZ1eBKujjV`4R{IV9Ah!>BT!J6Gb$yNUa3G!JF%IoTD409Vys{OBL9j`1c_pB9F+$loRUqv0Wm_V%$}DPo9T)NbD5M))70g_R=r~2> z5G+uD>=Frnz<%aTEox!%(9Hdb%|&n#?iW~9Gg+dHamf)~%T})N-z5OIiW>MZv52+l zaL;IoS-EK841F(YqdwnhLog^x?&ra99!^5BqNx#HXhCL#$|Wie{z5!h#{82f%(y5+ zs_LJW8sZHzB3y3t+w7rM+N|WG#rlQ4R2R=N$XhRF|L}HA?{@T)A`qy$j#ki zVib6HF;X7Lo=g!`46T0Lno9pcwa`jUOLxA!*$xK|O#lxuW0Y*W*m$R{wl~Kwkqpx~ z(Nlu(Y1NphWb+J6@5lkRy(uzI<2%=vn7f`O{u`FCj(Nu-4m|x6Dlr|jn>XghEjw>A z$E@kDiscrnm_4Xy3lB6N_Xl39YoeB8uo(x(Z8p7jO8u!(iW4xr zLuWgjU;IudQvcT)g7#=x&vQTMu##1Du}`3?JZpSd*qwMTn0S!7z`vS}v-fa9sc%-= zJ0B+sMmqj^NnT&BJo}1GC-LC64KS801 z%enp8rmj6V(H)PG4kWV3^>ynX8RE?mMV47ZM%Jei!aHAvNvo^yMZMCyfkZ%);x8rN6zo{(rV_RVDFCmWnf>2qz3Ep z^!!TVZ_v^{3U!$u!G&aw6csbAX2Rqd=4y9UzE3OfqrkVhokm4PW?i@1vM+Si)6|o$ zef@fCxIBQ>vnqCYMWQD%=C-Djehfmo^CW4ixw^9xs!J|gc}HJ99~T313QtS-SEQGI zpvQDOF{sP6=bPcSsUyci=;-U0jpSDF+?3(%VuY0EB^Pz`*=w$EiS9I)P+? z_!xU}@Ea0C9&*USoVUNRX=cqcMr!y2WxH@$^=zcqWkSyk1&*!W&Ewxar+Vwlwh`L% zS+j+MZqfQe2+GeeoIrQOal|1ZuYq&N+8piqp|AEDms{>Dbj~Q*V=?m)Yk!ROAeEb- zi5m5fG7y(Wb6ChEw6iCI!FtjR9e9d=7y4X8C!;bO2!(wT8moqWq;Qn42etW<_2=`Qou>dz*NMtj4IQEM^TdkxH`AHIT_4_gOZ~t5PP$t!L)P(_RvXo#1HiD9M@3R6 zwZ4m_^;lk)od9zbeT~GYV|I*?%KnmhI(PcM6m|lxSyA*zU*NV9>jL4q?HO^$L)a2X z1FI3uXkzr1N-@YLUFMw4@#;eXTV&(A1(iGE0;eMCt>E>yT)DQJkgBlsgD%4H91PZS z5>}qpUUw6?6ZPqj@r-`0NbuK_W{v9V18&GNM&{iL2(f?--ehld+)54TOG{%kB{9^X zI9)b+%LtLAUCpesA5k2TY>rqPi*TL1Q4ZTvILB zE)E=DK;&PT2$C&LeqKo?uqRC{;I&ohORzm+h=t5{uV=rZf06C)_#J3*25;l)sB=FN%aQu6-pripq?cM(SD@tzRK^b{ct8b8;vzYFeNDX zP6P+UkpqWjpUwTr(Ue=r$hrf`!0gx{+T7~{E|jIp^Wt77484w>4tB=vRc(Z-_ZWh4 zm>Ig)%(Pzbc|QJcVX0L1)6bXTTJD6kBeq1`r&yudrT3ae?%pVlHeUUNbh$YQbbA*NEI zGYrmiW!I|W2s6^0wr?@PR9D;$C}ZfQn#Q;7H}c)$^9e5qdi(CFz7^O-ar(1f@+e}e z%!};p>wd!#3*1!vB8p+^p8|?A^K>+XEOn{rxIkyWV1@rU1DFB=t3i;R0AIp9yoczt zeANWtSwu6T`2ch5f4d>-anP#&xvoxS+O{C&7!vk9l$7FYaNWJYA%)F@@qBA7Qbw?hL@<~h6GrZ3+I*_YX$)hBZjOp z{x=B=mc-DP@hWbQTKmR4yDX)z$sSe8PSV2vH?#+4D*b^Tqd);j*lQ;F=8w*8qeYSr zbXwDbTyI6`K01Jv5_x;6jAY3F`LO~4>ElU`5p=Dkeoob74e9FZQA}(WFtr^R6&Ziy z;vCt_Mhi^UVH}iY?i^N#yzB*Lq_9Xy6u`PyY#K%%S#C?pHYF`UgZx6$Tt*QvIN{O2 z;`*6hws-nxgm+BTQYe+6W~+i;rAT=~xGG}WF2MQ?a86|ITc!lY?DXO@HM~>=eR7am zE#Mvz*&%xua|-!mc%9%Yg?YY6b#DWhvs8SsG*^A+Q3TRsvpur3E6UN|yv`Dl!%dIk z_znhx91l&%+JX7TVzB;>*{}E45lWU@lwyLKY*v9z;Ad%5I{BW~?<`63dQMu&Bpwp| zSWHh^)$-*kGq#yIV-4XPGlr_KukuQWb{N*Q9EGWB3ZKd71o#xkq{NDmU*IcCLV_O< z&YOYz>tO_a8O&>ujf+*KAE($gwr-8T+Rj2mU$^s8p+~Sxw|;O#ru#AiHSvFko8iY@ zr)hK|rsZK+trr4`fAJhR<&C0ZY>kc+rWjTx4=8FS?+j z=e$dZYiSedT52dGyu!f`4>^n+ru=1U8%mxY#w=`=WE1`aZk#52vTO6e)5Ye4EZrCc z^^N$%ou#gW83E-sHJ+rR{9ugss3<&^`Z+%rd|UB?C9dM%;IHE?Yj% z#{(o)`spv){mEvmwPxo0p;-waStW)f4@t*vLE;Ej4EyHzUw@V%o^cI2s)*{DoS}^Z z=>A}nIfbj%3D%oBedBg%s3YYNWqZ>hBL!~>;Dh9Rx#-^HzOf-a+Q>!9S=%?cc`4U( zWtPUjvMw`9+o4xi=mDKmMPK?W7N z3Zud{$NpuYZcC@XhpTCAEw{2ubZnXZAhFN_A3_|&Qy`f+?erY|?vTQNk+}!ef0F0M zQPuo+Gk|xDei|6NFdz6@Ffq9Z6}l41!#frEMm2T|Z?^b#!LT&+^i`z7@|`~FlZh*3x~ge(Z?XA2R=?UP!L0#>4@C300c#($Tu>X_;eEm@EiC2IN<9T@e39Jjsx1Tx=s09|Mz z%MxA@dm0P53S&N>F3#e3HHWrD6%5gBAaUo;N_LYWM691TeS!1~4~j}j!NB3rZIAD7 zM2g&@)`@*l?@r~^#n3G}7Ut+6lhUo38VlhsE$mkySoB2{5QIZxbrGtUdgA3+eUn|u z5Ua&?>v*;|c#}A4tQ@TGH10Xe#R*{t4`cL?Y;x4$`vNkFQcoo_h2Ij-(QVc1$&khb zX|VAlNtkeUdn(>`cNBP$ikjzCHYM4WsZPzb}10?#U?{4C3&FGGeH7}HKk&L)hDSI+06itZw=qAM3iJYLYn)p=D0(WWmC z0QVZTVvZ&`Mh(NE1#Nl-)!l4_;X=9Dl{@5R?&at6V=cWV+V$gTbpOpKH}PxW09oX; zr*KDoG1rN7;Y5RQ7Iabnly4sFk%_rXs|tg~jEJG`oJ=r!cuVitxTGkhAebM%N8rDj zS~x~-p0rp#%%g_V96-R{l|NE(>To}a&!Ct5WZOG>Mdh;RzXb$s78{rx1zaAFVkYorAS|l0&>ZT zm5vX5>$s2bPn<&o(w1?-yd?ls>*Npq zk9_M|xUMX9Mnd7o6Yw}P$D2UA=NqQEbdo|BKFh6^NyO6PPMC+p-m6Bf6_DD5IrdqV zrFMMs|12J03liHn3U9qdApnIMe{mfQbEN-O(4d4h>rg%jLDd1LLn%&K*)_>IqjHF8 zx=+KZKsSz!qDsUjfpt7zaz1=gN~xBDY~lcay9-Gluo|+f9`;UO4xHMJv99Z4G^N0R zw+g)xdUtkHqnPO&cdxUa;f&DrUxAO#Y#bY{2MM*1q~`-HLU@?yLf$lUcYq&CQ@KFp z?hf<|FrZuVc^u^1GElyWUDEE^giG&&#G_nm(rTiKy_8~h7qCFrp|AnJcx|~bWlL^7 zk@Xb?r%M~5P~P}-KCz_&Azry#K^Tr&C{}5(#t$oXw)H3gvC7P#PtK@T#;vAV3!*KQ z-r3}{*%rJl1cc`+vuSaM&Y=1F3+yxMb4~Kr2ob2ubo6~ej>amAeYs!COSF(VDr%T54ekEKzy4pmDLhZ??r71hg)y8w{DPcjniPVwQ#Pn;q)~-wJz!x zS@*fni=$i-*ZLKoE8@f56!@Dn z>nM8|n%np`Y4yeEjecxCqS1Txu5jMp^k4Xc+a7t*d=15iA2(j#L8o&0LM|PR z+(*@uQy}PwoD$nERq&LpHx$@tLtF5FT-GQq;3iIz-q^?j7WS;5#3!8oH(-xP`T@KN>r@nQ=O)+e>LXP_q$3H~68g*_HSQK;14ZSb!4 zc?SSv;7(mNx&@64*@p;mOJ~%h;(v$sD3_bHhmxgX;k7~@K5l|QbOeoarflj=cW~;6 z{khSZ%K17|k7qg|Ne9>q;PA+WV_%we9v5o<)9w~6-J`6FQeT06wXUa3_S|7&ioX1o z>p0*JlJUI|o9?Pri^oQF_GkpYkPBON%LI_$nr$VEtQ311(#a5DV_n4Xu*=(fLS zg%Pi$hD|}!vZd1m{_fT@Dvw6F1mxtC#HWaveZ9^lyMC{xpO^3kE0FMTMp;Yyd)466 zx>kbVhbl7(B_D%nvOn^<;vw+Wp@aiRvre!Z4dp`cx-Tn=xh*Kc)RT^UC1TlDjHc2g);#G1Cj(aOL#dLM| z5tW?xoy=m}xDl64M-RvoHI@K(rUX5?hZObv8-DHrw9HtdG4aZRglid@TlLQ41&`;o!WoX5B$9?@_v$+2f%ikp}hVi)6%-w<$O$&)i)ZEnrlBDdsz2 zJ?u`-PL;r+R$5lcL1+u3{um7npK=~T`*ts0Yfum2#T+zpUmd<1EnrtOiQpYmx!_qi zBW0-;7{KO==CbEym=u2!kef(T`l^b}uL+IHaj(`s;-f2DWbviR6WAM@)h!&BRGfJk zB^TcAY2AxPRunB~ka~skZ0WC-U+`e|=d{tfL`T`TIk@?G{(m0nYf!OiH5kWNF4hg< z2~~QdXCny=$vRiWAN3AGXO4N)o|1u0xUzdIqpZP()**OBYC;X_=)X#!gw~4ot2204 zO%}y8UZD{I?z`Fkd3-5EhTy`rvR%of&Z2voy*-uqg{&Y00(MSsd1%CI=e_sMzqH5a zwKpO8CSglgTZlv1LwDg}ym~cA%uotxZ3o4Zs>b&AtdM*e=TG8$(b{9Psh2oFU*3MC zz4}o{QMtqS`)@%X!S2iv@FDZ0H_d_J_&^gYsLP5|uoiMJkm&07F+5SF1m_#NuVBwH z1Z~)X$-~k{QwYW@!WdlB`4|Hq2euD0PhxSE6S^u+b-rXSiK~kk;h*e6)~ZO8e38ER zExYha3Wj`In;0v$dYU%`UwVaW%S-*-8 zZL@@35ccrn%N>^H<%8GzgxmAU+xxiXTueuxM6q!(jzOl>tW^wq2IE0PXR`}+Hr3@_WJTOtu3Y;+qpqkV-0or8EP zBpM?=E8&GnB*hto4t+*Jb4dSn^pyvY5y>4N30e#LKRyKxC<-U$^MqAT`12W2_&|tIQM`bVBU-entymI1g z4zQl?qndQ3qC0)4_!FIF$4e18{2Zb1?ji9@!@b$n@e+*hQc6Jiq%=QIPSbxc4I~Rq zwo#;CU`SPDT>I*IT)%Zkm+cEvX#r@Ql?Gh_`pS?k542Eaks?)Y+A4)OX~x^J9mTlO zB@2Tt{^<;F*AqKU+M7d2e`l#{&oT;n8kSZ?ZbuRLztpA#c3?V7x4K_B*plpCh+b*Y zb~z%l3H_;;<4h^lNNzlNSL@S9Q1XxfK1^=OuBQO>v1#ur3jRdNY~o=sRp~vhuVf5$ zsYo)mcZFJxrk%=>>W|-X3gu22=MBaWaF(J2gNUXF&LNj)j#ok-CZkSd^QsPOLWJp=T+31u>uSiItUyH9@WUW7;R~i^3N1pEx#8q@QeU8#x zL_>Hdmz!_+8Pn^EQ~qo+v^t(0D@2Vc3sNUs)4~58&h0eQ;`&i|J<36{$Dor$JQ-_@ z%b(t&NHEUewBR>kLGTWj)bOwoT;5-w0Gw*ylDL|SPIm{HI+hEYNA zyU#OX?wco*g&0N_2J^*5w@`Wxgpr0QWYvDR;aU-5Eb8TO#n$Dm-`Ssuw$z}QSSjQs zXsN<&63s_txMUcX6v-D3Zpq)>@?h@i}R z2re)D5XVnBz#PCIIhJ}>>_k`um(t&;uH_vX$tS~w|1(_I7|&k`P{QGPB!wM9rvcor z*z+=b2mHrmgPz@Lj&<4}NcJO_u|@OwrxTh~`W{%%_Zu!vnOl3diW@Dmj9Eo<`x!__}!-mDprVVEQBh+8Bq5_^6mY9LLn#+>a}5<+hq1ZEcbX+-u$lxLC}*i-?NvKyan++n&L9q2zK(I+r0^_#~aytK1O1iZ@*M3zimkRKeU-b0dv$+ox)PI$-L_ zB!xBsui7_#0Y;~(YfENV`G10lb_jEri4Hh@_uN4WcuKA&^?W)_3S2It+zB7bfgBG; zk(9in9mKrL(s#r0`%)H{M(cws3*fto4|5gkZHz=keO}RN)IUX^dh1K$^!%X@0HdBu zhAVQ-RM|iupIKkZzwnRGK<#P}w&N<=ed{i|o{41Cmk_0@@a73PSj}eYW6I7}OYs2+ zpDyn7X9ID4G=!igoue|>Goh~$?^aSw&7Xmg4ld3EK*7M)p51mzklN1udnN2XKs`a zR@dY_@p%O8F^M_l%y{)9nO7If8QPxr+D3K0P1Yz}%UqTN#SU1dJtXt@xXLLrcxR=z zrnx!*H9*S0u}+eQPN6KgxlgF7;qv|XiH7B3#r(|cTcbL z;79?T#zp+;qKU|9kIubTy^d?*fAuN4?KrL`fkulJN9i-n7+q)x^xve%c!9<)6Do3++B!zm<{y zNniiq%igEv-1eLMkk5S{WtLCXZAxR-99c@h+XZSRpCkPg&dy8heFo>?D`plGaxp491e-}LIyWT$L&~A9@gqvDwG(fY zSpn&x*6ZmA*4XVzyg#vDkYI@l-Ovhs98Cd{ndd6K&#^63Nd3XrF4J;q3)?2V$jWe^ z`IVhGI;jtaCF^1&pV7%ZEHm#DQgM+dr7rX&mA5=~Jr5P;U=b=f}`O_-X zS^ph9^}JH%T>Dd>lKHy(v^EdT)_8&@nx2fSauw-)8GO~=`wJP}G?_dTFlLCmed=rs zUE3RmQC_bXPGOY9NFhs(o=*JDfl(&LgiH)-0BP3YS0f>mM%^yD91W*99~(CSASlO6 zyViO+1hpX#|6WF{dnhY)s@6?Lo4i{`rDDf37lKG1{(XXGcL7-6zRH=$0@x&`Adib3 zXc^L37_Rp_ z0pj#Xf%oqOUxW(Rpu>N7lnfL)(i5X6tclqHWN~scWLBAZ%C69bqiG+^Efo3C@|%WkG`f zJc;SN(#TA0HlNJ&b2q{e;PluEUG!d}6FF+S7;8Z6t+IJTeW(bhpJ5bPOhrQPw@;|7 zx|@K;7PFTh7x!kK3+c8gKut`>>60Sgo?vK7`%@M_>?Xo}dRf7DaxvCjjmZ31!H>jn zRZi0a!IQheP`^HvXmj%{C>KCWfA1Sfb+Z)B9qRj1f*GQGbyAI|bpE2e;@M=5M7=w0 z?mNbLAi{1ej^hFWoB-+NXVtrk>OxyH6q114Z9l=o>LrW>#4gy!ZM`)U|018~k%{k^ zM-Lw=M>xQdTS8jk?;8nrI}zk4f^kVXqdRHt=AVRoA-(ZaDs>%Ku#-`HGVsA#Up`3& zbcr=r3tHkiT)an8PCVQ~jw*)LRu~C(Alg4n!t-StKVyvdVd3@$WP-l>e}SXbR>dpx z2r=sAEWo7bcJ0bPr*~^-6!#%mt{sYF+y3y4(6$lO2*(@K(kI`-KXg1p-rCE7KsCVJ zTf6Yt=Fk|$>MUC!3Vz+C&ARSkigqd8^p)~?wu(#Ljm6|9by)BQWFaN@nQ!{; zxOSN+^@qTOa1U!l;CGwNDkV@*f(Rt`NhjJhy_rR@#?U`(fDAXWKRB(%c^+#?dR&F| znY8OE`HM&ZZs(19w!Kp-|96D}_uWq@CV@Q&q3n5%yGTl;EmSb84L;T^6%q71{7|R0 zi;t(d$#mxKhmU`Ek~zJNG9;elJ1yvfdiRi`r7Yx6-3L;`$?&+1_o0}vEG7UNN<{93 zvd_t?pND%9%r3S`XzQ9b40&`s>`{fCHALI;>f<>|xS{zqS{=8+XQgqQJg;m6Qq_J^ zGzNBk20{EXjQT5QQ^??ADQfONPhAvZB8?^M=Z}7Xn5M-7H@~s<4tlgqznanHU~&LdogK^}HcdWXz=)9ZpL!}O!)kMUj#p9Gdp}s zOQUiy!NXVSo-e=Z!ULm)zuL^wdGV6X6u)CRGD?V;TKO8FQa5Bc^G((iUi^%=&_Rn> zhtyHF%pP;L3dQ|*L>k6^vG8U7!-zNprrO?SNaA}T(zv4r$pNVz{Q(+={j~3Qf5cad zyAiuKOzV#JYxFuR2!H|Jre0?Gl%q`;kDJQW^*wofvoxdTSIhQ>{=)|a1SI4qUS4dO zn-D22iUm+%6l4i_A5|#hj`>dw5(aoYA8Cehs!RzpXZ`Q6|MDhtCLV%51sXIW5>;T{ z@XXeW2RJaQ1$RrN7_hedsW>hW_nRXih5C0_68zL=7W`t(xBvn`eVdhx{+)~d zCPWWiyZ0&bV(5e!QE^l2(U0hQVLX&+EsA&zGhpJB17Iqm{vprY3sEor`}$d>r#z zZ;t1^62&=`{NLsG*2~WS4YWlW_4jsC=GV(EA?(yk}>Dnyu5*k`4vBIc3CehEjU!Nim}D za|F&|zlf7_qlIcJ)j1*CNr8SP&RNC-p<&ZVo^8;AqG3o(7uygHPdCfqP`>Ijp8%@Y z;4OfP;Gugc48irEg$mi1}~9u z;h->rVrI0VJYvTald+NR+ZIlqLVo$VBPG&_9#W}J?Gs+`$3X^qN8OeX6h9D;9VXFa z*gcwra*gs(hG$o_Ie*2t7#^v6HBBkt+vBEgMX|`FE$KGXhb6#v3&udy?;eqfH1Gm8 zJ~dXbn(L3kzJ3}v*rvP;QbdIs!)HL5?)kEO3Ko{9sHyuq^11u|W zpw`4`DIMS_VZPMvg+)e^Qn=YkTyJ^{I7z}{*Va|JX|*Aj&U zj!C7%&2b^RT@KaH2b2Tfg1^kK`~FFV1VW*6|AsgXl`(|)L-6WAL%|BJ4KLETkFC;g zxWr62luL3jASzPXGNg&Xgs_UuAz9AEEGF(RF{Bskw5m5>C56w2Ftbo3_f$me)^qsj z(&yqi)z@m`FYE@20(;x6D?N|um`7V)D{LNyDd_*7l)SU!{C+%-uJ#kMo8!5{lq9Wk zPY&*3go>?CTM%r?Vq@NK?q-w?VEi1x*whJiY@uQvqm}rhfqVOYNLOio7mSOiKeE)} zN0sIOV^PG(5cB*(Pv4QeXDgdb-5fMsv1)8ZwP=v{=@j4onx2Qm03^kZO_DJdtfQ-D zn8M)grFNsI;Oao_Z(*HV)<6jW4C`b@tiNTDDKvJ-*h@dXG}}NjjX(BX8G&p?;xItI zDk7D#Ay{D}a|p!@Q<(l0yiO24n}Vv2jsLT1n9zZAwVy{ZswSUcD=rgY;Br57gx_J-E&j_o`&TmJ7oPy9XO?(fH!E~k$=+W19kuXJ!67bz=X z&H5$#?Cln_Ko1d3$zHE~!*1^deAC_=kt)XrP!igL^%EN{75~mi%S}Ra?;KogUnDoWy1AW^kt*P zq!lNz&I_KJnN~Ph)<3R6a2S)H=BoDGX?Er)yJX~=O$Yx?XYzZ-D*P48aJsNn@$T(3 z7eHv6M077js>IpzHnYnY=H&zib!XjhiYb)Sw(2uD2b8sJwIhBW2zgGSq$E$XHsrd_ z%no=iZ=j+2o-_RcrYqqXn1*s`{LIl+-i$VH4vj342$9>nIo?MaC}jqcDhw#t?B1{5 zbZxwBz)vbD&x|isFVE#+li`_)*t*8JF{nqWR&)fvwMnf`NAy?El}g<%}n+JRejZS$>+#XqguB=o zF7rsdwkChMc+^YG7X6mUv5?RKK`ybNKfNYOf_S(RtbM@hA9u%gJ5Z~9XNLiQD#>lX zj{&O0HO75J84l1Ka9d2&;7w%Ii6qVlng{L4?<3OvIdQiB6B>}qiK2l zfa=9c1E@S?RCaPfFbMS)i#hlYsSkKgOY5QlS2D3K(CDHdaE*Km74w*)$3F;z&NSB0 zLogsYw`)YZKhs#&$FwM^nvVXH9{flxuw=&4B5T+&4Sj&fF$LR)0-IDw1=B)W3c{{f zCrW!kTS_B#;-+Gvd6<~}a*Vh*t9m+aDIa$gb78s8_XV0BQX>*Uo5L2@xE1IAj{Zl_ z%?tW;8M;N2j!glHR@D^0Nnmbp-a<&|TQT2tCh6p6x<<^GaX?ja+?;c!>l z&mB7^emt|0Ks+#{2>WP+?S)*`&@f(_w{D{B|FHiY@9McLId^+kZ2j|n>N$Q*F>#HX^R+HSQ&yro9D2hybOo&3p*tvICF+co2f|87bren{nnR`yeYKhfWe|2^W(``| zP!J$@EnzV+BLkU3K8(MgH^H4tL!6HxCMz9}s{{w73W3CW*L!ET>I(DO5M*ZQIv2xy z%#3CoW_+rggk&}AFO;!VbbNOGNDvwhfc;9F6{L-lUbsK{VGZ@x#{|!jqRbg0KyR5I zUog>Si~n2!yW{$@Ec|?zwiU{3!y2KITab5VLf7`6N2Ny;aA=d|gTeMNi%3JQj=BT9 zVx~^ssFIC_KClxCLXmPF90wI4!PkAwkwomk0qnP(~Gl6E)RrP+aL!E$4W2EE;+V#>4{ zE=SR~U#Vq^))o-#wzYrN)>t`Hb^r|*|>wS0rIOC)P zVoIIE$fU*UXOAIMqNckXTyQ3A&Q{%k4hrgb^LE3`9G@L@C4dop|C;K9pdcF}^z-mZ zxY+{4%DlLFfogNG$rhJp$UdS#a*53+x@E=Ryb`{@T!Adrgc43dj(jyD_c3fE6mJKk zH;dBKFnw{vZ%cUvynPPd)O3?m)_14u6pvnxz2zHf9~japW{51R+`b%-&a06u24C@p*^B3Ke}m%(=Uo~J1g%*SmZQ4 zibao&q&By6i{exz5l^{7!5*%dnq*hpSnBluGs2Fvp0 zsw+gFRQ&+mTZBVf$&dLh*2a%IB3ZCzbA4}m(U2-1pUCjv2DS69@UAyp>(>7DU&r9O z90i9KsG|Oa2B^T$eH&u6JTCBpl6iGVxpzi4sAWU-5*9eb*z&tO{-)c5Gl$PN$E^Cd84)Bd>xu+N^dfur%ksCqS7hct7 zD~Wf1L(YZb$}S+?0`fX~;Ab$n3^Y|5AG0>D0aw1Ayl%1g#kf!ZOxx$+m$w8)XASv{ z1)lH`$I~4qgc+VL@CLEb1i$H4M`l8Yu8E7YcC4M(S^O5I@9Ku+X4w*}Jo{aMMd?sD z2$^U@xmkp^pDgIS5#N)tmtvj(O8rVf5K5q>*>i7{@XE2HU~U&R0n0_erc#8pczt3m zoz*M1f<%eTEXFIn?21@BgQwP*1=K+$o!})$(G-cJb|j4hE1*l3rsZAyo@ozVYJD9t zKK9^zn*7;Yh@!a;4QzarqJB=Q=E z>rtd)GEg+*0_@h}eUlO1q4Fmx&-*tOM3K2ko(*qo;m=maaA0d`?%OQUkp#s)Qp(Ba z1o3ihZ!|&Tw$QeQLD8CA6}j~S+O|_s7r8?B#hW^$S1tpQZi6FRYt4F@0Aqz{%WoRd zUUI+~Pxo9v_9(pZs)c4qjgNkkHOXW3Hp-L7i1=VMl409 z2*pK%<0OIxi@y$k7sv4mJTd$RpSY#dWBpnSi8CumnezW?WsNT<7qL?@59o5FFMIjM zV;Ghm5?oS4<3Re3s9lV>;+aUbJG?t<<{Yf~IK&4sTsU!z?x+SE&m}x%GzJ;93%i<) zL~(#H;~*U{Vl{t%ViS5OrX-L`JHNt%{)3-0YxKkI*Vc}bHh`WiW8G#CY(5`W)`&q< zg%~3NjOpMF?|`9;w>m~VPYc4M0Iw|rPa_o;G{2w=U0B^VsPXJ>k43Hw)_XQU{awpH z(hA>(=XFj6Sv&$J0RKT>v+7svkTeR>+z_0W-avIb)Dj@A8!C9oL}uRTBhs z!}0pLK7r{+--2{u3A&>K)PR&ecN7f{1#}(z$B_sfdnHsofzWE$QfNO_iWZVXYJPt( zpVM{(y7?NapBH8+_sB^w<3`f%jl_Plt57raCZV*`vT4`ha^nbm&1j`!n;4C zt)B)%3R%2@=34y^yn`;&eaDck@-p}BVK+1ywFxkF2;e+GLmM?bHBI$eD0&+-(aYbv zcsTSFOD6qI(CBkMU1fxn>PdsO{SFcL7*)unk#M*rv&LW0-2Ci#b@+Qws>bS;65SH` zsDBw=irCtw6azGgtBmCURQ(QVvnSV9x@Y38k5Gw%({M;-=+G-Drufs8iTiSkO?Xri zwL4v#^_V_|Qk7ZZ4QGq@dFbpLq-I!r?66Y70Q_W$^tG-{{-YS%e3h{fv}%S_yO z_C4^>r~X=5hr??OKDr?LU6V*qN6M-+I}LTFxh|nW@}KDQA|;$ zear&Cb~V#u8{zgmpO+81$g_af?6yN5{I8JdR`e>WX8Jtibz3Ds&>Td2T|B0)!r+9d z(2eX5MnA0Tv&4O;FSoWM?BsI+3R~uC>J-11NEX(CsC>8E$WB1!%2#~l zp1D$3D3A_iUBha+Z9`Xj5K;LkaKCzJuE~ThpkK7QmrDFZm}_i4W_m<-c|cc;5qe4x zZ$KeJ%D4*JL!crN_75A4jqX_I={MJzjScmNQZ2f>!qd7+#Wszpa!w`^7~nQcj>ZF1 zaGNlji^q%>yyvGuf+ez;kGIb5Y4mVt_fWLfv|o#LGE%9?vP#(h*(YZXGzm}81FOV) zmjaVEZ=OiQiAOR<^L8LZZFtAG@nac^b>A}KWep~xr5@szNXu5$RS`woE2o1@@AWX`XjG+&jKIF7E<3x(ltdO9Hu+0Kk;2a)*+>y8- zI+J&_%~EVL(ylru*%Jw3xVUS|_<=vpFplpS=L4#EE3j*+g}F}6cS$q6Lz}D~Bc&4a z6=1LkI6>J0EPLv4?gaAGzWj_-Ztr7pCu3PH9gfQ45;J5s)CV>&xH@|WaPG}|nLBKY zkd0mm8ywN5i;CrWxm1bLIYmuE^fNC`Rx}s~Xnu+TqHP`nZJ8v*WDo05UL=pZ?gZ2S ze3B4M3Cd5=V-)WXgY6J`+Qe5lv(EGYeQYKHF_IVCmg&(hK5=5(G6$Q&qWL0le(l#) zVea{KXAU}ZUTSSV%i7je$fTIlz~pflrXT?dD%Pp(&BkCONR%@qFX+^t1%@03VyFs} zl|?X{>5aOp1vX{K-NZW30K6Fl%eExdu#^7`Mq9jHy8Q?eszO_SZcBJCaLoxe<_<@{Syl%2$IA9RpKv~F?)n}>vklggmIO6 zG#!+`H;3}~*q}%n>S=<3Ix>Z2t+}pd-u()ap25`GD>H!4cFu<=(7d?k50uZn?#w-5 z^r)eCj~)^vw{CU_=-{iR7o(g=uZaX#H%OX8832%`5cv()SeVtda)sMf%j2szmcd+6 zP#3Xr$V`U>S8L1e0dGb7uu-2A08qv-LhBM6BN3pkcLa)VI%#=zBo19Phgz*-j*$gb zX2i(vhYy(}U0gg>(9GZpk!^!@IW~3w-7W`25c8#3B}eygCnw!#xKY6H9Y>&HXLM=! z_n++R1P^S3&8Tl{bAqZ_DiPj zb8GA=2u~wL{cl3lcT+(Bw?^a*A=@x}8i}n?(O$>GM1@NFFcloN2lpGn?8dcZ+6%W2 zb~L_p0qQ~#3nAs7sH4UqprLR(*PT*?_%cp{?S#mTSNWOZP5tD!B zVT{x$)XT2%e6I)_^pbgb0U2NO{?2&V5iv3f%sfuv@(kMp4Lx1xL6sHk56vnyY zrbPBq`ecNr^x#iVL%UX+*WIE+_G4<*O-hE!^#F#yu|2+roW;ZQgR&HjGC>%m&=PM# z(Eu4^A@s_qIi*Q%;7ai+>X(U*t24UEDh}s2BlutmeB64HhJ1uDt7AW~vmeRthFbS3 zM>r@c@1o@pXSgPP>=Wm9PtR#HqHK)71C~O=5q@CM2*f`bZFBQ_F#w54cW;7E#$0&W zaqDS^L2{FMf9aBodI9afSp+4uiF)sydkrnhB74=>oRH6~7zQ-QYOZjNv9L@N?jr9l z$wERx(f*iSav;me-ZTiytVF8G>oUo-EFuv?C3K11;o1?Bp|Q*|Gu!yc-Wea5%awa7 zBHowbVqqsuEu>QK(b0*}b2LE@;C_VW`)w-{`(#z6`+-B(6;aN9 zJc5;0jk0#X+btfm3&eiH__y9>3UVW@H=zqiot3F|0~3&t0n%GKyj3rXp0z9-?hrtl z{Le(7XH3Y0EPlvW`uCg`Sv!dAQl2~AaqV(Pr`%0LI`k`Tiys@Eqach@0TB^ZQYrpYU>qR$tMfNX z?43*JJ82n!>wQpp`36Ac_BL&Pht}zl(H;BCa@yOLmnsi`m}Lc-t(`9(D&|nju0nU1*2X4JQmMBfef1 z^&|U-bPL*1;O)>c6jE|S#6%4f4}LLsPz?Nwrcf@U;P$PU?SRFx&PAmc`*J+Z*wff9 zJYtxYRMfQ%ZGI997cNa_Ox*I$r7W%NH3WWTt0$OPs5t1(v`HkluZz)`b2r7xe^cUi zwhKYb@*O@!y#uPtAIf&WU57i(hFi>E8P=>t+GZBl;`&*3O!w|mX*Hc?pOP1Q!FElB zF3|1)d_856PMgo>u$p^p=iOGo7F$nG6$JH zpTS$ChK*rw#LwbLet8w}bIkxHFZONL-q1(E;ANs41$-J6_<}u2K{^Fy;woSd&azqk z0=Eb;+G#D7QB$^_o!_&cZW?jj>CmDCPXW*DyU&F`ZnB2H<%;tn%%C4kTA%YX=Z5Ip|Bc=QSl`!ml~;mG+03IX8vgp+QEfEb|2%*fhVFJ-w znYe6Ovepj#2U{U*(qYO~=PZdA{?YZA+-T zgz%@^Zk=IS!+RT(TjK$Rw0rF-73GM<8jW?bv}QecMX7JSSbm~*`$NipjKL#&-I(^b zUgVQYFGTny;cV^LbIbYWDJi6H@E-c+=tL|ct`=lJxvcQ(;h&j1Fph!^zZXx>mhB+# zT>{>oD;nTY_{a!OWrOBd|0^Yc!q={Q!r9HpM-e~gzpT8x1)G@L?&D<7I%qpBlPI2 z1*X$^Rg!+3ioI4JSrJ?1yJQV(=|^@E9}1u4hO(ZGgpHmlfh`%bQv0p-E}Mt0`jiX` zQ?mam7w>ATSC;?9%V_Sv1To4{$e_tFpwS{Fur!uE3Gc<`91cIB7R_xh3RDhuC=|<| z0&c?}*;YdbI(GLq0chs7i*psYhuK-AC5Vr}N|Fw*dXD)lSj8!DV zys3iJD-6=Qaf!SrEe^S|VImjQh)k&)kki>X$R3@LVms#t2L9&qsQe3hTYy>cMwu=s zbmy>A%(RMbAsvRi+&N*-y)^(ObJdOp8>aU3bVCrQz#$H&#^iQD<@Hzu0!IUyh|Q%N zGZ?V{^*VG%Fp}|(Nb*ghMbI9=+w}!8pm>v{3grXAUD0_S`N}Nm&k7JvNQ8@yqg!HX zSvT@~O{e;_iCa4;fi#-y#K<@n>LQVX6FRz*&VFE)Gl$+}SVca^*ocB*>TFn6DPyo= znifN|SI@azHy1{V1Chndl|s_~JvI^rO0Gl|p+m`VdM)E^f}6N^D18;iBYF;Gs_pAnFCQl5o3U!+Uhp)7WV1sLin6;rDPY*Qj$X2ZucZ=0J1Kt3>6DVhUqDdB==nFkPE|EvtxMZ<5(h)^Kl zA5v)J^%;3Zn`-+E{pF;%}-Z%>n&p zwKMJLelwWOOX6s7KB2u63mV}Fz9E}8h+QDj0qC|GDKE=pk9Ykil;41)TkA{RwgON* zVA^_r3FcZK!-uYyt&=>Ir0D@>(2nKB)^cZ=Y*FiCmDO`>7V+#YkQYN5DK~GD>o?<9 zR1gCsd^K_E$`xg3g~hERxCy}!18%r*L(Jltm-fE*B8eL=&zGw*6TOXhe}Jt`93Yn(}H&Nb!* zbfb1AzzVbHNj`nz+b^WC+Jk~-^&dJL+NBzPKWeip{pyi>G*|A+Vs!Xc7Q5NU!B%ncBI0~T{$ne~c%gMO1#~y{`W^zg1GOcaGpZHPl8Lhfk@Cj0|CP-NravkaHf*nwNk9KVY5>GB}Q zt8NTVRqKNBp&cm8;>V?<{V6oE<6GJ83-ta)T6r~Guy_gxMW9)MIEP(iIO`Sg=a0W? zL%|&Q-jA*GVvg~-H1ExBn2q)3<)E;-GD7n>K}n?BW2=4WvU&@JX}2^)?b-(gTa1Pm|Nkf zB}`H;;L+O?g~71k_KV29x!%A(hm(io8q47wZ1p5coO@h{ZXhTBMRAd@KT?e(NObj~MOMx`T^!JCn>`96) zUQ{C7lvR0vZB9mil6sbJw>|J1KPV|%=}#u!6Z?(bN*CjdzpoJ~?3oy#|_`e(kyPrz2e1p;aYhdF!dKfT|e&)3bR^sk`sG!Y1O(p*< zkbYM434(Ph$SN?gu96-mb#3*2DBs1#r2ff$kduuv;jr(6b$_p$?K%b zV~cT;yOSq<`}+#zC5^(|Q=uv~Ty3G%}!<_(0r#L(Tv^siDJ+8ZIy{{=VkRxe>C71C7cO|f7s zI8YNB$CCzIfLA+q4Jj~1vN3fFM(eCd=q&T;un2;t9nJ+0GOdINk~V`USDm~H%Ck-s z8P;Hd+R&uRmF^H3y4j|`U(sht_`FymZ(g})Ys01Lk+eas*?NdbYE97OY_Ii>uan5dDH4IzW#Q{DhLJo z)mQxAEd{-k{t0Rsc+b&59}>XCcS4Srd;%mEi$&$pSF5$-8h3qlA@R@Tcgj$3t->=~ z406YwHYx*LGE4;>g4qQ_+R98Uia6XSj=04nI(q$w&L9RQm!()lbke|n;iS3;mU#HW zNH5oxu-ulYD*Ju4*-QwL+@b-$+Qq^@PL>N|YEO!wk3|mVoKZQwX*q3Mu&l0~JIk%Y z1Zk*qjpU(~t5-)lu@V=_yj52D*B_2S+enXsc2ke2v0)Og6IaSw%w148D1nPv@uy2U zOlz{P5@wW32hvcHhQrt(G%Kt_ANz@-xC%r?XaDXB*~|U1IuO!j`x+@Af1Tj3Z6Ygw zSWL&UsW!erTV&t}r~E4@ebm%$ z469bJmSk)@(8KWqt}|qauIutPD&JV1 zYm6OCxM7b;p6bG2`@fcNfq4BoA#$N*GS$AXj`+NdOg4y_MOSOy9cRCi!1Vul+TJgn zv%uj>0esnp5s2*?hfD*OoFazU=NQ5m;$nNLDHYnNfCMQktRMbLKtTvf`rMBiwsz~T z0-N;2T_IJ{wS3Szw=3l5ank%xG#cpPky>>39~fQUYhVvsfJx{EDi=9YOpja#n@6s} zf!Q&$yvD~Tuepd?KO4b}vog@;*-(+bxvyOcAe#hvq$io9Gqly#Xq|mA4$lp~5xZ_> zL=3WmSCgVN{DIDZ)LRs)hF>973LYgPt?P$59-MiIVI1a1jR2=&Y?An0vGDV1z>emJb3tekt zJTn}HF$;IP*UrNrA~6T4%P5;+X}h9C_-YTQOxJQSO|o_v(T2`=Qxz8mSx<*|OwFs2 zlVp@hq%(TCuQ*{7QW8r;aZC^Qp8(f(n?`%qMkP{waB>0#g||=}WQsFSFa%V0zwFe` zFW!Q1IIidq8b$RVP2K9=dk}=E&}&|STkPOH!55k-uTvPvtzSw!Z^Lj`%p!H_d} z>_Zu>58EWAUYy1QHXq7*m0dmgV~|tMeWX2_w`fiFf22m6W`rS}@QuO{!%@4AVw^!o zk_lpL#fH3yLp5eEUqbnXHJatoZ4lPs<>jFd@r#$&?(@%yx&!}bf+JAcYuH$n+F1{7 zktE)z9j%O8QBV0_;e{A-0fGjMqhWFX5y5OQ^O{of3C(hB|mOhjIM zR+yVqRBa+q1*QA!m?qp~KbqEDxGVI>6xv*q@6nv0T4hcU*Vnz^AeC9UH zF&*;@=sL|UiRf~hu{7$brgy2BMqU+%2a)>tDuH%6=-xoO&q>+U)G$w6_UOGQ`VKm+ z&`jtLOM{(sLX*4ezR~eu(lgm78ZfV3&M8oL&g>Dt2p5|E;xx+$+G*cvh|^D^V4!#~ z=fTw0th?b{2OL$M{83%XJKnxQ)=eGVrdWq2dFHs+su~;kx6s4>A3s~Yko2J);*%=y zK2+jM{;MDEx}c?jQB*9SoMM*t(t>mJ>q9-ME1+*v7!H_1^6dHT!9|H7%$r;ucb4^! z_it%zqBpHC7;*L9<7_@U)PZui0-6>baQG!v?*&=tQbxP?Rs%HWv25`=!W4C$odf%v z)D%UTO4NaDT}-ZUeazMb6H0cU$a%DiAc!CCIv|OxdQqdwQ3NtwzTTmPT3D2Q>RL;p zToO&taMfrV2b5*l33~=t2rI*RDI4o!K*1y?w(Lb|L|fv(%9VrPWjGCWbndxOfY2bh z9^N@P1V*46G}Q~X^;~-FJV+!m+kCQaJ8wiKpTj6qHKmSGevIW`ueDb9+za2jcdONMlIi+l(3D{?eMm0CEWfe7}i*#o_#_ig{Fi))wE#D+$Gy}_w++oKNoB^?hn z=ypvfnCKMDj<<6_WpI_esn5nV1FYf8=R^kvKL=Pf<`zO6;Q-DPsMDTsO(f57E>>IEri-!TdsiU1a(B6|8}t4`)Wu zSaNo^b!{_{x@79PXyOqzMcf{#lDfy$by+4&??wBi#R{M6tMX>5FL{mdJz*>kv@@;0 z0r`GzkW`?&qV{34#Tg3W$z>sX$_e#|rUh*&RaJ_H}wd zzWN;Pd|$M7A%tpdDaJ%|h7S-~nn>XhOCWNzn-ylCEZ@G>-3pkq??!#SgF)t}dt&+B zsMt60TmZBgYvlO5HE4)G8mf_ArJ5nD=V+|g$ZWI0O)Wq;NeB6%IEYcJ{Ab5*}7s&$Cu#dgre=#V=fwTs?R-+q_PVW{HCL9kUR2k(%mR#Hs3%N zDmmPWbaN_cYZIQI5rX1P6NHQ=g-K}=w}Sh%&nLq9)*dd~(`E zi;PSLscrur1SyAdxO;&vV}N~YRKk`AGTujta*)FS%z3fQOpUdrWPM;v3~?%Z+G}tHsg=*2Um%2_u1rGu(WY{9V^NCu zzPp+5Nv8yp3}gibLLDo6h8XIRBko2z_VF-`&WTkiJB!Ce5cf$r7DyA!$=I+qEea=AK>n4?(%|Bjb1z2A{k4OUV~6PqUC{6hVD6_ z{zRfLSJWuC{4YQ3fGv$P&2;!ZFFzf*jc${V6l@SZYaRe=_3xMMI#OnX@#J6htYVyN z2nI2++bE^|hVp+Db^tFx(7(%^W~Uy=cU7R)BS!_25Ap;Xpe&TtAyiK52`1}kD6mkp z_04(_D+TU@G6zD51r5W_5u5nH$m`J6=UcoxR60%xD$=kZFluW4^lL0-kVjxf=49z( zG06ID;=6R7yQ)$->anB|GTJ3s5vENX*BRGuq$YZRvT5>jVhXi}kK_KGO!)OS2PVs% z8y;qeD^MUPnf;OWHR*4&SbpvnQ2q*vBYjD6kQE87#UxkFn20#br><6U%zv9FCkbP* zQvK5Qv2io@DaU2{C9B_~K`IifA7fEqlT@dt{KPvHbGrm^#1Q_vI2l90bdq^+z3Lv3 ztuZGhqd_$wRn#}#$-&^S7T;8PxKE&OZ$w$MNYy-;^Zkv7d<( zsK3od@R0awD(3=DhLmR2dO&gCoN|ibKtXqMIbi=_EW!o-@&?Alb2ol1Xi{0U+upml zkqR)?n0lxyv0*(fI0v!K%7p=6KWdYOUI}cco`fd-_~s*o;Cp`+1$X>U#+mrf3C4hY zZ{MoZJuUUqZ6h1$+alRatZIru!k^nNrWMq5)^*VmDtyCp6`!|a-Zhjy%(bT6|0%Eg zgK5|JX8jY+iQc58085~?G)(={#+8@ek3*GX_id@ASe^!`y#%q)^}i;?Tim-LgtsK-uo(^2krv#&4tx=CNtj? z^l+kfo9pLrXJ5`qQpV=a5>t--;-L^mNwxy@t4hc5dWbHvShC_GX0Y~cMHxMwUtN|r zgDgSQT5PB>tJ+r(!P*yY92j>qX`Fd)H~^ilmG2a?fO9Q66a}+2sAWCwfO^(( z%;5)B7OeD9xP;b@B!^61IlqI7yOs>Hi+9D;uyoR*xS*i#tyb}(IR%ZV z7FN|aVfN)+L%Idf7Op8A>_X4mctW?(-2wvrJI)isg$scuhiWtf8uIWty%92*de#Vr%JY;NNMel#F~=OdUDh4z%^yW$oWcDB!=>1{sm}OChs^{-`o*J{4!y`WNEB^AfFD z0vbG!i@}))m&jiFnmejwXH&8N+67u=knu3*&JxPuL|h_OSFS8o2w7 zSd_H>ZnPk>;-pKb0b5h0*7$o})_r#D>N)p&5pRP}J1w;YH;QsyL2k=Y(Q_tk&s6Pt zibn*)G&7Z)21CLC%v@rF4~UM9TUGahq{ZsgJ}2<&W89uMZCAhM^+zqaYI04>OkYAS zc;dk1`8$GTVpU||)A*2i!_6+Ku1s{L%W~?%hLLDNmYJ!~YnI}n-XR!M8v4MQ86Tn;n8fz0(+aD8zMGzx94e;Ko9=l8Lrtf<>rHY^^X9mQ=lXYss;z}W5}H*ozDhm0A?JcPAxM%0!BPx*oSA; zwE|iA0>Dky*EoegLzWnH^!^sKYX1QnZaY_ho*V`xR*QWT)~4L8)08>ZqG8+*35!kS96{xu3lguvl(eh0INAKG0VX>sS23QIVWht1`;_15n8+Kv z;F8i%yI_dm+E=N0Ut~~r zXnA?gPRj#H)l)mjmnpZ6BG#X8qWt6A9V zPTb)Zw7^aYs}emg;tJ#p$AkMVoj7m&dn+I2Uw=~=gA;IusWNs4MKO13Z0MjQqb|1V zc5H$?4r0&ga~2dt;)4_X;8xAC;SbpXDf9l9dkRt0w?Do*Kc8TjnqWXLCpf&f#ljgB zW3N)T6sfHFMY8dIYMI!m;Cy)$^hKTe^+Buz25?IakQ^y9<;P^BMIkzKl zpypc!a_sC0r-sk<7>hof>Xi5!ku(d7Qap#*&JuezId+cpczrP``JGXE{O(b`XO(SZAa=qS2%z&g;t7@qcT2(XvU@1d&OIFA z1ij~7xg7wEZ25*%GzWliBUBDOx3RnSK@st(qOJO4RcVJ%b!WCXT@GV7XyHte?qR@K z0^AzNDp6!T4jd(qiV(+ug)YCX?oX0&-QZkj`g${#xjm7N-V-xidbl+Wd`qK}?-ynK z3=1#8u28x#4^1z2ICraQ{VxM#^-T!xm7K~1OT*3|fQ=`#oEVLmN#GE?U22d!4Q?S? zq*8#8AO({ z=)_|UoDO=8vNOxm+9XBtz|Gsq%NQ3F#gg>GxNNIfi3r^ubDjP@T0~l7znQf=c=C)ik z_j&*-3z9mU9RCAOz^iWA@Vt5V#1EjM$d+bu@Im&SNeVjB6Q{CnXd_n+ux5KyuYprJ zn4qn$@)uN&Wxoy`hhlSJ&nlGc^Q?<;SSv)9^v6@{BUQAFX0yV*VmMIQ47Y!$+?^v> zskgnoySVzuOH;=f*RLSIyhx7`-xKD9zzU`aIgPrne#S5|Ce^?uI27C@j#k*JtxO0- z%}MZp9<4myai%xiGDi}JO2jR4x7$xAEt}OEKe2JaO>0m*!!_ZwXwtV9>ojNFVz_G$|2FUzV9iEBW zLDj+)mv<1zu-3}*p%xRR7_y4&ibi%?Rm>BDB57awyjBaaHR3c4L-N#*t>i2oy5zlz zUx+e*jU}$StzxjxYsQqxjkCN)5YcI3Aah zA${E4*WU+X5zea|n-g6T)T42-)_=%fim+NEV!T~MC>SpQ4pEY*Iv%|6xesaJm8}kd z!qYx#90b*dEVk>eKn_m@t?Nc$AtY|Md3{}M$^%AFpMYf=Z5U3Y5>dV`N)$+y$KftY z7F8KBw5^D0YTIJjVQO#YQZK&5KbB8%zfIr=LA#*#Df-2TkpC7lZ08d4uw7=D?>TtO zKHB}ZcI)(X&>;0hj zc91MYvj<_GJ-yF2tnjw@IH@DkTHMM{XRGBi3Cbt~-jL!w{m~o9;Pgo@_zOVZ^SR^0 z!D_<_%($gVpdOY!z@8k?LG_APjVqh<a!;7``E3+926Px z52(F$&B52%U#!XBVKUq6v!malhf$Mre?y)ik*5o~ZQkw!DABzZQ|tY~y+oH@2^6x5 z*z;AnJC*h-fa@5?XPC;fTZZ%Rt5tm}`K<0r@G7x(8A=sb;uqbjW^@_6BA6TzHBn5F&1Qo4*u0?uOOeA!qWkE*;x-OKhVFv9&=`q z;1`C(c{}|jZbkIQdSiKHxa=x<#!9V}>>~Vj!ZB~{@a?yEMcVZGs;Ey)^s+{Xqm2$0 z9s#iJ!;s}V0P6*kW|L@X}voy(R`ASn6Wb1NW( z02uYP{E_aUu>mwlo7?qzLJd4?pp~Kp!zpk>yLi>pN*$>>hU0rJ+EX|E{+1(lJCg8u zSC#15k8qYB9eUHlsf>eEJ6n5-nYHDuTtX&lIbR{{+p2%OB#fhuwt+BFVddl!5%L)_mCXu0iz#2`y>Q*kzqb0qyoW*Z zVQ!Vlkn0>)MEl{Sh)+sG@(N1>Kj(DLy>f+)a1rt3*^V zFI6;lu#jf{5<~E6*{m#1?4|+-P?&1OCXUP)%n2*TPFByjVx=D`D?A_)_r)IGtw|mh zJ=*vlxFURshA>0+sTP_|p5-AjwDuCq^G0Ax=uJ zG65~Kwg)Nv=N3kKM!@PIK^a{T)vn>kkYUN)fn~+vUI!COuV0%04qFmu5 zRg0kg?A?oaA#Bahw~CEHS?Wn4rhEEDs*X*)+3V5he^>Q6tvwcl5a-uZ#eKj)VA~K> z3+j@va0c(iWSR)iJ*$lfXvK&qjSPB*)Vcn0onR)BG*?4H2?(~Y82wv)82e0X5PB;A zGIVWFY#&~#j9g3W9%%P|TQ=lWK^SoQ-9JJ4gu^#TygPIV*41DQ#l8;zFMsp%1@v%0c<^(8RyOg1DXVVy}5^VU%^jm_-v*jEreUoUlw_xp_0s+{8SucgcRtu zM&Mm5{@@sz9OP9y=lknhJ22Z7*O0)`t4b5dx3a~LvUfN48W!I-OsG*{c$}NX8MI)f zSC;Bg@1dNrP!B5q{1?*QmvLHLP5z`=`%Bh)zD<-&^pRsRa|S&mgiUT|VIqotW{^Y@ zOY^91!e-hDKA4zMGx@5HpCJ+dP0LprRAj<1^iAZZde8H{hlGgn`0r#_N+#5L*8MCf`u`Y_tZDGwNw z$>NYSZa>BYtoLJ%kJ9zlGdE+R)yTR`KMLyR2)&G-X`C;j0F-8>!rEvC4u_t!!NEkw zIYyz3`VJX~H))Kf`y>isx+Z*XXYUP5#Iv!8%>z=j&+P7S>C<^Z>PJ5CTL{W0N+e>K z(~2m2+CU-hvadYof?;>>nfQ3QhpLL$)DUJ;Wbt1E>t%6?$HOoRGb>HF#e`DdWe;#- z`?e=67Pv`Ib~4LRk!a|g-5R5}a-x<4FgnAYfzwkHy|<0fgy;ZhMFzljEug|c;pA1M z!Cj1Q;qPS$Q(Q^Tj^-sQU;0NRk?Db%g`2_TZunej4=_&8^_rR`GN4sSod+lyFf^`o znAM3hFn(JFJ9Q469zkRxvxCC05S7>7g67C`VF_M z*+_ev*L-t(i`b}6y_JI`S()b`A!;g$l1R@GkC?H0r`x8+IT*AyILF{n$eWNa{Z*U!gzF z8oJ2Ue^a@f@;%OX;X#M3dkjAAC71U>g6R8frE8f)O>uG2HGwmCL_lV*AAdGcaM8!s zs^ryQPM%cB_6(5d{bJI^zKAC+b`n5RxtFzGHM=p`Z{kK_sSPcBC^VV8 zk^t!%DP6B;)llvf^$c1b>}C!t2t=$qyT*&QWGoMf>!u(b z*#kJg$_(pQu;+JOC$ck8D4a+39{};RZTcIe<0co-uYNkZMGXjD{0<}U;7qxFt-pp#j;?@hAaFzuJqIBGN|#CKk00PD2wia#o#;w^ROviUhN$fV)|@ByUe*cv!v>P;buNc3 zr2)uU=KLT+^yJyHaFXQOqMg^boCo%ELN17vcjiE%o5z3m5oVfB)8#9!I}!RU4jyU+xJ@8aFv-NY-T!_CHMr^ibM_!<3^fUr4^1og4F#F=b$8Ti2@1763ao1Mr z?idL#8F+1vvGQ;VzLDw4r8hrn!-&bY8%7r8kiL>7eM3GT>+0<(M}{ zegOtmkKI+2#Gv19@{DSzNxB|-NvjVfG(9GcHIBkmN@{N40};(mGpdo!?m7+36z_FM z8DmB}La8`62~i23X3;!$!7G2fJE33w$Aj#Z*4?iczHNkLZ*ad3{Y?nh*oJCdoV=KH zp^4J9xIVJ>P4+yULNt59Kh7djzBF>O10+Ttg-!gPx#~jq>i3M}%5`$5tXyM%w|~AO z_|OVBL}aFfR0C9x`CXgP;}~;OU2_l&aMzESF>U4Fuo{}iG6)bhu$R*dFhK0oavN9U zZv|LHKz*DhILKCL)%3ByIA61LOY1F7dm`D6pAFqNPCLZs!tFOKl$1Cq%T(9>E$ht==vUH%+zO z$*6+TB138AHZdg$^xE|WUstIUt~kvzpOR(rRKu8CyojNO)RdSVK^sfg=ry_Y+?xEK z{_e3iHq}=ZgBef}DW?iIj|uzvfpk;TCJqe#Du#L1iA~*hEvPnz%G~uS`Z-IPP!IwJ z(a#;5JaGgPAU+D)YRzTRpido~v@iV~}lSi{E* zzI6=j3RH=4wMVSzj!H|n|FUqM=0d5Q=fou;=iriIZBM*kPirzcrqwddwIXzO94W*B z2QqK1Xet+f-cm#GOv~1dmIX{kf z`EMHXEHa9-QrglLf282|JJN{%I}*S8M`Fg)qM$Rbp{R$Bzc2540sQ!XK@#;}!7cHC zmzF$>HRowJ1Dnw^(c&tR0LWD^X-vMmf#N{!32c1kS-{;rAe zY)yI>HM%jtHFPqfyZ$!c<+oW{S-|NJLhav|eMKShnm?GPL+kD2xC_T?7cY;`xP(lY zrVJ!uo(2hnyURX@xdqxzCRa!ZA5|CKdl!>iAU|qa{RBv8*{965oSI~ImmlygY8?wN zn_Do+1Y${uj?eJgd*G9pd&7^ztQ9<9QJotAO2JdCZzym@YY;J2wp^VK(~D=j%a!uA z%mpI~g6;SBMIr;16A4B&ZU-Lwa@_4ti`bByh}40wHdB>1@7UNj8})9MeePf@oq$CF zXWPh&ai}tTOean5Ve4bk3wai~6eSp2gcfSI>>j8eahoh~$IeT0yghiYq@u7~k9@Vs z89L1Sz?5(Vm>l|qgz})m{nh#LGQWv%amhE&1+KdM4?Osc0sctO^DBHMk7kc%QaE9_ zNQqAY!6O3gqbMFV0?1bHb9A&jU67nlc2TC%1J(%4tyDzG9+3C05vfu78R>*-5{nDV zntw*#FsfEO_4NOlI$$JXk59Pl**eeLNiUYQ5vgzZ4ANE;xc%K@5utLLJaw}TyWw>H z{NN(_9oT(%#|B~WZ?iI>iNVFCU7inogrul_A5xL<%-L2mO2mFhVKSgc1LYTD*d!6> z3nUPjuJ$P4VQY)4_M0#zT#hFVa5`Jfd&()Vv1oFbelw&R;4`%Wt~8msf9|t50r%v^ zFH_#)<18x(MR8ROy7nxMJU$QqNuryH+(pCqy@; z`0D~*C#?MFA1{6^H6k;r^8&cfhrcN{6AIaDBy&XH`&wUi-Y4|oA9at@yO4|MdKL!2tKvyY_OgX1xZPL(=uY=a&i zK2d&ZlOJE}t*5gk%YsU;YutJbS}$bPX|!cIrV2(s*Eyc3#-?idcK)S0UsucorNeBT z9wTkMhmbsa6g5{uuqF1f$P?A>OYk*kgifB4rUVStitoFlL(u zp1=qo^5>WM^uW;Q1r1f|bDmH^_D^s~7~)$;-Iwxm?Y6{5Kn2tDOn|QR7VF0{cud5u zXggNpgT;n}i{6w$zD=(Y^LEr`52$3X7TD3n-OGSrY4yI(6a@S#UXsNq@wmdY4^^=& z-r^{{Q-zAL>x};X7!Ze-`KJkHo)|6tFq0-3Rq^FidC`*r07-Hq*i`LsAGOyo8Sh5f zD^m@q^YwUaI7`tG?pCf1fS?+sx}f?DpgAOkrReKrXlX{Q%%?wUOw68~og5g^V6A_7 zKS=qLfz<|LC#iTIGD~>T{%`jfzU~OW**0WV+2Q3SD zy+i{@?SWF``zapJ*quEB1IPs0v)P|X)FLY35xsiY|z- z%(~N!^db&-wt`@4zt(=-Ek;gt6|JPrb>L`Gv#O{9plQluLc&ZY=bMmU+@yp{)}p>j z6*=o?6{i-X>^ZJ*G_qrmfN|FhK&fwfP}*c}^e28twB?r@Yf_9=65&w8VN9Zve#^rZ zdi~zi8{TTx#<50_H1yj!A?$Sd&jVPRm3=0x{>ovUk2dP}Ui)2k*36D5x9x^iJMBDK zQ}Iv!Jr1|{)lZvIrp6($if;6H)U~?N=|kM@^?AgjR)e#EsCjF2DHCQN3OAgqO8Fpd za5FS3r-GvVY9D3UBs8Ma+`11AYB-XTZC`oV=pFCHRn_mjYqEjy2KZ(h!QkY|%EcJn zt6TtN99f{)suYktAS-YNw4{fY327=no=+U`euVBY4%r$H;gt6;rLf?Oq)-F!sYbQO zwq!XNyb8zs?qA{=6wu;;yOT*wL9$#210TexFUN~X@dKryEduCG?X^{&nm=|V()IT! zd;mI0x?$z*;JBFH)S%s2&>}xvLk_sDTqUMr4I*)OZV7;av3|W9Kww6Vmc*MPtnD2@ zD!+7=NmFuN15H}6OO5+y4Yb9xpC&*k5_%mX>%jbvR%eq>_(Ga6q%=87zndAyKvCiRChg~y~zBDo!^ArIgn z9!Zq^4jo$;5$pQUF=5fr4cuE~g;QkhS@ac$lzzRmWXQGMN3C+DM@`t7h4kf%ab}st zzEj@8^*W>mmVSeT0bKW#4CNhIL|aomdm478--INN^XCu$LZqFdu+(1@fmSVN&3#s7 z!#0zzD@v*dy~U=lG#T;GKg#rQf`e*-9d`ZE)`{9EcLnQtVbNcm>RL1VSv2c*xCV!d zK9CaMBfnQ_Iwk9Rt-cH5S`^bO4^?YbW-JD4i*Az?sJ zw&hIqfk;2dE@B;|hNXPNwZZRp3x~vl$GZq%G|hMs;ZO=7*BJI6>rI^~{)diCZ_Kp1 z4GIeDw|*Aj4+n!>zoub`L8%u8w0C&XqsHtM1b8w_`qtquy;YHS&hYW>mN^u^SkfHM zlV`=f{Ttc(PUo;^(~u${^uDq5iEe*{e%RSJpXA%X&g8^HgiXJ)y-5og&o+Rc<=UB;3=E6QZq3VG)oLn zEi9NB?%F~Ps&kNtT?DP*;^UtRR2Jd9S!}p={7XJC@8iOv{-TDV66!!|8;u`RU{50A zZo+xq^?t~*^PjVSRx46p#tPxaDu5Xb!o!q%O`)1QETd|3|M z`T-yq%fV*9ZvA8Y2jP+M6tLV@QW`GJp+e%iq0wnoh-ui)kiy$}O5WvJb)4SbGBeDI zn?43|5NF#fQU!sO_R;o!;F)|#{FAyE&Xu^52i&y zt*KNs-RPd&=)>cbEs)otXp_vE${Os>m<8${_ee&u8Y=r!<~)!{!Pfo7^8HAqcS0BB zzLCi|mr}9|+O<~AlRwL^@Q{s`Flf(3VdGSEFNX{UUy4TV8md!)&T$uj z5yxqwV<5=EK=U$SX;RN2N60}dgGUsiv%;%b#-e_)c$58&CZ71UpsTxAsUk)8kR`Hs=Gaj2z29^<60cJ#}Cy!Rm)tDbeq^!bC5?u-opc{7_WBgFTQ)h4%dL>@WY zMxj;Y4GFPm9k3-xv6rBtYOZasdp~p`88h?nTT(*#-=;s#t?^eB$So{w=i5DA&$-~u z4)$!&yy*#N>y^X}M|ZmOP$WF39TK~tvoY`C+kz*b`*pr*R-_^HDAr@qAZ=L`bn|wx zOqXcQnjxc$7Pmnoz)wF0R1YEpHJ~%_(emu-!Z@GA&mRAY6?NfZ4g|~ zmtPSq@9`-SR_>PE5`j^SQ_@?SfnjHWsH|srSb6$ICHPuG(a_ZRbt3|g&|be;#e^vk z&D-eG?rmfvuR>D)0_=k2fV^wWz#VNB$HGYz+!bO@P~^yFA`08MU~o(pHTO~_B%t)~ zAU1mq6I>4$D!s2sc&BIz8eFY_HVK*kQxTylpqY2KCB^{Y(JU2zcs0l#k#&s&6Z)HF zz&%e|M(;10ebzP^iMEp%tQsIIr%doSA2J)c=ZKy?QgEv(nOPw7DV69(6#*5Dc{U6@f#Z2Y@m~+WWOrm5?N5{-srK|H-hTb z{CdmWaoX9?x-I}XT=#^_Uc<0xTMRJd2_|;J5#^Ve7;=!fE}qeC1^62H&&Tnv zI2Rl7bkDwp9{k`e58I}>h5&G7EAbr4aBMXP{0RG^?@ndQ%hONdw*ASxwaM|BC#{l| z=K4WxroZBF@zBB$8JJ4``4Of&O9cVvhcPBTmAPGaND^K{b2GD9QNXZH;B*3;`%ktL z*$@YIR)h8VNMqiWQKL`fNhq%&KlG6LbeOLKD`2w0JPuear@LKOHh^=p zMQ!e^!mT|>4r#Th*8cNedry{P!M@%zeTgP+tI-_?jD8mQ`1C$XIYyr~KjQ7aJyc~5 zvOFEwLO={rg8CU@@J@Z|$|i6%87MD=4QncWtMGLW%{5{)HMIMtitGOSb~@pev2^m_ zEk|ekpn1nDYO!h*IE^jo84H!7>_qYL!9lI`Y;BJ7fU_7FdvuP|M8@1zCu}SvZ7HP2 z+Z{lpu3OFf>WVacF23Fss6ZSL+5wq}+|BLf!Eg*^;AHb+Eiu~ca?cKyspb6>rS_=M z=#B-nCX&ytZrs7uS>kvP#s!G7%fWiqtBe{iC`t_Eqj_)(F|3zd4a5t5CgIL49=x^i zw3awCr=c(8d(`E*F)2(p{poOtUis0jOuUzN#AW=;16X45zm%=RVD};o3_lZNe#}Cp zKUM8|Ap((ZdK67#Y8-{JAzi;j`nZl6%ZZOYdAqxkaQ|<)D#7eSDAbjFwcapEFLHXpJ$ic{|Tg5bbS&t{GUEXgp6AN%f9OLBf#+*vokZu0deS%l2{q~K>H!)=(oWk z>8NqO{(Y$`36XY~nvZC&X|39V9S#|a|DqAc0sj7=p==rEwZ{V7GxZ1e?=kcUu82nS z?yc5~zxMO7cnTZxE#f8=Cts>l-+RYXtBk)MHC?(G?!Sh)%U9BMDRr>gg;0+&`X%>B z$U^y-81C5MQ3wIiMCRwamiRV?n13mXNQSyy!}xTbKVNi(?b+cCj=?H-evS2LPO(NA zuh@D-N@Wg_$V(@F?Sx;)J$*G{id_u)u7*^#GPVq3&yDWo{C{bPE;BHZ?WEGOA>=B& z^Y}&_kD)V0ET&#Pn;eBGFl$6L{F1OyjtDYc1_t{1zw|X|{~@tg{4NluV`Pn-!BE6JgM?!j$I5vy7gH zIRH^lvk?1Z@!}1|E5@XDGP(;d=D%*4{dic1Pq_N<;+)A$kyO8)tIZ1TEVf@89AG;3y}Rq>6ebxWEiSS4F~=Si?TpW^fZPz5IYqaT$jfWEO5k?$=v3vo z&BB};1b#uIAm*sk2kGoP08bdI(qQ zv~Ccnpa>_c@;L?#SQGp5`BA?&eY%;aSsieIfVo-{9Ea4=3MwJhm4~cZie4XR@#Ch;h$8#Yv8HUEBo=dre6k3-u(m zXoFreaUGYh zD0Kk)Z)caOA{YwCu^dl_^Du=3ckuy#Vr^Rq;Zro*y8`n9HSCy?Q}L7M?`_SfzjYaUHVV zeXxWm)?nE2qCdTh7Ztq~9-j@Yg?3te0YL!8tINoRVEOAGLmubkTigyu@>-c>mhLA~xy(%Y~0pwOfh`OVTt#B?Y#N~;7l+NWg6xA-oX zaB{Kh$MZ*bd2tpZ2ro_1{1wYT<*eVf~Kk zTH>sPlZy7MQ2d=(!M+CYX+yB4R$YmU`{&=3O3-^W<(!80X_wj}Nr!QCBgCmeeh|m|H;-HN5LUc+=_G-ihc3um23*NMs(}WyA<4l^aNO6Hj24I0Vve z;2-d=5POsK`nioaL;g{SyD|wS*kRJeS)C`+X$ScnN(NHJ(DtsASsZWtrTXBd{A<~V z)>g%2Rj#gQbJm{?&AR>*(zxB)U$(_Hp$3KFY^kpYl$d6WI1!CJ+BI|1%evAJRq9tH zQ-8e${w|Ydbo95h_CTN97YzB2QwS)!A>!cyzZ&Y7?#{hfPi}BCja4oSCq|ioLyF`o z!%w^MLJ<}2##nTKN^c}(KDOB~dQ-7bk%ys+heJBzfA8*2jNw*p(l^X_MGJP{_5)(M zULT+{ZcOzB#?Q>$vS%2g%(Ib#e`7DILN=``Okiy?Niu}*?q7l2<78?bVC=3(x0##f z#dV1{v&fl+XYq%;tA~aDwN<4H$U)$G$ZH6o_z&V{Iot#`8r-}j zPWhR}qV;RSavxjFq4d=X8nYgqwI8U&0fdHJNXeq71J9RAgNR3*T*Nh!|};4PbYacRellzc;DSC3#f z>-lQtJ=xSNj{7>JVJdn3RoV!NhFruBLpU>YTGx(|S@4^;PAA>!CVpE$8*0|6F%SXP z5$*_9{KOy0i7z%O$Rsx8m-CMKuc!{yk*C4(rT+VkH&g}8wm%b$)mkbhHR8J!-;8el z%R~2sN%T7aXyF>+Jn!=iJsr+=XMN627fGNok|};QminyNAW2U<{aQ#tf-BcN>i(Hg zQcG$9!MiW`76bnM=`eHP{9GYwUi9YZs{%7Takd0-hgbC;z!bgYYmPLf+AI7Ko@)oT z-EbSizr+2CS*E=QGq{7`xmC03e}E2159O9B4hc^|;27KP&*O5gBBX?PX-4x+GDVT)I_yl_-uI5d%v?r9kFS_7gaKHDs?-uMIx%C(61}NWXtEKUX8> zHnZAvq=B;eY*$7H`GXj@i+0za*Z+V8qO~9`!Oz*x#-(wT2CdHd3i`Cu`Utqecxx>D zOshmPD^oR;xyrFvXI6G7H1kV|M z-C7l-Gv>O>UN10z*hxR{MQV_L*=7+Txl^Yd-=3KC2=a*TM}7&5!iu&B2SshPRYJvy z{CrHgzjDT^f|Vqgy|U@P5J}wBu^}HgNxXcor7TQ1flI_=MUHPytgp+>XFB1>f}=-3 zX4r;txc`ggkz_;!q0T4>mjck%&-Imv*5&){Wuo&!9|xknna;z`4}qrLxrA!riG4e} zL=Hfu)R)B8EznFgL=P_xX933`INt$8+`R7JL(+!Dec{vG>&fwjjd4sA@MHOF`yvpsc8 zxS{-r5qCq~x)=h^gxF8l(Xlr8u2RKfVtUg zEa%qb_q%HAS14z6T zd(rkdw^_tlu#0TX2R6&Mz0W~Q8S%zLYp62Ol^Non%v$e3PP%#Eg7U5U_v0j5UY=(J zG6Z4QgSsAZEKiL>wAL?W9Y;dfqmY_IU6oqPeeJ=LRqm7J zN1*LcA}YN6Zb?&;lD z^NlnJm{L2rDxp>0QEUGvZ$?iG1(z8<04~<@EiwWRteFLe+s6qh#pUuVsGrT5CG(>% zfWIOcm^bvn7BVj!8`x5n13gNMbe#;9+t8(B+-3kB!7o!FuWmi^ei3sB zONFDM6M-+lc~ zs->C|SbfyoF@#uJY4^;L8!Xz~ck@{WE>wv*QuRgW|QNRvoCQPe(`HjFy_lfFmW?=-)6)!&=Qy;0dh>3pj zTd1)2ZGxY;ecbwJAt9MYrKxS`;R`jTNY9WY_}pfrfbl?}5M7~ZN6ousi7lEEg1S6F zY5ml1n*|JHjbb{FvHh!Acf->+L4mS6K#i)y-PVvu^PD0J(9>L;m@DQl#dC7=BJEwj z$p9*f0VFaM)5hO5oZ?;x1@`-wvuhjTL2wqduqiKW+|tnMH2f4$crw;rD-cVXwRIv| zxQR*R+ZFC*?iEP=Ox{EfmjnX)_fb_#eCO}GI4S_2ru^F4l+xm$tTH3+-N&MbZwK5M z=_PC4TWd)Xg8bQJ_S&LU6lw}9#i~uCM#sof%uyBXAc`GAzba zk4Yc<9}+mmh>m)qXwIHH!p?8C9Pj|e^lQf$)v4F3l|l=AA28HJAC7GL$YD-F=EXH~ zx~z%{2wzNOU1SNEr28ZgOp1_roo^bx5(2(u_XmU6O$UQ%p>MrUiM{Ko?iDp9cUFIB zKH1*3bG!%rdZ7$6*KU+?;y)_0hUfb%J%aSNyz#nmeVUs!)s#v2D1>{Q%`OiiukLu_ zN}T0i8j#yZ{p=xh*V*UVxmkhXWp};5g$=}_k(anr@?CwARK2R3>bwp{NLl*?XLc>% zMK_|>8Tbi1HEObbk9f~!5pn0tr1N%_n#Vl4EqRgUw<#mv`q32?pKcn%cTR(JW@JOT zqF1McfGuFe^pspi(gGkpK45QUod$2Qorc{fGzJB{Qv-{u+8g^JdQ`To5UB3`9U4fn=ZqfRGlu(ZwMA!fSGVP`8= zPI%3kCRi^12r^QdNU>14IZR#sa}nJK<5Q0!wy!;v)zl)v$iXDWhGgOaat|h@jxDM} zp3=)qJ>5^@o&dsO`D~=JUEw=c?B>z7oS)%n^eyNYQ0h>v%eYrnE+#M$1w6XsLSZpS zPkw+DQZX=3X?jj*sfUr`DjY`5nxCwfIjS4>j`SZ91~^=QaCvOdn$AJ$Hv6}QnGgBd z1r94HQ{~wbxt7hSi67p!R&VXrru^0LHcjJF;#eZjlIWXRXq#lC-nn`gSd+ZWJ*$yy{GK*$Z@f=&lOM>m^j~~T(uzw zTV8G_t*8j*VG``0O@2-`NilhwGtAyrZcXGM)|e5ZO`5zGXcEiS!s=PjTT3Z4tKuT8 zAt0TmEG#_RxmHZPsAx2oL+3^jit3}(yioKH*NV9^b_^J_z(1BdH#exO3O3K#fg<%f z>TwbPJ-~eHFUMBwRfEle&QOGb2D&CtT@=6|pVQ*9u3Qc#vDdFsrHE!*L{PdOsHDZj z*s`?7p@3XhZVe}#w}#sP!Z85L<9q&j!eX2%2(f&HA=OU*wWoc#LIB>C)$r17H@bTI zc@$JON)c8cyoqF=Y)|QB9dRh!jYChtm*Z*>|1f98;p`dygBER3!?oO#nnCZz)>faE zcf?WgCK@kt1&J5TP@+1G5)4pgwUM*;eN1OLEkeU`Zk;~CwCeY`D=ZO}sLN2Xj7!0O z)1O~&H0%!M2+)@>FlybcfmGPx@oN0=oV4<8o*8s=c$7jc%KJZad)B2wEGTQCQ4f4w zWBK^U6G32!;k3ICe_>;lQb?R(Xdy>4%o4{c(TkEjK0;U5b|DCSQIFjrQ5waU6?gK_ z_N^~n5fERcj0aF_)r6VyIvzwgy8&NEdt4wbh3PK2IdU#-W5d>DkL`qV_mnypXAk?8 zHb+5VX>LJfn?Zgz7!VOfnEI6>dg-_8=}h6E%2ESRQron`NKFoaRG=w$+yIy@CYw&6 zwOZcn$YpB4c4%zkv)IgZbxTdH^BZD}%rH!V#8R6w%r0j_^IjX=d_d?{f+Ksj9xc7v ztgNZn!sDd#GAFwu(#tiYWZ1l)wF}I3qq=4tpI7#~c0nTcS(@812gG?n&A#~$;6-kO ze0{+tZ1EYABfECG?b{y^J0~x`!=R*KNn?54;5Y=?_9HC{n5vx_d#L49d%N*_v{ zikyqMT~o(%UR7Wq*0>jK%R2(UIa!CIBOx@Er)8plgf%q=1I3X&J?SH{9vEeYvTb83 zEY40-i>36WHZ%-eRf;GOk6RH{og_Jm`)@Tnc}+s$r7zle(H+03#B-^(0Sx_ z4EEM$J&cmqCOs$gJ*XGRu(h;g$nk5irk1ajfmAnjg~o3~yz@Ad6*rxG5ma2PJKhKS z(Z^f6tJw`Wl};Cpn0!M$c`PhdT%_z+F%zU8U?r^Lg8%~WR zTQS1kb}%T0;0#fP778g3tb?V`;x7?kCEgVF*OxDBzBEpp3o0j$YF_IOLp8`Me+=oQ zX=T={1Csh~l*XF4_2h+2BQo6p31Ip_HHYrVx~_0|$D>+q8js;*jfjHy38XWBll5k9 zt9HnCr={&=2O_hO3m6uE*O`h#BrM!|J8{!fdkw7;6igq;V6f1=_Y0O(K-_Q(=873} zPOzp%M0v!{=BR6%?UhMAS!4|REKgx&G{POE_FZEX5NImxGTphnexV!s-U*LPc@B!v zQ!Jft^E7~*!Vbwh)IX{U$vE8}eoP;aSuu?1&wP?|1*A$*^62sy6^805)DeXIr8m)OvD5S8s2fJuW)p z_)ePFXo!MnG$hyFL)(~|J$sJ|0D8Eop4qg$h8~(puQVFx?O{=aQ?AQWlky`XyKF@b zFH)lNUnNduzAcksyZ?h z?EJTa`E8t>1`*p3Wc|K~c|k;YRtmTyeo1@V4)IHwnS!+G=@%`Hpjz*UFIAu6iZks$I_it&XQf-{ z(K!t+dIe1>8cR@Uo+_75pVHcrCOZBFjYTE5_k?bQ(WbzRBzIRv#owk`+2#8rDxGKU z3CB5I*`_}IYJ=p!pP0y3lD2)ERHOvcTwct{6EnjhCQAWhT6yM>{|s}rio7iN zA1XSJ>LF-!cPt5P2r|B*(yLIF=$fknc4fjP(6IFc1fMa=R0MCI1N)fJ4>KzWYB zeyU)2Hc|kdF(~mt96Y?Va8W#Hp+690lWeCe5Xv_@{peW%->0tj>`L|8m7yqtzco{C zb2#zDMU%6E?Bz{#A$ZCubS`f;mLorx^5jn`gO~Kp6jE4l*C;yp+1+~K?h=P~aZcd) zT05hxxbQQs7OaaSVFz+dCTP)Xy9}!LEUck=L1;{s&xZJ%nP9F!s zE7aPHX>~alxVgH$*bUTz9dQ|b=pYGaEBDUt=|cyYGq$)Ze(>O=>$&^CldO;vNM~uu*T0VM4^Jne zDh@9G`z(Ci7{qO=*lw`<#K#DuK}Di7l-l&wRQ!UB(pa+LGo&>47SDl>eG8IL$oZoV ziZSLBcs2TlN?71>rsMr?8OVU-qSHe{pXwhE$wMLP&c?q}kk=yYxSDV2<^lACJF zyyesKI+8S-?-;#a6jRGKQ_psQ1ii-l<#EAFDCTqsH6MSaW5fcQ`~63%xTsSSV+bz@ z<|UEanMJ6EujXrY@H}bt8W)j;cDChg*ZHTkxZSTgy|XhZ9xSxf;Fetm)v;g@rt05Z+zYf(W}gsuH#*3jFvrt3<9kuXd% zIE#N&l}Njb9tLZ{)$&7Lk`^kdGw~w*ib<_pSSw|@kB70StV8~I*`^42B0hT^?)J(G z2}x5qG}BZEb-+BqaFB&_0AOkxcA7+6jmc+ii|YnnuT}3#Y)g$Ar&$^CCc?-79r0pT zob-Ozm6zE+>+|v6)pL7i{<3C&J|f;(+vlvdnX5wgC^XAI@67GXBAaq@_$5x>dDDT< zv%OC%*cuFXgG~x|e|{!6SiX7pFeyWTniZ}NYLol`(;BaLjL`4jHsR@lYQ`?t%AAz$j@8*1d-usWcb$+}xMTkaU^mCqU_q**VaQxO z=A>C%XI{3=Kf5LlVZX4#{~drEckU+ixLD*B{9Bb>&NxVWt9=ziC?|IBMS>cdg3Q8) zDgcYgnXM!-K+p{rVl&F36+91}bwvmI9T{~XD3u4plw%Q2i_}(gy%`L1!5F3ZfWCy) za^~s-Qg)a3K4y_fh-XToLL7v)HU%=ADHZJejp(c4UH&?`>H59_OK(y;+?Yo27qRtJy>`oryrUJ7&XIWh2uou)Q6B|waNkWBq+&B!(Gca$3Oj+0Mtb#%CzZ% zXYxOA439>3dCyITeXLqB1^d3>p64k~rxR=kD3@$kg;BH+l?T1+pBQyv3%-;U$C1vs z21NX{;;(_(Xmc4gV_-$8HiH{z2>!6bTa6l7Slq{S-DLi*L|I7I94f6yQ2WBZ@;kR5 z&1`^y=<7Dh@E>{4OX5hPe?i_nu{Pbg0b7K77n-1Hq=2r+G_)lHk>rc=Nza&c&Oz--6Jn zFyv?*h2XGz);bJwP_Rq$fE2THfyM)AA{v9!0S#|y;mPWn?>cxOO{?Swln#57u4o#3 zUNJKiih}-B(Zt1!dZU>|!rh4B;HUjR^fCP8MF)i?J)p-oUY=Dt0#^?|%@bCNr1Pxqax7`^6>VIFQsx*D8_%pV8 zK-)i9(52-&yJ_td{8gn6EW=D%he&kLWlXZx?^ox}NYS?qvxKN49-KRG4rs7`a%r&p zg(IT{DJ-hTTAd-Iz!~K5K<)&>kgf(;vOfb~g5H7PWsx5-mXY*$tP{=7J@B=41S6ap zUJ(poSxH##Jn03o9D=g)S3}bzJfULHp5O^8ejhxziMA>p3Tq^vCjzkifsCT1m6~9- z_v_a?Xi{jTtsNPY6@S8z6OyGhiVCN0_aj`E`rhCma93SI|V zwbKoHPppL$QxD6O2jRnE&BdK_tBC|7TFSGc3TMgrcMs8+&4yK}}#8<3}yjnyTAxO8uKb`tV< z9UhBY&&sOrBiMqf6?Rng8o;3C*980ZE_3t>CFop4e6YZeG&5o^l3Q~DgUgdV?%(-!H8K5oGdvJS1{tKbF+~K#96ks z=1bU-*NfrT>(2W&ag!0jWECO?xr?c=QxdhWKd!wkW+UwsJg~i>QMwyF)n;{_3>U@I z9daxB(E02=3Q~~Iu#T8+*w$6WRf5g%*B0^!^Z(&c5)i?w8BmLM?nS1eY= zy4%?g9ZWRZB4v~h2;J6!VB2r#*Bo~ z!u~RtV@x|yVEMSijGQQ(`OSMq8@%GH2AVTbmVBFpG8pft@Wd#Pkxv$@Zm+U~?DO@; z#MbxZXAC%#d$8j3u_aP+4#W}}B$?$sM563gMsI0*R;nFR&yr84jQ8w)G z3H7K$uHrB`L6nUmwoF*cBc2&sVw<_hY5yb3vPYah8Ov5Yd>tkv8;UCCQQ+%yHc-=W zY6eo*pqJkaJT>^^*NS3;zbT`)=-MU>dve=22hrp*A6kwQ{EvT><3BDOR5JBOVU5WP z9WNwDSOX8+-^#+7pY?f|v_YK4Om8#yvHy&T}ruP(PMv=(7M=brh$eWPaJF=Sx0 zIAWd?;4zY;=svwL5<$3IX3i{I6?HVX$%P_l^3Z&Bnv9dLRTyvSpiS)uRS=ooHKODe zioMMzPOZK-sNQBFs0A**5|!44SKBe7Jl^ zszXlpOU63x7Y@MOpa3u0glI}G{k0M8UV`6d40OSw6`f-D5aMx3Me$?zvx6FiRQ@rn z&BU=u8&r94UVtoF=pX)vZ^u~?Di6U`0EYZfyZ3QgRQzLZZ^{E|=iau=M7=Dq%j%kU z@fL;D9)?%nQmobWKMv+dhI7n7>nRr4m#*Lb{XvO7e*)>5x1CH)5jlIb5>xRF=4>KH zXLJ<-4N@Zjy+aHiZ^>@EBZ*$uFTTG8*QPluTavzI3cl9F;@|xer%F@$X^@tz<{Y`e z*uFC;NNa)izUvaVR_hA=ZRdWw0nNF1ib>bgXptK*jv*rZ9ujabGo~54sa2L$)$9+d z1SG+#cF*T~sp)>xZ2fIIqTk+#k|=;SBy|neD&{+~;M?J>vjEA)rkrXoo;{8Aetb1T z4wRu73#iZjGuwQ>=JP|wbK2(`*A(*R2Uxm4ZJK|xicxSWr|zz6rHjk%zNClp^(29H zMH;=52m|}HxY{lcF1&!?x=GZUF+Pll6eH%6?XsA8+kNJJtMWX)RnMZViBr%Dhc?0Q z%9Krwi{6?*pj{fttP^UickdW1qW^~%J<<^Qlz%GiLm#6inaUW}nzmGu+B74_AJ`kt z=myP+p{IXa`(Bltc*;b{8#B8tgPQM&YxZY<+W^shuIT}r-C9dHUE<-Ppahq2f@*jFhUp3eY{zI_l<&+3r;&W9q z7VmPt7u32rfhm-;q^;FjBA>wE9V)W++1Y2KFsjho7RPYQ+>IR9kl8@=1w?yPbh_6| zpYw8jO@HCEs1o>Pwup$1kj%Z)5gf>HnRcyn1{ZK@`&=Yfl%KA!N*=Hhgl-K;JCE7z z(zz_WU}dKWr9gMQ9!a1&I>#7q%|xH_Bc%uH5APl_tymsctMhx+*jfvkSijdvvPi!> z!AS=qlkI1$`(j>yt$3 zPyfsx;aTxv?j;OWx@9|pwx3YGGcyXOZ+cU)TaY^*Z683Gve6QcMezu^eG_wU^w~j^ zrY@dnK3Sr(lNC1EZxg>&25<*Jt%qEJHe%^QZ7K~ph&n$3ehN<}AjCZ}$q*C|; zfGRy+4NHK3k_D-1koW36956r@)n4cY=If`LAL4N90C9U000VETBR**3;+NC literal 0 HcmV?d00001 diff --git a/shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm b/shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm new file mode 100644 index 0000000000000000000000000000000000000000000000000000000000000000..e8cac3dec09189dca84399d389dfa4788796dd6f4e947c68acb383cc006f43c5 GIT binary patch literal 489336 zcmeEv2YeLO_iyMB1wlFr4n_KIwwC~s5JHg>NTEZR-JMOAY<9!$rcnh!M6pmrP*6Zb zL`4u#K+vcNiYOwAohAr~QbZ{t@V@8Xnb}PNg1_H;|M%WUe!q1yJ2Us5d+zDy+K*(VMka{6}Zh>9i)T-lEmhz4HF65LKn*qmRFKyn_5&ji{(QkKph7 z@TrEszr=TKbbLF%#($$KG{UDQ{;10Tj>5YY>d4pe^gvWprQ`Unj6bKz*T3K!?NxXf zAG}}bSAJb_3BJ*OrPKJv^A*?No8CWzZ#-XdJ#Gs#E7Y%4CCb%pwkPNH=cd@dpD?vT z^{TpR*Y1Be>f49A9JzgCY(snZb;C|AtnkZ^W2$HTvF`F?KR!Ur< zXjqT88_)9oxMA~aonAcpX4UFXK34yy>Q_FPb9!gJuPV>&`{=iWqEZU`F8gZa*H0XL zqwXCSf?rP?Jadl!xb8xO`foI~)!ZTs{lWCol&LGv9-ewFJEuv(Jv*kZ*GJD^KlQ7R z+C1#?+}C`29lL(Uh{D)2$A@-Kxz=I%Lpj5WVmth?`uIZMucJFhfAaGa2jBj9R7~~@ zdvP&jcWOX|9qFHiV3^u2v zw^?11-Jv(QtTu}%*`z49#pSkH-DbOJ)Y&Y0o6GDLEe@l>EjcX~gVAmf4WiqwvpLKr zhutcfT}HjmX*5{PXv8i`jJ~QlpDb%01|P0=rT*DTEx&H?TH6C}H)!R4r0>a^hkx#W z$Fh#8Tb6aJ+RqyC z)m=Ha-N1)fOASTlaq7YO`y+?#R9N=BwYY{qRZ6u{wF} zCRgtG#|PWujvVqN4xD$t@6eI;>xL%pTGpY`9}Rx#^~SRIRu4LTX>x<-Jg@EFb9wuE z;h`x*-}t=Kl5czqTj;U}F52Gi`KYG79svFR`|n>2{ELBqG4L-2{>8w*82A?h|6<@@ z4E&3Me=+bc2L8pszZm!z11!dN?b@{*paLIwL%D?W&Wt@h%Zo^jz* z9UuCq#Muysi>fGJpTIX=;~jRN;%;>u+^7UDK)BQ#A_3!wm`%C2ObMo~j`TD$k{hfS$LB2jFUth#G!E;5v{u|$DuLAu> z@Y3&e-B!N7Dqm~)HG#tJo8@cz0iPx#B-ju-twQ6WYigIS5m#i_(fFq4zmczR z!#D6-RgkXeY;yFU>rwLc5qtypl^ys7Jgc6@H;u>1uV0Ci zuU+!>yYjUpUvHDI-SYJg`PwUAe=J|;;v3_8ImzgN!Z->=epbiY8p zUN2u4%GZD6o8Wr@-+=cue6j1P{Cag=eqDDizR}<6yXEWc@_j+RK7w!bzq+-2eH7pH zd?sBdL{YpyisJqFPh`A5EwM*$fo=+3zvz+z>_Nd36ht8u@Z@3C706-1;G+!xg?rMt$UN$`sJDXPq85MU1iz?g1+e@J~I!xPHPb+9%9nGW2EVF>aP z2vG$#OS;7r70oe{9xBX{x{MA=E|kLwhS8#R1Hi#8+U=uh_7h!L%Dk<)4H#1?2JMhZD&f`vh+-{c>;naM~K1X#pLF=#E_&3cOS!_3i)%L znb&(HAbEVA5P#4Ski;zd)9n$WU4EY=L`O%r6rBE?LctyIXA4c{;b@P2WScU+Jt}{JmU3Yo`5Vy*C69uUobZ(#~%nuE-jkt9Rk)Q_BgddjVMow zdH6wec+p>ONC<*_1Nam3LfqhYyR{sB!Hg~~TD4Vr)@Xtb4TDTD+}B#)t_4jPKyTHR zJsprjxdEThD&UNsh~9y56=s^zpcD#ud>KN}A%=t;KRB$An8=HPVnVb1E-4z!Hz+>2 zM@knWmKe7ukex3Eq!=KLK6zpw7@g8BJ~e$nQs3SQLjjudLQD!89l+YuSafEW=rHRv zlFnq&n2_$%hz^HEV|2M}dL91bFc@1z0~dTcIJvL^5XIp4;esY#P@5J;3awj%PU)un zZ@AE0(71&bts;PFQO0vB-ZF&=AY~~>(2NyY01v>U7}9VYfL_Cm6XmKswG@(k-a;l! z3WbDt!I>#JvjirSB$?8L9MPF2W=H~&Sx{)}2s&Hp^;V-^Z*Hfyqkye~qbUJ`JO}Cv zZcnt^14*j>t9(NK^Im+n#E0ZQKAk`1zgKyXf8)P3D{PFaARdG`J`q*xv5)AN_}}7x zo3cFqx24zk|E9>-^eg_?Y6|YC@894LSGOlWF2`plH4%Ppb}ZyCKJ+gCj*4;`^=8Rv zwb*qoi_K(pSu8rE%VBd`+*XIlY0!zHWOdr?qTA?jn~@1L>76E6Z+iBDpEk?K7?64c0X0yqR z{HFnJN1046v)ODgo19Lk)hU^f2{pL&R?#ThEiSvuY_L0w7?jiIvb!B_lgT04bs}DM z104pm{+}b$WYjw(lg{8W>uh?1S#%gIW~T}HQw&MeJFON`FIjCmCvvkcr_*KBS&+7M zTP>30ayWHHk?rtl|CN8t$f5tV1ubYS zrgjXCarkcq0lo{q)qetv(&)%fjKkxLafrdpDE3#xH#bQ*b&+KfC5zRl94X+{bW=^6 zC=A8xakNeFXXgZ@AS|jL9GbSv0P%##KL&`E*% zihR3waL715o~S6J76mODeUwRS(dyVY{nxBDu)p;tt&!y6xFVPJ6#q0{6z80DTbwgL zSj0YgE#jQ?2~G}w%nuhi@3|+=@mtk6$4{RWIrdL4a%}!B&XMLR8hxf^+~^-y$Bq7c za`^L!J#O^o`bF%s{7TX2XT}zdeyT&!=(*p;vCk7ni$>4vA2)i66gT>Tx<#XXXW~X@ zKUXx`<%%0Ez85!oc)Oy}_g9S@-J?#?=;(Li(w9A5l>Yo5Md=S6k4sM<9+#fnF)lsf zm7?^nZ^fl|I8&6~s#;Ncv-gV98?}#1uRer*Mm?x28a3rW+$jH;xRLv%xRHaNDH^e9 zW88@Kfw&QCCKio&y<^-6X-M3N{-=sY#QEYzbS^9!ao4oC5!JR94Ih8CXn4)IqG7vU ziW~NUw`kbmj}#4RFsvx;V)eMRmlhSJJ(FFOc5kD&w3ge8(wfG^rT(OeOBMf$OHG;{ zm)hx_qA^}cic>s+sQ-JfvYnZtFCz?T7A`%`Of9)eL4R(*DaB=E7ieA5KOTeEmkVa{ z@-C>IpalPBT)4{&_%;83UEO4eH@W>kjE`K87yfFtq|FcmE-4hpD1lsBe;^~O{ILBG z46-CG7Y7!?J(wlRgf{MmBPj)YApd#Sg74T%_O5=)i+O2d@27DSJjRj9!EPSSAQeI*~Fwx}_5(Xt|3_62BW3X9` zR>7B>?LZWag>jfeYPXrpHVP?FfWs3E=2DmgL6ic7FC2wJZVnLYk|-KL<{Cm_TB}xZ zX4$(POLWmLN+YEBv!##+=9G}qH<7;>^kn!%1R+@S{XEWqKj?Rd&_2a|(3J#`Bo?+~ zp*HFaK&fwOg~1d#3g$Yp5%CE~V{<7o0f)PHw-h!S))2)olpZ@$tVwO7DZap>1no>r9ru^>Wpb`QjLOR)E7P^L7 zh4)X90cwJTt2(ssz2nEr9;YPaNr9lK1(q3H zZod~{De8hxy?|-Q^k+(F%{Ky0UvJ6tAEN z@TYrR?0&>;8Xm(xf#9de2aCF9!Uz|#J;7`-gdiQ=3%9_3W6knDJ0fuA&p|`VSgBD# z7~XQ^e+Zn~%s+)mg$R_JCeu67pGFSkg}KF`*BNaFbQteOa9D79{XxQeUrEf-WQaK` zh2d9B6a7pKW8|3RA!PaufltsOngQyAoIO~G64R~Ds#8qIWKipf`nBQjmW)fM@Yo zcr=0%#gB;5(>$;UJpkr5Ga`GqPva9b8ibu;;Yt+WQxMSu+{Q3X=q<3AC_+I~8i70F zbQ&n$avLO@-eeTgfC`Q_5P%PkDHFgslGEcxWES{jt}Y^tg+y~9P!q$O)nGH~^ajBh zD9j1@fw!z!a6Ah;3#kM831V(2(;x7R!=$hXr$-8+QpamHYQbO{kdRD3n4JcvQFP%|p9`UHm&fgv0u*F-f-ETRjgEbgPF^4wl8y~9+nX=nz7!V!8UoTF{g>@-`ACZRVq;K~JSYBWB-hH$9zxIc$-N=yQ9 zjl|TQs(%ELalEPniB#w&=?Mg|x=^msaL5*t2s90mH5k+3G%wP^uQ_i5)Cxv3*jUd~^^G`8I zDVfZ6yTxeHW`?r8AUK*~rfw2_G)o%bO4EOchG}eNmNYa=8b_hVCAr01Z%E7KE1O-3 zy~Z$8_T<8hQ(hC=j)B!TAhEkfZ?KZ3);-|QQISYuf#f#fL{ki=)b2wx*$~jM-v||& zkYAIW+AkSWFav`_0GGYTUgM(>@CGJOeS>C^-hk=G-zWx&k&}+e?LsVHLYTh>%MdG; zExk-X6l0cl#fHMV9zeiD5|oz6VEBMUW)mfI5sTAObJVF$av++o7y6N$qMVU{RF;Qv zOAe3rK|w)k5Hp47XL<)=dV|9tBuh+0L7X6x-4}RBPGz}2a0baM`A58fRY-P+#m;70 z6d=H|Xhg&lEWZW|&qr#Iejv7jLynhZWFQaCpt%`7@rK^yvKWnap}QyOghS5~=^8HA zWNi<^56B!T3jNdi;w6Yiqt#(#vmGn+@aDp#BS5mHY=5ATO&8P?GfzAkrwIIlHJPo> zGwTqVXvN?%Ne+jZb(u~HuXM5<&>plOIz?`bxfXa*5>0l!-dXBN(s-2M2M*<~-MKy| z$z;5wbGl7N(a8{~$rim3ry7?(mvW>)Wbb$*R2~=;UBa~ir;tL?TirT?(J17|V0f}g zBOsm1Y6n2XfkLGDFu9m3r7xox~a@}9k**JI8sdZBHv#Q5%l<~|_D zgL(_7*jUDwuy5hlA}Y^+moMnyb_y`WdqA+l$$&z`Sz0mtU=K-USzHlS5i#I zS8`(GoSCTOa60|DF!C6ywKUlX6XoMz)&z3({(QL3u*ZD@Ubo?OlHBFvXVyfX7|P6% zydrPGZbA#g2N_3}m%~{bS&}aYJW3xK5Hp%7KgY91z|G@`sNkea;Bgv|Sx4MdyIR@jrZFm!#k;HlFumU|_io3VH`k%a{3G#iwc6|&u(pQEX}IK( z0?_ARaZNnza!4eP6F?0DU%Lw<6e<%8NLR(MKO!HE5EV?4LHb3A41!UJe4Mx3mg`zs z2)PYh*Rp{yD+C6DY#(Uk;E#s=?(u2hpX$w;lmX@l=z35=5ClAxwvc5`x+5HsU}ga{ zvO@~xOK`tP`ErX;7Mh}7EM^IC;8M$Mgj~+BO-LFXP)D>=t~tajvNnOaS$-nMYqI7t zxQ!+FB$l~r*HvD!ZWOKdQty>kkFq*;>74(eMwX2Mo8cDi0ok~5!2T|ubR>jwBMMru z{Bjw#XBvzBv2iLF`)IQ1+5zzB%Pxya>a1~8GF2PIiV@N%2b zUi75mpXgbnlI&g8*e*Yr^YG90NF2kzbt30ZN0@Z=7OT}Hq7VeWzr$uXp`ZhGDtfoh zW;M8U$&V^oz-Ba;wHDrtaDgUY6GgU>77QSWGz2qMzW^PV$&IP zIus&FcBk3lG}{e!q7Bh%Hri~r#JDOG$sTL@yhF16UAI}0;;dmC0)G`SPtdm%ycz&tJ@VgoU>vHe-l%%xe zghah@B4(5Zp#83cJ#L`1@(21O$e7HR!m=Y`?hlb@KJy8TXEO5Z6 zY!xmS1+Qg^FGrtw4oeA)ag0$!nK?gl*(*yTAV!NYfEy+@qDtsbA{U&n!K*k8I!IKD zqE568cLS({FLpYmN;!uV=8H} zscivjAqP7fv?0exyvV-+8-71(T6tS7Fb<87kE{TS|A;GiR8pZOAr+ZNuLLX5MeZgk zcC@CXNK8tYQQ;*thN)#`(=6=5m9U&86Z|NQMo^jGVQrx%OoS^#h$l(|+QUPo3@7L6 zZg`Idiuy0a*QnrKLx@pJbuscVMChF-YB2O1)oD5=_ z9HOjrgkLGG)?N)QaY+D%VVOL*#guaqSn!<&prEY82rya2t()TEFou4{P0aE^q(|!* zXCNH9{P{jsg)a|*S0Xc$s3l4`S>O4YaM0*sCgjwpDhv5)oq19^kzTsdVmE8EgOqnb z0Ujq9q&&EsAla`T{JefppWzk3&QvI2>X~R%s41TiW%&oPsz)Ae|tOYvPL7EU1yilm@aM zWWcf{8sK039Tq)R5h`6q$Vde9oOTy16PqIIV!350152~02to1-+EO#^m4@1Je5r6G zOKO+54hpJ>Z6;AP+AUyZK*1&SErG)*rx-N1j1ZSy@3dGYlo)U*D5PCJT(Hi|8@M%3 z(rT?%y~!k*MH8_!!lWjfTZh3T;3gLnD=|2i&=-q15LH42Lk`HBq(%+|05o36@AMc)l@D4?@P3N|=cjORdVp3nBhvf1HM49V(o>PD|1(8HSHV8Oa_$EY$ zlX+BAVLmR}DR@n;J;sWzj1)i;1f$LAw3sZcBQm1gMhi2zoQQAug9L!A7}(py3FyVF zNBzB{Y;2%))Dl40v+N!gose)xLeM7|4H^ehuS$UghZy^O*+Cu*7r|Jb)n5< z0!zq5kR9*P_F45w3&fnj5? zh$2jC-Y*v71j=|0wggpK^hioh?cHN&I=6yg@{n=iVvS&-g3f6Xg?OsyC>cX0l`1KZ zQz%MK>aaIal@BT4W>Sce3s0CLSWO8~#C)$OciCMmr!d3YVsVW4l!V?`X9t>)3-8(5 zB*gEC2)p?UkTMdLYLftHg%C+}#=C(Cu-nWmB&QH3<>x@6ND63E1j?geEuXiLJ#NF= z4yRcOb&w`b>D9YmdiTUZiG9-tB_?-EN=XbC$k56v3>uYNEb7f#uwZe5Tkqy(39C5) zbs%1kKCvDL+zvbtA9{Q!_~C{gr~v^;H<>DK4_pDd&C&rfF@oSNI@r1(UYMJR#icXd z#kv!nl%fKf9hhPao^`=h8)a_LH+#%zcA?nH1_6Xrkmz!Gh@-Hcj4uUZDi-F8oIYlj z3r7dmci522C?ypDB3KOC*@udUU>gCt4=Hb7h(m0$AT40z5C_R;QN+i9L|N^!952X) zmdmNUZ7{%pmka`)A~>Z$xK@BXBsm#?6e)uZ%z%Ib^c~OwS<4r6sTK`m@qS5t@g8*R`jAnrovnwUmJ*|m`}qcmzaSB z29pRGzFgAr>@|yChj1jQ5k{LfGZtv{L5d?j%Onspl2k-_A-a}JZihE+pu1hN?& zuoo$rh>Gg4(*sbb;*Gk5&r1|Xi#gf*AQhY4Nj%RA(AX3qAqC3_IVmxQ{u87tS0N>tXigac$1O*b=yOAw?S;WIV&UVnsJPwG>Vgo4QSPR5wi1Jq? z88!DMqeCo@3?liK8G@5Z1tFaNL~P1vH3HrKEJf;t7wx+68l(vkyE;Esv)!#jK8eDg zv;ad2z`$gtaxUf~U6Hlujrmp#I>fH@ZkJo=iF_PGV1kkXqj_b_%}AegQO|?~RPlkg zA)B;X4kXN1lhYM3I+meq+fI>E;12K@%eArO8|zdL`yNZPXk?`A5#o*&sO|uH$E2iw ztTcr^XEmElb_b`NSRP98g);e&Sd|lolIbUEqN!)o>GhzHk-hBHIh-yXCXPH|vfasU z=FM_bhm*U^aq^l>WKnXFk%U4Jp$a90=vk!;ORAa42WHh&x0qDx7Jw^=%!&vZgeLq> zI4Y0?$WG__`0!D+1H;aNq+>2{z^O^g(jvu@TSl{*QvtbhD-6;BjuiP^u-z$v3Ki20 z1tKY!eH1kYyMxeKOI|0>4;d|lh3>L}gL1TixyV)xlGF3OeQrOn3g#yRTd##Z1Rg_R zh_VexSrv!JVnS2Nhzw9MmTXHg{^!F=#{{FO48|gwq__(fPo6 zN13F}csj~xql6I6BMcAVo~<|Mi_*y$L!B|oS|Ek#P&D;aS<7~@$SfKyWEirhs6##h*4UN#} zV%3l7JT3zoP+U;30b4jtcq4gIz=(#fSZxzC8>mgZh{|d{bm+7(az}P@uBj}Do<=cI z21Ed;k6dSFqpNj}y;4&LsAefqLm4SrlaA7^JwR@hZ=(WDMg1`!rVO%&ZG<;udd%~q zuD4rKQYsZ863+l^IWkFHBvUIDJP;BQh2sqt6auZByiGb94h$c~!$Qd&-;IGHC;?O{ zvZ7eF6q?3R?A78ZhfPEQC92p^f?+-4`}XY?pU@}0e^US6{b2#X4Cp;5k>Rw!2fLFI zlbPrtm9I+Af`(?^8+BHk-&t}UF$OA^Wa>Pdg`_eiZw@!YNqvf3i*weI2u-{Wr=`(O z&^m*8P!24L2m6qf^x!8JR|M<gH4}_a zrCDM|%DD%@w_ZYzQVO3=)!ef9i<~)qSPC<1g774uNh&0widw2GrRX^9awrGpaSCmd zdvzNov_!fAMy8pI)BwmMz=BLvKcOcysk996WoL#7HwYNm=Ooz>bt6BPwn|{(F{uEt zG&ZbKd3AvGdKFcB$gorn7z%M4g^tIEo!(e zs_A2J6d#s>7_J+3Q=snPMEjYR#0r42xRcdCxS(ZY<*H+@=-ECHiVehze~HM-sGu+z z!gIs0Ra`aDJ_@GfL2)UL2rJMf zLg&@DOgJh*Zor<6vNLGrabv_h4^1vnfRUz)%O)=0X?Xz67}e=fsb!0laCtkQeC{c? zpo?&%g>X}R5{$&XDMY5Qrp%ZJa^p}cMNbwJ6DA{5u!@BO9R;+@)(K#Qf}=$&kdjmi zSB8c)naIqMV&RW5X?N1)0pOOz0K^Wo4k-LcA$Q z(2IwhYEiRB{qp`$X zn&^F+%gCGnYSr5g9yO#Lq+iIB!QwcJh2v8+-t+D*(m;8OOVI@142Sm9p@TRN@4NUcoa{jY>AJE>5HF#1=*k|z6qU&68& z{>_7$rNpz1>`bL<91+8CK*~)?GvRa_k8*e|Sa4m$af#nSQsk2$ai z>0@I~zL1WAjEIyC2|0t)R)bcInaL}f#LR5Du#Cfu=)9hl-m};}j2DgHtwBNphJL!s zp+SsW1CuL|j#4t_av~gzQYlu}%ev{sL;mU;EGl05jc`k8S3MkdA369gS*kA+@$>j>3Qp6*dZKKIxFuHN(mD_BxII&-y z#b|P{YJZL=6FI-d@r0UV8IY1u-5Y?zqqfv>$(KN7oE;+^c?4Ckhb8OT?zUU8DV}7< zpSYk1jj|p3K^NyHj7^)s7^pe#MB8Z@w_C5HD)wPM(iD^ zLz%zJ64@6CwPHg?{kM+MER_yXdIPk<(;E@J|AXWR>&Ij_I$U;>PBKRjCi7{F!GMK6 z1_py%E5})!YP2Zh5ay3~CUMG?#PY)oM*p4-bzf2-CLC~S+Eo|%2TXo9w&w@#_B@#71jlID?}t%=e9cS5&auE1(M6s0y+U3 ziniDKTgYp`)f%_3l^>%9#~^2kvz1a~_{~&_NxOkiT`S}!RkeriU+YeTm$;oh{&o_R!BpEHd4YG;(ARnC9F|Y zusTt$&mEDx`VRN)#~g>%4U6|M=BFo)%zm;hzM!j(885sD4KH=SFsnh8!d}$gb&7u0kqtIX(zs}0Bj(8BO%jM|=4MT|{12mMt zL%kQRXNMGrXmLaUM1~trzL12M(-F)vQ{HEFLwKLKoSwn^xfzrVQ2?}oHL`PP#I*XA zx?y^s0G2!AHU6-pSm`$vSyRd#?NOjm;Ja0`JO&~ZtOSLblX5u+9+T?<$YMdKOx+SB zDS(|D*X7!Dnb#JfN(*^06wg!1guG!fUpWOK!{Rrp(Q>n;1Z+(p4MQnrW?~UPpk>r5 zzkOO zp~Q_QrFYN%nuIW ziWY@{(0Ce>DLiOIC}r$=$u~tS3x+5Sr2}By-*^E89+PD!V?b2*t7~4cRN@Bfeehy& z=CYN~+F^`CrWb~Gb8|;wXx4bUs2c$UHcCNqn5V8$>(6q>5jZERP)S+k3*r?(5`Ioy zX~g9h$qwQl&WLoS&@(j_kZ5BbyidqetZ7(Sw6Dexm~Ar4+RX4#s2IBgyh}K{xqJ=j zbtnUHmSE^og3R`xIfsB;E(p6N?@%2LJX594+-B8TnFuRE3^#QTIr`+%8ldJz#Wi97 zFpN>SpAi^!(T*^(&jPCz>%`zE+?-<4(yd=^*OtZ_Y(WpX(YFkm&kWRm|!zDl~ zE$D)_0Bb=N4n*o1sAnYE#3Yk)Bm^sSh$Pjr{7=FgelNx_MUav5m(4waB0nPVN4R1P%K~~Lf}3SBLRy{#KK9U{)jW~j z8DOXFI*|TjMH{@VS*h<+xrfPu2rzlL=Vq=m!J3LB*XMgSxpdt-^(7Z|F=@O)x!7^izgY9Yzlbv$S$4hgbi<9g=_PiS02( zMXcqbr^s3SpO6KS{YTJqc|vlaCD8LNic|FW-xjB(nj}$8#p#IJp_(Zd)&3c@HzBrf zq8h0dTy~B_*rp?dIc@5MVJLAPwu>W+NsoXm7(sPm%&cMS7b!JB55&+4X0WOH2pYg8 z3kRvcu|iT_4-JbsOTtMs#MY4&RLUY~M1%ps3t|W7uHC z@x6XY*fRmff-YLbrjh-`3LSjNiRR{IcvDc-MF!>-e6hWIOe(7)Tf(+#?0`y3z7;M8 zS3C?y!3Nb7mb`AB5+cb?&jF$iEQ-p5d91$Ag_He!A+~g?1LEJx8i|yA&$w|25iomG zF4tz!JtnmMut$Rq0vQ~YgFOKPtZC(Sc}+UXd1;w3Ew5bAQyR@_@&s#K?d=ZO0UB&Uq&`d~Gc4?s* zWkQ5zI*e9@cGwh^oIxYgpsZn~?yK1I40j9>@*+H*G0*r!&D#JbMp+bZ zp^XYU+$7qj)99=eRAi6dJkq8}crJh)d$FAe>$hZ^{6V8hk6m}LYd#lCY)=Waji12WC10Tt^8^VY zEaEPzZu$O!$`bg9du;aTO_`H4bncX1U-AhKj@6_yv8=90RS#4Ofh9f2hnIZX<;N!3 zAr0IAh8_Xy1C3bOAbLw-WKds!Mj{ojYgjH=)4$XnhdirU>O}$xTh1X}qfu;YY&7hP z9C%nDa+CwxEGu1_GWqySX1xJ~#un(5W8T?IHiOk_;i+zlH)wDKBw{eiwn#FSF+h}< zWtqDtQBcy0#bfzc7zFW8#rfeVxLmjrgivMnKCfdzw#b=9JG6ie<*li}AN-^YMh9{g z685rU5|2`~Y#q3=%?|XgDhcI;is&mOy3|4BqP6hUI|~6Kzu}Oq&Ba&V)D}6A}`$bLbaR zIr4beHpxuE%5M;8s6S(QXR5L=|%thpTiBp$6>cp0#lOiQFt3yH)YRKqj)XTGL zAtM!od}5S(|n!HSFf}8s!UU?W99H1y+mmrexqlDZ6J{mxxALC`TMk(EugA$ue9qxxoNC(OG_q?}}__l9!*c zSSif^N&e$#qqJBp}RQB$Fsik5E}`eI%6zs3WGv z6o-q6=UY^wa-Zl$eNmQQ-~uIq!*);v_oA4`W+*-+np-v%g<(r0avZ8$RHY)i;xDAb zG$H9o+cTEk_|1)nGP^<#5ixj(cf@=YN!dNIM|@h})O3E{xw0Wp2^c^@vIEcEQ`Fna zn-<{?!?K#8k^hL;If_7HfjQWlGO~&Z7z(+QKR~OH6@o#M&Z1~Os~H=z z6q{Kt&lvTTv|b|7fTgqsB-YeJ6VRvHzCtXJu1w#{vJb?5FAXbQLMRz~i=<}<(^Y|t zA#&{{V|x@IiK$$c)s~yE*z9(; zn;6VD@(D|nfbenwlt6~4a*m0Ph)NU|9bi2H9o&FJ296yv-%+XhE>W<6Z8S0 zh2bU#5kGNAivLU-W{}+Czp}~}b&$Efd~D4DW0S@O9m3pdHYuvTN)wOD9%u~K{$N^F zO?!tiI}%>4Y&2pfN~qy-xGyvyb}SfE$Y`GuWQzL)B4GuiWtx!O7FI1t?3}A-;cJ>r z8Y~uJdO1CS(j#Ku=#U#zEXswQwP-0iTkQ-E1ptw(&aE){IQA@0NbSvnUDR02i+XE8 zx$bn?*hG3ZoE>O^s)g_krDwU5bnMJ-F(Ju|BFc2y(f~S-2gE4<3rQT__mYevTHH)_ zxr$?w!ex1Fgi;-j$O0&^!=KJ#kVx%Sub68p{ z5)6f3Vdd!5tmJikTIE@6c51P;D~7Hz$eHhQ8|H2bA?VE=P&R9_%El1}BJ;Z5XfT*b z+$a{Tq9{3z+xCc0O>Aj2nC(=G!T69@Z-?`|oNItQfi2Weh{vAgIR6V$n_Im&CW0VV z1TWzrY~<6v3$k}t@{}kALfSNeX^$SjC8Q4DJdCgUXv6F~^&s^&2tQzI1O;l;NVCmh zc|=!el{}zddbhOReY>Y8V=EBA*^gRi1I}s#j~8|Ntj3!OwUV8c=!bBM za4^au6$QCQyEP||*c5z2v45Z?q^wl-1y#OlCl z|B*svgE~4k1v`IGV3%T;s%*GvNQ#7nyax)567;6X+#p6K?@$ui;7$EXv?o8q1}I0( z(6CE#qDF%sk`s<9Kqx@4$l*#hrT^^^VtHais!Slv)6r$&4XtHOs8}qZsL~*l*`l-A z%r>)zQy~lf!Nica*9mHHdIiE>CF5htzCIcRNwI>6(`lKpQ1wZ<$exx=(bgc^Qc+VD zCB$)v6nHJ!A7^2WlTHoFk+S)1Rniob`9v2y^39b5-z=B$BiqqeHKO1dVsd#zm#Z35 z2IN&TFNWsjoGZqNp4h+k7JGC~vZdHf2@F)6H%95IHTj zD`nZ2pLnP{X11UQets1TW|IKr=L5%aSq8yNjsU!_nykkj1ovCZl;GXgc5tj*EPHoni`>bVAt{VMt8M3JDF!xWADO z_;0G$>q`pA05U#VhR;JKY909B{KQ)n*f?aSR=ijQ^cl;*x)e-W?CpgL5qLj@4EiYp zgolkgRFi}~%UT~#&3EMOPK;<+^@ZuJ2XHIcmw>=@ zBf-eLZ(L#=sx5UReqnNftzisEv^bB%0962BPH3~&VkVs`$09hM%dubxiwLllIIU%2 zJM~r7D zP!V%Oeqv}wbHvk#F_Z4(=dvocBugbxA}Nzjo0c<47yvd<1Cc0O)vNwCXoRXc~W4F z;FC*xY{p3kY7$1+Z`s-MFJWQ9es??M-xVT^V8zld&5cyZ4d+M!OI?~%Mw+{{5mOof zMdvE#YLry^Fa@#p--I>Y+5RlPdv}12pZcSJR-}?fWTIXPHYqoFE-EPg4P3V%CJ&Wf|f2L ziB9L&@EyfL9EvVxoM{JI^{RPIixJ~f)36bH+JNqeY-vLU(8}-)X{%#d=19=Y#Q6+s zXijAqO?x_^9CVh(*H{rkNZn9+7tuz_spW)o4Ooa*0wDrbF`)tuX1Tn%esqRSL;r$G7BRgvrK+-;yki>BNSyVvj z)@bD=!(rgaH*j7#vSIvQ98lcqlUCtMo+_TQcxfe)6YQaZ)ilRNdleX4jb3v8KJZvZxVm_!$>X%3mt^J!$+sezY!_m@Ldb9 z?P9?lWE9|;X%r8lRLvCGBC>i@9i>}Q!z%V~jSR`6A;dE;lJNqlFdLRDNfLy>mBnky ze8&$Mkl4R_`rzc=sfmmkxWq46;vlHINw*n+ZBkjq43Q(-t64TmRbB!!mGM3|W+{Zj z4%(BK)&VYFDaFqBX3AL&En^(A1VYsk6PJ;q93Ux!VA~{Pl@(4TjPKoDFPHej$zVZg zCGxH};V{TzaiLOkMC42|gu4UWTY&$FJ<9i#}X&;lK}Y$QAY@4771Z?Tp9K|$Op9LW^_=|txQLW zX_ptTie%RIOit^T-W>)>@zH1xeEZx0{}51mlvFpmLo@2$$CfX zq8k~;H2eHM6MW2P20MF+5TQwMa-O{J4~P;!VM#$`Ksy{rAr@p;r9vrc#Dh%)k&BuY z*5%7&qVP7`4cjMCX$s%if|Yw>!evqhusW?hf>>l_#~{0Y`^9fxms-P*U7uUfcgaX+ zDHw?Fv2Z}HGE;0krQD3$RwZqF0EJCB_)fGX@5w}@s8IQ~3LyXto~&DIGQgl%nDu zg&d6Ity7=Hq~rC;6ZmD2g(r)bFfp+Z6j1H%>H_w|VMrJ~cLJGnhJ%I7%DXZF!B)WR zqG}CUITX_(_9x%qDxMvYYS&v$2GuE38SuIsM!iy_G+OykOyC209w8VcB6%$U-J~)b zCF2#z`?koLMoVSL5_Ey3FgZL(D~mQ(dZdaSt&a2!tKR0=B4v)mL9S2!gG?FdESYKO z3{y6=$YF6#1(U&?MG(pn3T`;U?cd{51oS+MY-2tRJVk9Q=-w9$TSr# z_==)?{nRrYC`KQpXis***oy5`MYrfG{Ie{a*soCuNdtx^_wLy%l{Lxp>E&!0Q7G01 zuVO0J4>Js-*neplF%f^V5#a}_QfGB@#s20G)4d>(2!D(hJK>a+7$uQ>{TnpYVs|5( zh-jT^^=}EM96B+7BudH~qOmNYvstc`GQmfdG`- zqU4q)Bg*dx#>T`jjihBefw`m@DsGMK7cL=+HP|eA8~Zt(7iViy1{l-1euyzyU5JTL z#f!ydH=FcElT*~WjiTGAGnw56tT!ckp*Bmu9OcaM_@fHOMVX^G=6IBottnP%pZ*~F zr++2+n|Ol$5uYmmNJo>C3t7<&G&Fku3WmS_p5KiwP_=3SK&7#WD0!N46h4g};=ggS_-o*Qy& zY*9L=&2Gg;xdut6H|SkvryD0sN_vAs@34vvqtWV=oNjDi>%eKbZkN+$FgndPN$+&p z^d`ILaI$G2x!o0?YS*s)O+VDWVjVYR7^dLR<=dB5jA~w?0e%d{9DU*NH`h*I9U0ZA z=8u(~ivo9rVjX?^-gEe;nkQoJ-8QJkf`$u!oN!{%>;2N2oOz|$-VcX;Ip|8t$#&YL zu?w%Qob&dCt$)3HF5cnlY3-qNF1l28SH)&se)&ZAt~(L&Rg26f0w`Zyfy!=CSO(9H|>o^DJPl_Oqo7^&b!;| zy%TKlNz{Fp)^>Vwo&Dp>b2PjBmrn-UKDW`@=Lz%soy^Pqm)5@ZRF{Wmyf<}O{I2)D z3*CN?xkjtnWAaB0{`UT!!6x54)pqu-VJEgWAK$G~p5w@z12gV;y-M9T9(dxRub$j? z^4aN6RC{Y&&ud3xdrz9VyMs32?6%{_H(2i&v8m(5HpeDD`O-sYH$FXk*NB11J61g< zH4aP}@_0;k^`X_x&u)`zj9(^hL z>BhAt9~k&i?F-+y_K#UNf41x0dtVtj^vas81)c@pjrbz@^X2c1{NwpMbra@y>)HJ9 z$yc=3#`W?&JZWlH-EZe_mZ}enZdm1Q%ev`X^^eDYIrOV;kN;Lh=&>fIQTl7g4}I6} ziQC?NA>p$F^~U)Mw;Xul$ED)On`-pG=j7GQEthVu{Gha@Yen~{FCQ+bn7_AP!j8+{ zgZ? zPr}Dz25&wRJ#|X@i4P2YyxXe%)~iCQf4b+p=^f8J9`{JS<#(RTd(}7T&Q#-wev4O) zoMgH`<-6LBf-QZ|-LvuIm5+2ZXhy&Ci*eAIb%bceVKal@)gX#D7No}xu)}}7OY1ywW*_k%? zncmeu-BUFC?4gSt-ghP~ZPd7zPwQXbu3qPrpTC)}Kfhvg$7ZQQr9PvVja_Fdocl)4 zW9Qenns2S$tJcX-pu)w*2W;IYKJoCPtJB)7-IVxO?6R@Pr%(D~(};(=9IQFNQ}BW9 zdDR?0|Fn12$cn4yu8Mwn(J!aH2VxxBBiAhXyDz-6Fz>gA*8fy{VBC>qA9p=A;Ip-L zD-BwEA*bHff!ls~e(m$8?l_lv?CFcoSGZ^BM~Bb692h%p#KinB{%)50@$w`4Uolqi zI6Wq`H2IRm7{%d_YF!6kbx&+4D_@u(GVzc%KMx+hFo6Rk^zd3w7C`PvSR{bF^| zNnzHN0k1lewc8|vFPxs`1_v-|0{<>W&QuqJ85&<7d7#>k?kC-llGTMrKj%w+Ak7`FO|9NgEn&Gxd1z-Hq#7H0gXX z=Av%n?#}DQWxs#gmW_-L>0( znB4RHsgFCq^3r{ec;7mGR@_j3@@>sC2Uf`*vN7?vW5i1M?1_cjwF*RP_C8AMX#H%HGtXU9_})*t!0>bzhy; zyk7qr{+_n^whd=$yuM)Fgu^Y)|MYp~g>MwJ6#wW~aQecJr#&?s_jmtgccb68NNtRR zoBq;z=j)4~>)y!x;fqZlXtJsPGiToU{=$jN3s-dhFze{-JE}B{t^M2pPuBj*EiFqA zPUw5F`#W6&6OE~vm4_x?Ot|~Akgdj)S_z{^v~9KX*ZcD-9IZ3#^(n6%Jdk1UcXea6 zh9m0w`;Qdfc(3EbmDlc_IiO;LT}5*bb=lpgs($nRA101FRjY%Pw*B7O-|s#<=Rh$3 zyLE|QcQ>wBbUf+(30GTfvHke>vCj<8Zmsu#|BLl)jy^N3jbVhfe$2De3(tQ#`1yn9 z#897I6YrWEYPMsi?{KY39glr6>ytHyU+<*5wxE$qoV(h$t>NU=k1uh((>l;R`^|lS zbQ|d&(6Qp8UB9=eHF(p0`@5^=#?>iGHYe^|apnG31}tg1?ED)eFO8_RvUD07u)33tz~|H^`U_8mu{#`RmX{MS04^?$R<_N-dd8f@BAZTz}ddYt)m$DFf0 zR%_}s2pMbk%YJWl&uJU%4O8v!Yhyq8`kp!8RIPXM?;XkKR<3S(xktCviz`2s);;G#rTurF zetYS&QllTD3U@bedZ1p{=c}*(es`S<-+R8uPx!K8=X0T#ix$@Cmw|)IEB;>X_|ol9 z{W7-FI}7IOw>-3M{Ekf(bSu-RZJoS1@Akrve(&(YoBI##AGY(z(GN!L@OAFz%5UIL z9Pa+}$-5@reR1Z+zjSrqYxKvJrOU=0+Vbw)!*>o``CNxP?>f-5@BS+dGx8UI`PhWS z{S6O%zop`+qE+WtR_uJ{^3H94U#YufOZ2DhN4KglXJ=yJo$o$4XhhxEC)fEGv^e%m ztFa@#sL*NIrnu>6m*#%=S5d7taT{OCuRnIPA*<^1?_HkQy+z}J=bng<-?CaewMClq z=?|L?C`fzf)5OABAEvz7@2m0kcPBXe9Iup|a;dqnt5=7@meqFt(Qf~YaVHLba;*78 zLxX^B=Z@AXqaOAe^1XBWG^q9JFBQKSlT$l(+^H&Ueto2Y{euqQZRps#tGlVC`nLFi zQwL@I+3BOxyB55@=VY^40kPrC2EE?7eQVC-=HI_MJ^G8u86B4V)!Z-4YxCE)vqyA( zBKp+T(_ilyDn0%9o}Y*HtfqMh# zgRb?DJKujH@5iSaZ~b$|rp!GBufK8Sy`~#;w(s4L(EshiCr-zF)}i7P8#gpQJmrGx zvl$}~FKL~>bM25{>nBXl9PskHuICGFDS>J4-&JYT>bIhXZMiaS{o2`2UhTj3@ae_7 zK0Q=aY24fq6;^KO-)7f`!5NLdyLaEZciuSH>4iGS$G$k#qy1}s^0z0~M0Z`%e%vEt zmsYzp;ouL|_PpA!@y|cZUDeq$bxND3?)mob8801LHL2N}x%Y})U%9(;({1(bv9Tvs zJ+=3?OL3WNS~tHmc1P2F51bkDX!6Ro#}dAKW#s!?vo9sgt+(y=8B^a1?JfAG!@KnQ9-kJS{lIPU55C&xm*FeAw3t2Ovu+DFM0c3hZ#KMl$DI|&Joe}#`z#CA+&Al;C+im`+J;vCwALfqp$lv?YxX{!lUuOv`{>NY zsjW|6?K(H7^YocBp1!mGSLaUtIJ?H;`=`H_^F&j3X5N;UXEyFTBRZ6lTyMe8j_*#p z{&s)wZt67svAW6IcXfH~tJsE~*qMK1&wc*Fz6}%ZU*6|<`tREpHXSp0+ug@M{bAjcgU8uh3 zhv&Ea?0L9bOY^F?g+~|npBdHR$6NI`GGyMy{pZHMSdGFrcrv0<=i~OTsd1+^(j;(jkx!W|O)66&KojR6MyOLw6 zXIHc1dkZfQw*E4#{S!}2xTj^Kk8SafO#b@8#i6ciYW-IE^jj-a3t#x=9+1wA`Lxv!ds`SL9(Xk= zvv$)VFIRZ{i}(h$`npc!nc8U|93I-VvV*%yY*Mv-I|je>?vxkfb(wbEBONZili2K` zzfG0gtE>6vjUK$S>CV?a)24rMp}8aN)7bsZo@mwiu4|g%v!~WOTyxS7*WRh1GfbXP zzpvxzJ&oq3RBrK0i`FaaoeU;^KkL`G4!q;l*RhUG%YJs&-yaSdIcfX+XL`LIyJFlG zZSHTF4ZhCsmuCHD=xP8HL%?j@$d+zyd#m2vvG)ypkbn2M-@T(ua-TlnquU~p-V?nib z(o=;m{?X7IeOi=O&+q%us_MB#!y2EuHssBU9oxRs>(N$8vt1Xj?wMFrVehy{}NoHrgnylZE->em!5m;h4-tj zsMqWPU1f3a`<|`3DUI*z^mxa^4=(>fm^t!Z`@yF7q+b5^uQhw0ZdSQl%uDk=dSHCC zziRyMZ$r)9o6mmQErgw08hlaY^-hJC+J;wgo zx|Z!!-8s26fB1RQQwg8^(mnCh)Po;gI#n>F`_FfD4w$=q^qOqLm4Bkr*cLrPo2xdy*YWzxdw;q5@*neS&U$OiXQ4m0 zwOQQt((zrto*TZtThI67I^W$T@Z;19FSlK`eCOxEp*7!6ue*AdD|qx|yOq~2fl-;ncJrv$(L$l}*7?-_8Z?jsjo5FQc+#B@oS z_|;cc*LV`Fbq5aXkgYv2=J&Y1%SUcXI;%U7)&BD}gKgdihW=SMDQ`^sMp;KEWqv$$ z#E1Q-WE{IKsZO1Hy4Bk7_ObEKYPIdjUq89`ljL`Po$ToJ<I zc;y2J7rZnrTZ|ua&CojSwX41E>pIc%{@dSaoF#e9eSW3Mz9!EsPj^pUeShlgXGZ)Kd!WAQ<3n$Kl~?2L+S|6Zu2tp5*eY9JuY9KQ z&VVoT znzLj4jDt}_&t!jEr{7m+=dGyP_0P+nFWMVjd;Xd~FI}#1rs0R0yHgVDJsOx5Uv1~J z{sRRA9+_YL*)2u)zx<5PV*7Q<^0~ha-Fu+IvYmIl*Wih)=_~Trt!Y2GVGr-lS?_-D z>fGm>MsL{tzxLX5s>j&Xn_?Q@b9&UoOATK9?qHH_&M9-v&*nY<_n4#cw=J01{K5C% z+V;)g_divq;@UISy1&%pueUEQwlpkqnVKD%cBE<}?=Sm)UG>1z9naU;diLo9``1hv z`RJSf3l%`>za{?4q%>lNkGH9{v_+ER>pa*P*sVD*x$0>^$GvV$1NtF*wL7HNE5kcI z?HPe`2UOM&2?e`+OTCVmhD|P^7x&UsO}hU}BXP z62k>f?a+HLgCLEXUP!P6DT3>y^vUGi;Y-yUQRz$~AjT(9{{HO?6bQv+FqD-`Tp=1ig2h;EQZYio4m7yrfx3<#0 zwiQOngzNUm&-%E&z^6D^`SMh|(En6YEt}E)o5}J+X{%$zoZ_Qk^RIUozByLfUu2)} z@_i%t&!4YsaXQk1an}$Oe%j^%CYZXRmZu7l6B(;Phss4vZnkmK8Z3+Ih~@M>?9>xl zLVI>)H^g(nuA1-YWi8MT9nLb$S`kAG4UV77`iC)o5%*a1?>>2C=kLn1Ae+C6C7|13 zAzQ=vy1J`ul!qC+?i0`OSSB^TP|u=EhVP#A^o%zZaFNogOXnLVT`yN}}slO)F*+0ywEvekD;1%82dr`({HO=V9{8ZvX- z^Tg{rhT1&C4Kk1(avErdZvDK_1t_6<{E9E05evn+XRdf4`$B)q>c|4m*tKsSwt?EK zNI8TGH8b!(bjiqt4^ZNt@;Lw8aL#_xbMlk7xsKrRj@SIlO&DNq+^=O5_i>StmBo@~ z5(zT4iwZV#eflCEW9TS^=6nFSHxsB-j?F*BbC9fvb1xDPucL8 zb624=%?`B8nW)lInx#e@g1LV#F7(kX_*pk(q`0zV!iKd&6QqK%%(2sXAAZ$6;#;S$7XvD;e|(iR!z!RO_f4^{?_apvM()~p z`C`Ehj}^sh{-(10?EM-m#O&W!)(O9L4|B#!^oPHsK{e90`rrNI@Z}M!!2LVD$4Xk* zXjM-$(ag3YcXT%_!=`OiU@(vj)ei>d$kGf4wKS&rg3UOOuDcvmWTr4W3k@L`a4Z!P z(e9q3-G1B0IXuLw&Td@=GFp@QPAgb&fK<3k!8*TXq-G}w^#Z`}`tp#ItS`rOU{;Fj zISaXExlY^E$B)|)Htf(}7Ayb9u$40u@8Br3_A~=E;K}1hN@$YFO^c@+!i%ONWNQvj zj^QTu)!nWIh1rnXj#S14k_^FQXE|#!tZego+ybj?4trHCw^5; z;D)=54|iVdmz21o7l{r8Dh;dKV>ix~LS3b2J*d?K?pY~vD*_sg`f^gakBe*SHI=iY zyj*~d97M)ETWKafHOpe@e8FQ9GU^fB&i=yKkriJj?35 zSZlL`JWC1srhuY*8q(EOx9ycOimXFCCL7vXF*ThULuAe9O zNv;GRkD11g`3>c;zz3u7n=~^6_~0F( z{AP8d3#w(CAH#y}zabv2E+e}9HZpkCl*m;>;k-@`IXlc1VpqNmHm0u501|L9DR~yv9V!5ezU#fzV~^S*)&z1_XNp}{4`+IS>P@km!>tGa}?d9 z4Xo*3;6^6l!DFp*Q2xpd)?-NR2388-IJEAP{gK3pFaftB@-tNlS(FA*rGnJNQRDzW z?^~!Za8KvQs1mosc0p8NzV(Q@vjpoi+9Nhcv7BJrvX?KTbJpQPi`?I*KzGt}S~nw8 zPp_n3QWC@~%UhzW`qAc4?A6=q;?9XY!<}n%4b&6&{A0>84^@WZC3!YD=l{Vem_iYr zXAiy3E+WZTip+3|Oc_83Lg@>UMSK`l1;UBF>f7!=_?M8_(dZ+ZweoYH%2y zm_jP%S3EKU^X$I`fS0`#Kt1lVy@q*V+S%Bjt>e2;`S9cu?e112;5K6mqD{Vdb*dh+ zH=%Qlob;3(>L7THpM4oHRB{~!>bcb#R6f=`gpG*n7M#um1O6)J_NDY;8oHL>He1(n z_dZgbj2%g$Q8nYj3a)uz6oDUqeBRk!SxTRNjs?T#thlryWm8KLA0J6(kaQc`&g6Cib_gzvwu8aZ^rX1w(!cU z$`p3u<#WD{2Ex%scZEl};mKGIlG2M`hVi})} zx&eowG;H$ z|7bg9g@-*5Uvr?DSJ>4V=LjjLFbu7`$pdMJ0cDr5H|X?id8tF_0F-=qB2cO0C?$ywl zg%@%n(MlbfiYr3r?5>6yTL=B0&Rw}lqRoNqh2ZU8RLVvV)hO*2c=Yz{!tGDx=P?%a zo>^{D6zODTQuIgxDyf*-VLDY4bmavcKmwnFmzvtDolXFU!)@+i%P$NfqoZb-BL+X* za#+Q1Kxk{NIem_6JS!Uu>CXLwn4?I~&xV|Fm4iTD=z;~3D5|1yxlw)Il-%`dz7}P} z9&@+H-?3w0R${y~M=T|bMm0!!hAs>~s?0^wI7ZhJ>4IJdKyFBuKtOI$BdGNs?Fn?k z3zV(3KV0D))go+P%>!_>L*uQJLoji}k9Izk`b4aP>E+<_boz6+{dDK(+g@>yw8FiK z>Pn3yicBsmL0?I0wFUwg9s+-;Lc?(RdPmz%*Pp;6&Fd__+Zoz?8bT%myRS85U^D0Q zo^zy_YL6(fqjH^k_^*R6MZwW2zpFXzNT6MuIj03H6|_4c;u-xC(u*KS7wvX$ms7Gn z@wB)FHVXFQltrmkCqsy&mK2qLCAjA^DC4kF#y{UjG6b83 zJ-jg}|4B)SsS?l_zE~`)fFB=5E$4dpgDsqWr+R;C)dG?90Ci4L>Rq`nE@e`ak;!iH z)T(uk{iYicR7RnK-{6#VqykPLc&IUMBo2JS})o!M-*;LQ?d z_T4jePJDT-?+&`1v4D@RzG}xeee-LY7q}ENq_lVCsxhF1B7AIvvvHQat%Zh%xM#F= z`G3~Z;ZEGTrMFK}#^=qo$iUz2nSXDV0-wqzE+~}M>QH%@oz*{Aod63W@3doSN)-8iW{**w zs#{p^)46Ri_<>C3J1<6ecW`G7U{S(V6$A4HiTRx}A$1U5yWQc=g@B@%`v4`vt?m3i z4ZW+}-6+5NunQdtm<+VNpX1N2nHr1ue^OJpE+FJTuT1Z1wB$I+@fksA5Z__%Nz_@t zI*JSrmY{R~3Xbqo>u2{!G)w#t8@scD{Po0U##F&9>8=M?t0`E&q`azR_r_cpFz)Cmm&sdxpX3i zMfx=U@nE~s(O04HLJ|#EWh6IP4j$6&)aC0w?;eGXZCi@CU?GbEV|0=2a#Xt(+!+QI z#6X=0Wxxy$$qoSjx|ad^I9VL|^-5qhGbDl9G^@J8p@!T#`NSh3b5YMKk?vltV5Q|- zVNGd>q^9HfK?PycO8Me9d1lm#zu&5BQ;6n?=x`5y2JGONy+36Uq8T@p%g+&nN$24r zDcpLo?$(7Xr@^2fhAdGvQe0=-&5)Gbd!6tbGVl70!=TePRq_S8385c7P}tBP$hLs) zmhmC3hRxCeXZ7RD` ztDsp1d(O6+Hz%Q8i@K5#xc%=e#ZTb=>m46S-1M3Fy4<8R5HED7|M!!n39n#2W_9}D zJS9V4bt<2wkHsTlur~5jwU1Je;()=I`g?k{K3I0m(z@2ByvhWS5Ase*G`2}!2g%+M z+9cziIcv-1_LY?83I+s zjGx-nkZ?vUD^eNnJ!Q?*m9uuzNd0MPXSOQG0Fw4>C)uGknJweRVwM!ZZ;_Z?D0_H? z+X!(+PUuFD_^WawteY40Zuj7?pDD^KSeoX99wh^{3Fd5sPN*DD!;u${dMGTs$4+~} zOSFNR1)c3DfBLu1DA#x`A|pP$B~PGiprgEh84)h%ZXC@NKf|X7ch!e`L;tmIv>r7H z3Ic~X$QyACV%}mlW1lYw&{ivWq-w?30RwVT*nRkb$nrk#qtq>;vvR)X#FmpB1+R+M z`O6?5bxtaob`VT#jqa@eaQ6=>xos|ErLqG`*Z1D)POQ}mdZSmM1jm*eQJ#|uEUQG2 zdlr4LsRF@C^7r{EGzrq&3NBqI_&e%RT|BpQ{*ZdI~**6EK)6iH>Z&M&oXVNi#?d9fTKegL;j2JYDnc-C%Pa-iWEBe?pM?l?CW?=r4J^@om=Fql%Mz1 zflI{RyaVzZEjoBxg#Uo=mAhuqu}=I4P`&Gpsrrp`a>;-PLF~&!KW%)Vl-5^Ah+RSS zNuqDed-|>$(ZB}cq}%G>T>j8sM3=xGQCJOKA#?0CVO={_1*^=1n{EuV1TBW$0@4X2G79xWF^y4#K98LBaA!jGk9nMr*Igd>DBSj?N zd|@Hwyi4g>Vae-O1)I4<@uL$!1z_YrhkPI0-*rk2E8w5?UNIi-t52Z^Vr2ChrP-o$ z>f5lMCxxOE){F{vVYrA?Qxw4sp2Apwnw_)4+F=gEkQE)H(YdzxEv|tM6XqB(*;1aX z-iln@9!g^adfSq1{A8G750dOo;v`<9xM<>%CXmA2xE>m7l>A@G@RB$p&aWzoK-?u3bf27_K!Day51~;YQmAj09z2$$vS;73nDF-rjx3*UY~gVOEGhT~$+FVElRk+~ zeC}Tf*Amk=n`qER7Mg`@#538;ne!NBm;DTCrbtE&FZ&6C^BlzqVTtiDv;ANfUHgY8 z9Gu%4^||7tjK^}lm7JVRJjpCskpsY}0~D}-H})+P!EC&g|h+A(GDg8-)aT{$!Y z0ZIu-Rq{b0;B^qBiuc)@J3bSzI7CX$SXIm9PPJB11oDOeovE|fFwuW~x3p9iYI_Hf zA~in1c)1;L`{aUGeaV@NiOdGLkx>G`d()_FK|>q`T578N&DdZRWt|BG`!OGRZ4{e~0(CozEk%ouDX z8+(wiK6?|Xn#i5}jN&jKs0Z;QLUg@YGHNwqc@7i~HWfs1uJ>DWb1eRX*7e@RMZ|U+nGhT{QTM3qyas=pMLTeBF_&O z?q$9%2ADndmBj7_hupC;nqyl78O1;Y51_9-3l?WOOX~%T;LWEZ6J0H^|Rwy*gS`B&-^CU>Dk zf+Lqv)K72Az4Pk6#`iUinn)!=%N?XSDA>eE6mNqVwWu!+6!g39AqxTcAt;ZPjnqL8 z?2upHJ{~rKLND%!R&8>pd!;1s=ojrHPIEfgGTup=la!^B(95zY&4>evyWNlo2gfUbv({B>6*7? zl;P7J;XRJottUNmW4BZ2(&A;j_3E7)K(kJZF@5^8~Y5 z9_8}v1CE5m`rmg z$XUmv>%+wjJk24Cxp7?c;mIBni)OtfQVIYKZlv*rzGf6<m9Z>S2htK=fM@#}wM}?D=c#hk= zDo&Ba1WWHc4%|cfn|EE;ftZ6FBOfz~c30n=Q`t!2oR+|DfqT6rch@2UCALQk^=G@& z05naQ^MRA?>}#67HW9msYaH<$Pp#5>A3!&acF_rWndz-MxNA#j=j~$8OQ2n(0*5&KY1f7>$sRs<`60A4%*0nOyqt zU4&bGhx~JoW$^HgB;!~WT|WRFtcly-2CgAXgmg2PWmUdARjaav7j6*hF)~vJP+O$q zuJW6v7|iFOH1Mu1!N5@F6AY($$-HOU`qS|#Kus#^K~cGqbi4S<@xp$RJfO`rAu9{* za(tWnES|bgY>Kh@K|G!0<}FlHpgczlRp?LtGS2C z`N9-{Hf}Pi{c+zspqQiJIkREv)y0dsB)~P2=Lc_3nWo(fpuvcoDi?kW^Jl$eSsq@B z6thPOMU{Qq@mc^D_n0lXx97lzRYsNRBKKO$PuNlyDOw+bRV>p5QW;Q<=G~5Qj3me1o8Q30W##$ zaO{yDOKz?P>i-X4*QH)^1JNz~yWF49=xH(e;khDEdj}mrQ71k@-7+MW+lbILJ+6ay z_co^IAcDb9tU1Jd;e-G+=VKn#c23TWGsbQyw4HjbO|qPVbhq{1qWxVbg&K?MLv$m1 zQp<|3JkuY8sbgFKo_?-XVt|H8uV$V(ag$r^+l662){%=c$aynoy(PAEo2E1~@d>Ef zjlHXphw!_SM2tN*x>Bv4YwTnK+rAJSHQ7nNX}kuOOdqq8-6=K=^;Nw0MQcRF)bcoi z;-f!gDw5Hp_%z;vK^(}7lSIBq;V{`4eFn-O|= zAw}eZavUUiT`qtwC`v~1MVX&tq{c2DvqoUMtNbNxg!&UUfOQG^9g;7r0oQPwt^m5U zG%YOz&sknH6pAn(pU@Zl%S)N)b2cHZi=>FhgJW2thF_k(5FaH=c_c|!iLcvY$4c6E zMQf!gn4V02(R)$76J4NVXw8!$@hGt0x9^LhU6FF{##wP1QX~8DrVKWPV=fMRZDi|X zjshx94BMIah>=YeK*o=?y=YcDxfc;@4MlNb)j|h;s4sJrNV-fo$W3ctGrKvmp7Z8ZOPO)8ows zrxVHk<=wr$@nnCUwnqM^>7s`G%g?r=&U3Sn?pC`r^UwPePxz*YWky@ebbsrJc&bS* z^sn*ht+ITwqpDVwc@tC+#fKe5TB5<~2wC6|NGdD=)6JyA?jrU`Py2$We1hk;`4b)a z>FY;G0-93=ANI#*wg1DL4x2X23+gSmUQze)T{$Y&XP`!N2FwC!ygfo$c?$bZaPWbx zP%MB8Uud;&J9m2|-0#`(^PWwS(DH?9JH$RQVtxRop0-Gue*n$&b85F8F$?Z)ucbn) zES1*3M4gSvJwwCBreMK17*|M3E+FuL*KId~i*SU+96*3L%T;P)sakfBn?(V7ydG1JYZB5(mE4z$ zwlBTSD!x+#jdu`CW^!#US!O#ff7*jWQTWx){ZFm@BgVDG_v}iyf5#o2JJu=k#R*q! zo|PUk#Kcqjw-MIpOLL9eVY{Pn*knu!B_}?}<(Lj?1&xrCy0K~wT|Em#Qp|^gCXa5} zr^89?R*jwtn`kqHWzM-yX(?IsD>zEh(4!i<6ZP;Pa(3#ed8L2TFIb-(ulIYUOQfvi z2CS76ZToB;X0SEzCh{NddAbva+H-i^>Br$C`8$LFxhLKnE`WMCo_Q&A@^zDGJb|FQ z8R?u=SjLuQ?dWOlTkIF`5k7}<$ffB!k^_;~UWJ2HjHM27q@JzHYye3;D3Z0)E2HUD zf-%d|2ei!n9SkhBZ0;Tb`!}k5+cLX;Ce#=h)Fs5(5?dwvrgJ(bzXa@1;nc1+Y&wFj zQsiT31BkIHwIKwYrL;(%k6zM7eEPMiR&Wq*`UDLKg~v~EUEL6v`J4SVT@ExH-=8Rd zzck#CEbB$GTUC&z$LzZld{yDil}PrZlsM!+7^HvKi+@V2dq8Od6cX>wSW6)V@TWRF zogYFkOK^VQw*Dj>tW0alqt9b$%}?1r!R+G2)Hj~A*T+@#&`P8`h8hCT`6S_pV^d!w zQp^-wPoP2#)GkSsr6E_a62PJ$l$XCoiZxG%A&?X(7^g|NTWs0t0v-k&CM>VtD8m@iP zJW523D3u6fzD+vcKcoY=>D70oB;=bIKilURLH%R;O(urn^qEVY<>CPQ0)+Kxp)rHxX9g{~31aSw$Zznf+M z+x^1y@^2#QIh`GV{(`7X;&SZkHJx%s(@)KJ3ZPtj9rQ?j4NEkDZcrpLGWZW7pGf1y zZLDV0ZTF8<(xb-isGp4`g!Ie_vP$Y2b=H;y>eg`4x@H$2=R=>wM>}g~j2K0{Q^L4q z_CNp!S!cS*ps`3& zG-h4p-xKh2@_QbHtzTWCHIG)A+P)3UYFTYY5VTto{0|oiAu!wv){NEg@VgwKXxH_) z#jbawqIM)u$?(>W|5;(nM>HKT8gWd|m0%t4JeG`M%g`e&O4hY+RPeypS)5s1OH=N= z@Q|~wh?CMgg9@WJM>ppM8m_rm^<~+Egl`In#!vnM@$D1Qml2U%t3~}H3c@})xq9MD zDlCVwjz0lkz91Nw(wh7UO@W&bW^{!|37APoR&aEW%BTPz*mN9P=1la)vA#OdlB-{P@63x zM}iVM+aCn9hFIBJnkd+iavx6=*?Fo~&aGPU^@-rxqyFToq0_`+(bF~%8E@PnLcbk%D}sDJIu1)iT&*Ve z4~wUuPq+BLxdn>NNxW>eRNC`H=-zPUy{$zY1E+%pwp`Q!wNw!JVsgu*FS&o9wI!mO zdr|CcIj;CNa%Q7;x$RB)5=R$gT+3{2mIY% zCV%i(`|KK}qdH~$ON+0&&NU}G09fnWFskwR{L5*I7jr{^v3Y;BmLi7MLj|=*CW>Yf zkB~<9_j!v4;Z0+ZlX?8bo^xJ!ErbL%Se}bdeUfsUB4j#Lty^fMuB z;V?D!4nc6`ov^WghlUd)=Qt_M4||v9EpQNCHTUTwM4tNPsC-L45O1Bt6xXn%8pbCk ztYr|e9r<9yrVW1Q_u~(}OY1zy-2H`4%ZsonGdF5WGv!1pfX)>~(4&3TA96XBH8sdzuJQmp6s8*_GB( zO@SPmn^ICDKUc9&j?1Qcc{V+R2W3@c9elVn!5#n)w6m6shD}vfo(yw*w2s|mO(BY= z5(QVj6+;^u)aXKWfj~Dd=~7gNj0gIs^Ij+(! za(}GzO?U4Sk&P#nqOtD3VbzADx5e5&H!kHefWDdt|3xE74~Z|5)8R)q9>>``UHS|WBGsCN66D)?+6<}o6>_Z|kXJXsQADrT$} zkKWbu)(yBd%l!s=EG-tUcK95e4GGXR_=l%;4*^_N^Dt>8=F;O<-T@i_-$fxWgT8KY z*)`D^HIf{V#p}p~^-g|xN&luZ97<7t0mzjX>(-r)V50OgZM$hh>SWLbp)~MdC%|f2 zuC=D+8x|!-4V{XPmTU&$$gVfSM`lGw+y$908q(2ybBFbEPL{z_G$*1$*bAtpb`e=H zSYIO!#;-*{T3Qe|%-S6|Csse@^#G%W7O)IZTGcAx57PZ57KI27-7Yhvj;>}0HV^7` zbxCH^v6CQ91syJtoiXD`Ql)AjWN7n@ir56k(j=mx?KOMM>Ug}?_0LC2H{$Se)#4I& z8O^_4F%znuvT;{o7()8&;|DykxhM61_e zvI09E24bp>$!$f-l85vfYX=HzrH3)#e>EzKO&TtFX2I&C)M(D!WJW>8{lk zl>oI|vc}t>NWF|$W4Imx6mr0DHG-Oliq`Ra#Cgqh#9TK(?uzfxV1Jw&#qKPoJ&RnTG^P0mR{!9P zA+`hY3y<*+t-4yUBSPE?inkQCDb;-u8`o4RE@P%!L?qyfjWlIcT9vwpM6%Ejb^ha)E)H><8>psXc{yz&^ zVVBfHYq=KBidU3|o4#E@Z^bK>3w}Y-Oj9r#UO_Z01qG~Xta9AmQ-zI~cQ*}*V zC^iEq93~fEMYS$oEi?kf)44eSrbG&qGZ(DpaFf;k_9txojaAgNLOw;WuJPjo0`g^d zYHUJvEAq_^YY5W7DF47#H(OrI_E@U3_4+k3P?+&9L(d`G<5xnc`^UYobUtN1u@T62 z<`3hZYC%scuqDNGMVVb$8W%LPWdJCY<2$WuUF`bG)MPIY8weZHS*rXtJ?jT z%>}jzK7kI#S_FvOJj~{*sy&bPbjQU5rHB{%W!T6W!J`ayV>v}P$#=RoZ{LS;oTk8G zt7tG0O^oGPDnEK1Z~q`uirQrcZvQ@gEX!gK5wom3oQ)?RV;cee{G8|757f7wWsL+)BC@u z-v((Y)7%AVLG$@R9uDgY2V_F~%*aIMy$&8kB#B)n7F*WETF>3Hz%AMuj};08E0C}5Mw}^eMMhX$#32+LXB{%4#BE=cA26t8-s#C^ z!XZyK4el8J^CJ#aWm|XP={=awHJWm$N~193-+1qqf0a5E+gX5Vqc#KRni2yAknJ3O zhlH6&Q6RCp`smm{bmyLeU;@H)W-NJck&gHJV|t5Vi^XITw@vM4l!BJL{hr2RV!ydt zwq|wzGHNFj29uFK2FL)@43dgZJeN)*bEj`Zp7}P-6M7u z@^MyO?!m@n_$a<0=@HY=WgJd#0Fj8YJVu{+gNN z+`M0A3FrE{lhlMw8>rQmfe^@ZbOH?aOf^2+N}d;(^wG(XXeO-t!hRvRhLBYP%Q7CX z4+!h&ll)}LY1O}!&jD6ETw74NPj^6el_(cgbi*ApAKd2)`9gvk9~ny@B^|1_zN+X}A; zImC<@gO_-5Le;V{=MH_;1^*9d!CuicIe8!T&!%^z{hiXlu{nt!sIu}79Ee;Tm=^Vd zU3QT1m8~>uDa+J)2)={s|0^zArErZZ`nYY?TLi)@!r;|KYS3kUfoN^so^^|@R<70Y z_tDWnG8?b*KNK-QZlBReJL6)ikU=LJrVbEbgA{9oGFUD4@Z3p3XK;bF)bRwyFE8%? zeW`bkwDdd{6kiW1qD!V~e0`a-Pk_%c9b4$Y!+QFxo~mN}4>YnS8Bp|ThHZ3lI8_L} z%or^Pc#h>GRhsuQnwwZoHaLTpg-4+KjD;^Gn#&s^dHE>SF}H{w>IHqabiy)aF}X~L zGWo!x0Ed8X>{OksOf5${%>Juj$h024iRhLh443SSm08i{6}8!U7h-80h=}QYtfExO z7bCD8?YwI%zxCT!3V6%*S$~}cSW+yuVKkDYbLKDR26(*RrTo)Odrj=dT8a`_vwrvq z9NG7Bcb1<5H(&9KP)ALO&wH#Q`J5dLIO!}498FN?$rXs`7bqDDZhNtD3cmJrCKpvkg?rp2X zlzQ8F3Qk93u{_V+Gf{j;{X%F{S9ov%^RTl`Hw}IGWynpOvumnn5*kV>^Dr4ap&W=i z!%|xm*4M}!>jT*e-gz}-34C1piIgX;D?sk#d8ZyvAQ^seI6pxWDR7ZeZG18a`T=2F zdu)FBfJ0VnZc>6haQb~}%p}z)cB;9Sc=qi_9Z-+t4anza63rtD9Sc)S9i%pt+x`B;NmlYDL`;zKEA}3*}WOS^q2zgg8GNHLuXfS>K zjgnYxcf67kjfvLhK4#d>Dhm6zv0lc`ho&>@b0ZY4-I>hblAO}UU`XF1S5fP%Vy?wr ze=`1a&B?r^l-l%Wr&bxfTvgCYiXy?B(lY;t~{0ma$drSQ7lzbEjB{rjUU=;SmASEL4BL`dW zUjm(qXk~FjWj{g?tfs{?x}f(7eguPfyU=bPO-p10x?q;<(rx zVM5(Ri!$MBdF`cONjU^z(A}<=ahWl3K^kg3aKmM~aLWeh4s-cq3*8MUI{hR#p5lVL zgG|~QjzL#vDJ8E!z z_x?4|4)hqo7llUa3r0ev*9XnM0T+Bb1hD83>1Lupbj_z z?PEXg0FrqxP1nG@1YPmJhL4+`HOn((gVFG5YjOb=m7_dY@OezHXXrlG$ZNMP= z1kuZKW3R5inB1nS{KlzeUd=22#+x0yd(N;OXZ$6uhP;)3Z!d+8pxC^8`F3cW-i9o) zxCL*%onu86MEwt&crYS<8GvdbMhc}h z4%HReY-l4miC(N-i;NMqtKGp-58HSlFJ;8X4H>l3gJDDst%}z2yF)Tf8Avh!?G*0$ z9;bngmZm=QrmuOW;R9c;uWY!tmA*?&b%>)|yQlw__A*@r4}wuo;(-N_S@hMgn15y| zwIT4L|1ADi^FNyO8FQQqg=QH_M{SOlFJtd`rz@#>+1nu8(jhWxNx<9M;c zD<8vm@6`bgpdkUwdC7nPc0CXKrOE+GBK@0h9g~10bWFZSR3V`7TH8h$NE`T`h%yao zsmLrgdE|I=`w@5xY77oYkleZTVg&H-|GceyS;$`cAYk&1=6gD1HtNxfxf0pL0mi>1 zdXUyh$D7y&xG|{S3y(|d#B`*#Ii`B(1h_d0jNf{(sLOYaP1YJB}*{gt@<+>%Qr z4s5LfAb;HO#C`j=Kfw1LeHo1aIpeQu^!?xIR1Vro;=HRIhZ}6E^yl~!Rj<*+g$B+6 zwYHq0v$SUs)i)eDoD%*7m~1 zBPJyloVdU^OztdbU7VK1OgL)QurnEs=;oPJX`^@G0i@g!&0&-|*}WhF{xtCVu0ohD z#xw6V885H%6~le~zw6~^Qlg~So{cgbBoU2rxeB6RtbAvAA*^UZ@m) z9dhOMhrUZFgn2B@(*EBD(5l}hq2yRU9bWjQcplvG8 zB07kuW}jtPt*KdHflgt?WYv^}6JyL*n>GT4%XBh#H`@lDSVXG6b!QnhE}M|&#mF=* z6j9)WbIf}S7>@6Km;!{9?)@&6xGgD9tc53CoB1;=X@~b&fO0EvjDhgs19pq%X(w@2 zg=CGLfy{#xjZ#YGlw|6-Y;i~19je=`{5d8%qMSMvgai}vx}I9cK$m+%9^OoTfT8Iq z=$Sq(apv>y#U8P}NxHdSDkt#F{?t##f41tVN-*NAO82SYD9V#giO}ME;%=OiJ7Bh` znI};P*Hrqyos1HO{MwjrRvg!6sd$7`Zr)Gx&+z(gTs%;-GZjq2B=B_6G2JD2Z>?S;F}>G|8Eu zX3b&{zR@@X#+R`HQ~*r6OWg_Rm|rc&5l3F}0(4;x_!ui!~4YC(K0@(>Tk!uwBYL&^yE!mvjOr-A>>TV6FKEL(oNEPN)XH_xx{p@>oD z$?UUM5o1C{NkQcO42tLCGAa(QO*zp4-fy+4yDTvi>m;1p9+0wQnB(jzM;|FKr z8Iw`=DK1|<6h;Q`{eZ3Yn&N0GO(xvJt7#k4{mD7y*_#57F^PZ? zFzd2*p%V7qjl`%JQU}ZQqqZ%H&asUllK!@9#W9?4F3_sy zp!IvE1j!`!_+*;U__jX_MIisz*h>?$MVM#kX=DR_ZH-x+yX=9hJqX*K#uN_cwOjjR2L%n4K3mpKk`)I+HK!&XU3KrwY05T zD8}iiv|%y-rCssCz4NwRQ1yt_*kZ@>nQ3@m;B83o?ck?TaH89t+%a4U!pvJCK;HM|{7m*y{)(~t4 z#s2oMDp)yA(A%ra@+mV9y-%{f;QHNczeUG(agiRs?iQH4L{#O68Z0dImT;-=67kJ2wKP{qh&;#ERnyXP`Z7h(g|p%A^=NrLXT%^j3Uf*#F{9n z7~IhpGRnNHBBnvYv6#coBFKhkn8gMu53r7jREDk>aL7y$+LQ^oLffaq&Q(@N(7qBG z*am-SD8!Cl;WxQ%>}w7tJoc4IhWX;!UBh;83O~NQ0(W8fo)eG>o)>2MYU$y2beh967_J!rL_V?`CrC!>8~tyvDV~ z1q9-L6JR{O&g4M2w+;Z*ZOOhm{%jaVWqaFQM1;s!mqrmgi&J$SGjrLb;}Gt@`dmcWP;icrka?wtV%1(_CYB9$UO;s~t*~E-h$@Dt*Ix zmdY!)kiynvN=diPmfCiqmz+ERh(Yh%AkAo*fLi>c_TY}D$`hZAaE_7ewPpB#BwC>W zg@TJbe|Me`(3{fR^uFOlTX2l#6PN=1XLpjEgHt<__U0)eS3E`qVrgD!5C|V$Sq{bD zZWG`lk(oO^KziylT0O<@=@KV~1j$-)s09Oa*Ufqf0;>QuK+3;v+M8yE^KAMrXm9U* z8e;4;uPv;e>@uLJcED|cw2kXG4~NzAa5FpiI&v4gPgAQ(m*I^uns3bp7>CqE+yKT^ z;$!v^#p4fQ&UWXfavCNd}MRo8K=Ujrf9VVEb(!2=;K>S zNEo(~gZ#eFh9qY{E)nVrFBbyUK4tstAu6C6*DHw!G`I5WY4O^fk~OW^c%MSLCm;%- zl$~-~-9!T~h5s(M@w}Yq|2u6zpr%H)z&&8>!dqTgdDwm)s>9L+2;_SkPs$pA>foMf zQyW7aoXEIk>T8|s(8+@NH|&JQc!ukeH*w~v6&bi6&<9seubSo;9pk2=%E*`z&>X&_ z{UVE%OkZ8aU&?{TV4K?-ZpU_U%hXi`m3nr4oXL^Bh_oB@q<@Mr2B4;8{Jok_u8p|3r`0#rmt_FQ@wUnkcxcDgN;i$&%G3m|6ebo6}aQ& zK6>b9Bp;9oKU!`P5o6w@`o!#P4O|(ohl*yu_tz~JpK%|2P6d%i+hq41|K&`Y;$Nw8 zL3;=HH$~%9yPl;UiXnjwzq$-0=8Dk>+GpKh2$E1A*O)UiS-i_eYj&A~hRESKz=vfa znrWnZH^^xz+r|cHT&Sj|>_E?`a|-{OiHdnC;?NqwO>b}|ab1@?FyVI;zd9{CVk$~@ zg@@cR))Tvc<;>-8@B<38YtR(=D6$<)Z9zKvMy;z^b3rRA?g{&zww0ua=i%a^DsO)n zqsh&TL6xInzVGPD+yq~$9(OSAeY$9V$BA#o{?3GJNdHu1R1v~f8SA}_vC&FQqbkRX zHa_dr%w2udUn&@9G+Z0E>dheS$ z?xrtu2a8H2#Ky+%IiY0N3`t>ClQ{}$VbA@~;66f?G?zBY5f?unz$gqr~c%r9RXt8+H zHgSk&PMvA3-RwxK>d0&}<1jD8!{!7W)x;Vq3b3t04Mspb*DfnImD)CKSdIPJ|T({U>J!)FL7!y@BIgn0HFqdeOqP{DWLfFM~jTa{S zQv;VIIllPk_r_ZjHpzxb+34x&wBYLIlOK1;v>(3TaBpq8RQ@M20h{I3c@bbS)Zest zwWIKQ9a6iU{%HAJOLai-FeD!DizRGSRSPy(2F^WoTMR&wG&TLbf>6R=e73S#KOP5% ze8m-y7$0fI1>y>S zy<2eGmvA$tW@$UjxO&-1rVD?ktF~y4YZ+3?I7zDyzi-e%Aa+rB+7e9`gg~z}upsHJ zTHH??;f$L`GT2^6fP5-17NeXF#}7!=X5y``d6*mJ7pjdeRID|^;l>_E&){rmufXra zse1}YEUQ!9eW^+CuT?8>szK?1=LT)?W7B5U)YCD@l$h{Eh?M|>mf}_X3Qv#K#X{Qb zX8yp9ueq7U;FPPFs39i91YU3g#=@*99Jl;j`2m@?TYbiOvQqKmYzZ+6M)iB#=P9Qo z26s%!owluPPiPN(i0AV~$S~2?4Jdj%x1}&CiGJE_Adt$M4QI^wZzv;}seh7y@4re) zl_(aogth1sTB(~Q1djCYwC%hM?+Dy1rK|Tyw}akxc# z2pMm{(~&=mNki<*enrG$f1r*K71Bm%Jj-K-$Gg*J3qR0oPXMlgv=*m~f9_<=>!1|a z)HIXv4WiB4Q+GQRY7e9xubgVK$waNIFuC~YUng-09well zP$jLZnHOe#<=I(ZJycYNGmhhHVWxz(khCqb*%Xont}h|nw{-@)#M_|`w#N{cOq zokwT4Q|wszMkC9RZ;Ot6*+-x#KgR_>Y#&dq?&5ISBC((lod&ESu%hUG_1w`&B{u ze*CSg9biv`3s)j&23#CI{5?9}fTS*UJaim02M}ojQMV zeBpe5CastPUc&;_Oz%%Ixl|lWTQ?Libj}4!VwiTK28WBLL1xdF6~vK)jUKMha#>f+ zlxTc_@Dr|3a9rfq`FkPw;SbE@8>?WlM7*b48UW$r%HnKvJ=qt+5xukhb~#lfU#QQ9 z(CbNIve?B)<1-f~Qv(Jtfk)CbZLj`#w$CiD))6fZbN~k2QGV-e$c@h>eqQFP7lamy z8of+jk*9DNofu1H1$^S_kw*>glfs6csJ|0!r+-s8U~hmJfj|(jj&m4Pk@4>;n02f) z|Gh5x+OZE}qaUZG_f3BK&{@8Tjtm&*cu2_1O&mI(_SAQ{`GH+YtsghzICUWpI(yp;+r-uT;|eJa!RC4glqkG~%RsGz7D7?4UAu=lcBCyFsWMzr=V z2@KDori+{RCX1Ixh~6hjZaWTlg7sxx6$k(e=`z3R5|;(HMyuKXvF`GaIGL)`(R8$ zmX)r|zF0sqG0}pmbGl%V-ocEr)OalautQame7-QKMA9O@hjawPw-VAPvl38O4bND| ze`&JV0~Oi0FXS0f!aAG`gu$rS&x*vu2`w6~A|slR9$@m}9z)o7NA?L)<&Q~{@XO6Y^G^zc*|mhEKv z=7moD6cc4!@|@0>>OWwGTE}dOWEmJ+g63;>?i|nw5SlqBkrJ935Oj^WQ#!UGR(6l? z81G+bYDD(NqkoMsPqcBP)K=_VORxhgnDUg2VOL*cr=?5rwSL9>Z}*gx`Hv=ib)>C1 zl9;uUa@UQg?n)2=K%~^(?}p7{y_T`#ZT^{A(gN-CGyZxln%^f5qW8~wtUr9k^vCbc z6PwZ0Y+K|-51$^RFAX(cM4^hfVc+G>p;Hp+-H}Y5QJ~Givvl<|`6wM&w0{h9@wt~` zkX{bBYJ7L&wBw?3veuJ&t-V4g$Lf$cm~n6ksRdn?P7+60HmfgGR7lmy27Kef78AX2 zGaOh!2fiU*iXoe`9CURa)JtZrk)ou9hR>LZn?nC8iWTRL<2$OL^mj-1xyr02uQU?H zsIz=*;@t76J`fyEdXml_^ScZ`6UgX>u*9U^&ZZah($>){3{mtBZaO@x+JjZb=xAo> z3(mycp%vO`?`omj8oV+ZB>maHtS<9~V-! zOXw##Q{7^C zq4i{(&?aBP&zwVsgQ^6#W`lp-WL6_9jwkM?q!eo*c%;DNSalaV0$O|~;J-1cyWv3) z;2~_5&Rl6&aPE%l1tDEXaf;c26-`GHCqinzJF%}y{r14oB}lgT_Ljr%%{fRyq7ogg zpSYwcEbFs7M7zLC#y5`lQkR_+G0ZH@Bv3w(X=w13CdZo*0_2~zmROy1D`>%DaS6>U)XBJ8wl@x?H1F!-9L4OA=G+o0^%!a60 zDmcv0|D^Tx2Z1hNvj#?$B;egujCF-B6*R>{&^;R*J7R^uS-JAt_3+9xX}tJP->V;w z{-Wz6O&T_>-#P*j)lIAS%%CdeNPsb{8TZm8fUyV+<>#pLI8g0(*koOwLW!N+tGz5o zio3IDm-P^ae;csaCT~FNsAJ)=S7}k#bt{)DOX#+1(AD9;L5)>&9=~O7SwlX60@J+u z{GE;E9(gt~ynhQHcCQx^gFd?MSt*t(1zp8Z7VD@-q>S^bT~o-aECA*<2^wke?qG0UAzaAy zTBC%)8Y9+01a%Y$r2_v%y zy<9Wg(gR%PwlWM?@i#o{ZW!~$7@mY(zCj!6uWg45lZC~`_6yQS{%dnYcR_>c$)sAD zNy^kRbeClEOtwb##n0qYbRd@DouB0;UUBvEO*CYEwFiT#4n zfCoWam`7XO&pXdI98kp~uo!iWRvC$}bz&!K`8mdP|H82ww zhPSXx+3HyQVd)XuhQk6DR$8FFwXC=1L9MoFspX)L2GvIzUVQJrU$9RtT2{#WJXcy^ zxcu>|ddrd-w;3N-_oP}a zIGsNY@c#qkCC2spI%a)3q+N3X3^4e7tS1|_aGkZU&O+iQi=HN9mXD3O616QurEp|j0HHl=nI_l8;(X^MH5$rk_7SS2h zoqCr@hIC9|(%TfoHT`hGkAf_KxgS%oZ<5-LW{;AcqGDX)CvrI8TkDChA4T(u=RTDQ z2?U!hDS%G#VfclRZ$2aW@@s^IkR3bL@+lHZVNRQm6YO0lrfPv^$c*{Dr65p~kH^kzvHG^|Lj;XaN*DLT-5q@ZN#4Hsd0G=nCDz`R zK=RkAo%=g3MC9@1Q?#0W_Jb+bu^sxOjSVs*BdR}<;VS9_v4`Xci!w|Q_G>LsMkSuS zO$k9TbO933501==_H}n|ow%E-8%m<%UzaQC6+~2&Cx{!$cLKA)S_ygW-BU5_dXibP zaM(O$NZ4r$|xdSADhM=U1!a6kT0JW0RwR<=-epXP}db@XnqFt-R^c6=v z?Yho&^uJ_N3w#gW?HL@QQ71ma3~=E;5~OAgPt_E za4MRT;Wyw2zl^VZpDmVs-a`}W{*wuveW>i7QV!4cmy@2hMwwl>!XF5f%vl41q2j9_ zr|EPL&T!baG6%0X;1(|IN9YXH4kxgVFIZtMvYSKsa7+4g{6dK|P$SAT@eV3aNAV z)Tn%UB|7t{M_wM7OuN7oR}CGO+J6}@z?WhER<)0Z^86c^Bc8F#_;_Wk6Fa=Vq{NF0 zVJgAu+iG&*ih!+mp*FniJMagB)r)2sC{8TV0d3GI8vU^_<=@ON)-PY?zhZJ-FJ~Qa z$~drp5h-QNiZ#9zJZQ)J{KdekC&x0iksJBr@nI4Fqj)U~!n~_2_VQY#h~bNi?YS0X z15sbrbP6~b`5!mfQc*b+WMAEHK{BX5`*2EWM|wM)XThXZ?g!rs5h;}`U5_H7297Zt zir7P;P|b*uY)Ij92mY$?%5+`NPbCpUDf*B1fW?lANXZMeyTE;-M?@S_iu=o`0d3~*Z) zq-nU?KtVadX5zryXZO_lCiI55*CQ(_0MdUC+~N{XEgz4V46MU3$~h_B5Ec5Hp%~tV zlISA*dmW4~k#U3EPJeU!OMYVA+XZA603SDj#kZCp0@%=vXCIaEuIyax16vUv^OI>) zft{3b<4*Z%qiuppp*o$bUMmuo*9jTD;J4Ekh&RTaWdBdTu{ude@r(JCXMO@IMSs)N z&H^m_{2B&$>s$5TQWvli>E=|aSNniDkx;DgtCSscPE>nQyWX9TZ!1Mx@ZA=L8;eQb z30w3p@~fzaGYcX~9!1cI#*6QXY|x{m78t9v|C>a3sdc>hO&6^95H7ezrjI(7nwM;i zS=54T7+3N>Ce`laRSiypP@B8^tGtezrpcF(ZoAhbP4#*+Bc@2vRU?NXKjQ^pjVk5* zx$LDddDTFu#SIRekT`ez|%)9SfCwdo!Cb3K1(Sy8K?I2(9o82i85Z>b=$?myo zOsWd`6k3U4II;_oIADr3i-s zz0IAC)m*NUZIDQy|2h^lfr*z^@pr=^-jPZ}B=2C9K8k$>i3xbcd-hyuRW!b}LDi$z zHm-)4t=sYXzYWVlMMFRgD46^KGwp@)=93?}LnOo^8qsHZY4+0A2mu8t>6-4)Z~5o< z?!@=eeCTuyk5FWN&{vwYEw}#`fHu{DeDTHrYHCQ>p5eXrhnZCrK%oz~#pWvOTH$f$ z*<}4r7n%lLpU52^V(-u3S@mBvOa;Ftg0nSZhp@0=*ES)2O_}gOcTOcHWAz z>E14erc33K!y-Q?du*=Pkk~!u$IJnZhbH)~5p?8vaRh0ml23Q2DcA2Hh>saNP+EX5 z)5Kf+ir$K+4~4Qus@A7ys5~&Hj;LUyK&9T;G`o^|t$0gDV(d zGe_fuHK)+XBQuE;TULRldm!AiHb+?Lj;hh)d4&y<_lmYf1z?fwlLhw`Laf1<`5X?v~GXV;ARqQIiVP zk+PlfcfiSzGhEQ5a8Q0au=JP|r_A4GJz=X?hh;c$@0)5eUruFpAaogHQfjhk4n<6| zy+tSiVg8S;FgwW?0)4KBM*>N}Yge#lHcQErf{h)4ei&V!50qlFV#L_1jv*(H@_1Mg z>7@^@oL4Fcz_%MilYBZ{#L-J+eHk~ma9|N?-j*9T$0qkOF*Rn5N~CeM;c9a><=ZuV z!J2>|2ez5z9!UG85UAabpQy!Tt3ll&e@oZ&s~IUovT0vkVZ0Cm)d?#a;V{XqC?fedc1&JE`n4uU668N!p)z%XRc{SIdtLLl4 ze<)&`S9ppErJq9gOJ+e+a`@d;9RS8CqD@|uPQY1J9Qb>RO#+%}w2~jOB7fnx`mBm) zyBhL!hlC6SJr84`*|ecnHPd!Pc?wVdfbAOWA5_L(IKryF$4PGM=z1T{5<+uRbCCr5 z*fGDH4Y8=vpPt%_-bap|-;A=jOz+xk>ZBC1{@7>L*})HA$&veZ4td+x6zmd%;T+M@ zQ?1m`)w2pbkOmKa59*3#=c#_>`>?kEwBt?!n41 zO|*r7xN)2)xVZ7CGrR~O|MLYx~EdrIHBGgGteSP z?|u`&f=U^-e=Dm;{w5qsvT{x<;R}2RL!Z59nSC5w(TpK^NdVsHT;%rGuaZ^#X;Lz` znnAbIXKE73*pqJJu<8TzH4=|5LNUWcHc0Whr-NQo! zQB|cD|8nUOVqy`$(>4{uey{I47H<@gC)dXH>B6w3EAFY#&y-q0;xT_)DipUlm<&*t zpo`ZGq{D%fYV-iCqX(Y3?y^i;cHIYC^tsga9u@ra3jE+v9%joc8-5dne9m3c-mGLh8 zMo!qQTZDLy%!m(#Hk;h`)RH85v2Nqu&MD`H5))(3}Q8yqR?pR!G1n2YW041N3EixT?V-a0x*guUdRy0<$OE(qJm zDZjNfsE*8Rzg??EtCYUg*NT;h`3sCvW-Yf3O&5NA$$o5T zB401BDJEyLaXQ}!TFhn81p0^*T%-Uvg+Z^CtkF28 zemHN7(RzEF`0MiiW@P@p+A6p4Mg`q3TSTYmt5Fu2k(Q=9qUSSWm@lV`!i0>spsP8o zC4z;qvWv(3m71;eVIC8tJLRB|utM^kygy-XqTAmAnp<90-A}+uE^}2h1^(RF!vTH@ z6i-P%s=z5vRUcm0-euKR!|dp?Ms`BlyrRmFrlK%Y2!{uQWdujhR4aqm6PQo6tpg~_ z_D^1hYuW!7<7BQ*z_@HCq6%#$oH*o&MSS}^4?92|C3<3 za=q5v103q57x6M-)MjL)mtX`AMICbQI&vJ=K7@rvhWKI#vX?7^=ERa+KS3phvC0G< zo1pQXy+2duYM2U1toUN!6$(;Dm>c{zj(^>{&O{GOWaW*-q$oZnFsuCSfwO+1h^g#P zbVnrN?h%7jWucKrqMN(CE_WVC6PH->ZsZ?#)F}E; z%^@mM58pQ%wJ?4GsWL8eACq`3QZIL7vQA!>?(^J!GpJY=%Y{Mc(f0z~v;<)7V-*4N zV}D?iUF}~R0c%E51$>iKF10$68Sf{gT>6Cyv@W@FQDE+us4`!eSQWvXN^gIKgGrT{ zE*kZ?l)uiu4}t|Ie%sD`zI@)z`z26>3fJ{z%>YdOmee!M`vO^4PU2Q`{X1|kT0A@? zBjg=umQ@6;2hh<$M(f5?UWbZTtq6sDde{uM0}cpXOeo_CK-$-_=WpCb$xj%Q3k4$v;DfbxV6H1F}29BkCby$AJ z)hMMCB>as*zIBR5>tURNO^C9epv1D?@UQ!>Jfe*kIegg`isPd;Q|mcRIf%v%Heo2r z?|Hj~31Ol6j?D8gH8H%+&)4<*Kchu^WP)DOb1b%+6zVxA6B&5-eHXGr>!3!uANMGH zl1YIvOgtqPC9DJrpMmyWMuo-IB$Xsd&zz0lw2~+WpY#Kub0sCa2XBN@E7D@}_$+%+ zHhk~Y#BmY_$bERPN@6Z__xeBmu}$0tjSUQdEgM{tIZS|7DSkteS^npwj^Rg2n&{41kTyS@vc*n z$K4}K7Xt&8;63nGNWW1M!+X@q3)52*-`;RcVz_587AJ^XY+E_ScxWZr66ZQt8@$-Y zQW9fP9$9a}f>@dGoJBLtToOgs{K6R|e7hmY5-?A8KH*o}=RSGl-?vqqBBNDL1>7TD z6OMYH;A$W;D6qupn)_w9+gEIH= zE8Be$pIG?M_5ZL-2`Q*lYD~g|Pc3Vyxl_=M>gQMERuNSlk+2ngiv>op@B^C{zzty8 z>C}tjaB-`_H8ADuw!AL49Nmnn5JT zNnL{ZRShy1a_@TCCH8Fsq=c)eKpsoRrqX4A6J%vkVjZ5^eV=^>$I7ySZzu)XJyo1Z zASUa=U3;P@*v6m@gdeCczEf&PnPs$nl4(+~QrK7i*pt0=LWSf|9=nl4!!CI4tbPBl zkhF_RsBiTN5{Cg%^a^@#C9SZfT33-xmL7V^8GlS@aRrb)Pf2!e1M*5J$x#WHH=!aj zEA%=4SuDimc59yI;K9oC^JN@m>$fB8v4ftFblYB+5Y0$o;w2Fl=I}uVk-RY`1`j8l ziP>%Ff-MxSDz|J%)TrU}-q{j1qi1T1+P?Eu4$zIZcP&AE&r*$E?ro7hX1?M* zaaL2V_oWQiVf-+pSB52uXlAI)f{$)hayrOwsk{YVrW^VqPL)uoS`v8It?qIpz83v<#JcBrvK)fubJ1s6e7!yi1!Dl%0Ex#48 z(TF@+q30QIrxH;pkJVUgvcQvYuRcIyl0=CUKea^YUwGe9d#cDCu(_bhbIn#Q)fI!JnJo)C$KE5Z^zgqDXOp zrm}iMy8N<}KN2wTlKNAsbOct)xk!~AS3CTM+9^75<)Jg@ck+=|s@{8Yp#=WPW`3O$ z=dRP>DOKnSqNm;u^KA{70>^KAO981IBdEnxaP(=KZ*bIqSlpwPDQNxj{3ZwD_SyKD z)F2C$iNRlLre}&nQUhjoyvb!{mRF>N2fp4qlN=lnn<*B}eABpYx(i+$Y@3eEO8!cgp*ysss~=!*FQ@Ib(#QNJRH=N=(9Z zNrsAI1mHkLE4m0GoMTPK*#6gup}Q{HpbitbLi%#Ne%vYdlCAub1~b`9M(M;)Yk=(X zA+ZHrDEFaBI@h5LgNI)Y*P$>_s1Ra=S-aO=_`9Ki*AGIR7O;k_P89F;3sce;sF2+z zvz6tZAIh1&We4(u_dj)N&{t3)VhMAl+<9dzw*2`Se=qH*b&~bc_>wJz@m)yhXxD!% zZGy1|nagC%TuCgqS>fOSUwXspz}gxwawGKIU>M!C?YMo8s%iHf-6@v%zINm>BMK~n z9DxA&-N)`mhGB%9%txfV%zw2{nDQxTeG?><`tHIzC5DtZaL1?t16S+cEzA7}k1%dv z^f?`PE7LTS?Pd!Vlo+|pksLjYt0!*08Wy*hHkkwX+8_OOAhWMhi_Mp3y@BlPN%P)i z#UKvoYiC7Q;?L~maAWE^^H(B~wcxHUso0 z9Y5p)Vfq(B?`rf4g5gzjes!CKiGWgpD0&@{^2>b!&1doE>*@hha)#b)F1!LH*QG=; z9==kQn9i%tw19{IQXG%}i!#Mc#7|b-PQNG+_?M;YGzGYI>GHTa>gUdsDPUTz$dMcQ zH%Yo|-N<(Qo;WKZY?MB+;jpQ_5gcQ*Yr=85CPh>^Gh)K5zWAsfHsx z!Mlt=TANB>7)Q09{N3WZy}og99A_VzN8lJtf7g7{7Jgq?x7{Yi?=?~E4p8-nbSrQk znp@mgAHT*U=iDF*1ZfxsY+g#7tOjFdaRc5|HN5W8DYbJ1$LX0pv({P(8%mh%?G@hRSl8-XwRr zNi``qGUMCrnsq~D{(%1eOjgb;otM!(!!<3QKaA4F-0hc}323@u5i3mD4HdnZSJ2PS zJ$NctJ7Uy>(m@-J3s3NT1#=pEMzfZ9OzZqYSip8+wQvw;_Zz+vD33{&^J>ak^eTlW zAY!WjTu>?Wd%(P$S4GFlp27f!jf!0Tva>U15%$ySsXc2;)fj` zm$oig0eF8~rmwx>D;P}!2~LQB*TZre80T>zchIsIO&LmU*E057$F;|&G_f|+Cr_Jj zXL9v$!W`^=AHf3BVue<;P6{cMwL@TD7~@U_$Ev{*d_tr!^AOSq$wpkNXngqH3+D@Ri@KJ}EhlT4qNX3y z_29i9Wq_5Y6qjujZ8TQ`k$__&_^xq?hVDYC-i^cE@SQ4v$^=Y?)3ciUS+gk~sB}a4 zeXKnFAkHY-&8#oZ&$nEu4ruhEtc@8a?n!x7D`es}y1nDHmpj#G7p$q^a1h|3apkT9J?-Da@EB!jg- zY8Fh2;PkHa(41Rp@oZWj01|<5Fn?dX(MXEL$Lv%vK0ueRNbHMN9fByXm9M@7Q>XJr zVp}#jz6cH*VV^xac7T9q+j$^p&ZJV5jY67|Qq{+VYo2<`)kLZ$ea|GEq6Z-K(mxU+ z${jldb~2n0o}qMrL-S3H_HEF)okbVs-^IN6DF-%XiaX;e5Webjvw z1a5sZQ|>cidPS84>WmgY8A*#hfH;m0YUU3=G(c)8fHd-<+kGVhG#HEx!deeVMrP4w z#TyuWCz{WuF{cxKC8_~+xswp;fzHa5dHnwTuA%U{$=3{18!@nqeafLbXH?9Gs16uf3 zk7xYzCR|wB#p2I~>TorgHZ*823z}KGKa$H$;fQeG_9A+M&5^ZEjsp#ObeAz%E;a+Y z&#PcWO9z)eVsZw)70y0Ds)^U{gp?PV^_WV-aLsA!5LJ?X76kI+*%${|@r)8PqYoQI zmy@YQ8Poy~#qnV}V;W_EDbZ;VvK8AdXZex2Uns9YG|<{FfjAmPWI(Nthw`ua4+tPq z2N%0?mjjz>qFu%9on2*>v5PXFPR;?5GX@J<5Ey{pFFTR+#{|e^VHM-(8%@x}&(g{N zQY^AQZn`k@E-1&uM_MAgs6?Q5u6L~;y>g4hul%2*vQ%0-c3fC}Vt4zoT*meVS+0my zuF*%M71`mX`oB~_5lMh7QAoP_c?vlIyY=Tb|8*kLSVRu)rVG_jC$n?9`I8)9 z^BG9W6sAUnH>E2ch>yg$BiTUq>TxT>+T?ELFp1!?=30Og_&bwYPc?R&t zu|VEc3fs8F08`<}p+7C3uItO7uGTgU1EA_mdoFGP@I#fn#Ce;DdI02LI|mr+9JNuuQtB#n1~Do@zZ!or?X&&sb6r&t?&>G8 z+1!n_542}|7xP4=ZTA=}1qrO^F0hL}2RU$%Gn#^_Sq%QtgL`s2ph@e~jA zS?^h2zMduk(P#T4-AKRtlFzg3L&ty+N!Gk+(~EK&h){mDI7Qbn@RNXWU=-aR()d}AK;WI zXmvFi!nX{~lJ-ciOs-)cfbh*`JIz*X#^nnD0gS}=nm!c8m~>4b$N+u!4QH0e8{?4Z z1AaRQdQkD0Y(+_zgonO}nqU~~XukL*FVi2ck(g_7R~^=aDLY%N`ljEjh)))9{-#?v z$*`Xo@>|nxasH3v`Khp)eej|}9O%$KYVxAaVYSlz> zzbpH=sfX(!hgX_~S0pGtx|F4t4FML*cB^#b$Mlm+{s(7Wl|2Vbk2vGAd=9rH`tFOe zAGU)I*H;MD7{kUud1?*DdvIChppFDMpFz}b~eRDnhE z682~GoJE$xdKqG)Cp5^#%|vf4IujdS58aeleJX%Dc8KSk=|5mH-FdE!x0HJn?gdq^ z%VY|d`e@|hf{Ss=U^X$o8W~KZbqGW>%nwZ^juK2J&%+V7UxJX<>E+W;8+_ay0a6Qq zQ#G#fFE#qUF`}6QAD)b+R%i>uaVk`9$SjOkx;K6Ib8)j*@jZUW?&_RUIy?OIo?cB* z{r7t$%8c2HFy^O0!K_c``SsLr)qF`P5|pdb=*Eu`iWvefRbCqGz%U7W6M1y{Hr&5G z6t5iTX6&OOM|3Zk?x^mj97bTEr{M z7e%3xoUzUYK|d6~i2gShn)`zFNH>Djb*Kdflv(F&t1J+vHd+4}QNtkR{7-CCI)}D^ zsUhP;BuW3OMZssh(a_NSX!XkW%$gE~q2hdYJrUbGr%`~StXwQ;SpR8i_~vUL+|dI8 zpLz;zi-(J5VcW0M-=WD11n!*=o?3_s@+yp!ft&OoQ??qknsnSq4)7oS{?kDox+=}t z%KQ$FB)+_~ZRVCt{eaRJ&R6*J#$V#tLCDX zKxSLm{0R32T<;R!CotqBe{*`qi#lhnB$qN)lE42D6Igc7IwGy)<+3wx0UkK7fEfjeWZ zR)dFrtAYfd^bGh_guau356F{U52|=zr*7lUoH|QhWC&9_XMe8OF?SC3H=mCBJD3R{WBSYbA)M!94ST1!zqb+0@6jUm%i9 z?O$A7l)Eg%wbEo%$;p*r0>moEC0)So(&G~O`;)QFZq4C(FtQ*W&oc^h>I-xy|_kjT>uJT8zocs;3Uu+MRR&4fs0f8@N$u< z{mnS>SuR=>2)lwvH6XtPezHEmSJFxut8{FQC{zLdEqY!6h!&5m_6#rZtCiC+O3LQC z-Ohxnc`+79iz!O5gBO%4ND{|i%_Vm;W!4=fI}p#*8N`c-3Z@5;$dY3U zGw=^{1|TpJa|$z}zQ5pMe*^T3CZOgw`w2F7bbYsFRnkH^e2-vZ+$tp6!LlFG+4 z#k$n>ktp*%QAu*jt6e2wTj=y106o>yE?SvsP^ph5rl6LX$W?$2S)|*F;u|LM(WZ8L zyHg_6@|{Y#+mNIm{3R0QzfQeePKGpH7c)9Ik@{FQEM$0m-mi!`ZSdaZlvD$7ry2nz zhr{DtG1I;sMNM>te6xYn3hYGA!)Hk~{n#TE7fxxLK9e@Me z_i{q`Bi_DpPg2*Z41_?2F{DDp{?87!8jBOlaWtrsM>bLYf9bhOJQVhj8V@)^DpB$+ zkC9fM9;XhDo)QvK_>ilh^`;RbQ1SQ)+j-`>0 zx>;{052G~r2cfMLcKxcJ;R@nGm2fJ~1&FE+==yrG+1C4?dFjl#zrBSbo2+ijMJYTY zWI(|^{bz(87;D}QUDZRw2*52g=d69JvEmCUwl=1wm!Ff%-AB`aT-aPT3Fh~jKvb%|0#GQtd|U9%pW zUWqD0__p6&?R?`Bvi8up`?aRC*XSz(*TWX-XTghuMTc1YK=WrnCZfKu(V^P(Z=83# zH)hN&c(KcAl*zpzfyhgO>?i>Hb5Ywc&6_0patQ(iCz1kAp1^8qMyGp8kZU!1B{KQ& zecm<4>5mL!>F|61Wedz2?b$=+dVy1OQ#)_e07l8NbN#<8(=HM@YMK$j1QMeuw70Pea$4UyN@Z0=(&xLXxz)A z-Fe-JX}kAs8;y&*R#5o^I3iE3dzZKNGIlT9em*ZjKhfz%0mW_2xRhrxh-{aiiTt@1 zJW=|>Wu~?^;NSHgxKI`L;%>xxJ)h_F{GN?!B|sBm_|+Z$Vj}oHaZ^NT099Lr@R1#H z>gIUv0Yrj+TY;HF3aMUc4JjT1H9N^XsUzw7PkS<5sP2G_&J|PMXL7EMALB{e*TZ0^ zb4gjT)jbsyoexroTIVaVsL^=oFv8W*dA2 z%L!S@7pg>_6VY(TU^AU8KCQWDalwL}5CHXHN#c&z&vl?dwGqehH(*qVOnr&>HCd~< zp9-=eVwP$c3OQKyc{6o?q>$o;)CM*t5tGvpKPwe&cPpCZq$-fb&BWQ`LOXK!SubE4 z^MjeUV{@!@*9N}mTI{y4bW$PZnE@-V2?a-*b&+L4iPJe&0Ex@ua{Q zl)q?SD>_IQ)*Q8@@KWF^C8-LU{^CZ%!xjV4loj30Wq0QDlluAqsg2U+S0|jT7%TKu zH|sEcu#n0TyhV0y;sgu+?@95LX!U!`(X6#|=KFNdY%xwF4ZwIi8Ri7)THW!IA7 zi20xqrGy~z-@^0kx0HLRsib>uYi|{zQp1yO`m10(p;ayYOIE-S!PW}J58U1HQqpPe zBJCJ<)MuKvz^e8AZI}Qya{D>qP@5|AxlPF~$$i{GT}>&@u4FE<>RPd4_77jKX5h(ye8+mFhnO6*Zp~k-YU5b zr0MlIP*b{~mKGxpZ-!BqgvY^2-)*e0pNR^OhTiR>DCz%dYJ6 z&QY8obJRty+9g)V#ZA9aNW$!?J(uxKX2qim4pDTTQemT$&r%Cu0NPUaj*lhV3eBVN z7lXmse1T?yoHYDopOVf|UB@&egv^pxM>)e|Ib@Lg+9*kuy#F6DeIJ>@MJQv>Xem3<9pJ$&?05DZ*T zq*nseu%COQ6iB|RL+RH?%lyoZT;Z@uy-R7UOO7dUV<fy}j@g{8Kj{j4 zjdt$>^xrBO*NzpaPi<6Hlz1Pc|B}n|lgSu3|6B8I+0j9|Yi0jXR~*O5HWU%vnv&e& zn-S*)X}c)uGijN>8+PFcP`KfsY@-$ybQdd|KTS5G@{FOdp=EVS(gXMf#_Kz8Yfgru z8A-!Z0;<>JDV)?P+*7%Z{smvmxD{OL!#jh+{?kRY*SLWG@r}+q+>6C_dm}vaq*n#k z8X&}>CB4%9-`pJ%**(V5&9e-~vUE>JLxQYRk)h-PuywTbyU9qtAlhvKP5FWH61Pc> zqTDse7%cKz;KlpnRsMJ2dps8F(Ia8nVNh0LB=a{9C_kvnJb#7UyOwzBCcHBf(rNmV zNf*AP46u))5J{RAQuxJ9*{K}C!`Qrs6-~2tjR=Y#qJ6aOt~kklhF|GETnL!~1hf%3p6IVY+D8 zqXN!VJ=@#FtL_RX@G(|VacZRdR-avVQjo2aa~#=5ZZ~HXunq5+cNYpE5hm70&hX9{ zH1MvcDaCu>NBa3va~gqRkCm;qRCn_*yr4GU8UG7bURuWhS8+*!oKM{Vz$`B1olLeV zjh$MjT8a&MFcoeJCZzce|^}+FM;kkH?iza}g6Z z&i1KvurW8w0W~x4j4dfMn`zm&UZs6|T#sAA~;8%4!S>Y`QP3De- zQ7TCc``HIaTyJ}^>t+LuDdm9`fumoOUYb<26dj29TN<27`(p}%}R8~Xw@g#V-&eVF%$5^S2hU9Q> zW1wo(Qr;0v+tT`>O|fICqAeFrPA-%v0pU#TbVelK3|Q8l6A*tU?8K!9q^EXAsKnLo zdz`{=SB6rd?Vn_AImB=frB@S+f%RDrc7i7IZSungv`t&_PAsk@l881wlHh@LM$5qG zDu`5n<+d~wNSiWZV#m`ONsu$$=cYHHaMy?~+_V>;zh6O<597=PVWewFci%|h-p4=E zrOLX#RYDYq`)A(Bz!Ja0m&vtJg7_Gk3PyQseWA6U~)%b?< z`(f1qx8s6Fq03x1HTtbu_qk99%^|7d|5sLcnT=bCI*;y$!{P2Z1QVmx0NEOeFJXI! zi&f**B3=|^3c*#4cqWE#4m68LBV&)38y# zbX%oj8o+WaP(9(OQ}(qGt8xA5D9dWJ??)C~HS<$^To6_h>66}RN_7d8J)8!lC#)ZY zzkwSC)Y1fwpC*mw<16}rdbh?kYj39_ri#=Xip~Vm(A=d-mBDh46-mFvZqYRtNLzfcjd|NePgJsPVR1+ruLYG9`fW(@Hb6Y04J1yg+rwMD=DkK>61n4G#=dKyb-Ul zew7=vX)n(%o8y(jE(`6o@ALCb!Hrq{s+{3h!?mm)8j+-e9g~(BdmDO=Bua?*!#&jF zNNrYD&V-jZhlKAcGW=biEs|RQb>a7@M(|E~Y9*2c7d+8Gj}BtJD_y z^B zqwJ%jH+Z|;?Z%5KBK3=gEP>GAeSB>0H`#vW2GnA?l?e#=Vo*po|#RpO0$rV>4#KZ z-_dPSkAOv2q<1uSNP?VtXR;7q!t-oUfQ~GrP=wXLy zyqU1gdTAKCKLZ%OsRImI3SE9CuC288j6x2(?sl5KyfDYJi||Q?C?oFu#8a4UvkMNN zL>Mrkd>d9$XQF8WsS~MAEzM7Fi&ZNfRfMfHSTpgCD-zch7R7u5LK(1XtB4thn%mZI zYIqybZGnTds7|U>8MM!DmVr1Gs?wavVwa|96Xtw244okHEK;#u6wuX+nZQXM_wXwk zUqe;2SXhucBbWzu;+oH@eiS>Nx_NvSn32V!+%)nfRv!+e%4{z(|1l;Mkl!g;2HL2- zn;cprDXO_&6zRoL9DR>k@{GizS@Wwb$4$fPC#>>oiPYabJxdX5Z8lAS+UJqvaIXpR z=4-V#%?4hgpj>(CB=IQmwZ=~%6iw)QWJ1)2d%Se8(xM?**3y$?=;}9{`t6J(77jP> zfMDzfM=~Ab3?*MO&hJ3!O_iaKG#b!pt(jWAy&P=|rjM=1vKByA*9ScZzR|jor3K}{ z2J zi_&-QoE#t@wEOJccQjF%K*cQ+@dCw`4>ecNa!k%~9dZ+w4oHhP-sK7=0gl@^Tl}*z zFNXl3Wn6zBzy(`UC;2DDwg=;o6*O4%%V}+grhb~~peXg7uj;0ng{B=wix==;h%KM`xAiav!)L+D{%QE;f2R*%k!%~TBw zp=fI7ItwLT{Z?QJ0|CNA-J$0W#Ksu!RBJw4*KB0FA9h8~*~$Sn9BiNppw~~I>}kEM zzlwn_3mic2uc=G$i;n*p9p+4#&34j(mQ_8NDRUJ*A|_DZ&57XC&#(PlC#w*8Z=2au{I&Lz~wrOGkxM%w7TS z-#C*20B;cGZI*Ga$t<<80fG)D7)X_zZxA3@-c(}rCZ8|*7*o(9&upj!C6mupW)7l@ zWDJYGW!HT}T($+=qS{cdL6jd-m<+)X)GIhI2KX~rbQjE))K;@yV*2U3{?yDfx z?dPp3((iHv3@}aP+$b>r_{M1A3Un%R6ihTaS9tyj_rA$d+Rdk%J2r5_iC5vI$RW%KX(;9uN0d!$WIrZ4f)7J{i;GK&6GYnhdYJKR-g6L2$Q ztn>4xQhYWPDbZD!^Z)tdBcuRu##8A$0DiA8mRq zAU3=;vq;1Yj(zMGWiZ0lc`0S!kQT5TM=q38(gPUg3>Rv!5AMEa!5i^;aUX^a@)L%+ zQdPS)5z=x<6BeA8t?6%p9PD3UwuLnH70z7LKVQFTs6xQi7YV|pFv>#z2W2b6#gYX_ z;mmR%qK4DD;dp^squ!~UJg=dlu>$f1Uq{O+$f+U9gp81**nq%D@1~nhWfxmJ3d^i`0D8|i0X1Le$5ch+SET-ZC(R=99pCWl^L9^AlJqye9plq!I;8!5z zpuA7b%u`i~kXVB5@#gm}KKw%;{Pj^|ms;oLY}g!lt-_I~#z}k8#m!J1HL62uM<2Cu z5*%tNl>B$%=hyLF@V?Hea|q%-xy5`Y>S`*PENA1o(h$3UgOD9+NHad9+d*)nZM-0) z^_s@1{Hu+u4l*X;MX83K*lJN|%#-NP2C;7)scpYgO*mK(o{rqCg=e#kD9lDwM_ea? z`qUso;55Mq@yIrWQZXwcd4z^RX}KX*xKjsE7rCSoZJ4r1l1gwAVe%qDRT}!)-{@2n zC_RZ%c!S{I%QFO?%BUWuX5T+Y24PE?kBNfLC862K1=_S9Ild$|j9EZKazn>=5?$8X z?2VmP>qQD>x0a0_71z0wr{`?y)~kN4a7a1x4R=!|LMdzUKOmPAiK7qQ3*$3~+uP!b z;1rHb)5;y6NN1&Bg#4M|Uv)1CFy96e`BU%$G1RVC~F-9oV5AO@&|o6O`TJu z0}y7#g*08bpIf4+dZJY`%w8=~&$T$wOo@{Ov$(-J#->e5vt6%gZbQJ^u&VRLdzYc{D#H2Q*~=4`if z`&Y&<&sA!K&!_+~OE*WC3W4!0BCZhlpF~f_^LJ#TY=lcrEsfrjeC0#PMY zkmM?cxI%Dyieq|K%ar?v_blIu$2hgr$y3C<+mMRAZ!?4ju~(HcCv=YL%$HNdojhfR zY^6>=H31@ax}=z}HSc9kS#;;=a7~t@HaE=lNldY=<#N}Fba>K`f7dY5RVc7o5Ph_6 zOi41(xfO2VkgF>S#s`Xn^b#+|DzBb}lSQ~`c-{u;cpTNI5Z@dt2yf$S)GSt~M@{>pO_i^kC7;>~_0}Ds z+Ekrg77&j|-J{zP8>q?5D+0R$(KXW{2 zR2=p_&DVMsO>2n?#EOPV%DH}F@)`=@=lXoMZO5iRtgonq1j}N@aJAWKC~t+_jcIvW zO1Hi=8Co1U0iBkaJ1I`ZJ#ffd1%~bFO?q*-LgDk}VQLh}B|I=(9-KMm{uvpFm-HZ9 zjXZ|O_oBVlSxMajN;a8C;H)b}@X-iXSb7CfHB@H85|9Ht0ADH#WLD9b3t#im-!c1V zoB;X*$B}(zm)Be1#tFwbSpFy3gO(g*1`>wIR$HLEVndCeh%GQMq2H4_Qz~p3v*y_p zt<^a7@iPTp63=tev*CUUP=yw%A{{%sY`DsOq_0#t*JB?Vn%SfgH-4qPl;&J$q46U}r!FmDyFU_f#vVOeC71koAv zbRh^aGW?ga&znLD*DFcF$p3$Nqz59Kzj2#rU4 z7Cw`-1#lFVqVAaijCdWMi#JOnq07nw+z~gW>Mt1HKF=(V{5&DEaP6-A&aTbX;VuB#Y(X(3Y8#~ zMic1>0T&fu-|l7zb!BYn&jH*E0zI9_bWaYjqPDf(P8a0T6QVa*I~769Jm?jl$~SYS zBaC}uD7P*hW5T809SPIB2I@mWVf-%~*d;=pw&cr5W_yRtRd)q7Hc|iTUk zoWdZRX4;h+mKRU2&c5llnXI>Bgm#@+4Oq1GiGNHM6O@W+Nt zO>@|<0(|9?!KK_WiEJc5Kk&>5q%Op*H36PvfY?`F6Kdhv4sFxU!^r&Vf`oM2<^$jW zWIlocc-xUO5O8<`0b4sVUlgreTljQ>&3L0PxvoJ)P?c)j4HaZ-?lNhz0xE4_eHyeU zH(dREYrS(rX+1dg=2KPw(eTO)dacAj=1Gg=_pc4lt07rqoj{mctL{t8=_MsS=DzZ-KM7GZmj?%&Az9c@E+r!3na_r?p4eUOdhJ)ll9P!tRrxVp@)L6&@b^2-P4>8ChFKDM{VmnKO zgwbtxw^~Nn{Y;@Qt`{I!M^r`b@!Kq=QuGi`>(l&1QI2OajZddCoyoB8E~3oT+x106CH`toYQGWI_=?L*-?IJbaxXli;9O4j=x}oKfsf5KVb(| z_8dlOzTP+9(c)ZUShH<(I`a>cEkl-P*#SeV9U=7yJCuQOmNSJd&IrWy(=#NljMG`GUbV zT2H2J<^D}C8TpA+Z?P9Vb3~G~>y(_FTbgEF#X3qcn||oC>Xgrhykm^S1;5x&M9Je_ zouul=)w4wb(j^OL^6g(f`7K;zt)#YI9TK}I#H#Bi92$0lgHrHgTf(|h?P3OvsDyZd zQ)b$l;KLE*X=l;br_$zF@U$MF79$GO8VWm5=z8W=#W*x1T7<9O1G=y4zBt{VOJK7c z$8zENm;9sN8~yRtILrngesh_-V5I4gN$imefWQ0?$&yGFTkEb|D1nu|&vB|5*&|Blzo48kTvE&KT3R<(4H+B_#(g$oM@MMxogsdI)E zR2(kB%3&P)sm&X9*ve+=-N^(r9~9D8;Aiy*(%q*+(?l!zdoPj5Q*UXtT!rzZoHu|*U7nJShbHWM$ z6$u&?3PgMzXDmuG) z(V86+vvKG%Hb^3MT}@v9)Bubl4{&ia2D7K%cEXe%P2@WkL@L;(7JT=vTV^%j>yh?D zs;Hgo@EQfZ!f9=Sq3vSSK!e6m+g_D#u85cZ#{nbCAOEvyHAQ!y7sy z*3=P{@gh+}*V*ufte#3U8-PO86nxe_wx|E5zHj*PZPq1|Mk6|^l{$N3mRWwGU+f&e z)|JU~IEzMhGL9{?)kAu+1sO5t%7FicnWURSw#2?aQN=K{H~pL{ai<>_Q9)|0W@Y&O zn=?c?w^#k z*)xJeK)ll2+&!@_wvr7@XOo$(gz*ZkPK^2X_>2vU)wJy)Kq;{)BK)1*vGXs2xMn~nQ7MX? zla{_sKT28In}^UFIT95sfb~XZL2sv*?1`toNt3;|rD~w*@<%+@(g!D+W5lcQ=4Re` z-y#h^M=o_Y^$qFhAhWrVC)ds4w`_NFp)WHmReam%AWymFN}cD!zgTYL7p=BKC@De{ z)Fbl#lSyH(*yldhoYo@A`YBAW4C(4>WBY#@Ds443qh?Y+IBukEFA&bZg?tyQEL`9t zGqxv9N#ZK1iK!XC&=4YyNVlyu1ypXbFe~3Tm?N*u-lUrqdzd9l)6(PB?G)9D(kQBe zUS%4GZHKJ>x%Sy(QcQ*H%I$30p6|uN(!+YgY#hjVz}^EaUFy#i6Hl=czZieW1Tf&d zPvzhpmeGcIQ2tT(KB3OcTR{gHYUM*rdt5PR+$<11mP5OAz#XY4&t?H<{^rsbi zTm1h8Fq27h)1+<`Ly>8!(cTUj+G*FJ<*zZ*`_zO)aY+ds;9LG6?+{Z+*ZXVat*O710Me(7W1-Ca(OY6OStMu*#%#>dkI zq=MufxJ3o?7n=3`JT)%WM6Nva1+ultJC=v?@Q(B(?I(#6e0{Q+`9=B`9Uo&Jto;(Z zAqWE~1ujR$7>l=rALm&sB%ON^PYn;BFwwzz%Y9Bo{mcD1KiY`5|MsA!}Bi_t(lufvU zgUuIWfqX$(YZ{7B6|Sg#8y1-fc~_W&b~$DgMOTJEbrkRzm~NR zqeH7vK0ax5H(?l;#Lg*CC0_lQLx-vs8qSeLuY(Bq@>B?GZMTKy?-Cz4W6yJK3(2MT zxo`xhOW34cErnl}c}$vU_2>e;4v13hdd<@{+49;o0Ux?_S&GEHJWMvNG*|up(!YGM zp89LI-K??^N$Dd+TdnZC8sy*7wKI%-fB+o*la0AYZ;A(^im7C1P7G|6<9 zDSG|R#}b|xUU|#NZY(vs084g*ID@Q&LUY~V{f1G(2?cALZ3-*ts?&wqtf6+8%qfxBpQO6w6Kp5@z}FLl)gU1+K%)duUOlzVuTu%Q?_!dw<+K+)iXD z+h7%`NEi}8Zc&^D!)ji^*UcpSRBlCQ|cF&Bgw>~ugMtz4Fgn|#H4tX z;4HHC4RWPl5DVZ&IFHY+8-tA3?6XZVR-~Q|$nib>wbnBYGxT`ZT)d7GQ`q9;raZ4O zO^!TN1it2IdzU(k22GY?YNLHORuqw(G~3v6yHO0o=I?k#BG6K4jfeZ5@M<$$>q2jg zOXqYj+q7WWFWMR7jj%1h9X0C<$R`e6`LXf-J*u|<+5cI2nO+rn&ois62u}i~*R>;S z(;Sg^0EPJ^m~X`xg|p)?YsaBbfYIt+1T#h{bW^>|kpw?+B3#$v)Pl?Z^6Myb-@l0Q z#3diO3A+*GAJHbAQp){@{m+_Qgbq7OMRl#vb-ihbNBbtdE%UbxmyiSkPJr)N_Aw%UqZOJ*{tXb?bLKmBts?EGMRXL0v;n;ukNwto z7&}rO46-%vwH7a_3L+Sf>n%)TQds|>^%DI6t7S1<^)Vx>W|1-bhaMp%m@!9$vv1TS zP_yDisFzjoYl(`_T`yD^F1m44!!x@&7X~?ZUZW{5trbzp-H>_6Ji^DRf*58@!iBl+ zG~5O1)*g$f(e2C@U#xg`w}8&U5HJ)75xbas3jo_N$|fm3mC9u)0ED+fLz1vaAz5mV#Fw^TBXh?u(K!F+i%K7lz5ZV*@F+ z>5H1il&x8tnJrK{}hmc0!A zBHOGRXFp~b5G%m36=`p*zWxAn( zfM;CZ)N+rJ1EDe(ih6%@WT~AKWul243(1TB3qIrJH+!FR4YJc&g|GUzQdPx+Ctx=m z>p&WR1gYalOn1J%HcSYO^&ue}H>t!c|L!b~E4dAQBCF0U#(W9}-Jf`v$|x(7Mw%Z9 zl?7N(S||r#V#6?omrzPbjTw1Qw@3x0)jT1$&;?<;K4y^Fa9E0^<6yLTqE2B{xHc{^ z-VaPdHozj3oQv2B?(vT4PzGhgSvBcknOvPPUv;DMeRJ^zx|N~CBwggVdC?k7TTu5P0DRG093 z7q+0$PJu^<8Hp<)5b9b?yq@6rIf%U`kn#Vt5R%RjY$0114b^W{nWsxo63O2I%51%@u<&c`ld~oD zi9_Y@-#?2vR8-t(ckby&^Z@Ccc`RNcdZB^J0Oks60anaa%FZ9r1x2@Ti64yU96N+o zuVO->q|F%?D8~AAF&TbbQa>RH1?G2SZlE61sb%u+IY;UBfaX@MQ*~$VklK5 zWJkbF+@4ihjIw&}kX(C^DWT0_-mF70^m{)QO|s6kTd-|IHEFc# z^nGGu@Ck7sY-b_!RQ_SiXU0OmPzfCE5QSSg5clTk%aC%yFp?>$9)Kq9-u@$%tgufnztDXv=lH; zgo-pv0soxkZN@=kUK+0M*n=R0)o zy8Fg?!BUf3(c-75sLv>AJ+fHk*b7WrfKL)%fzmn zLSN6?mqI{^zbFu>7^rnrNpbj<{xX*S;#8}**%&N?yj+ouSnHrwXufDD7{Ed3u(h@k z$Scy3qTUKiS*9G>f_yc(LRy9_R@IXyqTaFrAV^ttrt>{Ge@CGIy&(Xpao;Rym zT02T=cHxJVxv1bnGPyW~pb!>Hz24tgMw|Rgnj3c6A99c9+1uVL$MHZ;XZYwJARb;NUVmogcz^8G>O6@pMYP;`qWMn;gFv02i%KsU-V*Uuh}PP z+p#n-kO(-n_&L~$XcWtK%}dBdqFd61JbmI+UP_av23iiW6L~hO*ehQiVGlenzApma zWnnR{OB^_MDRnPpysJZ8-84L_*4`JzPHl}9`ts)Al8R{mk7hupuG))+F+|xG;-iH? zSsN(?hI$3^MxHf7un!<1bv3;EAzBCo1myNV#*n_z0%(r)=%-wiBCb|{tn_&Ri2!(u zKMHF-Znp$4YKq9{McfZrzHM^UD$yqn5RcJZ=R@Xxo0e7`7{Gn7qqlD7ciuBdOAev&0g2GGZsps}9u*Zq?Vxo|yrgcu zXMBs#cYO;7{(EbhPGlNTC{r3-T>2%_noOBNvgiFzWf9~%NfwVYjS~;AaRa%ZZMIPa zkQ&mPdqRG?+V@=wU}}B-zvEzkfpxiJ~94REFIw}z7A@8!rD+BmGQLDRY^1Wg-8m`o` zi02R$^34&t{$e|#i%*uediMJx7rWsey4QnbAlKe zLWrbYo~l^QSx8`}Y6IDL|G_;SUbeMTX};w0-EW%;ML}oO4xk4B-@H5O^myTW1B$7kOwy7+NYs zofKCrjt2N#RZ`CDB)lr`R-pqBSz8cuFv)dLV_bOT0NxW zgtNt!RaB-`pVzf1BUJoGCiOrwPk)g%v(_(87#p6tPhM2_F|AqBh1etAQ!T{5`ixpp z>jHsl+#ZlyE_1KM@Ab&P`)-E59z$Ma8@s!gR%YqinBM#YqIIIPGwZ zCu|pvO^SzM=z_MpvuB|uMj(E^AX&zIBN@0Rqm)B+UymUV4Ms##h^vHx=;FtrKVO5}#g)$wYZ zc+$NP8EcmL;N1%?<>C-Ml!odExn#r1#oyffpy${75*(PC`k#vD{HKzTLc%~-%7-JW z9s#LG1+Eq6iLciQaWzDm>GB~clqO9%eW^l+-)NU~Q+L+dpqIRmfIX-nH6Cp@?;ZZS zN7BP^*T-FgBSqSMbyN>mfEN>sX~78xTUuA)n?wQs@im0!%RPxMQ_Mz(&~p+WYjQQj ztGTA|mObB2FDe#s{IiIF>lQbK_Bajn3{t;bGjzva;kVD|P+W;YHu=hiw4M(*V>j!d*xqc? z;;&g>&zJtusb<}|W8wa9eKUCC=0C^|KoMB7>oa?9Rlm+>?9(ATA8OcDVQS72 zVQDVle>;2U5Ut$SYcT4jQlN_Aa(?ucJ|h)5CeT-?JG$Ah;Y{>e%)izq@z0FwIN#>w zndkm4*H76a4eR()j73^q+s4rOhLt2H<1brhSyo~7y9Yd@QhdP@wP)N2LSNmc!DKRk zR)fDtnDJoj!moT!2Z7Jzv|102Uc4Cv;O&k+EJt%ZeiHA5PS?Rm8gryEg+O``?Rqj& zE|;2)r(OWC%Dqc(Q2?;ST-K3q-EI!ysC}$V6*zMv?`o(KJsk zxWm9s(NQo=7#8aOI%mPH{q>s`O4o4;t+SlN&S`jOpF&|-c5~0jH3Y71HkX0^gBG%- zhaO{(u!yEdm8RA|dMdtR{m=GdXVkB-pO9^M}VuQiHsY&-}mP9U;&L#k0?_~G+z!~0Le9TE=4vnq|7 zuCBiuJtOgHTJ=v{xScHeNbVbq*e)?PFkKtnD+jCpHBtUm#$AZiN7xRxmf5PZTY5>M zsqYRsh<}L2L9l)G;;y)ocRsVEL>B#N>-6VuahY9X`kD|R22GtzRxjjV-%Br?YDF*v z26zLZoTwM*uYG=0kq3%qt5701tqpKQ!>a>tGpB2WGp&sXqhs9ap5|dgQdtp#4wM+f z$7&2AbA@_*wFDs*hSkci@1}nSMveowPS~}z=_z81>)h?6a=w-K zELI&=zxoYiGtl|5>%e}ZZqzS21U;039S6)dya(W7GWFpe%}&RTtk*w3DB|D)?;H#H z0sxi@4ey5D5INeCLDXx=+Sjjy_fX^yJAhJY#3kuqcQbbTYC}%DN02|Y%)lU;bL^k9 zTv<1I)Qo(Ipdh-xq;CU`$in}RT+~c?{s1%NEm)i-XkeJWsU+KT#Hb%|LfQyexvFf2 zzZ+XdVyDtkzu)C`a)lz-RfHm&c?;1knYe1hY94yM_g@T&csZR%39ep=V404Q?sKQT zAlFZcm@XyKl1ArOJh|mStg4tf1$Zvk*N4P#G}qOwkn`D3omSP`6$9VjX0pi8+-n#X zkID#OkTgvSe|Zs;=a&Ah4YUl-<|Lox7S)o#HM+2l(hWJhu$8Q#rgavqcOY(&P3x#{ z$J>8Ia`>Gab=WCZlJRW1Q|LHWxhz<0Mf@ zqnB6YtwwRj(-F;V=`*wn+$?y9x0DNo}LGS`G}{>7`52GhVOMPypz$v zOjaIg;~4;MyK__d3SsMjn46I2a-e1sNpNVYgemZ$;3TfA_mepZJ_2OU(@8`^MmB~? zghaF!ygL=rxGG7Kl|IS&{45?IxDfr7%G-wSK>#Rmtv<%@T3<+q|)FFuMVdDCbay2WW|>l=013 zCdE{g8i0z_$S;iD|PGE`QPQ+;UjOcu+0~%FYDQr)QZjqwb z?*2%tGaNWFIIT?5?$`pI+ylynB^&#liL+m$9%oaj>GQvL z-#>5F06##$zgw9BV{T4)NJ9@&B&Ggcc#gJ}a8sv_3;cDR!M6DE$EzNFDet6fdi%D-IE*pAJ4-;a6;)M z@`eMz9JmwJWeczBovWGm1vaD#(#h<%EdW&&5{4OnAiSZh~d2eRdL2Ke;MFy6GnS zaTLBIEY8AZ-^K?>+2SVTNeXPf{}k3Po&^rkpBQ4QQx^71GwjhB8gj}Q?E~<_y5@zb;!5KdO8I@mjV zC*pLdhy}DpLP5YBPfR5J3e)T(IoCgu?Mtq6{u${o2{bt(=%-`3pnWAsD%(DNPGD7{ zc|tjC6Apx)x8zJ7N%M2qa)i$F7A^t=V!C3wEnYAs0=*_lAs(eR5BYY`-RSCaVa4>I z#q}09^_0|t$!uN0FkXUiN&DxPUiyzs4CPvkih?#@mKs#EbA5TOe`7j z8xvr4DIt-82>bNZZEyku&HGsJRkG#dKV0i&rAiGI4Z1Q5MPO}zq!{j$wb6au>HJ4& z1wfLrtR8T`XX}%}$Uujt*HB>bn^4P5^|+#*NBAExU^S-{CxZHv>s-W0si-r{&Ez~M zl$O))Z2g$7k}b;XQ9PS=^iS{D}z#rB-RpVTFWV-wL@%@$l^rKi+RSrM+Va-eS~ z0Ax94#0_5HPoxqoPuurzF2&(40SkdjP7_n-mxqw^m8jQ@H_=v?i6ok$;ZaNbEKV0L z4So+tqr+n57hgkRn3ZA}Y6=Jvn<%nG`lJ6wcM@m2&Br?tE@S7n+g34ua=y}{D8h6C z;+MZ-z@+`5io{h*!MBm*7+Yl_jJ{=Y%Ze-Ec^=jDOdnQ)I2oR=7yIw-B3fhM_4YQA z|E%d{IGfu;fr0dI`x-BQTKUPe^g&&{6s7yzSm3orum;5|&R@x@T&M8D%_vhE17rPv z>t}Dux?+gk{*$=Km${yQ>Qyerx1KU5Nny#6z7cX_G%r+!PL`Yp3q`V7<=kdtNUw zWr5!qdwQ88Q;w~*q;$*MJduVK$DMx|G~rXZo&S!wPQrflkwZc#>aOF7tO}jmFhZ#& zfFSc=N}tpp05!g|ZL?mLaxMe~HKY&7trpUeA~R;ZJND_1?A;p``9Xx$fzzYwSxdMk zETLg7B(?g=(be=NX*E%INouk)IVVO98MDZd&Qv=*I1L9k-hVI3mn&dk_8dd=n{wC^ z_l_x62sOtk_1F4>XNEt36AOGLm{DT1QLN5D>H^MDmm=4|nwgER-5kY_g@ zO|pWJ@>IB>X{C7H@Zz|&&=#utgr$YMiFUiIh`#&NirCG-;ToLeY-Ur~FYVzHx0L2I zJ>P|CoV2jMmJu>ZndIk5{A)68dntv5LSbNM z`>5#8)NJBd#fIUX|2YE|+ink#_FIvNmkrmtcR2gGSu`bJ119qk7qOzeiA3FwvwKuI zOwH7b`F=zU z%qD$(fLw;BsWy$ZG%OwAomLjHGB8}SpA#&^5?kFG0Y@%`oCvQBX5|Q>Gd{aX6&CLS z5ZXMirZh`~wbI^8W5(rp4#u(xEJF7g<77$26%_{9ZSx^B$pc=u{lIC$LhYiH@=iq9 z6*(sd<73_}A>YbXwM186eKX*~r+X$+-L5y`p2a}rpvd(tb@NnVL$xZKE(xR$q{-S& zaa|d4pNxu{9Vnd47U2{t;)OIOk5plwY8Y2$*2}5R2?l7IifhRULE^VNM99Mzx~SH` z#$zh!@KIoIyrR>Pu}<2xi!Qv@W3qB zYc>yZr-xXlD-u3`Y`aD9dr4zFykT^qh?mQZr&{01kmM~YG0nZ}}>DIy9 zWPuPO0&*_>Q#fsF(D1Y@%DnAWku`LAnY9YWo60T&>GU?%6;AxkS$V*ZQWsN@xhe?B zy{cqMX-R!Cs_Zq^m9#D{_tTf{yv~3NPt+C9w)bUh-LYAx1s@bUgSN!AOkW70IX~hC zeJ8%pk^Ki=S}B|qnb{?IzQby0{aI(NRPELY$6jmBeO-*x%3RgH)dImXT+p-FuW*mU z2n0O5$NTxyyv_FkEzi-fi{b8Kkb8ERfGd6?7DBBmO8Xu}&fi@cY+K&|_d|6AEDbk* zH5N6GnDx7jD5SDXaM1o0BbG$hSZ6m;&WQSItM%3z@hS^dRnS`lNhR@$bSh=o{Rsk% zT~M?!r=qWyAuHW?i+-Jo%efYO_YxshRF(AQt|O4UVz?E0b2y|!iXE*q6r}5=3%X*f zQp@WMLO_xB!e&-T05ZxT|M6+Vo9=707NepSg-H4T+GOJ7#X<&~-Pn&`DQayD{|~X$ zU`-=(Xf`|`Cxz`6=O&rR{bn-wk-=7H>DMy6{A;l7*Hd|`WihcGk z@qE!d88tg9NysXc)yox_%%P_P4+*T!ZvsKDo7j2W!iR%QD_jT470L0Xn>z2c@;I)C z^p^j@+O8~SU-RKq$wQW7F|k6K#-znfVo)4%xf^DgJx0)!iE@lRTA)gR}Wc2&lD^tTjg2&36k{7a*I}&UE`{ zm$EOSsl4_U4F(ga=Q-8}b_-c%4#6CZ-jq8&Y6C+{i^$Tgaexp+3mPcl2<@eMi z&S{+!#^vTRY&XGt8pjvu`#;KM%mzEA2CnghRP6Qz$f39#$xFpoNBtDPZHl(Re^S^k zCZ~{Ub9!bOL!Lu{BS%I;_=JD{EXZ~fDZ`oc^W28Q!}2_I`rRUi*E36ZR@u^5&06qYj@zi@Gm;KSnaHW4#f9$N#?EY@Tln*GvL2$wQY* zhIE^xMOfA9|rgL>J88Lry=}{THNo;D?S`{b z;55)?PznlM821YrscEXO3vTIy51AfX!}ppgOP_K)r?xULY^;UeXLk8D<+1hjVhA@I z=~R!IlN5JUv&seZth>z1Djf1%w6Ep;7x@?(>?OfMCuK3&@}Hg&F|~+2MuwuuSPu7H zdm*LiP*1<3x#7$`0B7!{;{pG18+4{Ws~r(rz$5ss78Yu-$(46B<@X|6k^e>ks0org zK_ZqG$Nhm38M~&QsQah;d3FN`e(uy}OgTxbM`OC#;vg{pt)keL->?2AzTz~+qe!~sEYv3?MF`bOC07d0EP zV_RL?=@AM|T`>VRzW}mxsbna=KgtJJC8XsNgeCtC)yZcA>K#|YG-^LD4F8m;%%woMWp9q4c+69k%+Ju zR!H|lq7^Hp$5JF=B|CD-Dc-b5W7fDwZMI_slKB3a=+)^b7k8W z^SlWO0^GpJf$`6AKWKtoM z&!3k_-hQ5_ngNaNhjMI+HF*_E-&d>vd}m`kxlOs9A`iRuH!uChT1=`|sVDUKlPa~+ zW@ooxU|a$2AZACrJ5Q4p1GDZb*DpgL^D4u=v43Q+zr7TlO(!ZUoy63jyhc5a8Zr## zLzP|{N5LounmJ>acxFAuW}FgIb;Fka5QmMrafPdIb_<|9=LXyk7QH4ydG@VO z;fGot>GX%vs@$coAvUMteb98!jJYLE2te-Jq`Vi=*&T`|$48tHKQw&F9L$9sm`bEb zg?B~Dsfn*7Msmf@5QZejB%xc1dFDG)c!o0>$bt-AU!J&VbB{tzPM#2shfrx16O9vK zC=a=4<8HoPKa9Z6F3Eco3V6dX(Vl)*Qj9s81^F>_pvcOt$1wGv5ygt=Bt6A&K!9I8 z;vVO{y*F$rX#XTM%lzs5@fF={MV+?3CYQKqchB^M)Hv9BizA`iZrkss5B+WG z^cVanBbFmKX$^_|A+mwW0kB(xnt#t6*w@^TIzXwN=0izF-eyB1Q^1o4IOj^ERb(;- z$dPt^j&`iNz072d9}%~>0keWspCI;;n{B}lf5J#t`g`wG#Qi~fyUQn1zFw4>?M(*& zA}^Mq;tJ872`>ge6m0U68wS2*btB@m6{0|?NL>&;576&!8D^DpooIEGYeO#R528mC zspJFarir&x$cSrD70d-H2%vRRUC`5*%v08Hw5#~@zXzc|&`VndH3v-WAe-phrbiU` zxIOs+QlA{CBUB0fvQ=kYiOV2A(ZSZ72#GO-_aZad+U_R2@ZAj2AEidfBY&@X)umfl z(j}n0>W%ds-kwv8R>*m_Cjy-&Jx&L^9{bido^D@{>S_=l^evuQOx#Wk@{~sk`WCcU zSYzTI;q==0KV)TBD3)N+BC=swUfWQ6@PUyzOrbAYzxgQu09vsnn(zO0TxclO40I;B z+V`k>!uf+C3&+KKq7wI$JC=_5bm>2q>*XfAAlg$8p>SZ%hr#F-iIdQbNnUXA5c@_} z%^V>4A#<-ZfvR@n$WOH_2k)ZhzhCRvdI$~>Ci=qHMFSxUr+BtV00A{X_%R1~7;QGz zrAr{Z3a5ebK|h>{I!&8QWApw#BR3S@Ket+R7a{&vkxVc2@ZB%5t`Mzrr`YxMD7Kui;1NwZZ zdqk~zno=KE7f+?%

C_#&pa?_OfTmf;QN0IW~ROnl2Fxri;jkGh36!&@!W~I< zGW<8#$z3~rburYOox?TX=Wl^bx}|{St$dPN0d>OL536nngfB~#beBWyb%GXcfl9=M zULc`dbuPZ^^4OT2%T?6jkjq*Bu*VxW)3*?CEbr(9_6nKpu5C) zet%*952=YDw7uoE0 zts4J;NG4pTV5m$x1&OUv-7wLYN@Wj1hQf?Y$07gJ2QBbUWp28u}c?M3IA; zUCO7uz4d{Trwu-zaUt$5_l`6WI$vMd*4$G&PPHTB03@;P26{;=?1@BYUbX~elH{3b zc)V|_cEMjlu}4^o)}2n|N%(To7YdBSI?|UBqc-L}-}{FpxXPLuV^$u|1Mf0-9MbxX zEeFC#{m$3z)1u*Z>2sg~M9O=Feokcnw10CUvtBP_jUY`U&xWL6KwjiCy2y%{YX9Gr zVi&mFV(dH*LAPT2L=L;B&&yF|+4Np#dX#pvi)iQgm zwoJ-hj|oZQ50|U;m8?32Z1K81Xyvq)``$x{fn<_=&q>!AGzxRbvm`ysgN6WXj5&@X z8PEZ(BBtvk1yftJ5D{eh4eKgS0dGH9)Qlmc4)oc!TOzGbJ1$Ex{{F&|I=FTii~2>_ zQj&5`h<7Y?{n==^or`ajF1V7ZOIm=q=UQ6;2u82lj90byTh33eg(vB&j5P6s(<>rq ztpON&w8-{;g|)pex{S<-S2R<}Ike%Dy-$_!=Q8!vsoKcE=KCs0H9qNK@f=4qVr!=L z>pe4IB-kwe-^omU()2E-kXM zv}U1^-lMYrNTSVBx)3qcU=;UyzYs(v*int(Ol*} z52kjTe5*`u$yBbF@PHcVdD0}@5h1z6H0(GG#r^2()QVkUe)wJ|DHjdLH@n(FGfato zL0=NOUc;lq1?|g9FVz@c*vc!_1Ji;vB`TY2uI|#K!8g-b%q#&y&k?fY9n}7455ie< zJ)JI~=c;LnX_v2TzMagJd9|}F^8m0H11=!8Y?%H+<%n(bZ6B_>PzH**osG4cdqRxc zmS%f__fKZ`JV#WtDpKmP8sA5zSiEiREmoM*uJ+FmieXZyEg}x?0`!}(@Orjc(uE3e zfo~mg(ohLi9uX7?kv$|cDJ(oklV51jSHZHrqE!qH1>t}<^i7(!CrCodHs=wr98VT) z9(9wF&Kaywf{=i?tU$|oNGT^1Rg^(QBM%`uP`E%W4#|Y&+tV_q3Frqo4y8!jq1M%9NOR~;pEf5JtFX0bcqTRgFy>X~v+yhB*| ziVn~j0{%3U)WS+#LLphpNV>QTv24(lFb6nE(#EQ|TZ-EAAus$P=uA{_fk0Db64^m- zU}6>Mu8~6Bz7Z%5T4|J36qs7NphL+}!eJ`giP>%+^6zy|9I2Vn*dLThyevDD zXE)oJ|KqaLI1LI*M8U(e=Vr8xvL*)7UgLn4ZB99|$XpeMWMK>|CdQUjals3{9Ak~| zb!XmCoTEB;7%E`VD|DclEng06>=1MkI;^mBaUtSggK&J$v0|d z2zb%$mZCXVo$INb2}migip4CdH=o4Ashb}3EQ;U7%g_miBzi?SJscV?vZ%hJw{~K z|G48-N8q`Roj?l8Q$?dF#1?e4C;*YHKR^5{*nez=Wn#EXh7L@3BFP$0gF2Y}-fm=z z$suoiYl3}isV@GX|NeB<)l>5NdXHNQKAa0Cmd(bgHRF<9)f%p(MbFiSCS=$VTUrR> z$w`bPKFwQg#xCy#r93i8^{g9QXW-lRJl%{FcUhb@yYyIMpc+@DDO~|KqL(1T2s%L2 zb?~_Nnv+l_Jl!Zmx`|6NPa;_?zs%%ht0CJDH@kwYhjy_SpUzvaWA(ytTI7bO0@rD(rQ7fYK`zT22g&!*Q4%vLW|HuvVvf95(A=A z(I;R*=Rljw;RDqvqcrIe=j2u912#h=SgC5&Ljt3Q5aI&p(fr``Ml1X}Odx9sBM!!p zv7)xu%hzsBxYcAqiTnNBACDObMs-`*qQR)91TxyJhq3MzO(6bfUisCx3LKD0`<3m- zf*~V&lSgNP;3+a)1=Nh~$Ns1#XCfg5$T_!@fA<*z%&?9_b36!?brjx}sd{$Y6HWMQC>Yjf6A+ikagh&D+_% z5cQ!*G%bZ6S$09hdac~7Y`3)mqFUrrps&U24R6NP@Pb#*#`O{L+ zn3Vo_)Su&BMcl=VG8cKj17%u;WuWzw^UW@di#tDr?r=bExIa=19C02E&r&0(pGVW> z!QlMGM6jwHg`;1oO&gnzlxh+;n%q06AjM?SeaONS88x-jkpX?>TLZ8x-78UHA4(_5 zI1bt~D3lMBsD|f7tVgK7pyjI@@FcJHxE=2|Mzx2c0nd`im z(Vtq!6;b~LW9A(JMR;mt(?KgO8`%ETB~rjp=tNuRNey7+Txew}yub*9Jp&kYk{xA0 z1+BS=aB~cA3nv?PZ*PBVzA3Aole-=bo$Q-V7d5(GJ7jBVT8GaT($HKZGo%IxB}K<)rQxqxL`YXoB(hJC zQ~6|w!rrVy{YGcSLqB7Hg+c9zO1hORIMR55OGhTf-P*}~xo%GEURog%39x~-p3$f8 z1$;a%KB0wc$`;j)J~3E_*c~D|k*l<|7J*14-jY?4vl1(icpp-{~ZuVmAB zrs$4`V$!@GWxxS{=EYjBRiUP&>^WFk;KOU&YNAANSbmN6b1x2TKt!jEPmXDC-YVyKdM4HB%;AQ*6oVcGjFEqylxnD(1~MNUU+2 zh*@V9*Cl?m#88`|_v}1^Ej#a4PT74gi*zA5dnKwB_i!)rXbz#hY^+VF2c5igrkZm@ z!2sJ`M-Zk!(thbEJp=K8@U4%nspE@d8=M^ zR{}qA(vDyVI_iM1%><}ypd<~dW1(={>u?K#st@?YH;c10OE6q6>X6|+&-C=T6AE^ zD*`c0(4|~~#_P5uyfADllqbe7 zL~gDa?V3$o@%-LR%_E6JVUi@SpYf|B7!GgzSJy!YW5OG|?dmYbg3@WKzp>;^gFAK( z{S{FME0{&`$|e7&Ar+BT{eY#mlmz7)Qb(`+vm6HuBW57>%E#)7wVQN*{q2=uQR)iV zhkbQlEUB{|pgLpac?dOT*zZoa_H!*zrCp~%$x>kx>BoR_uDaeUZgQki z0j43+ZGtTbr0KjDvb0zhz8-^PQYtZA)}Py0UTJ!TqnohqDSr#r%kp%d4h(kY3WOm_ zY`gFeo;|J^@S@^`Yf^56LtgJIWsKNJW@WsZT*%fwU! z+{M21#bF+$+_TU3<6hoCCNHbN)vYMrTc;7A@|SN5Z)bh`9WfllXddKWd7l&d&etqv zCF~L_|K5%-l6J<1s1mJ+o885d4Gbm9+@26ugj4;i1L{54)TB=)`}`OVZUU{ITPdaP zFI(xk_GC?%30D@9n#cBraBk6;`DSmx6Tq^u7v#0uUH2xgUJX0!B-EB&ONea|RHyTQ zsPE{amU)z($#TZ31h(X6rK){X_H>nt%Ba-)TRgy2Z1%h`rLI64znb^q?@FL`5J${xtM za(Tv@=L~~h2y$4ZVK;oIHDxf;PRtU}5|y?%?36G!h+R+}1U2L&aS(9r*96N8lwAsG zf47rnd(!{~FzMH1$Cp&Zk0RP56?pmm*+ubgF96t<%hYw9L`h^OLw{ZL>)7yil0l2p zsI&WVxx2hIUy_<>>N+O0-sqQ?_&WaH8{hV@M^Pvqprbg1ZA&nmC*wVKV_l>}3&Lu0 z$IZr;_wG*E=nxAegH-uo=5MQ49?Vj1I3!D`Uo1wT?(Em06A`RchrR{oLP%BW7&aNw z9l=%MQil6w3$haQ%pA9-m^@B$EwX34Ldo>sa{boG&k?5G^UiaZ6I}MX{lEWZI3^>P zio#Ro3ND#!yvCh3Nm1Ra$zswQ)vR@Vk}05S=qRtyNs*k8=GktQv~@aR>U=JT@4t~w zU-fZe$6gm#2hoEwqZtJ^awl=U29uYq$RgAQb2*2JMnH_i}ch5vo^)TcxM2RQJ$oFz^Lzh4S9=X)u#zvsD{#Qn`_zh;LBLUM`Bl_*2^)c z9q4ayAUzCe<%WtCJ?3S)y2+CPzC9s^7_^ikTCOLv(dsN8z$zg5i@yz=sp>pfN%}wEb5d>d9vw~D4)T|pNqr{ zy$7M;TVu-6pCjKYlRKs3<|UwF-1<3DUYeT4<*0ojnTy`@|FZV(K@8lj*23p1FK3c_ z(X6fjp|M)GDhjy->}^X+(U>qVk~M4-tT|Z|F`Le0^{%EA;_#%;&utIncHbsDrufh| zqCS;&&mIh&mJa z%G-uQM&Ct4R@M7glo zIcQ_e*#2T{9uwLQy<_l!<+*RBjN{}9^F%y70NPOaVN{0V6U&%CZr&0DHEJGn`zQDo z7ei@}XmGeOl*F1SY3HptzH(9smX*w8@0)wr3qOpvkmAa0nR(eOHv0Y|6IGg z_O}T6L4JRT{+I*==bl!xPL`Y8oflOI^nl2&Eke=XkPZN8?`%Wf9;LGCD2hW>Y@P1o zHe8(~w9uUjR?~lH9AY9X3+t4*!uSf?PmhSCy(L}8DA!z5MU|Ur=+528Fqv%~S*^1g z%HUR-lHtJ56jF9c_j_ogeTD1rXzD31-F@Pq^WLh4^a$^yX_4i=apI-IPlNda351bo zK}u_E{8W9X&+602X4fVy#$Q^z>RP7_Gw_(WasMVfnJ&u zh~-dRrKdzct#r|+^?$@}lxKX4jMx81ktwZ>$Wo$aK``xXVAZv+WAHbY!(|T;+-Tyn#;_NgmojO^ zDm@E$`kk%&D@B~Lu?Q&1ND?l3SU1Bj(%l@4HjxeCQC5#j+_&bc*Oj;Y#dX~ar4>f6 zCFlu7!PXM7m6rIVyTWkqsT@9w{JrMO7-Hcg>~AWoel>G6a*KPTI7vzFbIqz(bc%$K znmS@ry$_&3s=fL1UBBN|k@Cz}kzO~-fyGv6SZiuxx~*I zX2g<3=j_21%W@W!x{UY_@{H-N1{A_|N5=^%d!nXdIR~vymh56w%B4{99A59#Y5p1X z+xiwMhQB|#!vd)Jd-*0h#+#n&ddh-EO!vBM3OZK0XH|Jp2hRa!L;j6-MDB-|)fK#=W*X?E$ z1>B-c2sW8NMdE?f&|9~x$^ZDi=-#r+>sVaQbdE49TTwIlKh^N#qaKWDr}OrjmUsx2 zz^Hd+;7Tpwd;3X0ygNAf`Jein0+ef3mjcEZLm=11Z|lkXjP9{Yc$2(sr{p{|cz3Vc zU$?bFoZKUDoa>(2De9m)(ozRW!hLZj=kImg4XU3TQCLif=bYBA$H)uIo%hW7eX2f? zFBPNpb?n-^N^%&-1QnsU2d;Z=x1Z)b8#kqW{aS8PX5T^p59VHN*vGIp?Zg;Px4)KR z#_)SaY7NoL?4aa9^K1X5sn7hASZ3i3(-OZ3QzVZ$4Fy^Z=#>u}SMg6&5zQ82gK*hY zKRn~3C-RGy0#iOMsx{~-tj-Klpm!&MB!5@sWvhvd*y-Cb>E->1bLPNI)EutNP#D;Q zW?#>zv%@70ejnqEHtNi2*dlMS*{~yBoVH8rxa(IDPxk`wM&C>uK*$9F_|Ft+rrfySxOsv=$`(EaKaw+_`I( z#b|v(NcpQs{V{F*i{f3~u=b5~(V_B6XI0w(tY{H&kyc*)+jnZyseO)bq)4089%oJ@ z^;5Y<0hLdejRyf>F_#mGw%iEEwu3$R6ee$hEsu$Dfyv_cFmSn;3b@$pZdsxi2%_t! z7s<&@1w37NkW}imd)A=w#(54@~l9A+gQCDjaV}x89G* zfGFv;H!tD}Z6O(Lvs9JB+_xcImP78Zz($EQF`%0wmq0YwCSrS^Opy>$$}d4}uEnFM zw1Oc{omQi`q|0!Qjkt9!uF0n0ox@`Z?dYs2Rfr<^au2CnBP?fyuvALT(B~pw2_k_C z`51QoTU;snwq=&0P!Z@LSP=8_HgFKy(Q@Iptp!F|4~il85oJ{!Zd}I8zx$4)3dcxi z+bnpt>Ql$hN4|fRhp&)x{2SIT+^guu=R4VD+WFS_ZGMTR6PmQ;*=Y>jKzRbFJx$rC z=qkM$ri(o6ZI8a{QRh4;57U*;<)C59Y$;W6xb|pl0p&y%zO#j+epJHv*oq3GG(kvK zWys+aTj6$)3?>bXh1@U^E%FdRprYAF*;}9dmD3&W*4q!Yp?36pb=|MJb=yz?DCl)v zNv5T+L%#IHgwsX$84QLRVmLIz(gI(UV5-hhPD@@e?Xdt%x~IlZ&>3Ljwu$9G$mY}y z*7k~=7IB?vLIx@mk6(oUNs>m%kM|=NrqtesP32f)uraH|unT6!cc7tzA#p|)Qnd5C zXI?oCshf|0Xxxpx`$=73 z;mb(~Ex{{rwHQQ|b3cKlhmKUX2ZH7I*eXSp_D?X=IPO@o&OR!4YVN^1pH|w$vZnrV zNYRX5t!)F=`kNF1)v|#ud<`Y`3#ab9cVlRjRQ&ZJ)CVF9wf3F!!ozBifOi2tG3TzH zPo;3j4f6=+D|jG=JC&bQ_t|jb^Yy{ZhQ>C38K!Y8qyr0HLa+@zrf@wTS&}UWZ@KF{ zI04=OzWD){wL}1;_Md53L6K#pQ}VhUkpL-t%0Y%X<3K@=FV8Wg*vzt_JX)-#vDdB& z9l~%8JH#m|FkD4<96^%pKJ|ZV%8to1y%7tq9z?#|SBD0&qer8J3V>Voi`WJ=wzsUC z2&t3v0_@fADLz2-%8uCgwJZg?aGvRBIs)AyGY4haX+sgNb0|OcBbj42#tXro(_iEu zp7r$?fp$<7F63-$OTl3Ii&vskp(fd!roJsCpsprnDSkjdW5XAE5agL!ilX4sbyYVx z%udI-IU7#nuZgp%-KQZoW$P{B{p-rmYq~XQHpsr;_1wCq`qP3vmKJnqip(n$%-Y&U z2yb7(i;7(f3t-~%JWkls5`_k64Cm$w;>p(V})ENInJl9m$yhTfxZdy zK=N)Y2r1Nz%9T$55hKqBrZrU1{s3H^V~(|6*4R+Z5vk z3=H-eK25WvggusE3`i5=Bc-``^(xwPvh&~USZvK6VSvo^o>)w=9ImfblB!uFTwQgFRE1XTgqw)O&&%-zJT zI0U-hUEPO1&uQ7>7D^H|&et{gCDfAU0xjR=-#es{#)Tyc;Cr39Pl6%$agMtT+d0 z8_AjT!fa^v=TWooTYyS0W8K9qo8 z#8L}5X`Ec_SQBCt4#L4mFauo3oqWQzkQM+*&2+(lRo&_wufPDtK{tD|qA~Y0K>;g_ zp4S4=Mg1w`6 ze>AbZ*fObv5a~C6;I_}G4(>Q7SXpUMx3KQgJT&nx=XkiWhX&v(B3H5`TPzVDk#MI~ ziXQ49dp?2K8#GF}Ez$53D$i?#0<)zBR$SE_nt}J$Yt^l7*DpsrgpRIh26l@xNPHz| zCI;=XSFtV6N6c{>|DPlW_`}_4I}xgCOyZ@JFJs^XSjdr+)wlK$cgl+0Ro0xbEK>d= zG|L@&n}z1oY*nEhE7}I8UtY-yj85)_cq4(SLl5?7x9f#w+YryKjPT_-`gS`9m${t} zDJ0QzWrNDr=(h0QF7|jvtq2JW*t~|{554NYm~hwrt*A9=18@7$X^c}oiv`m}b1UXWKcH9DHhZH27VS#0m73}D!fe4j2uVirzpg#IvY3v=r>p$ z9yeo`m+~?!;U^T5@~$V9hW6=nYp$|Sf6-TfEnf`)Srb-IX_G4Y#NU7Vrb-h_H@OPS_3hocg;m8< z|2Xm7YMMfG11c#-tK!tkl!9Gnl+vRbIf_oZxKvkgkTV6YX(6(yn!fgtCX?INpR%X> z=vVIoBjt2OHX(iVw(c(5$Dv79Ie|0-;9)2{b*(H6k7T6HQPsXNc3>xL8J&|ejsPEF z7FxM#Qc&0i5&=F`yk+Ye=7L z9@;8u6?IH0OOK!gn6~A_P3KM zZc^iF>mBmQqLVj|OGlklC0HfuV>hW6GkD>F$ThGhXR=dUFaHNS+|m_hFk}MbCc>OO zN$3uE0=H>DTR~nqo-ggO%^5!_X%~iGFrELUegARGP0-Ac=f!ITSs~2))Snx!jK3_3 zG*Q2LwqOPrE-ztOr2yeR)v?P0k?Jx@0*+GR+WlNq35+cA32y8B%izTg!{!2zX&70W zWuh90U`@;1>*&)Ip8-FQ)`6AxcrPx`Y_pPDwMJEhJony!h*g*JrA-`T)6mHm1fPc2 z%7!D9|G=&VZt7cv>V#50;J82H+2M(Pz`IGT>82Lm5D}Q%Pcp>oSW4q)sX{TAKz5?@ zO>hcH&m0kn*4K$;vN#G#VA-^X6!RXf z0p|*0d%>b~NPw1;Y4Q?)gHud<)m!+}AAjt)jjLakkMJ30)bZLK!upP@;9{6f=;Chv zn5=}yBdQ_nx zhugm5pwfq&mRb7rG%hjRIM>GXyMAqIy_>_-pcCYq{bZScx0{?#)7uqnGO1?o0`J`S zJb4W+4Lo8y6XJgnm(Sr)#DdT(pnz)sElHv{+J)vTRA2?s<3;bynECMds6L%z5-pE>kx4nMl1&E;q>H!4*yK>_Po{RuXFLIS+ zn8u7np7w1u_HPt}-1-)eC*Y=|UAH9X!v1Ln@)Su36V~5yf^NJ6HV%sy~fj8|B=BlM@E4HaQ-je#Wsn3nNYu&`O9oC-# zCD(B5*OVl7)Zlf2%O*>GduDQ9cJX76UnK}8XFdznsU+>U1n=s7$V*B)2){edJQ+sC zv(-w=YD;zEA#aSo1@SH%mI9ClFzt`120lirgzEqO=~MT+WrN+1YZi?F*)pqH6IYhT zO&@$J?Qm3=&2IKDEO_X-svU#56w0Vt1VtFLFr2D!>+a@VnZtNX!@Sa!3?aDsca=1o zN$ZvIpqAr9tDCb@dGAl@=RmtF%U!892h z$}HVeC-X>H3bJ@?imNergtT1Ozk7Js6|XDxR)D#Y4CRWgv+(s}u*#$CKsHgkr2W}t z0RhVrM?;0HOeqp!b$?CV4Urvk1TGR$S?7#n!vx@;$WCQ43^A93<`TM?|G*9*TILg( z&{0gB4U;JN8Cs(NI)QGZ5t%sP*vD*2WhLxM*pp#Nv$>aPeV+E9p4+vqtX>A z3!$iov;0S;lnJM~?pK=VI?Y0J_2A$}J46(s<*_mkS&nBv2L^b_7a>E`OvuWB*Nm7v$qx7r za-Kwvtfl9N3+YCBcn??~0S|E_b4zsO3(1b1;wI^W&QVX?s}cff#4A;d51ml- zkJVWc<>lPmgDkrru^_($fR9~R4^a_>#hj%Za@-RJ0}fGiQQ6Y-gM72h{_bi6^U*Db zm`}TuI1#vlk4?HHDR<_XXax&RpY!xe1Z0RWCYql%**QwqT+NhW4R6~4DZP{Mn_L!J zkG4!dO&@gN50=rS3F5Rp*tiJ63!Az6^_m7x9%J$z;Ta{M(PK0E;c0ykwX{fRP?~`G zPYAAY5{IIaa|L~7_(N9OS7sGt-V{ZvVh=Wx5T-Pu-6zChr+l!ID(os|z7|-?;k>bb zXG!D=AO@9!JYi4r^geDARK65f@vQp+pt%28qSHi!p~oraaYM~hSNcx|#V!1ckI1dO zB6g^MYW;L33RyU62r<%k`()Vi>i>Il30DL@L6Y zpRgp%eHij-{1FLBCxetEoFmX{0{7?+NUZ6TlB9UFK1H`rPo(AT=FWmngmAmw;MO9uuz1GOB=6W4i>Oc7*Ut+ zBs!3+$3N`6!xZ|Fsi9kCJmLhbJtF+exSro)swHqhA14J@(7^*9 z6Vf#8fc+5Nv6fjnIbkHWu-EC4%7fCf-)}V!?Z=kF|8oV5qa*U|VIy&l;uyH38Lf}P z5*{HYKEenf0QzzX5jzetXpJxRap&-`)} zkp|LGG$MBuF#r$VtlYUH8@>CV9wt0h5QmSe+E^$8Sr$7#HIT=1!4VO47H&(E4J6im zDC}kTlG9#%mxLLk67$Q+bnlq2y_=$&V4)PXcu!wPv%o;byaJYTl`P5#cyo&+HThPe z7~T=e_-7B9AygMmV)HfI!(K+Gn`B&hU3OyxD9ae$Al@?4d{J>PhIFX7Qb_;N^~0l@ z+cg0AxP`l@lqw`qU{^`VeZ@=ZOwkCMRSEfNJP?tqD^c3h?^-XP#HDhmoVR`wbkyEf zIGY_St_xd7lzxn6I|1B7gmi!?9-jVWl2YpacZPQoLx&Ci�*Wgvp}hv2O21^Fco} z2aBbq8je_`CXUOgOz*sChd4Xc4Ium0%DYP5%E=$n#H!DRx`!YM!sQvhdwANc*iVv8 zP1p%`BZpmH9o#~E|&f32m1 zI-2S!*{#_g?B>!6afOn{u_~C)F=+bC))xkNzETa-wcNo22$}vdzeveJn06dD{yDgm zC)Rr(e$xBr{$LH-yH~{lDWwS`mRhwagAjif+x27Naiki5xq|Z^AmAZ>A4IF6TYqz9@0-wlu7Xf(hrbc}I$fNoR6ecA4uhn@ z8N=jM_(UP3Hr$&KbN|hg=Ddt%e@JU%fLLVb!K53glWRLznFTH9mOz<$`Sp?}5l4U8G}I zfB?P$@8{!it;I6u);s*Lp#G_EGRs9mO60Ck6cSVtce(5yLnNX>1xqw)EZD8#GFN@o zdOU#T;OQTUQ_mrlQ1B@uCxVf$LW^9G=0;uHBZiV=G0U7qm`9V1p%<+idz3O!Qoyo% zQ>NHoH0P-a7QmGnD=5H{xTaEoOIs-#DJ!Z>sJ0+IuoAyPg!J3V!o@uZtn|@d_Eq}9 zso>2`BuL%&#WE7)4Wg9%4gLQfcGvulr^By1(&;R)i#}(2Be}gb9WfO|z?2=g3Z&+> zL;p?EQmlZnb`I5g6LvGyUgD3=l3TBONBzmDdlm}5Qv7CFE-A^Y>ta0eyqw3|Sf88C z-)=Da7EOV<2L_brTRqkO?zS0^zAF&Rnag}?oOk5}S7GZ!X*Ug>Aq7UOsmQ?o004)i zIqGOWM1!)q`+vg@-I_rS2ahUlegRN--CIhGD(N3Ye;& z2?m_i3D86Q1fmbUf9?Cg`e?&r(blzQq2!e$W`{ZnV{7L0Rx9Y}cFd!h48=7n3 zTh>X|_V~TVG~0>ugQO{|)r2xW;f7wT+X4x`%#TB?i4NS4?_HMxN;f+ob}?K5=IV#> ztin_L0rL7+5Go3W*&?3|<%sb`D84Vv#g;)lYyAWaJ`IS%@FyntHDXZ|Nn-7=-LEUI z3{L^$o{cTr5|w9zZgO=Z5K{kUp_9x9HE=X(2j>;utA9Nij=94CQTAe%jb2Oy0!u=* zBNXaKiG}vdliaw}oG*++YM`{cGDOsKG=N&xbvjz-zS+r<7J*zC6CQD}Id)C-W&gwm zM-5;BKQnvy+d#SXS{nLvUZe~`8}Kqs2LqHx;wXv{%mWz#O{7+Oq=G$>w<_wx+QFfoWHaWx5{TT^o^{%;yf&Uy!I z?qxIR_KgHc0Et#Y>53`-e(#lsbMx9YIk&i@x(G2!ITBXJ)0+o7o+E&PZ8#?Oez{Up zuy%&AA6h!dV7%#dCPqCO__Oh4yK{VhxKs#f*k9ZS2$IO@)N(3Tg)SjscjqZYv~o+4 zLf;2>?%PDC7gX2V7uhNBsGb>&!9wh#TN%Zp2-Nl|C(Qmn<&Eip>tKgTu={6C>Ya#~ zcQZD$ighSk#i4@=VGl-kUnV5#I7SKkmD$JDye!8UZGA6;T8RrL= znz+wrR-ptuiqLt`qGNLCfx{E^&zYaE6FBJ-;RSR4Nq3;rmfj2R}x@j?VWf zR45d?q}fs1O*;HqQ!mUc4yp#Tv)ZUx;)5oSbleAIQp9aFE;;eU;3RfHNt@8?mpvjb zoFK1~$avsAC9tHwJU02*Tm+ZxZp~xGgrUU$p*b~KoJhbN%?tMDt(S$XRioA|7gl{x zQ-jy2(Q*g3TJj@e?YWq#-E4Du)vps#FaYAxpi`&0#n4!Y>YI{$rX15f#g|QK^`t1<;wNU7HhZg~r%qLM%J^+ENO`rD~l-~{=~;rx2&X}`gNtDSB*u9Izs zV9@+)EH9mEOQj8AdN}vBbiqYoIM_upgnY|S2Xb@WR4Y3lDa2c~jiV{0AvBcf(NrD< zLj@B$k2}SXB3#(`s3|0n`9iw*)%Rx?6B9xicB}ewqO$O=#%AS zu1G-pUR}_vW3Jlr*3w+#6$BVhu*~(ghyW&9K5=5?X-q3xS~2YT|EGrJ1F2QS*qS3$ z(}<_Sd7`Mx*ZML zIraV63KYK(pkPtYF5xUJ-^iF)GVJZR;0b_dnMkZT61P`W5$nx=IFO4^ zRl9Z2abSuqCU0+#C!}^JZ60C4K?r2>N#i~2=NT3nyr_R@@G&URO|Z)2@7St|4c|xf z;>*yrIPGUkEo5Tqi=6lZ#P3b>%P|Gr;9J+;b&TMmxpag)sgV2vq z^p_X{UiqzJMulLW(#;+ZAX(C}!q1ved9xoRI8Iji%WyXr_U#lliR?K}czP}WnR4iX z6Z-gb7N-biRS5 zRj@R|HDJ{brMgUt8MzWkjCpWao#>6!l9;k?JF_9h;QJ%w+fIpMRj%#iOp3;@RRUeO z)AQ*;sG6)Pc;t(N@aGH^?wv-~q8U(G#n0OLd7tV_FWoq4^RY?+sJ)7VcjUrgww4d~R24 z<_8qo<19p5+i715*{~JYD`ZGO5wgrv3Mfcv-ro^$Z;c5&c-6n3b;)gY)of$(xC}N+ z5<5&W*;inV7#{Q5jiN?zqa2*YCbK4HmjA?NTx!#ee|`#@6&jvP)!C7aVdC0D(bdq5d$>64p5Q|*CbX{5&@rFG zA}(Yiqq|pc4j0Lq2_vA}ua6^)-?4ak+5BxffXL7`?+*Aoz+@edXGqO9m2!!~Qc+h> zzjjlYD-t@&cas{+ii>jfdR$Tq2?Lx4u)bcpb_C_xHBq;FY`StC5lp=&DX+o;V>fvB z53rUed2Dn=kCo;3uS{ydO>WD-yN?m}^p$Bf9+GED|K`dsy4OuD-G!zi?7;yAT95e^ zf1Ye&RMNH`)oActUg%(GK~LXlBt7y1G1bRQwE6Owa-<06D@;y{>7D982|1G{cEmzccR`ClKoLTe> z#E7%>TFqij)?P(jyr?RE6!+l5+kula84x+r_xIp*3Qj=HzRGO|p+?5?TDhR>-E-IT zEuZ)JjNnoXtPDrCqnhCB23&SzFJ7J73Q#QYc4bF|D~$hivZ1+mM5t*cZx3h&XNN^3mjBWZ{AN+QT$r!D0v2vGTuYd`%> zzkcb&ze!2yHe|4a*|BYc%&2)jP>PU!lYqqSIrj*|DGGpu+4Ddm_cvJuWAF~b>kMG` zMu_1iTnd^PpeTrP@MmU)@FZTACQ7k>h8u9LPm7Ld|8Mrw>vK}DHZ`sp#pLmfhq<28 zofZ0@{H`(@)0+iSTG7)`B-d7|Slhm~h0)Ht8_2cU-$J6~$GJGGIvs0uQGw;b!T}>_ zQymCtrS2F$&TUTGa^MNymz~lX=N0k;0>JjaqVR0``WQR1nEhUxDUiBh)1JzPRoB3 zNJCAPec0oE8eC+*G7Un-&*Gj-D`455?3b5kzFg%d|Il*no zG_@jBZv)0)QW*aVcjzGGYO1H0f?)3&;}x|=H1VEfF){V5ufKF$z{Wfy zR+p-l=lR^3rIp`0wCs>zti6l+`^Mt)UDp;LQ{g;o_-^iBFJAKvxCM~3B{q^>jQJ)s zlp_u1a>6wLdc%hRG?*F;$fVPM#TOCY3J=*Mf%ZxO5N4y%#j*N^#FE}Rf%e5%u_J1am%UK9K}Gv1E^bI^of1#Fg>211~j?cnjTzn5lKej#M# ze+L1{!RT|!-lGlgaM+i|EYdq44qKh4@X~GE7Ad@O$tEG$M>Splpi$4WWCCIwzL$Je zzV$Gmuqq6Y{|EiYD&$z@`9tK%r*YOm^_)v2qWF)vxm?;yBBG6DSB8uXdiUHl8phI8 zKdTSZHU{gI$FQx7+YPAQQt_5tH@0@RwRo0nFQJ@vN1;TXMxM?^X_Cs~AUeSj^^Tq+ z(NxaE*CI7X*S+(R`c?b`S-VJPltcH|GH_H07y-0Ur>&nR`P;WlS^6~fhdsoVITkwF zzkY5`2sfBOFxg<%)KJ|lXoyzKUe?lu4DpI*D*iFzJH^s~|DCf%5UiE?6Yf^HoiCefFLGye z?!Idj!d?Wl#MjBOXI)SOpT!uU~@{UNY{?isRFan{%l#*M+wvN#YcLdxwC~r6>L!g;CeL z;oov}TSU0Wm7lq1M^mz)Aa(h-ivEYL{{*cIcN8tge$li!cTp27bD4iqVx57v_7D#| zH2{O|x__ZIQtk?ip0y_>RiQ!T1BmTWnjF7&^-2pUtYrKNUuBF(Mxq`E z*P_0$<)U`)xk3v@MN;~OK5;-s2}sdl$1>i(o@^(*-G;;QMo8(*@8SbB?s)q_2q@$+ zlR$X_b4ImR8|^=H#D6feZ4c#PD$zWu%Dm5@25NhPL2rAGb5z1pj#C7!!ej zYpO-&j?WiH=3`!^Z5N=QofrG%-H%8NH(aw4oc{|01n84soM*XpDLzwmSH>HrOd}-& z$M+T)c20K<2XB}B7Sl$`##04|94n7OA7yOzDU44^7= zCgXX@G8jyyp@Or6Qm1Ab8VAc&!n7&F1pFSw9ft8r8c^zQx}X(0Nl|aeAa7%f<#X%{ zkkX}EZ4u|#bTcvF)Y}(OY||g%H4{o+GE=-u$xvh726YNWS$w8v5U%phLUv)qcU_zF zxE4^f#~UbkdpJzh83hl%X!m@UhwIe@0Ebe~T`5<5nM~UYt9lv>#yR{wPB_;k6jjdQ zk9g|WLs+*IKzm@bh4coXd_d$YgZ|A}JicrGo3<=iER^r-34?@9ru@)a!5fzB-C#rL z=fjZKkyxK$tr4C}_S9kbma@U_ANv@8lAQqu8G==iZXm)VfXf?~ZJa=jDn>z~2cWu& z{K3?ZcrfYZcd4t{qG`PSxMVguBcTwv!aZi8cx154a% z6XJH_RlaUAAUl$mN2UoWGA`b*U{G8K3Lr!Vg%UVy^c(No!69=k@(!V?&uC z9C@A5iGybzekt9Zp2Y2^A9|)ZbfWlkm`FfX!Y-;aQ{MwJo}jX9NI4S6qVr7VYy?np zD=8Y-tf@RC@oe#1fILJdw(82j4sf>RG*7)tu`w(SasI7`D@adrJgT9Vh`TZbKnL9J z2Cm`GU|S`dEBKsZ$Zb^WJn@5tW>$h&(8I?1kaDTR<#(TA%Z@)O;U@kIO@C?;zAg)r zn)pOXq)Q@N_@EA|di3oTS5?ywD`2rvjXc%-cJM1d)lzum@F2ht>`UIS9XNH!hns?2 z1T0b1_sX8L?hIKan6ZW!3%71~4DsSkt=s3bBs~29<_9d?V%u^i2?|yGx^mnT!|ap7 zdRsbnhJ7{pvE(oZZdEh*aI-guWRB zv;0nqPM=XzH@{c*-rIpO9=gRIC<{wXK4)F}#2-9RFNs^XPVtC;U#%oQlCfehyb{ML z7Y#6<2hQx7P>=^$OZIpC-g-CXndI)b(iwzzstb1UjSJTNQ+x~edJ z=FXo^b@JLv;91NHZW5Jh8h*lOsrU=}XOxel4*c__+`-yUG4_WW-S#-79cKt1vxRII zAPRS~?5w<(3Vz!;z$v0GNU?Yjr%}Z0h%Lr7MG5Cf1m(z2Q}}9rw-9G12P%ZSwGlv} z9-0l0=OaYQ+#&U`8wlgmWqnH zH_SSNo2(h8&Gk$&1TqgE5igbGy@zF6P8lXuXjI+q>15_-_|bF6$n)dQ@?HXS!=266 z|4n?OY*sJasdx^IXv`boc6{k!X<^wSxfxmON~E3JtqLjD1yj?exX6r7=s&W05g9Xn zJC<7$UukJphV^L6GRwWDtL`haj_=4mzN6{!64A@*Xr^qI)-#fm<1LZMI0op23PaWX zOMvledq1I2Y@K?-h5f5#3xlX_X{Ech+mR~r%>)naJuyI`F=XwpdD`ZBAD@+ zY1(k3E4jdPQtFR+t8X-mkn)MgJq`Te>10SYjLD@&#m!Q&Zum8?b7>uP7;K3Bf$&Kj zAnYhc{P`MVUpzQYfxR@iE3K(4{t>QNhy zEpIItY}KzN)#;+YB_j!1FVBc2ZcxV;Q_w}bU30^TEk0N>veX|MaFQI(UAuS;}`=riN*s;G4G6^!{&O) z4QeVc++ggm6L3s?J}@0gd=p&lTz_ww{pp;?I6FiFbX*LT!cjRpOr==hInJVz`NjK3 zS3YUN$`OCYj-t7PTN75Y4zm6ir&=Zmn$z+PogCDiD@KAQ*FL1F0eBh7kWYMxYnh*6 zOh(dD=qJ_n15d#v`_}=r)73W}Bs1)1uspWN84`bEtf;>4;n3*)DhNO#U(Z~S^s_)Fe_t z36)b>Zh-?);R$e__pm3;S~C77Nu?{kNx%I^e&eT19VW|Y$g||xy|+_B`yw3jZGvtR z6qi6X>csnyURZ?wn_htrk~&ip4;-rfL@i-^!uynx+n4_~0GM(v(6L8y5{x29cz}HxI30XfsxJpzuGUhSEoRU9o zT$05OOoeHfqAf8C+6UqKUEJf8(EyPNWi`BVzKLcqT~N6o3|G%03N7auU943t@mp-Ic}O*S^|SJ zc(!XoiX3IcPNfgP*1QtsB8`*eNA}>va`0pp^Yu_7;!8q{~cJG!r%$d^-mClRH{BIse!i?5xikY9t4J zY@y{VFS2%VZ>2<+Eb`IGgej-}lVxeT!Ydz!HkpM93x2o|6$9SHosQ|SF{9O`P5ZG0 zM;cS{O+DNBSdF)iB@;is#veq9W;QEVxljyi3-6h`%b5o8kIp8U{Q zdexrmL-=0U)iq)CG}U#1mq6ks3hiwNbQ%iTutlyAU-*|w;`7#{;iY{a zaO=xG!#>T+JO1bc{y33r6v_Qh{SGZA0_3DvXgq5WUKwTF06#@m1!3AWY2fOAR6VYQ zzA0ZsOVWFyhRwoI2;jpC{e25AUKaS?y)~?*X$#Vf7z6(@xVbVgrt%c@v;3$qeGUvf1oIF0@K@_wljd+Ay2MCpB6&vv9q%){(gy zMarM~c2}zIuvI?vRCs_t_!HBc4eJ9a_8s#t_~=vN9PD!;FIoto3UDFS#6s#DB$Huu zPG(?^Oe>qcFN+ONP&T`0?u-Fq*Hofxy0xHPJGNuF6l~IRHkF&nR%`m-#S)|1I_<9u18yg zvnew2;Ak;j@jt`Wk`PlO`y1DcrB6QwIQdRaFqOa^b=em>#Zp0Z62`5 zACPguKBx3{MfnJmjpGU0z#?L+N`D)x4=!`WB8N^o;z>&{dNp^vH-OPmt4Mvcl$$q- zcR0lu;#bqasn%A*fHfeB#OQJ$Zg$V@KI(O-2G@uAie3nb3}XSh0H?+MQ;exJ3|V!< z1%GsMAiG@3*)Q^GumUN-tF-afbBLN>9qnx&zyFXq1A3HhSA7bx=Pp$>&Ul-@ z7L;tO;2v5p10%x?=mTRGzPPSYzdAsgDZCADK`hO_$K@|V4;Do-Ha8Ut{?Ab(T3s3b zEQ2E+;!d%bjiwFnrVS{1xQ>*(;CN+*pXEknl2xlXq|NV$lfhrt*E8lbF(armPPz&) zgi~gWNiIm{d%?R%{^vh@q9A8-sIaT3fW;nAWe-7ww;BsT7pjnS(}r5u z)LoWtC;&HR{3cdAz#JM!Z^z=|lU=ckRA(2mHA!r?xK3+l6PClnv-@xHe9jnD#8d3+ z&IAkPlg|+A8tFXSCCWoa#t|vk%XMyxH6nrK!Z zP_#W{PbQR!nl9uiXbgE{tY9G&$?FQ*T$&~%u9OVYg9!3DLl+_@MV&k0=={&Nv=6p~ z*WI>0vJ}mvhrRPoC1c2|Ol*j*$|;{wW~5t$t!axvQj6H0rMQ`&AzN>mpY}Ec%6XW^ ztLb5|+YfBb(fuV~Xm=cg?t7|k9t*Bmz6J(C0Vz~(&#J09Q&AV6|3BM+J=AT}P&C{l z_P1`MXLk`Pv=nk;erY`ZlbQ9w*=u&m*eA$ESvADYF!uONO#YD`@?BfBm?3)>DQP9> zg9|mKl}AZzsP6D%ABLznW#VRioFf`dPMcQXrhheihAOd0-CW>kX`;L@wOZ>m4& zZ&n=it;cGqI9sb5+aH?8ulr--Id;F~dA)D#(_~+t>l&>KhjZ1=FmlMPaVfwe&XF42WqL@0Kh&@E* z%};Wf>HHyhdN^?=?X5AKXpW{XW~&;QJa$NzCs|*tcMdKq$s?>}IAeugJf8Q=j|JIg(@_?$iuid0GD%;WNeqYW$xH!}f6U-_V1JD_ID0 z*RI;?ZlosC#rzpnqIziyTim>8b8P|Hm24iquFhSw*Wy{x@Zhu09o z4qR9K`}=(d0kExN>1!4Q6WKj@dvX|>Hgi9rW5QM6=1ktI=<4v<*=Zx;A$I3Q&IybC zNpx}Wds8*VlE{>*wXvN^Eg2~5V^49VPGNRo6*#P31(N|z51m7$V9)?N=u;;$Af@&b zUa`WjQy(HUQx31T{`sE8$v{6=5wTY^TjmMZI5w3E5m+Trh4X*5B4}IV`}iKxB2f*f zurZanEXy{zXCJ#JC%Nl|8$P?yh6s;sY>t$mM_xc^!n~OTCaoILcNGRNL9+4j#;DvH zm-*&1TL_W9A__Xm)!IwXJ#;D({KvP0o>yRHK*U&rBPttR!bRabtbSN|_btni0KUg3 z6d)2MqWR@X!O@s!0vw|V0_32#TK`xa7Dot1IdR_D10C^uaR0g5eOhkqKs^;+4~aeh z4++OIePYkF;?aDK9OFXO+5LT#M09Q4w(PjjU_i1jVc+=>(9KHtaaJSm1MF$M+hXiv z6dbW;0{cXoIp>*#()9lN<<4l+|5B8tvI`H z@nivwhX*aYdal@9z)ke$l%mtyuf%X4Lg+%hnj53`hT3Ys9|3x>?kEq}F71&ZRjE2>s+BhWr zXs`^>Q!-I71gDB2&kk>kMXW!`q@7g{>1+t!qkSfWQM0JMJ0UCTpx6R4)c{irObyrT z#Z$Wi6A}shkC;;)hccF>xSe|9u5MR6S5c=F7di~0e4RMkp;ypEO&-W}kH9gdWcH5* z;Cuu%-Zd{lec{+)J&#QEH1n9(yH1(=xC>z**s5Y{txlbio2pQ>JiQgmRiGApwIiFQ zGl(w|bW>^YdI@w|Pyo`5iX78dw|BiN0?vO&+rr#Z3fSWuU1rFxhWMp9LB7CvxiXmT z?IPLsLR9Q$HA9zM9U8Y0U?H-@xEO4d)*?vXCW)+_1Z@Q$1Yg*kr{1rLYB;OR(o8HC zk!RxY}Xg-Jor;S*?IgXLTq zJ#WiU-T_1|i+nFb4IwDjIS~zbmJzdiX!L~(KOXUW2k#HDzGO3jTu_5`gozx=BIp}@ zI-3^;6dTu{A~`c=jp}s+Q?s#25E0Is$qhQwvpf-8Sg-d~0Rh|vKLkmSH1`kUFk=P_ zPA2jWUc5>ufOYh=;R`$fUP9Us#E9uY82kXYfQ{;d_}giOA|wRsu3%sCV2Hf4P~|bs zeJ}Cg+m_oK3biAek!h33hrTYhD=mc})=vaZi}m)Gy1s9L*G^j25gh8n`DM@#qR-6rQkh5dCgbP6N3H z+l(FK=IDIr7do4Qf&ub1bW-)0?k=&TA9nYIv%EYSJJt5!CkP}?v(oBAWsOj8tltcOSm&EDDAWXvy5P?M)BdFLo z0cuz2Rx<25^o-z_y~`5aBk_F-436oA;BerbV^Voh2BgJ<{JMWzr{+m~S1s!znpTHg z;%t`!bfe*Yk(phL{X3<&m*{P7d~;}bIxN4pe#)Q*sTTtK(sT7RspjC9l5xJOZLG9g zNTg2mUy*{5D-Xe<&?b`)*QeZsFdDk>HU^o!V{-FBEo*AP^)PQwt~|cJ5aVw~>AqZB zw(Pa(RVeZE|77QO@nSuo` z@McGav9H3&hTWHL$Y8E8Wa&A8qUExCo7J3#C=ZYp;h@_bdvf9wOJ@*#%xuWU_#=al zOz9d=uol1dMz7h3j|0w|sYcJJij>lX+U% zVIR6Un7B`QZorJ{BR-c^<;Z$xa8S;CU1tZtPDAK)7X1r!+B(U#S^$t$VVu3OHSluJ6GXz#lsv4oK*}X%U>`ri7a>#5p9eBHjk0@O%*Y7>lQC<>Qq z!guqzdbFLB*md8liF0MHANBZl)I_$F zuicNn_+I73ks)K^Y3o2(lRbNT)cJkfqe`ZxstrWju_B79xgurf z3fBV|7mbtoc?l?NwcaG;m66@a#g?_|@%k?t63aI$LD*vh7xMMDyfH5v{F-Jp4TEF+ z!}0vaqP1RC=dLU=OMhP0PP&Fnhwow1 zzY}5dN?y&&u0GIl=H-ScHYo4u>I_?Y2MZ=sTDhN--GwPI-G&Sp%4x2>7SgSZ;=n+Q;_U^PRMMDkcT zRBP2is)xkRSL&K4$Iknv)eARs+%Bo1W^0) zXIGl~4;ye<2wCbK>*k1CORH0Rp6f{R=23(SLB$?6P1e4&baaoo;unfl_;hXECl9jv z{r-$BrM`foUZ6EVC=6@E=DPH|P6YpwC-HeDmTRWs zpR%z`x@6MVD>}MSr&;Pq)ZSKSF$*zL?OM7M+(XJmlrPo$9RQ(;;fMHP6!q!t@7@hQ z((~t>4Mj2EQ@c?^3ZZKyS0yUBco2@OqfYeZjO?iCdB<$rU&c$%`L7_i&5g8KG}#HC z;W2U0;*{IRn^-?u$=H(ptl1?9d4dJLpJik^qkavpr9awVg#IiDrIII0`Bg$@zjOeg z_E$4>5g?*PzF{L5sSvD4E~GTmt-c%Uoa$#p&2~H@;ztyZ$4WO1bh>~nY#!FLGKJg5 zO&rQJKiA>e)Lx(* zj{4D0SY{1ZL^5h@M5Y&p5~)wBUA~&p&W>vgFTi?4iML+0f~Za3Q7hL#B81IVj5wK+ zBvp*!B5+DLzL%Q#G}Ij8%1^0pcFd4=w$SE!f8GL*vYy&Z36+7QH^U(X_?EGNZp4vy z_Gaev4Pb6BX6Rb|wdovA39$i4Y@z{lhu{1(`8OQKaf?*c3^t5ga12WjimLXFCOLa| zv^&k=RldcxScS#tT{+=V(b--BRHl?d7{1`7?0HW1LA3xy!>=mmb`bNobRr3RmOChD>@2 z@`wX;vAZ?FDX(P=dI+U|B1O$69i-?MaR>7w&`OgIu0a?78m1e&Eq!e%7D}tKUVCMy z1*IsmO#6?URuz;`;Y!CEl8YV7r@r!#NaEdb5w<9U$vZydpKnI_v@2ud=``DYivjr0 zx3^TlLBHMG_jyoPWEJV+ zbJz|<*Qdl|(0yMmYHj7ZcJ1s0&LC`NdU&s0;+ZTirmD=d4lbA&_({57ROQndt>621 zf8{I2gVb1Uoau!%NGX%*s4<6(ZHu5Q!3b|h;&?fZA&}*B)lBNkp#+=rG4ksa(PUTT z0*;j<;E2k&sPA62+O=y6HfFZnN=DIy863~1~war3oJEMd?!hH%>G3Y+ZI zLz)Cwf#|L$gu-?2TCC~PL8%#uNn|Sv@LLn(qyma})){6+#nTVq(E_OoUW*+KiTmOE zsKZ~BB=xD4(uTdGO$O0I2Hf5O7R8hwI_kH1PXMvPZDOJ%%2TKYtL4Q)Hm(#Lc)Qnc zu~}{%oNv>?oEE*5C706+xJ&lQqp^YEw7;vZ2i}Z|1xjgvQ~vT}{QhD$@1ouX3_i0B z7r`@Au?=AbQAx|Do7`SZ8~{KlsbTBcr}c}X47qJvw_@dQcw4DxiMctA^dFv)Etg9r z{9=!Hl`^H8rK@`8Wf;&TYKv{A=E8s_zz>glr^e?7Bbkfs$CC{ITc0C#}n({FQM zsz!&P&?E&Th!Ls(;8?JzRvpO=nbL;=w{6ZE9?^nV9~m0L9ij#2|BH6vgd~0@1wI<8<$%f$={d;_mI-k#`ft z5w6lLW~~#<8T{*-;Xp!0U3tQbC1RRMyAco5SZgVVG1l!rbe$!H05d?$zY}3zrkTX4 z#P=gTV>x`14+m7imqH8btd-`%t~IX_{dnz(lb*1o>fy8G966KK!;^{;fOiXJGSnL* zJj>+7Z`Q{>TRBc9GD2x_+AEAU1Ex7Ink`cSV#q(KiFU3X6=QC%41)a|RoQ*1JGX(| zJ4WPyBPjg28n+S!O(Y_<%Dml+%6VMTUpdmz%e2*Hl#x5oFwlHqZX|8rw<2PWPAgIg z?4C(df}-1j@ku6X7ZT?*^DMo1owh5rkl4 zo3~8%qx8-UESO0btt<3jnXKE9hYLo?5AI8e7KDL(A~^g|=xfNSN9QA?Q z5+RU|GMwCs1_Njhmad_fagc1OBX-YD-0dNg04MLibINc%s)~FU9RwtoKp_m0$_O} z*GynSOT{cOhTz)M$Ks8PcDCF?prB$Q(os8Ww+b($*krE{Gd^w>IByC#JVJQrHVBx| zzrF!a2BqhC#3YpAtaxEUu6BA>8hR5$F2e3F&zMa{9b6tQK|`76wyQdvmLxHw7)A9W zfl{E4sB%_%tVr{+B4Q!)Y1cE1yUoc;=_-29+My%M9WND|uBCWGuDnY7XOwp2!-f@4 zCeqs4RsxDUJnhm#qP*GXXs2aR6dlxX0OG~WtsnV|(%o1p({?nYeTBD5Z)g!BXzs8n*(9!B(>o)&ZdXMOot#1v(wP zVm19!C(%dfo??9t#tHI2>~(ThPkVC{_`}*1VKcUR`Q`M%R`a0h$IOn|6knQwVym!D zetZy*G)%M-Q!SnAfu>S zwfR;8T>G=8YdIDO(9&`)1y56)Ad^s@1i7q$2t> zq;61siYI!hLk$7u76~D+d&=v9OX_z2-feZcKxpZ3sDKZ+%~)o zMzJoi)b^b`bGBnpD2vpGq{Yx1$_u1gSR1{!PGui~H%~CTQyba0W|e2suVfXwI-7fK zpIx#iVdaXy+LGE^rZb}?RUJ#-N%#j>-V(1&QDtg{LtJC3-f0xBb>t^zW^JPJdR8S4srrPrt zdjQ6rXF^^<1%!H}W+-a0ATGxNShD#cOR*mjDM)pkl+-a(R;7v0_ZUZKp{QlJPROOU zk{a$6IASDu6)`qJmX=pPSWNr)h3xB*Hi=S+%f(l3-r|@LG0Z3UKm>K#ht+%GkoB<( zetNDkn1-RDxqTJs%lTtUO3S%#@_>yKnYPlUYE6>J3C24o=>N`KVhW5p6MAn~8V3BD z@Z2S(loU-@38$=pw-)*|*e>sSP|2}H_NgP6mS8`oKl$iL?jL+ni0WLJAKu$QXp{Zb zC4GAl5Amxn)yl6Ai{e(T`0s~tm;BCGgX93M5(>BDvaZn0p1maYfjKV6-D17d+AvJ8*8AR-)!U7R)#tIUq-qgKBzU!A1+YBg3@&3Zlz~ zZlE?`$Bv`Nm2~RvZyUr;Z+UYDfBVxXsty(>7f4=m(V`jxe{;?8=5+W$bg>O12?PN5 z*-oEDqRW0#Dw*Pn-(|EojMB5QQLLHEyYLt7Y3 zf51gnzW{~ez#THbpO>`rai^GZ?WvWN;#4WL#znjuyXMUaZ zYEOrQoSFwKFjP62PwDkpqkiwsyU0!gy(kQmSUz~=I%e!cQBq@Qj zDXZ@G$IPIz+7X^pOgvN*qavc2A%6AwyT?ehztOtwAC~L+MH1nuBlmY>z-W1o-VU6Z z1n;g?!`~l{qM3*uVOyi3zda})G{T{8{~|B1=O7^nRK82H2BD~CagRq}>Ce^{tN5fB zVHzakRzc_;9}<@${9Vgf*rY~;a^nVcFGUMvML3b{$lQ`RK3j`Uzosv&G4}7wXJ{HR zmU2+MnrtFU=H66N>9`%XoPK~}67}`)XkpI0tPl!up0yG^RVwta=_sKtlSl>(f>AwS zgUH>z_Z?#ReV>?a+$)VA3zvzPYVuT-m$@=9t+6s-+g&fug=K5a1mL^XPw~A#r#MAb z-uohqCR5JBzN|4)rDFh39x29_euOzT5))<^oXZC3rPlGz^GQ)9%zW?KcZ{VdrX>Db z=uJMB#u!@`p*}HCY1cw&K37M)M~%HTt>Z7?M*~8cL{Gww+RsGsB3)r?%SqO}7CT6~ z=4eIytJ*tRvllX%X~?KS$^*#24ZizgCAo?7kfadz+2&#Ods$SJI+R{RgRfC7U%{(A zX*<-ndf8stKF+r*aSlxg?b|+=Ug636SYq<(rG}In%zZBWJKW~8YUnbl?jPe6IVq$; z6#Q>+9jnPhde$J6KgJHFo#?Gan-!xm;V3(xkkIFSto2=cs0JyAydNUh2sWMkQqS2K@W6Y{^>j|Ox&|VW(=byI{f5RS* zf@ks`wFHb>$F^M+>~qtGQ%)jVxP{p$C0PqP>+d@t)d%PT$M%QRs(^#vSeo8rSTejm zQnkvt%Z?*qtpQM9$WZtG-3-*oC7=#MHFvmL(g_r zB6%XfQasBE>(S6+9RDJxwAMDR;XK->H-(gY35R?`JiQ6COM|f3i`gBxpr2g4c8vcW zd#sJPO!oW+-J$R0K>|@tS8SFU6RvB9vLgWeGbrG$`)R|ZiGtdZ>lORcFQQN1UeHJV#$F!QrX`}|0q(F z<(KkiKFo_+uJ4!FK3(lGau$PN`s z9aw^lb{BQ(f2Qu=OMlcFiCoA^2%BSEJ$efh@Lo(P@$}J;H23plA{Wlqapr!q-|gGvK-k3Z@^Y*rYugsVs>Jr*A~89lj3bdeAp$qHLv=No zrNJ*yT>iG-627fC)}N$@`e87a`Un@FZy3IU(Ru0j3?0{nmwOfhd!U~gdz&6FtNUxC zli6euT)n+U+-M-viM2>_pF6g}&=+*0!MLz$hZ~PMK90YpdDsX^|4WW& z6k|chb&3G}Z0s|Q%87B9rQFjLJdX^dNoA?$seqav;Q7aGfyMy8fK9H(w1+R+jZSL` zUf5;x350@>y&Y!i&-QT{yv&jlBUnnb8 zH_^T(9w`Om5#W9}%oc6wPPTSCetchg?euLs{LUoz5#EyxYV#j^Ey&PR6VcB!2Pp8s zgwm3F8)`H$+sxW8&hHeBL&9S9@DQHRqjsvsKJ^htClK*W3Rp78uly5LQrfFh>E$ET z-K8y%P9WH+5VZOlEfiR`4EirJO+t=jXNhMHNy#U=zOgcp&iz;cUm$C{b-w{zcuEF7 z1s_bhGSXokpO7{#L@M?-E9Tjqwr&_U?d~i-Tk6VAYIus@qvMZ%cgJbU*pI-t4YDpq5gMiPFN2EMqu2c1>sKOY&#!EfCgL6f3>d^QR zT)r;@$LG7G=dK6 zkC{|PmI6==RTWnOQwsT`FSU~_?9HrIV~QMe{NF+k96l&?#&b%Sn(g_9Kb;GGpAYFi zH)6ix7{^gVy*7F?t6~)tD;s)E&p;=Lqa7u}s~c>@@Wg#Kd1)ojzvbFmnx)CNO2zq2 z;vj$#;gn^-Rc&y94-sKt$ShU$8T{nsA3&hxRYKG`l`eowKo^_Mp;{q+Z8%|oS1G0s zwuvli{*1`2(!1owwTzpCPlvFf+8ovSFx~%=Vl(w7>>45<6s+~ z6baODZFHm$Xi}lSc)qLCeRYT(eV+fD?~VKDr_Qub( zr-|*1J+8`Z#qqhR*0Hyjz)36Jis?Ad;4&rd!W@TWihI8n1w!Ex^IGgC#OM561%)ids`gcc3?yB z-g-IgT%PWEs>H8NjEb_D26^oRM}_q;vCOKCu=a$`O9E+{xcQDzreiTT~J2c^G`+YnNBZjv>iN!C&5D`GKLXwZzb*iHRDmLwF{fBx3?(sRIi|wT*Aasq?Jb z;jmGXV=4hg!b%?J&k|DL45e&q5#BF_;s8LSwmNSzEFstSpTH?=9NZ9uZ>3$2f?8VQ zuizWGf0ZZ3L-bVHT(bU)Bil{11>q5TjF4fjY4LXZrssM7v)ixFd{s4?e*+9aVLL-V z^~NIdu%(3>{T@&;8c2pGh%A0eeP)2R^5S4aACHZ?by6%7! zNT61!*)g1k2PMsogeouQF@Xr|_Hfz)JHCsg)p0n4${$LJ5x#W}!9MR06|6)z7b+VR z(ws;ZA;Q3e3q=h9)F0)3ulZpTRZA~}vixo@R?h#F(-Easq+UyKUjQUso|awKw~^t& zl=j^jcCG~siQpxG805v|rHuw?sv&2^TaLCv4S?JbzLgZcc|eFEwuKw5tYOX-< z!^k5PjSbdh^tnP{R-adJAiQY_QA(5Cm zEqVUd>~UqAB5hiTD101 z%WRR~%ygHmG?O;$UVr(LeU7eZS_ONtxhD5hdIAqn+U%&CqEV~WiSMY7Cq|Qwl5FYf z@K2umzv%`Cy`4o~LyZluatIowaQg7nA*#!QfnSG`p-c=cgw~va3qAl#X~{kX6a>hM z5F89`?{a2yXDNe%qvY1K!G&!(>)Kd1g&$!8@? zQL&`2s8;niT_l9uLrj%vy;ATY-G9gNrYX}#lBZHu*AlX(?O_ezETh4l!L)q2Sz`DXi9l=>yNDQ4QaW#nQaq7@W zRrUd$+vjO>5&zsU0wj3v_VbZFxkO-;smce5s{x(TeoL6^u|+3zj~R`_E%}?xIAb(d z6Knca?$u{P-Y}LJ1**Xd{T@|=n&DmrC}(z7dYk4Me4|+|Xbn=2*m{46EkZc3(xUY2 zmfXBdE7FZ0iDPa%9}Fy{2N2zL|Adacp7F|!5bo@g3i9N8B&akVnDZfXGp|59o#|I^ zDY*6UG%P9DoxyLcK2_rz(0SeyV7JdMh^vQSgs4{DHMWwb3lkGJ-AGAmrGociSug*T zHzT&;(;0_qr?R9fK9XSF`u;Tjaxtce77?hU1z^eNCb*V|6rTen*MAtuA=j$hiZ4OP z8GFeW{$zxTQ(UWVz_;}T1~5{CZ%_Djh0^MR zKjYgwN1YB30OSs!qM~c=x>IKCmezC(@iuK&8I4@(Zr{tA2v;?F_K#L9ZA)UcfQMS` z63S+#KD64h*CtsmdenjUHJKr~UhF^)z8GXbJm1b>a4xFU2~)kvBOpNS?pE9#)#i%$ zICmi1mCXf(Bgk)wtbe%ajSQZ;huHzWDA9zjkmeukIFxCDvueiwZ0hx3VIR()QjJSD z0NtUo8{H%hby3CMyA$~ZdZHJ=il=e9<}j`2*g9c->}Q%30wAKnB^)CFzcsTOBp}mQ zA|x8q;jJr=WYC3t4fKpqeR59|P1NPT23IGl%U1ap@b{oKziI*$e5lTZjREqyG0bH!8s~Adl`6= z6+DWJ%siKdg3Ojhs$Qql-u;ybz~!-1<%22u%}}F?e0jVkuZE+ZWd)#5J&9(DXQT+Y zq8J3e4(3}cmx2Z0*wf7^%21oY)nJCJv}8I@@b~n^2e9$`wb1?J33S zjGM-JY`_lH#5?a%Y5{c|`js1Qb#=?tl}}_u4t(l+ji+rAx3Nm z;uVnpP^??Ufp`*q{p$kbX%{1b5qqh_0;4dz8cE{;zs(wf?aMzW*&=uYX8US-+xjX zX&~^qB*R4o3kavqO~=iSi8+@e6~A#*-g_F2b$s!_9zhtJYEaNzGx+yd!6umQ5swsE zSeN@<|Gib_R5r@=xRon|F*M^pz@&QVSLd(>7LVOQun5s6z?;#6S-9{NRX_7)epJ&aKX*&)7TZfsEAQR62P!cuOtq zM#E3oq3Wr_KQqAC7;TJqqc?5El&_LiTc@UIZ5`JF@I3A@aCQT97o;Du(Hl$#j$CP`w0HY!29rpV=GZ>R{{TIRgn z^hw-Ts{B6NzXfATS^GFDCj3`x%LlH?7&rgE8jEYBCz~wVPhxGUhCZTV@Wq}28yPLO zMG_%c+qcR{55nv=r}mv%iORnIIP{0}q4!f_TattBpx5MOPqykic5H|F#S&?1*qZdZ zcN7K51F>T2x!%=u{oi}sE~BRDmk)ebO0HgTN_<15lQ3+_K}(j*y|=t709@9a-MX~L zTltUg&q485t4!5QIfXD(+eWj;`xz&Z$6Hkx(RqV4Il(VWx4{2zq?Z{$l+6>+AMA>E zR+mAW?LuoA-Lnw9Bb@Ned$zK@e*3@G#!)O<gLe@2tK3bGM7+acZ8_XNA z38)j1y7uHxh>>xyYw#4u;+(tOnx`1XTl@Ii<*iDx{hBl`D`KKO9^6=3C^eaaDgV-I zV9SDmoZ*@}FPct*Z2M4@TmlTtf?d6!yp(#rQ-XhTTti&lO{{S@MzF)0+r{%k(KYp? z7$^erq1!DZPGS2!jJTdv=W=&w?LYKyns(uD9uaCTtfsAtG|JL~#@wVKi^k7}3d8mT z)#b+-j-drU3-6s4mMuTYP%zFV>KAfcE)PR9K;tRoh_92kCLfnyyXdYd+Sk8{_G+)@ zh%yy>QiW2^w%BRV;BwLMu`=5Bto`p{IzX5dEmsR)7v}@K5YDxS(v&q^4 z5t@e|q6mBsJ|cvl_hkC%%%5x49kg!@0f_EVcWLW#)I5sKHK=`bc?3BykzMFx z-zbYkG#UkUBQ>LukKb0?@@->A=kY83L>_&UC@R8xF0C_62#Eo~v<45B1}~DT1O9|* zNmswI@59kUPZo7!YDy{KZqWys9#s!!D4fIXQq)Ksd>wg;&7Yg$EdCWea0I)+;BUn8 zGk~8n?dial1Ksfxj?5cUg3b$%vgi>zc`y`8C|;+8M!lH&T}-OgX3hjb#IFz3#nhx7 z9Zq0Va{Oc!o_B7)6VvW*=osha%~|Qd-og@M4O5n5xGf->mLej<=QIz$Hy|)P>kEJ- zz2EM)Olc^)8;aQhC-=E!9U7@zLe`pnC<|+W{d>`~u@79=4*U;oJ3DPJV;eZtEB}-% zARsb5xiS&Y=BXcL6v1u9C*b3cc13RB5Vh=_jhpGcxgA7nutb`q8Ap(meNF?sd(T326CiN-vt0vs zID+)XIV0tPutc+|b?P0Y;RbV=Mxra}g#SQ_}1y9KU zdJp^){X)*a+gagTN4mbKE>Gpn=6c_n7v1l<#h^Op=kw@fV`R*~+o2P2{@+v&i%_1Szz|+u!>mjv&jYkEtP)5C6&*5E?hd4@&XXQ$v+O&lgIudr{XSu_WK3-nUVZ&Gv5R%3# zg3HZSO}$L#Z|f*gZk6`p*KIVxc7D@#W~@c;kgd=1j?s2UxVRx|`s8#?sEb9z9TH!B4<0B{v_KOtyIJ{DK>W9x$H!-uInnXxlqv zB*l5;OL(z-0?%~x$X)*K#VM7}W4=!afV8rhQWM<;Vl)-7)I~x&6C5eu5NO;XOWc!$ z!o=^?k>{@3LU|KOChG>psDh*2fZKTkEvcr`hO#U|!Sxxdj@TC1z~wu)OeZWaO;t(| zyHzL(+OhuH>-K2D!mXwJw{h0*$8{qzZ>AVBXK60>b5LPkyw}$L z!+o{u75+qFADxJ{ss%)l^tRZ?Shp&EeF8yqQ+R`Lp+ib*C=aLA&gg3dHbRmZCc2Qw z2SZ_Fx5Fy9Q&foxvaVoKhVuOb5sR7N^g69t-eav<7SHi{8+Z(9pWk7Q)~Ir;GtlUJ zfhx?F!HT!=6!9x(h7&*xQN)G-tm);hW zPx(+%b~+Gl3)t|WRcG9>U=siQpv*aWgb#;VU-%RNPgxgO)I|*7&bwA*R1*MQF3TvU zoakC-xH)Cd0g?{UM2*iTxGQWhh<}^XY2?kHDdQhb@buq+_aB1X{|xnL_NwI>tfLFX zQ#vo71%_uhEg?^68Kb9IBJNaxGeUS$pB_#)X)JroP>>Xlg2S4bH&o4;mYIHCtRCXH zS*vz!a`~wp1@u3596rw_U8Vix^_ANxLjYS6gph%du%v^^r855xvO7B9<#_I2g#e_x ze40Jz74K)t51;)>0<#Y{Tzv0Jjl}gYclQJFvNht@6o_y9RpW`Q>cgQSmrULBT|z`f z7m3l`i4|||Q4SBgx6lBAX5aZ68Rs=(y=pd4^K-iIJJNr-)j`o$&`dqZ6vzdeE;k6= z&r;m;W9)=0X>{BZ90(x=GlT1JD4r04MiYRd<0MOfwS-6+#WZOv!SEn0fIa0pJy&6P z&`88^!GK}>DA^pm*pu=8bP9*i=-M{dzBc~=Fqh_ms>3_NJPh<;Wo}BdV?TURW0(nE z=McOH(p*43!F`^)mY}9&umFXZMFiS!$iu79V4IjS+e*TEsgxi?v2i^apFf9mIic}n zS#v-wo$}oiQyg`cVDx%RpQTq3ZH^GV$GERO0Kg^qd^}syCShj5o)uD;+yQn_@jE*o zY2L}MjcyspvTtXX1AgJuhyF*)I6`!;#`RY;B1*MQGAsfTs-qinZa@RsXvB510V72#f zP&(M0m+fX86Pbm-@=aUHE5+l~h$>06lyJ=h5IXJM96yEc3lXAF~YL^xyHS` zoQMM~S_n?I0APLS!c&L%sXM9ZdmhO@#giLLu+_y&YsCjhS>31E2R7xM*xB-ez`RBz z7&-sH^TnvrK_R{H{G5RhjwtxX@nZgacU}qWn>~$k<-SbRmH_JiLW7(Hm+JgqT2?{J zRSDZlIYW@wzKO&8SP82i6*{LxGue7#m{jHr{@^ENGOSB_ZG%KSI?z#rg;0g(BntB(g^LnwOY0 ze0C+dW>PF?Y3GiH1Kl`k3`v?znPHx=13}I=kDSA{P<41di;;m6=#SuIY-4(kUH!N%x9d=YBc~&|AH+iF>C9L*JuGWfczyK+z z!;q>*ic^YZc4GcA!XeZBCHDXtLT8?cGw(-H(ooLc-|YJWm|#T0=U# za&i@0BC*bOg#`~?hZ`&jnCZp4P^j^ZM4N_Qpqm|3i_ddzYRy0VF*h>tepr;|4@%%| zCv?koiBwvxIziN!ip;Dn2Uz@mCy;vO?d>A~&ji0tdw(&MDe524xlk>2Ms&|(zbm>$ zvtHOg%*RH-G_eT=L+*b^H~+1^`f7bQop;>|1rztAD(~5z;J!WU4?Al1XPn$G0J*WRoBFxoQfbRz~%T2P`SIrt? z4YerNsaGbrjwbcyO4@X zq1;|Nx8G0y-iNjVw`3g#(zo=3=oRv3h%-)5E;-{8gj8t=K5`ECj5Ua!JGBJN$5lwi z0<50p8ZhEGxb4g%@wOcBQ==>Hq&Km?!Q7kUY}{Ox8h-;+4G3yR1f1UCC>0A*-7Zcg zUg`k&R|+N@L@UvyHxgFGv0%MJC$r2&8xyKE~2#!Sko|)IwMAbk?U{{N$>!{Fu6h5m?4AM9cX8 z-Em8oC9?kj)HNE;hcMrm+;!PK)a?5(Ne4;5LA`U_17`n3%T57n_%}ZL0lDL5Ots?R>2%{-4(Xk6WqQ8E&OY8_|?nfuR9kpBo!9 zS$TxVu3@$*P1ji<6!3jb8Yq-{oEH0QI6%{jFsN)@M{4N3dKZ9b*AFKiOJt>RVJTEh z_4rARc!K#ye|1qtqWsryRtgiIFl-;yBN5sq%t-{@PSZlb9$#cLPa zs{P*^_@S{Nr3loo;t;NiSauWkY~X1*NGgyWQ1Cu+;%<^amX~w!XCwKr-^1jvS*!6 zs%;|z6uH?%n^I%ah4a-#S`c_=!`)j}GzlabQhlLyTJPDg=^@V8A#l5Vh`EXsk%*CRzLb*e%#} z8mCg}?K&^%`($FD8fyiz6~?z>KEEjWnGt0|(x9U@K+q7#|9bpv;AmjpYN+Rb&e&4)cMlw) z4l;hczQZ;Nz5W7le#o;jd4!Bq8~7_fv0TQ@BMKkUpVuBjmuWR%8o4025pk-H-3h*< zwUFJ`>xA1nzBeWLqLc=5k4^};d5e>{KQX9R3jq0=Yi?(^vjJ_;2lFx3$GhW`47CM8 zG64!*KoUtO56AzNM(sa74`nJ1iF=yuBp99Utn$;AE{vpb^IuJLkpB2|o-dThQmwVl` z^j@}-M6Su~<;iC_SQtXf2tCV3=F@X^t5~$1&H5=sbG=T)3chgKc3I)ITihnlUNW?p zM+j4qoC;$_V#B7+Np5Y4NBHJ33QgVPjLpI3w|-UvrVEiXhBk>4o?+>V@%)aN#b>Dc zkeEEJ#DK)n>QLRQ_oIPA*_|nh(lcZO!erZl20wo9Jg%2hezFcpj&I_AAykeMu$ckD zZctcw=v4!V;z-MTBdfB>M$k|#uAVpbM9Xcrs{1h}FdrGtr$+}x*dgW2WF%|I(7k71 z+(*6~US9wRjjYjFfD#?JDWsuB(zc-t4zw*>O9~e&{o@*Wjl?v>e?jfLU@8qgPDazZ z0taD7fr%XELT}FAH3}nn`9bt2&DcH^Nox)Pj>^T~&HXVjl}6%4#~rQco5arSjwo)_ z4kGZvTM@Hw`yP8xs3UpSwIKpX3^c8Kq=7qh(V$Or$ZV&oZg7$2x9Mp00C3~A(%7CQ zgn@$#S}dbgkqS4C)qTOEGpHHr3&EH-?Ck7VDLM*qMr|ENB9h?7%H2o+$*_VgWgDm63BLE{e@_prWON^b!gx;K#S@TS%!SISkdg*Gg}!n zh9Kj`1s5s>527}@K3Y{up?n6*beSvSIt|O}PI~P>8z_3hgNw{*{2T7D`A^aeVjk{D zS@GT2N{FsMmC42%Y~m0DZ)opVLY^?>pD=tT$j#C~Z1$ImI%w+05EOGow^oVBDbU~& z6cd4}L=UEwbSRn%cB!HvFF#eAQBA|s?PDArXcdGQfgD+7hr-@2tAWUdTw(88a9=46 z_foXyTNdqq!1rwQ3!PyXc?C~)$FcI8VLEZCz{p}Y8_xoV z^@bTAjWO_hg4ZjyFFh-~6v&i!(uF=10~z^V)8E)`(CxMs9TVr%@Jy#{nF1S~n}sVY zb88{jeZv9XzX#TF1a7^HSE=pNqum1fp);+d4V%4x%Ln!`-*}czs5-4D+F383i*_Px zf=OH4imG5e>f_T)(4aC1J8&dY4mGh4ypnt@c8|%4 zmbyvWNkROxGZq3>iPAfe`7nAL}SMDn&0{HyVz|Oq(7nbn9rR;ru zZ%#1ETYSsZKz54c2h@3n>;?z=HPe3zpy{2A?9!r++#GMIqNYPQ)<(m(RYr+JpWXRy z_<7nw4PYi>&qso7j}(X*x>T@j-pFLvDf^i5vw~Lk-adkc07uu<0PH;FG}BevA0&$; z6<+7h1El*f4}R4eCy(aHX&**WB7p-vkxf$ws@ag`9tOJEwMTk~AabpXI6_t&?P9;T ziDn@INhjUekQIRKoTTr6rvOocS?F{*n{c9ojnfit69Cdau1>U$nyGW4MD-0ZmS$eA zw&@~x5ZUi`^{8$wRZ`aDu}St1V&)7*@?XDQEQfLi@rTas*VX6xrU}BHIu^0f3*ZQh|bnKGiFj6f zCkZT0=EQeHeQ@9c)vnvCQ4R|YYbw8VdzBA; zTA$s1$R^Zix1OtrWPhL!UOf^C zWg*29x-4M$89bsr9iKy+DJ{2;`|$vc2X7#Z>RN+9E78hPBQ-y>2i?;So`Zd#lHM9| zmYN8qhdK92LhU#14(zVznSh8#QcB%?JLbiV!7Alcikw0VoYN+Yc5rM(5tCw?PGItN zpS9`u7@aG{TJP$Dr3$ry_`hh=|Km8`j#-TwKFv}4| ziMtpm%ti*%JZ1kcj_60lr=Fv%kN;UeMugu1TuBv0bB#xEzz^wa5&`z`YOpp7XQ!gfn2>clPXYP0-nk4rY~9!Xd*d|3(S&D<)`2Fc1t2yBGPoz|)W z@Kb=?E@lyZhRXnq<^hDchzZ;;KGg0NXmwQLs0W1t);MmYbR5<|fMZ$?7OCfaB1j|GiABY}b!!osH!zVTXJg|_%|1iM4)Pn;$#{fd z**hxI;#rm~apE}#6Pw8^MjE}iCloe8sI<*qjyuG8dr^Pw0X@9u7fIx2Ed3*jMor~8 zrm8R3vO?8IDM+0z@+^JOCoCZ159|2mGh$9=x?_zvv`eCX$Eru}h9 zGG!|}WB|3hqo3WrXLwAzq-VU!_D)JbXt>od@g{yAB{zr})6Rn?@H{|bor;<1SO>Xg zI7HdY3D&;EE2R1_kU!oMEaPJvE+g@;<|8DWUwjwbUZ49_+gVn-ChMA2BVwuwjZKDx zxr@lctaM&8e}DZ&o<74D6vyrba^9Kqyw_q7*f%TazYC0+Q6H8P+3`%r8h#JLBP;dr zEMm7jbKA_ZZgal9gmpm5qSY`&GS^a}Fd!@#F$?%Kk8SVy<*Hu`UEBsm)1bi2?VZSM z9>_O)rdlkqewLhK95*?$Kj+z_d#}PipdNt|y#}_FrGBE&-y_V-HTE#s0AujMUMcRG zwio^dlzQu8haZeRzQ4cNhk@npz2k}TTYDe{<|KLx@IjG!Rm(3Ku_7GR$bdet@-e0F z0=}$1PH#{Rp&Xk5=<|41VMEsRYp|08u*}+^RF`g|WPz2B>u5!qUVYIv957sypzEhX zsRzIprl0fYkQ^d!t`x#Qr`nt_2j?NUHZ)%8IwB2I6bzN4Fogsu!M~Q_KaFNPbBY~e=Gs#o zoOJXave4UaWx!05nYP5ZwY>!$?_y+Ot~{q>yn&BKREBAR%`9|6JHdk&wB)%7`S$#1 zj0qe*!EBEUGuMWLE2`+W%2}_8yBtwLt#ovZeVoD%xmPTnYhp;M2pxW;(MXc!55V{9 zYfxM(RfZHxJhr)`=55IvGuwp|^91b&YBl|&j7_2l&NE9z_r|ej(bi|0^80}zrs034 z^3)pdNF&N@k54SP>>bl@)BX9U_*iV*=RAEOBvO2I*DcL*EI~mMo?hq|qzkyng#iY5 zq&oB9IFkgmyOAhXbYzf(W4{tNy~z=E2=cK?HrZJp5WulFd2l5vainCNkUghmo6Ee* zzN57N7bDDkUbSc!7V_mDxPEsYixo>7P@Y_YDEra807h+snqCgZZsGvj!olcMM>VJ+ne`KMK;iM?QslUrXnvRvrH?sl`d0Z&%nLeP@rjj@5vas#N*M?ocpKCX|{I7s8n$2^J8-ex^ zwO_Sz9G>w6ow4va_0xPeV^MRh9s9%LbPWhvO{iALv#ujD8OM zt59B?#AThgI*Tm{hY(!t1d)!$u%6a_;7a?7)%!GZ0tuqvEoGlO6=SeN{{;uu%RWv7 zOK$t+(zo|OmHK3aaTE^2Inm{!^}?eL2h}xu0b!cz-$qYi10<&Dd!Ljf(H9_P!d;%` zhY-2u+ye(xAW*^!AnQ4k`tD;vf;}}GVr{F-q36_BSG_uqx9{ml@Y?3d;Dy|6o?s>(LA}CKEHpcfLYys6fIry9@B=qmP%P>B15;%zJs@`S7bf}oq zb}p@jin7Exog&pvwrpm}I=hsya)SI)Z-8|GEuIeFVs#iiF%KYSUL)x zzEr&;K6ja$Aqtc5U;9_xs`WN5{@NkkS4sQhr{?3r&7f()(e1S}JWf=CZKi4wK4n-2 z)8{-X0X~$#oLP9-w{~&fjLU13#1j=Bu4+HkY*J88TY$go-5rFE6K$y96v9^L2yJXt z`ynAfVGMe+H3J2I7~BjsAsn;FPjK)t0P;wS!mKzkXG|T*Ilm{K7R5+f)|wwQZD0ij z3~|8T3)|I!oJeOQo#^oeNja`@lM^#sAeyg$zdf zg5;)|rl9CdWp`|NZ0Ug@e%vO>zAAfvh1HPq_Tg^)8<$nD8VO>hpqpnG7@;WHM;S|C z7+@qO{HLPWKr=)e!?|lG^dhYu-Gt3TC8iOgdEYg`s*BnyWm?hZiDiZ%} z25>_z8sxoSvOUwk0HFF;?{JS3!q-@iynbzCI5QhE)VXNo`!9fcH?uL-ueB<@3uyKY zIx!1m`(>XJGS7*_%|1aDq;((S0^VmHtaVDs1;NKxdjpxYk|*)KQ!fErk(3nlC4{Gg z<2=~1lefJ~jP^--6Qgwk{MHeBLI$D&rBY{y?754Sghs9*Xch5Thj$Wy_nY)s-%MMhR;}w{usI1aDZfyFE{&xaI{74lp4ZJ+9FE>v& zUFM-f0-tL&*jo1_O8*uNc!fQnkqtpiJyS$-5>08jqmlVYjC>J=%~)sAPk^adsm!3E*WsU&$G2Ka;; zS>tF-i5iUB`2bIm*=M2q`_UBiSq!<-BF&#|ck!tM(n*SlN_2i}(CKK*U=DZfQn1!E z1R`Xk!tj)-@DwpA@0R6@Iwclzj$==;`J_**aUcDbIp|hxaxi$0cNH7+<2+E9X6$ho zsKX7W6{WL;9T>(C>m65F{AXs(MmacE-j5{T;0nMLF4Ar^hEU+@R5zLj4=?F<`dLx< zdYuAMI&rv0jZgD0YCg=OV_q6@VX|Z1W=hKUC-U>bm=p&d*3!QqPxz<6@0*b9_!6ok z`A>-4OOmsD1nF#a2vA=Wg1xHKTqh{&9N8{>Bzeq-zOy`3LSm-%u&1JH;s>VmFKh9nR-(Jr_T1v!k;CO~eKf1DtvPpb|XJe`&}*ulrYr9pPU9PKS5?h8EYl-vvGApgdG_D`6hFoEO)5T6J~Pg8(agdk#%f1gXUF6{t4 zP_BWi{T)y^BL{bg0s7Tf3ioPKtY?c)0n1LOG6dVCr<;WW6|f2oL#;);r5$$ushA9@ zM6J1M0(C^C(vLsuVGIc`L82!D#3-^i>TE`o zwKj~J@Aqh{{PuKY2uq$l+v}!#GUYGzZXnGgL&}5QC()};*!bLh31%`AWJLrGqkW-G z^?_f6rc;PK;gtT9gMvtOAf$DP#hNKI^y!4|jp2;)jLOR%S)eRfnmkvZ4rg>=6NiPHN9@0AkS^+>Y!v4s(Ne9u_h(*;7e7nu{lBTf(Y(*HB$K; z{~9J(oDO~CzFG5z@}8~wut)1$G~OkEwMdpS_cW~3XvH(wuk;PCdV8D(^{?n3=9B%X ze*LuZB&!)&ZUGX=Z>x~2&G~0bRr#TUV(2_YF_~?FD2rb{P7??RmVVq{5nD3UX+nHi zt+pPLq94&1@lo5#@DUIQ$n!q;{=Py#{F^@XsR5MFVA(95(7rS0pJyDK+9be+2M?Dn zi(&GaS|gi-F7N5Wgbdu9m-kKdQMM+h#OQ(u9UX7D$fHLNcje)Z$HbunYq8v=tTf0M z50S%H+ST~5U7v4vMv_N%S*%lnkmVb9@*Sj&>A3#?mi%tsK3 zoLT6bLMXU!aCkjG`)Zq`vT|+-v^WIoaKH^30aA1o;9!Xhv+6gr`~8$(;A&LJn7I_~ z{wIBh)ebg2cL&4=!rt$IeHoijUnGjwdTjerB?OHe`@>sg{`5~;;~4$RLyK^sdwKz1 z&v?}euTJ-4pLfJ?#Ir)u9S%KDE05TUHxL3=B8 z7IoqA?g;5K((|d(c#2|>MlJ#M&HOUP62R|V)=Pd?;Av@BGoPF!uNL>o;s%$ETkC5x zqERhX^K2g*VX0>fDQ%D6BWON)F$g-=%iS=9J8ux1q$CxdeM%uaL%^mDOy;xGVl5T8 zpLH;92Aw-AgX}~8yP$6U!5r}d#4PR^1a(LLweAy6Fz)XT+wdLe4E@ymNBG!Sw03MC zV2eT`NN?Gzrx7t%Pl_~^?b_N>=F1@su#Gf4~y7dy+9(C zEM3xUL_e;!VxW!myAjd-t29gr!iFHM?r1#`pV9v|7j*aCTjY1}iraG4ze=qSR6K>x ztf2#Bk}z%{Yrwdp>Qr{?qvrX)w|M;u?U6GE8EWE#&T(n=wTrzRfoQ!+3!0N-DnidoT`0IBVm@(cS zbXGfTj=tX$u#_v`Z!=ueP}yemKu$lg^wK0PxPHJ1dz!Lz-xXDHhx3IoWpK6jFzqIk zeE~l;&QGdTK9Q@4W?u|_^hXRZ=(!tI`oMHYE;=;$_HH5&h@c0;2zuF7wawRlViKswNniiSnY%Ru*b8)MoFQx7f$2-=2^0;F z7HK7%tbtXyq``UnA5_|sfhm{t7NE;VGIh1JzHcN==9E#IT>+j8=M*8*1kmr>W0(O9 z`%dm37+wuylF=j~dmE@*G*qirP~Jz%k>~N4MD7MW}D!D^0OyxS;%I@HQGu#1*oSFcf5nCZ&h@ z^WbTP`^CNSDHedo?#N%!A|EBKtVP!r>GIsoEWFD=!z99C{4kjCnRxiOHzwiJ8_DOU zlsXAKD8XWw3mQI+aliS|iGas|SNfGvQF4wbxQq@|}f$R3c@ zBi`tZAE9}@ma=l&?97~p&F-_nxlnCJwAVjbk@l%f@Rm~Gx(4x$DgBmopP_@rZvl7q z15Ky}Ai2OKe0W-CRwv1a);_u@vKZ42^${A*lp_LYK%+{oy-(xpH z!<9{jwiyi4;!*3Qf~mzs@31dFNjoakGkoJWfw~^EeJG$0vjVz#+3l<8*+QNJ*80Um zz2V8+q{NvyOR-o&;fI{D(zk4?aNU|+6N5Ku%={NTHPwVna6a6tJgUe!G?9~oNh`a< zPVMM_Pu+)tQFV8P*{BW2ZBAShAXFg3l5CB*V*DzY)yK%$Ue@}zCR==4umlbP1KJh~ z71`_g;u)dbD&$jEAGNc#YlstocFjS~EdMNwDm!`GB7B6W2O<(Gmovg2FQ|5ZJ`YT$lgNdDFtT7gHpG6sL7DcqDZSi!)c+;V2wIHTmz2~EJs(=$ z|L6r>TTg|78o8w>WcU9nP{QBDy%0IVI=*7c9gFOTAmW#;hUpASPLygFIMGpEM{i=P zRV~uli7!N&w>+Klwb71!)RM=%7`DRAAPA^cxXLfiC`KZM+Ntd}JBXX}SL|{Fde5L8 zJJ*C;Yhu}ZgT_pRBNm{xF+P>Gfj)~)IXd(hDwJd1lWWfQLEZ;&4yOoOE+cALUJ(wU ze4hJMIgH0yQ1-Nb*2d^VMQyZE0~peJ&HTq7RwuovvY`2GXwv2dn&nY}kcgw2ne4wh z0V?YkM01p+A2DSZaMYISlMtx`{$4SpOBU7DE6p^1h9oAz7~(m31EE{l)f@MuHvv+Z z&e@OhE7>!K|8xUD#)LX(lAxGO zXwYPE+vE1uHPDO;sE*Nxb=yS>T6i*AF!PY3vZ98?OLY{4`ma<-h0C1Nph3K1m#60I ztCgl8ZGz>K%J9QZWCt0a2YGOP)tqA9WXQBxV#qx_XQNBQS-5>F_Sm#Oh9YD|hvS~A zNZ9Oh)v-|86FXY8l0UMkSPlru_hLr60%V(5Xn;2q*)n=b1z3@Lq+>jIKFe4|4E_-W zcSQBK@|whPVNI2uG&cVKlM4n<0H(+xm=_9GC7^MobyU@(1WkpRP}XxA_+GR$19yP> z2Z9y%maBlqZ2v7ekc5PHP|5&a1u>t#r}x3UEaVxGW|GIkFUcR`vwKyZ-;0_KHON3F z5l~WD1fl|pS}1#|BkXFIQ!z91xa$>gP|CVqs0Wnp^3A7sH0@4;G()joD~PkNIfy~T z5@kcps7;uI8O(;h0bp$4&M7mF$Z0b%?_H9rBbYPM+29p@(KQvF`(hXm`f1!~oU7jX z6Ac+z^l5y)-y8T%?8m|sL71|+ZxlvP@;|5Tcw_h zRardy_JGEUAL*vcd*7q8y;T+bE2t%l$$0~XfPyM}Yh44OZ0^`LF~5<2m{M5U_c0xq z>@#jIhn>@;Jl$w|5=ij>^(F-D&pBi#ALoq=+4HFiw%=EH+Tnf-BV+OU(`Su6>gVNf zi_*!o;O|iNcC1DY)%oz6S_;$**@Ms(UiE<72UQVQEpBtsC`Vsn?DJAz-GbBaU+XTp zyWSqE?pKKxJ;mkgisd;T$Dc7*>@GmDx2^lagfm^!w7!4%j*2E|X>@ubKmDO84yE{B zj4pet+|p(=T^(R7+Y06o;bM`%cmH78CWUVr&&wy%*E_areYHLz<>?2Sp>?RM_+PNo zP~(!UYN5o~CuQgVys;;+^Chbv!1p)oN^87GdIYU-4pJAJ<1Zzsr&vu*-5H9k%MFxZ zfpaANhQ0{vRio6>MUq+#gHd{Rus%^j0Byzw>Qhn)77)Pvfc_#LOh%`yS4N1xtX$iFedq(rWD9-PL+6b&%V_q& zT3}fNIACR%BQ@Mct;06+C#j}*IHW%dQSb(Hxd3-pDke=W6&q@;m@FoiC5p(PLOSnp zj=Ntd|5g5GH#?ZAgXl0*N=7yX=rYknP&-aRb>w2ohIo@3r~5_=sXU++i}qyh2J)y& zWW_I&Ch_RWZTlRsOeSJX!ZW#>LFk_8Q>K3l&+~B8w@L>Cwbg7 zp6f1-+}$`q>73+UY!a*SH`&}k#$kI%rcHH1>3cn|FcgSX21#E!&BqW#_s!NP?*Q`q`!<(N>G zgXZOaVGGO4A2BKyj%W$TRHK@wkMVjbdz2Dh0Gcy#ANq}xSZo(qY3bdRF5D4|zs?Z% zL8lyT;U@g;0A-ys2Pr2MS^|+dN89`c>g0#fH2g1;DRW z#vIWXq}7&8zvo$nD~o0eVmG*fTMMjptG>xdv|*`xo|7<8l)Z>l=J1{xaHz8+!^Py* zkc|>$=ZbVMoaos6)}yc{jM!q>s(N;!H#2f&?kM7z;eBUr0D`+)1gm9kuhI@mdj$oP zKRq}(nUphEGr&F!cPleNX?GOf?q{IU_Qx|f+kYwNA-*mu!e?KYWo4F|`q{NKOqls8 z#<{OuY3ci@gMGfS(V(eVZ(o&!&u>!2e&M2n7HV{lkAo-jy$=cEmH~P$l$73)T^$rksdu2DyvbXF&}j10f={(IqLB5I&b?Y*7^#)LZ&9 zLvII?wcv^d6k5xPaYxGV1wD2doaP*6y^>%1&O{gjOUs8|AQuW{?A>jc?U=-<`7Gu- zPojxwWkUP!pbpo?4}) zb+1QJ>ktgQ50$+A#-xp{G$5x1dnmhnE%{tG#Gg?RD;MN79I_u}bHStya#}$G{D?u= z|2NKU#!Og`JMKPJr(n*I2bYw7$8aU4?O6<{<9-}8xFPZBHj`AD!ZtP~Nr-up$cdZj z^PA}7Ghr|0!R^F3vAF-G+C>G+^OP!bb94`Nzvrd_$&ep2KBEJiA%o?{Q`OSEORb*OPU9k{Su7CEF>_`9sWxe|DBi8E44%4@q%^S{=2nvU zw?M$n)fY#k+hj}C4Z~x8OWjlygdW<6gGn3EBxNQ5WyFT;M~3+pPJ}Dh8d{RT8NU&M z4Pb%QFNr+71|lmlMjNN0Xqrvz1{UjSjcNzcOhw{kR&LvZb~XI~jT}U7yb>WU0#F7d z{rWCAjs2W|t}RzE(&d7%sZOFLt~~o+>srxxW=6%sbU!)q;0oIht3p+S#0 z8bfD)m2H-4DZl((Nsx`l$=>3lAE_E@puNW*BuVl=fZ*u$_NgZS0Q`kE^lg$HE9Jjr z>F)Sto}il_5o^cUtXUN5!hR|S%1t?k!$}Km{vws3K8CQT)sXcM_`ILMM2=?5sUJ0_ z>|SF+{U0mirMX^Rnl#~jex#3y#dPtmG=X4+U;XU+31Om~btr&TJV&12(Z#6Ksf|q5 z5Ylg{KP%c_U73&19(uh`pS3!f zYM%PD*a8(N4vmJ!^WUVQK@YIhd+??^|>6LN0IQrf`CQGI6!$QV=kKCGOA0T@xro0+m!cLVw~&lk z{?D1=8GoC+sU&i3-@7iBi!0_|o2^p)e;unM4x426JYt>x4#((c8}!k%!ILY|2^&{O zIWAjK$=JeSfZlt5yv&ddR@_&ZinB}v_aSUNdkxMV-j3mhpF$#%cPTaSyt8NhynX1q zEMvci#1P+%m1186^Q2F^KkPu${2tCg$E3x`VeI&R0<-JzwS;psQopRH7eD@K4;Vyr zonMUeANd=d9YbKBg@hSJ&WVRE40J@$-_`ru6axA|bP5Cn%1#@&u_Aj( z+Sq;&XrU_U#&o}ys?>5dDhM1eo(E9!b6-7_z4oogK*xb}u)jCHmqUi0r(ftJmI{7H zFM)U*uiuFh5&5oIntI`W+ve14yfDb|CnmOo?oHy=cAnvBmXOAkPJ)y_pP}O19u8d9 z_+vegu8vJ`xrksNCchP6yarItIlrH-?bz`@iU)Lz^Hh_If16P2bruOMg_0a%E*Y%X zt^~w@U|QkxxEOdx=#_m$YNw43R0XwsSzVxx@y$(=p4_g(;UFo!0MeU(b6@fr?p{aH zM>>s;Wc3c9@$}4wqNqg;6hG}TD8ES5KSY{mmhB+tHwN!Ty$X&9yPUDBcC&#}bQV9@ zQ}wj(wTsl-1^tFiqxfqzMUNLRDYL+V zBrqT~Yz!EY>XE4F_2(B=Z+frZlKk#RwKlC?a0XiPMV3H(atvz5=!7}6NdTAka|EAK z$^#;OhSxgiz}hC87t)}1{`N`H*g3_H$5ML2`Nq&FeUE4+wtsh~Q(6;lW)UV!;Vo}% zCXEZIP_4kN{88J*3XktALJ?E6Nb(-;Ebv!}R1&g+zRSLobfX2$fdQEV>MyVNo>g;= z8gi+3@cV!OTRX0cDYl*Xdl(#K2sygPG&Qd)o!VST-7s^y&5w(ai)Ri@{7Fwyb(tNq z@9P$DX!ENm_KijvA1Hl-Ps5n}!qxxTl)?-n8K92Wu5bdED1xTx%gP@AvmKxcS_kh- z8T}ub08+vnk2*^1d6AH#ASRCr5Tel*wnWd5_P<2g_z#gdqLIHEYefgL2BhEoj^2px zS{ReeA+A;rOqE^i9D0hXgAFlfUQwXmj*%`uNZok>2oKnFPjkI-9H!JZqM7s#JAsCwd zuNBCI(*W$DeqS)Pb#dLQPNpD@Jwl^+&yiU7d zdF2J9zUW~d7i}bxQog<{vlN~2H}q{2$0;q{yPh1sE0!|l*p~D7&I4)ou`zdT$DlTA;0u~r)El~VDv4^~+@tS(6BugF^rGEqNzYiOtq`Gk zb@dYbEZuD+C%fcyeYz5p9?PPu8`96)E{F5n=r_}PYN~OxzPG_*8*7k|VHjmi5G8%+ zNZ@v)>X^Bj;A(;+ra8Di$S*fLs8o8%TGOJdO`__QJvZglRBko!+n0|PObrbtaj)~6 zHCkwL-h0?~SV?*~E#CKRpPN>s&J(=8WOU8fK4S$ziJn$YoX!UU69}sIa^2lDN7*o| zv=sy9KJrZ0$$!`0ze5@TYbU$g#N6SR@-W+n|9M zaMorm^(a$nDOUDit`pFw+8ro^99`TnfB=?r{q_4Gq+N|kfhwsRP1#qDr~{U--XD*j zapJlauUb9ujm;1bb^`~qke^>}_Mp1$Em zGi~PbEv97-Yp~$vc3;7@goe8Rbn~r-3a)7TCkHadaUyFAozp!1)eVL*KgusIfQ$xMx3KK5MYdF;d-STI?+Vz<0*aaTCOGO`7J@yu&dBct2O zybT`PG#SI@%5_t5u@G3*@m+6>JlO6NZCV1pV;+Do6X>t{;|>#<+t@Q@VBl1{z!@`s zuwT-aCQ~%&p=2effxgqd>EIOUJ_=)WnDv*>1*y2=H43T4biKvCgZV5v2lGD(393I} zy%5dpX%_|PGiPu553xm=5}+kO~ou%HNzHPAVs1%eaU@w*lj0d|~3<{io< zkg`n8PDY%u8J_*cX(3?zADCaWN$Wpj+ECKxJW=StI4l$D<0{;*nNxKh8`dE^>5!DO zDg9-_4MvW(BoHiB?M}DRZqDTSY3t4wlHxTLQ8sBYFt>85F-oRf@Tzx-s^b$vpi-3&7lcQGcz4dvgl!a#{)(^k9HlCcG$fGWVj5^Y2F-8pRp(P#U z;5)1s?_;=4xU|Up{;i0aAgoiOFBswbv3Cbzb#6(*|AT|!Pf}&rJZDW0LtKasUq?B+ ziqQoKPSm^oPp||(Y}a>uNMc`|Hh>1Vl`_7tUOmkS{PaAC6h10P-Oc1jvzG!j>crVh$j3S5l^lL&MG@5pu75S#L?R{hzumTln$g zkxJuI6&+%f$gbkGCg1*>Bm~Ercfcy9mHX4=f{N`&2&bXKdp&C>sp`;-mW@_sjO#kW z1I{BC94Hb-el$;eM6!Z-vb?PF`jx`&Pz8@d0cZ|-z0(9wOxbN2|7uEja1BRO;LRg- zSz_wsl(OGV-NuluYeVBkz$*Lj#`A9kR{jbJBU_Sj%=0m#7shcBC&MPuBgQ5xNCXE( zzWk2!(Cawm=ApcH0)A&-ybM6~A=!6yR=vSM)7S!GP&`Vd-My0mCV8e6p|u}0xp@tW z9@C+@!o3EzE}n~kgwoq4f38b;V9ba7E4-eL&lBAnCOqGjs{iZeJzT;StSE~<=ZP)p zI7RBJw!>!{5*a%3*(ht7g;Br@+hM%N7;~JhpPP`~i4Ys2y$QmUEysJc9!w$rtumtP z$%iy~XcfWoCkRam-hQ``n%(}1L;_dnWA_T6CpzO+)qSd$r{k_ByVnojKsc7Omr_%E zOEp8ITvPp6L*SAP5Bd^LC}DLmYo?r0Tk3(r%2K#&eupIZd*0icQ#nV)rhu>3q!RNN z^bR|#5*!QGJd!nTT_y~1#zElS&71YHAm%!D8=+TTE)BPRX|q@O9CMIeU_lFhyEDQ6k4k=4e%-!8=X1%AYTS{ZannqXRg1$XVa9eqeF zm-fxTYeV)Z)MoN5oc`KF^3}{~a{#e}-j6lPD0I7bh*BYa;r@(Tq-)FQ_pg)R>#ZM7 zHYU9dlZE8Xy_*uy;jB;57^qn=2M7qtt5gLvO*ntLhq{1qVOZ-)B}v;%LW)R?H^b~k z;RM!llxiG?hkxJx&KS+vBm@~1cV7Mbk#xHxHXbnS{Jf(xjl~G6iBjzhLZN8zzGYVx zTR5YENmYLy(ozN5Pyi0nr6ID|V}zqaOIIQ=WFIz~me)|;&>?1rrRG0eLneUrLgfjS z%n9BDq){_ofEV?8c{q4R^QFf0#!+6T6bA8?ky!=rGseTiw^_Z7%rO#NU@`2eFnh%0 zaGpQ-nB-pr=9 z2$G4x-V{-SPU{$hL;tiq;AU+ovt2`?6lrBO7Hfm7)3dmRiB%P%(uQSM@a}_FfE-29 zWe9NmvN5a`AM17_E@@mdR(e8z__Cild`X=F;HfBHmlUN~t^FP$sD+=26m3Ap+(t^! z)YR!sqx%}{_Ez^;>)(G6`2Nju1l=&WLTv*C;$Zbe!0>&s7wr7RYWIx_G%p;*>O?Vw zPfmkYh35&~e6LQ_o>pmkQmnSiS4kYq7@9b)$oKmt*d@uh$gURG% zy~XRtf8}a4XDW`73I<;QX2(dLe=N-T#>VH^Bh`{a?@}voBCL5E_H(8{;+IrI%TciQ z8sD&iitRb7=`)Fy(?S|%Pr`Lbc*7KyYJ(VeEHHVb+w=sh<*7M*6%C^U$Gx$~r(Erb zG6Wy}oT2KO2QzF%Q<&Q%xyT~~l^(6?lVK|sad!!GDfJl+NT23J?j+=hqCR>Bt(1#^ z)Kx^8zq#b>G)P*>=otiT>ObWf@+}06@l*zqTt&AIH!nNNjph%QON27Bn<_W zrf0FY2awKu+9OyeZBzDp;7?TX^<{*!z{OOUUL42!O0-hnHWyxu-VC45Jpe*mPepq@ z4a9|kP3aC|F5`FxvZq`UEz?h(0OuODSU+mE%>BJn){|4e0PGdL@G8#3xf;L{jh@F6 zoap+H^*Nk?Wj+aAAx~NYfM9u-Mbk(?Oldd>xQ~U*&d_u&Q)kq%m980<6i_U@%t{EM zKdlF6S=6Jis1&m&Oj>IMp{~l7kR;^O6Ja~oMDi}B_ZrTcQpPu|BDa)5X&l4JyoN(Y z0ueB?Ug^(*$49sUU0O27%d*%;_G0&#cd67(@Q}i68ttz$b{KHTcAd*|24+|(^lFG2 zhr=>AMc89pWqS+DD2ev>wG3@w$8uNcE=W=2Z*9%dLB{-z6PE^s_5;_s2pxtM0`rgr z@V*)~=-7gws?;F_6r9citSj{VH{S~Z9;)V?EDaP38^ea0(91(maIo1r;xrYRQ09)& z^ZTmvY?2-SF-Bab(VgZr8(n-kiqI0D=lD3=o;YyM`)?Pq*L|C8EN$PIdC2VYfX=%mn6DQ7&T3XoE9!BtILk;e0iXEy8R{=1T@7T-DnWxnJ_hH{66n_uYK- z^{h1?d)28_NFbt70K*_5$-?bwvWMsZ9DhnP(%JF-ijxc2{dyCgM#ZkCPuMcM??!D6vGplas!}n9J_~0Gxt97YBr&3&tWh>N zJpZUt?&Jo2F&=Z+Ivm&5k5b*%JVjP&S||;mZbJJGt`;+Umxc0+WMaQDZxgZ92o${0 z{~*%0bu1q8cm@VH-bbQh+>@|GPr`bjI^4>cRv+OtsFdYO&Rzf;lD-ESPQJY+QP*0o zLGqja?{;`+m}|vL9&s0MAE|b^4sxtQj^QLt=V5BS(ZJHYC%FJ&rxWl=bfY#bt!B&*hXSuUHu@1(KdXdCjxh?jMN~U>B8%rj6GnwC6;g=5o?62bWX%RimP71h%Z1hy^5z7o_C0>j_C zc?PG{^;m}9?Nih+}jQ~VE;rx z68`RtM|T0wr71`%T2kmhf3=O8xQ9+hVNmMwuPUTcl7=D@68rsx&yP5;2Tk#BZmhej zkDi;oVQz zYBB{>hK{AC(C=GRFw1^3nehoP8z12(1~m_t15r4a@f_3uw=G6iv(fs(N{@>08${lg z&<*oqb~lcY{7`CJv_hF7mUEDEAYt;iIu5DQ2p2L8X&% zLv-k__~C*76W*50J`F;J8$YPs%iu0iI@`z(#yK+prig*qLmSl!kEtL?7an7e_l^`& zdhR$knp_iNsX?K09FAu}0$+LsD$#?h*MYg3#F8CcKZo?w`=Ne;m)cK<)(1blYI0MJ z1TPNEAkKLrsMA%jg3y~k9-S7fbBHV+lZ|f=ny>aZU4dVC6GEHPV@&2$d`(UKe*1^M zCLW;zKJUJoT<|I(#_T0qGvrZK;Ovn8gXiO=P5F7%B~~CndeF)Xnu_A~pjfJqhT75Q zoGL0YaH}jn9>feB7as-}Ouyu;Q>!z|!bwZwi>$zd6HuvOVpixl258pIA4pNXpPUhM=kI#~UtgTfjxk@_jyPRcR`a<i_yz<<^XXFE5Tb1iKfKbgC!pfvz(S5}*_YKv)4B6yD;Vng(<5 zBy2Bt^d>%zvPtfwUIoFmp%j&m}b4Y@Wi{+e^^GHj_gj%=J`lfc1qOo^h| zJUT3l`JHJ3J^F=XztTLgbS4{dTZ{f@Vh~oArfTt7Q+x}v`F)Ta2t*jlqEZP07E*7) zBAW}Y+9WF#k|1q~9f1B&+rBn|`Ib#xN1`#)KlDaq4xka{xB>L5ElMmw)5j!QnJMzj zT{q$1R=BS`7nva-VLjycANS^20cLS=5u?+w85@mdaCS}bN=SN`D%)fSr0YPPo{Yu! z93N+g3=Q-J<}Ssv`>m)4z`r}LglP+5hn^4hlffTFU>v;@j~xM#JpGCAOnmk397ty9 z!(NaZrB9~ippBmuI>PQs@|x_UUJG3(pC>{a#pjOvL@+WeZA^-9CFb-H@N(5n2nNY7 z(+LXJ{Z6r5*#0Geb>sU|q9YRasN(ux+GHAhJmOzm9Apw-m6Nz*qOZmt`L~p1hJ1vv z#_`v;`HDJ1N`);|u@dhtsgm>z)}SoVE2GeHB{$F`y5jY53Pj5Thf%8D*5VlU`hv`$DhW3RA(z=YTzdKmgZ> zP75MH(wh0`j>VN4yEN+SU{}zUdAx>yg%7HB88V}iO{emt7mF-UeC_{c9Uo`yo0>!_ z@E?i5=deEjd6h2qaN^zpg16LuJK3nF_Ig<6bRb}cUCVnPDnd7e(atEy9@%%0C@HSif6KvRemAX z*tI13>BPX|l6#(@r8ka?V#hgSlT$&($_1@Jap?#3BiN)xwgg48KuaE-e`FH1_>zT$ zpl(!{@L7Q^?uKA&;1l;LT$aH490pT6s{uBV6EWfZOBtT)xkYJbpL~uQsb@GbO^2vU zT=^pD`OYU(lTj`Q`s;?-0$+co6vsCps%`A59B|+XZzcBb`3=4f)gbYd0+!!(0_wYRV@5B?A(YYW=|=2&Ls zJ3P?qPVE;XcD-yFfl|G*oDgxCYy*dErwKJ-R9?KTxz zKTB$FRva9@2FB}_itZD8L>?P*Guk&@vf(b$y8JE!2uC(phA&)QDK)UGkU<|90>7cY zK2zDYRxn|g=r$^d7bEq&-3p^+;s`NRb?G&eIw-vCO2EGQVL`Zz13YmALa~_iJ_p{Jl%bNpZj-C9F5gMQhvQh|B`0=9zbkIv@Ke=-43VrxyTp4`5Fd%B2MQ zHfT#3YexWEK%~D<2P)xaSocLRL8Fd8Zn|4A2lHcMMNs)Pe_lfxdGd!=-UdZpv6v)t zmvy73mN6Sx>AIFi1dE zia@kN0+PW0y9Z-3mTn=;Eu%7ZyN-sMI}~}?!v;xQwki-RK(OjTaLpq2gQ(sntVrPr zO6db+fRhlg1$c2zLNuIzG+|FK(WV@gVkt`uK9uh7d#y%?J+So2ht{0ApPS;Y8J+$wbfGNv#P4|Aeo#7 z7i5gfo;|7%NYRmX4d!1jmpqL^6EfAsD$XZ)WB`Qpkq1no3C7@OW1Td!l&%L2>e99S z5-pFtb!vP;|H!)l3WB~!69ykF3xn|B%J|02uQh`AM5lLHxv-`T=Zi7qQ26`_ z4?PlQ5WjP^Q$^&JZMrbAArJk!nb}j!d2BPNm)uAJK-c) z^;3$x3`X?rgXoI$JfJ2GorNW5Ln)>p`efC2aZxBR#>2Sil7vDhgd51~6Qgx|6PhAh zv97oV{yUp@_+*91)N0~$EDI+2z}BFWfn??`$NbFpCW+Mj_+={n7j)1S2FmtN7B(R) zjeovBR3hWn1dvNBs!?^KS#w}wrXIBQB}}~oS6M>X#IE^1P<{75#I^ zfyh~`1Zu6I2V~g?%ll^--VmeFaU;EEPMj76SlselE90+tesO%g9`L@|FHf=C?v0r4 z?ZNy@Im7E}0KoOpVI=JmlV}<~LNlO%7ZRyr`&g~SzSy~Ue^Z>o(;>rpG7`g-sKJ;# zH3MCw)oq@o)(E4`VL>i@LDzDeyqR+Ap-S-RCEBYDcP9TM!*Sp*3+Vt@j?^f{6L57T z_D!nt>X@>@J~7VDFY}o~yVCg0=OM0Bf(tYns>~qT9o1T(o3TdED4i=EcgW8Wb^DsV z1Ja%l8_nkli9$`2SM4HNA5xGNQpI9K)u)wyk;0*ScKDlD=n!Ut3|Rk(eGISq4G_@O zzT%q^Wr)qkQjO0kD7jROZ!T46d_&%T|v@XmffY8Qf zR=?)@W_iwI3+*EHFGl?@I$6AMRw;&hGm9lx*}pf@=*Bkx%1hRc0g(7?3~QZTDcSqJ z00RgUYYs=;ixX2{7xj5)wT@y-5b!cZiAdT>G6f@?3Xau8uW^h0a47t1+a0C60^|d5 zm8XkxxolE|R8HUoybX#Z4aPKrpp+KTd5zt!?G_7Z$;-7Xp8%b0V_G!p6hx;sJ|K9x zz}WT{%X^p;v8wvx&cNvqHoz=?jCCCfw5p`s$%Kri-_*8g;;;niu&MFI_;uNR*u$8q z0f?+Yk=wO}I@94-#NvF(T^a=YtETW)sQD{Owezwx)#pKN0e|C10zGEHzAtf;$%kq4tG8>Z z+258MEB?r_nK+Jrh~+!B#n}npF%$YXHwoZ z94B9o#2sZ@?&!ru{Sl*JCeEZjwTq`fUqsm$gIVT=YC8x#!HM9zGt6{bv@htcOoL}?8x;ODj%>?F`LC0g2}dY4J)mya_1*p z2P7fYUVrkc`{0NDY&9!HA(;uFXxnDL1Ql?^`5fF$0D$iki6&NAhPn>#Tlrv{-ev%? zB4!}c!PhO`S^U05T2ysx`#ykaDZaU^Ot8-<;*!Alu5K~}5P}nlknWc;9bL{~9X!O2 zygx#y^*c3CArBa_n9}AebG~2x_(K{w_=vNyG`1ttFWa}GYw0Wk_qEBNs;B7t&yX;A}y`KA}$F^0UlEBgD9(ehu87$6OnKE~NcD5v0Y+rxK1-NEA z?0xV1L2+#YOoa}AR22-_h!fEi^f`kZD?TLXr-lu@4|~73iQbRl3#k%_y(3HtUUbv1 z%qG`8+^b!hi1GgpN=I6TSx8zrvudVpa$E(1BL_<+KZL0`+I@wkH{4gF?hQ%n2tB!+ z{GBwXh1%)AZRFW}=BrZc{hY%kVG<*g1!BOB$D{?unp$S&G5yO8VHsI%w!s4V!{vj# zmT^)m)JbQ4?G^{c4Eou8xe7;EpZU`esawMa>g)%Uo&ookTR#@LD>eE&0MT7K_v9U7 zm+$=9KQ%SaP$-GCcTt;n!z{u}!a3yW1&7eXy{3A$F8IuS5VU!j)*ixoKp@eCBnEtq ztre1FI+6bDjw;`gg9TKA%G14VLcEZTGZkhdJ+B@fY8KLF5*9gvRXx>kgfgAeB%!vY zgn-wQ7S%FH4s4nd0D8{4l+b>r1kOEjvAO?YG<(NCAN2PG_Feg}UlILgGd0#lgV zwEJ=><1p#S3#HGI$#O++FnG%F+b!}urp5UbRd1nq^-fa>k;yTr3o5KjIdW)xFb86@ zX1k~*+tN;#d0-1!r1FUh^TX6P(cZwb5vFax&1#Qs{h5|Uj5B#H}L(RC-lFHmzcF_!val1_%pcL5)8Wb(;t00sf z?8HBE+^MU@-t&3O=+D}P8@p@|?~!dT5ANGg3|fk8g*c(LVd+~g!Dh~;@TGlflm;Y; z_CZ_*E6{_9mi8=y&^B-BUHX23bxo}qqJC@1&`HP9JXl4NRyUY@v)0ygeu3-3@BRRx zkk{(p-6zgMbKzT82+?)B0J2woJg{N~Sl}R)`k}9Wnv1@)80IrI_eRFCH^qgr9-UDHxP)q(}>^{EWItYkD_94{|}PQ zPXU^PQsjCtRvR&|4p^9b7qFyzRu`s5<$3PxYBB=v4t(W1`%d_4KyBt|V0Z>Qi6=c<2B`ql=*?o;9% zo8l?3=}fjr-{$WiO7V&D${h!0tc_@daEFpBE@%ZXNk*DR;G`2o$?qa0$RlpqzyP<2 zIj_8uMnIeDjZ=h6BH4jaAv4iee&4-n%9f-N7^wi(^~J;te`xWTnC=mhcx@!{>=;Rc-^ z`>E+8H6ow{8N6r#oIF0<1PY)v!Hy#Rj78YI*~MHh>k$>=nrli>;_xu&{Xj-Fm_&L=vq5-4qF10EOube+@9(pp>?aV6Oa zbIq4plw0nHB+q^gxHv06YhJ)Tn7Y|LQ*6a|81OSRU;b|P?pi+7AIjK8dRlsetgaRA zg7301v{UMS^@X-AHxgxR+tWi(5bWxb+!+*?3V64?n#@CQ<90PteX}qZxW)eDgCn{x zL=sKWU9OSRnu9>RsMZAit4{;W=Q>@%v29XsWNxaw(t?lglLEjgCY>Dpb_YXf^0s}l zYKL8&7E_8Q&Kc#yEUAa55=wxScE5Y*=uv&9x-DYqquh;F&)m3zH{+L&PVs~1?zRY_ z5DyAxs2Co7#V$Yj6#B>R2UI6h}RS0%v#gI871iW{rUMZc3=Wv`dg0!&67x z=Y_l(q#P{?(kPf-__@#V{Acly$H-B&E|UciWKGc_t`ree8r&98nj&2UJmdid$6TCb zNg?7?WlY|ok;@|nIs z+|dYjw%D$Qzst(>6J1W_>$OGI)^0UsvmPNcG>q|v(b@JU$Vvrozg;GBs8e-W)WDaq z{qoyD@n~uUe0BbXXRa1%7ck$|tC~emFk5om&BBF%>aa&Oer|Na9OA=-Dg9!F*vZTL zIqlyb#~g90)Iz5UX_#4_k)&>Cxb&xZeSm zcW$JRV9xgnM{+QM9slKzS5$n?h@2`3^DdbcuD-n&1kUF=QU=V(u9=viU^hc3Sz^(* z5zBXnEDL}FG`z`~Pi)L`pL?KqUyUOB68L_&;?)rLblAAGoc2W(O~^R-*r@|^%Dxw_ z_BQe5L-(xLGw_CMWua6dga8HXA=>O|gVCKIR}A6mkbU;t_5uFjesf192O)Ww;Hl>* zx;iXrk&*fy!{H}560bju$j{gc$KCR>4Uc7o&E?DfKN&!iyHFPAk2H~d8m7?kC34#4dkt z2knfMpNtbFt6XKRXD}yT-36}0^}Sv>^)6XS&Y-Y_6LH43+eaaG&#wizzazzG&2P4V zMV&9ZdYWjTU%b+Cg%N`0VX0>T?_nAfDgj6H|Ka3?;1KusG2x!5qH0F?8R;?%d4Ur5 zGH|uv*vj6`*gN4fxDt{cS#5bK5I;}+BH_KnEb~<*&UFW03l%Q$>q6TPA0DG+Ie%wcL%Zr#gGDH{J z#HCE~GJ?5}`eFb&F>>-ogmoG+1;v1q#oP2^-eHhwfQ!ANl+3WG5jBlh*E9c;+0K0I zSK4*pF;-VWT%fffT&Eiff{40tAzY?M1XAvQ_1coF0ZIpP`!Jp(wUJ}Wo-Yemhh8YZ z)H>|R*z{zq$j>xI2S~JHQ^^gp+N^4SEL)#5F_}ArsepEN zwR#?Y*?u*O3X1NKZxLQSX?S*{s>m9v$8^=_4B&bwZ;1Q}#Y~_hK?I5K13FmM;^WL> zNKyhFZg!W?ctm+FMy$<;;O>9|h=b@|+9sgyMN#PO|yEPAJ z41odjGxRK!vSDo^4bpxV*E2kaR)I%e-{ngtq8gn@TyH(!78j4E$q(*)1>*LU31ze)%BmuA;n4W$mvdJ zas^ZLo7b@6Szh#?n73xX8{S zTNdQ-%xYoIQZ6>^hAtaF+1kYG(LgKfy3uR1%|KBG6djzM!^*nk*ESudSu+JxzxNq# z?ooUlI8?zIOkh`k2Qom+a@}~2BB(I!g*czze=T^ggUYG~AJ~3eXvUA3g>h7&p&P?l zfQH(StaUH@T?EMU4H1$Y#DlzQ+?clK`(6MAPXl%Y2-+3$WtfvI7Fu4DOP0Ln30cT_ z3B41H?BKN1JM9)>z2|-O+gs#xZ3)?KXR7FqxuKY775E>OaDdEo2pT`?U z7s(@^)B^!s?xkJ`fw!I5H&V;Wckcv2x}tiQzf|EJNN;*KgR-fuJz?*N*(yinPs(Of zWv!C0f{gPl7;Ia1N=gt58+8XkY};YRgBbW~>1Bi#Gyn?@VGz|nf}zjB$*V!j{CaQa5~t!*$GjfEURBS|7@ zKUQhE;n`TNzQ^u$q$#tVYxItJFR}4U3N7(|$D%gfj5>E1!W+kEC>{~k{0wYR59jp= zvmBO2972SF>N?FsyTIWDAA847d}&1&Uw$8UJtrVX*a{S+hlpksnid-#gotD9wG)eR z6tfKtR8W=3$S9x}Tzi*90UupfDOvYWRBd!kK4r3Vx*^&g|gW*}gUWMkNcG)4wt= z@#Rh_C~4rF3$X*p7yj%nweGBvO?fYl1Pvw^*awv3#TIGv*h*o`|q%#Uxk+4+#0cE+=WDabL~!tAZ6% zi$8+s1l*WoPS=p?ryA?l6lll`WC&|0VZ(ZJmK|NIuGb&(wkpZO*3YBY6;Ro&Sk8}> z@cOkH?6o;kKGXL^oaPFkh%qN1PN~KT0Sa~THV^5xWqS!gU|FKvwkVqzrd)1t{ZG2k z)q2Zp#ND^@lr+LcHizj*_ue)+312HN5&#>pW5NU_HIkN@r5N_yGT+zKUvC?H&y;w=yo~zu)w(()A?o_Q1SgClQ=J)V57W41po<&EjcL;GGbC z5cyN4sQlSAxn9cpI3qdXo@DlToCo5f{gY2pRdRp$H=Hvvcm<|r6L8}^j9CJLA3>PIJk>Tq2=(h;w~Mu!KD?W zAHI9DX{$gr!)8!Y>aSVwD`ZpC7eWiXYo2dC2C8(;;bJ65RV2pd~w;rMvWw zucwT+j7iGHNjMu&H@}-Kqx8c#sGj#tvxFXQ2OCYEAm=FMcbe}xH2;_0Wp$mh!=49Y zCnZtDt8XOyQ9O{6eZc?+=-!I6_BL>RRmAUrjctXQ#%>}2;rv{gK@IOUyzcqOg>SFI z^A-q_2xJycNBnff1}LDHxXNVxHO7!n+%9Oe0mwKC9ajV z4Fv-l1NtLBH?vkATfc-xMo>R5TmjRV2qXExZQ<5o15LS(+BF6Y$-E2$5FVQ2105YU zTHycl%L70-(>i7! z>L8TtwrB25i7LeL|7jTtbEnv0#L@nUw?QyHEFiG>^DBM$0e`@?SWoKuUbR=Z2X$?N zQwUpzMIc&?XfBQ{Dyl3~X7h6bJ2RZ@DJ1wI=(t zVmDt|^N^4_7M!v3SFDR6;0z*SqpzAqs!RKZ)vHy`O zMwV2?(8!#t_BzktJF9LA*~rg?^=&k9OR zSnB3Fb8rvT;2>7mGh08&lhhL5?mfDMB26|Uv0!z z(H82s+RI$&BlqiJDjN!j?n@;A8Q|5N!avzv(~ohWEEIV%wIDT}9sQiLvo7D-?PM@I zSWoUtEK0ZXZj2Q(_bzxIYJaZPZkWviRVT9s==a)QUb%4djNip<50nZ?WQ>fkBA2~J zfmYXNgtNs+Yj0L`KEP;H@{!@aUGISd<&McSonOMKqhh{k4d)dnwUZ2AZ3CG*GF;imZ~lpE?}|0w;Ek~*x*-cX`^lOkZvq#Gj!j@b+F;$TN-QR`bxaF zAQW23n0##-8Y_pD(_9Y-gRy>Lb(8DyJTc#jNS6p~@mD031-gK1>ivayYHR=E56-&b zNMKl7Bi`9+cXC~<$zen4$ioVBj*6`DHOIc%EqCDJRw1BVcpZx!pI)4@Z1@cP`3Ow-W(h-Sc9-qySyyEI- zRFi%sox%uKTs#pU3$M3SN(Erk^-lA zx+ZEunr{izF_E*Mdx!X4Jzw&iojUfXUH3o_xjP)qLCnQ}ghl zH9htkdg~&U^p3I7ap=uMxlnK;r7{Q}ncz$rx=p^HLTO9r*$F9Dj%Hy+)=IXN-r-g% zV)FcttEx&-uqhJZ!Jo^mk3#6Bbjo_`4k2iXl+wxHBpcMhX)e>zNjr4s_hgJO$G2JI zbrgMF9GE-D@8TB&6<~1MP(_`J}ZcFB5xZ%Q0&XrhEO_dcd z6urc98yObTU!z&Y+)>v zp~6r=tf`oA&%G|x?IUndH5b<2DqU`C`I8%P{6QM46n!ctVRJvPDAW^1!%019PX^hS|Hwc+n_rZJ!BeUniqn#E_P%4SO=1rI# zG0yI8F1Rb;25rEg!WgFT+VHNuqU>(%s%7_DAC4TqCxjx<`=dfPizC-7Me5=p&+P!`%zqrHo>NNhdGMT<*#ePPi!Qu zbH3s!`>WNLEklW`dG3N<<&HC&^oLia^PagHvOq%OmiZ@3Ehq_Nc2nxhuFX7!aoR9$ zpP$B@g9JON+?T(ma$OQ7H5c#hLw06=1q+ewKGau^^O=SiDBylOYVjv_s)UV!dgGZB zWCs3@frt*^4AFjoI{0iI1@s85Mk5OPUp+>c3fMfXMgPj0o6t>3ZV>u}3H{mxC!bXj z;UnA~p>tFv4&gYnT-Zc}6NaHqFBS?eC})$SRu1^6v^dp;n54=M*xif9qLB&g80-=% zsNuD>B(b|-Pp!5+P51&f+!NBXCj;r+e@4mFrq;;TP#ADZnJ4mQOqQ9-<+s6sIZ| zciv13lwnGV63}u~BdMF8U6hmQw;7pC%m=pB>ot&p13MJW)ekl4z7kQucrX^EFc2xy z&seX_K$IhyDz&Q7b2g}mriIo)|3!#P#S6)EhZh371L=f}4F(?6w+0Z$?13-FxJO5_ z(bD(CJY(d5%XSsfxm;!JwPB3d{5wD1xQvVKfN%A2Vr|RpY}_Gv<|5l#i;+o&ID+4`rFBdbux^z|4->j!RwS8;3 z2c(dpJf6R>rnbykp2xzfFq8kI>RNnBE(Dui7&2zWjwpHbvg2(rsYm>A*TLcWbJc}+ z(~J&czJTcrZ zB}c=t(8&9sT$A59w_x-?y@- zsivdXztcAuOl-YH_Hh=3hY3R4G4YnDyRA74i{{U%P5lC!#;`SqTF{cj9 z8%lQn7peiDVJf5!OUni~LU3_dZA}X)-X%?Rb94xbRz@O??Pgwj1H{aQ=zGQeOx{7y z#1UD&{RA(~iOG#P$-JcJvhxxg@67&MpZRH}N|PSydYS>>2n%PRqaP3#J-g8wd2Wc^~f* zZdq6H^w$2PUrbv4krlH@VWHmxmB38v23wc#42n>bJC`YmzufltNZ+ zxy5~>@>S-JEP&)qGoEfvr}&f|%O9Q9d|O|AG&Fs!GY=<6_P*3R8iqNJGEpdHdkC2^uYugVL9INpOcH)Q6R zP7P9PvBl+5X*+(hq8Hv>^IhzVaL57%FaZ_&cxD1E9*YPj# zlMs6K$zl^=h~ZFYonQZF3lwO#BDl`K;}H}#?urkw70R7q*a}5xe|2l^-c`)JRm%B( zNjXvt#X!kq}F#b5TV!#dF!l9`N zJqhGHSqG6(Ef-6yaXA6h?TRKsU}79vIqQUSE{^@G-xR1 z!&=Ln=g?j*P;dYqLxF18Sd4*V=GhzF?ZkkfX>Azmk!qjiaJ~3G4u9I~b9qBlM^iKa z1UqtGHRU-P(Z0A^V@RH}mmTHBmhLRTRGc+)_gLG3j@kD07^{|jzWCnhzgm}dfSM8g z$n|N@XoMRjC`Nye%_M*1dgm75jeZ3Ke*0V(h~u3O(Th=W(Gwg$8I8jZ%}%miLzyXr z<1KKY8I}8T&r!4;I=sv@quzamLXgz@aT!#SkB>*WaL||=;JlL~E-qD+bQaz|8A;gk z`E%taMg1&E8=oOH%3B|2Jj0^o<@>M*C|kgQxLLYG0Y1la9|JAy;t}M||5!|Kf~Vt4 z29q;AN*xF#6}a|fG`=IQdg?r`iKz`Gz5G?pHv6!l;x?vE8_#aEX&g-R z6R72nQUEa109T-ppad==gezqYI0Hi#?J)kjm?=Q+vbT{WzvrxSG=If1Q}|1UV!b_X z@xl@JT_mdrl$m{Bw>^&!Ut6v4A)*?FpR_T<9tyoiFRar1*i{ApNDYnGC&2NgNr{2y zDil;0ma;_8y=H=6Fa3Qp1W5Wkh^kx&U1a`OOjai@g9q5zkE~vwn_&?g3ImG=�h^ z?j1Yn!%4a_bC91we$P{K5GZOAfxFV5F%I-NDFZkDYS1s-W< z)CLq5zfI2q` zNUUd~wjXIB=%Y=@) zmt9X%%EFjlwyiU6Ga|EvBfCNo{v9PQhD-|Bi2=#Q?^_aC6@}yzz_r*n;H>=lnzF|; zU_+=5kyds6x0X_1(Q=5`%>Ql9X%Pv3$(Wjglgy8#n*-I4=t(L~v}U-sku9-?Vh&uU z;Yy*POt2*@OH&lAs~M3$b_Vl(Ew@kD!cp9FbC+nBnYat(q-fKbrj7y|xF!<`JmNUt z1tsq!5zU==`pQ>BKX-)xPkW&-e?bcqKc*QTr*p%{d#(r!0^HB_v z_*%1DamIZMo(HQ$aY1J-G zN4|KX3^c%Zec*T;8@%FJNKp^sio?P3XODOVGBl3G*v7I?8!GfYU}dCDn9xkFJl;KM zs0>w`zl_>B8vJ%oyxZ=N4Ulh)_xp_$5!9+#V&Cl8((${s%1f>_w_EAwqm-&XSrI%n zjyoUsdFu#|oN%Bt$n#LqA$RGiAfvsKqB^v|L7FCWmp;dfrPE!<=lmH_E}9qn1Q_T0 zSbr6{wSs9^S+H_^H%$G^sK`IdQDbkpD11tcJ%2>0lcw(FGlkQ%Rh~dx=@B=%)bv@K z#M(T{q*hs~dzH*;D#hb`-lx&wsXcR<_s7DV*MAlqed5~2RKSLo?tm@|q`ZYjd=4#U zRi41>-{{9P{}6HzY)!DSqQ2PxIWQRQYhz|bGl`#wg4=9NmKsFd(U&(4uk~73wjWZU zUjCy<2D|l|x#&<$-nuv%&k4zVu9@f>>*%z@(^xwWJ5$r*1{1LlI)k%a1%h8>xpQ!s zL_id$sNHQPnQblavOy8zA!9gxci+#YqUc?E0)NrMi_Sam-VRSdTWs8e|gR!_lndBk19H+r-@g2E0gz{x>qF; z#mry1sF<1eaLn0HYiT@tY+6v@2UDxXi{0FXqa z$QXwZxvvg9{E-n}o;rZhvYTN%aa4|=wVkmQgYd$2#;y%HT4KTj?cRWPvA=CKSetFo zi0g7_rQ@j#2UNWb^kqi!Q$fPRu$W9|#nJ3< z3IL&BWp>8YBPgGEF)*y|m&DFCV>N+>dmO^q;gXD7UufplOgbEdYV0ZBpy39ICTqH1 zX{}Xf%8)kAiez%(zE!!TObkgzKY&Se*jzkXCCy9`QWFYxStfiU8b*Cy0iSsLDRz}; zg1h-MIqNP(qD7H2z*8|tX$hj+;(JEU+@XK*4zfjX&Ytkt*khmaE>|r9W{z6PXrwp?v3FKWC{XM8n&o4sSZ9Rj zr($Dd45=hO%4RKC61!AHyEvRyTPvWF8}(Z?Tp>?V$NM|GEvY!$_%-aW0qR$RHT8$S zze#+)9SkJtnHmA##JbEl{=f*t_YE1FY%(YCgRuqdqbB|+`vd2@P3 zV6NC%rG%*Zn)ZRn^%pvCS*{98h@1#r;R>sWw#67+jQm3&^$%_qwv&yY(A-M^2nGiH zhtR!KQHSzeCW=UG(h&^+jDzn~j+A!1#tpE+=@=vZ6<9-ca}?XBwXkIIm)rGqt>f5P zD5*~l#gxN*>~fnI{RGH~;6RJtqqDx*t1TswZ|Nj$ZkFf_);f+JJ{KK4OF-z@W$9p- zy>p@0i7Z>hwsf3q2`SlSvL`lfQYFk!;qmE_abg}HV%4dPd5*}_ zD|0$D1V^==ei#|AC`9Pa(k4bWrEUj|KxduO$>Brp=S^bxe^hRV$Ax~THdascJfAt6 zyN+Q{B>V`NrG2r|4#%~np>n@JwWs3R`r8UiStfD}W^;mOKgks48 zWe%XRQwlHX zMA3)CyI|CMuNJanlypldlff3F2bB8zJBcmumu=ZWYKe-{n2EHdfC3DW6umPx1G)4k z0#v^|c#mWssjN+y+i3El#W)EOh7o`Rk=qL(H~ngAUVjYLl<%X4RL{7rpc~YT*e{tD zBGJrx^cYs(T(=cva-^w_XL z73C2zO~=CM)5^g(>$P?j4C1yQPenapzN-obV*6!LHICa#acd6kVxe;p3%SSS$nsEk9B76=<^28lM{xhx&QBtK?zm28Fk}{p0twn5A z^~?bSVVOW&uTF^FE!8=xAjnFgxg*N!)zPxlR&qk!L(ES5$L8W69;ci;HL_uQNMnR@ z+Wp=nJylX#(?YUT&N?5&CHTM>G_KBnVp8#gDq0Ps@QFSGs`lu9Hce5nZaN!IzBF`+@{(=rJDm+RszFHC8Vwwc5H zYD^Qo1SB{e3Os0tUuj=$G4)&uh+-rE9W1w9ObW)TQ)Y7t!$y1{!pz%VJXCcJXYJ z6Btgx{u_*jTr5K-oI?8AsNn~K%$&hfG3b)J(K7I{DkvpT)x~^H0}j?R5qal6PV~@i zUAZPqykxPwh*KcyyLAbT*lh#kw;N$9DvA?q2Bkf1po-=$*NblBX@r_j=AFSCoAv>k zg9PPeM=En(HIMh8cBqNRB3;t0OShsdmL$e=QDoIkih1Fm< z`3vZaKPsno4Ok{wcH#wGetkcb+F1;sxI3Y=)x%MpVu}Co*ba|IezhaLqWA^>nab-b zN;PvKcLW<*PH$lEG#EQeC25B}N?%EzS!4uH5bs4Gz<(Ze?;)yR!0CTd)mvIHSFt9~ z8bo^g<5?3AT1(yUa&`qo69B>cLZa=i!y zo=oW@UH#s$9aUnihbL#Ep=?NC3f1tHfnt~NoIwsv_@HAy3j-yABKHakf0v!US%5&R zZxnljH9jUyXo3Vl&rk_*udpU(lKM`-5#bP$h3C4@PI`gV&;Hzm2AA8LjsgbqGlD;r zqab5sR1eU|eldpU;ibU#rQ$9G7c!4C6JUL;f6{f>7jd{cSj)}per=NS35B!A|9~TA zQQus7Zd`qW6+jLLdf6=Q4RX-?qD2KiON<{@5Jf=N9H9O8q%^n2#-3byDVP?#=Cf1Z z0vJ$7L@LPc-VK825xaZ~EU^)`YR*!?J4(v(I7PkNrn8?>9lzqqG z208^iax?VYO2Lko#DauJ*9hz=^9TJkk>(6LT8VFsi&cK+jUhp4Wp18{&6Ebi8B1{( z*C*h^znSQ_fdikKU~zGwJ?g-Th@tS*mb>gp9245gd<*7tf|UT?XVJ+HT>SjBRvckJ zORHkk;I=+grXS%(86%CWIZTC?1=s^elAAPo;8ya%`%Q0`=1ypoE&D!RP2};3z-vKq zaw}XN>zA>Z+m6!GXy+;@?Q1!xQ|K9aZCcSo*73`el6N@ztS6Oy_m-s^*i0#jf=iUP z4t}I)ULuniKHeL00{tL~Gm`F?JkY+NRPr%DVWqC-;oi+%$CMDMy)Y6VJ|n7~e9Z!E z*#`F3fF?vv`1(F1LOw;eUUnM{*uKIGLEVGy(t5U8tZS|E#sLfIFMt77m9g$K8XA9M zZF+WdC6Xo=n(&aeE54UbIf`2-VLGBQD41mwnKKKwMu?*pGmiH+eh0L*rbFWtJfg@` z$tk()TA+TVYGZ^+sd($oRN{&?tUX$*7i$B?W9J=-H~4#!fi~gqCxi#P=7Or;O9u#? ze&zrtK-j;Df8CZvet{otykQXTPkyb3Z8337h-!}i^J#Gv(HNB>ml2vu?AL^rme7%@ z9o3jk@cRYX-8f_1Gj;GojH+1)(qB3wezre4sCiAs^JVgR_il3K{wndotjQ870f2Uq zHGkJKRe}-Vsb5*b!l2Frk}$@p!VWMF_utPry6}K5m%u;3JTzj z8`p;L1}x$khRP}^UMNvtg-$KPV85#cTPUkbE6c$jgorjWl2kCRxOA!`v#xw7Dyi? zqCHI8H;G&D=x_a{eLh+eR4Hr+QRd1%8y%99zbB84z?`8{nWIz?DLh8l+6g)(LW(%yN@5ST0$QTu>p zIRa7TBEnS{$njgWg3bv%#ul&8a~wa>;5eQlna{g9OkF$@e>H`72Bgil=FW*y%Vo4& zuY(LS-#GEMNBj4i;@b1L$G=~hFRlEpuWs)`&Ya3Es&{r`1s%wl@37yLuD@4|6X8=8 zS`xo;rQ#e-ybE=m6_!G2L!djINLW7?_^BH%qJM3#_Dk=c()m^#UIZkvN{TNL@Y26ly?q~1V z*(aYvkWGw3n7kZK)6%a-_C>dIivPM6(4?w;m0*R~bfeD?0MpeKJ#_fV>~2vU1aX?+ zlce-<6Iz%3X}Fu*@oJXgz7o!V_LFxn$TFcS>YH@z`UW@m)|uI5?MGOFyqP^HX+B^m zQEfUf(0<(v&J5fy;=gwTi5Dr9o|g;v6P-O`%)DaDqfTp2-DM(mXjq@~ig2sj05||s zf!I=tMPQ%|52MN2LCv*|rl$0xGOJa}$7G_%@m-adB~EaYA-Z`r5v9o?*$1WrogpOr zaXxlDT#_Moe7iK3w?1kQdMszyxjhmc46)q$|0V2Pih+dWn6ag!0$Av|&C(4wm*7Jt zmE1!tzu$5wh7$K{tGcK07RB;++e}Y`9ZK!+1VtZ z4obf{VG_w4%+Sd_$rlg{NtwaoIM_LbXAEf`S0x$TKu*%ET9AL=z7KI=y}5r6S_tfH zL-Mh#n&%njFyd#!Qt=K?7R06tu}P+hF?IKOl7d%E#3c!$=7(ZlDgJZEJ=b#7{7^x? z=}{>b3__B4)Yvr64P65c>7jy)?gz8?LsTd84l5={5&Wg2Mv(ES`ocIsZQF#dV)vu_&V)sd4|cSkTR>8%^h~hz@hG?q|Ht2;bL_x^ESo-2w?gm;eU^B zqDgdH6_J2NqL_~Ty;}a+XZO$RReC8)qmw7_lgW5XbEgc0hL;}ZFLy~$#?|g|Cyx9E-r4^7A^QE3?oBG|5+^o>7^GtLShPM51-eA_d50+zkq*ZoY96s>dT(g zg2)6`Ci#bo)N=s_DG?QY-E$DhFCXjjkl@#M5R+CPAo^T>4rdZzo%$>KAan=3cm0`; zDitGRS9s9OhyYgwoMFtb1=h1~AbOw#znN#k$%Y`Yva=={ zA!ao{X&2BwJFddzrGQ>NI`d(dL}i}T;h`!HXq|d1u zi&j$Yi|S$vkEx4WQ8}9~!>-)g7^e1J?0uL1cm#?^l^ikG`Cs>W$b|3Pl;20REj2&) z=z8Z5jLWmZB6SFNFKh0QQNU@Qz4T4(O(dsty;g{T2x5bau>6>BM&f5w#X`}ES)ZoJ z^yei->0>jl_e-hD<0PoG%8y=^@K;qs;`(W9+guDWo8925|1PaPUS3q~cI8D+BEru~ z^9W_*5a^OKZY-&B#pV1D;WIgKWEQ8M%6YS;dG!#Eyakxa!mEM24%qH}T4RVyANQ8% zU=2AP!ZsKHYGJ>PcxOxlQX)Dd8110QF=fb>$pM0QW1MjorHA{!gWIPnyfK`P=}9Q$ z<-aW)WJZ>ig7!b)ySlV*eSP8QD926b>eq}qX^^wdcX-jnUTuF2%Y5a88Llq`oiXpt zvnO1$_-+k%C+t&dT2;?J)uh8}VXkFGK_mt8%InDyq_?s?`rhhFc8)hF)c`|s!8`JP zr(4hb#Jn?bT|`IQ2`#P1TtPBNjg0i^Rh?8K!oq*G9=X3lNwd5Z73@QJEm#<_QM&nT z>|Q{txW%^GPm+z2jV^(``!TF((8z+@t-*+jhp@mrL7?pG30rA)}ekg1xVtN{tIGxt-|Pp9-2@! zX83CqS^)QR(MNU>M}FY93c)i99ymivNIs`6)I9PrS$9^+&?6mWc_dBfAM2g0wgW%T zbrdyUT1z=zBN0^p*S=pl&v0AlCG2}>9}?Fcz&z5WaKC}E0ZWLs%u}ka zYiR4DN!cKmvmAZF*BN_x&GMJe9m>^|+uLOD(E6i}nRh1d4k7_IK`>!||6Zzp&)gno zz$&Dj>f`_X{p*LgJ_b5U%zj2}P`Z_6-4!8Y>*^pCWJWcRTIX7jP=%4tl4*_z;o9*& z8+m3!Xw^-IDxzKvH+tmAv?G(Z95N$zYtnCZu>;h&`b@{zq6+|xH_BIp)BJ~eWvWQD zmZWHv+TFhyp_UuWBg8aJ!e(HUW~Q|PmX@$k>*FT`3ons1n=2Y43Lt7vdw~vvJHlq= zD9{60o#_4sjDP-%$ez6Sd)e$uo#XZN&+f;I{JkG7zdGtnsICam;pJ+#SL0L@M!NAP!eJ<|4{xT`krZZ*MaS}u6g{xNxuQ8u7%}A7gq>P zqq1H5_5@AB^en#?Hf`HUIo@qjJa5ZZQIlb~j5dq%F5=?~$R?gcGnq~~OFAqWSj&G) z-__N(V70hGmsYEWGtnKMtIJEOVIPraC-;iY6v)6#9_=O!V8HaKo|8$m_F3dgMWpDcS9K*6MjhqX$XIPFNfEVQcc|otaVTXmT|iS( zbmL+<8l<6SdkvE$Ut-cU1EXhdzMuWRJJR`k&Vo@gesDv zEPxL_K<@12{847b^~g@Aaq3oc&!EpQ3aKkZTSR!%PMEqs4!8hwPV)Yroj(me8*z;3F{5P^wm-WFZJiRx_5r`}_33%!AfcW$kc>ka>H^ zgOafXbn|DQ851KQ;E@mCb}|$ZvuXXOIGMIsuj1Cge+(8z*jk>05?YPLp_&WYs!c&u z*(d@_aRpK3Fn5G&_J85T3LTgOu84kMG#@{B<027C=q~Q-^Se}hVcpNi;(5$pm}n;! zdY87a%J4`1wC*}C^a9^@NbcN$%baWMb?yzLbj9(YHP-IM?WBC}Q2xHi?~y`6A8CE?tpDk7b*<{QxrUe|OxS9-t7y&hhN6 zAGBBDn9o-xc?l}|emIKxH%QqGoc>_&Fa4Cz-Yk#uI(|_!Y+?#G=b^aN@vn9*R$@Z@ z?C-?X2&$JsJLmFS8vGDJBYk>wV(7bm19TvNS?ora`>b8qPeyz2WRa5cLj7pN4@fe_;0;W~C85KwD(A|zs?@zr zJAqcjk99OKm@VFij?O6;l(43Z(W308X_|`1xN~p8UBsaqMvL)~Ytt1x&U|REX2DZ# zOR5tj?gVz@G87R!or;~ue-fQ?y8cg@-7r}sg^h+YS8sb2;;Gmts{Yqd@issN2yPzy zFJ>F->xRw^%2!SbnkKAeL`XFUlfmA-3s{#(dVHUoaHRXJNVvB;Zbhb7ZG~Uh>=MhS znj0Sk_%S3%r3mr`qkc9qm}MdE*y#b3`P3?*VQf4zaScm#Qsm~NDE!ye$PSvIY-+Ev zgQ}f~%$3s0h0^fs)jVozz};okAaph3onc1Oo;u=2>s+2SH`^d8RQj@mYvTI;DsBrr zUpk4(cFAr0%!y`cje^?UVKElgYOT_w9S863(4#@ z>U}`=8+pYh9JxW|+nqPHGo;4K8-vdFq6M~vBHf|@>OQun>CsKM>G@y3kcs`U=5lz8 zq8=$Z8e!*x9z9|r3+@WfuxJuZ&?Cqh-D#GEs-cI065q|`(^x@zeeaSdq5bA*3WN({ z14Nt|XI+VN9m|m7-NXy$JOvV^{v7%=iX%_lLZjOBjP`5?tdT0eEQ}3V)xT$TfFQ24 z6vSKXLb;a4^;CPF`hJaZT&jVyN-&}}Gzx{%;oBZfmyM_-K}yJVlpXpvzNo{{DE)&Q z&z`A*rzCw5s9=4M>}kNO`PT5f;=M4QDjU+Vg6KEb7_?$uRc&?OuIf4hDiFvdw&;-p z2@!=*^10|9O}b(KAN6(AOUi&;x;+=VsoVTl7nwKAH6%w*(rgB<91LGV9z0&e&xc&2 ziG^obo`|@H9ztY|fkJ1<={_Om=AkZC@|#$>t06o}3`c5kJrKTqdiXh9RGF+)_uc%T z$+wZT3Rxnouj5GNuQ_s`5>Zld>n7&bwcd1p8AOX?DU#?L}kDscnosmay@$Ndw`Wn)CQs$P2OrQ~$=E9PI zE`UFtLxJF%2*YLORLpIPt9<(FhGYUpi9H>@9DczM@X}yvnu*6>V^fb&Lg*@~vtkJ* zwG~_{i@~is%hx*shQ%b7rrXCx5R65t*b_S;Y^&m(gZf$ zg>?7!C1TOXvcAJCs`iY(d+5Aiv$fn0Vnzw{VLiIPp=t)VY>vpY&;Jw*wk)-}JfozS z`Cl7h@Ja`aBTGnbc}7l^smp_hb@l78o?^}(;k5P{AqO=%EO%sA=hmsD&~IUlK;ZZUnby=#A&O>rlHt`8^UjF(^gp5fgNz}LPtM#=G zQjSN)ve3vPcc|f}YLckrYN8^KOC=a--zir+B%W=<*0lElY4$fVd9gz&`?@e*1fm*7 z1@-t`+vaKXZg!SY9?0VJrc;DL0-7C#usy5P*)W%`*B3GYZ9BdDW{UL3roqap{`4h??``0+WTur< z>a2C#eEFILVP?5x`9g+53>^2yPPsXY!+l@#nILe-F=plNm1^q*3q!{d!P;O1}3d~^UkouWPNSFKgr%U$G0 zF5#U?7R04wVhW@^m@ZV~g4FY3#h#a6ew;ouR=TUahcCIC6I^>>H*#TU3BQsuHGA@+ z)pBLcI`-f(+onJC>S?IiEW!V1d-q_hf;nCxw~8<05=zRdoTLTh#! zIapnBYqQ}UYc9e5f98+jFpV6p|ICsbchWk!P?%vJe|7}MvGZh(Sp(9f2GJQ18}h2N zg&Z($=TV^Ak-2S%7Q;Nl4G7{7tTBsVL?m7wmZXs&2Ycg4k94iIr`6e;oawkYW zI2Cf+{c{Z@%+QvOJy3s}j$)tV6r%s13lp8#fa&9BbCJZ=g9CMt>?px&gf`W!eD!x7 zFuHr#&MEEUcAjYJC$R$R;Ey!?mk{c&=}Mj0$+@uR@eL~fjCNm#L#BcDK!}Y_r)HQ_ z@Ab^8(y=nO-c{?6}{8!|-UvV2}YcIWBpom#<;G-fE)NHSwu}Vwtymbx3^@A8Tqq8y|7{udLstV3?Hl z*!=&9uB)j1HW01qk0rEu>lviX!(F5Xjc(0}H62sMN7^!<3F)ds$1UgCYgQ#qj*yi~ zj&)f0=v2Gc$6D$}toZ<$PhuY(B7NE-4}WLuvuEGMcxlK+$v^!&AvB1Sb<)oz39EGS zLz&8Hf2YBMAMC{!ea^DRR&otQ@vEg){C=rUnh}Nl%(?xiP-T&`z!z3V9sZQ_6FA9M z(phKx{Owag(uZH!(7?HG?<%3Ds4Y=3in@zXI-M%NpsCLlU>G9c__*L@XC`A)r$QbB z!W`jdC+$rs^%8)=;BzE6Dv16gAK>NDIZ{o;w-uq=Z%aBa)qakdL2-6ru_a@JGb!Et zFruw(^tk%;1uz$EKZPkwY3EG-T0_WjuZqeRD?t3%gNbtGrUba%&W#4ERm{`zs)TSE zDCupk;womm@4O<8*xq(8lDTU|dX7&-i|*n}U{2>EMOZQi-mB|VmFc!*=D{g%bX^do z2bOr?>n}wQ(g#w^G->_A&>TctbK;!*aN!VpMTqLq*}TC_ZbBry-I5cK5#XmTlRK`SZf3ve<&^Z z8pAl|fKV~J2Tpo;7_=3pA9F@H(5xk2^QZDm&@$cwp1gr`eXS$S5L){HHPuyjOqH4t zq6IzAw?_9)70JXwdKI9Cgc1{xe@4tp15t^B1_hh42a{ljmKX-q4^W)p5u}(0Lk5+? zT6_mM-d13IrJjYM0+G;gZQ^iD-h|-e51lW8o{z1#v|pi?PL)A=re6ep)AtC_q(5YgIlUW-;Q} zqt@gH+_L^or3L5D+)+15(Cob?)4z?H!N=3f0daSvH-z2UORrfWg83pPk(;!yow=t$ zs{JFnXnfAdl$XOxP&+SWMDaF1HNKf(8`nIv)Lg8Yl{(|PFEVRkmj9wLiq$^}$Ma#I zx@lbfJ9(;~_5M=Ni0`oDT4#A2o#!;%DR2!N;5#eZaV$mncypzZ`ovXRr!3be-h@Al zpe`YH;GxkOq(=e5p@zHt?S&<>>Q|ygy6z z96MrM5&S`}V#G-7Lm4iMZwxcKrbCCQm|r~2yJ+%6G*!*BNTK7I51ZH-BEU}dA4Jzz)T}!*hKN&4t$0jcL_;&j z8s}hL*Qx=^v%e)E_iAS2#`+bxDAPnQMMR2|MkDmQM<=MO955$O5g&k=VokA0TPQ-B z*aEB&Tw4PzZ^xjifnvkN^T@{WrgVgQb_%+}0)bIQRZe`8K?7y?gIjkwG}nSoo_GtT zS{Vex{(fLVFW3$t44g*K0NL9F{TG3K@svcx=@=0o7z7Uso&}WX?`%Gu-3u)%`yg*< z1fewHr=yG+96WHZ8@wPV`dz~RjTune(fx)J%K7@SJw{nxHh*xhW?|+S9CLzi2lAXx zq9y}RjQ?3qlW)0DY=f?+18Dh`@ zAcZ+sefTX(D$XHHa;_;JmYDYm+3z^EiPc>;kuhrP`?d<0GEgl#nqIJ`KqslYlh5{i zhZp?TC_h>w=9(}$;ZH` zF{RGuwVCnv)_YEI#CpINVn~k<-sJ+J)Zm`=in= z40~v`fDWaP_WZF3M;wbWSGl-~EY7O%ESY>`yHO=9)^V0ztJ8`4ItNPV$+Cp)TsZkC z=!XMaJA_!sI}v?CJ5j6xJ40|GtC zRJ}jCUjT&eiT^Fg|6mTB(YJM(2$&}x7QZ;~vJ@3xqMGlHPBc$F*}(OTPc~KLyHI$h zga+qca^EK6h4dlNP*k7oq;0wae=l0`;26assI6#Jxn~i#+QEHIT9A?}D?A;H>!zAGc`G=hlyHORrqs4tK=pZAN_> zJEBom=!YyDFEwq5V>~mPObw(MO4BP~D7?-J|UVUtS>Q)~oqZ}tGTfh47e%|&}T4^fyRySCHd zl`)wKLcii+4C0YtB;pKeDh3hJ8kKKxNy*%s`p~BlmX>;W9vxPRxp=jHUzxNE1CwE$ zznBOn$#bzE-;G=Io$by&{5a&6ujGexg;1NHY4H+=lq`wc;1}l9d$}PUa>RjJOjv;- zOceLE!8*u3TYrNV{|0t0j%c-!6Uk2;948HWRo#FDzyut6!AQ_;c|n+i{~?+p)by7L zSxV;bh3JyF_TTtx0>>Mp&AEsuV|S=BKkd9##N)TT8r8dX3}(fBr{D05PV}fg=lK=G zhzmLE8Xd{?^^}DNmf|jtYR54Cds$`+xJoYONQ-3-u%}Oc=`doTq-n9naOk}l!Xu$= zKvcns;n^tVKeYLNY|v+Tt0$QK+uE4)Xg^L8uD|35DF2#j$&?&c$WJZE`=Si7%oO}& zNaJ`Lsb2Im)`IKTUlA{cAvpp;)W!e@DB2wHt-wJ?Zl{HX_&R=C-TpnU3C>&jh(coCCRhVy4J8baq!lUZ4D10HrQbt9tp1a{K zlm|N6O5q4v@kUZ@_PTmml&*S?=Xk`#FJ9~l_>uS)D^7H^#Z!Slm?uNK%eO2?oQ`){ zBqms($*XsWoowtN>A%J`YCZh?6W%rI`PDp{o(6#TcTqq#y&3B22C%~6`E;P*#1hKL zsb2Q5H&yq$8U?u)&pKqjFTpga=<>acB~TUVmlGZ3suQTs#Ck-!J>i|7pKSRw1oDuD z?+v^lm{{`?Y)*h8(#JV$HD_mecV9YPN!=(oh5}|-i`s#GLbO`Gmw>9P%)wNhV%+I_ zfHbgLnl&_61yWFSbUI8>$V2g34Ad_a4?n%DS<$KX7~JZNdGjjtl(i ze`&=1H#@DJZRO6kT}W@#@bW<@$!F4_JKz$34sm#&&~PCsE(St|V{d)WS6i{!hGNdT z%h8f6LM&M~EoVBBc|120yg%TZFur!) zX-sUsBI+@w8`L0}?SRAQB{;u0_Y!s`T5^d^KM(6?QpE|dcv52pJ@X(7MaBH!yOl{F zedr}bJGCr--gmAebnuBw9dVi)r@9#N%-l@4VW|=ZKiM|+1`I`>?ioJcx$6g#Ka`FVw&QqME6WwV_t64OofTu|4-(+R=1~gtTH6X9R)i0gAv1vTedTaT*X+3F_f+B$mU^ov?2&%TV36`A&)sUxav zhPq|KhO{fs#mvQ}VR`z-?)X`252YWhA!H@byaYz9BRsmx-uY>YgB6jZM2*GF2$W)8 zC_v@LqDJt`psZ>9p|HhNVDc`v%mI7U+GGpNdFY+a_BCox-f53E($uh;>NCEWGSK~jMA(!?w_ z(f$Z7OAYqM>q<4n{W1hL+1X`Cn4HefY`-23?>SH>B+*9=Di3>aH%nAEiXj?57rGVS^l} zNq#W4JN0b*C!A~^xL;&u(Clx+ke5u!ja{4!5$)XElY}*0Ne6aYAp5W)GY?h*@~OI< zb(GnyFqD)Wt>&*{HR@-eYg*(eRb{l+hTG%j@*SKScl0U7xJ9-yd#@RVD&cLpm)Zhh zmpS)$<90}3Hke60tIJ9+I_e3xK#BRSx~9bNjUC}27CX7B z`Nu3{zVjk^`dX_=ebH=VC#KlG)s>=kO9rwg^RR%KC z-t+LP@7;Yqun}*)8I}CF15r`)(e*~!!B_?{UNvjw9xBWkA~`9lBb()KhMO7;@!b$K z3+JuA!#re5UTxlSs!-l?)96+J_O4rN(aCs9rjNi!O45u8_F;PeJd|MvKHbfkIuF2y zD3vyxKgsCpjO=DI(E^8px)}K~wlW|aRfnY`6XGWoxi`wlAj=?TmEs=Bm4Dj)y2#igG?%I?TlmlDvS}PevxR zL0ab(Qt&yXei|{uY)gth!EE%&utM?s+;)O;CbjghNC9Fipjw}Ao$gczHCwt{n~g-f zscdEhiDy3ivAouu#S~32wnUH3%zhTlrqEW9MwG333#(@tkamF7HDQ+?B+A^G*&0Gp zN9D{l_S|`ifD*INCT0+)Qj8e|)RthS*`gSPi#Ed$I3pu_{EE#^yDerBmJ>D5<|6<2~5^iIkknEk}Xa$ zEDdVHF14ujtDBt{!2MEiWcZd6`_X48zSFwboO>COmW|IEQ@+Hf=}WON-ZBfZET_yt0XLd9u|)0-A+ zJnP{9#8(e~2d?GYPBZx@gHy*cWpovHyU3%+^`XtiC0BO9_4JMn?A8v{GEIk68z2S- zk+&yI_kCmAF4+m^AH#lOupVfDVwz_J=mPLWyl?H?u}Vf|LRbI>DY?)T6}^eXng&E# z7onrzDn2F*H7sjtR2!19 zf0UPG1}`L8pQd_L0LFS_{zlU+P-Ug#d1V~X@HJpwONsUxyr?|Ju*O)Gi^w6de4J>%A$vu=&R)U zq|~Hkpu(bD5#cyCg?AKvDW`&E5B5Ie0X?0}KkH+H{PE4pt5_~8|Y%LI$6g%44 zs&b$0Kr#j>ou;Q;&Dw^EBhB87^5bFJ@(*z7D*NH-4Ava~n>eTcdh*Q@Xi@M+g={U@ z-wRSmZN4FrWAqUc6+CE6o)0Jxku|LUNP>QY1CUmej7e*-?w+P53J z`NQ~Ja`GWumt`tfznh-(y z<{ddLao!DcTvgsAwyepN%%vTqEv2sXk2{M-QMfnQ3n}NIOXy@byzKMMD7GDAatmMS zbI0X?E2Y(PDAzq~P1GWX8bxLHM|vzAths6q%Ym}acsU0}XI}$=c160)bX+`SW8gOh zV=ooLaR`Zki7fFtkm=Rr8s^>DkGwub6(KDi1WT$S4 zp%JRVz_8!G4NTIJ`iRYu$dwV|5R1Mnm3I^)QoI*?=GYA-mM!sZA|FD7h%sk7^QkTk zzOWx|JI1WGJzN#+Z>W+;Zsw#kbgaJz_B%&2*A zk>WY@eH0V&D7gpzh zsj1;0jOgXJgdteM^b@i~^0&&ed_C+96--B4MJ^qOCXNP2wuP_S zb!=769MGYMR8{UNCi^-zJlz!Irxx9X7?+|j;M&+^qHI~nRNcECcz)r~g0F5JGO}#G zAk)S&UFzZ|m~`TbWmGtmH*UH%1L1S57ey_MuY0rV#Wx&V_ewr_f0Sg%k&c+NyLJuFu8bTP9}8tTY` zL(Z8|OTUl9fvWUNCY%jR{H`3sP<81zGV9*S65#7jd<#7gHsmIz>t~SzBR55U0ImcbelA%mBsxn+XAl56gIb}cZQ_0UMc1E{z%dKX5bPZO;01tlx z%0YxLd5%iItuy2<|Ia(!xn|$I&TzIUx&2~iD>jf{44=$hjNPi4#ipCFKRcxMA#ETA zV|@1FfOUN{m!(7$Gwx|@h-MPg`SdT_3h|Do@z|*VDlf5rDEm$m$DkQhFBw|+Y8Gej zt1!MeQf+b?i!#W6nBM<|`~xZd>Z*}_7uK!F#>?smLjIL+kuVtL_uOgnbo*tO?i@_! zH9kJ91683?oH-djFn6Pw0O@I?CE!G48;0%~)h?dAm+Yo(iCHw8n4Ec~kLy=~)jJsS z#_r~(9)~)koBgGWF7u8tMH_!PAT@Z3_{iN)^&5wlw$$iVS-z{Z8vxY1?^=B;{~`I& zw9bqtAbTmJnniq8kHhkbMC7E3ap0ZZ!q+$#Y$!e}O{fJcYv~ZUNgr_lBfqvN6t)tG z!Iec&YzIi~p9-qX3^$?Ngf-H)t0ku17(zpE62}!}%lhi5j-Xkv`;t0`z7A8UeE~q> zD5Hanh3O%n%H;k|>YQaGtyBBJ&+2@gx}f*!dBm%oikG;_RWR|}xexStY z(VX%l4TS@V1Q91wGu_8n1~vagL|>(_0nN-?X*&YyXeswhrD0;MVR!Ict#;bpkKb6o zH7uAd%^tx3zH1?!pmdwwZ~%tOjaP1HdV-vS%&Ae~P+PDzIk+>|?3^O9Ig zN@3@-7~aCv6uEttV5RDNPT_2`t!rqGh@Oo9$O_7We~Q6kf@99Oy8~N{9?NAh^6)Mn zS<`9MknyAe@vQgD{MZC(Bhf=V0bmts_bmya5PP9v+bt8O4ny9XjTKvEa7Umc&rtZ8 z*CW6S_?$KCmPWRG z+Cvlhs|_U-ZtzO%Zz`E@nR)B7rrs3?QG1V2k9gD*EK9gn_oj}wqv5-CL6;GDe%kg9 zEEhvGdm*xW4f4uhi`@R;@P;VFlhl}1KU|$T{YbLp>#7lE7`Q?jL3M%9E5E0Afe1sjf(g}m1DvNSx; zZmRV%OEmrCsx<868I?(3Cob_X2=ah6k&OM-E-k=oFR7+cgK^xbW5tDGqPZ)~2Pxj$E2_$_7U?31mES4Fm$$PdpxIQ>% zjO0&VIr>>@PE!_xwj&DpGdWCdw@9N{-aie(+Vh|!eBiT8$&qket6nGGRBV#2(OC+_ zu_8XZo4XJ!77%fZ{M(Evl52+nQi{W(eN+Gq6Z2h;M=uT!W(0Dg_L6j!@Bj|#!VZss zAg!&1V+JPHb4@YW*A79cO_m?Ba z@lo@7*K0Pr>(<_*=;cw^n<(i7#^W0dC9h4vm&uk7wOC*%I9|ywi|JEKAhl_yNZfH; zk@15}FxBflu)H9KqQNy|&hjOx!&~m|S8l;<#AlFq{Oqh|U^J`{T1=JCDnWT4pyco0 zaiJH&ZZJQn4`3?U@K>?=E%~kVSpz34yC}V4k31&3l`pRhyCEA+aW#7Nbj#OCk-XqI z*zkxveG$_4JM>q2{22gSxVVn|gJqX1%0>cM4=rNed<6YF;^CbTc>4cPx z>#Q`#p?WX~*+&@`>`)px$)Djd34Ww(*86Ww^4%%jW?&mwI)|1~LmtEDP&(2di0@ov zbP54=>&B+8UZ**jV&({WV!SlD3w#ZNPI|X)2P#lGx0NF42ZX5f6%W?F&^2EBlk*i> zWtQ8vks`KGV}dQt^nLLr75)YYMPb|)R{a_*g{`r0ynH}4ODSYhka2NMpm=#poJ3x$ zz3cX%U^a&Z`s09?F^aG!r4C_L!<@8g30L|i+{zaYl`SQYQI%e(BI=gg4T!SmdzuXj z_Uj4LMqs`%2Q3=efvI8u8(22&dYrW>t)rh7@#&#JWa0 zg2{F#5pOi>Q?(IN_&pXax8vL#kD#S_Km`rm;n*9}Qi@KMUkcFQtHXB}gcxb!2m`Ck zVl}J)+}HJk&ea!yQ$dKi_qx@T;pfv@d(tcm_E+Oh>J`U($rtv~{Sjkw@@M})#iqH} z%qwFwOjS_U#VBT@EM(`R;FhnNZ)MAL{UNE09E<~f1L8#$q_oq75kV;J3_$3+(YXC+ z)k4(08U0;P=aMhpG%-FHkG_T5bIcE^r#f&{NrpPGTasML2frKDg4gdsrTog|6&2C9 z6NaQ{t=KcxbUi@fJz5orG5aDs2r^bWYX> z>j%OT$L^dIS_ESxGp%yY(hDISz@}O<;$%>4hB^kC-pEF>eHQXElKdHYlrRdjNUw-L z%g*6AgccwA1$DbYoJAj1_Jrj;ZdRs(pT_V?s~Uuqcc8KCi*WM`Z~?Lft=lDDa!j`j zt1lp>WkorJlRXVIi<_8A)aMemDu35JhWs>=8{? zANfB5ifeLt)~CH^+Xl~e&9Z2_>1K`^M@ZSV;6TDEQDktb2JVJ!@Y&~iHFso#i@8q4 zods{3Cqq9@=jUb!pn}H1)CqK^2nYZR`}>YClV#F$i-1b-!*I2_nHbM;aAEL;<*6B; zkkGPnk%eQXG0^etWBB8N;?jyVVgkrGeKSzb58msF#fhJ7llcKPI%YHqfw$li;UnoK zjot=JsqSOeW#~f5%b1&+c;KKvS3KA&PftpeJirU>ki%Tb%=6(%jDKOK_~cb|?gOk;SoIQ$ zhOi=OJPB}C%YT3bSCX>@T5%?A(4SVYHt<|c1s=fz^qn(S0TT_`R*ca2mVv+Mm z<1!>IZpS#ct_1rTN6oavYSQ`dV#$$xvu|Puy-GA)Tc`>`hYCtS!vPdJ zfQBkd-Lm%V!!k<*WP%-H?Oblm`nT1qwTE`ZT&Y7sj1YhxW|*ff85Y0PlR41#_(UV# zQh5wwY}BS?M5twz^WHgwM|ps?a|mA~;xyEqYI7&b45Wp$rUqDG?gts7@B`-1)&9N% z{tz7{n}nbEWu$fKRJswq^_CvGAT>9ksl+)?I^)vDzckR^lZ?I!?;&c}uTf5*d;9DY zbfQQQg3OFr7}yQ#d5uXK8ePl+=JdowG&MXP4pV5rx9C0-t;j9wY(p?$jmErqb4NhB zc%Cuvdni4>=C)dJR6zOV%Wtgzb_ptCpAevDW1EiYR`dLa1oJGy{R_gHNHVgD+`MaE z`xfPj2W9V~daNRawb`8V=XH(QbR7?&xe)1K+OwdyaolVF++(BMaUb&LL(=Np`!pX$ z!ykLrxw)M5U@q`1zNTX4TRW^j#IS|mlZ0(w2f_VJ?fEBKqW)~{)vUJv+#ygXT5`V+ zebAvf1IbrB3Gmrr?cv9$d#2bi9^PGqq80T})nCw}-eKE9ZsAvPJtXXoD| z!Cxf!h8l2AJ@+HBz?(UttO8~VtNlCi*r*U{8Y030yAj!bKM6eq@9c zE~{2T<313~{45T$_aXJ1yGqy{$`701PF>^gL@J(g8&atwu`xmGk_;Y6@zUQYs})}_ znAv{2fgY`B?+kNrR`9}f?WReRfxQ0JZYNWHdu_ek@B#35r z2Ycgh+5eeM>UE z7STT={4wsdx_p#E$sn(U*_Y)4z|MGFLurIe76T^>LQE5Qc@chiBRSDbVnO%lR42V2 zgEYK?pISH6FF~O^Qr-N*U%T7XpMudmoI?aVEtNvLykh=EfrvPGl%%KkKJe(xaa{m6 zK*+zxkNJsxo26JhR*Q39CAlr$0nN4QGhAn>F8}sdHSvUP-!#-LQw{^{lKEi6gd)PH znFU(7485%Wo~h$53|-RIi+)7Vw3#KoSg1?mL{h`Ntwhznm&>jCe_HB5cN=};tDV3{ zYU3OV;LSKm4@ixqT$t8$r2fL?<`OIACO~GmDU}rs0jv~xKiMKUVHncQF_GRXvHox4 zdzUo#M+sZ(;em!46IPMvy>Wwcdqc-=)?V>*ZVtUE`xQ2II4eN#uNo;>LyRf`X^qsq zAXX>v#`$c0@Yo7p-DF^;Oj zin;Gu^bSmdd`yn5%5i2-lN4ce2DBa;Ri8Sr_FSdbd(%^66uPFHw9Iy2q*DJxZlxjf zS#hwnVNZi##If7EkRU^ffoSvtzAPL$O(s(2vdVO}p_e|2PtNE9mbbtcgRpn3(XTEX znJydk<)OHz7BP-LAa_6k>~Ag@q#6>d!_M&ZXiDM!Iu#9z21SyW)<19zE92^i2`kbyd1 z$dOM7Sm?_q!QY{^6N87JO<;GctCB;pI<+A&sl4}Z<%)=sZiYX zI1LcnOCd!#!kNy!1 zHAv`y4CDiYy6m$Uv8o@U9FYzx?Qm$kWNn>cqN3KGAzN;{U^N$Jj}BYC+n%)`93rdE zrGvpU<)Cv`cd40j8GGlRhL5KxHQjWvEJ80)3)OUIS* zjtLI{NBqZclx(*RK*EV%9qwURLRsqHohCn9Zx&*(}p>tREDwnh8vTLsG_T&W7I$2{Is9J znbey{f-`|hEKC55hO9aj;34=K3Q#Aycoyo2$(TA(ZR>>uGgLu?FD5U^jzYxsjGGr1 zr(3#HyQFhA5J0?-ubD*wi!9YDSJw{QI$<}4qA0$FrMWG79IP>`@u~mT%7gE(sdZgd z5+FK%I>0hBjoxAu-z$*i@jF2{1OY#jnZg0-ou>3(QKPizv(+|_N%g#Ck|U!Ke<=w< za%-g%k>*5d)MX1%jOjs6{LtWh#04;Md%-;H;%t3s82^9BirPsqk#jq&sFJOyBK_b9 zCFQ=DlbJpL?Tn5zBB-9U*Co*&_N{wpp519y4(ra-iqmAe9ShxWV^79T2CkF)GCR>Q zbk^>2F1mgBZ_X&p*hba|JufWjlMxO?tDaP5NMox%LAm^+*{q=quE9TZj1GIflp`(;e@Y zq6E&QQJ5(^Ufh&wn)n%@#ls;$^B^!NLnA0Fqs3p3>9{#cw_2vLObLY z9rvh!xmw=$re4PshN@n=29j=u_~hZqD&x`W<6hZv5=O(W&^tzfTM%N;8HyIwlT3R~ zHkC~~+Vp*x-yVd~ZFW1yD(`*B_TG5!pnVXNy(|*$VUKjl0=t6nywz~EWyZ|r{lcVV zh^(`0l?QAnIXDuCI8jT%lzR^Ltc?;X0I@04A%?8(W}iU%swD*i-h_ zmN@K()!@4czAXc6di|1S=`QIAJ^F~%Ra*jWji5({_DWYXT$G;hP8`hAa+GqD6%Hk1 zgqQSosm&1hfB@?c|`!9bJj}q$Flu~ z#v`zBmWebu8SAOMKK>tcl?yiCH~4Vr8l7`T8P6JG9X15DL;F4UJQPa^uQw z)nQTGTqC}H6HF+Oy(7If^A5CjeAy$f`|+C|hk>N>dyBOxeb$BtG8M2b=P@4^~ck-Vh%? zHY4sgJ}D-b!+_`evnYM?Ku0mk=EZ*B>9$t?0iw~E;Cd} zW~i2)-Ji6dnv~liUd#Yf1+|fAc8E;%!|;G9z8Q~|kFHe+i)yySe|-$TKDOQtj86`s z@3$j>uFH%HUx1D&Tf?O3?AX^Gx2E2Pb%|_`P1WwHcca$C8))0=`d?d=!ys>b?hy_sll&KO zloR&bMsh8aqJZRdU8UgNn?JrDJ^X!&BZNj};`*&i&lS<3>IcWzFNHyR#0(GtFfoad zoW6nRny21UDuULsRolr+l>mT+3tw$3ls54lI*L5Ots(lD=qVnf>IFI|0XS*$28dxE+FmU zax5dK^4pdisjW7X)}H-=H{it3r@_W+DlbaXL*Sw8DSmr8>Att`t;r~z=|-&F6psNS zPm@ncLQA-h(%Svus*;lp+6k$(LM95>$CyNqItGf&4SASu; zP<}{FQoaR30u#)yDVW-Wh`_D|k!Q0;MeGF~>U8Yads*F3>vWFVAPnUMo&5PM_|3ti zYTjZXRnOKzx)Tw6wq6SSmDMOTKQrk?7NJ3e@%&k9kY_Rrqsf=udgFcVqJP<7|ZC&azS^#Abc@s0xZ06pgD!J(cA!>GLGz- z@uyYh+l4!sFjhQIjUcJ-IVb*iiLird z;7aU11%e={;v|H0TY#1cSNT>0C7z6B78I$xx3y3(JLA2}yThYM0R9pL=`t{lr-B=A z2@(oahKLpf-E3t%nPA^YBxwAOUY6pnz2`^La~7?B9QSV7P~DbI6Hbp}B&xeu!gS0B zCq-JKyOeZ7x>Nbu9=gymMMl}Abc>(lThoR@ehe9q`#73os@G!%bLM7IY|ctd9K7-F zX*!SIu4*n8ktiUsm9T%7T0I32_dh0J-;v;r{iH33QTsJ_c!5p-XqBvFd|DCpzgTy* z6O}meo1t{^%7+|7^nfvnv(-inYwlVeuQl8GhLUc*VP}wNdiq@ON@{MGlKU5ugt)pq z_uRx;PP8GXlr@@)aZdkMa<$*eR!Faa+pI}qUk?fjIit%|hN*sP5%LKB1Pv~?Ji7LE z5K6zu9Im*ep2)cI-S{3#-%Mr(0Y)>)SQ1`p<%IDOPob4pAKZTdv+=lvR1T=I!6;Si zw?^;UlE|u4Zn1TCrhRcp_;SH~MIA`HX?-zgd!uR(4WlV;YEb@N&34{3o=&&E)$)9Q z!fKEIXyRSXW9X}^zp~#P3hq3D897YJNX_w~)UHWga_Dz5*D`{`J8(8oqu?DYOtV)K zdRA4PJW-er; zHqX8VVBBVMDSNkhz|_W8L^n`K86;MsI8X^lRzyvi#G zx4hyHlXg1m{pZ54x)Vvc;W#8DsV6o_9NiQ_!@@GukHz$xm(*-nIy5}tyrkDR)@yhg zIX8AKpEFe?cjDTGv}T6IM5DZ86R*P_ZETi=msXY zS^ky15*HJ!7s=FR(3x<|8wqDk`*+Z6-R~3`gMi-9`wgzUYZamU93X$e^av~>j~FS! zg!;)Sm}(76kt;R^vdum$?kF)USdISpC2*T}Gi>n0NNfw>&Wmk%{0ADmMBv*Khao)Syq!m1Xe3Vk z^5$L%QL;D6PSs69+SU+cMtZ2(Mk!lyq`(bq;pe2OSlxa;9`g3ic!U2p{_o;}&gnU6 zixQ<$L*~srr(8;DTMBi=%zz{zT7v0KLsc-+m|%7`7<_j;+EZjo2*q8laYhEK z8Hui=&=m)Ei|=XPE)>CP@1YJVw@oYTlJxPlqDeCHiliE0d(mAj3Hs9M%I(E)=Q3n4iqXe$?@S)p_>^;ji~~VWYro#XtY1A8(9VJpfJ&be^}@p@tM}!a0;5%Z)w8vWwEvR>KJ1YExi9` zy8W=^2MY~bd~NUstT!Oj2+!Bf3kdl3<(BMO+u=$yOfHlcXI?#}K&55omK(`i7Fi^5DT(UAd*0ZW|A2P?L@n zHC-Dz@vY0eN++Q&KArvdF(3yB+SZ#K}um?R$q4VEy)(E&g`-lFjuj0K~K(r7&B_>mjP!@w8^3j_5q_XvxZ^?`A< zrz!@}1)bnMjx12yi1utY43vFwGW&0&gz-Gf)^o!ZW8lZxHK0)!e|h}dC)S8UjC~n9 zKqO^|sRCsMO1Xtj*`X!nM`4i0Kw@${7|SCmDA7JB^^VNzEdrKcE_X}D$2xpTug4}ftf>_7w*MBFkaBmLo55^l^_FwV3tI`mwRybK)WqaB@o9okw*;n({D*7 zC0Bm8AE6_(K9Dzkf%|A?bA@meDOVX-t~qQi%4u@ghqor=2;4lT(G9u)WtO%T-Y$Lq zK1i0mC*!i_E(FMIb~I5&wT7qSifis5xv38+W}mLze!CHI?dazf;t^Vj&pLXK~xZ|NN z{^JO_@hLFu3aV*Zwz8?^p~?-OuXGeAdg7)jJrVS12$rD$UwXyq6s!&ZRwbn!T=&Un zG6^~g+d=#7rbox0K$Lw&OUBX^eD$*gxaBD+$1-nI+1S9=sh_iZRq`VVN>eDQksfOh zyTI$4xDx}9%V)(I+2e3b1CLvi0-+t(7t0=UV%&4fdddJH z&H2+Zdn+wNi%yU?+H_@skLqm8TZr!Z=Yb95DLljTO?T_7DONnQHD}LqhXe7xAMt>{ zowKEa+xTmYPpz^og-tBB>)>0)A&$XZ0k(@Q{{|k`r%_!>$&_PYe$%>Go7r7q>`!l< z*+)1PV2wtILu~9#%51lBgs>*pnK>Ti;W;#LD;F5KeWZ_m_^4v&53(@+q0yT!vwEkq z_NsmJPFp4h`uw+@$FR{fDLbHDWWLgPmuM+$>RWKr6oTvmGK%fNKy}3rN#ifkawHg2 zQp>A-L}P?Oh1uQf6@}kBYSAWft2ZmFf=bXFK857PZEGKYFxRQTp#z!P>|XzU9JYpr zsO9Bc2Oi$}x)de@LU~5KbS(_Nwrr5u+Wsl9U@Q;6xugw>JaPmfc8KxKg=aJ8;J+W4 zd`U4jD3zqV?G)WNlzXF!u7|E#?@0WtK|gN6<@rDyHtXHb3;e>_H=-@YnuSPcQp-R5 zAx=-SK@NL&SSC8ncNTBgoNZKRE5}&}mGZuYE8w@o5PYfiP^j9p8urzl*g+jGfS z_P2WGFjj?w?M-LlV!I}Vz${F@2V>=-V+Gn~5L%1ad+cDk!;INqTgtQX5_p)GArV>? zydb`6#ISDvZqr?t|NRdpUVA^$qWX~$Pq6bL<*2!8heZmn;AyioCIg;g(%Pt;U!=2h zz?qIG#MHHdPw9cF%e^Z%?Uc13`po9KE1tpZ5C$9vS(KMQ*0%+HIwXGajdFeGgVKgM zsf*8Q)L)6s1K!Dk3wa;EapIp@OLW!Bz@4~r3>|@9fU1}}?1OdI(*sQoO}NgxFpUNN z0P84^pP&sK-qK>Yy(MuC0H#Bz7vQQ!=qMfT*Z0-!7F<>@ls>6~un|blR&BG0K5E4H z8RnPe^sciVp6dENk=aSLg@5;>+uICBT9%Z$Xe)dLk;F?_mAADe02W^vh)xWaW%*wF zeCTbQB?(%dYXd6HE6I_R#nPv@-EXCDi|JEuCcSY7m$~D1dJv)jVSL=ih@z@J*8!<& zTxxu|1FHO2pDH>~<4=q(Ly)xp2gbjpT$A+NO{QZ<4m}}ukfM9+9WBP)6XX1EL?xIl z`a`_(H>EN66a)#~XC@g5Wff3TzG3`agPwbxP;w!eWf6_xR9(^B9zen$9G6@^+wN2R zIZF#5NQ`brhL%hL!!;uk7SJT{L8GQH*Z~r#lo8*Ii){Y$S{DrI8401;m~rI-J*mivmhK?1VbwgD(5;NK-jr?(Gj`1Y zeab4l{|Jv*;eXxa@sc?&>dQcVxoNA$sMMPuIKQ_qYqPrB9f^}lAgCbn8>@3)yrtwO zBU@d77p6*j9wZI5<4k}IyTHk;rr<{rH<98dI5RgnWN|M0C)WE}B(ORLHL zdglJ8PWoW^$!OysnWvo<>onp*iktLOCSm@bMJB3C!E>`}!ToEJ*pjU#`toUe{Am%} zB>Iix|9<-Vl5u`Z&JYqgLLroUhU?Qm|Sye>*obQML>%_^`I+T|ILm$PvM{xqF6l7~N8QA1p1 z>mhIoZIi~`ut%!&N|1Q|9x<@Ux=%X!{|v4ol&&j9hy?K%^-=u19ntSErA}y<*OfJh zWK;YOJxa;w)Yg%y{j(nBPp!o3Ku#1{5-A=rr>Ni<46^HSOIo!oq3|_!OR(x6{?%H< zb+WJAGGCoh@#^-Vo0q%qgLVf@Sh>W#p)xsK!`Zo#Ks9p<*&5hd_(q_J6)envRof=q zg9YXN@M8OZ!s7NS_oNBP>r0b(Dz&4XP$G9tpwEbo`^%U_(nISB$ph}hq73!r(X88v zKGz#d@t7uzti@V0HapyW8&I@71$bt|qb(V615Ek+8H(k=4HeNKr}_w46T?AV~pz zF1Th?`!u!x%(ZTqWv^hLO=#q>{^HFR#Iu^hMHk9QOv~Vk$r25BiJ+zjI^Pd;Dd4@XeeO zS_n=b6JdYwPc*KC0s&HsE`5IR4SWCzWsuh_QsB>ruF!=CFVfu=20YqsGH(o#hep$9 ziMLWmJ96lD`@o5y?{A~l4q?$pUH7XLhawlpq8PC~;d{v=>SDV#^WDbdjEtFjYZDjN z>Non$-+9~v&C-EG)NTfWxbXu{ZOG5=q`707bLdNrh1)I%|6Q=vx6{U6d;N6z%jEO~ z!^py8SFYZ=^N(uZp!57u6@YQl!Ztn+Oz;D7W3bR+rf#?@x}?EB{R!S1m`-$Em2=*h z)GbBF+t$`5W|U^y36gAK&i3X?)o}Xk(RrpQzVWlHdzNt8u3bc)i08j^7w(-Ei1D_` zxTM40z7n^U>lAZyoHQ$0I7BP(=hP>SeX4Ct5e5$+C;fkKd)TdLCUsAff#9^o82jZu zRv`GXfU}5YA;J28w#MQ|%toArTdv8-ET^xc)BY4l2hXj89)>P>_XGwxc1Kn0`ZEoo z%6PH2B*Aw~9swAm)}wNqP7RrPXX00@+U@lyzqWG9v-vWmOJ`9mMKM?{NNqtXn!rCs z%^^dImDsa77jLLF+^q>y>EQSVz`PA~|5$q;X#{uB$6(;&6?10XP&22Zl4?}P7`g$i z6cVor| zb~9fgrT5!g9(UU`DCOT=g=pi`*rC*Q<;#1R@xQjLsT|4W*Oq((>IoFKV)B+f!BJyAv_TJNwqC#5@Czyv#_TATnp(B_!!*! z#x91H;P~>Y5K}U6*nV?ftxyoVMxzPR?pY6^o2F7u+q+t>xH_H`)b8KX6L1U8sLWUr zgCSu1W1F4^Uph764~M{5nPAa_ec-)-gkise3hxK;BiVdbNuBM9;&$>Jyn&95J|bFt zD!a7QoVceNn9Iw*d|BK^Us2ps_UYMopepNHOj8j zKc(=I7o(F4#257^B$zz3I0D|9qdmGYWB%KJ-P}fbE1kQ+QR5l4L&%0=FqqMX8ZNC| zgD=zw^G;%{CXDVQi2_YjT(>#H6LmG`l#UdW#Lltv3lpeztnF5z*s_QOm}7@FOFt-9 zR3~LAaSefTqm068Lxq4RnZvCTq_cD|f-d&Z3g#P47~Sym(+I(0>m}$$#>dtJy=>?^ zu%5yt?iJu-UsG(d-M2)-Imo_|Ze})4-k?-y=C~JSP(q+7bJ}fQogK@OCEQI%14yV9 z^h~s%!sqW{_CJ}X_s9;v?)aF5AWQD@OXCEfh*Fu;a@Kj1Iy>BAf%Ka@|Cdct?KE;< z4ulVEl;PxsvSX26TGO*D@aj6-js?l8pRbmy8_kfvVGB5QsrOkpiZXlyTmia@XEJq{ zgba@W60-hZWscXlR7UaN!pqR49! zb>Oz5aPFWekJgPc=mlR;A6K3Wid3oug!Fl$hj*@=$*iMTyLDpYbX*ABX@$lmCKGsS zcm?k0L}+aij0EA5-ZMt_IgDB`@`Ux-Qc#M$75`f2NDIAONByZ++{4;E*C`s_FlHt{rCkif(&*75jAo0GE4#U^N{>H&ny$;G+@}op{mMvu!>| z&>uUHBmUYr^r{JOb-n4hJlF~}_3WEwCxS8a!@l$}p>!(@7kXSI3F@$uS zx9y%W({?REkdS$0b9RGnY+~%zbM$=WuH7wW4PiN)cw@AwD;U$wdk!zzvQ5$t>}h>T z37Ca5EXjPodvW@_&H@D(O;9_WP!5!&d3;^;KAGX8C1_{xQ3rMyJiY{&oMewh?KJUS ztX~F@ENc+RU=jPMM<~WhqF3brpUOsB*#_90JLeT8w5wwjI8UsgFITo8$ z83vKKu^ZqIxU=NY4NS}dJ%iZ~Iw6W<*3j)nBD6m{tmBtrqxq}g-mpD)=YH`S*_rIr za<21G_~%G%=*HcVxKt;WFzUbPT>2&LG#^cG0uO2GD$4!XyC+L(Ma`4ENA)QL$Et$a@qga%XlAwT^7~eEcV&K;Xf=}iIccN>zUQZf8v2}kXhPLFKS#OI68&U%a`1a z?VtWzZ_4em8nt8d$pX@=c9DkBSah?zSEh`!K}Qxaq!sp1;WPe?k|7c7cx}``PML&&On}3tpgEfpTBBJK zi$~J!;B_2p^GJCAS2J|QDBRh{J161-fpSeCm?pY95w!27V@r3)r{EzLqs{@Blr6Ok zpd9ozmx9;1gum@;Xafs{+ASlEOqzMG>Akh)Y_Ng_=T_u@ir{!&)6UIZu*EVZLp7M9ImFs^R?{FV5F$By=bbJ z9f>*;j4v)fKXMU#uQ1-R2A^`c6S$p?nQ%myMG*YFHUPtZ=*4uvk+`)cm&%^?cTmHB zE#p&iC}O_!aqWR26Z74Wj1dT3DK`G4?{1fn#!kuW-XZ9*5Q3cdtOt#$1Mjc%vWHDr zqAy)%IIJhi&~5e%g&%ru!a=Mpv6%6Tq5!H3p=IM3@b6|>yPdB|DdzV+cM_mqJ8u{=35qvxb0}-4fw*pQVz6%Ok$4l+p+>}h6>8BuB7bTG2mXYgHB1XpHpgr2OR z#m?sngg1sP2i2WQE}|O@2@2=3HjZ_@OfW__ofj^@h5C@*0T@6mt4yUzH#fbcms?g) z;MEbJv$kxMo%goN@hQ1;0Y9i5zm!RlYUXTWiLPVU6h;i|%iQoC&jxK>eC=euvsu`} zx&H@az^N7Z5!9?Zv_4du+#)n6Uu~{ZwdI-)aX0g`3izZ(@*2 zm#{U>u{lfBm6x^miG%UQ`AC2z%jk7hhR*|)tYn{LSV_jk4RphLk#V@+gSgQea0Vk7 zcjzO~NrSb zL_2)&mS65qxqj2kSSgp5gYJ9r^m}U9BF2h|d5W6xkzv zM;7Bci#~(0>`7J52y73}8y)`V@PB(FH`!+O=LDKGiS_VByGxa1`Wd0j-n6Af}YpE-UCw5`%68eVpt-)*(vL=>v;NUULr5=XDcDJ*$ zQoCa_J-BxHz3gPHp3{nOf%&q`T;FV4kkpK{%ErboVodt>jPiFbVkAi$jjN+dx5H!q5Xg_~rL_c;4?^i~nqr`Zp;}MLtwwL@ZQ1 z9mfDirez1;kvbadAQDM@9CamvmNZbaj#C%XVbA-N7lYvJ;E!1J8-1FFT%I zO`WE(n;V$i(~fjTUJz9%8c|S!{UI>f27$I7D3`N^a<=Ea-_gG2yN}x;F+fv`$cEE|*7xLNMddX!GiU()a9Pcb>dUmx4O!(pqQBIsV`9sRlw!fPPRaTpbKB*O$1+oC1d zi&)2$if`I7K<3~p#Lfl51qcwng42GeKG*=+DPff;92g0abM$aC)YKjn0Bf{>*u$n8}iCpy=Vw~+8o)|SM!!KQqgLTf> z*DP%aC&WT<&ii?PBZl5)KY@5^^kOtRn-GN^cY?rItECd&6_9eOBWmMC7`c)J;_DMs(Y9@HJPRZ#AzGNUNYYt%VPe16uiEx}SIn9S1zRGlt1vhh(fjgq-v> zq6kJ?(#1`$yz2gEN|hSJc-U(czETYpKaoe`r0O|WwX{H=z3%4bfO1W~7=v)dF45t_ z-Ux|gjY^QR|h$c2~cw{1KU6kZ%}A@Z**< zzmn19m!-Z<;!E`MXzGoF_*EkQPc`T#0rBo76ooXbN}Vs|!YwWil(Snjl((`Y{6+o> z0*@YBx?B#6ah%(gnBC75BkR9frAI?2#)!pRoy5e%-b9e|b}#HV{EdFmHduAo*{{t7 zok@zk;l;1PK$S+sQsqmAR2UNX{S#wf9Z@JyIQ-OMVa~Pcb2DwJm=mhsOwX4@NHNjU z6hWqJ-7T4)V=yLuKcxT(ao?Sg8f1WgmIDibUNa=vBU>w|S6X<#O^ZDtO>Hk$vM*!l zDiE)DX^(?E#pqRfM=OOAj^ZtC4TSQ}Bs@-9-H0|Cm2;k+ge-N3g!cKzg_7rUnB{s} z{oEf4Rd*-g{q2|MN{!%u%)m6hhx%SVmX5@{D`)0}I!>g$5KP^w90^B}Y5G!#)br2t z?FBu!Y*%swG-qz`sCxCDVydYDqpp}v+YKQvJmG~8h34Q2lv+n#?Mv!b*4_-TZ%y}h z@7eC$R8J<|JD>07FW6s9jB;Tfw&ZMj@%uNjuZ;9i+g|hkI4&M^_}lfY}r9f0t(eFu~KrtR10+B6^;c3gJw$%uGKBb z`fXDDL@4F6Xibr4?SoZKZD&}WG9{ciQ*^)1PxThxCl!6UfMb}(k$qBP5@jz%#6{EL z1z@)*W5T-EExJ;Fyf5hY%hMCt7Ma6qlXYpn6$Y?@mCG!|tONQ1T^}Qf(r`Z-PLz85 zjK^}`yl*0TJvio>j3VOn4zBk?gS)K@uBuSo<~*GVhQ+4i=PP6=j6H=KlA&dLPo#0f zi~IvhcMzg-2qqn z402nDROEe&LtyKWks1aiy|ae#p8P{dXiO?j!1W*c!+|r3z+(v^2C)Ugi8ce7ld-;9 zM$r-EOIr=RPOh9Fj)rT=3EK6ae>M<1O)iK1-zkJ0WOih~P}V-8+--?Epauz@pV}Vy z>zWJftZNft$Qk|Iw-ppW0&Xt%5xn#aj>Jq_dlXp9?mM}EP8Bn;uhY1BRYK6r%Ge?Q zL=*sqls{o2`j|M-!R!oU2y$uni0~78e=`Qi=i9hQ6hnN|oFO2J-9~Pki6Ge{DPiXj zXIn2AQy*WlXa#`@w<}ilDNE2e3vVHyJz_whF)dX0Utb^Y5_|KB^ze}O<|bew;67ok z{U6^Ks9Ar=^$L~gu1d&GELCAUwI(5gk|Uj1+b!3?uu(l&#hyx^=*aU{K>_T~(62lG zp`~4PEAR`6-DIoh*4}q$+>lk*n%>HzwOV&Gx26k{+uH*#`mOMUxs4uewmHg2XNpH1CP?mj>{y+E<*cGeLtVH_Ku~B%sRp5|F3^DB{ z0K!W#O69Q88cj;S8hHmyTnkYE`uDKMr_%Z=b0B#XNmm2;3PQhEcgk~*?Y{QFImAGD zeQxRDkJjN7(l)h&XvFNWm}DB)BQ-`2i`5vV`WAq^liZ$+D89%<0%A6aDuKOmBF;V? zF+nAWLMxL<4}c1T*nO+0zIp&IFIkXqljxFV3-kL7Q_JZw@F*sJD0LYf8t?3G#f9e9 zyb~`1PqH6dfacd%TmxHK0G*(o$E^Oc4K}xzHTeS?$eZ*ExjNgn{?9A`1j2_oZe^Be(e-XeW_oan9Y0x}dnn}eW&;_y zSbn8JQ&BhfJ%g1G{)9Ss_kr7g7G(XlX>Zy5&LfF#u3?R+6b_y2ntL1JQhgPyY)tv2g&O?O=%FCC1#xo`$u~L0*C08?(OS=?t2lfNlD4@0WC(nKV2gd2 z>ggl7=SfslBYLwC0XI7QjNk-`KOo13$RC!I1zW>4+~reh zaObQ^H)Ttw%=<9zG_>150s!8K+jK9rAPzoPYCe@lUM---!xGVq0sAay&^dp)jYWE*uTms#lVU+=>hrsVSp)3{PSUm;4eDg zTF-+rxA(fuVAWZLY-JC~BN7kPnh%SZ%PJv71*Be?@*pPJG6DgX_e<6+-%0$&HW?Gd zX;&Fr%5kqA*e9(jSvx47CW7?+jcO}{yW6yE-#qj`u5HL#*q0=|p|ijQfUtQ6Yn?o_ z<3iXlUW>`XjlzOoo zGCq1ITK&V(Qj*J_so|=k5Pn!k%yaNI`HloG)*;x>yEab@o!c+@1oE>P7p&QUi3wwR zWUZSuSLQBY=Gg0T#SDwdLTVBu`wEFv;Sk~M|48V-e?k>e=}(*xr9ELMl-Yt&(wVPDU2}Bx_gABxpd4V%|_)?*D14|3-dC*TCm9A!2-(kd4uSN0Tek zeOU3hZ0po~vmxn+lrZaB5iYZyd*R^c=g(wl7O%Jyi9^9!@m9j4_fd|ib7+#Fx*r-m z%y50$TM$MqA{ia1qbfEGhEo@1;HRe=KXBW;j%lM)Zr)m~h=_Lg6;)Ol#lO`gE*Xe2rvZY_?fdeLy_G;#vVe3jk`*(mn%U0mM==rC^l{R(`!PP zxtOj+W;FZYNUTmKzuC)Lm(n;n*R$i;$ohS0BM52j`Q!~HH^HbJvP1kJVP`EW-_=v< z^e$@$HlRUz?O!SD280K)N*5GMx;Rz))V@_5t$ql=^-n3jWSi_OSZlFknD(vO5YNwe z-q@^~AfF>V-#&ng!}p)?dMf!4uom|ElvEDT@9=VcC{Iab^PaX0YuT*F)^_@jg7t|u z&OTY!DPH&L%U4_z>*Yp&LAt`pfYSe|fRHRX&i`(a(=p7iB3Ilmox__4lY#O;`3q}} zW8jaiyiz>}UW5eoP_a(EOqEH#PZxpc7orHblMDM%1t&HSDr;%b~Z`#Hqni0J$ zD!c8L3LSV*$LN^4tcezx-CD%Ldmq&Fpg#+8dyvi$y(!an2FgMX3Y zJSc6hA-Qx(i`I<{A&02g3jSVu3`7N;z|o~`LCUy86lb3{6{iChxEd8OTjPdC|4qFM z8ZmYL5uXS@43wHr<#&DURDdJ`V6eZH|AA*%4{Qf^Jd;3^>kA5mGsdofX4qqPI{114 z@b$fa5r}f-34zz>@BpD4s6z9N+&p`aOt<2OP`U)r!r^2rM4%m}3nDX)V;J!Mte7`S zGM{$gQ@Wnw=oecbSb3D|PdldS<}nEN7iT)&;-%&TGmFFofL`!N-8lI3D>wZ(o#Pel zP2D|9V?)aQ?%41qIsZ|_U2y0KJuz}udG#;yOz$R0$exG=+g+A`ewJ=6<23A6iK??D zIJ@@($xJ(by!eQeu(}_kRF9xzLPnt_m6E>5bo!u4k#%NqKr#K!^UR`!&(D@-skg2D zwC#eml>^+`XAuB1K+M0?Dr$j;HMdSrE#p0tIsU~|`qc6e`}Dy$24Ez-+K?DUOQ+^I zr1fF^4~wHuKXWWuvZ8Ch0Be<3;>E&0cIy0~ zjjW{E&(%X3(o)Y~Z#Mgrd$4aIS=#Z}T>!rIB~Cpw{eTNv@kR`oxzfybEk_n7-jSPswLhDgYP~%? z;*(Eg1#@#SFCa6}xPyodE#QPA+t!pC966-3F}o$VQhD#folC|E-#xFtR2VJ*=;Ia` z=E{UdRULfqV=L!SY8e7!mDRX*knD(@{Y1uuC1Lx>0`f^l+x|;R!y^_LQ8(iMFTtaF zp2j+z4wz*Uw*<^v-D^?2CDEA=rQt%_o*OB!BRGG$ospjc<|(CA+XW)l-0K?eXW_=5 z2aRvua`!a53^jnON7&?_u<$d~V_ZxYRF7B=u)=n?;fs7@5W6e_`Canqm=z3iG8+?$ zj;P&QAnDC1HY*unBE()l(Nm>C{m)xKeanVrC|eX!PdO9Fj`pr=nm zx|K>ksfn}lW#1KENmLuq*mU@}ENRFeoyKS4T{C(lnLJsK)_tbka zUB{t%V(N^=i=Q(G*rbS-blB@g@qTq!>HiDY$Q-H^x!a(Gt^lgeuE-h<6%8Lh;sziu zb3OSNjo<-HLMhN?BA@Sota?Hbos*4~5eV%=m0DJn4=kW(#f2x&4sC_rh@E53NRT<4 zc%}}gr89+3xxe=6pGG|w=56OLj-+Leisk~r`}$+9AplV^@_wl>%C}ECA7WR+qUVu1 zi(MUb>mu7Du+8b>_;`L7Pk)JWh4t@C0*c^bNdsoQOlBV{p&ARAj~zYG-yMw~5%rClx@W zvjweOBMIOMG2M+N4hS2@YrM z3+o6_16wCCE!0u;4tV7k-iX$|>OgRqc$*auCg(ZG5>?T_vu}FC2afaQS`v>X@Q;*o zX=s&lKJ7@V0H{H?3$SLqp2~%@13{=STT44nBfbAn42qD5!k;T5LdY<=btj4W4?{cII+MAte-+%6d*zBdU2wbK2>tWw z|0bjjlejEd z-GT&0<_o2w6L|6?FPB*Eh~>&U66HpbC{2k%ng8@aZ&jl+ybha}6UqhYy_ zY%bvaY!Mz-oCtT+J15CEz^0>fbl0Ak@ES{El>y@IdCj3*`%Y-vFbe zQI1qQlinERq|5i?(Rxi%X9X+kBEXss_lL@G#L0)xgF>4z$?<}^RR_ zd8xR3>^fl8!eQY?&N3W1P$S$#;pBy_R49cGtB&4`FLKW;hFkcx5+@gr>9m|&p02v9 zvWcaza6Hio`UB)Vl>PodlQ`r!O$Fd&3j!w^*y8X!XKy#)Y;2Ko%N&JByeFadhRkq8 z*N|vErI%8Si(inoXxp0!GwGkpy3o9l&!@Ie6XkU6<;z~SOsG9I)Hj*)!{S!yKRcAW z6F5FJvf1^3exgDfzV|@6{hbEYTcZ)s)>xe3M{HY%)I9l7PAs^{@d=Rs{lR&k#8(cO zu%SP#NyoYSybb9%s#5I(FmtRgnyZi4YuL^*xABk>s0 zz;#n+c`&$$g6fa}%Yt3ZqF3;`)i(!@_jXZD`v#5L!ACiXnB0mQYm`7%O#{{(o0X1# zL+-9Iphg>QJ{6$I1L2#$t{4JnY_tjw^DfBph!!hj7Yd}LU5}{;BguoO$03YPikQ3J(zq$Z2^7;@w zf9hFjXemM(+zI*;%1xY6oeyaF^aYCS&fH;ck_}x(5ruM8pL*1HO|%jtthGAt;bO(l z4*>v1HXuq)gQg;JS9^Ip5?Bd)Nx`$wF@Q4voc6>wG;5tLmO37i53dX-C zRz29i=4_W!uEyuNI^`^K_GpWRO|!oSD5?1$?v!^& zq#;JBX^s~4^XYnyI%J%I7- zA85@rm;ZKZ_9Um=1^Dl(%QMN*jAIo!6lja3UP&F2sfr@=2rreihc0)H z#oM}B$UAHF*r}>bwbR+Q#L%*SCF?x0g9RXI+J=@j>_ z^Mlfk=jR~iID4Aqr3?cwmXv!AqFEHJdCke9^vJ9~hfvjy>kzwWP7Gvn0sL`idsrzX{QMe6`tO4q$|5eadrG5X z&Ft%@NA6qer|#Mcp|qr6K{@ql$u5CsQyIFVj|kVK*EvNA_DrB8>vNq=BVHt<-=n9u z!x04RzurG9T*`k7nqZC*?tXRtzg9|Oz+^o5Ffc)YZ5KgT7sHbH9A7F%GP}RcwMnp{ zPtZbLAV!nv<@+@>0L{>T=5okLk!_8_|GinKsCnC#h{FOSC-fng3CyFB6W*MaStNx? zq6mL5fXKcgJeZJ&fQ9~&;d8humPNrx)gwq9V{_-qYKQLJfb|5s(R^|bGhqtaj_w`E zJcZ=j0hPPLPv4zo11My-6*La=hC%wZbZFx0|fNiypaqN5?aqQT}Y?e@m|*IoLO(U80}*1;adtb2vH z>2Z<9W5B-ENlA(XniQ=8WX87(chlgVFk=H%qK$n&zY1^X{Q( z#Wab<$XA~18}bWgPmt?*_+e5A<$>1JNM<#o|xREsvh^cj*Yj@B17c4J_DSb$n+ zfA(xVrxcIM9(LP3NT>p8Nmr7}??6&!`P+ocoHbp=dn-kZt64_e#&dT1$eX)h6Y1F_ zY-b#gcP)ItGFl`R90Y4G;fefNp_(iVqOx_jr`zU^#y8AnElF%+#dr4@?XeQt)++BZTY1=-0y~f~**Ksr5rF2c|0H^&VRzj8Ko#!q>xvYas8QgW!`&uW3lqlq89WTd#NB;Bl87oG$RlhJotSk*%jU-94=R-9#SdLqXVZpV+7YgZF6iJ zaaRc5YfS{6Zf@555cys-Jnw9L&{mK3=XB{%W=cK6G=MMhK(dsEkUQ%p%o{n1a&zx- z!WfxAQeALwhXK7;0A%cTW{?T>_IIW4Bj-0K9h6<^Z8l0oNzW-h1$sUuoKjizK=Q!A zAwx605*%}WH!Qe2>;FOz0qDAx;DA50niHMXzYPUvv^9lCJnl+MB5l7jfsPwO#%d!r zGE9_?)S&6%zg6(kM}a8L71!mK;;kRfd~3m+FTjZ5g5K@M4C6Gq4vTIrD4wx}5fD;& z<#Z$PMruE+O%OSN;ssV_wS*R2)x7?vJ9-p**&Hwjt}pcK<=Y(=;uK5M5&N41J)!{b`=P~sjl!I)a;USyMO+=chpkj`u8fq#dgtpbet z6#sbX84r2vpOg^m83?f2^aC_Hev7S3249DT4olK`dxuvW0_sc$2VIHvU&<-!GC;{J zb4TJEpOWhE%N1^xQ24;~l1mZujM{gxXmO%`9GkejDW7AIe{GwGE(CC~N(75_>)RRH zXNa=sWm~$ibDw}PEX{=PlZwh6Dzv3EFWJ1jGaFl$gj_U3PQFD70h7$v`D0JA+soA$%HumS2lfrm16Xdg~LU-;WLuRp!lEGO%{;I zoTl7%n#V07?O^{fW%iOb{s<%ow%xe$?O-P?mcyH^Dq_+?-SN_y z{|{vF;U~0H{})-{O+G+P^4-=Am3)=GD&0~a)(q^vf?M-&7p~;LZhFSQbwjyF??8?y z)j`0h-ymb=+1$4o)ImtPukxbRt>DDUr;P5bMC>&xG2ZPk&*2@-5jIiX^qoO#->p)Y zYimNc++DeJ`|JaBmPgYWtaR=~QY{G(v3r`XMh&FBW1i|i+^cKel02t6un=;8i;rpE zz-~wwY0Lc8^NR}hT-Gfd$Ja}X4*|5@!>rnaf2!faRbThd2bOmgAu_I7PcCH*=QCjy zEoHD(O1~Jws+^3m9F5@JPwu%bh@OoU7)=r{jbP2U4Jjb6$L%?(nwZ00?kV;7Wj>Hb zFi6t6DC{f6-wX&h2?v$?U`j%W@-*TWaItnPK=?}pED|NxOr-o3bshznj12okSxO9D z@$sd}Z%c$MKLS}#z7PCa2(3=a7f|-QB4mOBGHV&kw;Q&Vzf?$zt>C1>U2Yvv<6m9OwTdCuzhC@}J&bXDmtLaunW*Z1h=nc} zkq{((Zf}-RKo2vJ9}@zU>urmdBu9!Y%cw}wSbJRF5O?9WO?-5;H~Zt7qn@^5)*x75 ztrc)d!5I=%Uchjs9TH7ya4OGiIX%a9_hfZ8&O-tpl3s#Lwk(gb-bc{epEj6ek#Yic zfTa9n9Tgiw4IH=<0^Gm1r)SYcroz0c<@Kz-Wy#oz20osCa%j%=Ng3W(qh*3!Ku}XK z25_)=uVcGbQv#$UrSLFrR^;gUj@q@Y5jajXgZgUgorrK8l^p^}yfR!J<$9vzWG))4 zwV;bj9j4#Y=cRtg zm8Gv!&wMPgOTWds(m4;?`5&D&?vTseOqzd6+Z57&hd`e@SnJcCV0cxw-`YrL{Xk{qYURWztjIF}~NxzMhg`4%(e6Zy>A_c*7MgWLq% zbknRBg4@FEGdQfs9`7oW%#LHGV6?N0-P*+K^g&{HCI>9dgM3~)Kg5U<`;PO=`?o5z zFoD$@7?iV~d7sv8=U2*0#@Pd^Fdd_n#_q=6QQqXMu~1ijw|L)se3E`aI${4F#iC@JtO?Q%&w7i+nd0ty={`u-c%}qt; z^Z^)92nGsE(JHJ_+yYMITy+BI)b)X}TvzEIZDGE=>mcrNDoGZ;c0})WRG*xk0s*Cu zz`WGd*kLO!+&@=NH{TEm=(yL}FOMU9zD-j=LA>ide+4?e?ay}!m<&pTHBpRru?=#t z_9k8RDa_u(08!6=q<;l#MX3vOXEpqES31>}sL>}Ttn5$JXgXZo<$M%FQFU8%2oq8) zt|xY)SVAP1j&WXfHifJ+%Us2yFIIexmS65~T(}h5>@i6FlU5s{gwMt;^M`HhAtf(% zhTcHtD51SxPTYs;rNoIN?@niYLLO13H0PzB?wGnVSndkUZ!V#jb$!Uw7SGzGU1)%h zK0s-s!Gj^06hHTsvw5Q(!$M@1!CO8^iDA|62HO~AZ?~k>MFB`AU=Qt@>7!=?25EY$ zU^Q##w1+U^t0|j)Xic57HSy0ps=<7uKYsjsQ_@C}2+qq4oTWt3C!iiwx1RA7>xn9# zUfxw)`bfF_bAoEI`Zv*~?1Pu%DboW4Yj_#ag@}9o9^v$zH*;xlXmE10x=<@bFyrIA z-{>maLe<8~ECHuodR^lE`(WkA#>R0nyS~D65Cifje7RAtJ}ggAjYM=3VZgIoMuqhyt$Mx_h#-<{i)WKl5$?#M&|E7URDQ%C&hIXV~h)!qE6Z z{)msFk@|oK;8XI>A+eVo-`!VD;Y$56K=t^sOt$W(ULW>y~@6|EzO8d(|kH#>Javnn57o?D}TaQ=f74 zWI=nEY(#(mWf(qRR_efR2MNwZqk#AB>T4bc^VN4j)~Y+_*FAeQ5N|xH+$M5P0O`=h z9W`X`58LPYA`}B=_TuaSFxt$VM~0lB4%6iJVcIsf)Td-UzB&eZ6q9GQUf3Sn$JGkC z6#p?qIp5!qlJlG91>8FgMps&x-k56Y$)IshT+wIG(7K(77)Ll~c+1ZoOs#5Ej=cR6 zPf&6eSNV|6ma^aiKTebRpIrgh`&|~^z4o*Dkt6{&FM=a$o;8UbZL}s)2ln@<)q$gg zJDeu4I6uC~$iM%mrMbSwPwb5hnhKoFTz#5=;mWaOeq$J5v-+qStl{q>j%KdK{{7= z_H0YFCRV=%ykA9WXW2e_!;J)jOU{??7hFC)sW z2@S+wrS}L6tm&!AXz+8(7ueM@N4Q`3r88t&sJ)W5QYu}RE_LMhiak5~6k7UckZkg& z5r?QzVmS6FoS=mfD5|DmJX0S9Gnmq=TF-cZ$76|jb|&C05%1T;A>$f;VH}|XGZ%hQ z;?U!}v8o!GRO~nKb5LaDF$n9qd5?0n{_TmT$s}BZBd4C6hE$BRB?p=t(dg~G?lmn8FiFOKlAVqA5vOtfRPPuM!JI_5C zXMx;QvCsfV4=27Q`hK;~*AEiz*@Bw@KV35gdz6-zqD-wI6j+e8kq*B%G)*+aOrrvw zC*paquC=G$WP#I_11^X^w&vD@i;3(IfpVt{pXP)r|2|xqv@-8s1z_#jmX1)8i(Haw zW%~NWU=KX^4T?vB9}?1_8Wyu>UeII8BM0FOEG`<{9ZR(^~oc zP|pep_tt%?!#7PRqS~#h*}#%?6=Z3#qbEL9)DSA>+`au~{P1_L;KVDE#+Tr0lu3Cw zOu;DiWQ){hLcH~PU5SVko;EiJmmj$LmI()}Hv-&y4AcKnL*VjK^p2wFw`5U4J;j^5}x1#Lp z`B%~f&c!=YoAWH5pIa zN0O}ZdG0$2*$qqZ9oR2$=Vo9viJs#K0ik=Pw&ct%62%(Iz7i!U)#i7Lw!ob2?=%M} z^WR`Icg!&h$dg#WYg0lKl- zdu~apZfLWgA$w0HJfaS^OyW6qRb9Q*V{1yYI?dIi9KgVHJ|m{?2~TFhE#+9kM)4O_ zI@+}uD!Fu*u1JqK<192Zu{mAD>>h;ilIh0?5W&P#P;qpMUX2*=uKaoC1YFI;s@bz~!s)Y~+;FmLv~Woox~IKeHc$izi2NO1li zGH}y5?EIdKFt0n5nsz!GuCN!!B=F%v=hZ-lpQM~SFxDqe`2bMpZPrHr{v^>>k1-!f)iEmw5o8k!_09!bJtWmmI@41X9 z(bmS#SpKmH*B^UuPx)K%c=2t3Sb$(jB^lDV%MBY3MRUie4izH}0I)*Vzh(q`N{qqI0E{vR3C%FbU%7JbF`?zcl-~0{NJ1f@zyp zT36_mmT(mj1k^RL3bKzth^VP77*B3hX4|u!6F5J3ot6S}(b)*O?X_C4UWCZOQr+vd z^CTvn3?W3ibnHcn2jP(meH(7wY)<0`mnJ4S?*r0yDb;(wo0H3nRi^8=M>t1+01d|3 z2e@xT)rNB0%8L__t=6L=z0Cvq>hah>fy9pxEps)+TfD~x%uF=)!xU*hYdaiqt@Lh=dlI3^pD zJi}tj*)P$5W*gT)j<)nP;1W#3^)GLcgQwZ?j6)f`UK6jtUONL;3U5ZV%NLv8K(i3z zDUBk3V0@cCfQ&(%C3T(ZRLSgjr?tKggoZl`!21p=&jX)RWOeX*W7H*i$L!watv^jG z;KQBr+ntpNL(Gn;DA6p;uL=DIPZAU(=%Jeob*RVsO-JpD=SE;T7dJW48}(pnwNjMV zJBDoJ{%9}2)EgIDA{kKNf`uW~*{q2?X9k|@08M{aQ?y&C-D2vaq%A0$>YrTA z#;fgo#3%Il)l>%B_>!?uGLg+eA`_I$^w;lR8$)gHG=^FKGpsi3#KXKBAIN;5>jQ0- z`gB)YwXYOoAWMsoepV1ADP-1R(4^O>DOwFDw?r1i4kH1qeU1(u;Jd_wdR1#z76`4!|F&ql-3-+)+u zvKy`NaCQaz8ljdz!;^}y`u2-UUvwtgr6+l!8gKKG|7g5>d59Ia!gi9Rx0RxK2Zpv~_5RcJ zlZ-(i)2`R2G+b*5&Jp|(P1JvM)gh_!QU9@j6p}Tq3v(VPfTD&pZkd3ac#}F@N{|eX zuNZ(=UE|lP*9a}F1B!N-@M4=y)TIp1nJt-9Cqgig08fbZL|2dnpY)#0>-^OUl&Iuy z2(ULrvVg^a^1OjY{)`7#`ew51r(J-9AX18q;`YA`b+ko zo%imm*7$^$G|ob7C_EpC&se=Ba*8&8pQKpV-^scXrwPUMV!)Xg5d!+^*K&CF@wks& z*`XKKBEKhH9M_NDLxC(F9D%B-CrBPc_toyN!(C#qr#2#zZbQx9dsr^5y&=1V{{Gl0 ztcSaDTULT89U0+ zsA>PJg4kHvrC#FO{fSS2Pt;o@()m7qoKcG!-(}*27U3WMMr4tr2HLlX%ak5g)f6(8*ll|J!XYxku@9;%=^>#EU@&CEF{7l8sklzeON|*uuS`( znzOv33t?Z|GD$bTuSIV4m}RcBv^}>+|3}8zQpIA|#W?EFeU<3r&YB4R43tXl{=ljS z0;KTEMBsWK`I`uq$>7{wTiJv@(+>UjMG+0e9+@#lJ4`5hOwN~(nMHx60YVy;1KfXS z#Pw<&JQdA?{cA=vT!$xHvpLu0aG9N#KlreTrLJp}8C-1`h@3H6-gE$2H-S_hkm70{ z>lOlQZ)4rxrd+|1k=9axn$@-VUb% zo6VM6NOdIg2#oV6dUNnX1jb)nOL~8Hxi?HkaXY#EI!_Z60~>w({>=1RaP0vK_#yxH z)Qb#z1?yroK<JIBUTW(gXUox5hpO1USG6l z)gBCffr{(Tqfp`gcg?!JkkLEV(p@hDyKEiJ{8?A)2JHSOnWi5meg!%g9eC7~+cd9L z>XD>c^l<^LeqD5@<(_zS^1Du_S{9Ti5RHp0 z#vD#F?FAQDH!+NTn%QLPz5TTC*CA8_c&dUS_B;a6rSqdFn7s{jVbnU3`4$#caoo03 zY+V1xc+cgFkFTdt1oBNJ9ZO#_Pn;bj?mjOeCoZ^Oa){p9f~>(3YZIwZI#*wg1xY{E zl(N!%?Qq6&bbz|*g}XQTiyJofqy)(rOAs>|gJqELGtdRgTH86`t0`pP3vX+naGBW4 zm!c3Gc`FHOo~FRA?UlYHkVx7bY&+CwSx7=&C+xeY)JFNrjIvh_{l%%VP&^apb86GF zIoMXc8}9>WMJ30@U!1$iMZSMRIq5@M)|;^`me{ex<&%n97KJ~?*g3cm%QA@i4{Io3 zp-3RNMV5Yb4^d*Tq$Xryq;#T{KLT*ARtqVMAc zVr^{rjNi31n_DZVmHF{Ky zV52FKI)wy5B4HwF;tU^1V+nO722+QTJ7S~9kDZzkgJ8lZ(K*sUFG0~XD0&z6^^O|f z0jb4!9z``)t?1uBeqXse1Pp+P*>W+c$?_Z#9oMcB;)%bMvm;XX5T12C44u*=RC54v z|L8>EdumC9$|fRHAkwQ?y`F(9L+p8Zv>FDEeKCv{QIl`#N%1D63?o2{l9#CaV#@&d z6f!x1Sj9m%8u1`i1Rq!6o_8)-4|zLY6?WhRz&rr(|0U{E zPwU}kBZY!=9-aN$pTUI1mdY$0tr7{+5Wg<2>bn2qiyu@>l+ zD)X)U%DzmefKT>e$tTmwW80=5&g@Z zglOkz2%^IO&6_O9qD!%rLSdg83?(2x1rqsJ4+USoJj^3`gaSe{G$-tx!PLr_3FdB# zyqaV>kgkiN=(c6cFs2C(@AODPS3|YutkT(Zj|oUzEf?dTUeZ3>8-)LhZ)@*d>)B0# zo=<8e)Zln66v*bS75CA=kz(peUAqTqgk=b0es@IC{fW*m`d`;wuK_y+`2%cX#|@-z zH?Ez%11n2h?^A`OPJZ^-N(imbI=c|8SWpL96K?lo(0?vVsxv%xcb8(mkkQb|?kGq9 z(ToQv(TC#xc`B&y)mz`_evzD-#iI+&r=k(N$3`yPWd9_)g6m;|?%CrCy?rK5G5k?DGkfj=`_6updg9jTWRU>Pn zL?%cErtN6Y-!cBYy2oBHId%iUB3@zwmn5Ne%} zHU7f36T=B;w)JUEAoMb`eCHb~c##Rg#ns|H8H)?g2({zlBy#(8r}#!eyzXS&Q|*`o8U{FKK3%l4i)4i>hxQbb#3jm zqnKDf(XCo;B+^5N9lIZ`A&nMOr9R4p9N1aSOofw^8B3H;dLIW?Kw+ARxxu%Hy;%0j zdJTO<^dso6CwF@SY)@MHv=rbyW6`kH-j8G+5PClt_F;)SeTjqLg;!J==}8Y9IBbp% z8moI|#m#*1$1W&>7Wg52foNpTV$DUD#qH#FwpT*QEKe+0VZ31Ssmp@(9Y~-38}n`x zHuGLFRD#hdHh4aRf8ZRk#V^j#MtRCO75|gzIep7p9GA@PK|y455FGCc`5oQYdKjwj zNSljduJHJNT_sv8?uAKD-oV=e-Nu&Bf-!#g%Y{_Cun|e$vziCZIkeJGFt864!17+Rcw82^FkR zwM~=y1?am_=m{0eU#8z0g|ScOXOIb9CRA_7#BgR2PeWgWnN^o)$$>OTwoVMR+MJh& zPZEsiTdY+K^(rED@Nm0EFiT~|l(`Q2v*UhTAJN8cVRQYJ`-xa~@CO=c`tizyBI3`t zrHjbqWZW=7%YV8><{@}R8V7yb09VJjE@H zc;xU-L6ww=+bFTxQbzP&;%kbIA{`o252?8ShgpkqK)TuB4$TbT@IR{85)6l`6d`HS za=`f#Q#0s{rVF&vEC=nsAO`XhjGJ}#BuY+Y=A+VTSk=3VtIxEDlc;mfQi?^4at?pt z5Vcs($dTVXwLN$#yQDXSC=T|+qKYE2`W;K|onspOkGxabfjg&XRvm?`v6dV1wW@se zF*CG=TKRs%pho{l-RmG2#R4;f>{hRk)EI6`B?F_l6q;A5a?k2|F&`$+1?zhNMmMDY z9vgvwcghXb(x96St@_imH&^HoieJ54Gv5iITUxLSU>t;23;Hq-AP9s??lMzO2ENO3 zCE9&r!eV9*Az607!1JkINThsk?$P7j>(nDxRK30#nhxx&?S?30FfX^vhF%61knG<9 zy|@<*43G0D@m5NS@&>bS19Gsjsk8)HY;27($gFP(j5@A0P;bg(Ume?uHv#}n+Nm7? z?y3RK?15%-=&hjqENb~;7PUI;iE2}5@jz1;Q>NiVNdx+#&A^Fm2dj;knNT(_6(Q=a zT7ROB-)8m{oBRd7ez6mwL%IZd{h>sq`EPMlJN6JCZ{|2w#_pk0FYqGYhqoca21Fz_k=!$;$no!H- zB4n7kVcS!#g_^R;`^zM}&g>MI z?nu;}E}!xeviBuF(Rwn5aviDhFp2OaXYrF%WxzT9kd^e6TtHoYg}Q^}_1<*hF6ew7Jpuh!uVX4(|8)z^?edat{DC7p zx0{k7vR4!Nl0>^*V2VC+Rt+{81mZpZYW))B;7_fYuQ(EG47Cn@!!Ej@7K;jFA29l% zChAgl{bwFWs)9WHT%Hh3X^tB8?XU9C^SX9s-8VlJNZa{fBE3}Eyr?k;cesm*qt*UWGCXLSJLgI zSzy3Xd@)rf_^(AIgyYRQYqF1%ofH7d2)lXd-?mJdd2rcq*N*W=qFHYyyVfx}WzIT9 zO0TJE&6n#U&sJ&P0oy1+v+n#K!Lhfw!4DVQ^|BWrXu4%VCCced3-g+yA4$9(n7)L{ zd9oY$KSTBS`^u0FV*xASQVpA*uq>x!FISKqU|ug?M?9KN7LetveFTbVFT~R@kJv9& z(pZ3X#7%71RnB2=gNI<93BaJ?(h&lGHpJzDkz{8#6Q>gANt2}s?jx`c$Xf+@z1J`! z+GMy|HDbKA;vn}T>UJa93Z^_Q55d0r4Ke-pRz^UV@9ckciHjlavHl2$Bu~M@(Ppbm zQgDt;p`H+`{`<0_=&2!ar07f@Kel%z=MR(Gr28QEgT~O_rwuyU;H`vgcU4ZS6!N z|4Cstptio&w=thYn@P|y>g%+ohqnFw>}L5&5P>fjcsq&JQkc}MF;1vsG-H^HR< z%OQ`l7AWVb97GeHHHXC>EYKzHR3^IgC`$lu(S3_A9%OwPsz-5O?4@};PqtaC4_x<1 z;rGrWTD zB1SK^RTvC}b{O{gGDp{>Rjz-r{CD4%evy&@z1LCRny|w~leIJRJ6-Nc`p-W?z5R?E zTu#Gzig}BuUnRZ)&0EqWt3Qg{b;y;k;^15vYU|D|H_pO2r6~ zDv4OcMf@na78;%W%!ghLM?GuwYXODe$XM#+lOwq^7nnU4tnN7G)eUd*9UJHYhaPO% zH|EVZn6$7E7*uNip2aVA#}HUjmzkU*VUL1{WusZcr_qp)C!9?g{ghR|MU1q1gnaz3 zlHk7%up5Nil=h|i_Yt{~ceO@BIJ~~*4emKrXkPka-J_8!*+y+mf#O89t26^#+8+k1 z>%{fqAV)i>RxS2H3KTwO@@oav8*!{LpO%gsejbP_`r4CAJ$L$L1-_{LZUV01Do76L z8i}j(WjjJP|4(K|4DFnO@R>cgRgIY;s*Q#tEcLve4tApTgsE5gp_D;PWDYgTkF=@l zX!!eqQwbNvABJAj-jsI*oUJc8t7(t?17dz8Rx0ksoP}X0#Nd^IUNvGa+6x({wY5f_ zH7a^JA%zPeD|ue}jQ1#Rw6EJSAAdI;Qp0r{?cGIMWeByrnT3=Y%Nhwp2hu}>NS)>D z0b68q?qkmPHPxpf`lnD1x|VHKg@k6zzO%!XNxvitqv5kcrktu}6`BN=Wmrq6+2x&0 zk;eM09(K!;DN3X%6Dg}miC`aJIK*NyBB{2i+=8FXOof?d0AvIWyqFtuD%cKm&P<;~ zVIy&@(QtCvsBl&&^bEfCoA*pz%X+^bNo|WrL7_6CkgJezb{s2vjyOaF+ zB+u7FNB2~L;(#S|tDLy}MaXqF$3n&RqCM9qnW_xX)rqbs#qr7|N3VN~^w!I&`dHV4 zDE~?hCAhr;czHxud7um{#lw|&^%0;t0PV2MTV@s-+YQ5?o2{#K zw3f_uL&b-?yJg63uwW|X_0?Vds8LuF)K5p4C?c9=B)jH@MNWP6d>*M6bsLok zj#=I9iiGZ8P7;$re)1~mx2J&#h5!&t}<1<8ESStE~b`J-!ymSl>?rYa#{gb25 z?C8%@Nr;;k^Ujd`5mNZb`@kAUiuKq^inE1ir4A3N44qFt) zt~%JO%DH%AoHNFP20ZdvGs@VD*Fm`{F7>~yd4+^L)yo72f+Ll;XRi_#iEy3P^DZ+B z6lA=W9ST6LX)VSAS3%27DTkut%ADZRiT_CH!yXH{lW?62S51ZvIN6OXc|s>sh}x83 zxXDrVGypqOp=5fj|B=wvVLZD%%$=> zS|tOKP?Tl4^j4HAL%&pv{G-r3qNHYXiy?Av!bAv;#*tt{g_~vW^8k(7W7-xg$slN1 zx{RgBtEbl%&tu`5F{0*ZvNoVcMT8iv4#Qu>NZuNku^yxUK93@O^%%^wVQ2`^0U2sl zG4U5{`vX8rTyIYQrdr}s4*1PV@C{~WQMKq^!gWg&p&4z^md^da62&Ce{D{fFi~tBb zo(_+kXNCqW>_f!v?PTPmWi?`H;P53_;_&YY;s{&oj8nR{T~8C41muA2NLU`^y*8gv z9`FLOT_LSZ&^`~ZW{sz-T?b1_+7_|y1^I%(4pdGPe!RT1zgFko_JdUTix(4i#}P~< zA%U3y6%?*~In~drsgvCVGMrbqvQ7s%J_0?28oi%XSRnzIuuYvOVYyuu^K`bdy7ry5 z`4x2}=MPi~68CiORx2|VI zh6&uddPtCD05;S}$ehSDMhg5&;>v&Xq8F{;$f&l7B~yFFF_%wm4!^J_og(1ww9+Cp z#j#Z9%pjDJ&HIu^dl%cZ8_Xbkbiaavn4?G+Fjn_riz`HRicEuQ8&+9N>U9Zqc3pNj zu*qfmI6H1dv=BI!g~Ie*=9e`uQGOe~l%n48@7*DWP`+w~=+zer7xWm5O1BxO!MkMB zn8*B?f=2F&ZC}`P>fq;VJ&s5FEB%hWO>3qDpvDhG-gb#z3`jWv?=U4~^1z-02)n0> z?>72hg#+Sr?Iw#;qQ!1*IrphR(FZ4A-rE%O=$d{DmK%V^vs;{n`p0wLi&RB&cgB9ao9y8*CC zAXU?9R1HHi%GJ-2e$}ft%}M|>K+L~}ldgj==r9K$)-6_SkPmwUVNM`p-WbTM2&?cz z;MA9x2_Z5RUQ{<}DwB>MX8B>oq^sW!rNtvLO&9oTO6UbQ1q>LzUEk1U{(G#iyRxAm z2Y**YW9@L<3Lb|k6WTPses8yeGRxVQ<^+$Ba=KFfEJloFYoIXvx-_S#6y7BAAH;8( z|EF7`<&(zS{q+%ADo0$FQGnPs@KYR@37s(4QGgkiK1eQdmPG#6dD9tikkXhv)@5B! z^`5ARUNI(&0Slpe8E<1NP?LRms(K-nie%p2vNW4FBu!tP9U9}~brzw_p5Z5J3Rzzv z&q3@yz^y7?nW5k=(#ke0f@`5i(3mA9r*uLcfJSfk_BMa-| z4|E887O7fBZF?E*%gnh0plvG#m3vH@`*fp8M8MtMZj}9vCyE8R^c+j&K4-X^A9SW` zBNa)hQ4y+VPl)&=??#kzDEt91`upu`^t2n9ZJ#Hr0+~5ZN0yH3wR)7bT&gfgx2~QA zh9GbZ!xQkNwyvn4pVuu7fOAN`piuGXy21}Jp5zj44m!iwyEK3Ymx7mp!alQUO zD`eMab2=(!6g=#S8@+;pybcE2zZz&v}sTTW-{4{$Z9rvVI6O@XcU- z6yH_hso`L0*FWe!l_2O8bds!R0As&8PO?rJN$%aoS=G?0iPu*KP&oBS9bWqfnf|8F zV8EdHROcvNiiQb!SKTgqpUzc%IGuH!O9GdU%8Q`)qY9*)m*s&3wO4*T(8F4YQ*3L% z=1)Z)vd;rVI%}^7{PnZ*Rn4v;0~haiUWI~=31%wIx{Yo6e>HelHt^!4`8Kab*3aBug@*G$;-Xw(n)O$} zXj0ieNn$$55s~hzo!9TC-XI2Z?w3JmVmKwi5&2YY`Uu9zpH!ECC-~0rAyX))w7I=Az%18dexyY#cL`vqBOVFu$13z|PqYW5h!*I5Hiql=en zGEB$|y0F6@#jF-!uDeXd0$^GW>F`njczY#>1PE !ZqX!Cx}4q6aeAn8%{&D8+K@+m=gTLbT7rfI?^nw(9lJD2|991O*bJWqdN= zjz}FAXz0BNU(`^Tf2zJBQM+C&&BA5bHBq)bEDtNX6p>t!O#bS_jJ*_x3b$<3A2sWy zk`8b8X`FMQ@vuB13k*(|k4<8v`YNF4hXPC$@r`+gM^#ZRn0CX z<&B-9{}l8}MkRE9h=ndsT zbZyk?N^M@xC`{NQG!1{_(zZb@_W-+qes5^8W@pdW7CYWK@j+1GTZQ0rI^rrQ>@X?s zaJ{r6p4d<2|2Wel?Y=>O|LIfe>Y1!9N2wg24}zU(_vES!xjeqT3f-RqXhvk)V(X(` zCwnhetLK;8_ZtjZq{kG&@p2pd8u!hJM+9^&uf3OE$46oC2!rWQubwF0jPST_jS2dl zOboQZ2mPKYEs-;AK_NdeS@VCb71bhg2S@s{qN?$npjR7|(0<&lvEbM2CVt9}V!^C5 zQlGS#O0|Xq$<0;E$59Ur`4$j0jm*!ARE%@r%G?EaAke0yE_<-tojqAWv-2cOuLgMe zaU@=^1HP1Ari2w%N*Ggp|2!)nkY) zQ5?8AX)@nq)EquS_~7>=;qL7$4>9FXwrkMQ4*t<2PjIgeGL_;wH5o$({>PE`$Bzjh zyMq%vo6tcyd^(EYR^Acb`A9NSRuA#{!M@Q!4vrm)UUw=Sr~&T|`i zbc{A%8HxbUq#xceq#PcmU3CO#%BT&<3FFL3_7OUaQS)oi2X-U<0FrOC%w`mWe*jTL zdkyLFuIj0!$m#BQ`g|PE6&|3%ms11rb64DNz;C)q9F14AR5^rbpaPU@tXskXc4fa4 z^LQVUn|GRuDCo9|;48C0&3xWnl2!M^9@PC7b|^ZvyDLzjX{<6Gzhb+0$0{||Jy^=D z-I8zvV)N`fWktVOue8|Blv0!ztzi5QE#ce5MMPp3x1oPUwXCw%caSv7!)9DQKsKlqyXqD!50W5>5XJfL%xfCD18P ztp6|6RA`T3y(y-LQin4Ft8S?hhS@gl!$KV+6>3Jud1m(o8q;b6j+lQN21I_2RmAJe zLmGpBkIL$Ni109%>%QU>Zqoab*@%b7{A#^@KcI!2Yj~29b%8b>-YE^-ipNVzc^ zrSb;qb(5HiaNMJ-p5(2hk~gPu38phE{F3s(Pr?S_BXsN-u`iD)f)!7^5t{B0(FBoc z1CVk#Ykc-UPREL{FO@RcY%>0#b^*GP;PLbmovRqke36>V?O|TT>%E?&3bd7{vcFzmlG8fFN9U8*)#J1ay@dr( z$OU93%Q6I>QVkW^?aIAN;nyDG^a5im6J?@epByFzT4XaZb&^85Q{!4=A}`!3RmLnv z75~bwNI`!D1=l+s7zG||ZT`pkq?hB_{IN+tmUX<)r_zh7B>g1NSNFf|W==)G^D44{zK0?Foqt)a>uJJx!04Vq zXIXf&$p#35Vj(&Hfv4pqpK2+iz$=Y8Ujxfwy|w3_7qieQ4X8xT5zhnz!AE2>R$`LM zSpF=F18FtW8<&n_U(JYEjr%6l;T~=mLoZ(&1k;x)cP!KxB??MtH9^*TrlF~0>od9f zz+^asP$$BW>ByOD9=nt7kDvMvD52V&zGL!|wX=-2SU*@S_5Y>cw}B_XoVmWb*nO1! z<$7Ly6Zq5(LBcRns8}Up*Yr~zZ^(+4rviY0<$@SC#-4L~d@e=EIhgh?F2hH>XJ&Xr z#f`t^v)x9pHNEnGeO|K4ULBfkg^a}a;2oJO=EJTOpzd45JJ|?%5NNUqXwzU&TB1Hw z9qypdO5*aA3`DSY1X-kkcE2u5lGgWG1gychf{AX!|6%0feNj79uCe|$Ql_lw@lGUo za(!pLAXhz?b}P8*(?XsjF$oFxFEi(Mhxn+ZfO3eTR$xw?u5I{tKshq$EHB#Dux|nh zOmE9op0dS3ZtnYE5SdA-BgeAl1XB_V5K?`ar_v;jqV+qw%@J&1pu=#MhZZTJG;S%4B zUdlxFq0IvsJRr5LO}3JxMHh=m!W#T zR$3P(a_tyGAU^{mmM&j)qdp{pjESJHgZN+K)m{@|`H2Ro?i=;rD2X^)5A{6!0?)7h zWkEZSJ`3e)bfh*GK~QjKs`C14k5y8gxi?oJ7}AXhDQZPt9Haj04Sqg=V-88zzn>Tp zyGCkPA(UMkGHDRxfWG8Ik?Ds1vKdCWyVt_b!prnC=mC(!qHV8HZ6WK!4I%SA@XmnH z!r(`n2qZ&FIKb5!wLR19V=h)!xy*j-+z&Wjtj|7|X|!z&smB~uuIN(pl{8jsSr3~$ z)z`Lik8H=y-m$F9J>F=I$i)D@tw&D~aLP6~sgeNNk-1p@x02?r2v+oR-JyqvvMU{` zJ8G{rJMFW;cdGN(ry#l0X+JLWE>4Zv9)mnMuSevIpC@GPG)zF;*xqA&py>6=<{i8m zgj7~!)@C!1nvGTAlPZnmnN`qI@vZ_c4-tJrh<>aL8y=+h*$QuT$3=B#DN~6)~Yqg-mt}fE_-k{?mlY`Vv=L(`-~mNG{W9&M>6UM;S=K3-=Epw1$xfJZ0{wK z+x}|dLzM}Qm+j}Wc2#~uuD?n)I<5@AFD=pE_KbHAm~!UJn>4UGsThh~ID()QhA^Fh z%rnGg$`${j4Clz{KK;Ui+IJ{y-m0kuGG_&qq)5pc6dTCXaRLr%C*!F4x4Ecx4QN&O zaluOsOvmor;b?9!73gl)zpAA{a}>%h>uXSPM`@yIP4vjWHtP+$nKm@Xt26jg&G9h^iA%h+C zc&!F^)EXDEp<7@JGbSFxTDF-6@5*+;5d}Cs@e{p~0R17^{3i*{kcxGs`&u>aT6BAp z^&VGrbz7Td4CB^#oI43QoalDg)y})h+QIqkjOgy^egg6BbY2N@LCI?OB&0c+ZKs3~HoEAJPKeF~((p0j$j3Z}+S51u zP(aX1rMVB``wWkKcKNi>Qmf)d)STie^uZ++NxrO9S}ZV@3sO69cF@Sm}f8(Ti;1CDU0R9Q-)uG$^lKS3|jc7+q}s z4^fGD_oUwUy9r@5yi2M9aI$AyenNaQ@#vICnHVvE;j_!>UK+eFP)fYl-l0!d@JDd6 zuOcBjMwtG)RVYL2p`UI1HzM|8Yn{q5Yz!!#9nJ^mL-}40pQbB!NC|fCjw2u4x+jpp zj#`g-a0Cur4%udcq+{xZMUWzQ(wWbbx6N2g%^w-?c_Ib;`G3Ly#O4_Z+!v3cM;3W; zCn?8J^8g5W_KnGRH!tCmlzlw?!>)}=7$5jW)dL%fb*&7 z$T*Wu@-|E2mEnO2?%_eU2y7-@%p~P=IE#whnk|9(n$Vmo(L72dD8$Ek=Su7|T~FSy z4L0gd+Mfd%?hkOX!P+;mvpe}bv2NuHccA^fB?;kpMVDvS)-pyCD2-#L;5j_PU7FM} z6g8+bwo1+MkC+Zd@y6$@tFz9gaLEM2oK|({R?-tgZ_~m8)yb5g#k-r|#QBiHcsuP|~i9d38ya|B&Frml5>E-+oeUwh5o8*6Dyz4l$l zvWO{>Zm&y##I)FReM6C>~XgFw-3WOv+p8 z88iQJW7<(DDi!DN6s~ zEk0ye37f|Kizb0i;NQ`tXfd$CliWceLdUF|CaA^j zy;vZqhWyl++^E>^Y6b#+cz01n$V;l!;H+`ORVF9E2!C+0V1O z-(a~7+E?Sdk}Z6>E8oU8r5b90bwlq1fgg&<7;o~bEv>*!p%8EwIrqi9IXZt9c3;le z-!7$}F;v;8>I`LwZs?Py?qeHblQGs?EY&p;Cf2?P1O-B`AgsuY97|;_-As4gpJ)zW z=!0D2-u*E62eQoYIr~it`k6=2Hqw;we)Drc?swSmUX4G%|X0Sa>x~N1eiO>M15X z0$&KfR8?r6O7+d{ueO*BZPcnG_YtTqhGo0jK(-SZln|n2n$>NTC=8;(;l7LcK_E}3 zW@Zh%kXOo6yU!Bqce2cCVe~|OzLLV?68Q(F&ZCyuEms)Pf5~(Crj4TcS%0v1V+}+>k)`6x)HB zTC2U8Wd3$7hYitSn*0!igu4r1<+I%)3>^yzi{Hiq0eRv$GS0lPwxw10OrdcZRY^q2 zV4%I_ob#$bPH@TVPV7cy>e`IlhwxKMHIT9>-DDK4$7lwXRx_tKKz|_R`!yNJ<@DC5 z(hdj7rC{1HR4SIN(LDJsEoG-4cg+GFa4;lTfn~115oKB&zps30;o+BI;3vTJ|8s_= z)@Nvn9zka_0)N1dy?#HVSzo}}KmmC81|DywC?`oEfPhelquSp-9*bjSHu<%bYKF0i zCazJVU2%%c^wqYzT3TrtSoC@{>F|Z)_dnn}`a^hMZ*DC%D$3zKQ7 zoH$``t~fDXhje`Jsu|5#pwAyIWZP1+$>k)D03e4+W(40K?CpgYIB^mXyGkDi^qYJ~ zogMyg%oWPQ*wnZ-mr@O{h?R=?2>bULZ|aBL-4?Z{Hll5rnfXJD_Bn;-g^8)RxElj0 zEe;OZ;h%;(9dfNt92QHP;c4f)y96WPhx0x#{~E0YX#UiI1WpE-b8GIcoX$q?0CU}u zGU_8d@$l|~YNYVFvBhYNDp5SpcQq$7o73(@$y^VWBuy@?HzKJjjA$aoYFUp+Io8S= zjp8fuTCy;{HewUC$iG_??=!oceR7g6$@^NTH!Wm{sKU0B(=jJaa}eW-19poO#?TW~ z-za8m=j|yzt?a9qVDz-o=^dVuC$$^y4+fA|Iv-n+shGJfgYTUYdaVi42WR6M13>0a z2aQiwD6&{dmChe-e3pL>i%N!QYRKs^nZ|Z9?2t>Md$U=Km_~aDiI7^^v~>>}K3dOI zmeU+s-y{|KOuA&)Qoh@|0j%!MHA)C;%ukEBR$1F0?9=!7uQ(LH zG|e91>V@n->%3$ssYLq$gbN_!&Ydd(oX1B&pdsZj97{T7(=EDP0h%(NqP}hu-^3gZ zakkI)2Rxhpn$s3Qd~i&qi9?&zQqpIfp>*rUc^Au?j(#fWJaTyjSi&qMTH?k8hhjED zK7=l#b$>`apMLZCr@;Jyq+YUvmI{}*MAlx+Js^zsCUmFS(>jep3aiM=@s&+sY4gqf z1cP1?P}BS>Lfhg?_`LDI;y_)@a}KrXdMD|ZBGOSu0m_0OKg3iIKfK~pDT>wpt>ThW zwR?0Qkt^(S--8?vc{2x}zLyw?@AUP+Wz`%(I}XhmSvzR&5v+-LlR8n<$l<)+w-D3K zmXNSYm?QZ4O)zOak=GTYxLUzx`p4G-mc&5A_!Z|mCmTbEzL4` z9UKV`xkpiJYiJp19%1gr-WeyRwI2_bfh+cYOh!Rn5YtkiRJ(w9x}#-);H@(V&+1** zCm}G(FXu#-MgY%y=It*$ZiT*sV>{1rv9ztt-{;KmuKv}yY1)V#R;j<^_TxLaf6Jwv zDufdODSF~`G#AP`c)X#hzK4_yQ9Q+0wH*)9_X0|7<4=}9$%C)ep={omy17pX15Tv$ zhGTwSjB;Vw=X%=^}+jqC7L4#oaiU9gH#zzJTt^~ zVe(uP!M;jnW7sr>K{gFN9S+}5HpEmL4;AQ>!sL4&oJW=r1{bW9Mdj%)V7ixyXE|i` z(4;1nUB3}9><%eH8P+r@3oV_@YastakHjWG%d86k%5JF0-xx`631Ixmyv^d37$Gi7 z%IU1cgP%hqiKz7Z1yS6JKD)S9A%@yz{0n(c(yuLNDo{x+QiJx64DO6-arU#|Z3D3W zjXWIF%_pxv?S{Ng;w!b)hF7(EckPvoUbfhw{~m=-{p?TpqX@Tn2+;Ss746r$9&Ja_ z8N-$XZqpANOg$s>-iKmm^uPu9Vu&lIighaAY>Ckgj^5bDMt*n(I4xM&ll0^&6MnaIoUv~& zEpQ$661TAY`5-3-WtFlPWy33Qiv~bQJ1g*#tB-~bvUU{qG-sp_4-wKM-w?T3 z_2VfzwahTi9VPEv;RO!8;iiGp5J?0D0<-;!B-qEHvx0d!%dkjT`TjtwV0NQkSlQokp{#U=fH*XdQ8mkPz&;oOzy;L^kZrV3-)UM{%)iQ7Vk~xm>O0 zUAMAK0C4R)=XbH)Z#O(rAp^Y4s6v24Yb@q5a5mZNLJ=Nu-DFt)+SKc+E&<1&7wigB z7RDrRV5_cy`(%E`URQ4fK&WhxO~~tI?#j`~k2`3%iTjPEgCod}(S#9HrV-wuuvHB` zFl=~52<3a2!t?*t9S1-WQc#p4+G=jpuxfFhaMBq8uj{d?z5741oGMD$AeTS#kVtmg z8pDmq)o~IofOH3lYrg_NwAO!)YR(j~lvaMpNx}iA=THzu9T6YAYcu|`(nVTQC78%F ze<&$QgD4_QQ}7_sKlXvnJ;}_9ZAwOD8O7LJmQeJhDsP>%w%{BF=flRjxxL84n(20g zAiw7~mL2DlcSB5YcnX;0aOGV5$;nNRWRs_^ULE9laPwDfaEVowcoT8b?f@#0_)JX- z?0Lhq?KDf}z>)U76mLz9JqDDy2e}sEu=7(UqCrAW!91Ac*X>Et6gFh<16kCps%?u> zQp@~vgrD9LMJT#rRiSjJIiIeIG}gcAnD#!^GAZ)z-52H|Z*T;D;~YJA-FmKe9CZkH zK{6G}Vq`Trh6dUf1V@%mtu2KLy1C^dlr|f`&`Fw4z;;YmTZz*@S_Vy9AIQiX2j9+z z)D+LJ`SXo3K4-4uzjxfiCc0tv#?dD5 zJ&E>Fao5m`AQ^%;N`usz8KNeY-up~DLr8neV|*+`9VLF7IX}I~w!@w^)@KF;hHkL{tm{FXMU@Od(i zp3IW-^R(;LXc-Dfz!d@$seeBARmsSvl>dcy&m4*kd+ye{iXZUfaFhv_>zY&FD2vWR zF5NFs-fR>`tmt*81R`KoItQa#C1iXK6}_Cuqh((xj8B8GZIJ&=w6WTat3(Oo+eJ(& z+spF`?Xw>bKo;5aN%xNa|PuPMN45ZbO zbP3hqvW9<}$?NFjeQtNh*n!&%ha1||`d{o9fD!Wn=daVc8Qs*M4mnWQ z3Nv~2LA9pAw{+`HC4U_2tQhety$0=4L$K^!0K{a4oK=^Cg>UcaPj9)GM6Y$)j$I(^ z0$fA?HP5dyo1~ki9>7Oo#&GlMbWSZpo5??no<#}Z9byZj6-LgdN^0nSFuR#$ESZB~ z)GQiq&332256j`pw7XaE9k>jMaIzo`*h6gW|YU&vCyJUUHpeb4;@V!(i8M4q=@5WAAnK z8v1z6TfzR_n0R15JKM>9xE(lfauWfK`I#4HLE|j3aMk!WJJzo$BSz#JmU!pBWNN^I z6PWj7fBkboI)F#|WW5zCj>O68auYvyJ0Sy)mzpRQZZI zGR~O($R|(Gld*rwXm}s)3=b{C6lDK{S=%O!*Ky#U3+2M^f^crIz}=08iC{6ib6XYq z%o5T(zBO4Zd?&eI;4i*egjvSrBjh4gsTm>}S{#F_cI16(XM58;s~D2@X+i&#_QfQ| zLtPQJxjm!s1cC-yutI~?hu-`fKTib9{>y}Es*%f z`BTsFol&FkR|Q@#0x*L5n25|(l!n_p0^nr8QC9~l?|-iBiute&>>a0*3T15g->Y2S zWz``CI;lC4?7`vVV&{bux0llWw@2-dkcVGaGXpE*^HjMn6Q}(8moFeA(vw-nz0uzJ z=Z)u1NoH5pBmp}ay!O0Nb-aGTnuL_4;OL-XW z3YeV?)IN)dz-Kv79k`3n!^`UZV*%k++9+!!&7o3}5bKXeuO0Qhl?16dgQsTK%;>O2#!D;T-WNiU}|J(H@r6~Rd`vbgnZjcZ8YS9mg_ z%9|ih@(Vke*(FVfc>2kG;|IA5W)>e!U_JMMS-YE{X1;@C75XXR?0WHTcL5sLQ8RClpo}% z`-WT8aY?%}x!%y%N>YJqozvf<$Ue*VjUF8i4ZBySN%>&twgfZQq&^oYdw1q;WGxC| zMZ9=PsO^zsp(>%@zbGu9+CvZoH}Mo?sehEqPyok@X2Xy2N+7w9UsIr`fx!zd`^|yn zVp9vj9%hzLZ|e_E@uc3xv)G~_#7J)I%O9;!9+h1jE2SYmpTN^-DQXQ5ecxc@t@h&o zqySE)Z!becQ$9A9$DTSdrFO`6V0J73GSawYofHG^vOO@o{tj}?b03_c2<2{b$TEq$ z>8*jS38!|+)ym&yt%FRQXXT+32rPsi;eFH0zo}SZ;s6H=0M0ww-~B4rqPTnm%4d)h z`=h3TfpmB4y)%19^K83Ti_1oDrXX~1pAQ^uXHiAw>Pb&;Vu$Dq#ukkCz9WU4?61yf zh~2L01jBk@!_K3IZmzu)oxaX)5HDDHa%jq~})oYlJ_arz8YAyx_)IOSkAMp}0lOIk-S?@Fzx)^CC2t zH~Xh`MFYbH9cxrE5vewNPjk8M(NB~ihdhqt0LcVKCEfM(aK#|laP$(*G~3kMCmXlg zR$JV+m(fW7#UErEzy#HMF8d44Yb*AY`I~-YM~Z@(fk`|0TbXX_;)h!YyyomCQt;-J zhSHNKSWJ0*?*U~Hlp(qXS${ngWN0oJJ(IUo6$_O>xJ7z8(lM5k@ky8@*wN~%&75C7 zt6HoAh|;LvCDf#>Ab{`VNQ?2j@&+2e{2NI56&eT~D5PlcAYxRNg8~i=?pdy?q8q$| zZ0o*bjCfvw5)e3KlsqC`dSyy3V#{~4C%8b^4MFdT8uLM0%Ox5Lk?^#1lc48B>4a9< z4k*#n@qomh6_%@2i^C_AVwIPF1Xe2K%K_}3@a0H4C7+X`j$dfE6Gn^Rhhmi+^9#Z7 z1<Fxw^|4_|hPQKrTRUMyRn1u%;3#<$=+^jD8aS16PCSuz zFSy!h;|p<9q-9}%O`f)sd2{FZbT8i>0m>+AA=#n8~q*JTP_`R;)IIeGlEdAFu3QV+gSsyb z4AYpUHf)Q;v%yg~6nqz=PnQ#r>R*0MhaoJokKIikBa)e>PX;s2kjigt(!cyCg2dC@ zGO`dgg~R#dh&~jcGSa}j%kg^25oyR7L(_XTVgR4QglAfZRW%Zy6lst;|LkPco<2EP z`)_{4U^%u5GC-q(zvK~cuoINckQ(6quTrzBhZ1d{7+iIdhD3>#pjd#xK zG23yH@sw*ieQyh!eYHC1QpP;XWXx9^jHOc9K;drPuA#E>HdS;S8tkqvAWq+fznS$5_VXA0-U`L{pgc>N?DCBh$saTN8yS@ZV&Zu$ z{O6%k0{ph%9Lp)oVqGg=7MDT_#U_Tt{h;cI(L~FAbnrwFhw@W&!nw(q&2vk8unyUe zhXB-ZA>DJy{gU4v0a2bAJ^vLcUDOdHg5NnM-=A+FH^H3+tptS*e)xb6!$pT%7b~rR z9z7!y!}V!1SU!#A=pTAhKSx$6rMFcyoW5(nB>mjsN{DRKM5gW!xnbNLMH9p3DhaV{ zbry8CTL4M44-|Zk6#}^?$~Jw-CR{9~aV59|I2oSBoVqqW$?NsbJf6D!#O~_8+GDly zIzaSuu7xdlROGra=1fWzLtH~}oUExdfxhnX0ax_WFB$&H)FYHiPLWoh^P@FSKXnV6 zph+>IL$9B_m?~h?J7i&W?2Rvg=dJfkE1=BO#Bh6fBvxIN!Uida0rS)~7=Bbua`rTf z4+PaS8HElZ+;83H6gXUyaj^vP5t{F0Hucg;af9QK%>oIxNh8BsK|_BnTAhey)<(~s zoj1yL-Cz9ZibBv_Y!mv`2hQ(KRV+Waw4GxP&T{L;i~=TBf{r;U_OU;u3Yq`7acWJX z2^eI5f36pBlN)$RrDiIeC8T1j0N^VRr)75Am&el!bJgMyz3I{i-eB??{PJwWs~TF7 zp{?j5?Z2PVq+qk$alAbl4VLAiA!FNbTZ$mwG0f?xqZs5xO8w#OT_^6TLYbsav(H6y zg=b%2Nx}ok0eCBskYsJq4)i3!HO56DKnLuQ3C_^O*rwRb#*#pm3(+l<?(tRu*FV7v9vGJ9T#Q{ zsqrntzm+s;yg>xls(4nF1$85oU(-N7UBdGr^3Sa-)tP2SA^QEsxwtC-+D*?VoIx{g zEFGNCF36YgI@+m(u5*RXm*k92qZCcf{3 z#%Z)Q^nm3@o63YCZnm}N8Q%J*)9l5l&6=#n)+MDB9D7i27n{lDy`jfcRZYa#Zc{dV zkdCsVd*C`V04i02;1=-|X@$9VX%kn?YY>B3Tg#4kjg8*k3IcDk&csujZgsACmBMKvfT6Fk%Dcz)QNA7_%?sr&V~^r zBm@*=c~^8bXJ*sCmzkwJl-hk2mT10DzAID&Jv{)p;J`5UFFn+5f9Z~up)<_evQYvY zD5%~EEP7&)i^d3-cPYQBxfwA;5}BMNBQQeDzSNdo+=u31PP_CWfXD%->LS=JsCNbT zT)%GknXiIA6xcuzmxH7eHn62!;*8#n0zZk+w;9BQ1;N}FJK+x#1`N5tQ}2?KT2lZ^ z%Wy2+?Qn)p^oHyk7nDoS-$RQS#5psK`2kyar1~!)p9y<>g&#?mmdz>p*4=rT?3?qy zJKQfc3QOBjRz!o;&-WPVr?Mwy`^N}fYL$qelQhW8yzlz8ppU}Gg;O(e>mE6XpE9B1 z3&q^lbDIuMh8Ax^!D)zlJEol>zTk;GsAI+z`W2Ot0YLn}h4HBk0cOb84M*V3nD<-m zQ^Kph32}@4`vFzpTRT%)woxl9Mu>mF1zYCGb)Qa%NYr^h%a+lcB13nGRy-TVbp4av zKp>e0SWE5kODx2@5!cv-uhJ8}7C8DEkRZz8slb)?wbmw`pXm>E@nXG6!q@^w#YdKO z0JIxh>bk*9zgl3@S&pOLwV(}#3r5nlWU3w4BAz)=1h9zC zA3@!}b5WvK44&+s+gHv?yb=kNsE7M|Crz5lQ3GpW=F#_dMtwxeQV$#B2i$#XIoHrczOj`TYU~xf>{rjB z)U^L7?omo1$oVW^$zSN|yG(cwPn9A6Q(j)(RcYUI^VZr+>EC`6LO99;pKpcKDg=g7bTK_q|aImdF!sewRKp!@7^7K}t0a_;+Q>luYY+)vV(^QKB%Hi&T-#+#YNqK-PMTV|aI3qH(Y zB=P{g1T&UZ4s3bS(R811tr?wbE-F<4KN#fyR^{sg!IZ5PFbwslj{MrfF;Nb;IBY;( z*hbq%ANn1KF_Hh-;z=`eiS}Gv*T(*CvDk{`dB>A;v2xE(!bGuD;~|idlcy=r4c^Q^ zRYSqQ6WH(`bVdP0vaRyiL8#z2uI~}kP4y)N%Q7m`kOZT;s<%; zEJJn!rUr)>nncA^JTUD@$v!g_W|z-pn*@b(I|us95G9@3{*++wN8w#32XL0Im`TtY zQXMFxA6xb!?X%~t-X-=9S7gQQ2!=${7g_zvl9BBo7~ixE1RS6`vo-z#2NUd1B0zs* z6Dxk31wT*OT~042CNn0+*GEt6WX7UADieih3A zEWBo1947ujwgM%{VRD0axO@j~tfQ|iZBdY+3@0^j2Z*A0nuS*{zMb|}WBzgma#O2i z%9bAc_%=rgW~&IfPG?N=)`k}mV3tA+Ja@lx%?BCBt$^?l0q%{Ih;TJ+pZa@MRtSdF zVb>smeeU7d!t_#|(UG;S^*t64&A;|WOH9VgK73zzeL9(7d~<^UQ)L{+92{5mY=JgI zt*>RZ5)KwS9I@Ycl|6f=fXM(FoiI>~Rm?VpEq{&}oWwzvLVrwNH4L_rGqRftol5d6 z1tJ?5|B6m+krC)VjvACS-*^2`4bm#oTh}SW!MsmLS}wd~ymQM*lIycKzH!lUXIYL5 zS-KX6NMNpC$}en;yD3UBtIRln)+r*3TW6Jf*?9wyI~fRx7{5Sk0mLRrI~!{>7`G>9 zBPlQtcRca=P6w44J=XYfYk>>;86@|2ow2bY2)xo3k93+sXY~_kF%y9_nGNb2M-7qAH!El{PY0IBF zpxfx6`!)uxVz7eX)%o@^b^R@in}hoBF!vhRvQsvXvT(uYoO{}Bu$&x6H- z2S2;p*U<-N9k@ktYL~rhURx-j!Zce>6<0Q?dtnrJ@gYk>!P5rgT#Pj9t-$hQ0dd%~ z&_|J+JkCkbJ<3`M#KXQy{yZ`7>QXMy>8eV%oj? zxCN5OO!`_V229s0lqS?(UHrwm@8DL9XuKK`Kn5U5N3I%D!YP2n0-)*w=@Q3|AF1mwyiTc->gXDN|pD!NtXX%U*JtXb&oSe1$)i8Ykk+C_F+Gn!v zR+GDfJ*U%0z+Z_iV~7dHX~L7O_4{qieU8$>3U60Y&WPJCjg`t2Qzd57Bdx8# z#$^x1&Jy`)EB9G93mJ?sxT}dg$O?kGTZ&vpIt~S?ZQ#bdJx{$+I$$N!#_OG5=eDEt z`ARCxbi{XH0e}yacwy*~J~D|s^3VPVWGP;6@_9}cZS;jMZhDQ_+^hHirWLM}ohhJvG8gqp~vYQ;y+ zE%;C&{+qY{i{dKIR0D7>dk5?;OR56g$(7k~~q%4}YqL7b)SuO#cm5PAqe-S~}`f6Z_ zX#L~1VwC~kjSo+by}}cBhkFoy@TuZfZY5rJUL-Jwqk{LLm10+$>u6haKEY2E%=`HP zAWsHJxCHFZFk7z#yVwd9dWCsp7St+yCUT?B5wvZb+WT*j%AGCS!z-M8k={X($<_RXvzWZZV*JE{Y13$r}L*{!EPOuLVxh zOc^IOgI@EvDCQS6xhUODY))qY>UCeKkeT-6#tz(3JVWj8Y2;39NS)EzK2plcM|ssE z^^W{7Ds=rB(~n7QR^99E=)V|x`xjgw96ZQid(B``I#ci8N+yTR^X6`42;jKayHP5>JUYysNE$Bd!90_2~V_EcL_y$Y^>v2y|V zu!c4fSe&X8h%SW3m)=b&Qv#YsjxtGKF>ean^%HTiUJKT-Cp|fO$3K5npf`PTl2c-h z6o&GSkqlgnrxdO}2`b;K=3Y#m$_HS?_2*Xcy=*a8WgQk&pNAv%cAf!a=73F0q=x~D zOE(@lumq+A^Wg}6xbnDFF!v-=-WHtT z`K_1I%9P7T+LIr#l;j!ewxBE$!;!-lRy$QlM!9O_xa;s)yZo519uhg${q-B(_=u*= z^u1_@e(u~^qlOQ;e8DK~I|p;mt;y(WY!v)Ho|d2&74sz#3@~fp@Gp``Pq|)!Hq4Bw zsY^1Sj?g;>hZ@c%TG!h{unU91g*+KMC?rL!0weX{u4c~ouH{hBqWt5CvJi)^g8-S$BLvBWt@@@7N)k9r+Zvob)bv85F5ZT+AF z>Dktlppxzs;?8H84lRB~6G*cn%l!7M{@uFbwSd@ijIcH(&^GDWMVQ4a6bOCi3~92E zjLd&>HH(!4HB`sd^h{+&#yr+;6;@7<^di{oUN`x`y;PXVNby zUSl8YN~9K~Hy~M>6X$+8&~6wx07x794+v12K}h$-GzM3ueI~*O7G2|I>)gLbxc~U7 z4K&WA^$zhmHk^uq@?xBk?vZ(ce^_mh+6LGzj9=4KmgCS%+cpl{o^sFM}bbKE5--LA{ORJ6nsmCBZp(ANx@IpOU>S9$_ zopc!fw7?X^G)86UeLUb8EG(`vQ7|=$+^RXA&gX6A2@|dVvFIf^UOXd!mz2BefW?X2 zD_3vwn1CSPn~1U#Iz3*>`E|V!77-5zpGBN?Q&xo+TLYGsb0K9~o(Y%b z5Vp6qbhgBt!;qgcN}7j&pS)m>3A4GdG0L);`5Hk}sc2aXPNg!23fW3JVP zb0QJl4-Qe=Ra+jLa{o0?y_4>}GngIo+5%g8%l5o^K3K= z6}Ci_4x@m4{he5)t8WoX^RkOd!lTC29wKFEwdS#C29d2j)(>0oNRe*YzD!?r3}>6N zRO%y`O8kzUXfLJ0qcXmm2(I3|+pDtyHKMi3Qz=U9C7!n`abqLxQ$vHk^1nH2E9Y zhsDim)4ZT^v^qF96rz9?w@g9Ic>}RzGD><%JietMu>WDrD4XXNU-`!Izr0yH$RB`X zXE(x}Fq+kYM%ZdS?YHLftah9ScXnf2VYZ&KErIpA0aahH2cl37$37pQYjGy_;7r45 z2dsjYTNB22tEya+eWz(vm;j)Zf7azH&kzE%~0paZ+;^y%@!>%NYTyBwc< zU9`>xQut5U`r}G|1u$LaR{sm`PIae|8U!_BYzUyy06ub<9aS3Lh7;xQ zvD0O(NciQi7+P27e&B5WC@!pW=S0jeR#QM*gnXp_itlhpLQWx;L_lhBkX`DBXOyU9 zaMNzb@k&QItoN736Y$FrzMT^U(y7a~t0Y4V!YoW$bWFDE;XjKEcPE&?@3#tw8T2C7 z(+ix8)$t-B5n`rf(;NTrkTF5poRii*9d|VU6|2(3B57>pm&8v3+!g_js+i8x;Fc)4;DdmvI{}U5a!Bex~Wtowa?WY}z3z){ z4D24UR>-=Du6KIt-lePC=DhJgpTX!kkCOJbH%Q~e2g$_WN*A2+cpeagx{3h^^)%vt(_t}W zXnZzF%X{`1>S;8_y&+zQdv!p)yoK zXI{;on?wnIhw`z_VqWc%n(=*3QZb9v^?*)tp>v-nf^`kT)3HKB2q9U${qUz_`$eAO ziH^`P=x(WC;@e02fGqydM;x@N^#Q7^D9K-m7;an3VVUXBWPC2L*UkEdz9?Y%=nwIgSo>4XED$`pet9nr6$|~qfx;MKp z%xdXYG-7PAwWh*CtIjp6fcb|N9eXhDdIgl`MP6@zaC%nO{WxxuA4ggYVlj`^7u89+ z^aitXUuJu4GKU<`*cRabB!cCyO7X*TI(sA^jK7k$Tf%2C_|MSuBlA37R?<$m>uw>z zslHyDm-hIsoPpYQUWWqxcS7Ik<1rb&HQ;6(u=W+(4D|?-lSazQlKizA=33hbrks~= zdlN=QnT}Ab^vVzUL9q$ipYr9`AmG|v^b!9F93a5avDPC2A&)RQ{1fLlX3c4gum5JC zSy6(ywxFZ`DKJh~GkmhJ*rRshh7ES4)2|-@VK&Qv^7@9jMgsyCigWh589RnCA@P{@ zv4Gb8gNQ);E-%UszV9j%+y1w_WP@Ome$bapt>i{?%+%(tEW+HD9V_+0zF(;32bA0G z7t?#e&etVQrAOXNOGI5*aM-L~Zxa{Z@Gz)unWLS`0=fLnG*uv@`8I(6U zx(*aQwTqVl&f+>R{PdYyje&*c3zF!aSn}3$XxxICi52X$XyV#`Bh>+BHvpJrY9CEy5XMMR0N^o+9-5`=SRQ)_*Pojs~+-1~P)#sL8 zq5=ruoEQt~KQ_#iAelwJO6iR}fT$zOjRq#}*ljPQ^|bcg+Eze|(x#8l! zY{l+B(RrgXFK+n=W?2S}$Wv^c!i+-@e&YS2|K_>W==R z(KuEN>w$E>mt}DtJ&AL4j8MWkm^4IWExLHIBSndo?o9g7z!#6`UxS=*0Cq-kbXi+P z_V}Z9i$zBiSZsnQ7vTwqnxdY(1%4o*((qHPjdTFa=$_wM`m7GMih!Rx3hN`g==dqU zVM;S*@{+<3u*Yaqt;|mL8yCNMlr;by=|O*35TWA}3+ zAYmy)Q_vk-r4Zk5b(va-@ocP6Hd?Aaf+1oz$PC|aKAveDJi17|W7 z>^?`}+bTS(@)F(;ivcLDjQT;Jy|5G;&Y>KEaBE zxzqamyM(8W(91w0_rtP7sRdEpbFo4LTX-+~WnfHOhV=*yzmnh}2)9iD_3H}Sa-#kB$4@NC?Zu7qs3j9>uzA`R#|nO7kq=+!aQO%F>E=8y zS$IW)Tx^8VQ!F9v43H10+d6%*FnvSMH5?*ZU706b+R!|$_`(Hj^|yj*JzbZ6JY7p! zP1^LA2A(O=5cDE041pdUZ@*fep`5!k>_PRnIkuSC<&Ou{kqkB0b-7ALn2hf$9kcV zGpNPFmLSCVw0v7L4+gY%c!V#SPLT(e-=J6|>bi)({~FAnCJRitPhb9@=2_hJw6po4 z$4h=4=7rHK14|3>g~orbSWd?uMYr8%VIYZ<;2Y;D{}jwFsIm~kjHj-Y0*q0(_}4SR zz^5Z;l9W30MDu($>IL3(T(AwyYAAJ(OG%RHeTVS=)Dl`)gTN5%1$`8 zcH|7DwT^8c@N(iU5qj$C>dE|~+5JyCi7;UeYOW8G-j1dnjQDnaeJ7lfg>lZar;%ys zJ*qr52sYa;U`*hDXJegNjU~M*f{#k_$eTrFX9e2#PU*|PeMYzu!YGuAY*m#Lje~eL z^8OeyG^Zk3iC(PnVNd8daE zHE(aL|8X5J z!~+KV7?2triSd3JxS?AVZIb$LpCqT{`N~m_1b$X4JwLa+pt43z4aq`ekSf-F*hocT zuO@jkwIP3)olyiKo}bFHF&FZ~KK>L`;cx5oKcH+D!GPob1bs#e#zB(p+sN;SuWsz$sadzPqAc+%p z3I(EuKukYZRVJdCluua#t82if_ajN5-5>U0ytcE^%}_xr*5`RmMppdbBDA7DUY(ih zhD|$(EQ+!2k%)Jnix%eTq8#$F9|M@CUiyGB^&n=4FS$g>XIeb$**3Z)iZKS+tZR`i zq41HSu}`SMQBT^iQ|vck+_JTpj|z2;qI17pZ=5jHhfUkmoR(>GCMNeX$u$#2z?Hwu z*r)RAM#{%=>n1Fef$Pl-3?k_7wq&`dQQR@K|BmxVmTHf5t!)5y%q6i!;QxLS`za`D4WCg?z}&g#VgqtTGi%% z^V?U|EY!D0HPtT$0jX+@J!F#{RH;9_GLR%Jw1#f9DjVOsa>Bn98fwqS= zw0=v>i2p$pJGZ)k=bcFki^2+t&{EIV?x8w~QyA=p=sgkMS zxP(s;`#{GrCFF~;5@0!$B}bFlLl~})IiYH7Kh*1X6cNv$(OQBf<@;OixRx3@Xgg$8 zO-pVWb&;n^2*%Vm#qrEIh0|Czr?HBngw&S)y0}yk^cx(7#4$^>5=uTzYM|G$5sYAu zNkJn1WVHIoT?VbZev5N&bngz}uq~Hf@Jk(t}e- z2@+Zr3K3xg5c{Q6hXcCCIiXh=TSfuIR*7-vas*phDsFG(~*2zl3 zCtQXUC9D^`$OHK^vh(saa*gaKjg*?MO8+vp!F?8yf~iIDr~%7 z@8lV3DU-+Sk-qJ&lQhWJ>G#AXL-0(B-R#{px0`k@ercx@00aLD_9H6>fE1Sd6)QA1tRTsKKgVqSHD}jV3JE83{4?z-j*; z%9709(5k1~tQf)L8Z${MXPGmAql;*P?G4nbB-Lm{9>7Zpe2Pu)#?#){{uB%X47~LV zumMG{{>~6>F_lFgYGXsbcTEUYfoPI16Kfi`^-S?EQ@;%IgzPk(z35uvK!Yr9MBNM} zzIA+`)l0n#CC9FU+(p=O^k$*u$4yL1g+a}O$UiA>&!V(c8+3KKxVhtiogK%qs%LQ#5MuUP@h z_Jpbt`>3a0p4_=(f%$Kta5JXMq}=P0yxbK6cwGn?HriTpit|_7kD)P&9Z}c&i<)1y zA9)#f!NLZh!ks`P!0r-`ZEu^RqqVvEBKa|LX$l$)Eosh}4Z|v4DTWTiJ<{H->!*b!cQZ z6)0Pt?)QWs<+5l)OJp`ur+SGGL3P@k>y?7^F*^~& zhVnBmOU^SoGXQym-Z#5o;D;{K53B4s4Fd>SF#JK7W<8s^zBrP@J61f(JmrWY+)2g> z7M?l}$y3n}okg~^w1RsJO{J58P6tBW@o(YchdF+-`C7COCq!A<#9$g54A*EO>|ou>t5&dVjw` zslvG%`rq)A5~kI|!)uvNpJXBF#5c2qtnRrg_ygO z;~y+`Nk=1asJirdD{vMsQBYg(cYZ*{Nfzd3D=?0VhpD?8AF_`Jd@0LN|G9d8++YB8 zl2@N18hfcu@}AnojMcQL$H4SUyV!x^t7-I}a%jGVp=cF6?lI^|fKCa}YdA9Mh0g$o4lskcf ziWihtqHue*kXE)uMFq!&*C7(}J0=u}$Q)bR&aqUup&0ZTqZ!aP=)B2p-l^1t^%V>#&+AuUAm%o=!VkffjLRT4dLRXnkJge%3YbGQ~ahCT&naWbLQR$S1aKrva ziOjx#e*gKa^|l{31A_%>eWqN=_F%-a`j3aq2#NEgSMA?@dUd4lA{5W9SVk}vKPVql z9TIYE6s}Zc6Ceh}<^T8OpN3OSEqozd6O34;O^-v>O{nFt4}2!UN56C`?Y~)vrxLjK zC-LX9WD#RGlo`L_TCeLkB-sq{)df3FD5-p}O{>l|g+SLU2(UHt^7`lE4H0TP0Q5~( zQz5BvSn~&M+Tm;Sv=vIyLNa+h4_Un!>qLWit)%qp9?jV7__+X;#CDc8Rr;G`GuVcd zDf$~ql+Nhgo}RAW@#Drchk9t7tx?{rL7J~w{UWtVd#W|`<&y$3tCgK2S#nw3tHaT@ z&fB$K?Z$R@>I9KqqtvqA6aP8L)|tmR3wCl#fXtPWKX#-Z4N{kgOuiSTZCPUo$KLqG z1)P)?rMUamNKmD%vXO)Xhkt2^>R*qGx4Q5qWe(J&v#Zg^9g-sD@{*ZZiwiXui60Zb zq)xpCGGo|~g-Z8W`d-r< zyb$aI(DaMl%Bd?UyOL@Be>L|DyiFfuaa>!FvT%{d;yf!Cq|dgUhm_MBKy*uHKhf8+ z!-x+#v1g17d^EezBjUn>h{DMdYC|)|R86%m=GM2B$s@+(>&Fcke(&|~eO`L7t98vP zqqsuWU$TQp^Gyt^%{llBG#8dosTHW&QZ-aLM5EThYjmINc1m-a6ms>JKe-wMLlHs0 z=2?A2b}v2xEq$5qEdwCB8o6{gCJlOH0SHB=sEeInvCFiLqK;Tn|KPed<56Ta!%5Fm z;(hP~y8cnIn8oO?Ee;o{8ojKZrpTnep)9V>4!4!%s zHtFefHcS!nF8g@AWn+qhkLZ0<>ymyjd^L<}*O7aSABpOsaQ-9LLldtp$bZFimwm2o z>Vkz`==83w?-!qR-qL{XNqS=H&(TQ0ooI{?Kp-@AEKsLy8>9Ap$3tJ+jr-++jXXAXy#Vcf>KQgI z#UyY^8qS0oW7?$cq5O5|`wd)aP3{FGiX$5}=!7+_v`d{n1$0V`n7}_PVh4+vV}BRJ zwIbimcNkPzy*pGM{F+7Zh|s={VIU|;)W7`JD%YLxRF zY(YVbUEx=GOvY^a^4&m9ds3!x1zSA(QKb8cY}F(GjQ-{8nto-1zo}eS7Dc6TRm(+WmM9_vO#4lIwOi4u& z$({c90TW9Lon5JWI;Ix8k02ba}BmT@ei`Z*zF#bS`z z7FPk?q_$={bwqz*;eLhrd`FS1?lk>dqsMI&eUx5uT-Pyb>r&%lf?{e@c}V9C)4A zZ2~8A9ouS9W~d~8KrNC|B%-pcqwr(M07od~vf|Gb-SWRi#;v?sAY=+%NGwvyYrJ1#-KvkH^rzfI=647Ktw=y?NEfD+m|f*$>-aTD>Z4>k!yMjbW97jX znk`^EYA$k=0PnL}LnWUzNgJL2-2$)|rdoUTv{UlPU2c4xx|u4@UNn8Me}^(+o!%GL z*yAuMNUh(IBaRJE#PYO)tn6P2Hlj4yty#X@cWKolsfSq3A%fxgmif+L(29+PRoLP3 z^F~mWvk{RIgIwuu7j9Tldj48(W<5j=VaoeA!U-Akkz(39n2$=s+}AQTkgV2%OxmYb z3n&tK=(E}rEKlK|Ppz5v!Bzv>OWv0q3GRigx{2y-*MhEG()DNePZ~gPaE*7FWBZoM zZLkiIu2uuR!7x{Shz|q;eD;vnSk4KVEa4uuwCYL~;qO+m<8t!D5CdDn-$T4u1Ku5~ zYAuW6pChbDZHA`--B>IN5xsWsUl+k&9yyYIcsjU{feJ2DYjc%~?>;1L4rBz*w&A;b zyKH3_@~k{w)vdT@qiX+c%&WTo|ETn$Edsn}HsCrDaivKPLIL&J$EsHIB{-2gG~_pt z%m)kz4i5awahbJC#w!oU&|332Vs&j?vXnu_IZN96EDF+LF&v3Z(l?{6E5IE-B)&X1 zKL(z&Lv*k-OUXzjPfU>mPfCS{R!S0T5W_wN#)1S+2&}Mnj*IFQ-HFcOBwO#I`Q(S< zXlh}A>|~Vy8btr`P=Gn_%Nsb@YNA0RSk#`TK|xtS`E29Sg3Hc9q?j za-h5vtw=diGyxkZfoUf4=E%7Q&!B^n-kMX~PrLb((m5Ysi?+)~5iwBL1-ef}Zk(Wh z0~iZySvy*#Rx`8gT?HI2cxMy`CpvkP>}bmH+29uIk9O&Qg_nfA<0Xb)#E-_iCJ;1s z;8jn@SksKN@S|PmJk-fo=z?@kSOAd-XlC2*L2XqIbP}DwZ+MUm3-GYeQ%J|!d)#p? zDm-zTi{wO;sj*we{eiNs6?<)4HR2r<&MNj0DSr4>VYKb6^2x)Dma05jPO-uxoz{|IWoOY;_O}Ou?z$%4$u;4KL*|5P-3dMsFaa03>)S{59ldT zHU_sR3LH&A_=|9#)NVMnVe?gZ&h-`(JY@k1NRmjkuoz^0af22wP)*&uwsPGP3YnsZ zwO3MNj~0URDVdavvqKBm<9Xg4d&>9u73^fCVo)frw?}vg%n5*Brv6UdpbFKtpO?ZU zG>UUd!}Kp@gQ?%t(8QSUMoByuejnmsa#^n|S|Ig(9?IRH&ED;HbjHPgLgNoAA5|e~ zX#s4rjMr{i+^G$dYp+4V{s4^b!A#u%b>Oy2EIZjuG>Ylf=a(26OSJ==Japg`gg^m# ziAKOWMRu6k^Zm>=7yQVCpt&%aN+N;stHvxts{a4_hX=^a_4<#NMvo3l7kvSC0zDJp zYl3Nn%y4`Rbzg`vGH`~tQft*h2wz#pZy1A!!9;AtJPSxCt0K^~nHTCzBPy{WOnld27Tndn5 zcP^QYV!V74;Rt(6?7{OSyw6uH1Ct(Bmhqvpt!7fXrk8Iq zD_BwWb8!A3UX+UjsXQ5-y(+&6dQUydxoMf79>qSsR)_1Ygi~b2I`q)7CO1GLOW3)| z0^?vE$^IC9n`tT3E8GJ~wndx{?J>zpe%k5Ip0N2eOZQxca58%{rku*U1M^-4p%DU$z>c&@~GM9N|oY_LS8&pz6=5KoB zW^2kwrXeFWySJ#Wt4&@C#+aYc{gygex^6nMkJ6845n|F2ZqNT1maD3fx_FLhA4STh zb^RfjlWsed5n5--TN9n1!{(2Z7F*-ABAV)QYbV`Ht(f zVFfSd8@w~;@NJy}lGs;u;bcwsCp>KQ(WAXwA_v>=#h_2s+I4~X^%;ppVj&CAJi2Pm zm1=yJ&(Raguq@pEIbF#a*XDWNEk;8;e$AL2E_xX9eGSP&f$)!B(KQ9vsiEPo9@}^2i*k9%R1$(w4b~pa-oi7_={ z4Ary*y!y;KDB|HdmxxgEhk{+P1feD2t?F;Y6<#Nj9GVe{oknqrfb|G&cD-Ab z;)k@=ikb_c5ix$3MlC-KtHfaAKCL62KG2;GMrLmLY50%H2&63cKzr$>zBxiF$>=xPQf4dOKicN4+Ew^8NfHa;`0q=F|+O9g{!kKCC7lJ z#`@s`0x>$k*pP{`aBcL1Tv7dqt|IYc)EP=qde6R}oO;QZ0go6U<|e+6j$rqB1I{Jy z*cx9&)SODLBn>Gf96W;Mj_U@qdH zX_8J2AyhhogSNnEBRzVdP3aVF`JYFgz5Iji&dR+gBCB{I>>#0ymAd+2C2G6DW;L>^zSGyCZA@* zBj0(|b%LrPPv-qTgcrAbbep?1?>xXCv!8_fW$+nVxpji*jgj%$gvdfPK<9 zU76U{`kv7Y-HS3;e=POiwh)EiBv$DJsh_{~vY}9*mq%580DUAzqd(0V7g1kmD&{xfx3Co~a}Q84}@6o_Q!$b_lBQ1yQRerM2(eQV_?iv*`m1N#di zUCj@CRf&_1yFrF8WhoY*0${&pNB|R}Lg99`{0~#{rW+B&*(R`V_);bub1CW8r(}@Tj3|8 z^aUogrgQ4e$GGbjygIM!e1ID(gx$+Dmu{vr*XLmCiq1KHa{}#H+z(G+DgxS74#9X& zJvQu!U+wRqr9r*Oq`eDjGx#bxtLIkBRg41&1XME-ep{(}H18IY84#OjHyF;Ck^qhk1#dLv zi1DmA%LDM295*2(7ySR3tYoD7%S)yd`G5#fs4-UPC(}~}xXFwaP~CGc_)x-U9+p4M(NeUf57Z{KU9S()Y5jV?bh$2oO;zBpT>R-(}VB2`+(^3HG^ug!O!T_pv@ zpR-yu`dF)>ZS3W9s>E&XZDi;NuA;K?{@Z|uu4 zUcd$;0ScW99r;s&UHzpjX3mV`f|!U7{#>jov1!W{WRY&L6z1fTkaD8V<{U@}g{j<# zXdstgXa(afyB_#LquY2&&@CHwZ;a3vFxi@vRP?fu`eNp0!CA6qaqZp)r5sFM*Pn4k zLQVmp6}~xC$F(zgiuLZrteDx}i%RhSB9$V0^^PfI(xGS6BfoaTktFBsah-Zkx(KDgz3px~iP zYWr-DLb`ggix9Q3M_@_borUF9<_RrB4?Y=0PO}|8*hDvM>H7yA|K4iNdeG)qGA)XD z0Ybq#H~qUuc}Wy5+HPPw?@~NB_&JuX%$EWAb-hp?-7k8LLOIn{$#J_| z0o)K~7Umd8dB2iZeLIg^X9N=XPLm zWAnb_YOVa;U8}U+iw4N~8m5_^CS>m}0<5=Y9Llse&bQ)vXAy{7aDEg=v9R%NbV*@E z_wJ2(+@e9*W1QMR5OHa-SGW;uiR5MQ3lW^H3<~}{m_m1|ZtNb_!N{(9q1vrp!8P#J z4Z^FC4kBl2gaYa70VMlYwfk6C_C6(Q&y-)3=@; z802Wxs7@1UeM$2ITLfZ)hi1WIZO%quaZUlf^MYb$q;9HEw$X<0Z=mGSpL4dztY0M{ z132m6PE9&EnWcdBFx&ROz`2j7&66xZ;${HHP|*Z7ngKRU{$)Rdm$qX|48(g3Q z7Qq4lS9C{lACJ0FEImnOS_6LdB%`O;$`?B5FV!j7;IX~@Btq~QNSHu4+K~1%8ykF3 zsT;t$NHspg#zxTm;=0z3D{1bN!aKTCtU~4L2kq`QPdp*rfmhO`tk!L}-l(1ah4=%6 z>flqWhw_49<3KWXz+@As{5gbYN46a>tF=(vj9%kb|CCwas%l?D!Bjb=JxZG!lR-_H z2v&r2z2lb%>`$#NT9XY!Y`yOTH*ciWuDw3)KBb(c5?IW{tuqMjXl7;{g*&(YrXk{m z{3SWFGPZP;FJX~;$uN>z=Lxoo0H=v2s>oaK|5Ihz>@1`jxpl7kQ07=Lo=)JQ`ERYh z08}Xoo9`8-N)ED$ahKtMzDWna}}hN_tLpocF0ERNnb3jC5+UZQeDbEz`2MA>#V-*nkNpl z-gew~lBiL#uGV&*EsOJJ*9M6*u0o<;7pC||j|br{XgN+a+2s?8fr>y=;ZoY4*z52M z5XjK_{UCM&hI$LNRD@u{a30T5AhkRv3TRt2EfashM`^cCnv!rJA)TXAibR>N{JItQ z`Wt(&P&AnMJKXggWA$o|t3xYcqomIkWrnkTapv2G-3`}Y+t4aQCA~e}kC^kCdg7JQ zNkMSS`GS3I?ItNJoEpLrANc_;kydgqXT|IV9rl zh<*E_tl!&e7!*C)YbN_w?Gru))nhAt#r6n#>Ay)@m9bOs4a>_Cb{71u43Zx$eNRrW z@_wj(4qB*@bC;Xp5N~m$1YyID#_2ln!z~LI@vl1fS*2;n?cks$wgyq{WB?!Ebqp`t_oVdy?h7n1cQ#W2}G*Kw^x52Mnj4XF(69*cT@5 zJ<$63ee4f3m<+}I2Qh2^_$re2-Zmx@MH zWk5YdO^8zp{^Dtlbt(VJFkDnk-u+)RcoC)#9Y0bIFbq+?L}=|Af{!Q@$jY6~n+&%t znd?);3%$?s*5~cG{qfq-^EO5lNU|!^>j_}~;Cgip$z*|y!bkOno6c5??O}hgU3PP(4>p>FG;Bv$mOo}u%Bn{yz{%l2@h8l>ixP zd7yl(G7S&Z;9da%C-w7NqAS}!Y2njGFkhHBjCM0+VhE|Pjpd}xcGL)eVA4{Ic$$Q?b?LIC+QpN6>Z_0N!;-MXJ&slIq+h!d62vF&4tm|5C0OmG{l~ zOT(1Qq$UC(B!vipDn(3wK2aDgFcYDw3b|VLPEwI@l&{oz1W)c_=s6ov5~sHy4&qj0 z!#^Ta3w;!}?Ovh~Gwc=CXqsBZ0zbefkd3_!u>}EPdqid4=%xae3q-@`$vZ0)`S1@` zo(VXRmxVaRkO8g2shQeDni7)>oaE?qD#4+aLd&{NS*Lf>ywac0>hI^ka&PrJf#-68 z0U;}NIDfLaRPLJ-6@c@Qs$=m>JFqyNVJEqGg7>RtdwC^N-tV+qa^8N3o4zO9|8x*> z6iVgrQjb{)?NHi&{mSFf90+?dSK{n`_Jd{Ff;Wd@!<7{Edj%hLGv$akh2Jy&`>e`> zi>a6mXO0oth4E#b5M;VUQgRIlltq|5Ugh0)4=j_sxi0T58_6tPkh2f$93FB;BsUNf zcy!%W&$`F?Kzh_@tg-~Ic_0qh`eAd(1Wifdp)VKAcc5ooO`R{nU ziHp*kpWG0Txkf3+;QI1^!sjbOAu|9j&$z$%L9bR$hRYJPzrhhU+wL*LRl6lfZ>8fQ z-A!HVjlEYZHL=#M0T^ig>IEiwK^U0U%%fL+P91|ZM748J*j7aLvH(?K2x{Ug2z%5< zju6(EIE(i*rxrl#ycc1i@}(V%u8XcIulmaraT$R)b%;|@Zzbuh?W@P*Tn-Of;{Fkd zQY%!upz&%&XysqMz+(0&W#}6e>#PS}n4BpSNFqnFU9EvcGOp9OnJ38S;MgjTY#X-F zQ%qD~g!&v&+F7r>p#ve>%mFu&KzFZv9;?pKc#KFRu{=ub#F z1S)eQLnPquGKk(%2oJw?D3E=)RJfZ{5iff}VE^^k3nK;yG`Z5HZIlNod~gFK zg5tm7qQ6R6hq45(?&KZ&X>2oFL!S*eWx7YwKo>;Dx4+s$x+j$z-;Wc z;I>vn6SbmCUW7?R`+Zt%$1WQX{(Q^2m#-9DS8w9r5)W5|`+gM5S}X{%Rw27GlNa0u8j!szyHIh^pqQs_Gb<>Q+6^Ow(GCG%*7}V8;(g<(v3HT zPum7?6llq2;yt7Lfdqjg3EjZijK(IEy zN$J6k;;=B{iR??{(Be8EnO(oiz%+D|WLW__#AAeU{=N5GO6P$I?qu!U7H~0eTWHY1 z&4OY5q|Ljc)9FL&(;*ZQRTaXSZp(!r!^V87?p z`z5H5E#uQ>-P2rDKu$Eo(@tH^E^b{Ftb4Y$j;L9+?WA5V!(>gD5ZqyIr(W%V;PqI~ z!=i&uX3{|z?iVVE%|e3O{fBtk#;-X4Aeu`5$18dK{Y2~7wf1z67-TT|Ikui~LmIOn%b_A70T zkyPNu8^ZhxZTN{Vih?NDRj6{V>4(!XnFxC&kIeo*3LfDYy1;B*I|7-{cR{!)g8;F2 zXDLd9(JF@Dn_Si>JS0sadnaIVPurt~jT@I=JV)$>?rYfSU@cVO zv~s=s%XWzttK_Ag1u|pL9~A>->v~D94(Xh$7!V}QJ&+nE9jDWRN*LVV| zGn7ar84K%G56gng(T*;Mo!|<<;MSILxly(HKmpD4bz^&6YD*h5`!)B4d*ix|t!j$P zf}7H9ui0VexGkBa5o+J{(VEuO$?^@e>2h?%5S0 zvF;!Q^z0fgu+SYAa!8v98{|4D323n?yJUqOC|4ii7h}nc)=+-D3k*F{-letK6K}T} zN@dRJf?Irv$u}oVzJB7sHPy8WRS^=M%D=kY^@+{>g1UXS3v)1QE^;px;)IG4y(MJs z-Q&)!5VUn~j~3>`6*3_u-ElL1PaHz}TkpiH2l*}NDlcO!rlS&{!nI5{MradiBCXH` zTnP7`aB-EIK0M9cEWGgAw$OsJycsyOR@|}##uh{vpJ%#UxVN~9-wRzNtjFg7xVG?6 zzMKD@zTuBXL!5ysQJ|EsF9-(A#wJte@)yr!&!ed;?&x5Dn+XqMq_a;re+${Gs9Md* z#nE1g#LtMc*BCalg-%LNNM%f#iFUAaOus?55vXg9i1le6vN#KiRC6dfQ?(13_=ycE zfR)gOMHk{W<}S5V89z!s*cT%`h$k=#WXi>FN!jZkwC0jU(slv)aP<=Nyg(6`7})tF z`}*8z^uD=ll?0RN!&U&WeDGBXVB`YsTu)79$A>7sdj_@M+cGRVy_#V$a=yyNT-f!F?yIZ1OUTNW@ zTVmK&I3fUsysp$e*3biHvB58FLR4(s_BwkA8ga?aIC!jb`!z9@M^8WHt1-zY;gHCY zbt*Tkvc)FaockuR(^daTZtznE{~iij)x#HFJq^He(Z<;XwThnDMnHUFM?e;N%BQK;RSK{soEYD+yGGAi zMD9$myBW%L=U@mks#>+LcP^lFaYa3u7*W^f5~Z5T$-eO@vzEW6;*lJXq z;s61)vy8=VA4tsrt2AY_;WlCpTwG$UVqF(J!p#tcPPoHRqB& zqFiN(8?jYm9ofMqAy`woyTN%{vLidgL~+!UKd}W~%lET@EyFF%IL3Qmef#JKRv>-Q zflp96X1kOo|M%zC_Qbd54bjVy{rlI^-G;};wO6)MEyB_3j8m!dyB~auGd`H#3-pdFwM-^!uH|-U@=T$@v z9BW(MiMo-N@qZ7mm!K6Ln4%A(i2|rtoBvE)8yBe4UT{>z*eHejG(-K3$%1cEX-^&dB`jEGI6D! z7IokGQbQW*i!Mr#9ab{EvQ$kSf+Ro;A@RNF{bj~b&*64lJFPwv8s9f*_79P?Bsl(C z%@$wP1fp44hgf_o|E!@-HOWz14D5bzS>Kt`yBm@x?h&hNYs78${o zB9J3Hm?@L%H`z58E}4h1KYd0e)-NkSkBPCx3d2l{b%+pF^D7vNZNS(2a+B3Ysd42$ z`&dnXBHNH#LA*gBrn1Xb51!8{54RM>nL-ty480om2cnHC@PGa{rHNi-yS?)e>F`+I+I#ysIYf5)rJ+@6Cp_0{SNmw! ziM!q+7wNEfd!cNNoN|@(9FCe_A)mZ*nQ;@{oEwb}M$K;0JC8*Jgi_RMHz^r&W?dax z^rJ&Sx0>3SoImOjQ#ts(@U22-$B&m+9mzXcs+Eg4SD5~E(vXL<>gfB0Unh4pc2}?4 z&VUbG!zS22cc+9j?@cw{yOm?dR_xj1`KxYuO?!g2AtRLer7Z>wYA;p8m%9{5z!n&e z)u*^k(DxLL^1n8^S?GCWj;)zt6ANHG!_!m@{TT6F{bqD?lJiS^hJoF9ffE zzaA3%NJY2(8b!nCBCUM>sLh^%(h6W$lk-CJ6d$)a3X;L-_z1ese7f)q!cx2Aard~cBsh&2(;ucP?X{O|QY`628KF2_Kgie#_7jv5I! z3V;rh4+%hvad%+W!)?94;%uI;0%I%@M1n35$E`M?lDxm9Dyn>Th*oVJ0 zo?-qV_5gTpkX)7BsoE~I|3geBn@g>n2e8o}47RF5`P92b&sx_5yhPe<#wuik?Dzt5 z=CUU?ePOz{zB7Xfz=y^EJHqBmm_}{qaOy7TDCiP+S&7p0CbOAv6$97ANm)C3v$) zlAh$xMGX$k)9=RKS(B^zxg775FaQ}yhEKryY*w-v|4Qi2V7DRw&chb;$mXGVV@uLj z&k`2|0905PlVL9{V3$MGz36tb>EG?a=OiQg8dSivmC!86k`fokj-gBt)UaXs5J{GO zUjBVf*~WCLRE#)uJ?cmd7l@Y4sP+k1HD0jpX_$}U-&t*N!B1u3gnESs#;|8PXp<-3 zT+D=PW^b3B!wH6g(E*K=O8))P%_AEjqFK~3PzlL%3Kgvw=!AefbHmYPu0JQ1A+{U5OBs^Vljp-j( z43i#91Hsc{yWO2OjhbyqBiEeCZ|Qi5c?FXbz}Hh)?v%I4r<&9IAS64Oz~HAzu0Mii(e!!pR*yBe00{0Q{le5omaKqU5KeBvzC zVS_0F6Vt)Iu7%RF4UBX1op_GAlq9{a5KqUBXODI{lTkNIgXV}s9p}?4rB+nL2QsW; z*Q&w8T0~XIQ5YQoi9lWhF6TV<{Hi6JGpusKX8bD?#Z+lCiLzu!XKg0o8G6i_TE1tU z%tu~-7DP%P1T2|uwD)g4KD}AOpX>g$V2S(Q@9hgDgq>E&57FiSUIZ{%s|FEW+uTJi znD+=oKf7P=Vij)HfnD;=ra~Co)CG2%@y1uD&tBGMW(;`cOw!&A<1Cs}FxnNb`9`dW z)SB8LsEq>h=hu&a^@K%_hK5|}R&3ZaJ5n61wlup=GS-s(p4&P#*q_NfxAhj&MirC_ z!h+kpKzLHVFF%&s(7Cu3gLv)d|8TTC8@Yrt;4nO0rJ$Soof-}UPsbPNXdl{fkVNa$ z)ceI*tk(3v9rQ$GC9UiM4r9CYXDCIo!T};8RiG=1<6k=))3! zAqXDI!AxAooZS`?!jhP44ZLtdL)~|3t#zle`<4e+0C)sCRW(jrK#VUCt^K*_c*k|m z*CSmm&@02JC#z96fOLp21F-Z>F^lx}!wFcXt8xx?}&v z{m;}C|J%;2XJYlWAo(CJ-OQ|0?IRI`B~== z*&8KBddym1o#;~=f_T2q&E_ip9qYt3_Kn4||13u3d>d{U9tuT0GN;tOQZO$wC?LBS zn(f!f(!ivR18#?2(fp6q`cGxPR;&0o?X_yLUcNR5^Xlza|KP3X0;C6wnJgGC+#wJE z@7~mo{oYTg_8YQ(BzhPP>~(|I@fOk3?-iC|(Jd8n{A~I?4KUzh)^p+*goi$e`9~?* z5)0;_@@eE!A0}dFkkXxheGEKXsl^v1|H+M9wQO`=$7*J&t!S84{S^MC9-hM2^rrC! z4aju^xBm7dRHCp@aK3$NuIUjXRMrqFL?@{kY&8;ytltuR4)<9t3^TCpX=;SbtBA#4 z{uF6pvCq3^X=1~bs&MEgLDP>{-=tw-b-{q7F;2&YGA95$2&AI8T;HnOdYYeY;;AI%lUrtXd~ zq0V4ap80s_?uKp)QiOa0Q_1W^>QMw^9beG*l6s>!gH3UT65$g9SCt1dHiA}GJ9{FN zk0U8Y*xl1d)hoU2NKz_3;=gq&8WUc$m_1qa?FbQ;%W84A6>E|^Y#Uf~>ZbEfel9L% zQN+insg#MAr}7zcgp2ihf9jsnuG_ zR%JGZs<_B35&_`^1WsRH94Jcdm#K}bW~cG@-hqbbtd=vj@TZ`!Vb7OPVNZC?g!x-l z{SLrvO(9&n_)_u%mxi##!%`BY+4`fSKqoO8rpPkO>Ps9WPcNmCHgE8``^jnJY4@i! zW9Qt22FuuWMDa%L)c2EepE%u)>;ee z>DK>TyA)~*79rvOpU;$L_`AxxP*;ZvY`lLPoK;3oYgi+F0vuYXvDwxoGApFF6jdo;~YzdrcfCd zcw3^^CsQK+5WDEUc|=t6(k9n=lvYD@Xzg`zf|xRk;HKWC7cAJE@SWaGj?4VG2Ma-^ zZ+wn3aNv(@TtO;{7OZFCpJ>VyAl;znNbXiLYw@I%uV51+Rx91!E#gTGN-hI=hnQK8 zABGyAYA5{tLSUryL&Up&f092CD$u{YN~wh&-gBac%RD+#D0^BwnO$9|3_%*-p>;`n zfSyymam%d>SN!qvmA;>w9dXY_ew3YbFNHh)wr}6=n6ma`gkf1m!$0+t`=DVAcYiMx4M=vN1J^mRgb{Q4?6l&+Ue?J1mJ@Di<*kHcLa%K2cGVHNuVX+i zFsek^sGD61t-e*#xbs22eJ z^;q4Xy7j@cZN{Nc0rn@ubx~Ts9pKO?i}@6NRxI$ zEs?4MsA&#}e=&zGoz!^BuydA+5{k8m%CEwJ_!l}x1w!gQSeR86GBZR#B9`VTbsx+b zuo%nzSxqhZ#}`Kz7oaQb=ju^lXr`kNL>gT_#KG)}yIuJb)m-46(P5Anwc>yM#w}%^ zV5=6-qM@EUzV=1nO&6FeAo;zBfXA)_sB}xK{c)mu*J2M=os);Udw<|YP=7{J#PwWJ zL82b4Y)2Y+HgN0ZCr;WJVS#(1!`^wark%poWMdNAT3`pz#OA&si!plcI_DLHS-7Gj z80IuJifTe%fLFc_#YrZhT;p{pFK=J%bAA|)0e_*{s>)*}hYtfU%tHTXU4ZjpI~pBE z{P$ZqM+H!x44^_)dxqL{7Np}h#lhS_h1d84G>#yO^2AGyi4XGg(j&~0cqY)GH5OydD=o?ioj z57sgDsed9R@)m9!63mgBCH!5rYBd8)bdbGZc%qfZ~w7oi_zL*Es|FQGQw;_{KEXgU71tZ`DTK#{Bd~H&D#ymn zHT}GDa;Jq=lj(YpwLQZY)6(z*zn!taewGQ}JEiYh$P5VpfsfH=Pj<(Qw1Od+bvf z0`U$!8)XK}QzVcm`vK%Suvob3hoayIx+l)4JHw%Qn@#%A?^q0GLj?#jWwY7K=uzpN z|B?}h^J;j#i3%DS6Pq2&!uUzn*<&!8OByXho;7W*hnoQAQ|^_Vp*Czu`oNT2k$8w^ zp61wdPj`|-CeBp+`)YIaN8?LV>WNF%yn&&C%)v+w(K`|6H+lcdd;e``JO`ktxznBW z`Gq!h;9!CE`Qv|NSV{yVjN%!LD!9Ybp!EU28QWnQ;fbKNY7Y-*=rNqk`&6X|RpvA- zM+iIh*T&|QdTXH)lKQ>U{*s6zL+}!JL@H8@`Jn%1LTno_2Tn{g|H$XK%zA-&H@vL-zdcVK@m8;nL>lMyynZw`i0Ai^9)tZ!}| z>f)ZDNh71e!QBF?N=6eh$W$Y>xP#+93fDmTaY-372dym^v_VP^nQiDTc)AoJG(WST zPj4uuf#=`e!=bOY(ip4ymD0F)md%%?s??5Oq^6p;>nL{7V8Iy5%U-T{`gGi5OQ&U8 zW&4<24`ENav6ffq_7=KLluH?NX~L}E;Eg=39^lf- z8P>PalIli^O}gmGLKFPG#1NNahUvrVAR55RPZJ;tQBj^`d7%mEb|reNc|;S+IT`4g zzt6PQQpu*dko*e2yj6Snw6*BSShAg6I=H^b)|%b9T-iz8H1$EwTcm<8ov^kbP4T;W zSR;k@7~5&&DA+Oen1a|hHq@k;?e}mUAHtwP(K^jJGbUmIY$L@%!Aqf5n29P?`Kle& z4HJ_caU{pT34w?9ZsfN_YYlEN9cr$F0*=Kl?>P0!lr6^V4L_-pomP@WgCw9WUlm?7 z7D_|1HNP(BttUqI+FTJ13b0hV63VR|!lDC#bFbTMwY-_^6-*J~-W>;Hj*HfeL zdbyxB(1@9dnZCD}T8uMBA8Scpe@Q_+GmV4c?URTdE2tw`)}vo_VkVbpPQLMF2RGNJ zm+)>W8}7KvHT8{YVN1f*wJ`hmAw3bPxKN6jje=j?k^}#38m?P)soSo}=b-DxqqFpZ zdk2SW+dSf=>%?^w_5mAqNZswM=#q&G&A_s43Q{T)kS$EARGl{xHP@7J{RA9yi(2E* z{7N^2g(N6#yuUlxBr$#QOCfwF2vOr>bC}%1g-Z(Ud6hy`{*)?jh~6~sQPsQZJA^5( z25CRMp1(HsUE2c)yn63*A7Aes*=ssd#*WADGWV+O|1Q3tMvV7^kZP92EOR#Uc&2$* zC3U0$_&}l#+wU0p9uAW@{aXllxDMO$u9dUtKNZ|s7ANuT=M}v1seNA#nzc`c9`*y>TfWH}CI7W4n6IqAr4r&(f- zVJOIWJAz0$wsJsZE9$l^s1Z@L*`v{e!yJ<8J8dHsz~^>*Tz${di(Ycq!&5@AB{b7U zs5O-^-+kIcWLyx2^>hDdap=W+b1iOORr7FX(cSNcILQ5x|FIRk^^HUM5O~)uLDW#p zbE?xpWI|g@s{G4L`yhqXR=k_gAxd=hnQpWHWm}i+Ub`@>JS_-d0M!`;Hg?1!il_xi zBgibUB2{N9jb?K^C($*h;^D&0;=UOdFf{DrQNZ*cI#~D*pa^#~eh6N^gxOP{VE~Oey*u2?*__Puq{pc&7`p`x&RjBZ(xnF=GdPBWNI`G6SO3R*-oiMW8hzsc(EO(p z6Y_?Vp9wHHVj)DpI>1qm=)aOiEE}){aukFR7r3guG=DSqZFvHKN%Z^)pQtHYAC~;( zPu}s05oHsg&B=;%+@CmlW~eD2iJQ45&r$i&`5%5K`da&&W0Apc4@RXVTKb@4QooDh z`hXsc_IKRzhG;C93KXCQ z3IYR&J-!(^dD_~@iVelW$am|bb8A*&UFpbT2I5YNDQH$H#5v(2s|Hp0 z5cx=(0@8XFpJ+Jx3KGpCpP4woK@Yb>qYz@OL2j$0*)<-+R@Xj(#nw3;{LxX(?H3h$ za}es2@Jq_Ku10E)Z`S(~OE!Z*wkpB5ORr>Au?SLc6`L3Lqt_Lz6f5eJ$@4BLhW>Fo z*!aq~rT?r+I=aRMrh!PxNek&(BR~DHo7)vtzJix(VAX{>@$!2OMp&8)_(41zjwq%i z-+ij9%pVIe>$zNMT0X(&8WjsEr}bg9bR`9~Mu`)RyX$z^3Mdg< z{`=ICevKhibt!~=s#d+BI}V(DN=yB%w*n1XQwQR2ivgx}%*|~*`2_I^Cus;IYyqZk z1lI~#k|=X@7^7p8&a8sfQ68tdE6R~W?s1SQJ}T4q){oFqA#WGm1k0uqBcsT>Ear`m z4e(6peFIYr_*|7fGf^JJ8pSUfxAcyehIPGIy1z6&4oZn$^Y#WvnM^g!0k?SE%ii71 zioqdh>4?Oc=@wJEvIKT~lw#Jkyvg6ufeYw2`s^5rT?LqiZu3H7%?_^V9Gpny2E84Z zSyCfT*4 ze=W|94y{wxu21@D|gF3!1-5r~io4HfSRKhvS9aV?NZHu$6f8UOhYd zH>MlqULvL&4yxb<-MjEXhSJJ=ltDe}DsQ?t`WKSHu6x1n%uv^DpDIm2)3PS<*pEZ= zP>ZlOar(eenTd3@aR3F$8cJh|XOVJsF~Z61*S<8T>qrLv(_Am92oKP~Ca z5NxL_F$U@8DznBjwQnOe8(M(bv`}qw{m?3S)uba#Md~ex#p{ z+a^OTyD1QAmwM30v0^zh9U%E}%zR^*-S8)ryi#FVmj{rj{CilLtV{NPI~IPg<+d^p zlS&<8z(!>?h6E`?(ppQni*I!OcT~_KHU$US7qod{rWIp9*nK!|g=|4;PB#GXr7+ty~1TL1$ z7-i_D04z8;H&{Y{KhZ?uot!>+8{98=(l5bx`qx{B%f=bo@ovSnE~xoP*mA+aZ?ubX zI$CST)d^3u*4j3~pv4u)NAAdUTm!lDSMlAC^bxFC5EE>GlWk_vN%*?7oj z5qOxFaACGpn=s+R;0_kGp7Q_ug~R`Rn;R8U|0lU%o`F;B_<59IB3QNSQ|!?|H*p>D zz0JCV>00j`pVNh$6`-4+?)D&207q=esa-R4z(--&DNBWHXY4VTk67wQ$xzn9;YW~X zSL5M)QJ1Hry#OV>aHlB-u*dic6=H@tQMAS9vwE965oo5{IPNgveP7try#aVt9vW!D z5Ql4pwk6Asz!epZ@*+Zgyeqypuls$`la3JL`?k~7v5Mit-)+elyQDzr!FUXKZ$z+R z4SW$;Vbn84^=sSvKbFD|)LKr}fbsXwQug8Mn0l4$VYn_oPnZJ95yMDaiM<-cC>Z)B z2Ds{@RRsHPk4Hc4_+| z+T2vsf^zw{iPzF{CE02r9yh5(|5kc@SVwp;h)&l;AA0qeY++gCPXw^d)eUnJQ&-BR z@SH|ivh$jq;ml-7fZ7)|x-EhRc2C4Sy4EVwb$KIEX2Q#9Y@F=r4j|yzorG#D#YaUq zTnZE^-?!#ErWk&pIecEtQBqWUP6%~L!-F@`-sJ1YD7w+1M#H%_dZ~VWQWOU+uKhdX z@yQU*x$Hxc9vCg@&_?_@-wB1@KF1{G3*YP|+J%_pAwK}{6c?-R1Aoy(pAh@n(JQr{ zo0be|f#Z4x@yaXvho&dY%pG3}7;@yOnSsRvZ3JIpYCS5KZi}E(E9MUVH*YiOB@?Jk zAH5A*#t{2zo!@MXq;~HcIpz9K{@ehg2nyBjWK$bC|~Eb{D0`VWnLiA zUTn4yX_nD<{{VO}SX+8SvV>qRak;bOqZQZFbUQYZSs7!*UJzRZ9-h z?a7#Us7+l-Q|mdSQlU8Yn7j#*GnddU0Pti6K7xa-JS8fenLHMh9RZ>Jsy+T%2MA;0xvL>HxQ9v_j-ty!MB3@tjyR zj5|F}556~hXG7x;pK<4px$SZfSip1IiJA&iSUk$~vr0msF}#ja z9E9gr2KF`5Em$w8gcJdvc3_vt!e=>EVWG|>$$6MRSH!$E&g3_FM)S^HX7)e2tz%T( z<4~*p@6+>3f|~3#Z5vbtL2wW@9OCaH7`{_-B1|M{#zl!<7Mr<&)|iV==Ns(k3^FFV z8{>(t|0LbN*LHHId}H5*)eS`-oo?h(#*W{R6+s~1B{I;-LQKu@UnIMZ&H_aB$b2bs zjPMu9Zib0!>tYUel2}iP>{w-jG)^Uy z4RJSZ9R{G4()2r?v;MpIYcj~Nw9yj8!hZaeLspat(wBB(v8OAfkAW@gg_NiN@^hWi zP~z21w5+4N1#4Q|Gg=`O4bec!OyzDPMZ-4+(uq}1X?nR*>} zlUHFhHJGD>aNxBNj z-O#E1$o2=){fvxZt6dQve9~j>6<=jCs%sWBx0xM+khu*xp+n}4>oss}H^yI&l=Gtb zNSd~9ythzJgr5zM)}Jj2ob7^VLKkuROrrP|Bb=T=h9x2R3AzN=qP7T9BlT&JyhKH- zDjKEbJ7_R*j4M1FmwI)3Ro=XmXHEuO@r?!H6m02=oS!eAdOl)>1VQVQPse+diLZv{ zbU%&`&fn0x7D(K0ITCT>Vv5q0-OrJ*vQ>;NI6Z&^-5~^U*B9pMT%2N)cvgvXI~Z%$ zJwZ$X1qSS0*7cFSX@rQ)=Sq3P*&!V*FSrGk21i7&pPU>a9n`7V8u@>27k$bz7(J4h zH-ig>Mz2d#|8s{!X7E7c3z^MZVFZAskK+v5TJaZy+`|2jKAQ^i60T~V3r$DVOq_8? z0ci87$UBB1pG^$r3`a>zt2W)3WQ=F6`A~Gsi*|EP_^>jwto|xx2*u*j z?aI;YCA|enLtB)0CjEi>cXN+f5U*3VS5UI~%3gp<%xLeObKfF#c+vpIw!BvM=Td-YdF}f-}kC)em$x=;Ij93^lCPsmyR2t zs5wA^zTLUjW9u~4b#Eprg!fXD)*#S1Brg^Svh20P9;`c^5G9;0&S z=8A~FoqObLm#Ztf6uSs0hl*OhVe17OsHSulVP#@S7K8^ExdMyAy@)yoQaN!ollIbB z-SM_Ce>A>!z|Sl8dg~u!`==%HBUWh}xr;Y@WX{_G)k&_*`SqeV%$+d4jk^KfUVe2? zcv)djAWLooZn=6In=mV~8le{0IkJbUCuilO2~yfNooSHkE*3S_Md zqnqdrCsR}$hgpK+ibn2JHtkZWyknaC?od{$gjl!jvrJ1+$lSHkviehWPTK(w`~p8W z$LOc0c?1^mzq_zhbRZ?H9B*WDE540^YM9oKaVMq3Mh|XxK{d3JSdB5Ci(ezvV?DX% z^Ev@Pdz%QSnLJWQL`g?--tC}U0d%CF&VfM=&XgYF;a!_%;yNZJO5Q>3e^4rDPq?Ly zLATog--PCvErr_g%d$A6ieIQ_fWQlgM^X<7%?Mz+taE?{l$ZuW+S9*-Q6}AZy?ZMv zmvf^t68e_-p3S~$(X`4Aa59|8BvcPhL4GwI@k4ltSt=gxX3Ud49SP}|-0l)uw3@=% z4IwY1_%P#^s>mIs+|p z29`zSi(voX^q}S9$bqIJhNb{+CRy7-JmhvW62tz90*`)bWq3A~3beIlm@2}1m?9O^ z&a7nE@q!=~<{o3AW>56wSUR{Bl10v|JI$)w2S)8l3XIkyAT__T7Z+LT4%;<>$Myk6 zRlgtkFr%1s`;g8y$wP%qZoM}LTcqGuQ+0J2_`&b*iHl#?Z!Z+2QVf_|u?4*hsd7S1 zEbjk_QPKq0eT@3T(QC^Qz{cr_GC=+*OtPfk>8w$OTcRv5ewdm-8b2Hd=n*kx2|D=J z6OB~lw}WowzUa120{cXpQ;BeWqN74e>sGeMZXH{^<6HSEB_-vz{|}SR)FM4P(|!A~ z=Dl;Mlf~@~$bEiYO=hUn>bbkpXBekHjh-U`H?M_T8-j8Gt6zYuIRz@kF1@W$|4x*R zX_z)v-v^AOvAMZsK8B^&k_mEZ+H^7=zwh?74oaf8*Pt;jNbsE!&Y@;9m9b5RGAW(~-t zjI{jv1FK%E#1@u2Qs^;L7YT^vV@=oiPe9r?mZDj&?*+tTt33tckeFxe&hFJl1JhE)UBs4AO|N zUn;b-OkBZJt4`)bx^ne{`tm2q}5k!1tt7Mn8{P7&m^7pZYbjZ@t?WU-uFgP?1X*|gm@nzJE8Rl8< zw_*fprFbE}o)NVdx<@&a=>^?a&`XBbq{@+@4~Vqu0_>?cZ~iY!O9^HPMKljOW$_N| zoOHXj;dL(Oyo4_>PZtD6lNU~nyAKFqR|gNMA-W>X-8TSw_HIfdsG1`Dmafqf3iVKE zx)rF~(OXqAH)vZ#fD)UA@yF!2r@=aFf%7R-BUg$Ab@Woq^deor`f?I+an1SlC_p}1 z4?+5~*h(VGGdQwM)Psa(JDBe0foqI|Qf%)q(Q)88Pb#$N40OY)%bZ=opWBq_0jpDV zW(~t-D*o0CpOqN6n$QE-Kq&AE)uOEnp{Poz53>_Hu`Jfd;7NW!do%N`e`}d_-Y4hV zBrc|^71hU;xQbzmuY#58X#T>8d? zBsI9ezvc5f?t+x>#S>+0VI z7hJq+GzRWzY7o?>Kn6U@H8F`5xM^D#&Bq`v1|qQU=7KM{%wvstEIApkBt z2w!m_9{mxEpr@zKRdh`6t65}7H^=xA`-`Y@f!(y>2@mFS;)-t9KsJ;QQQRw< zVxErd-h~!@;~@H`e7`lT@!Sdjj&x25L~ibK8GK%x23+i1QkwUax*IA>HeYgz&`RbK zxOVs=OoJI=4DQyp_m4!Dwv||lWvS{sf$G+UwA^uczYSMMZfy=(b;o4XlRuvQD|t1+ z!#?{b<-M17Ck`tdqiERh40yt`V>*0Q?Y89TvPqUjV-a)kGaV%nPnle~&?z}kTu_ie zYaF~5v??-q()U8~QX*%zENsGzJas`NA!JTg)MG?h6nPjNc*gqe`mDWAQA9rbY5E2{ zw#miN7HXtqAUrpPFE3lLrixCds6w^okN?FN)LqdKzhHde#vDH`OBm@H4Fbm4!uG?Q z@I`{)wuAib>l(Q2JBxj?dUA*7jbkT8r5vn_? zMsQNBw#!_)*&~j^Q4HWUbeFu(R`C9bG35FBnO$^#>Tlq-cGRq@#R=Y0{1R)0<`-8>}b4J{AE3vebVH@ZM))xcCR z^$fS3c~uC|OJPutzs>eV3^a^&CU+y<5VtQ&XOguxL9`z*Wib5M83aSRpoA6QAhgJF z4c9Sy4CI0I`Bf?+TGc=%jQWpY;ABT9eLAGb14X+SyDMzRKw~OD`!URe){pHZQMJQ* z(#EA@ATr#|&7f=0J4LOqdcpn(Gx&YvW&SOX1VbO)Y+m-We2hsEz^wq4jAHBMGp0Te z3F;I|FM9p{*Yc4JU%J>$fEk!-8h^Cu+ ze5?z#t?G3@F3HIP==H%jsv{j9Kdu22xV^V1?!AGC4mf+kVzj6;SFE31YMRJr7S+4~ zqrKJ7^x+Ah0ME%}x!r3^*5Uc@yy))4LbFz4!zG$+mN_irWHCf*eQRoN=ej*c1@}ti z{l9=XsA=+ay@jJ$LTvbIXqcI4VUKQom3=mR8q!D-Jh*9Jsnm+f3Y35t4oFV0cPni>0wCG&3*P0!$0=54gBs=s9$Nvof5$l zU>0|rA*@I0IQH%3% z27Y4wf;x!D3!-D%MWn?f?H=`xScgE!Jkm1`#mf}ny*wj$dF3bh-|s(!GHcu2CII2c zv_Yv|AC&&Jazu}n+fSfJ?dU=$-RrsEg6?Hm{tXlqwc@3oH67&UKu_wM*U7N77Tk!Y z@OP>3@7^H{q5li+n7ci=7{bP%WL99)-`9*jNW#ZA3rQ?anCh&?y(i3#-WoZR6ka@2 zZ(0%aa~0fRKGI}XuuCj5u$2CxYK3|+5~FVr@&LA=XD6A>r)JTxKCW>=Fbr$d(Z=IS zN%jeTpMjLt=wsxQ%*1@TWg>atA1VP%yowl)#sYabeREy&5g2{+Es;v3$Z854L^7a3B1 z=Rdx92ex85pQTMQzlsIeo*e1{H9#!m_M${7X)&^~%?y2DLR+Ce>i&6>*CLamXX32C$}k&y!)!FhQRKG*?LHP8eZmp8g}-P3u8(> zZ8>FhpQVe?A+-(lg8c?Z>vU<%E_-uuxreAJ7sBAKo{0iP*fhDJ8QXuB-BRL{^a54`i_( zr83ci`a+SLEMAm|Dxl6Fb-bYlQy$7y!*JD$MSB*1)feAfdsl-D%TkDw|G-kS5Dq~e zT#pB{xleT#WDlFULeaXbp_hQR-bIeiHSqS9o?g_vSzJGfK~~F48F9~kAxC{E|4$UD z!N+*5nL+q9(berl1qXdb-ijgyXXlrk{4zDJL90?2phjIsMLCkYL;`f6YJXAJEclhsk z{lXo|VaF^TC})GZ4<;o2-VHt} zRv+SK_tyqcElq#I#soeA228Ogdy;bTjP+v>xof&agxnfKF|nEpfmXIh@7z{Q#69$k z(JWC_Fr@)yvw88V%-(~E*TLDK&Clc~Jg6_Z0IuB{3EHYM71vU8z|JL$evGj-Hngx6 z>T}uN2zlsR769QJoeG0|;-ZjdxushI;h*kjr4G_GsFI^>K)dbuXrep4Npi86h>zd* zVP}NymP(aiYOMcKZglY738)mo8)S7na}o3@gACt23~cG}?yKz*uaq(INJ{^KgNOnl7PXbw z!U`Q3F6Qu3fCQXnhELt@Y0&G<_2D6DnzAE~+Ai@$P;G)4MNXi-T~Pu8Ov;QcMB_jl zFJ1N4{MNuW)0)^NpF3OM<^U~LV^wYuAVl-NW#PE4dtwT22EzPXXa5uW5wT{t2Ld{Y z63(rF#mjHN#4g$#_Xkx>W!kdm11Iu~5PI;?vYN_0shIZ121qQI+o#w&hHSH?)!t{e zPo<1wd*g&a2WM^PAtta0u`d2I|+Xj{_THZtVoH;EH$ zS9z6 zZ|!D7i*M#h1x+Z}NzF14-ZIUKp_Qgo9jBCe`yzXgP%O0&K|Q}h!;t#SW89%Hx13}p zeLEo%6)HFmKL0G8IGsAGFM%xqBz30OL_1|#G+-}4x-=x~2XSY{;~>dL<-|s_WSHY!eKB)%-xOVhkRZ_7kJuDG3;W2?(bMO)A0f0%)uIq z@A}Tu;|W0;Kg0Jr>mZ#<6B=|TAT1Y9wF|QoA7Wz3>~ET8)Q3>T5e1;yq{w^|z1pSQ zr)vD4vZ#YhrOD?9s8l3AVDmUGH$igndR`g^6}=rxW#PgJuu8auD$9woX=O9?0iin3 zFWWa{XnGg^O8#f15yXOWi@4~XK}4*}?_*~%6f|Q1+WEiI)He2iY5}R3;0R@$g?wqt zYiTNV%A|;O`C$R-DCcJKt34*5N2k^UOMg*lhOLW>C8#2BoOV+E z{Cd~kOWhLzc_~{f0h^O_#_=n=>tU&#$g&)F)(uBeLC!HvXOF%EI4Z^GsM>)oD~~6q3M6mY)?JNxgKe=)`a-^eqc9u1Je| zA`IGm@6L8*2(+nGavwRalkaA6+-%N?+|tNaWHgl*L&c20egO3hz>+I%(y5qySB2^U z_Q?An{Q{%LPk8Uh{r`OxVvMG4a2Jr(p_!)Vv{q08!aj#9+yX|(<6^5>N=Ye74I$!?A`D=e369pq;P(9G?plQ}6i9nt41XzRyU8h*c8x{@ zZHl-dSA|VOZjo3gcr$&_O5v4m7flE|f(1Psikje_;p#c^E8PyAqJCC2OTKGsm6)Bi z*7pWKT^uA^$cF)0JCFe2Z*Q&S0#35fygv4@ccF-g@(alDm4|obqbf0}`a9%;~!KD4!4L~S*)~N3?hycaW&mt<9=S@$+?hWb% z;^E=5J4<|?PsP>hx97(Q%E_g*)TRImgpirVr6@y|B7ESR|M96@8h4)QyhNZ!cp9WB zFHTgLW)~>|{pCOq`&-r-k{(vsW$R)jcW&O%-$(-GE-?z%lI*>k-CUhYc4@!s1;e(o zxA0yHs8?AMKr3BjHhC5xL02@ayR;wwn#xb20=uMTWl=3s!`xV*3JD(nOM6(sI$P2Sd6YF&sswbdIrN^;Z0a zkhGALG(&lQ$LQZO>+!~=TsRb4TcNR2eYCMC;wuydN_)dlko%7>g30HTri|M36MaPl z*MMrITjmPSW=j1s#hMTh7e+f)tbsb zjoRM3TPWZoBBK>DOexD6|EYE7_Xi(|AeasTSjB_UGnH>nW%LiZ=M7Ja>bsnK30@_lj}nLKP4ciP zq$MwEdr1_~ka{6xzi9LeGlFr13!9+45K|qJ--nbwOAW`aO|ybD^kk6(YVxtUzYT5U z>DwS{w&01B8WNxhGuI>bjwiS|*|on~&P9-BHAxq*O0D}l6#5Gl)!J5~mC;O(`Z5F9 zbz$ZLuGZFzxh&RNGv>ucpnuL3xrLWE-EaOUHcfnIoI+}&HdAVt5i|9=4kyVxa;rprq^nC5^%x`8yD%{Ert^-A%q{6@7>khYF77fP z@u<7GDsK?N1i&4y)O_FcmoKPI)}_c8ktLvv7iNCzre1^kh7|AW#tww2@Ei2*)xJxKW(IgPcw5|0FI!rJwsUv zY=*biuQ(f7b=s?yy+iR6A$6?Oam98khF8=4yte%DBBDC!L)vTq>tO3qIeL9wF>~te|Ry-(jg%yHl7CsCp-akcS`} znGP@U{XaIB>^XrwL?5IWyJI4xd)CrRi#E+kT;)Gv6I^%}%sDhoNnZH5o#C!X*gzV0 zjquzl6gnv-chCrSo5UKvLL73++ljQkMAY0DdB;4`+(2!X3ic1%Hc_-3e>V{O$vOfi zo1S~aT%^IbESWj9Y;{aZ&pH^05b_-ZClQ-C*yXYlHoT|07lb3h2srfif7t>eVVBuQ z3(D%6SCgvUDo11S$GUP%LmbuZ~nk%bFOlDhxF zXiFDdFY5y`lS)JzS(lex8V+>T#E9bt-2JO-fAZ{7PpT)_?-gyrMe!q{{(-ou3B>o- zgcM2`$=Pk)!Fw|K5RHsPbxjJa{N|(jNSHwj z5^*|J!l414L{%u2kR?sUCJQk;SdMoU(s~*WJ< z8(rR0&qRP|7~DG5g?x%t{A}8n>)1$g_?Q46|)FkG}JKfg1y*@nR^Hn3Y0AN+jQkpw5?}jMU$r!_u2XD1foscZ~0!L5mmeFnV zWiw7dif%~|`FuZHYVD4D>wQahW!M^FyroOYo5tkJVsaoCzXiOfJZEi%XSv})(nsb~ zOw2o<77zc8j9tLmD|zHJfFfrO?IgOCGozk#M9QCU`*=yGRNHArHvavl$B01vjUc%8 zzp-;UUZYVWQ3Rh)((`?X>#_{-oq)`4#Xw&SKAu*IA-b4`VN=4rlx!w;T2?<*mT+3Y zcg8fwc`@dVLxRUvXiqEg$sl$QhLPW_JcgR+-e1oJiQAndszsEpV}<0ptKp;r8KrP} zxMh1_@3JS}ll&$#HoNAg-!S5IBDB&AvdE8diR0t_Ib>Ye%|HT^k>3!ijhkQ^v}qf8 zGO3gplB^J)E;s;&4StT!$z%k-PA{|y%ULjp_cfpYp3Op~LG5*Qn|ZkwqN>i4bbKg7 z+w>q9S7gsYQ^)btSA(Nx5nzw%udyOxDiElV4qCH8ef@|G6MYco-6fpC2vYpa8^|Sa zJw|vVBN`VogQ6cscc3f0E!HX_D12>LG+K#0YbkcS?VG+cz%+2$ZkuR6bXtB7ne^Ot zd!fvU|<_Ke+;z2vC0Ks$hRr>_+ zyo{4?lb0i%kz;w`OK-(_6@OX0thtf3AH*nV%4j-KJR|E%w6pVkJ!mQ+=(0YV1( z@H3%gfKi8m;ETN=?7A9+=f+ESm_gw5re(MjckMlCGgxGi83G&W@&Vwe%maM~aFWeM ztx}0lHHadq_J#0dbeV1utVk+H+PHGnt!-vs%UkE!5?;WLCiwL?S;q5=%gk=JeAQPX z$6=@6fRi?Y5-RLCtYy~@R4kl~Ed5!#y6L#(#AHwq59Ua#>9L6)FWo_ri`X68)Yd(r zsCH!Ys?UPd4L7v~H~*?lw};dxxrIZ&)yQN*V~gmHbL(O6Pqasop2!ML-uV-kgkX_-+5MPO%_{kR%E&1pHD#!ROB5!E9T|g?$`10#Rxv+( zjXmP^S5=Y^)nxAOW7LLgs=f6@d)q3c1;k#X*!oA2fryIFx)4Sk^Re_U4Iz%{|FoUM z7*e)7V306>0)F$q353Q6h5*nd@b2BwbVb~{V3Tg7Xhy5F#w5TZq0AbZ;BnEY|NYC0 zVQOM(I2j2jy_L3*Fzqm-;uzx{7q@h%ZdtD}@(w7`&lZzPp&t-J$l6Gl_z^}mj)#N! zkaXAXRdvzvLh1a>x5tH=-x((eDS$H#N?}1hMIhdryl6g|@W(I&_j!T5Qe5@u5Tz!E zSh3G`ByRi<+CeNHvHTg)3B+9d(l`?tXAhEqlFL+Cb|sn@nhwXj91%6gQ|!0J;^E}{ zKg4bDHYPWZ(gSaEZY^?KY=x}8-|#`RmOuvAmvLP<#-DX z;>1LYD|NO<2r`I-x)k#9b+0vpDYzajS?{wYf~eV0u*<)2adv0OA&e>K0!_N5{%#sf zf_eTX4OTi(i9YTeQ%dg2dHFh}Bn1V--AU+w5bOnWAmKxDuFamy1dYirR1H@plM2?t zZ2m$KZXFc5#wCXmc(2{7p}Ar2TLkS7>=n%gPVrOn#x`C$eVDs^XeEh!OkRnQRdDj-sAWQ-C5dFk4_R3<68`&xESz9Al@*j6XA(KA&`(j!eITqm^D)o zy!8a^d*wEB3VA$4W*&Z73T8=&15Km`6@1?^#xF-KqW|}62?^?>z=_B^8-xl!Vabr% zC*#CuFAZ+YOrxaS@X1a}aY-L|~H1$b(MMF;O4Q%GMGm5GO1UV(7 zNr9v};^n#z7EDk(!M1KABbjz zt#!Xz%BRhEKZJUdMv_sUOV)Om7HHlKBE3bmO4IhbMZ*Zl{lC7vPB(4in)5b z$ii}5o$3%cp~m2MP6-sc1f`W)8)SdT8xqT_=gtfwVNf3Gxv02%UO&mhX5JuDy$~{D zj?5dae>golJu!nYonIFBSSo@>sWjrl45~*nb*n?xsSRig+&U-q7h0Ywf{<<61ouSj z&WxADXzy7Yg^>^f4{yrNe9aM9EK&F73BGg=qJ0k$fniHtlrl6@#NHm|zGJ?L{_a<8 zqSEvE4)Cb^P3&ugFfwUYw|T{cnu0R?*})O&(=wZb5`aV;U<7?=HcY(DyV;Jy4$gw@ zjZw5Hc`Yt?@OZ_FjR*=^5YcJJkp&avg?|WHFhr!>wG>`BCN=dWec+|7KTON=id+p* zp0*hiy8;}OD#J>>+_H@jBI6yArzudfcS-f0?P0UqdKXql3cyqO>qPen)*xy5^m7u< zsVQqE%9A$Pr$cWppzj|y&AdJgNrE(6mdj7Lqv!yAx=?S9XH)c$2oXi}oMx`k5b30` zes7o{&{;M){R)X>4boG!AG~qAtZiVv#?d)AVP@1PyLC-QU(TQxQn*;Gibc&~$z%kE z$6Z~q70YPweY3P_*Ua;V-Ip6$xnKtvVDVQb{%~7kAPFN#jafZCvB#vhYgrK$5Tqn; zsZTZfeZ;Chc~c`k(C8A@;sT)08uSn-+{MT0buZD<_xe97Q<8w^jEJ-}8fX-C?pm%{ ziH~R)0>94}SW`z6h*GS`xg22$uo%Jy_B$*D^k^?cG26Acc) z!I+JrZfS%;0E`*-P|H}7h`>vz7D?NmyXVYzLC5eX?{w$?3nqEEsI43js$!1c`aJNH zG3-cw<*dHnZl4(Iey`I_i~U_R1g-K&EPQnAYCpx(NJ&CVpaJY2Terl3`171RKi|6w zk5lt>K%5;-2kNDwow|^OlS<6PDc6G!Y5R0kLpr75P3lw{J%S}J)h%4nQQYj`n{B2K zmnaM!cEzL<2de(HYGy*y;@u0rBeI&N$k?0FtH)9EP!(D!2+Ygy2|9uPpe)bwO5YzK zN%;g(OwMmTjm5@SDFJn9*j#}U%0p$3gf`G9{C`BUzaW@29{YeEVTqAL9Bct^EVr7) zl5N#KiW1m+q~t>Bu{vc*p;NRGV2kyRYtm+?98MSUqU*~JP*kJ$c0~zeNgm^!Sa

FZM67%5aE4pd0Z{FeVXMu~Rf!_O| zd3J9{HpW+b`+!`83=T>!P7dS__W=hZK+g?sm<%&14B#LMAwca82pVW1BTP&L1aM_2e0_ul)MJuJ7+ zo68*$Wz!9`36*$)IS#6`TQg9W~%zp2`fD=Yo&1}+^Ro1)`*modFy zu=anelzD*$y|<+JU2z(95W!c#p&lbhnUbDuDXC=8YXlobi|S@`;aua-jMRa%A7GNW z8AbI{SF#v->ZBl{Z8RA&c9-p8kmv_4xdC&>=OfgSrNnq4Q8T%=Nc4>uxd;Wx;hoJL60%^mnrWh#aI$8gQjyx$8} zKyelKec5{?_#|!i(0#xzMrFYSE|)_tBl2lZYUtTw^hr{OP?#15CiU&w`Wp z4JA}Ep^Nq!&&<+FVyuwyxSC6;E#N9%Y?x5)jb}TrM1|AjXo& z2+xYIMLICOgT;StU`ZvX3nw9S5qv1}gqPc;z#BSJ<8^di7)b@F&l3Gomsnf1e1*dc z8wxi2n`Ea8;=Q?)U!lYl0Mp?0E^sFLkSOZU!ph0A=Ba%LI_Ghm>G(-#lRZ~G&6*dx(e1nJ8 zF2_V*w&?;bvo19Uj}}77VicU;VE(SI$Fhpy%4tM^Q?L1q z&X!eJf1vx%9yt!F_C&A!cVhPqsaG#rx zx^>=$NbrfjrAd*IlZJay@ac&~3H!;G75Y9dN8y&{SSt4^OTKg)5TCaYXh4kg#0}Dy)YUb&{m^xA^k}L10!O@xrtng$3gs|w} z0EtP!5Nd~kX)Zl@f*49W4AklxgjQ&Y!GiemO7;AP&!j|ehquLU8VBX@-nYi#;CN*O z$o#==rMJTk=c%wfkqA;+Z=_|`OqsIjE@3X7jBiC?q{W)M!QT~TJ%l&R^VyM+`YGc}$nHu@ex443({m7j1R4 zt=t*Hdjh3o-m(oB?XEiiHkEeNZ5jvW7(5j%F<-UfJGK9ycde-N%>^$8otg@Vq*s*( zDG`!BtTrjg%{(lgfc@U4<)a~<9LGnc7XwQnvS_DXo508#(2F_Fl}xJL2NXAw93`)8 zV>g3hD^(9R@{c{ywb|~k)k~QUt-Ej_ckJIGD+0mxuCpuFAs7sFMaP{gHb0W zC(9?8vMUCFrGn|E?LVWXS+iAOEOtwB_0tR+i+CsZY1W?Wp z7=FZT75HqjkC>{WNG0U{1*&QZ6T!O#IFW;d)b&UBwsD&%)88dRa;W3m>T~sgr06Sk zfPXSw^dmWXV|a$34&B_s^}K7OdxrT$9n0Hw2zCp@MurFp!dn~-z;@L&w*4rZiyP^8 z*E1_eYlwFn@N~~ylJ>S_3s%UH0LS1~gx=F#qSa6g^wU{DOgZPWdncnKusV?_YeVU@ zkWr%n7Ha&TY4*kGEaTlJ$-V5palZ<6D9ID_|J@}k-*Ywc@lYynnn7{zc9Bpr$a)a- z%Y|7F2h(SmfWFfMQNV+9$%!&vdi5Sr3rQoq-481|h$DG<&a5)Ys_#7ueNp%Hq7LAV z7ekusSK^8g8E8bvf^xczvrQTP*H_VXXHpJA0_gHF@Vb8J|E29||5}C1QNi6sT*pMa3mhQvUzwC*GSP5Y=@Xejj-r@!^QsTy*y`RU9udgMgN0Da z-q#51aYE3bno-tK&^Q{ZA3HBWI9L;TTWYtD(&0gUp>Lal<--Sq=+*Y;!zntsH*k)q zHXoYNWG?w;v9^u%CU9BiH*^NQZA6XxqT9L8KGk#or&0r&>Fpm}IdCy5y!7S}DzmZB zo7`)pjLln!ZVZwonzp;TFa}b9I7zhM%5tkCw-nICo{P=yh_lZeCV>%`&n^NL7trqQ z@1nT^$rIUmIQvdq9G*~1ISvB7^fEREv$h~z#D9V^r2n&q_YzF-oDOWO&E^hXdTci` zm`LxJli)K%!#u!CRZZJKNS1_>@md}gx$(R40L?P*i)A<#uiub|3W#a z5-l3Ndi>lI$HA4bDP%Tk@9v6yBe0cWVZ{J?f%zX&*1Ka^5YE4-Kl@`n6JRSic_U%< zqyRS^C?uTLhsyZ*{JN*SUJDgn9;{S0v(QMoEWetyepkv5FURe~?Wppkp9*` zga5F=iAmc2!*5l%gjbnIf@4I$-U3ccbQihU89%a_yf(DdAK5@=QG+C9 zZ+I07Ni#>f1J;y`dEO7*%&77ozQ%p`+P&rk-}LrC4gzamKaGrX zPnvXIWS1jZv@;q@om%B1D7V0k-8j(D|IY^`Sfsw5ZtVq9{#Ri81Qn<#Wi*H7@H=m9 zYE4`kH${rG?gK4=U*;J#+fv`5?zvlA(&)MZB3{BdljV7K3T=*)=XL4}x?4lLnGUz5 z7vKvPaXGkMLJ>%kzqicv-#g$>uVVw(yguZvHZ^#VtOKZhVKCO0%1RJTok|$g?6(%) z54#G4`;iFC9URNrLG~TgTf4d1zY6sdpD5;Lx}f!ca7eT{s#H3PcmX`+70oB4ggkoM z!Ely52qEB|lkUad9B}d0E1qkDD=Keuk8rD(G#n7z^n{OqBjY>e{34D(70r30 zB1VSMvZIb|4=U1R#^JPtrZ2bEM)knNMhM)#VtTjo?wM;V%>kss+O{QChYu;~1z8pQ z${Ew-hC`E*69HT~{YG;kp`!l-o+?k5=%?x;@A=Vd#_H_-k-wTZ*#5)shZ9ly{)j$$ z;E0W#dya91B%Bnl>l&SD%)*3Vd%x*+l-Wjl#kpCP&W*&Gv@XU@nY9IrI7=J}B8soP zYd`zS*O9FQm+CVLKzg1&W8aXkPSWVpV-#jw{I1Wmmyz}Q^6f%0I}^D+3xu^o5Ea_v zDL(%N9|_0K`>u+m^7;a;v7;LJle|>W5jgU@7CGKKqBhAQQHZ9JMT=9|`SuOgYaXM(swVRB;P0Hk%Z0PnPfFsN%oNi6kZ%>OL^7!eRnF22!vh zTizOHtCeu7>N@ZJ5km7~5$~#_mH0|B8(I)Q$^Qup)h4^4`;V|ToFQVWp)(m#uMkO0 ziXBZNt0Wng-*O&i>{^I;Rboq|I{vWfqSpZ$c8*h!mV_9i`p^~C?Ggwydzw;m)Tzim zIr*BrhfX5u{Kj)yF6;0woM+G^b+qiur4k;yj_t9RI!xTW%gSOJEAmsxEL#^F(R?|1 zI)u`k<6ck9(C?D7BrGZJrL;{4kY1_9(n714#+SJ*FnVGBn4WWQ%e}?PVmA@7jQUPH z2hk%ZQTKjVJ606n@yp%RpD;Y-@=4@1@!&|fd4JJb%Tr9@=nX&(jrbQon z4wup&?zf9#({ESgF(0&+TqASRln3|2;_xiPrKz}_Y~wD_iVr^~{3SR4Ehgb9%cKh?rWQDn4$#<5;R~2L|GJ=}~%hRB9+XK>^!FJMVbM@+y$( zBRoEdf7p2ab}3gJn$MW=1C05u%K71604i$UwXlLH#wa!kV8t>(;!<%UHGS{IG8{$%oWM6VKx?gr~?#&hcwj4aWTHo&Z{x0R`?>VLEf=2xi) zri@l|M^-V)w{dC)sc|zckh}?_wUI3R%VUrmj3;h61a9)+&Xc)F59`-AfHF~mE!D+g zgtK(*MQRJCFe56PX5ZO+8EIGvkA1%?ZKtb6mko^hbLu`$Fb^JcnzO^TZhBVo<>&J2 zAYE-gIPqsudMBCRzUHb>Le!NJ+BycSe@rChDGK{uw{rGm06H&OpYzdxJ;D59G z2H%Bti4Ie?u&t7-k1;BkKj1Qs3IG{uQB<bUYKV`Jafq_2`;;ZrCopttwn;XM=J&RIaWf5)27J1)se^;o1HH(0j#f&f0*VC<`Z zPA;VGj`Gy)%gmS|f#$WniWh@SJLk*diT}9oR`c@Mnw{OZP578Tfb#>`1g7Ky&!QHk zF9|WvCdwwTlGO`q;@^8Qhq2>!-*9$*kY|YO@0p8$swS>^yLy3|A5HUD<@^N2*KQrRCqMA+@jn<*YZdd>}1YK_Y5sLJ6>I0wKSBPTqz2 zefudcr<1cb#PF5J0k&jwQlx!v#g>mo4;JA(u9M>ZL+y82JX2_(!CH>Rof@?d{Zv{% zBPOe7ET?Cti#gZ8e#h;7)JqduX9|i{`su(@$4aC`H;4|^=20Dcqu!=;QdwfQaqu6 zY;lHE41DSp#N?X8d^3ye@A&V4W4B@kq+>>ASL`hS$l2FcTm6B%D|r-b@4MFEwV0;k9j2_4J^ zP!vnoVz=+nrZ@rz|N`|}g<&lXnpb`5E7AAxo<%fJ$ ztk$Gr^VKX9V{^V7_(})N0Wp_JMejuaj?shiP94kk59Jc{8w=_xX{5u;WSjzW6)Xt9 zNkwFJwyBi?DI)gom9vn;nO}YFl-!5uL|g8QogGzHeH=5w0k|@e)Qei&c~V_;7~c=| z7r$Brr%Bx@DtoazqMga*r`CIBHR+$5#B??E`AUPpVO<+qAJBcfkr-`qaF5=8`*Yxg zmt}ri^KM9Ps*peU)3%XW?6owu(=t^oZfSo_Of#lbdW{ASjH##Bh2Iy54)Hb)lX@C* z+>B-)mp<8zMidZ2W`BVJ z49pX*=)Moip!(WlhakK5gQs0*Z4Bf8XGgrUaLb=o#a$p9Bn@(?A@kCHra z5OM3R@0_!UfnvV4s)7WpINDbWd4i%%i)Uq;OhCd%r|)`PNP{!%N(e#;fjkXMhSY}7 z{aPhJw9Ptwjt)mtP_H+rvqNzdnh-Gw>jBxNW3<^E3g~urpHBz@fMbo@{6;=`- zThR2KJnxYids2n?wH*IaXp#N|_n!g34lsnUXR+LpL zh))8Y_Ho41QF0j;NCE`-n1F}CLV)z=8tiQ0ST*PUfhEntO^(;ygJN9v_C)@$tQak|CSpM0aL(|Edg5y&{5J0d8D zEe$B4V`SZ0{1e^x!_c@v5Uvxk9p(H48+-( zeJtNez59-h#T4pHGMn2Uwrpm(H?-p`UV`NNmCA%85bWdOW-0WW;66ikj% z5C%SNzuD`E92Y?SBk0)Z>g>w@T5gliOVI{(R}hZ??b*C;PVP zTxag=Ox}-PikUor61t<2j`wV1ezJ{c>}m4+l;{eZblP_VMHtIf+pJQ^Z~x17gF2C% zngq)FE8}kZB%q^ct4<$+!Js6d$o^2ec7ijVYeF9^C%drT;T|Rw=~~OlDr>N^{LBn3o@HO)|u7Hc6ra@7Mw(ma;a z2KKLD53cbENd6>R>}$|UQ3$g*QM@kt%eDQyH}X=R4>}_fAN&NO1Z47eEsp{|B;fYAJA52#w7P$Q%E zyaIk2^Jra~UP24Du158aJVw$57}Uy|(_A*W10a*2$)~YHZfmg-Ag!c;(H0bL)p%zC zsn4oPjxqI|zLyx^PNVwH%z$+t$0xHy?)&lf?IXwa)dTf0yEj8A@~i;6>&RlUC*l=)t_(t_Qu zRO{GLAHZjwhQ7yxqHd}!=*HLMshr%nORN0QtfCl1PJsI6>k%RC``RB+o6PD~2m~P* zsC|+cPmdS5rd2F�GNnV*|6@d9-_ENA$8t+W;QAIV@PRvU%r{{Va9!52-7QXrN43 z^zH-dmsrDv36qr{_50WV)wuWNDL*{lh(TRBsBD*ryOYqb6JnSTnTAN$Qx|sU4ve*j zeA!fN@@3KE5nS#RnR(I6dOjc2K|4l^*49y!>RXS{ptD-0 z$*t!0dp1$}8Xo2Kb^VO)CJn(x45+;S@$GP|zN2HzVVJxD;GaPoNJp|iRDiX=;T2u! zL)tF)8r&RBxgh%!h+e#ue`kzD-nTr;0x%>)#WRm8gg_jwlJdt;h`Ty5q@pobdSZsq z&6RtJY*Qta$>6$R1EVQbj&}tL5~74{PQWyfO;r(#x~en7 z0J~R*T7)}EHHCKO%G6bm0lJT~0EN2>{@S&@B3lO&;?{l|y)vd!f+KdX{_Dp9M4aT$ zBDj2=kC1DVJNxLy~t8SV1*nfWDsQJ1gqA?Gw~IYcGXMdPSGiTy~)7cuj;WmNaW zHu>$%_z3}?v)=0nT3jyd>=v08T{o+ky6G;sepUDlKh!T_| z)(D#EajLoa2+!)A6V*;H#Xn7+J|c+X{-&}z35SZg@^8XvkAkBaKJtKzqP1X|9fD-MdSkg%;r);DtdcfPgl;SE64_7*Yzl`rj%Dhj3T6YFQ#_D4?dCL zK3w^a)-HJ$de{EhbOwb;Pb=g*Q-w!|@N#{-Qz)}@lOA)*4&fMUIb5uHy{1~IW=}*O zfwQKA$~W}vh)WoE|14sQL!cx=i4>snXVg$s#4y9?Q#c6AcY%5ypFKmPdr@P306Rd$ zzp}9z+?&I%j5Bu0uMk45Cao1|2<*@UM`0+!Nb`nAtEdnqaAC`y&&qIl72JqB1{U6w zG4;L0FX!~sU7!b>li9U{)sGcS#ZSFvUjX{3iu^E|jbs~hOS6w?55{v>LY(!-Po@2` zXfWnvZW><$C>q{wMRo+Xx2HZOjBG`X&k=;A9Wx;rLxU#7JIoz>&4Ii!rGe?e%}PI@EZ%(#!>a1Veuwp`s_u9=Tkp!(H!~vi<3+OIqQ820RHUD z@p~KnIHeHqBOY*zEt}$L+~BR+9*Z9D=a5opo*%=k*Ptp6UMicI=v1P?C?6i7LifE8 zJ16Y@U_O8+d@s`CFcp|3k62taa{jz$e09Y9y!xk9>S~f z2HbmC=F1*PKAgf}PntayzjS%1VFjLK4ei0=u@+r^NB@oI1^{+f;EEgkAF zeKeiK>`)_iCtio9>!Xw9AKj`}$|NaRQa#mVFXvf!=rpjDuADr9!Bph=C#$S`ZF!3a zOBPAJ6})hgB4#vP$MWSgmiucfYY_=F8WRBc$(Kkua=uaGhMt36O|WcSvwTVy01d1gxEifE2@vbkFE>%m+>rKN)HVw~xD`HVEpO5y#-08WGq z9E{HBO*@|QBu0+2`dMcIpnj`I0AWvoL|(PXj)vwJin@D!yApu7ds*A=%?Y}``JG*Y zd(X7+3DwB3cyNhQ(;#W=0QB|Io9fvTF1D2QD|uIk4T{`5iHlt=0?URd4` zqv_NtsT;eVo*A|{Gm&G@x}YdFhRGvjJt7$t5>yITgE5k0oCJ#^6FHu{aF9oHso zE^)F8n3n-il0}O3x?vhI(mFR6YLYf^EZ_1cwk3EFrI4rX`Vt5U!r!VC=+}ifMh+UC zpFMpO+3lFk!Q()V^+^6CT->hpHHLA$pPoH&JUCs6x;AEKbr{H*6a0Te(4iG07(10e zoRQ9{Ce-`i5l!4gyBNB$e$vuZtGa}ovYge$ud0Nh%RtECP!|LnbD3JPv{bxr5U2YA zab2N&w$X~&@_h`Gzxo-XfuI>4ranY5!5$UJ?CI*AL3kzKJs@olmBT@WND=D&07nwe zy*3T~kEXn|qcGWVZXsn?hcwb$Wn@ARjPjPp%3@FFE!7r9Rhkhk=loF;T8EfxP3Lgx z4t>kk827V)iQQV$W!h#FZ4V9KvEL>ufCYn?>B{cZDfz7vY4=Pi&c3WAnq)#PsCZ8 zbdD-NdS4Z4wL!0;3bMs-t`cm5!!Lwb4dR*u`rzSB+zoj^$D8m`xZ)%gkVdm zkuMd7fJ-ld|DGdT=ZezT+VtAY;;KhI2kq~WBL<<|M{%s(`GKF%?VCzp>TFHYjU`&t zJI~)N*h*pei^DnX$e1n*Q}CzED6#>ewBxo18U2p=zS!21NgRbU^bu~#c2uy%tN&M~4x)+n~x4$vY)HBbueFjG)EKQ!?l^}s^(rTCo zVj&f1-Wfu=S-mF2{YR{Q$_dvMkJ!&oo{8#_jV-9G&DBgRFYOh2*0je~<~iK?Q>-93M$ z9D5eRPFR}-=eAV5L>Z6Ax=vZD&R^&})9!?(#x7dE+dR@a51e>pPebfOtOus1_b-0% z#*wqodJ;>CS2Db3%el$1Q!2M<5i6RF2Pylq*cI9w{+7YC56U_hqSXg~kTuO^`DVsw zOJi~4pelSrAA}_Jg6|%p1if3TdRUSg%A>Nt+|Dh}%yms=1*^i!q3m&6ziBQ+18^ci zix=C-K#`Ihj9XI+rg=GHZ}WR0>Ar#zbWCBPdoU{rW~Y;calDpq^QiP%p`P`lDec6C zH=#Me+H2w$auj`L9E*%M4^b9*w-sSQRD6Zp^Jw)otqwkT6e#V72Tm|f{iG3?jMV3m zSr-u&kE(rQNoW0s+3U4P9aGyQ!+(mYWJIOgK3FFj$mIdoU{k!d0#h<@P8UikP3-OkiK@O0Z zeQ75|Fw-i0F^dkKu`K-CW?~v_j^(1ewv}dreD(LNju6FwDIUZvw%xSZ1h6AlA|EKq zV*`pAPMVM@Nxox83_)&D;NTgzjDGNubPLmq-N&Q_LE`ot2hM8q5JboUx3|KJ0B>e< zN27deu9k_Uj83)EzmI^YzOkJv2&>yK_PNtLnMrSGSF%68*a;eeyNaMXQ7H|>(H$8! zAm0ThCAJzl{@5yNI=PsiMXaSTs-vt6sno)mI@e-b$RSoz+EWLQI|9tm(m@m@2rkU} z)j^IdFLFP12Yhw#$i>OwY@sLNx7MiZoCiK~g6jf4UD2+@f@)&ADpDej1Doj1t?aca z_9jOKPG)>B@XY5mu)g+mx=+;@JRJPOhRq{2_r+rwyE#nw1qV7eVctG2J6WxrIEE9z z{7q%6G$SdPqt8l=9f$MyXnVW%Ko`t+QMs_Bj$*Xl=phF(RQ0fdgQX23u7T}8@dW1V z2i$@V%+mspB_Mcv|H=-^>k1-g!=yBZRfS<|$S61AR{W@D!;gWn?4OCan5a@EQ{Fn9 zvOed$*|{`xVSWT4R*Joab9&|$P6rt0#ZW}T7d=gCD%N7Oh8qFkH{HhZ=XlZQi)GUN z3I$KZyC86i;m(aMQ}6s=#{uSvFpO-lDOQfOWg5$w$ip0XHxv!OPZ4R$>HUP+vgU%} zNiI}r)%vsxap0iZnx=I$DU-Mzp_S`r>3 zpKSVR8O$&IYCfy>cnACrUb$@w&UoLn*(jS~=R|W?N-z*~@16*d^4mPQ_2s|pzV5~d z-z>|yI)~8Z-g~LLpS<=Wn7@t$a!1qV(7P~OwEksFLMFz)ylA}3=BuO3*o5vm1&`F1 zTb|hG1bS|LCsJ0N9s1=dx5V${gXTXlCiL4JZZe4xM%v;%$IJ(4!jOKJjg;s9sc~0HH z?vS|PoKfC%r?=)*kp4dihd+Iz;de05?0i4K4hBdiRIJSSxV6@ji@2zQ^<0XLSbQsn!P>3>;k8 zQ{0v0_t?y}SLw4`g!HgEJhg7xn>|3UuIs`A5M-#MJx`p(xZv>Prt&1##b{3 z`}$8r)@LP%0@^IknW6KgJ#tu#A(hmAGg;bs)-l}H@?+;2ssnI;fHKQqJah1b8e=Up z3J?}Fmv{jsW>Q~Ny?*~Ra*IAi4E#b&2!6pMBse4EWf%q{6EGu_vkw>0>MZA68#b3JK`U=O(2n|_-g$33l*roBmPh=y7&vpg1uHlu z?&DV-5j+X5iWcP1_?@5wQJqEzstN?>2ZRY9z_=LfQ#+IB@!)!zY2B4|WKmi6v4dZ) zW>>-0XLpfwVZHdEtFncr+ito0swbtJL6bkHw9JK<0^r~VS)y6EX#g0>AUa}6KxS>!5? zQ4u!wMe)7Cug_!gTf36eHW(|=$0Lee2EKU6|C4*MR)lZAOi`3%eE3&B&#iUXF>+3eNJTIamC)l5FB}QfQXqd1H=+Q5ROq0C1+26dI)SY+aPq*+!-_D8}}(` zys7=~wZnbiUi6tBSK_OiXeWL1gq22i)}dxJh!$NwJ~~+wG;q*t^Jb#fZyVc8N+^{k zcfydfNY(7)k&@R6*x{txVop8a{dADVu=}!TA1p!b*S&2i)lyWM$YkgtwMFM|N-z9Q zUnw9=im65z(wh8Pv1q(iO42Tio!y*!f1)Tn!!DVVQc%#czi^HX=y@52%VgslUE+UI z@H$398F9n=$V(|N$N1?i!D!=|Z=_C;O8xE8JR4dmxjEOH?Zo zLvDQbv-7m$9aS8An)FzJgvR9_eq2|H>aB$QlpP+P23D2?VLPbLQ70gejYuv}2!ke2 zTAEdt9B`|dIXKf2p2zZB1zkVm6eYuRkc9+P1_ov_@fdbR-kWX~mnmQ3Tx^Rf&d+_> zN#eUFS987^lmd|tlC>w0bUw=c<%+L&S<%Sr4T3_`J4KN&YH*Opr>2e>)a-CHUhxEY zYXA9=$TtV3`zA$FVfx4!&jMNP-@wV+1EA{12grq8j_Qfex=zvn+R<>O-3+qivbJ5; z5HE4{a#9XpSgts-@F(@SX!VD-mWX&7RV4ir=;<4>5kW*s9D!UqrqxAR1}ghFK$1vS8$&2?IWpIr*vGb(ha-X)d;^Lrqc{q7~^__7w6=k zsxD>Fi>a&Vq*EI8qaLBJBA*bS3O2rvc$9(Khp@Hvse(3pw!98DVHsQxk4^-xCa9p=YMNmR7KAl7 zDLnD^6n*Aw;U45UvlgL^1+KL11+ z3FF{k9XT6#Rd)A#?dT3md36bAah*T&)|74el&Xn!R2VOpm9}RR*qK#%9D)|R0qb|N z*B7)qpfhT%>IQ``{Rl9+z5g}15M0JSK=6$cndx<5 zpzbdJ?nE@|yX2`=!6IpWMS15$*Vr`?%^@G(2owx>>I6bV{ih^-P&xa{-UWh;I4$b9 z6OP=Sy=+@&g#Q%i>qC=!a!zJwN#1W#S7$=4G{Z6H)W69tHtn*Ef+DM1m`*r4KeX=p z+F~~22Jv9|;RsycUG(^oH~nbzmp`-4qEzawp}^CqBdq(oXPeSO_5f&1%gsaqe+$@^ z*RR;3$((bJd`xKgb_#AXL=`t^D4HPIl}s{V%pB|BV2S#a7tK);d1q;U^XwOa)PlC| z!334+v0nfsmE-%tKF&U;C}b17vHJwf*TndC_t9MOv;g7*JQcmGIe zF^`tm$8Uqo;Gter(`Bu0a~X{MrZ|Gh-+lG{$J?TR1GV`(Yj2J@5zl%Vl^-3LTH_R_{DdNha04-f2FVDP2cC7TxMSf_Aiip) zW;QHd0yFUk1E}_!>Kz}h*UxDAFz=%t(jIru*mJq>zX39#H)siQ&%P*;)QUvDP{9)6 z=zH7E_XGH%At|BiB4^u-sCN&PP3=7dB1+qOk5840zJ@Z|k+2mPqrNw>Sf`Mss$jPz zT>)!v0TC@;Aeg%7YEe1z;l0F>V!>%aB`gdw6llmMt^9786R$g>M3{fw1mKNsiTx3L zb`YixQgTYUzMa#xNqAuraVxauY$rQaYM)t50FrQKL=Gx8S&f^Mvm_4s+rL7an}d-C*I0ukoTs1d~yr@XC66 zn~WzSM(pTDYtysl;A1KLUB6t@ye?Rg(WFnzK?7kXWa0Rduva(_Tsm5oU@iZWm>XfJ zSvrN*@SwwERzo%_B1~22r)Y?^RJ2I?aGUd~%=fG8;~=I{q!kM_ODg}B4W5J78V$*l z*Gt_E9hhcBaKE4ap=o7<%~_2T&gpdniE+U?mOmSZP`Ko`uz$7lXNbeUzoe$Ij_Uj- z8ar&#IN`w^oXW=(fqDPm6C(Clmcm>4GTFM+KH$M$@<0QwG1WY$v66<%vL>%!$*av% zVNVRvDP^oSYfjn>mj6@lM4wt*?`p9^ScQ!0NjFC0!5Hw*c< zR4%wj>Ga=TTvJo}-uN?znV57^+Fi(Y#QRe^S3X?9()PrCptFxBY-&+(FW%pS9?JB2(ke=O+u~^8y;N0%A;v59RL_l0%Hm@?P@xlGQwL zc;n*fw-XLA`C2Q;taXTWrT>>?{6lg^iJLmsKrQfMX2yBjwxnA`j&TT-~MGK5;rg5-+E0(HP*+CQ;)VNj&XO z{4iu9q-Gm=uXG-T9A~xGJ)ycDOhj7m{(A+3P=@NQx*gss+punjvkhK{Ey7|vGj*wI zQYbRISOdS4st7aO7*W;{sGZXmwAApFXI*8|f{8IKZG_vS#yf1lUNLdo2i0vIG%*4G zAISxXNrSZ#2#X?Q8+ri*zKhTA(TS&FWR{ayx_!GfKF}?(xSiRRVJbm1(lLUV+k#*%Jqq= zh}!qwQ>l2YX(D75N2!&=vuDJ0(aagwa8i$T4AH}>U zseMqhSJ0SL?qhBlE%a`6`3AsFJg`9l@o2tKH^}=^!I{r~ZF}PMEj4&jF!*KjI53u& zP86H)(SXJ@E`-*Rihyc2C+q`XyGP9j|3i`g&lwqjRuv&YUAj@uJGBhXW6}Egosh`9 z|2^RZ=AJ@NiEq*hc!d|tn*2y4yX2-o3(k}?Apjvl>qA_EbCQU)NN=_Oy@flGNGIiw zg6;`J|9!VdtZZ5jx>;*19+@>Tt@U_zz7ppAIudljj=E>1UL)!jlS=0jWEghXQ>9s_ z17@Iypl#~b^|Yeqz}L@yINF=J%N-uH60J*_m*(=)7fvSoxJH#*Pb32?^`o6LxRtQb z#PGJ-bP3nq)TDAGNI-PV@48^E+WF|7*lKVxV3)3e#~|rM(OLsZIChg47EfSd_W%N} zTc^bV5iL(K{axtOLNmK`n@A4n(OKHmxn6f(qkoh}3rruB@56Vf;Fj~ld9`skv~H8>!1yS+J; z;vm@)tSD7?5Z6IG%`dFTH&nyE%YC?{EO=VbfE8mlwTd>#COB|-C|SFa&W=!MV{6sgh*>Mf2H^nwp7e2{m?|x;N_% zrD}Y*5bu7QOB`J3F20#aXyDA_YK0@H!KsdRKEkQ_I7RRyz>b7nRn+M5d=<+}Nq3z{ zX8!hiEouUYcf1~3)@{;!hc|VijhwBS8k;L8*=-T`irLOe6$|!xGtW<9k7O6w6o+(% zpuiP)e0s8ZfZ6?{S#wIDoE~xba{~6VB4?`IS;k$9;;udw1S>%v)$?TG6*xhyf5=%Ld$A(3q5r~P*AG@ybT0$s zjJ}JknK%fqgiNI&gv4z>Wms_(@$7G=)=&PvE&yPSt%2mIudg>Ph!zvI+@Ua`N_4Cy zGp1<-dCF%#!bQ&D1!h#eLZ!`q+p$05Rg-8jB(aJDE9d)#tRPGTCfRiUWf^8xwbSlu zDZTJCCkxJX-t(*QXZffN%m|JxaUB>0F2IRyQg@0o3HZR%7hvOS-KiziJ8su9 zQp^xj85+GK#iU?v{flKspLeJnBXD{nw^SY}THCDm@0WX$gb!|=`A9^P+ETgU*#2Gm zwNDeOJZ2lIlKO6Tvbo+Kq9afhtxd|ug^naHF;>yy;Fm^a46j2;+thFCv2*4T1`QMs zkpEj;($aSYc-5yoFf;eY$BEYm7X0X`86(5G0=&j6NPlXvqAbOU?=_8(7vp^Y+8*Lx zc2LB6TH42F<3YSiDM}Pyk@e&5Rhg5G>VU{~r}f-=eDa2eTN|+$ezZbrG0-yOipclU z%Yev^ei(qKKwGyWo!G;M1>K){(1`_<05cbb_dOT8IcGu1b`TsuJiqTY?^2EmKnkQr zWm>T_7SqNT<_YPFj98a-@P%Z8{nc?BVnFU|kN{322wgA=+Cv6QzXiA$3@O^rMJ5yH zKYpu@JY3t@?ykYmze&J6HntFq@F|0&OLnCMrV(YBOJA}WifZ#!MTRP*J@&-use`QH zT(iCjZ@ZeZh9{z<>S>xa-P~qJz7iCvf}jqH>Vq3A&S6tKICx)EvTFYps1_{DpNbY1 z7O(~LWAizzyV>E-)Y19cjD%X}(&_Q}(U8rTsq8DGJpa58yk5=kbfTUS zpDD|h|A0-_q`JZGufNjNnyaRuzEj$>ubkEz@TD zt-m3!BR(O*?2x#OZ`_P7ZHg6U^)SQSXI6nwO}8n+UDjj zntperZqr8w7=~tt2Ma^X9tj+T5JT4)^610(@<&L^>2k0y+M{E=SA zGTWWM6{YV-MKE3!rS?!W9>(`%tc!r;NkbZ(GoHJ(oYbn%P}I;SvDhG3Cc&O)lgID1pd!CRb8NJw}uIg)p_ zIjV8ca6SphJQXok5EEa@eOniKm?j^H>d`lm`x&SQMBLg{vi7JGYxf_i(_eytPa4VI zWgSkPkqa!XT1c!Q7}cdGR*q4H5YP=FmO*s+aS8E^1+)KW-Re6cj6U;`#Kp85giw6J zPp`vzg4 zibBMQb@M!|TMbL2yjt&T0H)9Lp@ueVz~sZz^xgxuEL9Q2n7VdC55dxMV28+2nqy(b zsG^?7QdhZcUIiw-WM?@KO0OzZ%d1IeX-*4#QOB@6)?44 zi=6%GQFzp7`|!X*0ZnrSv1Q~Ph@Zpb4wST+uTW2jVfz<7sNlU8d~Aa-SqdearU~4+ zLIL&(#=yrm0o51)<%Pu|DOZwBCir!sR+HObA!5UT|3_5HVftLfT*0BPs@L!dCeV;#(#tuC$PiQ8i>_|IxaQ!#KmTy)e!YLUC ztBI&nX|G@{?UXU8s|b&Oa52Fq^x)LpmaXwzuE1KlncFJAlkVZk40ti-YOXL9Nhx5W z7iIN&uPQ7q_l)5fTDa~96AKpm{-W8*z=k2=c5qI2foQRt$cjz=(n)z<;mAdXXj@l1 zf^w*3vsIdY{hIcb?uwjq8sjrBe66p9`nsUNP<01YQ7XLxBk>}ba6JIU9tt*k_@wW+ zJT22R^#QTDtT3#31bVfJk z)Rs}WW1q&EC~R1T+E@n>^wMndZUjtF9L&%inBwI@xX&BRj^<-qO~d+iq^_ZvS65cJ z?*D41BAC7PFK}A=S;U{$6it0H5D3uyWSu|lm|%Nerp^ZQ)_8e(VN>DfB+^l}1K56G zxMbGa4ygVv)bGcemNyh>ak$hesspV)uC;1tjMT*dk2=mnn@OH^M?6vCpszEaFSQsf zb|fXM6fKO9Q6~!GxnN64p0t9iHyf8p6xD1>Du^K^#I$d&9n1qT8t9-!Za`M4j&aX` zP5nrZ*cFJU7f+{T&0I@bWI{%L&vd;Pexh!geHy=EVcGnAumI3@Ok0NQ?(xSJ=oO|t znq-MvA^AEAjQe3d^<9zX$-)a~?1j#M9F{sFQ!kK6%fQ$>%gq91NN)%^ zEZqZY7t<-FzIqZA0|zXWOtOcpyP=~nl^WkY0S$lTMeRqnjk84!agqC@_2s84c*S)- zAs_Nocs#c{>p?8v9}eYiuihLPKlbWv2Jo!i*wBTa}z-f>bCU0GtcHeV7yMev(;X9QIde(+gw}lM`eq$T&DnE z#=MX-%(JC};v#@C#;4$$20vYfU!mvnsaWPnVVg7}=_Cz*hNi`#W-rae-%I!K=cWs| z#@g!FO_PL($p66wVif-$=8M%ngbt`GqxH^}-H{utme{rUp8Dd1FyY~pn?5beDcCIr zdpQtkt$1g=Vbw;Ut#NHUdRdktrCQAkJ?hzB2O&p3C5Mh3DUrnSsUQKZCka?jeJH#J zNe)y*Yt>~)0Hmsj{8vY9=jlA})$w=Tbi=yr92P|L0!cE~BPf(CGSk@RP@6znA1jI# zUD6@QeGjz}Kw5p(!|p0-OCunZtKT~A2jsyoDxHSaB|Y5&6V!Q2x}CXSicmBx;!u3z zH<-9;HWLO30^KQrHzeM+2=8pb=nDm+p0DQ`W{X$lOxLgdq~vJ{<}z6qIT7%IUVOj; zODh8-^a|F5U^ex!1&b|{)Bj!_vSe+`aJ!u@X>za;u4Ng0J}NN|JUcega9;Tmdn4Q6 zC-KjA55m)CdZo!=Vc}a`df!BZqu&hS zq>(ngl9xoUQgd=;JG_EQOn!zLXtH`;m7A<6kIaTE^=7d&t1U+;G?`TgMUGW4Xa3F# zwRw6tM&V_8nt8cGydUurGlwt(9}W)pj1B{U6ZeJQ%JQKW|6(ef7m%$ zpEyPmrV4rD=C>i-#RVHHEv2uO!vg|I}|%(G^ZumsukeP zi9Mt+YSpbiGAzD^c-_T>`{nwpuZD;fKSNdQlN|>;dP<#NV%TXCL?PK*&=n`%3S;WU zqvJpJ(nM+2AY$rw?Q_y$Gk{X793eo77S0RKLiG^S#EoSCEy)N@me-rrs%33r;vo?5 z(lFt9k4;gpHWXX4A{9P@;WZ^v9pFct5O_mFMP)Gl7>PSki=aZ&bYFC=DjhK7iAeJ& zd9jx2`kg84!qRUfru(_ab`D)r0k*)u((9Xy;n;t6#(|F^^K_${fKMJ_(5|Y{%cDO? zQ*>+Mw+7*bFja;EW2D^%lZ0+_KZKB;ydXKG?M$-9z?iC8a`DuJb$A-MAm!SY67j^^ z(eVv>hPPU;xMl(8whk?@dul?$j8F{T8Twgijxz5G%zU1fkls~~)HFvM!Uy(sN?mP9 zPu(*$J{o8~H}WJZIT)GWG^3{Z-n>b05J97EyL3mlzSc1iW*%nCDR9{ygw2C1pV(=- zW`8~-SqWE~LnG~Z1bOR6c{nfnUp0U#W=u)F1>J;rRfLk}dql;VmW5M9i4%;3#+Toh zYiGF%-N3jFkJM=YG4NcKd_tLoq;a8c0X#UiD0`%iTl!T)WM#K4RXnA`|2bOhG-v}Z z(B&99`v2K+w>}ZF{NjWsd%o>y=gl_Ju!|%}NFlMgW4m3CwS7C%5CMccggvA+;W1*m zj1NscZuvvBLJ=X5T2mOUaRKEJy*UgUo%0v6Zg$;hm)`h(ILZ)@m0KlZUB39szVA{r zn3Nt+CwZy}B&x1*YJn&oL9zMid3?CgNzv(@fwroC{yiZHLhoGVv9YbTcFp5c39xR6 z+Ux*2T34ZB=M1_`!h}JZ5sVuKzT&-Rs*$H~xv^KL1ME)49m#u0H+0TG0~A6MQP0hv z|DxtYLF);UdL@NovFS%s^hH%fF+50a*>JbVA%cZcf)y859^iP@>8EC(xcEm^#!G4_ zj4IeLFxn(R4!R=gz+&k;ln&$OH*v%geDbIS+><$$h`EyVs)s=`fjtUwb0~qWvep41 z1X&)qwfZ)5;F{zvlt{G}iTf_hl?2!+pNUCCAcr!!gI|3U#_1FUgPp@FT}u^W6)ZaV z34BDvhjzOX0XpV0F~PTrWHj#-sGN@&CuPiX_NKZ>@76)c_-asbOqIAI<$g~iCScc+ zyMnI00wRD)h>aAz1&KcUgBPl>g;{aL(gM?6zTrv&dJ-)hT0vPixLHf3P@T#+eyM(z zIlP|ah93Yv_1naaK56VkFZS!}A;l4tD=IFknqj@IAQwkLccybKDL=#Xjtq*x>{@DEz6f0+iwWPJhOBXfWS z`#0^L0HI9>N*Bp-$J!0z=F-+eD{!;|PF6YA=bE^oBUL*>&O`1~jsgf|2qT@YIDo^1 zQh}7(S42fx+A?#A>t$d?$)LtnXg-ehdtada03iDkL!LBpTIi599u#B1LhM!rr^sNo z{!k$DqvXw@4Mi>aESd+cp)?2}v;~DK{SOB#<@tA{BbALD8l;$kTj)Sb5A1{ft*u57 zu+(`E^w#zgM<*2!^;3Hz$MIP@DGWuTbtk~InCQ+Kbc&!7~e0Xk6#lYrI zKZ;)>2FHaAs%8wDj2!|+`oQcxP5T*Pj^6S9HM|>_ zG&NDFOlM7v@LAi!tSUCu7}69*YOo2&Ux&TR4(b_fd1x*|i8v^WrYTTrHs3`ea*s;> z{Xjlq9L2oV=x4LI9Me8hxb8=-SZDr!PP&eNb;$C*un0#f2LT+5%vzs z=8Sn%XSdBQ`lv_#Y0+;ZGvMWjF!j`^p~P$w31`tX*(+!j)Wy=5rOyq3(}meJRYq{} ztwMOw4eWRGwubj^MU(63anRT`6U1>EPK8*4Kr?{pSkemV9#`Ma?^F?hDfVkvt(uOV zMhc=y@jKs%nfkFN7#?`TDF}Fdm)sEBLHg|-z+dwQ4GQ}?j)ayqV*_aOQ1;cJ+XS*5 z3lqE;#NI$3<&GjQ(@^61r*VmgpCrL#PG`9NGmZl@Z?@#zK;eIGhUq62CgHk+ECRpO zZ`N^P04!LAcY8wLv13|^-Ha}g`jX3XV8G=}`dkg?#^YuoX>vj~CF~~I+^2(RP1Wo0 zApGuo7|PulM%2Qs^@fBXcK&K$%H!Bi;k{eqj3Z;C`Zl+{5Nw2rZVgTU%R7cT*+g1< zdrs_&*dN!1ap*r&|HP_ufa0P^43UzL zMZf)MYnb;fs#rj+oR~r^g&-4F{C!|WCrGNWI-ZzNQJa^0O8uj<`>}Wh4-+kvpUS0! z)C}6CCNmwBB$>vF0Ca{cI~4JSnu6u9DE`XjYa*OBzAY^-Eo(qq{UsB6Fb?BJB@<|U z5u5=#4gZhfi?<)H=@?G?0CSrMLzLsUxm}iF z?pNR9Fp{324Vfx_H|YG!@KH=C2xhqF zOVp6zKT4e-fpt*W*$%oozNE^1_4M7j3CZk)*{R?eLnSHdBlufl4n}e8ViKyXhBEKe z7s1$5*xSAv#s}$qEMzDCN&?oszk5619_~XuQye$}Vt21UO*oNznWx|!ImAJ8(=)gj zfs+$?^0@7>VDP(&d=Kw)Jj8#ub`bWcII94y> zT^5_BMk}E?XO4_iL|dnJ_y#$Wn6gZEF?<*m#bo*M6cd~ zue(g1F|G6M#ug+|{%}8N_%6ro%vzwu#0}kKZ9^P%6e3jLrhXy3##`_YP;fr~z#8T}SH6l- zB13|DA^R@d-Z=a=jwGmGag0^=kp20@T84qaF=Xmv$z;eDJe!}=-J?5Jk|;L;<@~!o z{ENMaR1MSOL$#6Rf-YOjl#E;?J%h;!sNgbYRV=7D198o)e29fK{^NcuZMTq_-tB}b zvE(>EreqVyngB7-cZId5(wnn?wM089e)YJOImSY$SOtZ0*k`l#LFKhSjyX~2N1$if znbYY6+Quh;#Bp27>K=;57x@yp0Yu&w!M zX2Ly;ZWqwbAJFLle=klyY0+YUv<@979#Rylk+Df}3CstMFPvUSK-2BcXIj=@U^kXp zxnHAL>1^?Ko!34lXUfyhp?7Q5-&y~1JDkT3sblOg9_ph0>DjbQ*fJXd{79uH-8;Bb z=|^$W4GQQj`>*Q&xA(xEq|Q-usc{ZRAjVzYaNo6yn*3VnegKm#$Gr45vw8QukVsVYH7dGJHgOhy|6YhG9AE&ogw6%y6 z*0_{5Yhe6!kvB_MHWIdG=HLPwj{$yTK6948 z;|Jc=me6DF>b%SW7Ln1(z9Mt@f7^5t$liM1v?cd~km`VF$&a1DA&6kmw*Ifj!6~Hp zzI6#VOEZpBpl7>kC0vF_1i^1MGx!ooYvQ0z1!JDvEDNUh zMMivS8&TMgSyyE(%UP-IzU6j=V@8<-1l}V=h|HU;2e|tj&o0UEsYye%O<^Ax&$Mxm zKvheC_vLJCNw1|AzX6N|(-E!*iMOChcdD=#G#?2PotR;3e-~;UTax%#7MkFIvU57| zKRv;*DeNmzf?I%|;d&7k>4Yvw{7Q{_784e(Kl-H9H+oloshIie%2k$N62XKlsJMnM;pAe z&JLyyDln%vcJ|ld?#(r8) zbO;w}(0+4NMV^AF%j|pjjq~*DoYeVG{WsG+m%qgtN)N;JjXZV8LJt`I>&z;dQf)RL zElfjdjd6-t<4_b=DpmH+X;c$;)er>sX_KN~JP7K?=odnCrxMv`b}sdl=+~{56iON? z44Zzp6<#Pd-|P{pdOU~&^!~fp3F+bt1FA!bm@X8OkrHq*l=0D?dr8!XC81<5#cF#Q)@U-jL{heNbyv2&+Bo*rs1hV*uQV{ zj8ijvB^npr+r25M)%yOPAlH{rs@J@IDSx~A7j7I)-)aUpNHjJ0cJ4_Ne87K{K>n-d z?uM)R5GhiA-7u|ztk^SiigL0Dl=_1k(aG!wmM#H3Y>}fHtZcz(CuyZ_`ESWOUdGVP zw&h(ryj-Fq433`ZB&!&%fss}S_O;D6H?Rt zH24=B#*ULs%06|X04YG$zgU6m^*b^jhI6tT?BGIRthHr?vo5YuY&o_vKUsklJ|Jve zQ_v`u+i3(D9R6Q=se&RyAnYK#pEI=jU5-!{oa&@6pcV>#TOt zxFD4OCm5zv$yLmfMyM*em=m#sEp?JY=f0{}a?|uVL6>RQ{t6DHDDcF>D8YExUjz>5 z^-sP{smvxFCL&!NzLtn|iycGcy=dPyrj9ad|EaH~h52`MQPJB`f>o<^&E=_{|6d*% z5pR0GKkd|AM}?PpWoUH}a8+w39ec*@8v2l3D}`0Yl;UM5AjFSOp zUmG5u=q8#bo@sInz3fOClLO~HXzVn6n6Y?kuw$PK@+|bw0NFhYlW29)HkEJN3wHDS z>-($pBR13A3@H(VKJ+%MVVM>FvBx^!*WDBq4mqlPjLIQ|!8Dd zke^ab^w&mvpM2Wh*5?fLs{Lq@u6+Viq|Do>xXJKK!1Vp#BhHfi{G6A4P;bVk;(e?zmQz8| zy48uaRPoj}wF5H&jRx`LMG_e|%hE0L_|o===!-<~J7%jtKLKE}uul%9_+9Z+OX1S)wM*KQ7t47 zC=CP$JB>QTk;!u1o#A7(QR!}!+U2rscvm#L===ED(C^67-LT*&O_q|5Ju*3ss zoBDaD(ls3lTqKIj66=$vh1S>4`T5f~dZJ!@Qh-QGOMlP<97(%C`X#zJGWvekJ9VE0 zF_#t6-@Z46w^wgdz zx|x2;Hb~mDN%y)EPTmYpn5F!C^oAe6ZL{er33Y&3|`nCSeDqabm#tT16JRxlnC5Y z2B-$suMdli&a<6z%_F!i(4t70(ZGlc-GMu&r3Mucpk{GdRzhZ`}lW0LxwmJvP)N zXt)})vha3$txX~_Z@;I_8Q)yaz7-`sf`eLU(%lPpp`MVKzmG!{TsR9TG>ouRd&5Sn z1gY$!Qq^W*-{guR0PmwQJC@4_Vl*4yCz9E!)x+?b1z3J9Khy-P49kPH|Oor}R z{E_2f_#V8TI{uJiqI|6~Ixg7D8@<^GTz+~4D>#Bs^QbuiL5bQzSN)%zD@-#j&efCBQS!A& z2JB?RfT1-?Q+xCfyS5T9W<`zO`Ku8Akf{6#=@LTS_SZBTt_lN(Y5s_wj@Ew`Cgf(Q z!;r=*FP~iYqn#b)le!TZmTrFZg`@Y~^h@g?k(1widps@z_P#6B5-j%5+M7$9(Otr>adLnM=O4{X^x?x=6v+`h`r6x_iU%OQUkong+pfP=}(*?>2I zi5x5+aPnUmL=$5rO9%`jp*_)jXrPf!qLR9J9^?%~Bf9&_JF+Atne1Q!<{R65Zj$^=}{Mz2f0oGeUs^*8-&h9|6VdhpE z%;gzVm+nQ!Zp>EtZSdf+G`%WNE;I8#$yvt_sUhAmM#GZsXGBkTRjpObrQSA`Jzv>y`W5hHCxehgz+p z^dKj7QSd<)FOmtPxS>c3MMl*8gVmG`A3&U(9O4_cbrG0xl@VT4l-LKPmAJX4oH_)t z7GlnmzxfUoRB$;#MuWsgg%G1Pm@Euw|bzd%?HT8Jnf!rC^) zXn!BLE9)ANG<|M-69HA;IX4e_s=2*Yv~?<_T=hlWdmDZtE(wH8C9Z_L zCfXt8=7u)|_N2tCuU{wUHBfT#w5jglEv?yN!f%spAhk7gW=%=s!nAFuL5j;p!$aZz z2tBHwyCKvwv1(nd?oRey_-ut8$$*H;8u7%E_j#rN zaL8hXX%Ev{@l%oYJ;0b;LzsFdZENOPuPqS(-oPi8EP0VqZ6%b5sNVX*g6SdSk^>h( z^Fr!;Sx&MJ2%%0~?H!PlHONBW{GgxeOW&!w-Qy3_=G^)846?Ui`C1_?Cs7e%c;Dh=O{XCK)xKN2+lflf1GPng_uRI!jfgyl+B z`f|(>mGy8s@hN3pmR!bqI8@`7nnT9TDwMhup#eADUx!46HaJ<2BBF7`zjQ z2WHiGMafuS)~9>z4R~YjrIfvDl$GIM8f$cPJw2U4$P;3@XaZ%L@mxnONb2;Q^w@t5 zjsFtLEHm@GG)EZ<rd9l@yVyzz=?SdA1^S<5vK z0$PKTBERzXjx024{lMq4Kh+dM!RUI^IJ*bUq3_QPqF#YBM!kEGJX;nt)aLOi?l!CFc}Ej?W5N9^f*9QKdynZt?kPq zr)fP^;yBY|zMrohvi`!HG#<*yxNiIx$~)MCz>QbGO*mI)jBe#}8etXP+#OsZ2SK@t zH_Tb6-g0uTEmD`RmdXpWtHP$ROFZZhG0Nnk>|GzEhi@^ujX7f8>jvK^x)K&@do5I>O(TAkMn-GCj;97?L5gqg{7Ra<-&a{0c_)vRUqk+E_&G` z$LM6gsRx$juz_7Ug(mXbIynmV%Cj;O2>yQ~D^%=FQl!JPMFoRCNW1Va_?h(R!@Klu zoeP4ai?kaWTjP7~!NS{(Kbg?d{i98&b7fOn+av$w3jVBq3rymMEL81RXve_t zs(&TS6V-~I5q;(uYnrNQoV+%+q;@Q0s>;!E{SMvV5|AU(%sruF8zvsO%f!Fs(oxeb zs#`MQR~}U?be-m>(+|?R6Jm>71)nvpt0l#dpOr-FR@l zUpjj{N*t|XDh$_p&%k2H_M+BM$j>7faI+AfsHdwFEXNUJ?X6Ktn4u?VGT(pV;PT-FFD6n}^ z*VWSX?TG+KIk#5bl2>HC_pu;;%O3%o3WXWLpMabhr2gCeY5wD5^zF-=9dq+MuMh}} zILAtmJrXPzfV$K6=k#<-d_=k-Pz#Bj!@qp!-(>!)^+EYyy|gyO)z3(Q)&~jUaQN3K z*Z*OyOxP7{I0TDc9;68)M%VbO(#Rwbl_cNHbVK#*UIL#N5D_j7lP?|2@n?XM)o3}@ z!Qfi`rESFY#4Z$P71_o)hDIQQTZ|Q$lW)qk3?I!b3*T@h=BMXLgGi!umm?vl*u#=A zL)414&q;qLLptv;np6)lS%(WfqK@x?UWB0jW1WC3*Bm89?H7TFHgnU2b%lAGyb2#i zL#*0QFWxswzs??qqL5tp1yczeN4%R?2r?dresR%Y`80!{tl@GzMoUvEHekld*4fnI zH=;v{!`8$6>SgoggKJz1TF@(8&oqa0yg44*7+xDlkC+?qX6g>w=K4KV&UWo%S{Zh4 zw1q;>p1C??h3~LB{D1xR1bu2?Z$_NW!!nw6hP#zdO0SF@2;4zwCRx z9p4^hiAmzK^X(R!Ob&gFPaxpc!6~Us{UNyvrd|Y9Xh1B%X_m&=oE&59;noSZpHEi@ zEI2}Z}L8c3yTUwTpVp~ z^=MjpceF%ytI$~lj2FWsQ%k*f^_MJUE_wLp=kbats6l*C=DbZ+JBDPmSDV5?Y;`9Q zhu{@%kdeBC&!6|et_R`**wJO==>lvgSA|U2=F+kb|1Zsj-$ud;(4K2TK2%|sOE0-! zCRQ4+{=9D5R0y$MM<|t05a+ooh6jq7*s6D z1bH4(^MFJK^j@C|*xBbWEMXJiHJ+PQwQKnd4^E})*}MgkLtUBy{Cl0v=O z1qKcT5n|)67und%#FGQeI2NweqZak+g`dyiV*Hgz)+Y>ggm@Z&YDqDvkq|?66 zl>v1mshSc?D7=fi1o)?jN-xRN(7X|Qi8*a(%56u~L2%B+YsQbcHR;+_`z62v0#m$a zECEP)HWzh} zUHXegE7O;PHIvX4M%ztY%mG^r{Hq3S{+VTT${AJn?u-}k6-B$)fAZ2~Ry7<{2Il#F zcnla)Yj`yHMUDAp(+G*jUlCi{H#iy^lZQK?36^ixN*_WotxZH%AW4(f(0x!gWFvwe zumYxNAaK%&pqwrv;k-Ix7R_swr!v>t!hU5`b4s`X1uk|3IxRbULrAZ3q;J`=8*rf# zk6clYKo(`HJ;^?{BY7w)Jc6gC=bDN4fJ`Y;EYv-Pw)%l$$#tK9Vd<2`z|Q0FiJC^y0Ll$`B;dyhfP(W2JEf?4dmYI4FRB+SB}NO{XVv_dJX~x% z#9QqI?s7KD+e4`W&vZ%QojYa~+Zx=>gdQVpil1{aeuHF`RL-J*TR|iFC|pIwPU+~+ zBkQezHkNR;$`#fX;9g*BQ@_B9JCo&7|9F-)1qdvwxKGEeOS{?{Q$iMqU%{5^b7bDt z0-E~R!f4Z?{0ghlTwpy>-APZ->w(HJ|7tAmj#?efzp?8+JXuj1xJ(JNum zQ(3KP4wRwDvh>76m-fD9>4m1p=xQJ;!Fp4Ufe15=86xTTB?Ok3?FER$=Xw!Xkb%~Br;mdfRe_1=$>Z_HUTaTiE`zXmt<;ZjuJlGTSpiVMA#30 zF8n~675Tdjn)6KERw1qVWp2~uZ8fEk!O`jDm=i4rA`CZ+|3Do*LywWM11l; zu|Ot_P8GPmyn0lr#8$Y$4YOxqG*<)>*{B0^OA>h@j@s3Z87o=SF7)m0f-;q|#Z?Uc zlJ?;MopuRv(eA@ngZ)He{w7NhB@_)}fs4j|B|nh5UZa;2?;Q=KqqwawIRApGUvlgM zlabiJyw?BjvhBT^ps?cTR^np5l#Tsb#%@zQwaBaXnntq#nF?T0wF%1B@yuHyoc=Hk zX-U<$GsP|^1wp9{r`1{;MXw5Ox_!t(M{Fuy@sSJ^*);nKn3UEVxG}RVDdGQg=#B9t z`2#ONL3HPAb3yO^sc4EAw8;77NjXHy!(f#)`D+XHpW+De?#_EeVO>q6(z}OT5(F~x z>G2yQOJ;VPnS>V8UP?qQmr%=T>g4R`Eyx#c3Ef`O9eRVb;cH=4;DUpxh+@PH=|p?S z)DmDO+=3X-{V{JiD>R4VjWT$H@x&daW#iD!E$^aR+Lx83N@DZ!8Aw3J5|TY;UMb9m zMQpX9RuP)7nh>W)#XUpP6DQageZxs?XTu@s{=OHcN#G32XLk`iaB+g~m=z!STUz+o zQ=43`=kgJk?tSbhzvQhuWE?p=ykCngy~5@k@`e6BZlY3l)bB3P+f;GI!>ujP-UV8} zYSA9D$#owj!k}>Z#(0Y{!!*;#?|*-&Y57y2@6j2NeVlUqr1Da98`HPAs>JeTV!XYF zHHPEyO+&XiF7)xlDM$Jkqm}PG3rKd{TI7~DxAtromiIYB>Hf;2`xi9!Mc2|&1#mYb zLA5Rk=?4&h8pL{Q!x<|68F*7J$HAwuZ)(N}>0DwhQE8y0*qO+K<*lS~r4Dltr+FzH zbSY?_FXWTvj0!Pll3Y@=Q-TL*z2$3^htIXlCu-G0^pf#Zl0H@W$3Td---4lb^fqhA zy}){9>jzJ4(Zy;63l zJq_G_WJ-52q{?}Tgom|V$)vsryU3-JTOhmFcn)q^QilOk9Cv-^F_tiZ&H}>Ue&sAP zWt5HO!PBogxps>5cR$7+@CF|MIq0&1LB^8mUI@6!9}mqv&*xv?pl{|Fq~gb@m_HuS z)237IBScOoOBpltodCoo(}V5)odONZhq51G#1Fb7d!ajy;IA8yyb+^3vjr>pd?^T( zy2jDz1c>+^J~$_w_B`Q_My&OlumMq4(lcL(R0IXob3#c-XVtvFb13$XK^Jyj~}f`546s+h(>xiu&!3q8&repv@>m z?K;}*!rNx>p_ZQ2>)E|r|50lW*i)v;6ghW`I7drLU`$s%JJ_4W{7v~yZOfO@vujp< z6Z|+>G$KRzPSxFX}62n|gbUv|A9bX>d`gO}ym+x3rQ90XAYcg)kr(UxBNe!gK z^*xqcv{m+%g_@7Kfc0LJjy|c@kn_i5C(!S@BMCZ@wfqYhBaNuKL3CT(5d~py4%-tN-_P_qMgigZll1vIR9>)^SjJ(7-ZSIC zcyR-?uA(Js2IsTrxNdtT(!;^MMsTxzO`(O(-pE%MuFLTp9tS zECy=H`{WVoiyi)&MJ62^$G$u~DLWGO8-YWcN7uV54EPY>F>7j9#e!<<;;$hkIT~6^FGQzNwkvYNeyqMYTa81!Yf~bWK>_DW=ifOmds(v65A!hNVC8yS8&&gqRSugbx7!Pz&;ObF z*iBa(y~HDSl5De>jth)=ERHLVOctsL06;pJ$}J2mS;4Oc0M*Hh-L)vdQ4ZH*T`aX{ zeHN(lxVE=vTFLK-b3n>9z4jJ{L26D@PYER;J99jWNYPke4m5>jyDQ!eR?=Hwu^){k zBU%R2HEPTaF*|O#wDA{3HQ3H&oDl2n74iAXywXTFt5NlazRE*M6lo%Lp2x{~TX#t0 z1tjjdOxl2(^4bj23u0vqWI|FW)4fDrm)#SyN7(kOGY;5?D*l*g^88DiFr+l*{7amp znvMtDd--xAUdxSSxaZZ(XFxymHwy_HYL>Jg8sbAP%x z$)kKGk!g}y4X?2?6iy!;Z>!@k-RNzeeiykfUnB-Q~rhDMAd$fSZTg89l@PfbhsK6`C#8q%UdH!WxpZ$upnvB(#|@;od+2Hb ztrB$1IgY{gLWv~9l!=dBBB6!4no|1B{msAODn9kDNXlgRo84eow&IHof>3ZI>FDWw zBw`Lr!?^%6YY3;kQEdeQvt(<9Yn#PqsWG;d^dIhEsPPcz(IqaaVp!fkbga)Mg?BXeX69|=xIYF6 zicuq(pk{CgX0=~`A=8Vj0pqY1r|nmE+qyUlH!ds+->y!Gq;|7<@yf}{V$~VE$msF? z((sYLMULTmV|u0x_klC*qHEefI$F@CYx^PSXSa5c6nBt2iFyfhr@R?i^U(+l*z`ne zNowa?lX!wJxlZJ0fa)%93DeEIbGg@gG-zkv+|QK4Y>iMOjcg^iknPh zl9;(oUH&#OlM0U*o6O`tmkRd26u}!3W%G{Px(f$*l9&g*A@|<(Cl3hCzWN0^AI7wn zYmE_^u&;LS3ENsfK3OqDhjMMH3N2-^<#TI4zys}7HK-PV1vAS;axMhl*{yH2{2ke# zf@*_}$iF>y>yccQwIJsHfJanhLPP1|Qzo~0!%naXpkX9zPk0#Y){>D!8)!AJ{r5cX zlO5+E-itWZNoHF%^=$ga=5+-s64G$x;PYu?-9vC;ke?Yy&!c`8lMqG66a8Fef*^^k zL=u77(}dB*lbsX?(D&KKFZgf?i(aOm|FT%7(V8$9@-lyRBT)k1LC@dn>~78{C*1oR zquJq)OV$Zf>h*vf*rLHwhp7BJlwd}ZBw8GL=Y4b>GKs?%Aa`_7f^t7;`_oWrddglf zcKu#PJX$fCC0XkY^6+u+UOgde5sMwkQbW@fGAUb;7JBt@+nC=AU7)6@vf zSKULAmAF#SK|2JGkfpFJ3Pzg1dCRM1S}X=7TxA&FSq*zlpaawH0SHjmzBC&`5US%! zG$@Kf%S}LW`9u-KNUuy(LUOH&in3*7w;W^l9qPc#QaqSS{uCU2I5D&62&XrEoeax{ zv6C34s=SmT-0ai~K6Ku0!wS5>w6Y?H{86fn^*yn+YHG?7mS1CwpvKI8h@X!J-5U)w zM!34IT?@bsohnw5vN0Oka2&sD(|IA%>KF*sIzZI!rRJ)=6uLlHLay{n?s){hPh!Wz zkDc){>@q;9GITV#MdT_(CicR=`2TYzM~%pk^We3(gzD8l!P$!NR{;Pn)D{8D#XnmY z-rN3d43v}AkfhG-VQ+??A&YvYhQaFO@`9smAbrRdJ>J!vGI1KsZ$dwDs!o2s`c+0_ zmSK^mCPaxP;TU8f-$vv6(aG?yte{r1ts5Q@!EwJ{k40GbD%;LM*H0lO%(%b|V!Iw| zq3~ei5eZ=~!gHB0wH9(=747ntb_tfnM@)wO1Uu#|-S~(|&$(hP%*4h}t*p$BT&&I@ zxE}Aj@_2*ihQ&a=B6)9kT&*J%D7~4waq@RF-rp(a)S`~RWPr;xV}x(C14?@0osv>q z10Tl{3yiH98m}6!!ofW8|uIqMDB_0YO4iH&jjz~Qg>ks7E^tkj4psXn1*L7(7 zFnNl>h7N-52~p&ouEeoLE4MX?NE(3J;!Y_yYyF6<@CEpldo-)*t6Pe>!OH6>bOgj@ zbGP?z5pVIAL-BvW(uan8U#L4QJ6JfHgKHCWR!^VYr)f1QSs{52f37)3`JogxlL>=|g&QwB)Ch!%8d|nwN(R52a zoqbN*e}0S<6kM)`JNAV4B)K|;G$&_hwfXKgL2s=LC=@pbWJD08nTc3U7$XUKmaLAu zkN7m9w6q;$h#Z}L*$|>(6mchZ@LGy^#qfChVfdszu!I-^jDLD>`DFs5BS=n(``r4J{M6;e4}6JJqi59#>{en(S$ zm>9mi5cbPk!suRf$D>7LA9Cvna9~kqtJvyZUEupLt+IaI6Y;4p)|FY*TT1GiVcGG>EWkJYD_iCb`RSJQGrj9zWGv=emch~9hpMZ z+I&SmxOqwfv;sbdNzMKp_~wH>J3p#!2g?-9luLYgcRR2qyiXj&YY?04X?6F=-AL!Vu1b-OA_;~F)d{Jjj40?3(4_aP|e4^ZeZp zbCM<3MSFnH#fY8K?WHbypYE3A=(CfUQtl79{6J*rxZl0ko1mOD%^R+9%Id1N=TR1= z138reSznOgu{^G?t4UREy**qLQAnYK=xk^~-DGxjl(qbf!8lHAz#|F$5&1YHq|{UW z8Jmi~5$qf$6rHpu`}SKh^LeT)Mp*^j)xwv>xBDyfk6yKAzT)MkqbS6s6-qT;nE8sl z69Tc+^O#5Yfr{z-D7LR~N^ofW5C#Mt-2!Vr7-S7!YqyinWP0daCiesVtHR3Xj~=J72p^=RU5a3Hl8IV67iAh zFx-P%rnvnsfFEL24T^wW*p774h>;>XgII+6+v6-Q_arFM*_^mSWLr)331X?cgSD!d zG9`I({HJ81uU`!rf0GPFtra3(+u+>SRVJdhN@-sOc8+5}m`Qn}Bwy3Ke zir~nngiWR1HM>_m=#=H&K?RAicwKd9fZIuvCTKYR;}^)fdPsFp5o^Db(6g9zCzPF2 zIFdSk?%T2AcCZ4dQTAN@m=UZetC$ZLu@q60Xc$vCI|z~DAK(G_Zwq|hpH%(TN8;nu z$f$8hs{RTM)rl+2Hyic^FU-P?(L>F-#!x&3{cp!!`KW#x>StqD)1!(%!G_dK)*cbw zpX3Q4of^VCmZU(!;ETJzQ_O&nwRyE`{#o0i_3Qp=Q`ofzfU(>k&>)cw+3)}+%cUJnyh6^{ zmOYz6%i^_Ke%LfB;lM@nnC_vXS7+J%S_&{MM&PSWNYnvA);n8tZRC;ZOulx!mz~I2 zlvK3zqo`{=uU=$|#gssU>xNu)^~M}_2-=GXDMT8AYg^`Y?sa%ZV<9p4 z6zN{;Z{3HrFJ>&6)O9MHqS<$J!8n8pTZEqsC_41~RzRw-kqpxMWuDVrFw@KBZGr7t zwGhbge8tNqkdxNYC)NlES8_~x=W4}<8Ut(dy95}@wvZ5GzOM@s>iK+^7MK1SJ?t=* z6VU!|A?h~y?@LM*Cxd_+0m$AU3`x{cFM=d_Uwxk7BSt=9BLvy$Na<1Xl+fE|0Fmx< zwAOkAop;$Yh(aEq+^O-kF<|D#tdcWH0i!&3F}iN!v3=_Hw=}#>xNp-dVa2BW@$Tuh zH%T@!Tv)UE_~J@sLPRT?aUSb?Kz-SWec++W>{+{<+`6b?>Y?Q71=fES4+&k#o-ZxKo>AyY0f!O<&@qWS4+thC!AEkkB8twu9|~+3ZJtRDV2lNRS56>2dXiX9EIbC3>`|Wf#)GgKWj!L(B=BELCcy zX_P=cT+z#X;Vv9mS%E%0Q6ZTgQXtkZFP=;!8z zv13_Mh2lGfSA!zxlox+v&9aV3R3;ggQw?%JH3u$&K#=j7 zhG%-g%O|`!&y`??#QFky6mFGf^L8@U4-Whs=&vL8;aIt{vqgdGj48tha6(pOm{|n@ zsg$&4wcd8PzM<6W)F4%Qdg(h9P>D8Zrhd(OQOD5&yWu)ZO9Wg^+VV3P(=O@oH*equ zzTj>FYRvzU?#EMW_k;JY(sY_M7HD}W&{7sDmz9W-Ze++n2C`Z&!v+r(LJG_;Q^HZX z$=jVSr${gcYtyK>oqZ~$OEf_G#QB@L^IB;7r!d+OY$KA?*c93*)X#P{vB0=smKyky z`8Z!nchm9beA$_?r+69%?f@icST_*gi`(`-P{q+uA+2Fk=<(*nG~NA-`eZU`Xb{K~ zo(|DY`1~E6^W#G$4wFVV2Sj&vfajn=K$x?XQ-E(woZ9tP zS=cr0vT0e_#oWf&^TCo2M(DGp_h*=`bF-$h*_MGYpR^o*yY1q0mr2hrwQ1B2B7lkr zSd7whc-emOL|5ZvY^hEf&>T+z?#+ta=ug?L$21}MxQxfvN-JF`l6{Xd3!A1jbw5c? zNV}0Z#t_s8q46XyBL#i&l%BLeJgwS1n|G4zep}iD^hkYLqp+#}fY-F5$)e{10d8>D z!J}f9anL2TZ;)G_BV6ml=ybzgfB@_ZmF(>J<+O4UbzXmRmEC4A-BcTy>J7x!Wjyq( z(d>bwEA-6RYiR$R2=!Qd&jH?RK^5w`-uv0tD&1Z$Ibs@B$q0L9WG9o=cDlH~)M{ zK!>}%ukHB-s+&zTrziJa$x75h2h~OQsl|$THqz$XA0a`wAZe#rR@YIKse0v{stGM z2*Am;tXi`MFijh~OP4ws<&@zxeH!LSZu0~OTZtR6^S2UkfpDQaL60t(_hc5?dw2)09 zz&{s_V#o;6`nJ%P%zagSEc9>VP8E?1)!m0%K0o4Jx?T zg>Wy?$?5dX7haiUl2qZe&c{=rThA2UA2kYI`mlO(t~+nNPA|h=nK z>tIPfxFWG%Jyz-Zh%UA7QvR`hXoQ}0^+B{y(TY*H>^!8fJ4G9i)xg5x#gap0YHs>lW+3=zT=2Kr?I{Th=yFy6BHWIYQ)G9sb`6}h_uyajvP0__A)25iFh;|6C=elybLy{WtOh-~v#8|8HkZV`In3x6q_K&wrqfVp5|S@WJf#+7v@A*7Guf!?E_8DSSHA z6ZK-)5+wOk!cUY-jB|A>1=6Ai6nd)gHQI+CV%a;>r#WdjGzOSgHa4)Xga+}~zO=c@ z_+*GHw;~Ua>v`4-H&v;5K;8A_kOgKaddDzFX1^>*JwdS&q=yFtK&`{(rz^cQeSGf) z$A~c!9nV##Hw4mbgEYAa$&nHBSg0yJ&aKPfnUn4ojn>jQ0VnhF zbOMOXpOx>jx>Cm(#V_g83iX(K83z{|?omF{&q{1wruLP39E#KdUV_S%A>#*ZhP{79 z6lCQe3u@G%y_H>zI;ARsP(FJxE&A+91QjMlP}5C)O<5$uDuSqsYFc;V&p{lFz|(?t zt1Qv}ENufUSOB)6yIsXx<{hijqe`o?1Z4$o2BTEMY1msg<`{DlPmFc4`pElZif=e9 zPS?ZZ?#`|^JVmRmd#fYLn6s66K@}Z-=mD!Z7}Led@Y!0H+)Hp8suW1XJWG?)fw19u z^2`az5j{jTaV{DrqduJiZ(SCs9kwjRQ!s7CcY$#z&bTgM|kfrz_9|ALEv=11EG#f4(krv!0G)W%Op0C;NYV(gACG}o!W z3kOkRq_FKxbscf;QePoro^R-&e61SG0Z_NJ_#}ljelo@7D?yV8(#LatPI2ud%5@hDm3zKnSS3Cy3Y138udJZwn(Fvf$%hjDfU# z3XjkRjsq;jw)*>ex*ne-i-{C84Vak3miHSI1gXpxXB)M7Xt6xfoi8MJdSm|R*VM@w zQ{`{;*f_Yl$q<93Rr3ao+&iyt3GU(*(>{v?k9QW_Nn_X0BNK$c{*=-;5~4jl{#fmX zg@5L=toF`z_p%bDHk9zZxV_hW_>_~~R4oo*u~malUPImJ7PQ(MMxSNvT;vXz+_I>c zLK~;G@r@#SU?|}!NVj19YFGdlw<<7m*0`%0Dj4(vyZRx;Fafkd>5f5c-jmCZswzwc zOp3r^>u5+JSTJAUKHIbRr8S2*i)uB%n-Exx+4(9RxUqUi>2m6)0AyH@LYcNUwE=r6 zInUKoOVSgJg#yF((vik&Xb+@)JQF7J!S-EZ_egBMQ1&q^Yb<=s{N!C`=v^1*OIoD# zcVM80>LZtqK#gc`xXSuMP5w(+DF`*!_-r`cH}X(1w0sx`5tB1wH~c;{I1lV;bEnU& zbUGU85x+R^cMR0r2E4*bDeE2G-KhTC3JggiP`TmNt)ZKsh@%I^1;4KzFP}jt)eC=4 z0UYjh`BslKgHwsvqF_)%G8ArQy_MV2gASNdQViLtV16(n5;%Av(Qx_BcIFy5<{2#% z_}L!lQXi7`&S(L9h*nmP^57pp87%c24fYIF^y<{pHiq$u6$tW6r_f<5wDtrh!ZL;I z5gg;`w)MkbRIjnVm2~?9HR$n8d}KqN!IQ8lxN{)xOgNlszwuZ|N&eKTxRMKgEfs$= z>Py=GzlX@dt_e{R^z1ar--@n&>xTN74GW~w!`cw>A%)6IdbTsiC4+A`WZ0rv|%Y-YEl~@6Q zKB&wxF`ij5>VObEy15+lDw+sPcW_IVmbd{>U`qBJ*Ajr1+ z@Amci1d;1{XZ}UxGGuiEB_v}ATZ|@StQt^~O2&ox^eI5#jl4sTWi5ncii#fj{B^|7 z=*)PMV!7Bc^HVi`xSQ4OXZEnrgI5)knR%4RDnalbV9(7dY;o1jsOAioAHO@4j_Qa} zS}J8X&I;58x&O#ideQrStAuCx>hzh`<2HKg%&f(C5dsATQXGsZSF=7}Fn;pPqv4ea zwAR1-T801hgO($l10qvF@u;Gl=+u?dITCD`g{QZYMLqarghQ72vq_$nae>|eozJ|m z{MHl}v1h*d1^F|-(Wfz(o_wUaAoQOLaleds4)GWX>yQ4}xDayGJ^HA-o>!M$gw%C} z`kP!H;F7Y4V0gLo&M?#b%V_1>6NO@@<1n72YKcaQlG{0wn8(n)Kp0F%UHiJTWb?F8 z;ivz^qr(myG{1fe=EaPgD6~yRDjpXLEmvtbe~r#iTid{@gbhT%2N23j0V9?x$cYhv zKLSEjN0X%KQ9p_1iWy7v2OAK^6;{=|6GgJi>cY|5Rbf3P<~pVykVt#h9%AM#oGhg} zIiuQ3UN;|Z^S=wzU&Yo(=lNCT*+;Z3-x>L{$9LAwnCb~Fw6LgAUiqu(K6fg|x($>q z@y5Hcg4wc_qYz}b5F*6OtbcX61No&{YnkH$r3G{Ok8*DP8(fRn6dZS30iPx#%=~jC zC@rR+Rc$wldYF_kxgJ2q@15r-cR=?btp&XE!zmec?t-;r`$4L&0(fC7CCd~O<1blfV6Fwb<2<+qo~C*r48es(n8MY|rPj4zl#d=hax-v(*=dR;XW zW|UX$doT}d9;5#&<~a-e2S9Z-y`xrlozoQsy7TFw{L11_sLcA+Njod87Mdx31{Xnk zm-F_IfYPPop@OW{>FG@#?`vQtO75Fm)2h#odFKs_VqiP8`lQ$ZF_X{ZP1SuK-%-%} zP#=WjA2KAriV;K_F+Uh6gAU`w#=^#h#Ah6se@riQ{mKe!?eU{p!qly$V>6zl*wKR69l6Z>dF+TQb$&pi8 z{66a7%1qX8***{f$5!nNaQiW;;5IrIr&q4DtrlB%atXh>LV}5z0gv*gk=)c-7I%N9 z?=GZC^lam>B6tyRs)Og3co|K{yBBk=7w$`t@N93dn#ZLH5Y@co4d?#eT8#Krt*TW8 zRs~GLxrF47f~f@ti^JBqC7Pw^wrd!I|8aKjA2jg{H$2|2ZHxL_0Z1>U9LEU6+GvXx zLS8DRKB@AUR1tO~q^l)!7A|09Q)PDaz@f%o+V=REj=&Bruc4QMS|OYE(ITlUQ(=bs za3v_wP(QDL&K8H$XKCikYVL}dJO?hrna&jR|bg=|J_~Q`6 zu039ib6QP_B!OwWr9MqV8}e)};fhehF%ds!qM_68oxoC>DVl03CSd!z6@@sa+Yu_; zvL57XZe>vXafUtsTEm(;*ajU63h!6DdnbGY48_-u6P!9z?PhNQD}nD2;cnP=9CWM* zDMJQA*gyMgdao#wqBp5KW64^gC7`#Il?Z$9->FxKz0eTqZ54nTn`AKEI6)Gzb{wXU z=X1OBbVuMV4vp*fyAU?qv%(vF;wUCe`g(4!#zeXA%bnx>4z|XgfDhN1B`aT4h&*e& z9IjmIhQxKmx!lxFc*b}*fD|C(gE=uS95joW7EB$tznJPFklmGMswqD@@5L=_V%8+d6No5 zUG)LJ^?+Jo0n*;s^PErzVUgrv9AQzVN!zu@OgKSfgZldP`ST!pne9$;;syQXiCQ+5 ziw|b#SKl}%F997wuVNZ106*8dt&V2W)q^g)c?z-3x4b-51Q=wk&Sya^6(C@hMR`_ zLufDkPBPqYt=yeR@yz$9nJSz2n&QsghyHiMK3i%~<3Dd_sm{NIlYm?qkewOD`6YGlWJtp7 zJD~N%d^(F!-WD`&?Hc?puif&GAQdEFy+F3oq0yM#8?3 z>>g9j*%P;1FkdYnQV<6%O`&Poy&maMWcj&_8L7_0{JyI{jJk9BsTbi1TN$bXgbfc< z*#c5~`?}h=bM#Mx2^|K0W&2@wq0VvAVBz->y5R)Y4`nRj7Os0+w6Ac+ii-SlEQbMD zBbAnDl`8x}UwD&|P0Q%s-IH&TFLEEeF?!^%k=#%rbr1{D_<9NVCNvfdk~ZhSBzbnipUN2Rc}xqr01QA-ZG4&--8x9g7FMn*W3**CFJrazV5X@0v&0YoiNc%zVLEV{zgsi}Fp#KWeA4OWYw zw=$PBkIjqZdXa)1Vyo{IPd@SzjY`U(Aui)ND?;Rkm3);7KodKbnLVmuT1ha?V;S&K z39A1v1z@=#y@88r8sdh(BfkkbK%z?)Ob7m<6l33P07vs6wBhJEWok+w~Q;0sS>HX)FVf?VmycoYUv?IB%b9 znCaNsX(Sl4W8t348IB=M1{cpWCiqGOnJzY7ZqeRv3Ge9nRKH+mldmf}nTr+?*on~*AEhroWF56>fNkpEFZ*thsO zrtN|Yd6_Q?Lj!S?FQ0cw*A+#4@Khx$@mzS<1DBhfQIZ6^j{^8t?X$s=OwO9Iu!HM( zADiqD2-n;w#B?Mg@oA4XeUH;SGg5^w7|7DS{Tn=m`{GV{3f~iR;RX*-#(xQ}0BqM- zKrce5iKV6h1BCgY7<8>6FF2^Zmu{4t?mKcT>`9Q-BTyWCt?vWHMk_UrT4>t%=W(>B zSX1lMZfTo-E7Jcy)&y?A99)>5>hg8bUzWM!`4G%f@f~h&;lfiW!wR;_b5d`#%y8!R z1RO+Q?Af2J@H+)?2&;&P0b1V7kfBk~UN%Xs!gz&i;!M++p+J~{ckt=k{f~KM@v4r> z*O{#}9m<#NNeGWgtBf~hV!jwgVQFY7Q+qji1{wxqeHt!Ol2bv7gqul;Gf=qG zR-E)ePkL#EGCC=~Fu`wsY49SpXhJH36`92W@7~r5FnB?j6d_^ei``_Ar z0ycU7lD5p%g{BYo->W3&Za=<|@eZ>mg0^5uWSHMPrw3Gs4ab0C8ovU ztk4n~D`vK9D4a`SyCf7}J^st#KRuY(tgw#gH|5zv>jX2GMy$;dP4iyDt|z~97w}7v zJGdlQtcd@&+a>p|wfj9h>IznIk<+c`Wik7%y`78MBIBfNhU)t*WD){jYSB0`ChG)` zbA@JbEd{ z0ihXq*#*EME&h5i*#kj^uNHc`|4xu~!#3lH6z7#P^LRuOj`JUlEU|kC4ga)kWUNve z#80W(-xRBf#~W^X3K9CQ@u=hy`t%J2XD9nos*OEU|N2gxeuZ7Uy3di+g_cGUSJdOJ&vaq&fVm33YDFs6__{Qx&wi3d_HuA z^)y3D2Zg%Ke~e(_19uT?9%$jyS!rtl^}2CvTVWQGaf$j>pf2p=mt|Cj=^@JU>SEnL zbX#SJp{ZhWJTUmvOAL$7v;~^}E{6VDgm72wbp+nhr=tW4SwR-Z!Z+zZwp&%d_CdEB zLA70oqM;LCut`q1b6bCk`%E^5!_SG&U)YtDa@IaqyH(~Y#D0kjnR4XtVIEsukb)x{ zwF?KZ{Yl?7=WX?SH1Bk_}Bp zO840SOfI|UtVq000Js{J+5KB`B&_G)v3w~=H*5?04qZ!5EP|T!X1`A=j7imvIP!zz z>z?o)M(C|Ul=PO(erwABCy`&sTz)1A98HhQ;p@=LBbpkNsM>33#jSeieTbsB>2odT zd1ninHl^)gc|P5{ZKP%2E*%GEHxTRx@U!r(S~~sq4-8kUW3prI;mH9BWY$*|GDa|R zz8GO_(aD=w5(RcyiQR15eYIjEVAy^?y;pl=NY+VQwcv*wJTvh%J$?NUVzmOcfk1$m zLoQ%s#VwpBxYck4)=&Dv8aQKNI)rX^BY;J!9Q`-phW&rKr;bx!)4;c9@gocl0onR7 z441HVFki_N)W>ILrTYJT9I?CNH1S}<$t#J$YjzOr^L{0;wP^&*9Ft;>g5E3*G+L}s zj~|~;W#&vGOPX&~!+9n97e{%OT0>@VTzoF1z}utz6t*4iGrD^^!@#v!-?l}^t#_T! z*Hu5kyNO~Aa{>0}?2Cq@khu{8#)TkZY(HCes@VI0*0l?p&PIeo<_mvgA^hmW6S0hR zWOo18zE#D}ImQH^+$qZ~bP&X`ZqR>v!-&M&UxO}10CNp#~rIum*B zbNOB%NZDImqBIuI^crYY-Ly|tizf<|DPS|FHAVe1S=cYY<(==72)zedSK}C?*yE{s z_`mNT0L5qYE&ZgIU~LjqxwXVe*eSs_nkF7!s{KQzb`XLO(@gy%m|-7_+~tVvVUodm z%9pHM|2bu0)CgWU;R@Z!*z5%qj}A|TE=WyDIOw^ zdY)aTm$prJU9)71Z~=9xJPis_?b*$mWj4W=kyBzP;Fky|6~P-7V9>H%1M(?DLSZg> zD^gq=-QI!Il@loDs2gnCu^w$>A)c7x- znuL|c_k@lh1U*z2rG}C+-0zM4WORAB*Jrfm8QMYagNJY@IeFb0K)vZYd8Kwm(jE`( z=#c&-D6yIPi-IrV>7#=_12RqEQ!(aO$pETLI9XiQNt=!%(qd{7R|zL+iQ)ti4piy? z>QzgM1cHXaL((#_4dZ>~L41t%K{Z~wU7JI|&E1s*0SesR7eQ`p4#}Ggc=;V4RJ%HI zHt(x95oi)DrlPF!*y+|d(iY)^dde6DUkB1~1^HXAZcOY5$_@R|ji~bHt3@5c6>cOq z=P}+5v6J?mF(h2{<6c8X(l|m)8ry_EPrCT+S#^;Cw~%~{yN9VCu?Or|D)P3j`Rymg@E42pxf`X-r*eRQ zt|3cN3e!eogvwzc#5z89UUW!>b-hBg)WMX~n>ijJ zWy9gwxL9+J&d`8#t2s4E3 z-FFsy6i}(MaCE$=dTemsKA-505<|V=(_SEdT$AP>^$(0(%ba9oFyaaj*%@Nj?0i)P z7S1ippWxQI4cpaq1om(2;M(G@%|C-fG9F~oYxHke7IQ(u!BlU+Vq;2UB%*`Wx?R{} zZ)fPWRIabsIYka`;-GU#wdH1tmm=bm3uV)r3@WGs7LpU~0|@bnCseQrL8~(blg>JW z4zfAPg#q|J;fnh!FeZpf%TF&0p`Cn(CqxOB$)yeV515BWdhe8rHL!q1K>RWhQc7sWGom<*_n>k%mfar zAz!zV9~5q1W1c*XgnHsp7D3CxC6CHh2HQxbc~I4XoTyeeGs+~`Pf62*(6^MX{5T3; z8aS`j@CD9~z+*#%bU<6Pit|(8-$H;b;Dy9i{y#iISIeZY`tw3%=51&}zc9FqPv1jW z8)i5bR}^>8KSerpSN?{HKAc~;BPnmwT<55M;$8i`WRCAV{6Tlk4`M%ErMTyQr;_^ZpIgK!NA6 za&&iSh}9FH;&E&o2upt{d!)|rVMRzR+mh0t-^gP?);^2jVlO}or&q2cAwjqI=@bKe zKhbe%p7<9zOSKmEb<%%NNHioFiz$Z0^;bCrIHk=VGh->TQmHEKQa}nb*R1Y~@`5iPfMwFA^w}%cDg4~w#mILOr=U0({ zhUsubQ8)@p7_w|qwwO7}Sq8^I$6R~Peh^KpL3l%ucl%t~7#eyh0XV?ciTv46o0atI z%7Yo&&QYSN$Dqk);mR1b233fDXP!W=?0>5`y)w&9X*28NNR9 zLurt=E=-m1wY4mTmG2Rim^{e)OUayLmFzT)VsJi`MINJfu;KVz8P)k<_PxkEYvQD7 zHei2|E49FbMQ?YR*pLoS(Nq}~LP8`|X&!%w%( z*>O>kAlZ_}fbf8v$yNUxy1! ztDiQ#@vL~PYI(gnC1a$DwjI=|)hc2d-a$GjIoizzAyZ0vq8f-iOc@L_{X&)a$$6Po z{z{&S6XFT<@Lg(Y6~8iMv|gwbsG%Cw3}2~xX54z2kQ(85jrsD#18Fe1IT5h#QRBmk z*q-)w#6zTDvLez!Uft`bf*-e6x9GT0NJ0pZQDl=&gac@W#r2-LZ#E8xmn&3VpM+Q* zUMuy2Wb8Z|2dO0n@j0**de}5$H^y!mz$Y|0JvrIPgnwNUt}{3?q7bd7bF)B%WG{H>?lFVkYveo)&B9!9|B24-7ykP#q#j5$iY6| zwfVQo@KIDjr6-qxpx(zdbbShnrocF0;dd@{r_DRZ+lH%e_ceq-{qf2|t5UdCf%cR- ziQrV=Z37}{NUHmS#a4D|`>26Dx9-1n>}up>7s92Ig*;;3<28`RQ93vbKM4E6UN;g$ zU!NvweRsKqGfX3n_!NysImU*pzc%gnVk_9ne#r6`Sbep%1IUdoE=&hOa|~MxO9B-z zN!yDLq#!7#C>K}{Fc1@JNeCH5dyI0!RM{3&F+FEct}z=ktDehJO)`tTW6!>?;kVCo z0^R- z@9ZrHq>-zzLy#AV9MGld{r@lWS08r6Dt@i_=iaZW^9|WcI zx7vjhhg%=(Z7@bt?XTW(kIDD0telZ6;jqsa31R{l;MMK3=E{!>v*jnEB%Tlz64d1f4BUbPvDh-PYQHOEoO7-?^@EV?o|uxRBx;=m7U&0-z9mDM?_&-dDE>^EoB zVYKyP_lm7v386z40c>l^&dqF!*f`2}@gFESGE>n6VxD)#DPyfJ1-^T&%=#LHJ%F{@ zH0s}v^|L4K$%Xbov@X_;E&TgJ)7d1X`FE?&CAB&sw5PP^4GD`8M!oYE z*{ea25fST?h@b9_bJGe@A!$OmH8iDjCP3A9akYHC<(2 z7rRoAOl8Z}fRYB;{q6iJD1a`PI~3++xAIH5)R&;drKPRreeO@^(*5@BzbAAoj{ppF z#8l^`kpz;JRtaP!BF^&LUIbJWDzr*lA!x;1HFtCZGCA+uy>{-x^hu_mMDBT4^}psw z7{ValxV&d*P_&n)OqR}0zfMbfB)4v34wjjqIQNDB9#9bFAX!h8>Au|IZDPAA0YN@N zcN^ggnA3hkn&Y=Cdq#Odn`H>V#iLRrUwn*iZyv@o{>n-^y6wtBW&jEX z6Ppz@EWT_Jk$?XswIw=@2}2QpgEZjT9%!;`x;b^wO;ClWh(=BYdj_FTGBTfgqBH;$ zG6Wj)ClP{^ebT+3;Vm0ME!hy!5$(+S?%IfX6+-Ntij6Yntj-!)JXiFllp)OP<^3je z33doZbYm%=wBZW(r4mZzF)Qy#N-9aiGE?ziDlTUUx_R!d9c^cEi>iM`WI3P%s2fO z6-Q_oltTsS!*@pv2|8YSfRHX1smrI}r5Hm-Q_q{GP8I!aJRL`KWNJU9(uG0HXXQ#b zq(#8H7Y#3rf@&S^S1{v; zBWD$8YQB9XuVrIo{Yv^J$%X4ao7(Pd*pLH#)xmd~0sWO{qnt-ebQ45d2iRR{s^k6W za0NdFNeCSiCJol z@q!UVz6K{-QyAB#x{{_Ea%=`Gme{zg4E3jw(*!6yhKge~ma|X$QHtCd_G*2fr5~O#Jf%=M=mA^r*<}1Yk``iwTUc{~xpS)}i zQX}I7Wy39sfwP(V(p}mjmB0uqbv4GW-gsI>cT#MCEsj%e;oKO@iet$r+ZTVx->g!#{F>8Ruc{^0mmyY&v`<|@k7u~{AclY#T63R; z03dJqinjVKrHhwle!tQ02KqOGF2iTOxa%bOGVz4|mG*ne9EY4X1&YpY%5OPj z57I156OrpM7o!{HCXN7imxqUt0y3Hi3lyTWF)KNl)^`ckr}T*9ij{tCD`Gmk3>sud zJHWwnEpXV8LSCOBtCVhXz^@VbET>XI2IJfK!m^Qh9)uX}-xd`&2lZt(`Y-_)b5DJ) zsM+K0kpq9-y~b$5B7Wk@@d|sBDuLCM9TeGeOb_xd)0Qs$H`o{kBu0;>_?pn_+e8cD z)A8@}J<;Xn;^zVf%w;l_Ws;ECeCvBR8C<&=+1x_`n|c{+#CM_a`AB7BYxk+uby&Gry@OO-7c@<19c@# zM_4(%Sy^Wyh=v)^GV)18=Y&BVq(#mt3w}}TBg_n{Kp3Sd6+8#2q>$hsjPNfpDMJa& z2SGlWf`WPDb@rY<=X~A0<_t0LCquwv%KY6QJSb5hdjBnU0;R*2<8Z<9?PZH#`{#!?Z^dsGY9n??ysX@N1k= zQ_W3%4t*fKgbl-DU=B82S(XJqR*Kd)AsB3w!=57e@^b&j@)-J8Tu0@i_zEE#QRn4^uo?~zo?y=wa9 z77?p26XaLE#+i550oVvw2ld{xmr~ts0=7oQYY*iLE$yfQ?^P)=lE%juuozQlXDofU zeN0ZpsNcG!zR!~5V)i*lnueZqQv>hIo9VmUrhtwZlDZ;7Z4_l|n%5_bCq$ll?vRAo zH2dZiQw#X!3deWu4$QC!Dxw*w(dWs_!-(T5kW>E)Xuqs9+qyT}`G0|pH$=kjrD^b& zOw;x}Yb13etri%Og0}{Sn?+0hiIulP<<{Knv>{2L%rEB(Qc$>+(kTBAofm>F_ZQM! z_uf1{HeJT?`5Rol|IEU^-PdP5pz-9bB5F?#$fmW34raY@26j?A9`gqE!s!RF`zLga=s71=eWBC?>+s*@~^ zw|&f^f_Os-MU|~R{z0=*weDz9Wnl)EmY)hbtGxa|aGflfN&s}038>h{?EEG>cN3KY zr<)1q;BsCGCO~WNWa0?h5`W%obb_u{l_xZXd1N~{hTbl_?CQ2h#{-OZ%;EPDa(F7X ztb*EKhM%8vDUn+!*_$uOHTD0g*T}k&ugePnHgmLO#*QJ|5A_@x##9U?*ri21*KvLz zxNTgqHGv#%_ZkLW)dSPEeu!WYHBV{g$<*=)Hmy_sW%F@>Wq%@DQTc#@0huJfO31At(X2XC=#WS3T3{%W9ne008F4Nq zseAo(=Dl8U0FvHKtN$Gw6p5tcm-Y4qJ$vlxp2yQ{IoH@oi$!*c2+|PaaWDa{aNz*g zkt$%9(&42mt!s2i=$6Hy1itvbUUu@69>4gGp*UHIPVG34a}1AqN>A&58Qvd^ozG#0rhlm&@xPeoRbjwi*Mq!jT<@kIM{5Ojst=94^CxjnNO6nqB)b>qf zx`5qEqU}E{dc*JoK+?TvVSxaY+1BIj@mnk4h7|sw?g>3HcNXKgF`hneDExaNOnA$s zX}_#4GAMkUMMm_e@XajXs=8J>UC>~8_p`m3>Ck--#iSADrMLTL&e=?|qv<2sJKQc= zZU>yT)Ty`j_*lBlaa?x$%CI^k$fXo2W!R4(NwI#wli;_0buNXzxKpP*>D1BQsJk%g zHumUzHG83rOQ25cyL`ezQR!h-r5|oJ}9;RMFlTHUL{es|f7nd~WO?W8_0>ZSE{tvotR$ zY(6ilayB4MLPIsCL6pgx^gG(LX@89@S?abWN<)09XDiU3 zy-T6QP-lIw4?RV{rL?b+TA@D0Evce^`;%M@aNo9p108i8!Mgia>G~~Kj>*9aa!Mx_ zuRygjlf_ALns$S%br_auAH?#6T8ivhei+R6sc`ftN36EYg3>fbu=Lz&stHBMxC5;RuW z#qX8Pp`T=4HH-rbP5dogdL^KEU(*uPss>Hqy%7TOZ5+AzFf|1jOJ7QkmRFt~7&w=h z>4j{(|A5jYzc-PO@5JacH{uamI`CHfqML;WRu!=fus?>7OaYNNK^lMcB+gR;MI zf7%j6F*vZr{Xr$!Z*<>e1}65i>m&HLu#2=&G!+8g!;T_bq&KFrx~U(+sDwHlHzM)2&4QlLgw0&fM5DoSNnu?&|n23V|q%d zfYtJpo4AMwVX!dMUfMO;$LRt0UNZd7f5usFT5*LIIqoGPjj8;DAs21Ct=>_IvYgz| z9Ws<|vq}4Hlp;d9@mc+&!hXmHTF`P?OJ~UVU>i}Di(Phz&|NP_TF7wc!`&* z09X$Urag8hd|Bj7yFGJ`>X0ja@z-e{wYojCBC#(gJ{=|gP;;>9I0}oIm`kwjFuqy8cVO7e&k{K%7b~Rj)9Z-N5 z!-e>V0!VbXzB)ik6fqc;?seWy!2Rg{?4N4=nvx7#f`fq`orucK?t5at>s}OeT*U@8 zM+l!PoB%e8EhnR`b!nk_ghKKS`})k^{!o8IM=G*tBS!9DrlYGc_;sFbX^C3g^5BZX zNkJ9>71Yg(I&BM}I5FbyG4VxnwSJW%?~0n0=?HYFUytEdmfYUtK^0&E%SxHmrg$TG zI-Vn6pmr%zzu~Ux6`2Afcsr`3YWt_xzH;E=g>p4umZycI#Ba`!f!FHhB?n({PdI(_ zti<)%SzW@qytgYihb#E@D^(@|+`=N2`}P-LqV>vL+|TPHuJzx}W~+qvu!plCs^=C< zfFK_x^1WH78$mSv`IfZPe1{(=XxQJP#Q05LQuaMsw~`HJlev~R7w-J9aKx%adS6$` zO*0iv&0oK?<9ffT*h*+48kw5;9tIDevm><78P>!p16G=m>su8!%r~YBYT!J~SQ2yy zqH}g1cp?804W>n&SbCN0j=u5)iOWkh+E}AuNJqdr5?r8<6gv30r}Ju%B*IrJtX7_u zY2UeEK1yczxD2yIkm-{oaUL6lPg_80auSWjm5ldo)Iy7#q8Cq>s*UBQo>$CN3re=+ zWiQ5D3MsIbj^{RM<1^`G=gwyL_Szrtk2Wn8?Y0t6)buo^*)mPs{U%p##4qVDMvjKQ!Et(D4tzsQQLTX zUdxxMxJw@ly1{4fW(+V8gS{uVZsa^G8ksO6iv11C)4wJ-yI9zhE{EwuL@-99wL$J zIZ90r_RR^K>akI1iDj7yRRf=j>xtr ztwC3&Jl;@SdbdA|URjZ$IYg{8=XOsev=OOj2sC17LE`2FDHvCq_6WM>pOYFQ?#tzH z_cZcK=rGZmJ-l7<>!v@>d;aaTV1isAm1ydJcu?{jk${9q>3{;I%3@(-wHvGRA5_|> z`72M;bSv)I&gRW#00DN`0pE5Q`i4xkn;vF7(C?Lb4dY=`K=l9(!7W~_M%1_sr(V^k z`QM>`c@YDQ91|hny&fcx#@}ASri$9NKVMSi)&3XwQ#JjcejHm7EM6O^sU@VbV45-ZjI^{6_yROWAvpg z`J$aejFTlXl@kbcn)YIM2Q0*+{si0$P%HKU-39! zU{-_IC$oo24!jT0Fx_}}h-d`Mw?vk+WE&}oU%sJxeotV(zxT~YziHLXM*USTvs)7^ zBYR8CP0CkiNU;57Ic|(jC-C(p)Iy-=mdr%2jsj`Z5nuSo)a;# zdb~{;JBKkuzCv`AGKyJA6cJL|q2AmnQJmc`iUp6P&qY~X(3?n~GCgG*>voYcZe5#K z{Q`-N%hBNcLY40{(IpQ7ZSo#&b-!JRVidqx#-J8=;3yRRxM>`&5tPC$csISN>%L8m z-l(1IhNv>w92PhG(GXnntiNBo*FDE_N$p0!9V4Za3ka}UleA|vJB3fr?X--CZ3Sn} z31D1THhcwX>)DLP$YLusuDw>2CNI8L4?5Y95<+`FH(Oy6jmPas2_tEwbFjmY+#R0@ zN6VE{?LJH02_N#wPR|GhF7F9E@4xSD5^coVV=~cJlopdtnVN5&E`rzsk5^}xoaZxv zY@76Ni0AdJZsHC@dtB3s>80JIZIO*A+kSpmYOzbIvynd}Q5!}J%X}g0Vr)YVo0IOv!kA>Bl`K*C6WwvQo;k?gl1cFl8auTN;+#pXP`Ltq< z^(g#f(_K}(JkndS>&v2DG_^-m?{#_07xlZF3F$Z=_< z_c=45-LoMOqv&%#_YKomzzYz;@o)`fdm!#!({x^xqy!Q^LZ6wX0F5YSmD3r+i*Xqo zOOvD}HI?kV5;fhfmo_Ufz395K;coW3)2_QoN^R%Lq=p-5ZyKCj%C5{WIV=>^@(wP- z*Sj<-;gA_LQa%Eyk)~-9=uw9fsL}_x@D2;{)6LjjIDMFO-Ro>OWQC~WEE%SMt%m&> zC+$Xz@K*E*9??%+nPcHDr8Qq)dT47JfYEZq-%kfs#l|17&ez(fxO|QfjDUNdF*hs` z?C?|0?=|?Az=1?D6zMJr0rnxbPx@QZRimz??FAMRlF#?PlB$HHL5{4(ko$lU3C7g-F zZ3VpeW=x$ajrMjw5(@5`8~`jY9ag^}H1Rulkzg1ITaLmP_kywgaRfVdY7s-3Zh-YI z5~Nk@b>&T?W=)s|dcjKGCJ)4^()27!IXuC@jQMnWEF8Q>JwK>O!4GWN)nbk_3Dy)8u{=Xks6Ia8K$A zsC$hmZJ?e7Kjr1&Xis;`Ixpcrg=z|ZYGwi>df_XL7jD!~ZJel{+vSeF>X(v=zvDtW z76fKa!$W1@XVv76D-%yJGm1BFk$G7S7%be=mZOo`j-ueY)Kn5#J!noPxHHU0zZ2PL zcklDe0T^h7F{qF$NO7+-q$rcP?X%?ejJnkYLAKyg?c4;4NXl*3L`rjGrlz|qodvuA)A_Xdo?Pi|0@8)pBgZvoV!RChCVIMfRH?!1u8 zAtXh<$X^0+gdMtdl59?6-iIq_Z1!)DE) zqBT6$+h1m8lg{)X8K=Qg8K>;J+&-DH{iGTSTv#qsWBMKYEOt*%FGqq#)J^#O4Kv`T z3G`lqdf3g2M41OtRAl3>E68X>BIoW1<-I^sEHu+@RpjMrN{aFnyUiF^3xh@DLI=y+ z&5`uNlZ6U!u&FN-uUAW9NcEh z@brU88ATZH-J~<}{@Ahnq#>P(@zjSa)@kfr+s9Kv=)iDcmUzPmhjQsE;1sxgk<v|KWrlI!1UQ=1n!+&cIb)ZCpZ(Cxf@vaoB@34U=t0!k}Ft@*R z{@LBZsE$^pGE7We;U~ppn1iJW9(elv6GA&OGB|{F zlw`gOzTFAc8!a2`%#@D9RY;vP1vHw_pniXPy8z}VZ;cZ{p8(PL`Z|i%s7$_DjDYBz zZeGe@Ev8D*rzKs4OVF%Qd&CmwI)DxbgF#9Q;{O5~Ft`jAaDK#~j)?@%Miw!5Aa zdh-*%w^Nl|*^7r%=F0A9Ls1hn$i*Ef8?jTa8p;0dpmgNUp0k>c$ZgjN4@{K7KsNDHb zkZ7)YeOUtxyak+flZe*uA^KTOMvHxy3;KUgV;B;-H&`>5-Daal$_GL~Q#tGghAeR( z?d-~l7TUx6-^`M1P$Z(y0CWj&hd*Sj;&Z^g|Nm27t*6a@xo5GKJ+MN24}GX$$U!$P zOPfNkZ_^o=E2R!xZ)*7B@iY#sPMB#o+rG5l?;Ed>&1G5ROns-12s_rBz98?SNhy!- zg~)0eZyV*$BsJOO84NCf(#IimsYC!nK)k;Ra~4GNVf@x^rhP-qh^J=fg&WN*pvegU zxk)z0O;?l@SWF=pX9ryaX05G!u&Lt?d)?82Jj5nUgiCFsTpIwYYbGJu<^5)O8y5|B zRgG=BuQFqg7-2$i7c~2L9+aUZR(sGyY%FVwGCTQbf3UHCcXM$WTnHp4Skm_faXm~d z6#BILHRhX$)5H`c21q04taU?|qam9Ew!RH|(|ZkQjoY+UirS2aZA&YD2sbLRg!T+@ zb-fx`Gw#8}6)r`eyAj?LrQ&Qd>8iNU%H&IgzrPh@+`BCjMN}YIUzR_>t?>kM6m>z+ zdnS*c2}G2wu3?elTU2uh?I_^M(~?OKuU%VjAF?P?&an+3dQ3@mjtC5+k}H;pRA@{0 z5D?n~<;qB|;5H^QUXX~A!JLzwEhBTUf6_I>2K77rUt?OCY<=N-9c!;h7QkI&a<(HI z6&He7%%Vug3vzW>%zBA57D)kepm7^MpBrtxEqx$?tOE~uUE^YD>d{sKjI<6orccg4 z#Ys3X%KmUiy^*m*Gx<{tW%*bv2Od{s{AUcHi3<37t0$lrTT7MJq>Syv}mM`wg{(H0!%3kGi;m#3fW-95b_F zYz$)_Ug+$BxKj{`{YA-w@ZENP<{DxrMWCe;Y9*@pkD}dcG0n>&qoG6L*KJ=;7Mn~8 zi^v^+om=Mcw;6O^iB)rH ze=4>YBnPfJ^Ey~m6&J{59irJ)iR!JR4=7V4uQ$vZZX${>1~NMIy~TZcYrGcbD$*U@ z-9-?(Xf33=gFXl)UzG8{IW+QH#ss2L8Y1cI1Z))p3vnH;kNwqH;L?_Sgd$Kfp=0Pn ztBR^Dbb=w)8BYUZ)YP0UyT4himZhL_KlHNwz>s+)@Pnu0i%1C=#u`C7wEFi{h=HnB z1R)7W57P$v*IM}k)?_TMd|qbfM-HA`I>+&5^g&3tq+7YykbzLASBPSk+=zY{7Dw@1 zyKtv%l%sXeLXiY8L^nKiQ1zXb_r#1$fNPCy!bg7AAj~BuS3N<1lw?P4U>SEJ5wl|z z%C9tQQMN=DZxB~-FgFPKj8Z_6mn8S>6FBb-Jz%())nreyahPLl1GIn_$b2h#H(`%i zK2=^PhW2~H8@guc@Ab3mVLevbUT zFcvj>Vh;8+uh>1M@{0M?Jb#N;W($j)fjS|CN6b$omOSJSuwjtTb*}^v2w=DzrK9>E zW+m@5s~>66YI0|%7zEqMZ4Lgmfm!piTCl_l(uc}-{6r1U^3GI->3`o6!Tx}W#Q$He zC(>N8PwwJNn^NFR9PDhtHlm~Zj0}%SeiDO$LcP1@L26$%!+IR$F2J=?$dqBQDr8_|iTi0s;CJmP~1%wcU~<^kz0} zp)Sj9d`c-l+#z>L#|6aUHyKIbU%rog!M5Y9v0AG9$GaWb6+M%Z)LQ6jUXnnV*?o8Z zWamEbfi%@$NI;ZRE%_&A z0nu4my@P&OR%ClB6HWn_Ka=2Os$+vd8SsK&5(8Gvt9`2N-cIj(rsZdm^D(vky`-uW za&B<9CRMMYe&q*hRIX^ko83$K5ftDyR_vy$-x1rbeyZ&H$py?y39c>VB78U#r)FXJ zxysGp`{VrGN<$Vt03V>Zo_UfZur{S@66+x5$j{PhRXHP+EgD`pP1=PeY80P07L5Q` z%v|}j9_vNj4ED+7{wBsTjw<53)>()tFEc zZmQfm0kc3z8V_h8+VZ`a6=G}zCy`vkAa%Oc4e>~bThR!A~g zL4@PkHD)eM_Y_ug*Lay&geotZj=hO?=QXRI6+_Qa_DFSqw?6s_ki^F+=K6NjBA{F5 zvU6s2y8kg4K1N5^xBAy^d>sKx?cCQnp(%xYpF?y3cx`^?o7_)K1TqV=$kLREIFa;=du(H*}{L<4{h3&<<-+*57>k51@)XqB`!nx?VJ z8HHvuY_!MDDx#SHTv?a)MNcVf(wrGDd#;2&7A->7@=(}btt+0J;ON%4>qILXzdG4m zlQ=8Do?G;40uR5zunOm7&e6>ulohY~wbL*xLw#+>&`*6+1gQ8;&K@X&1XFa&J;3PEgoMpXlm=Xw>k{JGO$;=madii0MPZo@jF-%?1Q9E~f4 zMjiU@-DLvB2aF(-T|Tkj5wG@MF3AKB?XM_|eEk7UEB>l$&^xht0fJ5NxY$rTt{rS5 zIALwFn(e;8Gne_@?%}?U%Ta{hYH)k(=f@8;>^~CUG@Tij3|6y{9r=UI0-iHJl4_-R<=WH}I)(wGRXVC5x}E0*}2GBQTzqnbmF> zYP4mN2o=nC#G^Ez1Ang}+1qK<8KE_=1_7FP6oDDl4Id210114RIds#Djk}w>NB|G) z^k_6s_mLw!iC;SBvv+DMV>Aog^lmL4G zGx(_^5Z={WN)x26thcrLE5_VZB~`usRSX)kZ?agvO`urT?q_HfyMMI!bpD0rzuON8 z59|vPU^DTYTUga3$up?N&`d)@wm#^)hRsfa->O8H&$NbWvMBrj8|W(JQu~zUbz5dc zkKmBlENy-Jvg8%{y?86jSJnpKEO>y#pO`h)qmVu zA4)YMV%f2nqhnn9;*JB`^#3$+5gD7yr;aSQB#20C}8 zN9eoh2A5iO>DsTd5SC@N&^x0=m~MCQq=-*Sce@IE)N1X5UO+|e^PvsGBe2{Eg2ih-NR8|^EctS z{*kx~avh5w4y@ZQQJML_l|ts_Kd*f#%m94$W?L0LjP_OUZJ0gxq!1?vq~6QR=MBoi!b(K-v9y1^Uic3u92g!>7i!Wg8u&z+gPIBumz z;!n6k@I&&v*k~?bb*mQE!a)4rMd~c9y4C$X3tI0l<3Lr11`G3k*;jP$zA{QznE8n$ z^^pkeoAQZ%9Y6Lc;KZU+TMZvUkT8ZUy9iQ*r}zj--20n9r?3(6yk-3zrPidb8Z8!iSG9S(+LBc3T5R`bh&xar_@Pa zz#H^aH60-F!!TPar)w@@hS%3s(st0cyc|Hxx7ZrbvI_hf_k6b=G)dro9=j1bZ1M1X z-&*mt9rPXM%TyR37N=&g%5`>2mtz-v?5G@;51~%*bz8a%&($u>qq=XsXt#o_q1{`c z>mP52pbJpMm489~&1?$xe|e`Bg1^^yPOYAgJ}1u2+qG&)pKoHJQ<&)b^TN`Oa-zq# z%4&qUSdId|`RfCd%PxFDgm|TVLq%%jI_wI|wWNL~dAQb}mZWQfrJE?G<8TO|@`URs zGBm<7r{cBq3yX~AjHSQga6VfNbw^hqI?9K^iRHO7}zZZ5+~m=wWRXA zeZfxUI#rocuN=Ovgif@BnBehkLG(1d?itA~J@pzS^rX}7{%iY@#|{nY#Wq&nX+8CE zr+3(6ofG^qOD^O2u!LcqDeE55X*??8^+n6_^2>}qYdc7z34YzV*oLs2lOeh8KU`lJ`uP2_u1816mkjqLsY-U33J zDX+|MDXTo4Av1@z4jvRpYRxkgseK%r{6P}4cnDaHNeuo6rUWW8CeQ%EFyxC{^G&Oa~YA11-==sa|cshNzTKs_gQmp zJU|I=8=^gt)lgQ@CO8a$VPQ^W)^xdOoRhF!w3DDxvm|oQKmq~%jrk{kSI=_iNcw!bFrm3R%d zDU6-b0Mr6Yx4XLxj;qgXu?y=7)zs*?(_vbw_6k_#KX6}Hf7+1omzoEd`sgzITL})R z7S@uG^7Uu!h)PU_NdrG5YIZ35tU7O3P; z5{@zHJAPsxe(E-;8}pt98EhrTxj0@m9QqY;Y8nJ=heh7hAYo-6i*}27v6#RT`JDsH zN)9mzPN#l5FT18*W`M%)d)KYOjBj(savuZ0la*3$+OE#4FoF4JtR!A3H=bIiluH_{ z&Aj{DX)+kujQ9CS{msOO#~_#55W{~LPDCUS{tC5`b>>Ecm@F~4oA#H&Ne8R9{o!x~ z5HXElc|S{ly@)}-1874z#Cw|UY_n(et|JLjBPCSqzBRM%Kvu=|rPyDwI`fbCuVq|_cz2*aO8UWfZ<4#_pp&3Fh`B@B*+r+g#8?2<* zPkXy#={0$ZFwK6Hg6Mo&z`SLZ9vDnVjeGz!#VzM6Hz<(}mXOgM$)X09CySUB6=*Ra zX`4z(m@h&THpx?|`o=po<`(%$x}ZDMj%RNN%oY68NXq3l%PP&Ok>1`G6YV6^ z&GdK6_hI?G`W$V%nPZp2#wmUFKz&o6B)wt^6AUN42S4V(6CN0OhwX=cVP2 zZkp9kYU&roCJWPw4ThuA&Zv_fhGfHBp3~B>SJG%Rhl)5OA#}k3{64ffZQ~O*CKN^q zC1nq^7D36nO$H^CzYR>;b@B=u>pd>y!S5?M=lh09-@VPgF}qqceV~eGX^#U@fh*{; zCA%END|h^luq&^<3Fv6r@MD3S={A`z@q}(Jfg7L(<|Ed?ncgVXcoqb0tZ!jVE;fSK z%v~~hD}L%`y{~|rhA&yItajJs&;0x{$VrjWVZPXmbi$9fB`)VWFx!iIXj?8Ru7x7Y zji96eUu8(MckYRIsROJ-S7K}ODldOcnWj(iro;7u@U~4dYPa@Y^g@{AEz}2bi~DGR zUf{myuQX|Ip*t(H*I$`GXePucm9yrDM*+r*<299F^v>aQmo6`8a)Jj_Jmoq zMqv&Y%wq50S12#`i^>?yePpy5dMgbi%me#$)Lo~BY>%Jm)3_RX4wu{m(0uqkPHPI# zFS&Ar@C=oWLJf9Iqe)^5svAa5w9ia1?=14Tb2W{ZMfrCpyo$XO=M3 z9pC*@E!_Nve*7YG0nJh#b#)_omWaT_coveHXTE1=(Uy39)qWs=*YGZh`xn+CDva z2aS|j#)d5MDW~mmnyJ^6t;c_48gsBj=T3tPepev*KL6o?swXO`xu$PYhL-iS;-a zBWu6eIbz8?9X zusp#-?a+la7qrL51iEuLp~h}n15XUz?Y5V$z?9oM>X66m<8(EgjPBc%Ht|FSxDsH) zo7LCeYOvl|0H(aEBbF&GN8R)<4qQ-ljFesYx}f2i$5su3Mxdb&cFHmnBXT~tLQ+6o%||zZbm^(7JYNTeMZXu_w1y4zbMyo8n8xB8`&|J=Yjp0q=6v+O zC}PZ3acX!X#pA-KdGUoVPen1(K>sM9N0d-Of0t2lx=jHC+GQ()gIF>>G}qyqw=$=h z3ng6)`GA!yTPiN(Oq8zfF#etI-Ggzi$r{XO9u)AIU|yjP;nb4h&&*5XObW>nGKgr@ zJ9shD*_J;P*qECQKLS@jntw1kleo$lj4joYeX>7PWf*%1DlLy4zcb8&@B; z=>c(1euMgi%HBu|)_HNfNr0qNAo*CpLZUS~4_=;pyx=9lvm_Qp?lA)54;b1(L!cV% zMkx-zRiWt&oKs8>{Z?zrumq+nbvJV~VFqvP_0CIAj}UjW)OmMsD`y1ja5$)r^jY6} zQimun)d&)doNbcZcTa__%zAYZ<`AH8)yv_?Hz3=VUjJ`P#X4yQ<%^G4itLgiKunBW z{h%7dEPh%=K|~AUxW|&q+3FEDi>-!pDN&aPT~`3k3cvfoUX;+9p`y|8lBoGK6;BmE zNk&n*PotQ`xe;wos-{IKMXi_kL-!M4df?MP7H<}`HP)4SUs&>d8zSZ!4Hon|A;ICo_>#X0uw ztvw|ejAo{y%Y0@JxArq2@3XYMz5c8zLn!xGidp?LHk8Py)-3xTDiPaPFf;~ig@ad> zS(sNE@hrj@5cMsP6TM;*4~k;>L}X0{CTP>tdRE9q0zftT2Bi2m57vco(?)K~LN+{j z?&SZws*tw5XC-@T@9nYc3EcSwy_-^J-F*Q}_L~Oo?L{AEJ5?ZVV1W4-Y11QT5pU?Q z9Wb_{d+G8rYkcfx+2eDUuG z1Ir8E(gx^6EY&R&I2XGd6wm^m(Uf@4dKU?r=nT@--G?4`N*D|nLNiYhkVIF7340bX zpmDmJK!zR;m7M8f3#4h2F0H8TAlBdBc?MWYFpsD${|U1-^SA4vG@3Ro{|_=(6~dcf z6`?`hZta-ViO}&dk7=dwgEPI3;!T1aq+pd_b5o0$ch){&=$aPlz?7J;bSzBgx;p+3x567o8}rWK51IrK$PpEA8>V5cpUTM3fHG6c zWnosZgzSl$*@5~Zt-lms-QkeuN4#qcAr*md>Fg*p#qwakE;S`n<*ETx1O+bt&6Ph< zkJE_L8PmlR17tsRqN{rpRFLS<^75m#9DA6sHM~Mu0@Riu&J+`t$Eh#POkMQJWHUId zI`Ls+lMcxT*+$iGiqJra1zS#WA_xW(Fq@KqoG?rMkIEmP&fGydnExDfNm9u*{BX^h z2Z~R$1;l;2FF<1|l0|!Z2>&Pxng)Wn-j-U38Z(vKtnE7$ujcG1VbL~mB!&G(r~bX! z>}Wq%-;*|r#&MC<#I=xf23M2kP4bJ;=j)<1e5nZi)-8ati5Yv>!+5>KN zkJ;Gj(l)Bg=5Mz>(iIXkF?o7ORZo}K+zb8}bd`Vy#(++(8uf4;WA}G3D#VT4>~16k z0QCP#sc6vMZc&`9j*a7WW%bmiRRB~~L>vl0vGiiHI+VqE)p{NwSDK+I$S=l8NTyd5syPMF z+tix~sQF(mEBFt($P>u=5j!4jT_UyWf?cxrSEmDk=m1+1LVlU{Bf#|I8w`jesXUW! zL~$2BgcBNO7|_P(d6Q(#WPmO(t%2^>P`+YVN;|aZ;=you1PC6$`G-A#kcna4E)|eN zH~Fny0bP4lE71r`I(j|U`s9!IoRLNjYfUv2i-z{LD(K%W@U;LpT6*}#X)8wUSHMM=@Q z$rhe^#+0DR`j*~fo{1J;14g6EIbggks-=f8oj_^&9{0($5-E<53`}32UxR6+(>>>zK1!hmEa&sOcX)B7}YbvSaBH(QYE{s9KfGzTPY@xW4 zF6lSljD$$s&8Z*GEiidjT6W5{z(-gpd(u!PfT#nDdPZkDAF_nEn|ajdvW`yAqid$r z2bjuC`M4A285U+#ECW?-sSo&WDal4++!Bh6Y1=;bi4e$+9A+Ti7oLlwCxVfCihsGK6#W*tl(?CdFnfZXZkdt5&Dhr?}*^7 z0{Cql1Hz={F?y%qf@MITi>x`p-4v`KmC65YeQ{{T!%Ao?2$MSobzBWGUN+xEY8HFc z_)6u#vKip&j4RQzjT+tgCGhFtSTgqj(H80N(B)d{vB)|~sNcD;X8LsShICks&?L=M zi^0(}&{G)iYVGG^Kt+oBfbvT)gtg}Sp*KAfGWRKtET|FSsvIK`%3gjnKNv0xuRC=! z479hUgpiBywKwtS+5z6CM7?C~y~x^coVd^>XJlP|95Pghv6^pwgu@l}Z1-p}MqvSg zv}iW_yIlI<4SW^l z*U0Z|$>$T%8Gtu6zB{B1O|y*;#+z=G1g2>956l~&iuQR1A9(N0vn|j3PQuE`s7TJZ z_<=c}3*}ix38YwV=@LQ<2AZvIgI2WEFH37F=EzS4>*i$~yXG zs4Lu#eY4~;tD8{!Bt(=*PtBbY(&9~z?Ee)ZE&%gwhG8*1Z9!dp?u9^l{mXxIjMpAl zgC(bqW6u_w;h2`}AeR?O)w9$y$#G{WG&(S26td+ijGS%P;0T_uVkxXfF*X7C37D(2M88P>}! zLpR^}2;7>~KlXMLSS_`1Zq2FVKlRK|IbI*^*Wkg zW*z{HD>{a4&PuTC$H({7p=Re?Voh5zcO+tP5jD2kyM5R~0bCj+jpf4shh>|jlgd5X6gi@Mh+e^SU`|=LMfjc6 zmnRW95ueu@xZ2f!@!i^9m*ffCC$T(6JzbJQnAXQUpEmM5k3*W`YqfS!wj0KRvqp>_-)cS>Sq2O0cUlZM z`t`EPuDZg+N|9}A4WUXRoa)#zEMmLOL*|(-AKT>u z)YZYNk^_eOq^PR|aQ*^@ybad%NOLD{KSH|`(o>Sn>BcZ-sGWf zMf~ITS%N3@7H}2^^D}F!I##SlD$xZw+Yjutjzq{bH)@_3=qVX@IF>7kjSbO!asS2M zaQg2LKse~Tb6`2E>f+~K!cOcUS|4o5&ouTrpGVjSK&njro`kY%UKsNJqd#5g7+*p) z4u5so;W#1$X!pPRx9nR109)OopP8iB-^$_4Hcikh)mF2BSjkxuepJ|Q7ta*#jqp6a z&1BI~$w#@?Kc<&lyU*O{&1fSQ2^@UU0TVB7zkl}uUzqB>XquCo>sW^0WT zBK$SrJ{!3Tr&ofyaQ3(N9Z=P2CGV{X{j2fikGJ}sXIG-}aIm|bgKV%jHE+a9WGbxu zUE>T~R1}j!3}L5!iI6lcGPrTCs%%%z5d%}eTdgvm`5vYp{UcI8rQ$SKKD$<2^x{Gm z*vZ~*8qLm%XrrLZ9dAZR+C9poiL6xN6z7IVNmN{@#UGuX6=vZqX=U-jMsIV`sTD5% zYFvg2yu)>jOO=FA-8NR@7L7lCV|Wmd3k6^*DMW`dVogJk`0?m~am7P$uU!BZ(<693 zJHwjPK^~`KyR;dStCe7JqZU}B3()iA2Y&r3iUS4&7HHFG`Z7}B#K?axH8}FKq~$Dm zc~n%~cR#%GPs@|1rCo;Tg4OV5Z9WDQj4lz16pnmZ*6^eRBzt8Dmi6k?178SH?@@{Z zeZP=_$kLhdYwVFp%79doG*VTl*2;W=yz}Dd9;+ue4Pr6oINTs4+e%zi9>-Wns4QRu zqY)eg;2#q@-H(Pd@y{|jY$t=EfHLKvydW=Jo0SGdP0nH z`-vQ04W7X<5VQr`k0&bC2C+{RTEb|=(zH{ z4sqsJ9S9-5;WN_0gll*i;F@e5wM1_*?en`ez{`K@nqG7mBSCsZ$&VSnLCVA{fAOmU z{a~5V8PQlk2_k83e!6`%tF{*%qtg@vj^txZ*U|5@X|3f|LO|}2&Km;ca2{r2)kVj( zj~Ju+i+W5IHchY7a&jeGP{?*#-62)0ZXT%Y$p0kT7UzU3skCpYB62A4KGM&;ZR;mB zh^t-f9yr##rId|~UKteL!6q9^PQCjrY5WO?hjs4?y8I{R5-w9}3s-COW0%U=6BFh* zI*HsL`)_iG#?FzscsUf9Vr<6op}OEisr}-1$s`Kc5GMJrSUp8L!h#PZ*~yuW=MU5w z#!&9%2u*OZ&g4XQ6(tU3bR5KSzA!JFVg3fw7od}{i{pe_FQPqz1oF69?v2}7C-d}E zcb6Tl<7qHdi8`&}WkpE|aomPv=+GM-*rvJ2V}&0}LyLSNj_nOmWE$-A2AJ~sYVN9a zqpEXlz`50=^4c^@5|@(FW3W28r<0^mM1u^EyGtQXcCb^vC(0S@=Zr^V!*%*!8^~kn zt4KNmzq=^`%cRKad*2E&;Q_6}7Ij!`kQ;?$?Ny$)(~p^1@YlA&8?wf{zc*SpBO6aN zh4#OUtpc5YZrycaP|M?oop6490-XQ+p|@-G+ys`dvUGB-=I`yiNC@j#rN5(yDBp(QkLb zblnC9`!k%M(F`wF2blwSwDL0%L;N{ZXx*;1fI2rOj(H~^Ddgyz2{!SYNU@HNFc|;~ zZT@;XR$Y+VHZwDHVome@2Ae>`t9{c?cz{K z5YjFjsYuBc;lUSu$*$NVuY)wGg3T=-cd^ae6Q@;T!u>TF-*}j4X%uE0_GTDVQ{p{X zirr7q-0Um~V&OMS@w!1p=Ru=JNJnWNu1!L!T&wzO>YZyLM)$f4h#f_#x4r7ahKH=iMd6_@F#Z0`SW8yRJoWmE zkHb-o(%j44LL4Su7n)CRuQ4NwEvo0z&IiVOm;Jc#GB&2yMlqbq;k=KI)a)*%_iQE) zgz40ng)zz-96eX{PAv@`inz>t<3L~KU$^m+#y~)y)OhzX+qDCIjAD(J;BZ$lRNNbs z{}Oa-T^yVaBtgfWG1ytXXTe-Y>4km%D>W*5R8Nh(w7%pYzPx!-a`SSEsnSNX^arYG ziHf-(W(eYG1E0Cg+ifSoD!Gv2{F)FdxdqI@z#e4}DN7W;q&a8r7tx%HhO82CJZjF5 zBp#0y+uMZsiBmW{C$0U|}gO1n9OBtOiAD_vIZiOd+v{X0=mwm1DbS-#q z9wc7UQ3DQK*K{s4FN$6^#N|Z_8q_swYf5S28_r)+*k&mx$k*OB-*WuP&^S?0WU4Bn z=%ae%$H!sv#HPXuYVK+UDG|GVk5F&D-6MD*^%vDzcg(4B#&vL+v3x>jQ53E+->12t zI}CA&kAP@OP5WxMGUD*^__tw12|7lIT zc^j8b8uv>hi3(o4^Jcm~n(fVx#6O5pWIdCHn!G-Z#JtL&&5Jk<1`}OoiPx4lhcd}{ ztR%@`3+h&vk78B8Q&rT`l(EIIq7~e0Pzp<5NF*6RM{&XZ+ zI1G(lKXQbKjhu^6T!Yx1_NO@`8*FWHEZOg}_es6C9r(dw!5VY2T@nWzXA_=wsxJEy z9K!^C>GEKDF`kSw9!Z(CP32=8+Ku|vMYbinc8znuJgpCr2g1}04;E1Zh|FZ^%=eFi z8S4Magz(Lcm0E11I!zJUQlvGEfWjzixNT>V)?XsR^Hes@&xiZk%d=84+?CwEUK3mv z$r-OEA-N)qzkQZjWQ|o)yIcINCaU6Uhj;#Se>Md0Er_i#sR^=3hSgCD3+p} z#5~eu+_&oome{&-tcyt)H(c5&*18u(xUfLhN(p(Ej~M~p27iNu=EdPdLtcg!j;kIp&m!!C4PoIFM?xdT&V>*^mqBHG|c((F(@Q6lt zjcPhgqlRnVF4eh)SC?Gs_!C}Zp-~3a3_3NE70+w^i`L6sup^s_kxm7TQNpQC0s0|J z^ousGk@zv4A(BcX$epOfKMh0OA6LU3E2%m`8Xd0E(s2U0($k-O*QtkG!nn%V#{RfH(`CF9}D{# zsa>W@#3xnTQ$)SY{LNq%wz6K05M+3W)U5-1PEz&vU~NCC-}drXstPXel-|O0U^uyJ zL0o%7bA{Q25e@;(d{+gh!y-I8!V+VaR|*7gis7dA(WW#Rba4$<_qYbbo^K(%rYPIO zPTkNi3}wXJk&!V_8q4NIs_+Zy9D)jlm{i*A#ODPDP2`e&0%rDfXTSi=Lx2ZPQX1XSn9l7CT%XnEYXoy-$EHcK?@jfm&Zx<~r&vk+$=cOF-~Pbx_s> zmOal+>ZS5KW%mX_KsdQ<7UM=w@|*kj8+-FMkGq zyWQ{&*O#=Ffprkyt2i!HdOq3hY}fephwmn{KiMhvJ_&v&`Ev!YApuf?vC0*`bUA!r zNnpv84Ht3dI;&W^P!Tb`%d+cvnkh@H4CXQ@hNV7>Zy@Jx9Sl4n(VDeqP$z8OtH4t} zQq9sFR!6kjrOeRoNr425ABpY$Ir(?$z4qToFXmn(uFX?QsECJNL-%ydCb&+YC1ay; zUqFwhhgH5K!2wp6VhPP)nm&l3XMY?O4I4>uMylH&MXYrgCF%mZP$kS5{+~v95#^O( zbiFSBC&s$?gl=TJBcEc%%K;one?%}_DQs%B(WScvfT4_yx`+qiO)=e>`Q;bvXwN0> z4TqF;Tv^T@LR*MOc44G`T{QJQeWlHH0W2&xqTA%z#Fpj7oA=Tpk>N91I%*{KX*&EG#~Xb* zy9ufd-)p6-wEjEQ%ihPmJ(?pV1&aN=n765;~g0Tv+B zXt6#jLcGiXg7|R$X;1t7`#qpz6?Rm^dcG>MkN2vyW8*1T)8N!s$o*z0KNSh=OCW$o z&9|CVAev$H{qwcIr7KAvL;4~%pAmjTg!V@yEBXeTi?BI?Vg13$%JSOPE8*$VeYe8}16;pGWFVV= zWJIz$ruj>alYVQVRxBsxyTM=ukpQp31+1eB2x_3zZ3YFUF zR4=d9Yua_c!tz+t)xmAU?ZT3@y2mCfrMSKekNPYZ+>4L(nZ9Nr^r06OJ$@%sDfB`K1vBumTd6N|LE(51l|{Ol2NvHE=wPEp7@Z11<&^ zo+=*|Cfg;c6OEG>P|YH`_KNJc?2RE+y8uuog#7Uu1Pr0G1d0?-L1W-Cs$J|^><~^F zZ|ZkwdMEdTF&R|jykqp|g;DW$P{t@la=OUW53oQ(-5dX( zTM+Pk8#W`*3cB|Q3oE02R2TQh&CyqcG&kP}?2VorAK5rtLgkp+ktli3PEvPNNn}e_ z>u4V+9;)$sh;Yva;Uqk6yO0$Ipg0!k?x}hBsekQ=pH>JM?4hxzkRoimR66GeY zQ9<#JDZV?!#leEwS|%KOn`{4qSDP;pLe(~{V)-@7&6JgF`n?944z%9gUNsyP1l^<& zNhTC>#r7SDEA+As9Jkb&Gx7GzJ22GGRd{tTr?+fjOw1QcZSqeUyxEOgDmejALD*TNdp5)32+!7&X^`p)XzU?Bbw|-Ne`a;<^PNExk3K zlN8Lu?EP010XhtU>UICjC{7p6MFiG#05nC&@1o!BgY>~CO>J)GRI<0AwX)5_hp)p6 zJmoq~D%p|3YFjPS6URJ9ZVqVi5g;hLi{}FoB3i9KJip{i#D1}MXR+RFGElV`vwT13qj>lsmjWf4XPn*%UxG9GM>} zA!Wl)cF=EHvd__x=@ggxT(Oeq#oL&bOwnO8OV~m*Y+*)Ym z7F<#q;E_}W>qczMa-U*aodvJ(@MrfVV<~y!0jptrlHL`vM$a(;k1%9c{CfLg}q9(t}kl zJi)9Y%I3oTpPFx+)9fZnl3$#WL9?!NhrlZML>v7meULn{o6wFNl%T+VSh*C5;grzX zAUt13hQCB6XxAr3CF2tL``prNQEGR+wS@@*qyz8>-_b>;XIh&X-+xd85}tl+^ftwI zQz}pzqg$gD7Sh@Na&N^HZA@)Va+iCuwBYKn^SJr#qx?hI1u#x$_V!;i=7Ver2D2$w zZUS?=-*jSW10iaf%e9ni#8efy^6d~KYP7R4{GR!R)3e@{cEXAeLCCIoT&REqr%dWJ zvVB(B%6AK;$rTg={OjlNo|_~Ox;bgM79BO6Q(P$7bUDUK4Y;>QmHr;+OOD(|%W;Zb zMDjk<&d%ZpB^?wV^jS$lgeh{WbbeX4O!IBAa@V}9!%u!>i=5?A(Ed(1s6}Gcqoy7> zdO=jl>})W!tSlp^X;M}5x-dn{b}UdOCe%wM+<5B&g(Trx-Fe4w!D%SwfX z(e%)L=s}_m2yqh5;>L<>ZQs^EzTrt%S}xh|SfOhUgx-zE{eM3ol(uxi=kj)ks%L3h zt1=%0*v||bebB`}4a_HThyaNTGu*UX&6>ANWswA%0#&FtYZ%~dq1-Os78D1X5X;5X ztlmi@P+1RJlaf3*&~Su9Ns3Yv1bCUTho_q9A&NL4QT;ovL}Q($5rpkLFeVxsH)M@p z8n#GV6FCZVC}rl(@`(&*Q4p^-S_QrK+3;0 z#7t#z=;Wq}s(&_Li`T`nar<-OC?bG>FQtd8WgQPwcGBU?BJO%}KH*X*shXuN!`gBP zZN&_}I3R>mfIO5>3qiK{(Bfv*1(py<>|DlFutP7};72;v`o5FMp#wR;Cqnpb2!NEb z`PQGoIXN%rco>$CW_un`MOe$C0{f&lSmmD^#9IyUA|xGRR8k6J~Kzt zFC2FwY_$CJmK`r`s0S_(;{cOJK&{!6cn#ov@|4m{(OmI$?`%_+x%6^TqCbDBS;D0! zJY~&AU&6}va13qh^mShDb9${buV)>8|S#^{wfm031k zB6j!yS*re-6CitjO$VPib~rO6Cr|rYd}Ao=YRflov<)2@5!J*qTicK;@x_Ed7QsJA zn64+mP2U9#Jx5crohE2N=ag1zOn@sm5hi^O?(gDBy_4YIropsobrrKPGo<-Ybb9w; ziHm#S7}TVvjxkIkFA5%b8ITJAeF*3U$41ly4OS|-tci*P{qSw3deV|O6?Gq4{Q3)N8Y^w;KvxlXn_+Ln+H z%0}k8teL&gxO3#Ls8IupJ(fkty-PsK|`I^{N8=1uyKn#fCKO9KG9zb%8~NOf|})l$Jq zdit!qJt`EPTJ4v2KL!_9`#V)pKqclmB}?%^ADQgJ;KwOd4%>AlS)Xx0JsK-~m{3Y&?GMUg{b@1rVa~f={Kjx48F@US!4_ zDXv>p#JKC#X+zqOnYo&20s+_xv&+%LAMoFMC4=fr_R-m1hNXb8M7oheYb!lSBBf3g z?!HQlb{AKhtq9K)!RP2 zPDCq*?SO>X5C1%s0w#~+k=>LeqGA$J-6l<^rF_(kh9U7;fu z8tnv>3t4JJ?Y2KEI2o}Dqk|dk(x){fjkLP9w+C(7H9+vO#@muBZNu{$3heG6_#vL? zap;waeyemQMc+MlYS)isP)oUkLYfjD3t3+ z+G~NAaVRNg1squCd~8Q@1a4(kMrZZn?w^F{vf_Hva#_k!^qGdAQ+K3Y z&~Xv*!ehAiaHr4FZRh&(TTc1_;8&*f3AJdwt?gTg1O`fl4~EXksz&w|4a2yC?$0zB zu)=2iHL_XPSs=;>udeBp`<>k7qZ5HpDG!#*CC5E0&%;|VgxCGAXG~1KH^0q}v4Dl7 z_762-3SHnqHd5(oRb-tR88XgKZNt>Rqbnsmj zCNI4y3OHx)7Fe!bZ{i7-kxpJ`0oR;A40u z-(TB6E^J!X3z%~VLjXmZD!=KDO%Vv z>tMvNt}H_TP+Qv-JE>1Jh6V}VIM}W-_p(r_#b>(U!$;Gd@>DCRvUuJ=!>f|B&-o?TTicU!yLP>)sslpT+_)#8v!4~ot zg~c!J+Oy9gh_J0XGLK5?wH%`jlip_0rM7OvFD|j1moJeoU|P_s9hLMo_BYvEP@a}v z=t4EkBV><3N_@v-+VooFKPfeyuQ~mc>bh<1M3h+KH29`d`Ye5V^xN#izyQS-?$U08 z1q>5)-pD#N>Nd=xwOrI{`>@E7^A?lu@aP2q1|H$~rs^=lCKM3_BuMBHWNy)meQF7w zbH47Q$-|2nH`kv*oq`!poLrTicBbYX2{KPpIVTQz>tBi=jr@v8k8A2>F9ZVQSID6T zDbN^v>FSO)92VoXqI_h6(@A0G$D4%AixI~;gD#g!cxL1i@VTIf`&Lm%#tfuPfSByb zB^L1DR`Z>L^Y6Sz$fPol(EEZ6opGkAF7Vq(7rEbnw#LlhoGdXD%%;6wxN2d%gXc6- zdWu-=G$atgnXlo-8n|>a%fgrOboaJ=L9?6~sVQZCu4iB7MfItzhWJ|8BEcllN9BhU zQlaB8>mdtLZc~9qMPj+Ws?*b5i_O(MTRYyUq;ePxJD;9$Q>R}z#*w6Pt`=Vwa*adA1-4=1SlWhT-)T;E%I;-S z&~;$@v(K%416X^OexH>H{?;_)V;DW{VddQno+ zb(sVp-o?IL69!RF@1!|;@(RN;ykr?Us|#Efj}yj*()#_85=r!L#)qS)iQ6~XROp5K zQi*7k3oi!34)qM?Q9ny{M`j$Go}&m7s{7M`g>1A-GO2w?5;dAvQG@<6gIK^BvK%uw zMfN%hs>#=eLY;}E3UYR>Q)xi-Te#+}W^=1hje&~G1@Rp8TkRw<0pRB0UoJVw^(0BX z=Os-M-++;VsRW;`&%Uod`PZ!6yp_DIR-whf&(a{w-!UdfC=T^4zJ&jQBXtM(HzPJI zMY4NFpBYE2IjJd`=vm6X#hmKVzxTGp{Nvpo`hjRX277==?5E#p*d~#VDLh`oh%v7c zo9J5cH1hE5A~spy_nno_v2Fl9Gv!g)z?hcjZ3M&2ws}INz`)SZxz~eGB!7MbS#bZq z8~Y#?rOSnt&YpEDI36~^niW^|1F(ab(Y^PFn@Ut$$% z|BfpbW+E^{LHsr4W(IOYDLtdfh3cEKTEaN8^FvIlkZt~Vf1{Qw-b{Gv9IH~V zR4FIw>|C~l^Rg%h+u4l&D`sMAd60kE`Bk+w-l+P+%E==Xnl8QzOeaLWzuJs&&4Sqy zPD+58ki6g5aufI6f|KZuiWI%vx0sNKEA41;koYaiGems2= z@W9Ri_&eO-nufJGxf7YlRanYP)P=YVAWkox2b3<|gOpZz)c)lwNHu>tv{S{%E;sjT z{Ga)l$8KQ6q1GXt{-0A#iKN(zMWEo(8lSE(DkD{|+#epBd_@9z42={*do}j5y?K?K z5FJw0nbmNe>r-6_tH=6HArT`nu&_)Fd;@(LS@xwndwQn&SUSO+g_#)Wl8j9=} zxGO4eiUE+li1LAp%IBS=PK>k)bXd{m?Fwa=uko0IR4IBMkp4k|cRV?peZFac-+mVI zA2&jwC^AV3$S+oT{|az_3o}l5DwjjihD;u6@riBMdC<&kw7C8A9x1{Z|5$=YJx4bk zn8Vmu9~nWUL93z_LKYN_@N!@k#Dt||U7|D4s|X_AjkP9S7Cf_>+ke21!?yHS>6Vv_ zbN9knsaTd?X-DPlJ(C^chC&*M#~i~B?wrWN`qDVVNGy$TF8QyPLbik4nIFc4X$MV$ zb96-NkDb!u!e{lnt7)*X_QlNmFYJ<81G-q^AqCM>NKTcT{LpGUHQa^({u_l`t`Mx{ z>{m^L`X1JMq9$iG6+=bA#vWIM-=s$Dcq6eMQX!G+&oQ$B7^0q86~sAmZ4tzhPG+f< zubHg_A9&A*Zto3lgy_eXJawsxL*tr=fgztcKFsn#=~vN1+5VsC6ZFGs&)=wXUrlxZ zDD>G#vl*!o(E9J4IJ!zfKQhB+#tACxRE4Rfj`{yn zNGs2d3)m*Pe#ibIx*jA@ur46GrxLMbrnh#xvI!TZKQWiQ$#x^C`^86huhBG#uTap% zkH3_{U_1Zb7!FLYdXQ#PlP#GreB=KW{OrV@jGi*gY{VueDIZ=i7AR%=c^~uDvn4QE z$Fp9)`8KD_vu9KT3&xz<3SRS#Oa~^|n-iF-sSS+~khJRBr4@|jBbz09dxaDBmrgk_ z;DHljd#{0Um47*M@P7~*YrgyeL}coD{&gJ3ZB_oBL7uEb5g4ML(oZBgo8?IpFANH> zRRfcV!FP5_*kE&MES5z%&zl`V!$5+@KN%7RTeHCA1QZ6iL+{IpmXM~u;4Bq+b)Tuw zQed&GNc34q3x4*OM_QKMkEJl?UwI@=u`3H60v)g&AdWwHz_v=D|=(0>sUfoBE4Gx?Y%$o;!s!{21qhmrQ^uV(Z8+{Nf zdJ{2@0DW>IZyM4?S6KjC1pK4zDUlB45d*gu#2G8}m8@xjU%DPOA9zz#MSZtJUirSI z6NL-BDa#Q81RUG>1^=DCyL%iwY!nvCQ=Ssrv^1x+MVuwlYB>!9mzg)|ZrJ@n-+cQQ z01EY44@VNw6#Wbr^m)M@aDp;Yfx;Gg;iwDKoS=JN_{ppBHozdCi2r=BnV8JX#M!ME z3_Pr0(4r*C3Gnwa3M%4GRZsp)KYW0$Jjob3va~E{-KNexkJvUF{iso*zMOECmwy((u`9z59YLu-%GrK>3*S}WG=K_9~8uecVXbwEQQ z2m0V0#AN1#Nm>C-@5f=)*Co5oVYrjjBTmfNu7HvD?!S2&Cjejr-|&-g3c+D1(84Pd zWd5Bri$3&(Q2!K2b^Z-5pzv;XZm?q#<~DoE#KkC`g-f}0k9$iM#?-~DOy{S2QL%E= zgVGRURzngFi*onQSoFkT|7i$yWFB0_5lJRiDAmDa#WPQ?A?dE1_inAdA2`>O<|*|* zmC8!hb`ao+_j_D-!M}dH-w1|B4rY#XcE3nD&I(YMsaAXvKq8Xbc8Kx2Ji!G6u%+<` zDLMKqImez?05zt(V9(d6Zuf#f@ohamG(Odu;_A~(A4(PiFF@VPeo$7F5T$O^guI5; ziLjCXP;6^UNS}1Q(F9FQ4(J*7QFyhL&s|1$3QyPe!ZpQ*g;zIsfXbN0(%nxzyy=KS z(szswDbj0oyMcKOJj;*z-qZ>C6IP6tGo6aFsC(#We(?@u6BfTT3;?1>Lrpl&ykQT% zm9|YvE)8J3ge&&~w~(3!M?04yb(xdH^0=|##6b>d`4vkt@Ff>*($tSThAN?Vqw?PJ zzQIm`Y`!U-dG{Z~=bGfn&fo&g)nf* zEL=Zryknl2VP=l;H4V0F^tCj^(gTUA#cmN;0rlTN01)H-1&FdE?G${hR(^((t%iJM zb35q{WS#~-IBPRxp6ZQKc4;;ps}We3HuVc%|CxLFFRp-wV$6E0@ikR9&bvXwE%>g!kh)(rtd`hYF8g!K#h;EOY(Uf%{?YR* zIc<9v_2NlCDrJ5=1=nk5wq&hM|085oua+9))`5)T;@*~T8jYGVfOA8@N!dO?`dg&B zehDMQYI*K%NDi*DQ?&M0^>Y414?a~$Q?&BS^3K4JP%%ubuhq~$w-=S5L*U0=9;^mG zvl6{!9aS`BxdTo_+6wHtK^x#PfpI_ZQ;{|S{c*+G?d#J&^||M1RxAL78bmz)U&qML zPTN6srbb)I@GP_N-6KEzcm{)4r{hwDXZht{%L>Fje%p4qfK_1IJF&tc%Ur3v3tzDN zJ+Hx+U*3(U2GK;$2BNve2=cZ?FtAH+83%BMh^GIBO}&4XQEVOA_dj?PB+?mlq+l*9 z+xv#wHryNHjDxWYVKOpU|Ac-#z&|alT;6+5Y4$Q$LUeM$H%=66^9dJ{0(TwyOOZ~U z38e;?_8+VT%AYqglqTpP1qvy`FZR{cjz^+KiVAbP2CH-G27kDdE$(7A{LauBf&FMv zJu56zJ;KGI;IZ&G%DS8u5gw)rikuiMqYOzI5pMSCKt*$K99{oP0ibFDJCeBvf7gp} z)nQ{KbWFq~8KE-7(|iEvA`lMftMLEvG&LogxKJhjwo{C5Nnm7%D7nzx?E7+ER(|ng z_!c*ZI;nRA#jvO?PjxR&R!w|q|7~?45S*N6Qdj4rLF?O25&sk}cUQyzU`I32r+J9d zhdDMw(Ui5O5%_yuEw4k`b&pwTz~+k_X{+@JhCcj;r@&yRKQgf*F98;*%w^HlMLH39 z*LI-5Y;c~oqzZ_^(?kw`Tp8RM8jid8uVbVlPM)tusOmh5+j>pHSN(gOLh}`P8O?X) zd2g>S%{lQ!>qVim1g?wc%S3A0iiqHhVj{U)cks=Ygz(vGgEHA^R4UkuU&laSYx z2t$Lf?fGAgWLVZd*c6?CY`hDY-0X2D=UPl}1+%Sn7bZmi+4}cp5-xBb`Ux}4 zK5vYvYLZ}OeI|r?G{Bxf3cS){#XYQCg=UwfXQm&&o;9&iKT@bT5LPZ*#a=m%ggp0c@#37Z>k>w6ovsZ6A%$>yeRNBcVOc?N5 zquFUeXbE<b}Fz*^uf&({h{Yl(T446Ija$RHvB^AEM*6 z$XstJMv=3T(%c)!t{g-1(v_n1{2Kizt}<-0E(~H_VBWG%BIjW8aE}rIR~t>^*p|FL zw=b#yW7j9d5p%nj_hp~*^vLJkRW z3kEjwH!#8j7UHkQC5Q0O+@!kIuZt^6s+j&YrZD;LLEyn(58eN#NU#{sMXOEkowALw z#y$hj?sLM`W>v*}W9$y080H{ii1c!9A84l!Y6_>adBIUY;tA)+@-RkNFNHwp-#-8I z3VLYRXxc4<$)PE@-^B>2tk!VEd5^kG+xwa3MkAzFle$N50+Q+zpzsv&lrNxz^u$)I z8i1MIa{J|4&%ECx>CL9pm*G8ySaOPdlm0_-!FwQvC}5V+@Npqf6dxOMfZ))H-3&jk z-lfR>QpxuG=fTCsX_b0^EnLF{33cLLPTGX?c1pDm7E&y>gXMYlbA4--ngP1caos%Q zaxY2Y4bok6^+ z>UNPp)*2t!3>|VsrO(z>@evL75Qm8YI{h~LHwGJD=tWG*=gBIR&yL5Ikf22~r8i6& z|H)jFe&k~inx~aM^!SRodlGZX&LMPT?LnP;$^zw)&(TE7FwQz&kS}ohmdSMB@GOmw z3A^117Rl>efHE}gd0#=qMmBPpH_t)-LRNUWixs@GN%usQ_)!b}6(3rAabDiD?^13| zh3O!hfJ?h8waX-%U0!4&@&1$y*(EY_RQ*Bqq&w!ig8rjfdO4u`JHY;`qY(H%dJ)a| z_Jl>|9^N-_5}anwm(!}etiavQC(sQeQVcPZWOQBj-f&mVq%o?^lU1lElm6nrr{M<0 zUKh*OHmfNmJ)R(6G8+Le5Z)G6=s`@gea49~JDvLmc&@ryO*=>^_*7GRi#3zNS>3fb zj^^>a$ZKQtq`$M|l|T0fu8u?PTpl1rd3an(TXO~?s66?GI<;q_vZdc?4sTjiF8m(b zf%~J8U+g6}YgoX+sGm3M1;T1t!l9Bg@{=L*p!t+`&=9YhK{=h;&;cdCo}>73+}x4i zU5E`$NK+FJIUtVeVZmOCEk)}C=~SYY`-L?dtOMnanzjr9o4F%Y^K4h)6IcqvErz3O zMP+|P_+f)QUM1EICB(e_WtnxshSdpVP*QD*^a*qU(a{!xdv*=>JJ}YSuLV)Juww$I zVG{tztge`@p1Z!hJe}*qH4Ywg*bc@Bx=MNySLi$uI|6r(vA{qSwJ0F5|TdKNUkTN3$A2jO3L+J@2@a`CAkFGfiaVs0%4t;@E- zyKLA8wY0(q4k7H-G5Em>l^BC~Z{;5E->mLAXw))nVw($gKbVvW0bKy~83 z4fkE%PR<Y?j{6(5x%dHn((jvIBs3lSWVuquoPRN z+-hf^1Awwj0*+lO;~%rg(3Giw>j26gPIRwLQr$mUb~1R{8fKgh&OirZ>zYOB7J(BB zYYhK{9wG5O)O?#DB`p4sPbuF27PL>QPOhW1D%8@HuALBf@Y)I=?>% zLxnD@o3HD>V60W|HQ}FW&C&@wa!Q<8PqY~~h6(~5kW`4(VI^5UjWlNQD#1-6eAkFp zKp7S64ed_jGFmd0es-_$-Yp9%T`!h1tK9P4(D1MeQjk0?_E{yOxS>cxuq zmX{Ns+2QoZb=t8NFFjA zmt}^jl6A}B1|d;zbVACB+&$AWx{v&mszQ`+K3^#jb>_= z!0T0&m6p)Df@QK8OzOfVfu}=DMCo{&Wi?9C2Nhk3L_aRDz4YVlGV`&X&YQ}k1|a!K z&wKYPn8z){s$?H5m3+AeLzP{PCk z=o4f1ge*8KlLz`?KK1(J^n&%CFN|AwLX}NNNf8{kZ75~NI9`aP0!_3Y`bvEjSwAYQ z^wRw{97E(G0}~PYK^&r`*}s`WlAGL$K33qx!@2xlAIpJz&ZZF4yfQ>=nG5u8qObH$ z>Pf(B5$S#W0~9DsyYwUbhqSe!N2E?V4oWBf)*VYcPbi~1*PJzj;^bvvPk zU|wI&mFO%)BVY>uK9P|q0uk|~Xq51hZOT8;ar16!LMbiK_?_OZv@rZ?vK za*}&R#FbN)w3!~7B^J?A)%z<}ih|O1mP235TSu_;EpPvqN&#E&U*yOmO8A#$4zyc#g$Q#0nJQ*RXJd$nD(RLr*>=FRr z|Md4;6Kg}{Ue$&y-K*AWm2y=5EB!D4#6m|1O6)nzJl{onKL*or3=&dp6gf?9k1dut9jl2p>Es8F`kg=mNie}cO>2S}lB&+Jt;k-1) z(O0eQtTkY{Wm=BcBLrZcqpsrE7O;j2plR;7KTWge(=nP1!BEQr6&aWtZB7YuCaOfE z&(exiyXt(v0wdBF%Z2DJfXkZE62pz%jeJPi`c`Da5W6S#)5oz9rB8t9xt#2rqgv{K zRyh)SgpsgKZ&oGtI|CBaN2qMFA{n%(eu$LJu{K{vQ+uNqBxxf#Gx&8m449WCT!5QU zrYQ@Wi<^uueNT&BFZ1Nx@e zLy*~8a)MeUq)zzOUQ4o!HdK9B`Hf7%2ueHFT&@K|+Pd#@6RSfNbZ%V}7y{=6u!;7U zd;28dD1q>*^mwuWaK+h?W%J(=@-TF|`#7#$j0LX(MR?wp6*ENwJ&G7{7d_|bmM-?0 z%k-S;cKIYMU^Z~~s`KT1D9#xPOI$8iq?Lq-*YDq^!ZFNWG=GvA9=Iq0!y2#i76tGF z;J8I*i$9Y5wn(~&_q}0JQSPF{C^^OU(){)yorl}38k3A$$QZX9j$LJW;o}wMwXPhZ zH;66xLqn4)kInM2WoXuGB^020X62yEeH|Sum;w^AM$$jsbxCTEV@}3$ZcOzn1Z!Dl%cM00oIF;mmgw4S81fd-8G-2N zi>4S4LecFm*Y`qQpNBoUnVwS6reAj1tk)ou%W9e8C!QTKqfOK6qg?~d=&;~y7az$T=xOURDxH0tV=4x@8e8S!u~){D>lvQ=cy$swMG z7TFM5JOc&I^zXyGOh*~am)~GK7&`&HZBP%Fn7= zX;`iQ#Hot|#kx6(MmXc=!4M97P$YEhOf#=k8G@0RKhX&e{Y*ZG_#Oaf0#hbvq}i|zpC32X{IhzrsSKvJT`J2)PM>X~1-T~znr*hw?dx%NFpE=b}p*eZ!igolEqfxZC{ zzX)V2G0X-8Va>kOq{bs|6R+hf=5QzeFn5B@JG+%r3CECr8A%A*CWOYNwl;6Y@KnixNj0aSOP;0Yor)Ev@KVC3Y zL&bg{INYR;=0DK4%KU@_-Ndl<7eDH4hoCwgto^cvNfv>_xw+2c^AH0k=JQlgC$V-e zXk|5`lwLyy#BC*t|J})0ZOeAhYha3voF3*8G$Q%}L%&GA=KDcIR58G!pgDc))$8EQ zPAWbgN{hh&51z-xC|M+qs%>RiAum+x$wAiNS3LFrA5@i1YrNNx6kAlrUF`u#ub02x z-0V;Se0ZgEbw9TjJOpj=h_y+*g^N9B5!v*_OFvp+^V%&Ni9jzP`&eoc0yH{in2~u8 zDAVT$y1cGC)A!QH-Nh25Z468;gGfbS?(S`!$_P|{;ArF|VyTWERR0bi0b!Mvsn!{xwLM5|h8g@EDPCQ%KkHg0}tYDQH-yJTg9Zz^&zEp7{q&;w4eUSqJzUrgDnz&Y8HAs3R6aA?~Edt)g z!dHhaKa4th-}csC*3oTN)te!sQPO|6gFU#?Lq7>fvt9aoEu>` zGmkk8B#|GhuND9QyQM$ZC;Qk4oH|RJhLg$0CY-!!DAbz1nM!l&5ee}wQlhIOD^O@Q zp?FRDC`4`)=ujouNd9TJMo2hGlm6li;D=M##r)h+^41|U<3e0r*9p5JCd1kgl$lil zLY}Ojfq8%4i-L`h^3=Ik2hkVdDhc0DAA54UiBA?&k1jdI06+7O+g!a!O-6yp3Qu^j zR>xNPL`A2=D8A3)Tzb*-~XNgLb=%%&JIgkS=|hLdT1o+*=f zY>hC)7JSJpGa>q_!C5MN9*lg#oTseXpEMfpyQr~h!6+1&PuY|i03{z?j)f?23%hJ~y3gFRg8X&^TM z?_8vWPwaIS0Huxk*kS=`l2het7) z5kZZh+!Bqup0n?>p$y7%Kvfx-2-w|_yIi=feNe@eKZ&H5MjX5uGJRe-#WF+HrOn0wZQzF9F z8g={fdPtB{9zA^j5$|+8);IUrYb%CR-wupPt=^r2E$v!!7d^tE-+`kh3R|T}plmqT zZu)=HWRoOIoo!*-nIST_f@d327zlEP7?$_`(B-ex@KFB*Y@o5qjw4zc|MDkpgHEyb zKU+PF#dND-#q3v;yLqs~vKLIG}o z2V?9<4+{X)QtR6_LQvq=Oleh3OseY_vSOvHZ4ta{;H#CPP{xRk#BL~B^BKU9%ZfRZ z59D=O-$KYooUc4d`!}hP`!|eW6^AW3vG;t5jHx!QgqNk=*88Y$e!5;I=G92jzsQGT%w1uK$qce zlA8hv-;e~g3=C37#eU(c4wytYO&g#-W)=uQCf4MyR2hek#AnE~z_&YT`{Gex6;i zLXJ^H2?!cPn2nt+wUTWtk(e%(Vv1OKk{jJ1h1534sGBQ-&KRJ?iF0cwtxfsz!*v^#aWs7O5yoSK{@njWNy6cS(hjCIzD3<@KPA_03uy0 zPPX!*an3{Q)YeB3r$U@1`rMQEx7jAH#G4-PKPPkmUene_IJ@hkADis1w5VwL?3!5P zz_nX+J_Q@nb)4stQHha!{Q|)qn^}YdOXo%&(`-o&w4F2bFPhXs|H`(wJ3TzB!Xoy$}bu z)Y5u#ihy~$u;Htbu9U|a=K}0>BIsgyTyPhyLiiBMOGJ=|8RMT*2goW(sy-2B^t$n? z4bD2pqj9w{_G7(Ej;pjuw#KkhMXzNF7%_zGC6d>}`C}Et0q7vP@)X0C7nw&HEyEKydbHIZlh&L~sxm8=> z;!vhx_1q*gQ=5H-6(gU)o>X57!UEH;6O2PuyG8>nRnF}2ZKBn=u4E0YzlvLQUDiY@!;A>Oy?GwKotO>00?< z5Sm7>aaiX&0KyW)@%4WLp;axlMBV+;?*lBC?jz|B02&Nsa&mrzWb%e*6L>92whxAz zyd1(%Md55;R*G!~m^ocP%GtZ#5lC!(ug^1N)`pd2$k*N_1(#f5w&(;FYCDG#ARHti z%+gJBbd`-d?yH<7mDh^|``$Fr@;z(B?h&YUc?*|qSR6n)zaJEHDO=N3eh>OWdM6O9 z@a`8{Sp4^j7k6}{iqUY@Jh}zM@%OIXJ=8*uC6zN9+t8{;QdgFWtWGYST?BL&n;~>> zB6XZg?*bQ23zmNlsh=qtW(x{yI9jpp)lpfL){9i&$+X?TFzI3%HcAvQ81wX!r6qyX|K{O9ddhu2 zUaJxZ_sdHdO_hfY#Ge~?Td+92P{!{Hg$(&x{N#zc7`Ik1>d1WidrUs0;V*e%DC$5? z%1T<+Fl*w)l=}O2qlKvtu9Ti-%;uP`HS*w^d`m7giUU3<$g+jZyiE!!nO^QJOi!y6 zsk!`V&zOyR+up8`|Ja}yPeML4$O{lROs3l7tW)n4o;tA94=|2G7VhX*#?9BaZkSS_ z`&ISxo|^FWd8EO@a3wyx7=zn&Mo|LJf17mP*A2l_}yC8x%W`1BkzHBg{oAw~UavvsmfUW>O^sqG` zuE2qo6Y<5l_^4?me&4G?DQF?dLRM6GuRW` zQoYGoFTzcoq_G2x8U^wHji~O=<&h?iFluhy1A;PuZFIRv#w!uR5Q5x;UX;)}Nlp+l7xfK&ETe{|MG! z^oQJn5SFJu7eCLg?h_=@>sexN8#2R_;1mpSiZapQb*|+>bVn&Cvi_(>Jf6##WX*N6 z#~%y1h~Ywru!dE>iMGV_v{Ufq&hVb09wLl7E#5gb4%h1y8QQqtT}2oVEFFs-_Xd4$ z1WK5!yyHMO`s~da>habH(T&c}RL*QBwV-VL+@59JrACXoukp9=3jrywhGgIJh=Ou6 zWP|z7z7Ap;H315Jpd+}&l28SJtDUd?2-!gD|E1p|Za#6J+mL^r>l47DT6~ShB#+4| zS$aRRX8OasWGSIlM|e`ShPP3I-VQZ^M^ zU9^7eOqwD2RY`#W&;!vT{_QFg{s)d)o)|(()HoAON7(V2g>9%El#N1?_mKI#i~|zu z@!opu0-g-k zCpU#`_E@03*g4P!D-SZbm)>A&wJ9j?Q(ff{e=i?W7u#hh!h_9KH-wLvE!*mv?!E&G zw;o;g%xkOemjwze{P;u4k zAQ_9<8#s12`15qyFPX>HmArDM)H@y$vCM57RjXZ#t}q^T*epm&Y1+Jo8Xh;trUP(?2j+U;@?Pb zpiU08u&|@%#q$yl%(f|uQ%&ogE#54IM+VQT^BBU7s<>OYF!I${DvUyd4!zMS^;ogk z=4*f4W`t&{mI)kKpEu^+;ogfVZE4%95eVTIafv+5?e#y_Lm@af_e=~0SyItAF1tJ z&CYMgtjx|U;)n`U*>dtdv8vpphR!4mpS3}rS^9Uioh9TWX=CS~*or^(lCfX1>0@`^ zw$Z)1%3ef-*VTQ?WS!||F&@LL@_xobA1OnQ1`v?XmXVPM|1@AFdo@S8DKC4(ZD<^470% zCF7{g%FSGZ<`W-2Q~UvP!$W%+jC3~AlnFbcD!UShBJvH5NS~X}P*KW?#bUcD zjUc*1!HO!tmcufe>KxSApB9Uns&uNty+fkKi(H(6olD;~%uJ~8Z^2ao2b;#Z5zI)F zL)R-~E+4I1qWAgbVJhR3Y{y4S_W_UKvbkXO#5Rxf8rp-&IVL@8ZPr6wRTr{#^Z?)` z0Ko2&a~2>Lc_*$iu-|ygX_G%ZOI%wZZXGLSL5aqLKW1f_O=+m@t-U0Yevhp7OepO^ z0xEDmf*Y3gNk6N_mMtuiow~_ULF>A8L3)qmu2}`rCb+Cz@w{)T-z$;v9SLe>T;JOM z0gnOODLT70tEbl|LpR=<_o>p`HjrR6xG8}db8wn4(`9ZxgU(SlpMA9h$9Jfb51{Sq zcJ3#2OwbO|>ibb+D=3W(umIlBw%7y|IKf8mNY_P?f1C$&bxu;CZ6dajekMqgZLyT7 z;6#eQ(kHpf*2LK!JBXsrZUqDdhE?q%706M@GeLF2oe%kz|EMcd(WVv=vn@*-;TFjP ziI%lhwzRW8M=lenxW4^*ffk8Ij@I_)Yk`c+---tD*JzrO}RQx|f3QJmu3voV) zhOpVR4X-tcYYp`8iJJjfvM627PCCF@tBq1iGY1otB?Du-xW_)7kV2YNJM5=E|4mP+ zzKel*V7T4?gbQ}zi&S{7Wy!>DlKs9+hJHEc=P6V$?92nz{bR8sD4j;h)Ff2Loo0G$y3o;EZKXfRhxE9mbFDoXYo>f3`d67VY17MZ42 z-A>RjbaS!#TpFcS?mL^P>**!63Q6?|Q{iEI4ypzFv#2jU9arC8ktVLm|7kttYXw99 z%klRh44$)Z^pp+ffooE7Mm}71v`+~XlXv$fRypSCo zIT5-$>kLTqa5Zji-hnL9#k4&n)MONrM5^5^Uw}1?QKaiZU5PPJ!a)?3Q?1K%JT5`nZIB=U@gpYJSf(r+2{{nYguN5|>hj6slUP zJVhA(06##$zs^KB!Tm_bD}2RPYFAEtH1uyf6QgrZ^A!C_g8W4uaz=N{5t=#*TgG!^ zsup3@88sg!i-YRVbQT9XueyQfU&_@35(2kgxvM}>9ec@)o?7R>y~GJV{8vv z@H)XB8L*CTuiOF0q8b4}@v#|#W^-L1p`zno_jXk@9G6Sn$O$`t=Dd0>HGk7ej?^Ma z39S3@l;B_|9WW5b4?4}@7C&X(v_UhViA#OqPtz9Ep>+(1Cz^OWopDPubV|v=$oX(W z;OTlarbizi+{DEw>>(1PcVfTw&xylqs84y3hv~5LlbB}apXpdPMOi4! zwnMxqC2(gK_TwoF{pTZQwtGlx2I>IMvA&l^YzodK6!bn9*jBXh73WaEA9!LQpI1mE~53eL1*1j-3YLx!*;nF4=dsWX~q* zh-rgzidUtwj`q}nS}d3aoC4XoE&<5}J0}`N=AZ3onyi?s;kt5;qRk(3rsDTH_=S$^ z0>V=Mb$-QGg^(6cEAu5g6RfBvFcAyTwhGY z3vsMavUEyMu$REP2!l1uK!{QZBQ5g&AFn;P5GmM#OE^)Uvo@c;h&axA$zUVL_D7Et z03>ZikQpV5hD@~<+cF9bq%D4X&1~He?Tw}kKkjRTH2rxNug}s$l8LUlqXZ)4#&G=X zHDEX>%|%ml6?;m}pAxXz9+%*_5eM$iQ)8RwQGqBQ#<>`S3=(L>fBJ0;H#Tt+hUc`< z--6|&P(OEFcx|Br9+MN`%;0>0`NRQDdQRoz#*dnZNcBR{)V~{8>O=HCIh(3CzjbzX z63Xq4=1AHAXu+p9BeLwdfSSF`GlGE1uYE)zIB_U{44Ew(jI{fN?9I~u;pLhH_lF0F z@$6btH$Rvgi#BimB-DA%bt`ZoA0x>zfTLAfqz?DEuwM?65(H22T`*tVclSxIk=kS| zn4}>qwQSoi+5@pzKH~;1&(5BNs(44->OWY^A^Bkb9r#R42{whmA7}hNfEX<7@k!dHho|2@@SvlJKEVYv&%HZgR5|_7eBs zV{t&~oDx65)zWM3!tY%G|4k@O{T^qa#eTB}n`h$XIJxg*{_JuP6&(40Zp)qI>$!_} zkO1d~;vTFvs*zXS!ngr){S5mKok)(nPRvI217!P&f=2#{l2fVhab|LaYe#vZtbf*?o_@Vgkku~thOo($W zZ9M4WI|DMs$NJ$)@e&6Y!?ktCb2*Aur}6E}ki5Qv@kfL4ToxEL6pZ}0xR$<0P zUk|zu)4W%s9NkA}C!?=Nu(xHq{|+%c@^-oPw&$K7Y2`mUI)6~hZ>wTP4JR$LPfp_2 zJm7H2J4BrPq=rISN{My%7Ah*zkbwJlPK-IO36aBT1QF{xV=TAlN5AUq7#)Lo*IrmB zJlNNPeU*ygO|mkCJxPO@Bk`uj6q^!N(e}>A^-S6@l^GC%w3xrRvjKUwvu~@(!i6=* z4Fhl)m(|pi5rzR0{~QTv7VAWML{^VL#yQEfd=<|cr|$!z9j2G zYd~y8Y>Zz+_|;Q0ny$w^SYL7F66AR4-KWtzhrZduJkM!rU=Zi0Vb-wvs9NECa)}*l znki>}VKc@e{rAWyfyp!8;FJ;bysJz(uikm5hEPEP5WCMX2!RN&_3%7}hGhqdsevUM zAC*kyXP^5D>ZvG`IFbZkIED(BGobNA)#P4Gu7$;JT&Bi3XMw8rJ>9kXVVsGUuhM&~ z+G;D@;hz=(`5I7KbU6fq{TNA#4rB`6%ffu+P1eZMF+9wF7(GHlS|+84hBsqIExAY$shK@jG}$R88GGZ zKYnssnD8uW2p@PDg(p)nSbeTX5!{|{hVrBDc{tubY)aj+KLrQ6ECdMK!5ok?E&w7% zpJD?cBhz>+Ck*P15CMBbnU`b!+1UBC@z&X>=gqo4UkEvWj}@|h3hf%C8El}>vl_T_ zF;EzC$>n32bx{!-TJd=2>SWv`Jm7*B= zFc~EydrhFyjF=w7zt`i;ir9a_F4GyCR+aN(a~57@4Fon{nNL%47qX~ax9>onluQ`o z+r!kh(K1p$ew&)txnn_Tva;#ullz(7zG3X}mUnjfg}2);P}K?|m)(5srxueOrlTU| zZEs+jF}daQHkGs)&l55~en=mKsCVVO72>CbdtS+B~>SY_jUQ z$l)IoGis$b=w7HxY5ZZoG4v=-Qn=t5^`i|hk1Mla-sXCzik?uM_uId+bKtUNGzu}R z(_v^^fTd|waAs$l))orZYB4afF$jE#Ha0r1U@FR#w~oyXCMM5F=71wxpfyF-Y|O{YR!T88t_D*KgNI< zoQqyvQ!`i%#l)VB`XkzFNVo;SVS-ZcA7%1yv${ZXXI77-c&F^GwRPP>9|pvj3q*Pz z?7W+F4m9)|mCPCB@+z=QFC3qK3-^^koS>mDifKZQ4@lRd!}q$DE4@UadtsyjDI-hX ztsGu&XX9AJt0~G2xzA!f}e$k z5XTperE?j@2Zb-vUD9+H9=bHja%l%UL4*TZj}-p%aN_?gkZ7;dGpIEu zHVvtO@0nq|SH{~n8G`9&81BYWxU%w_QMOmvgCTecHtwanvKG_icA+;1JX@w zmjh3dUTeJlCgRS7;)$^mCSbO3@pmIR@spO1@+F(&{LUxpE*^a6+`Be-=XroL-mfRB zMG*K`2*F%H+y2QW318dA`39YKknZ`fv7r7P(+1Hngrs4!XoglfFk=2i2~A-DS>kY7 z@Kw$o-54La3BNf^&!Qy_w#Ou0RR{lHVDmYMNigZ1HU~ zV%qZQuM^X-lTX@q``FD_7c%xRAf_Y0n$b6lFqOTi(HC7NU#rbD{`vr0k}(pddq>&#a^DjK1za8%^_4c2 zH|iXydnbRlS@wLvfxJQMP=_gUMP2#EhE&@H^;P}&ogX-c#EA{zL#ft{vizJ7oSQ7@ zjkJvTviPc7&~P`;%gTB=IN~Ncc`}Ja=9ER!u6hJ9IUQM-X3*4t?MYlgkiv%-tr)F3 zoJn5ExW|gt<(Gx=uBKy+J+L8D%jI%oNR`pZ^CS=hcqy+rS31Ju+uK7*%YxeK zoRAtt12J?USis5|U!8lw7JZpTm^f5vcc9r`toVuDPUFsKotX-TjDr||&_)PIC+Y2y zS7oJEnNbNB34OM5);_LM@eXuh|ITyCuAyQYInj?#G;#S?QpCgS*ycB(b6w-Qz+k;F z&=0E@e?x7h*Jx7(jKuwRdcL6m8G)af;4XA8$BoAL$v(w)Iw4)PYP-n6IB)pGjFXBb z?l(8Z%Yc=AwbTFoao#b+3e^7yoQpw-(ZP32WP7cHEMsEGxFYF;ba{)^tJLx_?l6Rv zCi#8dX0K1X{KKe%jCV{4Hqi%C#^F+)yF{di$XQZV!$IxA-!cPG^uN6m4-X^Xs2v=f z3Lt|pRo*QJs=A_mG7rahj!cgJUm!@EOQ_`)n||O&EsxYxs!@aIS1A^frAj`oSfC92 zP@Um=oi)azJ>c0y=>>Q^0F`Cevc)Nab)S|zygO=`YXm^A{)Akr@uos6y5-Y4PjxzG zTLi8Ld(?c&C%h=_d%G1BdVB^yFH~u1ik(iI?HCAj8S!iq zRHs)qI3&5W$Ugfp2eDQ=;k^35+V*(_w_%Kv)w@>Tb@f|?`nsTba2mlmQcEWMv^8(`t*fr8zHy1w`J*#m(H`;)0n@kMh4wt@rdlbDwRL%?_yv; z5VqKpOFQL5)^wqpJPs@8DMKEH5Ju=S(f4vS?=dVA?;Z#2ZtrwWPqQSSlO{*mP(^Ze zkz|`C8p?K1kY?$T(c6QNB#+St86t# zOV?m8-FwFAWbBIuBADuo@jijIk1*3As6llibI5YY1%^Ppb-_uH09B#2cs$NrsYRB0`2U!=YMJ*?^j|l3ZoZS1@)~j&f-Y{ zWp?Y7s`~No^1ZbBXeDLq$_Z_z6c=vY(L^-STQ#j!a^)&(w~O99)+l*Gq-mZcz{}(Q zHT?TK2wcJJg%V>^+O=7BTm+VGckUhvy&Wuqu?{8bnua5qR=YPySb>cli2bjoZI=^FtF&90LUI5r+8$`V!*vIQL9ROD#u0i_SdfO z79)iJz5cEySSw7$j|d&xVkQNV&L79b| z*%e(u_~%rNS|>-Ii59saCqA56z6I%nX{L*H@#f4(8k^fj?Z9%`xLPq+Q`kmlOyiBS z7ber1994jP4QS}c%ZQ1nw5dEbg!2HGX3L$(+ zuG#yA$^ef?_CG=9j(wk-Dy2=IZ9tlC*oUr=k?d8IY@Lz&%ZNM~b&$sFC-oGn87%{e zj3$_^5FCwholxbzp<ujHt>JiQNbUz1aHMdHWGYI(JxKP-ghoGr zZo!M5ZadE$-1Grb&)b^BY6r!}R)X-9GDkRK%vkni6QN@iVAr5mqw6}9J~Ps%ORh+| z%CFLJ{81|=ju!_r=aSc68@V8PAH(^wzKNXa>(h~VMcmQwNj^i%t6s-}TZ2Sh%sEzB z$sc8{kk|D9tpJq2V3SKz%wRk7TVOu}*7-jMIC64b|32X5(c~%!{@O=pQ$oxZWxk+T zz7=!MhzJoRH?fFzYZs#66}S&$?oHL?a5#sDyjTLHg%_%F?6*8yZg)r)&nG^9zb>@w z?c6Oq4VpIryw8vHROg3XXI{{Q0i_29D(qxuc#-qA5dIHO+^XSXtOi%3X&w{}l&n*t ze=!<_u*Et6GmK{Kv4&e_G5g;6dzO$J%MwR*Pm*0X^8c09xIM0P=3u~))AXVWUDlEt zP3v=_oAA3r&B;;#&r2Z<7n}XGiNz0%$ky^lUb5yR{v1v3d8ento{4?qUv&_KnC+nh zAF;E#@%(RAK{sPFNcOoUpqyY48AzhE-w(QHM!@`PYpjvgt2nHttO8<=^w+A%Gv#An zde&ifJoSsspimx00N!WUqO$x-x58umWC%LrhN=XWGgk1DwhHt-Gyw5cxZxsb(c2qo z`9~Ky#sq7+^HL6#;43tGLyDQq`SQ8JE5;#xTpr_kE_ib>Otps2`|(Xk_0CSPxTDV; z2Ds(x6*s2_j1*mn|DsV3WBv<=k*_p#3rsg8M^URwao=E{Wlh1DTJXyvdFZqA`Y!j_ zDx2|>T2*?I&PfOTFTU#M&oBrG`&p~?|r2^E408OZX*k*SXt*{n# z-awoN<~I7diZLV-ECJGKXb7-NznD1!TV* zjd*Ryd%mu+U&x@up|QGW3^H=t{Fffi)zAa{TQ@rv1i~BU=i~0OUJC4q?eF?H38ti2 zrOx7n`#BqrlwDZ+&vcroiozFZMq?o2=tzfhm+Itue{d%y>z?|BBN?Vp5bAUX$n`D{ zX4rk-WTYQeqBos1M@Q|Qt7qsT)y|D*n)ul9@fev#`b86wly zWnfr@3Gj&1oJf-KdDc)9m4wVgITksu^A{BUJ!hL^ujQt8BWIK2etN}(KZ!(b>+4GM z_Om0|;ow(#?pD{cv$S2Wj!@cI*8G5Q)!k*5nmikEHq|Y>n`Iwq_u{>d*Y!jb_r>9_ zHLjo506Ukr8sw;Nz(xIm;IBUgk!fVL2B-ke<|dXK|4>a5KbFKimJ<=c=JaEum^#Ov zBhlfvZSvs&Bx~3VPrC5qG*<v*G2TlW)gjWYTo)hc8WPcTU~%3-wvTzQg7N)nnPXJY$c__%qXD%&ZX5 zheba}D1uiFk9T*N9o>r`S^HsAo~`IfOA_I1_+I~39ol<3D$f%J`=Mpx79EwavwlOw z6H$*@@HOPMVlkvWmHV`Uo#C}ri(A5R;4P5rA(~ntV)URepY~{_v^_3 zBPah=G`1sXOlc9krryhp*>xlH(T=ULP?XV)C7)a7KZQAmPpR#8?w|?cN{G`cfaic& zSSZyjw@}FuE+G!}wBen4uIy#Sq2~N*8><@b%)xzuP>zRWZ%4^7^a_^x8ggR~^6eo+ ziXaEx3s`9-#NWD`Nh(R=Qv$tnqWFCSMK}eMzSazTIRbHhv2aRVrMz(lDnld8Rp14p zwHJs+c}M^z@`QGtfrTqZzWk~1C{09>GasrT8Ra*sDOub9j^=2KoW2>_sJI>lgDbB* zs_-0kkraS$j3bg`hCLa`0C#lldWLItE=#tD#kQ9l^Pihpd~ouvJa<9}#t>_S83Dv% zcTK&Qd7d_(ogH?z1!j)SiFZ7!f4UXZpN`EjrPlJc)Z4^hKb&Q=3b5%s@YGi2{9Zgq zB+AAi=>^KaYd*%TB=(Wt;N9az@|19W{?SDc@=8>Vn4ceE{#OKfc;`e6_Xiz49|B8A zwV;XMx9yar;A;m`B7wNr1*5Db;3SH}!|hX#(-l5Fvt zZVpK_wj!uZ%jW2N)O`{4V4p&|0+R;`tRtT4`#4L6qijCG_!={OImN_Ar0f?vmF@T1 zPY6F}Ct1@XjeH50ZIY!}nP;DWq5>NUvExQygL7@Lz^=UvTGX+$SIMmV__HZ!+o_6}v+6-g|3(tMm7FfFj@%K7Eet)BG#-h*AOx-59ljZq)lqrz@ z(Te1Al46_s*UEjp`6yOF7|>>88rfy^E~%m?y_&q7&aa6bB?Ex&!3u*le!%;-S9sc+ z8HJz9le1&%ssDTMhkgDm(tcHo{q!g(5*Bk6*#_O zWMgf>bL%|W>zRUXOi~vQH?KI42WfYGZ|1L0@g-rqlW*VN&S^Gv0swI^ zRWks0gx@v?y|W#a;mBkhJ+ahgv_~d(9%q^!11aG5={RAYKEQNB;5GP?7XiFC5)QTN zUmKO1Ddyt`G&#@id&l_mmeQBn)uA0>{E-bAa`kA(oSuyAyIyp;oY?sx{OKZw`LzDA zmvKOsICZf@?%AQ5klOi+vR@3T)-4cfT&+AVKalVJ&ifqp*c#6utTqWi;mobspMC)6U*`~x@xEq-&4_#E*&rFs&mDiWvC=WAv2qK6Sf0qmvVLtXor zWJ>w2}%%cz*UUGUbFxowjePezU?iy2e_L? zTa(dA_O;W?wi$%|fX1jvH{TX9FD;wkF&Nga9yM*CYqP06385)FiIzJYiwqCN_-D1#$y|+ z99Vt%5qGLARgvNJK6yE}0O7C9LPHB~3fAnNOY@XU*6e2Kf8Ipp!Z28HGpf@;oaVQ9 zAxSf>##Lg)fwmv3B@3DR$Gey?j3RHOMpZOl3Y!57`9&g)Yk-VPv29F!fH+ju7ArnxaC1m5cP^1 zVJIp&=wiMTB!xy*h#?BT=89NP3XGN9j2%j*M=#V;+8cF}%j{TDaSVll%HbfM1E@`$ zmlqW0ej(6WXqj}<5s*D20P+I^HZf{hm5?c45KPVfCy4-#2;{x?e zKL18f3(lZ*vMC88?a8A>y((-}|*J zH%%DLag6{*D7D=@_oBROYo^P)&3_coiSt-eNaG<}X9Y^F_?CD<2_0{X%4vUE48&Il zodPKBMy2VdV`*6PgS&W42~lr^D72)jl(kP>oJ)-;Ds@KTl0MAd-#)RXKMw33c!!|Z92}tH6lsp8W$W=zQ@1Z!jHr5EvQ=3 z3^q0cm45U+V-B0*@566_(nvBXhI!j20ll~J^AA_Au(j$ zHweVUhG7CbC(4@>V&OX@y*_KMhcR}yBpXM{6kZ^3)#0!~q`T};LFU9<3g)8q}&X#3W z)?`ZcSlV*eoI#K&3AY@39^9WToXikU!`m6BKoVpIc9|k1O|kTo={w*rhB zfl(5HW+}4R8$K8kW%FBwAPVWpr-OQ6xa`g9bGmbs0lR*xoQm+`eOIMe)wF+KPHnmv zpp1XCMaN{ZwPc2RXOrW{G5rJTJ%o+8fi`Q*Il}S_8uW5Zf1vkU51YN4zG4g~sW@QA z#NFWtAH=*S2X^Hr3-bQt5yL~BP!t>?M?{ruetf4fPt(J+eNf(J>*+uayaof7I&Kbb zi`(7g(InU)?TYAiY2MsUC*5{IXM*vLezb0Sk=REJkw~1LO+9@X#bC81-*1^R7E(z% z@PiK{y*vUqCjS5W!e-efcKR&jx`Kjw%+Mg{8AvYwQorruJ|qV+(uMQUMfnFkw5(6|JB`MQfcL>x+T<3>J*n_IObp8o2VcF@(zTN#7 zM?vh{zcIS5xvf{4M2^K+_LIg)_$tv%xuinl?Gc3gm_wXVy>#QwYY;a-?42!u4FFg?1lr$@%wpk!{5^2^&DCfRQ} zY6xM@@bTFj=SkPY3j?}9Eur-VY1U1AT7C)r&W73)=fMZyjqo8c+$M2EKh%~J78^e6 z(O`p2VrjB*w7gIH>FgS`3e&K5$!E6f$Itl_=A~!YnX}7Hr>p~R4ohnhxc&9c&n=Y1 z>>7TCn!p^9m&hHFW(!=?g|{G#(l;2|C}j3()~u8Z-hLacuXTZ+31Ro$H8{Rj2_!`L zCk{3Y95R%HHO&4O5;wOIr`V1T1SG`39V}S&M;?j4p1)Zn{?)b5tM;d9hk3_h)~?5E z92CAV)K<~^N13N4_NXR7erdyo@1MPr9m#d-Mxh2zq2IzqY)sQN9y=t3Ab4#cM@UWC zMhYK%v67oi(dNrQa#NgX-)T&>h2eck?qr7q6MES6Bu4q&BAKWc@5iZ_+8{bm>;2>M)d`YVO2RhLHh(xqKupZfHPxYN`C6ZG zfyMN_(8RnAFWsvumG9RbMskjy{Y$QAost? z>W1L0yS#!eV=BtEq_oPKa75pg#z8Tr4~T%gP`oFHk`!F|AXUQ*o6Y#DNwpWnAKoJ= z;EXKTYo&*b_Rw^DK&a68i^fTE6t$__XjT^=a!AJJYcQ#kRxL4!1x3!(#^2xzegmQ{ z3&CUMF)I}t)jkj=P~}Pnq?r6vb*@PN6ayevmCDD*te<#5VczTtX6~Z z!YL=di6T1Kk?m7G(>l85OjR&hNlUg);O2p~WnOEB9JIV&_~JjD3*N)N2X!acQ%6I! zVP^qh5c5^_&1CT-(}FyW)^D0)-gDJ6*1O$6i$3S>-BGpUi$4#m39$~E!us@djVzxw ziHYt=B|}28!5RB;zA0&`~mxm>R%|+YOh;Rp2VUq0EmUY&%{ScpwugBuII1|U$UutleTOdJb=wX*Q0 zOeCleay#F~%(L!VQ%>vs@bS+aq)?O1x?O2k_rt_wqdb}ijofN@tRvt1XxV@6Eh#wu z*7y}@?HyDqhOjs6&hrd^$&wa-m7LF$Rhu<7LRz0-S$#+?YDljW#fc@6O!QBZYld1U zU^}J9tq5~)?iJF62&P~__;9L+$#j(blRLnt&D%TkHe^T*l~@ZnQ^f`KQDDlo9a@sY zpJHCbsXjp14IDbQ7kzcUoUt(kK9YSpv| zg0GVC!RMhONf~PU_>0;u{7%c%SX;g(s{6LHI6sxy7;gyoBroGYl$1`7{$19ucr#tk z@G<@uIS_rDhFq$&7J_wzj4VH)JzK=KlPnK5`LGeKbti10IIas|uP6(ej(T#m>m&}F zvM-G}kSE;SU`6>ZFS^VuKp`4s35pa-6CyFYP}z}k0KfCeJIa%t*|?^%=Qx&B4N&&f z0+8q|<5gM!76|yYVMc#*0mqt`{XF+FXI^!TZB^J#i;|Jqoa)&2vJ^6{kfmf$E?ozc z-J=L*M(J&p^MrLy_C9`|gAPrtZS5imxgnv`PI{dMQDSGW*ASCnvc?65IISw{+I&<;GUf-HidePUwS5-Se#crwGbQO`gGeqK(om$ zJ<2s?6f$~=aB4BvNr4|`fG7YXgoJP*5cvQgWqIm*RCiYVtj_IV3hJSZ#1pXtWVs@SR_7S7Z0p5#Zg5 zb8Ag4Mwj1@xeT!`4m`)Y5}`N)tM$|PQ;BCZr`XuD6($EIa})xQ7s5T#cK;hkO@za+ zR&#(>_*qlIZnr?6g0leEdlbc>A>rw$`>B}m{7@bWm2}_;&;$W@+2K;wzPMmo4iO+a ztto!PBs6|>4gX<5J^C9TXu9)FVOowmX2>?_s59AcVTbqC&5;&FJJpl?Z~|nL0yCZ) zF235%L7_~xBZ?Sqv|q|klQemJYIpa!I=`SiNcs|-)H?o(dZ8+SrNfFxTL`Nq zXOS;7#tx-1NJ%MQraVgv2A5fna|!6XoBU`B35UP10qKyUvWEzFX_53nF~=Otuno#9 z)+Jo#R*Q^B**IpmP&HexSqvW>alvR~Rrq40yjbR*@AzYbWG}iFasDDA`qqWIZXt_< zF+p{PsHu!m>W`pp=Lf%Mi6BEDRmdAmM0_Z2V~u@LsV#)gC)q$|gTec%$Z4Qy_q$V) zZx%)vfnS|%((H9&0v}Zu5_jcEOwX&94~5`Hs-CNnJ$E;!*OU(N*v7R>PS~Et-*q_# zcFWIb!9#lC)9&NCo{R_dWleoS4A~+r%n_QfVf_~I^@Z2Ty3p?4q@wAac@)tvoBOKY z)2kMvWas(|iA!9XCtxBD!#25tTJsgy=gB!a$3)yo48OXyKBJQ7I=Emw z#^}tl!G*pm!8gIQQKw;8F)PW_m4yP8wWrvPQdq}LOM>KQSHkd_t!GmCJm1zxVt!F@ zP0ZkMZk?hcF+hgVwqU+wI|Oigks%Nh9r8un1sPq$wXN~B5baD{jN9Tt#pfOeNUGPC_Kh^@rDocWIW}8}(K5p-kz)!+8>2*qX7A z>-u>VBmL$k6z9~2*;%PpUjT79e0XlH=kHds-CCI~#GU4G`YnsN>vGbr7Cb?&K~lUO zj~<5T%wk9fg;#3t0(t6=OsGiM9o#TeY=Sjc zC^1pj#c~{$`@~kw`}Xva_d%-@WmBPHAS}>xY#qh3=hPyB+{rEOMEd1Sw@3&LuTC+O zv`xP|pqdqJ9q#suL26Z`mxQ{I*O!8T_q9kz(Aaw$@f;OU89pukXa)IY_gdbbaNX9~ z92pKqLuMFB6Z~R-q6kLwElTdMyqy&W2NF1NpZ1Az(}Ed!9m1J%nI7Vu>I|u@q`{+^ zR>BI?n=O=yTed8qbDrH$M2lgt}XLnb>&un6VuDC8V5UYfo4DGE^WdwDg5ld?8a#Os?#wT3$n|p!5y)50 z3DO=~H+&zK6xx+1O{bf#RP`+)m0ORuA5l}b2Gg)PlDK6FTL$@Tu*iUy5tYggZ~G<& z1+JaC;2$5B7Z6ndrM7Rj9CwVm`>-ZryKorYO@6A9mX5gKTsqgdu1#%=d6di zkZux($tQn9@pF&hs=WaRF>@2^%nEP`AWrSB85e|=q==-FSSeeagPipYE*&C&YlXn@``gD9x zQuyAAQ(80(uyyxo$;x|^PD`(@1S9_pGuB4+Iy=D>r`jFm?nuM?^U@IL=RYZLJ;stN zduES>UN_5U2$1IxC+Ljw^mAE(T8kBv#3wImnAx{`cCza7`ID^iM-N-x%AZ^54~98G zeb)2d|CWiZx5j!&%&!b$B7LS4!WC-!>pqXoWc4vCk*FE2*?_1PWso{pQDrL{iz z^b~Q5p8vx}V7a1SW-yu*g)k)ySe3H%9`$9Xr}TH>xXSqLqcw7tJo>_vFT#hO-`B`{ zk6V{M8-5y*P7jI=Z?|$4@T+TW+tE(Ldygup?@5}du@E54m#K=cI*8$V;*l|<1BtG ztagKb4KtEv7=*x(K54az3aXM?irm?e9TN&9`8;AB0Ues~NhUMs zrUkP$@QXl45QpZr{>4xacgXgYiKj9Z7`q&`I0cOO^XuBR=IyvDH>wSi`ib;FxTb>T z!r|oti#{JOhAl>jKSRTJXP9o4Ah4Yc4zJT=(a*jTM;5YHpxe|Zr~kWsB!fmk<` zHZ3+e@Wq49M^3eD(dD8@B+hI4rHZ2+`3+%0!>^s_#iGlHcXd%SH(oBX5zub!3M!om zdzucSkZFF4CAP+mIf|-ZmzxmX6s1$J+&^RJ8yaDA_fC1EI+7qBt#S!%o&0^UX?N&k zKPw~StIFo(F!=5!28~y-8tmvp9GXrWWYg$G_FEqdGQ6KOVf?1j`0M<|<{v4y5rwed z!p(Jy-5;q&rV96UqiN}Zcm&|Q!Xx;hzaZv}Ei-<(OWXAk52X{Z@BarShjYi8j%6iv z>~U?}G4ZJ#fIU*VPWDIL^A*VL)h)Dn3a8`b;55#zlX;w!V9u14l-h^X&M1H$WZv3B z_MrbA#Em2xjhQ@-m|Efw6&Bo^GJDECdceGO4ls#8rR@{3bsCc?h|*HT3;|fAQSxwP z7Ms>(qv^+4T0ue&dQ4v;mh`Pzt%iZ_yeDm(QQ%p3HZTm%Q%G8n9ZJgH&Y4I!a7KBg z!~G{y?JsU`#TL!oRp_pck{`;^du^+m+%-5gjiPG%whydD{i;7f5W8IaFCS6(5+-On z3F(QnXoG?DlS>u%vt@Lc#+}h(#9+*`$tsP7VAtA`(Y(@Yb|{^Qrc~_IRTyR=uh}0( z=$a!cY~ay)G(Iw3kB|KzHI%4)cDU zmgmb!FuZZHmzJ{PeLwYjW93jHy0+kun6X=%CLU4d= zW*LR}!DHiL($^qIN3?7c3Azt45@m|V4YpcV@Mq|M$Vs}?Rk1~Sp>G%4At6Li@q`5@ z>~(`bVNR=y+%V45>xCSblI9%6lR{Na35O1ztmmBJfOpE|WG~e7d@kn)xtNo6C9-SO z%P(zvg6M)RKWi9^rq-MLL|!~Vfev2WRqh9E|i+K_Srg9fbDA!8oPqi!C) zcET@_Q%Z()frR@-^TbnfS7>9CXa?)>w&A+MCV_hS5T}{H?@>|MqzT`1g6b@roFm?g7 ziASo^Tgw1&D)OA|qu(!Weh)vOS5loCz_UKY?LWdKj=I}mbD;67fq8>iu@3#F(M&2v z=BI73@23256M4SK7w(03w>YIU*YqH3f+Xa`$JYunv>sL})lZeii#~7KrMAfRNR2N-1TUsFMYTX!c?193{E|U%2-OVGLaOv~dCL$98_U|LOk}`4(^8 zj>!=!)m$mGP1>}ZEV*|`)p(xaCWaolDL#k{KrncO5g0tyS9rAsBIt6ARkT#i&)&B$ zL(BP$wyo(t`>pXli$A53uQLqTS`to6Ij6~kORk08@x>fu-U!sSd z1^I<3$gQ^jj$dJTnv>rZs|gr%nZ^`VT=-Wk2lO!Lg1SwZNp=3s^$SJlfl;XPmCc z8lNtWS!0nf1&8Q#CKVe8c&x6485r2_04qS$zXAMcOByzL{Epmnt`)-mC+pLE{Z8-U zzJ_NnA<0Rsg=pB>_=;MJ$QI;gTqaHZe$&rkrvm^XBznItXqxB$L1qtsNk7y=JiL&& z?;2S)n%YL@TVzp@PVrzWr7MO@%E3UW_%ZO)?Inu(skBeWM6&9MwYcj}QCAC96-G0= zjmYR{hEHg6kefH2;$Pl29n$?2te2q8T#+V|Uu?EQX~b_}Jh1QGL(IbGO=$bPRX9qN zKukqwrkbCR`~Bj+!Nc2tv}U=G2#5F@ps!$6VX_EgldXS71gpgK+Vb0u*|e|#N1T-xiRU1#gbF`+`HrIL)6JL-ZqqA76xo(cT6@* zM6Ryo!0()ajVag9jEacX_fD8jxF%UbV>bwc(Ru8$3&D<=9XbNa1OQj4!!^5>SMPPN zMq&fu1Bi-n7_qX9_Kj=!bz%N=2`F zz`tGo<`nQ;+Qa&12kohn`|^)>^S%bss6YyjfasBqiupsTh$F$r0Z;&0y}9J7QT3*( zZvkYS*=RktFU7=;>fTHJFa!n=@nH?B&RGFh>~gmaQjCaU{cU}y)y9pO)q1-~n&mhC z#FyuR;J7sX8U~{$2Ra`#u1%%H`F33Bmr5egW1eq3WK2!BQ1i}iuB{kx`5@kAh8ff^!@tG zF6YJPO#tBtipE=>3bO|jtqqyxWCXuZx<;VJ6`7%ox;)MqVM9FX&>XTC2QVEjqS%-u zbnt}alR~M?$>x1Ts8Y|_CV6qxKa5=ywszYTmKA0QTIFsT_LO*;3jX-AFh~R)Ja%Zx zzJnHY2+{v5nAdT6EkEYSGJ4l9nQD9RbJL(gnu!h4@C``H-)enEzv4!0g2daJ66^0* zXXvvVn8A&!@}Got1w(*^f@@oa_LW_^z8}w9*~dg>p5!8?l>z|*pLuA6cBk;Ldim2E zyU7rwp4C|o0ja=yv7whOI0N+a3)+Q7H%+jkMpX*V=~W5|DaNik-!yeq0O!?{yanH_ zKki&q*ejO8o45}+W#*=R0y#hN0q}azWGA6SP94lNS*O})p;LnWnq(abLm)B87fT38F#S!0PmvOyQxxXE zkHfLgy!69$K^^fyjNQ;zwor1(Cgd|Jf6t1l=f)d-+u0E7ahFiaZKNlorVT0!)}t4Q z36|`-b!2r3D<96;Ha7C%YfY%M1mUP}^vXg{NH4`K!7h^1Df4P_8Vz^U5$Uvds#mG) z@2Ua!Ufopl70DoWR*rTkgco=d9{jwGaK{^nc~%I|WZrxnth-%WU>-V+!BjOCi-cY5 zS~l^@bhDv%qRAsNdo^bs3xqPYZ6*{kdYk4TaP(*oUnNnM#(>-sBN#?uo%?hdr@UWn zTxq}j>(n;89vfkYd%KJMK%Z{l?U8?Ro9Hlu$uPLtb0ed;lAd zTm&AYph#$R@!B2#N7bWKsez*Q^~C9=8qBPkL)Uz^MyL`XKK1;J@^H&so_B-NK``~| zzn*1Rx=epGb2sv2bOe0EyD1%Sh|A4`G597_qk zZ<)x;@BkcM=3fXpfHcb?~pA;u*rbaH!vTV^FOOjm&l!%)#qKCzN>>olx~JJqX< z02BdsXg(yq^dgDUxsYwS9Ns|H@NbVY(Uw&P&~{x(L7%LN+uWj2fWOy!=xt|+u?8@5 zDS#ORG;k!{2ehZh@n}0`1W*rZ*=ArSb>BQR$HST-RRUw<^f}*jRi>1@xNnTCoXX>! zR3mS_b$N2568-&4)e|{bhzWcA_zs_$C~T2FIOwY1V0W~=^t%r^WS;d?QFfzvvmCXr z>z)my+%zYS+O+oI{(ntdf{r#YtnpRTBMGgG2*ZRQ;|F5M0?@|;EI1m0>)om~^+z31 zsf=@Q3Q@(zRWzn6f2{Mt><3pI??cxz1SSnhfb<5Fgd`pXmX>#<-ELQ$e8dCZdg{%Nb7_i)9%2K9yCp)=hvanJoxDg5kx=+h`;eCW_*O^6 zu?bn(cfrw;ApygC7morgB*c#uAsdzV-gb@YzwcCz-f**G?vi{cI(cT`Zt7rN=tUHN zZn`xF$fO99@wWPX2XBn1M#&3jetB$YV&3}S;kINh76v4ZZQ(FufJ!Y`R9+%XcsA*i z5fh57YoeTY5wpS+1G9Z=LfdR}nYb&brwTxgdx3fM@$|RFNPC%3Wxi;N6uXP)oQZAXuo)9;sy+9#XFmG0Ac!k%aRbEw%e z-SFnqij;$`OZ|dwG6gj%e^<*s7^a}%j#-T&S~{u-*X?xR%<(sC_5}{L9{-W}Y@KG! z{J6S0V1)`Nod_$VS&t}}=26SVHa5wqv}y^68A4XtT*%q=f^)-MIHKP0 zab02Lnf*<1PaHs>)U@7Ysc?N3!v3rpLa>^z#5e^#D1Eug4Dq^+?5U}ez1Muww4>Xg znjCB-gUMC?l)PEv!Mm)m8GRyHQ%*w-EkbA?xO5_s$F$X88t3Gn=iLU!4ViBB^r89vq*2rSpUW2A`j@mVs#?p7?B zII6w4_v}yjd+GO)xYxmdVXw%yfU^l_x^T#|nVyts8`*m_xC=02cBq8vO4d_0_4g!8 z1Tz8uqkK)U{V&tbvjG4BXT3)vyBKmyLa`A~Z9mw%-czI~O!%*%Pyqe~5_Ar*!CD~P zRCQ2>uMDyzm#A9waN?q$9;Lo+OeFOO`CzQ}0L?Y%3{p)U-uS%IpOh4-Er_HQ%an+g z+ovrk!Qmvqo^u*4Vj*?>O@>H6jCiiD=&p0Wn*7Ka*eRL71)5OMIEkjaZz-5;kR{aL zfvY+^B_|0&J1#ohp*+2!B*M^a>n#5Deni)LW`bAhC~sllY^c67CXKhC|A??N%NRcw z+0rfHe-Il1U;GMuzx>ArZeS5-4Kp!--kxu~X46@)PO zSOopC+*XOKs=({^_i4oxpNm$k04D%VW(pxeUF>$CNl%fuk=5`ea4PaSEM>Ja4~T{< z;*egft8@H#N#a2JP)LswC;6H-9XQXQN=MWyW`p?{fc`9*0TA*(Yg&>%c6}FTz8n3^PkEN9Iq zV>fL;gX@6$NeMXE?t|ZGtU}Ir}Z9S1=AxFj5OLsAqfTEnvrWvGBXaMOjJs|_aB3(bg4l~QI4UTznFC$s2HEu@H z!c@Lpmw>rY10@z&EG>SXQ6FE|fiE69Hh!~tmNZxLli`ZuD;iZX)v+i+t5_wc~_KBD}3s6pXM0PUWf1s3UiEKVZm=p*>wpO)Rd(Mr6np(DftF?V5eSErJ zkC5}&n&99tpNRyL7TQ(=u}mZgym78%7)n2;8RO9&IvLwl1lp}+1N>*gU>{QPn!6GF zgh>KfUFElDx(b(~(!{)rsiASxu9^n{DVq8Zaf-=CPyb;ox%x*>%pp%Pz(qIly>d#3 zmA;mI&_=Q{5WSBegvTQPmP*y$#*R`J^zxfR8a6Yl^f6ba5X+j5z;hfs(5$07ic7^c z-u??$F79+58M z%Zl#m-qKo6{~rS5vZC})GZOuUv!{nzWT(z}U%r%BSNSc|L@MqRtq=QZ?HRe3CT8n$ zUEcsR1i(R8#;p1?aoqXdA%olPG6&(e!>t?8t`3X+F!9iV(s#xeeX^MhHD>6&T2=a^ z1LtX@qvuQPj;*xzMx?rd5vBPYPFfwSNA1O^3vB<=UwjtsvW09;=aOeBf#@bq`wP{-mpkg`-;2$W5#n9WCX)4o&A%Z6Po30S3N0FeZk#E_*Pp z!D?H!!Y;dp1xt%IZa3JLjX+jd6Zl6jK^yASwn6r8*BqTa-u7=*joU61L-f^|JR{T( zP5@4afT>+`{H5;oJoXQ7yHZ18f!mK7K2~L7z7`Y)nccX&``U@tGXSrbbI{$y8-wmE zfmcxgW^4ET+`KPvsOW@;vhX3ro%yFnE(ZcEx*`(r-#uZH(*9%0NIwYUJ+y~=*T`*~(7#yRR2Z`pBMz_F|lsny4TqBpsMMlv^&1*8oD)=`-dK z%E`p`9!|yYSQDq(FJ8t*g%aG!;k~txlZsTy^FKNkq1cew=GXBbL1GTPU0{J1m6<&l zi-fgl$__|?=#gr+jIUontsQ*?3@URB-emcH^+d<}{t?Hz^~{ivEzJgXqiMfWzy=h3 z4!M~D`AZ}>CtImU3LB~mn%8<#$v*u>{?cWFQWDq;)hY}@dzX2%uFM$yZYCJ1#NNR{za|oF213AW+|@2<=OsBY$VkStJ#@9rSU-mOVKd@1*9ba z$zC9J!N9_@d$A3X=3)1|y2tcV`puo@RA>o)Uf{i?a_JhB_nGDH`|9QJjq|&Gl482- zz^OPov(}>+xy5CFut=?n)hFA0D=7w~tvn3XGQQ?k(#W8pBXNOiaP}KmK{^R`SQ^=n zioSU%67`Y9JyBU$7mB z8;pli80^RZmt-~?8Cbo+if!2_4-n4m!b`w9eJ-h{qR{TI^#P(53k81oyE@#g=nw_m zBeV02nGyW4SqQ`zXS#-xDS_D@Q* zI_E$4ixZ!o?H2G*qLPUpfJH%c(MX(mPWmt0fm4RyP6F$di<^*m0 z8ZUkFFA6j_isUCFG0>No@n^1sJ1*}tGoR~)e^G9`e0EUx<&g+SA^eyZCQe9Xk9#nG zvCw!#1->t`f=<@z9s97p+8{}p=BZr_nm+8c`nUfI@GFG67+`kc`;TCu7y9rTIS8KO zps>Vjv=i>pCB;Y|J_#c_UQ%caY471zZAB1+l4NxBgWvawCm;*|w%+%xr9^2U&5eWe zgUg>1yKT|=!2;h1X+C!bOeL$^FD8?hgBcGjs*teXMbWT>oIpEI{&WoXqOF1^thoUw zyffsEpT(!T(v4a;qb(AoSwso5jMtutNvB`a#<2Ezug=THP@YnMDbTNp@yEubSs77x zE4rw`eC}-W`1wO!o$N?IK|@m|D>CAD+s3u)A+{2Ej_RPrQ_`{rgVfa=EEOP+#^LU6 z;vkp6b4H>WFE_w79$`(JAZKsG7~sr0a#dcU5*?fL?6i}Tl6>X*oS#>d{pb5HMjQnz zZS+VfrHem`Z2C>>0r7@NJ5E40p!jiMUq3|~n{A+2beCuiCe$DAC z_Q41x>&ib0eL-mLaEropEcCU2h5TnKKJ3ZT4y>MCBl zTy1d^l9=30A>&s*g&*ashAxz+`kR+R^RxIXiaBL10W0eEWHTZqmv~#3BQ#Pb^S7+J z8~GHTF6YK&Rt8@0%k}3#O=2?DZa3@C;&688v>Yk!-U%k^~Bq zTG!bnAd>mH9%@yMy;o4okmfV;{t}a)b~z{8=6{CO;RLQ`@yZj4!TnTW|AY_f&sLpI zL|xT=Bhg{~X-JQbYrYFa#M@jGrz?e0YM}ySdn<$=z~6xU^YTxb&HYeHKch)e0AgQ6J9o`zGpCEBNhrx)gEcyoy zT-{`)X0Ypl-Q41Lx=-s_N#uo!r(C|UM_8miKT5EFLcYU4gnHfq_YCK&Gb@FSh?$w}#ZK49(1-f}UnBN%q7c5!Wt zL&6WhHbc%E2mZ&7Hm9h4K}G}*4O}WEXL=GlSvy;|Fi*Il$wB&vAF;Nkny!|$p%rKu z3HaEwLt_xFdJeFS#N>xO{F8j-r9*X?_mjvTB>+u;+0`s04C@k?4M>0HWUZA|L2-jVTk9&RP2Ad z(BCH|u(rpv(Hd&L|3>(x+24YQS3@g0cHjF$=?fl2a*O2Z#p_bpajniy$`aawliJ|1 zSh!aW?|4O>IcP**YY?um*xMZW6^T^_G@+E+;vAhNR4q_wAPHf2@ST$yrQwv;f%roD zB2F4!4uAzs-N861LQB;zaB)l9UfizcWBxg*JD8_w7WbKXSXAeMJZ58weX8PhCl*jsF#*y&;WV zpkbY$=o|Ijz~@7+k;s09oJJ(r{p(+cZMXC(K<*I|7(%Feh%pj)XfxT3@=A$WyqCSP+0%#y?!$3~jF=IfW^ zw}s;ND`RwsvlvL_j6>c2)Ro>(u45{{v|9>yXe$pe?5CnW5EZ{<1($bC&lP05G{YQ3 zTs*NaFJ~TJv0M}3vxsa2T%-y$d(LuF&09~lB6NCjb`0Jnwmv#!a^Vnd?fZ*06#C7& z)pC>w%``tEH#VO*OezV53Bu2elz92Vn%IynRFY&*g`E#?ox#A9DvIwo)X0xXO9d>p zP_tq38_W+a)f6!dZ6Lx8z1X-LmnTWPQXY=Z@azd5MH{W?5Dnm}; zo$ZM4gmS5AK+b(mnb>|fIIF_x!{SaRo3l?vq=;-h-;?bYDAEiD$A^cc>(q1FHW?1n zxB*(;RpTr?Q|gkfi~;xNswqFj${mpapbp10PA#n5K~Zq3w);em^2aSYPW6hAN}pi9 zig$s)a72uSdLgiQct$^2ZM$9sz3DAkz{wu=8!H~emzC2;;1md zn~!37Op9_RJY>@G(l~VmUBY68|>jN?n%4*#CS1)xO9(5$cIS8jlgK%Epqcg9Q(=nEF1yR z>aJ$|4ufmiM3E+YgCyo`ATX#Y2EdH27nqrzW4sc0vEu6<7f^#MottF5_4uJjuBSzn ziY{w|`Xiw;|431239)EJp0|>zXAuJ0UZmq(=uYWTNggB4L)hdw9u||Jnd|0!iWpF) z(xh1;&*gsm62TiOh3IGqYcE6X>x3nxC%Z->oynU)Z;&++WSXo3f{|~}cNLuxDnK}sSa!)}#ifGg_XS2g2gj?CEG;(x6R(6_R zBg~x;KAS^qQMRq%17niJ&-G=Ix4Q zT@CnQlaHeY)QVQ)ksp{6K~>PKTL8U$?hPfre&SaW@R*Fit^&NdT_GahGHg~%1(PzR zM@yjsEXT#{*a`*REe#~0i|5jO!jh}mlweZEb&Ww7lw|mJF(ok{^DC^m91CX(7vxx* z@fma+$Q2bL^~O&QIkIj9Xu2++}>eUv}^1A1hVC5yLG~U@Ryrk zI2TSD93|l+VuDf9pyMQv!7j9gi}7Q% z$K`k1n)AWaJcE59H4n!L-F79Rh#K}63CpD`O*2I)pBsxe$Y;{`xpY#-ByVJ`-Bk*P z!`=Gl?(rc+Y@n!%@&wE3|0}7K#YTosIkC`d<^wW(4(_4UgdVaR?E@WDn-r%x8WbTr zm06Sr_;?N2f7a1<4IKXQzdR+0ZeYq2rsnwE*G0DNzsWR{J z$Y;{_Qnk}i^RX+d&z`PX*RMM1cL?MjL~%ha`D|0=t+}}k>6&KFn;bO6M?y$fXCZS? zWt8<}d(1RBkl*e&E^ImgE(nBo5@z-S-)>ZKGTq;(<1%b<8wPuwZG921mV}Z|E-^}3 z71(|oE8H075B}4A{rDFiBKf;Ol|>Fzzi@{Gg++cm6|>arEd-<|jvYox(v5g1fs+fh zuOKdf*vGNYbvtlhT(2yZFNV89To6}qaX(IskT&OTWF)1_fjwc)F+e5FnVk-dEU z7kjoI7S~X>LKpgfENnD#i@qm@oIraMhv15$GZ@DJ7z!h zZ4NE~du838rh^89|4z9O3|2cazZWWDv{q?t}F12q<;`&!wkb~_0?ZV1L ztvikfYcM=|_;b#}0h8x@u4OHNNXounM#ESE_WlW}5iDZIe24lS9Y z{@-~4j6*s|%50nY;5~dzGKTY%hT*HuCcZBCv$z^_NQ~Uvh3_%=4$$wBu?%HEzn|CgQt@Ea zn%_)w9!|s-X>%PCeL;Bc6wZcd)kp22;G$^a(0c2BZ>_(fqW?-pe7ZMLwfmgFkL@Z8 z!R=tf?F9z=ZLr*))6(Yx~zgMom8`yTgh4`Xeaj|5Euwu1I* z!L~_9zeFMJa~Nv?|Ch`Fi%@<)>Ub%7F=OB&f)-4d_~V;%8jJX#HG5BgLqX8~S3Lx! zIsNhQBr#4&02UrntlO`#WfKCcpvQZ>z&*n-T(;$1>NxrE@_x!=-1s%RCPdctYY58yABIEu7Vs zSlBX{lF;wY4VEnR^!Yywb3VC+TXq8rl3S+?OB?N543hYvyGT>xX+Q-583FN0Z5gKj z0oSj=zMxoyXs(iOglIw}iNj*3&{L{od?=rkTagNYY70(D<}qx06&}21vr6$xxxfX; z@yXvP!RzAhsc+ZE6Nf#iy^Iqfm)Lx8TKTt$%t*Cp@HeFTPNS3!8 z_aewVPiY{TiOXP_>Eh>E>Z$w4>b(nzU)xMytQvpF34s^ zzAMR_nrzCg_t0M;*L}yE)h7GZ!h`i4|H=4!G~omv8_0%SZ^?^>dDRWwY(df!(N3$m z2reu+f2XJTappSBM(AkduHg1L0Nvrx3iDr^ z6U-sD>O7cn7^FQ#J`?PUnQ27km ze?+bVrAtjJF$`w1;%b;Us>cr|DZ~HAl!N3=(+}M(b#Q?ngBNR9c-_sKuDm=+6aeT1 zTwso3o_%~kaVG7(X9Hp?Kf`+Eq43sV8|Q}bl7|(j0OxEx#xZ8I}4b=+@b~)Vmuy z^e-nCVvDLtx;Z3y^4EVbtwmAj6evP`RsTt^TA#kd5@mh3Y&*kqOFAlLnRmSD1U96- zgiPzu$8rfu@6^7#Id$X8)y5)#fz zAd}eOky7h(#OL3R#y7h|Dk*29euf*d<=5O|+rB$NPOh@)?;_a_*{)6-oAVy4l>h1; zg+1x|iV+4GU?Rt<&tOUvz79A>FE7OQO4(GLY1H(Sw>>Ut z!Qk3uwygO((CBw^Pk>oni4w37hE{7J4_wQQJtiRECr2F~Vf>G9sr4V{!j;ZvThW%j z+xFcYaiCqox@T~HtoZa>HC&v)8kp%0*fHvbcJ23Rj0cFTJDvMf{U~H#v+uwPx<2A8 zrZD9{Kj`1~=@vVh9R^+`FvGx(&F8=&n5g#6ify|SkReiGPXG-`@TU6mnAMvAMa{}YeGXtY-6JkHx&&>q>@rLXC$esKcj!bN!~C8g}kg+un?L;r8AePkL%?z9%A z9vfLs(#Zn6`3`=s&HVmXI_?31P<6y9I>hvNWfa-)Fo?ysK&ylFYfq_m1@|@KBHn>( zQJKE{!3tJ2=_lj#LoQXJv;d)vappgy?=l6pW?RK<30Esv4);wE6$rM!1dyI?3bb2* z&*RddLS8<}q zUKeIb8a_v)Zi}ctDbkd>uKxHj%Z_}^*1t;@ZsA`R!hMrA=@m3vpN5x?tdJ`K7bA8yRBi;Zc+#SvyuMXH(7~s?hyq^# zN&NqU8RA+j$%q}j1^^@!+m?ltQ&^-Q@TT<&uxI(zs}BPsOv8>R@De+Y=ev%f1zPr2 zyeV*@E~42ImQbjjpS&e4$SrZ|5p@Cv9q31;b$V0yf-Ff#g0sWGTV(hI!t_P1CZKRvB&bH+UJbkKHEEhczNsPlsPm#XX?1d zm5&fjXb;lJ*CN9My&IyY&a?1|?Oke_se2yf&RruV(OsFcZbO$Ad0o?+qfoWE`A0<0 zl9XW(s-zMsmR)I^iowB8bsa21K!z#6kVJO5*h-njR3&o&A1f2eSn0KGCvM2zJ$iIU zptF(dbTIR7#~=8Sd6e4J;E3@z_a4~t&Kw|~wqqDV%(@K4i#Llg} z$^U`_j)As7lvmxz?KvX}2q1Vo8)T^ZmCpf06L}z)+3`mU$~JYi(}z z$K{xVJhNtg&64{zA=p-gXme?Eqb7|q#GE#ymK?Q*B~b#hj|n+UK|2mD_hn-qGdzD# z>e;tX5DX9=>H65o-06JWNvP{MZTw5x^b9nG5nWuNEQFx4YQ7wOO$SzUM=pQ0wL7Rp z4-Ao{_axSx6DS!`?Z&FOwm3(WtN?FSiq3$Md>jq{qeWRuKtPer?|!iIbU@X%j2+6t z+>S?N#l%ya^D30YN-#sO6CA#Rmzj#z($KZ^sqAwdPCPK$2^5PUEoT}T8s<}Ux8kA# zV0ce_rh&jP8(W|IuG<$sre?Xl0L4r@OBpqC2OGBeWp{kC_^bXBjNbQ{DqlH+6=)G2%+*)bzqA{O_L8B~G zgtH}aeD6Z}$+HRH9BR5vStL+!)Axps5{i|0b;~3*PNkx~J^%58zvSJ%a!ZY|eG;qN zjn3mu;U7?WZgt9WUN7dO`_=K!1M(I{X7e50bD(3d^XE^yF|Nq+x80gIz{|o97+Evr z;KqoID$N9&y!CE^b^JN6GLlK})dCAQNEv*mHv*l`_~VTp9-*#Mbe9t0Fu)|iS3i-cAv zkuGT7%Lo>>5@NAkupdUYm+>t_9Y5vkDy}*)T)1@)o*Y1iBd_+$#E}lq@z$YLY-D$-nYiEg^WI{lx-=E_hA?ah+Y8W%H{V_5T-gm$e$ywUn zAB~3s+WQKQYUdi6QWKZDeN}RgI=loYAjfI5JCnvd<}DN;hV^jK132#gR1y5wb`_4( zd2`HlG>r&x&_$7M`Q7{QsYqDen#N^VBLx903uA$*9?uuAMt3k%>-f*o(?o&N62>&g)Hk&mP^I@2 z8R=MKDy=;lnwO8OScjbO=)E-2X7NTY!}vNPq}*Pa8XH055ZLc9*%>fia9me%X{Z!` zY5@~5(p-ko@_qbwr?+9p?E|*TblIkG^nZJ1Btmc`@2S{NSG2)fU1Pe6A84sC0UCYG z-k0Yv%G7SluKqff@cT(IsqW%F=BKpT~xgy6Hg*ywbpQ;HkCE%*hr}#j*Pm>)GeKi-jdN=cy&H9KMks zPs6S}mmZ{*?A#KH&t=nWi<~Tw@fMarJBuckIpIZ-Hbdgrgl8}6)G4v$JqL>*Sy!aN z0lv1IA(g|vlj;{|hY&;QS zcQi43=RiiK`dmM9aLpFLM?Aei$B;)eKN*-%H6OHZ$ltgA7kl^r<9ID^!x))4&DwmZ*|S^ zkxO%mQ||oKHS01hcW6HqgW}Qw$aR<>;>Se~E$OLI67fwRK@MT2e$O`VT>4=~dpXdh zP;3k|NS7)_7Ue#LW>~FsIia%DnSk?DoWm`}YBoYRgu>^Ki7)E`wPMX-@Q#WkMj*&}^rrpWHoIRgP`77?G=Pkt8ZpQEd32Yd;p% z%l;;h+!p!X8^>`7WKxXZ;yWMs?c52>)^t@+>E=Ef^imAJp}o00 zvC{DmV(U&^fDl%?2ez%9AFdmq^#j3(tiPJ)y?;;P^qI$f%hD2Y!)@-!v;D8jhbT3dA~S!{=#Gc1 zufNBw#8inG8Q6i33xqg2v-z}4y#vi_xZ8mm1kdJ<+WcO{I%x`UuZv-)-}|_BdBI;x z{k7~4CwlvWcVMMIh2FB?hz>F`yM&3}Kw}$B^__4w3su6!;#qKWG9>T?sr`~)>sdR~ zX#e_P*@!*q5DF>XEfcKp)*{sV&2~|-Xg=?V9{%>1|Nk}2?m|$ ztKIiMlVrZ~MPlEUBx2UbwqKIcZL`sD2dW@%6#+dHUGzY`)CsEI2@1@)hn|MApTG|m zzCuw`pcLd3(*kAp0Mw-BT_cfTNrX~il%JvXBMd0uwt059_1tbRodA!GRucLGSJO4E z#n)3F-Ex&aPBJOng`U$ayiII1N(Ol}* z2H-DaWgMVmLp-!e&3%swsa_B-G);B)LR^RR_Ci25hF+Bh*;DcS6cnRl%}>e-wM2;0 z*yduv832Hu$qcufkF3M+1cMj_x4|Ni^QPX%c^v7X>c?6;xx<)!h9Of8ZJ&u(P;@Z{ z#yu-=_4+!Pp@SDqB3Y|EI5DzYeI8y)6M*ChU$0*qN<)H>%A(==YT{Un^z2` zGT&;T%wIAc!mm>*995b49N-H|)I_8_awHJxk+m%V)oT6yA#}eklyamqrqNUbtPv0q z)yX&xn19^QH{Qt_gA^Rf33PJEK&TvI$N(w$k`!;QIs^B}yZ&y85MvS|6&8i&6w!d1 zQ}O_xPUjxW_*R_|#`o>@hCuT)Hjn{eVd<81fv^g10TSl%L5NM{_fDMo9Ztlom0wQ? zhvPO+o=6Ifs9}4ETcXvN$y>7}*`@isj z@{XxObNhkn7dyTvMY~dPE)|bgw1(PLV4vU_;{c$qEM*V>I}t*-BH`CsumAWNj}iJ2 zj(GG-CRZ%STXspudBbF*fc_0SEQh~$&PW^;Ba^GNqivXrQqh%hZARp?RLb!UCYgxg z@d{hTBLkWUc+TD_cJREzV1x?@x1|hF6y5wSzYGX9R9&w=YG-l?n;!a{oTXzp{qud6 z`M}Iw+Qe$kg+_H=XV78nVo6jWLg&^N%mz&CK;S;GHb>^Lk?YgAci4xCe$y%jhfxy4 zSm9DS&p)ON%N5Y-pXpAo8AO2|7RM)=_Fbpn>!r9x=tt`$eYsXIY ziOb0mzK3{PPtjkocy#Ucy>#jk4cNA~Ta4wjtkZ0n~E>Ec#2+%k*#J z>PegsU34#<^y~_=(^S}ggyu71%5*+BnM}TWhQmKL5F{5m?(XqjT5T3`YkJVPZO^46 z=np%a6Z-ByFuCQAmuSX!^;R^a~N~vaAnE{{3(?lHw)n$ z{CI~O{y=lzCebNpPYBP^1m?Jre)bP=S9Cnu@O}m6^vr&bwbg-Ymw(joXFh{2YRPIM z92|AlR;@qY-OVpiJ`hnxp$7=PZS4%KrrjHO8^@1ImB`l!yM5(?#Pvo_a`wE>{!}3E z!axljLw#W4p=@o=5vP0>>@qzbWIhrUzOw-8QieCwG&~{r*QIpicB)pA@+0;7 zIU>Co*oG%$np>|nf#dRs=cgM=C0$=BgR!UO3P&ck=(VaVbiZy(eq2)VyI~}K4eY}Z zlqOLX{&<)|IUba*#j=1_AIztkgEKg@-70E7)Q6w!*E} z1?`R}owcw8g=@2J0p(_J+PNjQfV)@$>pz}z>6~^_^-k3~S8FKd;72}0y5R(Z@5zdN zz)acp`gR|Sm`F@<3f|`p$dN{FWca?f*W3k}84*-V2b|%6h{Go+h8z@zR7PFY`(eKy ztPnW8!?II9|EBJoFX>juT0#ra(|+IQ4OTGyzTkD#sdEibR>4J}O&^-liXD!_~v_nw2Ql z{lkPrr)>3a9*#K3BiF|$2Zq#lL--Xpv}{Q+0%mO3NKt5Za4ZvieHO2*yCdr-`_D}6 zSsj@9oTII1zfT9rUz0xN*uO3m9=N~$5``$s#!q|`z&>{Qw`gjEq3BK4Ze;F^<$)R9& z@1RTlNsKu5igN=gOM&D(4L}L&E>B?hwXnqg>;EFDC}42$i`o^Diz-2-M6|4V0G2ZT zx{$4s>T|f)KMcRaR%-BAL4t8Ej+4V?0UvEZPB66bplxjwL@*BAXm)0W@*!jrjX zz1X83|7QV-vyUzx9(f=PqIKawFFRdZZ8s;$BN>o5!wE{^^gmYS{v*wP!*LMlbLsC7tPP;tVR%Wmy7n{^lo>5TkLuwDe^6o5P9a4exYWQ()o ze-aDY2=8?fdn9&?Q3^r{*|&CSGRUllRv8xiuC2TIBb47icY>qu;8^;VptNxC)`Qz) z0xR2M;EeM01^HTmPm~p|#N8C6wzTS-2*y-j0PNe-JiCaIx;23ICCez_ml**HlEB_V zu^z;C>oa#Ed*_Z00~k=yO9VgokJa*n?DH>dIZHMjDWLUG-R9KRw-c_9MAWTqMPj;# zq+g^&L9&skXV%5ab(}638m%sbQ%?k5KTA=(`Zu&M8($&pe}ZhDdFJ|BG-{+sxncvY#)KpX1om`VeI24^suHVR~t zH3uz?OI1*2m7~hdN=+&cO145JxrhJ5M`X954KS=mIFT{0iao6~7r9;-NkvDIhO=OA z*RbqY=8tg{t#@#$XkAc2F`Oz)1}>tTl4qV88Jt#o%Og3U8!|b9nqCrk6ox+X_(BLJ zH3UpW3P2F5WOb#xTz0r@-`YH(OmtpIh5f@6A(W`)jjQp+s#AnH*5!TXcD@hmV8(B( z0yX>7&>WgAV?WO>9qSaGUZ+43-utrnaXoOmEn{}MPNpwL;(GC08B7R-vVgbgOa0Eu_T3qGX89(r@rok zG)|eG3V=K|B(nlpk@$EDjW?Hycw1879VRCj zxI+Gl#4UdKOh2B3z0oa~bphLTX9%&ekOi;E!rzC|Us9)5!z_oL1bMci^ifjLf^Wyn zYPC5OxwcFnt8T{F1*I+;@3|Iek}wxN!WUS5Gq0)70F)zeQ!s_GAS6ezOk}xmtUnOV zFUDGqvHX5Nu^krMGPJsjwjft?#)F$+=tX-Jw@ZZi<4`( zNMIx$2r3pFdERYGwC~uB&WRQn#s4{)vvv6qlUNnDm5)SD8Su*+4r}y3E-0wKG+L>? zyF&hhjM2>puMGW%u@+PpT#);i0`<%7k~m83(~*V_Opf{py7QE(?HEx{zcRVW_I9b= ziU8)$Fnd(jh@RUSnHOf8aD_Es+vu0V#&jVq&v2JTodD(EOK=}Aoz z=Sh0ouwd{a(R4$BN5%zs{5J{1;ujAp!GVSi90a7NKm%xV9rLGpB_T_KO)1gKw)zQ^ znXZ%#0gt{OySM?2EZv3FfG|dEB&G@u(;t?QcET}6CZ2F5Sg0?YR^NqAye`46Ys_H< zHMb2%fCy$%A|xP2=#F{I^aYdWyOu+PH4tNRBCiG6G~ux z^{z>+u*s2LWI>R|5Z@ZNC?|4HPIBga`2PIR7}l^^@=@b)M=brR>uA~EOC_Ro2-)5M4s$-E0TIPr*VbMc7x|ku|zY;aLFK$Bq7JG6E5L5`x>2n=!Uters37XE$N~yHvOjEY#@FIl&<`cR@8)S> zb{-$3g%T??H^grL8kE0=K?7P#DD_*(S@>$+imUWQqY&LNkBD4hTj4rAsKlXOAA!V( z{cU@zMO;^W@dAEED%M4LCNkI7I?Z`5wK5J8&cwOOVum*YnDN%BR5}!z%0#3gYO@E! zRUUlb4zoUq|3XM-N^3!()Xsiq@e+!<;s6u~$(Ht}IDmnuNVqH5T1}%spb$7devTZ5 zol>N1UOpKnu%1f`-CN6gsr;#`tZahs$*q;FW)ll^Pk?7HbxJhbzunmhl1p&UNe%5T zP5sp8BsC)~HZGT1$>I9pMyW7d5hO4rN|)vkNj>ej2(XPgA}4EY--Rs#ky0!fxapDY zz_pew*i3Kv;W1vU1jW&C{!P9wh0e?8A|l)c!!)~Y#oo`_4&{N*Wm^@bBJ$p)7=I|` z?JG{JAYcBWOoWJS6QPGqa*3Oy8n3-glr%edw%oUp&E{b^ zkFD$?tr{H|&fJVKS3<|lNV20EI(!=eB0owL%aQj&{%<9>Re!uuZEDN30rJs#dw3=1Sl{w}X)k$;d6L83uo0`J&oFR>{!f?OK$1c+K*C zAB_YRd{dLSuOB=~TLzT~aN--AP2i0(E*7m)h1Q-&RzM<0nIiAVkdD(=I zYg(=&A5^hy0LL1B`h5%Y7^M98FG%lQHs@g*Rjd9(zr z@%GF$+xkfvxpLr-wD{988Bivein`mCaHk7yt02~W$~my>*rCM(8Q=ke^gpP7{F!;#WSrW?TW=x^(w%9%?7P63Y3+tSztJDI_Dh%bXqa+Q9(?v$Y(CVj*F zb?Wj@;}t*kJ9G_7@t%Zio(4yL7xj`HZy-;;_))(zcL5sq#3xcMNC@3#x6Q2>;wU@U zhg0#+wZZ%nnjeO_O+v})-h|R-w8mP5X5;CtoLOEoXOgc!UgIi3$E4iXM8F*1^h8&3 zlrSI(3^z&1DhPnZ)Bm;(xAbI1L`=#mRi<9eN^@sdqncLzX1$z% zN(jl$XppX}xn2x=d((JJBCSsRGX~6hn0pqG42Gws35-xg2uvj*b?xWZ)%3SIuC5eXV>RVxvybggca-Ky0B73V zm+Onxb*wph?_So0Q}1+t(ShT#fPj<&UiTI^v}W=h9E($nYEQDiYmk8`t1_J9L(HY# zqR;|PxxPN}VD%4$>xv?dYN&>9xOFvosuj;ZMMe{s-O~k3StYkQQ39%P*%HE|V-*#L z>(E%K++PxGS$GSNiYiX|Z3KHHB?LW4iT{d3)mokK6coT69Mb8n^t0W)wjAbY^y#b` z9!HTx0$J?R(}FZV*DHnfxWM4XNgC`D?pzh?15t+j;Ouq3=ULh5HM&-MDa~J5{~< zs*|LA?hmP&1d)zKh!NivFA<`7@~tTnBfhtc4#5o5?*v`%Y%;%arYnA=Ao7DAyi>pL zf1Zh zC?eSBx%xl{VD-s5wxAH*=}=X>WoEtl^J?kNF#D;d*WyykXsV{YDH0BinXK-^$#$Ig zHDDtk73Rogvc96)+D3(0R%u-|D@#&GM5&k6NHw!qxpQj?v36t1X`L8g7mp zWyn^CuZ!oZuW&9iDPu-=@S+;bY~7R7vgJuNx8>D69zI3uO75Y_rcmnui{{9|o-j$V z;53?xij!}Si%BW|9Ndvc%U*a$?1U{#5JI`kG1sK|OSf_`1(lcFI6pbCul}5C;AGjM z#|^JKJb$;$f3)8t6ap8+m$Uu|zHlyBLxL*P#xGi{#WVaCaQNpNKW2J<8b9Nr^zT$U!g+^h_KS;j5sOqNhN>#mJ5- zuOFE6MXdVGv)I^rQ_KmQ3LCn*s%yhQ9!b~hRCDttF9A5mK4vEhM<1&^z{XGdPw_n$ zbt4{uyT(XJ#(c9#Rs`gs41if@XbF1)Tqaqvjo+PI4h@~eCOCj=0^xnU!tyu-RY<9I z61{B9En)`=TV2O00x-;FAWfCkQ4t53=7N;mfgAZ`z{H8bZ@Z@(k3UvyJ2b8or_Jb?r<(Q+U(l;Ax+XH@M)BWrP{~EY3$rm1&X+Wn>#Fh$P5X=fNnOaUh zaq^Q@sbG4w2mJb~$RBh$JZ2xpvXn`qWag6}mz@mk6oa&XkBD|aJKuMD6T)001L(NO zx%!hr$ZHYE%7!f=#^l76Z9$i+ymVKOMx<{r+~UD@Xit9dfc9-D-?=c}OhXQZ zo7>;lGGNW@D$PpK`Z(SpFo9dvti->pb;(>IgcIe;N9l(?1Rb#{S93a3{xpHm5; zb94FLbdw{YGmN7@N=tVk*u^va9=eC8NZzzAa+b4)*x~xc7+&auEEsA+`Xg7);$`Vc z7n6aWs4Ji5q5`I$52sSgbV#H9-R1)W;rn`J`~$N3OCa~bNWn(8|8KHWjC4Ph8-4nM ztbh55n6_=a_}+4=l1)-n2~GihtIkXwhtLy0)TEMKor>L(pPPQM4ZGMD zC~m(!-#YWZLLn*QPDMj1ZlFY0_eOgpv2%_sJswvy4QsMFcvAx5pqX5(`Ti4ss^-Bl zZEHMMw`rgtk%z}$99x_{w5b>_3MZj3_O-f zzB=D_9G@4Tc5A^o)PW38U+*%hfI5vviL#%(kO($+_jL`1ZYn`Ap6C8onFC zc&T0u0(I$|gARJV_e%P{L(LrHq4#Vjnuz5UAzuL3L->=)+g_c%>5rW7L8wI!W02gB zseAXMTrI+H_2bb{tB1x)w0NW&B~zIG@hf_igkwon7XCt6Gu72*Rw}rorljfS&1e!W zn(^*~;PQq!N*;~*Tvvt>h~3uaXIl9Rs%@lH?x{{n>tR}wK0-Xq1YW~7^WKfcOUq$; zfsSY?i_(ftIb2X&!I-31gq*<1G!f;iElp4j=)ZZM7P#8tD#efOHNmZ7(-&(;&H=9Q7;vOPqm9NppKn9Pu!~bn2e3tmi%LkYNLVuz* z=LzY!{JX%u-64K$pHDT~YKRYzUn1FV2QiP*QONV>PPRI+%|&{`V&@t{U@MtSW3A*w zkBh%T%gAj z(OPuusWJTnqkBOp;AArdss@i2dVSl!>0!-jQV0lMFd-xum6A+V=bGig29Qr37C;b8 z^GM8OS_%0!s70qPmyL^pzJcbNlI=Sbp=uj8fi z=Iw=>s~46&nH^t``K`I( zoeXLQ&eHh20K|WNf)3dV*~J!+TDv)p1GQm`KD8%_p(%=&aX<~yO`NO9;9Iq&ktU|? zBIRd-SK^Sr4KD|@_r8L%`}o~_RZt8?O>qF+daBypU0vMdM%xK*AA&gwR$?fFEO^1{ zopV0xOmPoRHIbQ-wY}sso!gP!2HQddi`V-8Cuymz*3lrbOwoLT3ZhL*x!(V7xZ@N& zP$i;L>{VmSIc@*ag44Ds`Zf5|EbUkFR*l8`mtJNdv|Q%(piB35=WA1MI!b>T)m@7| z9RBkrY}XlS+fX&?13{0YHtDtjVRouH1m#?IWsIYDQr8`lU(-R7k9nE^dX{iO!GTYl z-u!Rk$Qt3M3v4}J(#tmBcK?@nHw3zLvCn~;Q!iz#uYWq61}F7KZ-02xrDY9(=blQX z9SvzCE79ZhiU97MY0jL#C|Nu)hP@mdr4UP%UtW8-T9*5i+dgdIoAEFry}ODx)z!e_ z@c!&waJ-YJ0P@6>L)iZRZPr<;Fted5AquaRtQ3E(A>ecNe&ykWxOuTwtBa+LWuVbe z#qx?Akgi*#rV!{~Oa(ibnp1v`&byDm zw1Phm#@+_vKe7I3jag>dJuguy`4vslaF)fv6+ZesDD5Vw^g&DR{B&tE*KnphTetO4 z;1;rEFOD=v^=gye*rz|S=nogx0;)*CE1fg{uzA*d&p+dmH%KnY+6GK>SIyr6pm`r* zAL;gXW$Lcq;|YCxpUDD$zM7=dH1PP2rztldOQ%4K1Oc&YGsXnc@m$cq_Y5K2z3V`5 zsOi`9Y5aGm*d`k^2>JMTmZH3sIvVR;b^_>`$zt9*2L^m=ts3!K;P^De*rE?{B2T(j z82>s?avf^Z1jF=*pBcT`Ld&6s5A>$|+iI0(Cu+o3m<9`WqpfFYji3&>`g{ODZ&3A~h&4UBe#De{28 zuJ$5A?j<obb}xr>ms{UfQR8$`eOU z;=7+1afx=~-oI0JfUQMjBD{mr&Uq)aCCmM4L`YPBmsY=SDL4W3_%`)BlF<_{|3MY^ zReUlH3dY1!qAYxF&v7t05AdHMU?GQx{=5y{GRL37NHwtV88jEdnN^iO`>DY72`18g zyLeP^xTn?s`-MF6;{g{hy*h#5C0hZ???KESF%xewlZk--qg{IGxH%U z`oPzjpzvRhSXY#R2en1Ah&FdmNZIdudb@$k7pUz+_jEn>YB^lH#mvod>^~?SOal!& z^dtmwDoLdz!G>2pgWW41)_cti z<=8+*q&1~&1>)(>qQ4qc%XpOzLh;yO@_%^;!zgZirzGIn3nj%ghP$R_-uWPcF19+g zK20$Qq0oN#28442K1GfN2U&z&>luKs=;5PkkaK z2QoXZvPyflPg%Iplza_<5PoyDS@W?igE&cXKS}~RcP~jOk5|s(HEkVH>BU#_v7!?s z%+8SAYorvnZ~$iek~8G>cav{iybAfIS3dBKmyT~b*7Nawgb$m;UmQ@czvX7Xl`Q2- z{X`20CR<819xKEUJy*Kx4Jnl>C~Wg1@3*gvwJ^W2eB4u#)e^%D{L)Yj+?H8^}2bp2Ty_913}y1`J`<&To4l8~^Il$J7LaNPuxz zyf3C!i66k_*ow{E3F#0fm)$y^z*ULCWhQd<5ADI6MouQrfKR&e;=jKV^mJF^=RsDX zbW28x27Yc$ucB^3v_iZ{kD(G*ewsG3G{=T0ilIq0WF)Dn)i80*!3;lB=v^9Bl8IaR zord;Ct8Vv3T{FsM^jertQ&U-U&kJls<@x~eSQ=D*;Vx1;_Ix@`43)nf4v3GhjCtH3hw*V2@7CZgu2Pt|II!uaQDe(y=vB+Uf6U3INb4W#L zwRKeVdz0)WEv16Vq;VI!t5 zovFuYi)tUtedOqR_j&?D2VI9^!!RhNda`=&mefPjhpNdwe%b%XJhM{D^cwM4?2>cU z<4t3AnsCMAMliVT_@a3rwJv+XbS$3@@%zDfHQe*q0?Q>+%kl`|hPuhOl44k(MCL&Z z&B)3$@aF$)Yq&$osWo&_fBFQ`7#9gbi>o^aZR3x1j{SjJSHGOz%4Q~?S2D;=Ycaut zhght2hilok1?CX(D~Ze= zo29h+!O=(QmER@NA|0?`)4}Ee`SEsgn?Yb8aah?hyD#Exr7BA4gRpt1M#yZ+T_1L4 zgfFrAMszSUzS$lX%|d6Bj_uxyZcnYARI=$cNL6frBvb9E?Fe}-ew}AG+(6wqj8H;!H0_*Ie^sMLG2_W5>65MUB>Wl*$bN-jQm(#rXqDN- zz&GV87I~R?9}YHQEY0ljrDPzokKKMym@Wqc`^a%WjwSjvC{4j6iAkmhlJUhbf)5hM z>!=%tA|csTPUP#D?FFTne)0g?$vhjQ4Xlx}mR3Gu@P#j|=0HiF?lDNtPP&-aIb8A4 zgp_s<9%w43#X7`$6=%1k96dGOq-y#9o-y#>i2F0&% zx>FyRr&pcHU@VvAOM){+N-$F;$VoH6%i$+cqfO|f!&HB7OGghc0uZmBSeJtv=E|UY z8cWm0(nU-@@xgo5ja|%i=N>s3W#wvx-ckPp+sem4z^m9m84oV9!t0*H)Nxrj=lOH+ z?V}&tP9z@L4+~>-DLYF|{6Jv5{=l{HHay$PAU8DNv{N&4*3yHQ2AV!u@V0wx09i$HgWF#Ni4g1b~S_d0ZAZAY2 zR!kIRFYLjiW;M|C!SqT?<6O|haH|eV1rI8-M$Iz#gwuZDcL4;ReYrc(WRQ@pvSv@R zT(Ej`cwiBo$nI090BFC8s2XdSR4Ym@TZHuVO7nY?5-Pr#Mf=F@)~oeeYr@Q)~O}5O8;BORssdACRLUfeb7flf8T3 z2sB%q-@eK?L{KwGNtVQ8BAJpg>8+p*doklfamYDQYZ&9h8QaW-@C4)?P9QR|Tqb&X81K%^k`b~eoMnR07~CHYj0?Cj+CZko z_4YX>RE&P*622Z1`p+Ji9uiqOIZ0?nAVO`9xH5p;+&$PwlDdDD_%c)NXiy=LIG|2s*E z0Cm38`4j3%X7Ln?{?lw6H${lCArdvY0W0bCtb^e~I>>e;Se%i21hiqeRI40W4r=xb z1 zryM@BZc?6|(~943hlTIU%q?*9feGhlAn(zKTlC}ht0VqFj@v~6K+`fP)elpU5K}VQ zUC1autt~JjiZzunRSZCP1~UWw^FlSk;f;Tw>2x&TsXVwPE#l;)0`P1gGMui0%z;I) zF@sBF*bdu6H+X><0Fqzub+5pc1?2|}gcf=-xr#4ZgP^Y$RjZN-j3J* z7P7F^0ed9gQCzSLM;rf+qBs5l7&09hk( z{+1?1aq@AkCoqkES-{ZMG~l&xcZZsg^d4TXsd3I?tt4m#mHx5jV}7NdNI4+BL4aYi zjR3(EP%^n#34q0Wq8V%02-ixye6+(WC{p2`Cj>qqZXc-9s{&C~$Q`wPa~l$6c>1sTaAuJ|JE znW|dT%L-bPe6G!O@Kx~TM!~n9V(3Q_#LuwL3>OAnJ?1RU&l`RD#%X=+0&E_efS3e> z+!3tt7pa&P%=C`Azk_$0$8Cz;Td$yc4K_*@$_AZO5NH_n20D#J-wlzkXxYNJf`%|V zXhlnoNx}6FKp$OYE@H{&CyCvC5w?c(2gIzkJL4=zB`_~4CI!nL=XkD|drX28k zvco?JZkimaojmNzfWPtm1DiT-BXnwSDnb#mkUS z4C$qO^Rw#TW&+$JVr!dQiBI$?ZePt1wYDndF)N8%7e%HF*S<;7rZh+{neCb<3Oy_< zp+O~s@8h_8;t3lUO@3#s1gbRoYB{vkBT@C|7w)fFBBN$|I<+LE1d0bpDT)GYn=iME zIiZfKa{0zE_ujC9aDAhy<3!ayW6AkMk8A8hWw?v{&Qda2@g6tmIbc$2tAY>IE_l`x z$0>>{F~H@Nx-F!MZSa8=t5>{L^eeGGs(^*Dl!Ajq_t(jNV5|xg zAV@_=*SrFXb?khsED;uB#;hwGTGG_65!g-2Yl!Pj1Jmthk$)l7KdY5)iG*7;8D~5! zTJT=kzMIab-|$%atsdW15HTt+=Pj4VkAdo4#ZMK* ziG4`FtFD8Th2hgcLrEvNF&w}Vf^FC%Q*+-`LcOt4UxE;-xC9ky>|Rc|DSFSQsWsc$ z7q{CoiBz{|AT?|bEZ9&VW=*+}f|^!jeAShWxv5)` z;`_J)Fr1IvrohPk*S(Fr2S*4bXHW@|5$R0N@|ISh#n6Ry^7>g1kNeSz7_+-3aZ7fy zM{6hd9*Z!z&JmiV583m)GrDN&LYDZmIuKv5gHCryZM{3-GvyL2$?91!A1qTfr~?6tG(|17D^!N} z2gDn&2h_LelUXl{dTMNjhce#ZJudA_NBnwup{sCqW_B93b)FO+wNLHx8V%>6r>xh7 zzH)Mbjjs4fhMJ)?R5Q{dj7Q_+4gh;1vEatXSgC(MJXol%z!uq0AjwF0dAn@S=hx+6 zK8nCLb`y2H321)+k!jj(}3pkluw5KQo!9Aq2XE`e79fEP1N^E*`*& z`&T-;a>_XXNvo=F+SvzU?lW$C^)t@Ao!xA1GGUoA@o3^Ld*H-Wp&v^wocQNQH@3j8 z$+SE|oFT*+=cq$d!j8VaDk`hF4;lrk^8$LWXBGJSw+-Bxo4{nYP)D-vMithyjR)D< zm$xedw06f(Jpo`z!}N$2L>yey+}e6v5Xe#7;*4F)Tal$EgBQyk0P4)nC%pgg$#O;S zm03!dN4yKjlyVCcM(np}nP6o}@p1|TNT>9QSRfHtFd4VG;(w=mJO%=NcswVhJf28m zvyWP^vy28*)&ARKSn_KLw~g}ha09OCi#+1t%h5%4y-Gql`|@dVCi}Kn_foSS`7q}_&p6Ba$Y)6G4@4XA#^lUe+kqjr_oHC7YxM#L%>U(<>_cam zN2yak_0ZMOZ3r_f`qS*Du;iBPl*zq(+RrOULYyZTh7#J{WvL$-xZ|tL9V0-$Lv+le z0=fYivJReqji&!^mJYmxgi|yX5n{E)!5TU^dn06Zq$!YsdsqjqDj}PwhA{REW+j;1 zXG_4IQs3qCqNn`H5yH?q{m*BIAOb8StVtOj4vj;ZAQz}xqe1cRY!oHUI5i>9o|sQ< zz52*CaN>5_Z^U;;&gc>Nai3gHdSx-khx?#!kwU((W@wvuv&ibeTU>msq2v69dLAP| z1@8Q(Qr4P`{x8}+($AgM<}r)ZF8t5!#hQ(5BWwJg`MA1e=x{#kA=Gll9R^C@M{{`- zkvwt8qiF~1fKU%OcfbTlDKX>de0xY}%)tAZ`%AN7-}j%91IaAg z-x7Iu=A62Y&4FanxUabOr6*s!F^u?Cm?buYyiaA%(rV~3;E}#EvQ^oSCu$h8ry!f( zADRqrmbMUB!~~yxK|4YGp2kGKbEJ%t9s}*ms(u#Z=}M92P$p24vW8lXy$dGu!NDUw zc?VkCfE^6$UX9^%#|uhidvs(0m{21ai>z0KAo_Ptdo_J26*Bb{Y-Ms<)iVjsBT39` zN%TRQ+oW`;!pydPX)d=|mgOz@BcI3yEH!H;<4_3uyh&oST!(j`AW~(~^fR26bCi(& zPb%(Pxp4#zFsM5(Dgw@q<_TV3tKFq0Is9f(h+6hp5qN^NgDGHGd=mOG3TAW^Mfu;u z5sujSGH(nH4z#Kz710{@vh5qYO?X!;3GvKBd&QwIO3;>|YD+K_2~=2to#3(_Z}Hxk zaZM6Po08&JaWkBIvRII@AF+)7QM3ZnO`nm5CryrVC3IAePs83uq3S`K83_3335aKu6y^k(bVb7T^Mk zNddo&>#SMm>>O}&&DiB z1RWY3#~!n_!sK9i4uf%g@qxpNalpaTMW-9jtqJxIdtLvIcQO;^jzinpT*7AfWqP*Upy)#Ix;NQwLK&HbCaU&TM_ z?;d{{S-5b`+v#ITtCFI2<)IBMTC*-2931j($?+LwjSQN~!R@b%FB6_GZOQ$tXhTWt zPhKIT=(K`fj4Nzq38A^=nb4?vj(3h+%E}R zuYCNzj{o}mz#ZI3S4DP`mN9gt>)cZ?3aIxS`Xb17mYs}E&j;D{KPO9?a7sT1S{~J> z8Z-bsQ;yP6PD3Q$ccm1e=7X^g)3Wta)Ch-jb$y%~g;UQ=#-5Q9dn9%u7StpoHCYn< z;^q6slh9lTJaQqb)UPV9%Ws#M>w`>;ovWcxzVI}w3mt*0@ef6r?`4@5Gl5{J5rp#6 z48VSO6O*=mB#%I5C7O${ff}cOZXaF`dLS{7wH`Vme#uR<6-Vs-b~ID^VTVWZ2H$k& z_+8G8lJl(nEwLomHyQ!#}*nV7YDXE;X`1wu@wQ|h69RwT>9r1t$F|{e* zh=Fyq?XRRXN~fau;h3m&MSBf0=#XWRVjQzHsx{D@GH56s+`$7$2(2jn!%rSrmdE;c zQfD9MVyaCguaGW`5yT3UdWWScqZMwsB*ThE@?a|L_*})JrRVvzGPE)ksQ3nm63yN2 zS+c4$w_w?K2UUd%EQc;QS!Q<3k#CV%-AxocCa^e#M(kR)RfJ^kAn#B{>@kAD&VN7s zQgX$uh=!9w6YegWqm3jc?XB&=9z^!q=O3|(DH_81i&mp6EE%=* zG(uRkgExx4>t8ncy#$zH*|$Nn5zilZud4L4fZoIySQ1Deced=S+=|>VEpIS*TC z7V-uzecMY_!a!LQsH68aqy)>SJ?CBttamJRfV zxu=6XDY@Oa4GzY@xQ!td(HKp;EwSnA9X;?1{WA%NOT2+M(hv<5?h0r?ubb^3#F2ly z5?mC8=;YfK;D(BxgLeoxPkU%vpaIJrJSr3GbZIBX24MQ>W)Rl1h2D-9LNlPUSI!D2 z(R%f1x}x1DpjSa*7rC2IJ(V#XGkfj+I$Mb1K#OagBX?p=N`eY|mzXer0-`Vte5&{y zVxHh<7^rVd&K>c%eC1s=b?*X(yNTf@`lFU5VDHV%PQBnp!onz1h76wy_O8T4eP|(n z+#$@poi=jDEW>zZJmPaOitT|BpfyoPfJt%^xU!$$)?w|+Lf^4sjiR9)F-VNW{dR;Q}G)X7q3(Y=N4QlgfG9MCFcIv=Add@KZAFzU~KNB9B2O?SF)p_LwjIn3& zHm5YYs2pH<+@dOujybHv?!WS)SrXCe|Ii7LU4|`*_k3g!<&fqKk-5dzFQNE79S~4V z`sn>6Ae5r!+ifRCa@FI}r4!p7B8Eh}($(J~vDME~X_!yj_AsT|PF^yxiR_mC4LRJ1 zO3d(bIvliwgcM7>2QOMI9p&!6rcMWCF6m<7*@!729t4aOS+`1oRCz4@IsM#rZ^n9A z89bpJ@#v#{*ORp2cObisZO>$>&~U zV5Ff;J{O|(Fg^3hPQl)v$foJ#PA|OZF5FFtWbG`|5t+ewbcFVhg`Kqc_YMHU7`=~D zh@Vc;-@l21EjnE@@^20|$7D^?>J6|W02DED_EKytG?F>tV`2b1Dc)+<*4onk5FO(a zL5hK!Mh`n5lA;#(NBSl2LTUAq`UTW{2h#x6Q>Oa(jmOd$*#ynH7Sjs{L4-RDg0UVO zMbF~^jzI$wNbxRz`;wC$m%SV6MisSow6JRLN8ZJ(!AW}rB7u191+lCzocx0f(v5dP zlNY2(8XzWldEv=zQ#-i){-5KU)*~OBp~pzo!4g<gm?162}zV6${UEH5J|KB zbZI(L%&5OrWUEO{fHRJ6egr7Pemf2=D}^x7!qoGwjedKq^&6-J)g3P&pG2y+F>D0t zVl{w27=s$Pl2x?Pjl;NY1lxc7jr3`Cr{q3`vbhO?4|{{VJ)i(~LNy)?_g22hUcto} zXDs_4mBq->6K|UrnBOqDoUUOe47zd-MKoTncoM1u$En(Jv+-;U%pJp^o(0}x)V1h( zf=luSsa?;->S1dOT}_*A!G2bj(|&S@Nw8$t11QoipMApN{)3%dAx z1-R-N_vpGAW%zGkcc!}68W@6I$w~joTZj_#tmRxm$;L@`eEsrhf z`;o5|JU9z1{gM7ZSk}(`H3=eiCMYX~ufx5QQC^r6Ycb1X|LF~>Vk?eLjNuTt?S$~w z3+vXLQp0T_6YilLAzc2+N2U8c|4XNg7sgr zVq!YpZKZ5jpW0j!f)x6hrQ?2uFg46vJZK)3mr`r7(`fbGuzKH9o6mAK8qohgQ3gry zx?vG7X?Wa%ULqbIzrgBsBuFEbQ9kCeV@|1jq<7c%E|o*vl+O3ycF5(@sd%Po#Y zVa#$3rg14Z>SbCDQM1?;ZOVhG(6pcCVI&QpZKH^>8}lm7envO(gvj9D7uv{!ZG^!M znb9*q3{b4Nf0d?&IuoQNn-5Pp;qyVa0HYo2p`_YA;ry(jG$^_-nlMMaU0KiM6i*QR zsSa>%yjuq#KSWm3R9=?_Dl+g;a3;!JJ9Q3A1{u1Kmv0iJ*P_(sb_VY%)pLI&qjYz& zhQ$RuG0vuK==Ka!r3!t*UkzZgFaa9 zReQrLxGz5nrLh-aX_ypWV!7vj@H|w&{&e6vZH@%Np5pAkt@Gj3dHXpR7)%C75K)&U zJwR#R07*c$zuyAt5r>#Hy>zsE8lHVq_q(SnYS-Cg3|rN;OX=O?yG6tv*VYEO98pm0 zWZrs#2q()MIlBM*MP2hZQTTVsuafcP@=Z|ZLC4WPlmy-q?{#W2zSzs4KUym=Z;`P! zR%b}iBV}{om5Pb&&1}q5_`tck$uAn+1ZPi!(AyIooJ!q1@;xRv@zBOB^r@yaTy7v$ zSd=}u#D&88l(;g{+$s1>5`lH5$3x$=fu(ysDtuE`JLRG(bUxIEjLeNe7L!n!4T=}# zHB-f1aM&u27&zNd5uTI5Tk5&Meq<&nh^liwfig0&rUFbFzBd2o3` zZ_5}SGfnUX`F&_5UqY=IL@In{9^upkR5uM_K5IAWQS0XE&9OX!hr>&kVPh(|n22Pk zo3O&aVLYrK2!fBd)9!eRouP9fasGEfzfrgzF0g9)3!QC%t*Bs;M#OfpSVW1aAHD3R zd$1xf7(c<6SdO3;5#i=YC{@955cEMKuY=EVDDIwf0>IXFij%XFRx`DzL4z77GpT)J zG}&j|zaNqi<2d%*ws$ZZLSoB`(RxJooq!Dh@>tyLE<&5;+|~ArGR8qP2D|y!};)+aU6{Zg^nb*fJSy)%9Ky z6^(7#CDX$ZA(N5diyHtva=6(WvLas;D4iPg_xjhVDq-;9%lhnsF~AB@xVXXCgW+o>eY*ECbbejni$>0 zhSx_GBZKZX6twMR7ToPvTu`bzJv?9FF9%lh4^+7R&&K+-vCiin&_QIZ+MZ zDHtP4kviyJpi&-Rk}@$sDbHLTFz-!lavii^<<)cKzzIMV|M2O*TPiM9>HQeBs`-5H z5DGSqVP9OpHa`=N`e79J!X;niRo(`dcV1=iZlg}L`B;s*I&A{&m~DN{oMmRJQLx;&LM_6RD~5bRvgw4DCmD<1uQG%m z&))x9*NU{qPUi#oL$CcEmNLrBeEF%+)1khs+~@SdtA-Y?LXDxzPL_a7ca+UVU6ShB zipDXhb5D4T#>wb zd9`jHV0eA?DA6~EagNz6f2NBW(2+v2s0JUo9enE|F7Bv$OWrbWv!WYZ@&(Z`r67$i zufqaxKr76l7)j2T!}Fa-2BlSPWc_@VGF8h9x;!XnOkEDf?>8eTs=kY(J~M zgrg8gJC^_;bL268;&S~r_$w-YJ{^pBR~>Oc&j1SwtyG zYRjy0w|g(~c1p%dQ#WX;C=%D8&+gm4N0scDWllR;t|YN|uxq#{IbFWb%+fykR49eX z$MQ>Q25ZV`%y4q(gq86>g90z{(SO8C^!vGqG6mru`{~uaR$hO9rSEXO6*NJw<|xIdSJ}R)C?dk=MZVNrX{~e(={KP>tj;KboJvg`;K~ z!LcrmvMzvR0<>DCctevL&9kOTgkjDByXBhz*r;`b0XfJ~6M53mO$XiG zu&_I(icLX1HjQA|rVVk8#w)UD#>Ax@7231j7lg2ne!pv_7(jq4Oew%5mjTlH#_SBN z2BtG1q&o+W!S&EL%}_KVd<#=^36cSEnZJ9hq=A-m+L@qJbZ;)gf2W2u(^hTA`r&CZ z-#ea+N`%MBz3e$Dzq=WiL2k~JJ=^|b0W{ap^bs6)??geqd?o)jPL8aBR=o(r;0o9w z)Ct*Pw?)&DFG7zL&OO86dRMXM_N8uv2j=H(!=+q4OlHsHJl9>6ia``JA)PHbn)dO{ zEIg2{-t;u%G57F|VbYX_&P>WoB38|Hj8(-z%ySo8jnbafOVUKv4koL7>!UMF;TK?I znU+0P>HI2t(gBM6({^wdfA>c+fDjQrZZfHM{A#VJ>m6 zLG7@hifQ&MlSO{yoDXL=V7=h`C}6OTB`uFhwX+q3o<1=DA&NK8k&;Y#@7>HB?$vYT z<-7B%*y`gYJZ@^xixzT84Y|2Ua`J$}b`U4Fv>qT2Q-u$*W-^+#Q5L@GTE)&MZRYJy zq}xr9PXE5gSl?s6Bk+J2IUF6PnG`GqZ;EE4jknmlKvQktsF?kq~Z`bB!|#ByG;@D(4`}M5Y16ii>8DzPO+Oj7;X?x`ANc{qn27 ze$hBhB;RP_ri-~Y#A zAhIctcp4r3bUydSd=+M41j2qDzBwo`>#+1T0M7*XjK_vwWI5-y@RP4KNMY-_X$}i= zLocb3QUdQ9Ym=E9R##tz)ECpqIm2lQ!O-yeGRBUp*C@x+xzU+-&RO;(Z3vqg8(w~F zvPdPcAd)J4I;R^t36rv5Z3kP0Ty?;K32jPy8Nn?t>fzS*NvlAOm*KQd|IYaG#4N{6 z;D#ctS=&fhBY%+L?NiR%Qn3-zp3#KgYdO+~XILlV2i7UUV6X<_W51V zqYGDUMBE1RNp@ z++rvIW+?^pSc2N0R_T5|mHjJ~_fmb)3zmF)+Wd%#B2I6qn_N z(JerDpa#x2y*<$J|7|YIzeyD&FnhGMpNt2gSru+OVErE$=#Kw+-x*FoEg$Hzn1nwL zEHoQvqBp(d<9ID74N@>FMhLp+bafUCpOIo&71{Yi2s|h#dyCjiv)CP$3y0{-mKcM8 zF>h5S9@``OV@4vieOMDuYUp?cVCqN%kN%5-cwKd~A$+qWH!nNbd|bY{Li$Lbu|QdB z>gDZ(itKDw;t^;K|JSe7P2H>|J`sq9sSUu%LoRD(1J)o0=ACOkE$w`A!}yc&T3)eW zIvj>XzFm8mCZn>(nEhd${V=JgR)R-OkycLgI@YvM_-%UXw=bB3ZvV3NDZAkzbunCg z7>q`x46U;mQ#>JrG>e8Z!S+rqXbrVJV;W30Kv265UC+F1)UjEW`Wlo@aOO^f`ONp$ z*a{U)zE3Jnn-}7BY){Tv&{8tk5gih$d~K(1tBx68J9|GNVx)-lOWW|I?=XqXSn2|Z z1JlW=xvZLeP$?n8>s<-oc2jeHO`V+iQJK5kr0T!PjA5~;zT;*C%UK;RLLUC=F<)(%nAGlEJ~`x8a$RF`y3=0s0{w} zghS(7N4=jD?;~XE_?B8hyy&}tq9p%r6iZ9ykBvKeSuB1Co@JLrn&Pwvc&2k<%Ne4l z(OW1npCV)!FnTBhNY43aZ3UQ>DoliJiHj<7V-*)5J#N;k`e^Asq?7WH_=M+S z0Vyu3k`|wF=>i%8794@jdS%eb=+frMeBIo0bOjU8=1{6+ZCc)~9bCNb3*Pmf``F^UjOzHrSHby7R ztkJcwwUqk&*5%X-@l=d?B^v+uEMuS$+*k3@Oscg;#yjV9r4-=`VXKGnpTg5KiQ();dM`CBM3g0H_cZq=|)Q-(k#CT-*EQw1#PB;4(iN*jV=@CMdj+D5%Wo0 ziQd+ZppWzm75h?VjKDV+^$%{)ZF}61pvu$|*--TBkJ9~7#$P~(m4|Wk zd*c>j@XYG7FLs^;xI6KM|D)HGDcb}e^%+Vw{R6NpdF-;pZ{=hr7A$#kS`V7GfI@$V zUFVYhx(%c*8&D}O^uZ9cbcaR-l-P-wpe=D=D>R+bV7u*l$Ml*2w26~9V=grTf9e`> z$=BbR>02SR_zWAj4(%7O(!51)B-7k0n{j6%FP3{7UySv^Y|NnTmh;+u%*oQNU)v(b9Tf_ZkvpN5FeY_O({nb6p;j^YyHX!axh+m-R2VX)`u<9hnQNQVYXBr#CzvX#Mh51*zP zzPa*K#C=ZeXU^JoIAbS+I1JZ;^0KNqY6fsR*=)I~0M1Mqw~qa!jyP(tTSQ7+_;kwh zFZ*tNRA0G9$|g>bFnBJHO$FX~-J+h3%C6-~d+1C3T#?%*e4lvdUuZ(~&jH|?%Dh-^ zU^&}+%eTmX&pV&?!^I$gAwO9Xeevq$FlG2_Ai|aQMFZA?e}4p-=zUeCtE2xnu^I1z zb#gIEk%~9|t?aLjnE8(YPSilTLKBbtf9Z*%U4;fTs3ao2)&STvLz9GF$k=6`BQ7rr zYkn3VdSVC6iaOXPeyox3A0eA8`47j>O~V;PLC&^9YJc3gFkr2L3m{73U@t~wbFyi* zu(Kyr@SejY`CVGfxnY-Ek@S8Duwi zKhn*yp&$HFoq{R=o$KzR6WMN)1F|;ja^W+J^jDsvlcmn&t8F`E)-4EQ_a*M&LV}DD z8pG+v2||M|0PS;KEzPqO&}3M3oZQP-!L;SB6|uMU`eKupkNJ>izW53VD9x4r0e3^} zM%3F&brCj01jwl(HRk|gvnjSY1&;PlGtCTbsulZhYZWeOt#nqh9wv$Tq{W$Qg>+5^ z4&PWmzl7js&3NXClEF~DRv2#NDrd$A$Yg&JVYMBDh{FG6MDc!?V~`l7LN7Cj->GlJ zAPC(5eLQFmQ09XhTBI0E3NFcZ9XHpX$w7(FA)sUpOvH`bxHKPGrl@V`*DGtK^vdY`N8HJt_mUL*DK`pE+lP=S@bkD!Qi^ai9v$|?vmW5NctJQVYv9N5wMAK3;8!-Xxmr!MOj}I^I+Igyfy5~&Y z&cR+;SdC=qa?G^|GB-RH4@ik)Ubt=mnm_80O!hOT>a#{Ml-#~yW*ICk)S*I>mBARw z)pE+a7AUO7%>Tlbk;&fXO~06|@KQn&I)TTHZ4U8ZwvrGS(R>XmilyAQ<6kPr5*^y^ z4>J{%{dt4o9Lz+)`)zvXeqON0+HzF>=8zbugTS)h_4)QEq9IbirtAHSYU>ybI5XrX z0qF6=tEYF8a`|!dN&WsU`QayVv1#4&2s^o=c%^{*Dmq>QDX4Y;+kQpS7JwH^#~V>` zBj7`pK|vNlloew3WP3aJsAFGM@6$@YtWI>BLLD7mfl&-}+UHq4?TLhNSjpn^n4I0p zUBs#O^CSp2UNk~pkX+X85FheH>oYP%AsG;rLwF+aFRknHtVM)_y^2>CP^Un59ekoI zf+JOKu;M%ysB(8Uq*nffHtx)KO(r^*;rzkb+R(LM`G?oljRs>pr8aYvPpU zRX7jMDM(fb0u_{$nHuOlJQ>7g;#KR<0BU>1giA%iS|V%<5bLiM5BcyPM|vRE!=(84 z1xLtAPCx4F8(|1Y}gQ@#o|XSah`!?}F)-*YZWP|=)XklC|O zhhG+o+S9jljl?yY&C1Fgs)GMC!*mYC%u-7`k{@8I*{W`v4GKNWw$Hsyr>^a`f+Z$k zkhZEEwud$vF4?If(-;##Y#Iw!{5)AoSOaJFEnDR+LQ@2o7J<;b z(+4~Z_r!7q1kLM5{IT%-iV2EFznAV{O!v_A)a*t7;ak1so?%CpYLO)KPo;SB`$EkM zU%;_C8HRPr9A##+q>b$Jb2tb6Sz3l21U%vN1gf@ltUW&#d2cER$ZCmw{{Vig3+Xk% zLEam%Y##jIPQ5LnQb!kpw)q6vB+_>#bEiE!I!z{A$wmvzRld8_Nd+C7;i1vsFX~zo z`gd@fj!LBht)c~fUTo_ZpPO&^mFwXi2m7ng3+ws9wGg~VE30B{+;yfU=0dyIT!zc4h_MvG; zmRS^FG3I!l@KvZgGkw)FC}6~x|8S?y*8t?7?>gkPrU7L2IPbcPYAetDZ=XvtJS^M9 z%%IRsN{|jSlOh?2AZuG*_T4AmV;dFD>vt;Q_8$I0<6ZVdo{)JQ_~VbsBtU@o;Rr-p zjAXOYY&+ymA`~mTzZYHHirQXMjfv2scDqsPvY>n-MMcxIZ3P2MytBM1IwC zr*Wu8GpR#c9=w*4Yp^rLyN)(GpB*`W^?{MA&P$D@xE$(Jrs*LeE)v@@BPL`hC3k>VJNTiR)oeOaninb^k zBmAqw6*em=(0^48a-~$n8H0l{NDH?}xJ2mPGe!ep$+A2>tA@BEiukbq-+iK+P_5Yc zNEd;Kk{#?L{mC=&>9Rv|^HKJ!!+y6XS}sI=SRkVks-XI3BTaBq_8YmWVPlxykV?69 z)oy@t;&Kq*%`bu+-vf4~x>C?p18)`L{XEfy65)d;{RBPeyI!7o#a+h&% zZQIn;U{jDo_^RtwkvbTB5C$?`A>j(&GBb5zSMAay;0&%VJ`Q;-P&|NHhyr)U9znLJ0g>3^0Z9!x0(mqsy%ykECkHs*mhANnD6Vn`)g>CN;1 z29k|+D33v!UC))67V@a9Ys6Yu>liFi3c0&Lhi3{jds~vL*mQG&BOlfHAR0Ux$V8!; z7m?fI-K-Q9_JM}YZo>?L#TCEB=fPlL2!k56dt;zQG(1v#^KBwKnX<8rs^*#UuPq3#0vr@jSU(3%76dg`lU5XzY%q~m*s>8@x) zK_$)!ANc`>Bt7u(4>!^}4}AJe<(b#7vF>s%EsoTTp9Jk{9wW!44#ZD#9BA2d+NNAp zd-Z2z1QNjOm<|;m@Q+zK$mOxRlvl7SbTE4|3ly75pu-+HCX7_>xyoUj(|`jZETOeW z>ODnNQBQIWl9u;w-h%LbZn_gj*!U$J`5&}@H*ov01J2(=PZvqAuBs8sa!DilYG3<| zLtrtMGjU6XTHZ;oLct=4E?PA5DPUGDVVd6Fp2|leQNsHuheDrSh3=2%Zda)N&$Tw5 zzR<7+K0{>r6&Psow0zZM-_#*Hz2sCEzZTn;Q*XV`ls$)roLFmp_@Me@&_7!e63Is% zkhGoO#!cTqopzvRG7u|i_jsBM%qGWlMz{?wkpq_6q}!>ZHv%FrVtAQrza!*Tj*kRs zKs40+pgRcF$&a#maH1JgwXh(?)gv%kY7yorrfx0ba?LUj1<__?gEm!?f6NYBN}K6+ zfG6a}3%sAQhVGL+3mtLjrWF3gIEV<&hs&_u;9yY_lLV4dpnxK4Ci=JM>4M+p?J>y< zv&&kDe{if|IBPp!8Hy`Y?e`lRWmr`sma9A|MNn!N5!+`)<8UziEC_3*dDF=e{IHz} z>@qozL<)$6dt07P$U9P&=$*k5(VcPxC;0kU6Ws<6FTt&W-nqR0El=3~LLSCRoF7DR*=k>CCGtBC+_w@KFn+Di1`XG^bA z)O?PYjJNd@ubnmD9Ls+CI=%#J@u=Acj3i8h$C+n6NBInBmP=Z4>PJIQaHZL=GSS?rD}(kq zO+i&zjx9Q zTP3U|d_<~bvke6}uoDL~8(PfSa!mLa<;O5z%lqW;p;7U<;Sn6NVLtlofbg<%CDme4 z>(QdsQLRIo4kki+65ZVxQ%?Q$j8k;;>P5q}Xtkk|y&I|2$}&fpdRk$f$BrV-N~XZN z2gSuBl*LmAh&eC7Y4*u`0y-lcOLm0saFN^lt(fDGz8`_*WU6Q2zth_tGnqC-m6Afs z(J~p8f;RgQ?;YC$ljvPl^g2ry11|ryee3U4;EV)!-?LDebWcrjFJ^czh>AHGzT-GY zi(5I1JsV?@0Y@BF<=hk{GRXmz5Z&iXa%SNe^!485bBnx!RPAd6sIoGLUTt#F0zk25 zxYjuoGnW(alER_5vU2;)@t}iuazQm~hc|m&pV-{cCkN9@A81Ntq6I2$Dk;uyW}n8) z4Cr-SYV97LR@14@0;EH_2l=A#TjYRUaqr$Xe_#pGbz6(Cu_bjh)`ZpI{+CwlwIf$+ zAvo$W=RiUFx(6U`iW9pS7#xEqjO>5}#!$A)sAdp4VWXcOgjJ;Cj}^vFZFm{@cKeFv zE-`K1n)-qaWk7@oa#jv79DNWqOKOa+hZxI{e29-nmG@X;bk zQzQNMaZ%9Szor@~K1~@m1W>f3&F?kx4N-RXE7kG)ZZ@&rUXMbAkIva?figF_hIH9&X@zJZ(OZbxx6$8SYu7wI0Rj*H!(e zd(EZ?*_xMx>t%r$tK0Q8WC?R6K*rFn?FLU1D5>8d!cThZc z;huwxoqJ@=`F1>3Jj(y+$w*QU&w@b*3X63mAT*Q(5B}roReZ>O#|M4WIFkS`@X%3+ zqsUgAIvqBa&4#P&J5?2^Qwe>=2tb^%yz%Vv9$2Utw6sG!YxO(EAEgP_tOgK+mYhsR z#?O`*E-9YL>2KzZqus`U;iflts9uOKBJd3MF;;A=*Q}2yHt?oidC{g$Q!|OafIf^WU9ow0;)ZPUEA_i zT9nyIm)iX9?Tc0UfYCs~el_CSY~e8>LlSee^q9S?*qIv7yf61c@_f(xOnxx1-d!?c z5IkSmf~Qb(fC8^`+u?h(EU~@&88JhferprSX3VYrSW!cG#YJ47gFk2(W2{lBusZoT zU>tlp?od1Qfvpfg_Q7OP6ePz7m_x2|B+QH>@Ym0kir-!_qS+02R{DEFf~J|aOMji} z#O}?Om~l?Y`7|m{P%Z6PT(h82aL*RsBim~jZ?FvLobMi9<9V8_qJuVecO_`tni^u# z0=T$=&R6k01~BhNbBxQvyfVDJyS>6+ZlPDd0HH-3J?}FmPv4hZ<)Q3{r0nWXBgi1f= zF;441&WnY=r&q|p&0uq-)Z^|Tghrv|H+@Mt z&zQyVncTd=%`GEg1RY;4xH16_7)=2ri?Khd^xiMYX7-1qT|jKHV>biX+m@{@>FHqH zgiy)SFTPnn+TU$+FEj4bTS#kgY=;?)>5PE8$gW_TF7f3 z7cRThD@@%zFV+5pf_o7IGv&Dc%Xb^|3{Hj}lQyBS4EuTS_(RUUINcFT?KHZr3*=wK z8~(R{r2yEfplBhO_ecClk-0omR}{8jmCIz>C}jrVSkNy@1fj4CMTTcR^qy8O_S6AQ zht#=f#T$P$qnQS9wm{M6>xupN(A?s+c`+S*^j*P6&=Y?!gv-15I&ypdOb$i2DZ-bO zdAi#T8NGU;I@-ajTBT|uD>vjhTk2a(lq8YmmSCf>Cux@O=V-WN>-zcbuanj`&VO#w z`WBjr4e`6Ye%y-2&o!QUsk6n#~=~D`ef3?|f8SEU~T>n{N!5 znO02Cplz7}H^(k2a}~b@g|1PNQ``so_;|ogZjWq$wWzLc7JBnM!m(+j__fnYq@lHg zsmJw1d;w*`XnE_|5!G;7NbdhB@=2L?2`G=O;K8Wo@3Yp;qDOCZLNFU&8IgiX3ES{ErCe ztOgn;qq@WU_b3yLxgB&9$5EBhDcF2o=PKM{TESY7GV#ndPe=UG>;b=FCQXqEbeglk zwKtD;za&E-8K~mQIkavqiV-DtsZhVA+Zw&jw?}r7vpisTG_geC#s8pIE~bv;4}^nw zyU?dEtdDIin#<3MYv)z7cP3+TPTgRb5;uUHp}|f#@rmhhyQ>bK>q~`z2PNPKecx!I%$df`VZp0%!O<1bb-5`?yzPz6bovN#3w2;(%IkYG#kE5>ZTE(W zq3(F}dMu2^P@#RF-TB!MNFa(@S~QVH5UcMc^WYMaXDWyLeWu0M-*v|QoO zp_!dd#D|qd_5I1D7T=?l7E++PGHXm{S(Bo2a_LkP2nIxyMa1IbtEy{X(ep#yMcep2 zR3hk4K@##Fxcfaqgc|r6mP53iQ>yGAceTk!-O<{?R1lvMg-IZad}R2eQXg%Z!` zG^#Zk)<09?yc|sv4x@XvdoX{nB(M>~1VS?JMIlvUFy}N;f=#iq(7r+z@@4b5t_EH% zj?i(e32K`WB%=Ixid--AbTg)*Gb2jtFbOyY>< zEdo7pDHbmH{~efEG5mo01`AX7m``(f$=NqtCu?|6(Wp81`0T4`+fb8EmTM2!R$r^# zjIQS133i<BcpK_y$ZaHyIFy(9G}rM%wYw64%|o=v}>hKdNT6O)k_nVc4;Zd24;l zJw>M85?75%Z1F@WTD`}Xm(nP}&L{*o3_5?y^dn_~JpT9nep-y&%z&rVSqREEwUvYY zcDQT-zYv;5lzk#^SoHKRX?@a?#OY!R{#JJozg9*9=i-!$$VWPYD8!CbDii<;PwbsR)1ze<#gv7x^(_(!R8BiEOQ$2o@4-J?C*tjC7HO)!^ghgqz|?cT z`t(Cg7h@i+kAap?DSsUJSl~wqD%LFjxZiG1Y`4dU(pX9ONo?%DhI(U^kTVeDPd$Do8ztn-vL`A#Pq4VOP)!RP*29 z3G32yShr@Pgh#Fs@SajWrB9^CtQ%(?OJ_A_7AofS@RqLPj6O-_OK^_S_I9|m&^rE= zSzFJI^LRS&WjB@jlWVX)v1>-ntdO@CCV6;d(O3>CC!8iBMl^`=?u0VZ36j8(g53kX z{`V-I4c^ZFO9J?K6G|*WAwZC%f02|8vDDy&J2j3OfCiaT2cH|{WJr%|oCt=aB$gjm-JDVl-QqY)ORR0eote~ZYSRo zDrF|IS9K^mTw*<*grqo4fYs%mx%Ho#cU#;i?ga{iwZdU>mkCv+BIqf)X%o-L>3~&` zg^9-?*R-_Uq}-T-kM6iO@Jg3B81)+bN??)qF0 z)@^>Ik+7eIkf4FwM(rUQBylCMyYf8Y5Nit8HjF;#LAKg-ec z!5VXT%j%LZYOHoes_t+jhQNewx{K|wf>!9ae%W(r6C*in_Su1YsJB|*>=(~9R>ERQ zp3WQgEp;$iy4qcZY6rh)J5}S_1Xp#Q?*toLgN}24a)r4e4HN=ZZsaEjWqh3wYOJgd zWooWMNYl*>&uMw8*vkQ#{myG)of{&khfHj$u#J;{?qQJ+ml?Cj@fDfP>=w$sH&H*( z9byVW(wD(02DlOY*|;`2ADfGECi*vQymARf!XJH0YkPzcdoA4wgk9ZysJx}pnznvo z@!@KM;V1O?DNALDLc^ULmAx(WubN|y9DRzLw^Yt=7KY~dxxHK9oiIp@U@{}B;|A_%eUa|jczReL2 z>_#!jisA$1Ej*yDaZ0!`JIv2MV}@W{j}7-7-PGl8tMZ<<1dP`*FS2vOy<8|?O^28I z5dG8Gu?yY#E{*-{E>Zm(W@IM!8ZXH5w~J-;{J?UVF)MX`_Ku0cT2_L&aT3pspea{r zCV2olp8-Gu?Wb4yHUTe@V8HbXAm053Hz)Y+$A~b^9(pj4nnA!Il7r%eKm+Rch0#iBR)}3)7Ko~ zZKz%+t%x^h2Z0-r$A#~gQ;ZG=+_klXlu8t%;cl7@rGpRh)s-J|V@yE5ZQ!FQ0 zj5Ea^u5T&#<=+T(Kp;JLC}=7V70V|h*hq=wM`Rl%`yZ&-VoHkD8G*Ph&3h#+BX@Te zmS;LT@qURZYRz4lPsVkFd^ZM*luYAs;ODdDZ3VqiICxRZaJBSb-0$GS_Yf}ml|kafyfg8X2Iujj4Nr>!)9x`LYI^8Uiw-u-ms1>%)Zr`caM>mSjsvLUkIS?V_au`U z8nbB8T#`4_&f61YvRoS#3HexeUA7pu4g{!$>0m$#^_*_#6lm(}Fh7x7 zfK3SVnjYd*^X{X&3TCBv;DH7Whs=7`BovWMrD4Vxrr1F~)6+bpp@|swEQb-o2l+668aB9H}qZB3SpNL;pJzuP~uexq+$j8W# zEQOip4N<_7!KMQ`Jo$t?=WAQsifPq*awSW+`7nZLAdzQ_Zy>^WF7@R{2?xeME3$p4uBLZy&u%g)jym;=qsh)Z4NY;W!=7g{E*jgbJD)x=U-3Emt#@g zzPFv(g{lY+zATFK@x+^Q!4iLVt?mQtBGp)HM%_wg3jb3^TTk+UNLXbt6LHAB`tj0^orSc3i}!u2N^!eV*?Yvk_ncr z^632+2R+G?SGpOvn0<{Z9%q1c(AZ;}O9JfW5cztlf@P}Rmt_2_uj$biN9c2MOLi6K zE}Z`u&1+_|vesj}k);SUjNHd<&6D%`G6VrMl<%?%!hdW2|>Fya; z)!BYKzN%$L7ah8b<>U+VZ3`wS?7S(V^BVu*ar%!uE<4LTZmQfHR}aFZ!v!wH3n7UCh#zqXyrh zMoKE(NMopi**lAToNB>`@x14^uT_jWx|u>r7SdtkTLd*yr*JfHSydl&O2~1cFMa(J z_gO2fSV$fUKSg;{7BYC@2FxtUeO;t~XsR!R9&GgWSrE@${CDc6yEU|NE9=M@Jf7hH z<3P`j$t)yzZpxVq9{-ozLv_r)#O+GbU>|1RMEV>RJh3vhiG3X4ev$JtDQer1g&OC{ zRk0U|`#ON7cH^qEh<*cJIysSTZIG{>_m5#qn6s?bn)Sy(RdR(7(hAm`VT;{>6AGa{ zR&sy4d?4_F{vqUlR(v3K#?j^afTH;tBsh||L4w7hG0y}loj-9sHV(e3ulG@|1U>l_ z$2qyPxD~YuMEDml83CL}F2j(V9xbW*g}j(JH|rd`aVU<;STG@oxRVNoFHi2GDeahm zs?VcBYnK66=8un>n)BA*rUk+kyAi%QmFJ}ozU@4iY96I==sz}yP&bTW*r~uU^=pah zWN-FVh^@!o2f}q;t#sD}mE)lw9nYtkf^{Mm`leRl=GYrN@Y5TwKm=qm97o2(3@UUn zcZtb7DU$DnA4u?L(vM)VeiNlADz!rDpa$*0f<|RJYcV>8Syo62Sb`Qj|CnaK4U90L z=dx~$x{$TTR^mPOSV1Qk3|(g=x;3aSrt@67`dAO@0g`4!8w+Uxj_{8z+~Dt5VoomQ zfaR^3r9W?b;=K2yV`nY4aK@{c*n-J5Q&X=AZU(HFu(2vxW8SVH3OOXxRs43x{4tnE zl2Cio+dX;1Dt7;8f10raCe>046=oe$J*){J8aPr?vi#Zl|4WAyPpzAab=LitC&ccq zkuq~I%&V48{Yr5(R9XDbKK6)K340z}C+e(0R_-#O?fa643c@YdtdBk>kO5)dy1=R$ zs5zfJK5q4Teppkbvg3NE%er{J{JLoj3f<$WLzaa7;u6QGXUs0)9YJ{oT!VErq=h!3 z=4yIih76l1?^l2RmI`ter38uWju@BT0aWist>UdYZP~kXHg4bgc*FU0+`S{&a6-K_ z(T!gdTCUl^IR%=k9ezAvFM{L}_?UeZNC@w5ZTn~FO&){e536OtN%C&G zaM!{hF?h-;s*^L#14n!w?WY5r9R+)1&+cI7um^_HDtpat)UZlgjvD_G1lt`r{N4bY zrX$yc!QrC@a_8M*ezGBF*rH=~^0pa%z{Z^8tjvUL5CWt$fp%bY(q;9}Op&Z!yJ3GGmcTB#LZ`8Kn7}P+_vu{3-UL>ZAYTlE|12}Fst2fK-VMPS3)ivc>hH2(t17L}Fs8K76 z4DuIq$N=hX0m2QM?vYwf;(p*s$~_7D!vo3YFuhBjZMgt3K+eC!!$Tz)tQV}_FOu*W zj*{p(rPLH_ocLV#V3J_u2pD*x>KiGkrC&>{m!gn={kYfMGLp%OW8=&^Ds+>#=QugH zLRIU!12{Ie12Yk$pOVO}9N;P{XGoKXHj{gz$*Il_R$o`l5R_{fk~KDuhT432p7;FH zc1rwC=v1E_+Kn{_&r z&tYfnp>_7B*^ZHyU)ZnHra)Gdysm&^AkZmulW8R350}@u;ppjw;T5yv`APfEz0!(CeJ!gN?lLII*1@ilcnEH-4sW<{&iHa+|4&mC*ru%xk-H?Qus zQQw~TdsNF&Xh%6bQr2?kssOWH2tt6VaJ=bmNOLcGSu*!KZ|@YCoVq=*F8cQPvgy0cq3Rn`O-MqBvi_i zU~UZktWAfHHlJi)+iCa1=&OLw<5JoDIwlCZc-oA57Q)$ z$$A<2Y7!w<>CD`3Paaj5#*&P^sLanzKM3N_N?&r%?)X$rb8F{n9o!dS(ENt7*%kK- z`gq$uebKMpm~)3O%y}^})MZtOtk!q8?XQjR*C1im7DMRMFuLc2dn9#Y1~AdYiZbq7 z(lppzO+>y$S)?#l8_T2vkol3kTq&f#_LAia33DC%Ez7@ zw(iaZAd@#)aASo^ec|LK&w-bn=Qy#F!zbNM4I=xqH;pSS^kG)FuIk3hp8uA|zrTqQ z_gFZy$tkkm-|z+NF^u$qo2v=g+Z?Nb{hilF!YSiWz>vfa2hracP7q{WeR!bd2!#b|DQ1B#7qzb7?HGg!i3Ck)=47OI4bYU!T zkkZ7Pc?b#SBNN9w0mHmW3(gd5yjb!$0YHejF90pDMk&kvEg5KviWf-p2()d)T5)EX zi6$p@6$(vi@uIcGd&2HljE?Y78rBz@iBk(=-$5UO6}$IXPbDEGy7?ShRz6hX%onLYs%<>dwSe@w8V*BVb*SDY`-6q9Iw~CiObt)c~)cB}E5I%*o zC;84*KaSt);_4~&9YTUclz+zEEoOvP{ZWQ!*hjcx=4pg4nDZIF7$03<1Y5%9+j@;z zd<`^EfYR6gD2_>fB|=>I{@xiR%A`>lnLlR)3a@ZEw`xM}OePgd;)on!gY^BRThpFS!n8tL7?!oXHyo*i4M{IZxUR)c;?WX8!#J14>n z!d*c=K62wxpuEs3`-olRvb)%g@5-8?b`AndRf>~?g3naf;BE+&}f%7*~G9rd1 zAL5e9s_adU){l|YFu-|V-;nq&gz@q_UxPowG}59&vL%y+p*M-_;rbadV$r!EwI1^i z!KOY(kszQ%B@|o<&;XynezQXt15rx=Q>RSk*It0f2nr4AjmCBR;c}fqbu}(qE@>^H z%eJ!Zrx*`tg^&=!O}pL&FxwP+a*^T$cg+ zvNRCY{BnfrpAQ2{=|8O~{Jcj)Y7XO)VURPChlmQNtssim6MO_whm`9zw;o5!$8QwW zn2}4sF6XsAX)0f1`PFWBLI7)M`fCd7?p zN%G5)pfE?vY40140ro~#{In*AS*`Eue)e{F3J%KeJyD1^frV?vX9XBHjt);*9R4>g z#yCF_l4tOUH&(D>Blj&>7lw85UUZNUm>vu6w8oqOjNWX4{)w2GzuS|Fl)+@dVHvoO zGsfM4dD-IM00}lzXdsptpS771vJo4pQrVfB1oJZDIY_#(8kgr4==Q75)|GCU(ej7z z+%avs%m`h=@Ms)gYk8rstP#*2Ew94H(16oKQD=pog5kO)HLCmk28zG$<~gwctv*vT zJ>3RT5oJRpp!2;~VV7gm>tW$=VYN?qeJTx563=ivppqEFX$(%&hU%ftM%G$Y;L=Rc@dhkG;m&h(QpdtYx zCPy4{Z)f{6{rv$0J=IE11K}7E#th%a!)(lRE#@Bc6T>w7tLBpJcLaCSD-vV%jiL9a z0oK_>qX6P({zcgM$@-lMTv9V0^SQyPa(qc95-HY_o5nVyV;oJ5CwvzcTD&exD13;| z3JsDd)sV6RM45;y%~rbuQ*1~UQ@M$7gb%*o;{vg$4`h|}wjIh(pf#BA;!d-I1vv$@ z;#(PD?lEbj(!ggb=F=3r)X`bySLL2ZxJ8PAJ&!p9N;+vGI?; z3fq9TzvukM?&|m`IHU<1wiN)`%=g>pg%Zc;kS?fCe$Z@l&xKAW(VA5pd~8%8J}KX_ z^o$gQr`CPBaOQ?&h(RBu{?JJh;kgM#tQ4bLd0sQjpl{;2dLg?g3@`7x^XO=q--JB? z6$+TPUjze7lI=e-0mRTO5Nm*dnN!NqB5>czH{2BqersB@efaHHDz^u@Y`bd#S@n?6 z5Whw4R(N%UnIWs>ugn+;!Cia)B`uLu7B(Dy=n{vowDV|M8#x{`nla2N?Rk*y4TI;tGUPGwviU5O5O*!Hkisp8$*dVgvkWFho}`L`{UPes80Tcy>6-CEMaQYbTYJ^^of? z?Cf5(&oPxQtT2W5v~DHqws^n?g0&Om@1M!y=auCnVW{69wq$gv?+4ks#iWPLrJF(! zNH=tWXu!=R{N1a;k&3QcwPvbR)j&&GW{9a|-w1amq-uy-Hp3MTh8WOxczH-&w5H~3 z4heIRT9xLoS*KgA61dWkMa9t%+LlA z*x`&)PZmmz$$Pe$DR!G7KUcoj{rU`zM6*VygSd+;f`0I%?je^}Y!Ae-9fdfOygXN7 z;?fy*J$ZgmFE#${2GV(lRK>>2CDFqY)VuhojddkF!Rv9n^fuxREWG={x~fYlWz-!4 za9W_>TcpmW@wPj@d^-M!&+bXfug$|sq2?Jij%Zr~Nb{TWmYM^GJRq2JgJolJ4fYxW zPAfxYD_R*TEA@Ba=j(1*e=fszmd}-IO7yAaf%{&2W?+mYQ3z))LMW=7Sr?&gweHQj zPBVR+Y{Vo<$#t~h2NMaE1RRX4n$EIAJz6}C&p*QyQyG4I8NP=SFc<^2yj@GTcCre9 zd-?dao%x<8R+JgiG^}!brc?k7k4+VFQdrCIIhO{RVGMXGFWM&M18omqxu@3^xZy`c z7h;(?i<)XUaitFqW~-6clO2RWYfegF$~+h_?LI1dVNBC)TXFq9HYh)WxR|&Qa6l;} zN6;*}9Ia|9Z4#y~gd45H5Tlaym;y|#bIV{L3tJ=rP3x~yvgBS`EfNUIe{?-h;pg2> z25a4~Ms}zgES+yRS@y4*VaY74nRV*x-oi2|O=kd>;lV)I%R9$?%a>N$pM9l2+kDw1 zsqnK6WJiiGtaXC!2iYmH-!bIWf1|;QH`}+zr^b@TLk}UFcFjs!v`p6Ev~{pmwf~V# z<*@h?)g&Z8;P3F99SHq3;Tq$QhR+1Z(b*Ce#>mKZ%1|}SjWE46g_~}8M$I1ctOWR| z9azm4(nctB+UO?7P5=#$y(&$mDNzh+{^3I8B++5z)dN zc4BDe;6)550IaM|h& zAFN7OZVbqYNR#P^i(^Bkb15twuKr02TkA)Wg2Q7~!vk+kt`jUFa`3K{CBR(oRA2oM zf?E-)qIAd}xb){L;}Wd6`XXvHdQMP$uxCoz78G47Lmdfu1KM-X@tIFs*^Cv*oJ~nc z^xj}*R4^zO6X#TNJF(w33VO1=wpusa!zqi2>e9dK!*-&6-+HUyfnp7ouN1Vz8wxs{ zoEMAY0UKMgOUI9?Ddvu&6%Nx|h0F6_nLr$u&}XE!;Wqt({mHnkoAhOwsKphcs)lVd z#Fxt+rIWS&hp(<|M&VVg543wRX%4$~XydV_mnUs8C3@zwdMmR|8Bn5gGoUM^WT7!& zTgj)L&r&dH17I|6tNq!*nw;LX@WFY0+7-rj#Zu7|@t%zqfoQ3U9mZcfc@X^(JxZD$ z7wQvC;RZ8e|9F>OfagsJ+@{f1v{`PMQv)zQkgaz^Y_7;kMIN}}#D31|TnvGvufil_ zSfp~L9AeC^PO!vM^B$irBQnC^_EnikriHPb_79C1sPT;m{I96fpsTL&y|UVNYpte; zDn_P&O5#nyL5spd!u(mutX+QS+Ynz9S`?L#OHr&N@-lDSCWQ`6%q2c+CHi4C;i6-% zI)Cfb>xWq*qgqr1b4Q^EjI6D=iw1!qO=#>wgLVKcyUvoJ2EPB_0b)uP#KKdRRx#EY z5=hWAx4mxPN3W|}>MD7%C3ACZ2R_e;<)cWbYcftxIDSIh-k+(Iv``e>L*pM<0y$^p z?s79{K2MavEAZ~ZAY&u4v&YELY1A^J#;bEzc->c7ng|}~DuZB>f{j9sN+pSQuKRvK zk!6Fu6-JqsvlxaL)NopQB2RU>(w><>9pcv@STcpp)eOvw`L?~C%VP{reBUkvTVv$Y zVcQ%_L`SgMC{WnYLjVv*(BG+j2cD8{bpaaVa+DFS(fqVgVn2wiU zV|&-sl6N}bE>1(r9@uLSp?~+0OZ-vB=rSo1t+yc}b(MYM3ahoeu7RO0bV_WR)-q{e zPo<<`@w?qNct^vwY#{cfeWFGY9YO-+%m9<)wP@F&1E=G}VdOC01u+cVTKJdJ$`Xd^ za*e<$BLr&*N1OA^UWZOnjw|N5q61e|hpSq5nr8U0xQx_s_CmY#O`XsvdHKfkrcrf_ zTC?*t0e5fb;858&LEHfdANQ;3jhwv;Oz)rrXU9~rZt?RTEBn5+5D{j_4nw!XsyS`7=N+#mAhZL%j~(=ULp!Me|ydObu8 zS^p&Y!;?p4?EIMlEDwLuAfE%FM*-MmFk1ISiovy?ZEc9-GbFmgQ~J4v_UuCZsEBK0 z#zQ>M3wVUMTS*8Yz*>bUSj<{>?C2~(p%yL(WwYXuHrRb5m~MQLalNrNkM`#PC}W$SeDyws@g*Ky?bDi*rA;4Xp+L{eCJ~vd`!mSpeL1@A zpk>q{9NP9MQMK^$)&bauVoG0d`HvVB>-8*!bp@6&Vq%)B%t)LpUP5ou(1hy1vkHNp zt>Hx;DN9-U%{(6ykG0Zz%6eq`V!sEXF6inS8B0Y$mjLfe{)4cp^u{;ex@~H zqSd^??tV!v8FxZmJ<_azl?K!k- zel(53VAQ&DPw z+O`vNy-zGHe+;YCq%06bSrkmgQEtFMun+DF`GOA_5T=F|bp3MPM0dOu^zg!A3UpPm zF##O6b>>b(m|;j1G-k3y$%$k@~5{5r`s>XP{dX^PY5q z<6;IT7EupEHRY$e1+D(3dh{jg=!RSdVFL#Z04vzUDZ%Slo255V)`JrhK8NTNKLrrUNDhE!GRK$29|)%G;h3!F+-Y z$*t}ogjftvQnNax7{8HWI*9zM<$=jVuvfou14=1fa+yOSkESUg4Ava zTJ^sYtSTr{-N@7=HFhuMkd`K{uVnz53iZ9ef{^jw8$~l26nnSam?=nPs+|-Np%C|? z`bOPH28=@R?Y1+|w*WT{_3C0&;}^Q+|Mv<#PVo9|*2tpg^Oug9hK=xbc45@FAfuz| z*X5oW>h{%Oh4hsdQy&umN`F(h!ovxVe)56SA>`Axz=g+ul~~}_3+Ar_2?pHh$p&HW z_qp}q@_=#6yI_%2Ss=z*9hC`t*SC1m|6kInPb#IrPACMsLNEI>pfa{A!3l}3o~e8_ zIkyv2%bN~F6u-kqNEaYP$fUHHsreb6d&s+KvHFp6Z2l&M?3@SFEgRygXQ8?yCd(L; z<*NrPF17)*R@g35gLb$zf@sdMOm8`+(LPJ}&IAHg)#bo%7!dy@u!|r}XUX71{-=8{ zJ4=wo97;~vqF7;!Ayqq3_p9cXir{Hqm3vwVRs$%3e5C$CZ8EkeE0URFqhMB-D+1n# zM0|X>96S4*ehIDPbk)Q?Ded9vRA|k@)3aM`5eX@BaB%*`=o!_5*Ug1E;3FgUEZKzO z9f*L7p8|HJ9j?@F`9>0j-?3?9lpQ@P5it-L>P4u+&?PoLG;MkITvoon#?@LiZtq#K z_M@p=!qIwk%PED5XQ$+u|Gb5{{*kU`KSDvKyVBUsnF1KK%cmgTI|6TAfY(QDcSel;zQHJi&n?q+0R{rQ@CYNDdg_FI>x6Y0O zIK&Pkz0>^;uNg&%Lm(9k7#2*KTj+s%ONwrG@IA%ku$f%rlnVrWNOBA#>b4xk&%%(O zE(@hPRnYHXry;GvE0r6R^h5S8iUk;0^7X2(&&>w-m8C`YsTo~gb#E3OKS8+6h|Wx2 zn9~=ESsVVT6Z1*KozUO{g@jY>73y1;**m?46@e)`;`DUm6MVww}pBKsuE*Z}Lo zGfmmb23ZI74S=I31hKcm+JYFxvsWwMUilRH($F7D#+;bcV$q_eA8x*7V~@rfcV zo+;uj;CD_V@!h;0h9L0sCwQDIn4n~{2B#3-p%iLv8jVwi1bDS)PL2&oj|EAOpfs=Z z%?f@qQH&6LX2Z`7;tBebE*Y39JP6kciVY^hoJeq|3pjxjAiZfzo9#p#m zmTOb6-z8}D`Nw^9-+6p^_yrE9{GXe%F>T~7?+!1ndMMU}p6}C{LXT^1Yv%c-ajP{} zKnX44Bu;_hueE`$*YRzo@{LgX>*p=^+sgTPV)!sZ^+2E$K?mn45ODE9u^?6ch{=X- z*0OiLJ{B9`nP9%le2c$_Z-u|PSIxhFVs@RwUu78T!4%p2yC^3C47UY0al+PS~@Q5V|tT@s1q-d9?*#pv_YI1`iE$> z*%&U-FZGL290}8rx_Lj2OKn*aV5st59@qNsv!&_)hQ3|Dd-e?b>c(8{s$yy4S~x9l z+&-geIT zPca!BD+OtM*foqeQBt$zr?m-3S~YdGHEj!6-n>KDtwu&;&4bUX_&(&IgWZBk@SsMX z{hTb;P7m8l=El2slzjy7cwU7;7fGGoVPz8i6aWCSQ&ja9*!=xkAFHi-LRGlR>Une@ zzZQuQLemFpGuYK-&lf|&ZSn;^o>YTh1|nXP^XjhfcI?v|Ls9=(4Ioym^5rC@m4kb@ z7o^eo!dVS3Zt!9h;V>JV4;?>c=ZYv=Uby#_r&NT{C=s)s^Bj%lSa!-e^+DuDIiP%y zkPO6F|C&RmN}Da zd;B||56N$Zd+ENE5Wx-;%C8lOS$ z=nX&vJVLn$eJ=l6@F}^6O_zKragjY%?xpXx{Tj{$2%u(d7H^GA2_i@JUr)D5+?Nk^ z6o)3+9Xt%%2sy%@m(TJv%V$|Fx+0BTZwAEs)hivcbeSg*|K}HagTsR(I<{HMF*j)r z%~BK)usnuB3qcBGwWsat6egDY*yhj?NCXj4^P8BYmB~urS2srU+*XC>^l2%R&az<; zUXB^$G&60$S;AlMwV+V&sw{ly1m!TOeEFH6*&3CR?c7!Mt+!ImudW%V7#mGBV)N`J zEaBl>l9gTO89=3gCq^8Bz!@fDA)hU{h>Bqo>m_Et_M@RHv4D#TZV?q@XX)1eS?z5r zhr6j$;Hv!iISyLIZbA}mBt$FKVw8<$eDSL19hz0Om;(M2S`2DeB1TIY^71IJn=w{B z6${hQq)nKuEZ*L@H}3?l2|5t8&&D+UsP5pfV@n4BI=3lUV9VN8MmiL`3z?CF)y> zs+$b_{d>^iOp2AAd>iMdnBD%A_~JPSr6xKusZ%jJ5Uex|Ad6+Wcha<96b>ICNU}(m zG|BiZr;GaXAzW|)X-6TpJcW8)Esf$&0n7=!(H_@xN>q95Gyx(Nx7$FV3h)G4SlfW) zMzHxFc;yVSQgfJ&uCl>+*<3hqO+Ps%Akz3T3*LMUdxbjbVJlar$6F28zXqo0KF;(< zd;9(ONan$5jTu}7jV(oC#S$;!MuKr3)jeLzxs9x0+Ej*B;r zU0^!3ouRsYl81(TOOO z6=tXJ8wH6km-Wq_vzV#JvV`L0ZvsW=6qhd|GCA2}p#yY--jjs6l0Qb6EBGTMuoXOh z*3rRC++^sz11l{w);A6b9sy^!Fdxt(N$klh8p~roxf_CTJk3B?l_5)F2U4jf7%uO@ zM-_nF*%L#Kw*>STC@hexFb%}$l{@`&uL!1Wh^*2)UsNfc>eP;|O#K0W!rPvL<)}+# zASD9-x3iwowy@Aq%iq>}ivdp$%-ff|rQz+b2=;`*Vr$Px z+fyW*0}WJ)S=52=BP?z!pH&UW0}didWEZ5nKrFGzI&;Qv#FgolO~;E`vIsPTH6WZ5 zV-gE4G1;B0=7ilRhKvn!RnolnOPojz5&EZ(HC(` zRwt;%9dfW#rEJvWd;rb!L+)5K?w4ki;^9-jQE)9EE)_lsaOvJ!ExYh3xA+c50vV&^ zqv3-&8IMuf{h{ewdd7JQ*VP;-kJ|CwlBr;Fl`QuS<>;_J)WTU*ImKABTt+K@tS^nI zOz)Dncv${CuN!p^JA(5XWefVJQsWDDdefLA#2n8Zw-X1c6WjZB>K=;OlFLAXH z1x5!d>X~Skv%4f(rQSG=Q{A=Qchv?GL$Z35<_wTawM&KIs^v3I8bQ!r!rmVin!<@% z+nUs&+om9wpLMhmIve8J{Cbh&2BE$$T^-n;^M!6vpdxjZfchr^HEFgxQw4{YdUf=i z=#@hbx)UxhUfNOO3jISWB-v+-#)2D1>%lvtT^P-aYX_QamCxb0*BPb zT^Q=?f8@pdymRcvhCoX_<){Wyk6rmnTBwd1!^g9vBB2t>f-n!Ru^?r#@x^cX#?K#J zDh^Yz$#M{dX5u@Hlt>&oFNjKCFjN@oO&i276q)~q|2~-YnPxjRYK3N`dbsqzS(-8D zZ4D^mR@BE!KS@odcKbKBh=dPIHSkCE?V>jJ{j{F%bQPX)bB5s$JGk0Yqsma`T z!YD}TrY#nQtDBc6NJx7XZxwnjIZZM$?>cyZ;pw#1P)~k)>CB3S>8}*o2a;S<&6{{) zh^;g_#G8=STAM67?$)2(hGKPnqWg4^GBz$;;7aS|j`>cR8il4+`(^)a$yduM=GA#E_lF~nwD2nJa zNbCzxfLy_7U=gYV^@qC)A;3cp$!?l*b6ddfHb|l@hxt&-)Y{4Z2bWc$6MKND)#fmj zWzES{gs#hs9R?5N(Qe}U^D0+s)L>nu&u9GaB*Zk+guB?&D~DIbMX}hA_SO>12-j7< zip&yaAzaT+7^3mguk9vE37K9MiN_visQ!4cLg|$jWf!C1qj%>7`1 z)1NVWRmT;2lAwHuwXi*q#>n#FhWgxV#Wxpv0M2s;t%@+C9HbL+!W|%R_qZj_29i~j z$qw|-Bi6>RFptzusVUFzP@q1KKh25#?|hlSTaD93Nfkm0T6?p-6xf^I|NEH04D>QB`#Z2@2J&O%T(M0RVP0I4tDLO zVjezhXs@XWT7}VD4MKolDop#$;`Z8gMc5<_U1^t-?n^ZI$$-U$*38Va;S0Ve)`nXN|tExWQ@?#Hm(;7g< zU)MtB)09Xvf+0?M>kyw^t=n-DuBL%m_-?PR{h99!a=c(hiE;~;ej>lT#WBW*?OQ`# zw|Xjp{6N{<183V>x>oZS+44xCt}I&EHR{lBy05=JFajKXorq|!xoAHkZY8vtpIqSD z=j7QwII{t&HF-FPp^@veOPPdNowvViDE_=z+Mc$4-WifzGmAUGOrmy$=w-#uYCW-SI)AenDuUx} z39>RjMS``r3Dd`Sm){)X&Bdn&h*fktnsb|y?dS93r}oyLpZ*e+!FAH!O^DS`2cbXN zUL3l=O;=L%izHcW*0gi}mAq{^3!$+~Ule-ia$7CaU_7@cqT5Mhb*jkS8TEf)*?Ul* z!#|$gQb)KH=xlgv0TjI+$pS}7f6!&+oy8`kJgUE`v?HTGCyG&8e7AJ{sU&0XxXQV8EpCXVwySY}Pwq{SG{%#)xP&OkN`dY$r`!0^F7he%S~RB#&D@ zyJn338O#tC{SZ$h->WR)w8B5J2@CtPd%nIE-%b&rMAQYDQwh^&<=;M2kkxrWLq(s}QvhHTg2TD^G-s_+7<|8c0VbqVG_1DP(e~$K!qQ_V9q_Pp7|ghLIqQP{XPj7Xcav0cd=hStR{Ya`G5Vn}{af+9CH1aVLQ8D8mh`Y+%9NmsGL&4z~;6c~D&Z zgLc?%Nb2Fc#yeo!xw2y&Sd7OmtDuC%KhmL)X5xEyksszS3OL5IF|9ZXCMUg_#cPOa z*FEz2l_^`}XBG5t5v;iuwC;aw=8L(YPtF{fKE4d(UDp__i2i8^A->MkXhvv^%j%-{ zZDAV9l8fGZ)U#<`ykmPbm-s5EYA5h|l=Q;W+P-_*u5bF4@nrUXr-C>(_B zwcZ~FXSf?PXcq0^9PTu^Hl%le*9E8CexjYQda_t0@22y?K{@CMfE;C|xwk2qKewn+ zS~xMFqf~y(#1}Ch2$>-kdg;$k=^gL;3Uo*;SM z!xQ2Inx(0nUWV5P<$_9swD~rX$Iw~Ol_c_ROv+ND^DDR8&CMk5?TJ>kbrOsD@T&-T zN*^;V7+7{SS}omiqJ6P)57#0nKGoG?i1GpQRfA=ap#?uPnduC`h`KCZ0nJ^Hp*`wm zp|$829KYf*r|zVNt&RI?L+*WU^3VQ=<5P|0ma`wFy8E^jIV7P6L;(#ukbM8ju#M@% zA6R1QJRh(ec za<3TnV3g{E=VUvqEWxckFAKxcwkUA)APH@0NRUh!lg_^FljeKvFv<-}_E84&Os1~Q10NR-OFY1Uznao38z z6ZIuL`=Lgwuni+zCfv5L6sSdkR*v}tI;aVVP}{u7Our#Psi4Haxb9}gcd$f!FTJOE zW6p0E>Vlmq3%aLm8*1e7K9t}h#-I~P&KWT)sXc%6nema6D%p2j`-!%hdnFSn!B10O z^ZlqH7b}pL)EM9_`yT|r#~9yj6;Zf)@pu-ic;)lO}_&PU|gQWX$@py?LvHxo=2P+sl zBy>bfk11tU@WCCyskFm!*6`~LtajXwF_X6@Gx*wnnb5t8`RO9XjcgnYAhHh9~p-WeHB1Mws* zl9DBvC86LLTOVrM0o5xgnAiidn;%{hn$D%Uc&Fm39VH&Ac-7A0o5z-^xD94ia9(R0 zLt==>sfW8sk~Wmj!>n?XR$xVhBA6LV|QT8EsRZLM)Y5Xcp|W2E=2B zDo<*_LhZam$sxE!-~DcqkHCosN=45%8~$nMAydNT6Mae00_%xUhjP-m%VA7=>(}nT z2kNbzWo{3Ep$KUSY<-Q-vf$Pqudvr+b!nB<~K@gK}O4OmjXemv-Jnp zvNl-$Cdz(g>X=Cg<7fek`S2Q`gpE2~m;|TK63DV5dNX$UZjByB$}|GYIk*Ah>DPJb zocc*ezguFd3Ds(EX2ue31-bc1))dms4@pf0NeS8#_!Bn22rt9sy$UZ84hgDBeD<>U zHXk&Dm4pyC(t&JJ^Rid9_q#?4Y3)hLA#JV6*_js{0WQW#x4s^gc#F$Xac~q>`Swp? z_FCt>TFGK&iJ71vq&@u%OvZQ=wFUZ3@A?3GOucCrm#jg=|!hWg!$7IH-dLx9_M90ytv91s_{N?x31#p4NFYJlJT_^kV z|c!cQcowbkrRA=u#QJYKA&TGS}s7X#SK1dYD@2U4=y%)^2wreX82e|mzBJpMS z5!Wz#&$Z1Ll$=^|!B=Yk4Y+Bx(W+mQVO3&gj~wbsqKRiM6?+kmC$-XXec=Mb7&2+HbPE)s$_(TcH8=YS%3yj0^pP|XKJ zQwxa;ARDjv0xgvgQyF>qjMHr-(P)-3FwOZLorbOD)qDdmxI>6U%sc%T&7K36x(|f) z-2snGB5y9L++$lj4V~IghSHimx$u5>KC>y4P=6`ok%f7grRfDu;jQ()^LDv8PIeRk zW1{aW%5|Bh8FqK?7uXT!@q!S5k(^0D&DUY)xwu(l73=;avfMeyReBY)SjxoSUFwxX zTv$^`!ajo?T6p5kl*!LGbgmB1MP~>327GmJw&T6?VAXBltAT;g$Q{g<=B8-u#0-^_ zv2p0*AMX4ukM3<&28@*pCF?d-Q;|SM*^({Hu7m5v|0RuYpSga_5d0UDrP)Ri zvmS2rVruAR&@XJgtr1$dX)5e)1F@8QLss8T3_0{cT5a(2OIMaNDJ7hNpMZJ>xAMh6 z-Y20@{kUVVRg?c4DQHD|vND-@o+C|oaLVA>*1GVfpm!Z*#Gla$ycyFe;@ZrG?^)(| zXP^64d9Uvsl2z3q5H8}_+k|zOBL4j7-bU|Ox+I9eH_V)F`+i(uat$+kwPLu7brVNy zpV09RkRyE!<{m*V`mEbS6Rbggu#vecPzyQ-(d7M71?#ng;~}3-U2i_%u*x(V_{>g@ zyF0_XW%)l|%yna^ySof1DVh7St3~Ewo+yzujtCmCvq|VhW0#H66hj&GWlEf9P9y^! z`1YJ&kd>609^cc0Z6JCmh5IHK9u-{@)!r4ihe9mskxXihmFk}_ilQ!}c8KWKV#+ak z0#Y(_YowE3(A5(8rl+#tNu_?gS;nm0A)jhNZJn`)YKjs(;~wDmZN_x z2qR~N(6KJl44l&~rtu%B=X24xMrjUd(<*j%jiBH#qSmr(vKq7smR$DHi$? zS=S@OtKVh4C$x^Mnv6-%qp0 zHS5UeIRjFCTe}ExJY}FX7DmierGvB8H`RYA$9UXmY++UVwe8j{b2Ln@uhi z_hNQ}{!LwmHIwIW>d=k_B|Ml|7bMX7i7kJ|cx7{@{whf?Qh-{70JC^d zgiGb0*KsAb;M>6(s&!JvlYv%rfP4e_Dek^c!2&+3gXJPLnX8UiNa}mEi%N2hz~l z;7N-e)yE=O+L6v`Pu5{1Y76vEK3df|onJLOsGq3L|N5D&hqD%yQnMhU>Ed?E}Coiq+yaLWrDD zEV|B2^P3x(FZ6o!3E>_=M5(&z&Qa)>6V(9L*G%_$z^9{IAWj+srix-as*MXV3Dzlo zg~!5zsk=Ey#VPv)m$n0nY62cEH}pWI#^p^%g;U^UvT5Kp_SldkX3<1lh}4*jwiGoH z;~GpL4g7BkWxO~g$XQ>q9rmr>I_bb&n3)+HwZy5<0%ND{YNO&rEwlUv6KuqvoykOJ zziQPvLgO!^zD3gMr$#bUCos~f)i}rlQ5hygC((**7^>NFCw-M18gA(mZ7MuXg`k|i z*UM-0?MVzXW@x+f*wTCvoFyBTsP}JF(&l@yd@?l@iX|NDTNEeK7QbDRvg$umfuz57 zV5WOj+bPr7BemH(vfo0Oj!%ufKh+NacaQ0_Q|^BF*3sy_O0pEC$?dN@#ks_ucxH-8 zMyJTPGgk+D*??U-f=`5FUZ$(5lQ{A|y3&iJw(BU1+Xjo9sL@dJEupO1x~5B;ewQF3 zgjNj!fs5c)OY zs*`nPrNg%p5mV2mu!i~K3&$1CYesF)$b^8aFu;(6p>@`uGy4LXF21M^wY%*sjQ>Fv zn@cF2IT;)4mmh_V67k2f1iZg6kd;Q`_t5N;VYrj~G*1;d(c1E53$Q%EDsK>H%E5ANn41dY!&O)D0Zu1qO8&yntDSn+oc zlR;2O6QPWQVR%}OE^AsU?@0LDPN93@+ejCT1ACa13H`R!W-==m_sM8rNt?zRRVY#| zb|n0@t5}UT{i9WU=w2Df*c8UEkj-9AfHbXfGzXYk$~0t!X_ z9tO7IXb1@IMKdWX;i+dtG`0BHAt9-{O0fPoSuS)VG6R~RWGx6t4OgTHb=pdtTCjn7 z!{O7DUZhknEcrjDXXlDObO$Laj6^U>_Sm5QRK55x!|G$0ym(HX?#lT*)puhGp5Z%5 zsF}V;;$*+6=d~dB+oDO9V%>bR>B_v+hrWKBOm`CLRP=c0C2BZ5f9u0G$#V$I$Jvx` z;GmuwEg?5JCYV$X9wk`qVCu}Zl=1a9rPEO1>h|9os?GLrPQo>WshP+nPo%!%5$`#z z;mmnCvH5}Xg0#*D#($+r=RxbxFX#iC-@4_}mzF=%pZ zz$z0GeKL7=Pn{Mmz8|rSdcpChNq6o~o+K#d6C2+_Jipu8jSY_E=2WGc{dbjJNPi~F z3|ptlco1;9^Uap}NdLB1l`xt8dikqTV1qN+Pz%?ray_sBmllJpj4(p_kC7D7E@bTh zAE&n;eIw+*4LZ1gN~G)3%i~(`1hYw<>7EQ_mNb=gbM_YOqM@+m6Z!nxI~y`~eD8bQ5cZwI{K-P|!ALAkdAof;{p1K&MaV={ z^fhNb_fATYHd@xuT{IXOjjY%5AnD95o6w?#KR`b3(g!wjg@}j1X6g&t0M67VzqXv_ zvl*&%Wl`6mxQ6Dx=7cz``zJ|DiN+0ar%Mm%m}RbwIy^YoQ*RtY7rQsR_GFNRw1k%4laSJ-^6OEj`}3S?8#tQPfh~;Lv%℘sTUFLtHIsk=`$vef2 zruzWo9k}j>@hvUu+fb5z~wmkiHuijc6O;@nv@4)NqAOS4H&6}Gpb zRHFLC=~c&SjN&LxjfkrD5Rf26{%4m$AEJh!PG7Yk!2+O3f?`$v@o*I* zsocc{6D&P8Pg&D*qEbS!s55tcvsdUTBG&Bt#NNEfn? zXIU9PSEKKw4he(yt=7{A{vS37bZ27vntg`KvV2?~=2 zB_N~La!AE_x!61m_%^eG6+bx8@@6qjT+gIZ{oivA&KB{t$9WcmQm^3P< z5XE{Tlem?Lpt&>}#Bb7+DDzJdcr)FJnJcY}oqkg)V2kH%)VipW+nhr<4L>|a&ZNmj zoS-O~p4U(R2e7K8Y|9mVr+=Hw?X}ebUI?hnc}N_OLF1zUzYX4%z8)W)UR@1#NH?QC z99vXVVi;T5+%swa@dsKC5#@*Ayk8T`)J>R?>!@cIFtkB%iL3_SYQ$Nm9p&v00V8hX zCk*yE;Veu^{|%c1A$jy+B~QY#?96LqD6fh^on-OyDag+U@z;yB?t$`qY3;251B0Su{AWFJJ}f>8c;o!;Qi;8c4=08j@SSta$F}u_h~i|8QEr zD@oGs)^<~{jan#Puc6BBOd_(Wr2Zk5iuBaEOu6#u3eimt#Wy?o z;05GkgdKxkOxK-{p;T#C^|sGS{v6Z9kgrrujY0pm-sJF@)^Xaky_usY&Awgy5@8KC z8~715E{}h@XoN_A#j!5!3t#GZJ&4R4&}-m%A}lAdfP%lxI$z6R^Zf}JEKQcU zgv%ga1r_ub%d&VaAH@55pP1i87%#w!x-kK4^Dd+N@IST}YF{IFJrw0BU z^@``9mKjj$_em9rS#EZP4jfX^&w?{$SAtvc>SS;72;#}ZU<0pIlCAY7?ME+u9=S@7<>IBN47;# z0G5PE^sL?hxlzX(O6wiBMS)f316B9GTMv#GIp#Ul>7I^H#}hdnkW)61YjLX}$3qBr z?or=diZfbboYNero_z-L^4cxZMizmu$B5sE4bh{$?ge7iHL~uxkeaSf<=bN@lBV+8VyMbmM&-For4ks*>XL!!ae7c=3BeL&KFFA=9C%cv-^K{TQ6w z4rH3Q|BkK7zc1a>a|Ug`NWW6zsnnr>uG6YL#3C=F?u9U|BC>6=BENb^*7l|_AV{G> zC^n>*L@0YE2~$@lOP0>MJ`YWMz^r9M?PTQ9ulXb(o$g3;rOOp|7v@PfLl3(p8?U3s z3`iWLDfZ=A;w{dh?Nu7BR!$sEOR|uq6HtP=i2OVVhv=HJk#|z|R?c_V;4y~qW6B|+ zlUd3 zq~kKYc^POpzxZ|4Qd3rIRgSMam+(tpdQ7960i(M|F#xE}-d`ea)#p?kWp1!2&h3VLPD)y4cV0G}yc z-iDRkeC6#GSBzfm*mr};+aJ#awJw1GzJ z&=kAP@gMb%Myb|#-?gGTr5c{hgsMsuy%^ObE+>Trn2>^=ZD>g$j8RlKte_&;yZli) zDRE6B#H&wzrHRWlQ8gL;OGyfvs+XNt}8W#eXBHGD_pF&VYLKmhM^oDIf^BoA(G=+9J?-izK>t=GK*P$ zNo>zrM{5kROL>3waM5L9@Xf-@p^dtF!=}$&cSHhb@9|^d_ipKlHWfE&fchX@g*9uu zqAUd9zPU;J%G5EsW?YlbI+rPDU@U9E2ytl+D@TpC$COjk^{^@+kAPQbfnUZw?b~2l0W!X9 z6S{5&)Bub%o#^B9jKIAICFvE41zw|rpqk+*Oe#UP4EMqGk2IR%(MTGD^Bc`D^x_;0 z)kn>#J|_}?wP-m6zp=5!fIOW9n$;ZH|H-m-RR0Wb+Vn?5;o3zR*@gFRYzZ0*NssA? ze#ZpA#A3(`<0`tFd^YQA8CG(@(naT@cw;fCTth~@n20C1!=bF-25o>r(J8{gQ@9Mn zXF!)raeSRl3OnT`jH&_u=)F%q6dXX~S;6Q_ zGo16^F(ochxusrz**`zdLZB26mu%)O1w!%s97~O@#jicS8AbT8aO<;zc#+I?3!%|D z11Z-{1JM)$7y*Gva?m1ZuAU8I3h^arL7o^S72)3I>8=;Mh;ACo&vM0IqE9|HLA>|I z0A<1l>jVuR7j0XuV%VI3mLI-Jo7$`5gJfu}0}sg(N^2}T6n8?YJqKXT*|YR^w9Xpn z9NxXgClH*RSW$Zt6db#WZh@2yPG>Lh(@j|B*`>rm8H^90Om4ArYd@A?^cae$aSr`Oen4CBI0#S5M0Ps$JCz{ZE9_{2o zvk`pC>!!%qf(cILq;^@_L@>nLdw@^P>z>w!oiLx=6Ero%kNZ0RNP zq8K#YAPZ$xzac7avj0DVSqBCeNJMliSx6tF-6qWyzeW$7!T>U?=k_P9?*VA2YTSG4M z$UeI|*;9d3B!iwUN8#Z!un{&%W+2M`M6JWjGf+Q1Y-efRsjY@J&d4(ZTlg?;RrIPw z4Z%w!^2xzY86d_6_svX(6pxDKy9gb?)ARD8ilnL`C0OlkPFm<)r-N^N*WKf<=LaFn zkmb)4n7U1Ahl(d;!R_-HSJad{&#_7nqnp(waZ9G=XtXWul6ytruXQx}xGbmb@Ijg}|xSr-ET8$$p zg(nQQIbA%WSiwOu8p`{&l2>sL6A~i1_XZOZJKKbhvf`s66i##`5juQh`VZJZB*>5oLea;U3G&X|$ak-UK zXt%sq!h(G!b~Qod@;#v=uBo;m9U5O<2wP*Sd@DD=hoi*@}1QW}2il}?W*y6ugx2&MAS4T8Gx5@t*( zdC>sgM|7ilv@6GSaS_$~%<;pLGsiP(OyDqQN=sV;p=1AuFr#y6INQ5{GYY~od3Hbu zPcT*MT+WNOqcM+htnY-~V;12cBH^IxP0s&KlE4~|{JjgrjF;N{=xnWCqS}>11nZS; zocEayi(%GA<`c5_>HBY=^fvb3zI4Ns0C+WMRr^^<;$rJK#zoX}X|ep2=tU)$@$ny* zW8zM`6L&G$4ys|lME35T<{P@N|K(K?i9rIi6u45`f?vb;OS1lMkoFSzjUE+m|1%aO zkl4oYH0iwq_rNT57@F>L>+So&+~7yfmjYtzg`(F(dj-h0OAf~k>*qmCN|BH72T{_c zWDi+UXaTuiq(2TAQ?Ayn{I z9qYYN?FG)&P-(li(`qwdO-~fMsS!i9oId&gOTK3NrxZ6Zh7k*)vR#7;PFto2nAmn&!C zyo|H^l;mKhWCWgxCSP6r=5&UdY*VUZ6{eAD{HVAUsZDh0ugGD163T;eZ?jl6l_liD zKRdeW)~#_9N+3isRJ2L?`kqHts9p59FK6tQ)O#-t@U_Iv#cxp5ODzYR6%C2^KKaDU zqGy^7j7gascw$&IFJvzi*TayKR2~xh*{3k{zqfH&|f>T)qo4klqcSMbRTm$Q`Me+hHN>;ZTEAzW!M`)ZJEZR_-=U$5-Ys&g zH)A+2?-||_EWc_g6m^Dm7r=Yu*mQP59p>t1#OH3Wn7Ug+Ghh1@yvYBgobYAGLDYM^ zL43*)R){l1(U5BNh-l|)b(zJ~e$J#VG`(C4*qestycqtpByifCaWluBDGWG~Aiq(e z@9>EW^R%k$9eLwtags$5f#ex2VL+GbDn05EwXF~{klrQr*Hy|5O(2UF`dqNH=b;83tMk`OjYzVeNOpA%f zDz5?~>t9Jql$Z9Z-4C(JJC(2Wb8XkKPDkz#6ItQZzrEVLChWh$AEz7@0zCwa1QgfM zHqinYb+mT|#7|NkE~VauXQy0w;@;@ifKfK?8h5p}2Ka=2=wWvpVX5>r)QZ?f(8{WR z=`T)&w~md*C^Mc)xdUNB**>XAqIbdr6i4f+u{0^^$=lOTGMTGan^6ix-hC^^Qva`S z*%p1ErCp99yHjqx_%Y2zw59<(i|O@8MKivm<0VF+qFcnbOu^nw-;maKC!$X8Hk0)AZygUm2M}+v*h!!FKy^pC>tw?E(b^^b}*bf_S_N<%u%4>r?C^vN_ z`*RpWUsmaH&|Jd`9?v7#iD$3i%J}`;SC3-c-*NBNdxx(SI%e%7-x1HUWu2A;t~&)6 zC>Nq?({R1_d&14WvMh=Aa^J3rzI5fx`V3n!Me|%*#N_0v7;q%6*o(dF0pAkR#Kw$*0%I9k zT9ZI>=x6qYh)zUz%@xn*#UbBX_gvsc33~g(SE_2cDxC3^dHU8)H;}H44U(qV*(12 z8(P?fgH!n~7;_uMwlt$YjOy z*$ppaYBWJOimaL5BLmcH8rS>znyJOXTB*hB6|Ht-I}{;3N0<1OtB+QrI*J@>Yy#q{ z4XMaVl^}(+Uwi^jaIQGVl63D|oU<#&QYZWijsyMw#}l#0p21}!8VmpsWN+-p(u@v{l|UHF6( z@4+qml%y$NAoBoc5mo1G#9_7HbyLjbjwPzjDowF|L94!E81h79+0nD6%Jz^3p36|V(f1(u za(XNj@i=uE^BEBCCC)wJaPjZ{CU0diB(~6BA?Q|qJI7n#H|0x=n2&x!5ywy$guHb- z@}8@pO$Y+}bS#AW@2s&?%k;TVn}*06!*>nzAlokwI!|DOv4jzpEf}EHX98N@{^%^q z0dF=GvKi|k)Gwk~LbVZ;(HIdlhXCjLFwbJ}pThEbSVxDt{G^vHYVXgF4H!^LxYd~O z;!n|KKgEvrGfvV%F2g4JMZf2;*!aAinP$71;Zu?U6Fw+AKZhW{=`IfwdV`W($zX7K zA<9h(GTKQ`OM>MSruJQksG1|cJE8e)&ETIKVfvKZy&k?t6(9=IevedWg3Ii>zR+Q& znp3;k(jxo@dpBxl3TCoIF!9+J`#Sg1*3P;8fHO&OkT17+iL1wq)G0_Tucof z07}RWBTfa23g+BHx}Cm z^99Th;Pd40DwRQ-IALG4TPh5tL%#AxEXkTj5U%kjNUU^?9tPi9&;9)$5>m@G&h)7X zucH4vjJO}Z&I2FZXZ%KyHa3YAVPkujLAm>%WoZV)$Xo~Orm!VCdfoGy&9mfZf_sr} zK0q@Y=^=a&^lwWZ-iL*(JQE^o>I?}!8sn_D=a-ta9fxOKj0VE)_US#IdO^^t>nwC# zQsS<8db)%Kg((o3qad^rW4gqn;|T4{+0Pk(1A2*H?VIb&xu3tKAcVig|G?Bb+? zgrylN&c+cwD@NbSz^+@U_T^63V~d#hXWA~sn`R6&R!={_4Z9R4_3is-P@gE-KM?3B zpDk(U7>Euzh5If)fQ_Ly@;HsaX-p1IChC8@Bl`BJtfjdL=l_ZiGY|E!V1k%C>XWgw z5>K|w_3#KlzNce?QkgIjdFpwr&zTCM2Ml;)8uR-y-T|@Cx&j7HqYKRO94^)TqfM19mk|c@7=>(zU$}X3SnB^AK7uY%1KGE$VgG#%H{@1goyfo1^ z9*nQ7*;jfpnli_I7{INO*)Q)1u(jAFL)E4_)hj*}LX;^iPw2`>=4};K{d#K;&Rsq1 za0aM9Csk+0A;??F2ope*ubKjc5^zgO7BGIMK&$(TV!7JExaDUd;Ydl> zmi_;dfNsupkC<$w`zJ=4#F`Cv)c_&l3m-kNUd3rt#UxBye`+pV$=& z@++YkV##c(RLPP2D{G?7DlG#VdkUuF!@%oneOL(~_&l@bEaJ<8EaXZcVn1f~jh)%+ zxdI1=%)8#m|E09p;ssTBV|i3L*Q9JxSrG~??Y=;uc|Al>5p!H@mc>x zP6Wd*7+KW-bK-ljGTfa;?q;ZSNUN92g-%X4==3pRFj#GFQGRH8%=QY+_g49e>$>Xq zoWNc|g)-D1nx6o@0%)VufRm2ZwlDsT5>q{*0%uAp1C{`y2R1H{7u?C30A<{8Dsej% zUaOvX#Tp%|WH4Qg3HO5FK86gDWDmdpAx3}0(V|f6di>Y=8z!O0j4Y86MzxttC-mQj zqj!a_lo)!~t_)qg+_l6WM)@JFFT1eL;dgwz3Q0Co)c?c(cEaoO#xYFVb=sD`7vR}J zyqpfNq!U$$Rr4)!%rY{qxcSS~F;pcx=@2PHvjevJd%fyrSkQP^*>2arN$c&T?38#b z+_~FbTmCJ18E&+6kuPz*gmH;HTn4G$+`=zg+|?1fa-1lzvT>ldT!gD0R7F#$m@M4r=h>4FiXFy9nILw5Ag~^&TV`CYM=;wV zj>Ezi5Pf+cI0*)2c@IXbwWx3pm*fD@#vgw>+Wtd1{<;KkiWoKc1@> zUXb=j+lSCvu=^&CqU(34HB6f=J37Z$KX}v2I@>&Hkr}R`u*sq!7uC*(kx5K#5+BIg zYisuj)*AbFb?qE&r ztjt!%;2W;g)b%|K6#?Aeo9^=x*$?OR!*HrN?7yvVoybSV2>=y`7J5k6*NC>8YEy0D zh!Pi&zYuh7e@|j-qoLPjA);DXd`e>h!G0#rrGD{jCn0#P_>3_}4LZT_iF|7uj){8$ z1?hF>aHeslc%>~Cmt=jJ%>3y}f&FB6H{iM%7g2Qh8^dsCZVsv{v&_N{ z0mME7TvR-D2}DKi6bPidDmli6I(7foD56_Hd;(b)6+&?I7w9q3dU_->TY=+6C*|>u zB&@$tSxa2-!e+e~K)lSZ5F?eurNaO^lYy%7CaY0Pfg1=r*|J7*xpk$tE2-~BI$jb? z{M1stOM=!^QGlAewH_Rzd)V`r(kNXE7d4F-wj)YYbi8w|(ABqjpBE&` zx07NaDMnt%6Y+l$`-}_Tu`EidwNniGtyK3(XxFRtW5(k=j&8V>osM?lZ#ExQW7Qac z?OrNEV@wbuedg~rdUj?D>?juiX1=Ci($Rnmng_df_vE#qDa<1%!Sq~Au9)dcnQIl4 z`>_h$ zhz`UAlOq$Qak$7WM59WqM5(4Szr6WSvd7w+%EU2N$`?;c*lDt|aFp^cQ!eyBwt>fh zg?%)LWn~oUQ1CUb!3S_lsMkl;$gl%%mc$n@jf)~5r0KjH3yTsLJzb39a)UUiIR}_2 zoIIQd64JB~AQOY!Tkydk&L2P@rW&|EI4!xn)+a~-HtKQqG$e@r6 z?BVaBow_Fc3d9d={GJsOU5=ZqIbY3FP0X|8h~mm(W`4^bur_{THdzCgAT!a5> zz=cnD{-bNL`9NxWdKka@@U<&9jTM7znWn58x6aw}=*s)9nG%K~$gp+Jf%Q`%tZmaK zu=IaE!D&TO1D|9U>eD&ycj6nqQ|F(ocK#I$Lg`*OSLf6)IB?)60=<+w2hWrNIb#U) z;&R9I0^Ah*oy<3^3MA$S8wTFlg>r0>?RzB6?%ZGWbXOTtOcN$0y}*8)aCVlX;35scC=MkD`{@mAAghGHpfEVSKXI(m7lEH3L9%5pGK)*p zV#Fz}DZrRYw_9(~!V(&&JN4?dFQRsjH{)bNcKF&sNraFh*aJoeQ>z+szy3R;p-sdp zed&3B$V9ymakK%#(dzx_-mQXoL9f)XwRL%F*9i=>NHGaq5{c1Wn?;v((>3b!!Gq$# z2L`VjT?60PA6f}^r)?wJ7)k1z1*?moW(j)`GszM1Ba9^+e{TtSl%g|UpAoQ;NZWch zaCVnC!rfZTTT9pC@aw}4II0=eaFjy~40Qo&ab0*Ig${x`NL(e_6a5GEMGPkEmX?x4`m-ZcRamXjo+r%s=GvPD7svG61|6G4(K!{erAiXQ(x&>o!r$FVtL zj{GJ9q(?}@(I+x_%za4q#f9#}V|QMv8YT|H10*-F7#$w| z@aA4OhrcU_VsviaEZ@rc8)khk-BvZTkBaB4f^732i%K@BoPPwWAE zo@gCL=rXQCQpl6>i@{q@X(Atxztu*}gspwu@$w+LK+2a=paSMw|=dm5SZF=^WCz z21s?7V-%J*8f_bP-SK7Ydv&6~z_7>KmdyTQQES|h>_4k1a=$!zcJRL3w+=dk%x18W zPT=GL&dpS&Yoq%3TOf(hE0$JP_Bv&C8~ae#U@V?|I$z`PIdkP_%jjY(>zO^7$=_DR zddp(dU?(?Ls7M(4F2usNGQGSyT<| zO*5KgoJ&cDH0^8QMALL~&yz-(7;;Hv{P@>6Tq9RJq;6!!G_p{9#al#77 z0JDMQj$%6;2$KlJ)ZS7n(t``Twn-B*Nk;gP0I5VQ zhZZ^iT;98DTU@U18N{XxHz&C`Mgz_47bTI%C~|73L-S$ATO3-YR`Om@L}`HgbQ37O zTy^-LK~PZjbzJ{Av2F4Ys-*&#BmuX_08>K-JyH?}+%do>e?S z1sn=!&hMuscJ&j6&(O2@t4H9JXw)HMSa;hR`Gyqp4+m=s_2yx}Qk8T6@)^%BlzI7F zuwy@f%pp8umDlyhn@n+x4+z!o(yoXmOcVUeirdc6vNOO~Boh?jeI`@fTD$qw4>H+lBJ<;OMw&2x%RHt83oDv9ANI%;Fpol(oQ zs?SOcF~Sn)F6qbp*G-89wf(BNiF=?k7Wl2ce5UB3{b8ptwZy6^z>w#30bp(V)4ooE zssWj(FPqkVJvBc2XZIr5qyKtZ$YRvtrq`9}eieJ9{BH{HI!^;5 z>!X{ypZy(B#PdLnSB;y)EKDru^|G}b)nlv2wLLp#Xi}qAT}}5-Svy}KzC2t?D4Y8~ z_^VG@9nTzwNHHM}My&C0+gN1J;@qdqK#!-PVfuF_zA&xb73~wj;M-Uk0jh&%wB3qC zt->G0WbraEynZfo%LR5MDaP?B8nI#0c!^S#3&2og;Sqkp8uT5kMiqNxybuu_W@DVU zezN#fVkkMQJB@o*a0RNBcP_0WzMs*AEIwC2^+UT)yLbXARypo|+twtTU-D+c3)d8O z^8QD1w8Bme+=&FgHv{`yL)Q3TICe~c1{NmT_tJcjI164@`F{fi^atLCQJX-}zzW)8 zF{?J5Ay*?l;-@V!AFdq)+v*i{mJR#xvnb13_K-lf$6l6R+)-J^OP0254%v{6e<=** zDoD!buU{5p@O@-yq+JsT_LN!1sB}4|QiB{RQ5D zMtJ}^o3OhQ1x=f`$0chQNqTsLqVlnzXD%MkI`bNvN;I@bgxvbB_6OH)Dg3qQcwYDpvV6|oj~huO`xHp>jXo@CigVR zjSf7TxnDZ(#?XgktDVliY)6JzLC;?B2@9~{k^@1XdWJapC-=dBOlJI|!lJx{H^)Iw zb{8JQ%pbKZe_*}zqe^^Mhbl4dn9DbFoAKX=ulS1y?f9GA&$Dh?BE1Y z92k9S_~lqo|JtIN-k4%Iax&Qfk)o29((%!2`8DbG|!UGi-QL4QIIzxuU79wHRuaqOA!7TTyD5#P2+_Xp7AzG z@apg~ojR(Jr?U}h&LQ#d$SJ!1s*5ZnweSJ=Qz{VQ)>r?|rSJqd%xh+S2?~Jg~X*1Smj&Wzr zxFV7>$JUDmtoXAtW0;Z0*!)ff&oWVrU1Q0{)G(o)il7ugQiDeS?F#cPt5bWPVEP)s z%rzi)vKglgzuV-WVQ_$+F)Ff}4A&H#NMyD!N>+Z-fOmBcWfL3sei>HeyD|Z2U$YeZ zI$#TNa0Y-ZOa5`fyOL|p?T}ibTxNvJn1;5@h4DI9f0urm}e^_SXw^Kw5K0ypC|7)>h(yagy9k6!&n19;=$c*1$TW*6-cGewh>m1v~Dj^lf{K$PfTxo!w%wEiM=+Sue3a+&)#)c+=xItLAVs4kI-i0Qc zv0iH`4HaqGp5|A))NTBF4BbC%Gy8Jzko^k_TCwkm{uy#`2h=pj+qmOqvbMKe4nN@} zCu+M>@G*zYT!?#qO1iS3ti<)~p*j!K$vP88fOT!o?2L`w@`BaVXKrbS;d09aWI*UjKyTOT2pxIoE|E1Oo< zCNtM4Zi6)Wbv(iL9}Tq+d6Kn$1rq51uUMt_d1r5CCs{{r{Uq2d)jwY(S(y zd)V_lGB83@p}z!;fow;$TBKWWYdLWX6|6{;*HK831`Q{`LJ;g-HaG`T!!daP16)TiSanh+(`|YF04;wA_Ass}mY4xn)@Gs?~ZVl}demU;? ztt^>X2({pkk3$n&D)>hwfOkQ*@a_NQF}%^ku=*^#uo4Exiib)cnU@82vA}HH5VT3n z-cT@bp}*bp_4esA&H*m_RSW6l*==j+)gf(7C^m?Qg!GCY;7@f<%1!RgESS&wGBJej z)Lr1f7<%A%eel4)&loev0tCsk7Use2G7_ip03NMSFh}`1dzqw<7clyuV~L zgDlc=*TDATl3m#iHFNJM?RlkSwbM-~l35b+2j^)6)-`RP5{KykI4O#3;6wm+p~hGI zh`D|rDZxu*QD$mN;q(jlkyP-lf^9?lb(HwVKS(#mpaoCxs8`L4N|lWUty<6)djD$= z@u+GVOV24fEkkUSdKZ?jc~95+x7KmjnNd z&>tc8#8S1Jt8rb2q~xhN*QhZM(hvGAIlPt|4e2rFhhlG01$_KYrf@Gl5?r1A6Xx|;&h@aDGC_g^G{uyO^&&4h1Wui zc`u-o73|ax2BlZ3cNU$UE&Au^6M#nY7n3|ovNXVIQV@hl9QH9;t#WhM&i~0igJ_G- z*ZGpV2Lx7OAqT|Xnf@0s`%PJ{D{&Z)+yDUiYJiEv!P(NVz2|11JGd85YP+7XPql+X zZwMe^atU$nDc`DM6;@es@cBty0|R+!ec1e;EJENe2Pc7c1z@ z0&!dl$8J_y^fTK*`|k0Lx5M#hS=?z7)+!kd*b$rdrXQ}RH_kyBX5dMh-vp;L^ce3n z_Vs?PM4_dLhBiw|rmrh4#;IH^j>~-rY54Wl?l!J=`>NyNiC+1F_+8GM6Re$6S>-%| z(g$z7cqYU*ro;>j#`A(R$WZG#5mG3CygbZwN(fM>6m~miq8Fd3!18#PYlBljCEJ(VL@-8>qQb>x34^n3*Y&tzZ<5&acaR$xL z8jU&YU;b^^IdL&(KDPxsD~+V7Mat`nIamGTTQ|2L{5&jv<$A4u=D%XZRN<-up6qXj!L0^-ATPrQ^6nlco*}60esw=I?$n$Rk$!0b3Vj$ zR{aK&b<3*Hjh5P@o;NS8t-!H(OD4Du-Di#vo2B&5<-%4xQKJmcms_Zy!&2KBE#{uB zNQRc7dcwsT>NS;5N#65Ys@ea1N|%|}?vJGDZ`)xv;3$g={e;Zk#u2zLib&q$b*_cA z4XbhyLQRf_0jc#re=mBE6f6h%JdY%!w40kG3{Ls7X!5bXyYbP?I%Q{=tq;xkP>o@ z-HP%aLUje_-WK-%YtTU2>Xfhg9^j)y@;SDb({Mh=+jI1}910MbPRtDCYcWa7`mK9XEuGccdae5J;bK=--j)VL514WSWSQ1&#y6KZ z`r4`ATdE79oYIweS^KV{KFqUR;^i%j?zRmp(h?-0><|+l(YkmE`NTz58+TaDF=1_W z339dEjZSlS{z}B1A)U}h+gN{1kjz;>KlVq10}5mmD;I^i{WB;wv;ppuxa23-gC70;fvx!;rM{tKdY21e&hp-K0zXQMgH?~if8D)$vp zpO03|e||kq?m>``=C7406sz~>1t7wqv#*;w;IHOjrBgxjS|jBOrQ)J-Yn)OSh~Dvg@7oES1&xMnK=VHnHdbuW z=bYX$3OT_NuCPsUwVhIOy^iqHTe^|NW`UtqUNlQ#3C%-E{e&d<4SDB(k)<(HWtsAM z8(g0?=XE%zCkxaQt(RwhW{Sjhqc%ILjbs<%U&dAALlloqu9seIHZ=D{*M0B1sW{px z!5PD1oe_kSZp8Am+e>>IWkQ4wC(Vk@zv++VbGtg9~{==HzGN4^;CmX2_HALmK z7T8&zh{0gfPhG>0TpN>SE4MStjAGLT1m@q=k@Uv4iAsi8h8y!X7UMISVmY`iT9eC2 zqoI+IZww4d@Vs%jGD{6mkln@1Bh9%y&01fv1(5Vk$|HFlD`E)TXHfz^kMNt!4uo~n zmgZE1+mm4@`g67yx77Dg5qqlvDIJ?7TuPW+{Y0-cjHPsv?(+Ar#kBcx-r*9dgwEuDbUz@$nNy3@tf64T@~ zxA4rjaL^*rL``<^zUn?SV1@JqOA?coMLdYC0=ofh3M-FS!OJktXb5(|y zhw*iX)oX&RwSBeH$i0TCFY4B9?|#FM0c=z;FYp+<+e<@}a2G_YeYyNz4g+DeK1;G3 z0fPM{6e#p6nrM=0hG`D)PN_ELf@j0@0PoicUB-16#TMfylEUX$CCe^;ppO6uC)ud2 zIBnyj460)hyzVmAo^?(g(ZGVDBoGWer!hyraXeG>3lAsOr@1c1bO?saaRn+#Wbj*e z47WU@wm}p51Q*P|^PqFA52HqiRDu1^Ug*|8(Z#nh=jw`xiO2<>j1Zg4jy815khny* zcUUUp(aXR|$MGWc0}a)*m$sAy{FEb6>Sa>(A@u-2fr@7Bl=z=VJ(}hT%=SqZThXOSdP^^sJ{_)nz|T$%ybaJa>OUd$}I6e zhnX`?7Hvq8RLHp#U~Qybkc7j*h2d#KWyd2;t6!C(Z&%Qyc&V#?JTv)Xf%=TdcH%S$%EP5kEbS)o2*iKV`4QL`!ZU5H-zX)Z2_T!0Kt zCpra9STZ^qEgf&og3-WaNeoEf%*)M%dVJB{D;q6-KgYbb-49V-ce^aHP45~nur6hi zTsJH5rdfuwr{tIbz}^SYBzaj0!rc&N^RnznBJX->E@4wPYT~AL-;}SR1a%=hcw{txf&(3*xyaGEDrF6#MgxPBXXq0mwBkSH9%=Kvwa|`*q%D3 z>~^8|Di=P&E3_IbJG8%PKORcVh5s_Dci7aGl zhoM3*%rZQLpw1#ZmcYU_A-%E>r>`ZgSK1b%QDcpC#GPp-ZQh#WW*a23sBIiFg(_zx z0#|h(C0Yy8CXAX+#tcpG!eM%xXhrk`SH{Jd$$ez_+n7`N_p04=6=lq`wcA9%pFI=n zYj`_D=NZXD8KT@NqJ5p}HvDh)$~?JId|E4#PN{U8eSYmb5 zPbxTSoN;>*A<^hta4S!$Pbt;lc725m2wwmi@p8{lfZ?cRzzn<#d;miA4Hp*d)8<{G z&|u_fP1)Wt-0JMYg{XlirgUGbN4@cSjiTuP-9(?*8{uCvElu92tkeJ&YPeE?S)&C3 z&aL*eo4eRmKRIg4;)e zG*Kbe7NjNZ6!?z~mqnod%)i~%m`y% zX&2E#l)*Z94fy?J2ydEM4|U;|?V>NzqCEJCFWT)2iajSS6W@-RPjaPPe*+*jP5^^r z-;+SsiSk4;IX@)D3%&_HiE%xPB-+Axu#JdiglLWXICTF7G+$RDmCGfivF@wCwvqOw zgl|#^vs}aoG;TP@0taL&&?*N6{6}9Ia&vq5%rBC(?b`>OWHV7GLj@eA)^1kM+9+X+ z4-XS~oR~Vu{y#eG+ob-6pg1;%elgg60qud_MPI%9n?xI|y`Ize8|tMBAf2V&rZ1zQ z>xUo8f5W8XNJm+Yid1__*h+XnP_>?Zy@R55N;p ztTYYa585hUT+(e42~t4lXOQ`8t$6t=YzJI2JLxp;o^U@2#wXRfT181O<++fL`zhuc zfjBgEK=0@^UFe-fGZ$ayvqACa3479F)n<9h!J%1S_R$j>fB@)i>lkPE#u|Fjg0{!s z+FA-aFZK=Z@2C8TZi|Osc&f$;`!@ive^~TXhm0Pwm?P;+MYf{NujW`8#6t_k=0l~A zzg&Dx0EZ8>Vf{+jsLNao@J9ok3CokR4G09iSp_#J)k1rmpg-N|J0CgM9UVYXAkOy# zO4h9M>oWx<9cx>-ejcjbPe#tzCy<8tJZy^Fyw%@Dxv=Ju!q})w-Je6QT$M&&eCRda zy%Jnh4b_l^{+NI{up|O8OxrE|e`MbvooH_f)O}OA7SEZW1&-)+{JbZe0ntQ!jkr8_mhXCc9L!E~mwTSo}VtKm0T!pX^_Q%Pj@qPt!AmVj(6E+tNAog%}q{Xr1& z`AwKosaX@3NJBBLk5(-!wG)E_5CD$#kwUw@C=A+w*?aI@!`u^uarLHv6T@$AytXtn zsP?11^OJu8cAN`|*U-AlE5!z79RY7_G`m5NCH(P?iw#C0H|>QEC7leKTz+{`t4IfF z@qLmU(DFNt`pEr`cmN?sb?m+F2xN$Wl@jp=M(*9o*QlDnGPnzdblU(NZ-F#_Yy@_u zBHDyoE6PCcc@rh<8}$Je>naMlM14x&^MvS$?ls6VcQ(n)A|sF13|jG;F&m}$xcCE- z)AT(CHJ=f&z}}3G-ot*{cIAOY=avYfLYk7GTKZ%Qp0rgKxr}d)RY^Cxy|2jR2!HGo z2#fia=v1t2AY|xi21ay&tTHGGzu7DKndJ0N=DM9+SHH@M#y0voRqO^iNe%ghhBC~0 zQ#lx&S`(kpF(P<1#_6@lL2+Uq)atcc(@M|E3Pu+L`pX7gIe)8N%h3oNp>EyCA+&w| z{{?)PIKmZE$!QQPkmk>A3&5RQt@;ZvV3Kqg=i(sO0`dlR2@y(qDT0GDB|*+LJ7f|&COl8fd!`EO4e6MFlTqzfS8TEWmb z=^qwERd$}Zu7d79Ve>2f&7L6-oLHZR37jC}Dob=W{I_Tu`d6DW{Q%nQ((8{fy+|KcnEQ zxrJvuJaUnf)elte<#o?|gCPb&UcP;w%()_)+z9+pydLmm|CbwekUE=c(dF7S*}%B< zZ1peV7eY!{_%+dWYwbf^!r@a6Gtw9WgH%49PAHQLhz^|lw+9@GI~pk|82XTlV@%gO z_0LG9xFsLz{6os0$zd?SCjq9fr|NMb&Unag&Pgc%EN6vj-B+UxzFyown=)ioi4aM%bmO73Q$<8NCb~qlm*;8t^r)a{csm z&JN3PDK>F<^^MFaqUqTBSleKkW)WSt)`JWy!)b@rD4*X@s4)Jqu0U@=!*=qaz*TrY zloO?EKLn-75c8?t5~B_erNAqqq6?W8=R&Mz7P}^Gi?B!bU$D8oW9qeVz|Ff7?nWe1 z20fv?>guJo+cF7*%ymuGGFD-I_^w|YRa}X@j^qLkO+~D*Z^jZRuiz2?Hor++Z76Rz z_-W(y=UdjUn=406kWILMA-SS-vyc42Kaa6YEZ?)SiT*6AU+@NR?p>eue5;=#j?uSv zt&=Uh27COtOxxZO&wv_(M1H@*&evrmdM=zYw%>cw48sFgG|gg=k4*d;fn6=#2GZ}) zkP}lLeQo&P-hVLw@s+Tdj~T9jQs?&Uw5-e{!vGDB|Ej|13x(^5k9AniVKZ=<^pzXw zDnfd6tDKLX*}x%^NTZgcA&M)(SW2iAtcsd;Xl!q7+)9yOzjxA(voANz^#zI>9LU_G zLb|6{VKXFvY7O~)(|Nc{s&{na#7qH*k(;==ZjN-I@cg>*p{Pnhlb62w%v6XPat)nB znY9q-oX)64ga|2MK!L)~kjR9~vs4iI{U42Zm2}d_(8|HGLy%v*M?dkUFcPTwMRD0~ zhd0W`o3;>Hcew`zm!w1)k4s8cgCwl?U#8d4#avXkD2%&gRmRG;<#CspiOAHd4!xSj z)-#mmqXYl{xA!T*DmT(CoFp4%x)>eV0{~_6jyq~7JyLcUGRXW{Rnu2{eKw1RMgWuH zv?Ik&{Spo(Gv@Jwjm@;!kT(B4|F@xfTpux@D_8tYvmQ78{0S@W{n+b}OJ}H>N&kja zUg-dypng}~In|DVruJ&%wFoE5f5b&BL*L_1jkJKu3r%`JCt;M7QQY@Pt?Hu^5w%NS zc#)J2PANR~K%(sd z9))G+5LPiYQ^mnmLRCpVnx);e7^H9V;uG13QZ{;2YgrA>-z+qdXktjuIvoXvn5++S z0J1aGNs*OCtp`JsJYP7BwKC4qum5hzVKJqW7)8mVvk@~+f; zcgaKAoDZwV&ad$#j@dhatBtZ~!A40%oxC&d(wTN3y9o#RRGZ zmY8sI04KE1IAaeLdXvZQ!ZB+H`E`|f&JEm0x*;DEM0laXcW*eH6$GVd9JvO!le?AH zPxDMj$MX0tJIN)_a5|Ck{>^S#kt+6&Oo*8zl+`NAAfErm%XBAEoPGZ%Fb#OtK70O( zvaKT*G)B1sJD9;6r^$u2Oxr0jt;N5e5t;ea=?QWaE+*v`y<-}-iQ9S^peIPcZDnD> ziD-T*Yn*TquefgG&nTy6u+MUYrjdFWlsaNEYU~TnSNE>_w#Z1Dkljo}| znAu|BLBeTm~H&xNn-u>+~A1oAvPMJM-0guiXFe^Tyuzn}E0MHo3gT{OgVcN9Q@_|I^cs8sHY()B_|Yb(igC_0GZG@QmyLQ={{2pD#?QfDG_-&_ z06_?K-4B_nYV(GMX;Ai9fq%lL%r0trwpLLJ>o|u$EtTUP((k4sBj){)YS4()-n;^W z3asssun}bT0000P@G*1|-;HZ~#xQlx$W0pH;ofRT0E S1}&qu>E9dz000003RzmB2G^Sa literal 0 HcmV?d00001 diff --git a/shim-noarch/shim.changes b/shim-noarch/shim.changes new file mode 100644 index 0000000..f8eced6 --- /dev/null +++ b/shim-noarch/shim.changes @@ -0,0 +1,1099 @@ +------------------------------------------------------------------- +Thu Mar 14 06:05:12 UTC 2024 - Gary Ching-Pang Lin + +- Update shim-install to set the SRK algorithm for the grub2 + TPM2 key protector (bsc#1213945) + 92d0f4305df73 Set the SRK algorithm for the TPM2 protector +- Add the missing BuildRequires: update-bootloader-rpm-macros + for the update_bootloader_* macros in %post and %posttrans + +------------------------------------------------------------------- +Wed Sep 20 09:00:36 UTC 2023 - Gary Ching-Pang Lin + +- Update shim-install to fix boot failure of ext4 root file system + on RAID10 (bsc#1205855) + 226c94ca5cfca Use hint in looking for root if possible +- Adopt the macros from fde-tpm-helper-macros to update the + signature in the sealed key after a bootloader upgrade + +------------------------------------------------------------------- +Thu Jul 13 07:20:50 UTC 2023 - Gary Ching-Pang Lin + +- Upgrade shim-install to support TPM 2.0 Key File + b540061 Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector + +------------------------------------------------------------------- +Tue Jul 11 14:02:16 UTC 2023 - Marcus Meissner + +- remove compat efi dir and binaries + +------------------------------------------------------------------- +Mon Jun 12 11:12:36 UTC 2023 - Marcus Meissner + +- Update shim to 15.7-150300.4.16.1 from SLE15-SP3 + - include aarch64 shims. + - do not require shim-susesigned, was a workaround on 15-sp2. + +- quieten factory-auto bot as we are not buiding from source: + - shim-arch-independent-names.patch removed + - shim-change-debug-file-path.patch removed + +------------------------------------------------------------------- +Wed Apr 26 07:09:48 UTC 2023 - Dennis Tseng + +- Update shim to 15.7-150300.4.11.1 from SLE15-SP3 + + Version: 15.7, "Thu Mar 17 2023" + + Update the SLE signatures + + Include the fixes for bsc#1205588, bsc#1202120, bsc#1201066, + (bsc#1198458, CVE-2022-28737), bsc#1198101, bsc#1193315, bsc#1193282 + +------------------------------------------------------------------- +Thu Apr 13 05:28:10 UTC 2023 - Joey Lee + +- Upgrade shim-install for bsc#1210382 + After closing Leap-gap project since Leap 15.3, openSUSE Leap direct + uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot + CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, + so all files in /boot/efi/EFI/boot are not updated. + + The 86b73d1 patch added the logic that using ID field in os-release for + checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure + Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. +- https://github.com/SUSE/shim-resources (git log --oneline) + 86b73d1 Fix that bootx64.efi is not updated on Leap + f2e8143 Use the long name to specify the grub2 key protector + 7283012 cryptodisk: support TPM authorized policies + 49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst + 26c6bd5 Have grub take a snapshot of "relevant" TPM PCRs + 5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot + a5c5734 Introduce --no-grub-install option + +------------------------------------------------------------------- +Tue Aug 17 09:29:05 UTC 2021 - Marcus Meissner + +- restore the shim-susesigned installation via buildrequires here. + +------------------------------------------------------------------- +Thu Jul 22 06:47:20 UTC 2021 - jlee@suse.com + +- Update to shim to 15.4-4.7.1 from SLE15-SP3 + + Version: 15.4, "Thu Jul 15 2021" + + Update the SLE signatures + + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441, + bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, + bsc#1187260, bsc#1185232. +- Remove shim-install because the shim-install is updated in SLE + 15.4 RPM. + +------------------------------------------------------------------- +Wed May 26 11:50:43 UTC 2021 - Gary Ching-Pang Lin + +- shim-install: remove the unexpected residual "removable" label + for Azure (bsc#1185464, bsc#1185961) + +------------------------------------------------------------------- +Wed May 19 01:31:02 UTC 2021 - Gary Ching-Pang Lin + +- shim-install: instead of assuming "removable" for Azure, remove + fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot + to make \EFI\Boot bootable and keep the boot option created by + efibootmgr (bsc#1185464, bsc#1185961) + +------------------------------------------------------------------- +Fri May 7 08:46:32 UTC 2021 - Gary Ching-Pang Lin + +- shim-install: always assume "removable" for Azure to avoid the + endless reset loop (bsc#1185464) + +------------------------------------------------------------------- +Tue Apr 27 08:58:26 UTC 2021 - Gary Ching-Pang Lin + +- Also package the debuginfo and debugsource +- Drop COPYRIGHT file since it's already in the shim rpm package + +------------------------------------------------------------------- +Tue Apr 27 01:33:36 UTC 2021 - Gary Ching-Pang Lin + +- Update to the unified shim binary from SLE15-SP3 for SBAT support + (bsc#1182057) + + Version: 15.4, "Thu Apr 22 03:26:48 UTC 2021" + + Merged EKU codesign check (bsc#1177315) +- Drop merged patches + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-bsc1092000-fallback-menu.patch + + shim-always-mirror-mok-variables.patch + + shim-correct-license-in-headers.patch + + gcc9-fix-warnings.patch + + shim-fix-gnu-efi-3.0.11.patch + + shim-bsc1173411-only-check-efi-var-on-sb.patch +- Drop shim-opensuse-cert-prompt.patch since the openSUSE kernel + enabled lockdown. + +------------------------------------------------------------------- +Fri Oct 16 02:00:45 UTC 2020 - Gary Ching-Pang Lin + +- Include suse-signed shim (bsc#1177315) +- shim-install: Support changing default shim efi binary in + /usr/etc/default/shim and /etc/default/shim (bsc#1177315) + +------------------------------------------------------------------- +Mon Aug 24 09:12:18 UTC 2020 - Gary Ching-Pang Lin + +- shim-install: install MokManager to \EFI\boot to process the + pending MOK request (bsc#1175626, bsc#1175656) + +------------------------------------------------------------------- +Thu Aug 6 09:43:19 UTC 2020 - Gary Ching-Pang Lin + +- Amend the check of %shim_enforce_ms_signature + +------------------------------------------------------------------- +Fri Jul 31 08:05:05 UTC 2020 - Johannes Segitz + +- Updated SUSE signature + +------------------------------------------------------------------- +Wed Jul 22 09:23:02 UTC 2020 - Gary Ching-Pang Lin + +- Update the path to grub-tpm.efi in shim-install (bsc#1174320) + +------------------------------------------------------------------- +Fri Jul 10 07:21:27 UTC 2020 - Gary Ching-Pang Lin + +- Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + + Add dbx-cert.tar.xz which contains the certificates to block + and a script, generate-vendor-dbx.sh, to generate + vendor-dbx.bin + + Add vendor-dbx.bin as the vendor dbx to block unwanted keys +- Drop shim-opensuse-signed.efi + + We don't need it anymore + +------------------------------------------------------------------- +Fri Jul 10 06:28:44 UTC 2020 - Gary Ching-Pang Lin + +- Add shim-bsc1173411-only-check-efi-var-on-sb.patch to only check + EFI variable copying when Secure Boot is enabled (bsc#1173411) + +------------------------------------------------------------------- +Tue Mar 31 08:38:56 UTC 2020 - Gary Ching-Pang Lin + +- Use the full path of efibootmgr to avoid errors when invoking + shim-install from packagekitd (bsc#1168104) + +------------------------------------------------------------------- +Mon Mar 30 06:20:47 UTC 2020 - Gary Ching-Pang Lin + +- Use "suse_version" instead of "sle_version" to avoid + shim_lib64_share_compat being set in Tumbleweed forever. + +------------------------------------------------------------------- +Mon Mar 16 09:42:34 UTC 2020 - Gary Ching-Pang Lin + +- Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused + by the upgrade of gnu-efi + +------------------------------------------------------------------- +Wed Nov 27 06:23:11 UTC 2019 - Michael Chang + +- shim-install: add check for btrfs is used as root file system to enable + relative path lookup for file. (bsc#1153953) + +------------------------------------------------------------------- +Fri Aug 16 04:07:30 UTC 2019 - Gary Ching-Pang Lin + +- Fix a typo in shim-install (bsc#1145802) + +------------------------------------------------------------------- +Fri Apr 19 10:32:11 UTC 2019 - Martin LiÅ¡ka + +- Add gcc9-fix-warnings.patch (bsc#1121268). + +------------------------------------------------------------------- +Mon Apr 15 09:24:07 UTC 2019 - Gary Ching-Pang Lin + +- Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary + (bsc#1113225) + +------------------------------------------------------------------- +Fri Apr 12 08:50:49 UTC 2019 - Gary Ching-Pang Lin + +- Disable AArch64 build (FATE#325971) + + AArch64 machines don't use UEFI CA, at least for now. + +------------------------------------------------------------------- +Thu Apr 11 15:52:47 UTC 2019 - jsegitz@suse.com + +- Updated shim signature: signature-sles.x86_64.asc (bsc#1120026) + +------------------------------------------------------------------- +Thu Feb 14 17:03:00 UTC 2019 - rw@suse.com + +- Fix conditions for '/usr/share/efi'-move (FATE#326960) + +------------------------------------------------------------------- +Mon Jan 28 03:18:53 UTC 2019 - Gary Ching-Pang Lin + +- Amend shim.spec to remove $RPM_BUILD_ROOT + +------------------------------------------------------------------- +Thu Jan 17 17:12:14 UTC 2019 - rw@suse.com + +- Move 'efi'-executables to '/usr/share/efi' (FATE#326960) + (preparing the move to 'noarch' for this package) + +------------------------------------------------------------------- +Mon Jan 14 09:48:59 UTC 2019 - Gary Ching-Pang Lin + +- Update shim-install to handle the partitioned MD devices + (bsc#1119762, bsc#1119763) + +------------------------------------------------------------------- +Thu Dec 20 04:13:00 UTC 2018 - Gary Ching-Pang Lin + +- Update to 15+git47 (bsc#1120026, FATE#325971) + + git commit: b3e4d1f7555aabbf5d54de5ea7cd7e839e7bd83d +- Retire the old openSUSE 4096 bit certificate + + Those programs are already out of maintenance. +- Add shim-always-mirror-mok-variables.patch to mirror MOK + variables correctly +- Add shim-correct-license-in-headers.patch to correct the license + declaration +- Refresh patches: + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-bsc1092000-fallback-menu.patch + + shim-opensuse-cert-prompt.patch +- Drop upstreamed patches: + + shim-bsc1088585-handle-mok-allocations-better.patch + + shim-httpboot-amend-device-path.patch + + shim-httpboot-include-console.h.patch + + shim-only-os-name.patch + + shim-remove-cryptpem.patch + +------------------------------------------------------------------- +Wed Dec 5 10:28:00 UTC 2018 - Gary Ching-Pang Lin + +- Update shim-install to specify the target for grub2-install and + change the boot efi file name according to the architecture + (bsc#1118363, FATE#325971) + +------------------------------------------------------------------- +Tue Aug 21 07:36:36 UTC 2018 - glin@suse.com + +- Enable AArch64 build (FATE#325971) + + Also add the aarch64 signature files and rename the x86_64 + signature files + +------------------------------------------------------------------- +Tue May 29 06:41:59 UTC 2018 - glin@suse.com + +- Add shim-bsc1092000-fallback-menu.patch to show a menu before + system reset ((bsc#1092000)) + +------------------------------------------------------------------- +Tue Apr 10 03:45:39 UTC 2018 - glin@suse.com + +- Add shim-bsc1088585-handle-mok-allocations-better.patch to avoid + double-freeing after enrolling a key from the disk (bsc#1088585) + + Also refresh shim-opensuse-cert-prompt.patch due to the change + in MokManager.c + +------------------------------------------------------------------- +Tue Apr 3 08:37:55 UTC 2018 - glin@suse.com + +- Install the certificates with a shim suffix to avoid conflicting + with other packages (bsc#1087847) + +------------------------------------------------------------------- +Fri Mar 23 04:47:35 UTC 2018 - glin@suse.com + +- Add the missing leading backlash to the DEFAULT_LOADER + (bsc#1086589) + +------------------------------------------------------------------- +Fri Jan 5 08:41:42 UTC 2018 - glin@suse.com + +- Add shim-httpboot-amend-device-path.patch to amend the device + path matching rule for httpboot (bsc#1065370) + +------------------------------------------------------------------- +Thu Jan 4 08:17:44 UTC 2018 - glin@suse.com + +- Update to 14 (bsc#1054712) +- Adjust make commands in spec +- Drop upstreamed fixes + + shim-add-fallback-verbose-print.patch + + shim-back-to-openssl-1.0.2e.patch + + shim-fallback-workaround-masked-ami-variables.patch + + shim-fix-fallback-double-free.patch + + shim-fix-httpboot-crash.patch + + shim-fix-openssl-flags.patch + + shim-more-tpm-measurement.patch +- Add shim-httpboot-include-console.h.patch to include console.h + in httpboot.c to avoid build failure +- Add shim-remove-cryptpem.patch to replace functions in CryptPem.c + with the null function +- Update SUSE/openSUSE specific patches + + shim-only-os-name.patch + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-opensuse-cert-prompt.patch + +------------------------------------------------------------------- +Fri Dec 29 18:41:12 UTC 2017 - ngompa13@gmail.com + +- Fix debuginfo + debugsource subpackage generation for RPM 4.14 +- Set the RPM groups correctly for debug{info,source} subpackages +- Drop deprecated and out of date Authors information in description + +------------------------------------------------------------------- +Wed Sep 13 04:13:21 UTC 2017 - glin@suse.com + +- Add shim-back-to-openssl-1.0.2e.patch to avoid rejecting some + legit certificates (bsc#1054712) +- Add the stderr mask back while compiling MokManager.efi since the + warnings in Cryptlib is back after reverting the openssl commits. + +------------------------------------------------------------------- +Tue Aug 29 08:44:25 UTC 2017 - glin@suse.com + +- Add shim-add-fallback-verbose-print.patch to print the debug + messages in fallback.efi dynamically +- Refresh shim-fallback-workaround-masked-ami-variables.patch +- Add shim-more-tpm-measurement.patch to measure more components + and support TPM better + +------------------------------------------------------------------- +Wed Aug 23 10:28:44 UTC 2017 - glin@suse.com + +- Add upstream fixes + + shim-fix-httpboot-crash.patch + + shim-fix-openssl-flags.patch + + shim-fix-fallback-double-free.patch + + shim-fallback-workaround-masked-ami-variables.patch +- Remove the stderr mask while compiling MokManager.efi since the + warnings in Cryptlib were fixed. + +------------------------------------------------------------------- +Tue Aug 22 04:51:08 UTC 2017 - glin@suse.com + +- Add shim-arch-independent-names.patch to use the Arch-independent + names. (bsc#1054712) +- Refresh shim-change-debug-file-path.patch +- Disable shim-opensuse-cert-prompt.patch automatically in SLE +- Diable AArch64 until we have a real user and aarch64 signature + +------------------------------------------------------------------- +Fri Jul 14 16:40:52 UTC 2017 - bwiedemann@suse.com + +- Make build reproducible by avoiding race between find and cp + +------------------------------------------------------------------- +Thu Jun 22 03:26:00 UTC 2017 - glin@suse.com + +- Update to 12 +- Rename the result EFI images due to the upstream name change + + shimx64 -> shim + + mmx64 -> MokManager + + fbx64 -> fallback +- Refresh patches: + + shim-only-os-name.patch + + shim-change-debug-file-path.patch + + shim-opensuse-cert-prompt.patch +- Drop upstreamed patches: + + shim-httpboot-support.patch + + shim-bsc973496-mokmanager-no-append-write.patch + + shim-bsc991885-fix-sig-length.patch + + shim-update-openssl-1.0.2g.patch + + shim-update-openssl-1.0.2h.patch + +------------------------------------------------------------------- +Tue May 23 03:44:48 UTC 2017 - glin@suse.com + +- Add the build flag to enable HTTPBoot + +------------------------------------------------------------------- +Wed Mar 22 10:54:41 UTC 2017 - mchang@suse.com + +- shim-install: add option --suse-enable-tpm (fate#315831) + +------------------------------------------------------------------- +Fri Jan 13 09:21:49 UTC 2017 - mchang@suse.com + +- Support %posttrans with marcos provided by update-bootloader-rpm-macros + package (bsc#997317) + +------------------------------------------------------------------- +Fri Nov 18 09:23:01 UTC 2016 - glin@suse.com + +- Add SIGNATURE_UPDATE.txt to state the steps to update + signature-*.asc +- Update the comment of strip_signature.sh + +------------------------------------------------------------------- +Wed Sep 21 09:55:40 UTC 2016 - mchang@suse.com + +- shim-install : + * add option --no-nvram (bsc#999818) + * improve removable media and fallback mode handling + +------------------------------------------------------------------- +Fri Aug 19 06:46:59 UTC 2016 - mchang@suse.com + +- shim-install : fix regression of password prompt (bsc#993764) + +------------------------------------------------------------------- +Fri Aug 5 02:53:54 UTC 2016 - glin@suse.com + +- Add shim-bsc991885-fix-sig-length.patch to fix the signature + length passed to Authenticode (bsc#991885) + +------------------------------------------------------------------- +Wed Aug 3 09:10:25 UTC 2016 - glin@suse.com + +- Update shim-bsc973496-mokmanager-no-append-write.patch to try + append write first + +------------------------------------------------------------------- +Tue Aug 2 02:59:46 UTC 2016 - glin@suse.com + +- Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h +- Bump the requirement of gnu-efi due to the HTTPBoot support + +------------------------------------------------------------------- +Mon Aug 1 09:01:59 UTC 2016 - glin@suse.com + +- Add shim-httpboot-support.patch to support HTTPBoot +- Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g + and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6 +- Drop patches since they are merged into + shim-update-openssl-1.0.2g.patch + + shim-update-openssl-1.0.2d.patch + + shim-gcc5.patch + + shim-bsc950569-fix-cryptlib-va-functions.patch + + shim-fix-aarch64.patch +- Refresh shim-change-debug-file-path.patch +- Add shim-bsc973496-mokmanager-no-append-write.patch to work + around the firmware that doesn't support APPEND_WRITE (bsc973496) +- shim-install : remove '\n' from the help message (bsc#991188) +- shim-install : print a message if there is no valid EFI partition + (bsc#991187) + +------------------------------------------------------------------- +Mon May 9 11:20:56 UTC 2016 - rw@suse.com + +- shim-install : support simple MD RAID1 target devices (FATE#314829) + +------------------------------------------------------------------- +Wed May 4 10:40:52 UTC 2016 - agraf@suse.com + +- Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438) + +------------------------------------------------------------------- +Wed Mar 9 07:15:52 UTC 2016 - mchang@suse.com + +- shim-install : fix typing ESC can escape to parent config which is + in command mode and cannot return back (bsc#966701) +- shim-install : fix no which command for JeOS (bsc#968264) + +------------------------------------------------------------------- +Thu Dec 3 10:26:14 UTC 2015 - jsegitz@novell.com + +- acquired updated signature from Microsoft + +------------------------------------------------------------------- +Mon Nov 9 08:22:43 UTC 2015 - glin@suse.com + +- Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the + definition of va functions to avoid the potential crash + (bsc#950569) +- Update shim-opensuse-cert-prompt.patch to avoid setting NULL to + MokListRT (bsc#950801) +- Drop shim-fix-mokmanager-sections.patch as we are using the + newer binutils now +- Refresh shim-change-debug-file-path.patch + +------------------------------------------------------------------- +Thu Oct 8 06:49:43 UTC 2015 - jsegitz@novell.com + +- acquired updated signature from Microsoft + +------------------------------------------------------------------- +Tue Sep 15 05:03:10 UTC 2015 - mchang@suse.com + +- shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release + if it is empty or not set by user (bsc#942519) + +------------------------------------------------------------------- +Thu Jul 16 06:49:01 UTC 2015 - glin@suse.com + +- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d +- Refresh shim-gcc5.patch and add it back since we really need it +- Add shim-change-debug-file-path.patch to change the debug file + path in shim.efi + + also add the debuginfo and debugsource subpackages +- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore + +------------------------------------------------------------------- +Mon Jul 6 09:06:02 UTC 2015 - glin@suse.com + +- Update to 0.9 +- Refresh patches + + shim-fix-gnu-efi-30w.patch + + shim-fix-mokmanager-sections.patch + + shim-opensuse-cert-prompt.patch +- Drop upstreamed patches + + shim-bsc920515-fix-fallback-buffer-length.patch + + shim-mokx-support.patch + + shim-update-cryptlib.patch +- Drop shim-bsc919675-uninstall-shim-protocols.patch since + upstream fixed the bug in another way. +- Drop shim-gcc5.patch which was fixed in another way + +------------------------------------------------------------------- +Wed Apr 8 07:10:39 UTC 2015 - glin@suse.com + +- Fix tags in the spec file + +------------------------------------------------------------------- +Tue Apr 7 07:42:06 UTC 2015 - glin@suse.com + +- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and + openssl to 0.9.8zf +- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall + the shim protocols at Exit (bsc#919675) +- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust + the buffer size for the boot options (bsc#920515) +- Refresh shim-opensuse-cert-prompt.patch + +------------------------------------------------------------------- +Thu Apr 2 16:31:28 UTC 2015 - crrodriguez@opensuse.org + +- shim-gcc5.patch: shim needs -std=gnu89 to build with GCC5 + +------------------------------------------------------------------- +Tue Feb 17 06:02:34 UTC 2015 - mchang@suse.com + +- shim-install : fix cryptodisk installation (boo#917427) + +------------------------------------------------------------------- +Tue Nov 11 04:26:00 UTC 2014 - glin@suse.com + +- Add shim-fix-mokmanager-sections.patch to fix the objcopy + parameters for the EFI files + +------------------------------------------------------------------- +Tue Oct 28 04:00:51 UTC 2014 - glin@suse.com + +- Update to 0.8 +- Add shim-fix-gnu-efi-30w.patch to adapt the change in + gnu-efi-3.0w +- Merge shim-signed-unsigned-compares.patch, + shim-mokmanager-support-sha-family.patch and + shim-bnc863205-mokmanager-fix-hash-delete.patch into + shim-mokx-support.patch +- Refresh shim-opensuse-cert-prompt.patch +- Drop upstreamed patches: shim-update-openssl-0.9.8zb.patch, + bug-889332_shim-overflow.patch, and bug-889332_shim-mok-oob.patch +- Enable aarch64 + +------------------------------------------------------------------- +Mon Oct 13 13:09:14 UTC 2014 - jsegitz@novell.com + +- Fixed buffer overflow and OOB access in shim trusted code path + (bnc#889332, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677) + * added bug-889332_shim-mok-oob.patch, bug-889332_shim-overflow.patch +- Added new certificate by Microsoft + +------------------------------------------------------------------- +Wed Sep 3 12:32:25 UTC 2014 - lnussel@suse.de + +- re-introduce build failure if shim_enforce_ms_signature is defined. That way + a project like openSUSE:Factory can decide whether or not shim needs a valid + MS signature. + +------------------------------------------------------------------- +Tue Aug 19 04:38:36 UTC 2014 - glin@suse.com + +- Add shim-update-openssl-0.9.8zb.patch to update openssl to + 0.9.8zb + +------------------------------------------------------------------- +Tue Aug 12 14:19:36 UTC 2014 - jsegitz@suse.com + +- updated shim to new version (OpenSSL 0.9.8za) and requested a new + certificate from Microsoft. Removed + * shim-allow-fallback-use-system-loadimage.patch + * shim-bnc872503-check-key-encoding.patch + * shim-bnc877003-fetch-from-the-same-device.patch + * shim-correct-user_insecure-usage.patch + * shim-fallback-avoid-duplicate-bootorder.patch + * shim-fallback-improve-entries-creation.patch + * shim-fix-dhcpv4-path-generation.patch + * shim-fix-uninitialized-variable.patch + * shim-fix-verify-mok.patch + * shim-get-variable-check.patch + * shim-improve-error-messages.patch + * shim-mokmanager-delete-bs-var-right.patch + * shim-mokmanager-handle-keystroke-error.patch + * shim-remove-unused-variables.patch + since they're included in upstream and rebased the remaining onces. + Added shim-signed-unsigned-compares.patch to fix some compiler + warnings + +------------------------------------------------------------------- +Tue Aug 12 09:18:42 UTC 2014 - glin@suse.com + +- Keep shim-devel.efi for the devel project + +------------------------------------------------------------------- +Fri Aug 8 11:18:36 UTC 2014 - lnussel@suse.de + +- don't fail the build if the UEFI signing service signature can't + be attached anymore. This way shim can still pass through staging + projects. We will verify the correct signature for release builds + using openQA instead. + +------------------------------------------------------------------- +Mon Aug 4 07:53:22 UTC 2014 - mchang@suse.com + +- shim-install: fix GRUB shows broken letters at boot by calling + grub2-install to initialize /boot/grub2 directory with files + needed by grub.cfg (bnc#889765) + +------------------------------------------------------------------- +Wed May 28 04:13:33 UTC 2014 - glin@suse.com + +- Add shim-remove-unused-variables.patch to remove the unused + variables +- Add shim-bnc872503-check-key-encoding.patch to check the encoding + of the keys (bnc#872503) +- Add shim-bnc877003-fetch-from-the-same-device.patch to fetch the + netboot image from the same device (bnc#877003) +- Refresh shim-opensuse-cert-prompt.patch + +------------------------------------------------------------------- +Wed May 14 09:39:02 UTC 2014 - glin@suse.com + +- Use --reinit instead of --refresh in %post to update the files + in /boot + +------------------------------------------------------------------- +Tue Apr 29 07:38:11 UTC 2014 - mchang@suse.com + +- shim-install: fix boot partition and rollback support kluge + (bnc#875385) + +------------------------------------------------------------------- +Thu Apr 10 08:20:20 UTC 2014 - glin@suse.com + +- Replace shim-mokmanager-support-sha1.patch with + shim-mokmanager-support-sha-family.patch to support the SHA + family + +------------------------------------------------------------------- +Mon Apr 7 09:32:21 UTC 2014 - glin@suse.com + +- Add shim-mokmanager-support-sha1.patch to support SHA1 hashes in + MOK + +------------------------------------------------------------------- +Mon Mar 31 11:57:13 UTC 2014 - mchang@suse.com + +- snapper rollback support (fate#317062) + - refresh shim-install + +------------------------------------------------------------------- +Thu Mar 13 02:32:15 UTC 2014 - glin@suse.com + +- Insert the right signature (bnc#867974) + +------------------------------------------------------------------- +Mon Mar 10 07:56:44 UTC 2014 - glin@suse.com + +- Add shim-fix-uninitialized-variable.patch to fix the use of + uninitialzed variables in lib + +------------------------------------------------------------------- +Fri Mar 7 09:09:12 UTC 2014 - glin@suse.com + +- Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV + variables the right way +- Update shim-opensuse-cert-prompt.patch to delete openSUSE_Verify + correctly + +------------------------------------------------------------------- +Thu Mar 6 07:37:57 UTC 2014 - glin@suse.com + +- Add shim-fallback-avoid-duplicate-bootorder.patch to fix the + duplicate entries in BootOrder +- Add shim-allow-fallback-use-system-loadimage.patch to handle the + shim protocol properly to keep only one protocol entity +- Refresh shim-opensuse-cert-prompt.patch + +------------------------------------------------------------------- +Thu Mar 6 03:53:49 UTC 2014 - mchang@suse.com + +- shim-install: fix the $prefix to use grub2-mkrelpath for paths + on btrfs subvolume (bnc#866690). + +------------------------------------------------------------------- +Tue Mar 4 04:19:05 UTC 2014 - glin@suse.com + +- FATE#315002: Update shim-install to install shim.efi as the EFI + default bootloader when none exists in \EFI\boot. + +------------------------------------------------------------------- +Thu Feb 27 09:46:49 UTC 2014 - fcrozat@suse.com + +- Update signature-sles.asc: shim signed by UEFI signing service, + based on code from "Thu Feb 20 11:57:01 UTC 2014" + +------------------------------------------------------------------- +Fri Feb 21 08:45:46 UTC 2014 - glin@suse.com + +- Add shim-opensuse-cert-prompt.patch to show the prompt to ask + whether the user trusts the openSUSE certificate or not + +------------------------------------------------------------------- +Thu Feb 20 11:57:01 UTC 2014 - lnussel@suse.de + +- allow package to carry multiple signatures +- check correct certificate is embedded + +------------------------------------------------------------------- +Thu Feb 20 10:06:47 UTC 2014 - lnussel@suse.de + +- always clean up generated files that embed certificates + (shim_cert.h shim.cer shim.crt) to make sure next build loop + rebuilds them properly + +------------------------------------------------------------------- +Mon Feb 17 09:58:56 UTC 2014 - glin@suse.com + +- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the + hash deletion operation to avoid ruining the whole list + (bnc#863205) + +------------------------------------------------------------------- +Tue Feb 11 06:30:02 UTC 2014 - glin@suse.com + +- Update shim-mokx-support.patch to support the resetting of MOK + blacklist +- Add shim-get-variable-check.patch to fix the variable checking + in get_variable_attr +- Add shim-fallback-improve-entries-creation.patch to improve the + boot entry pathes and avoid generating the boot entries that + are already there +- Update SUSE certificate +- Update attach_signature.sh, show_hash.sh, strip_signature.sh, + extract_signature.sh and show_signatures.sh to remove the + creation of the temporary nss database +- Add shim-only-os-name.patch: remove the kernel version of the + build server +- Match the the prefix of the project name properly by escaping the + percent sign. + +------------------------------------------------------------------- +Wed Jan 22 13:45:44 UTC 2014 - lnussel@suse.de + +- enable signature assertion also in SUSE: hierarchy + +------------------------------------------------------------------- +Fri Dec 6 06:44:43 UTC 2013 - glin@suse.com + +- Add shim-mokmanager-handle-keystroke-error.patch to handle the + error status from ReadKeyStroke to avoid unexpected keys + +------------------------------------------------------------------- +Thu Dec 5 02:05:13 UTC 2013 - glin@suse.com + +- Update to 0.7 +- Add upstream patches: + + shim-fix-verify-mok.patch + + shim-improve-error-messages.patch + + shim-correct-user_insecure-usage.patch + + shim-fix-dhcpv4-path-generation.patch +- Add shim-mokx-support.patch to support the MOK blacklist + (Fate#316531) +- Drop upstreamed patches + + shim-fix-pointer-casting.patch + + shim-merge-lf-loader-code.patch + + shim-fix-simple-file-selector.patch + + shim-mokmanager-support-crypt-hash-method.patch + + shim-bnc804631-fix-broken-bootpath.patch + + shim-bnc798043-no-doulbe-separators.patch + + shim-bnc807760-change-pxe-2nd-loader-name.patch + + shim-bnc808106-correct-certcount.patch + + shim-mokmanager-ui-revamp.patch + + shim-netboot-fixes.patch + + shim-mokmanager-disable-gfx-console.patch +- Drop shim-suse-build.patch: it's not necessary anymore +- Drop shim-bnc841426-silence-shim-protocols.patch: shim is not + verbose by default + +------------------------------------------------------------------- +Thu Oct 31 09:11:18 UTC 2013 - fcrozat@suse.com + +- Update microsoft.asc: shim signed by UEFI signing service, based + on code from "Tue Oct 1 04:29:29 UTC 2013". + +------------------------------------------------------------------- +Tue Oct 1 04:29:29 UTC 2013 - glin@suse.com + +- Add shim-netboot-fixes.patch to include upstream netboot fixes +- Add shim-mokmanager-disable-gfx-console.patch to disable the + graphics console to avoid system hang on some machines +- Add shim-bnc841426-silence-shim-protocols.patch to silence the + shim protocols (bnc#841426) + +------------------------------------------------------------------- +Wed Sep 25 07:17:54 UTC 2013 - glin@suse.com + +- Create boot.csv in ESP for fallback.efi to restore the boot entry + +------------------------------------------------------------------- +Tue Sep 17 10:53:50 CEST 2013 - fcrozat@suse.com + +- Update microsoft.asc: shim signed by UEFI signing service, based + on code from "Fri Sep 6 13:57:36 UTC 2013". +- Improve extract_signature.sh to work on current path. + +------------------------------------------------------------------- +Fri Sep 6 13:57:36 UTC 2013 - lnussel@suse.de + +- set timestamp of PE file to time of the binary the signature was + made for. +- make sure cert.o get's rebuilt for each target + +------------------------------------------------------------------- +Fri Sep 6 11:48:14 CEST 2013 - fcrozat@suse.com + +- Update microsoft.asc: shim signed by UEFI signing service, based + on code from "Wed Aug 28 15:54:38 UTC 2013" + +------------------------------------------------------------------- +Wed Aug 28 15:54:38 UTC 2013 - lnussel@suse.de + +- always build a shim that embeds the distro's certificate (e.g. + shim-opensuse.efi). If the package is built in the devel project + additionally shim-devel.efi is created. That allows us to either + load grub2/kernel signed by the distro or signed by the devel + project, depending on use case. Also shim-$distro.efi from the + devel project can be used to request additional signatures. + +------------------------------------------------------------------- +Wed Aug 28 07:16:51 UTC 2013 - lnussel@suse.de + +- also include old openSUSE 4096 bit certificate to be able to still + boot kernels signed with that key. +- add show_signatures script + +------------------------------------------------------------------- +Tue Aug 27 06:41:03 UTC 2013 - lnussel@suse.de + +- replace the 4096 bit openSUSE UEFI CA certificate with new a + standard compliant 2048 bit one. + +------------------------------------------------------------------- +Tue Aug 20 11:48:25 UTC 2013 - lnussel@suse.de + +- fix shell syntax error + +------------------------------------------------------------------- +Wed Aug 7 15:51:36 UTC 2013 - lnussel@suse.de + +- don't include binary in the sources. Instead package the raw + signature and attach it during build (bnc#813448). + +------------------------------------------------------------------- +Tue Jul 30 07:36:28 UTC 2013 - glin@suse.com + +- Update shim-mokmanager-ui-revamp.patch to include fixes for + MokManager + + reboot the system after clearing MOK password + + fetch more info from X509 name + + check the suffix of the key file + +------------------------------------------------------------------- +Tue Jul 23 03:55:05 UTC 2013 - glin@suse.com + +- Update to 0.4 +- Rebase patches + + shim-suse-build.patch + + shim-mokmanager-support-crypt-hash-method.patch + + shim-bnc804631-fix-broken-bootpath.patch + + shim-bnc798043-no-doulbe-separators.patch + + shim-bnc807760-change-pxe-2nd-loader-name.patch + + shim-bnc808106-correct-certcount.patch + + shim-mokmanager-ui-revamp.patch +- Add patches + + shim-merge-lf-loader-code.patch: merge the Linux Foundation + loader UI code + + shim-fix-pointer-casting.patch: fix a casting issue and the + size of an empty vendor cert + + shim-fix-simple-file-selector.patch: fix the buffer allocation + in the simple file selector +- Remove upstreamed patches + + shim-support-mok-delete.patch + + shim-reboot-after-changes.patch + + shim-clear-queued-key.patch + + shim-local-key-sign-mokmanager.patch + + shim-get-2nd-stage-loader.patch + + shim-fix-loadoptions.patch +- Remove unused patch: shim-mokmanager-new-pw-hash.patch and + shim-keep-unsigned-mokmanager.patch +- Install the vendor certificate to /etc/uefi/certs + +------------------------------------------------------------------- +Wed May 8 06:40:12 UTC 2013 - glin@suse.com + +- Add shim-mokmanager-ui-revamp.patch to update the MokManager UI + +------------------------------------------------------------------- +Wed Apr 3 03:54:22 UTC 2013 - glin@suse.com + +- Call update-bootloader in %post to update *.efi in \efi\opensuse + (bnc#813079) + +------------------------------------------------------------------- +Fri Mar 8 06:53:47 UTC 2013 - glin@suse.com + +- Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the + PXE 2nd stage loader name (bnc#807760) +- Add shim-bnc808106-correct-certcount.patch to correct the + certificate count of the signature list (bnc#808106) + +------------------------------------------------------------------- +Fri Mar 1 10:07:55 UTC 2013 - glin@suse.com + +- Add shim-bnc798043-no-doulbe-separators.patch to remove double + seperators from the bootpath (bnc#798043#c4) + +------------------------------------------------------------------- +Thu Feb 28 08:57:48 UTC 2013 - lnussel@suse.de + +- sign shim also with openSUSE certificate + +------------------------------------------------------------------- +Wed Feb 27 15:52:53 CET 2013 - mls@suse.de + +- identify project, export certificate as DER file +- don't create an unused extra keypair + +------------------------------------------------------------------- +Thu Feb 21 10:08:12 UTC 2013 - glin@suse.com + +- Add shim-bnc804631-fix-broken-bootpath.patch to fix the broken + bootpath generated in generate_path(). (bnc#804631) + +------------------------------------------------------------------- +Mon Feb 11 12:15:25 UTC 2013 - fcrozat@suse.com + +- Update with shim signed by UEFI signing service, based on code + from "Thu Feb 7 06:56:19 UTC 2013". + +------------------------------------------------------------------- +Thu Feb 7 13:54:06 UTC 2013 - lnussel@suse.de + +- prepare for having a signed shim from the UEFI signing service + +------------------------------------------------------------------- +Thu Feb 7 06:56:19 UTC 2013 - glin@suse.com + +- Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert +- Add shim-keep-unsigned-mokmanager.patch to keep the unsigned + MokManager and sign it later. + +------------------------------------------------------------------- +Wed Feb 6 06:35:45 UTC 2013 - mchang@suse.com + +- Add shim-install utility +- Add Recommends to grub2-efi + +------------------------------------------------------------------- +Wed Jan 30 09:00:31 UTC 2013 - glin@suse.com + +- Add shim-mokmanager-support-crypt-hash-method.patch to support + password hash from /etc/shadow (FATE#314506) + +------------------------------------------------------------------- +Tue Jan 29 03:20:48 UTC 2013 - glin@suse.com + +- Embed openSUSE-UEFI-CA-Certificate.crt in shim +- Rename shim-unsigned.efi to shim-opensuse.efi. + +------------------------------------------------------------------- +Fri Jan 18 10:06:13 UTC 2013 - glin@suse.com + +- Update shim-mokmanager-new-pw-hash.patch to extend the password + hash format +- Rename shim.efi as shim-unsigned.efi + +------------------------------------------------------------------- +Wed Jan 16 08:01:55 UTC 2013 - glin@suse.com + +- Merge patches for FATE#314506 + + Add shim-support-mok-delete.patch to add support for deleting + specific keys + + Add shim-mokmanager-new-pw-hash.patch to support the new + password hash. +- Drop shim-correct-mok-size.patch which is included in + shim-support-mok-delete.patch +- Merge shim-remove-debug-code.patch and + shim-local-sign-mokmanager.patch into + shim-local-key-sign-mokmanager.patch +- Install COPYRIGHT + +------------------------------------------------------------------- +Tue Jan 15 03:17:53 UTC 2013 - glin@suse.com + +- Add shim-fix-loadoptions.patch to adopt the UEFI shell style + LoadOptions (bnc#798043) +- Drop shim-check-pk-kek.patch since upstream rejected the patch + due to violation of SPEC. +- Install EFI binaries to /usr/lib64/efi + +------------------------------------------------------------------- +Wed Dec 26 07:05:02 UTC 2012 - glin@suse.com + +- Update shim-reboot-after-changes.patch to avoid rebooting the + system after enrolling keys/hashes from the file system +- Add shim-correct-mok-size.patch to correct the size of MOK +- Add shim-clear-queued-key.patch to clear the queued key and show + the menu properly + +------------------------------------------------------------------- +Wed Dec 12 15:16:18 UTC 2012 - fcrozat@suse.com + +- Remove shim-rpmlintrc, it wasn't fixing the error, hide error + stdout to prevent post build check to get triggered by cast + warnings in openSSL code +- Add shim-remove-debug-code.patch: remove debug code + +------------------------------------------------------------------- +Wed Dec 12 04:01:52 UTC 2012 - glin@suse.com + +- Add shim-rpmlintrc to filter 64bit portability errors + +------------------------------------------------------------------- +Tue Dec 11 07:36:32 UTC 2012 - glin@suse.com + +- Add shim-local-sign-mokmanager.patch to create a local certicate + to sign MokManager +- Add shim-get-2nd-stage-loader.patch to get the second stage + loader path from the load options +- Add shim-check-pk-kek.patch to verify EFI images with PK and KEK +- Add shim-reboot-after-changes.patch to reboot the system after + enrolling or erasing keys +- Install the EFI images to /usr/lib64/shim instead of the EFI + partition +- Update the mail address of the author + +------------------------------------------------------------------- +Fri Nov 2 08:19:37 UTC 2012 - glin@suse.com + +- Add new package shim 0.2 (FATE#314484) + + It's in fact git 2fd180a92 since there is no tag for 0.2 + diff --git a/shim-noarch/shim.spec b/shim-noarch/shim.spec new file mode 100644 index 0000000..44c1652 --- /dev/null +++ b/shim-noarch/shim.spec @@ -0,0 +1,90 @@ +# +# spec file for package shim +# +# Copyright (c) 2021 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + +%undefine _debuginfo_subpackages +%undefine _build_create_debug +# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523) +%define sysefibasedir %{_datadir}/efi + +Name: shim +Version: 15.7 +Release: 0 +Summary: UEFI shim loader +License: BSD-2-Clause +Group: System/Boot +URL: https://github.com/rhboot/shim +Source: shim-15.7-150300.4.16.1.x86_64.rpm +Source1: shim-15.7-150300.4.16.1.aarch64.rpm +Requires: perl-Bootloader +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildArch: noarch + +%description +shim is a trivial EFI application that, when run, attempts to open and +execute another application. + +%package aarch64 +Provides: shim(aarch64) +Group: System/Boot +Summary: UEFI shim loader + +%package x86_64 +Provides: shim(x86_64) +Group: System/Boot +Summary: UEFI shim loader + +%description aarch64 +shim is a trivial EFI application that, when run, attempts to open and +execute another application. + +%description x86_64 +shim is a trivial EFI application that, when run, attempts to open and +execute another application. + +%prep +rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories +rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories + +%build + +%install +# purely repackaged +cp -a * %{buildroot} +rm -rf %{buildroot}/usr/lib64/efi +rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT + +%files aarch64 +%defattr(-,root,root) +%dir %{?sysefibasedir} +%dir %{sysefibasedir}/aarch64 +%{sysefibasedir}/aarch64/shim.efi +%{sysefibasedir}/aarch64/shim-*.efi +%{sysefibasedir}/aarch64/shim-*.der +%{sysefibasedir}/aarch64/MokManager.efi +%{sysefibasedir}/aarch64/fallback.efi + +%files x86_64 +%defattr(-,root,root) +%dir %{?sysefibasedir} +%dir %{sysefibasedir}/x86_64 +%{sysefibasedir}/x86_64/shim.efi +%{sysefibasedir}/x86_64/shim-*.efi +%{sysefibasedir}/x86_64/shim-*.der +%{sysefibasedir}/x86_64/MokManager.efi +%{sysefibasedir}/x86_64/fallback.efi + +%changelog -- 2.49.0 From e3f36b74d993e3b8830c3130840556e03a3e446acd39312ea3427c9582fb45e5 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Wed, 9 Apr 2025 11:13:58 +0200 Subject: [PATCH 34/55] Enable aarch64 build for kiwi-builder-image Signed-off-by: Nicolas Belouin --- _config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_config b/_config index 3a0f922..2aeaec0 100644 --- a/_config +++ b/_config @@ -58,6 +58,7 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:endpoint-copier-operator-image BuildFlags: excludebuild:ironic-image BuildFlags: excludebuild:ironic-ipa-downloader-image + BuildFlags: excludebuild:kiwi-builder-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image @@ -80,6 +81,7 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:ironic-image BuildFlags: onlybuild:ironic-ipa-downloader-image BuildFlags: onlybuild:ironic-ipa-ramdisk + BuildFlags: onlybuild:kiwi-builder-image BuildFlags: onlybuild:kube-rbac-proxy BuildFlags: onlybuild:kube-rbac-proxy-image BuildFlags: onlybuild:metallb -- 2.49.0 From b91c34b6c39619aae437c671389f815eaff180a4e2a09d85bfbc86a8ddc1813b Mon Sep 17 00:00:00 2001 From: Denislav Prodanov Date: Thu, 10 Apr 2025 15:00:09 +0300 Subject: [PATCH 35/55] [3.3] - bump nm configurator rpm to 0.3.2 [3.3] - bump nm config to 0.3.2 use lfs --- nm-configurator/.gitattributes | 1 - nm-configurator/_service | 2 +- nm-configurator/_servicedata | 2 +- nm-configurator/nm-configurator-0.3.1.obscpio | 3 --- nm-configurator/nm-configurator-0.3.2.obscpio | 3 +++ nm-configurator/nm-configurator.obsinfo | 6 +++--- nm-configurator/nmc.spec | 2 +- nm-configurator/vendor.tar.xz | 4 ++-- 8 files changed, 11 insertions(+), 12 deletions(-) delete mode 100644 nm-configurator/.gitattributes delete mode 100644 nm-configurator/nm-configurator-0.3.1.obscpio create mode 100644 nm-configurator/nm-configurator-0.3.2.obscpio diff --git a/nm-configurator/.gitattributes b/nm-configurator/.gitattributes deleted file mode 100644 index a6f09be..0000000 --- a/nm-configurator/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.obscpio filter=lfs diff=lfs merge=lfs -text diff --git a/nm-configurator/_service b/nm-configurator/_service index 5a481e9..ec4e84e 100644 --- a/nm-configurator/_service +++ b/nm-configurator/_service @@ -3,7 +3,7 @@ https://github.com/suse-edge/nm-configurator.git @PARENT_TAG@ git - v0.3.1 + v0.3.2 * v(\d+\.\d+\.\d+) \1 diff --git a/nm-configurator/_servicedata b/nm-configurator/_servicedata index 1627b06..df910cc 100644 --- a/nm-configurator/_servicedata +++ b/nm-configurator/_servicedata @@ -1,4 +1,4 @@ https://github.com/suse-edge/nm-configurator.git - 8a7b3180476cd0d5958a809c527bd8cb9b3f247b \ No newline at end of file + 747301ba15a28e758d1f06070dc7ff29a5e80242 \ No newline at end of file diff --git a/nm-configurator/nm-configurator-0.3.1.obscpio b/nm-configurator/nm-configurator-0.3.1.obscpio deleted file mode 100644 index 157f87f..0000000 --- a/nm-configurator/nm-configurator-0.3.1.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:86b339e21a29fe9b652fadf7242f4e6c335d268cd35e40d8ebc3edac7aed3f9e -size 107531 diff --git a/nm-configurator/nm-configurator-0.3.2.obscpio b/nm-configurator/nm-configurator-0.3.2.obscpio new file mode 100644 index 0000000..89e3de6 --- /dev/null +++ b/nm-configurator/nm-configurator-0.3.2.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:528dcffbd9ef4a62eef094abca8a41d998f001a607305476be7b45b589b5e9c1 +size 122379 diff --git a/nm-configurator/nm-configurator.obsinfo b/nm-configurator/nm-configurator.obsinfo index db34e38..d738174 100644 --- a/nm-configurator/nm-configurator.obsinfo +++ b/nm-configurator/nm-configurator.obsinfo @@ -1,4 +1,4 @@ name: nm-configurator -version: 0.3.1 -mtime: 1725004214 -commit: 8a7b3180476cd0d5958a809c527bd8cb9b3f247b +version: 0.3.2 +mtime: 1744218621 +commit: 747301ba15a28e758d1f06070dc7ff29a5e80242 diff --git a/nm-configurator/nmc.spec b/nm-configurator/nmc.spec index 1bd9d8f..53b7a67 100644 --- a/nm-configurator/nmc.spec +++ b/nm-configurator/nmc.spec @@ -17,7 +17,7 @@ Name: nm-configurator -Version: 0.3.1 +Version: 0.3.2 Release: 0 Summary: NM Configurator License: Apache-2.0 diff --git a/nm-configurator/vendor.tar.xz b/nm-configurator/vendor.tar.xz index 1ec3c12..0f028e3 100644 --- a/nm-configurator/vendor.tar.xz +++ b/nm-configurator/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:9060aa39d842c196c8395abce78f73c0b8275417380d6a7810d24044e14700a8 -size 19861716 +oid sha256:478cbb9accdc614ede623dda16cbebcf0268a585e85082da025cdcfa9bcd3222 +size 19059276 -- 2.49.0 From 3adc816d9891aa7da757bccb6ff9bec157cdf758058749ebcd2198f28df374e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Tue, 22 Apr 2025 17:58:10 +0200 Subject: [PATCH 36/55] Remove no longer necessary workaround --- kiwi-builder-image/Dockerfile | 3 --- 1 file changed, 3 deletions(-) diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile index 1251741..c2cff01 100644 --- a/kiwi-builder-image/Dockerfile +++ b/kiwi-builder-image/Dockerfile @@ -21,9 +21,6 @@ LABEL com.suse.image-type="application" LABEL com.suse.release-stage="released" # endlabelprefix -# Configure Kiwi to use kpartx -RUN echo -e "mapper:\n - part_mapper: kpartx" > /etc/kiwi.yml - # Copy build script into image and make it executable ADD build-image.sh /usr/bin/build-image RUN chmod a+x /usr/bin/build-image -- 2.49.0 From 0dbc0f8b52022d2a2968b66c9d10037f9b8b2037bc1e0c6285a299b7b1c45860 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Tue, 22 Apr 2025 18:02:50 +0200 Subject: [PATCH 37/55] Ensure kiwi versions and build tags actually align --- kiwi-builder-image/Dockerfile | 17 ++++++++++++----- kiwi-builder-image/_service | 5 +++++ 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile index c2cff01..79eb75d 100644 --- a/kiwi-builder-image/Dockerfile +++ b/kiwi-builder-image/Dockerfile @@ -1,6 +1,10 @@ -#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1 -#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1-%RELEASE% -FROM registry.suse.com/bci/kiwi:10.1.16 +#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0 + +ARG KIWIVERSION="10.2.12" +FROM registry.suse.com/bci/kiwi:${KIWIVERSION} +ARG KIWIVERSION + MAINTAINER SUSE LLC (https://www.suse.com/) # Define labels according to https://en.opensuse.org/Building_derived_containers @@ -8,11 +12,11 @@ MAINTAINER SUSE LLC (https://www.suse.com/) LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image" LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="%PACKAGE_VERSION%" +LABEL org.opencontainers.image.version="%%kiwi_version%%" LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.1" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" @@ -21,6 +25,9 @@ LABEL com.suse.image-type="application" LABEL com.suse.release-stage="released" # endlabelprefix +# help the build service understand the need for python3-kiwi +RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || echo "version mismatch" + # Copy build script into image and make it executable ADD build-image.sh /usr/bin/build-image RUN chmod a+x /usr/bin/build-image diff --git a/kiwi-builder-image/_service b/kiwi-builder-image/_service index 0def281..1640181 100644 --- a/kiwi-builder-image/_service +++ b/kiwi-builder-image/_service @@ -16,4 +16,9 @@ SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level) SUPPORT_LEVEL + + Dockerfile + %%kiwi_version%% + python3-kiwi + -- 2.49.0 From 437b0fdc419a43c1879c6acab79228b0dfe10fecd0ca542d399bbada57df2b63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Tue, 22 Apr 2025 18:21:00 +0200 Subject: [PATCH 38/55] update README as well Although this file seems to be unused? --- kiwi-builder-image/README | 24 ++++++++++++------------ kiwi-builder-image/_service | 5 +++++ 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/kiwi-builder-image/README b/kiwi-builder-image/README index 684137f..342db77 100644 --- a/kiwi-builder-image/README +++ b/kiwi-builder-image/README @@ -8,7 +8,7 @@ Please ensure that you're running this on a registered SUSE Linux Micro 6.1 syst Next, download the podman image: -# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 +# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 Make a local output directory (where the images will reside): @@ -16,40 +16,40 @@ Make a local output directory (where the images will reside): Then, to build a standard "Base" image, run the following in podman: -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image To build a "Base" SelfInstall ISO, you can add additional flags, for example: -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-SelfInstall +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-SelfInstall Then, to build a standard "Default" image, run the following in podman: -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default To build a "Default" SelfInstall ISO, you can add additional flags, for example: -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following: -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-RT +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-RT To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example: -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall -b +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall -b # mkdir mydefs/ # cp /path/to/SL-Micro.kiwi mydefs/ # cp /path/to/config.sh mydefs/ -# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image +# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image All output will be in the local $(pwd)/output directory, for example: # ls -1 output/ -SLE-Micro.x86_64-6.1.changes -SLE-Micro.x86_64-6.1.packages -SLE-Micro.x86_64-6.1.raw -SLE-Micro.x86_64-6.1.verified +SL-Micro.x86_64-6.1.changes +SL-Micro.x86_64-6.1.packages +SL-Micro.x86_64-6.1.raw +SL-Micro.x86_64-6.1.verified build kiwi.result kiwi.result.json diff --git a/kiwi-builder-image/_service b/kiwi-builder-image/_service index 1640181..14f9667 100644 --- a/kiwi-builder-image/_service +++ b/kiwi-builder-image/_service @@ -21,4 +21,9 @@ %%kiwi_version%% python3-kiwi + + README + %%kiwi_version%% + python3-kiwi + -- 2.49.0 From ef256bc1d709b72b06a7730d45bfd00f573cc893a6c663283606af2e97797e4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Wed, 23 Apr 2025 13:43:25 +0200 Subject: [PATCH 39/55] make version mismatches fatal --- kiwi-builder-image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile index 79eb75d..ecd57bb 100644 --- a/kiwi-builder-image/Dockerfile +++ b/kiwi-builder-image/Dockerfile @@ -26,7 +26,7 @@ LABEL com.suse.release-stage="released" # endlabelprefix # help the build service understand the need for python3-kiwi -RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || echo "version mismatch" +RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; } # Copy build script into image and make it executable ADD build-image.sh /usr/bin/build-image -- 2.49.0 From 04937b90b77c79078fac0de67d2b2710ea579d17a57d5c0d94e255af81a12b72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Wed, 23 Apr 2025 14:51:07 +0200 Subject: [PATCH 40/55] build the kiwi-image in an images_16.0 repository --- _config | 16 +++++++++++++++- _meta | 14 ++++++++++---- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/_config b/_config index 2aeaec0..e4dc9f6 100644 --- a/_config +++ b/_config @@ -81,7 +81,6 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:ironic-image BuildFlags: onlybuild:ironic-ipa-downloader-image BuildFlags: onlybuild:ironic-ipa-ramdisk - BuildFlags: onlybuild:kiwi-builder-image BuildFlags: onlybuild:kube-rbac-proxy BuildFlags: onlybuild:kube-rbac-proxy-image BuildFlags: onlybuild:metallb @@ -105,6 +104,21 @@ BuildFlags: onlybuild:release-manifest-image PublishFlags: archsync %endif +%if "%_repository" == "images_16.0" + Prefer: container:sles15-image + Type: docker + BuildEngine: podman + Repotype: none + Patterntype: none + BuildFlags: dockerarg:SLE_VERSION=16.0 + BuildFlags: onlybuild:kiwi-builder-image + + # Publish multi-arch container images only once all archs have been built + PublishFlags: archsync +%endif + + + %if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts" Type: helm Repotype: helm diff --git a/_meta b/_meta index 334ecb0..8d2c622 100644 --- a/_meta +++ b/_meta @@ -31,14 +31,20 @@ x86_64 {%- endif %} -{%- for repository in ["images", "test_manifest_images"] %} +{%- for repository in ["images", "images_16.0", "test_manifest_images"] %} - {%- if release_project is defined and repository == "images" %} + {%- if release_project is defined and repository != "test_manifest_images" %} {%- endif %} - - + {%- if repository == "images_16.0" %} + + + + {%- else %} + + + {%- endif %} x86_64 aarch64 -- 2.49.0 From cb70d25886deea66d8144dbb33fbc814cef30c694e42bb2a6d61d00654f58bbf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dirk=20M=C3=BCller?= Date: Wed, 23 Apr 2025 19:10:18 +0200 Subject: [PATCH 41/55] Remove MAINTAINER statement this is deprecated and already in oci.authors --- kiwi-builder-image/Dockerfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile index ecd57bb..f394d09 100644 --- a/kiwi-builder-image/Dockerfile +++ b/kiwi-builder-image/Dockerfile @@ -5,8 +5,6 @@ ARG KIWIVERSION="10.2.12" FROM registry.suse.com/bci/kiwi:${KIWIVERSION} ARG KIWIVERSION -MAINTAINER SUSE LLC (https://www.suse.com/) - # Define labels according to https://en.opensuse.org/Building_derived_containers # labelprefix=com.suse.application.akri LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" -- 2.49.0 From 3f968b0a062e261e6cab43395dd6f4e67938b5649b4a5aeec4a21cfb0d98b3c6 Mon Sep 17 00:00:00 2001 From: Jiri Tomasek Date: Mon, 28 Apr 2025 11:35:09 +0200 Subject: [PATCH 42/55] Add akri-dashboard-extension-chart version 303.0.1+up1.3.0 --- akri-dashboard-extension-chart/Chart.yaml | 21 ++++++++++--------- .../templates/cr.yaml | 4 ++-- akri-dashboard-extension-chart/values.yaml | 4 ++-- release-manifest-image/release_manifest.yaml | 2 +- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/akri-dashboard-extension-chart/Chart.yaml b/akri-dashboard-extension-chart/Chart.yaml index 9b80fb4..7504856 100644 --- a/akri-dashboard-extension-chart/Chart.yaml +++ b/akri-dashboard-extension-chart/Chart.yaml @@ -1,21 +1,22 @@ -#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0 -#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1 -#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.1 +#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.0 +#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Akri - catalog.cattle.io/kube-version: ">= v1.26.0-0" catalog.cattle.io/namespace: cattle-ui-plugin-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux, windows - catalog.cattle.io/rancher-version: ">= 2.10.0-0" catalog.cattle.io/scope: management catalog.cattle.io/ui-component: plugins - catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0" + catalog.cattle.io/display-name: Akri + catalog.cattle.io/rancher-version: '>= 2.11.0-0' + catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0' + catalog.cattle.io/kube-version: '>= v1.26.0-0' apiVersion: v2 -appVersion: 302.0.0+up1.2.1 +appVersion: 303.0.1+up1.3.0 description: 'SUSE Edge: Akri extension for Rancher Dashboard' name: akri-dashboard-extension type: application -version: "%%CHART_MAJOR%%.0.0+up1.2.1" -icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg +version: "%%CHART_MAJOR%%.0.1+up1.3.0" +icon: >- + https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg diff --git a/akri-dashboard-extension-chart/templates/cr.yaml b/akri-dashboard-extension-chart/templates/cr.yaml index e7912d4..886bac5 100644 --- a/akri-dashboard-extension-chart/templates/cr.yaml +++ b/akri-dashboard-extension-chart/templates/cr.yaml @@ -8,7 +8,7 @@ spec: plugin: name: {{ include "extension-server.fullname" . }} version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }} - endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1 + endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0 noCache: {{ .Values.plugin.noCache }} noAuth: {{ .Values.plugin.noAuth }} - metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }} \ No newline at end of file + metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }} diff --git a/akri-dashboard-extension-chart/values.yaml b/akri-dashboard-extension-chart/values.yaml index a89f903..3b5aecb 100644 --- a/akri-dashboard-extension-chart/values.yaml +++ b/akri-dashboard-extension-chart/values.yaml @@ -7,6 +7,6 @@ plugin: noAuth: false metadata: catalog.cattle.io/display-name: Akri - catalog.cattle.io/rancher-version: ">= 2.10.0-0" - catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0" + catalog.cattle.io/rancher-version: ">= 2.11.0-0" + catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0" catalog.cattle.io/kube-version: ">= v1.26.0-0" diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 00bd71b..e9f3f51 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -167,7 +167,7 @@ spec: addonCharts: - releaseName: akri-dashboard-extension chart: %%CHART_REPO%%/%%IMG_PREFIX%%akri-dashboard-extension-chart - version: %%CHART_MAJOR%%.0.0+up1.2.1 + version: %%CHART_MAJOR%%.0.1+up1.3.0 - prettyName: Metal3 releaseName: metal3 chart: %%CHART_REPO%%/%%IMG_PREFIX%%metal3-chart -- 2.49.0 From 27aa09624433e1ba8d959ef278d5a9d329a733d9c2601af0b2baf2d5b0f034ce Mon Sep 17 00:00:00 2001 From: Rhys Oxenham Date: Mon, 28 Apr 2025 17:07:58 +0100 Subject: [PATCH 43/55] Add support for uEFI aarch64 images without rpi config as default Previously, the default model for aarch64 raw disk images assumes that you're deploying on Raspberry Pi, and not standard aarch64 systems. This meant that all raw disk images were built with RPi firmware, and an MBR boot record, which made it incompatible with systems that require uEFI/GPT compatibility, especially with Edge Image Builder and Metal3/CAPI deployment usage. This PR introduces the following changes: * Introduces new `Default-RPi` and `Base-RPi` profiles for compatibility with RPi users * Forces `Base` and `Base-RT` profiles to use GPT based images (not MBR) * Introduces a new `Base-RT-RPi` profile for kernel-rt on RPi (with MBR) * Removes Raspberry Pi firmware packages from anything other than RPi profiles * Modifies the `editbootinstall_rpi.sh` script to support container builds * Adds policycoreutils-python-utils to the list of packages (for semanage) See: https://bugzilla.suse.com/show_bug.cgi?id=1240619 --- kiwi-builder-image/Dockerfile | 1 + kiwi-builder-image/SL-Micro.kiwi | 72 +++++++++++++++++++++-- kiwi-builder-image/SL-Micro.kiwi.4096 | 72 +++++++++++++++++++++-- kiwi-builder-image/build-image.sh | 15 +++-- kiwi-builder-image/editbootinstall_rpi.sh | 47 +++++++++++++++ 5 files changed, 191 insertions(+), 16 deletions(-) create mode 100644 kiwi-builder-image/editbootinstall_rpi.sh diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile index f394d09..58fb431 100644 --- a/kiwi-builder-image/Dockerfile +++ b/kiwi-builder-image/Dockerfile @@ -35,3 +35,4 @@ RUN mkdir -p /micro-sdk/defs ADD SL-Micro.kiwi /micro-sdk/defs ADD SL-Micro.kiwi.4096 /micro-sdk/defs ADD config.sh /micro-sdk/defs +ADD editbootinstall_rpi.sh /micro-sdk/defs diff --git a/kiwi-builder-image/SL-Micro.kiwi b/kiwi-builder-image/SL-Micro.kiwi index f0a8a70..0cd9b02 100644 --- a/kiwi-builder-image/SL-Micro.kiwi +++ b/kiwi-builder-image/SL-Micro.kiwi @@ -30,12 +30,18 @@ + + + + + + @@ -145,10 +151,18 @@ + + + + + + + + @@ -165,6 +179,10 @@ + + + + @@ -380,7 +398,7 @@ - + 6.1 zypper SLE @@ -420,6 +438,46 @@ + + + 6.1 + zypper + SLE + SLE + true + en_US + + + + + + + + + + + + + + + 6.1 zypper @@ -891,6 +949,7 @@ + @@ -919,6 +978,7 @@ + @@ -989,11 +1049,11 @@ --> - + - + + + + + + + + + + 6.1 zypper @@ -899,6 +957,7 @@ + @@ -927,6 +986,7 @@ + @@ -997,11 +1057,11 @@ --> - + - + 1.2.0~rc0 + + v(\d+).(\d+).(\d+) \1.\2.\3 enable -- 2.49.0 From 49405f41f9518fed7212f24bd0edd6645ab99b03b42c900a81fdeb4327b14ba6 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Wed, 30 Apr 2025 10:55:59 +0200 Subject: [PATCH 49/55] EIB v1.2.0-rc0 needs golang 1.124 --- edge-image-builder/edge-image-builder.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/edge-image-builder/edge-image-builder.spec b/edge-image-builder/edge-image-builder.spec index 79560fa..d8c9e01 100644 --- a/edge-image-builder/edge-image-builder.spec +++ b/edge-image-builder/edge-image-builder.spec @@ -24,7 +24,7 @@ License: Apache-2.0 URL: https://github.com/suse-edge/edge-image-builder Source: edge-image-builder-%{version}.tar Source1: vendor.tar.gz -BuildRequires: golang(API) go1.22 +BuildRequires: golang(API) go1.24 BuildRequires: golang-packaging BuildRequires: gpgme-devel BuildRequires: device-mapper-devel -- 2.49.0 From 8a9717c2668113e69fdbb0c69bbb862eaae1542d5071b4112c2e7cd5d9f3a3c6 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Tue, 1 Apr 2025 10:56:49 +0200 Subject: [PATCH 50/55] Add initial checks Signed-off-by: Nicolas Belouin --- _config | 9 + container-build-checks/.gitattributes | 23 ++ ...001-Allow-slash-prefixes-in-registry.patch | 39 ++ container-build-checks/SUSE.conf | 4 + container-build-checks/_service | 15 + container-build-checks/_servicedata | 4 + ...er-build-checks-1723452932.412e7f6.obscpio | 3 + .../container-build-checks.changes | 101 ++++++ .../container-build-checks.obsinfo | 4 + .../container-build-checks.spec | 95 +++++ container-build-checks/openSUSE.conf | 10 + edge-build-checks/10-helm-lint | 12 + edge-build-checks/20-helm-images | 158 ++++++++ edge-build-checks/20-helm-tags | 92 +++++ edge-build-checks/COPYING | 340 ++++++++++++++++++ edge-build-checks/SUSE-Edge.conf | 6 + edge-build-checks/_service | 9 + edge-build-checks/edge-build-checks.spec | 59 +++ 18 files changed, 983 insertions(+) create mode 100644 container-build-checks/.gitattributes create mode 100644 container-build-checks/0001-Allow-slash-prefixes-in-registry.patch create mode 100644 container-build-checks/SUSE.conf create mode 100644 container-build-checks/_service create mode 100644 container-build-checks/_servicedata create mode 100644 container-build-checks/container-build-checks-1723452932.412e7f6.obscpio create mode 100644 container-build-checks/container-build-checks.changes create mode 100644 container-build-checks/container-build-checks.obsinfo create mode 100644 container-build-checks/container-build-checks.spec create mode 100644 container-build-checks/openSUSE.conf create mode 100644 edge-build-checks/10-helm-lint create mode 100644 edge-build-checks/20-helm-images create mode 100644 edge-build-checks/20-helm-tags create mode 100644 edge-build-checks/COPYING create mode 100644 edge-build-checks/SUSE-Edge.conf create mode 100644 edge-build-checks/_service create mode 100644 edge-build-checks/edge-build-checks.spec diff --git a/_config b/_config index c5acb39..80870e4 100644 --- a/_config +++ b/_config @@ -69,7 +69,9 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:baremetal-operator BuildFlags: onlybuild:baremetal-operator-image BuildFlags: onlybuild:ca-certificates-suse + BuildFlags: onlybuild:container-build-checks BuildFlags: onlybuild:crudini + BuildFlags: onlybuild:edge-build-checks BuildFlags: onlybuild:edge-image-builder BuildFlags: onlybuild:edge-image-builder-image BuildFlags: onlybuild:endpoint-copier-operator @@ -101,6 +103,10 @@ BuildFlags: onlybuild:release-manifest-image # Publish multi-arch container images only once all archs have been built PublishFlags: archsync + + # skopeo and umoci are used by build scripts to list packages + Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci + %endif %if "%_repository" == "images_16.0" @@ -138,6 +144,9 @@ BuildFlags: onlybuild:release-manifest-image Repotype: helm Patterntype: none Required: perl-YAML-LibYAML + + # include edge-build-checks here + Support: edge-build-checks %endif %if "%_repository" == "standard" diff --git a/container-build-checks/.gitattributes b/container-build-checks/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/container-build-checks/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/container-build-checks/0001-Allow-slash-prefixes-in-registry.patch b/container-build-checks/0001-Allow-slash-prefixes-in-registry.patch new file mode 100644 index 0000000..edcccdd --- /dev/null +++ b/container-build-checks/0001-Allow-slash-prefixes-in-registry.patch @@ -0,0 +1,39 @@ +From 982cfa8500250c9704448880a779ade06cc8f976 Mon Sep 17 00:00:00 2001 +From: Nicolas Belouin +Date: Thu, 3 Apr 2025 16:53:49 +0200 +Subject: [PATCH] Allow slash prefixes in registry + +Signed-off-by: Nicolas Belouin +--- + container-build-checks.py | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/container-build-checks.py b/container-build-checks.py +index b8c873c..d862f33 100755 +--- a/container-build-checks.py ++++ b/container-build-checks.py +@@ -82,13 +82,17 @@ def verify_reference(image, result, value): + return + + (registry, repo, tag) = reference_match.groups() +- allowed_registries: list[str] = config["General"].getlist("Registry") +- if len(allowed_registries) and registry not in allowed_registries: ++ raw_allowed_registries: list[str] = config["General"].getlist("Registry") ++ allowed_registries: dict[str, str] = {v[0]: v[2] for v in map(lambda a: a.partition("/"), raw_allowed_registries)} ++ ++ if len(allowed_registries) and (registry not in allowed_registries.keys() or not repo.startswith(allowed_registries[registry])): + result.warn( + f"The org.opensuse.reference label ({value}) does not use an " +- f"allowed registry: {','.join(allowed_registries)}") ++ f"allowed registry: {','.join(raw_allowed_registries)}") ++ ++ prefix = allowed_registries[registry] + +- if f"{repo}:{tag}" not in image.containerinfo["tags"]: ++ if f"{repo[len(prefix)+1:]}:{tag}" not in image.containerinfo["tags"]: + tags = ", ".join(image.containerinfo["tags"]) + result.warn(f"The org.opensuse.reference label ({value}) does not refer to an existing tag ({tags})") + elif "release" in image.containerinfo and image.containerinfo["release"] not in tag: +-- +2.49.0 + diff --git a/container-build-checks/SUSE.conf b/container-build-checks/SUSE.conf new file mode 100644 index 0000000..1baee9f --- /dev/null +++ b/container-build-checks/SUSE.conf @@ -0,0 +1,4 @@ +[General] +Vendor=com.suse +Registry=registry.suse.com +Registry+=dp.apps.rancher.io diff --git a/container-build-checks/_service b/container-build-checks/_service new file mode 100644 index 0000000..7e77766 --- /dev/null +++ b/container-build-checks/_service @@ -0,0 +1,15 @@ + + + https://github.com/openSUSE/container-build-checks.git + git + enable + + + + container-build-checks.obsinfo + + + *.tar + xz + + diff --git a/container-build-checks/_servicedata b/container-build-checks/_servicedata new file mode 100644 index 0000000..59dc5f3 --- /dev/null +++ b/container-build-checks/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/openSUSE/container-build-checks.git + 412e7f60c08221a549b0f00dfcc4bee7694193ab \ No newline at end of file diff --git a/container-build-checks/container-build-checks-1723452932.412e7f6.obscpio b/container-build-checks/container-build-checks-1723452932.412e7f6.obscpio new file mode 100644 index 0000000..d6f6a75 --- /dev/null +++ b/container-build-checks/container-build-checks-1723452932.412e7f6.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:06b3bd5a2bc4797a8ec98e9c4d755cfc9545a6a66fd16decc70aa61dac566eb4 +size 75275 diff --git a/container-build-checks/container-build-checks.changes b/container-build-checks/container-build-checks.changes new file mode 100644 index 0000000..e2211d6 --- /dev/null +++ b/container-build-checks/container-build-checks.changes @@ -0,0 +1,101 @@ +------------------------------------------------------------------- +Mon Aug 12 11:33:57 UTC 2024 - Fabian Vogt + +- Update to version 1723452932.412e7f6: + * add test for missing substitutions + * Reject labels that are missing a substitution + +------------------------------------------------------------------- +Mon Jul 22 13:43:57 UTC 2024 - Dirk Müller + +- update SUSE.conf: allow dp.rancher.apps.io + +------------------------------------------------------------------- +Mon Jul 22 13:08:23 UTC 2024 - Fabian Vogt + +- Switch _service to mode="manual" +- Update to version 1721653643.19092fe: + * Use generic name for the python setup step + * Allow specifying more than one registry + * Use Pathlib for resolving containerinfo + * Switch to test Python 3.11 + +------------------------------------------------------------------- +Fri Apr 28 09:23:53 UTC 2023 - Fabian Vogt + +- Update to version 1682595397.5ce6d2f: + * Handle OCI style images as well + * Makefile: Add missing dependency of broken-derived on proper-base + * GitHub workflow: Update action versions + * GitHub workflow: Test python 3.6 and 3.10 + +------------------------------------------------------------------- +Mon Aug 8 11:37:19 UTC 2022 - Fabian Vogt + +- Make the URL point to GitHub + +------------------------------------------------------------------- +Thu Jul 7 13:42:05 UTC 2022 - Fabian Vogt + +- openSUSE.conf: Allow bci/* as prefix + +------------------------------------------------------------------- +Wed Apr 20 14:26:26 UTC 2022 - Fabian Vogt + +- Update to version 1650464301.a198cf9: + * Detect and treat local builds specially + +------------------------------------------------------------------- +Mon Mar 7 09:23:46 UTC 2022 - Silvio Moioli + +- Adding Uyuni prefix for https://www.uyuni-project.org/ + +------------------------------------------------------------------- +Thu Feb 03 07:44:23 UTC 2022 - fvogt@suse.com + +- Update to version 1643874076.3d0e13c: + * Avoid crash on local builds + +------------------------------------------------------------------- +Tue Dec 14 13:49:12 UTC 2021 - fvogt@suse.com + +- Update to version 1639489705.a4c5a3ab2a75: + * Don't error out when the release field is empty + * Add simple gitpod configuration + +------------------------------------------------------------------- +Tue Jun 1 09:06:12 UTC 2021 - Fabian Vogt + +- Drop obsolete Requires: grep jq + +------------------------------------------------------------------- +Fri May 28 13:57:34 UTC 2021 - Fabian Vogt + +- Update to version 1622209785.4616f4f: + * README.md: Point badge to new location + +------------------------------------------------------------------- +Fri May 28 12:47:42 UTC 2021 - Fabian Vogt + +- Update to version 1622204213.c8ecb9f: + * Add options to allow and block specific tags + +------------------------------------------------------------------- +Thu May 27 15:09:59 UTC 2021 - Fabian Vogt + +- Update to version 1622127842.b548dd8: + * Update README.md + * Add README.md + * Add broken-derived test + * Verify prefix of the image specific label prefix + * Add some comments in the Makefile + * Always check the tag used in org.opensuse.reference + * Add github workflow + * Use bash explicitly + * Make lint + * Less noise in Makefile + +------------------------------------------------------------------- +Fri Apr 30 10:04:09 UTC 2021 - Fabian Vogt + +- Initial commit diff --git a/container-build-checks/container-build-checks.obsinfo b/container-build-checks/container-build-checks.obsinfo new file mode 100644 index 0000000..3411416 --- /dev/null +++ b/container-build-checks/container-build-checks.obsinfo @@ -0,0 +1,4 @@ +name: container-build-checks +version: 1723452932.412e7f6 +mtime: 1723452932 +commit: 412e7f60c08221a549b0f00dfcc4bee7694193ab diff --git a/container-build-checks/container-build-checks.spec b/container-build-checks/container-build-checks.spec new file mode 100644 index 0000000..10ab9b3 --- /dev/null +++ b/container-build-checks/container-build-checks.spec @@ -0,0 +1,95 @@ +# +# spec file for package container-build-checks +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: container-build-checks +Version: 1723452932.412e7f6 +Release: 0 +Summary: Scripts to validate built container images +License: GPL-2.0-or-later +Group: Development/Tools/Building +URL: https://github.com/openSUSE/container-build-checks +Patch0: 0001-Allow-slash-prefixes-in-registry.patch +Source0: %{name}-%{version}.tar.xz +Source1: openSUSE.conf +Source2: SUSE.conf +Requires: %{name}-vendor +BuildArch: noarch + +%package vendor-openSUSE +Summary: openSUSE configuration for %{name} +Group: Development/Tools/Building +Requires: %{name} = %{version} +Provides: %{name}-vendor +Conflicts: %{name}-vendor + +%description vendor-openSUSE +openSUSE configuration for %{name} + +%package vendor-SUSE +Summary: SUSE configuration for %{name} +Group: Development/Tools/Building +Requires: %{name} = %{version} +Provides: %{name}-vendor +Conflicts: %{name}-vendor + +%description vendor-SUSE +SUSE configuration for %{name} + +%package strict +Summary: Strict configuration for %{name} +Group: Development/Tools/Building + +%description strict +Strict configuration for %{name} + +%description +This tool checks that built container images conform to the openSUSE container +image policies (https://en.opensuse.org/Building_derived_containers). + +%prep +%autosetup -p1 + +%build +%make_build + +%install +%make_install + +mkdir -p %{buildroot}%{_datadir}/container-build-checks/ +install -m0644 %{SOURCE1} %{buildroot}%{_datadir}/container-build-checks/openSUSE.conf +install -m0644 %{SOURCE2} %{buildroot}%{_datadir}/container-build-checks/SUSE.conf +echo -e "[General]\nFatalWarnings=true" > %{buildroot}%{_datadir}/container-build-checks/strict.conf + +%files +#%doc README +%license LICENSE +%dir %{_datadir}/container-build-checks +%dir %{_prefix}/lib/build/ +%dir %{_prefix}/lib/build/post-build-checks/ +%{_prefix}/lib/build/post-build-checks/container-build-checks + +%files vendor-openSUSE +%{_datadir}/container-build-checks/openSUSE.conf + +%files vendor-SUSE +%{_datadir}/container-build-checks/SUSE.conf + +%files strict +%{_datadir}/container-build-checks/strict.conf + +%changelog diff --git a/container-build-checks/openSUSE.conf b/container-build-checks/openSUSE.conf new file mode 100644 index 0000000..cacc470 --- /dev/null +++ b/container-build-checks/openSUSE.conf @@ -0,0 +1,10 @@ +[General] +Vendor=org.opensuse +Registry=registry.opensuse.org + +[Tags] +# To avoid conflicts with other stuff on the registry and +# avoid ambiguities with images on other registries. +Allowed+=opensuse/*,kubic/*,kubevirt/*,uyuni/*,bci/* +# Those are images, not available as namespaces +Blocked+=opensuse/tumbleweed/*,opensuse/leap/* diff --git a/edge-build-checks/10-helm-lint b/edge-build-checks/10-helm-lint new file mode 100644 index 0000000..dcaa40b --- /dev/null +++ b/edge-build-checks/10-helm-lint @@ -0,0 +1,12 @@ +#!/bin/bash + +HELM="/usr/bin/helm" +TOPDIR=/usr/src/packages/HELM +failed=0 + +if [ -x $HELM ]; then + $HELM lint "$TOPDIR"/*.tgz + failed=$? +fi + +exit $failed diff --git a/edge-build-checks/20-helm-images b/edge-build-checks/20-helm-images new file mode 100644 index 0000000..60d9884 --- /dev/null +++ b/edge-build-checks/20-helm-images @@ -0,0 +1,158 @@ +#!/usr/bin/python3 +import os +import glob +import subprocess +import yaml +import sys +import pprint + +AUTHORIZED_REPOS = [ + "registry.suse.com/suse/sles/", + "registry.rancher.com", +] + +EXTRA_CONFIG = None + +class CheckResult: + """Class to track count of issues""" + + def __init__(self): + self.hints = 0 + self.warnings = 0 + self.errors = 0 + + def hint(self, msg): + print(f"Hint: {msg}") + self.hints += 1 + + def warn(self, msg): + print(f"Warning: {msg}") + self.warnings += 1 + + def error(self, msg): + print(f"Error: {msg}") + self.errors += 1 + + +def tarballs(): + """Return a list of .helminfo files to check.""" + if "BUILD_ROOT" not in os.environ: + # Not running in an OBS build container + return glob.glob("*.tgz") + + # Running in an OBS build container + buildroot = os.environ["BUILD_ROOT"] + topdir = "/usr/src/packages" + if os.path.isdir(buildroot + "/.build.packages"): + topdir = "/.build.packages" + if os.path.islink(buildroot + "/.build.packages"): + topdir = "/" + os.readlink(buildroot + "/.build.packages") + + return glob.glob(f"{buildroot}{topdir}/HELM/*.tgz") + +def get_extra_config(): + global EXTRA_CONFIG + if EXTRA_CONFIG is not None: + return EXTRA_CONFIG + + if "BUILD_ROOT" not in os.environ: + file_path = "./.checks_helm.yaml" + else: + buildroot = os.environ["BUILD_ROOT"] + topdir = "/usr/src/packages" + file_path = f"{buildroot}{topdir}/SOURCES/.checks_helm.yaml" + try: + with open(file_path) as config_file: + EXTRA_CONFIG = yaml.safe_load(config_file) + if EXTRA_CONFIG is None: # No document in stream + EXTRA_CONFIG = {} + except OSError: + EXTRA_CONFIG = {} + return EXTRA_CONFIG + +def get_extra_params(): + config = get_extra_config() + args = [] + for api in config.get('extra_apis', []): + args.extend(['-a', api]) + return args + +def is_exception(image): + config = get_extra_config() + exceptions = config.get('image_exceptions', []) + (namespace, _, _) = image.partition(':') + return namespace in exceptions + +def get_template(tarball_path): + raw_templates = subprocess.check_output( + [ + "helm", + "template", + tarball_path, + ] + get_extra_params() + ).decode() + return yaml.safe_load_all(raw_templates) + + +def extract_key(key, var): + if hasattr(var, "items"): # hasattr(var,'items') for python 3 + for k, v in var.items(): # var.items() for python 3 + if k == key: + yield v + if isinstance(v, dict): + for result in extract_key(key, v): + yield result + elif isinstance(v, list): + for d in v: + for result in extract_key(key, d): + yield result + + +def check_template(result, template): + if template["kind"] not in [ + "Pod", + "Deployment", + "StatefulSet", + "DaemonSet", + "ReplicaSet", + "Job", + "CronJob", + ]: + return + for image in extract_key("image", template): + if not image.startswith(tuple(AUTHORIZED_REPOS)) and not is_exception(image): + result.error(f"{image} is not from authorized source") + pass + + +def main(): + result = CheckResult() + img_repo = subprocess.check_output( + [ + "rpm", + "--macros=/root/.rpmmacros", + "-E", + "%{?img_repo}", + ] + ).strip() + if img_repo: + result.hint(f"Adding '{img_repo.decode()}' to authorized repo") + AUTHORIZED_REPOS.append(img_repo.decode()) + else: + result.warn("img_repo macro not defined, will not add extra authorized repo") + for tarball in tarballs(): + print(f"Looking at {tarball}") + for template in get_template(tarball): + if template: # Exclude empty templates + check_template(result, template) + + ret = 0 + if result.errors > 0: + print("Fatal errors found.") + ret = 1 + + sys.exit(ret) + + +if __name__ == "__main__": + main() diff --git a/edge-build-checks/20-helm-tags b/edge-build-checks/20-helm-tags new file mode 100644 index 0000000..424272c --- /dev/null +++ b/edge-build-checks/20-helm-tags @@ -0,0 +1,92 @@ +#!/usr/bin/python3 +import json +import os +import glob +import sys +import re + + +class CheckResult: + """Class to track count of issues""" + + def __init__(self): + self.hints = 0 + self.warnings = 0 + self.errors = 0 + + def hint(self, msg): + print(f"Hint: {msg}") + self.hints += 1 + + def warn(self, msg): + print(f"Warning: {msg}") + self.warnings += 1 + + def error(self, msg): + print(f"Error: {msg}") + self.errors += 1 + + +TAG_RE = re.compile(r"(.*\/)?([^:]+):([^:]+)") + + +def check_tags(helminfo, result): + release_tag_found = False + version_tag_found = False + for tag in helminfo["tags"]: + (tag_prefix, tag_name, tag_version) = TAG_RE.fullmatch(tag).groups() + if tag_name != helminfo.get("name"): + result.warn( + f"Tag ({tag}) doesn't use the chart name ({helminfo.get('name')})" + ) + if "release" in helminfo and helminfo["release"] in tag_version: + release_tag_found = True + if tag_version.replace("_", "+") == helminfo["version"]: + version_tag_found = True + if not release_tag_found: + result.error( + "None of the tags are unique to a specific build of the image.\n" + + "Make sure that at least one tag contains the release." + ) + if not version_tag_found: + result.error( + "None of the tags is the equivalent of the chart's version.\n" + + "Make sure that one of the tag is the chart version." + ) + + +def helminfos(): + """Return a list of .helminfo files to check.""" + if "BUILD_ROOT" not in os.environ: + # Not running in an OBS build container + return glob.glob("*.helminfo") + + # Running in an OBS build container + buildroot = os.environ["BUILD_ROOT"] + topdir = "/usr/src/packages" + if os.path.isdir(buildroot + "/.build.packages"): + topdir = "/.build.packages" + if os.path.islink(buildroot + "/.build.packages"): + topdir = "/" + os.readlink(buildroot + "/.build.packages") + + return glob.glob(f"{buildroot}{topdir}/HELM/*.helminfo") + + +def main(): + result = CheckResult() + for helminfo in helminfos(): + print(f"Looking at {helminfo}") + with open(helminfo, "rb") as cifile: + ci_dict = json.load(cifile) + check_tags(ci_dict, result) + + ret = 0 + if result.errors > 0: + print("Fatal errors found.") + ret = 1 + + sys.exit(ret) + + +if __name__ == "__main__": + main() diff --git a/edge-build-checks/COPYING b/edge-build-checks/COPYING new file mode 100644 index 0000000..59a27f7 --- /dev/null +++ b/edge-build-checks/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/edge-build-checks/SUSE-Edge.conf b/edge-build-checks/SUSE-Edge.conf new file mode 100644 index 0000000..976bffa --- /dev/null +++ b/edge-build-checks/SUSE-Edge.conf @@ -0,0 +1,6 @@ +[General] +Vendor=com.suse +Registry=%%IMG_REPO%% + +[Tags] +Allowed=%%IMG_PREFIX%%* \ No newline at end of file diff --git a/edge-build-checks/_service b/edge-build-checks/_service new file mode 100644 index 0000000..a47fc5a --- /dev/null +++ b/edge-build-checks/_service @@ -0,0 +1,9 @@ + + + SUSE-Edge.conf + IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) + IMG_PREFIX + IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo) + IMG_REPO + + \ No newline at end of file diff --git a/edge-build-checks/edge-build-checks.spec b/edge-build-checks/edge-build-checks.spec new file mode 100644 index 0000000..21b521b --- /dev/null +++ b/edge-build-checks/edge-build-checks.spec @@ -0,0 +1,59 @@ +# +# spec file for package edge-build-checks +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: edge-build-checks +Summary: post checks for build after charts and images are created +License: GPL-2.0-or-later +Group: Development/Tools/Building +Version: 0.0.1 +Release: 0 +Source0: COPYING +Source1: 20-helm-images +Source2: 10-helm-lint +Source3: SUSE-Edge.conf +Source4: 20-helm-tags +BuildArch: noarch +Requires: container-build-checks +Requires: python3-PyYAML +Provides: container-build-checks-vendor + +%description +some scripts to check for problems in edge related helm charts and images after their creation +in OBS. + +%prep +cp %{SOURCE0} . + +%build +%define _lto_cflags %{nil} +# nothing to do + +%install +install -d $RPM_BUILD_ROOT/usr/lib/build/post-build-checks +install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks +install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks +install -m 755 %{SOURCE4} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks +install -d %{buildroot}%{_datadir}/container-build-checks +install -m 644 %{SOURCE3} %{buildroot}%{_datadir}/container-build-checks/SUSE-Edge.conf + +%files +%license COPYING +%{_datadir}/container-build-checks +/usr/lib/build + +%changelog -- 2.49.0 From 104859176984ee1268395e036ffe2a6b299fd6174d9e46286b4e90fff6f164cf Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Wed, 9 Apr 2025 11:12:01 +0200 Subject: [PATCH 51/55] Fix charts and images Signed-off-by: Nicolas Belouin --- akri-chart/values.yaml | 2 +- cdi-chart/values.yaml | 2 +- kiwi-builder-image/Dockerfile | 2 +- kiwi-builder-image/_service | 1 + kubevirt-chart/values.yaml | 2 +- metal3-chart/charts/baremetal-operator/values.yaml | 2 ++ metal3-chart/charts/ironic/values.yaml | 2 ++ rancher-turtles-airgap-resources-chart/Chart.yaml | 2 +- rancher-turtles-chart/values.yaml | 2 +- sriov-network-operator-chart/.checks_helm.yaml | 10 ++++++++++ .../charts/sriov-nfd/values.yaml | 2 +- 11 files changed, 22 insertions(+), 7 deletions(-) create mode 100644 sriov-network-operator-chart/.checks_helm.yaml diff --git a/akri-chart/values.yaml b/akri-chart/values.yaml index 2447091..2ec75a9 100644 --- a/akri-chart/values.yaml +++ b/akri-chart/values.yaml @@ -853,7 +853,7 @@ webhookConfiguration: pullPolicy: Always certImage: # reference is the webhook-certgen image reference - reference: registry.k8s.io/ingress-nginx/kube-webhook-certgen + reference: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen # tag is the webhook-certgen image tag tag: v1.1.1 # pullPolicy is the webhook-certgen pull policy diff --git a/cdi-chart/values.yaml b/cdi-chart/values.yaml index b4c1fef..b487d18 100644 --- a/cdi-chart/values.yaml +++ b/cdi-chart/values.yaml @@ -25,7 +25,7 @@ cdi: nodeSelector: kubernetes.io/os: linux -hookImage: rancher/kubectl:v1.30.2 +hookImage: registry.rancher.com/rancher/kubectl:v1.30.10 hookRestartPolicy: OnFailure hookSecurityContext: seccompProfile: diff --git a/kiwi-builder-image/Dockerfile b/kiwi-builder-image/Dockerfile index 58fb431..d220bea 100644 --- a/kiwi-builder-image/Dockerfile +++ b/kiwi-builder-image/Dockerfile @@ -6,7 +6,7 @@ FROM registry.suse.com/bci/kiwi:${KIWIVERSION} ARG KIWIVERSION # Define labels according to https://en.opensuse.org/Building_derived_containers -# labelprefix=com.suse.application.akri +# labelprefix=com.suse.application.kiwi LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image" LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image." diff --git a/kiwi-builder-image/_service b/kiwi-builder-image/_service index 14f9667..254ee27 100644 --- a/kiwi-builder-image/_service +++ b/kiwi-builder-image/_service @@ -1,5 +1,6 @@ + README IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo) diff --git a/kubevirt-chart/values.yaml b/kubevirt-chart/values.yaml index 2f3c89f..490b9cf 100644 --- a/kubevirt-chart/values.yaml +++ b/kubevirt-chart/values.yaml @@ -40,7 +40,7 @@ kubevirt: monitorAccount: "" monitorNamespace: "" -hookImage: rancher/kubectl:v1.30.2 +hookImage: registry.rancher.com/rancher/kubectl:v1.30.10 hookRestartPolicy: OnFailure hookSecurityContext: seccompProfile: diff --git a/metal3-chart/charts/baremetal-operator/values.yaml b/metal3-chart/charts/baremetal-operator/values.yaml index 07bd439..10d3aa5 100644 --- a/metal3-chart/charts/baremetal-operator/values.yaml +++ b/metal3-chart/charts/baremetal-operator/values.yaml @@ -22,6 +22,8 @@ global: # Comment this out when pinning the baremetal-operator container to a specfic host. nodeSelector: {} + enable_tls: false + replicaCount: 1 images: diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml index f62e089..17898b8 100644 --- a/metal3-chart/charts/ironic/values.yaml +++ b/metal3-chart/charts/ironic/values.yaml @@ -50,6 +50,8 @@ global: # Comment this out when pinning the pdns containers to a specfic host. nodeSelector: {} + enable_tls: false + replicaCount: 1 images: diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index c27aa16..ed899b1 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,5 +1,5 @@ #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0 +#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE% apiVersion: v2 appVersion: 0.17.0 description: Rancher Turtles utility chart for airgap scenarios diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index 23665a8..4c0d259 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -9,7 +9,7 @@ rancherTurtles: managerArguments: [] imagePullSecrets: [] rancherInstalled: false - kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3 + kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%/kubectl:1.30.3" features: day2operations: enabled: false diff --git a/sriov-network-operator-chart/.checks_helm.yaml b/sriov-network-operator-chart/.checks_helm.yaml new file mode 100644 index 0000000..c4e475c --- /dev/null +++ b/sriov-network-operator-chart/.checks_helm.yaml @@ -0,0 +1,10 @@ +extra_apis: + - k8s.cni.cncf.io/v1/NetworkAttachmentDefinition +image_exceptions: + - rancher/hardened-sriov-network-operator + - rancher/hardened-sriov-network-config-daemon + - rancher/hardened-sriov-cni + - rancher/hardened-ib-sriov-cni + - rancher/hardened-sriov-network-device-plugin + - rancher/hardened-sriov-network-resources-injector + - rancher/hardened-sriov-network-webhook \ No newline at end of file diff --git a/sriov-network-operator-chart/charts/sriov-nfd/values.yaml b/sriov-network-operator-chart/charts/sriov-nfd/values.yaml index 7a06ad6..efdbc12 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/values.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/values.yaml @@ -1,5 +1,5 @@ image: - repository: rancher/hardened-node-feature-discovery + repository: registry.rancher.com/rancher/hardened-node-feature-discovery # This should be set to 'IfNotPresent' for released version pullPolicy: IfNotPresent # tag, if defined will use the given image tag, else Chart.AppVersion will be used -- 2.49.0 From 652fc553b9419b7a13436c078cd12775960d6939b41d76c6f44e0c751a234459 Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Fri, 18 Apr 2025 15:28:46 +0200 Subject: [PATCH 52/55] Remove -chart suffixes Signed-off-by: Nicolas Belouin --- _config | 2 ++ akri-chart/Chart.yaml | 4 ++-- akri-chart/_service | 4 ++-- akri-dashboard-extension-chart/Chart.yaml | 6 ++--- akri-dashboard-extension-chart/_service | 4 ++-- cdi-chart/Chart.yaml | 4 ++-- cdi-chart/_service | 4 ++-- edge-image-builder-image/_service | 5 ++--- edge-image-builder-image/artifacts.yaml | 8 +++---- endpoint-copier-operator-chart/Chart.yaml | 4 ++-- endpoint-copier-operator-chart/_service | 4 ++-- kubevirt-chart/Chart.yaml | 4 ++-- kubevirt-chart/_service | 4 ++-- kubevirt-dashboard-extension-chart/Chart.yaml | 6 ++--- kubevirt-dashboard-extension-chart/_service | 4 ++-- metal3-chart/Chart.yaml | 4 ++-- metal3-chart/_service | 4 ++-- metallb-chart/Chart.yaml | 4 ++-- metallb-chart/_service | 4 ++-- .../Chart.yaml | 4 ++-- .../_service | 4 ++-- rancher-turtles-chart/Chart.yaml | 4 ++-- rancher-turtles-chart/_service | 4 ++-- release-manifest-image/_service | 4 ++-- release-manifest-image/release_manifest.yaml | 22 +++++++++---------- sriov-crd-chart/Chart.yaml | 4 ++-- sriov-crd-chart/_service | 4 ++-- sriov-network-operator-chart/Chart.yaml | 4 ++-- sriov-network-operator-chart/README.md | 4 ++-- sriov-network-operator-chart/_service | 4 ++-- upgrade-controller-chart/Chart.yaml | 4 ++-- upgrade-controller-chart/_service | 4 ++-- 32 files changed, 77 insertions(+), 76 deletions(-) diff --git a/_config b/_config index 80870e4..3c63106 100644 --- a/_config +++ b/_config @@ -23,6 +23,7 @@ Macros: Macros: %img_repo registry.suse.com/edge %chart_repo oci://registry.suse.com/edge +%chart_prefix charts/ %manifest_repo registry.suse.com/edge %support_level l3 :Macros @@ -40,6 +41,7 @@ Macros: %img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]') %manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]') %chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]') +%chart_prefix %(echo "") :Macros %endif diff --git a/akri-chart/Chart.yaml b/akri-chart/Chart.yaml index 9d91c86..e3e2e5d 100644 --- a/akri-chart/Chart.yaml +++ b/akri-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20 -#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20 +#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE% annotations: catalog.cattle.io/display-name: Akri apiVersion: v2 diff --git a/akri-chart/_service b/akri-chart/_service index b887b22..c0c60a7 100644 --- a/akri-chart/_service +++ b/akri-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/akri-dashboard-extension-chart/Chart.yaml b/akri-dashboard-extension-chart/Chart.yaml index 7504856..fb879d0 100644 --- a/akri-dashboard-extension-chart/Chart.yaml +++ b/akri-dashboard-extension-chart/Chart.yaml @@ -1,6 +1,6 @@ -#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.1 -#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.0 -#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1 +#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0 +#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/namespace: cattle-ui-plugin-system diff --git a/akri-dashboard-extension-chart/_service b/akri-dashboard-extension-chart/_service index b887b22..c0c60a7 100644 --- a/akri-dashboard-extension-chart/_service +++ b/akri-dashboard-extension-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/cdi-chart/Chart.yaml b/cdi-chart/Chart.yaml index ca5b44f..bc2e9d0 100644 --- a/cdi-chart/Chart.yaml +++ b/cdi-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0 -#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0 +#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE% apiVersion: v2 appVersion: 1.60.1 description: A Helm chart for Containerized Data Importer (CDI) diff --git a/cdi-chart/_service b/cdi-chart/_service index cddd72f..399e403 100644 --- a/cdi-chart/_service +++ b/cdi-chart/_service @@ -2,8 +2,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/edge-image-builder-image/_service b/edge-image-builder-image/_service index aaa349a..fcb6694 100644 --- a/edge-image-builder-image/_service +++ b/edge-image-builder-image/_service @@ -7,8 +7,8 @@ IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo) IMG_REPO artifacts.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo) CHART_REPO SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level) @@ -17,4 +17,3 @@ CHART_MAJOR - diff --git a/edge-image-builder-image/artifacts.yaml b/edge-image-builder-image/artifacts.yaml index 4a4a0d8..352f358 100644 --- a/edge-image-builder-image/artifacts.yaml +++ b/edge-image-builder-image/artifacts.yaml @@ -1,10 +1,10 @@ metallb: - chart: metallb-chart - repository: "%%CHART_REPO%%/%%IMG_PREFIX%%" + chart: metallb + repository: "%%CHART_REPO%%/%%CHART_PREFIX%%" version: "%%CHART_MAJOR%%.0.0+up0.14.9" endpoint-copier-operator: - chart: endpoint-copier-operator-chart - repository: "%%CHART_REPO%%/%%IMG_PREFIX%%" + chart: endpoint-copier-operator + repository: "%%CHART_REPO%%/%%CHART_PREFIX%%" version: "%%CHART_MAJOR%%.0.0+up0.2.1" kubernetes: k3s: diff --git a/endpoint-copier-operator-chart/Chart.yaml b/endpoint-copier-operator-chart/Chart.yaml index 5450072..c8ae1d5 100644 --- a/endpoint-copier-operator-chart/Chart.yaml +++ b/endpoint-copier-operator-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1 -#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1 +#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE% apiVersion: v2 appVersion: v0.2.0 description: A Helm chart for Kubernetes diff --git a/endpoint-copier-operator-chart/_service b/endpoint-copier-operator-chart/_service index b887b22..c0c60a7 100644 --- a/endpoint-copier-operator-chart/_service +++ b/endpoint-copier-operator-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/kubevirt-chart/Chart.yaml b/kubevirt-chart/Chart.yaml index ef55647..fc531f8 100644 --- a/kubevirt-chart/Chart.yaml +++ b/kubevirt-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE% -#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0 +#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0 apiVersion: v2 appVersion: 1.4.0 description: A Helm chart for KubeVirt diff --git a/kubevirt-chart/_service b/kubevirt-chart/_service index cddd72f..399e403 100644 --- a/kubevirt-chart/_service +++ b/kubevirt-chart/_service @@ -2,8 +2,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/kubevirt-dashboard-extension-chart/Chart.yaml b/kubevirt-dashboard-extension-chart/Chart.yaml index c10553c..af27da9 100644 --- a/kubevirt-dashboard-extension-chart/Chart.yaml +++ b/kubevirt-dashboard-extension-chart/Chart.yaml @@ -1,6 +1,6 @@ -#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.1 -#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.1 -#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1 +#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1 +#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/namespace: cattle-ui-plugin-system diff --git a/kubevirt-dashboard-extension-chart/_service b/kubevirt-dashboard-extension-chart/_service index b887b22..c0c60a7 100644 --- a/kubevirt-dashboard-extension-chart/_service +++ b/kubevirt-dashboard-extension-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml index bdaef46..f36a268 100644 --- a/metal3-chart/Chart.yaml +++ b/metal3-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0 -#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0 +#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE% apiVersion: v2 appVersion: 0.11.0 dependencies: diff --git a/metal3-chart/_service b/metal3-chart/_service index b887b22..c0c60a7 100644 --- a/metal3-chart/_service +++ b/metal3-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/metallb-chart/Chart.yaml b/metallb-chart/Chart.yaml index d527a65..e72626c 100644 --- a/metallb-chart/Chart.yaml +++ b/metallb-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9 -#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9 +#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE% apiVersion: v2 appVersion: v0.14.9 dependencies: diff --git a/metallb-chart/_service b/metallb-chart/_service index b887b22..c0c60a7 100644 --- a/metallb-chart/_service +++ b/metallb-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/rancher-turtles-airgap-resources-chart/Chart.yaml b/rancher-turtles-airgap-resources-chart/Chart.yaml index ed899b1..c9b2c1a 100644 --- a/rancher-turtles-airgap-resources-chart/Chart.yaml +++ b/rancher-turtles-airgap-resources-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE% apiVersion: v2 appVersion: 0.17.0 description: Rancher Turtles utility chart for airgap scenarios diff --git a/rancher-turtles-airgap-resources-chart/_service b/rancher-turtles-airgap-resources-chart/_service index cddd72f..c5ba7bc 100644 --- a/rancher-turtles-airgap-resources-chart/_service +++ b/rancher-turtles-airgap-resources-chart/_service @@ -2,8 +2,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/rancher-turtles-chart/Chart.yaml b/rancher-turtles-chart/Chart.yaml index cd0d1cd..36a7eab 100644 --- a/rancher-turtles-chart/Chart.yaml +++ b/rancher-turtles-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0 -#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0 +#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE% annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension diff --git a/rancher-turtles-chart/_service b/rancher-turtles-chart/_service index b887b22..c0c60a7 100644 --- a/rancher-turtles-chart/_service +++ b/rancher-turtles-chart/_service @@ -9,8 +9,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/release-manifest-image/_service b/release-manifest-image/_service index 8ab2f1c..8981e39 100644 --- a/release-manifest-image/_service +++ b/release-manifest-image/_service @@ -11,8 +11,8 @@ release_manifest.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo) CHART_REPO CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 6b03193..6b5d4be 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -106,19 +106,19 @@ spec: repository: https://charts.rancher.io - prettyName: MetalLB releaseName: metallb - chart: %%CHART_REPO%%/%%IMG_PREFIX%%metallb-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%metallb version: %%CHART_MAJOR%%.0.0+up0.14.9 - prettyName: CDI releaseName: cdi - chart: %%CHART_REPO%%/%%IMG_PREFIX%%cdi-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%cdi version: %%CHART_MAJOR%%.0.0+up0.4.0 - prettyName: KubeVirt releaseName: kubevirt - chart: %%CHART_REPO%%/%%IMG_PREFIX%%kubevirt-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt version: %%CHART_MAJOR%%.0.0+up0.4.0 addonCharts: - releaseName: kubevirt-dashboard-extension - chart: %%CHART_REPO%%/%%IMG_PREFIX%%kubevirt-dashboard-extension-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension version: %%CHART_MAJOR%%.0.1+up1.3.1 - prettyName: NeuVector releaseName: neuvector @@ -137,7 +137,7 @@ spec: version: 2.0.1 - prettyName: EndpointCopierOperator releaseName: endpoint-copier-operator - chart: %%CHART_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator version: %%CHART_MAJOR%%.0.0+up0.2.1 - prettyName: Elemental releaseName: elemental-operator @@ -154,25 +154,25 @@ spec: version: 3.0.0 - prettyName: SRIOV releaseName: sriov-network-operator - chart: %%CHART_REPO%%/%%IMG_PREFIX%%sriov-network-operator-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator version: %%CHART_MAJOR%%.0.0+up1.4.0 dependencyCharts: - releaseName: sriov-crd - chart: %%CHART_REPO%%/%%IMG_PREFIX%%sriov-crd-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd version: %%CHART_MAJOR%%.0.0+up1.4.0 - prettyName: Akri releaseName: akri - chart: %%CHART_REPO%%/%%IMG_PREFIX%%akri-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri version: %%CHART_MAJOR%%.0.0+up0.12.20 addonCharts: - releaseName: akri-dashboard-extension - chart: %%CHART_REPO%%/%%IMG_PREFIX%%akri-dashboard-extension-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension version: %%CHART_MAJOR%%.0.1+up1.3.0 - prettyName: Metal3 releaseName: metal3 - chart: %%CHART_REPO%%/%%IMG_PREFIX%%metal3-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%metal3 version: %%CHART_MAJOR%%.0.0+up0.10.0 - prettyName: RancherTurtles releaseName: rancher-turtles - chart: %%CHART_REPO%%/%%IMG_PREFIX%%rancher-turtles-chart + chart: %%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles version: %%CHART_MAJOR%%.0.0+up0.17.0 diff --git a/sriov-crd-chart/Chart.yaml b/sriov-crd-chart/Chart.yaml index c883db6..a30299e 100644 --- a/sriov-crd-chart/Chart.yaml +++ b/sriov-crd-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE% -#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up1.4.0 +#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0 annotations: catalog.cattle.io/experimental: "true" catalog.cattle.io/hidden: "true" diff --git a/sriov-crd-chart/_service b/sriov-crd-chart/_service index cddd72f..399e403 100644 --- a/sriov-crd-chart/_service +++ b/sriov-crd-chart/_service @@ -2,8 +2,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/sriov-network-operator-chart/Chart.yaml b/sriov-network-operator-chart/Chart.yaml index 8b77bdf..fe27da3 100644 --- a/sriov-network-operator-chart/Chart.yaml +++ b/sriov-network-operator-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%sriov-network-operator-chart:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE% -#!BuildTag: %%IMG_PREFIX%%sriov-network-operator-chart:%%CHART_MAJOR%%.0.0_up1.4.0 +#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0 annotations: catalog.cattle.io/auto-install: sriov-crd=match catalog.cattle.io/experimental: "true" diff --git a/sriov-network-operator-chart/README.md b/sriov-network-operator-chart/README.md index 9cbb747..a9a1032 100644 --- a/sriov-network-operator-chart/README.md +++ b/sriov-network-operator-chart/README.md @@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia #### Deploy from OCI repo ``` -$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart +$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator ``` #### Deploy from project sources @@ -51,7 +51,7 @@ $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --se $ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator # Install Operator -$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator-chart +$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator # View deployed resources $ kubectl -n sriov-network-operator get pods diff --git a/sriov-network-operator-chart/_service b/sriov-network-operator-chart/_service index cddd72f..5d198c7 100644 --- a/sriov-network-operator-chart/_service +++ b/sriov-network-operator-chart/_service @@ -2,8 +2,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHAT_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR diff --git a/upgrade-controller-chart/Chart.yaml b/upgrade-controller-chart/Chart.yaml index 247c13e..2734273 100644 --- a/upgrade-controller-chart/Chart.yaml +++ b/upgrade-controller-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%upgrade-controller-chart:%%CHART_MAJOR%%.0.0_up0.1.1 -#!BuildTag: %%IMG_PREFIX%%upgrade-controller-chart:%%CHART_MAJOR%%.0.0_up0.1.1-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.0_up0.1.1 +#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.0_up0.1.1-%RELEASE% apiVersion: v2 appVersion: 0.1.1 dependencies: diff --git a/upgrade-controller-chart/_service b/upgrade-controller-chart/_service index fc5f6f3..66126ef 100644 --- a/upgrade-controller-chart/_service +++ b/upgrade-controller-chart/_service @@ -11,8 +11,8 @@ Chart.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX + CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix}) + CHART_PREFIX CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major}) CHART_MAJOR -- 2.49.0 From 4259b167fdad5c8fd110439d4f00775487287fc3716fa86f529128e5bde1eeb8 Mon Sep 17 00:00:00 2001 From: dbw7 Date: Fri, 2 May 2025 11:16:43 -0400 Subject: [PATCH 53/55] update to v1.2.0-rc1 --- edge-image-builder-image/Dockerfile | 8 ++++---- edge-image-builder/_service | 4 ++-- edge-image-builder/edge-image-builder.spec | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/edge-image-builder-image/Dockerfile b/edge-image-builder-image/Dockerfile index 022279c..abfe3c9 100644 --- a/edge-image-builder-image/Dockerfile +++ b/edge-image-builder-image/Dockerfile @@ -1,5 +1,5 @@ -#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc0 -#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc0-%RELEASE% +#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc1 +#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc1-%RELEASE% #!BuildVersion: 15.6 ARG SLE_VERSION FROM registry.suse.com/bci/bci-base:$SLE_VERSION @@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)" LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image" LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image." -LABEL org.opencontainers.image.version="1.2.0-rc0" +LABEL org.opencontainers.image.version="1.2.0-rc1" LABEL org.opencontainers.image.url="https://www.suse.com/products/server/" LABEL org.opencontainers.image.created="%BUILDTIME%" LABEL org.opencontainers.image.vendor="SUSE LLC" -LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-rc0-%RELEASE%" +LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-rc1-%RELEASE%" LABEL org.openbuildservice.disturl="%DISTURL%" LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%" LABEL com.suse.eula="SUSE Combined EULA February 2024" diff --git a/edge-image-builder/_service b/edge-image-builder/_service index f003786..0d61759 100644 --- a/edge-image-builder/_service +++ b/edge-image-builder/_service @@ -3,9 +3,9 @@ https://github.com/suse-edge/edge-image-builder.git git .git - v1.2.0-rc0 + v1.2.0-rc1 - 1.2.0~rc0 + 1.2.0~rc1 v(\d+).(\d+).(\d+) diff --git a/edge-image-builder/edge-image-builder.spec b/edge-image-builder/edge-image-builder.spec index d8c9e01..21a2ba3 100644 --- a/edge-image-builder/edge-image-builder.spec +++ b/edge-image-builder/edge-image-builder.spec @@ -17,7 +17,7 @@ Name: edge-image-builder -Version: 1.2.0~rc0 +Version: 1.2.0~rc1 Release: 0 Summary: Edge Image Builder License: Apache-2.0 -- 2.49.0 From 8b383c15fade105029cd90f3e7932e2dcb88c86cc8d7af2a209a000b6a73435e Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Tue, 6 May 2025 13:39:45 +0200 Subject: [PATCH 54/55] Remove extra slash in image reference Signed-off-by: Nicolas Belouin --- rancher-turtles-chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rancher-turtles-chart/values.yaml b/rancher-turtles-chart/values.yaml index 4c0d259..ade3dab 100644 --- a/rancher-turtles-chart/values.yaml +++ b/rancher-turtles-chart/values.yaml @@ -9,7 +9,7 @@ rancherTurtles: managerArguments: [] imagePullSecrets: [] rancherInstalled: false - kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%/kubectl:1.30.3" + kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3" features: day2operations: enabled: false -- 2.49.0 From c81f5057ce81f35e3d9c0fc2c119cd0d223f6c5b0b97276f8afb05dd3573aa6f Mon Sep 17 00:00:00 2001 From: Nicolas Belouin Date: Tue, 6 May 2025 14:18:52 +0200 Subject: [PATCH 55/55] Enable kubectl image on aarch64 Signed-off-by: Nicolas Belouin --- _config | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/_config b/_config index 3c63106..e4bf362 100644 --- a/_config +++ b/_config @@ -60,6 +60,7 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:endpoint-copier-operator-image BuildFlags: excludebuild:ironic-image BuildFlags: excludebuild:ironic-ipa-downloader-image + BuildFlags: excludebuild:kubectl-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image @@ -84,6 +85,8 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: onlybuild:ironic-image BuildFlags: onlybuild:ironic-ipa-downloader-image BuildFlags: onlybuild:ironic-ipa-ramdisk + BuildFlags: onlybuild:kubectl + BuildFlags: onlybuild:kubectl-image BuildFlags: onlybuild:kube-rbac-proxy BuildFlags: onlybuild:kube-rbac-proxy-image BuildFlags: onlybuild:metallb @@ -130,6 +133,7 @@ BuildFlags: onlybuild:release-manifest-image BuildFlags: excludebuild:endpoint-copier-operator-image BuildFlags: excludebuild:ironic-image BuildFlags: excludebuild:ironic-ipa-downloader-image + BuildFlags: excludebuild:kubectl-image BuildFlags: excludebuild:kube-rbac-proxy-image BuildFlags: excludebuild:metallb-controller-image BuildFlags: excludebuild:metallb-speaker-image -- 2.49.0