Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures
authorWes Kocher <wkocher@mozilla.com>
Fri, 18 Sep 2015 12:53:24 -0700
changeset 263295 1d45333a4690ec40fcb16c961c73699dc9772d18
parent 263294 65cbc7d2133957da04265f50d9db79c7dac07994
child 263296 c167178109febd1b9c8eac5656c710ee09c4c58d
push id65274
push userkwierso@gmail.com
push dateFri, 18 Sep 2015 19:53:28 +0000
treeherdermozilla-inbound@1d45333a4690 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1203312
milestone43.0a1
backs outa08287c70962145364545c1a72135f9338544e9e
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset a08287c70962 (bug 1203312) for b2g xpcshell failures
security/manager/ssl/StaticHPKPins.h
security/manager/ssl/tests/unit/head_psm.js
security/manager/ssl/tests/unit/pycert.py
security/manager/ssl/tests/unit/pykey.py
security/manager/ssl/tests/unit/test_cert_blocklist.js
security/manager/ssl/tests/unit/test_cert_chains.js
security/manager/ssl/tests/unit/test_cert_overrides.js
security/manager/ssl/tests/unit/test_ocsp_caching.js
security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
security/manager/ssl/tests/unit/test_ocsp_required.js
security/manager/ssl/tests/unit/test_ocsp_stapling.js
security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
security/manager/ssl/tests/unit/test_pinning.js
security/manager/ssl/tests/unit/tlsserver/badSubjectAltNames.pem.certspec
security/manager/ssl/tests/unit/tlsserver/beforeEpoch.pem.certspec
security/manager/ssl/tests/unit/tlsserver/beforeEpochINT.pem.certspec
security/manager/ssl/tests/unit/tlsserver/beforeEpochIssuer.pem.certspec
security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec
security/manager/ssl/tests/unit/tlsserver/cert9.db
security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
security/manager/ssl/tests/unit/tlsserver/default-ee.der
security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec
security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec
security/manager/ssl/tests/unit/tlsserver/delegatedSHA1Signer.pem.certspec
security/manager/ssl/tests/unit/tlsserver/delegatedSigner.pem.certspec
security/manager/ssl/tests/unit/tlsserver/eeIssuedByNonCA.pem.certspec
security/manager/ssl/tests/unit/tlsserver/eeIssuedByV1Cert.pem.certspec
security/manager/ssl/tests/unit/tlsserver/expired-ee.der
security/manager/ssl/tests/unit/tlsserver/expired-ee.pem.certspec
security/manager/ssl/tests/unit/tlsserver/expiredINT.pem.certspec
security/manager/ssl/tests/unit/tlsserver/expiredissuer.pem.certspec
security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
security/manager/ssl/tests/unit/tlsserver/inadequateKeySizeEE.pem.certspec
security/manager/ssl/tests/unit/tlsserver/inadequatekeyusage-ee.der
security/manager/ssl/tests/unit/tlsserver/inadequatekeyusage-ee.pem.certspec
security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerFromIntermediate.pem.certspec
security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
security/manager/ssl/tests/unit/tlsserver/ipAddressAsDNSNameInSAN.pem.certspec
security/manager/ssl/tests/unit/tlsserver/key4.db
security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
security/manager/ssl/tests/unit/tlsserver/md5signature-expired.pem.certspec
security/manager/ssl/tests/unit/tlsserver/md5signature.pem.certspec
security/manager/ssl/tests/unit/tlsserver/mismatch-expired.pem.certspec
security/manager/ssl/tests/unit/tlsserver/mismatch-notYetValid.pem.certspec
security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted-expired.pem.certspec
security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted.pem.certspec
security/manager/ssl/tests/unit/tlsserver/mismatch.pem.certspec
security/manager/ssl/tests/unit/tlsserver/mismatchCN.pem.certspec
security/manager/ssl/tests/unit/tlsserver/moz.build
security/manager/ssl/tests/unit/tlsserver/noValidNames.pem.certspec
security/manager/ssl/tests/unit/tlsserver/notYetValid.pem.certspec
security/manager/ssl/tests/unit/tlsserver/notYetValidINT.pem.certspec
security/manager/ssl/tests/unit/tlsserver/notYetValidIssuer.pem.certspec
security/manager/ssl/tests/unit/tlsserver/nsCertTypeCritical.pem.certspec
security/manager/ssl/tests/unit/tlsserver/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
security/manager/ssl/tests/unit/tlsserver/nsCertTypeNotCritical.pem.certspec
security/manager/ssl/tests/unit/tlsserver/ocspEEWithIntermediate.pem.certspec
security/manager/ssl/tests/unit/tlsserver/ocspOtherEndEntity.pem.certspec
security/manager/ssl/tests/unit/tlsserver/other-issuer-ee.der
security/manager/ssl/tests/unit/tlsserver/other-issuer-ee.pem.certspec
security/manager/ssl/tests/unit/tlsserver/other-test-ca.der
security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec
security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec
security/manager/ssl/tests/unit/tlsserver/pkcs11.txt
security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec
security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.pem.certspec
security/manager/ssl/tests/unit/tlsserver/same-issuer-ee.der
security/manager/ssl/tests/unit/tlsserver/same-issuer-ee.pem.certspec
security/manager/ssl/tests/unit/tlsserver/self-signed-EE-with-cA-true.pem.certspec
security/manager/ssl/tests/unit/tlsserver/selfsigned-inadequateEKU.pem.certspec
security/manager/ssl/tests/unit/tlsserver/selfsigned.pem.certspec
security/manager/ssl/tests/unit/tlsserver/test-ca.der
security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec
security/manager/ssl/tests/unit/tlsserver/test-int-ee.der
security/manager/ssl/tests/unit/tlsserver/test-int-ee.pem.certspec
security/manager/ssl/tests/unit/tlsserver/test-int.der
security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec
security/manager/ssl/tests/unit/tlsserver/unknown-issuer.der
security/manager/ssl/tests/unit/tlsserver/unknownissuer.pem.certspec
security/manager/ssl/tests/unit/tlsserver/untrusted-expired.pem.certspec
security/manager/ssl/tests/unit/tlsserver/untrustedissuer.pem.certspec
security/manager/ssl/tests/unit/tlsserver/v1Cert.der
security/manager/ssl/tests/unit/tlsserver/v1Cert.pem.certspec
security/manager/tools/genHPKPStaticPins.js
--- a/security/manager/ssl/StaticHPKPins.h
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -76,17 +76,17 @@ static const char kDigiCert_Global_Root_
   "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
 
 /* DigiCert High Assurance EV Root CA */
 static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] =
   "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
 
 /* End Entity Test Cert */
 static const char kEnd_Entity_Test_CertFingerprint[] =
-  "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+  "lzCakFt+nADIfIkgk+UE/EQ9SaT2nay2yu2iykVbvV8=";
 
 /* Entrust Root Certification Authority */
 static const char kEntrust_Root_Certification_AuthorityFingerprint[] =
   "bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU=";
 
 /* Entrust Root Certification Authority - EC1 */
 static const char kEntrust_Root_Certification_Authority___EC1Fingerprint[] =
   "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI=";
@@ -1091,9 +1091,9 @@ static const TransportSecurityPreload kP
   { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
   { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
 };
 
 // Pinning Preload List Length = 363;
 
 static const int32_t kUnknownId = -1;
 
-static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1450902702049000);
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1450521025692000);
--- a/security/manager/ssl/tests/unit/head_psm.js
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -430,17 +430,17 @@ function _getBinaryUtil(binaryUtilName) 
 }
 
 // Do not call this directly; use add_tls_server_setup
 function _setupTLSServerTest(serverBinName)
 {
   let certdb = Cc["@mozilla.org/security/x509certdb;1"]
                   .getService(Ci.nsIX509CertDB);
   // The trusted CA that is typically used for "good" certificates.
-  addCertFromFile(certdb, "tlsserver/test-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "tlsserver/test-ca.der", "CTu,u,u");
 
   const CALLBACK_PORT = 8444;
 
   let directoryService = Cc["@mozilla.org/file/directory_service;1"]
                            .getService(Ci.nsIProperties);
   let envSvc = Cc["@mozilla.org/process/environment;1"]
                  .getService(Ci.nsIEnvironment);
   let greBinDir = directoryService.get("GreBinD", Ci.nsIFile);
@@ -634,18 +634,19 @@ FakeSSLStatus.prototype = {
       return this;
     }
     throw Components.results.NS_ERROR_NO_INTERFACE;
   },
 }
 
 // Utility functions for adding tests relating to certificate error overrides
 
-// Helper function for add_cert_override_test. Probably doesn't need to be
-// called directly.
+// Helper function for add_cert_override_test and
+// add_prevented_cert_override_test. Probably doesn't need to be called
+// directly.
 function add_cert_override(aHost, aExpectedBits, aSecurityInfo) {
   let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
                                .SSLStatus;
   let bits =
     (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
     (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
     (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
   Assert.equal(bits, aExpectedBits,
@@ -662,41 +663,19 @@ function add_cert_override(aHost, aExpec
 // with the expected errors and that adding an override results in a subsequent
 // connection succeeding.
 function add_cert_override_test(aHost, aExpectedBits, aExpectedError) {
   add_connection_test(aHost, aExpectedError, null,
                       add_cert_override.bind(this, aHost, aExpectedBits));
   add_connection_test(aHost, PRErrorCodeSuccess);
 }
 
-// Helper function for add_prevented_cert_override_test. This is much like
-// add_cert_override except it may not be the case that the connection has an
-// SSLStatus set on it. In this case, the error was not overridable anyway, so
-// we consider it a success.
-function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
-  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
-                               .SSLStatus;
-  if (sslstatus) {
-    let bits =
-      (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
-      (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
-      (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
-    Assert.equal(bits, aExpectedBits,
-                 "Actual and expected override bits should match");
-    let cert = sslstatus.serverCert;
-    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
-                                .getService(Ci.nsICertOverrideService);
-    certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
-                                                 true);
-  }
-}
-
 // Given a host, expected error bits (see nsICertOverrideService.idl), and
 // an expected error code, tests that an initial connection to the host fails
 // with the expected errors and that adding an override does not result in a
 // subsequent connection succeeding (i.e. the same error code is encountered).
 // The idea here is that for HSTS hosts or hosts with key pins, no error is
 // overridable, even if an entry is added to the override service.
 function add_prevented_cert_override_test(aHost, aExpectedBits, aExpectedError) {
   add_connection_test(aHost, aExpectedError, null,
-                      attempt_adding_cert_override.bind(this, aHost, aExpectedBits));
+                      add_cert_override.bind(this, aHost, aExpectedBits));
   add_connection_test(aHost, aExpectedError);
 }
--- a/security/manager/ssl/tests/unit/pycert.py
+++ b/security/manager/ssl/tests/unit/pycert.py
@@ -11,33 +11,31 @@ signed x509 certificate with the desired
 The input format is as follows:
 
 issuer:<issuer distinguished name specification>
 subject:<subject distinguished name specification>
 [version:{1,2,3,4}]
 [validity:<YYYYMMDD-YYYYMMDD|duration in days>]
 [issuerKey:<key specification>]
 [subjectKey:<key specification>]
-[signature:{sha256WithRSAEncryption,sha1WithRSAEncryption,
-            md5WithRSAEncryption,ecdsaWithSHA256}]
+[signature:{sha1WithRSAEncryption,sha256WithRSAEncryption,ecdsaWithSHA256}]
 [extension:<extension name:<extension-specific data>>]
 [...]
 
 Known extensions are:
 basicConstraints:[cA],[pathLenConstraint]
 keyUsage:[digitalSignature,nonRepudiation,keyEncipherment,
           dataEncipherment,keyAgreement,keyCertSign,cRLSign]
 extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection
              nsSGC, # Netscape Server Gated Crypto
              OCSPSigning,timeStamping]
 subjectAlternativeName:[<dNSName>,...]
 authorityInformationAccess:<OCSP URI>
 certificatePolicies:<policy OID>
 nameConstraints:{permitted,excluded}:[<dNSName|directoryName>,...]
-nsCertType:sslServer
 
 Where:
   [] indicates an optional field or component of a field
   <> indicates a required component of a field
   {} indicates a choice of exactly one value among a set of values
   [a,b,c] indicates a list of potential values, of which zero or more
           may be used
 
@@ -61,19 +59,16 @@ Issuer and subject distinguished name sp
 '[stringEncoding]/C=XX/O=Example/CN=example.com'. C (country name), ST
 (state or province name), L (locality name), O (organization name), OU
 (organizational unit name), CN (common name) and emailAddress (email
 address) are currently supported. The optional stringEncoding field may
 be 'utf8String' or 'printableString'. If the given string does not
 contain a '/', it is assumed to represent a common name.
 DirectoryNames also use this format. When specifying a directoryName in
 a nameConstraints extension, the implicit form may not be used.
-
-If an extension name has '[critical]' after it, it will be marked as
-critical. Otherwise (by default), it will not be marked as critical.
 """
 
 from pyasn1.codec.der import decoder
 from pyasn1.codec.der import encoder
 from pyasn1.type import constraint, namedtype, tag, univ, useful
 from pyasn1_modules import rfc2459
 import base64
 import datetime
@@ -178,24 +173,16 @@ class UnknownNameConstraintsSpecificatio
 class UnknownDNTypeError(UnknownBaseError):
     """Helper exception type to handle unknown DN types."""
 
     def __init__(self, value):
         UnknownBaseError.__init__(self, value)
         self.category = 'DN'
 
 
-class UnknownNSCertTypeError(UnknownBaseError):
-    """Helper exception type to handle unknown nsCertType types."""
-
-    def __init__(self, value):
-        UnknownBaseError.__init__(self, value)
-        self.category = 'nsCertType'
-
-
 def getASN1Tag(asn1Type):
     """Helper function for returning the base tag value of a given
     type from the pyasn1 package"""
     return asn1Type.baseTagSet.getBaseTag().asTuple()[2]
 
 def stringToAccessDescription(string):
     """Helper function that takes a string representing a URI
     presumably identifying an OCSP authority information access
@@ -262,39 +249,37 @@ def stringToDN(string, tag=None):
         pos = pos + 1
     if tag:
         name = rfc2459.Name().subtype(implicitTag=tag)
     else:
         name = rfc2459.Name()
     name.setComponentByPosition(0, rdns)
     return name
 
-def stringToAlgorithmIdentifiers(string):
+def stringToAlgorithmIdentifier(string):
     """Helper function that converts a description of an algorithm
-    to a representation usable by the pyasn1 package and a hash
-    algorithm name for use by pykey."""
+    to a representation usable by the pyasn1 package"""
     algorithmIdentifier = rfc2459.AlgorithmIdentifier()
-    algorithmName = None
     algorithm = None
+    name = None
     if string == 'sha1WithRSAEncryption':
-        algorithmName = 'SHA-1'
+        name = 'SHA-1'
         algorithm = rfc2459.sha1WithRSAEncryption
     elif string == 'sha256WithRSAEncryption':
-        algorithmName = 'SHA-256'
+        name = 'SHA-256'
         algorithm = univ.ObjectIdentifier('1.2.840.113549.1.1.11')
-    elif string == 'md5WithRSAEncryption':
-        algorithmName = 'MD5'
-        algorithm = rfc2459.md5WithRSAEncryption
     elif string == 'ecdsaWithSHA256':
-        algorithmName = 'sha256'
+        # Note that this value is only used by pykey.py to tell if
+        # ECDSA is allowed.  It does not conform to the pyECC syntax.
+        name = 'SHA-256'
         algorithm = univ.ObjectIdentifier('1.2.840.10045.4.3.2')
     else:
         raise UnknownAlgorithmTypeError(string)
     algorithmIdentifier.setComponentByName('algorithm', algorithm)
-    return (algorithmIdentifier, algorithmName)
+    return (algorithmIdentifier, name)
 
 def datetimeToTime(dt):
     """Takes a datetime object and returns an rfc2459.Time object with
     that time as its value as a GeneralizedTime"""
     time = rfc2459.Time()
     time.setComponentByName('generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ')))
     return time
 
@@ -390,78 +375,68 @@ class Certificate:
             self.notBefore = datetime.datetime.strptime(match.group(1), '%Y%m%d')
             self.notAfter = datetime.datetime.strptime(match.group(2), '%Y%m%d')
         else:
             delta = datetime.timedelta(days=(int(duration) / 2))
             self.notBefore = self.now - delta
             self.notAfter = self.now + delta
 
     def decodeExtension(self, extension):
-        match = re.search('([a-zA-Z]+)(\[critical\])?:(.*)', extension)
-        if not match:
-            raise UnknownExtensionTypeError(extension)
-        extensionType = match.group(1)
-        critical = match.group(2)
-        value = match.group(3)
+        extensionType = extension.split(':')[0]
+        value = ':'.join(extension.split(':')[1:])
         if extensionType == 'basicConstraints':
-            self.addBasicConstraints(value, critical)
+            self.addBasicConstraints(value)
         elif extensionType == 'keyUsage':
-            self.addKeyUsage(value, critical)
+            self.addKeyUsage(value)
         elif extensionType == 'extKeyUsage':
-            self.addExtKeyUsage(value, critical)
+            self.addExtKeyUsage(value)
         elif extensionType == 'subjectAlternativeName':
-            self.addSubjectAlternativeName(value, critical)
+            self.addSubjectAlternativeName(value)
         elif extensionType == 'authorityInformationAccess':
-            self.addAuthorityInformationAccess(value, critical)
+            self.addAuthorityInformationAccess(value)
         elif extensionType == 'certificatePolicies':
-            self.addCertificatePolicies(value, critical)
+            self.addCertificatePolicies(value)
         elif extensionType == 'nameConstraints':
-            self.addNameConstraints(value, critical)
-        elif extensionType == 'nsCertType':
-            self.addNSCertType(value, critical)
+            self.addNameConstraints(value)
         else:
             raise UnknownExtensionTypeError(extensionType)
 
     def setupKey(self, subjectOrIssuer, value):
         if subjectOrIssuer == 'subject':
             self.subjectKey = pykey.keyFromSpecification(value)
         elif subjectOrIssuer == 'issuer':
             self.issuerKey = pykey.keyFromSpecification(value)
         else:
             raise UnknownKeyTargetError(subjectOrIssuer)
 
-    def addExtension(self, extensionType, extensionValue, critical):
+    def addExtension(self, extensionType, extensionValue):
         if not self.extensions:
             self.extensions = []
         encapsulated = univ.OctetString(encoder.encode(extensionValue))
         extension = rfc2459.Extension()
         extension.setComponentByName('extnID', extensionType)
-        # critical is either the string '[critical]' or None.
-        # We only care whether or not it is truthy.
-        if critical:
-            extension.setComponentByName('critical', True)
         extension.setComponentByName('extnValue', encapsulated)
         self.extensions.append(extension)
 
-    def addBasicConstraints(self, basicConstraints, critical):
+    def addBasicConstraints(self, basicConstraints):
         cA = basicConstraints.split(',')[0]
         pathLenConstraint = basicConstraints.split(',')[1]
         basicConstraintsExtension = rfc2459.BasicConstraints()
         basicConstraintsExtension.setComponentByName('cA', cA == 'cA')
         if pathLenConstraint:
             pathLenConstraintValue = \
                 univ.Integer(int(pathLenConstraint)).subtype(
                     subtypeSpec=constraint.ValueRangeConstraint(0, 64))
             basicConstraintsExtension.setComponentByName('pathLenConstraint',
                                                          pathLenConstraintValue)
-        self.addExtension(rfc2459.id_ce_basicConstraints, basicConstraintsExtension, critical)
+        self.addExtension(rfc2459.id_ce_basicConstraints, basicConstraintsExtension)
 
-    def addKeyUsage(self, keyUsage, critical):
+    def addKeyUsage(self, keyUsage):
         keyUsageExtension = rfc2459.KeyUsage(keyUsage)
-        self.addExtension(rfc2459.id_ce_keyUsage, keyUsageExtension, critical)
+        self.addExtension(rfc2459.id_ce_keyUsage, keyUsageExtension)
 
     def keyPurposeToOID(self, keyPurpose):
         if keyPurpose == 'serverAuth':
             # the OID for id_kp_serverAuth is incorrect in the
             # pyasn1-modules implementation
             return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1')
         if keyPurpose == 'clientAuth':
             return rfc2459.id_kp_clientAuth
@@ -472,54 +447,54 @@ class Certificate:
         if keyPurpose == 'nsSGC':
             return univ.ObjectIdentifier('2.16.840.1.113730.4.1')
         if keyPurpose == 'OCSPSigning':
             return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.9')
         if keyPurpose == 'timeStamping':
             return rfc2459.id_kp_timeStamping
         raise UnknownKeyPurposeTypeError(keyPurpose)
 
-    def addExtKeyUsage(self, extKeyUsage, critical):
+    def addExtKeyUsage(self, extKeyUsage):
         extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax()
         count = 0
         for keyPurpose in extKeyUsage.split(','):
             extKeyUsageExtension.setComponentByPosition(count, self.keyPurposeToOID(keyPurpose))
             count += 1
-        self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension, critical)
+        self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension)
 
-    def addSubjectAlternativeName(self, dNSNames, critical):
+    def addSubjectAlternativeName(self, dNSNames):
         subjectAlternativeName = rfc2459.SubjectAltName()
         count = 0
         for dNSName in dNSNames.split(','):
             generalName = rfc2459.GeneralName()
             # The string may have things like '\0' (i.e. a slash
             # followed by the number zero) that have to be decoded into
             # the resulting '\x00' (i.e. a byte with value zero).
             generalName.setComponentByName('dNSName', dNSName.decode(encoding='string_escape'))
             subjectAlternativeName.setComponentByPosition(count, generalName)
             count += 1
-        self.addExtension(rfc2459.id_ce_subjectAltName, subjectAlternativeName, critical)
+        self.addExtension(rfc2459.id_ce_subjectAltName, subjectAlternativeName)
 
-    def addAuthorityInformationAccess(self, ocspURI, critical):
+    def addAuthorityInformationAccess(self, ocspURI):
         sequence = univ.Sequence()
         accessDescription = stringToAccessDescription(ocspURI)
         sequence.setComponentByPosition(0, accessDescription)
-        self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence, critical)
+        self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence)
 
-    def addCertificatePolicies(self, policyOID, critical):
+    def addCertificatePolicies(self, policyOID):
         policies = rfc2459.CertificatePolicies()
         policy = rfc2459.PolicyInformation()
         if policyOID == 'any':
             policyOID = '2.5.29.32.0'
         policyIdentifier = rfc2459.CertPolicyId(policyOID)
         policy.setComponentByName('policyIdentifier', policyIdentifier)
         policies.setComponentByPosition(0, policy)
-        self.addExtension(rfc2459.id_ce_certificatePolicies, policies, critical)
+        self.addExtension(rfc2459.id_ce_certificatePolicies, policies)
 
-    def addNameConstraints(self, constraints, critical):
+    def addNameConstraints(self, constraints):
         nameConstraints = NameConstraints()
         if constraints.startswith('permitted:'):
             (subtreesType, subtreesTag) = ('permittedSubtrees', 0)
         elif constraints.startswith('excluded:'):
             (subtreesType, subtreesTag) = ('excludedSubtrees', 1)
         else:
             raise UnknownNameConstraintsSpecificationError(constraints)
         generalSubtrees = rfc2459.GeneralSubtrees().subtype(
@@ -534,31 +509,28 @@ class Certificate:
                 generalName.setComponentByName('directoryName', directoryName)
             else:
                 generalName.setComponentByName('dNSName', name)
             generalSubtree = GeneralSubtree()
             generalSubtree.setComponentByName('base', generalName)
             generalSubtrees.setComponentByPosition(pos, generalSubtree)
             pos = pos + 1
         nameConstraints.setComponentByName(subtreesType, generalSubtrees)
-        self.addExtension(rfc2459.id_ce_nameConstraints, nameConstraints, critical)
-
-    def addNSCertType(self, certType, critical):
-        if certType != 'sslServer':
-            raise UnknownNSCertTypeError(certType)
-        self.addExtension(univ.ObjectIdentifier('2.16.840.1.113730.1.1'), univ.BitString("'01'B"),
-            critical)
+        self.addExtension(rfc2459.id_ce_nameConstraints, nameConstraints)
 
     def getVersion(self):
         return rfc2459.Version(self.versionValue).subtype(
             explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
 
     def getSerialNumber(self):
         return decoder.decode(self.serialNumber)[0]
 
+    def getSignature(self):
+        return stringToAlgorithmIdentifier(self.signature)
+
     def getIssuer(self):
         return stringToDN(self.issuer)
 
     def getValidity(self):
         validity = rfc2459.Validity()
         validity.setComponentByName('notBefore', self.getNotBefore())
         validity.setComponentByName('notAfter', self.getNotAfter())
         return validity
@@ -568,17 +540,18 @@ class Certificate:
 
     def getNotAfter(self):
         return datetimeToTime(self.notAfter)
 
     def getSubject(self):
         return stringToDN(self.subject)
 
     def toDER(self):
-        (signatureOID, hashName) = stringToAlgorithmIdentifiers(self.signature)
+        (signatureOID, hashAlg) = self.getSignature()
+
         tbsCertificate = rfc2459.TBSCertificate()
         tbsCertificate.setComponentByName('version', self.getVersion())
         tbsCertificate.setComponentByName('serialNumber', self.getSerialNumber())
         tbsCertificate.setComponentByName('signature', signatureOID)
         tbsCertificate.setComponentByName('issuer', self.getIssuer())
         tbsCertificate.setComponentByName('validity', self.getValidity())
         tbsCertificate.setComponentByName('subject', self.getSubject())
         tbsCertificate.setComponentByName('subjectPublicKeyInfo',
@@ -590,17 +563,18 @@ class Certificate:
             for extension in self.extensions:
                 extensions.setComponentByPosition(count, extension)
                 count += 1
             tbsCertificate.setComponentByName('extensions', extensions)
         certificate = rfc2459.Certificate()
         certificate.setComponentByName('tbsCertificate', tbsCertificate)
         certificate.setComponentByName('signatureAlgorithm', signatureOID)
         tbsDER = encoder.encode(tbsCertificate)
-        certificate.setComponentByName('signatureValue', self.issuerKey.sign(tbsDER, hashName))
+
+        certificate.setComponentByName('signatureValue', self.issuerKey.sign(tbsDER, hashAlg))
         return encoder.encode(certificate)
 
     def toPEM(self):
         output = '-----BEGIN CERTIFICATE-----'
         der = self.toDER()
         b64 = base64.b64encode(der)
         while b64:
             output += '\n' + b64[:64]
--- a/security/manager/ssl/tests/unit/pykey.py
+++ b/security/manager/ssl/tests/unit/pykey.py
@@ -61,16 +61,23 @@ class UnknownBaseError(Exception):
 
 class UnknownKeySpecificationError(UnknownBaseError):
     """Helper exception type to handle unknown key specifications."""
 
     def __init__(self, value):
         UnknownBaseError.__init__(self, value)
         self.category = 'key specification'
 
+class ParameterError(UnknownBaseError):
+    """Exception type indicating that the key was misconfigured"""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'key parameter'
+
 class RSAPublicKey(univ.Sequence):
     """Helper type for encoding an RSA public key"""
     componentType = namedtype.NamedTypes(
         namedtype.NamedType('N', univ.Integer()),
         namedtype.NamedType('E', univ.Integer()))
 
 
 class RSAPrivateKey(univ.Sequence):
@@ -548,22 +555,22 @@ class RSAKey:
         spki.setComponentByName('algorithm', algorithmIdentifier)
         rsaKey = RSAPublicKey()
         rsaKey.setComponentByName('N', univ.Integer(self.RSA_N))
         rsaKey.setComponentByName('E', univ.Integer(self.RSA_E))
         subjectPublicKey = univ.BitString(byteStringToHexifiedBitString(encoder.encode(rsaKey)))
         spki.setComponentByName('subjectPublicKey', subjectPublicKey)
         return spki
 
-    def sign(self, data, hashAlgorithmName):
+    def sign(self, data, digest):
         """Returns a hexified bit string representing a
         signature by this key over the specified data.
         Intended for use with pyasn1.type.univ.BitString"""
         rsaPrivateKey = rsa.PrivateKey(self.RSA_N, self.RSA_E, self.RSA_D, self.RSA_P, self.RSA_Q)
-        signature = rsa.sign(data, rsaPrivateKey, hashAlgorithmName)
+        signature = rsa.sign(data, rsaPrivateKey, digest)
         return byteStringToHexifiedBitString(signature)
 
 
 ecPublicKey = univ.ObjectIdentifier('1.2.840.10045.2.1')
 secp256k1 = univ.ObjectIdentifier('1.3.132.0.10')
 secp224r1 = univ.ObjectIdentifier('1.3.132.0.33')
 secp256r1 = univ.ObjectIdentifier('1.2.840.10045.3.1.7')
 secp384r1 = univ.ObjectIdentifier('1.3.132.0.34')
@@ -659,32 +666,36 @@ class ECCKey:
         _, _, points = encoding.Decoder(encoded).int(8).int(2).point(2).out()
         # '04' indicates that the points are in uncompressed form.
         hexifiedBitString = "'%s%s%s'H" % ('04', longToEvenLengthHexString(points[0]),
                                            longToEvenLengthHexString(points[1]))
         subjectPublicKey = univ.BitString(hexifiedBitString)
         spki.setComponentByName('subjectPublicKey', subjectPublicKey)
         return spki
 
-    def sign(self, data, hashAlgorithmName):
+    def sign(self, data, digest):
         """Returns a hexified bit string representing a
         signature by this key over the specified data.
         Intended for use with pyasn1.type.univ.BitString"""
+        # This should really only be used with SHA-256
+        if digest != "SHA-256":
+            raise ParameterError(digest)
+
         # There is some non-determinism in ECDSA signatures. Work around
         # this by patching ecc.ecdsa.urandom to not be random.
         with mock.patch('ecc.ecdsa.urandom', side_effect=notRandom):
             # For some reason Key.sign returns an encoded point.
             # Decode it so we can encode it as a BITSTRING consisting
             # of a SEQUENCE of two INTEGERs.
             # Also patch in secp256k1 if applicable.
             if self.keyOID == secp256k1:
                 with mock.patch('ecc.curves.DOMAINS', {256: secp256k1Params}):
-                    x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName))
+                    x, y = encoding.dec_point(self.key.sign(data, 'sha256'))
             else:
-                x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName))
+                x, y = encoding.dec_point(self.key.sign(data, 'sha256'))
             point = ECPoint()
             point.setComponentByName('x', x)
             point.setComponentByName('y', y)
             return byteStringToHexifiedBitString(encoder.encode(point))
 
 
 def keyFromSpecification(specification):
     """Pass in a specification, get the appropriate key back."""
--- a/security/manager/ssl/tests/unit/test_cert_blocklist.js
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -89,38 +89,37 @@ var blocklist_contents =
     "<certItems><certItem issuerName='Some nonsense in issuer'>" +
     "<serialNumber>AkHVNA==</serialNumber>" +
     "</certItem><certItem issuerName='MA0xCzAJBgNVBAMMAmNh'>" +
     "<serialNumber>some nonsense in serial</serialNumber>" +
     "</certItem><certItem issuerName='some nonsense in both issuer'>" +
     "<serialNumber>and serial</serialNumber></certItem>" +
     // some mixed
     // In this case, the issuer name and the valid serialNumber correspond
-    // to test-int.pem in tlsserver/
-    "<certItem issuerName='MBIxEDAOBgNVBAMMB1Rlc3QgQ0E='>" +
+    // to test-int.der in tlsserver/
+    "<certItem issuerName='MBIxEDAOBgNVBAMTB1Rlc3QgQ0E='>" +
     "<serialNumber>oops! more nonsense.</serialNumber>" +
-    "<serialNumber>Y1HQqXGtw7ek2v/QAqBL8jf6rbA=</serialNumber></certItem>" +
+    "<serialNumber>X1o=</serialNumber></certItem>" +
     // ... and some good
     // In this case, the issuer name and the valid serialNumber correspond
-    // to other-test-ca.pem in tlsserver/ (for testing root revocation)
-    "<certItem issuerName='MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E='>" +
-    "<serialNumber>Szin5enUEn9TnVq29c4IMPNFuqE=</serialNumber></certItem>" +
+    // to other-test-ca.der in tlsserver/ (for testing root revocation)
+    "<certItem issuerName='MBgxFjAUBgNVBAMTDU90aGVyIHRlc3QgQ0E='>" +
+    "<serialNumber>AKEIivg=</serialNumber></certItem>" +
     // This item corresponds to an entry in sample_revocations.txt where:
     // isser name is "another imaginary issuer" base-64 encoded, and
     // serialNumbers are:
     // "serial2." base-64 encoded, and
     // "another serial." base-64 encoded
     // We need this to ensure that existing items are retained if they're
     // also in the blocklist
     "<certItem issuerName='YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy'>" +
     "<serialNumber>c2VyaWFsMi4=</serialNumber>" +
     "<serialNumber>YW5vdGhlciBzZXJpYWwu</serialNumber>" +
-    // This item revokes same-issuer-ee.pem by subject and serial number.
-    "</certItem><certItem subject='MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5'"+
-    " pubKeyHash='VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8='>" +
+    "</certItem><certItem subject='MCIxIDAeBgNVBAMTF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5'"+
+    " pubKeyHash='2ETEb0QP574JkM+35JVwS899PLUmt1rrJyWOV6GRfAE='>" +
     "</certItem></certItems></blocklist>";
 testserver.registerPathHandler("/push_blocked_cert/",
   function serveResponse(request, response) {
     response.write(blocklist_contents);
   });
 
 // start the test server
 testserver.start(-1);
@@ -132,22 +131,23 @@ var addonManager = Cc["@mozilla.org/addo
                      .QueryInterface(Ci.nsITimerCallback);
 addonManager.observe(null, "addons-startup", null);
 
 var converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
                   .createInstance(Ci.nsIScriptableUnicodeConverter);
 converter.charset = "UTF-8";
 
 function verify_cert(file, expectedError) {
-  let ee = constructCertFromFile(file);
+  let cert_der = readFile(do_get_file(file));
+  let ee = certDB.constructX509(cert_der, cert_der.length);
   checkCertErrorGeneric(certDB, ee, expectedError, certificateUsageSSLServer);
 }
 
 function load_cert(cert, trust) {
-  let file = "tlsserver/" + cert + ".pem";
+  let file = "tlsserver/" + cert + ".der";
   addCertFromFile(certDB, file, trust);
 }
 
 function test_is_revoked(certList, issuerString, serialString, subjectString,
                          pubKeyString) {
   let issuer = converter.convertToByteArray(issuerString ? issuerString : '',
                                             {});
 
@@ -196,30 +196,30 @@ function run_test() {
 
   // And this test corresponds to:
   // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
   // serial: c2VyaWFsMi4=
   // (we test this issuer twice to ensure we can read multiple serials)
   ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
      "issuer / serial pair should be blocked");
 
-  // Soon we'll load a blocklist which revokes test-int.pem, which issued
-  // test-int-ee.pem.
+  // Soon we'll load a blocklist which revokes test-int.der, which issued
+  // test-int-ee.der.
   // Check the cert validates before we load the blocklist
-  let file = "tlsserver/test-int-ee.pem";
+  let file = "tlsserver/test-int-ee.der";
   verify_cert(file, PRErrorCodeSuccess);
 
-  // The blocklist also revokes other-test-ca.pem, which issued other-ca-ee.pem.
+  // The blocklist also revokes other-test-ca.der, which issued other-ca-ee.der.
   // Check the cert validates before we load the blocklist
-  file = "tlsserver/other-issuer-ee.pem";
+  file = "tlsserver/other-issuer-ee.der";
   verify_cert(file, PRErrorCodeSuccess);
 
-  // The blocklist will revoke same-issuer-ee.pem via subject / pubKeyHash.
+  // The blocklist will revoke same-issuer-ee.der via subject / pubKeyHash.
   // Check the cert validates before we load the blocklist
-  file = "tlsserver/same-issuer-ee.pem";
+  file = "tlsserver/same-issuer-ee.der";
   verify_cert(file, PRErrorCodeSuccess);
 
   // blocklist load is async so we must use add_test from here
   add_test(function() {
     let certblockObserver = {
       observe: function(aSubject, aTopic, aData) {
         Services.obs.removeObserver(this, "blocklist-updated");
         run_next_test();
@@ -266,45 +266,45 @@ function run_test() {
     let contents = "";
     let hasmore = false;
     do {
       var line = {};
       hasmore = inputStream.readLine(line);
       contents = contents + (contents.length == 0 ? "" : "\n") + line.value;
     } while (hasmore);
     let expected = "# Auto generated contents. Do not edit.\n" +
-                  "MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5\n"+
-                  "\tVCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=\n"+
-                  "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=\n" +
-                  " Y1HQqXGtw7ek2v/QAqBL8jf6rbA=\n" +
-                  "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=\n" +
-                  " Szin5enUEn9TnVq29c4IMPNFuqE=\n" +
+                  "MCIxIDAeBgNVBAMTF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5\n"+
+                  "\t2ETEb0QP574JkM+35JVwS899PLUmt1rrJyWOV6GRfAE=\n"+
+                  "MBgxFjAUBgNVBAMTDU90aGVyIHRlc3QgQ0E=\n" +
+                  " AKEIivg=\n" +
+                  "MBIxEDAOBgNVBAMTB1Rlc3QgQ0E=\n" +
+                  " X1o=\n" +
                   "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
                   " YW5vdGhlciBzZXJpYWwu\n" +
                   " c2VyaWFsMi4=";
     equal(contents, expected, "revocations.txt should be as expected");
 
     // Check the blocklisted intermediate now causes a failure
-    let file = "tlsserver/test-int-ee.pem";
+    let file = "tlsserver/test-int-ee.der";
     verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
 
     // Check the ee with the blocklisted root also causes a failure
-    file = "tlsserver/other-issuer-ee.pem";
+    file = "tlsserver/other-issuer-ee.der";
     verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
 
     // Check the ee blocked by subject / pubKey causes a failure
-    file = "tlsserver/same-issuer-ee.pem";
+    file = "tlsserver/same-issuer-ee.der";
     verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
 
     // Check a non-blocklisted chain still validates OK
-    file = "tlsserver/default-ee.pem";
+    file = "tlsserver/default-ee.der";
     verify_cert(file, PRErrorCodeSuccess);
 
     // Check a bad cert is still bad (unknown issuer)
-    file = "tlsserver/unknownissuer.pem";
+    file = "tlsserver/unknown-issuer.der";
     verify_cert(file, SEC_ERROR_UNKNOWN_ISSUER);
 
     // check that save with no further update is a no-op
     let lastModified = revocations.lastModifiedTime;
     // add an already existing entry
     certList.revokeCertByIssuerAndSerial("YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy",
                                          "c2VyaWFsMi4=");
     certList.saveEntries();
--- a/security/manager/ssl/tests/unit/test_cert_chains.js
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -4,26 +4,26 @@
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 "use strict";
 
 function build_cert_chain(certNames) {
   let certList = Cc["@mozilla.org/security/x509certlist;1"]
                    .createInstance(Ci.nsIX509CertList);
   certNames.forEach(function(certName) {
-    let cert = constructCertFromFile("tlsserver/" + certName + ".pem");
+    let cert = constructCertFromFile("tlsserver/" + certName + ".der");
     certList.addCert(cert);
   });
   return certList;
 }
 
 function test_cert_equals() {
-  let certA = constructCertFromFile("tlsserver/default-ee.pem");
-  let certB = constructCertFromFile("tlsserver/default-ee.pem");
-  let certC = constructCertFromFile("tlsserver/expired-ee.pem");
+  let certA = constructCertFromFile("tlsserver/default-ee.der");
+  let certB = constructCertFromFile("tlsserver/default-ee.der");
+  let certC = constructCertFromFile("tlsserver/expired-ee.der");
 
   ok(certA != certB,
      "Cert objects constructed from the same file should not be equal" +
      " according to the equality operators");
   ok(certA.equals(certB),
      "equals() on cert objects constructed from the same cert file should" +
      " return true");
   ok(!certA.equals(certC),
--- a/security/manager/ssl/tests/unit/test_cert_overrides.js
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -8,16 +8,30 @@
 // add_cert_override_test will queue a test that does the following:
 // 1. Attempt to connect to the given host. This should fail with the
 //    given error and override bits.
 // 2. Add an override for that host/port/certificate/override bits.
 // 3. Connect again. This should succeed.
 
 do_get_profile();
 
+function add_non_overridable_test(aHost, aExpectedError) {
+  add_connection_test(
+    aHost, aExpectedError, null,
+    function (securityInfo) {
+      // bug 754369 - no SSLStatus probably means this is a non-overridable
+      // error, which is what we're testing (although it would be best to test
+      // this directly).
+      securityInfo.QueryInterface(Ci.nsISSLStatusProvider);
+      equal(securityInfo.SSLStatus, null,
+            "As a proxy to checking that the connection error is" +
+            " non-overridable, SSLStatus should be null");
+    });
+}
+
 function check_telemetry() {
   let histogram = Cc["@mozilla.org/base/telemetry;1"]
                     .getService(Ci.nsITelemetry)
                     .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
                     .snapshot();
   equal(histogram.counts[ 0], 0, "Should have 0 unclassified counts");
   equal(histogram.counts[ 2], 7,
         "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
@@ -51,21 +65,21 @@ function check_telemetry() {
         "Actual and expected SEC_ERROR_INVALID_TIME counts should match");
 
   let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"]
                            .getService(Ci.nsITelemetry)
                            .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
                            .snapshot();
   equal(keySizeHistogram.counts[0], 0,
         "Actual and expected unchecked key size counts should match");
-  equal(keySizeHistogram.counts[1], 12,
+  equal(keySizeHistogram.counts[1], 0,
         "Actual and expected successful verifications of 2048-bit keys should match");
-  equal(keySizeHistogram.counts[2], 0,
+  equal(keySizeHistogram.counts[2], 12,
         "Actual and expected successful verifications of 1024-bit keys should match");
-  equal(keySizeHistogram.counts[3], 54,
+  equal(keySizeHistogram.counts[3], 48,
         "Actual and expected key size verification failures should match");
 
   run_next_test();
 }
 
 function run_test() {
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
   add_tls_server_setup("BadCertServer");
@@ -128,34 +142,32 @@ function add_simple_tests() {
 
   // A Microsoft IIS utility generates self-signed certificates with
   // properties similar to the one this "host" will present (see
   // tlsserver/generate_certs.sh).
   add_cert_override_test("selfsigned-inadequateEKU.example.com",
                          Ci.nsICertOverrideService.ERROR_UNTRUSTED,
                          SEC_ERROR_UNKNOWN_ISSUER);
 
-  add_prevented_cert_override_test("inadequatekeyusage.example.com",
-                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
-                                   SEC_ERROR_INADEQUATE_KEY_USAGE);
+  add_non_overridable_test("inadequatekeyusage.example.com",
+                           SEC_ERROR_INADEQUATE_KEY_USAGE);
 
   // This is intended to test the case where a verification has failed for one
   // overridable reason (e.g. unknown issuer) but then, in the process of
   // reporting that error, a non-overridable error is encountered. The
   // non-overridable error should be prioritized.
   add_test(function() {
-    let rootCert = constructCertFromFile("tlsserver/test-ca.pem");
+    let rootCert = constructCertFromFile("tlsserver/test-ca.der");
     setCertTrust(rootCert, ",,");
     run_next_test();
   });
-  add_prevented_cert_override_test("nsCertTypeCritical.example.com",
-                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
-                                   SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+  add_non_overridable_test("nsCertTypeCritical.example.com",
+                           SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
   add_test(function() {
-    let rootCert = constructCertFromFile("tlsserver/test-ca.pem");
+    let rootCert = constructCertFromFile("tlsserver/test-ca.der");
     setCertTrust(rootCert, "CTu,,");
     run_next_test();
   });
 
   // Bug 990603: Apache documentation has recommended generating a self-signed
   // test certificate with basic constraints: CA:true. For compatibility, this
   // is a scenario in which an override is allowed.
   add_cert_override_test("self-signed-end-entity-with-cA-true.example.com",
@@ -171,42 +183,41 @@ function add_simple_tests() {
   add_cert_override_test("end-entity-issued-by-v1-cert.example.com",
                          Ci.nsICertOverrideService.ERROR_UNTRUSTED,
                          MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
   // If we make that certificate a trust anchor, the connection will succeed.
   add_test(function() {
     let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
                                 .getService(Ci.nsICertOverrideService);
     certOverrideService.clearValidityOverride("end-entity-issued-by-v1-cert.example.com", 8443);
-    let v1Cert = constructCertFromFile("tlsserver/v1Cert.pem");
+    let v1Cert = constructCertFromFile("tlsserver/v1Cert.der");
     setCertTrust(v1Cert, "CTu,,");
     clearSessionCache();
     run_next_test();
   });
   add_connection_test("end-entity-issued-by-v1-cert.example.com",
                       PRErrorCodeSuccess);
   // Reset the trust for that certificate.
   add_test(function() {
-    let v1Cert = constructCertFromFile("tlsserver/v1Cert.pem");
+    let v1Cert = constructCertFromFile("tlsserver/v1Cert.der");
     setCertTrust(v1Cert, ",,");
     clearSessionCache();
     run_next_test();
   });
 
   // Due to compatibility issues, we allow overrides for certificates issued by
   // certificates that are not valid CAs.
   add_cert_override_test("end-entity-issued-by-non-CA.example.com",
                          Ci.nsICertOverrideService.ERROR_UNTRUSTED,
                          SEC_ERROR_CA_CERT_INVALID);
 
-  // This host presents a 1016-bit RSA key. NSS determines this key is too
+  // This host presents a 1008-bit RSA key. NSS determines this key is too
   // small and terminates the connection. The error is not overridable.
-  add_prevented_cert_override_test("inadequate-key-size-ee.example.com",
-                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
-                                   SSL_ERROR_WEAK_SERVER_CERT_KEY);
+  add_non_overridable_test("inadequate-key-size-ee.example.com",
+                           SSL_ERROR_WEAK_SERVER_CERT_KEY);
 
   add_cert_override_test("ipAddressAsDNSNameInSAN.example.com",
                          Ci.nsICertOverrideService.ERROR_MISMATCH,
                          SSL_ERROR_BAD_CERT_DOMAIN);
   add_cert_override_test("noValidNames.example.com",
                          Ci.nsICertOverrideService.ERROR_MISMATCH,
                          SSL_ERROR_BAD_CERT_DOMAIN);
   add_cert_override_test("badSubjectAltNames.example.com",
@@ -247,36 +258,34 @@ function add_combo_tests() {
                          Ci.nsICertOverrideService.ERROR_UNTRUSTED,
                          MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
 }
 
 function add_distrust_tests() {
   // Before we specifically distrust this certificate, it should be trusted.
   add_connection_test("untrusted.example.com", PRErrorCodeSuccess);
 
-  add_distrust_test("tlsserver/default-ee.pem", "untrusted.example.com",
+  add_distrust_test("tlsserver/default-ee.der", "untrusted.example.com",
                     SEC_ERROR_UNTRUSTED_CERT);
 
-  add_distrust_test("tlsserver/other-test-ca.pem",
+  add_distrust_test("tlsserver/other-test-ca.der",
                     "untrustedissuer.example.com", SEC_ERROR_UNTRUSTED_ISSUER);
 
-  add_distrust_test("tlsserver/test-ca.pem",
+  add_distrust_test("tlsserver/test-ca.der",
                     "ca-used-as-end-entity.example.com",
                     SEC_ERROR_UNTRUSTED_ISSUER);
 }
 
 function add_distrust_test(certFileName, hostName, expectedResult) {
   let certToDistrust = constructCertFromFile(certFileName);
 
   add_test(function () {
     // Add an entry to the NSS certDB that says to distrust the cert
     setCertTrust(certToDistrust, "pu,,");
     clearSessionCache();
     run_next_test();
   });
-  add_prevented_cert_override_test(hostName,
-                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
-                                   expectedResult);
+  add_non_overridable_test(hostName, expectedResult);
   add_test(function () {
     setCertTrust(certToDistrust, "u,,");
     run_next_test();
   });
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_caching.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js
@@ -19,47 +19,47 @@ function respondWithGoodOCSP(request, re
   response.write(gGoodOCSPResponse);
 }
 
 function respondWithSHA1OCSP(request, response) {
   do_print("returning 200 OK with sha-1 delegated response");
   response.setStatusLine(request.httpVersion, 200, "OK");
   response.setHeader("Content-Type", "application/ocsp-response");
 
-  let args = [ ["good-delegated", "default-ee", "delegatedSHA1Signer" ] ];
+  let args = [ ["good-delegated", "localhostAndExampleCom", "delegatedSHA1Signer" ] ];
   let responses = generateOCSPResponses(args, "tlsserver");
   response.write(responses[0]);
 }
 
 function respondWithError(request, response) {
   do_print("returning 500 Internal Server Error");
   response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
   let body = "Refusing to return a response";
   response.bodyOutputStream.write(body, body.length);
 }
 
 function generateGoodOCSPResponse() {
-  let args = [ ["good", "default-ee", "unused" ] ];
+  let args = [ ["good", "localhostAndExampleCom", "unused" ] ];
   let responses = generateOCSPResponses(args, "tlsserver");
   return responses[0];
 }
 
 function add_ocsp_test(aHost, aExpectedResult, aResponses, aMessage) {
   add_connection_test(aHost, aExpectedResult,
       function() {
         clearSessionCache();
         gFetchCount = 0;
         gResponsePattern = aResponses;
         gMessage = aMessage;
       },
       function() {
         // check the number of requests matches the size of aResponses
         equal(gFetchCount, aResponses.length,
               "should have made " + aResponses.length +
-              " OCSP request" + (aResponses.length == 1 ? "" : "s"));
+              " OCSP request" + aResponses.length == 1 ? "" : "s");
       });
 }
 
 function run_test() {
   do_get_profile();
   Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
   add_tls_server_setup("OCSPStaplingServer");
@@ -129,20 +129,16 @@ function add_tests() {
   // A failure to retrieve an OCSP response must result in the cached Unknown
   // response being recognized and honored.
   add_ocsp_test("ocsp-stapling-none.example.com", SEC_ERROR_OCSP_UNKNOWN_CERT,
                 [
                   respondWithError,
                   respondWithError,
                   respondWithError,
                   respondWithError,
-                  respondWithError,
-                  respondWithError,
-                  respondWithError,
-                  respondWithError,
                 ],
                 "No stapled response -> a fetch should have been attempted");
 
   // A valid Good response from the OCSP responder must override the cached
   // Unknown response.
   //
   // Note that We need to make sure that the Unknown response and the Good
   // response have different thisUpdate timestamps; otherwise, the Good
--- a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
@@ -11,17 +11,17 @@ function run_test() {
   do_get_profile();
   // OCSP required means this test will only pass if the request succeeds.
   Services.prefs.setBoolPref("security.OCSP.require", true);
 
   // We don't actually make use of stapling in this test. This is just how we
   // get a TLS connection.
   add_tls_server_setup("OCSPStaplingServer");
 
-  let args = [["good", "default-ee", "unused"]];
+  let args = [["good", "localhostAndExampleCom", "unused"]];
   let ocspResponses = generateOCSPResponses(args, "tlsserver");
   let goodOCSPResponse = ocspResponses[0];
 
   let ocspResponder = new HttpServer();
   ocspResponder.registerPrefixHandler("/", function (request, response) {
     response.setStatusLine(request.httpVersion, 200, "OK");
     response.setHeader("Content-Type", "application/ocsp-response");
     response.write(goodOCSPResponse);
--- a/security/manager/ssl/tests/unit/test_ocsp_required.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_required.js
@@ -15,17 +15,17 @@ function run_test() {
   do_get_profile();
   Services.prefs.setBoolPref("security.OCSP.require", true);
   Services.prefs.setIntPref("security.OCSP.enabled", 1);
 
   // We don't actually make use of stapling in this test. This is just how we
   // get a TLS connection.
   add_tls_server_setup("OCSPStaplingServer");
 
-  let args = [["bad-signature", "default-ee", "unused"]];
+  let args = [["bad-signature", "localhostAndExampleCom", "unused"]];
   let ocspResponses = generateOCSPResponses(args, "tlsserver");
   let ocspResponseBadSignature = ocspResponses[0];
 
   let ocspResponder = new HttpServer();
   ocspResponder.registerPrefixHandler("/", function (request, response) {
     response.setStatusLine(request.httpVersion, 200, "OK");
     response.setHeader("Content-Type", "application/ocsp-response");
     response.write(ocspResponseBadSignature);
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -16,17 +16,17 @@ function add_ocsp_test(aHost, aExpectedR
       gExpectOCSPRequest = !aStaplingEnabled;
       clearOCSPCache();
       clearSessionCache();
       Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling",
                                  aStaplingEnabled);
     });
 }
 
-function add_tests() {
+function add_tests(certDB, otherTestCA) {
   // In the absence of OCSP stapling, these should actually all work.
   add_ocsp_test("ocsp-stapling-good.example.com",
                 PRErrorCodeSuccess, false);
   add_ocsp_test("ocsp-stapling-revoked.example.com",
                 PRErrorCodeSuccess, false);
   add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
                 PRErrorCodeSuccess, false);
   add_ocsp_test("ocsp-stapling-malformed.example.com",
@@ -68,19 +68,16 @@ function add_tests() {
 
   // SEC_ERROR_OCSP_INVALID_SIGNING_CERT vs SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
   // depends on whether the CA that signed the response is a trusted CA
   // (but only with the classic implementation - mozilla::pkix always
   // results in the error SEC_ERROR_OCSP_INVALID_SIGNING_CERT).
 
   // This stapled response is from a CA that is untrusted and did not issue
   // the server's certificate.
-  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
-                  .getService(Ci.nsIX509CertDB);
-  let otherTestCA = constructCertFromFile("tlsserver/other-test-ca.pem");
   add_test(function() {
     certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT,
                         Ci.nsIX509CertDB.UNTRUSTED);
     run_next_test();
   });
   add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
                 SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
 
@@ -184,27 +181,32 @@ function check_ocsp_stapling_telemetry()
   equal(histogram.counts[4], 21,
         "Actual and expected connections with bad responses should match");
   run_next_test();
 }
 
 function run_test() {
   do_get_profile();
 
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  let otherTestCAFile = do_get_file("tlsserver/other-test-ca.der", false);
+  let otherTestCADER = readFile(otherTestCAFile);
+  let otherTestCA = certDB.constructX509(otherTestCADER, otherTestCADER.length);
 
   let fakeOCSPResponder = new HttpServer();
   fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
     response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
     ok(gExpectOCSPRequest,
        "Should be getting an OCSP request only when expected");
   });
   fakeOCSPResponder.start(8888);
 
   add_tls_server_setup("OCSPStaplingServer");
 
-  add_tests();
+  add_tests(certDB, otherTestCA);
 
   add_test(function () {
     fakeOCSPResponder.stop(check_ocsp_stapling_telemetry);
   });
 
   run_next_test();
 }
--- a/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
@@ -19,28 +19,28 @@ function add_ocsp_test(aHost, aExpectedR
       clearOCSPCache();
       clearSessionCache();
       gCurrentOCSPResponse = aOCSPResponseToServe;
       gOCSPRequestCount = 0;
     },
     function() {
       equal(gOCSPRequestCount, aExpectedRequestCount,
             "Should have made " + aExpectedRequestCount +
-            " fallback OCSP request" + (aExpectedRequestCount == 1 ? "" : "s"));
+            " fallback OCSP request" + aExpectedRequestCount == 1 ? "" : "s");
     });
 }
 
 do_get_profile();
 Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
 Services.prefs.setIntPref("security.OCSP.enabled", 1);
-var args = [["good", "default-ee", "unused"],
-             ["expiredresponse", "default-ee", "unused"],
-             ["oldvalidperiod", "default-ee", "unused"],
-             ["revoked", "default-ee", "unused"],
-             ["unknown", "default-ee", "unused"],
+var args = [["good", "localhostAndExampleCom", "unused"],
+             ["expiredresponse", "localhostAndExampleCom", "unused"],
+             ["oldvalidperiod", "localhostAndExampleCom", "unused"],
+             ["revoked", "localhostAndExampleCom", "unused"],
+             ["unknown", "localhostAndExampleCom", "unused"],
             ];
 var ocspResponses = generateOCSPResponses(args, "tlsserver");
 // Fresh response, certificate is good.
 var ocspResponseGood = ocspResponses[0];
 // Expired response, certificate is good.
 var expiredOCSPResponseGood = ocspResponses[1];
 // Fresh signature, old validity period, certificate is good.
 var oldValidityPeriodOCSPResponseGood = ocspResponses[2];
@@ -48,19 +48,19 @@ var oldValidityPeriodOCSPResponseGood = 
 var ocspResponseRevoked = ocspResponses[3];
 // Fresh signature, certificate is unknown.
 var ocspResponseUnknown = ocspResponses[4];
 
 // sometimes we expect a result without re-fetch
 var willNotRetry = 1;
 // but sometimes, since a bad response is in the cache, OCSP fetch will be
 // attempted for each validation - in practice, for these test certs, this
-// means 8 requests because various hash algorithm and key size combinations
-// are tried.
-var willRetry = 8;
+// means 4 requests because various hash algorithm combinations are tried
+// (for sha-1 telemetry)
+var willRetry = 4;
 
 function run_test() {
   let ocspResponder = new HttpServer();
   ocspResponder.registerPrefixHandler("/", function(request, response) {
     if (gCurrentOCSPResponse) {
       response.setStatusLine(request.httpVersion, 200, "OK");
       response.setHeader("Content-Type", "application/ocsp-response");
       response.write(gCurrentOCSPResponse);
--- a/security/manager/ssl/tests/unit/test_pinning.js
+++ b/security/manager/ssl/tests/unit/test_pinning.js
@@ -244,17 +244,17 @@ function check_pinning_telemetry() {
         "Actual and expected per host (Mozilla) success count should match");
   run_next_test();
 }
 
 function run_test() {
   add_tls_server_setup("BadCertServer");
 
   // Add a user-specified trust anchor.
-  addCertFromFile(certdb, "tlsserver/other-test-ca.pem", "CTu,u,u");
+  addCertFromFile(certdb, "tlsserver/other-test-ca.der", "CTu,u,u");
 
   test_strict();
   test_mitm();
   test_disabled();
   test_enforce_test_mode();
 
   add_test(function () {
     check_pinning_telemetry();
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/badSubjectAltNames.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:Test CA
-subject:EE with bad subjectAltNames
-extension:subjectAlternativeName:*.*.example.com
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/beforeEpoch.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Before UNIX Epoch Test End-entity
-validity:19460214-20310101
-extension:subjectAlternativeName:before-epoch.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/beforeEpochINT.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Before UNIX Epoch Test Intermediate
-validity:19460214-20310101
-extension:basicConstraints:cA,
-extension:keyUsage:cRLSign,keyCertSign
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/beforeEpochIssuer.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Before UNIX Epoch Test Intermediate
-subject:Test End-entity with Before UNIX Epoch issuer
-extension:subjectAlternativeName:before-epoch-issuer.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/ca-used-as-end-entity.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Test Intermediate used as End-Entity
-extension:basicConstraints:cA,
-extension:authorityInformationAccess:http://localhost:8888/
-extension:subjectAlternativeName:ca-used-as-end-entity.example.com
new file mode 100644
index 0000000000000000000000000000000000000000..ecc9900149d2b8e3277e64d3ac05c851c41c1a00
GIT binary patch
literal 327680
zc%1D02S5|u7VZyE61pHtS3x4un-jW<1p%ciO{A$nLMN0Yq$h%cy&?AA#fsQ_#on=C
zdF{RTUjCWML~8W)oa^C!-(5e=%$lsd*6i7{_me##$wY>SWUv|3)ZBucBsSF*8HSKZ
zNN*|?K}Z|~L9~!MRAmp9dfO!Ax5#oh-Ph8Qenr%T8i+_=dQ^BuI7S#G+W-In00000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000000000000000000{;#IDnwqh(IVm=SNoVj<vXV0B
zOcrYZCpkMKMcp^T-zUnS8W`s1KZuI^sQtsJKmAnOBpT{s*HabG5RGTZPD*BE|16=_
zAOr4eoWa%3PeskRgE=V?k7sd`GZ`uDpCwcqWFWjvYeBQ~p{N<RQyfPIi^X9S{4Ao<
zAc@@BIENR_Zlo(o-PqimG{K#nl$_1@>HTSti9At0eM0=}N6Q*!Kty1uPed#=*guvU
z9TpfK?T_ujw|`jQkU-xks!yN(5mAoRBvkgG$sR7Uhbv~|Phii`u&2DRO)qTI3*W?w
zc)4K<cWmK-Ej+P>7q;k%Et0TBvTV^6Pld{tct+F(U&{C6hA-Xmr3b$B#Ft+9vMat!
z!k5YTG6k=gyn6Eb;kJw1#xuL%nO*SAE_h}aJhKa)*#*z+ibuKPQLcEDD<0*FM|t30
z58Ug4dp&Tkhun+j^uTj^;w8Q0OS}c~BXvRLHWurG*VYY{;euD0F!8p=OS|HwUGdUx
zsJyhip!^wEeCdWS-SH*1Z#R6eZunl^@blu1$GYRO?x_43EH;JV?&{|1POCFr>dblt
z-0DpCI@6=h^sF<zewrS2VIFm19(7?JbzvTgFps+Gc+^$Lqpmt0b=C2xtByxqbv){-
z<55=~nc20@OsX@J>&%oolU`>s>de%iCf*U`W^!G1lCkR0-IGvyGT!1|C{A7bdUUm;
zk=2a-%}Iz{KJv3O*o+}b9Cj|gJ>=&g9YXtQQe?8HqAFXErSCBb)RKOY8vp<R00000
z00000000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000000000000000000002+{|uUivW14XmSh*QnqP(R
z&+rfNck-)*Lxlr{A;LZafuN_rO<*se3XBBW0<s`LkS8_bf8;;s-{oJCR0~oC34#bw
zXHk1mTakwJqx6OJzVsjIdFgTKe(5%8rF6M;o^+~ooOHNUAkCMiONU4YN<*c7((Y0h
zshyN6Rh4{|ypcSXoR-{@)Jir=R!J5~W=bYWMoJ_SjwD->B8iiPO9CXlBpwnciKV22
zL{FkALBt=#&&Bt|*TgmAW8!_{t>Sg!W#YNwa`9Mkv6wH;6Q_v>i=)LMVqbALF->eM
zHWwR-b;K&7FQV6?N1~geOQKVvYSB*72GL5<LeUJ-L{X_oEMkkYM9HF9(Ew3DQBRS(
z$Wd@!a7?gQuvxHL_(S+!_)K_LcvW~#cvQGoxJ9^DxKubtSSB1LlnB|vOu-_-48a7!
z2%(qIS!gM2FKi=J6MPlC7CaPOZ|Tzv00000000000000000000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000|8Jm4Q6W=8J+3303F{wZ6JcFLHsY4ko6g7v%+fwL#|Ejwtv#Bm$a=z3
zK`IH0f~><V%{@L@$ST~b>}rLqBrHp$g0MOxD{yPkQx{}8VbPFfgoPqY@q8Q7bCA`T
z)wZHH4_Qc9Tx0=Z6(aMAa!h0m9y|5e5M&W%(H1`Jgv`b*$(~urEW(<J%p|NC$PCP~
z(9ttRrV~~NWEx?$N2X#{r;`V2k#fvxZ@Y9WG6l1``HXi!$_UFInM_!A$RynAnmP`d
zNLXW$34}EU8IN1Eui3~r!pcI%5>_TM2DdD$t|Fr`OQRFH3o?qZoRN`)<%E=CmilM!
z???$|b<Y1h6&XQT<;ZZtnt~ML7Ja@sQbbrCkzpDX6_U&{lj24~Xm<%=bQ2RsR}pRm
zZOa$pMz7%I0>W6vCyb>$%&;hv#&8K^U?E{db8w@e-9R>G=*8ERu?S;w0bxwa#|`Hv
zNqLxIa^QtaE@9A^gn{PZ#@4e#vI%2w7GWf2;zrfmv<$*XO(zUS8g8uK5SL0Au?)f(
zM8}QA-!xMQLnE0m)RS;y?uUe-gb_c4FyaQ|#`K*fiG(pCfiQ;0<Hn>jPvZ#VNi1PJ
z9)ufXs!zob#>s(%aUvQwMof#2B8;d=!ibE(4M|=?IAO#OAdI;FxWWCA97Y&Pp@cCs
z1UK@%3xf%R6GRy7K-|cPdk{bv_xlmXy}r1Sf_(5NjQ4(o@y-`F;wpFaA&l)lgt4tR
zZVY%V?nM})o`fOnfg3@Kr+5=aS$D#i+zmH;Z*A&I7#qC^V}mDdc<(LuAdD&Qgi+>(
z8}6TOyAsAN7s9wn!wskKrzl}O=|UKfopHmOe!+<_&N~uDjRS6&58h=@7(49<V}~tn
zm?WLHk+w!O6q49>>VZYb9NeY5YOe)R=9D#IoV3CX%}SOzZcuuz?noG`%m`zpsVvve
zgff-NMb=_2<F6xx?Qr8QbH52;>@y~ey+*k4oHpE$Fp3Qbqeve&?oXbkM;KGv5=MC&
z+_;(SsY@6htqH?j2RCZHw6qCBvlU@zXyL}0^w*k%@k)a*UaI59ks2d4!Z1`N3<DM1
z*vC9iA&eTbIz>fOW}MR!-$zy#peoX@(rRh3G+3%3IV+hZ=`S%6-x3##gT-R;5OJJ1
zT0B5_RX9T!Ez}cS6)X|h@L%$`@tJ&2KEfNx8^CMFJ;j~Q9m=&Ud|kMsaC4!wP*B)~
z^O5t0vy&6SG2!U3YuV@6GuVS!Pg(a_H(AqI31WY7E3vBRhv<{&jkuTCT-;8qFa9XK
zBRwX~kPeW%kX)2(mCToTNX*1^QLQLLG(h-CcvJ96a8s~fP$6i|f5*SX-_4Kad-FT;
zRe4NaG|!XQk-LdIhb!SSxc#`!+%|<D3g;G%C^X`H<6PnF<9Km8vOlt~v$wM6u_bIe
zOT<bpxL<IhpsHYo*h>7pKvF<22r57eFBk5WE|ZRwI!bj!G?AWgr*N*2FN_m<2#s00
zS#u;@Nfdt?pT&L8ttpHtbQ7%+6^l2DN3xt*2xkmu5ZjjZns<mdPLM8eY|*I#00000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000000000000jLOY5Z8P%h;L0hX)qE#sR>QM|9o9gR>
zY*y;oq|~!ssi#t@XQfh4g;LLQrJiL@lms$rO|wKT<em<=Cy>cz6yz}I8A)sgm7Pna
zGqM?M2D0#vN-t2QAY^2=(tXcT>Y0g0&gew(BcttUCa96zuZ#QrnRF)xlbyllBh!Cd
zVj7-lD!weoms8v+*<{q2=7`$MV><U?q~;bdsL^48gQ)&_xhd(?CP#&o{YO!g@jXsb
zdYluLdM4nJ<CXfyDfNuSBgf#&(Mn5=QtBCrN0#Et5~Za^DD@1-Ba3MiIvKU6*`n5R
zzj;_Ln;OetQwJtxXV9BztD--S7^Xr&NKzAu8>zX9NR&CmSeOV~2$dBPD0A?!FrEb^
zfP|XT+M_0NZ`&qy<Nm%#A(o1RE!fKT#!}`ez{2veMP8F418G!WMgcolnS+Ui<tWRX
zt;~^yg=H%9W+-!{V_|8^ys63@3@nVU%$uUjk&J~U{l4vo{=Uc%EY)CTJ4#gMNWjA4
zm3iZoIbyM}L0u_@B-E8gL%YbmwzxNvk)7(q%1C1}==GG1%FSS>%Oa`l0uCeQKaL!T
z?KoOlwW5?cBC)UtW!`XQjsaL$|KB%$*zb#kVyQxu?I>88BM1u%ROSs(=IDoo_3cg(
zkWhD;D@v1l?dvyiATx>1$md`$f&RhK)J88v{{Ka+AGUK}WmW5=%;AHD^;YKXrOeS2
z3+vI5(wl^u(2P(6xmTw@JDpKLWy{NW|JvOhOVRDuWxD>_?S-ZA{B;?RU%TD06mH56
z(^Z+n<=0u!U%R^~OY5Y};b>18L_#fT7ARHjXy?z%%P3$p^NMHx?~B?g+no)9;4jdt
z@Z}18xfEY6!k6>K_wn@xd|8Dr*C~CmUxWKs<I6c%ds|=&8n$r877p0LR#{!FF|QT2
zFn6RRkQz)Z>kp4c<Dui96gI=sWB0Y!YdDX`tGrR^fvv^D+9|8Ji86;V7H0H&^)mc@
z5d$ohzOo(ZDRZ>N!rCbF>MC=z#=>-d-M6)W?QVso&{DPoO=S)ZEKL2^snve%R>e}N
zDBA%=nS)HBAevf|-pJ~LT6O7F={jkVw6D}m@=UTu!j-6rUy1LEFNwB`graW3&%*UW
zrqDrfTd+!yAkgA(=F|CRyeqspydgX%?g#Eh?gVZ;SF7+?;e^5f&UemcP9DdSeS<xb
z9l+LQ?O=^y`LR~B=CTp#P3{!&c&UYSqqJ1=njOY-;SOaRN<^%-+^-TpL1p1-@eod-
zq?I(da7sZfD~LzuEi4Qb4dd8Ls)Rp8y+rTX_gMSH_Cl0*L&)N86Yb&b<XaS~2sd+e
z1rOL$1xW&3eg=Ps^pmtkx?IYa_LLe*?n#zPawT5k@8W~v_u@z5YvR+QDiKTMB77~Z
z5T*({3$6$j3!(&M{#t$l-;j5XSI&#!S#e)*S943bk=$S|x$tx0{=(8iNnvl!JI)%;
z5>6UtFsB3iBD<6=X0zG7*lOY(tPkQUaRp1r>dvZSEoPOo#<Db8<RTpa0000000000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000007`$(1kLTjM~zyQA_zvFU{n4gbwhbQT-U%jI<;+
zgHDZLu<~-5bVdQPNrR$CUW&va8|^4jWYmI2MLWs^jp?}z7L%Qm#7;?fX7G}7^0FDu
zDY-dFr6NRrE7_GOC7F!c(QHsFd0@xJx146?QVa20xigb;7%Zeh5ih?9?Q*tadxOG|
z-+gwyVsjn7xmK|$zw7KmcS<%Hb*4F@_VV3!Zgc}!YHC4l4wb{qV&-z0)C?AjBRkv$
ziX`*#B%2kRv+>PYP1?YRnTy|Wv{7zkrXp|#9yr~K5<*5h(oE6z@<4rme`+AMOFA`~
zFKYm%ldlglO%XIzVU#P3DR`Q)-YP{18TF!hpl<R!PK^%=Z_qxB)Z79FH99PC5Y;~~
zHzi$hc#{?RCgJ%eHff`#kxlMDi%d`?8ILC!=SoQ@qmDFt)K;FPlaeI$nrEyc#TbP#
z8qYP#iIPBWa0g#mJK=|voJ6OxILVoe6t+(`I}GnABNf4=3Zn$iGQx{eKt^e_E~t|{
zi*;xQ3-6~+VYzH-EQ3uQi1)X~)f%qIQ;g>+>Q3R2Q8$_kipulYHQU;<E<okWa?1NK
z(bB`zDS9MXDk*jgS_w*_lTdq_Eov=KWZq0Y>bJ3&h!zoRA(lnpOc_dQFm!);G<+hK
zhsAQ6-XYpwURAsUX4KnvArZ$R)@&@E)#Nti5s^Mr8j5;RgBg5kWQKqt-+wb2Qa~ii
zC)Rmb!dxp#7zs6}nV}uz2@M*Ih=DY!FQb6XBtmkqknAS+>m^EM5v4M*QW@?PCJF6A
zb3z^Dr7W2&tWXp`k3sb<$Y5urBxO@$uoK7Nv1OHyW+kOD(uovlSc+6zN))NVFt3*a
zYjZ^!1`$QaqEaj=A*2RlyqO&*6A?*R#LzC3WKsiVtarcnpUsM$QGfi54k3aEW5J0{
z`cxm;5RpZ(u%Kp6Ljn;Uk448dX{9E8kji1n!jo9_DiBMg7=)#W=}IXip{_I<+C`qi
zR{ly-@0Qz*M~bfxm0iGL3?$M-V`-xNREo4nXb)O<w5vRi3sDvMcxvWIs4)e(%(VKa
zFOtX@fn^Nut5VdOg!ZEKK)cH`y8Sj|7LkaWQji@ft9%ACZ2*z8KbAA>Kd5D2?DeI7
zi-r;zL$Hj&J}N~jB(xjN3-yp^?DE@;VY&4WI*3RYh@}g#qYNaWooSs=b9pusWy7%_
z5!M$A^KUY)>z}`R-O)cdy0O6c5s7@UM17ics78HR-n@-c_z)?2V<~zy-zP);+_5u~
z#O4$*oD}!9uS?OBNYMjJ;oanLeky-7Q`YrZvX=OnqfuSD6N$QEiMqN_(n$?o)P5W9
zMZ|kz@gA;}OcLrub3pCn@fJ-h(l~)Tk-!a0;7X&Ul28Yl9cm*_K>e9O$^Ko4a2ghl
zdQkF6C`xli9p&Lx&AxPTe%3|)vel(YwVMr-of0ZbaZViFDA}Z6PPDjkv6a_az9YM)
zuSfNds{W|4mQ7kaP`t>f0Zk8WBQLE<bMbUWW&dc%GR155QiZWdVay>~#6p&VFrBf+
zaUwPxunl`+!xr1HAvUatwK?`=M@LEmsllYA{upU=ux3Q0scfGr_LPC-24hlj4x7w8
z)(~OsupOE-dHqpx%8iLABP`0WNtbQ*Jk)Pm10r4@i`TQD1dvcuT6@$)9^bafsc1`-
zZ-bTB?Lg^9LJev9Xj^%Ct^W8_7<<iYO%&9@3Tiu129r=5nibkvUeHvo-?CSO0U6A?
zW0Jqdv?4;auux4Z#gBxxr<tHe@=)DI$D~1&R>w-Kb)@trp(ZpV)IeTZM_wZ~7US!q
zN|aT>%2Jw4CZgn}$Z8ZlO>F->GP0UGKus9Oci{ctUFKB^M{#3CC;4A_TtSxPi)4l*
zO6Vf)D2fxAiKYr~bFWF4OI*eN62AB`f3Wy~n8}^S-O9hlU(X*SY$aGFxFt1~4wjyi
zmI%7=B863wJ)&3A=h8krQ}JAhu3(b%lk~pyy7ZWIzjVHIx>PLXNC!&8q}`-0QeCOK
z<c;Ks<dkHKWSwM^WVwVXNtJ|1{3H&N&JuO;5AkjB74Z)72Juw!cyX$Du(*fVU2G(7
zEqWxnC8`$f5{(y?h$2KmB14gm@QU!9aHVjOaF~!Mj1UG1?S&RXir|ajvf!*>v0%1f
zlwg=3MG!BD6xayN1;+fh{HOf${1g0x{0ja;ei5I?kLHK)efbvrcKkNH_q=DkGrYsR
z<-B>ksl0JKCXc}j;`vBM^1AT!d0yO4+#2pN?mF%=o|fdc<T7_WcLZ0+E#MAl;mcqE
z00000000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000000000000000000D%8%P~4PxvkAq8Ojq2NJTkzC
zhTYwpQGjexl-Q^+HYkiLg|S|jLM7)AH&ONtLn;-HRSIKeTZ$!_nL7}>hk9624ugeM
zC|oNP#&T0iH*!Xv51n4XV6l8yeqoVV(LiRTPguSCNn@3+U-Q)pW1$|!n#^HlF>|?0
z`R%Nc1q$E%CU>EptuSU`Rbyd0!ejjXk(mnD423b>fMQQ($V<@s@WXPMzCOq_g?FmL
zC|4L$6h@g5#hIMUNX;!^_~+%Oq|5h#Ojh_ODU6Bw6x#*`!=jK03g>u*F|G~8qJAl4
ztim%!VT@K7ql_siIXQ_Q$w|&+q_BOm+46=TsVGpYFiI50h;|gWpXbqunahr4u<=ud
z3|AB>Rv1Otk<}|g9N949Zq8C-EzzUclIj-=ixLwq5wR8$Yk@AsqJB|6@jQ=MbK6tA
zNOdQn{vEIji6R_g%_i2Y&Xgch0V~OghN50hSqwfaL%{I+*~{@BUO<%1C)RnyI@f^W
zSZ{X&Y1kdKnS?WkSZ8ZdOh|>eD~ot4lUQe1QNl<}7UqiL=P`T>GT0d@N!c+O>~wz~
zJD9<bW+kOD(uvY(#5%Pd#iL$SST0);$RJA4iFJw*1#KpOGT}}l)<cacE~E@*5}lFH
zksY*bzmc*w@b@1=_y-f~L^DcHlB~M~H`_=FM5%aU9fwsjCCQ1yV$hwESWb+exBiYL
zN(>^_G3Jy$Bv##>*`56Tov=HeJEizIu?skifke4zVjYFuf<A*;i1mO*mB8;$Ua##U
ziI50l9gf`*zWGo^h;KnQ_Cy9VZ2%F}pIC<}-*4Z7+?@KoEtCieA=be*ln5oEVY&6{
z8$^^3B-R1?6nhfAVL(5^*OyrPn^L^-<|A6K?o9dzNBa?le2H}*tV`6Dko9*CwqGB@
z-J4kV!fvvjLwCngCb2mM3@3*CM)p040zHVeH+JXtpL)Py%FY){R#Qds?nJR}#JZ~?
z#hKKklo#RkB-S2SC7UL7C){qt+7%mqKZ_B$TnHzPSff}A{!Aek{Vs&hnOHlup;$IJ
zT1Ud+K&<WCQmjeD4&*892#+nXwm~EpbttAkr4d=9P{BDw35(Vgsv?I>;;f0Mt%$Wb
zvF?Z!t2>)!#M7qrUe4AjjJ1Tb9kDiPMQN|tg)#A*5wSMJq%k*zmFMq|=}Z02YCsgx
zC)Rpc8a9K)mQ}MY@mw2Xt&5!+EKPrQy6lyZN%zNxbZf$`L#(y22Ft~YC|)vK5gsjK
zt%=nqJ69%0>A5Vnk1P={DJL(R;hUSIK@?FZ)@oRN@MOL|s>E|D#F~PsD^^!uAF>)n
zPZQgNI0sqH(n6%iq*J5`QY*=G$ri~lNuc<uc!}6dbYHYi#1r|5w1hRnIYNfeS@1!y
zS1?)-A?U!r%U{DU<oDuh@XqpP@ltq>+-ux%+-R<9;fcbs!k(PRoJvk1M}vKe9miH<
zonV)<cq}dUEbeFSE!I=kIo4p-43<P>E7BDW5%uMl^M%}%+{v6i(udO10y6&*$ClGt
z&{aSce-hsmEEh}=<OyO5c@mUY#7h^C<-Oot6z}H+@o3!6TrH`u)Si1ltRi~Cx902c
zkMpZUCq)~DAwt)}!G(T>TAY_GKgm2v3Fi!Fvm{LtCYmM^^Yq2t#TJE63(v8iv(K|P
z7FzNX`F@;f91+`^tu0+IogsWBtSzi6oFUbgykS+b>{)Gu+l33cEN+}QpX<%r%A3#b
zEiqyX*h7Veg0I5i!c0zrxI!Eyxggmo6-bi=*9FxrI~xT600000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000008(ui7EvlBb%{1HlK8TAc#h$jJ{Md^<b&P@sNbt)1JsCrJjwL
zXV$#u6AeuU=`p|ETy=?j@Zz<>OB0X{m`6W;Pp`+9*U}$Zwe#_g-@B!ohvsmk3g6p$
z%x}~U(JU{q${BfM-qRZTwd+*xZq7)hQqMZfb8OwyYuocQ$@=G)s_YqX)u*Nty#`r@
z=Uj>T+nRr#?$#-27jO6eshT}!Mb@lXKLx2!>REwDF30>ki>r)24_y&^d)QsWaE*=A
zD)##CLzXG^EX6#vdRJo8hFE8vd9?Rw>x~!QqjNLNk=1z4g}C3xs~7cq<$LL?Ro`v?
z(J|cSyr~zmK&fXw9=R6ts}0-y?uh@IrRyBCb>AJ1r(J$+(;8WXdDhk3)G2y+-00+x
z#lu7rU#F;}N2VdO@yJ=2e|2<3e)VRlaBOS-rcMVhIDH?dU5(6C>Y0H@PRIOi_bP2y
zgzNUIF4%omt0eR;n>=e8GEJ#xD(30z82{qp$13vIb62`75Ttj$_PzWDQjU3UeNa=G
zcsV^*bLs%fiR<gadQoSsK&Ie(E5lp0ckf+&>7Pt{&hR}qdS`CIvi&C)B9oPRCgG72
zG5=hDWWu($)pyDwMjg^w#G!le_di4?DD{lTBgf%=b#C6oh5X5FPc!d4plnNf;xV)D
z7G$ha&lt?JB{FR1cORP9wvQt-whpMe`p-WxzQ|}i=P1ly#yr73@?h;|ebET}zCRv0
zUaB6NkBn66DaAY?zJfl?j;fo-IF!ELPaS;KcxLAfNC}=3zjOND6>aw2c<8<FfYHSL
zQ+OJ~*N(VvhYVNhDaIp<F#oD#PYF6@)He-3r|8)4dvp%=+b|g!hTW#QIgeC@f{-Mb
zcj#=NyvHFgZa!F4q|#;W%G2>lBQA)QIYgM_!Yu1yPcF>c_D-WOBY5}Ja{3xIYay0T
zfO*fUPSU+`n9_+&yYGE+{eIQ2F_FXg${ai_jEi|K4A$^_dgXjy_R#QIo6?l?2QH0W
zU#QH%!5rLpt-^678pkHC9rTerps@I!-@~hHEFTN=YOJ1jIx_ZFN6v87CA-i1kL>@(
zwX{H)BOh}t{8FqTjXfKX(mCpo!H%{yk(P4}^RRrmcx$-ZJzYPgwC4Jilq|nvk5r2&
zrYTHijvOp38}mlHR~CeZR)3;+?)ryuGg~S-P7lsf=E%gtGVmtedhGDk_RI}#^K2ib
zMjY<{wogQKx-v%^7M6;6<B#oKe@$&;|1*bPS@$)1zQxBUcrQblgN}uzU|zu`i)p&+
z9(NCR%Z!g$|K<J0+NqAo${a~p*ig*7O-=jeq|f8FN2Trjezt%1!~<dciXqAzgR!tg
z%-bpTy0LUx(Y<HhI=jN|?k0bn-F;(%GDkcX7KeGI;likgURCLF<vnu>>8r0IDi<?j
zl{p4sVKJE3g&pPA_3Rtc#^E;U8@{xQ_g-aRG*Fo%8VifUygmG<eQ}xC{f+L*)n*%_
zODm=&K7Sdh%n^Zwg=1d-VVlMu{c6VzT9BdHV+KiWO4mJ61C%-XV_{*K*Z0!>X@QR?
zku=12cPBd6UdZqoRTHYr5rTyUW8NS4(^XcKP54?Z*t2VjS^#NU0QW$UGDjd57JzxL
z9oRnfq)lY`$J;Ljx$olDw05_R>8H%m7Yp;pypuMSiMn@CvkKX!y|*$XRMm5Ad`~}R
z4qq&+51#btTi%U%=T5}Z&Dd+Z=Gva$E@t{DbM(f-@O#Uj<n0dCJlA{Pu3m9@2HneT
z7q!yx?5WJr0}J!UynBOvK6*`zKeJ_k$Nt2(PVqw~JJ@tr=IDlnb;Z0Uy*fF}TIG03
z?Zv?vKaTHkacv)F=cUZyiG_J!Uh1T;&aH-+*OJV>y_h=MY*x@{hYRk?9Bx>cE3Py)
z+tKpj6T_}))~LE9An|?t*704GIcQiIig`y2Fh8<1v46*YBdL>Bt`}5L%X=^EqRiop
zg*jnf{*ZnT%U*ijIO6)@Oj{qrTlo)$(H)gJ9I!BZ%)4^ng>$aYoz7aeF@7eEs%^dN
zQT2N}We!`+@gRNdisK8}oko{d7P~yws!rQkw!>PYhp1pLPv=r2Uh`;K<F}}F-+I6J
zpvlR}7N?OpxDwtsp1ywZrhi7{txQ_g+P0Oe+3WijST$^vCAGpFL$Y7=+ZLaF_vrd6
z-<xa0FZv$TpJ|STb;JkGFuh~3pW8&cXPsMee)Cz4Ks029nKFl|Y$~jxbXK<p3k!de
z<-Grix#tM(=9{Y$AJmrI@|@BR+nWjIo%f?>k>iX9OEm6Tp0qaUXZ*%)bE2^_hY=QL
zh<Ru0?dX0yjiW;sxeM2qUA=Zu=hPSjWe$BTOb_!uT)BU-jca6ZQq?D<IBvww;oke~
z+bVOk!NPPg@BS^%`m@yss0#SU67w?3R)wCu_P(_;hYl8|jd_#IYI_P#IxKa*6%=r}
z$DN>nepPO*lsUApFip(+Wu-?_`SF68l5OAL9yqjszoT_&Ukzmrbu3H`^X_^V*He4Q
z)DYg}w$B&jtM>GZ95Pi^nL`B&qhMZ??@4uexXY;cspI$g!Trn!1r0SJ8&ljgn{(*+
z_D4L-+!4u1k*_dY(3Lx_a2uzzz&t-V&m?<&)}_oPX**IMFg7MXNY)>EGjV-FP5gpE
zYho@BTo%4GOcYuklGLv-*tvIZP+Xu*4>#|y?j5`|Jl#A<E*EKE(W6dV9Pc<(+K#iS
zvX*upWFhGk+)>xeUGdM9Y;x5^-RQjj61_8R=jwdaA+<WC*+#=#T~o!35=b^`=_^72
z000000000000000000000002~AD}44yHLfTb!$Crqqo7I1-JgA(grf{C^tvh(j;i{
zlv9zuktAd(5{H`5j8FqLO0)_^U#CAiol!t#Ggxe@uMe3#B%OqntN%dkPi#IO6mk0b
zV`^5bkZ0X*tFrRho$uT~{7885$MHOeg-rW<)umm#bFm}qjf~1h3>qAo!0rF=p*2Ky
zXl1e$iG<{2uyT^vDd|oeCcA*cVl(JY3|?MF0fUYflO54w($obMGKq{GB&wsPX<r&p
z`ay?8YNd)OZxOVkv5prF^>jf|4;Pxddz`Tjt^OwJPIE<R@<{toMFpaNR={6g0csSM
z&Yvl(5tE(4=A%XP>sNuKicpHiBWTfRa#0boYittvk_&rNHu{Zj-Px-$ZL02|L#0JK
zZwS0ZX70!GY|QrrFFN>@G~iS4u3LjDV|Ap}Cygd&a<$rB39FcPM&yvSWAE1La|e!&
zm~P7oHXnFse{N<DYue2(R2utmMB(Yp*DlWgwzJga^n^g~1kK)W?w+~1w&-QhT8q%|
zfsu5bA~J=9kQS$-si=kQz|7jJbU@n`8`E<cEG8R2K4%6mDJL(R;hd72gSx0`IH-|S
zRn<u(6>HQ|7DH^Kq*9}FHao9dmoC}4DM{Jsxh!@!FBx4>Z7i=oiS$E-j3SNB1x3~Z
z9Y@|3k4d%c)>#x+b0|E$Y=XnPr@WV09`Sx_ABbPQAGgUruKT{u(m>NaCs$Z42wHc;
z_vsn+xYVr?pE93sF*<hYXntkq5^c3MBbRNk-O@wXp|{C~VcnhX_O$Rxn`P9Cvv`im
zpp>b*3`o8QU-TQhTV(_Hg1XI_I~_l_4Kp5;SnFki^{ZcxlK=3$H}?T5QZd?%`%@Jf
zjA1=D+0eiSM{Ai^uUH#tRHSw5|9b39maWLREMQN_R?SvX2IiCfZ|Tk{>zcB$UKG={
zg@n}i)~0_aq-jls6w#R^I+#6UpZmQHvl%gVt#9r$^{n!?f4qBU_R_WY@9b4u?|Z1!
z(hKhl&d8|LMnanYmxa{#)<y&u(&qHjPNtt_3jIv`Kc}CLG<(!m9@*)?lg(qFmgzDM
zJa+3nB>b6M;hNV51)WPc2?KWYRk8hc?&>7pnXgxv*-wlgWOPI0(ap@O?QhQ8Yfw1$
z%H5;<vY|sZtUgh;;Naq&8jsE&iT_;q)$Msz7Ih+ZJui)gKAWyZyZJ4oJ#U`2er49q
z3#yF$?ni10T?5YEn{{FOuFJYPK@S&CyC;`TCYp^Ok4!c@q2|SAP1^FWi)S>;V{5Q#
z|4lnoO8WH<q8(ioz0hCm@7sU&+I*VE>zUJzY;IMqG4Mn8VY}y?c@S{K_f|~hf$6Wz
zvb08Y7m)3>vo_q0IIH85KB;)7Rz+*aK6~9=Sw_9v_R*S5^JQp`R8RErJ9EPFOJp1W
z+bdU$QR^t}m}9zPT+lo{GcDfZp&J-)u)g%`k@06Iy}3`1$~4onr8Lv`)&``JW;R>J
zI?Zh9o~h7Gj~3EQ@4e;!PBT-RYUZ^&t1Vg|JYJD;BXViXsf|y`9`U1Qut&~LxSpl5
zjoN3u&6kZoN;|pZodHEgB{b5^%)hLe-g~DYN+zE&(X^C_=6Ho@rv8y=(%fh$p^|Pg
z(R8c7i8|37P&;{~MbpX0AF1a4$^qif>rxJ{31erT7--YWbn>uPv))Ec>tyIV|D<l{
zXo<Jm=KcrT*|{$+F}>jTBw{=L(DA73OJ|)eJC&Hem+}HFd|Gupy~m=WgK3A2K_utk
zU8%3FZ?Af`%f}@-<;aB<zK>=O(cb@Rt~LE|^|Mc^`;6Fwa@BUZv)NtGUpneA$hYMu
zn}gMK)F=GYr~f#e>Q%8<%F?c^JQ}lBYiI{EZp`e*?OD6iZx#DLuJ*9?c-E;hBduNX
z?wpU|F)KIRcyOw7==bT!B(+g@zbxXX)^=RGI`RoMvrn7Xe3x#YI(X~v=s6+Pb$ORA
z^IscKcZ9OTALX$O?+&%vRQ50~vG=hvw=<Vq*jHh>4C_a~9u<FhzMK2pyi73NT1qgz
z_hJ`l4Ft2<D%J^ROLs~_FvDHz1k>$*DVXk`Zr2H>9<2@9T7L4?qkeV@MpLP@xp^cp
z_KWvc{Q-qtKiu*e#t~;OyP?h^(K`rF93({;&tCj#c&V-n-VGd)Q6Y#ygM&)_%Tnq7
z=@!yZD(hyKrZS-{Q3xfYu~0VC0*&UCZVl&^GKqAc*`YS_80ya<^PfyBHw<eN9enbg
z<HL3b)^>JqpXxJr?4k7~g?&WBcg}pp85MZ#pPFy8y)JC-=WZj+oIB09D7oNV#F=ly
ze%L1=yL|6GsV<34n2uhpx@KO=+<*G!^&iW5*Wxojbmj+`-{cszx=r!YWLF$c+;Yx*
z^JB`l);op%t%g~IZ$Dpjy==xB$`hxS7sw3hI+G$*_nb6qo%3_Tjn)?~NX}VmA3Vf#
zg1M%|<joKFk?5(c*jcOGlY+)fOkI{NY&FfH{V~JXtap_aMV`I=*Ufmgz|G;U)wM2^
zo92F(BiHs3O!}}M9gw`AloeAM`d#06IDfN=bMpS~^VO<-DNE-k#rUt(@TuBPYkzj&
z$;WbmR5A+w=sY*~%^;aD(ppLw-9Oz#8VO^wRjd=nmhOy-nIzgmGfAiLr~hsyNpC8T
zw>Al#Hm~Vdw5{EKC;OB0_8sdauv&bRdiL$L!y6-BMDdd*op&v@?Sgj(dt_8*qnTvh
zUzSIw@Fz&atM3dJi^C|8siT8T9m^H!NdHf#k**D=k*;wlN^?dX<&jp6=MdZsb~^QE
zRj5Q=ekGJw<0k8_SZlLE=lb|+wNJa3FTNK3c*74#R)H>Q3=MtZYxHHY^PLH^?X8wa
zFm}9IPhR5HJ7(^Q{GOe{XRhbZyyN=9eS*QP{h{+$y#C4>W!nAZzJvM??7QoT#w=f5
z)+Ya-C(H8l-D|G-wX^3P`aVBk<ui{M^2$ltYgbOZvFdR7#EBHSP-df<sI^=u%~7-B
z4vkv#uZyKRKX|Ez@j~~-;d9TgA!~-Gj68My(i;6O2M1p?v%OyWKI_b-@l~<=cC;>k
zr*A4U$nx=j(OrK{;?49?hh5i=8F!J|{cZZBsPDx^3kUX=q**_kGRLr|kIGK|fyGB-
zx+R@)ET$G&*|2&Y7(~5pIp>(yf=J`Y;FCEeDY30Z{HSsX-bsHwGXDIuH}};@nQl6_
zlx{kOKSmnqX0uhS)6JIdn~DjgQwvQft?3tjH=#^vs+dV1^5=}q^zJz2@rYRJ*_}JL
zT|1dNIrQY&`P=*EFV|f@_IdxIt4iBA;@!X!85PlJLix9^y{+lz5&49Y?#{|cV<xdV
z1q_*7n#<&JltM03>W@(s<&()@3T6H4uVzO~sGmEvt_r_W$t9gamk)Zrduy+`=|^v`
zNAG8~;$>eb&$o_v;Gfiys;fe~dB)CjKbw-H<9}<9j->anDarJ;pJ%TeZLn$Lx-H?%
z(uM5<tRvskUC$2ORyMsmo#VS>X#Ax1PYRxe1XX^?YJFn!$y@i9QMym?HXopB6zM3A
z4&9LcEySt%=;5-(eM6$<Dw%<%p`GO_X^OTlHmTo&e@`M+<PtgRA5!~48%OoMFgKrN
zAJ1o7O7#pgV=q}7qtElNEo<j6$9%xc=uzV;yKMP%e}rex^3}&5FIc@VH0_%Gy|F9D
z=!6QGCk~wF^YqHsCcgR}htBILT~vPg>X>qyHSalF7DnuI?y-*4jXGtniQ3qClZ{gk
zO^tZEqCk*;irXu{z$oDPG_3O|8w7uNs+;@vw@euwT1pwM=`~0rWo)*Jb;{V%{gF_{
z6#F`59Q40bM)SeD>XgxvW`R=WC%;{TYluK5n^BM>n?xkB8M1DY+*B*q9PLEO=tCM<
zVmo8K^*Gw+w_zXmuP_XIDjH9JP<A=s3Z-UTd8wBj-Z89^Q3AxE!C_|qWvw(Hyc5B-
zlDOvnIk$9`iRB!HSSB}~TmGvCX(XR64dv4%4t1tEqW1DEotqs~M5X@CEc4O$*;P{J
zu)S|3<<FeAPCHf>ae7OMjg?tR6?!P}#r*+mXX+2Uy2{`VdF|a#I)(j??OnUj;_*2v
zr@S5uCB5#ah2A~%aP+%vQ8j6&#!t@)tX=qFWrFnSzN<NjPgTeV<FyvgSn3tJ;uSsk
zTo2LHkNPu?=KOO_*mqi@M^@gu39dVa+>q;MCYp{~%JtI>?NHpVL971tIcD{2e*g4+
z-T3OeI?X)P;p%Yngx5o;Rz~mcxb{+2Pwy~#{G*DHZ()Hq*`pp@O5Im@V7+K7chj-V
zku(9P^sPl^px4CMw<Efec0B8_akOhzw^#o5h9j>YEE0rUoqcqKZYr3z=5|kN<h_wU
zDuTm~J+NWXA68B%b{Ty>zxBy6oE_;`u^#pB$I73c{^oufgH)1ejSn3vGK$=2nlb1v
z4;_=FQw@erU|5uF%zThNhAPHQ(x1O$<<jsSE0=#MKEE6rCztMcb?<sB;U*m}vqq=J
z<ybd<?fadYPW_$_t~hX|>RzIohPU58SEy}zpF4CYcHP_EBZus!J>CASqF1QdM!^O3
zXd5q9vAycK>cFv6Uw^O(T^n?JTJ5F$T{p&_e{}Chito0FjKixgxl@<4`939}X5zGd
zwy)YB9PHK4_ssD`!%d62%g06#8t@<WdcB{$UISH=tz@ra&AnTHY>4~WP}TeipI32L
zICbG!zc@7N!|Mm!q1TF-UypVgeJjc_DYn9H*_?LSIa?EJ_N-pPn;E+(reDGBJg4j5
zSDEbjmV9;d<>x7n4d!a}@HRLVTe-F>d!6mkE=<X)UAJ^9t6~>U?->@q-*w^bgjk=C
zmtv+I-ubQMhl_bKkA<Ea`W^54%}*YZ{@p2T?#Eb20Tn7X|3xPS0O0@sDMl??>e51Y
z)n260rA2c;I#ut|;u*W9tIvgApDfeU9Z%d(9Ith9MjAuaKroA<mHfhb#q_OrT<yQl
z7~3|By7I&ejZr0470+g#JsV@-AGT7me9X4-wH4CyS>3y8eRX$qG3N~XR-u+}pwson
z)P>7TEuB<DiZ)$hkLKR3%%dA#>V3emh_~32{j#7uK0I;S%Ff7BF;{+R5mAds{)^-O
zFDXWCTk3?F58i<^I$_ODt?Eu#OV6zp?~>WH(7R+NNvD7JE?H93E5DSohZ~-(U)?W8
zYP5o^>aBUar_Te;&f}JD4u0|D%!iJL)#p_O7Nb@z)eTINP9lxEL9;WEx^B?Y(@1$Y
zC`Qd&s>w7fS&f^lxgW}_*JKy=e3;BpUA)lbs5>wCPV^aS$(>_I+YC`x>6ZS06fe5g
z?g(48Z-uMwUB-v$9X>}E2PZsRa3O5Z-WlQ7^CsLPKRwaTG*LaxZBcalEoi4}6T+^q
z88l&K2a(~E-6_SduFhHK`|4`#_2Y+cYI}T;o=MM{kn!l<KLfXr!!ErFH|-Yfx{4S%
zjE;39C*glNawt7l*Nq%&nkD|XYT3x?5Xs0+b;8~*Yx>t%*=QQvbTkD~KPL<+dfGS5
zHjlI1!+e~TlVp>p)3cRjq**W8hmTsPJFaYEskNEnVlW*sXmFqjfB9mN(sLDpUktKj
z2PQu*w3uu!yBM6JxELJV_+s#1wnwA4QD_a{Mxp)dcKzig;_-RU(%KE4+BPh8L76nN
z{nerKr>dn!(8o9|A21QQORc89J~p>w5UJC&i6!w=m#`kG5$(T~40A|b*#7yG88!Ph
z4SycuVZK_8De%0zZv3EjK3`Y-GwI}#>N~xzW-l9SdGsRv&eB;^t$J5mXb-Tw@O{t3
z)V=oJ9~K;%bhhn=eKre9*UK*v(@+N5N&fapd(@=ZsID>p`g<p$C9i^+-)?13+qdcS
zKCh1x=gnPp+ud$)A9efprynF1)>>`p>U-At+`7qw4D&J%r|+@&T)ne*`=XsY6HUvG
z<?CJQzs2p$>FR@nv@N@oo|$>xu;UVUvV~ZE=EVMMFT_sf3F9`Xovx0U)J|PB@aXHW
zJ+^*k?B{l>T{eJRV<I@q35vja(VvWve_OV>pX8KjsA)@SD5d90q>+X;Tg5sJZRxHl
z*H8qZocb@08vua+YbZwBwU7WBe;px28VO)?zkgg$0ADyQxw7YA+@+<TEayM!dve|s
zW+XkXJ$=XNmDet}zFDN9azNc@-wpq}2A4Z!1ndoGF4(`u-bDL{_6k({+BV$<JIx;7
z2_HLncCqFX#t_cS+*<Ct#ceCThK666I;SH2?V0(@=6OolU4~zLl4qAWdzY(|>x?q*
za>L18-Y%;y$}TVLs<`|zX_?C}<G0NHzq|ZOXgXoszAh}<r_-kz#-n}7bG2Q2zCJX-
ztzVxHqh9c}dUjfNk$Pos+UJryW4s%*M@G3c`s+c|-<>eZ4r(7#|E~wK*`ls&w#ZY=
z78CybPX}njKOLZPs0EFRc9h2$|0kbuy^*0iu3N1SL-T3B;MFIF+mAa^6EbwiMr4B1
zj-b;wj9ogeoH5W;vR`XM-jtr&7ve7Uo<H`*^(}&l9m!mSk$py3l`Ohnb6)EWzkkB@
zTSeO4ElraX&UnS2ilAw{>34M9&NMgrlh2+fXN)VNhMZM>nosR^zoPrMrDV6*sg?7z
zn4ZK}r|4)heiX7<p)qP$tpC6I!j$>d6KB%PmR49V?U2@Gm+!*G1E%!%V|23A_)*)%
zIB7tD*{2mR`qSTv#$P;}x~ue5_p|4t69?FbxSN($w*7imE3UKE63K>#ww=humk*wC
zvcI%0E-Xy<pFOo#jmy>87aRg!&?gxN3_DTQ-&E(q`taKFO-nbQIyyA;aLnlQm%f(u
ztHAn+vi|;WPHl6)k1m_~8MT!1y=Cr28Yy41RjgCKmhOLq^2Hn0DPO?<Qu&_KhSw>d
zDNS}wBtPSAoBM-md{Yhl^xRTB-@fGK*$&%x9S)h1CDFUGsX*nZWoeu~^Qr%r%zneZ
z)s#9K;2pvX8AV478XVqV{$i=@@QM*!19MYYdH((}8SL~1f72``+sY(yvO*H$8%yFZ
zTcqJ-vs>2&m(8-x246O8_Rr7%`tPe}mvojc-|2d91xt%O<5)kcBbQs{iGG;X>CVx%
zxknDn-hAy|*aeMErLP>NzAx6@e`I7|>Cpb=nj03eDJvdk8V+YqA6|8-AdlPD?seKC
z$-aX={T+91>MV2{I4V6^m2}wntBc{pj$`|Dq1s=Z<sHm8uwehQ&laZ6eJp8J!;gQj
zJlpJNw={psU9pb+U)Rb>F5<1*j;2lMu*P>YX|(hG3FP$G-<{`m-E?mF8|@=El5{Vg
zL?gZ%eoVN3bybdS;;RdzZPpDN9sY7fYGT3NMGy2lu;UpAxS`sowx1gMW?QCfyS-yC
zIodsNX>;vu^rzys7Q-tAt^=a?m(;FzG9|qlz*}^4?d>mDhH3P?$embHQ(KMor{9l|
zKRf5m-6%q)pZYDOpU-JUNF)7hwu*K7+0q?TF>};wp_$|T$<ux}bBt@Mn!Bg$-+UtZ
z<_ha&7P`D=HjAD0JI)fX^!6)=3W(gZ)cd(lw6jY|P+MZ=II^J8%rW3EtLFX5QxRM>
zvCnSHKXmd!_86p)$+&+xbNr<^{#sgpC5Fo>qs8fG7P|Bp_<-VZSdDc2!gEWtmvNFn
zgOwY#Us6VBIKSA~hVl0KmtxjwZ}#T25K6Ac5!Pe-!%I)L|F-zdIZJMzylaCr7R>G+
ze75>-THBed(f-nB$FG$J_lg%RnUmmYpg-ULu!+v=vb86N3HqUXH~kp6`in49qua~7
zPmNwY`Cok4#C_08$%bc-jEq!c&tC0xEue2jtmD>>Z9=jtNB0XIa_uZNVRaYdn%NKL
z#E?HAmrGUMJH6QDkP=`me8uk9!D4N><JYO<xb76PI4<N%=(ky!b~)Zt2k#VDv?@$%
z>wCqvqsB(dn$ugKUVH!S{@5v1Ba>cIw6h%o^kP>!&6x2udC76CA1Le3zdm)%-Ni<x
zX>D3c)9z0$M;d8bvsJ9qw3hB)3Qf~(Ax*oP?D;!Qi*2fDW7s1m@2+yVG<IR&GzlYN
z&f?`8%3IAo9PBh~e~;*DE63Mvk1R@3TPwaUZ_!B8y8UHMyP52P{G18m-%OFcF#F3d
zP>adxGI`5W$Xo26%bQn2dGm@x4QcvlTX~F@{EINYi~{yAb?uf9>(k*Y4{Tm<pZy^x
z&Ai9VNtei<?j;?nooW>RXve*U(oVH2%nqi1yw-)Jn)LpDul{S=jnw>FmHIw;4`sT>
z)wYS-hI|uO^6%YP@^Gia(Qf+um$zSst(!1M)NlX0b7rnzBN(|E*Wbr&$jTVAp2D@>
zZ5P_zp`Y%!V?7?Nc$EBRj`072NnVEUlhJWQT9H2nJy74OZTyiE<F%Cf{LVU|zHUL>
zgRrWURdXsf=#S2vHOTYxt_Q{3e2dy)Ym5@!Y+M+VIQ1<vd(rmwvs}53%ib=!BAumq
zqrf>eIGA~w9VpRUr#&Xw>G^>82-o$s_Ffkm^Y3U6$nKHdXWeP{>7)0)S{C4_nb>X-
z)>V{sc_pW`x!Z5a^iHRx^zLS|JJLw+nyq4;-nDeUQ+%~kyJf!GX<X~2_3ysgIjE`X
zJ<8nJRqbS(Ia^3Kv;Sem_ot66la{T$FiP#D_lnQ-!zsltZYPz}TM-|=AI)p@)y~0x
zS@mkYG!eP#VTTfkf6Ce4UnY13GQqp55WGSE;TJobkv$ul6|Nq#NYj{tTxOaqh&mvH
zS@+J7|L@-vJoUBWPFZT7nn`gz&fB!#b?MA^vZ3Z-_Z`AWYyA!1*=2T=T9+tF5Bga9
z5ossaXP?*JGWB-c&=nVR9HR;it=|os(&j;!(e)2o+r8N8qc!sec{EvXkNuf^xAWg>
zB{^RnzW0${(%tkT@^pu#$1-~B#hlH2SNYr|Z|2v_F}8a47tf^0g|KJ`TC^2q%cU>}
z%__FFcg|p@WOL{YCl)7}o|}`D!DKn-WiXi;%(VK_h?QjU{#8js`{thhE81#j$6-#(
zEZn;ydAvuA&lj6_W%{-S`!r|HNG?9TJ#BEx7}eWa+m?8q4nFI*LuExm{F*OY-jO!n
zIJI*bTW!?#j2jYX$EY!krw_WV@?5{PfA0FHw}Z5Y#gE%D_r|1^?TWii-MLwPzB|((
zF!2pba%BC8j`y4bSYg^nE%to8w|$YT4+ZOxzaC!yy7x49??Rd8YPFQ+)_Q3mjWoB}
zD%NRkOLuX_98<G}=9p*FU;l278Pim4ZBusc<z3DS?)%)m&FdS38EtPz?PdF&8X58E
zazD!}D~=txQL?C%u0g!pI7YkC9MkVFtL>TeR|u}QKZmA|Y>p`(*1ob)T}&3qWcQvz
zc4Pj0p6S_8a6RMD_B0dJNFJm6Cx3W3dXN2t6jzY_;91s&N3QLrSCoA#dwPn!Z~FN|
z&Mss3>U4hVx69EdID1M)Tb}vz$=x&K4~f*4b#^};Hs9U#g8Ha~6a9RhH6E8ZUF|da
zXkLYFirv21ao<wkEj&FT&{1@_*8h^xm9N7!?$~U6J!e_}SK^Vojohtm+dtP{vOVxe
z{z^kaV{6f(3uw_KxyTlcLW@e2&p4Hc<=@cdzaqeHDQ|a8-1kqL@rOO<^cv0YVVruk
zZ0?a$dJ8M1i%nZwced_%FXfxd+P(Rr8rPWKMTZ|>9*nHdlulGN5?<I7ojqIYYx~rh
zA0iLbybKI>7-VZ#<mmLq;WEQooRCXiP3qxie?#Te<sN+}UD_UW(P9*B^w<8TAx;&`
zXWj0nc01^NR9mc%DjRFR>POAp@>Qm`>Mf<VXVPCHjnuZ;D%PoOOLulcZR6DH&2ZcQ
z*-`&jYI~%{=-<q6Rgr}nV?JWC8$mqevg>P?9J(pX=h(O8yc3W5xQ@?2%Ws7wg;^bZ
z>yclkGHtTw-tGHJsH%#$D-C3m-1<k?`!CDxks3p!Zjvk0%wp1B*~3n*v+{%bPiMGI
z1y_0GujF=`@q*5k$KACC_Un5n!1L7WXB&p7xhL68Ae}$9(DOp#oYa-%GdlA#_V-lt
z@H)@vGvhrMz5IH#+MR!rdS5s_uIPAz$M)EcC!WOAnt2s&pZL$NrF0vYgB~;bJ9X2%
z6nS^k^+lZ?KJBer_~82M2T%G8JCkjd>U7K{e#7(j6>~K7U+(-Oms?rQn|c3{)QnbH
z?OC<rahGlv?Q78ICl6kEc5lc#wufZo+b;oc?-|S@@9NL2oR>d|vDMOaG$Wh;Jm_W5
z31^MShbxVr-`D<BsX}@myLE_m>pnX^tPxn+96giZZ_s|Q=SbUXPG!igxt6Wxtnw%+
z8xtMz!_F}6NU!RR=^X|yyRpM*;fwLFJuV-&TY~q8-}Y4H1)96vv`n&8T1v8x)L_H0
zfn+sX#X8Aq=?+6kRurY)1o3|<S^Jphe?39OyTFI0Vil0oE3ta8v*z04a}HjA`6W8V
zn|t!)e%s+i?GBaP{<>xSmfn;1l&F*Oo?wEMiez)d`p4z=m&Ixy6Z@S6;%_UsR&A6$
z%<5^?hd-YddNfoik7ir!m-;m8(J_amWn~*Dnm^0!^{raEzdB;_g>mDAwxRDn=WejO
zJc_qRNHMbi$Jw1xn@WEia=YEm%Wp4oTe%evXg$(R<-;eR_2>5-xG>b9?QpR-KLla!
z?>zBI(zviGtT5f%)st`Qdfu@2FIuL*WrM@GPi6Lprw9zMT=1M+v|{?@;)n^>{r^;-
zlBl(_x*B&x4@Owg7Bf10(ew=uUD9>`)SDWIqE|eAa`TBv8@KUc-4gDouKvc3wwONV
zHNse4{5^W$y_2UZwfDTL)GA)BqPy(uhw`BhBX^HrnXapTbKlBk{XNSIuiq|sd0Z2D
zu3a+5B<;YB1t&5Lj8?Q>+xgY9Rj<!!4!z<uaYQNJQ-9Gdn{EGQ?qx62BvMOh(mv)n
zq>&~yTg5s}YUxfQ*CZWTUAvj>Mm$%#4R>AVBI*+2%yaU$TVPvZQ)s!h^IePe=G7fv
zne7(c7O4o%a*r0i<LockntwNMeU3%8Q|9Ni<EbAQhmzkUn-6`SxG&*OeC42;m>&aA
zL_Ubr55F0<EA&yw=AZ$AqJTjEFh7BBzdlC2Y<foapmu-e^^fV=4wu_6ZI^E})Nrgp
zOxwY2M(akmy07(4bDxHeS}gel>BWC>MgRZ+000000000000000000000091fiefaR
zrG6NU`(r55_=mwR-JcftcoIoNe0O)EbM1u;uTeGiKZG-UMZ~?^hKqE+l`VJ_*Xd#}
zOZ7d&18)vCUQRoial^U4VSGE4yK_fbrM4q)RG)ZfuiN_zk2u}lx;bPQZ>#k4u-xb9
z(09_5_WDO>W%OOMKl9qvqVSLnJD!I3y0&NhtNDeSs`fnZt2N#2lHk?`<{Gzqm0zq9
zx#;=Q>;plojx6&!y-)Ee?cf&rS<-y(!ry&LJE!TVwEbI)&7@P?-<57I+q`RUQtKU=
z>D@zjXmlu6-$r^jczYMmG5oBOj36F%OcBV)ZjC;rU8M4te@QXln}gsV!O372CS_;P
z{TSJdv?Mlz9*O<FT|ro`KaU;E;77BP(imtlsYdqjR(xhV=Z`;}<KFN~GO|sy8_f&#
zkjHc(zCVjsg!;24)CdMEFPBMY6i~x*sf>E{`PGMbswz*}^lp1I@59iq4@{QC2U?6A
zcH?@7g<9#N**TZZhL%d7O+RNa@~ZlvvwAB2n->}RPZS24wbJW*YhCG*Crd|ijhL!4
zwpiJBcN^qYyumnp&WUB3(Mv-14edWP-uLM`b(fjCw8sNx?w>GBIR5sTRsP$b{wNJx
zen|V!V)x9}C!#uakbj6r)*iq8C^YGb)=SDPbxUjgGutB_+a9T)OIC`{IF4RmAEouR
z!#b-K<NE4b9U63PM(>WX9$&ioRZAq-^Yc!NkjGop#CJX<qFqvIx4o{~MH#EB6&ShX
z6ghOZ*TZpMH(et(Php!^ewxE{YQI#|-Ltw~&JX_N7kWEVwRp=qMXXt8ynfe=p4KC=
zexR&F|2L=S$NhAb6=f5?Rtxs*nxYm!nijx4Kq^K9TT1fsz1c`3$!oTXb&}W8eMljB
z0WBnX8F3GOCwbXTC2uNA`{9r4dOq(ZHV3D1j-NcW)8+G!K<kPT)ZQ13Z7f~01QC-<
zy7wdQ@Ho<=k>m~h%Zir~cOStOkKRz~WXg6{_UNWix9mSxw}u~(mTjV)X`N7Wd5j4j
z)6B5>_3t|rxZV)H8$#O7J>?vmv^!wcmqB`-q;}GcZ8o~UcTbHwp4)%rvvD?h`Ysm+
zMNH}Cx^&%>v=^DX;uFeleVa5>+xwNtj{Gh6z71X!ynT<|p#4$#Cf_t`t~xM>z8YU-
zwq#$oq|Vf^*@M%+4_W+CJ8a6r<YM8u`97w%J8kE;ciUt%YNA}mtkBMlWK191vQp7T
zwG>|lp=dUvZCa~W<zL^h#pji-@$QV{g-Jt$l3hl3y_#S<NjE$^!CZL!Sxwo)o_-qs
z+ikzyEB@}aF17Qd;X|}y`?Nnt7TmcSTYb&{_?K^fGxmx{d@3C@x!c<Ch1b7W-+KBq
zG2Y%~)~HpaA+wC9rhb}x)%n@fm1o|p=}@(<57SVx|I1UY&y)J<j=|2jvYz{|PR_Lh
z+lQXCi7fwk`=ucFUA&ss?zS;95$oGhB9;+%4{0P~%~rAAFF3St4<ba2?O!Kig8!w6
zr63>bM9iJ`|FL%#P*rB%-@kN&bSj+^_tGWZE!{|`Af2Lg2!e!kONcb6w4fp&qLeh!
z(jW*(3GW4DP{eVZ-#EN${pXo=*P6@BbDwk0{+`d?&xw6lfS^N@(|w)BSJGPF$k^5q
zY<m(>X_Zql09$^~IUMB?uJr3F1y6&824S0?<g^x%P^An#a}$`*bLO^Kof{6%!VVx4
zIZz5OAQ&Ei^-aCqelzC`0qcMhIkFkd|EMOomOyVvH!$$VkAP=+5_o^Fv3|<LzxlI&
zM#;=A7E+>@To0wQZg+sphHGu4Kx2bR8YuEMLg%n+9+pbFijrG8SxW9HG4V0t&E-kM
zjU^*&P$L!_tQRqixtR(+X?Ct!kH~WIk=87*SI3A`Aq|)34r={4<0`_~8)d^pH*^=G
z#L_nOzN~(R5BrjdsjT3Zqa^)J%K}<sbp*dJ8~9>@UeQ3N!~J_SKq_yFA2t0yyuI!e
z7()P&_Wy_m4Gjee4LpU++Qt{dmYGwt^%G#HBQsk(*Yl-~{7bj|kgp?P013EehA9-u
zUOG-b{ghqJv}nXprJDKHD;ar`c$r$0jC7u!S^PRiXtr)PmH0XV5wkECS|S`vqLNi^
zgR>V}$6NbqwJDfR)JloFuhDY31_`6O5DQ+Jx`dy@j%qND%0<jdtKHY=|Ii)(=B?om
zBRqHrVJT%Qkn4(MWMMdNY4L$^E__xvHw3H!PT>61A|B)XtfhVwlM0<tOsZK_^|P4N
z;(JyzDn+Bza_e+4uqm^<p3{;M=rqcK*+F4pTOhHAV6)>A9i1rkXAnF}$m4M$Cbj;}
ztkx{51blf5KT@xyv8&_ZOE)Adn9@l{l(zWwu=Lv<G2pL2CJ+Pg;^93MUv(Jpn;Xf&
ztJ^QZw`Av8$>bfUyB^mcp<eeW(qtA74}{iT3=~UjN+Nsfu_T_mi{^H7)=5OrO~}Ui
zi3uk=q<*?GLt$}<hcoQxeTtSC_zr(1kh*rgua;Q`ME9Fqw?e4;+X5cYDI^ItYWH$#
zb4}m+yiC^7yK3RYa>aF3<&Eo$8#m!3YaD75GccA9;p+i(J2){Gj9xMziT8!?Tk;=<
z?lE5>AWuut*m<*=GP);%E-2$QO?9R#pV;#)UV7OJvSf6M_s)GNT#jYELLSV*C8(rE
zKsMF=_$uK_4MehxFyAw;u%sSW!?b2e_(y5I1^H@?%?J|666L~KNl>>r^k)5^xKwu*
zPFKg{Af~GzcN;Z`-!xFZVg*va)5ave1i5$J>;+t8ZRozPe$+pH+5Us`t1iRI9j`Qu
z&N~!v+0b-VUbhBgQ{b$ysaaG3I2i?>R>ZGf<<D58N7&>)BWx<nUjG?3%}+T_S4h<f
zX8yxAIh(5~Ua&8XudHO_El<4B#6gi;;vhSE_+^6-e+s?>8L$EZP5xzUD$IHSzB_uH
z;W))NEf|~;N8mL7i${=umExQI+Z5j?z<F?wtO%RZA5T8Y4E-0uxwz+XZqMZ0gTl{w
z{6r4Vjl^VAm_M-d2SN|tqA7#=tW%F{Oob7d%==uDTDrk%{>j_d7XrMq*Q5gV2*_r6
z-{s*z`2>xpYx{CK6p77kia(OP5sA`Wi5ML0Y{_b7@XRE`H)QPrmp2Qed^L_(P!{IK
z<EMT7bj3R8`C1H$DarPS;IswW98?JmPA~?&Nlt6a-+mambmxe5-uqVU3w7mPhP&=j
z%k_xms*5TPqT{Gy;<K?1#G^uQL%Wdz`fQlHTu1QaoysfNpaYqViS{6}r7N_T11Itp
ziaQyk;-af|;h@UIWxdI?D?jJYl+pVe8?7h^@^s|Lc9QB#yrLORI*)=mi8p84h?_Y#
z*&in#l2g+Yxi6<5b&Fp%daFyVEJBAsat*)cH7uSensg+14lpe*ofRz=X1_ZF;nX4?
z)AFp9c}Pot6sMzH+3Y8BW&h^WhRGssr~(ep3ot%N6lNskdLmagI+!hPU)W+n_jht-
zgFs-YfH;_04#TtKuiqYED|&b!vk{4bD~b7EO$*!fu1`uU9F8X5hsx)pNp1JV>8;p=
zbyKs}dJU!b6Pf0!h0T#}+%<JIfsL3+g+7GZFVDT}%gWKMam*i|Ae2^hxr&n$NFS;f
ztQkMa#>pbJQP3~4u#(hq!QG4i>3$+&ww=Ng&l~J1cg^0CidGF8QJD*dTMq}g`dhoh
zbE7RJ9il}OsD6-=0E`wCAktUKY<^2hnY8(Z-8xzhE@Gh~k2pv+@_8&582-we`c}(+
zq}^&^L3`#?NFpI4H?xW=@Su1#a@hjYHtzMCS&UpSFe~x7dAYku@E$fZ$F%JW2%A|F
zT~Xa@WKr*jIpsKz&Ra(D&6o}}m*Jwc^Vy6)^0G9-ycAo5f3*WL&X(nT8AhS8+7{8i
zaDJ8)8?2PSWLz?=d{;istGij#*bC?U4ZEK8+$shm#PN&}0`3ngfD;HgwTQ<EIco(T
z9bf2hR!wGyuX?h{oV5_0Lj2%gh83u9Kq@$SPl`+reAQ(AZVIWN6t4$)B?;WY#b#EY
zj+ZJBuF!lA_Znmjc~QJJhAG#>DIwv?rsw&JiUhGa1AVg!0m%pI7VrJZ;5N^@U8x_^
z+3`&aob>Z=(&ZS8x*UFebUS4Y>pa|6gyU$fE@GI>aGjtOONyQGbD2cfg2*{%iK$(N
zY&<NRWV?v$ilZ3S{%m4Y46V+HpTwxxpT3V#gE;11a(UjuK_k&KAakm?ODKM?#Jek<
zo1!ew8&~opG_RU|f}fS$fefSo0m>(0)ZaV|3$D~1z=0>Rv)5+;0fC$h;P+8`b2np=
z@1~zdz#qvkE(QA+GGBmzEFe}kPT-fx_2aMK43a4-36ktT|KKf830we@A5Tane&<<&
z!Jfq*@&=&TLM>~&c;{m_l^<(0d>=*nfW*)sA12CjlEPH!r<E{7A~RUtq$()S4~bC>
zvL7mFKRt!Enk=Kf@|v{|rRrJI+ie`pDB4lC2k@O-iMo&<w7h}T<_h*Zg<_V*VRZz4
z6hxvpw_hTgz|5^sH8i)3tUM0I0>lj7nth?!k~j4~&PEAu81Xia3^T?vn?3w&tL2P#
zn;<nER;<^gH64M^-Czv`rd~Vu9F_roeR0E_QPuX`?BMWqXqrJWLA9&RP)WqV8h2A4
z`;RIm!@kvhjw5eAF0eejF3~<&21u71QgO8k4R#5z&EgvhuVu6^xt&x%ZZKd%6P2jC
zhrFcp<eW<5z94=i?7wL%_`KvdN*bdV9DQK!)wYWU$bV$<hwx^!{cF^N|EH-3mU}qh
z1ociW;xYBkR#8W8;@TOx2@J+L{gVxrw(SjnL!({7kX-o%Ruy`u5=9dBR}J>4d=HmN
z{3GXF_4u_%GDbl3g@gnWE)dJhzE=?gmtoC};A^%nt*PV^xQmI`sFKCIx{NmMjlvMY
zFF%gB+^=h>i`d5YT**x%N=rqa-jCc`Dr6R7M25%uU3yc9S)Px;6zME_n^?*cL>=uF
z01}%j7b&|Rsyp$$oEyTZM&V7OM{dIAjD|9vEis?&CR9NONvOf^Y_8wCiLC5Nr8_qv
zyj}Y`$ns6zUd_CXC@k*bk@m*ibk=16pO(95W!BHd`alNs2QM7oR7&nQ4`n=C0s&6E
zaHxU~vZR0es-frlXMW*J3w$&F%M4`sdi;0)E07p;9!Pk24;DBEmHZ<HJ^Fz^d$*W<
z^Xa)nFzmTDIsH#IMzIdd-srHUHZ^Aa&-j-5{U|0x=33zzB}fS-A>;NgzQu%xOfM;+
z#UW3+cW*DuIw;~XKC{LnX3LmevmnFHoLl<NPu#2&m1i<ch>P)ETsfmdWiF9fIE@b%
zUwbd>SdE-m@gSPz=3QtR;l&Y#A_p7Rl>ZM>v)^1Lu9yr_?d*yiV@>A`qLmYU0Hs)K
zP%Ha1jN2A|@w#SdZ__r-8~oBW$=U*MWDk@6ONt$gVf<!55Or&;QP^xgx?4|BWNu1H
zmxC%(iVFS3dQ6Ka{4EB)*UL1l$(1Q|g77=2upxu#rBpGbEQb9q^<#53QzC|*D@>86
zgA3c2%#Wo1Q{!G?qn$5~^zVGvZ)hp<at6i=ipUU5z^i99Jn?J^2slB&Q;T>^z_V81
z5dp2vh=AqodOsV?b@`rvD|Kb2F9IcV+pOc|9&8Yd?T|YHFj^4+m>bmLjR}nLM%2K3
zUqj2IWN;^!qW<P&aNtVm0uBi1^o4s6kwCA{`&IeX882oa^S8ufKGjeBDdZB;uQ<qF
zp0tR8_OY|7$YJTRi9(g%Q@T+60ztgHJ!B_V!s9L=!+(N4L6<_P2Xn>R_JePdt<P5I
zJzXIISU2wB3B!v7d6YC{>Mdw3Ey|;dIV|+<3VAD%^b)wl?LHWtMsEz#=WeMh(6bY-
z^FvmbsM#Rj5$T-j)Ld?Vknz6r0CK00hozgFYp_j&>;|T)z^iQ&CX&@PZkz}H5^|-`
zljkbnwmcfjhczy7Ru6sLLzB}fbb5|5C4w1J-EPCD&p{6<dg}wB+6q2e=!G|->g({&
z-Eqoe?H@C^j^<mAXFV)gT@#6T+fV~bI*8(uiII@AD#E-J3m4vD9thXa_<5Nmr8jWj
zR6mm3X^pJHR%9nD+pr16Q8Q#bVs*o_#Yh?q8;i4oO?kTx-~?<=E#fh3&RPjaurWU)
z*p#fA{tPzG-^1qVJzDXg#77{N6!DxJSA{D;37sz??>&C%b?rkYw$uGV-=OJSe-g6;
z8OQ+wMgHZPqmoq<zyWNm?e|rx?0U^u*v{O+92^GhpNsg-qIXC<FpIp7;xFfaf<|A@
zC>)o7<fsTF`(^mcE8Qc7SlefD9|*C>WIl<P?x3HEkU7sRQlz02DWI$8@-ou^DYd+S
z@TNowVz!nt{(~*hwHszW2Ane=!<JR_YPoKSB_Z;FD3Mb|-9)|P2>de#!-Zcdtmr+8
z7_`E?%ZKzx8j~x%t-;lKaR=riE6Yx3uagr@qYCYOmPpU^XBhnE!+7ipQ1`FJV_2{V
zSNtU){5OR5JK5g;1Ujt1Us=%fJq%-}8b>fAC?cjm_X#UzP%?>|VO@SzZA(_ed=E-_
z;`5~QCqwicM421hSnpims!O#uBUUatvdVryQKwQgQ$(6$+7P-Wd3n8~oU%+WKJ0e%
zx{-^3SMu`EP=+<Vs<)%e_-_Bu`77vFe)y)q&$#s7g|vbf^<7pIL64wj3^$iX_oeis
zF7eAYep~*sae%<Olr@=V#ze7EepN_O1x!lQvm#~5sxjaMDNilpF)7blh)1L}IU`c$
zm1_QsluqB1QaWm&-1Nc|t98$7Mra+M?(FTdkE<iO%*59B<2RCh*3E+rr1Uc|K9B)B
zAi(Y4Jvkd(DGk60Qp(vl9H|&g#*g5S_7NSO{s}sMec19>JqP^QKYGuf0<i^R0IRtb
z<w0{*YJ)U^<rp!)$O>Ww52MeGkII!eQz7rAQp}<ANu$g2;7i&Sl<YWPM|MbDyo{%%
z<mSrCIl)g%f~<$XR=3JRGluG=Ozv00{|ap?4sNmTK4huZi|z{9%m?$hbQ{E~=!6Wt
z8&X}n5~20IcDjpiA9`{5Ql%Ci0#O1e_Sb-j{uK~UrQ!GB^Txv$h4)B9zOTVnIH5#!
z4;mX=iXIAu@~*6(hkQV9s1$wwlCrUty`}CDGKmR3%39JSq?tl@0R6<0w4KLg+w``$
zF+;+(2H7@efv%O7cdQH|UOJLauY?11u9cbJYS~85%YCF(`T-_B=#H8oGOT!pXUa~t
zi=l|#r>%6a=KX_Fe*`|KzhXYEmvzO1ux0XXFP5pqa26j63QE_3S!Z-stjjA^2b^Ht
zsYN_y-C1kwh;@c%#JY^n2tQ+;<M*uFh<>nbIHHHy;T~Pon5XqQ8t#Hbj3`t7Jo+2g
z>l`0T(@+)2{4@=|EW-?NIl(%a-^{v<&-+Igof;K_A-4klXdQvh@z+5I`WAE`P2dF(
zm<)&aV4e~p{3+z_g<Rf<5bUJ4>4USP;i3L~RfDDex?8P+c>#vU3#YpfMBE>f%#`E(
zwWUMHmZAsmWZlw`V6`HjMNWir^O~NDZO2yvJdqp)K2M&jUj7JAo!DwtJK!|U73JGG
zC)+UG&@cz1X;$U32Mmk1co@N^Kp?rk8!*DXr-kgtjAj@PaR@nSpyWRn^?lDd3jQsY
zYOMx&bp&x2rw*AB+8OsCwvD8)s|0g=owfaIj<_FQn0KWkwy*`=2k;k~ddk0??wB2#
z9~WMn>Cm}Ad$}_n=^81|Kpk@lOG`qNE=Ig0TT{2m>cC1*pv7`{r8zHC!V~6+Eh&bQ
zp{$PvHu}{B?ZBs<IFCPW-(KSKk=a+pkJSA$>$&xi-9;;$<&kE!&{8bkUN7s7rUx@l
z|Ew67@fi+qf^nx7@tAREEwL|*)4FoZIEjCgaY>)Fj~Vx~)6N~fr(KoL+n4Wz*OxwT
zpL5PBReJE2jyhF*$cxSZ@6%1&>M?{DGyZ)3bb1GZU<L$Qomk^!@SACu^hpbFV$nJH
zU1Wc@@!(WMdNA&yk8tPkcNRGP7<{xKY9Qs|-4{-*KR%f4{Q7LfAJ0XvyrOKH&>P=a
zw;`Tjy?FUjdG-W14Ounw#nBro4A4SyPHO(ho_$j0{23vx6d~=ZW-d2kK9C|{CkA1J
z;#?B+-VNuOfI_Ymhq^x?uM%f#ons#LLTi}dP1+^MRr9-W6E1O41ZKmPR=TQzHe}-I
zqnE=+<)Z3t`}o9tBrcUc1fV_87RYc2Kq?@GH`#Gp?$7fx>`(MF82{5t&%Xy{BE>*>
zED_Vyg7}SQE?|ngzl}C^1@hCbjPsYgP}B&8-fj*Hz>Db2xn;80-nC`&&ps#l$VOtf
z!D>5nRTG~aPJ{Bj0cmlN7+0mKO;jm{LqH_4M1+Y#!mM*?9ciX`a&6w~d`t>{sb~9D
zxH{LBXSvDkv8>m`Z3!@WB^D$*Gxi1b^DgoWcCUa%9tqzHsZ=(t-ffq+3VSB!dLP1@
zQTL4IwZWZbADZ9L^VA|9)AMZAc@!V&oKbujQ|<S&_|X1)Vp1)WB_YSMvF|a*Bn^<v
zBdgQi4BfN#fTZuMtX;i26d@fF=jErMeINopKmgx~_|WJ#6EmjT7jQsK1AQauAFbkf
z3;ysOant_S!$jb>v;=Ab=|D6<s>6GTh4hU`zC8L@m+s_PYvN^OEzZE8f%N>zt$2cU
z?%7pWE<{u(qdm)_yP#PSf$+X~)Y9yMqZW5`5ni$W`xP_+rVV=9LII?i2p%&-N>nd#
z4RewrVVxT#WzU-_%fmpt#pm3LNK~Ia6{SjpQ&<qHGDm+vNYqZ`W7aA$Du=7j`3!1t
zCq(OU{*C`}=?)7j+`G3zL@%GHtuG);raX)CM!X)7%u1oqYikRymYAlo8!4CKd}S9Q
zNb$)t1DFR~g&da<agi&mIBRb$KeWdvqe>;SQh5<Elg2^N(D-80f9q3$1b4vfO*`0@
zJjBY(nX;!SSW?ax)e;2WqORR?q|w>!!hx>zJ(nHY%iuDvuy6k#>G)R+L~8O5_r_hX
z$pv1N8o7yD$c+S^GBDS)&WdX>)jog|TsyUh$6PyG869y=^NhF_-ZuX;uGxLhHUFt_
zqFG0K_N@(_UMwdvl9;<(B?7m5?G+G4m!#|qE<adwBlV}(_%g;9=<qMkhJ?4x0S>rk
zsL$YNZ*0V%Z_i+Syobdb5(s8m+!534{t2dix2NLkSb=1}5G4BcfAx&)`WG6yPczcI
zbz?K<DzvW%5yXg&FD*`)k>?`axh=E(w%P{7WBUn3CXrHA#;nYf=Hk?w+|hxk5g(PM
z&aG}M+wl=hrJ^kg1O|ZZ>=gQBq!;E|$VcDB%{R(i{)jG_swK2gUe3rjXQPU6D!u0_
znQJ2Y(}}c5cBxppC6SDJ@(<bO0(1h>ABKWp%z2ZZ+L-@yB>4T2V5h}{&>caIICRqn
zTga^$@&3eXsL3#|ak~>JDb}vGEA-(-e2&7sm09M88ows6*ii3IhLm@Ilz}m#0D^-t
zbxa7ClijC0n2=hElf<lx>`lQ-DQFT*&WktP7X?)!485JJxfA^W0$9ixZMFt)l}uD%
z#r(s7STQ+}4?T<hUXa$V?{8}U5iae1+4eUsyDLv~mY8Wq@m+N?${PSccUyqpq}9*r
zO**`77I1=@rxx*;nP)A~FVwVCJEo@7ze&yDhS$f`WC4K=k|co5Pjg`Yuea|X@1i1c
z-k%^779?@7bKHM>u>BsZz37SSquL#5)_1uk=<XL+(rQv*U3-g2AL=*GeZf*L5hjhl
zDF9jZKqo?gAYA~~H??;9%~%a?Xa)R{f#XXB8AL@H_AAC<D9Es1F)&>B^Qyf*f~)OG
zxc;5iI<fzo>)ZX`Tz}65e@fua-3+`+#8;XuWD_aI1V!hZCUn*NY1JFMF_3cYKNOY>
zp`#P%I@v9wFHY}GhL1%jJ%MQ1s~3F7eoj=!<<cAI`p^|Wr6{cwSqXk3vUn!}wJs~j
zrU&i?8uYnD!_U%Gpf0It1@X4A<F8(fF}rlxP3q-a5IIdE0i@PW?|IKYr7sCM0)Sq=
zK<+~Zvj9QfOkcPBF@(Rdz`sP~M^x~4&->uaGBd0=CX0TEE~KkkL&0Q_ukBb1$Si!q
zxU?$o<|?+nl;u~EItJZ(ogxi2@^cSzM{BHY_h^qGA^9y9pML!0aA%gvrzXa?)vqA0
zz!-<j45B*&J8-@9Qz|Jwg~a++WO`#?e%A-ti&nx>+WQbU_JxG);Gm4!-r&9>|902=
zTQ@R0D6?|4e}pLWp*Abs#@FI~K<5R<w#r#yJGkK$-~_f$E#fh@&sx<-!LITd1-rg?
zRel!iUi+TP>u#;>6GP5sMCof*x*qsaNg%<`#w&<XcdPiY)5x^)nb--{{o#}jQeLV9
z0xV9ZyhQxXSoXcE4EU3jmuhx4)~4TPy_^Gol#d8~?bj1<d=KDDARZvs;XTYhO{;iN
zqQATxDA)ZnNd|U}3dsZt6+=T)v!Tml{f8^}9$;=NsuT*o*vVkX$$av3XMGCSBsLCs
zDH}n;pXMDw0h>@=iUKsZQOF!8esxt=GxepsV8LCZE&~`osD~&>brn2loHWa!vy0n^
zt=I}q0Wo70QmX<vro_1H>ljL|zT-;>l;Mi2?kT_Uq7QWnCq+MTt)jWUmT?wFM*<LM
zi=_sXGc>HjhuXz`$mz~vAj<<yYXsRs2uDhT?9ADQpX*F?1bli)b*WLUod%&JVfhZ#
zLmi7NswxY1(7cL$_tkbqgIC1)jT9>>W+$zD-?~o7))@2KY%LA9P0{s9y`p?}d2WHI
zD*L^Mf71tl&WP`qR)3}S|IuuhMDK1hhw*$w%gsAqs^WkDuFm2IFc1~b3W&aUl>jGz
zcxn-kfq2&1Is)S5GXkRLHSM1P(dK&~cDFGphk4+o-}1fCD&byB94y~%UB!bunf6gc
z(^sL7IXBb^$sb1H0EpUv0Ns;7ME%V`^t|@RM9^tKJd&@loz?yy%&kqqIGhB3<c^SN
z^G_g=A9M-Gb9fKyPy3eTmokwU9vAA*pqQU6%)*#!B@vNxJ)))}X}M{Ny->q8Zu2dV
zopoTlk}`Kj(~>L6#)~zvo)zp2)~l{MA8@&!QA|)-EmDc_VR_o*#W{%qMYjMq-#vhb
zsOjKNp3WX^)lR3!iL<Dh!;rCH%FDz$FAzP}zJS5*dmRf1QQGp>BLwnX>c@aW^r!rX
zP&^ML{Iw)PR<Fo!JL|zNZ~AIl;=1GEbv_LqxYPK^i9y~aLa}9K2&v(Qkob$srXEVA
z8|IgBZ7Lp>lIZBBeS`rt#mtOk#M=1K<mK;F`uNFT<K%?yBvuxC`f_jXlc3a8sN}fp
z`L{LCoBcPDqs>P)=d+_fXj1UZZ3YCp5>HuKCr*z|<z3j9$B%UWKO0Q+=EKnD9a?9p
zRC9z&u@JD4Tu+q2IFvst9C}{+Zi?sBA|B)LtW|Y1K`wVj6Xec&27i5m-1?ME!SW`q
zQK;}KA+b7vE)N2eYhXSRUpgm%G1-WTk2N4?$!f;Z<WDGj6e)V1m>~b{k)re7{@%<V
zf>F%Q=IXauK_J$^AKfD?TL1k?^V2e=|5EU=U$$?5{?G7u*17%v$H^gb{m(Y;`OeWp
zGtR;<LPSEv3wc!Ujz4W(C+|`fh3~wr(BOR4ms2c{%%o6(D_3<=`J6=JMnN8nT<NV{
ziU^$DMe4yiM%1S?HQ3E>L|Hj6)5%MRQa9Ye4)qSws*IBpvaowkwL61!K8#+N@4fgn
z&)U6tgml=U(q6N|*Bu21NvM84`)&O{8t~NP8Bmx40lb*{5cXSkjW)H`vsWKm`I<+V
z)tcTiVlosmK-Hbm#nK+p%2U6u)}@-NVx_2c*<V3XRzt>DT0wkN?1N~v2)vLoU*n}&
zPZ_tDu4^uWPNAHwtfVZQyzCBr^pxBobhgy6R3M7$AYYOpU?DLr;cKRT0s=e}oDxiZ
z9{vBJcl~$$cl~$$cl~$$cl~$$cl~$$cl~$$cl~$$cl~$$cl~$$cb)y^FYCqjWrJ3b
z#EFTyE5CR68A_IY2yo)0ItfA0(MAJEO`tc#v!e{ulwS{v!u-h;92<}w#13QwvL22w
zfBh9m1EK;_9Nu&OaFq}Ed8ckO@P;5eIhyPZfd&Bo9TCzST;goJHhcZ|yadUVBCjzO
zSyEty%G_Xha8O)AaE$a+^r-ZW*Y{YR!pxd84DySRo$}quu++)}A)_TSa<QvZ+wSvv
zsPGiK=D435HaT~GA@A+;JNg)LA)Xh;X#xtueY0X_prR7GO-W5cb{v*rQeP>oGRDwz
zwgR~FuUw44=Y^SApv7};hUbLBrI1W~)7-|KG8js_oIEzcS9=4Fk12Uc>WXETZj}yJ
zs%M?shdVglIkQC{=VN=Q&4hbbg|WFl*xqOkynMy0z~`Rgr6;H~#+M+@*Se6&MdEpP
zQfv?mN#tL(O;wu|lz&4E6=43%K-BY&8Yezf>Sa}mNo<6%=D(e&6y{4he6l{!u;lXm
zlu-;IeR&5&JuUFD1#b0zt^{1_Qm58vY$QXer25k?k=_u@?d+;TKg=>D+pxu#msvAq
z(f2N3=pgr0s8DF#m}&RkT$*?V`FTOU^-8O$<c)!x8ct#*|0k}5+KvKqFRg;FJ<dTK
z!xr9vvCg$majJxbo)TjR{z*D~u+aXpN?KW_+*AOOK|Oxa&;2j9$Y}Sz;ehY~da?ec
z89v{Ce1;F)q4t--eVYjXv@(8mc;5eU9Usmxf^EifRyJe!NPg00@yUx}*m&v~)}Kcn
z^gurE9@Nd${>o;{$+^Yh?L-1RwTh1exr!$jNHaHObW~mWMF1d=JFQE8v651hb$gD_
z?m54v&TNs_q7mqLwlV3K;-}nPK>yKh8V;vEKr@XL85Y96D?W2FZ-+xv!`oakYlIe;
z35t<1q%D#`DlZNy4~=*IBCG1GO>w&>RKdp?fp9IHrO*J6d2cw9jrUE4=$ZEyZV5{w
zhm+Em8ki(Jruv|9e)^-JAjYa?I4sl3xvf=^CtCCLUYee^I^!mNab>OfSOLhdqAjza
zW{i5Awc5)k`{waE-wKZHZD$~xaU0#0*J{QTG7@PAOxR-DBoRw9Unzwe?{SzQTGm@6
zg(NHj&8H(8T>Zml%x7dX<c>t@lQzTDdcr^3S70<li7&{jRri>i9l_@-o2@Z#c3Z!T
zmwA`x6x=_SU_o8RA73GWqbJN%7Vig1$uTMB%uth4tb|2Y_KZwOW7G<iwJ5k-O)6Wo
zIbhWL_%i%<HtJL=3K3K#mTIQ(3qcmE2De<Ln|vzdl%8f6g0bd?i5$%?%|0rnC4S4W
zP+Fj^?Mq&j&Xb1Vyq*Vdg5$g_r)~N!2>nrOV2eCF`JA^ORiHSU=@!Ks`E9;9p0tVt
zCf<RDU52?Zm!X@by)T*4S@D<FZ$S`;b?0(2KC^^vdcNwwonDj+%i&o5xd9jFg=aT3
zGaj5&z1TQSLj=t{OZexUzD{Q@z@vB16GTMsB<&GQ=j-sJjyew^=}LFaeL3(#%?o&7
zGZH}1zntd>`3V9v;P5ORbNj3M4u)pJa^M)l9_-Nvzr+{}hJSUL4;wh3U}0tfGJ{wT
zV~pdk-(-g|vN5)|b~t$2H><FJ7G2ayk_<dTM0*Ka)YniCledhp)^oWb$0kdqhWd@s
z6XDTZ{#dG^l=0xiYo1={pXq|p*!YJpn?B>dkN!ZGKKZ=ZLvBG!Guc3EI{atwog5F>
z`vc$IBHDo(N*-0_!TE@v>$BKs%>jXx*1rlnnza^P0F(u&OLq@9DpXu6bJ$jUNBFVQ
z)d#T`dW*0mb?z?AR3fdAHNNZ>QO?x`@oqv+(~5iZA^~D4s{PXIfdCiEw{qb%BW#w1
z!_7tNS#Y|5++vs)69o5+;-9>84Apo~AFap{(1lOGGI?);pFNHN%F^X(4L1+5A({HD
zv6=dS&1>jaxtW{6M9lr2I{_3G`6`Feg$PjSx9lY+KzOCn<JR8EE$S2@qE-)oA&l{Z
z7+X_nL&+|0m%EGJLP%-z0RK>9{=Ikjv|gVdUwvap<Q?RpX7<o_;S-mH9>RP+{fo}K
zrSlLIIUB^|O!u_J$+6KJ9wyBrmo2&2aSz$xm4lYixCbCvR4;kaweG%FBOiNQE|6^6
zPfBad0l6>7(}NGN0{?=1aJT^oQGS$H1BR35JB<e4k??Xe?&FZ@tZ?`Q0Sa&eho_eD
z7>EDY1%8Ob03t7j1Dg>6Zo&S$r-UPynpp$B!66ui72prq5eyA}9fmC5!jR?L<H2RW
zJm|Z#7k^5_9Q=G&<xdvr{;u2zX)IU>eWJKMEj+_v<6$MTd`z3zSUL-Kdr)iJ_8)72
zUU+PcHX-~Yk1!x#E-YT{^7ah69|YSU%~%;}CL|%u?uZs0&&w_o8prS$`%XiCvnYzz
zmD1%2dNc0}k=wDj)_yb{0XumgE3wr;jyd`x#gF5Wt_OxF@zfR;OZ4D!3r=czZbZFB
z#;jFunz@a((?E`<w593H-eWUE(TslW#rE)15%HYVE)IZhN>dCUi`URhSb6D2;=|Hx
zW5kd|DSLHcZcQ5^j!cyEkZmloYunjUmd4L7exkWi<b1<(ApgBznV4g*?P}W4q?KNR
zyOry7E5et(KY>6mKcL{@-XCrtr}vNW;C-HsQQykm=10!wcOdmHb?_EHk(^-j?s?bd
zIW%%48g(pHLf^8u%;pI%9KaMvgW+@NMU|oJ@b#`1SI6LTYXq5-U9I3Dgf2gI%2jx7
zMIwvtg;I1U#p&H6uFvIlFKE#-ob=Ual57hv1XaW(CmE`zmXxRH09`KK3G6alGlPu`
z(0RE@RJ+%7CBrr+U|-TdK&ruC5@9b!zlNzEm1WyZ-8^d9+jU@)Iq^PIFP;%o5uONI
z0!}dXW#Rl_<uwFI%&tu6Ckg|Couo#cUoka?lP-9SSyT)MbClONnk)I`kXq#fyk1RL
z(OEw}?)y?}^D4&gCV(=~{X$}VRm%<iA9*QlgGekz2)U($ZO@H$rIV}~Lbq<z^(1n*
ztHg@LO?3=~zm`NR6<9CQDW!bwYkB7}$Bv^xykuQmWI6>#fbR=R+;El^yTX;R^Hu!1
z*W%cpj;ytF&&wfISi4BfO%*8%^(CiZElno$-AeT>SN65>bh$tz6ihkiG*}&6b3Y;P
zi6O<Xt*^(p6D!QLXjmsO=83>k`yk|&<cEeL7V;`;)#MWXEX!LiRtOOM6DW=H7c;La
z0a{+{n6*vQYTm?Aa95+Igj>4Gn$pLJ5qY$B-iz*R7SAITaZ&zc@x0XI@7IV%KurX?
zOO45U63XXYfIVk#yFkQNu?(S@V$ov05IhY1Xq|7#-_(otK!_9v$E<%-tKXbO30x}*
zz+uif8`b^Ad~*6%jqOhytuFQWSDXci8OX-U_DAG=^!1zMIVZQ=S=*2tE+w=+eEd&b
zMoY)W5@*KwfUNu+i~htHPss;Rw+hTVwja(<&6{+WTvzO-<qWsyeP_d4&m5ySy(^IX
zss+|nFG+dPU2JshBc)(w^xUN;ETF7qM2)9^M*Vi7+oKf14;lFh0mbh0W%K3)Y<E{&
zw-uVo-^j~R0AIF0@r=jTv=9vx9cV*sU9)>O#=yfa#3@Zjcu`IEp6T<h>G_(AehmFi
z{oBGx?_cLWVOjs^GBO`~+l%o!y@Esc?cND??<XLqgsZVg8QF!3)zo`B1G!o(9yWN7
zKUGY1A$*Kg%FFDV{ZKOHf?WAwbHGQNi^DAX{baoEBZ{Rdle9S0*V<8@I|9S%P{i`$
zGru>04uA3Jk$D;tWZQkllqx{OM$O(*z%7!6F!abOfh#vn8><?aqCa{0;V@Ip6gb6p
zG{33R!X~lQjVDV(8J!snt6$od`#hZ@Kh;ddl)R#rICp7rGedj|iC8O>=doNh1M@}+
zE7K*9$*AH5s9bh5-cJb=v9aedB&_aNXFWpL7Bb)0<&QepFQ^Eecq@jLRI0|M_GvT%
zU%XOhPI2Tu^J&hC`9)mc4F#QA#;>w;{vX%*mth4xFRBBZaRY*pPvDXBH{&sV{>!;G
z=GO#`jO>i<?FH>c<dpU)DQT@FxIf0=vA><@h?I|hos=x!k`f$NV}US$=ML{d05Nkg
z0>S@)ehS5|5ruQuM)xoxCHng$4VQyd__;1Ubkj%?b#;~;Om*PY6^deBx>OOH^&sDo
z;>8#hmZm&C6pCHd?(_FdZrH9;5tdD>EbJzs{%^!|R%-l^hcr-f!ZhO`hGlN97g*-L
zxjroXkXKY}S4K4LIaf-MY9*v%)y(zMosGb&6S>W+B@7_@T^$KWCgJCmFRmFTP&t-D
zN1?6S%mAxqwO+<cY>i#7V`{-S`><OlZQtu#9A;~{8U8BOHC4dXK%k~H?zORS`O8fx
zvJhrmp8{LsI{gc_#_lv#fgaLqZC%7+;Ww#z!W9h{QLWF@I#)I=GzbgK4Xlr?tIodO
zA!23|oi9Fwq83mCh<zAEqXLn=5lN04@OQ8h=0gAO(#x*psBCVp&@gl2mc~d`uK-!k
z@Vdw*gJgiydAwPny|~oI)kpn#W66~qB?&RIPGveT1$(PrsiH59y=kMA$(n>eZ}w`}
zrs^I)8ke<X<Rv20Pn6H^D#<sMe7O2D63J#DSjB_iVzm46JZQKGBkDFkopv0`2qP_}
zn%llef56H|r|YQNy98(JN{+_Z%?a$w@MU-J*NN6caC-q1|A%gJ$^{P8KxY%EAwNNY
z`AMM0VEBEYrYr1P(d!KmnL|TN+U9ZK+I8@@uxMLhtkLjTlX5L!!3ccd2(A?48C9y(
z%;sm6GWfny<&ZX)+$Wz;le4)+T@gUDH0@7){QyC1N>e0#dc7?cLjpHD5$qD_&uVC?
z)a)wYgiAd2Rqd;xrT^oj1z%o+jJ-&Yg{b{63K9LjfXlHEsX+S}JrE+{_o<K^Y)JN}
z{`a>JA^UwVPBmGk1|j$t(1zFZB)P}NkX&ENPPUm9U(v=dB9&aX#B>pyDh{IYA~_Hz
z72vii0PCBYTK!(%53Z>*;K27gT3cG%I9neab!-RphDrl_{h%)%AKCAu$N!6M@+At`
zA4%h2;bH?FMghlP!KkJO(jEQ|`HA5S5|jPiRbPrla#XIL#0Rsu>YXZ5^g2cq4U`=5
zPmKZo+w6Rwu0L{NqP%{e`l88bW#aXawN07@iBTL682U!lEPH>@Wd(qU+S6)d+eAxD
z&IOtHa<;k~VtV{K2{WsUA@@ZiMl(Fpj5b_)TLj{pIJ31)`baH>1I0hkU6h4m!Qg<C
zQ7Noj(vytswXNF<bBRrx9t)XoLlJtmKuD1?L_6$^x=f2yK{&7kh`cDiU_yYvW-Sll
zls9F^1i4dy2QBkd2_LHF=DCCrF}cU4U00Hw#<uVK3vjQ`O7amX8r1Dd*}^O81(Q%|
zzIx>U+yonyX%{%QT5e-tB+>vyVcAhGge+gZgq{w7PZ&sX{W8wh2J~tLdIcVa2wpdV
zp5FN1*!P>UHr8+dlex8_m7|d{gT14Hk<C?ob8CCXYv$Jbn}NT%>*BX}Ie?AFaMi}h
z__Y7|pN~rRZB28#lE(FoR`@`jf~DyF{x@m$m-lo`-MIYFE6Q(IjY~_AJ?s92@wD+B
z8jaEONe(<ZlVH3c-C%6_8Wi&t(iA*|r9e?r?InNYo)?heHFks)PQDttsn;JAR^_O>
zVf9r!#Ld#DP<%^T{gj#jMenmGnTh2%=XK`|$kvpg)uC&<kMg3Vp@ld(tYb*GR~j~S
z<22}A2eHWqDVI`UewrMD#kyOE(XXIrhQCO5Cqbv;Gw<xV&Vumr*!mQBmL0M9F3M-k
z>C3~rx6a{hC_K5ExSg4JcW_zQG@M*$X)k?7Y0z;cS(KM<LP6(tx&4ma*cF0&pGV@!
zu{wMgo@*yR?-1SZzrO;fU+rwYf}H#$yG83amLKd=520XJFh1npf43w)BS#8ml@s8k
zBR#E*UmZgDe;fygjuhNfNMG6z9NbZ#(a>W0{11+V{VJOO-hU>a8(i%TavR@-tI)lD
zkyqf+MDAv;{JLc7UZ^AFbx6oWNIQFQrP$A=Qc$w&?|xD#3(D^+6}3mw6DT&}=-#sF
zVdiWO>2E_jOJSz~>#h4brVQ~WN3XV4F}S0Voz);t^h-U!iH-()^U+$9XntlPy%pM8
zqZX)dg&Otih?T@10IyBnfvQbPB#97Zm&Nl*5HC%D?vgumouL>30rdM|&en=Dw|-XJ
z7tst4Xc{wpg4*=jZj)GPo(q3eOm-K2eNLv4E|R0OJFlhFp7l1P&85AvX|=>^-3VqL
zP(D<Wp3Ni4&pT?1dV_{xWh<4BghEo+G<XtobUkP#aof2oQo1QGtapY0?^t;7lukq5
zXR5fzC(9@Kxe9ma0m^4cu2w7#L5L0NoVy{@Go;RoAu7*}5^6Hp0=(Jw`lfAl^`7@8
zE5P_N=xE9pTU>lnYy!oz7h>m~oRcOxqE<@<^LpTRiKpsodL;gi9qm4#8pZv)5^9)0
ztwrqDoHud%zC^4VUbx3X6!{m0NQQzzbSy*y5FQZcP>5(JKo1G2>VHa<I=B034<;kx
zT7jBJ>q}F3l7)1uagl=L*7+rR-<J|^GWoSb0}#A$4g^UD2$lh0eN(&NeCP|fc7%Wv
zCojv{SPKh+W7I_O2j)whs_K6-PW_XX_!65kgFqloAUhk!VQhN*^_#OpzB!}U+Qyn;
z|Jgr@MLS<usF^-IKSsUrSfCdue!-dN!R?5lQR=!|%*I>`S-Zv)rAZ6SJ<>w;)C>K$
z{RT2~HcIBJZf&^4!!JIl!IW3U{sbg4QuK_@xy8;~GkTNby*#e|WGl{+8Vorq8FJKB
zxt3NazG{-)@pq1U2+S<6*I*vbu3HU*c0N_#WEmAAh(xe79*B)rT4qF>4quy|>M0S*
zz3hrMu`c$&5{J9#@k>dU%Qi!;t`GE|JXV3urzy&iXWAY)kBaS-{TkkZ+-f7iDqm}x
zcP;fcWCCi_RuH7OMKa^YLyuy|akXx{qNv~zz+~VgwW=H_RCngFh13v+j$-d!w9>L1
zCcvh^+W!Y<K)YA<Klbq{MZfbte7r+1J?Iu@(oA?O@xsiitofvda+0~vQ-u}T8aAmo
z=Xws6mGmwF1hnlr$y-<6iEh0TH4|-wbVtvyAiFGO=3a{bJVZ_oo<$tT?CHH~w{Qrq
zUBG$rVKN+GV}&GJe>Xu=>z(k{v8-rY+*&6`H?=6xYSX=a@&2qg{!C}AlSMQ+m(lne
z>}uN){bVN`Ami`uhhf-f<Q>4BkpOVQJDgg^uW~g0AMXi&toFn@Bb$-7KI=VcGje*Z
zrS6Rq$eoUUrc^gG^1<Dx;je6#nvM8O;e+#{_(V6)B41PIWeLsObm`1Moe@z;vi!-~
z0P|h^m}=^=WLVJ@I6XKrjuy{5PB^gvJtVg~IV0{cQy00}znGR@9Lj(WzFX%?RTe@M
zwSHxd%*i{BQ}03GlWVRF8YMyHuVRonNX)7;L?qwYPkUr2OuBKFN}oeQ!4N}~?b5#|
zOZ&X{;o_4!{+%#Pbe%rB_b(|<?L3Lj%n~J_*ucecakDDDvFH7P7~8)eaLuhzL^~mD
zUh95?>$y#Q?!0RnWIKIrcXKK}-o$Hel!zyu=>e)>Aqvb}Jl@pv3MKD$RzXcOWwkNI
zdTshH^J!aLlb=iF#1Mr3OPUC#Lz{U6y)e%x*A)RxX8B2*jedfK4(l`1K!{d=diAbQ
zj-Mnx=PR3S-_RNAUyym?=Pm0E_0rO$&Hc??8Z__b&vj3H&DF_7&)rd$GjO)Zg50uS
z$E?rh8BDHsrA<Jz2(Ad{w4hLBFLk3H+))2GE@0VC+$QWP54e#g_-WNL@1i$}JeTa6
zMNr8{jhoO&E?d|zNRk@22(|;?JtHeJLgAbJSdi*b`QS?wbkz&vI0~}*7o#9<!O)Ax
zQP9_~yF$h$Hg?7&DsqzQB%;@Bjuy{+oBl_g^ZUq%X61fNG$-=;#W*5%ir1LFWwq>2
zGf0ur9G}qDOMf!CmZOd@=WpqSevto)5fH=(!1|`fUVz^l8iA`!2RJ<M<e-WNm6QB3
zSOzHz4n`h*369h`PX<T7*g#(bCJ=~uKh-b`+hM?T{1wOvVh6Gw{vN~0@r8rA>+c`(
zWmxae@?Mp~-(y~_^!Ttiac#rU0W@tu?FvP^%`9?_YIBZL0+N<qiffz^(y-^V1Y!@|
zT#dsDeU-AGN)}|dDA7lgcx+olW`-W#En6Cyh<J9vR9w>n=E1;XFGiw*Ql{M+&bR5)
z&=mzA*cjz%GnO8*WWOFJXNuk;N4nSjfasI!M4{HL!!YI=(E6aQz+ntIkkp&_u(cVC
z_iMrM{h-=!iDnGCyz2_D+_f;yD)HNaGm{#WxkcQZPRDfJ{@&gCs%QM|gdcYhF;V+k
z1O%+|*)muH$W*be=K70ox1a=sv@x~gM-i1UF|dlmxQ0gNwq@&*)L(z^m|5Rx<Jd=v
z(!^!c6R`<%p=GaS&pa|z9rwnwTiGqnI@6myQ4#DkE;XVe`+EC3z3T4^qgp_qM$BlF
zh%Z*SBdFTOF6(J)+CG!doe`74y^R)dg2|_r@tDbHE#E(ul%bu?5D7PzNytxzNYpvL
z=WfPBF&kuF;&6^(GzPL{EZEK{l^A=?59Dood;(YtsBdo@tkU>7dZ8W&fd&wWb7IZJ
zZ=N>+*XkDFJM79SgP98fX0F8%b2<LvQVF*GH_t<m?k_51`TFZGbNbI{8aJf30y*xa
zNT|>A;W{YTWF;yI(N<8}@m0h-mdns3dbA;pm1Q&ol$AtvE@W|*(@w+rLGF*kwF9a@
zi}y9&kj!<~Hl4Xw)K9A(trBJuhGen%>E-P?3;#4uP{-n)L*Dc7)J7K3*1@JZiq7+Q
z`zpdgElH$mipCPJJ$w3DrM_ellmbfp#x(vG!JkVR$dfgepvt|+m|hFHZZn?)I5z7&
zRhlA7#zmMA4<<w-{Pb?pn0WaPi<`A%m!|hEYaYsqE|GX_MKxzVlA-$$xyVf$otIE<
zqk8oPriZUY6e(7!TvJ8h>>u+8&AYm=)j){2Y%%z#DVfq;@t)l(Q<j!HpZ0s$>n6O~
zdHVwSk<x$Fm`S35+ZC$~;}MF1FHq7Qjo4kEPVW;C<*W$EWfBZHLBLbXcuc^vmfRl%
zL_Q+|f_AKaMnLxO3FsQd89l}xl~k3%9Pg4C88h&Tv>eM6=W@lB?ny66mFH7)7rOmX
zypRrrKn4g@I6*+O-%LQz&i?A|ZwUy--vu!K0*>&<{!ieK9z+MEIlPDT2R-JiQN2Hd
zUx!weOw5b<&AgEifjxRh)>N&#L`F+(iroY=skVbdsc==Ls)82&5fMt^j$4x(-i|6x
zJB%NR*89)rKgCEb$j=>8QMvD`3ei3h{K%<ZkJfW^Ge`UNn!DE=Uee2V5jMO{BeihI
zZ}MxLLfEmgx9H~uZ=L6^cQxsyGq1BlEg(I0L=5liQ1Z9Oka&e-K-aV|Sj^>5c17NM
z-B!8RK3DeP;Q;keqk2Xzu=yzB3~{OxRAqC&U+BdWuJ=uJ3ly8WscvR;Ei(&sV5vEC
z-WAmcpW~q-s<#|LSJ$)ohkDCKbiVMl5yONiq<8z3FI-=v2@>R4Zk4sVP=`FmCnP$I
zx~X!0Va;O=q|37}ogejqU$b<4(zUQO*E{HMtjDLIDop3t<HR2ClM(T($Ozi80G!+f
zeOeih$#~X!{9}v*;jG$>qGaG?n>|*NtKJm^aaL>un3pS*3=9pa34hgQ1*)NvH3_j&
z&(43gxM6)C9&a%$VfwLBj%*+Og?m_O_m_vaIV98bxi-2p-vR3&mnJcdvp+i%b&O&Q
z)gZDHNX)MZXW=kOMTmq-GI__K-JF`#&TV3{>`Zv)-Z^<KR?yT_aHNs+;Tj<zTbR7m
ze2nllVVrjD^{U+sTE=#(ah^ZC3H;f36L?Zcrk{8dV~g*-Nz8_4EmEnlKr@H0BULq9
zoh^mVL%o)ZCM6Y4G3OH|@i2!%&-vZ(f;$ib5D>_G!kcLSUT*@f6(iv2*j6P+0}EqA
z2SF=`qm3G9V5j2p#i<xu{PpF>AP|Uoe@2J(XsqJs>o@BrL`4tZLcxzFu|M(bKXWIG
zHhHtd+|TO=EgXa2l4eKHmqWdnl$vVD<FX6M(tBavnl3zUmkBDza<pn}-gqMMc-GS&
zfx68VQCyezb~|pN6MD)+O?OEQY}HFT@w`owJbYumR)F#`IXJ8PX010a=cW1vUM;Nm
zd}ZuE2&ef_vDmgnK0p&{L)8GibC`6X<<Om60qP!1AAsEnCJ@~ljgIm6&#T<c)g7D6
zxWhnJc8i*C@pdfUeCwsxIGcrI#nEr+KVlZ8$BBK?@+Q2)1(%{^{}jOrx&FOv(Ss=2
zx=Kg+RW#eYgklQyYS_TK&Ym7g!`;2rorEx3$s+b=LBO%*w^ceGHz4VvkW@Me90-Oh
z+=?LN&79ugSdYn0OR3#kiEWcz-IvUdwEtI48)5y*p=qk%5vGSPo!H(CeNV#`+kF<o
zo)HVdU4Q{_f`zA+@tB2YEx<qg2h16@8Qd1{?#VWj5q1-@z5w$m_@e*HQxe?)+&J>m
zui7jx3Uy2&IP4Xfb}Zhx%n}K*8C;4y&uIB2z+QKg=+<<b^Erh6KsKbP&sf7#k)~;i
z{K5EceJTsBR=xaHxKNJ?qubtjL|&W-twy`@)L+6OL`N*--8Hw~baQM|IHYmr5x$%3
zOtO9I6oqXVkQ<Y#*~X}NEDr<8yc}J%<nGg<{NX>K&&Gd{+ipew#D8FxeD6QRdLbT5
zls$kZnE1dhi#EHIFOIE*n-$2NpC-*WG3rwFcGyqYpVSNLKnSdWK<yL$!|wO`4{)ub
z0N?BdXRx+$&@gs5*zX7SAQWH^68go1V3zz94?+TV8Js|Nu+v~;;R14M;-N7EIlle_
z_+OZS42O479c{{Gkh5_h0Y8`I;K9H2c9PizCp?@^no46=+>>tc3htJtuhJI9a%Hb!
zby9T&^Vrk-`g+nA<rjyS%5I3seCmEW2LZW9&qB)<rD}MQVE{Cfeeq^C7g>iSi<*5o
z={Te(k#gz92+Pa;*SSX0Tb3}ISJuZ2)+q5uM!evtR%a?UZ%#?7T;YU9vL@p#4Z!F;
zbSGv&lLLB!-3cKO|A#xYe~Vj*qj;@i*Un|uaOv6o71Ge@tBJNs%goTm24TWV<Zo=l
z#qCfHc9hrhCl(R$HKko@?wxzuZeXx6!AUunGBZOVF=C{~O=tg#da)@o-p`DnF(l+l
z3I5|pK*8Y(J_H6Qw5WX3GK!FA95F~)T9+tAg6dr<2H0^iIjw@KHhiGUhxe8Aqb~6`
ztX-FLu6}r$xBeMU*waWCc%K5__q6-8gghf!f;-86*067Ad1@JtX?fO~{6b4}FNkAW
z8vUEJG)f^prsdaX$e&{QZ|6NQi@&GnfE-Tr?!C%{3Jhs9eY7P89uavL)=UHMN6D~0
zOO&0Qt5j$={MEex&R=E|2>@8%)Yj!UQ`9JB|2V0GjnaR>^N-0yVK74Tju2XW5~07)
zHb=qv7m|Kid3F31$O>Wx0uO(S_SE?zaPdf7!4Ejx3Hui&5g){62i<GJAYZ}{X}uu=
zv87^uxmmr}rE@~B7@-%-cl#~}b8+Fvaw<Ju9AO%Ay!#>suHi8VHM(1S?2PnNgll<`
zH=Y`GhrBnlzcP#%%I@t3GktgDS*^%(<+qK{N!!h8Jg;LM1_%k9S7dnTRKsl+<hr;D
z^-%+cTv>-L&Q;hPveg=BbuhjGW-BR>*!w)V8sJ(SRN`NnLPWeq&!Ty|X_@_o|6=7`
zT0DkT(wf_G<sY$`5irej{cV{aq73Hj2=CCLLU_|<m^D<HbAgtx+HOio+DjXmMocQ$
z3?X8F4x`j?51yyjOo&SQP}?tc`9ga>Gx@UA<MjNn&~fO3P<Z{Q;p*${YaMK^t(xb<
zn)Nm%<^ze)g(nWT^8I2r`g?MCV8G!Cj12q?FT$XrvHJw&xp?UvFnn*E6?=_R&I3-c
z_tYXDv-hkudlad9o>8ExEz9$>K(*+UTola(bWR`6r(wUDTp*_kdf%_e=}iJ>A7^qU
zPi+HZ=ZQPCXPuwT^`m)1j1zIH(QhWKwk$W`JHqbI8$#@XKW0aGE&BBcmHlLd%Kl3Z
z>re4n2BMOC2D%fJ4LdCVRLV5XZQb%!br-?s<(zV<7muxiQa8&JR9?M$ANtAa3XMHZ
zwB9hO;_9dH)LYU#i+2L6$fr@JI`#4(pu8QcsFVk&QQ9D>n#SlNsP=-E(eJVPe==7I
zBlWn4KR$<2N$yE1kjQRI<R+pziqrnSejL;;@A_}d8Y<x2iCcakPF2~?Mc7AXc1Z$W
zY61ee6qc^dCx0hW`xf;_e}!g`fgHetoe}Jb=XQvT(6VzE7SL#)EcSm2r8I`C+S=_3
zi=~d~4OfbhYiV?7XwDy}is4RWxy7oACZSsE{?3yupvKlrp=(5UHag6vjN07h3G1@1
zF0b^Slc4IpJboneUoqsB1i@>wGD{;<>0Z!G1-Wmu^nKrg!RK*S;M11n0-ONfsYN^n
z-&w2eXjsGjteQ-!!uDj7y^W{3IrlcXVhvu*Sh_Yk$|xU}>Z>MOjS;HDclNBWjbjwZ
zoXU~8tk-}b*1a)OACoOj3PU@b$++%cZniBv{g`ayqZC;S9AZ;%-+35{;Ynhx?CY6~
zDD;=(nU^KlSRhM~%S;N9h-#iSAyO=f=dMiGk~!DsLPw63V8XoqtZISDl0_KGY}&2G
zgiUO6#qi#%K89O-Jx9L6?TmZ{zjXG`d_}?czJfe1W{oJ~CQBDiaO5n?j7SNNZRfN;
z3n0F?33`6GAW!Ckz@|T}>(LCW)W4fs99*d^z)4>Lj>8GTj>7lIQ55{TqhLGfDA>Nu
zD*pFJFd9ts(ahapg5J{WKg6ZzL=N_s(%BSFj9!(%m~UQh_oR0|XTxQuW!<Ixp>3Gr
z5u_6l_x#(3Icva}tHo_1oXl+<uS{U#?nUsRx1gIknQfF$M6Ag$g;q=kHc846_3Jcc
zXY}p5C69;3(Yqq`LE_5Hb3T`U%ykXNEqAVx-;?z85sa^*?B5<=D`?(Kxrb{sxEqF%
zhHG=aw^iG^SU)))TO^&w_jS+XP3J|imX_UmgD5rQ64`U}yHee0aJ&w-&x+qrbBab%
z@9CV^%869x?~-XHbZ5Zb6*H)5m!P#|>!?|ZrIWDf8@5FWH<^EdVwk3QJ!)A#zVep7
znHOHGN);Q#MCQE^V)T98{7C<Q-N+p<;b_B+P^1o^_q?sePhob{lx~7~=yFy(<d@C_
zoZ#W9MLg!=Su64A)L-YbIrWz;;)dE^KK0jv?t3!c*5auNIcHm$(&kWlC3fUFGnbAE
zY$;o|>ojCQYoLlkKth!Xzz66>c~)B#)8~PJlM69VOZsvwiT~@VgZ|irLUdO9x1*n>
zpR`$riQ<Y2$TIXXEKm7+@8@`}cgWs+y>x6HuRC9sNdSO2E%|^dVuEgz@*G<@#=_+I
zD^iW<51%E3qj)`yy<jubVPhDpP^t9**qpSp^csmEvN1q4uS15JIxNYJj+YPIW8l=Y
z?(j5O`?VwZc=Wu3pje(xxjq_zzUX@|RrOAP9K*ZMz1yhoFld7?AO?76)1KS<KCVm3
z&Vj;))+yIj(!B3oR?o$<;5EQfP}`l7Cnq9&t0Jx8MHMd0xM|Yree=X(gQfW30m&{W
zVaQcw^7qT$7{xtL20+dE9+xlMzV$Tst#0v6Z+B@_!uW(fPHr$1e8ZP$%`|d*#ZZsL
zP^8!Kk<fcmVB`wIkh$TKHW8vS<8V60ahiC-GqM>dZJP9?%?dk5P`svFa9Z^;ZhCkM
zGblGVeZARhkcdBCz#gAc436v40J*p|jk<Am$K~P4_RS%!2T?S^Q_GDPhg!%J@mDsD
zMXz!$LHYF9t3c&i#=6u`$&b<~7ZYyNiBEJ~pIO;a8%>wmPOQB;<y{$uOl7THV|$hD
zX4y@D%xSB%!qqD+;UB1*E;cuqjb<B4U$abo-p~_?#=EJx&A!qX`w~YcX)9Wb8hhTI
zAM}uZ%^UO0|C{Vw=}!ume6}+@w9e-H9COA!!Mv++@}jwuc4_c1oG9)8clhZE{>Xm`
z3Wf>47u;al!nWh=qT9DWd!I};zkm94{TjEh`)zug>x}(gtk-!h#X9o}>+Jd7ifx;&
zX3v#xT*Q@Ia4@5pR~kOSCp9o_VZ*xpvk0_>b+C+^Tq=3cnZH=kGOe}mrB2rd*{0WV
z7tLR<ec^h+s({t<={&8}<dU|!MoHKio-Xt~`yS}4nGE2@a53muI`9ymt1GZIJOi}k
z8rmAxA!^tJb|#Inp{1d@fidh%8W<Pl_;N>J<1r((h~)F0mu@_KsNvf~&j_}-XCj;(
z#t&wEiE?9`tf8x@D*N%Of0SO?Hlw<NqRu16-ws{)+7;J*;o;SV{GTNPjEdAAZ7;Z9
zlwqHkS8m(&KSa~T+V=Tv*6PJCEZ){Lul;f6%;NZ_Ra{ru9&f0BW;^wm?U{mg!ImPM
znz<U9Bi6QD71qpp`olLwWM!gzaKY#EQ)1rcebe6fxL$wXm)M0nVzajuCcoubv2pUh
zb5BeB1SWd2Iu~DGylUI!_~*iL;?oNZ-!q*1et3!ebncIKt~)lZ$~7~bYf$t3v96@8
zrOCS;$!=Qjgr|y~*wgd-arA*}hvieas*b!_w4h`%Q;newpUC713aMt58)65+-rxKl
zxBRnnx|}MWFVwJEIA8vuqhqiQ8<W71mGa8}^qwr5n>hQy;--ch)fckA9}MZyJluWs
ztjDph0R=6Y77M$073)8n%nyo8kMZYK*rn{w-}HRz*&;8_tv%L{)@Hi#f8k8dT5!#@
z<bGen`=u%#E9xfwJh*Y;f2ZlW-h1xHvsg8Ff>JH6>_<!*TN4^ocywERbvIw-R>dP%
jb^rD790gSc5(8Bg)a{?afL0Y?btBU3;Rw$Kkg5Oxw7OZb
--- a/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
@@ -22,98 +22,74 @@ struct BadCertHost
 {
   const char *mHostName;
   const char *mCertName;
 };
 
 // Hostname, cert nickname pairs.
 const BadCertHost sBadCertHosts[] =
 {
-  { "expired.example.com", "expired-ee" },
+  { "expired.example.com", "expired" },
   { "notyetvalid.example.com", "notYetValid" },
   { "before-epoch.example.com", "beforeEpoch" },
   { "selfsigned.example.com", "selfsigned" },
   { "unknownissuer.example.com", "unknownissuer" },
   { "mismatch.example.com", "mismatch" },
   { "mismatch-CN.example.com", "mismatchCN" },
   { "expiredissuer.example.com", "expiredissuer" },
   { "notyetvalidissuer.example.com", "notYetValidIssuer" },
   { "before-epoch-issuer.example.com", "beforeEpochIssuer" },
   { "md5signature.example.com", "md5signature" },
-  { "untrusted.example.com", "default-ee" },
+  { "untrusted.example.com", "localhostAndExampleCom" },
   { "untrustedissuer.example.com", "untrustedissuer" },
   { "mismatch-expired.example.com", "mismatch-expired" },
   { "mismatch-notYetValid.example.com", "mismatch-notYetValid" },
   { "mismatch-untrusted.example.com", "mismatch-untrusted" },
   { "untrusted-expired.example.com", "untrusted-expired" },
   { "md5signature-expired.example.com", "md5signature-expired" },
   { "mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired" },
-  { "inadequatekeyusage.example.com", "inadequatekeyusage-ee" },
+  { "inadequatekeyusage.example.com", "inadequatekeyusage" },
   { "selfsigned-inadequateEKU.example.com", "selfsigned-inadequateEKU" },
   { "self-signed-end-entity-with-cA-true.example.com", "self-signed-EE-with-cA-true" },
   { "ca-used-as-end-entity.example.com", "ca-used-as-end-entity" },
   { "ca-used-as-end-entity-name-mismatch.example.com", "ca-used-as-end-entity" },
   // All of include-subdomains.pinning.example.com is pinned to End Entity
-  // Test Cert with nick default-ee. Any other nick will only
+  // Test Cert with nick localhostAndExampleCom. Any other nick will only
   // pass pinning when security.cert_pinning.enforcement.level != strict and
   // otherCA is added as a user-specified trust anchor. See StaticHPKPins.h.
-  { "include-subdomains.pinning.example.com", "default-ee" },
-  { "good.include-subdomains.pinning.example.com", "default-ee" },
-  { "bad.include-subdomains.pinning.example.com", "other-issuer-ee" },
-  { "bad.include-subdomains.pinning.example.com.", "other-issuer-ee" },
-  { "bad.include-subdomains.pinning.example.com..", "other-issuer-ee" },
-  { "exclude-subdomains.pinning.example.com", "default-ee" },
-  { "sub.exclude-subdomains.pinning.example.com", "other-issuer-ee" },
-  { "test-mode.pinning.example.com", "other-issuer-ee" },
+  { "include-subdomains.pinning.example.com", "localhostAndExampleCom" },
+  { "good.include-subdomains.pinning.example.com", "localhostAndExampleCom" },
+  { "bad.include-subdomains.pinning.example.com", "otherIssuerEE" },
+  { "bad.include-subdomains.pinning.example.com.", "otherIssuerEE" },
+  { "bad.include-subdomains.pinning.example.com..", "otherIssuerEE" },
+  { "exclude-subdomains.pinning.example.com", "localhostAndExampleCom" },
+  { "sub.exclude-subdomains.pinning.example.com", "otherIssuerEE" },
+  { "test-mode.pinning.example.com", "otherIssuerEE" },
   { "unknownissuer.include-subdomains.pinning.example.com", "unknownissuer" },
   { "unknownissuer.test-mode.pinning.example.com", "unknownissuer" },
   { "nsCertTypeNotCritical.example.com", "nsCertTypeNotCritical" },
   { "nsCertTypeCriticalWithExtKeyUsage.example.com", "nsCertTypeCriticalWithExtKeyUsage" },
   { "nsCertTypeCritical.example.com", "nsCertTypeCritical" },
   { "end-entity-issued-by-v1-cert.example.com", "eeIssuedByV1Cert" },
   { "end-entity-issued-by-non-CA.example.com", "eeIssuedByNonCA" },
   { "inadequate-key-size-ee.example.com", "inadequateKeySizeEE" },
   { "badSubjectAltNames.example.com", "badSubjectAltNames" },
   { "ipAddressAsDNSNameInSAN.example.com", "ipAddressAsDNSNameInSAN" },
   { "noValidNames.example.com", "noValidNames" },
   { nullptr, nullptr }
 };
 
 int32_t
-DoSNISocketConfigBySubjectCN(PRFileDesc* aFd, const SECItem* aSrvNameArr,
-                             uint32_t aSrvNameArrSize)
+DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
+                  uint32_t aSrvNameArrSize, void *aArg)
 {
-  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
-    ScopedPORTString name((char*)PORT_ZAlloc(aSrvNameArr[i].len + 1));
-    if (name) {
-      PORT_Memcpy(name, aSrvNameArr[i].data, aSrvNameArr[i].len);
-      if (SECSuccess == ConfigSecureServerWithNamedCert(aFd, name,
-                                                        nullptr, nullptr)) {
-        return 0;
-      }
-    }
-  }
-
-  return SSL_SNI_SEND_ALERT;
-}
-
-int32_t
-DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
-                  uint32_t aSrvNameArrSize, void* aArg)
-{
-  const BadCertHost* host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,
+  const BadCertHost *host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,
                                           sBadCertHosts);
   if (!host) {
-    // No static cert <-> hostname mapping found. This happens when we use a
-    // collection of certificates in a given directory and build a cert DB at
-    // runtime, rather than using an NSS cert DB populated at build time.
-    // (This will be the default in the future.)
-    // For all given server names, check if the runtime-built cert DB contains
-    // a certificate with a matching subject CN.
-    return DoSNISocketConfigBySubjectCN(aFd, aSrvNameArr, aSrvNameArrSize);
+    return SSL_SNI_SEND_ALERT;
   }
 
   if (gDebugLevel >= DEBUG_VERBOSE) {
     fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
   }
 
   ScopedCERTCertificate cert;
   SSLKEAType certKEA;
--- a/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
@@ -105,16 +105,229 @@ WriteResponse(const char* filename, cons
   if (rv < 0 || (uint32_t) rv != item->len) {
     PrintPRError("File write failure");
     return false;
   }
 
   return true;
 }
 
+template <size_t N>
+SECStatus
+ReadFileToBuffer(const char* basePath, const char* filename, char (&buf)[N])
+{
+  static_assert(N > 0, "input buffer too small for ReadFileToBuffer");
+  if (PR_snprintf(buf, N - 1, "%s/%s", basePath, filename) == 0) {
+    PrintPRError("PR_snprintf failed");
+    return SECFailure;
+  }
+  ScopedPRFileDesc fd(PR_OpenFile(buf, PR_RDONLY, 0));
+  if (!fd) {
+    PrintPRError("PR_Open failed");
+    return SECFailure;
+  }
+  int32_t fileSize = PR_Available(fd);
+  if (fileSize < 0) {
+    PrintPRError("PR_Available failed");
+    return SECFailure;
+  }
+  if (static_cast<size_t>(fileSize) > N - 1) {
+    PR_fprintf(PR_STDERR, "file too large - not reading\n");
+    return SECFailure;
+  }
+  int32_t bytesRead = PR_Read(fd, buf, fileSize);
+  if (bytesRead != fileSize) {
+    PrintPRError("PR_Read failed");
+    return SECFailure;
+  }
+  buf[bytesRead] = 0;
+  return SECSuccess;
+}
+
+namespace mozilla {
+
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPRDir, PRDir, PR_CloseDir);
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPORTString, unsigned char, PORT_Free);
+
+};
+
+void
+AddKeyFromFile(const char* basePath, const char* filename)
+{
+  const char* PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
+  const char* PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
+
+  char buf[16384] = { 0 };
+  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
+  if (rv != SECSuccess) {
+    return;
+  }
+  if (strncmp(buf, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER)) != 0) {
+    PR_fprintf(PR_STDERR, "invalid key - not importing\n");
+    return;
+  }
+  const char* bufPtr = buf + strlen(PRIVATE_KEY_HEADER);
+  size_t bufLen = strlen(buf);
+  char base64[16384] = { 0 };
+  char* base64Ptr = base64;
+  while (bufPtr < buf + bufLen) {
+    if (strncmp(bufPtr, PRIVATE_KEY_FOOTER, strlen(PRIVATE_KEY_FOOTER)) == 0) {
+      break;
+    }
+    if (*bufPtr != '\r' && *bufPtr != '\n') {
+      *base64Ptr = *bufPtr;
+      base64Ptr++;
+    }
+    bufPtr++;
+  }
+
+  unsigned int binLength;
+  ScopedPORTString bin(ATOB_AsciiToData(base64, &binLength));
+  if (!bin || binLength == 0) {
+    PrintPRError("ATOB_AsciiToData failed");
+    return;
+  }
+  ScopedSECItem secitem(SECITEM_AllocItem(nullptr, nullptr, binLength));
+  if (!secitem) {
+    PrintPRError("SECITEM_AllocItem failed");
+    return;
+  }
+  memcpy(secitem->data, bin, binLength);
+  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return;
+  }
+  if (PK11_NeedUserInit(slot)) {
+    if (PK11_InitPin(slot, nullptr, nullptr) != SECSuccess) {
+      PrintPRError("PK11_InitPin failed");
+      return;
+    }
+  }
+  SECKEYPrivateKey* privateKey;
+  if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, secitem, nullptr, nullptr,
+                                               true, false, KU_ALL,
+                                               &privateKey, nullptr)
+        != SECSuccess) {
+    PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed");
+    return;
+  }
+  SECKEY_DestroyPrivateKey(privateKey);
+}
+
+SECStatus
+DecodeCertCallback(void* arg, SECItem** certs, int numcerts)
+{
+  if (numcerts != 1) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+  SECItem* certDEROut = static_cast<SECItem*>(arg);
+  return SECITEM_CopyItem(nullptr, certDEROut, *certs);
+}
+
+void
+AddCertificateFromFile(const char* basePath, const char* filename)
+{
+  char buf[16384] = { 0 };
+  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
+  if (rv != SECSuccess) {
+    return;
+  }
+  SECItem certDER;
+  rv = CERT_DecodeCertPackage(buf, strlen(buf), DecodeCertCallback, &certDER);
+  if (rv != SECSuccess) {
+    PrintPRError("CERT_DecodeCertPackage failed");
+    return;
+  }
+  ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                                     &certDER, nullptr, false,
+                                                     true));
+  PORT_Free(certDER.data);
+  if (!cert) {
+    PrintPRError("CERT_NewTempCertificate failed");
+    return;
+  }
+  const char* extension = strstr(filename, ".pem");
+  if (!extension) {
+    PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+    return;
+  }
+  size_t nicknameLength = extension - filename;
+  memset(buf, 0, sizeof(buf));
+  memcpy(buf, filename, nicknameLength);
+  buf[nicknameLength] = 0;
+  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return;
+  }
+  rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, buf, false);
+  if (rv != SECSuccess) {
+    PrintPRError("PK11_ImportCert failed");
+  }
+}
+
+SECStatus
+InitializeNSS(const char* nssCertDBDir)
+{
+  // First attempt to initialize NSS in read-only mode, in case the specified
+  // directory contains NSS DBs that are tracked by revision control.
+  // If this succeeds, we're done.
+  if (NSS_Initialize(nssCertDBDir, "", "", SECMOD_DB, NSS_INIT_READONLY)
+        == SECSuccess) {
+    return SECSuccess;
+  }
+  // Otherwise, create a new read-write DB and load all .pem and .key files.
+  if (NSS_Initialize(nssCertDBDir, "", "", SECMOD_DB, 0) != SECSuccess) {
+    PrintPRError("NSS_Initialize failed");
+    return SECFailure;
+  }
+  const char* basePath = nssCertDBDir;
+  // The NSS cert DB path could have been specified as "sql:path". Trim off
+  // the leading "sql:" if so.
+  if (strncmp(basePath, "sql:", 4) == 0) {
+    basePath = basePath + 4;
+  }
+  ScopedPRDir fdDir(PR_OpenDir(basePath));
+  if (!fdDir) {
+    PrintPRError("PR_OpenDir failed");
+    return SECFailure;
+  }
+  // On the B2G ICS emulator, operations taken in AddCertificateFromFile or
+  // AddKeyFromFile appear to interact poorly with readdir (more specifically,
+  // something is causing readdir to never return null - it indefinitely loops
+  // through every file in the directory, which causes timeouts). Rather than
+  // waste more time chasing this down, loading certificates and keys happens in
+  // two phases: filename collection and then loading. (This is probably a good
+  // idea anyway because readdir isn't reentrant. Something could change later
+  // such that it gets called as a result of calling AddCertificateFromFile or
+  // AddKeyFromFile.)
+  std::vector<std::string> certificates;
+  std::vector<std::string> keys;
+  for (PRDirEntry* dirEntry = PR_ReadDir(fdDir, PR_SKIP_BOTH); dirEntry;
+       dirEntry = PR_ReadDir(fdDir, PR_SKIP_BOTH)) {
+    size_t nameLength = strlen(dirEntry->name);
+    if (nameLength > 4) {
+      if (strncmp(dirEntry->name + nameLength - 4, ".pem", 4) == 0) {
+        certificates.push_back(dirEntry->name);
+      } else if (strncmp(dirEntry->name + nameLength - 4, ".key", 4) == 0) {
+        keys.push_back(dirEntry->name);
+      }
+    }
+  }
+  for (std::string& certificate : certificates) {
+    AddCertificateFromFile(basePath, certificate.c_str());
+  }
+  for (std::string& key : keys) {
+    AddKeyFromFile(basePath, key.c_str());
+  }
+  return SECSuccess;
+}
+
 int
 main(int argc, char* argv[])
 {
 
   if (argc < 6 || (argc - 6) % 4 != 0) {
     PR_fprintf(PR_STDERR, "usage: %s <NSS DB directory> <responsetype> "
                           "<cert_nick> <extranick> <outfilename> [<resptype> "
                           "<cert_nick> <extranick> <outfilename>]* \n",
--- a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
@@ -22,17 +22,17 @@ using namespace mozilla::test;
 const OCSPHost sOCSPHosts[] =
 {
   { "ocsp-stapling-good.example.com", ORTGood, nullptr },
   { "ocsp-stapling-revoked.example.com", ORTRevoked, nullptr },
   { "ocsp-stapling-revoked-old.example.com", ORTRevokedOld, nullptr },
   { "ocsp-stapling-unknown.example.com", ORTUnknown, nullptr },
   { "ocsp-stapling-unknown-old.example.com", ORTUnknownOld, nullptr },
   { "ocsp-stapling-good-other.example.com", ORTGoodOtherCert, "ocspOtherEndEntity" },
-  { "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA, "other-test-ca" },
+  { "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA, "otherCA" },
   { "ocsp-stapling-expired.example.com", ORTExpired, nullptr },
   { "ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA, nullptr },
   { "ocsp-stapling-none.example.com", ORTNone, nullptr },
   { "ocsp-stapling-empty.example.com", ORTEmpty, nullptr },
   { "ocsp-stapling-malformed.example.com", ORTMalformed, nullptr },
   { "ocsp-stapling-srverr.example.com", ORTSrverr, nullptr },
   { "ocsp-stapling-trylater.example.com", ORTTryLater, nullptr },
   { "ocsp-stapling-needssig.example.com", ORTNeedsSig, nullptr },
@@ -47,17 +47,17 @@ const OCSPHost sOCSPHosts[] =
   { "ocsp-stapling-delegated-included-last.example.com", ORTDelegatedIncludedLast, "delegatedSigner" },
   { "ocsp-stapling-delegated-missing.example.com", ORTDelegatedMissing, "delegatedSigner" },
   { "ocsp-stapling-delegated-missing-multiple.example.com", ORTDelegatedMissingMultiple, "delegatedSigner" },
   { "ocsp-stapling-delegated-no-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerNoExtKeyUsage" },
   { "ocsp-stapling-delegated-from-intermediate.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerFromIntermediate" },
   { "ocsp-stapling-delegated-keyUsage-crlSigning.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerKeyUsageCrlSigning" },
   { "ocsp-stapling-delegated-wrong-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerWrongExtKeyUsage" },
   { "ocsp-stapling-ancient-valid.example.com", ORTAncientAlmostExpired, nullptr},
-  { "keysize-ocsp-delegated.example.com", ORTDelegatedIncluded, "rsa-1016-keysizeDelegatedSigner" },
+  { "keysize-ocsp-delegated.example.com", ORTDelegatedIncluded, "rsa-1008-keysizeDelegatedSigner" },
   { "revoked-ca-cert-used-as-end-entity.example.com", ORTRevoked, "ca-used-as-end-entity" },
   { nullptr, ORTNull, nullptr }
 };
 
 int32_t
 DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
                   uint32_t aSrvNameArrSize, void *aArg)
 {
index 3a9b8fa9bc0418d36bc7ea8c66727483a02c25d3..7f89b7e37c393fcfaad3d327f859be9ea460c135
GIT binary patch
literal 640
zc$_n6VyZD{Vtl%QnTe5!i77tZfR~L^tIebBJ1-+6H!FjIkfDG99~*Nh3$rkLNNRD3
zg0rK6oH(zciJ^g!fq|Kkp^15vIIjsZ*Fefp!axk7haarRH7`XsHLoPIq|%^qKC%sr
ztPISJy$lA8olK353@4wKyk?9l%6a}ad-F?U$>}R6{hjpYT*<-dSB~i!bsykW{^GJ%
z$I&}ya;9K~{JV+PS<%O8*p?}qp7)z?YJ8Qw<4C`YvmVE*R^8i9ohJ)cY9wnOoE`Ny
z?d!txeV#fs$8We^7rXVRnd7ngmQQn*`G2f!-zR3OrXlr?XUQ(l|AnhWnV1<F7#BC*
zFlfAL&^Q6;0a-zo#twtV)+WxJ{N%)(jQrw~CSEPQ)QZI1f}B*n<ow(wQ7yfK%)GqJ
zymS;{4K2OQyyTqHlvLf~(xjC9+{DbhVq7XyD~M5PV8q6u&Bn;e%Ff8hqGq6CpakO^
zFt&+hl#~=$>FdMYX=MQf`UX58UkEcY{%2t_U_gsoW?+z;B!Ai4fAFqA?{V`v_MMfs
z;%T=h%{_5WXyJzX#WH+q%4&8`lm8m6J5X42**M&x@%XEoaSR)?>ib#6s;}-3&6&;h
zM=EXR_u#{qKX`g;M`&m^>gayfzL~048<WqphSAnV>psi5o3?HfuJ7`?rqp5B`Nv<z
SM|b7&S&!V=9(i2}5d;7=)Z}RZ
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/default-ee.key.keyspec
+++ /dev/null
@@ -1,1 +0,0 @@
-default
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/default-ee.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Test End-entity
-extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/delegatedSHA1Signer.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Test SHA1 Delegated Responder
-subjectKey:alternate
-signature:sha1WithRSAEncryption
-extension:extKeyUsage:OCSPSigning
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/delegatedSigner.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Test Delegated Responder
-subjectKey:alternate
-extension:extKeyUsage:OCSPSigning
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/eeIssuedByNonCA.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test End-entity
-subject:EE Issued by non-CA
-extension:subjectAlternativeName:localhost,*.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/eeIssuedByV1Cert.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:V1 Cert
-subject:EE Issued by V1 Cert
-extension:subjectAlternativeName:localhost,*.example.com
new file mode 100644
index 0000000000000000000000000000000000000000..fd9e7e9e940b712ac7337700a8ce57a600e05625
GIT binary patch
literal 531
zc$_n6V&XSwVysxe%*4pV#1tQ6z{|#|)#lOmotKf3o0Y*p$WXw5kBvE$g;|(AB(=Ci
z!P(J3PMp`m(7@ctz`)GN(9|GGoYxSUYoKJPU?2z4Bko#JkXe+Pq5#(GnwO%Rnpcup
zQfbgQAK4~GRtDzAUIv54PNv32hWnZPJytgyQ#s$bd#^dutkrYkvQNV9Eew6SyS>ie
z7dMhyH6u)>?hx1Jg2{F~SEH^w%<q1GZ+lh098<YSyHks5>!N3uuW)^?^pCmsu#v}F
zMJ6fcf<^SXAVZGN?kCspNjFJ({mcC9jGjgXpNp(-3KguLt+f8Tl*uG=>V|n-dFD@<
zm>C%u7pE8`fqfw>$Rcha+9aF`@rhn)MPhD2PO4sVey)KL8;3R<BP%OABO{BNfr^0=
zjBmi$CYDiBQedU8pOc@Qn3IuTTw-Mb1o{R%ATxy-8UM2|88Dy)H#5-p^0&`i$e6Tr
zrP@;Ibp5@~3l|4W_IF8DRN?r4Lti{Gz(e-uiue90Uut@<T}<2CcFy|ZmC)D#Egw^v
zNgD+JT;z&UR$WrJ`GtleQ`5~O7j(6*uaENc<G;KA#%=K_Y$aE<J>I8G5cOy{Gs$0u
c_v*&L8&kF}-FEI|g75M0&MVjdOmbfd0J<NzZU6uP
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/expired-ee.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Expired Test End-entity
-validity:20130101-20140101
-extension:subjectAlternativeName:expired.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/expiredINT.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Expired Test Intermediate
-validity:20110101-20130101
-extension:basicConstraints:cA,
-extension:keyUsage:cRLSign,keyCertSign
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/expiredissuer.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Expired Test Intermediate
-subject:Test End-entity with expired issuer
-extension:subjectAlternativeName:expiredissuer.example.com
-extension:authorityInformationAccess:http://localhost:8888/
new file mode 100755
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
@@ -0,0 +1,354 @@
+#!/bin/bash
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# Usage: ./generate_certs.sh <path to objdir> <output directory> [--clobber]
+# e.g. (from the root of mozilla-central)
+# `./security/manager/ssl/tests/unit/tlsserver/generate_certs.sh \
+#  obj-x86_64-unknown-linux-gnu/ \
+#  security/manager/ssl/tests/unit/tlsserver/`
+#
+# The --clobber switch is optional. If specified, the existing database of
+# keys and certificates is removed and repopulated. By default, existing
+# databases are preserved and only keys and certificates that don't already
+# exist in the database are added.
+# NB: If --clobber is specified, the following files to be overwritten if they
+# are in the output directory:
+#  cert9.db, key4.db, pkcs11.txt, test-ca.der, other-test-ca.der, default-ee.der
+# (if --clobber is not specified, then only cert9.db and key4.db are modified)
+# NB: If --clobber is specified, you must run genHPKPStaticPins.js after
+# running this file, since its output (StaticHPKPins.h) depends on
+# default-ee.der
+
+set -x
+set -e
+
+if [ $# -lt 2 ]; then
+  echo "Usage: `basename ${0}` <path to objdir> <output directory> [--clobber]"
+  exit $E_BADARGS
+fi
+
+OBJDIR=${1}
+OUTPUT_DIR=${2}
+CLOBBER=0
+if [ "${3}" == "--clobber" ]; then
+  CLOBBER=1
+fi
+# Use the SQL DB so we can run tests on Android.
+DB_ARGUMENT="sql:$OUTPUT_DIR"
+RUN_MOZILLA="$OBJDIR/dist/bin/run-mozilla.sh"
+CERTUTIL="$OBJDIR/dist/bin/certutil"
+# On BSD, mktemp requires either a template or a prefix.
+MKTEMP="mktemp temp.XXXX"
+
+NOISE_FILE=`$MKTEMP`
+# Make a good effort at putting something unique in the noise file.
+date +%s%N  > "$NOISE_FILE"
+PASSWORD_FILE=`$MKTEMP`
+
+function cleanup {
+  rm -f "$NOISE_FILE" "$PASSWORD_FILE"
+}
+
+if [ ! -f "$RUN_MOZILLA" ]; then
+  echo "Could not find run-mozilla.sh at \'$RUN_MOZILLA\' - I'll try without it"
+  RUN_MOZILLA=""
+fi
+
+if [ ! -f "$CERTUTIL" ]; then
+  echo "Could not find certutil at \'$CERTUTIL\'"
+  exit $E_BADARGS
+fi
+
+if [ ! -d "$OUTPUT_DIR" ]; then
+  echo "Could not find output directory at \'$OUTPUT_DIR\'"
+  exit $E_BADARGS
+fi
+
+if [ -f "$OUTPUT_DIR/cert9.db" -o -f "$OUTPUT_DIR/key4.db" -o -f "$OUTPUT_DIR/pkcs11.txt" ]; then
+  if [ $CLOBBER -eq 1 ]; then
+    echo "Found pre-existing NSS DBs. Clobbering old certificates."
+    rm -f "$OUTPUT_DIR/cert9.db" "$OUTPUT_DIR/key4.db" "$OUTPUT_DIR/pkcs11.txt"
+    $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -N -f $PASSWORD_FILE
+  else
+    echo "Found pre-existing NSS DBs. Only generating newly added certificates."
+    echo "(re-run with --clobber to remove and regenerate old certificates)"
+  fi
+else
+  echo "No pre-existing NSS DBs found. Creating new ones."
+  $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -N -f $PASSWORD_FILE
+fi
+
+COMMON_ARGS="-v 360 -w -1 -2 -z $NOISE_FILE"
+
+function export_cert {
+  NICKNAME="${1}"
+  DERFILE="${2}"
+
+  $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -L -n $NICKNAME -r > $OUTPUT_DIR/$DERFILE
+}
+
+# Bash doesn't actually allow return values in a sane way, so just use a
+# global variable.
+function cert_already_exists {
+  NICKNAME="${1}"
+  ALREADY_EXISTS=1
+  $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -L -n $NICKNAME || ALREADY_EXISTS=0
+}
+
+function make_CA {
+  CA_RESPONSES="y\n1\ny"
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  DERFILE="${3}"
+
+  cert_already_exists $NICKNAME
+  if [ $ALREADY_EXISTS -eq 1 ]; then
+    echo "cert \"$NICKNAME\" already exists - not regenerating it (use --clobber to force regeneration)"
+    return
+  fi
+
+  echo -e "$CA_RESPONSES" | $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -S \
+                                                   -n $NICKNAME \
+                                                   -s "$SUBJECT" \
+                                                   -t "CT,," \
+                                                   -x $COMMON_ARGS
+  export_cert $NICKNAME $DERFILE
+}
+
+SERIALNO=$RANDOM
+
+function make_INT {
+  INT_RESPONSES="y\n0\ny\n2\n7\nhttp://localhost:8888/\n\nn\nn\n"
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  CA="${3}"
+  EXTRA_ARGS="${4}"
+
+  cert_already_exists $NICKNAME
+  if [ $ALREADY_EXISTS -eq 1 ]; then
+    echo "cert \"$NICKNAME\" already exists - not regenerating it (use --clobber to force regeneration)"
+    return
+  fi
+
+  echo -e "$INT_RESPONSES" | $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -S \
+                                                    -n $NICKNAME \
+                                                    -s "$SUBJECT" \
+                                                    -c $CA \
+                                                    -t ",," \
+                                                    -m $SERIALNO \
+                                                    --extAIA \
+                                                    $COMMON_ARGS \
+                                                    $EXTRA_ARGS
+  SERIALNO=$(($SERIALNO + 1))
+}
+
+# This creates an X.509 version 1 certificate (note --certVersion 1 and a lack
+# of extensions).
+function make_V1 {
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  CA="${3}"
+
+  cert_already_exists $NICKNAME
+  if [ $ALREADY_EXISTS -eq 1 ]; then
+    echo "cert \"$NICKNAME\" already exists - not regenerating it (use --clobber to force regeneration)"
+    return
+  fi
+
+  $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -S \
+                         -n $NICKNAME \
+                         -s "$SUBJECT" \
+                         -c $CA \
+                         -t ",," \
+                         -m $SERIALNO \
+                         --certVersion 1 \
+                         -v 360 -w -1 -z $NOISE_FILE
+
+  SERIALNO=$(($SERIALNO + 1))
+}
+
+function make_EE {
+  CERT_RESPONSES="n\n\ny\n2\n7\nhttp://localhost:8888/\n\nn\nn\n"
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  CA="${3}"
+  SUBJECT_ALT_NAME="${4}"
+  EXTRA_ARGS="${5} ${6}"
+
+  [ -z "$SUBJECT_ALT_NAME" ] && SUBJECT_ALT_NAME_PART="" || SUBJECT_ALT_NAME_PART="-8 $SUBJECT_ALT_NAME"
+
+  cert_already_exists $NICKNAME
+  if [ $ALREADY_EXISTS -eq 1 ]; then
+    echo "cert \"$NICKNAME\" already exists - not regenerating it (use --clobber to force regeneration)"
+    return
+  fi
+
+  echo -e "$CERT_RESPONSES" | $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -S \
+                                                     -n $NICKNAME \
+                                                     -s "$SUBJECT" \
+                                                     $SUBJECT_ALT_NAME_PART \
+                                                     -c $CA \
+                                                     -t ",," \
+                                                     -m $SERIALNO \
+                                                     --extAIA \
+                                                     $COMMON_ARGS \
+                                                     $EXTRA_ARGS
+  SERIALNO=$(($SERIALNO + 1))
+}
+
+function make_EE_with_nsCertType {
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  CA="${3}"
+  SUBJECT_ALT_NAME="${4}"
+  NS_CERT_TYPE_CRITICAL="${5}"
+  EXTRA_ARGS="${6}"
+  # This adds the Netscape certificate type extension with the "sslServer"
+  # bit asserted. Its criticality depends on if "y" or "n" was passed as
+  # an argument to this function.
+  CERT_RESPONSES="n\n\ny\n1\n8\n$NS_CERT_TYPE_CRITICAL\n"
+
+  cert_already_exists $NICKNAME
+  if [ $ALREADY_EXISTS -eq 1 ]; then
+    echo "cert \"$NICKNAME\" already exists - not regenerating it (use --clobber to force regeneration)"
+    return
+  fi
+
+  echo -e "$CERT_RESPONSES" | $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -S \
+                                                     -n $NICKNAME \
+                                                     -s "$SUBJECT" \
+                                                     -8 $SUBJECT_ALT_NAME \
+                                                     -c $CA \
+                                                     -t ",," \
+                                                     -m $SERIALNO \
+                                                     -5 \
+                                                     $COMMON_ARGS \
+                                                     $EXTRA_ARGS
+  SERIALNO=$(($SERIALNO + 1))
+}
+
+function make_delegated {
+  CERT_RESPONSES="n\n\ny\n"
+  NICKNAME="${1}"
+  SUBJECT="${2}"
+  CA="${3}"
+  EXTRA_ARGS="${4}"
+
+  cert_already_exists $NICKNAME
+  if [ $ALREADY_EXISTS -eq 1 ]; then
+    echo "cert \"$NICKNAME\" already exists - not regenerating it (use --clobber to force regeneration)"
+    return
+  fi
+
+  echo -e "$CERT_RESPONSES" | $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -S \
+                                                     -n $NICKNAME \
+                                                     -s "$SUBJECT" \
+                                                     -c $CA \
+                                                     -t ",," \
+                                                     -m $SERIALNO \
+                                                     $COMMON_ARGS \
+                                                     $EXTRA_ARGS
+  SERIALNO=$(($SERIALNO + 1))
+}
+
+make_CA testCA 'CN=Test CA' test-ca.der
+make_CA otherCA 'CN=Other test CA' other-test-ca.der
+
+make_EE localhostAndExampleCom 'CN=Test End-entity' testCA "localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com"
+# Make another EE cert using testCA for subject / pubkey revocation
+make_EE sameIssuerEE 'CN=Another Test End-entity' testCA "localhost,*.example.com"
+# Make an EE cert issued by otherCA
+make_EE otherIssuerEE 'CN=Wrong CA Pin Test End-Entity' otherCA "*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com"
+
+export_cert localhostAndExampleCom default-ee.der
+export_cert sameIssuerEE same-issuer-ee.der
+export_cert otherIssuerEE other-issuer-ee.der
+
+# A cert that is like localhostAndExampleCom, but with a different serial number for
+# testing the "OCSP response is from the right issuer, but it is for the wrong cert"
+# case.
+make_EE ocspOtherEndEntity 'CN=Other Cert' testCA "localhost,*.example.com"
+
+make_INT testINT 'CN=Test Intermediate' testCA
+export_cert testINT test-int.der
+make_EE ocspEEWithIntermediate 'CN=Test End-entity with Intermediate' testINT "localhost,*.example.com"
+make_EE expired 'CN=Expired Test End-entity' testCA "expired.example.com" "-w -400"
+export_cert expired expired-ee.der
+make_EE notYetValid 'CN=Not Yet Valid Test End-entity' testCA "notyetvalid.example.com" "-w 400"
+make_EE mismatch 'CN=Mismatch Test End-entity' testCA "doesntmatch.example.com,*.alsodoesntmatch.example.com"
+make_EE mismatchCN 'CN=doesntmatch.example.com' testCA
+make_EE ipAddressAsDNSNameInSAN 'CN=127.0.0.1' testCA "127.0.0.1"
+make_EE noValidNames 'CN=End-entity with no valid names' testCA
+make_EE selfsigned 'CN=Self-signed Test End-entity' testCA "selfsigned.example.com" "-x"
+# If the certificate 'CN=Test Intermediate' isn't loaded into memory,
+# this certificate will have an unknown issuer.
+# deletedINT is never kept in the database, so it always gets regenerated.
+# That's ok, because if unknownissuer was already in the database, it won't
+# get regenerated. Either way, deletedINT will then be removed again.
+make_INT deletedINT 'CN=Test Intermediate to delete' testCA
+make_EE unknownissuer 'CN=Test End-entity from unknown issuer' deletedINT "unknownissuer.example.com,unknownissuer.include-subdomains.pinning.example.com,unknownissuer.test-mode.pinning.example.com"
+export_cert unknownissuer unknown-issuer.der
+
+$RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -D -n deletedINT
+
+# certutil doesn't expose a way to directly specify a notBefore time.
+# Workaround this by just providing a large enough warp that the notBefore time
+# falls before the UNIX Epoch.
+make_EE beforeEpoch 'CN=Before UNIX Epoch Test End-entity' testCA "before-epoch.example.com" "-w -720 -v 960"
+make_INT beforeEpochINT 'CN=Before UNIX Epoch Test Intermediate' testCA "-w -720 -v 960"
+make_EE beforeEpochIssuer 'CN=Test End-entity with Before UNIX Epoch issuer' beforeEpochINT "before-epoch-issuer.example.com"
+
+make_INT expiredINT 'CN=Expired Test Intermediate' testCA "-w -400"
+make_EE expiredissuer 'CN=Test End-entity with expired issuer' expiredINT "expiredissuer.example.com"
+make_INT notYetValidINT 'CN=Not Yet Valid Test Intermediate' testCA "-w 400"
+make_EE notYetValidIssuer 'CN=Test End-entity with not yet valid issuer' notYetValidINT "notyetvalidissuer.example.com"
+NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE md5signature 'CN=Test End-entity with MD5 signature' testCA "md5signature.example.com" "-Z MD5"
+make_EE untrustedissuer 'CN=Test End-entity with untrusted issuer' otherCA "untrustedissuer.example.com"
+
+make_EE mismatch-expired 'CN=Mismatch-Expired Test End-entity' testCA "doesntmatch.example.com" "-w -400"
+make_EE mismatch-notYetValid 'CN=Mismatch-Not Yet Valid Test End-entity' testCA "doesntmatch.example.com" "-w 400"
+make_EE mismatch-untrusted 'CN=Mismatch-Untrusted Test End-entity' otherCA "doesntmatch.example.com"
+make_EE untrusted-expired 'CN=Untrusted-Expired Test End-entity' otherCA "untrusted-expired.example.com" "-w -400"
+make_EE mismatch-untrusted-expired 'CN=Mismatch-Untrusted-Expired Test End-entity' otherCA "doesntmatch.example.com" "-w -400"
+NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE md5signature-expired 'CN=Test MD5Signature-Expired End-entity' testCA "md5signature-expired.example.com" "-Z MD5" "-w -400"
+
+make_EE inadequatekeyusage 'CN=Inadequate Key Usage Test End-entity' testCA "inadequatekeyusage.example.com" "--keyUsage crlSigning"
+export_cert inadequatekeyusage inadequatekeyusage-ee.der
+make_EE selfsigned-inadequateEKU 'CN=Self-signed Inadequate EKU Test End-entity' unused "selfsigned-inadequateEKU.example.com" "--keyUsage keyEncipherment,dataEncipherment --extKeyUsage serverAuth" "-x"
+
+make_delegated delegatedSigner 'CN=Test Delegated Responder' testCA "--extKeyUsage ocspResponder"
+make_delegated delegatedSHA1Signer 'CN=Test SHA1 Delegated Responder' testCA "--extKeyUsage ocspResponder -Z SHA1"
+make_delegated invalidDelegatedSignerNoExtKeyUsage 'CN=Test Invalid Delegated Responder No extKeyUsage' testCA
+make_delegated invalidDelegatedSignerFromIntermediate 'CN=Test Invalid Delegated Responder From Intermediate' testINT "--extKeyUsage ocspResponder"
+make_delegated invalidDelegatedSignerKeyUsageCrlSigning 'CN=Test Invalid Delegated Responder keyUsage crlSigning' testCA "--keyUsage crlSigning"
+make_delegated invalidDelegatedSignerWrongExtKeyUsage 'CN=Test Invalid Delegated Responder Wrong extKeyUsage' testCA "--extKeyUsage codeSigning"
+
+make_INT self-signed-EE-with-cA-true 'CN=Test Self-signed End-entity with CA true' unused "-x -8 self-signed-end-entity-with-cA-true.example.com"
+make_INT ca-used-as-end-entity 'CN=Test Intermediate used as End-Entity' testCA "-8 ca-used-as-end-entity.example.com"
+
+make_delegated rsa-1008-keysizeDelegatedSigner 'CN=RSA 1008 Key Size Test Delegated Responder' testCA "--extKeyUsage ocspResponder -g 1008"
+make_EE inadequateKeySizeEE 'CN=Inadequate Key Size End-Entity' testINT "inadequate-key-size-ee.example.com" "-g 1008"
+
+make_EE_with_nsCertType nsCertTypeCritical 'CN=nsCertType Critical' testCA "localhost,*.example.com" "y"
+make_EE_with_nsCertType nsCertTypeNotCritical 'CN=nsCertType Not Critical' testCA "localhost,*.example.com" "n"
+make_EE_with_nsCertType nsCertTypeCriticalWithExtKeyUsage 'CN=nsCertType Critical With extKeyUsage' testCA "localhost,*.example.com" "y" "--extKeyUsage serverAuth"
+
+# Make an X.509 version 1 certificate that will issue another certificate.
+# By default, this causes an error in verification that we allow overrides for.
+# However, if the v1 certificate is a trust anchor, then verification succeeds.
+make_V1 v1Cert 'CN=V1 Cert' testCA
+export_cert v1Cert v1Cert.der
+make_EE eeIssuedByV1Cert 'CN=EE Issued by V1 Cert' v1Cert "localhost,*.example.com"
+
+make_EE eeIssuedByNonCA 'CN=EE Issued by non-CA' localhostAndExampleCom "localhost,*.example.com"
+
+# Make a valid EE using testINT to test OneCRL revocation of testINT
+make_EE eeIssuedByIntermediate 'CN=EE issued by intermediate' testINT "localhost"
+export_cert eeIssuedByIntermediate test-int-ee.der
+
+make_EE badSubjectAltNames 'CN=EE with bad subjectAltNames' testCA "*.*.example.com"
+
+cleanup
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/inadequateKeySizeEE.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test Intermediate
-subject:Inadequate Key Size End-Entity
-subjectKey:rsa1016
-extension:subjectAlternativeName:inadequate-key-size-ee.example.com
-extension:authorityInformationAccess:http://localhost:8888/
new file mode 100644
index 0000000000000000000000000000000000000000..4daa9a5eaa1e2575ed47c5dd86a4754a3ab01214
GIT binary patch
literal 568
zc$_n6VlpvkVw}5xnTe5!i77tIfR~L^tIebBJ1-+6H!FjIkfDG99~*Nh3$rkLNNRD3
zg0rK6oH(zciJ^g!fq|Kkp{ZGvIIjsZ*FfJ;*FYPhN5wNQF(tLIG_fRA!8^55A+$I#
zJyij0kZWFwZfaghW=W+%<9uXm8Ce;a8+#cH8atU98yPnJIlSrV#Ik8MwcGe=Yc@m~
zxlia|iF?=KHs{1#rK>gX-B<nNuWEQz=Hgi8lwZC-&BBZ+aZ!lw`i(s`<!ldEs+^wA
zaj7lXFe2t)OLWF!#%t$SRjp?}*ym8gGGAeKe)y6V`&Ol2Z9X+GHa<72%s8R)OX&H^
zWAzQ}o_kC7%~>q;k%^g+fpKw-L6w0f&`Yv{EJ_9nO>&uVZ)K-emV!K`ms*jSTac5g
zmz<w#V8q6u&Bn;e%Ff8hqGq6CpakO^Ft&+hl#~=$>Fej@Cnx4)<QJD%Spb2)0T0M{
zVMfOPEKCLr2HYSXKMM;eUeMx%85k-PE;pQ1oqBzeR_Ee#8he&j+PNM1WuxOO=c}X@
zv_#;;`j0bA5|q1)EggfyrIemu+ny`^X)ohEA7{J6js0`4S0*n!>B+He;f-}`!;hcj
z^x*N>;k;}vbDw$qtG4|WdoHhkv1gVT*P>9KYbi(F8<Ij2attFTUeI@c&-A}G;~4wo
GeZ2r|XT&uC
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/inadequatekeyusage-ee.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Inadequate Key Usage Test End-entity
-extension:keyUsage:cRLSign
-extension:subjectAlternativeName:inadequatekeyusage.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerFromIntermediate.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test Intermediate
-subject:Test Invalid Delegated Responder From Intermediate
-subjectKey:alternate
-extension:extKeyUsage:OCSPSigning
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Test Invalid Delegated Responder keyUsage crlSigning
-subjectKey:alternate
-extension:keyUsage:cRLSign
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:Test CA
-subject:Test Invalid Delegated Responder No extKeyUsage
-subjectKey:alternate
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Test Invalid Delegated Responder Wrong extKeyUsage
-subjectKey:alternate
-extension:extKeyUsage:codeSigning
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/ipAddressAsDNSNameInSAN.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:Test CA
-subject:127.0.0.1
-extension:subjectAlternativeName:127.0.0.1
new file mode 100644
index 0000000000000000000000000000000000000000..c3e06ff70995c36474b407bf0b6a5fe23b88071b
GIT binary patch
literal 524288
zc%1CL2UHVX*RY)#x(Wg+paRm16o({)fJkow(gi632}M9edM6`_1;yTbSHzALMMcGi
zqGH9~v3Kms{ZC?^Hz5z-3D5f1yWVfT-@ewm&pvpukJ~+QPG%-}hX(tn<|gSSkIx>*
z$<<@fCeSd9=Ax%ZqhaAR8cmfZLZ13hR_tqxCKYN8tF|7><Zqf{aSW|gg*;PouB5!g
zx%gLcOmUO+d;kCd00000000000000000000000000000000000000000000000000
z0000000000000000000000000000000000000000000000000000000004mhU8E~0
zXzJ)-<rcXdZhF$Vq+E^%CztcDsOTQz=^Ey#7v}2b@2U5%U)3{9P1Fkt89u@_BvQ}M
zGg5D4!0_Oao_c`+dhUS%UjD<~!}LNtgZy3HJuUT8bCbr|{0(&TA&T;v?m8GPH6t;p
zFefXW`qem2Uha6o*Kz+^KhEY~GbJ~9c}-1yEL!jl31c~_i5WRLLD{MKoZKV@VR6F)
zJUmC~2_(M+(KqOsacl^>xr>}&jR?US=^SoSy69WvJFOv*|F#Ch+)GwobD%yJ_qXgk
zZdy`8uIO9jI;|npT~uOY?k*#*+5caEn$(<}yrgW=_sDiy=CA#?RoFJ>Q(2gTroKKl
z%T92}L|Qb%I~_Lh1*9K1SGT~BFiSlSLH$P^Hx8ZpkHMb{eu4ihHvC^=^S@;Czhn!(
z<bMmB$scU_1B*Y{@dq}4u;&jP{=lUMd%;q~-%+q4K^KgFe;=k`v=xjj!DuHK*@Dqt
zFmePVS1=|B3j15$-}(e|`ro-=Wx8Nxx?p9xU}d^sWx8Nxx?p97Ad4Z$VhFMrf-Ht0
zizToufn^CSOJG@ltzb=-U`;#0ce4MEf({D)q;%r%oS#b<RLdkN=z@}kQ$eo<-^~zw
zH$(8<Oyci%|NX|lzrqlVOu=X?82P_9Q}DYo1-~m(a9nH!xwe8_TjKAp@N*NAY#B_3
zt&M0(7fr>!fhn5Wil!{l)J`;I|JRfyN@I!ASfVtRD2?^6G?u6wmZ%(-s2rB49G0jY
zmZ%(-s2rB49BOJWnsP)_u4tMdnkI^-Nup`;e@z81guhd+s2nc8oJ3m=k;oNvoJ|N2
z^_OLD&cNk0z4iZ3CqL2O(l{H@T!uPD%gRv$PJZQ|u6vWe{!Rb@000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000000000000;Qtwvnbgp0Ko4s4C|gM@+f=ra7sU%M
zdscS0>}pw4+3~W2Wjo8hmA&I_<*g&Xlkdqk@*a7OJWrk=>&RW?W^xs|kgOsnk;P;d
znL@^q;p7O?gB(iINpn(<)Ff3%Io@yHXWlE`BVH@-67Mwc2yZXXh&Pa@&Rfcx!<)+E
z@$z`-yab*SkH+)iIrCUNtN-b?0000000000000000000000000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000@P8?aGP0P=2-Y1B!NlsbfjfWF>&glfH^JnX67DLP>`6&?;ZKx~xu!V_
zCcEqnoCK3~Z-xvLOcpl9I`SuKTU_#n3MLCru65u~Y}UTevlmQw#}>2s69Z-S{&xI{
ze)GwjEdFGG*~SC5{E36>Of#lnVxL^e5KL@-r_u!zquSdx{E4DIZb|Sb3O^nH4B<}<
zvwqIA7EBUXYg-8>F(cTPf{AZkriEbQ?6+aC;CG)#hM5Z{+5JbF@h9rhS7)0FCf2Xx
zP52Y7lkbNZ3nm9!VvGcn+V(_4!DQQ>2m`@n{U3RK!DQvPNIk)1as9+Wg2|lAFLecz
z>8H-?2qqPaLbL@FUS{M#!KC1yxB-GmmSawT!6Y^6sg_`pKx@|&Ormxj)DTR9UKRHf
zOnleR=_{DHKdS8`m^e1fRToTbe>_kVOss-mstP71iC20HCWB%RsR$-ooD0f=N$;)4
zdI=^<yRv%<CNfT2dhjQjzblHB1e5lRV~T>wJDUj#f=S!l`SOCvLoQQJFll8g$O<Nx
zQ{Kx6CTFkq!4+g=l{AlMwDh1}W*)rlH1aq3jr>HuC0~$F$ou3i@)~)GY$8vQ4dh{R
zKe?OSMs6n8kt@k1<a}}#SxHuqBw0-6k(uOJGMVI%F=PZ8LXIGPNO#hSv?rP55OOeS
zOzM#XNexns>_sY&IPVYdJMS~^9q%RYDenRAHt#y`GVeU^H19aCo_By(OBDhD00000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000000000000000000000000000NJmzNhI#M@cmCkUA6)r^
z3x9Ct4^I4H7=Li&4@3Eb1AnmR4{ZKm#~)by!InQT`2&ML(D{Q6e<1k75dL7zAFTL;
zC4aEs4}<xGIe#$Y52pOVgg+Sb2P6Jq$R7;&gFb)I;}3)QgD!v2;SbvUVIY4Pz#sba
z2QB`f$saWMLqGn|mp}C359<6ujX$XJhu-`_g+D0shhF@lCx7U{AC&lmB7ace5Ays$
zjz7rq2O0i=%gE4_dQffkD0@UBe~=%^m*gYz7TH3cBaf4H<Zf~cxt3f?&Lu0!a<Yib
zB2!5Y8A%3{!%0`tp0pv&Nqw?EsYWW181Dz~Bkv{e5$_hSg?Em3oL9%&&D+9T%UjBu
z%d6y-^NM&`yi^{C7s(6e4d=P??0GgkbDlo0KTnOP#KX#dlzl9FNfiPB0000000000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000000000000000000002+--UvVI<}D(<sppj!ssT9uEOXd
zjLyR7B#gs^(NP$O3ZsKC+6yCF8100SC5*Ph$P`9~Fw%w5Mi>cU93qU?!e}LomcnQu
zjDv;ITo}!S(Nq{sgwa?SjfBxq7!8C`Ul{d-agZ?T3ZsrNY765)VH_Zg{e@9W7&V1a
zLm2xBV_#wHBaG_8s3wf6!q{6FRfJJl7<&n0PhspKj7q|&D2xiiC@+k1!YC_@GQx<<
z%cv{y*P&h_9%YYc<PY*A`I3A@-XdGbbL4Tdj@(UdA=i>i$+=`DSxy#_S!627AtT9P
zayaQq+LJb<IjK+fC)G$L665{gedN95J>uQsweZgIj`QkxyLnr9Yk5m~b9t4#a$XTH
zi<ipd@FID^yx}}oo;}ZoXU@~-_2;Salz3R#kFt+tFR4NR00000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000000000000{<{$V|K2@>(Onqbgwa(PU4+qD7@dT1m@qmD
z<4|FA5Jr1pWDBF6FtUWvRv4MW$Ph-lFxm(sA&f(W(OMX-gwawMErfBfFq#XanJ}6P
zqlqvY3!{-R8VaL<FzO4Vo-hs)MqOdl5k_rc94L$fgt5OcY6+vJFlq>6KVj@EjD3Vr
zT^QAbQB@dw3!{oKDhp#TVeBc4J%mw77!`$4K^WzQQBD|Tg;7Qrad{baCH^|pOT?pS
zG_BaUlwS0?Xm(LG&xGe(`m>Z)e3*PuW?8(h%#&0oD=3RCNh9@2%XrsIck<qqCYJ0Y
zSC;nYO)ouL)`yo>cA_M>WKdB)8B!uo+Ve)0`tjD6tSGK5&MaY<J}Q1&+>5-#Q!bfA
zRutVX8eP_2^1L{r<YMWfqT|I*Wn0Sb6kp@jlVi#KWpn<g|GEGG000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000002+-;9<F6KiHXFCIyoUwL!#!p12U=lx?^FWGtU
z#j;iJX7|$?rJnKU;ntgY<Bhwq8)Mx0qEGZO=U2COB)&B6@9G%caKM43G|7!GG#qG3
z3nm+noBCkYo2!X;@9Q}_SiAB?tNQK8F>xkiFTZSfqq6t<S7K%AAQ!%9+WF@0p-d&b
z&$W%R$Aa#-Ue!;$>dY5vgMKb%>iZrkJbGfGlGC!#tJS;bJMl&R#9ED?@zs%!Cp_&J
zthjg4mIlw`!}vme!u~I3J-2V%X_?;p%b94KTc1o-90k9*E8AJGW7k*m<JJz-d&>Rl
ztoJz&<%=uHA)g9u#?Cw-KlEVR#73>=xdxXU_+sbPhsxzI&TBNst)EcJbGHgRcXp9I
zUu+v0l67i7Su#VVXrF%Lb*ql5UZ>c6!F;yMtU9>2^Qr8kEj=cWc$$kZTV%%<hL+Lq
zZ+x%Ce_y#hWKD63;oXh}4_JKh=$pLk>{}_3N(+NzF5KT4;H<Z-+E(xfba6T2mH0#3
zX^H!l%KGuyn@%*ZW%9*JPui@y_ES&hg-koGye==1RdnJ7LvWy0X3kz)G*|6X#*^nV
zbz@$$mU<na^TmPCfcg$s8+P6Isi_BpYVX{;7vXNh7xOYM<eq)LV}GC0iost0ytKS|
zDn5(g3xD@ww+vmm{nIU`d^({Qdq;Dr;hrIU(NL{={J{&y<0my{pO{~$IB7>ko4GY#
zY~|YVi22k0D0*0pjO;k3+~~b$t`%RzFL%v+<^TTS^L6F2Lw3|$isn>Yx8#fK%S<M`
zzP_sNi=tPO-_eB&61U5nSO|`X+??JI&dBKJ+O#<~?>-^-J0f(#V7@TuyS>PXJ+5QZ
zi+*oarzBiEd2_~YbG|5u?vY<LS+QyMj#1z7p!|u?JYL)};|s-Yt1g8`KGMybB)8#c
zi|5q9&x|Rie6jY|L`5>P#V5fq>~!D5YF9&zR`xRylxu7LX7~IlSMT3W80*pWQm$M^
zJHePQM%wPm9x>w74;i~7_mUo_lf3hZenx^n$HAsEcLrqaVXiWJnH+K^u-z?Wq#<8K
zH#O|OE5A4J^68HzUK;NXxVri^81O~$O@l?fcfK0x$4rY3+5PM5-qwYd`g~C*-|OL=
zpH+v##?*JT1g6hE8BnxEk1zC-?`x8a%AdV;R6Y{$^eFy)`Ov+C_<{^B346h=O^I6I
zG%i1J+Z~$hjWk`ppy!4$?OQ%$dncKu?D^F{+HvdPavi=H=DFw>efH4Ly=%7V>=`*_
z%c9ZmK4|lW=Y)MT&;2$p@LiLtG;9ebKi~dX*g(E;zuC5E_^UaXV%gK9qpe%7r?RJA
z9l#g=w57;a&ztr8RPnJR^W}Z8MLq>5`}4)!lZWD)O+y!afBd0%{Fi9?9!J$8wD@Aq
zzImlX2g)1!*Y#@H<v&8sZbr0|rXb@@d*OpsS1v>*>g4XQA8&T;P+5kC;IveDbcE6s
zmsLlcqcZyrU0}AZr=ndy!7I_v^*eiZ^yLFVtP`W#t)k=RTA23b3oU1Ti)C9aFUr4f
zT=LKP!*s@g0P{Y4p*QEZb<em#t(eZA_X{g^mibm%Tvr#o7)%cl3ntADxT|zkjvhmc
zcJtU-q{bH&L4(e29380ZJymb6?EUO5dJA0Es`5oqocD`)AJ`AhGQM3_bM5yi>-mJl
z-h5FLe*FsLomGpGs^(iVtX1X6%Tr%f_~LoWjOz1ibM-5y?3ze_)#KEd`gw<y1+S|%
z&BeRd@4Hu#S;N_?V%C$P^Qo;DU&N)q_pXahe|m0rt^30r!8hC+`z-A#I35$!n<9Uz
zj<g+nWy7`oEsDbl|LPum5&U|r^@-Pm>?#WOKioR{dF$jycJr0^V%0xR<(5mHZ%}+@
z)NG>Vt@+t}|7b<NSgw9}==m{u%88}6CA;U{xqCzT;&cVRcu{j=y(uHqk5l`DHZiKA
zev;$y!SZ}@;=tR$T!kRH;-aR}nW^)(j%d02RgNz>I;~D6%@!N2ANl&+8urB3$Ges(
z%NM_DSeymtvzPMfI@(X3UQ={fWr~*!UmW=o<<u)~p?~3AwRdZ><eWT0;}+tYGE60+
z$WD*`;)uq?H<lf%{k#W_@{QM$qqZp-@*RJ-QYC+q?SH2L00000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000000000Pw#Yl?q>K>^Vt+8hey`^q|r3w}!<uvfa4V
z_@L2uqgLZWW47@U<59+1M#V-^hRY0#jRqLrHgYihX?Vz$a8-2)av@wUyUcO<;Ihjl
z)A@>Xt<xu`E6&-@bmw`_A<pVU(uVk2Pq$7R(!;uG$YASN)-~3>tln5zTJ^HpW|eMr
z!K%v2-*SiLEQ^a4J1he%RV*_stu5YJ1X&P+GY1C^{xEo#h3eqTgXfrkGQVQ3ZuZH1
zo_UCQt$DUN-E4tbuIXOW1!hdscC#?EzNXhqS*98$;U+AT8zzfPzMAYe$)}sp<!!ud
zOl(fuOtERR*<_PUoF%G<yclwpNFmIKX@n1<ID$7K)_;{hZ-lP@{Si+79sWoC_55jm
zE`EA`4So~+9{R2Eizk<o#k>aITGEl%K}M50yazllo@v>*vVgLeWm|cQWld#OrJqZ$
zl@2KRRl2BjRO!Cbf>QgEH6`W6XNs#!+)Lz2xFtr#ZN(#st&4JtMizZ2sx9ta)KWCR
z@MqzjLj6L#aAjd!VSOR5(4}B=!L<B~`8x}I3wjl#7FguJ%@51B%`3@^$@`X9m#>l6
znzt+u%YB?{maCMzAvZbqWbWi#@0=Yuv$L;f@6QR&>64S0L(gu{j?Q+>nwXW4)sfYZ
zt&{a2Yi*Wd=F7~%nLRRVGSf1fGN)(yj^8%ED&s=Nw(<VsdyP*YZ<+BXBOt?iT*kP7
zaqq_M$WR$~aonu*59ycFRmXlvpOYSxzAHU5oftcBY<600+Pty!v`=G0#;T`XNn@t<
zO$|$Brd~^3klLQQH#IlqM#}y%U&q`?$xmUWEJ_Ja(HK)WW>oT$<iasp$*p79$={O?
zCJ#vZndFc(An8z2ankLiWl2$q^@%GI?k3bH#w2PdmL@tT{7#5XaN_c~vD^;s(F9%Y
zeeNnQjq{MB$Dwi7aN;=)oCzG4_;v9U<4(k_i+791<GJw$agXCX;*4SwV?AP@#%_p{
zjctsr7~MAd^l15*w$W2YdyU>SI(f87%(R%4=<4WcF=o*(Vtis0qt8YUj_wiV8#Oqp
zDQbGutEif&w8#sQ+eW<^bs;i6(lW9t(m%4-sEkno5wjvPMyW(x9AzExE@DT7YWRn6
zB3w0mS9oUl<?uP-K_hEN&I`K|Ry#6er25G0k@T=nVPRp+(A?0l(Du;1VSPidg)RvB
z8ge5<Blv5`qLA>A{UP}wtl%ZVg+T{{mISkdz6XyA)(UD3atIm_7!~Lccsp=e;LpHA
zfyDuL1L{Zo9&tCIG{7-nML<k|Hv2dGE?e8~H+uy;hF#AtWjorfvg5IivR2tSu{!Kx
z?Q~i9SuQL++jv_S+lRJmSTx%P+X=oWeAf+sJp6<&*Vn*zqOY4TK0I-_hfjr1;&54?
z#^FXjPklD{$a}YWn|RB6Z}Lv|KJ7il+smukYnta-&uT9pFGa5uFEh^<p1z)gJ<>dU
zJzja#c=qsU@|f=a#{GhOFSj@DRqp=o+uYOLE!}3hWw`Eeo#kfj`pzxDO~v&h^D*-T
z6K6bTPGq_<*D<+F14acSk-mXm!7!pfWq2@T>5WdgPGQ3q49j)uJM5Yhb6ESZy~8vd
zzdEuUH5~Ul<~!bST;v!&^x)7X4y_IchmIPmHMDRj+u^%Il!JqPv3->NPy0g-1MF|x
zFEi0J{%%xfw9Iw9YmkeY^QR$OhD^8iv$nK+YkARPwngS(o5AX4SIzdC=9z}mljvSH
z3dD;MM@FpjkMnmSZ;%IhlXyvGM45WYy^>?a(~HxK?27sqJS{k#KQ})o&nZtY=XFkV
z_LA)4EYB>{@vp~U$e5XtF>c5>)v+yOYtwSl!czOCd>wOO%#!5DWQW9GiFXrLCh)k<
zT)p^5@h9RY#U;iX$I8c?iK&iGjrNV|8Tn?^_EEDU0wai#A4gsZn;(`NY8$E%d^7l9
zP*G4+;J|?2_CxKp?e5tfWs$6SKg{>>@b$whd^~+jyq<fV^{n(v^RV#f<<{)B!&cuG
zXPjhgaN6UvVA#lEtfAkAwmK|zDE^<`Z~y=R000000000000000000000092CGf2i2
z&q*B<mynd58%Hphi40a^67`iWgT=75$KN778-IiHTwDA#GM|gTLgq8^m&kk${sQG$
z1pd4$pAbjzv7yuPHl!!;XSy=Z0zWpX=wF&EN`H#d1pY)~b$VhlgKjJ8?qj59<Bw3D
z>h42iJ{Nz0%xB{Fk@+0_9?DbQz1x*%h}v@p=?VOH=k^ISU6g(cr3t*X^XdtSbo&Il
zy{Nl4k)Dm;KzXXW*OB>L{2DT!iC;zLbMPxDPj$DYD{m)i&t;@1@JpTA_gAw-=@(I&
zz?&sj=Oz>OgxG8M0@Abb^C(Ysw+Wfg#m^!0nfO^`J_kR8@>F+Ecjd)iyQh$zz#BWa
zPoTwKyC+eaz)wi7&S0@w$)fHaM|w8ifbvv#k0JB9_)%m&6F-8?=iv1yPj&ZjS3XhH
zo<m4a;B^x1<7=_g_Cb^;@B^J!x927^ZK&1%tGoM=o{jHAd8)g6k@;MF4>F&L*CO*d
z_->S^y1T0@FSaf1M0x_>(W!lZHAj@b9i<6;o8;;Q!(Mz>+lusTyawf|?ruTmbMb0q
zJ`>-J%;(^nP@d}U#;&~BnPCIc6Zm?G_VKmYnPDAD6Zl$*)j9N}1O{Ey-8D$h##f^}
z)!kLdd@jBcna{*mAoDr+a+IgKyR0iuh}yFh=?Q#E=l1b6Jz12#7^Mk(k;Lluwh0`T
zji|c|k)Dk&KzXXW^O5;nd>%5NiO)smbMQGRPjz>87v5H^J+qLWz-M-DpFk&x(yLIK
zz-M$?-NuGv&m`>FqV7&ddNy8(@>F-HA@jNTRAfFApMuQi;FD3F>TX3>UhFN^B%~+s
ziQ?@OYFklyIZ6}w1c}wD?lU+{QFlqCXX8ASr@C8)%;(~z$b2SVg3RaO#VAj8x2P*G
zcH%5VdIB%#+&+P}5vAv&G=b-JTAg9Tu}NZ6XZ8Q;ZZ6WZ@f?(=x|@y6=i*t&d?ucW
z%;(_aQJ(5<Mps^}J>!s`z|+OsC)8r6?Xf6L;As-8+a+<6?Kz_ErXoEXPeFOAyJL{~
zTs#?>&%~3E`5ZhE<*Du_bmiHi_HdD&z&V}UC(vS-dhsYt;BlQ+r_+f<8@f$`sJpR9
z&&EfiJk{M8WIh*<M&>i|C}chdk3@N@yQ8}DVsBU@ke<N9#oH&;_M-HWC{5sDomaO>
zNK9ZPioJG2k)Dl*pgh&xU}QcQ4?^ZM@jzrg2M<7bs=Fh)@?x)Df21dHzfSG@tHoZs
zz9>!L!#khVIdnG1mMhj>AEamF-Y8FX*9)1?#XXVvOxy#R&%xbMp6ae!S6-~Uu1HVd
zE}gcmzgn!j&L~abPMyy?9HtFBk<Jx$cNo&MaYvM=x;qq^&&3^(`Apm%na{!5C{K0Q
zt}8G0SDS_O1a8~u#QIl@9ULY~6F5U+b%s5Q#TGm7(vhBx+n_wvT>_cU#fKpCnYcAF
zpMzVWJk?#xuDsZJ*8=GYd~oOX3AEV3F-K_vH<Mi5COLs6)?HJiXX7R)Pj%NAna{<I
zkoip95Sh=x4N#uyu6|cuth;(hPvC<j+Q-*o-PJ{D0@smPozCRa6UFY4X(K%wABgf)
zcLyNzxp;qMJ`>kM=5ugOl&89@(UljwN7fJN3A}IT_6fAu!Rdq21g_rsI-7bYP0;CL
z_jlEho{g)bJk{Oa$b2rYg3M>)%E){U-V5ca?)L1;i{0Ptf%F8f)agdTUoCcjR}rNN
zT%q&ocF7z@B0-3{E06SSTn^=_?#d$bxws56pNZqhd=8GGJk?#=zx#w_(QO#)AEYO+
zj!y0St3?L~`-9R1_Pg`@J%*i4GRIzYe;50O^la=W%5!b8AIN+z_8pne#J(Z(IoMZ}
zXA#(!uDs~}F4m6p1opYp8`{5GbejVEgwh1|QDSu#(>~cobY{RlAUzv<kMdM^-y!q4
z*jr>i6MKWq=U}f<p6c$auDsZb?<LX`*o)5X6KK(y0eg<p1lA_8x@`h8ks*4&i#<bn
zHue<dsqQ{O=5w*f$b2UD2$|2p9-=(e-3MKH(WZ~xM|uLg*SUQHEqcF;-9>2vyCbnW
zlf$*Q6Wt@jZX-P#yM^*pcUzJ9T<j(?pNZW-=5w&?C{K0wT323lj|{tt^aOULbNd8Z
zbdL;cL1_ZJEU`KxnaSnYiMo3U>Dkytl&8AejLhd^7m)c(>^w4`gEgT%)!lPldC~1}
z>@3m~*qP4l6KJL={WMAwSm)>Ybh<s=F4<PByNyWC#!jL<)!h@wd@gnzna{);kog?!
z7|K)KJ=&EQ>+TVxC$Rd?H^Bs2th<L%n!pZ8tZqlQv9}dH`N8Uto{b$ud8)eykojC}
zKQf<*?L+2su)Qcxb$3r!Ui9P#t3`SO+ugZ+0xfoMcA+$Zb$*_2L$~EpCw0*?VQdG|
zv$5?cPjz=2GM|fWMdmZH8e~2P+k)~`cdNVdVkgecNKas!I^6^lXtwB~C$<r#32cMJ
z>hz=}E=z1zTaWZ?Y#qu|-Cc{!=VEJ+`AlpzGM|I3LV2pYE4%VyyV?q*C$Qz6+b7Us
z2WJ^d6Ikcx`8MnXMpCla=NYgiNYBO=qde8!MaX<Ewh)=m#1<g)IoN!Zr@A|@D=*fb
zxkyi7b2_z8pv6AVfXzl}0-GhVI+vYjV=HzwF%#+8SQW}s-JOBV=VH^5`An=5na{zd
zp*+>ysa<)otBEN{PhgWfw@;wOt|lr_n!qMWu1-&8vc%pqOhkG%R*v#icPAk8xfqGe
zXJR~LJ_jp9d8)gmU3sx>sRZc>tXQIbd@c5#p$Mf3OyYSyo0Gt$iWYUZ0O{FSKFU+w
z%|qsMv0P+66U#y7bFgfbr@EWfl^46%%0zks8{fHo0xf#-gJqyJfsK<~ospbKh&~;S
zr6WBX8;kN(chivhTr3rt&%{!Y`5bHv%2VA<?#hd`Ckg2ZEK#C;d@c5dE&-(pj4QFa
zePXhmt?1bV#zA^E7LW2&cjJ)xTr3uu&%{O}^Ep@y%2VBq?#hd9e`8TdPhgRq+b7Us
zw<$)UG=W7(u5QOoV2j;>3`cr4HWKBj?uH@rxmYMNpNWMa^Ep^B%2VA9>dK4Vfeb`?
z0t=96A76{zfgFL-1m-WfI*~{uiM@9Hke-eCqCC~z;mCY0=7Y><V&2Gn4(5gORChhQ
z@?x)D52PnBcZv4#wb*Od4W$W8;(0!sIx*WOh<>69b3uAG=8W=Gcb$;=Tx=LJpNTml
z^Eud1l&8Au(3KZ^OJ$Gr1jg>%K7kfJmc#5&n!s3+t26Ccwqj=nTcl@WOq8d(%RuIH
zF*-7ziP<3YIT(TRRCkAT<;Bhn)<{oaRub*wYq2wfB}x;Rg~aN1Np^(zt~MCy*_b)X
zQ{6Q~=5sMqWIhu!LFRKXW0a@5Yt)q&J2My}J%Jf?Zl6Glof-5|n!xlVSGP+}W{F)1
z4?=o2ri=1acXg2YTud98&%_2I^Euc6l&8Aezbh|xC9H+?1g0s`K1z#ybRE+`X#(pf
zxw;J_!Hy;BZeOHlV|`Gb>aIF6pNpv>^O=|`GM|I>MtQ2cDqVT8i!EiOC$L@;?c-~)
z6H8B&Ca@k7tF!EFIZ0wy!b(Wb#uQPW>aGGZpNq*O^O=|&GM|IVqCC}InXbIpl`xL<
z1cr5PpFoQp92!a!w0|U5XAnfPsJpZdq-WFqpgh->_8XbcrTs$YGig7O`5f90lxGpN
z?_GIOcWK{{o}hh|XdhpTx=Z_l(gdwtVs%>%m*9$?3DZ6!J)8Ck<*Dv|MCNm8ACUP>
z+IwU^hxQKTsqVh*%8Rxo+8d-NXs<iBPoPD&DQK@ynxMUuT%CF^Z72F18SMqqvuV#!
zp6YHJGM`I(hRkQuo+9%(v?nM}b@y>sUi5~Q_6X?-+Cz!<@wMnJ2kik$6SVsht1~$q
zhP~+71nnNuvuSrxp6c!$WImU68=23f-9qMbXsswub@yghUi55&b_3}N+V#%u6KK&}
z4%#)8CTLeBS7#*Ia79-Wv@1x@rnR6v)!oa;d@k)0GM`Dih|K5Eno*wW?uD+rXw#>i
zM|y(RB+)*;7F|uy&Y?6xJ1em|BO!sX7yY~%?F`bhX{S-1>h39IK9|;r%xBV0BJ(-4
z6DUu0_jp%ctUV1#PtcBaZl6Glz4VWwG(kHexw>t#eUj*Ef>w|8Y}#Rzr@DIxna`!w
zA@iBEgUEai?EuPC-QC}n7yGNd59tZoUWxWmI#F~rLED4U1g%zLb$X($jo3Xh+HRz0
z({`ae)!m)Qd@gMVGM`D?j?CxKwxK-L-K|}Dv2Cda=?U7F&g~Ouv9}!6C{55dORmmh
zF%!kkyPJ@nP1}g_RChNZ^SQM3$b2Sk9WtLoTZ{5kch_{~#m>8{k)EKfl4u`ai=9|j
zqBKF1c%IL;Nw!VmioGLSj`VEWGL)yfEBQpfb3T_Q`9!~SK9eT-M89)BhbH+%zmuoB
zEBQoU;KkmNNj}l<><QZZ&g~Ouv6ucllqP7B&-1D44Vwhf6L;Diq-WD+qde7J$tU`q
z^SLz1C;FZ9nKa2K`knJRG|4CWojlcD$tU^(FM8rmlYFAz*%P#B67Az_(d}W{RFo!Y
zlF##rWDYk$Y*(9%^lVxM%2VBye4^hupG%W`qTe~6Nt1k{-#MQ{o1iP>iv6EFiy*tw
zqD_s5)I^z%j58+c9p7?ATUsf~5+#yL+jIH<xWK;}Ta47~B9!LZ79z8`1;}h>J~Eq=
zhtez}w<|3=*XAHKkuA|Qz7?Hmvrv}Elw6v@NaBdzBaBCCb_PmwZO0+Ax#`Gk=2&Dl
zCk>@pL~2)BbcRepYGRB;)A&~O)*u;WiKNa;+a)KknPN8+5|NsnfYMxBE;5_TL1r`K
zk=dL$lx7jJU1`ytH5#djm`+XmYemN+8fA$n$)%aBB(XDUBvP|Sp)}Vv0-4PXM`kle
zBC|PRD9s{5yV9a_X$Vpi!4gfQtk}6U2xW;tiKUa07}OQSf3-9Kso5h?nrrKi%;x$b
zvzflgY|e0$W)VJJY0)LAH&PQ`otq}GqT}I-vV@1^(ky!$d(qPyccf;!p)}Xl6`9R-
zL1r_Zk=Yz4lx7jby3(S1*N#X{43%ga--`A&2b3l3C6^{xbcX1m0voB>b|}rYWg)Y<
zw#aNI6Pe9npfro1ccn#76Ks&0AS9Z`x1!@Q1Z4?piKP?S3^pP9#G(~avn^4YYiohb
z<_<<?GtH6N95a+=5vE;f(K7%Oq$Z3zH%(wgpTsjlS;A0qX@bR07Hv-kNX^zqX|Amv
zGMhUHna$KiW^;5<nnh@LrA4R1fk;gZkZ2lZlSJE7f0QM(B$iHKCo*hA=Tc3iW^14{
z*R~%ro7)$e&Fq8B=BT4Ii%{!Ii~jDaA~n&wbJGM?bS_mvSwdNIX&Y8jqUct3FQjJo
zL}{*V4`eo137O4QL}qgoP?|-^ccn!aKypY;$VxPgZ$)nxWKfpCd&=l2WpZ+I3dUzA
zD${7RM(h%eT+RE%izurtQ!Y&@Ia#7xTvT+eXh`Aog0=#;{FQm%^FniX<SOMPW*^HQ
zkd>F&l4&)5TE>$Mr*TWu+tUNb){K=)i%+dj)k?`3b8(D$az)aEB!|R>2_F*txSP2$
zoY?rf_`Y%DW1C`)M^A{k6T^z07xgY`c;tpr|BQ-?*cYK1K6d2kk@{g}p|?VrA+v*D
z1$zdq3H%ip9<V#0*N7DVM*l&6#lF{liQzMR+I(ESS9pE%3iaIS*~25ry}^B;TfS?H
ztEJ0S=f}=YPRoXU85ZQY)lq&Z$D!Uq(>|Ns%r>{1%zDTgYP*Q}k?GIa%)sfRZ4TP>
zB{GMcA7Wx%Zgt1X)^fJROAGhGE6u-~hnj6SQ!wS295(4^Jl^P>k)dIkL8}2nf2Q7Z
zJ=a0Yb-(Ba>TJ=G(H=eU;J`iu#`QnbUtg<4^Sb5`jmmyc`VH&5q|fI*Bh)vmV`|Z=
z`&4`PPE|RnqN7~c>uN8no>O}~>M>Mlq2hbR;R@^J|HzM$+asqeJ4WWX%s@PkIuQT=
zC^sngkaL}=P7}LIlz2KrlusaH<dp_b@tN{X8Iw~X0tr{qm%Rw4te)oYgi4L|({xxa
z#``{-$|sC+{i&AjtKe1Qa3Oa5<^H>I48t)!qKCZV-!xoFd@ieJx%laiaU&K!>4)9h
z*Z9eLzIB_*2(^W$M;Td}XeY%CvZJbWM^?#YcB9HMb6x&1ebKSD=d$~gE-ZfXp?c^1
zxm;~u-Bg$U(V^atPD!iMN1@_k(Y!fUv->t~HI^CpXi1MJwd^V0GfKSGrVkE(*-lmI
zhVCV&8&z_X`Y_I%-%w>1Ggo1=TiBFS8*cb0*VHsztX656qNBH7T9tK~JlljR7BlKQ
z_Nni_G@;jJf9t-w#TztCevYk9@rWHxRq2YXl0|f*%HD2r7Jki`#pgGlUgo%ml!W=<
z`f85#6PZ&71v~8?e@9xC+r~dja`p1)(_wkr<=DQ@fi~Wm*N>&GOZsXx|HXh~KQ>cU
zx^!8k=#1BmD%Gw(T=;nXBEuT}4HLhaHs+_Ox9WP_>iy)=KTSOwYCkfhRp~72_Omn~
z`?^-cbBjf?y9a-Nd3$T#A16h^c7<EuLu*B<N@sMH-Rb27_uu7_UvAIQ@Le=xW=+q$
zjCoG|9j~o6oX^ZisqueYA+5?-8KXyo%YGf4JnH7P-4T^7GPlnDI^}Y$pZ$qB-02As
zXUp}=o#dQ_Rd)FVvl~Tr6q<e^SNrW+aXK*1?3VxLQLih$WWJc69ej57L+uTtU8EIh
zou6JD+%$4x)FLhGPoIh|zt~>ro>;3ncj{01dB3#7A5%pRLl)VcPAW6a7m-1Y&7-xw
zPRXi94xN!>zdYA!3_~vX{rps&sSVPKOh_sST6AGoRY~~S_{0$PdX24aqtoYH?c+L-
z<`X+HIEXslj{kPNJ3r0sMwP+VHQyr5OQScQb>5_#alj#3Wx@qp&B`lzZmWssQTaEe
zRr%|L!oFz_!a`Wzr%v=JxjrUO>0JH$j?1dO*L(I|Uh@7RRpn50mF#X*`Pi@}b+f;Z
z?)n_l(01EVXTCn3Ypl_)Ty@dX$qi-JL(fX9azw4CSF()EL$_3~t%_}HJk3&+cB{RT
zH_KRfCnc<(!#Ju+2V|98+ip~8b+T#ao|UiW1ikH<`C-DAaSBT{Rb<CZkXu~7(my(V
zuZ*-Ri&h&q-Z(NP%J-@Dj3;L@ZYcYooHT4*;n|u~Ue{0GpR<pu(jMK*?(C1`z(-d7
z=nC7anh68v_UZQ@I4pP_(`ze7^X8UG<dcLM(yFXjSh%cc#TK2i0h#lY8eVFg`S@_$
zz1;H13Ae8OxfYqGOI686_p&?t<Lf)BTi;jw+HaXEJAnDw?@gn6LG_N1hKr25tJJ=g
zOx2TCrC(Lu&ia<r<%VbdCpTX?n6Jsc<Fs<;O{2ag2WRb43L>Z~?a;mK&i?qrBEv#g
z>&MiBkk?OI{7M6Jo|t|;IwttZXR8@Am6P=+ORKWqZ2wD72le!64p^P5UfCgkYJoEG
zbB5}oUfMx%r!~S$sVZ5>D!a8mF7Ymoerfvf`1=!oEaI%UeO}$9nrkum$3C;`+7CDW
zXx}HTN}1QYjG`O;Uj@#1u6*LU@4M0^ndOl~M^2pZ!1Ke!LGfp)Ds8*0lK4+f>fuhu
z71!$1!fvURd(F5PKFLM@c!F#Dm$00R`NL}>mu5<<^7ZnX#=5AgwYRkGe71Oudg|+b
z>(6kx633fA23GZISbmPGl8LUeJG~qkyuabL&8&h#JXe`rF|W1Y9Widc(}$dg&3&s%
z_bjQDR^^ZFx3zAp=(*~R%Ov(SYX|1e1)lRv4?L|M5n7_`wn~mkZ9NRht*7&6P`Xj1
zWAupCIRP5S_r1OMGuL}{U(4sGrv}`dl+tr%#HrTJ=l4o0vUU6J#2;6l+&NO^=r?Vq
z)3#5$P0ZiA{gd2Czn!6<BzuG^l8!90JDm&&O)e`Qbmn^6`@vB|7rNTU{m8laIFD}b
zP~_4W?{oFBv?8;2nH}0X%gdKpv^L7+*x?ChCvSQ-&~jF@*5IPuSB_|(q>i_Z<nfmH
zJWe;N^j_QC7Ua9b_R4xUzomn<X7BcVxYAWAbz|YIWs8m~J<66=WkboXJf|%*i!UcG
z%xG<Td64xfH!DNOzAZAS{nPiN$|$Nz0$pWy_Q(C}r{B$?ZKz*-WprW2jY9+a+}v-m
zuIG`{k9L~enzKJFOInp{<H%l{Pn=>mPLbdHY5iyg#|f(p4g2og`grm`4`0mu5=>P&
z1X*Rb_Q#&dCJPFVU3i<YC3W*%-yNj)n|1|G`?|u}mURog4)({TRoPQ<!qnW{dA@sG
zjV@hLwCum^kIn8f+>-Ws=fK-_Zf=oOmDcE9c4vPan0w%B(TSYfdraeh4N<!Nc6j@<
z(bKJziEq1Sc@I>%*eb2cD}@`HbdNkwJ3XUp!28!VpY+be<<v)%1neL6$6;x}JN^;3
zLie&e`{T;$>agV#)fcq?>DcV!cK!gVbm3F%l#e%fmt98XJ(@9JT9uEVO<)<cjx};$
zoT!yOZpbxa_5CwBlS1sYqIdxt_Qc6jRa&BZ*`58dig8n?rTlv0v&x);S@eEAD*~oQ
z$L-lS`*wc++DL-~_oP*M8uPDOx@BsIlDxw1^x=;$ou1jyzb)OEFnSd1p1aNa4OOKD
zvdV7lkFA^5mD-dKa;<+@W!y7w>A)(FlA(ik)vbLHwz8&TV4~Drygf#<=bXm6i;>>L
z!yO*X4NqPWZKU~e*SR5;^mOw<9@D5Q2X|Q|=RY~AdwkPYK0f_CVKyaVcJHa-lQ!+z
z+~}MWQ8K2jNzebj{c>qlMtlvBak|!zHFIS1$-_6SHji5qZ$4n#uiO1sTuqCOZsxyl
zGe=k1onGSoT3epb7&TKr-SOFXzg%{6^W+|_yY$P7{?J<|t#@jYR;5?p1`Xx3Pi{FW
zliOYl9>J(RxGZ7x-orZ6*QBNw-I(x#+Iq|+wjPO35q6`<t^Lbmu8$hT`@m$!$iyDc
zE(p0ctUNGD?c1hpUbBXOE|6Aa@UJ1<AL^&Ju%G<WU&Kh;#oVrK>&?5F@~rxke#Fj;
zN>q`i$RfMbNy8b;9*3UZ%r`ISxz(iq`05qg5BMkS+CC>huK8!bM+Q>QLzewBS{nRf
z6o%EaA75Nkq32lRJkn};P}TVLM;_a)_RXM<x5>X9@6Mm7>_(OLSKW2fF0B7yX!Yrz
za}~9Wo8PxZc0BQND}Qel@QTZ{l2+x71p}&Vnogcv^7_HqQrC&v7q@)YpvTXOvW$PZ
zbi3?VGpb5sbd}xNAIoO%?|-wY$JnANCk}bo`8^66QR@9``gyO46VnvuTHJ`2R^{^9
zN^X8RuRdYlM$Op&Wc;Qk-)BvioC2qeI6t+uSKh+aRFy`^D!a8mp4(@qfBDzco$>A}
zD{$;niE-e(A0LM3uDEw3^yN3QEL2*R`!#RuTH7YSC}!iO_MM7PZ!JIcu{D0}-kR)(
z#i4cW2j5Xu8lrpIo&7OXKK$XttQks2j?b;9E4XQ$2!EdE%dJ+34}5k!e*TSSX;r4=
zZ;WkTv(%;Zo~6;iR`M~e$-mDlo!@5LKR>&5u;WGpRiy#Cm)+SPO@9n>l*1a;+LS)Z
zT}}R#_vX_X(;a%gePT-9+5Y-aT`H~06OotOt~T_nf8|XS;2&R(>v(KA^Lo>y-;K_R
z_cSaPxKdT>qkGw%{gItD?lE>WS$3G+iJ2Eh>RYI0yG&y#J<r$O+NUA=MxoTZZCB$L
zhVPp_c~sP}rJB{cR!jB`xOM*7!4W%X^3T<CQ@$2bRq7$D?AHFs8Rs#%#Vl=z_Ke8m
zefw|P=`!s7cx@&2pHhqY%FHh(CQ7TaW`%6|F5j<4Z)$Su{10*uUoxCswe(nSYp_B@
zwT7Le16AdqE~{kxCnxoS2Q?d4v?%s6J@(6N^t;;cGdg}`ckHkDUVc)gD6x2{)Lq<k
z*_PB%_cWTu9r*H;2+3QOqWA1(@4Df8S{pyxZ?QeX-ye0+Rd%PB*$WQVo;CH%n4YP2
zwd6)UAy;v8?GBUOd$aSaS-aEreUnyYeon#Iw}vNM_Nu48(4TW{k!^P0El);_csFWL
z&AGA|jeFGAqa(TXbp9N8H;Q}~7oGi)F?Po6t91d_Ml!9-nRk^B4a?iL&;0D;%I9U*
zr4^}sd8P67F}#1WhOuJeeRN`;X<6D|iH`iZD)#cP1KI2*sz_~Qk=^O!AD1yXQwL1d
z9puyWz%}-s-b=2ED(6S_t)^h_y(=3}Nxc#uc=zUq<VQn)+s?pG?zeV&>`_OWKRxRl
z)Tg+|?a3PLan$i1D0#dkJ`>-KD*KdLT<xWK!X!hbao^6vOM91RFJu0qe_1?xS)<Fy
zt3#x|Di3@-aN4Kd%(;GovYyg=&yqXOw~QQcI^(#nSDZu9C!hUPl>^XKc4vP)nz?es
z-7f*3GkF{7dxu;z@A1Pvs-<Ax{2x<xJzuF=eOy|V(~hO5rP5cI&Me+rk-g=>(ieA@
z*Twd`G*HDRQ`Kpr4gYGQKeEbh?T^FgCze;WpVO43PfuN(7ILpYYucKds|(fA<2aSI
zmC7p8s&t8$z2T-jcTv>6n;V`_)-ONX{<`dPYfQW0*W(YKb{uS>s?<XFvOD`@#p#C6
zs`{(}<wHIGas1eX-99n=tT}0t&{X$S)wuEzQ(BdG_WxLTZCn6zMPq24S>=Ak7M~8A
zts%|o4{oe8EWdp!fT~gx-OKLmkKdHb$jwKY?tNBVx^rvE39}{g0T#U-CkN|1GjXt7
zc0lU2_$lr{rBfPOfu0YuvR<p181KltDU)@iUt45!&tY{pf@e}yYM^`Bo&8ba$ZzfR
z``4_Sjup53{8_2?vTD2j8SSR0wwvgClU06~NZolBx}JU&Uo%Z}&9mwCQ(n`b*PHFQ
z6fkyrOI7x-i)J&<P*wIrR@trnakYkfT6xR!jUJw34=c@CajJ*mq`j}lJoQV6oIx(u
zoAXRsmAzAarj|W4j~xADfj+nT)pXA%O{Oy@w98*ober|`OtK+WW#2BV<o+io_1CWp
zROfv?^z-U~s%-lBh}p@HB4!WBSDW)9&OAuz_)Dqp+f?-p6`FUmnr5CV>xZc{*|KIN
zs>>zs+EFslQG3pjqkE_-`=G1rPA|_tx|HFCZ#nn8I5%$CrX-i7!-|9V25wHU)?Ke%
zWIA+;v?^n6l_xbDpR{=W?0oL}l%JZtzWvkB_~+-*^VjY&d1=k8rnVk+iLFQCCwaP2
z<iz%~uBEE=N89WAE$v;^cbbawtJoI?UzSgDd?8;Oy>^$hB28pBeD9+ean!xp`S-la
zOQdqv*|@$dR3b<9-w~})^H7E=QVm&TcRCs7y8lj(=Xa`HF0Lzkz2%bOGJVzT9%&6H
z-w!?fZGLiLPpQ{DQQtprN&lKPVqc<cT19%py_J6Eu{DpkFkZ!K6s0`npVL+U?Ra<o
zsiyASU!9h*KW^ruhVTCrGWwoP`1y|#t4i7a&&*?5r;gJs8)KzjO~}uE;d}RZ<j7<D
zdlvT5{8i?mv1{K&7spRG4u@w4yIiNL?2WFnJNu(S=4ulxu5xDe{;%I=Ype>ARorhs
zyLA<Nerf%(Nqhb4rB(Ta(7!b2^J06gLgoZ5?dQYvZ>i1sMB8Ssa4`1%+Uhv|Ctp;M
zRd#ECTr`DXyzO21V$GmiK|iN_Xbt!jptEuB-mU79dv!GpbaSOuX=7ja>P3<aKC*uC
z0Q^eAi-B4?{e14_yYHOTQPn&6`ZB6YWpppQvp-fPALpiAOKF;Q?BK^)T;qkyt-j<R
zoLM>U#xdjL--4I>N_}P)?<_Ml7OT^Ez4h7%lbI(MZ*@yQGDzng-v8iZ`jIOB-L_un
zUUp}H9A*4-eZ{lzoQRrF{kQ{tCpLxOyK^*!LHEE0#QfM`u|!&xVNXsP3=I8R7*g$Y
z&e7gsPF{j?Z9wd7=fT!T2PffYv#2V2qI=n${jn@Kn4_9`aMe6wa_O7#>#x5_`>1h$
z+u*|QW(#9qO^&=Gt;!?J6U;kW(MmemeYf5m|Fp(*!)Z)Ib(PDJFIf(?Pu(_9RrWwu
z*{%ICS=)J6*_4@M9G^7|{IPg?oBDg2mi(bTFY=5ZuDthUTb{Hk-$t;apO1-SI_|6q
zh+synvt<A9a!RP#c|~R@R<1GW7FDHEmsKYICnxn;r?2-~@TkG#3`_6qlB})Di<fgA
z`)vA|pE=!ZXH@#yAJVG4#2w#SdiU|J2Wcg3A#B#IpTTd#_h~JEalqSrbcln^EUHRH
zbd}xd<u0XR?VIvUS}js$<~)0XZC5z<?N`m#H?y)Y>10nDvva1jD%X(9N1tA{DKt9p
zTHj&y?r)smf1UF7u=7NA$Krro-$@qK)}tV~^>qGO%x)BU%G>F8N8A1}n|1YgUwLkI
z11lDtelc|@;WawkKQ!F$i?kv~?lP@Sxpo(8E)Gcbs(nAp-egcmxK~HyUiFY!eb!eh
zQbo!mi|kG(S=;N=4?Mln^tIq|n(qhVNJ;6TgY=xjbBjVY$z|n)OFa+uncH@8>e$u|
zsg^rVSUI;{ZS9z^IXkT5=Vj9^8dq(PrclRQPV#t5{9I}`s%*P&@^k1zgYRQE#XNk!
z--sr^kZa97FgQlPO842I=|xr2s^orJJLE&~9QmtDI4uPu#`K)XvX8CQWN80fZ<N=2
zvg!w_N?CN3-P#}NZ*vz;>KHgLdDA_M358Wr!6%Hj|EN*_qNM7u_M*d6X;sc~48FQ-
zNO^d!kCB^f#*3CEYpTCBewn#2cSlKCfs4v^s!ADTmEGDOJ?A^7HjdF6oxM$y_k7L9
z-#L4(Wo0XTYRQsaQ#Ip}%YA888lG5lwRqvcYmA!0hesxE%vBmz>hNIGx9<j9ITp@E
z@-bAEIJ%eJ*&jVjhCe9RepK%6yZGn&+L`5XE!@<}Marr-4qTzXTF(0@^_f|=-;k>x
zXSOj$SyVPhTv3%_&U7*Cb;LBQQDf_H|Kkx<l^D90-Ps?#S8sd#wYjWnZp&R0hZ{|`
z`qpz!l@B``>g-_Tb8Fe315)p{z3%hJ%l*Q`Sdy{q6D?nM((0M(dXIDQxmo^#Iaz+J
zFI6QC-OKLmkFR^|@^-mteY$+@YtEbxPG&JjT(ttGsSZ2-yJNxTiRYw#ZcHmnGx0ku
zV3Ujck}GOYu9}+db4^=OJZqDQl~x^lfcnjH0}@$e_ddQ_wYd2~#PUl^KTe5xQ5G}l
zLD;fh$=lu@yL~D3<?~_2bEOp-*syfaOgVe`oaWtCO#Q_9M}w48?T<RQb&NVXd9H>p
zQEtHNvdI7F(>Zqy3vR5M_-4hj+ESYc^R|hxTYi;}s5`4_dDMB!`ozKGq!n4|K75;1
zQ_u9Oky<b1D!way88Cj<J>!RmrutucRI-L^Uv5x_F0wnFEX&*atz&zEzS~ir&Vi8I
zAE!Qg_q&g(S3^O@^LOc`IftYbiMu{?QQB<v$Nye&Ls7?~`@FDI)$TTl4udot)_n`i
z%`Mk2mDqM9ewe-+HD(=Mb$rXzgj;3<k8d{W9p5<CdXvtHxr$>FTdNj&u86rUt;P$-
zR;Y4{+6YgXmaB)>v_5s3(4uXfJO2CH5c|r;o+V$)^-GX7cBhY@b1tUpyW9*-v@2U@
zRJ}ON^!AF!hxLZFcn8X)S)ZFB^~34Ev(C?++}0=OXMg)w9&IH-wu!@*Z<*aXd*=IA
zW3%@1Pvr*1|8}rD|HA^^x$AOZ!CrR6qeVCDp4iA_j|&e!vpV$K64{J*C!W5}GdmR|
ztw<~T;hOs{2HTb${kr3J>Q04)XG%)F@3;r|cD}PFe0{I+<pxFQBD=FOo|#nFc7a>t
z?>EbHh`x4_S;<k;(O1`x^Hb^Xzxa~Rr7~$nGDbE`*l_6Pvn7-JaCC~>7k=rDwU5@H
zaPafoluL_Z1CEp%6e5f4*1ovxwDRs^<s`$xqy=x@DZiLG-ucxNj!t;6Sx{wC!hx-|
z(uyowa@_Cu48M@Or<Z$-o7!YP>F(+0``26<VSF<1V3O%ChjN1gbSJyBEgmwsIe=@O
zaPPe0jhgWKM<c%U+-05>aw~MWT>6oWAE8noG#?7x#g5%wwKrkerBAGZ2ERLqZ;onS
zS8r9E(lxgJ8g{4LARpby?(B-+lMQPJ$l|wGTj8$nv}^V6t@?b)!>3@I($(`d|HwDD
zN$q6q!&k@p>!(^(PF!*5X8%!h;`jVio?<}`C;iU$+#QxzZjguWWOp{jDYHgLPqx?a
zuv1b0mb7h$_t%jhXZNpKx2VAAszyYds++VTGp~^uUpH_qn)9waU3_kDQpG!bu<n(k
zuhS~cN0jmmAD0{CB8%+Srda13w(f`dN>$ZoYB|5;_2<>BQ%tYF5xt<2`~F7I0LN&l
z&u<y8Zl?!)&m1=|;s7gs|1h~VZZ9)ep9yj~7-l-ZP+z~?Ag9YB|D#8acCP-@=AV4&
zRAGN$-Q3wvhJUgD81STIIDH1MXJAxlz0^097s|N#%2VGZnFsyB&BO2C`<OT>c7d{%
z=K931=^Oruq~2a+ql@fLCrvG8D(taJE}S`Z&$Hc{AM~tN2H$JmudC>6|3&fIY9d%#
zk?v2l``+D?W$67#!}zYkTdVxXDtX$kmgjc#3vBPHADCROpC!5BbpGd1x=~|ob8Pe1
z>1#rpJq^^;FZt<i+h%n?sba^TXRPN}dzi#Xz3aQI{V=v<qt7{`^BZpr|1wR<KeA@e
z38Qm?rwv~mx9_uYNV$F{vc~T8(c)a&<C}ZUA{#O*ZRhWp;r3ZQYt^D+nV;?vHe=&E
zG`P}g)ExRiJFmx4-)mXLHYWx!u|E}0mZ@31Q$J<g?s;`piA%Y`_<uXto&RZ=ZWKA@
z*BiI<J`R88I3I{S9=G9IxwQ^=+r!IbWm%gh=cw-_sUM<lSgo7G+w_bz)9SbtyYHv(
z6E>dn49K(4PxW(9TV#_~Zjga4vOAmN+l(!HA5LF5rUJvPj?IkjwX@+~MeMzRsPh@A
zcMQX?r%SyKb6DR#!(VsstULP-6`naAIOPn>YP+MeMKaUA;k!=>b?q<?S!B01#l+)w
zKN55oobeguF#q6hvk9+rH51}<rwrQvH70wO^+u^TrUUanUEb+;!%v6N{&~Jm!JPYh
z8yoj<qiSY+n_T@fztpzeARXPw?re&Rm7}L*=U6ISzc>CW-8`kR<kL)>Ken6d*DagZ
z7GDuPTk6y0_@t-DhrAfD-J&8tuVT`gE$&l?zq9RIJ9qVp7a=ESye&5vi|%B1HpTai
zFG^1+eT&WVxmj=3v(K^b7V(XXrwv=NEd`(6^VEB9X+@^RwSPYU*`AjBx`$6CcG>*;
zB=c#D=sg|hz8Pc8etxNMxj`Dblik@APp|yhvi`=;)A_1)WT558jYhsP-|j{pdACC)
zPNgV+r_^V7&xeF(Hx$u+*%<WWy-5o=X?E13J#^7<r`PA_KK!(N;JR{yRAiCe+7ut1
z3LbMU@Vl&*EU$^4V8NTW{p+12iy9YC{q}UF0dIPev?BBJQna6JuP)j&&82tX`C)E<
zWP9iBT=t6luv8`Kh|9bE<pwET7Wp4N98+|1**?eO+zsY=$J<}S1}&7cebwh%tjQt8
zskef9o>Lhut;q7i(evY`oKjnUGo+9ADP8xW+eQ}zWYX!^R;ScgwSIb4ZZHO2WOq6_
zC(C%yy3K{VcO9)+==r_+11mT5`-A3Qbx$YN&zuxu?kugyUZuYy8!aziS~hn@v%!<?
zDG`SvpV`YVSMRv3@G5oD$8F{M$&wpR=YP<u8#SudR2F-OUA2^(M&EmE?ue87gRdFC
zd)|A59mDLT_k9Z=X*C}A3+h;{KlEbQy<fEchlX_2th8FIwnamB%7<4*`#KE!mFp)V
zYwS)R&3DCWZ7J~Bp#3dBD&OFW@`GNZ_x6k3@8ADa!lvF1d$vle@vH9IoB~6o=7jKX
zFVBw+s{ES0EN$(0x3g+#i|@!DsCF$kNR&9(lK;3@H;SCmM>R=a^LK>9yCtu*&s@v6
zJiGeJDwUoWOCE;(f0Vs-TNU5`zD+kscWywsyIZ7FQjk_sS{k-UcSwT>2+}FiAdQqr
zhlsRN0wPHH+wbpv|Ks>Mm@SXsJg#BSHM3@|^Myo{h?@v{hU4~>EROkiQ9cq56@CL1
z^sRU&`jCJh#=$J_YYpP{IiL{hn<3#TMO^YJ8`+U$wKT#l#GkL0=h%Zrg(6+DH$oYF
z2?_#*n!q4O*NJ?%NKtZ8h18Xd<=0Dg{OuV|Q_<_`7Q!1}u%n?vAyzj+!c~eD5hz(A
zHRL~5WeBSx&OO@`j}OW5o@^$}g#1n*9F}whgY@fai6_M$+hBdpCpou?Gp*_R1($KZ
z{ou`R0DtZ0H|$V|<;_XLQ;K~<Y@<J>ZnyB&)#>YSBRxu?K<+UbTvcMPs0yWjBl{Q(
z@)LVXqq;fAhR(TFnGv$F-^1N5XMyC}zC+(&hX4+HY$(Ly<|N@M#qP#!5?;c%jZ*ts
zD*GzDupur)%jH)dhF?vtIHdHH?7<)rKE8J$v=6tL6d`wYO-_&0wOIJE^ig#_246&{
z4PnX#3VCpIlJJyb9qDDOQ_<q_KK+Nyf;SZ-b`&RXl8}{}w#QwKm2<w2fo@NgIX`n4
znI^hsR_z)_Xxsi8)0bW$DM|bDO76~LP5oUc#Qa7`xJvQ&MzPB)pAaW9x!=*<VM@BZ
z&xJ~)Oj!I}Vs=Sh|Ek#oJx8`UGgxh9&bxoU%m4hu;VEv`;@9UGMb14JT{6OI4nLs~
zv;PVCPn&PX1|KKWN+@R0bP+wP+T3x%2%H=-vk%-T9Q^c+Ar~bFbR$!Pamw6lL%Kks
z8WzRYO>P<cOvJNB{qXO6#TdT`kaeJt`!_?vlcZ;EcDjvl(!0g;MReAMuUO~BG<NJS
zg*vI(DSDkx6Zt{+F&SfUt7~6WYq`s|J<YijslwSQz>w_4t6BS?m>+jW7Rq4yXW;;q
zgzzw~IffX_+NA67^6BePv6OtGaC85z?dCnPa7Xy_I(j|m6E7e6u}jk(rq}@96I8Dc
zJs*6I(Wv_FKdTH7c}MI|`vl5haw8*LC;uae(gUkWIoJvCvS`&8@Y>S-W`2Y+zODUT
z?vz?L%mT)U?z6a@B~9RMjiY8LpDA?vD`UjL7+HkYIU}`e?;7R?6k`0>#r{*z2nXc*
zQR@p`aV74q4Vz7rLewVp0+R%x(95a0PH9vsl5Wu7cHqL=Vf^fNd62wAzXefDr9Vr)
z*BOGi)7oWVZwl`u>;`0XGbB8vC>bBd_}$rH1sR2Aa;aaFc37lu_a44$k)r+flunWd
z=(<4Q<EVZtg?N@11Jb{{>s1hI-N{D+c-4QF_z;oG-KnOALJV(&gsT)&7O4d1h;HAh
zenDaFCnBAn=$m|du3R6-F0dx;d*7=}FvxwoR$g60?5`(32m`P`oi(SUnXm5d<7;q+
zpd@h6y_|<a3~o*mo>GkeT$}V<g7kQX{Ea)#PVp}KyL>fkmPdWOcnps!cCSE9E+wPH
zS$94+IBwi>R@bBIbbA^+t7vqO;J|hN@oK<B4nHX5-pxtEQ;IzGx23o!1hJpI#(dG>
zshEz%8Q>VrW<n;QN;fE1yh{rPdHoQ(yUxU3-;Um0glb7~X;}JbsQq*M{pcmcSFweU
z?m!{>Hzx^CDV~QL6+~SMIh?;pVQbD!GIF;JFH^DlMuaSn==hL0um=pXJSUW7K?kX9
zs^@l;L&k2i7;CeO2#(`$5hl%A^6IG&6ry({BwVGq+|YNzz)qq45lf5xId+k~Ea~A~
zhAXAE>3JC&<*jH#Fi88SEsw&wnOWQ!#yJzw4ht4ayQ9k^lDZdS?!@7#DXc;vy8jdM
zpS~%Me0xaCuCj3eh0dYeX7ky9sc`l^;l~i}w|mi|R_&Ld?h%wC$@kJi1=@;Rk6x?{
z8^$j14Est^dokYn86HfV#ybFo=-dnmPm*b$I7kLo?jSDX+8-MKv>CpBX3PJgEIFxL
z;Z2Uko-Al7mM`=>VN_yS?L3tz(Wu^|?Y@;5fkbCh#Adg!m-L0q7|NgxESx{3vhdu?
zNe~4lN`!=yBwdvYn~v(K?E1?1E_asN+(LK*gHJ*4<=0i{_aAz<F+3vKJmc;Nk3kv7
zZnaoXh!P8yd1vVSLLADVbt5BOhitiw-?9%)Tk>5PMiXSYJN?)W5^sH>T>XmyT|+F&
zSRM3YZ}}x63e@sK?<i|Kq~iNui%569zRwy<QqZAksh5WYg=hjVHbAfo2PD6H)4iI<
z+GmqI0u>zyi0b!6O%w#Ko;L`r7Kw22nJs~C?3E9Bzgj~#@$R(TJ%-X*LsT_R!%s6P
z&q|arJB_Cg1q#u)84{jSB+8nse1dp6#UK7jWz<ZxD<_dx>0DAKGR#hQM80j@01Ptj
zfi@i$-r2t5)X4ZfAII~!73WsOhKIk2@xB<V6AaTrA?i0m!c~gRuURiX=XRKCJauVV
z>>A0+NJ`m=@=j;Be%Ys8l7fZ<2ASZJyj?EV`~Z^v@z>p_%Ocw2;dhnTA#Kp$ESbq(
zx*t%8+RaJAQ;Htg2aI*W_m~8&oFr0MvALT0vVJHiH=G}4pA?4+-v!+sk}P8Xg~?v#
zbHj_?870Z6iAF4G6z1ED2mG!JDl16Wdr*k#%}K&jiW&w~I835<?g;rHHCKxdgs!p{
zGAxWB|0=tWoOBgkkOu}SPv9X(uc$bmL-_MN6_I75cHM;65f#G<NBoC;DGx;_6ryr-
zlJJxwV`fWr-6?v~sX?ZlOV{)KQt!eUnU~z@PZ0Z;f_}<@E}vqmx1=CH6F8mTO5YC7
zA9g64K*I2%LGje=@_mjo@u3L{xqBldT%{;}INXzeisa+Y%AxIQU)-Wb<7!yLK=lp3
z;0<D(+$HF(d}L10W)K;BkA6;-kJpDlM0i`K-AMU$?$k=&TCpK}G!&xzKOz6gZRWO9
zFu*dqnW-^j`bPi!CtCactc>iamfYNZP6GPs7-=v_#V?AGb2D+f2tx`)8!jd9?_DZG
z^HdYXR;~<6qW*E8ppZK^L&B3Jj_(ha^>JnCz}fM*XB3`(zf68b<1wk**)yik28=>F
zK-YmNN*=2Z9N5Y^S|p4F23;W8Yd*HD+kjvOQop)Y@Ldtgpadu!fEFAM#-1+^TV|HW
z<lFZVUN;>jpf{X-kix?Bf40TabdgG81G-qg#y7=6!&$FI<5>u;&qUkr&1EZMh}-e|
zxzRr_=In_GWl+445uO~kn58H!Ulm(Fp(L{XXvvh#d)Zs$;EvGYjMRoq@Y=BqjBzMR
z?+aqbOLL|BZ!nxazq1rq{`y>qq?<EbLcfOck!l<Y0jes2igY+2=lwL()Hh4Y#Qe@|
za*030Ii1dhWBTAo8~FA>%+~wAfI%J*SWng*rRolmUHYfYNDAmZMIB1(aUn41w>~Iu
z+uemifTl{Is2vVS0S9+4hM4~6sZCUV7(%ApQtYN*Dn5zOJm)9=a-qdV2?pt6XhPF7
zzWY0SY}vWwDWxt-tkfs;Ly3S^Y0`+N&1@}D2vAfB)WyRAd1uWCIa0QA!5yzsT;=l>
z2IEP|cMg0xVN7#Abe&YQUQi|AykNKN>|U%{G+|5Iibj<(QDps{tyKIy&$sMP18j4l
z5TK_LD6NMBQs?cjiq;unimziD3?ZUw)6~`$xDu(C<L{>5br27xp@SxQioE+=KfibU
z(U~J3o9S1JZP@_?WGaHBN%3Ipi%e%I1gNP5s`KH1)bD+Q|2EH&y7DJWm|*Ou6n15s
z^!24!>fEKk#epFqCD3Ic_Ck!bD@)%^@z_XNZBxy{5|f|LP8S3wRku6tV1?{JA<{P|
z2~R0Xx?*H?;Yy~Kvy9KZ=u1$5MnTwrn3dFWj)yqR;OPm2L838omR=6qIcj^d7d8D#
z5SGPK?>pySHz14i{4s>ySO|qk-3SR+DOywvdK|sQtL`R=%zUKnaV#pe5ukA$^D0$N
zzyOy|5cIfeleFg&T`m3GDl6KnyOt6(SoW+{W`l!Kf^wawB_vqhPzcac2^?ks2PCIk
z<06yINVAHmX&g#HZ0+Rh359tv8NFG_@`4?x73gl`MzUP3ND=;(MV>@rm7;@}&(#A4
zpF><QrLJt~vWRRXpb(&>5;#%;4oKPUKt6SjYa#L3$7Y&=fv5(Xn{8*z#gSI^{7j>v
zz87GSQUXB&$-j8(2GY(h+wbyNb<h;uA$i76V6vHT3!hlj56U18ESx_FJHWyCt)y5K
zA5*y*3%k`TwR`$n&}i7%DlKQjtFXEBEZdj@^bv^o!IZ$stAUgIkN|PIjd|K%diNOu
zh+_rMtuzW&A$Oq+VmC6vlcV6^q_Y!hQ*lr)HThI%n;^qOs<ld7B;~RGk^ZNqtf2Nf
zpN!v>Ygq1x{L?6EZA-ayr_Zq?v&)ZiW2LX6qP5VJpb(&+5;)`np5Jy(ZgBrxhtQj?
z6|Tyd!bgoxZsNzjp4S9Cae=EEB#*!#30@y%d|TS_%p^sfU{SDo3l(2KlR}+KFbT|&
z{RoMnfkJ?KO5mssI3Th6DQmUmYlYaZ$Djchs7^~7_HEll@3JO;33C!|-2#0~duxyu
zo(e6D)A?ylT;fhN`*@=`5$(x9bIX1ChqE16notPPP6-_N0SBa7&RH1C7jDP2sm{EY
zp9??Vy7oqwUVBsCZW=O+EP@UC61L<}5E9_wSY&avx{`pQ&Naxs5&x$DF&3-BUFA59
z978AsD5nID9f1Q<fpP(@`=x36M9q#>KtAqo9b}OJ237BIWH~2=jAKmDud{<wt9<OS
zJcE=mWj)-Ol{z)TYyz(eWR|Q7@KQ;rY0IDxpqmmn`~(ijr{*d1l+aHvn{?<<&I8W0
z5~rq&KU9b=AN1YFLVj-wdV=j)CJpuZyQikDWO^P6M<#Auj!}tTq6C^B#`Bk^&%B1A
z5P_SMgr^jXK6#yTM2=KXY2+zI%M^YT`03HLd+<Z#hrF87E30D_Fi8HRed>;wEN#>m
z!-6Ay2fd$iE|D-ibgKr3WqrsYDCkfK|BaAvmEte5w<ZUEp#scAVu$5OT%`o=rQ;!H
zdvo3cjLbT}6xqNaLl7V3BTn#XyEH#C4pfRx(9l9++`caTIB1&M70%UX421yIl)!N`
za6pP2S6l5U>{01gnmrRt!d=x?S30g4{jBzkaIs&QV*^wd_34ZyPhWmH&eV)dc3g}D
z{gy|$L#mIM)I4X3QYABi859CEQ~os+2ON@Er5xvN*7qU$qY1;?kA?KUa(-J6%0;(V
zH5c4fCQai6-Nf>Qk5RIfI6H~gu)%)T-6UQQt+BzWFx4-m`gYN@LjaV42Us|Nj^=@b
zQ9>k;Z92Z?uvBGP1Anpuuh0vJY}|6nb=odxIuI)X6^yY6n{zjnY29;{11a#4SwRMR
z3yn9n8Il2?RQOEvricraf%`^Acyc^ydN*o;tdTnuzO}0k4ey#5O4eelzh~9JSWG&r
zr%48S(pR9sWZ-b`B;+mmTAE@(j9aO4W%nLE7w(G^h+q<ZIurtwQUb>m!2vmmek56U
zDEK%s3bma3z(@ka4w*C(h4bhM=7*}M6?wlw*DkUkzXftK`i&G<{eSB!-Wr_FiP8C4
z<%Tny`_gXPGZqQ~Iw^s}lHh<WY5Z(l_W>nh(mY60W~d>P)45{}0q41wzOI%_9r`-x
z8n2f)+dFU51IFvn2m34O+g-$F{+Zj;)x@{XBZi(Zj-^5&KqVz`WD^{akXPOsF-sm4
z=|MH)C-mjwJ;k>jkz8j2I)m7zd#15K_osF3P2fjzJo9e+Omi)y6e^-U^R`xC)-#BE
zL9my?IdTpP0U9ZRgQMVp6ph^6B8y*5(TJj+u$tNmMZL?<n~=n3m4vXv#q>-`0u1t{
z#?{rdeyiY}pUFLkUC)do4vP=RwbB?qC)<{OjffkALV!X_;P@(dcBqYg-?zJ+z&zg}
zjZG_CqT%FY_Em&*y1+cQ`###;JkXag3I5I}?kdjnBhS`r&FY>vrr#~Ccr5l>Er^k@
zeB!=3tQ1*qP7<C{EGhovrPG{Cioqhd$37ttDaDL>Cb#`fgwLz8Oo~Jd5ezc)7K?#D
zX+ZWh`5V8(IuQxNE4p5YwMz?=sw=t{XA0~=jpas2xJuDidD~z*W67Xo7@gl@S3i4H
zkreXoqdD#2Ri=O!TD2A!WL2hHt)7iBqGG4dNJ@k@Yf1gwt)0&d;U@&t39=$h=THdH
zM+qD#1_vaSe6pM-=4cY{lfEf|2Y$5#b(!2T;(@eP{96rqwlbg}J}LF6UmiT)9C4m0
z>X*!7k_eVN`pDe>tugkY<?IJ7@+l|;sG|gqHG^kKe;0FBvv)(3xs`T+z-Tu~35zP4
z)wTI(%6{A73BBhO802$jHmoXL!rDg}xw%!1a}`p@+T<~t(zn}w=RBe(j=+O5FaZh&
zFkB5D#>Rpqs_v-Psj;W*Q_4}{gL?8J2*LWp1PNBl8hB4i!5FJ0Wu8V>60WtU=__re
zKsvL7NtX1><V(76p0LX5#%e+t7;j{RC&vVflwFyebrWBwX6DeR8}kNeGXtwXh@V{s
z+3F6xIOhdp98*CVTBrz`%P}OxGl+9efyAb&P2$fUA!bUZFG7S{p%9>n5;$lM4oKu)
z<cb7hT81kM|6A3T?4h&c9Z8W78egymHomAcMGFFhG;u)H@XYPi<Z!p1I$jAK<A2@T
zHt-wo;Y|DXp~)8<5hw&Gq6Ch+g9DQ6%)ZLe%_Le*PriQr+g(B?=D7Ru>j%Ly*|fb4
zJSd=o8`O&5_fN~x=1kM4a|FNhnlE5U^f|cXMhkKU)LLkoz#xGhO5o5vI3Q~fzPx#D
z>Mzp{bq=Gr!`iXZc%<4c`;qxVx)H@ykq^{h<>>`2^w0kM)ud^vfmLns(wS8N&8ZG~
z{`c0l$FT&W925f7Py$E)!2!wg{(Ci%PG8cyTl2RbOyQLkG2V(4_^N$Kqp_a$weoBY
z^mnsVrzjh(+*OTIu%trvaM`$Jt;)AGC17p~hru0!rwWAtEtJ3kgm6Go_Oyxyhc<SN
z)|tFI%RWL{%9pGOMapZ)iQ&9Yf}cnP28kDRibP?zmzKAN9iP<pKC#^V&H{e#V3KQO
zwJt;8P9_vWb90jLlwxaUkZ!6g%EDrqIxU;7qcB!H@^?();Y9@Fig*L(oB}XN6%F#e
zc)vx(LUQrA(CE_8rqIA#ypM~=Vb)&DhB>(GPzd#nkZ_eEn%_9j(m@^7ix4~kg(qn%
zVrZQTB$+I`dbIB*>t{|tA1{<Nc<+<Ex{w$6S?<;7@sYSx^5A#WfQEOB{0YO86st`r
z1Sp{dj)a5*a=VE#Kx5Y?_Sq!aK#%pMM@~-QPh#=PD5AN7a#@=Va1DaQyTm6ujhbb%
zlAO-MrF3*_3~bW`X@xyII(<(Jm|*uwpo0=Pm=X@iMlw2G0$a-1L+qZp))-8-(Y;9J
zUWxCaXYST06j!tDV34fMlgZaL&2xwdJ9yS}E)35*+vC!remUi<xvVWrv&BIfD1e3Y
z=Xgvw7^$7}ORJ|A(6vhP{GL%c`K)KC)tyu$=b{84P6WB4ae(eMwmbEd^3fGp>dw0M
z)oL27wGB%Q)|~p3dnQKNP6iQ!GLYZM2v3d(il4(mL_%Gh{B^N&CZ#k^&f979shk$b
z7bX(JP{}aB80GF|-ublWixE<7^)}dbsrR$c<~Jf}Ste0V9PO;jRu>ck)K3COg~9>3
zu`Y0TM*7&=b01H9e^fE=c~8%>I`t)Yrk)PNW<yRe=wV8q#2K-XSMMJ>KhK?|evguB
zZRAK&khZp{a$f>3gz_g80<=#82bRJC>DkjHBu{tD8rBmL8~W_AAk%B%!HF7)y;VQ9
zbktN%&|CRdwmS+P{x{|?KQ!E{mUVA;ooBbOH!ZJvh@xaiZG|>NAwc;gaBM0ZkmO|J
zb_!!J`JU#!E$q;9o9>`hTKP6d{5GwgUH;Z-oCm0w!_Bl1ZSNEEvrG1_iRHH6s{ur<
zE7P|8vgMRYQS^vQPzcaH2^`)E2V`%$ly0l=cD|C$!4qM1hD$5qusC-dR-1?{<QfBv
z=3-D+!wGA{vu{Ct&1_N~z3pMEVWur6gzP(Ekig4x^Rk0>C<LgU1dfn}19C~)%E-oK
zqGz5yp6bUdI&n{bFRgha-%^wDNfh~P0ZA~(!eosoE}>1nedLuvGsg<8NOQd7T`r#{
zI~={9SDyW_<|e#3Nq9=p<ISqa^^1!S8z*?uEOXp0QWBHXluOMKm>)@{YE)A|Wif^Q
zQ|J$pt8U9LKXog1OnrnfdcLQqR%S)4i~Ewt8TU05LU1D_e5JS(@^+y-F}%=;y?{ph
zh}oMW#rn%J-*G(xVtOZ0$OssuV1r9;J7g2<<bJ&X|65-Yqs4D~y(h^N*6Gn=8&T!j
zPzcaG2^{JR2c(VQ?)??RJOlMPZ*BtL>Z~r+kUXm~%{mH|S%ZKUEnG0jn5*RF$KLTT
zr`#>Y$P_#qaj3VvPMOi!x*zkgT#GQzK_Ni#ByhAa9FP<q4n>ddomNVRHz2iS$>3q1
z_-!wpLE5EOCa8o696|plJ@z+u6dMaPQ?}(kH}e$`6MwyxN%9!~m+6;IAB*|WJ5UBZ
zK;Zxe9K*pFT&y;dgScSN_r4snd@MQhCI50C)h;=y2>D)nSOgyEHr`6M2_IB@8?rj~
z66MGR`!Y^L|Hyaz`)~F(&S@S=J=TRX;NHjx*M_CNh~bs_TmvBmbt-Hb>@XgKh`6Cy
zfx{?j{}`zgQ_w@H@rIwZS>-B1wxH#D-;cYCpI?!ysG2PwO6|@%2$JJEKp{ZqByiX>
z9FX;E->tqrpdQP~dBsqiO380KH{Nhe=FK5tlf4;|x7!GM+QCR8%qmt54egDoXai=k
zT2<Zg$h%eJH31@>RFUip7$i_R2^={M&+F{n{X93G9S<IV2BijE(Wcz`jr_W6S_QFv
zM#b*8te_ih3>f0ER*6I?X7;z&awt=%a{cmrTFayTr%PD_=C@g=p%9>P5;*u84oH(6
z>f}P&QC8Btk>Ix_lHBD?1|1T#bjT^mb?)PGIiQf^xYK=2BisV`XVsb;yzMq5?VB;Q
zgPC95oG;{cdFGCx5TI}pIDQ)r$bDrujG?I$o6g^hkLO3vf4W$U8i%@*bH+;Q(!_3R
zx`08pc`UrTcQVa4&_LTLI2d|r)HdU?v=CCMaZ6v?s>BQl3IX~ifkVLIfYeGPmmO@t
zcW&Fsb2Z3lp3qhl@3)kxTi8jSy`X*QQ~?HwxELo&fpr#K<)~x%IZ4m-^z>~+4c&Re
zC{9N<aTduZC<OiHB;nGawqvuoDzr?}dH6da5T}pKRP8<)zvUEoQGtKOTTBSLBU%Xh
zAz)JvyJ%!I9g~38In^TuD+xUV!6&K(XVIsAUI_|8yAcwuQapb7I~V(qRq@#Q$F(!$
zNioYsdqybIKFh4PFf;w=0O%w+vA*N{m$vuz>ICLuOucranmL%Tev^m%Od83hSVntz
z8wvsHCV^ww;n_5aD{QVg!#{c4_UNemPO&aR5+7~UC!hD&FZc>&7@p^XK@NZAf9X^2
zq&S{W`PN{gnq-p<-5Q0~q#}AwL*@MS%P1%WXqyBMhlgjQ&4Bduj}~|5&&N4dcah%b
z<J#;-B$svAW}(rnGG2;tgMPtzct$&B^`i|jUheB650#noP)T<lw&4{j>vfUwoWTZ^
z0U200e~ze!gHg#dXi+Bo2eP_qZQ8^PXM!DK4JNtfPb!_m#C3{T5<)OW*%`Vi%tKs1
z#?v(kRe?!fi=3|qcTCHiRVYvBKCQi+fifW7$Ouo4pF*sV{q%1I=PVR*pMQChFQZiE
z<d?1!9ukH$-BWDv0*rC~Vfau1F{=!c__@V^ZIi~W+Cv)$6ls5!PLIp1kM(2^5K(Ca
zp%|`~9v)8~yW31Dnuy^wiXgnM{n4J%%iZr%VIR#a$;*m{{r^+ppdupkQlJo{)(6V;
zyy>*XC$1ipDAmpz!X%`Ev7q2X@X=T^Hbc^kMy|Wke~Mz@A|N32Al4xSn*=ok;RV_U
z^ajxS`}lqI<Ma*pS@98nlIp$ht>RVWdF^TBQRji<Zs*qJM(OJLc<eEo%QNR?XHlnQ
z$6d!e4*B-y_WF;i9$`MTvForSw{^D}vAJy>Vzpo;Xc=$u)k5(>p81)%u33c{+I<Vt
z7E@vq7vmvgCZiz3IYWMf*n6AzWc9Q3e&}iHmg=JDm}@s_6KXkW_G{8>_^D5+bE`$E
zuB%F`WZXTvtFBzEjBv+9sX+-((O#iffmYr}?xP&1Y`DydjJR~F)V`F8WRb+Rgpqii
zIF6W|XqPCZh^O$FFq_ab!DT^Ffn@$&{yTj6yyv|7JXJiH+%{YtT;!bY93vdJ*+bYC
z*aTVQS-!F;-p*q_W7cJ=U_xWGfV4n}8C>Xx=$Yt(Xy<78X=152sb#6MD1T6DQj}7l
zkeib=kr9$Qk@S<$6Z;WO5pfen5v&tP<7eDDx}}a+jE8`0g42M5hi#A5i$#m+gYglA
z6FnSl1x*|^6=feq1-S_68p#ND8Q}PXLPCM}dr>P<8$O|b5=yr`@O?O9{@#q?eBU{K
zsi>~K<Trk8#Y5MmWVMy;o*vMzqmX<-TME_X30+(#qYINmB#-NLUuir`!+uUp75^#H
z3m7HvhX4Oj{*zF;xZQzKUda+86FVJ(KgLo(V_P<dvE8`K_oCj#%ag1Kj8gf5P2rE|
zj0hp!;oQ4;K1h_oeK=YqBF1qxX-#b9Z3-~TzXZd7Qo@s^(SUow>L4YSG|tOrq?7#f
zv^R<6GL2o|tSHsDte6Z*Ky@uid8~z{*k~Et8XCC)DHE7<wT+8W8F#1W9+EK_#Ee22
zLQw#kk^h7IC!sXQ0=5Mau6FPt56&$li%bs*w~$EdPR@sm4baYVY#wSb$i6FLKPcs)
zR=dT|xbV81=}CpG6NaQWqPmv}*bAHCM=(g_8zJFIk}CxbpO{;*uD`3#*?<4RB3+vG
z+BW9VgYw+ZdGEh9gKnH|KTW+_Q_;KkX__oRsf+D#Z#t%TCfjv)M}76kz%2F_?0WyD
z7q;TJ6BPcZjf?&C@#<^%zy0Laz7Io-cjnj*h4jrO)_2HgPRzm>K7q;}t(-rR(Tb;(
zTrII=Ubr35@1XQl^cGGOb|`n1w~4FYg;D;c7ygqHp0^AZB#4lz;&OMIQC&)BJcSK;
zif7gknP07oL6<G9crB<mQ@lvpRYT^nWY@36iJdezc9e7kL(+k%1wQ86v6x9e+F_J`
z>4pEGgzGhfnIx#;$2?u;@n!nkMonr{`PY~P_aD?^#p1leCJovKT|!8_;2Psogyx$0
z_&J_>n+EMw_ZMVHX<KxD;FRN9nd*Q-p8n+*{xeH>-ZNGi(eceB=hnpAYZ9?6i6!r$
z4;^N^4!p~w`qlI9sRKS3C1F(1;nUmKs`rsB5mv8Kd>ucU>~8JaoKDz{3CCDDl)xze
z5)A*DB|I-0lLB83-S33+3t7{C4I6ziSMXN&fi>klj8aNkA3Ya6&>;cO(cU5R`Hh)B
zL9NRn(z&LNvbwarl=hrBM#FG++~a45QT}BZ{xeH>-ZVP!Unp>~_0gIRR{1)zH$w1Z
zf8%1@u|emSc&JuMHsJt9Ss$s5fXl4Md#XBIPtm)3Y#bWBfAvV-X%F99(XMaH8Acg!
zBPCq@=w-nyFlrEOQUhT?=-^2%`QW$AF)Y68TPPnxHsi|(Ix1G;wOa5qA>sB1jTmER
z@)q&Zi_sC)+TooD6Nr*jO@}NnO8@^!`A_>7`K#ADlt)CSG<VZn+E3dvhRQ2A?ual3
zDu-%m`zQxrfl=bxUt!VYROHz8@d(^`^_)Z2B(20hfSTB`YiX^f<-;kA@-NNspOo-q
z*`VuDNq%g9eA0_${Kk8M@Z-rUQ?HL_2>~8y?@BmTB^YIEi>&DIN3NWL$&GyW#2G}I
zFY<wq(Ae*|1pG})_)btL!&6^i_526<PivW7JFe_c>>dW&B^cNuPW3DmC<y$1NfaCU
z>g|J3E~hk5JGa?yMdPS1>m~xGml%`BGURXgdkkgmJ`{7ii8r3EHEO^heQtz=>q*0~
zlQ60~P@;iW?9J%`vm=`#4})cY?+<?;w_RWT2~hL(!rk(-%{WG%{In+Z=6QO-HMekr
z&37k=hpUe{IHh@>!LIjTo?%OCE7%YFU;6P(rWNwa-Gy^BTQ{mS#Qw2m^@mX5B9nZ-
zE-Hh{*fmgF;pAe+%lCN)hpKKRMt4#W1`Q9hD_#yVNZ2k-QswiIOTsAs5)J=J2~R&F
zke0Fdi1tl!SP48E`S|edgy1MfqMY0^Lef1p=hRFo(5E&WTGZi_)&$X~%uR})VsJ<n
zWB0gu(S&zg(2fPr;?7}|f0>5=poFU*>6@C*G@ssnfuR3l#)Rm*!uaj2z|l+3?t1T+
zP{Vyo(0e*WEtFLERtCZE9)Z;3VkyRQw^z65FIsbQIE9V`WN)RwDF0Fo|CuE`{V2D%
zNE*&<%yUMIi7(?J{d!O!;WS&5Zj8)uWGQ^Iq#N{A{mXnDH`SBr{CX$S%YBYyoxGwB
z2Rkd#!!g@VL2d#e80BBC;Xkv4ryt9>w$|h72V74r5!c8`d9PJ|*c+)G8x_B`SG1Wt
zhyxu5t+R~hR8(2z)R0vwFo$@M+t57xNl*20<dUjIphu}=0F3f4+3=rP!qbl^5fYVm
z<MckP(Jt5j^yVk^pf1y>=bzL25guG8RE7e2PGXj<)I5Is7M_`&FTV4WB-tRfSGX+l
z&O54#G<_EXZ5A*}w;L(p>PH2BM6qEfgLfH&c0rZ5<`P9r)8}10s|=$Gf-JP6FF<#e
z@U`&kQGBo(MMT`%_}N9dB+sogQ;FH1$)G<POZ(3C2aMA7e^UO_R>q%lZ^<1sAla!>
z(vb%&=d)9@5sT`rNNb<at)M~VViRDL)Gz9=&GeM`splDytWr5=u-%}O(ug*bZZsKZ
z<oX`!Fv`D-!+%o3lVy}Q{qc1`cd5bkl9WH`(4yadPjNG2{f8K9rGY{NKhRCU`jV?`
zRJgLorvfjr`?+#Z2o550!-?+*vdwAWpCL;T!m7swP(A+#`A?e}3AX}t2-kkBjLGBD
z=a~h{sBOkT9|x$a*LTG|oPP3k8w|2P+s2F>QfBvtbOsxT*!u%#RG;i{`rvLiNg2J+
zLX;p3()mV6xW1ZJu&^lCj&kATJ_#4G!=j*ket+c=7gNxAbH*#p^E1%@%3g1~GsuXe
zU&D20_!f;JMJY~0K11)r^P#uvW><~d7qIL7mvY!rz|MwO>|gqk-qf|{y_{mcx&pTk
zt_68<Fz@GI)nXxxecyfc?`N-p&UU&_PsR7x*tjA0N!ld`DOq<PftSRO6t;63@!_4R
zFq8l8mVY^i|D=ScA4mCFhJT(LWyQa6#kgpTm!?B~gBX~Fp0|fCDQtFn5(#>!%<k7z
zwLo9TvzOL}tlzXe3>ukG;<1ZAHm%-y;uJx(38VZ=I{XJET>aQv(h;(o|D4z(2dT9>
zKX1G?jf2}VU!0|@*^>L!Q4r{9OjR7n*C;$ZCgR_kBT2N!4-fXAdJ&y%@1}@VcjU%U
z$HOT9vJU^5B|QDeY$V(!C5E$Vm#;#IN6sWS7{_FJieqb6%M`eZ;2Sv!MyWC9{;SE)
zr|s>}>Gp-!y{^6<;`!G4N!Agy)oi9XsOvDwzqG@DW(iL}P9J?v**8Bk31vL1iAk=u
z4nh37$7qY_-|Z0gdB2Jn^e1lGEh3lv8~tZGdF7{gvEx(cP^kf={EH%F8~R&i>~mr;
z%D=qBe`X0!KZbGIBkH(W5B9~`dTSA0ck61?6xkt{YGqE3AsHnrfyyc`=GYhY`ZzZ}
z@HEbz?A>2_E>yD3l3sJED@iy;^+KEpMrn5=C0za3>-UC|dpxzYwbx?Ry>|_2Ss5I1
zYJqKRm{~C*vYhq-j8eh;5d)$mbe%ul;b}2a!H?EN>P9wM6{>-lc2*C^^<)^O?f<0w
zr<=O;`&ioMIKI)gXqmX!@7xrfWvub_!tb_ETHg7*IvoPt3X@(nGRtqgx{kAzFW1u^
z8@5$SDpd%HU_i#fV4$8m-+@sA<--6<c(T+Ms--sj)LK#@o_8#o8QJdI<a;1b+|4!4
zu4!hOvq1oQS5GA&8Z%$Lrz2CroGDsYA?nHQvg?MzgY}cqkzF~31XexP!0P!AQutq@
zbkMLZ7k+vYsu^LH(T<VmaL1p)^j2Enb4LU#k~h|?pzn{JNZY&gOrA6ZpAo`T(l)h~
zYsb3XCx?!M4!k@SSstyxAgykMgzNn=**`-i3w3~HV<i<)xG}nbopJa<?`@vk)UyuM
zgay#w&e(aBn%C4rcB5X(5F69Hu#)AOtw9NzT{J>63mk2k2-x)o+J{BOZ0tmY{%Hb3
zyg}L5StA7uRpk?uV?;`EOydEbt1cQwk9mwA&3i7OGpG(8AUtg5okMTyf5;<(LFzoB
zui&++ly1TLE-ZtC(BvtM5~v>rP{PxX7#9IDQ!DOf`Z3G|&W|<Kg}Zr3f=7Nd#I)7a
zn&;#Af>8#rU#+_8h|j8o3a6&;Jr+lJA45CGPWEdeTrOOb#Muf)3G@&DNeNd!?qj{~
zP$l1b5S6Uvc2R?RES8_-g1v`Hexkg4PXz4|=!TeMY^{qBxfyLag1)c6LhzmY@{p)c
z4lQWjaBwG+S(_WfD1icEK$dW=uZph3_^aI8U2yiNLCAmiMJZM}UUDXl(kkhWbY;@!
zd(g!fbKCMSZFC5tT4Fn=J0|i=&36$9>3xj&Y@UV>Mq-G-D1ioIK$h_IBg(W_>34%?
z_`E$qbL*rp!$b65IFuOJd{n&sLR@@ipAU@E33*tFO-oq0d16N;W|!v7;c=Ln|0j}g
z!F#*sT=Jd!FiN0;7?34A{rLX%c5!B|Van@zX~T7n$y=;`khjRGPVb(e8H_ImaDYA$
zZH?uRly%jcdf!dgW;;P}V`q4Jh*lG7qz@_9ER~GXf>D~@NC{Uzh8FL;t?Uq<lPs}4
z&&C?_oAYT@et*@2UQ#{EdZKjq73l6|al@Q<&kYGEyRDL?iX5(&(^FL2?Pg?yMIzqN
zUq7>kQJVZu%70QNukO0h{=}(&{EL-Y`1`m?pGsUBb(ibm!t1kxuQd<KLACd3MW|;%
z_pP>SaUNqBXPZxrI%h~o;St>yj=Ffl5Fd^OqXc@00hI7$Y1uzgW=%4%hBf_d3W=le
zF^$2HENS+r=Nr`vT_k^1P$^r1HmRQ^@%yq?_N*O#?(Zskx0desD-v;y_%=chhrE$s
z)nf#xp8tdVr%?=vUx)FQ%d|?Zv{@gttVffg2?TFE{>t@jfZq_k5a}i8E+|fuhR-aN
zbXgHqMQ?X-AD0h#K|i*dj#HfTK?M(}Dh*+fhBrdO_0;xCcjMwMAJZMn8P!KRfeH$H
zh1se!^*+(uRJ>m!1VE3mXJYyN{yFvtx#oD67<o`joy*=sfUYO)>-vD>;O;e1C+vCy
zMZ}_FB39O-|1`EQp$Q{g!^Erp1JbvL?6OOvpNEIr*6QxMb@fz*>g~IOuCIRBI65UQ
z@d`}qCOl5aW#z%3G#itheN;#mT8WvV*PRBV1e%Bel<@T9tKM-&C<;%-ZO()W0%)%!
zPkS#L8ESlXH*XML`>+D&V4ZNY7Tl@kjHdy#-)CG)<#*D0Xv+iM-t&?PK!20ZHMt9;
z1gePtq=c&<F}?MFH8M2ZQebTjSdQ0@@~+ehXNp@1V}3Vt>~yvZI;XJ!YBo2>=5w4=
zuhD8_w<5$fg4)oM&}03T*+Fkpl9Cff33L$yvV^A}T}PF**eRzCIf4jRjFxKsLk&^=
zzaqrVqLFD1eqRy;bwjH5l82v(_e$%;t*<U>T5Oxfzx;R>A3vR|i2gceBK|*0po|!h
zB|QCT{Z`&kG{uI?zFo(I!2UQvvNDa!9uYb6S5*I#)c#CRo5n8L^2c;83CXrOv(cZC
zZ{OG@b^o+ASSy*9v1=V`-*^k71louJS;EtgKSO9;HL8sH!}M<3JB}P`zT3t3j(=xN
zQn|v9VZ@^*2fC-k?}Pd{?n>a-iM@~u-7olJ$og*Ma??gOLwt#T8(3~IO6?md;p)dC
zCRSFhR79GVH9yZJNiC1TmHSxy+?l+##K)Z1xx{o}lvLb0A87qAJP0Lm6UyB8T;2Mx
zl-sw)f*uRyNA^Dxn}Shl{ZGn&+P9u~SA%AS!^Ouynj%;nZ%1_dliZ#cnM5Wlicq2!
z3b`g2<wI0Vf$u%p{Drwk-x&3o?)GB`=o<|r?+xZ(E9H$V;J_$>N@4&dJXvBb%e2!C
zaI6^IvuYVChJ-^Doqv4k>rHhwb0Af;ObY{}TuJ|?_)&`?Kx0-x!uU{#ciG#*EjBKP
zu6#BJYw!sFzgII2VD<b5`A^$Mby`R!d$2-w<3_EO*NdFb*4{$|T!POVc8KMTL&BGT
zf-bl9>RrVto}*<QYdx8EWpVVi$&$_NUN#p#2xtlIeT4~wRKF1to+L#QwLei)*E`bN
z9=Q+dc+BLxu((;)`TJExFEx`V6M(++;1G4P#&JuYFWz2GNlauJeIKNSakLv|8yLG0
zJoD!BD(rd#oy4MIyf(bH|MdPSXR&J#UlgDbFE{O0>RsgO^(6k?iSWhDMCdcI`C0D)
zFiM%&=(9O918tWVX_4=khJ~HjmG9}6Qew~PLJ~K#oBn%h14@Yjl<@SU%KR!pd7mA}
zbDOZBqu6P!NE#<k3yF<M_OXZ>Uu#d$Z@JI`o2RWvfoV@Kh2yy#<{!n`Ikg>6+66;o
zb!rn1ZVkXFfmY%_DdFlzPbyaHh2-4&*sa%^_ev-3vM+3PiWW#MaL2|##XZu|z$jnS
zY_x2=a?t*+f9|;1g{YYSORF-*S(0w-Dl43tdFm^S5~w8xWC>3{o?v!RPj5f9nCL|j
zj9D^d{v7tGLw}dY!R%^U@k3;52pHwZ2IRWjCs841`70fI%w1j9`f7e}PG+O6u=_5b
zwzti~D1lyLK$h_IW9am?y{+``-oq~RR{2$=FV*(xl~qRg1i5lQ5d3<O)W9gY-5J@L
z20d5Fc`$pvIyWj1?37)PttdG&xc&aEj3oZwx&}~849F6mepC~~d4gH~yxp>D<m$5#
zt&&>bQVYj3#K|0qJrSlC-k|4v!a9CRM`5wHUNn^C?4uX|qR>)hnW||p>r<VuzUnvs
z@1Cx7BPCq@cyzh2`|a6?=tXScrvg#zGv+vn<y_|H7esHiU5lMDK+j_{e;<CP{mYCj
z<+?U8@+fO$|JiSY7oXgWYYL==&maHNg;6U0Ps)FKe?<2+kN8ZEL4@$bVd7r9MW;v0
z24Sz8CSkaptFm4Ga2FV*?Kr+Bjns#TUTgXTmqiQnt~E#7V@nFMS|wTS;&(#GFiN1E
z7(fY6mReUsMbL`s7DJ0xZ7kEW&`n+6yD!ynpm@mdhD#lF{lF-tH;=U<14&(~?p;l(
zDNQdPE1L^;i)l>}y9`mqc&SUlsz)AJJ^w-e)BEH5VV$a?08^>K^iS&i-8M3g=~V5`
zh7MWYmlCRx;mx2o_1{YCwLXa^Cj`byoESI}YTYJJ_QaLS<b}3g@cypeLV!Wa-3SR!
zk|-W-niB43i~<t^^k?=TY@vA)PTv_w5}OHv29+~8LC=1$7ea-!o-Mx#e~i4Btc6TG
z;x^Re(`)Ma;rUoR>Ac!U*!2eLiA6;%t%a;@|D_)-BJ7^a>U_6z*^0KXcV^^&(B9%C
zOW{ZP8~Y()X>A4Q{#BL|g=iVbkqAo#CsS0I0HVPh_TE*xs(XhU{sdd6!hdUmKtC~n
z5}tl+&6-mT@j)93PzjLmELdEWC3lO4&XekY%CbIgu`dh&qs$SLO;XM^K+HX<$$!im
zp&nt}(EoU2KLCY!E9}zHRTV}F6cqnS30FTh3d~vuxF4@S6D-krUIY2nNU>7)fz7D$
zeg}oWb+ph!(8o6C(c?3sJc}Zq_3c;@m08IqwE*e1fZwrx2y>qk8T(<BKtnMgOL+Rx
zq!Xd+!ed>$FXB7yyYrc>%RPswv~~0t&&(5>`=-*MD+cozPH~}@BSl}d74F(xJEVmv
zQ`jV5rH75`5Kk>W5YL8D0u{x8EaB<L!BqXJ^qEFW>!U&5mZY)m<!n|%FYeK?-(lty
z>_25d4LVdYwtm&#*}GPkJ)VT9mN<r|`|<Q2KGo&t2fPqqv><~~0v*MGEaB<L{2><n
zRjEY>vV6omx7?-Rq!@b~afa3@3%c<uyMo8WV3gf8abaU_yYY>@7~Xl`+uwB%8$Q=U
zaWV31B7A<xDfbgbDSjg*T>V&$@|NAp!2A{6L)?+53F>%l=^h~~m#Ooos<#@d)y+WN
zQ$E9`>7k23#=*(qVnqWR73=MIP#&dmSu7T3jVoH3|GwUf{ZGn&I+XBRl9=i>1?tx~
z=vM;ov%h?u9sC^JG_HeSJe1RMm6;2gB}1gir)z9|tq}bSeZfyG@9G&nTgmu*NZ+D_
zZ`)dT{@0H{Q89oLo-BD8O9e}?G&22kQ|rj*z3L;4qU6b&oAw_bqG>!Yi3j~k>idGe
zZFTEq$V<sdasuMwj+$6f)yA}=(uCH4pOO;@Sg`650aVZbLH^Tt#KwNEkNV@ZubOwC
z_)y+k>B$Jm_~7BjppT-7$zMrA2r7lO=AM1W+~Fv8Zpb70zT~N7;hPKrq!tBH?p(P%
zG*hNL7^LuxknkjloobEvmBet7X)Ufp)1oVd)l`bA311@1H&FWOXZ#}Qw+SPAA0xcT
ztkbJZg*&=~A52}hQXbuVc(>+-<>F>dF#93wdIL?xqN0Lg!b1PFz8X?t>TGzaW~kL?
zU%_xaRm~}&;S+fH7M(xZSft8D0(95d;4eNQ!B14*&Qjt(`s!`%y;UMc<b9?8ko03}
zA)=bve|t)Rs$u{oJpEYPzvW&+TA!*Z#9`3En_8h&co{jkeEwR!*CmT0I}lXpe(PxW
zyD*yk=65@u@UQm>Uhsru-1G4E(~|juDmJuCjtZj$x{Cj#gsUH;@6efkC}u*yIc(b;
z4tOPj{h(U3Z{6;G1^+8VN+y4QFiPRCPf!+Gwv&YEE033Z&dyj0>XJp#ZIc5Pu87pk
zH^*U=Kv^*$OStCUB33l_Yvd$3zHl*qmN3fNWfX8tj6J>;d`o<_vV;i>^vrHj%Kebr
zrxgaY3OUQq*I%HTWJcO>Du}FB43$z}clyF8fwp2mmhkkW4QX^3Yf*c|hq_}2a-Kl(
zmwPO&U%oWQSYeIoJbGXNx-(QE>GR`k)UELb?UG*grmDDpHYp^DGCJs2T<?<$gK}IL
zB~Vuk$P%7@%yN~RZ%(ZCr<2T@S2o|A=7gkJJ?Gm<EqU=ZwM1_|4fISxncV~1r%0nC
zl1%rWiI<bR#Z2L;JGcs}7O{jqbt2@3QS#hK30FTlt^FKNKvp=FKMP+q><-4a=-Jj4
zy*R0<-^YF(DXd%rs?&M!aQ<03(`eP6k6@NZu+OqpFpi`_)cB$dvg?++BrS}R`+rjY
z)B5UfqG2H&g$rww&wfGapJzJBbjPlIn02DJ!mB<un@7ZfQOfIt)Kgt)`nqPAR9{*Y
zywHj7Bm18Bp`_MWEOftdVF*SEbQS|B;mHzJPIish?SY+{+RlW#bvnyirsqyCKTZY7
zkxwp#;U6)A{>H`Duhp}2C_3lu2^IHyMl3=JWbcm57rwdG#i81zQwFOZPGI%?2l-Fy
zt8XeGCUZ<WE&Yma@@TBif)<|!Z{^rM#ORYB+;M+D47#il8XEY(eEX?p!mRpGi4V%?
zF#l=W{Uh_cEB^1>jR`R`V2~U)Lc)_|)kc=)kAYsMnVs0+?Q9hW_nv6Wa=JI&*1fKJ
zqjGjxpx67Ydp#4${f6ZBCtS0<@7}(AluK)(!}&6qjo3`(5fK&adIP1!q9V2;y#Ka8
zXQt}2=>5U|#m;-y<q{S2%E+h=1G<)okL)mMRXDsRL3cCOovi8i8l__vav|qR2(^VO
zYRHL&zOlbT{}Re*Bg_Ban;Fnr44{OkADN6M_n9<nXiPTLd`CR@^K?E!NH8_b!^Y%j
zjpHT7Kvy-eafGw0mYP||xpFz8WUbk5pLbbPj+%F{UUEO^vNPR-Q3AEae^SELkKb?o
z8e@HlzKa-Z8#pDuRWHdLGE}l%PCBx%PrV;hZwb1Ng{IcdRu)v-jYgxK5z9bF$^TR$
zYr=Yt+<$$*g0v?LMhWy51G0ptAG0j)e+#BZ33&dn9P2cpoY0GEy5vg<-Is#8g=ox<
zQYz3>C@)AiP(+lh7JiBobq3PuE7-q}MYATgz&X9nl`KOuhfxB>#egi~>Bq;_{P9cM
zmgGfv0e6>u7j>`F`QDd#O+`?&&f$IMr3PIhYB37DzwaDEoWR4j=@%NZ7UX{9tRC6!
z%vke)Qe<)DzcUFyb1@)Gc={0%isQfbSafVj<x;xk?SfX?(+gwlW#5*c^ck-si9)nN
zS6^-|;(Uzt%~thNaUI6)6FyNG5}17(bMHA~L3G$XeFqpN(~XpH_2c>5%e`AR{_$qW
zL`7Ld(c(uO($UcmQki3L!_zI^J8^+g?)!h7c1Y?PP&E<k+{N%!SNC-=o!%N|G4|CQ
z@KHDV?}{`2Ps)E<U){fNhf-_NFcZbs66)<9teddfpRL}RmtsvWU~lrv33SDvKe^ZM
z=qf{E*>1&wa>Qmly<ek8^S5S7opUk*bGVHij1s6X22jE^ABt8YFhrmRd8ofeJV&r^
z8)ehRn4`!18)0SX?f0lxpr7_${i2hV$j2xlUCk}$<JQT+b`&HCo?@jfzN9BzofyD?
zRSyH8dj1dcpVn8e`@-7K>v(bHu(<Ucjvc@CoDKEKyOieR595j5ONG1!{qY=`4l=w^
z;^ZC6P>VJv<<omrhKN$E($bkAU6D;I{}cvEe<LJ3NvihN+quw}Qu0qaZ-|u6%L<}%
zItM&(SYlBgnN|7X`W+1N%27dxlC9?~*6reuZJh1hOGaiBpUOPwuptv^V0)|@?0N(J
z#iAl2c6P%5q^sWB)+ZZ{(@UA*!oV<Td&Ky9^GPDnfK}DcQk=uj*m(3{lu{nv17@*5
z=JbBbZ#pGR>Zs~#rZ8vHnY*F$uB@f!Q^P2M0%HIrJpFjvJK}>on<%>1njJ@sQmU`|
zk5`?E1V=~_)ay_4gT8~hvqU9Z%yJKshn%;BnEQ)2MSh*Xc)zfhvFx7h@qI=3*)@z3
zXfXbh60UyqJAfd&-_lNd5LD6l>NMHNE?fS4<}h`XHvOkx{x9pX!6?r<sjURC*wwmD
zP9a|<%Gni=w!QbKq!K?eYk#hNxWEXb1S*UHS;EtgPPc-M8}*`NwI(=^uCs{u-brb=
z#tmCV^SMmx`^~%t9o75b%>h*adyKz(h<;<ie8`Gl8p{q9H!mcG_<JFF(ie0XCD36E
z$P%7@^!=9DXqGBB9C>j-rxId5QQJ18ddXbHe)X7n@U7`7==qK~n?>Z9tb>Kv(O{)-
zcT}kHNWZP;pi0~)NXD);LrIc?Q355#fGpv9f7C2VIcq(pyW(4A9dI6WAPQ$b{L-0u
zmk0kh2`S$a==&q3qKv^CV~jol-CE8FtBx<OTdm{LMYM9&B&uQZF@cX@loU5o!qtys
zL}E2G2NcSeWe%U?>K>37?2T8*{(y``FliYMn(TnCT;4s)@39TyZfnhWsLxV~+py@)
zI$B#gKII%~P>DB%9tEQ$|DTlqWUY?ixgZ`wLN#4r8l`zGB55!Fq^vVvrGD~7U94K-
z2lG}iO8kz{-saciu4mEeRw2&TrCg`H)Nb8hi-#X!ZRS%5qroVFCSw34JXtdBSVtuw
z3?H(i_ZN~t3?Af;>L!z&a{E<eHMN^lm}7!bj-ucuF7^3pRaaj!4df~xU<MCwv3)>V
zaTH0755kH<hgA<LuzFySLjUBgCSC2R{-{yuq#aac_Zuf_TR)eBw<B&fxB#V7RxXtc
zbQbPtcPpi?XP`j=<w3T1J5zz#xDtj>K^I4@frSq%k?I{7B*~4C@FeMq9W(H8F0AF{
z%ir}R$sGi3w=?W#o0u?p(~G{JWXffLL1N0MP4c`AUVKy1dw1+Trwt2TK`%{MNjHfQ
zbipmtOdoc=fhuEB5k3KHk$*B*i<Bgisi<chm^`qV9<zrAG;)RZcw(V2BbLz^k~cO~
zgHZ~IP&rPx`6WlaYrh_wMDj6kKNxXd*A9uYnzc~UH;IE$0$s)cN_hIQ;AfcTg}K0?
zn`arRO8vS2w`d;OdS#^*zdoU6LKE4ipzq>87HHMJdux`}eA?GWMq(6i!&gfDe9pkH
zY0J@CZpaIx1j>y6q=c&<cbZ&HRj&6Q@ef4UmbWQ1rrr0KKA0k}j>xbr|5lr%3PvgT
znRPy-mq3)-m^PZ}9lq~_tf|?f5)qDre2mHYBhdmFCD3LJ$P%7@tRbvQ2&^J(gB31&
z)~`#K1)UcL6LABsZCz=!+=r8nV3h9`e<<YMw{fEh>abBU7SLF{^CN@3G=84V%;OlV
z@Fy3H5~wo<WC>3{GK9J2VfP__lozb1-dHU@8CFI;9v%H8#5h6JDtJl-Dn)ejs#Q%$
zw%d70R~I|vn7XjD{qS=fbD5$bhJB-ipI8@+66iAqWC>3{>V(kDd2BggYPo;HMuJeL
zC_3LwdSSEt{`1|?3`1&n(C0QLk35$Py-DNaSUmn1OyoSfVL46qgbssRZ){}c$SNNg
zCEkscaP{Nlym%@}Xcs~jwnpQ*E1i>?hPC_VT5WqK#&yYCO{wQ#lzx-by7Tl>o^6@$
z@9CglKCJC!3(WB~%iEeZ=@*a?*oIN!{!hw(lD@PA#`WWtv0r4yy!4unezkM1Y1Tr)
zG}QYmp@56d644xVj{&6`f3@}!UgD>Zvg!G!M+!(+p9R&}(h}6v#JWZ|-oq$?Qeyxm
zJXvlh$V{JQ-082uN>KUgJ0;e5YHIL;mEvJStE5|pxGd;zJj7BkWF-pA`=dhoQ5|h(
z^_k4`B39O<adCy0%~1!%#<1$a23F61kpHw)orELU5oON5ypXcV=g4%ig4HMb5pq^(
zMbqLZ?ur?m3VL|>bvRcfp+%OO$<ek(G(YRm*UqF9uVF_Mn=>txViOM-B-V|P@Fckq
zP+Q8P??-fE>0!n_b*DHG!#~WjV^Rb4jTIhOwkGKJN2Q)*B89A2nWwGqgC*$X#L&1$
z^_j^YrY*WZOZ4y9Cx%^bpw(DZSWL*$_MiN6n!cH-b=FqIO+R8jAi0q5PE+f8DH4ep
zw0$jkcrLrJ1?og2(5z~h$wjSgbdI#Ct7wt<E{_(u#l`6$-#l!VFLVn=3Dg<`DB<bH
zLAm{IzYiqqMP=V|4{Qr$&3zZNKDOuz*DUqVRF9y5u456PKgma-E0j^;qW9^(Y~RhK
ze<^E;m>Td=9BQ5VVWk&F`IqPN4@$WDQA+<!m(dAhf>^ow+(rg!^2Ot1tdE#c(XTQI
z)O7Awg3h;+?=ByFTf{Ca`Gw3_ExRuMrw5vNVTHo`-UVged@S1kPHFz-x%@Lrc=|D=
zo4x9p<90<BdA-)OW+SJIm3j9hV<uWZUE%LsM1D}urRKnU`uQgWf$c>37SR|Rb4}5A
z&{!?&#Bdopk?ug%e#0pL@?8FzB|QB&|KPGXbN_x}k8VXj7I|3EcE`x4&{fgx(Km*6
z%(q^Ge&=y{6#fWRl&b^9<Co;p=3L9?(`_<xd^a5rGkq$PibwyoI8bd2$P%7@ly|IE
z8;>Q!!ReSwhJN!2mgTMTEBzMIpMiqp&p`VP)MSn7VCZ|Ko>cjuR6!FP`MieL5>N3C
zJ}TEsHLBVJ!}rH9O5__U{~vpA8I{%cK>gAs-JKHB-AI=-(%s!%(v5U?Nr!}VmvpBz
zNQZ=UUjF#rF^)&h!E?X(;l2-!p+nU9b3JR#x%Yn7p8L1*5nV%La?`zgNYog=bz8r^
zs(a7?n(8AR3+jSVE+kCa(sPt)lkHgPLEdUa011Ar=O62%tCUAI0<0`3@4og1a8~_q
zFYqr-myeYHsb6jcSnzGk@^aO@K3d+=f)FJk7`}+%X%3L)z-V^_)#$~udz~t7NrymQ
zd(gbkQ!OG`YMQ><+432MB3P%VJXsZ$ef>cBOVj1gl)p2U0zo)!2$b;00(Kp#G)L-T
zmvF}6U*2_!w$K&J(34A^JV$xv2oBqehVt^L5IaP|p_S0e@BIL*Gpzy?c@jk9eZI^?
z^Z@)VdLAMF)1k&3=8Y@%JJA?t9bhYaUq;6U##9w#b$~qXx!LpbH5HoYAj_Is(<msD
zP6v{#sU!OjxKM-NRjncxLdKBoMSbmE-SQ&v^7vQC-#QZyzjX4|$UT%6l`2nxWI^ox
zwvuc{*?dvO<6v_<ib47uq}3aoQ`vyMCJ_!nOg<MXR?oBE;Bm2&Wo0D;C8vSV6E8xq
zUwST?8E9z@{!>22(<%Y`O&xx|UI^;6uSPh9))Eru;3!J_ioDR&QaLg8>>XS!k&b(a
zjv9k!ZH#P%eoawLL$PBiqEG<p4ConHK~oQuzw})GO!+(cXtZ7A8;1y#^@VnCqNXmp
z#m<r6jO{JcQN~<vQ2%>`XIm=_hzfEcAttl1cN0v2&s{!)nY=#jP!>L{Wn4h6q#p==
zp!}uh@+ZpQ%EyJ(FLGS3Y_Z*aDG64j?uim8`n>k46txy3z%%9dyojHpocPWclY_zV
zS&D=+6lN>hGrGp4!w>fh1BC8wn0prk`2*!IJ(oX^<?rNU1bsirW&YLT@y1Ssrg+Ya
ziB=^(Y1Xv!Ue%#&nbbyr=P1c~N+F!zW@S<P>U9-msg3vJUY(N%7nSsYo*GRvDg-`I
z{?c>#^H~1Y`D03G3wdOPpI|VUt(7vjJFBdu-j(r{37ff4+_Gxi%V+!L;0!eg1bVJk
zh){$4%~~-0>~H8W4%uXKS&o`f>EF{lP&)tnSpH5vhSGcc4H`2k-BUZ6eNFW?^BvJL
zRLO?zXhnwM7)~}@d5*F$1u4+=!i?Bk%mwBnI7Yq;7s%_6NG^hood9|fSTL3klurLj
z`CIwexAvx3d<H(wW>i&|6fGw9{rs4Ywy^5Q=|g^5X79VoXRoM77tM!RYvGO?&;$Yx
zAh6dj`)<u6y~EmZOwc1P<l1?l{H5vgk@7#~;{gIpYEb<YKZHI?!9vq``J4obxq%0x
zja@pZd<x&nvk!_3Rq>P;R8l|_>PE~DZL2yNqGUWpTRbr<ian9d(m_Ojp!}uj@@LB5
z8OykjRN&o(^%sX%Is#QMzEJc|LI-vR7uChR-LnDaX1RWj5^7X($z-LA4bMY0?`jX0
zxW;yd$qpP3Ux0hXn71n_>mhpV{~kU6gZxkVNP{D1H?FGq(lQV2)rr)w!>Y5vVQ2d?
z#QOs=!@S<$XG;uNDH%R9`ty}YP*wY^0;*<QMl$esZKyNfU|gWJ>XD;AK-&E)<ZrbC
z@6-Uu>b}#qzVoVC&lnu+z`9`C7`I9JW~AYp7{nIzY(GF27on4J%m>66@-@%5`Kj?y
zhy%%a00zJm(+)!p^m`BQ_b)w{OxilMIy(O)AKd{vY^c=}qh<;xq2N*VBURgiOGEkQ
zPIkcUD#Uw__MZK00)kLniLqIcEcqT~DWZOT*<?Z4^tQmY46nrvHxlIQ1LZG0mp@bf
zPCi!n7yyUsr`~8Olg(yA*aG0WVjNg^Q|TffB7DzxTYdHj_&|>7QwzH`T<T&vFcKfl
z5sisD*9f~nTyJC~HyE@e+5_b;J(oXG{#HJ|q};cDjkoMu>Pi!aFWjLc1-D({F6lTQ
z6K8dnvdDV(9OXcH_C7``kW6aVa&FrZ!j)M?{_6!BBSd42SNP{-sQ*izUwSTo9?Rc)
zV(zBQe7B8IFsg`&xB=!n(p6UO^G;&p&gDe>91>shXCFiImaFTIr!&>3k$z^w?=Cs6
zIH$XlLq0h-f_L^aIsWST1LZG0mp_l?@8sjAd}J~a48}xwv<9}rr!n8^G<qHwB{77k
z9wuuBN)DyxC~>Fj03t-1y&^uEK@udLi(j*)YBjDixL~{sfm)!o4}GAt`1i5=oqW9b
z7MO@$N(PZh#<$)vNa;Pw<(2pX&{%j-_X3nO_`S|^l%{m`oKjR-xh(V~Ec%ya=vcN5
zw_RW6bctZC&1G+fZXPJj|CRE$@==i3bz!BUa!UeRXY16QoWn?W(^N2dcC+!cJeKF>
z)U&-#^Y25<RPpr8yaxs=lCo_$C8xc0J{C(}*^(tjF3o>}c%b~H>GF~CKW!>OfL33X
zE;FCEF05x1x2jEZiG-nV9iLYJ^fe?bMY#6alb&V~UkRr|dgb@05ks|XG9bnnid!bU
zQ)s@I=E5{fz}OFzzcgL`O!+%w=?Y@04tzBAX%4J$zM(a{6Qrsa_^7nu74bU@vyX2b
z+n&8v9q)J)5qBa&h10-lN)*nnt1Py``06;;>$CB4hz4-xL-d&ZEqWdy|5KIis!1GQ
z=~{KJxku8Nn8R?JUXfDW7cwSq`Q&EIrKFwh=O7)0<Xy-<g^%GfZGFX^sf~{S^6)gM
zyHOVGT+B}{`#kgjY5cE{zxDhM0NI2z+6o5OYQ=K*e3HBU`kly^!O@=wPlymf4x`^c
z2Z`}vH}z7epb#{Ft%AAQsQ%!NdH9=V2SVf5+uP|%yX}Yf`<I?eCR%-M7QO$Hk1H$c
zS}UegB_RbLQCDa`jxFx#4r{VdZWNB2uZA7(0X;{_Za-=qcN5R2f&%Zs5X3h~nXTc#
za&-hLQ?ZB4m10ryK>170<<FGAlaJPMBI0~vUy<u8m^Sa?6#$9(A_sG4<#Xq69ln?A
zf<4=U$8CNjXr}IOx~|_b{((+g5{J{?M`KMdD`hB^e=}Qp?t$``p39#oe=8rk*-0`j
z+n|wUc=2GtBVh+kN^PRhoIg*2gBkPtqr`MPdmXDV+AfEBHs1%{>MmxzrP`!Ou7@LS
zsv0fZq!Om>h2I0^FFlt(kLB;=<A-mM;H`ZCmbZ(Djfp@jEfD<y_deVKMg_p5=*?*(
zxX)3Vw-)R{nAdgFx_Lp+!1^>1&-G+cCarT$)a9~-j#`{OQ2x?$`SV!*PClC1?G+JS
zTsrm+j-5%Ai|I*qh-K!SqHLGyp_%K&?1nu@Nn_a^4FO_8EysT~);Rv*JDV_GP<ZeR
zoX{?_VZ4Vk*aM~RzmMhb<RfHM5bfDAHZ<S4{rtGL`^s`V{(x=Yc8BxIEWTs~*0Xz^
zq68h<*}gl{x}UZk^rgDYXwh8*d@G%STnHlfh>OzUdZ5(#SIXbY$LrUxcT-rv(%_gZ
zI~gQDNz3ZCAYyeO$;OCEQW0?nz&%G9QvIS;+Fv+bzs8WKj9Z0_);kkK$C~jIHH1yy
z)`_(A1LZGGmyeYH>83rwJT$f?#0~X0CAv75u9k+2wioS=XTZ`?*s`0$xaH4&hSFV;
zz0=hZSAHhFs{*fnKkxcQ*sX;QEaJV}0==U|=j{XKFHM&}Q~u6a>SQ!F4X*}>k<`Ib
zg}TW@sOs9Ecm{iV__yYMYfMTmeD=D30Mk(q2qr#}X<?<$4XU1E7ca#)79+HSX0hNp
z$$8#G^l1J)dj1FbpSA)6lbI^M;W(NtC`9Mrq?m?xlu=b@nAqP_N{CW{E1C~}c2h|y
z*k~PQJ#HC*h$oWvJBMNsntqlovsKBa&+ot;ue2W^HU1UycSaHi7eriqvC}7VHSg`|
zHhaHGo_l3PH0_ql&^e7`JKM95L;rHD9dxE&r-p{BIJRhe3PTxW6k#;s{W-4cHXfi}
zoc-bb{-x)VQCpjVjp4uKV>$fIQCEzgLKe4&ds+0+y^ldb4@ctk-HR=IXRoZmXZL>7
zE1~-?OpCVJB?+L9=)Nul@w9BB2+KrytGvhmAyW?df%2E0%bzKKCm(~)XWazv*MzlT
zCZ|%bkc5PE3OO7_OoUg~H+UNHT%O%!OI@wk$LwNxWY8-{rMgP@LV(^Lco_1c>O()w
zId<!2=L6+0J(oXG{#HJce%gYAWsGp=z(uR5=R12pE98fhcsEt0GL}pH2A1^MJ(uSZ
zwD>Z0v)~yg#Q>>3`g8>=97ydk83S_ebOF#?H?j|uzw})GJeI$ckAxJ%)N{lb#4hou
z7m*wnb-}x{W!k-BG26yYIBpR$0?$#3ePk$CBoESnS6OorL-wg60*Cq@i_++;&R-fH
z%QC9)K>170<<DdJJNa0f4|rd6B6lCm2n@~1b<Ku^p7_dA3(2&9Ar1#fq3GG&jAQAy
z0-WEzex8&fyc1tu((OIumE*j1E~&vX;wO2b>-0dW^zUQ&TaTBIS+^AShbq)?@m`cN
zm&g&`ftnB+u=gmPf}a|C=kV;^!;=wKD3gsRY8+T`Z*t~Qv2H#2aB0G~qpw+U(Nw#z
z!X79U|CRE$@{x9Eauw3U#@&V6ru))cXr6=}@`d^g#gu%1O6vXF%jchzpwg(UwjMRm
z>%{?tPHm{%hdJKCoAZKg8?ZL4W*AlNf%2E8%SX!p^a$AV&EZ6l&NcYL<ub?l%#Q9?
z@(FE<?#X&6&e%1nM>PS@Q3j<p18J`=v8e8H155|#YjQ8;xujlxlveMnO1RB$NP3|B
zrRnl#%HJ8w#=wUA*U4RJy<oe%wiI)d5uABOHs!9~!24F-sYmr7&rvoO$aT)r#hx3h
z5{O_ku|j@#MTeTI!Cj5pcstf8-q`REJ#v4Go=3?4v=ta4Grz$-bogDXT8{fbjt?8s
z9sGMz9@b%Pp~7y~2JvSf2PnAEVE;n8p<(#_v>YD4su`Ima#|^X@sujqLNP0s=I{gL
z+kb`posslyOpxNNO$Nd}JRfu^WQK@pwPygOOFMV=A}(wEl&12mTPE(`-(=vD$k&`q
z3g4aMR;_L2uh*TA8bs}h9g~HhKD^(*^jtDB=+o)^r+$D|6=X9t?0Ng*M1UFoxOZU=
z432S2jT)~tKT;UCsRBH^6_{^m-_*~lpNq9s!o2~|nBEQ3M#gF(O1S+va~?KhZ}x%m
zm!8X?DSsy)mpBr?6l1Dkp~)xJI}7K(9*0%c_ouIacT}Hta%0BwY(IcBu60pevaJ=%
zAb+(@^yV=kh0u5)a_YFl7v3dUnZ^Gdr~lG(`4i=D<>LTSLGtwU>|t#4DO+|Q5$Ig=
z_Zi!*BVhtzE2G?mnP(dXt&)Xxs#d(0+l>}pzv>B|jxN~2pNV=nZ59qUY4?6h`9S$g
z&*jf!`8)ZTa<J4z{C$pOASL=ee}Wv-K?0?1EK0R1S0v^<y41MxbCf#ph(5E2^gBW$
zqF3|fOk=oND%8`Aueg2r^jp#^af=@)f9bjWc`Sb?AMao4hn-=5)AzS@JY_@oV~=7C
zTl1dsn649gg~3@*y7L^RZ82jcU&|}ov9s6`K_!zwHuRzU#k_@6D5NSi#-aaphI&c-
z`&j-?J{}h{f=pJnX?l({IS_kFfB~-|MBbO@F=HR`M4UUeJ=+T`9H}Y(rQ9cM!X_XD
zw}Ir9c3+)sxwb#|p_=u+z0|$W1Eu)CQvOyxHof%maB>_D{>}*wouTbT9;2rRo?NIa
zqDGpr#!Z0m>~Whsf^rv?5p#Cbg+dNh2G|PZS1GH-o(c-xI+Iw<61;#1%3qo;A1VLS
zrppYE7bgQKXbouix`>Ag(SF(J+=p)vhHe|`8<C}85<;GBrkU^{oMfVw^Uif~GkIfr
z>$YoEcj5(~qR)RMB4Ckz_dxke)8)^UzcZHpS+mhE$XKth84jQgT<J?;df)oe`LZ66
z1)Y3tRP%ZEsS|U_$DqRfJ~Hv6r{`PQF!rlaBnokYO$3TOqPQ7|p5Gp#NA&N}^FPS{
z)DI9sfPo)B;vie18%o3*e1lr3_i~u=q(*{z{%moTtLWJxXzXqs<a%{(zm@bNZjhi`
z9X@`fcP@+0eBxs~*}7_xs1J}L{|fnA`&U^!r^aP*ly}p~Zmwwpl{vz2-Mhhqhw#0U
zM~<+Dp6w|i&-f(OUp@pBp;YwR6WgPi#H4wzO~vJkFnI)I?z>&k!~6Y9&n1JdE-f45
zf5}Hms~-B=6U#XAfJnJ1J;8_yA1e&o8u7GX#m=M<3OV%WD2cSfDtf8%dIioB`e2XV
zx*CvC#nJeDv*2&YK*tT18h@btrRVZz%HPSy6-@S92sRxir%h)c#=yg(NWHnan1(E~
zLw4{&!kv_7@4Tl?FsUPmZz`itB+{yng-$Z4BL_0ZCO%$J31g!>*IRg?{H5peC(7T-
z$L4evWPF(gL=jq}7BSW+g^yRJy6N4fUG7(Mv2#@y&o-NqMZfahbMQ(S?sO1Bt;tA`
zEP~f-eS<Xau3U|K!|{R<1^@s66NDbXmCM1!y2k9ph)&l+qeyv6o>*E(EL~`x4}(jA
zHJV|B28R3%aR7cNHXzz-L|2$vh|`C^^nYLf_w|2Y|37;L@nE`xAj85U{{0)sh>WlR
z4_~mb006Lvh~Cfuh~92qPXF)M|M^p}|NB1d|5x#ce-r@S@m}-cm%xC4IRGmE`^|@+
z_@_7GM0X+pA>OSut5eTR8nXtD1OD&zzi&SLi1W#pU0+4Xg1e2%*j6E!;(iI<;v>4O
zftE)%XuL!%g`$c9vX&Z1Y=8mu2|WC3E92SZwmtg^BZZlFU6}y$%Qi|1p@?Wqq~0WB
zp^|o!`8h8c@ydoh8SeR((4%yRs*09xLQwIH(=IEO7A1`9W!J>&j<gg0W*u*edU9EZ
z+W-LoX}zjw$-rLxA9sfa1q7zW06`Y0Rj-3bsx2=b5h8&#?n;m$RQTTxJP@xyQ^ayU
zO|x%EiIx|v<+H{p>Mym9VU}u0+||N;nVDVgat7}>f?^8}8KmAR(M91kX<V0t55%p&
zytsB(+7h%9IYm}GHqgbMGr<I?HCrG_H}zlW&olv5qGWwfeXJ8v2Jp)2`!JDB?8TY2
zs5>jOfq}8*mzW#^L~Fh_3y+-^+u)^bdFyx(9$LF6u;GUAFQDsp6j(*iSUWZ$G-Ma|
z`~Qb6Vr7I1KAPjD2OfwdTs`(CROMTVrjZ_(yMI87-a?%Y6Qk!ii-41e+2&MstUYML
zr`NS|k)Wk+`-YB7>TagvxtOBdm=ROhmrttFSs3PQic!tunaX^`eP`3|fdoMDs5)bY
zn}lYb8`0N^K<&4AVg(}6$fmsvx%+L|Z9>%pNUu!aVWnP?_@WkRrW8V>AwE0`l1oCE
z?jt{F46~AI0NYB;Zs{I5CB>7fANtrbDE-4cni*KGxYNEfI)NTKKB}&wpUVv7e~l6d
z%nbH#YC&tC85)qNKbaD_?_8cs4sn(QR`*!DKDe?on-*4J^)r|Q`;hFVc>hwnilAH_
zWaWDLpgd=LV)N)p)xBgyGs0~%P_P$*DyMI?1omqj4<A)$>vQQ2J#O0G_1s+@x(M~Q
zlv-h~3s*6`H4x$rA;i+LIO#fALq#ZkolzIS8VnNHM^Y#KQA_~Ld!sUPh$qj*5RHQ>
zrRT%Kld7Srv9)5@dIek21(Z<Lz3GyyjpL81c$&i<Xq+o{SNJ|czF7x;1yDQUr#>Ju
zIeEPRH)`>CH`>v!cYM$f5gX@{qc?p=&#OaVGwcPutk$}&-UK_M8p6MFZ($p`1Oxy8
z1pL#hF^C7_4_lZur|sV@?0&-tBtI(brpu+JDH==!Fiym=<F6K0Q8q-%gRpFMu647C
z{y|lgFu-$Z5i1kQ$Sv9Y3yzk*$A0`6a=;w8(kLQ`V09L%V7RL&&I?4Lm5=@(c5?z8
zQ7u3dYKX}>7?oJPE74?9267?gKZv(!NolF_?|lTPPlTh}kxpz6^K=be9Vrs5-@Er0
z&HD`fIh)A@c0i5*>mMy_=3~T)qU`&G%!w6g_tQ9ItFSkBKP*hK_=s#!mK$T@8v~2Z
zHuh{S6e}6dsa+`J>!eG->+3B*uI>Qd-XlL<CLQY*Gj(|WBiqY>YRaS)u$|Ov@p+i3
z8{q?An>CkA;8DAmRTrnJFt}ZWt}N}QL`JAomCl6~LbZDM%12I?L=j)XW#E%6979P7
zr8|ZeJy!bOExC(Rf2W`x@-+*2a;o#12@>^?M)Bb1jX1gH6omUhQF=a3_348SD*AGw
zRJuyd&i>aP74&;l<U#@ZhL+;l-PMUD%~w7rLN5%##8Z_ceG2HJsC+4=YgAlBbZwJ|
z<oc%}SvAHrzGif^Oh2iLokns9(a#Yhn6@N+!q)4dremD_sM=|=kV_l{qn-QR*22cA
z#HvA-o|TR!7u^cEgKnsAuIJFF0>9n)B<`h!p`;f$eCb<%E%Tgo7;S}@!VDB6MWDiV
zX;$%v<=0QDHrd6aCS{kOroD0**r01~PH8jw{-|1y>B<{v?x>x5%TgL74JjJ@YR^?>
zaO?!VD&uzh1{JPFVj}<jo8o2OgPS?;i~-dt2cuzhY^V)Gxb`qdCUp`Cb8jicBKzDY
zRrws{!L?{M${OH7EkH9u-2F)*b01ajcDHdsTSQGH$~1@TT6;AFK?5j!9OajW$!dAF
zVs9z#Uck&v!_wz=wagjrGO#LU`NuQy?F38g3HR!<(IMm`cUbFF+t<fDsrs>^UEBol
zlN)xdt#7cYiAar4LG+_)rEx=_E(GW1&UoaVAnHqsSkJ}0=@qfinVCh4WwJ<_28vk_
zP*PQ;T$Oj)POQ<zWon3hE#%p!1H05!WN^sMCGo*^_6`pCj~4c)S7Q(l`X9D1W0keP
zTiAR@z1AS<+n9^hLl?_aRWPV#1jWBvSe^~TlIy7^V7=oIwX$}zNYS+tA`2jf$0ztt
zOlM36D*cvHh5PSG5s~O8m1Lv28FD`E8XlN5sj5Y-+(slqa~`2LSl6uIYGjGkx4cqn
zm$OE{g&d!wu+TaR^}_kk#;#3-FPW@ibf=kp0WBGwspIWBmd=a4N>J~N$ykLN82*nI
z#vN!fl!tLU=?!u`wCaX_W#19x_`||DR65wDw0X!^;%r_)+kngkr!Z1_Ep41d_Rz8C
z$>69u0K;!k)>?2?iha9%Q<QogeSjBqVC0qR;hEgC!QGUUPBo4nK1Kz-R9Jth!G0|n
z%Vl0FP<gAyq^~wft4Bn>@tyV?qkgn`Jx1C4GX#c?_5szxGH6D)R<D*$`t^=4VwvZl
zT!qRFPfqotfpKlmX~-%6y@r7sfrfR^7Et5Ism`?$IN$c7Lr3m~5`$cq$>a%Mpyl9K
z(t5DavLn%Yo{dpa=jHQmePKL3MEGIFxt3KCb{$&SWK`Jg725#sv!;0}j6K3cirXhu
zS#c^{@Lc4^VlIq9xr-V(3U44pA5}@H5FFK-DntASf$|dG;@8$-dS%8ODz1?C-0-I#
zN4ZWZ573<H(jhTVUz!s#IO659>u+oa0$bj{HcqO8YrCH52$=ntfi3@}>dU0vqqX9J
z1NHiDcD?t^8J!ZQH;<|}N!~f4fN4Vc%Gbi#P2e`*ahkO<hVb7V?QhBSUUw<z%a8bx
zjLX@52H<P&4e|=l!wNxilkUfw!%N7UJnY<=Y4u<qD`T2{`v2PYMxp!!YwbNS&=>0P
zSc)KU`|C$lu*~8%81N5x2apaRZm9T^@mNfecpYY8?DENbS?rsw+64rZY_Yu%?6Id2
z)@NJ9LmK#eUhgkBjEr>FK}ue0@g(+qhB+3=c~TV`jHM=21?DxJo^*ha78Yhas=M%`
zYI-qz1D+U2dE_ZJTA#G7mR*4(tCA*}Xke18jyVU&Qsq{H4@HK_XhkV+r5&RTIH8I7
z4pH9~=qD|gK6}8-a^x}Z`-|4A#YYSK)2lIv2kj4Am@dG{-z_YnD$0!m3yfI24!X5W
zTmqCOMD_JwEiC7XfdIRYtx7C6Y>dumsoC-k-RgX*GK`cZA3RD^Ri&u2Ad#tqsp$P%
zn%C6myTxMQt7(uIq)_ELXJu5YE{41<y^alMQMpb&Vk)J!N{ET_1QAl~L4)77odu|8
zVk~LM7vcabOszu;B($@Am=6pLC3vswMJYW^OJC_LLHhlpg>jT>dc<v9)`m*Ije}Kg
z0H6|YDfwYxWRVK%Zk^_Ek|6>mRw01V`)&<rDI8iQAq|T%3bxU3U~Y_Vqj$VQYkH{Q
zK_{dO!!JjqFLP-sZ}E)$gVx_}N*h-r8-*De)KBjVu}!KcIkqTun1{ybGh4g>(_H1S
z!?JT+?jo;Chns+$@1sUg1pcnkrGP03GGXJVP5lAbQ^Peij9Of5_sOa5Zp_*0AlxcR
ze?Y3cN9nfSi<S-XIMqie<_b%VY+#!xQsCPFDH60j&9~<jr<bZ5zOt03AaF{(z=_&E
zUYg$ke-}uiucN9a^5x=E2BPa;M-hG(Kkulhiz9Ej?!)Mls?sl;cGxv5@XB4BR{5p`
zEKTG;Pd};}LCf2FvQ?8UPf*0v0~lnn>j7bvpsVQxfF8RUQy<|VgyCm`X`_Ft_U%7`
zjq;^&NiLnjv<k@uufw$&(wHC#yK^t|rqf7$Qgz`=7j|cR&iY3{nawWqF{CYkTf#@x
zXiuS0Em6q+B-Mz)*y{3%w@dQ^w*nnwGFfpWilowZ$pHDav#qgsQsB6-C)`dm=RjoP
z0LNIx&7*Ixra-xL84<dg@=oe%pHvlUX#&u~y>M0=1{~(}tIg6e*KhxE#Az>G7ITyj
z1%PQ!EEC05JW?iPwT=K^$w+5iR?7`;XgKGY_Q`6LO4ptdUfDWl*xK4&9=akxjis|Z
za~er{FosJOcob<P;_0KXC=Z6cC>9k6-|r{~1R`bn)bnDGs#ie#*^IrFMyVl(!nd}&
z6l%_c#775#Q>QT;bBp$Rz<{=2tft{@p@{f_)gj`Q*sOY+%C|XNeBYNf+?CBOz39PV
z@5=v%$optve|j|r@u2=;3sWhp{kw(D@0~a;rHu_J>*3gyvRRT%)W5U%=|u9TqhdYM
zA<pexHS9aLG8KB^h(HjHZ-GK7J*k9~ZU@4JcW^GAI}QT8E_{}bEe5R2K-yVyR3FRV
zyE%fb6uj(@hZysJOQ)pP=BsLy4LCJi=<*S`EsVzvBppB5Qt?B6bD`m+PhXn4rn!j&
zgO>A&{IK(94^ME>CcEa8Y{a8~w6JwlcipSN2FpCatqHC3m#werWVL@-SoehH>h5W?
zcMr!Y^eT6hnTuYx2Ug6vjcrW*drL>4d+$==?>We^uQXb&$srk<riE%|Ca_eH%hXEI
zaPTf7ATDZSzOk$O4iEBSZFiao2ZLxf8V`SHrRs<k(n9v2!DIZw$k8DszG{LU7xxkz
z3YvSEB)xwl*2}*xXZmyNZ4W}-o)$!JcgK@coxAxs8o+egkYaLMrT+UG4oA;tzQ?Iv
z^3q9I-s7q_oqG!cF+uY%9V=a@&SYmyC@9vDA}IiV&wlG2kg`P!feL)-n+g{!(S5C6
zE3Dw;)tRmK1htp%q=Id&2-m4?o>Z+F5)V+%fWabCN@-e$-Nc4JZ$WxgMPBz!KB#1|
z-Z4m;5}7NQ#&rLtpw>EHV(L)h2EUKazJzxtkSJ|mZ#J8JMi~BiPJK3!ssk_LxVfaO
zROsfVuc<0)48aAf!PBR&XkYF<h1WRBMcuTokLd$FYM^Q!Rg+vxxGa~fQF=v)-parX
zz3ttrzAee7qgL{v_Zpjz_|)*$hrByWrh<ZBK&)IVr#9-&a_i(cZ<#EO(2Pg5w-J?u
z%@c#Vmi0;1b!>e`E{>LFwP=LwN(2!5CS20<N7dAR<`-US(t*I^*HS8)N7M5D7fL%C
z>A{Nj(=PMU9cr~TC`lwdfl|X5-ZbNQ!yA};qdvoCg-z&b3Ed-U`JTi{svaWI2O>`&
z`vo^Ct<I40a}%4qsgqi^%h_G*epGcPEwWX1FWol(?(Qt}O-^cxbnj)1`b{$mcxbyr
zMYUQ%0JZF<7;IgFqo5AqYl42pV>sCEVWZ_zE0FSUr4f*CzZQ0#Z}vI-IFbCrt1*ZN
z<qun!^p4BlEo{)KSpss5C#{KF#R{1thAis^1j}D7?AyH?{JjBu(Z}0jZfv_wJt2v7
z`a@>!K#=(mvQNOb>TS^aB#6;zoSmYiVqIo?Et5mI0p5A1Zvr(j33oUbi&24ng1%;{
z`Lf!T3GH4ASBrW?!%Wpf1qVBtG8*Z07-ajtKP_VOW}ud8L=_6kMY^bI|1wKnu8vTm
zN+p|~X8Vs8hM&4_RiR)~;!niuAlOwNrR)y)?uUgX3^$!!Ro0GB4I{5BR|gY~a(^Y_
zoP&^w)A%Ghf_4B3rop6TwS{2$%76Pc!1pNg;Qss0dvL4c4aE;|{URXg{7lw0^oQA!
zqBYsEBGLiH4K*rWDVO>dobqwk7+CE3LD3y-HIeQXh5WGMaGlE@<_iu<>_IvSpeabZ
z{)8Pt8h|2FOp7uSPfm5R5l175YQb;cyBrBI^Vx&@Fw^B9r@DOAvZqb2o>wUoeHo%M
zas@X``Dy(oxE1|~^K5_@QcxwJL`o{<&9R62%_)$P?AEoif`zJjN;VNy7p}F({CJ8@
z3G=uyhV+xFj6U!7rhBGYP#LDkT`{vj8;9R_JgO#;MOW%^*Nz*zGCOH&Php-#GWwD)
z&752nz8%Czu;a~T_k_?xGt&@#IaWam4=o)c4-&6fo;U!FB8}Nj$zs?qciB;X?5F;u
zYBT-FCD!TW8*7u*9UeI!$Kx-;>5r<xA!JK+spe@d9A2y#QBZZj<Iw~1yu}&rrk;y&
zWnqq$r#LHTUrPv*MYZY`Jr(`IgNFOvR9t{~_=;@qTj|-2iy0EK!YQ7%FfC`QW~;ZE
zRLDY31iN+!=dh6PwjNbCk?`Ca=QLemZJWS2wZF*XNpa8I8Ok%xy5p?&U4PDt8qq<7
zy%0AtMOvMi6}s-m_1;eS03QMG4Uw~+A&`CP=JQgLq0WrvN!8adAm=gsBOBfP=fQ-&
z6)&tO=YL!aJLqT@B;R4DD$AcU8=5hbAt-%aO^TU+QPGGp(T~}~UL~9nP;IVhXzbc&
zvq+cG*Nz`JSR<PGO(CS%(K7%IPt8!V=+e@p=h4Fc^lA*^LH@%Q_9i>x?-tf7#(TjU
zt~yd9&D^ejLZzx1NkRHo3u_9|2AZa~t1_d#)gvKdEi;UTQ~K=h)wtxs>W0JAXGMzF
zB9_&811Nnd*0iEjrVQiJHHaE%;s}K?D_IaX;znWG&|2Fy*3s)5Pi8BIr|`Mm(!|_0
zZuuIY&aPY5VYqsJD*d+6AALAXlv53o=lj~oa;ewhn^Hmv8HKlcFkb&?VVO?S#EHc(
z${G2RfV+hJ(LijuZhlx8u_F@0UK6CV%Bvm+xq`0xUNmjmh4BWEcxWWd_miY6z@3f!
zR#imnI~crx;D`*bpl<UjuX1lF%}nIz)B5It@7ig0+<>z{5W8gt3(7J>N~i<v@cpqr
z-By-JkDjk%t&$v(l^=t!xQ$mLyxJ>Mlw@ZIgvda!Zv1?Nx15JLe~}Jn6K{o4_vBPB
z+@(44wt_F82{cxk-`6NnIz`j`aoN{k$?(`o5ogy87`9G1q;8KBom2D!IKBBw%>lSQ
zx(jnE14-bEjkquB^YRhF?eh|JUe}zr`uI{cv|8p>#_POL>p2rOk~2@LCUG^&d4Lvb
z1u31v%$t654)t|<^Qg+`%j3M>WwqqZeY7Z=+Edh+xhP23F5FdqYYLmu6Dt4x293l+
z1o8;`iYi;~P}I`*kkknig(ry@HV|aJ-$9#*<ERWgd6D@^)mF$Nr~Cuw4_~r3<E;?C
zzE7dzQGZkwoc#i5-<PJ^-c&f7zAh<;BdOu!syv0fWJjuws*ziSBrA7!;PqXUh___M
zaawhhGJ#-h_rP}UTgw1lhlp2oVM{@%^P8}*PpT?scDzzhEK{|LTEbcbtbo*&iXnbf
z4d0<3K7I45@rnbr)X7!i130>GJ9hu!cV?kTf7yaUqHns%;sqssU2$>=fhphF-<Nzu
z0koCscA78qLPlvrW*o^k@aFh*J^Z9<M7Odg5qyhEyY-N_x2%-td0GwXqbiN*cyFQA
zOHb)RYrKQ^eOPdY_7+)8rLfm<`YUPDy7vN_ql=JULLEH04#4_o#O)35#PMB_@Cj>y
z7?&%s(t5hP%{pGP5^X+O*q>gFK|Dx**uwZ%D*kR^=-dPpNkx=HU<aKE_x%m@449Iy
z{%T=;m$`8I9XpIXnlk&04kgFPHbj2*YSIltAY`{=a}oTB$N4zq;i^igOAy=3CUcm}
zX|2c(A+u|}&QV&LmBj;58J*dU5Ze<ys#gv-jNd9u@x$@UoeXVh_v4}HmT$!|ozkF@
z%1j$4LG|02dd3|XL`K(>CgYpFz?r|<%8pzAM+=)o10q2e8yb<DO}F8Xj1ujfL(TeO
zVUgS*_ssg{M}}V%Vf;M$nKCJ*K>*uKinpS0n*{bR#3xz6KF~CL%Hg=A6!No9z`BK}
za|u<D2BxLy8=$AwS9PX#qSv;^K=Cq6zfq068fd{YS|V;K^oC%~xzE=ZcV%C_Ul80s
zBbBTQR(BEu{Q%|#EyFa|UtFsMv!&*FqTUIn6A3L-KltQSN3l5Sy_|AE`n=)5;cdK;
zL}$}>`8d^M=><yW_*OoBa2C+<C4O%R9GqEy?219@8pT5mUR^LIS#O{A`M~~L($rob
zvC&wwIDGUy>q%%BZFe%o)n!aBZ;}h<Lay28CslE+aH6)L+tBP`Szuq3l0<Pxd;ZvH
zAfnXdo0<@#d41)-JD3h37n8|-mC>}(=|~dmIL{wg#kJeum}zRG{-q1Z*|%A*bTVZw
zw+2Yn_o4|q+}NFAFn7}%d+E3j=SkH8dOs`B&$tHam&ih@6~_!B{go|`s>`uM@9Y;n
z;vw09aVW4Qy28FRfQFP=wuj1?E0VDQwA*(x1|JC>4}+rULupx?Dl_so6d-B}w0te8
zI^hOy;1I8ee?98}|Man+B}DUxyeIH1QWk)dwoHuaR2tRHqbdZm^w#LT;hQS7SlbU8
z_wdVd<>uEni-!I!AH1($z&rC#yk?Ah`5hN^l&Z!uvtJD5JRUU|Tub`CozkBiDJM&n
zJcFL1{UYq?%lWW^1U4q3p~pUOSccxpfP5QSJCCZeuey7UlOzCKKN65&Gl|eFHquDS
zeqP-rUKAogir3n70;>{I)=Rx?$5ZyN6Z<@~|9PT^SqDH1KrHkYD`X0Xrmg8!;zHn$
z6Ujfl8iRNc|FDH|wnqNl!tf(*s9$K}%>d%u9>fOWB)tiunEb1SwU<f1yZWfxT_R~`
zGN3@pjUDOvBI!gfjsS%}eGpC}$eok1TB-x%6;rk!_N2hBY`xy+emS%0QR<fje%NOo
zPNIaoFK~xj2n(>Vu|B;4q!w#3I3`&w+Hc~e*U{~n%;(=u)P!z7N+r?j?%KZuZ9}zF
zvIJ{lva@5GnC_)e;{QhrOP(PSf4{bd&W!%yQ*7z(QA=Qz#SaS`?t{PrgCq5JbkOKk
z1QDs`t5;$~Myk%)9HO!Tm2>Ux)%2d?1LQzMsyZa?+`H0h5jOeY1Jgc3FH>KOH?rcw
z3P7hH(JKYaf3UaK1<xHW{Z@v?Sbs8Fwo_UbLLdCSDb(IrE#ECPr~5GJjU<Kr&X;nV
zR!dg#c|;1`3Py?m>Vq5DS}fnEEv$#|1oNeV3w>OhaEiH%0YaZmkIds#&vT`0^11QV
zXKBRG5w>7JaD#w6gG00_fe}z*{iG1@m`0WP@^-0^@(fDG5Vw?+jvEF@uc4M2$Qv}O
zVNPB$-e6%ZFy7o7>q*t(GDH`ELYu^?H;Up#9#wsdW`=T)s`!Nw*(>r!c<?)1la<yo
zy{G#~>VEG4US@t}7+E|g>lz%ck!e8oD<EAp(i7OU2tL==Y1_27S-s3^Do+w^+^e<J
z--9x%fBNKVugA=L1fE$za7q|+c%JW`1uVViQT0|q@%^5dgyN(r@=UIl+r6}t88+iv
zMTyW=2$lhsV;!($0Gxp+&jM+;yQ!FMi3T2z2!Z)L=xCL9BHBe33gWM$Y~OgqyQDp-
zS|E{fp(#5=r)A2(la}Tg)!+cY^{8ri6W8)S@L2uD><Z+!JDub);f$)FygfdB6aULH
zRr@6nhocBxpzaI0!rl#OMcmd2NZj7GxY}<nZU7-DNZ6{3{?>>nll*;8s$R*0FzV-H
zNkEX*t@pe$e!D5B_u~p2db7|z3tH2g=AlGX%TAa`?Aj^g)Y|^K*$;G|gTxA;piYuN
zubr~x2Y}z=ky=J97tKMGJB)`dZH&Dq331auIr?-BYYY7K!=r`$>D3s-gYbtfjOlXe
z?-rIxT2C9}6D~OqISxv%2B69(@X`6N7FOvAFE2KDO1Xv6QA$L?6w8|$^10m4fzQpS
zG4aSgP;`D_{5F|&vRasl)YT+44$Vu)W=wYE*7KfR8=#4QeYeX`SuLJ+u3{d~-=ckZ
zdGS8aX<pUjoXA-OZ`mI8#VRl>q+LO`dd(PK^$zeYY@@5-3r|9s`U$VasDu*WU8;Yy
zFi2{hOI`hAo|%pdCR)3Xhqf8lYd<WE*IX~KK6!jcp-`eTvsGw%24YSh449lyT-(K#
zEVUFYt#;g<Tav;IqJW#EJ2`ezb6Sq(o{5hJg{v6;Gm;_AXyOHFf7Crqeq<({tWY2r
z$SwjmAQoRfZS(n3Sox>P<UOq|yA$SnV7u6kM5=343It1&TTI@KqwhwZTqJKv5G?lF
zvn>ywp6XKWmj;$==yS|E4(r2_B6Y(qf<Hblqd7H1v#L`Jw~)w!xe0`55d{Z}SI-`E
zG&5<L{y0)P*6yAlyW9pzu%7@bI5kW6rdo8Ow|v0LIGS_xEw?uH6)mZzJb<L1@{_6=
z&V-8)n1rlr^%ChLg~=$ErANn)s(xj078}Kjd9U9_%`7%f&j|6Jv>g%x%Lw^yoE0DE
zIj^{vN9J6d(RvOrFzW3V`F?{g9fq1cpB4g);T)6kO4Sc+Z#ayxetK(bHCqf<U@w`d
z6Uh!>WwBq9)fzR(qiRtVcL82-R-J(fQ^ESQXqpIyv=JZT?F%t?<O(c71v5(4%#)Ov
zB~#$r)!CWm)H&KMREQMSQ@%V7UPYWCpRkv*_Bs8cZBK_pd@;9xeg5dX@U<Ln8-sM`
zymrz0N7aUCrqE3*V)&7K62=fXLg#a~nQ$@oM2;*da^j)NXr0P0{U%j_C=G5-$nZNz
zL$JdN#G>t+(wfa9P2|T+c06arR3BI8?8Tlw&Yj>13=Li#q@xZosa881Dc?lHd{jMm
z!Q)(T4>^`zvV_w`UHwLGxgAi=v07aBd3O12Lg8$&Ty(WF@rYm6tsuH80$Hr!M@!*`
z_bQ1FlG;N&$v6b2Qgf^2^YWaJ7WSuCV-OGgAGR<mneD$@n6ETmPma12u5bW;B*>yo
z0e%cm=3gyrP9+j9zm&8RW-+u2?6Ns8dtPRz^4{Il1`aToj`n~b^*WpSYgjTlah|Mx
z!}oHa53D?jsRP!p31kw>ofE$@9596;C$&qY=O5qL24Zszwsj(Hl5@bg1?Lq<!CNov
z=2}}bjn4~UkUM?8OBX5JXI2C%jDRjJ3|}hhjtLJ3{znT_DpxOWS~CBzJ0H4m(>{Mz
zE!UUy!@|7WV!+oKR+56g<3wt0@t)<RU``jrj@(@qvpR2+miPuIe;vH>?tsss9VHB<
z$C)OnPoL|?V4rK0tYvq9yY5oNa~5JEe|gk{Rk84efx2n;-cA6kRv7*}4P`M8f(^<>
zh~cMmXc@(D#i0yyhd9su_8BF<iTJnoU6q<GG}Zj@!kRTs7W2qYPIYi>p+FNl$_wC$
z{K5=kZI=p`fFC=w@a3C|g?+>%d-d)J<6)TiVKI!FMKo#W*g&?W5SK#<_HFFkmiX6P
zBfUvGR(q>?9bFte!cS&o=ZKxqbym+RubQalD!25WzEZ>ESvYMVU^kBXZmR}>h|Y`%
z+?V}PHG|~jF!|ez;57}3sD7XgLTvDHgJLIv;ivA)=(+HoX>f;R%i7?TyV`Z7wqs*<
z)&@XV@^SzJRnv1Gtz^GQdQu*VszWbH;-~KknA`U^o%9pvfi}M|0{+_A4iJa_s5)%;
zhCUEHKirPr-)x^T)5$ysXQ7fhkU0WKWY$_Wh&iob3B?Xcp-<4QGC@}SYa!>-yR&hB
zd!8Bu>xLwxXnpxe^_OJ?JJC<7Zqyxfl}Rrl<g&*p@(iOVwcSuI{`e3<vl?0o8fS?^
zmsuJELXQAqsgC$-DaEDf8awDYW30~*c@@O%-Hmq2$})s^Dun|{rLV!E0)!GDr+TdP
z%(g(%Dd8IR_Sn-KNLB~KEGn`jbNiI%K6ooi@0-k7{Mg2;=UA>d`MRy|Fg%AJsBQ^N
zaw?8+OcicbdqMS64s!JFwJ5-=s_l<DTji^76cqb7dzPj$W(^&&-i5di;(oA~Wp5Z(
zaTA>!d9<)Uy&8jf;Qp|Mk?4*6-NKwTg}0&(S(kbk&PNb<QC6%sJ@x)-VIK%2@|3<c
z*K(&C^{$rFZkWDsGMkLCCXw9~)W*e!1EE_UdBxIh2W$=_xY7dS&f^)aqgQ&BTo{C0
z75=eC#=<`nQ-tL0nI6NaLS0lmhn_uugO+Lp=B~}Y_?xn8Q`mv(!Ikw~V2&_OJZVtW
zx0LVXB`S?>#i_b_yQ8v&#O43d!laYQb8DqS627Ubi`U-XAf-FxcK)z1_ZB4QB65v%
zAkJEm)*&}QFP=`Hr0rPpRm{z*OYHB{9w}eUu^{U>5KPIqEmXMX<3Hx?eX{n5O~lH!
z`RMS;jQ#GAu5>D=#h^|@HX@M}$}3PIK#1dLv{96k>{|h(3uj<}F5*EY?a)pU=E-a8
z><HbN2oC;n<MwlTWyDh~KWE%^o|s|g!zZUYdj>zGW7>B)N@*CC9&uK>obMn&k5m1N
zmyp~@Kc1EjMejZXJQ%0p8O8<=4Q1?>MAcw{?3jLV#ApqOI7YC*j%^w2xD8YfT`<?#
zNw<ax3P=>DKgmR26A4UKbpPbjCs&Q8v3l({L=j0RtnXo9)P-@+bstr`2v*3ZQE)}a
z_pHHIuD`(%$TzSW(3OwE$lo8O$4}gZ4{Cx<1>>*GscmIz!&?Q@f#%IZ^WmB4q3K)(
z4d+30P&Y+)bdd@^sd_fYOOAZlmsPL=zP4>N_bx6r?#B&Ar&n>Sr?1|0+<@hrd3je6
zvRt<SR#u4-3KJtxXGXYT0^0f71w&R1$DCaUvn{`hoMq??zN5wEniDqB3j~!#qgvB8
z7&#lcdQvqDa0e*OSgCA@ZoKyP>TDs8l_}`Q_6FqA`gYH9DT}?FMMj&Y@84JPdt)FX
zpoSdor!sP=ztC7~(^y#!(}Sekc)dPMpLK?5r|)KQPD7Kqqo+AXwE%tbjf=>8>E=n*
z?MT6mn*v&c7(qvJjFlN3^ldxbM^#t${i|^E94qdU^Ny{7s~qQ083d|g)^<0~4}E|i
zgh5?R%43LT@wbx8^3~tb0*7*<jNK+iudPb%2Xk#;2#l|y7ndTA)15wA*q>gFK|HX3
z*uwBM>i=$Gg$k2n4Bx0mU&5p9d&teeHf?vE{nf&@Lz62!EIeCJ+++5sYvcN&WQS|~
zNQrU$Dri589&AXLCL$@!6(N5GDqXvTaS-lnEzKm{86&2$;>vXA-Y}F{`@9u&S|>Md
zI20OhE;^HWUa01=*EVOaz6S!-sS1^yki#mGf21ci#^ttmft1i|zA*196sOK?YIPdM
z(4e{Wj}}(kGhs=_<jN!Di8*nAMNe|~eWL4!g{2E!Yu>eX_lRlreIjU*Vl%SVJ7>;o
z2Ul)3Sd>orVnv+F36x=w#M+Rs2E!8PAhUc`^i@bBPMVXD5PHpr2@}f!bW~X@;k_9D
z9b9W0or}adt04^AkY<fIo#vbVlrYyDrF3fkIm@E6J(oLjY1_ps5O*dKLdewPQWFEw
zw@8a!yDxdT&+?y~>KJ;$(j9O4^Eqg4fQe8B@?$CBQh!`Cf!!oKm3(pWJ_D(-8FPZI
zUeJy-f;d=5vhO-1N<YO^NtG(_a#a=B_j^yf{uNkJAtUwZk$^C?l`?4Hhe_^j>oTHT
z)+0`|Csh-^%nT%9L15s#u@TCL6q(2S`1*%&Dl%^`G&%vf$}=620@B^K(wJ;oFe*#x
zE5WPi=EpExO_)I8YZjSJIaPk$e*x*sqwcxd;=55gu`6|FvEY3A>7$GJrWBO5(UYns
z?eOJm&9-EHS!_$nneezv0THB+sx>lB4bI}lN#~Wd@rUqe%J|LU2Og?rcFLE*F71lC
zO<-VK?!t6;7kc6mmrm(KH6FLVDvEHot`P;o$y8wW4zV2FvZ9K-?oXQu)NHq3A6^~&
z0cJ*ltWsdh>*gP-f#}dN>S-`2oDuh!>z;FV`+lNipFRr_(s7CtGD)OV=Yac{9(8mK
z9K%7Hm%C*sC;&$R@Z$TtTbpAb@OgE0=?4Q~gDWU9|D<Z-2bzzha*H(yGf<c@z$CIq
zVtfgYs;@*Ef!n8!c@13P`4<r|GvY?Ek{C?6yuVhTVz(<Ya6q1YoB7JLf|x)WSqGEn
z)dH}rnKaZM1#mxZfPkvsz}eVg@2S<pu=HqQe|j|r@xc6H3q#i)_`8K|8inNdXW9`2
z`ImXq??81KHbyo4)xrjI8jjW%U$|DmI9iOujMMkAJI|aoLQ)BT(<tbetyouQgy0ld
zn8k<Z8T<TM`Qu4*fMzq@Uj2Rnw*<~7mq~DWQdV1Ua?r6Z(U92Vb5e=YH>+_o)7DK(
zArsr{_qzObvc}y-(@gju;P0YE#>3-;$&N5PHCToDNBY%Ks<Jr#(ZasR2gkoOPn0iS
zw7F18O84RB*eCyCVTUF)T4`+`8wAbiOxQYy6pVS2qs{<I&ObT}eTXaEu6Js~Ba<*6
z9ruZdZ6bdK<Qdv>io7LVU?Lnx{E{F60qtl#Un-h3D=U-?(->66<@E0Rbe^KLZwwS)
zgqB46Oa2tp91G+66?9%9P!Sp+=ub2^{4S)0FIh=t$%0<D=)|Ks6pv6jEoDDB)zzYg
zjWM=687al%U;^wh=WS%T#(v!XVugwx4Q%yF^K;2$e;FxB_*DJ8)#@OA#RuS&9g>2|
zg27L5pD<$yh<nt{Ask#YEk0iKwqA8%VF7(-*(Hrn#JnGL$Vn|wd{Q+smqcV0TfMkD
zeDYiGY@=`y@A9V~r#YJVt<Vhd7LX==#gVvgsE1N7Z{M6xhZU6J-FciL_Q!nA&=I%_
z$=Z+CElwFlg~`EPBEXMKXH8t2B3nO3a+qZ5V4v5%P<i^;kJie1G$kcBzNH{6;y{5e
zKE3qu6Bm)AmcGKIT#y|`5CHwdGzY)eHO12AJ4ok|-8ll>$BXgOOM&cH{^=EQVSOvo
z9&i;jjrDycPW3W=VAx6%+)}!ziTzDCWOJXMRMp6h9?@r;(Yq>RdX<BE<87^a@WZYl
z{cX@sjx?bU-bwE%Y?|DMUR8b_?ik}ey9U82K1_VG$1d6csKQm4KUHQ5pqgf6<Y`kJ
zOhrp(ay?yL5>JIp1k?h%Kl4KENmbL=v3??(%cG!(>~IN`6Jk5q%%P8}aIsrz41JwL
zd4TOSQF!UyRF#}ZWW~S}jReAX{^C8Puc68TR1|7oFV;FZWw>)ErdMYvIv#9eV_i0f
zlfgiY>qP^vq*4u|JzChGUX4LK(0|y%;EG!QZej8pXz}IQRSUjWh1x~1WG@(SjyL{l
zVf%LDY`l})moJTsC<ivwL!kx}4D~^gU6O#IbPh=J<7>Y%kl!VQAeiD84je!P`c)L{
zCytIPA`40uy5|Mgh0YXsOqg=8LESJ>(&O2C-WGsaBg3#Q#b)MWzoY^c_o|w<3vyg5
zv(iJE=INmHa>{10JG6;Wl~Io?Bm&rb=lG8nri@cdu>AS;ysyiuNML4%X3SAn!w(DN
zKQm!I(iCPt!v(@ZRm#Ez@NS!)%hcc!s!!`DRb{5$=2-eh?-9|>_^SOpr0n=AIf1*(
zd?i}_jyb@Sht)}!q?z8>0bwqn70+UJ2&msN9cBZct0#!zQ)t(iBoaL?87VXHabP%>
zSvBZI8>$4AB92?=gvf#!nW#OAzsTI!mU>^nJ-LS7(;xYBBs(K#des*Vyo3fk8kP?4
zkDY&<>SLrhRZ%g)#~Y+GNuKMjV{Op`v#*F5(zCfh!3^S-KRHOR!vstWFNYOWjcCm5
z=1bd#+8kBQ5ZqNU`)=`Se6sQNa3evR9(z*tT_0i`-^Z40)bl1FUf#uPYsVwiN7bsS
zS#<0ODXkYTin;nKC<9($<ywhs&jE}}Vb;YC5eGvt;D~<0G%Y4Hc2YS+GHTJHgsOSx
z*kcwdtwxG!X$GRsDZWmn(pvGPs_*wK5d(BXVs8>!Sh_KBdCcnw|3}s2(CmX2fE6Wy
z1yQtDXYtInBQ%^5GIOs`c=%kunUS^1^0I_U<LLk&rMkL)U>*FN?*GN%=vZBWdeic?
zg}-l_+>vciRLD`%ld2*0wl_2yo4p<MXlM-B%WG2H%8iezz?RfaHN3qaY<=?=R)Z2y
z6VGy{e7YRV&B}&Ij6T!ftO?C8m{Cn-T;Z6+%e;z!*vM3vnTcd+eYx9+t?<6J^1`Tn
z$6sn=<w@1>&7IR3yii%|{CGvC(sy+6HW~y!8c6o=dv_Q)?zNh~0MooL5^MxZt@Zby
zD#7R57{2G>75Q%8x~P{vN42knE|DLl4^5+tpE+TnnYaxompOLeBl(@|8{lW*6W>P*
z`_rp2i08#0wlK&to4;F_rrCjTovPVdZ+Qj(a;eM|e<xDnUoC91<vh|JG&>W$m&r-&
ztNaMQ-`BogcujB+cB4%|RkwMJ9y?H>0tUD>{quONtGC`_YWo?Jk}a(XGK*GWD?ob#
z7})CIhKyPAm^HKn^I?*UB}!q1SZ*l0&AQ%4b15JBkLG3;`@5H+na@2&jLgG~w@()o
zYJeoCk7Tg_ANKw#D6chYxI}SxhY;M|-Q5YnEx5b8yA#~qU4py2ySr-$!3q5poQwVK
ze)q-c>Z<g`zwT3`NX<FkXFY2Qmojtte=5w$kKo>xSKqx~U^HhC|CSw0>x%e8VS$LI
zVbv@6GGVRN#_)5M!8HL!nVrM35FJ?RVx=S(=sXtpXq({DPjwQBErdRX*971Gz#9yd
zB{bYd_;)>CdtC;cPYD2X2TgNsxg-08k=yJ^&bIc(!n@6ZdRJPw#pd?kIr9Eb@YK-c
zLf5yOeCyE1mRJ8>Q;;d=rH#-pQQYFn8@q2d+yyYy?Zw+w(jj%Um4hmlX}VRs8DAc4
z-a|c)Jczg&(Z^YSza-S{&N(wPJ1Jma)k74&J%RQPNeR})HApf&1=K=?imeY{KYkLX
zTVi>KFVp*2ktI~-^lp$W>H3>tLe42b>Q45QK(}KsQe1n8NeSd|%Mmyd#5)x?CV1-A
zXIO_ASn~vzK5^F)746eb`jdDJM>oQsXbkd~uP95?+z-pC7tYobReS>{<{V<G8+F=b
z<v+*L-E_~ae38!1JfUs@QdOc5fI`J+ceqrDSDx}gDj@gXPTr~2=+G2{qrDZGcbW0C
zR~>w&c6#ovpDv|MPKaD#d71OfCi~QUKf|Z;2<2Y$1l#|LYZA`VRo{|JMKl^(xGZME
zlh(}1nYsuCNIgoTVK6mudm2dXbJh_-o-(6<%Ka#)g-$)TLIAsdloCZ3mODK1KwQl>
zc7H5euU#_($|zy%#CtBLR?8?z*R9xY0dAc+{!REbGkX173=&re60N<v5-g9_Q?MWi
zKx)zH0V!6t8y&hjg-L0UB#=?<g~>a0v@PM3VN-?JIln3ZZ=3ow*vggr%7Vn&_*!It
zDoVkXghp0UlCzf5_;ay^6}<a^y2yM;NulT~In~>vPA3%ywzXeaR!Sh$yTbl<Hiikn
z{AGoK@|FHuVZy#Bqv}sc%B&W%1@nzFP?8KXCI3{|Sk{FJ_P0c2Ipdr-A4Qxs-RwjN
z<FAI{)Wu(7fc6On2yR9*@uYwWlVXB237F(~jlbf&2KiDO=i*$RrOfp-1YF9n;a5Od
zyR+|CN2y^8zLadlP81C6@vm7HMUadv8txUQC6WpZ5W#&RS@_cxW86)}bDuL9JA+)`
zL!J{{`=1IU=BSob)jSgj3{AX*nRDir%0#;QP#D*vQ1wY?Y)%UDm*>%k9zA);Q=~&N
z82+aD8)N2ipN5Q$NT*N));Fl|u?jjTf&#|FqH9y^{F`xI^z=~l<L@TD!mf8d1v4=@
z_fM?i2X-g@!jprJ&9S<ab4XW-7QV-F7?0u?uSk5{UyO3D{U1qx;ES<JdL%9%z8YQ_
zDT(8*jb0v8(&hpT_2UpNLD<u%Fy+|Ga%DIgf4`yNkoQn0v9ZgcS|$SB|7i)Lj=vdx
zr34~rxLwX&Fc-*es?EhXAvdjjqN9g%6%}4Y+i(FUDg<^sIx1P?-WHk{XC7K-0}g85
zh4pF$klKZCwLL8{J2?ze$&E5X@zrU|qxhZ5NKQ>|(mu#$?w=i=Bt*UPgUO<YlxVO!
z#oT@p5yoFo6=K3Zdd<_ngIbp1$8su5It~wQ_zbRYpAm{<MJ(OoTLF}o^TC-g;Ip6M
z7n&$jYf`HSl75-B?@0YeucPl&W(fB@fB#0vnf)Yi8gjEyUmr!!!0ufzF41aS)Dq`I
zTLgs%ZmB!7w;lg>wyV4&Ntb$v=<jrqek@mnr_B<|ksD_PyjOme0I9riXRvDVfgG*d
zEi_*@?4ZlO9Mry3g=AfUY_a#GXL*5FxW>#2PA|wCl((X1u-P60TYq3+UZGySqMMUw
zCFfIN$^G21ZjN<^xkT&m;K#T5{Dt~hTG_wIMrYdJ0&pk79dT=8nwtkQk2kg1o~OxW
zbmrDa3zzgH4w*!aO#jG)r((aMa*12%cThttwq9K&N)VRed8Q7nrehr!mq#6g9HjGa
zSH=r_-zHlGGZS#c?OC*^t2c0{91HyrO5YXsx3e)!0Q&DL4D%)M|JEa^aArZ*dxp;*
z=+d}du6?u|w8I|%Pla947OZylYb+H$l4PHVO=QJeD;jFx7`9E7t*;<#`$2*AK??S4
ziSDDV5SmGJD_H0BR#IWXy}^|*z^%6+=Cpr4-BXD8mhKN-V5H-8ZL{q1J0H39MOI-o
zF{9M<b~?K#i`~bOK49_8meM@EgPE2&C5|Tn{X6|_(SV<2f-~oTDh!H>EnI4`WgUHu
z%~X_NKKTbLbp40IbfoxCVB?+zWPZW#2O0E*5n*R+f90F4@&j|SQqq+*iz~l)P!Pip
z^{wv*jt;7pF^U(jV(!z8f~gDwf!vhvq{g(CXx6z38R{1Pf=*<_Gc6~P`bDZxS5g?c
zd$10gh};a)cum)<6-lQ;F5Bm^-6+TOo`9#it%hFLeU_5S9PM0-xp_&J7htF-S_YH<
ziN(NXEH*kLm2&AJ>Yw_k9Y_C76{i(Rx>@jbT>{flf&C6%Efeh)Ka;M$u@~~$$bicp
z`Z=RobHV-li-is8{OS4xP?kqKbho;PZu&$E1N<T!pS<N=B@sYs*5uwX|HDtcVP%L=
zahbZf3?&_okBW7l6({ec9=DxTH)|Rc`=0tc*ZNX>G4#~=8D?3N8kXavVW{8*(FW9D
z^(CoTIUQ)vR!SS-5^$f+<c5IF;d#as4Q+HqSHRc#A+<j=Odzx`g6oA`Q$8=4G$@*U
z%tk9s><RqYC##-6$<9T-l_P@zYn>WBR2fACte$j6wEo(G=wmWPjh0GK>$sy~wYz{L
z|7CTrVF3)t4NHz|vm=#GzwH*29Oe%|sw&xD(9i76;Ud)S-&EdxKxRnRFz;02cx<hG
zu0e!98?}&Zl6Nu2f=D>C_XCYr;IHzR;$DkdDl1?^Dy^|cEY8{@R{Sce=C-hKgFHyI
z&^+9m-;gOV_=aCS3pp_WQWfhk@rXKEl4^5Fig3Cjyl~X@1Kz2S+<VMfP9ETVgSYkK
z@eLYdjNgSkzj6$yA0<(cJWVfEPvZp@8~}-7(}Oe0C!_X;Lr6yGwj8twlyTMb`+c^F
zInRj<q=mYASJ>aq#xMb>zpSuZ>;KzbSk@b#A5F?p0n`D>1R0h%<}b=d?SCq4%M3A+
zYgy0;`dnPPVmyE<a(GTgx9tZ|G;N#I)D|WaURjC?u6Hj?y=^=n+=9lEKz78{W|Mmi
z9*7HCh)^JDP~PF(Jj^dQd9BSIKR9j@Tz#!+4$aB0j8MPCN2=RRSPaje*e6mV{Rm`c
zz|ZXnxDHFXUkgE4)Dvs6V655yyTNF<ml!*MD(~0?Rvb(3m0;P3Te0y&VUu6FfOCi7
z1%h?R7kFLtIn~s5vOlRqr-V%=w<GDH-az1H!a#<X52ln0kNBwV@1gK}tZ?`XtwZV_
z#l?ABgk(#U-eyFlddz@x!~iu8OYL!}LTm=>m(m>}a(GoenSzz}@ZrB0x_cCEK~Jal
z4K+&4MN8<Kl_rFl2(ECzCpc>gXr~dycLNOdW@dtj9|%13NtLa35ePuK<M(18FOnjH
z)%E@Zq8ZKLV`3J3<W?tCU3Mpzb+?ID6{8MWhD_Y^PZc-9gwm})!oeGZOXq-_+Z1~B
zHr~n|p0HGAFTI|oFzGJm%$Nc94gPcrXdIzeb{LO0Ms0p9)&F*&^-g{GnR$YNSIx;>
zrmnYJKa+}pk<bZDV>tILHfj+V6Tzn?#s(rOIenZ0`eOP9dFW0&x*h;W^5Q=?f@Tvj
zHfyL1(*!J(z=Hyis^`U?%eiQ^H)~7bEvR9nkD$Zz@gg~Wvqb&215bRNK@dLADIXSx
zmhV^!GBS&8-c*K^LJq%D3W?WHqNbGClcb?NGgHh4ZXV`%i9(kLSM>&hkvgiIUO<N<
zOg{pUYPG7~Kt`Ph4g|eV+)bG^;qaMk<DJ^5Xw7H$LieIayDk?JgnEvSEkOE<+roM>
zsm*=cVIhhjlT!Q!GL4`CE_uqH;TH*hyTUq!X0_c!p1Fx}r{XY!R)Bfcwj|&$k|88i
zqL%lw-<%`HOx;2nX%E%C6yK@Xks8`7a+Bzn6E5=%J#yt^H%nn`&A@P=Ss;k~oH*ya
zA|T9Ij6J`1<`;#|t(6oSVp%NXopj@Bg?(NZ$WZ&6W|&7C%YxM2752BYF-!pRFDvYl
z(f8j9OGjzr9y4)*H}qunsEu1&Uxc3w|EI!c3W$A*+nEna9AH3FM#TweTwLnd8Sc{v
z_ePLyhWpYR*AL_tpc;aI()b8pRUe*UP}NZ5Tvu)psT-6Wo1+IfCI{3l+1t7xQ{I^5
zdH3`S%G0zr5PPtwgqrGu0}o-oFrmlbMF`OoP%WnMNE`L#^j<s>;nE3_FxCZ({i&Jx
zPlZ{9c-VCd>>0kDDH(q<3jHkIp`!Vru+7)pBXri?jo{T0hhYQ_jU!pndd|SvyBKbb
zUtQ3SxA1Cywj8B$g(`3b2Flgx#;cLu1VD{X1wp%TcE(b0y1-UB_Tx7UdNnyt*r4@a
zlnK_C3ft|pXO!E&=SjH;v#|y-%|iQJmz59I#U|F+teK*gEc(UU55TfbG_Kmfp4i*^
zUeQ2m0)FAB!)nB<<c{F!l(S3EzgR;RNpSk8T7uxF(fkgiPi#W`SnslPRX^r)LMnBB
zdo~<~fX`=9ZrCRpSvy7{C3$wC`D46(Es)le^%@ZlMqiHErY02Jd&8PSK)?2y&<pU{
zZyu_FD;=4$SkOEp5ZW8)%*)gBV+8b#FEw>(!#u}XxWrX47})40bKzYmt<>j%w@7q4
z(~D2D3^2U;S#669M7d~U{b_fB2{S~I!gtEvb2S)wE<V^9-Tg!-+JJTa322jq3cd-^
zqoP4@_h+E^jFEobJGC$Fv>L=w?3=wV{LSj#c)Qo+Tc>qd@MmSJl&(Gq&8%lGFRIs(
zByPx4uec;o#nx>Jp@AnpX43B%ar7#?!#)|=c%^bSq%r`hj-U=8Hgl`LEFHdny}y}H
z{Qc&9{!Zm@pNgOmU%y~XH10m>>t%DrDJs6~AuuI-Oqg8}Q8_{q4atLs6wYMDnsOkb
zWWQWKfKP1;s^R+i1ecQS195IymUZoS=nwep7n=aR1c9rWx?N1HuY4#zO1ze&`%$(6
znj-AAy&2w<J`&*(VorHfPUD6^_eJzP{mT4);abAm-DfD=D=F$rM?R2p1j<NkkBgkA
zjURFfYGkWNPd{C@MsFV%Ue3oU>~Cjdm;l6IR@mY9_<t+xxU4syoLNy?ukI1ZUn8(R
zfTxG*e@$%#4f8Uc&Sm0NIRa%Hf&d;{xFmtN*6@}@EBgU=4H^hVcl86w==Sp2-(iZ!
zvC%{Z)P`-?;go8qa02Hwe|nb0MaXtt4Js#HUV3I=-vl|;AxzZgVr)HFnqSksAVZ5C
z4K-VI2n+ruu4=;9U7Vr2;Z3FD*+UVE>w5nj<Ld0cPhoTEnS^K35`sO1Wt)pW4iYv;
za32aIFV1BfY$ewJ!69F<;i`4Psa`KpH9_!&g*_gmF$VmuIPjX(?JXsF!?g&Ll_4qb
z^Geo$N(U@Hw2C9&X{^2P8Fy2lc--s{LKD3b=pWA|KAjzkvBvqn_pG=_R>mI3tb*T$
zCzd7y=%{#G_0D_7aW|4WCMKX!0!`BtOth<@ISb(34;f;y0ET*fpVbYU4?V?>{p1(N
z)5o6-jzk}|<7~UpQgFV1LXFv+xL7OI;Z-j?s_o0EPJm5RQK+4yBO#uv)7`*xPjsu;
z;(1(EPc0;cmFv>Y$=FrJO*nWPNX~2Shp|RW0GDzUvmkDkxpAm)+`_}1--bGCoX)==
zStVNVNfC`g25vdb<`ugcn`q0OIV>}>KFf6oDrJ|Y;uw)jPM1$Uk4ImaS5lAKO{1Si
zG}NmOodgz=X%$to1$D2{>PTK1Y%~Dwk?dk)bW(g{3XX@S3OR*!tE_Oce5a1zTBxFx
zEHu|>u6CM|RxzQ-#yyHwC;iXMVX^z3%A+Q9;SxV4WlOWoCa?Clb_mWCwQ?P$j)k;{
zCkzjLqb8IF>L2i&jofnpsiHNC6_4K{ZPJgqg(h|&t8_|f-QKC3bK&7jS`CTyh9R^i
zv~cVQQZa`0gA`9yaYhV7%Dr8wDQ$OXeJhIfByBsF^S``k>+~=m9ecD6S*LS*9ayi*
zB~mGa$sMTxQmN(SaVK207_@d9OYQ06AcL#YKBn>Fq6I0WGANE0WKC<Holw@z2;?C;
z2ib)ov`&^(sq}kQMxi=8DxsV_L(D9Qmx!$&yOKp0!aoL#>Nl)VQwLZMUCwUf41g?t
zOl|$k*%&4O{+AWDt<Umrh4nUF$U8!Q0e5#B)wVT@E0>*F|6ir8JAw|6L#s#RH?8US
zRwnqosj*8Sj|X~#%ZV5YCv6A0K7`99pZiT8*6D%4_3jS&<twp6pkL~Y@ASJslcCm-
zwOe#vy=vSJwhE5hsYkd_-L7|U<f@}HJjHu|&wgfp`D$ciwt1&fZ($Z*3+h7FNh!-s
zEshvD%6n3BqW>$y<G<H`pg%>Ll&-cqNL1}K4Egyp21jXsC@d-MK>ePCHLvjNakVV(
z1l5+5K!5+aBLb-Pf$XF|f*0NNdb<KEzd3v8TT{y$(hLGxv*{KwOV2OUh;T$&i_q(X
zO0VsMIsww4+ggL)>35RPp*#2@en^)K^LIG&7?@z3B0=d>0xJGE9J==e4KKI%%q>3S
z`Mn6gvDsBQLe*ErXsNZ(Uy1>rho+}TbcGS@V0FZIDirE@+*-Vx-a~!CKKr$#-(-Gu
z^6`_O?g9cu-eyKA7T>4q%5xvx>ZR1G!|mW^w_!@BU?LPY`ZXHL2adT6QWx=E4(n=K
z_$xu0GZBLUqEa1zRB`SZzpZl5N{E3CJO;ibL->v3)Q`5NXVKjGgG+@if1E!N`9nKc
zwktNER9x{S{&h6ys713GPf9%+=A~_jV>q?+pCP_zBQq-fQqbFrBG>rr-AWG1TSe}b
z1gi}=t=VTLTrk-3KD+MN_S}$%A+Y6vP<@QOu~p?TfHwWqxly4f_PqcHjdN{z4irgC
zEGng@N7Pt=i<XKzFRRp|oEY*e8!Ix0xLm??s1dqHB&LwPJBVN+N5dMV-8}3eK<cIZ
z<4;v<<}XY(jo9+RF+B-q%pWr&bo4g$kMu^HyO(hTf+*VIs%X?9Axau4M5eAsDe)Jg
zc@<z%FG%AxdTBmUwRDz{zBbV!h~7m;S;28W;9S*jcf>BkXvXYU0i-U6`hE`<Q19?a
zm3W)CU?{B+TK*_)-FkF<uvy(uGihpS92ap8BGk?RCN^T)UpwH-J6y<xY;qYv!y1^b
zq|R+a;Kd1V4PU3E^jpI+If?5f`DQr>RA*6f9*Op6;$2~XI~&6U!2YtrmN_8*tuVdM
z%X}Ua)P;0AQW7h?dr}hObu9l>*yKy;UYxPeT&xD~JULFs()1q?bm$@0HV;KI)cQY;
zag?CTOiG}<h7nYOCKI)m^KeaxyBfMBi&ivB&gf*nedCdi<S;hxo3XE&1z}RRK*B&!
zx~Qh@Sms}sy{(>)?*x685F4%(r#=;qnhBt&&Y1tMxx}(feOXbZK%rWkHu+D5$roEO
z=M5@^qVnS&cfP1&n&Pf;d?@Te|2G(+1MKyf<?yGpys_k0XD2n9RwTvyJ}}x|kBHm`
zI;a7J7s>TKTy527e|<q&6_dTyi)BYNR;nu7KPNqf^+$~CiYMif;d`}*c(OBy!;o%F
zwpgG-*gs7o9_@%sGI1a}aOm34XqP5u6<T7{Sx;V?P-`o0QVD7D0<}PT<A8;`kg4+k
zhWb84K6m|DA-h1`z&bVA*El_B4zl-9=SIAfC5EE`{R+J3N1D7wNA0znTcEf2Ntf}^
zXr4nm+(yvyTlH73pGy05Ti*h{B_4T)isILQZMRB`P0326;Cl!@(cp_P?F2|g>+4ZS
zTtcU%?(+WxA`vpFNTSU1PQBcN%afhxyr=e#(fr2ZCdkvdY!U#&>??}!IQT7`&bKIQ
zI9~YSm@gw%XZ$Hz%Z^U_C-IoD!^9B*jA<HTpry2Xcl#Z(3>e@WI5H&}Am8C5#-;~)
zF_mL2htXVyk2?9!-^;N)Qu^WevT5?3w^g8V`LB-4y}o7-GFblZeY|7Mlc%UsX~A$|
zTyJLOKjDR1bqYo7frvYHcZY8bv+wP6OqmsQlmz_J95}PLs*!1_+SvQnV<8YrsYGr6
z<>Tw?$_~pcU#s6)gUX@u*$9<mrIcG4lY^F2$GYv@i^d;!ceREKE!k>%-@*~>Nq*nB
zYf55BmK)>18$TN)&{Vm*WCUaQ<Es^bRKGvR?zQXKEt`GCv^TD>{HlX*YacCKt0F^j
z*FC|-$f`uUI>12&8GVGee`+O82q@rF_IR{=FcGqe$_MM(GZEAn`j-L@{9@3H3Xon#
zs4_voTr?^|4o2*CYPaX#752BYF-!pTFDq=?^y=RVdoE+sOBl0H^=|od+c%iw)`k!)
z_D_Y495|i<YuH;JU0BqgFk>f|#=XX!PdfG_&kxcuMRdax-->k52ufSVn<2a6Uw-E{
z*BtbOC?aN^lFMdgUVsekj}Z~3gE|eOT@wl$u`Q)ApzKN4cs2f=I~6TS<2ke}x`eU%
z5&*SF{^KU2NdBi+NGAp>83oQITtTbkn_U_De<}>tIDl{MMOdO(-5X`1orFJ;KPLM_
zVfx%nr#da#Zi#xhV>OZo;sk2Vs=!vGd{!VJEUG2YAmX$P&**q_j|EslH)*{NzB|!j
zkf&0WOJ@;0u&=c!6t$mpMoKTGwGYz#;?<qZIBRxA9v-&>$O2Jsu=aZf@j@>&Cx5$M
zyjHz(QXFI-yFa%6ioLY-O8SB%e`u7A!S`opjBt|D8*qaWI5HfLztsj|WN>P)!>T;Y
ztbxhLwXYqFTq6U%jI9XrC+Y;juDBf~sk0|f>Y2-OQ}=SLhti@HMR}kSjv<;;Aa<fj
zOx#v*s^5*sP0DTx9wy`!gh;w$vf>Af`GAWm&M;{$z&L-_e+nNgs?>znNM{^1dZ&I%
zYpZz+!;tDL$($_9H6XLU%WpCG?I@DoboUxJE7N3R(mz0_2s3?Ke_#=f#{APmeovxS
zKyt|-P?Hxgq5dE=|6>0{zZ7umbN#(_ePsz-YJ;o0s93N>&9r~Y$17ds0(rKhdifnZ
z&Sccx%7p|^Jfl0$0ct6o>5qgN{DudISTw|&yTa^x|L-ROZ1k8eG~G>co~(4jHqr8u
z6YEIU(@TynyE1-&*P)pe{(L*hmiWWzF@vV1zxZt>?t{u0MoX-Fs2IpPc<7bD=xvHM
zsdy|GuL`A9Iq9~267`)RyBx=uonkL*BdTMYYjl69HxKG!PXOqx{11;k40G=<au59D
zxIfN-w-ac-d}i)$^Akh+14R_I5SgSH@iCEYzhci=ovY*5ApDBs$l?}Zh!u8Dhn5VQ
zGGR^vrc*{leZ$z6?s_vqFvBfMmTNNM8>NNnM7i6V7f`^qm;{Ov%p6*+!;C4=yTbl<
zHiij+{AGm=&!PTXVI99U_~3LBWn8}_U*_0>^NA?xB>t~Gl9)NfHDjzWD&k^;66}*V
z7xg+2ta_Bu!1JTI><ii%#$_PW@Y!a)d=P9L^F~4`cP<PoH(?Na8+rl@Q;~jST5PTA
zc;jcP%bz)%TVpml3JuAb`q@(CX}O@66!#l8^9Ya61rVK&HgAs3gnXwhNsVbonKbJ!
zaY{3wP_Nsc|5IU6o5<9dKyVS%NSo#&=V6kcBT76!6oyWYLx?gqp;zpO{Y<oXq6dZ!
zs*1tzWkXbn*j7}QiU8kfzmbRmEr?Bx4^`FB2KX#Y{S+3H!X^a8T;LWwfi!8rt;6o|
z>BIqh%aS>Xt_e?p>esDqUG!379@05m6!KR}U%Oz^A7{16UFJMt*IgRsyVK)-OmyFk
zgnGp(`%Ml#FEF6+M|A;)`p|B60Hf%$pVbXeN*KGDJ_mvNM}yI;5ZAY3?(U!pcXd1p
zE<U9hw4XaP$Cf7UuDbiWrefW*bTA{4H_JW<de&~h(FJy@!*YY84x~b*eb#}oxGeI$
z$(T?WEXjcPCOPcz`GX_1>Q@Ku1Vv2<eanT|P=BX}$al*;n7~IQZ{UTT1idMri}e-x
z@N#A?F^pooM9n}?fzsGE=77cA^X_6cEz-bt&jx+wXzEDiU8(+cMes|R2r{or(tjE7
z%hiOjde+!pV7K>H8kW%vE-B9V*vAbV)C9WA(!hG#+-LVvTCS0#3z|1ilb`nlc7yO*
z=7>47o}SC&vJt9ZGv#0d!xOM|e){_rzPMBH^F40vIc`l-H&=TCyTV$V1Fq1@4WI-1
zY<5u{-0ne$whM2#IQ}v2S~xt=di=?)e3>`y`?Z1ir7X&4=;g-~71VR=4LbhWo91(v
zRBPfQ%!Bm2(@ybz1ZQ^o+C!YH;C6Z4iQLIF=N-1N(8)1Fz@xo^-789+-!iO1=Jl?v
zCXa08TUKB{6efL9Isa@W+gri#$51*4yw<H?kO7v(W$Z_)81K@xd!zX4zQB4*2-&jD
zRl~V((=q;?Gt9L{TQ}X4Jw%vDR=-=3RRmQe-NzouznqO>0>FP+VLjF}|5g}-8#@8h
zaR-L~InAGJX>oitDP638DlF|}l)5l3?ney%g$@7ffKTth*Y69FkscJXzn^UCDOW;W
zyF5TKs5a<Wjh2lKPi1zo+gENEU0_-KzaWILfZaa|*3NhJE$E^l2YB(g$pBgR633kB
zMasoH$RX|yeBVW6-=Y%rD?)9mr;dD#qZ*2LM_*lF|L#|kyyE{gnoRyb6?Qy)%t1;<
zh3S9%vR!q|ehQpzm++ym!f>g^_4?Mzw;A`I*pOoxwoT5Z7L@i_yL6&5n}a-oa>DOI
znqaTSY4y}VT`IO#_LN!cF8Qj@{etF4-v#j9CGJ^4UHh@CC8@yDXR^|WUhVLX@uyK-
zf-QybyII{AQt=f1<jm&V(38!hn-L=<+HEViO6HCqT3A-mPo3S7A+4Smk_&DDmp3Hu
zL*`Nh1eFe48(KV&j_Y4LfCYY(wg!VZ%d`|Igx_YuOn3VNW5?Kof6ZWuul=lv(D@c^
zCx4L|r?Czc#%I72Ix}%_Eu>=Hi9cgv1qKoZBRsyGuIlxNP_a`K@YtJr39d3h?pE_8
zwBGFquyCt;>_XL#qKc8|MOCr-^q}t6Xx5Fz)iee?OOG(LCZN*#GP{ZXhOZhr$Q&dY
zFQ*tN5kq^$74f&8`GGEpvvc(L;qC6ueU2bqHR%Un2!JovGjnrCuf_P{^H6^rLJMwf
z<OO{!;N2z1Hk3gyf7~Z3#wGx_rH^-MRWc*tJN<R>%NgCasR>CEElLD=>kxKuy{yMu
zL`WOSk5mF)MlC~A_wJJ*$gow<^Ru!bt2p2qI6NaJ3P<<#U!@K^{yz;ECu-$CzWE~k
zVmsmI6KpliMhSSa3%*V65iSjcf@HX&$?}xk!^J>`Qv4YakfA%fOiLyyqv3QlA#pU7
zRD8=-Q|$01>`(R-YIF@%)Mhq7s^%Im^M>CtZUG`sx@aJn66Nnt@0*z=Y{sj2%<g^V
zAN=^bzPc`VyQDYk%o4r9?bg!?tPHI-rzeFeq~)h}F2!yr4|_C;t9$2b8q1A1d$`lO
zdI;6~ZtQE7BE5Bnzbou-XCwUoNCO9K6Uc+t+1;+m^48SIU{MEE<BM|Cmr)r=aS@>g
z-WyJO7DxJ8syi}fLR;KQ%u`fy1ViZD|M^G%=lMU+|9Sq;^Z(f=On~L@9?-Z1qbPv>
zbwFzu5a<vye8lBT5uOcex3Mqko%mnV5bL1|m~LA=uP^s)9}FBBkM+sjKq;S@L~O|(
z&p0GNC~2fP_vk<jmR==bmLShM9B*jal!BCtKo&)De;KEt+rco=F7Z6sQOLxlu?gm2
znp82Zht~Sh;a1ht|LNdZ$U6pWsk&yRlk3dCYG5v&+#;q=d?JP|SS-iAciXSljQGz3
z+Fd=Q{<)~I8Db@^S-~ZV$d1U@qmKhxRtf&Ic=L*B<|iicLa_`HYl62i5E0znZk&7a
z8Jpfcrt2mx?KA#!JT1TYd)R7)0`=;#mIfGbG;v0T<eJItl4>_ynK}X~x{x?>RdwW>
za<|lJq(_)yIkaA8Q2eu!8G9GaK?E$a10vTXAyS22I^3nm^tHHI{U1Z&pCb!trUI3o
zcM;3@0RE7><!i|rIiFztfz79gJVnu)D4qv@{~?cb*nQTth$So;5Y@PuPDf4G_%-F0
zGiCv04XpNk$O#4L@H!g0a{_nmQa;<pAGO`^=v86eRYM29JGc@J%bi>19BpNgFQN<}
zwQ?UPg;UIolxnfk32Hc9i87R$?wwk|l-Va_b3>3HyVe2ic@qJA1Qk{`*8G&zmxp71
z^x5Cmp_ndX=o-DN{NXqPBmH|-8QIEyq0$-_?4t8*pOd(ZXu+eDy%q!Dj;GnFTx<Tu
zPF2%>QVE+F`U|!jkB@<_@z`cF{b|f)A>fAL>DaHN<}be>l4o~R=@cAO)FMP{qk;1+
z*w!=BBan+r4Qd0-x8xc`2qLfCPtHk7>wbgUt6OEMVL<?H+HCwxuX#Ln%eVMK;Kb!E
z6C)tP^f5B`FivZb`^QR}toqkO14g9&z0CTo8#?Sl=_Pp~HNDe`^&GrowCX|5W{&~(
zM;yARupm~Z^KWz5aF|9)R63chJn?hCX$K1df7N)cGa|g5J~sWaI%RXVAj98Ipz`rQ
zTz%iY$pO{+=4P)S=O}1|rbG$@OTJYV&6%AVz{!qK#g>a17i5(TO|^m-O}@7MWW;Yc
zHA6=K`4h*bk7#PiuahkoMDV~}hL3@+e>oe&1epJ_!Z?k?{;jY~QK0CS+kw5fuc3qR
zc}|9GZoS9<R9NbU&JD<(^Vd&$+}B==;l?)!nJ{*O(oW-Xo6HJebvl%hL#;n3)<|1%
zyIqM=EsmYHD#JXQVzolrU&U93d?d?Uv`kJ4YE~)L5|v|&V_?l6??<E0%!6||7-uiv
z94q=`bB35jC)S70Naj8#t+d24j%5<6el?Pq^j=zJk?Q$Rg`NF0U~**_7Cfv)!wjj3
zU~!@!O8QWkQzw=NHrwtkb@GqbEXfVYL4|cWYnwCN&bQVRD0UeA9e79$1r}+TeI+OV
z&Xk}yw|;GM;(4_;?xVY2T)N`p?a5<ebd*7!u>Kjcx|bXE1JB8Pzo;DyiqUq9k!E8>
zR5C~r@QEeFDiGQqB#LKaVz^h?zL#@FE=_olaExiKLv?#Yi+F!T0ERjhX2C|!4+jK>
zu@y$JYOF40n{u)DP;YH)MFvxAgIv)U)1>@^rF-8EzEu6zixG76OZxch2F6MYQItOt
z1%@NWr+ivrb>>huy>U;23Y0EJu{{(B(Rf%7I+?V1SxA6XasjVR{+-8w-Fn?<%NWF)
z{!bepYpAJEd3)jhyy3}#h$UclNy_N6CP3MdYYc3j8QT)NSG_)T97AG8N0~s+53lui
zjeTWkd)|<s$j-W2v}a%wv>yIdB2iN{kQM=uI<>}!qzB<I2m5W2V6{OrvEoh@_nqo*
zS!-#P+k8Yyi-j_G%r6(LlTX!zn>!)cNPSWy`*=#leD`=3eJsC|V5H?%yN)RPFp<=e
zdEvy7$lO`JQA4C1z?YV}g{KLS8tjw^)R$gadgs|an`rwynXLiS^HJq7e74j=9Cd#1
z`oe{SiE91nRomI^c}eJs6q1~!4=r+Ubbjxkb<^_-Q&&GME9wDKN+5j441{b$h4?-p
z7E}B8OR!jXb0HVtVQuQw{?xW${is1*?7zGn4@81-J{CFMHtQTw$KrP&$t;lH8drA_
z`u~yfZ5Ts6-QQ3#P}WYthXGx`IC1|mt>Zr>L)GG67hF`-L=HMv0yEM08Jy+`YVVks
z@{J4cU15Ja8^Z*c{<6XtU(Eiku(V9um|VB-$WzvPN1!bxXKblrP5)HbtY(``^5FSn
z#df5?8;ui7j%E_B;nnolMVylyyY-D6$hLYFLG$3aIK^0}r-KK7CuQdsx?i|=tDh@-
zQF5v(%QlpiOWjm}XZFJzoqKdBy>}i<v?hOh_?=;8j&8=;@C<KvLc&c|b~s0}p%p*T
zoC`*L=IU`XUZyhZwnwNU{O|p2iyR1s>rqR?H~d$<W~?D!;HZK=6t=t;caTi-T}I*H
z%C-qbD}M^uiG_Y@v@;ZrK0q9-KUWIQm8+bc#w~P2W`|szm5WxE2a(u;cE&1Tru=KT
zO>nktLu^b%byuD?l;N*{laK*+uO$CVel3~^wV^dhiL22t#-rEE!2sKkHaqfMMQV#4
z7W?*YV$*?c$|p+9$IUQ16pWzX#(=NMqEH+VOQ63x2O(}5G^r?JvQ{pOzK41yj@rN_
zz5q>11NE6JnuxTuJYvtwlUXEtx#$6j83I`cyvu<U>X3mR)l9w!eKN@X0R7q2mp3Y_
zTFXq5h}J+?MTzVSwOYXKlgOX_iY-w4f2XV%OB7)zq5}Vhe|V>wc2v7f%vyP|MjKK=
z<`S|Ja0<8;*n`<m2Fl)FEUwC>E>~6K|6+1Euyz{B1-a3>GM9Opv$pcc`jft;R8FLj
zkWy!#@%6YCAl3Q{SWnx4b5=+9m234%6w!38bM!kkTK-7t?UnP3Y}OO2_foA@4>C7=
zhdS}%7(#U3FBc>rKZ-+iFlwPtOvQFhi5=}cx`#{<H;;9HykKSWYm;0onrFe3+FbS=
zfK;+&^l`BA%TcvY_`(^LTs!5Ru7@9gYvGxB+cLw2G#d{#NFj#_D=)+5LsOI`r*sju
zm|eOoXOMqAT&x3KcPHl55?9DtO5jmbXM^%k1`oQtfd-f`Gr!;Z1pgV}?+dN6CL_#X
zWk8xah^6ScR+f@hkRJnG^|F=Ac|ogGb-S`EE{v(ejaad?-zKVaV5FacQ9Ca|)laS=
zLvfc9cZZ6Le~KVScox8jb9_%tb?awYdmb#{wy0;&qxj{6{I0OSosD4vjDJ~SBz3F*
zR#=mwT>BqEMvj(;5VPhlb!!_Ns>1(NSd~hYWJh|6RNv=Ub06zcD6Gqv^y4PQ64@0R
zyaKe`(w|$;?2>tvoDYkIn+)9`R|lv@#jh^7vpeWQ9WZP-66e2#i!kV=;zXh(>HU)t
zeUA>b%7*DJ=F&Gk<_>IA1WmjJw}%KDet!Zg7ACGY+x;~8DOIb}tL@JNCEbkW-hWR+
z)DMNYw1h$d4h^0CVOzKNO(xuK?n7azqqf{ESU6rMLojnM12LL5Js8q>yxI8>kZFHf
zhc6c8@lm3u9Dn*PyD9#3)q#jsFT-5JOl_61)QqUxHgS>d+jmMFqQ%EHu3VE;KeG^h
zS*#y(5!a+pCEIkky$#LBZ1-(iDMoJ{G&+`HHi9EgR(`D*%ww}E{^=R2vlYnkqLCf<
ztP2LXrO+876Qe1K3cKo=-b0K`UDO0#_@n;Rn44kdg5BTKvPSGPb&fQH*{s-_)INhK
z{38*Rgvi8+18#u)5O%erFB?OXx81paBv)*@Pl7A)M69TLjYnWMT%^jwPk5IafK<bm
zrsxb0eLrI1c<#B^GRlC%teg*-0C^u1OY^<SQ(E1Hk&YPokmeRNN7S0$gkaJZ`;bpv
zNwr&O+qM7hqfv!HVhItn=<z<M^}`St_$t*<_HDfG5&z(l9f4U4Aoa6=eKF1GMjj_r
zl8N+zcV0Mi>PIpA7jMGA*&K6ir1_G$z{9%AVQNa_%6=+u{<n$DDuvy1qaI_1<-V`=
zloI>cd<<0N&8S(G8(`XGReZJnKc?z-hSCt=h>j!x4|El6&VWFXnLN&d*9cf2@jfGQ
z2kU;P-u1V2%95z^mh}s=SsvFWMnFenkZ2C#8NkCL!kr;xa=K4Auii4NHwvqjg(hv_
zgFx~3xncEAfEQjUBMALb24c;7p&z|F0$f*IrCpOaN^C^4WYG<AxxQYOrj77Uy(SxE
zIJV)9;g_97MsW7~X@?Md+!^_a9BSO&$hEQ{SzXSFHv4x4I<E$Owlq_6R`u{ELhuzo
zNqwmce{3-^tC8V|^Krt6{=35db~c6yF#KJGK@oz`{99ph*5i)DM^%leo`F<iZznWM
z1G;wqYtgq&#pxDTf6uzPQ}_a5aU4xE=-`3W(Le>KePof&pxH#8@Sc4kV>6nQ<<Q7O
zmqgR4cQ7>hv>S~0H=gJj%xY)k>;?@FNfdMyUhOoV;R9~I-9SsA=3O~R%Tm(`ABBpX
zz)-8|9`A9Z;B`oihOf1DWAY&ypbskg$a7nSYh(YZFqc&0LeKK~3%smLUgd^Qy4R|p
z#~%t4pI5sXfDLvEScRJgHcDE=#rXM5ATwAiX>i5DlyTB_VvM`PQ!SDm-_qOV`Amu)
zif&AXjK8Yb&KY&Df(0v=Qfzr9pU&XbTuNb^Wr0w>rFrc%u^hsa6XTRiiMjg}b99#=
zQlp={bO}B?Q|!^SiYvHpPC+e~p`5pZ3{luK@{8rsdF<B`z)+9Y=t{hGAQDdQo=zaE
z-=io5QEPY)b@|-b?@V`$3%|mGkqs*YtVCU+F=q+v$?NdOm)EX*e|s(5Acf%L^9}BI
zxb}NSlrbn8M5XUOLkCzZ?dweWn4}=V&%E;FC;{#}=dA7WTY-ZYanT#jjkgEi9Jj>&
zsPY(n7NQHjAu)-(2z9nhaiv?5@|?nCuhD%y53M02YspMCHvi6?eiH8K!Y8{*Axka3
zac3~Up%9C))DISbD^(&glnOOr1Na6GdPXrd=9I$s0f+ihkdJ;nmo2>Iow`0mHFCTX
zV%(ch;cK!K9R!j$l}0ZoIY)w6sNSyHk7KzaBb!_R8!9qD4O<#p(Jeck!wOe;`}sne
zNN5sF0-sdk2{fwh3h<<(oiH#ie>h+zLQkpsUK(mFgf5Ve`cvR`*1bgb*yHR>VcTqR
zRL9z8XHeTA1a}$-Xd`z9xLFJl+ff{++J(;H0qHvv1H&${@9T;$V=4-oe&txcG@9gs
z-!(|9{$rpkCZ0ccn9piF3r})4W8Aix83Dn^z>X{wjzRSdBn$mVP<g6um$BBZ`WL^P
zfmPvlDK6A{EF!AA&`^_s7b%&%_z9h~JUHGdc<jfe31=}ev5USL{d5Fnt-;~=*@cfq
z-+wt9!vyI6uEHRncwYalFd1QYA!|JF#&GK3n_hx%|8pE6uK%aPDiRQOzl6t(6KSPj
zAr;n15S?I>RCp)KUje->4vRh=PrD#NuZFV1CcL6;9mSjEe&r9xc3)Axn6O;tZ^Hy_
z`jj}m=^0PGAJvYi+Z!z57^y85xoPXZoM(n^0tvgvw9V(sMlZXfMp8YE0`hR6Qf!2P
z#oQ1|<mcq3DOXAb|KAD|nI}30nPfKU7wn>4`th~4GvWVto!^Efe%}-Wmb#6KaPs3c
z0qKgWUul~(iOm{0hyEZnTKwdm`G(-vWmi9g8G#%Pp-Zcj%gS>I%wzh(k9+TB=bn&X
z>GU+N-@G{~sA|)m5QZpJe?w&8i`1Awfd*_-p3UdOfIiATgC@1z3@H*XVtD3m7S<I$
zt&n`Lzj`~NC`ng)9G)0>7~}^S>T?Lp%B0<Var<Ps&?X^qC8qFG%<rMD5stC{xQ;72
z9LX2qug)EqwBMz9f+zLBf8!m7@T6s_GMVJ79Tvy^O_8dqAr_*@p00U5!HaF*J%U==
z(PDTs1mer@%(s{hfYflX%#H5G-&4^{@F5Dgm;20ilpnWJ?6G@{Bum^c4J*>0{e*Q`
zL}lM}B;l>Gk)8TU6VS{n+6?4C)Ci6<4Vq<S>g3A>R7xM#C@;k%JXtk!r;`%jB;^pR
zv|kJWZ_5C#rDk_dusZ-#st{=8sB+Qs5|4SOa#hvdgPRPIDso&I-sB+xmCk!fDGX72
z)%ohsAYW*ctz$@J4TlghlP`~0(`GFcX0eI|<76jfj%Vk)Ka)TCkd)e>pHbYw0an<!
z#utpFBaDG(tujAdI<;^=>yKXSOZTEaT*L*M^Orz~q);1!<KbVof-Dh7cGB6;<}uEb
zozPWiJr<Ml1pGwbB)N9F-FJ2_YR7Xm13GIDoR_ai^=UD?ybs}V08$N9!|zUHqtU*k
zE#4WMbB{VA0DpX@nawV;I75-9l!Z!-R4BTk2m+fTr5_*{3UJ7p<_C?e6j$ZLfcPw6
z&=r{c;P0zX!e`Va>wITV1(G?XjVOF|nqy}wulU`m{9R#xI~&6U=>D$4i0z)@{;ja?
z5~QB3W1gNqjF{edSEzuhz{CHw=(}(pQg|zmFo(jvb}7$%95TW?Q1OZ6XX~;-duDqJ
z({696o{luN{N>iw4<9j^`^DZfV30Q&W=hrs6$5J8HO7--YTsf`qFG61RflH6JrHkP
zrF!Z(3x!oL&h5OhE0mF&yIuX?q}bcrevo9hCoPY@N0Q3A9AL24L_GB&D0BZ^GFIC1
zg@>4P(ew+4RA{PqTH6=r{11geE~WbBTE1H13691Q?tZZYOSUOuG_yMtP}AIn5;Z@^
z%eQC~T3l}5Q$;6+xb~%TH<_1lZ;RUl^V0N*bW^sKYVEcYA^41Fj7LINrF)JYu8wo}
zW6g8jlP_2_7uaFnA8}5zZC(wGKRn-6v}&b?aUHvjZR@S}C4FNN1Zj!n%M=I=NY5JJ
z*~M#)CT{A8J7{DExfLt)XbN;=pzou!CF1Pn#p{!Woyy85AXcfNC-jrGm4PDz1x?SV
z7yI4QE25opof7;qIPZt;SDsZ*X(8=~WXHRJ(o*GA=Ie3Q5e|(wc+%beyaE0qNsAb3
z9FdBhkdU$OdE4wIUZH^cv3kd+#=L9jN@TrigOW~ucJz+{3-Da@i7C5*Am6=r7TiAH
zGQ`T`-T0%jc!t2QWiu+<Sma0@^Q6`wvu*xLFQ};;j#-gnZNOAKSF~mB2L*hXTx!$j
zPtmgdf%Nqsf9vNgcU&`k+edxvbCxSdMGHCa<jsl-eT^)5JOW%0o7jhFhEGXWy}Voz
zCJyGh=2d!IcDh15qQvSvg}Fr<#h4~OCmf2FfV;aSSnXLs#>d919DxjxEMFw>Dma}#
zRtUV-sxCBQ8+2r<(j${_`-@j_ZG5Q?@00Zhewkav2qk_SZ~P*U37v&UHOmV$x!%8O
z%!!zW$S2o*TDg}6n;qeCgq^tXf&_SRLC|>I-pCjJwm9wWu9#!$=yqk|j|&37D)Sc+
zT8(Pi_;s#Ew$_TyVd+>Tn2nM;^mL15MabCx3iGVg2x?$PUB-yYJQIvO_ibj(0)8)D
z=b#kxBRe<X)+JC+JjHi~{q1ZF6QKRe3Ny^c{kOu(_1V1{;zM7dL}-=O|8&9ki`Reu
zr^3opio*(qQHZawBPV=BfS;7j6h_pRUFY_7YN40W0-uxEnQE(lHIwP^U<gwXW0i{N
zyTv9$cYJ$#W22)v`t-XZ-lx}aG4jyVL3ax#ip}30{5Wa5uT!L7X<-N~^La#-dotN^
z?Guj6jSM%HO03O=+&pKs9zw{58_SkCQj5)hDr~oOZQTjZR($(u=(%lWhDn}d58^{%
z+lb1x1mSArC2jeQWTevgJ%qk4DG0Hjpx0b^bKHq_Y}@l>iCW;{pAw6JH@@krWhdOX
zm*0E?=j;P@m+s;xu#Gkf`FT6z;KQb$iJGn+j=~6Khw)~tn@cT(zw**zbc2L$+VW@S
zhmth&;2O2CF{gstwtVRBl(Qsk4E_S7Vu8@E`AQ@Q;4AJ-pDfPx+C>!SXfeOln`gJ7
z>V}v1P_Odr)I4W!^2Z?PKYhaJ&BqTZH?wS2f8jaE#A)-!_TT1ygW)x71%EaDd{_u<
zZh}Gt?yda2z)GreKXBel&RAwq6wEY63GiK*2pJdJXF7DQaQkU_Lu;dc?Ln=t?^G5z
zy8HN9UD3iU4~2Q>*Cx5^-}{J)<`EP(@yjpHdTI%ed@uE`_7!Z8&Zu&mA;>|Sx6K*%
z9OVjOS3#(+V(bsY<KJGRr~$veE_c{XfO>-LDbM3hDBja12i?(rEOOdf<Ri#&RO&P9
z?1>Y)#iGq#b2XRmekMFpDAgl*l{XQOT3$ogA#|%)`u-IUW(=vUP3sxub5e9sM&~aP
z=Y3W6%qL17%EWSjR7>^Xb6w(YE2du_W-B^8jVqNnLhn?}7@1ctXJU3yCHZ6qJk2`p
zKYdd`UmL>?zmy$!?pfcv-69M;Z&V=Q;~JPAw5U=_s#o*jjvb;$*Mnt*V?g4JNWdt@
zE=T<WNbSANbb8evE=db1Nz^>)MsHJ8{rHHm?9Ak4E|#zgOunyWmcJ^~6SZ2No|c^4
z#j*o+NEuHh8jVT_@vui$Kg7o+FQRWvwZN4b@1B2aAP4*@{@xPI^y<uyq^3yYU15Ja
z8^btg{{L5)>HnJw(~{-*x59MO1#M4duC|Zz{J`j|%BD2+0vG<Nupf+Ma(#^7!-^rc
z<a?z|a^3GN#@pv{UVoM}OAR(zhUGjqrz?+-A4c6<>QXphB<gGte!abq&54lazWg5A
zMtlr^G^bMm4C?RHMy9kz4nGY-HoQv}NA?!>6S;sT_})x8hS0MBd+!XsmDrn5AcM^W
z*Ih(q2V>^2XOD44-t9jXW?Ex#s%(hsF1D)koC7jLWKLBc_Mx!D#0H!Kx#8KK9HJPF
z*8)jyZY<14Kj~1<bu&jM^E-;WdCgDBm7sHE>zuB^3%496py$H8LP)QMgq7ptlvA}`
z#@|Dl1D?_SJe-F=ce)fH77T;&U_Cdd68z53u#(H^^l?ODKt{=?^aLptx}4X-l!0H-
zK`%ac)Zx>E83reLw2wLQ<4j`(80tTYsN#Yt?C4Jn@G5y-gBLk+C3Zh11cDdV^v^>r
z`pl8wEgfDJ%V9L2Owl96=Vmf~iUn7TBeFF-xq58nsG$CykD((zv!@{)HECW69k3nk
zZ(O%mF0t&72o%^B3y_L6L~o6mss<fSeY1l}YnM_X)%UUdx`$hz7lJ~$#WF;@f0(X9
z?hbr^tEkqMY0cwjn@T~AOHJC!Az3*@juXuseefFtBIk~Q)Y%fsxfYpV_>FrWk<>iO
z!ese8;L#a;yeE_72%pHz#|W}?7P!F~+=@Q>&c#7nM{;0K8fI=%CT#id;-(sxM^Gyu
zOY*TbJ9G-Ol`+kc+VQn=)s9P9i9(~)JvXH)bE4qxEP9D8uWXRR@~61xe1=v|;u$Of
zjS@><ucUp<^{RiPjyUIveA0qaegAC}5d1}nS&c5@@ARWFZq5?n1;mN};>R{_&ns|i
z15AI+&uSck{L3J+RM6%UtL>|w=vD2<s5MTA0cA*y-_-P+0iUYRg%r6!_*iKcOCJI%
zqw0JTR-`~bUY6ZQP3tqKU5_P$4ag9jiL%lu_C}G|Jr^QuoVN<_Af*y4(xvl-7}xu9
zd2d`8rXkOez|u`9s&Ag<)e5n+FCjh3d_xFcKZaNQ?JNuvp#ICJFR2#Wf2(UDjm-CK
zA*<y#l$eopXJUe3B?Q?&)peUJ)Q#=p-P4&$Cs24)BBP))04=uou-%hfEKLYbxm8Ga
z7u;<6EPUKV^zciHXbci&czNYBILX!lzGkskAssx8LK@Rg307v1I=COk)v&l7eZw#$
zSK?(i$DKqjJ!N3=yLG7Gldme~sLVy5qL@q;HR;jujdcwQ##d+~_?G^Acm<aE#I?dV
zVOH5BC0}GeSzb8iFCXesX^yHd9_`HtG>G7F#2|BG@Hd~b5sQ>auo1D${Nj5higmVY
zg7=lMZbK*I4))Aj+{gM=z1!Vs3MRmbN2#dtel^IU7?H(#0e)u&+cuF~iu`25v#M}_
zW~SE^d7Qx-aW}W~5t88fnf^(dmT`}`wc2fA4>M@TpEtpe$5V;KSca_z=kY${KR)%Z
zqsE}H;hEpeAL}xHV#UI){TQp&)gO*s+U{YmENeIJJpqzYgWj&2RaG6vj!8>Rd2v;f
zg@Za5M-^Rkaglvq)X!6{V8*-y#)$o5#qsNY2SRI3uBcMiu1S&vAoWxo_c0Jw*L~$g
zbDil<GBnLL?Bn$H^G>kskDHa++a9LR`O6$GCZCBnZUb*XMxze;DsH1GGVjqM)M3A+
z6w<tp)n_2*%rpjF$F{&ih<dTY(Ia_9j+I%l4j*H{%ghreCg`|PL&0T56@_MiM`_8j
zSU-v>2FjW<wGOdP$=l~zqxV&f=4rg-p@0W_L)2S3>*{b=B+)nHA0KFO_-Dlrhr>#k
zA}vRZQeI2s?3bUz75sv*DTC_AW7aYN5Ai=k-Dy2)vlt^%mI_!1gOxo|0}^<rZvXs*
z=;F{LBO~4<wViC@S#h|L#KNnrSogEyE(1vgObcsNZFT~5qyoQ4?5f@v8)wo6<s`*G
zrK|tW8p3Cyz4wRO06XTCHbAP7n!cn1{wU8FLN&$g*YHw9sPy0O)TU|EUsBYx_n8qE
zX9d6}wMfpg6svL@>z=0*%$z)gSO~#I2@V<XI*RjHf!qOn?(PGuj$~JM-x4dmQZt*%
z%IAG(V%nFRU*8q>x3e*fgX;f@!c70)Qy9N=!M_zY3m%KOH3UlN$au&zQQHgtqN?co
zPlXK_>mizXfQK#6=rv%H%)x~ROKCp}XC&TApq!7~&3MzeAlY!*Yg*4MT~BY3G=eze
za-A<Ul>BB$wyOQVh&#)uptiPM(~Wd@cXxMpOLup7hain~NH-D!(xHTeAl=<1-5?xZ
zc+WWd+aFupW1KO>Kk~zIUp{Ni`<`p9IiEQs%+5G8^34P^B`=N(p&!B2#q6?vE$&R3
zF0x@gv`0b~dq%sbFn9XS<Na!63bi}*G!UBf9($);9fuvNN6Bs@pU*$92jdz$*F_WW
zH}*PknV5(qA<e<(I(o7&U>|NfeU8({i*o{qkuG}awet6GB#BTg4cjgyo%SeASbcJm
z&%c^6lZF)h2)AXXO8`=3Y&w8Jjv3!fnVViM!}SbhcH_&PKv2aJ-qEnDYf_?#MN7=@
z4T(MWsH{^qXo;5V<Vq!p627eZ$?S+}pvwtAksH3q0t$ugrxC&dF6*$|TEd{5^6agC
zs#(Thy+1j>nN|c!rLpD8?5Xqgoh-$Nz0b99qS8c8E+nDWakjAPn+#L_?i|B`Iiblm
zXpaBSv{~r|PTdoM>L8*M)+7>MiexnYC_z7T{z<wfL7?qq7?TU<=Dz3Gj8Aqz44s6v
zDr*?8vpWwDv|u%&KP@om_z>iyZL=3w<CoHhrIq$2$Mysro0+=z2U9hon)ga_L3_Dr
za)z6N@E8#TTDK5;^L6|Jxdi%j5&fLF(P&(zGo4|Y8(8D>Gn01+ilrcYHKJe#<kWM`
z=kX9VlTXb}yV;D=4(#O*oUO{4M$h{SO%_F{v3kv$3R8Ezsz2Y*Sii4Rlz%-W6cPK=
zg89y#57_MX8vqDgJRu7^1!r8!a+Ppv?kwizv#J7a0zawG^!hA+ayzYnQPCs}DwRK~
zDhx387URcS@kR0~Q{$q%X@5Vbt<z|B1+fkNMj=2oKsIsYT#{wGqfvn_Eq{efJ-ogc
zbC$QB^Hu@HMWBwVnL_u?#2s?b)U$Iw=uNm}=yHdWgBTl)AEWQA5nk)0KF;}cs_B81
zTl;c65A-J|eG6lci4H@?TAW2I@Pwp)IP;WuBw(x1(i)(Uv>Up7*V0qNnWN<OJBgS5
zaakNie!A8AXkCAL6o&Cr{Mp$TVVtk>->r)f`GY$zyY*ec7RnF!5W}&K$?&SbT364)
zw4`PXIC*LyY2b-T>jc%-b#mIdsoB71b)}89d~?-`-gh3HE$uC#Uy(8@0<pCE;1{L~
ziga3>Kdi1{NvXP7qZWlyN9w-SNL^=PXOg@upAr6XoH2syX@&`1oDNm!Am8TW%bJ;J
zHclYYG-pI=E)Zk0_{KfN#uI`Q?nlNyT32cYXDXt?5e2_nU%8NN0wemC>yIbv+J*Z9
z(0FY=Sxw-*&*XvenURTD{g7K#P`^vlEGWu5u;re-5cO8p(Mk>KQ#62PNUpn&bm)MI
z$;W$wTwdJyH5~qT7hJ_29yMQJCYX4JQ}QGMot3|ezp<j`t5Pp|%QNBaY+2*AW~bd`
z5{8LRG9INtbBk2JojvJ(nnsq#un|Aelx2C*{d|8GZb>guGckq+^P&j*JG%2*)alEo
zg#~+c$m-5f_6T)d-`E{SLhGmNIC6LZ`p;K!T1!b!L9xfz5Mv5+q~beWTJ#tiPko!k
z$O1Nof98_OU(Dimu1Ms$11@&V!#)31&JHuLFT#wrm1AgcWy-Yg(5awo=27)ddl?cn
zWc8LmjK0hY9S+a|4+ffa$HO8=7UTo(l&=a3{I`pA=Bsoy73XDnZ~8>5@jC-3O~Gr!
z?oU|jn!)ewBtoydjrtj%-%vDbn1>}x64lH;&ZgpA^hH>S`{|+T+je^7N$cR;uBB)&
z)0*-Yy2Q^JkWQJZ?%CC@aSy<I&SS^QJ9<a5;l!S|)!Q?R7-d$%-dkeP=|e@ZW5#L3
z`%4~&EYcE0&o}WRax(zf9u+#WWa&~8Q&FHEC2xIH4N(@ls<g6Q^GewsM(yv3ghEHV
z{Q+hYMHGUw5)8*9@@=c0*k{?MGhe$@RtY~P1I;&MMYZFm3YQ&K*ObfSN{Dtj0I8{r
z_E}Y0)8Mo1_e{gSVEXbIqLoyGI}}gv`CwM*(JR(SJJnzs0V##4896CD%Ydc?ZF>E!
z%`W3;!jjIifdj7qUDv3rjIYW%aAEVD!at?aK!*2Wr!2LjgHiPs`h3tS#(K1{KRp`5
z_{smUg*jlT{N2J_HKAN0f+6~%%U@pt$-4xs3vbQ-)xu^x<g+dmy~F%7_+!yf7+-It
zN|p;XXmo-PG8h9<iM1xtm3X<NrRiPy;50O(iS8Qcn>FxDl)kpu2q6T&!tv1iJg<El
zlpVSr9MYr1HW#lD<Gp;7d4`MwejVq$+^Pc=Exp(-Ajy>JVB9I4?q2?G*HwJ;j;0VD
z+4j9dTw%jMTG*SKS^h5nZ0w@z>i44Hh4<=p)?@$eyVJnrVs%@j2cYz-COxl$h>mHU
z!)e8|4H%hcmrfJjezmvuxb6*V^~ZACN)$i2)tlS5t$6o8`>aN;`BbK1W^xNNYWsH#
zSMY_h@6|qhTM3?%J|)DwZa_H;#R4$<9v7mmKwL%T7DR`Mp4^<n_{AhIRmGAJVt4>1
zL0tX|;N@nq-aw%R^7GxG-_U0O9*Xm2dY6(mrIt&Z@fxc>ofJzbVCe(Lml(69?&I?Y
zW}hKXzHR7Leg%kIzMO@LjM)sBjsh`l3x-1H#4*5oa(%!UeZy>%?`29;$7!m0g)-1?
z2LrE^LI!Z2-^S#7o|%EyQ_T$+zN;kUIK7UzhX1H4;Yogtm|%MY(QB;zX|=@1*(S+Y
z42w~sKmtpx7{5rz3HXB`t003Eey61?I?C4;jf{$zU^Vk@oHau_21SVkiWc8tt!C}#
zjnk_UQGUOhK%nQI<Wm))t}L{OukzDA!H}zgQ{O<}%!JpT_p8>(ZN<<P$upTuh(n66
zabJ^Jv3y4pkuqP#p)#A8hl$>fySEelnQ+RC%IisEL7zK`stKBadZk`H_57*0r<}|X
zls8|AHhGFW-|jMxVD;QQs$#~lMhNi9_NG&^6ExvLPQ;j$krH(|8f!(na@mK1PA`9{
zv8~w<V3Id?oaYHb(qj`oFYx8lTN4@MjKcoZTup@rFbQI#&HAirPOmY%dnbg9SGQOj
z?lFRruecY$qw2QQ694dg+3_(()F-vo>`EUSKbNd4$vSNft*x0-<f=A`Gw5)!Rt1R>
zHqUx7mX7h&Nea}t>28V%6CF9AOMv9Aen{mFR<lP7`_rQ_42JCYEDYko!mRww{_mgv
zKNbc70D!1D8vS<*gD89dT}gcz*EtY0uXR}Djob-S$X_k2%0jJRwd(eykTjUN8Dg3^
zXI6ZEju#2`C_{d;`r<em3fl~fJEIBM=P*5<M&_`A;^GU4)p`w?-XQZdY*R<Z_zkK?
zJjJp{Da0s8x(?8xW&k~zxxC|Tg{Y-*bUS7+F}4V5R3D59=<YFTS8xB)aa|-bK+;_J
zPPayX+2*5xeR%Fb4LsIx#SJ%<i?St$k+^{Cx!j(|wVD2YP8+}ko0nXDNunTGWPuw8
zRHYD$og7J1ns{qr<<4)>`)Z2s5v1hgF@x=4JVu=MgL6#9krNZ<<_;n*?>u1FnIn|E
zSNOzjq_N2hFtHlN$`*cHwMngjYbt)D{5rPrCcHPW{VUYzT@sC^`^a|&1Z&A;>BLt2
zIEm$-r<MT{^3OhAh;X8UI32Cs&3w0|7uc1NC>~&X^jrQ-wDpRu>6M#46XDn*XST(h
zZ(%{}oJ*b>z8y}aI~`qq4(eT$<Q?Po-Xd!2L9|CaR1Kg?_T+%3Uu20(*F%P$Rb$C;
zW2q?z<Xzw$sntdtWJqL634K&EcFd@)59%cXya8_+oSJLOH_ntY1X5AV<7WdeF`l$h
z2s4V^tIu_4(Pc1R@9%V2`as|sYibE6JstwaBcXQptl9}*uKNdW2M8tcW6YBiu(Y;&
z*T>CD{2C+FCrcgIw3rHw1B{@+BuZ!Z?~8_R4$zbC<MuS8EmbHSS^#c*i7aV{x>pAR
zD)@6L4H|7<Yre%EiR~uB7k*YPY_T)B`9AMzM;_kt=i2gTwJjltM>SDQRmCbRfrVry
zVEfo95b%nwZcUDfGn}}MrNt60ekOR#f>w~>Qd5;t^*al|4UNNBlSF|05M#PbpW_xL
z-_Jg)mT1$Tts$WhuGK0z7;3&r?y*dd_oxO}0(<qfg0^4ZIU9ikVgB5TL<}Nr);ism
z?IVKGos^bJi5|lj#%KliES^rpRcz)X&yL*o{c?jN5RhXC9UzoPL;AC0D~zA?&(5e2
zX?OMhZb#WS0T90G!{UZS%H7CK2%}2G87P0XqfhnsXmnyH?7PjYcAun;=n;OTrQvfh
zF!fD;i<?ydGc$r{x#l@jDZ%s<6>Cu?Om%l#?zvwE#fCVli&L1<G1P$?V(C=!P><JC
zk)sYKvXP9~0bG*ivRTOKi7+b*<liLNK^PLvJOFH`&;x*GQRN_D4SwZ`msjK~^vWov
zN8}%8R0Sd>VWXZ@rpDwp(7Y=HA?!x{R!=jk9Y_#8S=QI2cJ(zx_Yvc^*LT&(lhfKj
zt~H?X?#?&7P6ObaU`G_f{)<Bg1IJpJ0dMg(8^v}5;fFJDV`*S~r+9*T$fr6$)J3tl
z4BTU2UiA!^8uta3pwk*##@~<9+!%XxYkjnn=RnoxC^|&ziqP49XQwb4H^J9&Hfrzl
zH9T{qI7h+i`G)OWb^zktaSb?h=Ez+x@G2B%vh|PM%fy}9wAyGGkc3a_1N1{@jkC+H
zog}r`9OzPB>1?jzoxt`->Rs!ki40MoUqSEaFguk-pR}3H48Vp-n$?lbw%q6|APEg!
zT!uZX8fXSi-$?;{Xl;zC5uf~ZGe5oTsX4u8PM?)<?TwpgOniD3#a@N%J59q;m+(8-
zZn4b0Isj14xgto`oitK8obs^4EAS7~MMJnBe;iovD;bJ9miOeQFI@B$<_fVrs~RU~
z(=1pfopE_Shzpaqv`208I_FV!VQVSnGk>Hb05{exqL$&xx?v-nF6zoGfoF;eBC@Hz
z@f5`xDRisDKzR#-UR#*%&sA^qpI%I!LHXU%bHH2!;@u@))*p(3pH)qXzC)Qaas0f)
zIz;ncAVwCM!RhIQ+X1??*8cIc{(9_&PoKugUVkih`gu_lV1CZFguFfO7dl=QXU~Aa
zZn;F~1vSyopq|L$(zkKNU|W6?oA3rtGV6m8Jul&9%k#%Ws#*4OA6;jN(D01(=aD5r
zW+^c}%^uT=Azz0hg)IzoIjBydE=JFIBSWt;V#nnV%Yx*`hVt1#%zCw2z;nb9>B`Kf
zC08AVL!mJGx7jRd`az_Bax4K*#vXjTsq(a@>raoyFn*Fhd`Nf40o~s%Opk?Puj*aM
z=)#PlrEuRis6Q~a;a@Fm=leyc_**deAzA$kTcc#BqW}c3YTFhwz7F1lnPB2I;oSl7
zui^xl>p&^@RO3hxKsg^jQlJuL<mKH*+l0l{VKAzHVzf-UGYc~uEeh9nZS$~FRNl@t
z!K=b>b7xP8l;$C{a9LffvfGexZiY#3C{1AUO9YV?+Fzonbh2g6{6`BTPAxchMe)hH
z>QHWI(+&dV4)`|rWMRnnTs|FP-^5m&1<}lbRQKIhyZNA%jIKLiM3h__m_4~8+Wj#7
zF|Fswa9ulo^atltJNI~Tn%|X+^7B{&R@xod`M;AG>z7v2pEvU*@XK)wSdWH<$auE{
z5{tbEDF+8HOQ{BV$2cN2Fl(+TJ$|av{K24WSZ_%93xz`Nl~@KnIWytO>&D1uZ}lHb
zbnpa0vpK@JNCxbL+}wsDnolR8ny7m+IIvjGTF`awcSV(*aTEIKy2&k(eoJ*L)sjJ}
zwzgWP8P9Pjm##F~+J5tj(-Zx5#vK*L+*thZAji*0oE}_(b@<$j=Xc-f&)ll$BsVLy
zJL=U6yaTxzG_*;7RJ}sT<NORh=EHUeGL@YQ5TazQDZm7w?K>UvLlMcO$RI|pbR8R>
z<z9T?os-XxQ>grAj;f@lJHFZe;|d%YEMc9->N+jD_r}kv5*;JPuw~&EQM63p7SzP+
zQnp)QKB@}(#wAC~o%<+=S?9sxEPfrjw`GbW#^The-8p<SebWPpqcD>s?b4w7KB>W~
zR)V_<y>Jq@k)j;`;1j&tG~@o2&t;sQRP;ZbA-q8zlxtFF-c>j${Z)NNtk&D<>ANl4
zc!&fab$)rF4>(TS>vq1m_Xh$5)^=d!xFPfJETu5&7LO=9AdJuS$Mx5LI<@LxHi3!)
zv$ZEzn;*L(6Z$V~zhdFc;{68otg0-x_+qBUAXGyZB9iKx_X7Rm!A~c;F$ane+@HR6
zB*<N#c?XpJ788Uqn5CL>F6{G~s3$Rs=03z*{{8E;A9Lr#N6J2Jrocu-^J%i^)mw|*
z^+CoLijCHD`L*x$pB@VT^k@v@C;r10RzIxucMDTtsdSK$>AC`DYneA*vhwxmH<J3R
zg{9@_ImsxjTO@%5I#@LnF-_XWzmmIG!ma9t6q^{1xJ?%KN(9IaS))$VAr_oOI<~Pt
z49c(%ypGJ%5#$H+;9OiYq{1vCAt!v@57*zXyu4q;MC~bGb}T_Hj)pfJh&XEW-5_T-
z{IxtaE8aODQ1eGMTbNkk(alkfqv6urjelNQ&lW3Bo>KjZG&B9jK8w*O(}g5a@Fxqa
zk-$jPeD^8tAnz0R#hTj^dSCH?gDbqOj);;`x^n~wJPUgZUHpQpEdz)Z+<Ra@sgBfB
zw7XO+6s5t9o$xSGVbkc(*AWIzdk_KAlIRlcZH9h^N+(0@?c@1_^@(?Yy@pE}feC8`
zgKy=mB@fDL)XNpZ-8Yb70`ZFlfSvcWko43ReW3cso^M%0Gz<St%CeZW9Grak3g>&I
zXb<w^tv-CZn_fx{#E?YPuP;IEGQggX@`(j}Fp<lidj~xyqAU}E3g?TkbS5u}F>R^!
zRWDDQT0j6f>cT;=HPaCIFe0`)XcMjB-S)Gpa~dNn^%}EyK0Wstrl3ldyjI_39#t9H
ztrwkA3rrQ8<l*2=mt-p@?pj$O;?R_@#ghR7XRN^>2bW0p=U*S-j5U3JzxckE0}oye
zqI{xAxd)rBe4KLGnTyi3&++*~m=t+-_7lv%n7LDi+TBg=X7)rhe|=P~Zwec;?)^v~
zsGHE5?Sx4&G$t`rdbO&C71l96*BV6q<s3ADWMoJu(*ZLzVkx@u?rx5k;<Kfe5w67i
zBz|Fr+UG`Z@vCacXH|WXL5<-*<;_7G*>YY&lQ!{{h2cGINB7_qTH`c8?oojEs=>Zv
z913W@2tKT8jlCkBt-T7K`abP$wPPsxu|VwO`nZXIhW|>lATC^K3<P2?X81Np5TDSB
ze75K9@w2MeI;n)QIG4ebuC?&nRQt{x{wl8@RkJua=QkH(*+7gnFph{eXF#Muvk<EG
zSb&YN{TJ+eroxL>sgN6G5z2yDhI1yhMN{nv%nzs3m$<M>(nihLjpq_%rl*pCZyqh|
zPmjhhexg5YVINP8{%&F8^?hGwF>R`u-;-~fD1MbY6;xFDtA)K2WFFo@D-~o-%5O`R
z8lm2flg42bu2ffg$FHO7)|YPpomF3s<tP3Ts!&rIqx71=&etr^fPMQU`bb5$l_Oj<
z1B#1*1SU(wLnI&tGbDd5M(CUTvF@k1IV+?@Ug%F!NE|ssUGA>?x1dzaOt+C!E-s*7
zRVelfgeSLtf@1XkqlFDNZ;*M*&@dgotEhN`xlVhy&dKm(VF6Ys3$Tdo=`^h{3JasT
z{1UBS)Z%ILbwj4~#&Q=ivA41hXu-&)4n+Fy`+JV;{qrK|nZXt}_#2``GaHC9PJlFw
zTxeIztZ@B5Z6n*(a@Ucjx)wv<!=GBxS%3u~CE6r2Gq$o8b7_ZN^TIe2uscA9RdWP!
z1(zk{T_7m1!c6~gDh*;^c>dH^n;|7}%Uf|T<9AE$=9UNSejg9qo?7_D02o{K;dK(~
zAkKc7h?;MMhLT0^t6K-{y90CCh)vuy6~am=67xY`kQ1<v^`{<ghkOUiBPArJcPtR7
zuQL;Xb(RP1!1;U|7nye-RPNXq;)>xl*e^2k?mWY!o_c*T3WSVmEQ!`m+KFo0Hfq(r
z4c!#Z&MFNy@{_IUTsC1+g;g~YX(g?)u3ug!=d>x|aQ1g5OA<Jd;5GFw-YDxJ_2jV%
zTAF|Ud<}j+?r$+(z`nGfn`w}&-7X;kpyM7@z02c34{a;Ua+dGVoGkaFpbJQkx!Eba
z)>IX$=Vgw#pi~^{>v!{Au->)qbNJt+lwTbjz2(Ow<&pYWH@)SphJ_hVlxPt2`uVff
zFhujVT$+z^Kn&93ieeXIJVpqfIy*~<E^!NyXn*z;I*gy6FX^2?m9ZI(p${zHO3`b{
zBUl4$ZR<bFGY`bhDZ%qz-M0k5dOMnW8~^!zvq^;MQU9%sN3st?_RX`Z&1SM%<U}7z
zwF?>(Y;JPU)(%>S9#z-t4+mEm_Yw$<7ba^Zj|X<ji84(3;DZn-6f+%C2q4P4o!n2l
zfp%NBMGQqP;A_!%^Qj#jYM30^aVI#zTYoG!`Z$^#<1ai~*q<JaVf=)D*uu)H)&6c_
zntkn6b6_=cL)}NDqNw|I0s>O)f3>iFz**$p0oc;srmQY0Ov@EKKH+1i1}@q_-xK9V
z)Xj(u$xL&Q4+IJIWe^{S<&_-R2j7i|Qz@WpDtWjwv#;^t;lt=+oVA}ak*~b+S0)Pn
z$oCCyGX;FVy%?xkvwNaJCcktKjq(yt6#<K8>QZv-PCWASl!MOxc&$H25NTG$KU!E?
zS;pln>A5<Ujf7bQpIlA(itXAb3xh2e6yI70PsAQG9Y@inWBa_#XJrC+|H0F5Rh4J#
zyd<th&rNTHK_ctyIHy=Us?c8~&^eUyAnOfIDB%<*>g&E56VUgz+mcSB%Sp4T<`%{5
zN(d46r&?Rp{BA$OO~$J@Wsu$?9Z5$-sdDg<EBkEO^mxUF2Z_3%9;9KRtKK0Mh|T=u
zRF!@HF^7KKVYgHVVed4j=2he?aRiMI22Z_DQBSb<8Zn}MJo4`tkGoIa56~8!H5^7S
zTc5qVqq}mvo+c}{D%X~k|5jJ+qkz3+vvrzE;D+Dc+_%fV;8X-{><8gb|7Ga;^EEby
zTnq;L=#Yzy$d5mvHAfIo%04xZY4Gagq4uSzEuD_8!1KNw1^S{O)i6i;d4XUe7t77g
zg=A6M5eAa9w6ULo;)bp&ECL2yG#E%2xdt{CCOYJ+($8-8SB^2ZuFtB%tz+gbAE$g*
zob)~C7TY$#q45HIRJCK04ZLo7lR21VYsq9r0%0`ir5Stj7EM&BQl^Sk9h%g@4#@tJ
zoYEYA5xlI=y#Z<EbprUgZ)CsZR)0@9%`&>AjIowq<@1|^*!&n=-EPpdfAoU6UZ9);
z3{?|(JgRO{f72-x*Hlh#x2n{R+gE*C3}3uXP0++K+PAL?k2!j$qXvhDp{e$6zKHZ2
zJ7FTo2b-Y4u-b1I`;g1w4&T$}T03Dsn7JxG{~&qC!u4%_+-y12*}|WRqh3~BTJxz9
zKm12;v*Y|8h_dl@3^TdgBrMEPpMebqC>dvEei_sf-BAwjHY&5CQyY!dNK$4Fq4KJ>
zyiHu7`0h8aX4nfCP4D5LmQLZ`JzChG9*trA1b^7Va({yT-NHO32@~NecDSUNEi@IY
zZq93_5~%-bVR;b>mvI84)V9;$R^(h{Kdsf7K6`t#%A1!XdUd-b0%CKXWSA+ZhG<De
zt{f!H#TJCCi!)mh?ZBi1d-!i{CJ$pM0klah(|5k#Z9Y1IAWI)GYn^r3;)o9#-IeKD
z?CRPD)i7&vyQhy%wWy6_k;jxczk9R9d9Mi*%m`-~1Ne^?hPmmP;KZsyhL-Q^*|Nx|
z#1yDN@nm86sQ}ThCp&80${p8~tLe+w0Zq9Xdi*ZHIjXr7G=|3_CciKU=HW)u>o&}R
zPLS3y=ei^BP^{&9el<{$vauv~{_J%i0>%fYfiVOcLGnci7%me~nlOJ+3#>3LdJF^l
zJD2{+V3FSeYkSrfb59x%yxD4GRVoqfrxZ3Un<O&VSs*SXt{GW@XK(dY_X%-3m>Gz7
z=0PIV$bL0^6hEF;Vv`Mwj(h|0u@R&i2$riUB^AQTsF2zIb|I{upSk#DvWu%UU{mk1
zdB};<cs=^F$wYLkYs603*Ys2Oe74#zGIZY&+PcO(xSsF2rA&zd3%tsjHTSiv&pTzp
zAkd+t=jk!$+)dV%)zPsQq68?NTerfsRcJb8$L%J<W&uACmSeVr!1bN-<m{cN+AO*M
zNxdC*Ot|P+?H(kI1kKWpNXrxp42JX=iYvhLi$UxuIgg|4*<hB=Jv|1pm|}#(iXT;7
z%4oW~RDcN!QY4qGkrAOTS=~x;G3jA8#lkkd-Uhh8zr&_)8x_g3i>eC`IRNn;f3<s$
z-iV{<daEWO<jraX6I#+1w8`S}tZLeQ_B7bK0<j@?_ch*ojB{$Jfu{pFjR&Cu0-eaA
zpmE!-8QtNtTSsC-YS~%iUpIz8)ei5!VsXiB*5Tnj<nLHw--h*<o#;sumGp5T=p@;q
zE<R^aE7{a-ghRl7elO?tEK4>%JJ1lBeui8oFJ_%=#^BT8>-z%@Jwx8kC_j5`O8gp>
zeXd#~MTH#%^Xz+iwzj+CWcbACTy*V7gGQFx*w?oTxhLs)bO}k?M@m<6<OZy65<DW8
z?UcP3Cm${BPmjhh82mrGKmtAELjCU+)&K^x6muQXsBGGNH!Nor-688<{8tM*{zlTX
zrn`E1Zi~0ZOr^k6U%19ePT0&ywd|`x10pEvq80+<Gc9S(mmA?u95JkF=H{DpNC1hF
z9)=i+$|DeP7sIs%4AUqETs$kMl45UDWFFtGxrq5an+NFBJP~}&EhQe)Y_ZWwM>W)z
zP%LLzA!b=NzC9{1Fy#cVTIwGcNJQ%rwBChCX`Y8uZkFSZTkJ|;Z$B-NKo6k!Cc~iG
z!pRkwzs?G($T3YJtwZOsT<(Z9<i^J{SP6hLJlC+FVme*#((UDy#_7<!KoV?v>fsiW
zkViFvV@sTQ%oY&cau)<%UyyZi`td8AuiDS?5o+Hxq+v*9X+p*!o<Ow)+Q7;@U|S(p
zfK<H#x6E{9IFG!f-TApIo@YO__Y!Ba>w_Hw1V}IVSXp7-@wcozK2q@)LL7&@JsS>4
zUS7wfqydBi6Fj-je}A>H=Wi+w-abj*-_q&0JkJ>3(a?sx9HN^$zYvO|--W#*H!D<|
z-<!1YtlHp2P}Mggi>1wCNvL&wxnZQAKf@o@RGUD@JH~gq4V55*#sF?r!_Q^r?5%9J
z-X3aN3mUxjK7sTxG-W-8(qgA*m<F#p=9wa>{lP9@(B2CwV96KF^{iUf)c5fX3@AEi
zkqXJn`h$y(+$rlvHQFKPHm}=wlQAsSF<M=74MeT4$y#t7K$Mw>(CnUMmmFLzRDg05
zK+6R5A$|Mk)5A7G0#Q~dCZo+rkoTp%p3kc3&e1a3o3jQ-^r8V7s`fjUeQYdvRI^^H
zv9=zq9eh;|T#*KQshj3I)22<uB49ufmqiq}>kWIfSK923Qm6d|%+SvYe`#*vaLvQx
zh@qef=u56}>eaJq8UeQ;iUTEx8J0baKec1HrSRVlJgR~H97K+_O3h+#;ziwc-IK-@
z%Doo|3v~b!0pJa&e04ys9|wbXPou@@M!mh2P`|?oa|??^S<T8Zzq~}@c>mOV@XwB|
zFc`c)Y)47W0e`n60+R(a-$eiQAKb7lvTLnCmuXxzf3>3`8x8c_g8gk!I0oGiA}g-9
z+IbGmjX&a=-@|njP~vJd#6fOUEnAwEI%{$!RH9euZydw%(_K<iRPaM@$8nh%lDzU4
zQ#Z%26w>znSku`{QXkF0T?Ow^iLcu6MT9gPT>gh(lQ}{u7WOc9pxJ=<vMicDdk66T
zZG>js2j73Rqhz(>b)eO}dOzm2GpcidArKIL$tOG7Ov43U<VfZBN+n;^B<PA4UPK(A
z3X%eBKcZKn34<9F+gOn^GJp|n;>xw_*zKqIFr(#AJ7rYSYky?Pa`y3jokn~`HwJtS
z55HmNNQBe48@g>Dj+qo$F_Y-aI}KK#5-qDuEC}a)zT38qRuuw|EEGZ_u2UdD2KFmP
zvZ%oMXK!mVvr<^7+S?36N~=m&CIrrwFA9&XUipiR+y)2w_<!ir_SJEpE?xxBZ%H3e
zWwYtrQ*$0fsdbZT{XF&kvfJ@>k9p9bf@wX}n}Qb~wg|RxK8vIR(lYy5wOgRh_i#XL
z(lmU6-s6|2R3@Cp0gr0F?zzLLXC8O21{87aRyDccK%|Sl9TVk^{)C3mWfm7s54=p6
zCQVlc$agV`zr1}tw2hAuu#SKHYSBspqF&47S+$*ow1~F1ibPA^rrY@+jDv1Jk>5Y6
zQQ*nw;gv9^;hTCas_B0f_(^x+b`(}9`w@SYOpd|3Rc?NlE85DE+5S)l_x5KrkLF-3
z;rl*A+<t%*@Dau^mgmi{DV4oAHt2Mfwf}tlAb+;m#`v*)4?p+JXKHKWRw?Ifow?~%
z!#xqZk9|Pv^Xq;yV$cN9;-U2&_et!8z97c_LO_IoVO2{kNWiUn@IR+)Tb;<NZNZ*Z
zV>gP=!xeusB~?%sJP^A*38Q!N_<+eTkF3rK|LPN^dZEXcP$=?>4J^dV;au$ygQa06
z=D|Eh=dL~|=?|uy4Ibc$t3zteAFsiN4zqx;dZhC0Qsz;w9_{GQj;%0$+&}z)7c;c|
zcRTV`@KoMn|7fNW&ui^sR5l9$GGXyoJNn$MuJa`~J3uEnf44zPPY^RnWc6Tw(~PJD
zIyOrBX1v*!fy@2^Ryv(TRobk^hn#Bjd&%-_{8FIG!RYmbmHp}xl2YY0F(eIu{mv%B
z`a6H5vxt+R{j2ZF93fC{`Kli&fc;%z{C46iQ5yqx8yQ>TW^%AK@$X2PCM2MZCO`ah
zGiMD*bjJ;=D~TC1PDNEJ=;lHIw*Riz!VL;xAK617m><TqeJ>0Se^t@#E#g=xEzc>n
z5h;$6BjnN~x$D;P$(U+}%^(MK)zgEEpifFL+R$bt<kQ+P+K;l!N;mD*5LgC<H{1P7
z*bOY@O$^Yn6M3$tR|`_AXgug|mYNxDbP7%}rbJj7j%crHHAjx=!0G!usA1@&#ynMQ
zW}0EXJ-;VU2VbN`b_zwKZU3q*#^4MP74fMvytWaC7Qk1l4K)CAt5<p0)IV$;&}I9P
z>bjDTbu7gV_{6$04_=p1up7zuklRzD0o5wCSYBtMkUKd?p%x$n`^O@@8C(w!P<U2#
z@#8YUHaK50o6|aX&<ANieO~>io)dBa<Y*#_QJ;rCyI&k<BhJm~9aVxF5?wj-^wsR?
zy5%-P3fCm%NhWaWl+G3qg%ap5aRuO+EnLpcy7;ICLXqNfzJb%lM@@QGRUry5CuzDU
zp8^IEdi26~9qef8v01G+>Uk#nf#aqJ<>x{LZjs?m(5ey+n(S?pgHuK+hDEG|+%dZO
zshIIjq4Csj)Gdl_&?Ii_gkm@O8_Lbav%_i5x_cW}wqr={&#JZvl6fu-N0@idxQbK_
zpG(9YkUy<WOK{i@Qn2te-NSYgNHet2BU7WSEN}8@9g*mY<VqkG;YqbT;oBS>5<Q|8
z*g31RrZwIlG9Xxw<V8Hk>K{lBC2HwvKFWOme3S0V(@^J#QL*{j#%umBbZ?M_=e5!v
zRh1(eFf5Ou?uKbTp!g_4IAZ%L@6c_GpZ|c4;uCfVge(^L;*A7ab7t<8zD_!6^i{8y
zsbJdT!))qLk|H;C1N-~~y4b)ErNfT~_NPZ<7(dP*wy?Kd{eQPGMki%vj^Pu)nm{tM
z>KhDA?ovwszgpPnT`qbf)He+#!nI6e%u0BdHJ#Tp6tBNdAVQZo9#(vuM?k>Tad9|8
z*x$Nek6B5`XanrO|17Y;3NNDV#`7KIbL4TbQoLrSj5r@QVX6zi+L#qkPpN0QI&}&5
zVn?<LFprvM821n>#wk^j8IOX8WZyUg5qUZ$kml_aj?c8xKU$di6~bJ`)v;Q8=h|^}
zu_%xNFyG#jg-L>4IO%?bRS#P!jox({M=4UxkON&af!xbNBCTBU|K3Q2zIIr@&zd5#
zi4(AbF0^gjqPJ$Izb2>Vszox%C){&`-JycxPmQ^(9T6nKW7Vw$|3R4Tn}mM04g*(=
zHc<FIF#`v<MGuiZHO(wg-vw|4a=3IA2r(lCRPg$~CWh?B{TcLYDck4wt6d5*ZNpx~
zAa7;jSqtW$Nk<t{JguC{qroz|2qA&`Y4;XV!gnSgRS*-30&Ks2grLRzLM>jgEa{Di
z(O@tOdYt&V^3dJbHPCk=$ntqU7^9PI&zdT*j2dWGLBe;>e~OoUSKbBL2kRMmVwCR!
z0wXj8`1Fp-Oc0AbvhSLdVkbgc<d(?*f2jT-m&Vucp7MQtQ)6JiMjN8BZq*nD(O#Tm
z;|Fh%dlmsrMs7D|&35b?Cw5Iz0r<DLR)%%YpU*?KWJgXw;f)(o;%1$`P#WqKX#LbO
z@h#|-zyQPzNLb)Tkp@&|qTKk_>ocY5>SRIr9_4&?8-&->O9S3Xn6w6?lH;De5M@o;
z`NVPfFxF9=7*66FgQ?f-*v==~&-dAwD2h)&2QlF)A`zURfuYmZ9f}otRF!0~(%sm=
zHB2{|;oxgKJ7>y$BNMjs(}WfzAm=7p4HlYYuZ7Hgs9B_8YPd>FGL|EVG(R0LSxV5~
zXE)@0YIl7LzJG@B?)lym%)|h6!am;_29PRW-@7K}l~J$BJ*rMe;C)QP&2FR3DZa#E
zt`)ihs+s4Zdb_S$5gH)fGX628!!$K%_{~IEOlqY$U=_=b%x+0Mb^CDu-x<rPqKw5R
z0#V7*9uLo>h5hN#7{-tNhb=59QSt8<#v_t=!x+tV0#{OoQ>_wGoT$Bj_*V-n@%)LO
zi_)TkzXnT6)78^!=vJp+dz@E_bfu_LA<%uBOH-8J_T~0`6U`(!g`TGnQaprw0kfP%
zusu^AgwrTummQ<Isi2pPr|hl3oza*9C@*j=EOdJV7aTkJQRL444b%XNyvv)Ul?KUE
z{vuO6G}d!OCHJ7!14xn>#Z%9JUUF(ay3J+KmssH{>0f`|*snA6nl|sr!qARqSOhl)
z2eP5#SJtSr8jul6;l<k}?v`?l-1zI<3>G2Ue)xa}4d$eNnVV8j3Roe(H6r*Z=0pqs
zo!?^{1_+mQG3ah4ywA5q$1I?v4nMCL1@*|aO^DE-ajHYg1tTkDiebfiI3#e7VQg<n
ziE?4f`Va>8@*Jp{Nl4dq(f1vvb_>*+)ARe)mR>3B)VbeGn~ohyKx$f;Xil>|^)1)B
zjE^_<?psYCRZj<NXqs0(KXTKS>J@bJ2s|Kj9P)&`^R1B%NF9~%1~m_zv&b0!R5n6o
z<*(7Vnkx~J>D_Dx`N8j%=;`yFzea4dB}U#Spt*`6!0Oq~hLLORJnhX3YOi+ys#I2W
zw;Z+bgxSa;_5okEpruu#r3gygjo@n#_G;z^)5qmS%G-q;J!JdQU(m$00VLWl$^Csu
zD|m^*Ahn;Y4Fi1tS=H=nq$EK-hSHXhz3NZZa(9D%j+u|D7UY>|weZmjs$DBuXPN$8
z9M;UFMz)_r3+d?XYTt)s)Uk@+TvenM;|lximRMVdzM^t&^CLsvWMBx%9a!dr`mBkG
zKn|AU`K&7Z<mGLd(WUD&Oj!MUWFv)m!NA83N8<NE-bT5EBCkR8vJC=3U7(x1Iqv7&
zkQki<F@6}gei5r}gyTSY=fd8A9hM?;@J$IX-Y+2GCL~wIK9F`%xo#ak6-Spy)A9NL
zYlXxJM=4?UT!W}KiDg~Qj!^05)64x)?UCat!7pR#n5n@)S)M$1`)I6Dm^|5zRs<%A
zn+YPmaNo*QusQG|oEGu4V#){ghm-Mm?2KtXWl`aawU(YU3rf1Q!~XZJ)}J1YVf<Ks
z*us45{?}`E5x?5V-dhS+$t-h7o@79<cN}fXf3>g=g+ffUC062bMc#2O4H-v0o2(V;
z_9<86Tn;v&!%E7WxjhH&_?O*hqLarcxy;t?+J|VI9mH#-R{NyFyvRPbWhpMA^di>)
zehZ}#fGs1O@3#t<2efjiQBy3Mb`hm5=*seuarhHfhJPTk26-dX16KEsdqn`jXPvyM
zK={J<j~3>ryF=BgW910SOAmWUbylrCv=;hgVNzk^A2#p1XZ(2h^_zs`zErwukoI(v
zI?q6FT_@l>!az?Vk3~$K0mcnfU~`J3wlg|~z)`_qOl%pu)M|7}K!RA!5{1D<`!s@K
zE)b68-x_?4EPYLn-kKH&Vw-kE1_GBjQ;rW3H7?&nSac&ph7FM!o<CG^mijF!uTTii
ze5!+W<jAfm{P|V$*4dtey;H?ot;{)#(P?Y$zUfd;Td9p|YdH{g^9qW6BdoHJW;woL
zj>cbfx?zlbg2peY9*BxPF<*NX!w==-K^BG*6d@D8Ytx*1&*edd7_~S0(<S1oiefm_
zhmGeO`oa16MTi{qU9G&!T@sdpBGO6Hb$wLD&lFcl6f_=JN1J5@pof(vx=#I0|0dFr
z_cQJlfP@=ZG)NO=WNzC&N#wg?3mcruxD%AaqIpBg+Rcr!jMsyc^?;BBi)yyd_oM$z
zT50JBVa|P`{XGYw1o$E&EaIsH*f_SdHTUr4y0)rAM-L-<?p%t1yg&I++=@2Ta@;|p
z&r+S%HEdHdk=VQl!#b^Djz$jyfSI6#*Jza(SLwU0fy8V=4)}id=O5`P)*vBZ_2$h0
zBkUaKSr^!+h<%<Ge+Gfa8kIu%r8rEGR`P&%N$fRUCry0r1oCM?C&*mQ9gp+s{`rGm
zxSoP8FNX1QNj}g|9&r<;cB_LQ6bX=*B9g++G7Q~CYVTQ93|#6R861_~98+#ZwpJq>
zsluhhN7c1nmmcBI84}qj-%BG<Vgg1l*ah|Aik&h#54x`u)Zj>=PqT4mIvEPOqUr+J
z@H*05<V$Pgce9l38<<K%k#7;R;w=DXpyVDc>`#wI*ay?-0Q?BxtKn1Q^UB-I>x&n*
zr>n<^2eo^M+mainYrM<8i@0-+)2)-5<3~pr2NU~tdrUhg+d*4$n*i%MYc{Jm%RNg`
zi!AeNb7iw~GYC@ylV%e%V+W&eMx=&*1~UfC`cZmYdV;#?Iu|;M+GW~cT6&s|n#dY9
z>OJa&uf5bJ)fiPHR5n!jl~a{Ym1Gr*6oC}9<m==S<*a18W$|S^q{pObr9vfFB)KJ$
z#E-?L#R|j#L^VWeL|zG-34Ia57IYOD5uoM|;alS4<c;Uq=Mm@5;kxBg<NU}8!(qbS
z&W_3E#5%}I&Jw^p$IQkQ$GFER%8*5WO|MK>P6t72K+{ZvM(sfLjf#}gk79;`nLLVY
zi%gI-o#cW<k+_T)j7X2Lkr0`{2EPZN5YG#D5|<Gt0(%3SA1f8}6jK(X2m=UR3#|?f
z5!DK%8wDTP18EG27BLiI1%Vqr3GNt9`c=Uz09Xx}8kkqmW>8<CupwO`Mj)ucL%^26
zI6>n<_CdsfbAWDv)E+LwZ~XWZ1WAJO1t0=Anw#oc8oTQ<G8h^eG8wVy(*Ng&fsv8k
z-;Z7k4D!GCGw3UNIeLNr_bUuNGYEdHg@-6$15t0Dr>VoNHdvJ^^J(MW=8m+6@ojdW
z89v#=jSd8ePY(qK@$}DtApiPz5PWj&I=Q&}W$!QHuMOS-Z}^_C6luv8+4h6pVC5OZ
zUo<^HO8gR%{x=|n(%$}P65;^Wev7$0xwd*VWf>@*ru_pzqeWcgt$PZ^OORH(Z4u`p
zWQnn9(ud__EElx+OGDpnrK-(c#SNt!$y@yigTz4v{tIbn?BJx!pwGyz&tjne@EZ#g
zD-#RHZ&1Q%G=HZ(xJK>kbNLcQV0P5qdM{{#mxI<Y_w7~~LO|gq%9SsX&UvC5J|A;4
zg0FD)UbnUHRH#&dtb1IQx~=K}cRWyv{hE^fHz?gxr|R|e7f|&$&bbkC7*oMb^5!r*
zvb}xRxB~#%Ke)d{c_GCV+Q<DC1SmT1J{}M0tzsE~yF4KUc~*@Mh^NTS@dKskFDVUJ
zeuGjhp8n32P(|SI)Nz*Vl3xmN`s1saHex0-n2XE+R(q$HDA!ggA?Mmfm=au;WfVGu
zB8aLy)3#~*H4!1*f_Zx>xE?4)eqBq0-=OpfJx6VC4{-+>VCqP|IVE9H%U=47#=d26
zk6*3i-UR*<W!vfZh##6Mo9npv(A2Cy-{rpk22l0A_@feus7yg0xYPrs@ULsh{2P>m
zTsy_xKzUN?FrOkKUMW|Xg;st(^TEnKTuC#-CvBjAiLyvCGWm)-<266an3lHfD_j7)
z{0X6|H3$qY%aj|$xbO!`p<mZh|2HUck&GA7e`*glWpOtIL9@cye5$ka!iMXGk&Ve{
zfKXn0iBeT#>GLYT9KW6wqvs{h7{3=g9ZO21GW^e+!X%W<RiXz<!Cz9c{*DthzMhdi
zck0cT$qSvt0l5kDnF)p6idImxmOq0?`k=J^5+&Okmv5Fu!pX&~ls%x?zI7?oU;|om
zCa{N27yAnW692g`1)im3|2L+7?NuEnDo{7MC}07cZ=}2)upK6bd{2y!7mTwhj;zi2
z5+y&uEV8XqYu#N@KD`LbY=3a{fDsa>BarG5u|<FF$ms(m|F0>3r<V52C|)?AqfnVP
z*no(^WOL&S2VrK?mKg>GdD|Z#kt<)K?3z{}-j1+TO;fk%hlXf7&9$CCi0`^pcBh?(
zO@!?Neuy5v{}Da^h5T3fXt8XrRe~Rx_&GVw8Yq<DYG4m(({kXaFg=mtxdoJE*-MaA
z&_IB=>v$yi1b$#lhy#mZv$R48v0fe;zCh*#m`6$vki5Ty{GCc3Hhs%O#dO{~#JHcA
zROmN}oA;ju6J~_O4bN`w8&xcR39^^_HmAU!GcS8Wv_1r={Ku^bzeAP}{#20xJ8IEf
zzwX2J=J}u3n@OLUf!&DF;NRq9)%!yp+?p}114Y17A`%|}d;){uJQxNnS`t#fWLTY{
z7b#Z`!bC<=sHvpO``2pY)jv;7B8On{FZEj_61Y=y?mSR(|C;i5^3m*VVDdP?kp7V7
zx@0a}{&yZ7O0;@dC<RsvxF{$Jaq^ca?MT@84khuUG1uV(3Wq9H_RGXA1e1lb(#GFU
zT#EbMKTvZ0lJd9mF`;Q8`fU}NWfE9rwp*s!bUMvC){RNP8)1KEwT$4`i!V_|i?ayc
zxnH?0KwTdtm^aUuM7t-DIN%@i$S;ESbe$1AP;&mdmcNsaEM|<~=-h>PSgpnTRzzLD
zLYnD$Kz;QiazF0+c`6<y^b+N6xJtJ1UL{o@gKVe!bu}ro4oGTve3+hoel2t-dqLy_
zCC9I8`8)ZT^;t#hb?P_s;q?GYoBe`fkmb3uBex&a+<N5DU%hI>UZOm6;Yy7{2Pufx
zLDXby@j+m2hoTY}elzZ+ck06o%<-S(VgGe4e<vS}Z+8RnvJuWvT;DWg+1thzvH6Qv
zEZkl;4(32Nq7RI|MCtzy5!htr4T@ywjeYbd4;(YA=>tqZ4fddGt033twf~GBwqH{I
zRz8kcwsQ?np4QMG`N;uCe)^$#k-JNwD6GM<+BqnDLu&I9Wuhx}ySD`rUGA~s^x(x;
z@v17bY#By=?qE!}Rp)^Wxd%$tXDK=Ujj8Kj;l?VpZGNfCU5Rl_6e{eCz8HcWJ|c{q
z+by}IJ+pg>vYoi|$7iw%KC|kGa}@<uiCcp>j?f0kNc$A<?_`X9JP(vCzoz`1TE0^C
zmm|dhn)S1H)CM5KZ=N@W>5Qppt4&{_OJ*XBe$mwd{I!m4zY{Z#&@;`aXS_w3-WeRe
z5>}cLGwZLiD?KZDh#uzu5k3Ef{8v*AB|frZo6tJ<A|l#kJD+zt1gacxVEB1gGmL2c
zv(y`MFF}4-Eoc>h+HNdc(8e0W*+Zax<sz+q)*6s7n?DR7^D*WDlIfR_zf;LnZ*)`{
z&lY9v*DGD<Q0OcMk!4u>7CQ!Z$N*7XRp!GlLGG_h^w$L|_gz_5l@s#`a1m6_z`!LM
zvf*CtbZ|S}3O-zK#=l>0CJt6scEf*@k1JLv;rf)x(w!zk{T8>Q7o3`DX8rO=1_s2&
z-R{6s6E9IZK{kgW*>6U-H{7+1c(O+&*23*#u20N1l-wYAiC&I8P%`|Q@^|v_FvEzK
z*-ZoD>%rBaVFR!H?m$L2v;1K4TtpB0ST+ahOOyulN6bj0d{hnlT_!R0O2@k;t1!g;
z>N-j7o)L=lel-u2^uMJ1t$bv66%FMet5%F{>)jw!ad%0)SSFdtrM(Z=O-dp0FXnuS
zaxRgHn&86D24@C1GFETC0f6s&GPPt|Z87H&uSFKg+yf=uuWR```G|u1u^s(0`1)R>
zJ$>+zbsW$TbpmhDXxXlRaG8u`GxtlBp~S8ZFw+uEs)haqRQ`N}Om7U$L>zure@Da?
z$M!u8e4wQLbuE7<AC<37)(ptv$4>JDc-q?eB{T9x+Kgcu!!;K;?m@F|L|&qtEOV!3
zaa&)CZCqCg5wQ%a8T%v^L1~2mY9VjT<Vl|SKuPoKTK-Nx_6wWNu?XCHiW1URfU^Vd
zh*}8qky+5XdKzsQZ2Ilzy+kQNutN#p1%r2HK+h_91ZFcuX~(PX^-~5_<OgNDjGNB`
zCG{^Ue=8sB12i*>?ol9lg=2`eiDQA=4OAjjD(sSW%Sgv$%RzfyqGTC`rK8b;jWU$1
ziQ=`anQ1OqF-`rkEx5Ai?ggN0zW+c;^(>|SzcF?HkJ)VBlkS&9f`?v1*^Y~55Ju+2
zdGzT_$PfAZ7GrR{L<tSR!~$_&Pe&-M1lYCsZVx7;Pl#F;UcpqRk2_KF$oYYi^4FBV
zQ_Ifc4<DtaQK73dyLzYAv8P74h<&?7B0nX_3T`GKv?#ws`IdKrQq9Sz)*KlL=;xYI
zU3c+%ft122eP+vbnR3qKt4oT%Mb9JTznW_BH2bif!TO}|;765YO3H8>l{m6g840VA
z=5$&!Gbd!e1o=r>+J2F$Qdt#E<-!py(~Wm+D35l19-ITpTe?!&kKqB5{FjiwQ^~6-
zLAIGRCKbrW*jH=P<ItTp;c;FO6K}oJ<3XC5@4mhSnE)PH9C=tLfo}Y9Y)IaATz!~%
z=^)&v1XGnJKjItf$;0&~`(M|a!NidDU*%&I>Bc1zUePq*4)GW9qO|6M1XO_HDg&7x
zISjHIA8turqTKf6Cs%v7xP6cd(cug=H+6c*NK%LaC{^@%;+~&n`TT*B^w*TXlaIIL
zIFUNN3YEuW=d(y;f|u$<d(JIUd!&?$z@ig$1TW5jAt=9#QXVQc(PFw(d7H?&(A)Vz
z!j0alE!#+#$HyJSK2VbUlJd9m5xXA{0DC&I%F11cEy$xojwyFgAI3`-os(*v!op$U
z>P1S-`*^&9pEBGzxG}AoiG0zyFaZHnxx*jis?y$`hWw|N#J{fP@8qMvc!*Sq^)-qO
z#63R*Y#S9Ii<-o6oqfOGmN^(aKUvmGl;QczL~0mch7;9ovgVfi;J$w^^u>%_uq>D_
zWAynPSMoqf^y^ywPCkOZCkz!Ji*UCE()Y-duUB)vgGV>0$LqnM<T)fN`a=BTo6Aa8
zW*LDqL+MkVKo6TrP^I+!s=ncme%iQ3zL`c_j1QEAzpmx)<Rcc;LAf?$uHu57N>+o-
z>&0(x43>P@y-5!}eWC6xyW3x)47O#=GNecX8_##4p2b<I0djEFPGdxQ$7f6%W5^Pr
z^*~AROUmEMM>-$|zP{MQOvZi^LuGu;y^AhBcMv36mOY5EH8e<kgqJ8gw1r*SwzZVX
z0)*=h9VqUD0R4moy3!jg8K*MoVyCPgDDj`A{8#x{F8@k_UfHniGhTe+inPH6<S|4E
z!yKU2;X7j?ZIo^Fmnf@c<`{eF-B^Ytrz5dobn(-+#ajE7Fltuc?odG)*C;(u;{BTP
zcWU|0iX57Zm3rF|h|%8f!o1GRBcp6e+ZN#T`^b9`_RW+R-()2K@V8(}qK8g?+INRk
zOiq^6A-a${Ka0~^;C`2Tq4^L!xPOnH|3Ln$d@M3%PRMg(8;v+w%<U7+Dk>+uSSu(w
z=Vy$3*C037i1`wv?59J4@8S}CjWYhk1;Xe#?xkDlVWL@T@j1rX#w<n^50E&&g#4XK
z0(lN(Q=l~V$WBBMZ_=AwcF|z9a2n3D$(jgnXrp$%_>nYMmz!?L_U^|>M_8R%sX(AQ
zlP{Z`Sth;Efj63CH`IS-z}SDk-i*u!j7CQPCLgU7gUz7Tddl5XQu81-ZTK?yHe>;C
z-@>2q*}y~7Y^J~XoyQETE{NT}3p*-r2}kwBb!BO1lmWKI-ex+V5eZjT^MMlU*Ob4L
zkLs)^0ytW1yY@C<EkRQgMOHv^$9<jj<s2KM2fd{8(JxV&i|j@FjIzxCkSf|4Ga3|R
z`B}$u;+EShLtdB2)`znEK#BQF%HPUIAN*L!7L~75yyrUW0mvaW=$@}LU3?MY8gZ>J
zNU@IDU!ttw$S22;Oq{3)Tdjf;2}?rmcCPv=nWxgYGmF9a6aU)-CC0C7`8)Zz+jigF
zeQo!3jZHhPRqbbVQdr{rG>UVRIDVID?M|%eOO&OQy+mzA%+y&y*Z4(}h-Lth;!D%p
z4zP<tV$q$H^hFPp=)bPz@8lx{;$8kL_b|fD{Hss!I@}1gHs1>~Yy0$zn26pq@5H?L
zH42rTU4lZm<Q_y^fxE0#f|L86S@4n!AB)`}Gw^&l$ohd2?bo&ZoqR-N7a663`XFl~
z!tqLwtEDU<$-xy05F**}AXN@q6Y)h)XZPaXkG!B0dcT`RN&@5GfL|sGA4QW7T+9EJ
zJmJ{3`GFGkmz2MikHhmUVh7gI<xp?#TW<?Rs|`GSKK>u}?mDQ-tziQ`-Q6MG-HjmK
zE!~ZPbV`?WhaioT0@5K}(jq0@T~g8@-}ap6n|YrzK6`J!f8KBAeQwW;XAX|%H`kh3
z*L|<O?zMXh7=zuF7Rt)@%ymKDx9x4xEbg-{EX|)%ITI=Or55B%^s(+1L+f<)U^IBD
z1C+SGRhs?Dq|TidKJ6c@fwfS8;h`H?K4r$mXM3J&99;4vVDJmk#2Uy+-3?FpQ0&D@
zpfn!q)TUs=@kn=|o{~^hvzrs0T4zuuK#2of2~L&^Z!^h}svA?3W~Z1-mZ;MfN<Zk6
zHxV8Vldd|}v7S+aQo>WHF*(A&ClZ8o`B;>C|M{dD5#<W-P%7^SSH_fdb^xdz?0;0x
zU&ueY)p$AH&Aa)XEpO~oi7X2vlY>uQ%w~NR?YdEL<n~jFv~*BNMRNJ#yKSxl!q&5d
ziwKykCj>Mkbvcnd%F+t_aMnIl03;SrBsfWi8IP^!Zj6_Xv3dF<F(AxAtmRyeW(P#+
zz#L;v$Zw;8Lawor;<R#9lkBOkdTR>iDcCOu3rZb)arB%Wf7b76!3r2}%zqzmc79F{
zc1}*KKk3H;iX74eRvN=&k3Cw+H5wT&44IGJp;E5XA2DT`$aXY9DTB{eC>U|{K2d)p
zQf+X8_9Q-y=580#ZbKKIQh%9;I15l>09S(3k6cb+FWYJh;kUgf5=DFt%|<2(@&@-{
zUd4)sxv@4+^MF#CLS~#^dAjqv=86uZ>EKp&u1Xc2@Md-2t#?(E9Oz*Jl;}W}VD)1a
zCAHxd{p(@Gg_p23Rf4$BuP1X0kfM#FlUMsO%{$~kDcv0qljlVI^n4(BiU*u5IY=~(
z^TjRUV~nF9gYks6L;*@P;8}vxkJ`P|tK!QN>-7515tw?RX1btK(SqI*B1}X&E&R|+
zKnA6haxal;`QkAKlL+(5&hnr<Yi$V`jR|XZU|y%;Rj%6&K#2-GOK|#e>dW_M(B1nY
z+0O^mN4%am?ZZIy<d?JQtL($M=Xe+Tfl_)+>p*!4`t9g$IBH4J9IMVz6L-m)Hfa>e
zGoRBO=lxnyM**HCIQ`h0R%VEAU~Q(lx*U))1a<j^WK7jU^h=M~O&|{}nGMM1DQ{Y#
zSUzzO!qN-kJQdCK#?YMblR+GNqgwfTHq03Z0iZ+%ssyVanKmo9a`CiTmc<O%n$7Sc
zx$eK3p0D)6#Dp7`4yV#ggHpbQpL)DVlym?25-NT$U<E5RIwncT{u|1>ASWxzr1TAd
z66v=}i$9svhmyi}JM<z?t}L-aPusoVd`Tuty*u;Wd$I3%klEkqfl_k6&0Q|Rx|NU~
z->~FuS_#y#ALZFkt@%LOK=x>2GEM_fA_7-}lchCXGojAaM1al-VsM#gXld%oky?Di
zm7oo~N9E}^J$q2fF{$g_{#2xjod;3mm)4BW&qe&XXI{M*B<M%<^AOVW1XK^gzg5q_
zkmi39rLUUr8G%NpQ;6}!*#tHjgv~At^m^E`Lxi4Y>P!^rH7H~Y2BlgRwE-WR#@^uL
zYW7#+%#S5Jny5oQ3TrB#?-XzVNO+(~aFR5~aMg7X`1W3tCP0O>Y-XBor~ixZhHHYn
z8(|pi%{ItAmsBz)@)%o%iGi0NLo3E#TEDcM7>^J9p(YEVyEI4~!37v^xPOc{pOq<>
z1v~qn^rM;quh{xjSy^Q#Qoo;koN<pIhB>B|lgH-XCk1LJBu|j5{wQMEF1l)7Du&AB
zDYZN}((2Wx$@AM;5NkS;-<mzR0ZLflN^tt|P|N*Ib^}GDqzT8&{Jek}s%bAe@(nMW
zMm_63>bC$@P)gNv^Q#!!ZsAmZbP=?fOC5jMp+4Ge`KL|ZhB^VQgVg{f3{WLl{a7;O
zi7mm_=l$IXBL;iz^-M%?oLVDg{%n`;0et;9IT<MBHAR|0Y)|lL5c;7oA?CY2@m7S$
zbN}F)^B@OCmxO^|t8LK0vjnFfONOfwW$Zt}#u@4^c|B`hVxM-k?CBAOeB_Y7gQ%af
z0{Q%Sc;Rwx3sq5Q7xRH*ta0Fbp8SBmvDbi$mi{i|JKhU`5(;>h;Pm5p-Sj9qW%D=6
z53a{gq4NsapIV2D2qr0FqG5mGVrl}p3jDL#Xu0sq!8tXmj=&a~s4zr0qTM;ll-#BA
ziW|EL$**+{NZ?t5(~oTxk85V+GAxs=!Yr<-mygFT6K~cP;B&;VIQIOetBgP?r^|oT
zC@fM_I$3in#`r_^8XzrW41^;**x|4el@E0Z1C$Uzm0<Ow<#XZ8gz_~>UaE<k4HoET
z&52N6Yu%vFmkgxG%a12^pp@o_hBd~MA4+Jv<C-XI9h4nthS!lpY5gfE`9f*zyUT+p
zLjr!IG`F(+lSzHNiY85}ba-id<>r$xa(h_oJ{q)+1Al8^2K!6g-~&;Rcb8dBb4ep{
zO93>Z4{X%cdd7Z<#2)IBowZ4yBa7v%-vgBXz?I-+d4Ol(aQ$+V{r1E0@dvLSs5tT`
zVaXq>U?}2BpTB3s0=eGi>Mne)Fd#PCB_mx*B)WHk>&h#mDDJaa?as0%&lY+XL=ocm
z@741+@{evc{55Oxv!#ozqN4|z&kE4rqd8-VAMD)t*`)NO-ij?AgF<FUY;2u4AQXQ!
zf1CCpBq5`F{fP>ilcuQf=jJq6X`3Se(ibQaoFw(d<)@eik4Pg1{X0*BVWl17kqK6O
zH&$woPgM6lDNlghuk1G1W5fdI7gvNLXv>v@b|*nW^eGoR^n~}VLEa1bdcb)5{QG!w
za`ACknF{dyNk4`RycQ+M!FFULuFSaWWc-=QCXB>T7M1+b+%}fKhGP`ucu)CqNY(8r
z?7MS0L8uiY50<tZ8Q5yFcbPwP6U(GJ0VrPqSAx@z!EEGrwE{`_Gg^1L)8@g(R8f=!
zjqT*PiYW#h7u7F8?oc1jd2*hOAMt?%rz>GJ&DuX@ip>6SlGRh=*oLrAaT@}l^aiQ~
zs~^c3`K8Ocp1e1S%2axTl`!wT*dSB}(~<mnncN84cI5!%vW9||_LL&q%xTC^jGZ?`
z39yBz8(Vtq+;WLkF@>8%767Fe@GQaU$Jm3$JW0tslYuO>+9+1GrsEl$EbN&@i<cw^
zgL|GuAn$;`(!)KKFrPl-=*Y{yj@7VBn;%Wk#wbQ>On9~GCqbwKP<jH-5}bY<b2Yo~
z>fm^0RO0yMMP|bXuTF9g+60`7UTlmgjD+B2P)ePZ>}dTo(v?h9L-wszC}w8s*E~t3
z3~nz33@QD}#6kf|58zpX(~n<nWD|m3N%~3Qp)P+^lYMFhN68f-u%i)&@JfLy)eGcP
zuBVH>=<W+$EeqqrUPe;HDEX2_l4+5{rCq#Ai+in^E`ZV<s1mGxv_Mbrc2z}odCsuA
zHSX!PNKj{g-a%LGo`QQY;_XJw1#*wUAlnQU6Tt=Q*hcdx{kVk2iwPfswMqXuNW<%h
zk~=Yg((SiOu0NU7M-!jcKEs(RUOzY-6zYETQYBVGE~gIrxj9Gt%`wgq<R{K@1VuYY
z&+`eiRjE3l#9QtMScFc|6w{ewVAi)W?6J%NN>|`YaI#e5S}T6r7zc|^VK0X797BB1
z@4w1PHKnISg?u@-bO%x?$d*Zh@Ej``@0fYu_DGOk<+Gi-3*Vp{@7uY0*R??lK=ru%
z`>Tb2BRT&h$^+DQCXH5pA?vb7JMgZpYXz5XjeGfAcU4^+?;ITYKY>DiQ64oQTK($o
ze^COj+CE~}kRy^|(bb=&Ye9||a|Uk@Ksp0Of|F#D)xH~dk#j6X3MEwxkL=gV=MylN
z(&Obt3Wd1&P#-|PXBHuXLqLo_9_H~%OW$+)#d@)`ggx#f%6GU*Db*G;C@H{rJN<LK
zdAS9wIR0pTbxv)s;nTBlw_Qi;u22I7vFM`cdqRsDHcbSDZhd=ISy0N1lVQ}y57^;k
z&j?LTYd=Ci9eftfyP6(AlkZa*PPS(VP&xuvg42(#jJA`PdNwx#^<U*Um-h+M+-^FU
z5ZGwOJ9l(7<d{J2d_ix-6PNIDo|G18f7egK-f5>n?i;{wd!L+btx|cBlLAmW09At3
zkK4|JFQ)dzdbqJf=*U{HhflEeE1<vPy4bredRH`{DuPn-9@;O!yDz179y(mU`_$-;
zIo-f|+Ha;V!~C$iY3TbLpnM5DOK|$JpQGS%^jRne>>>@-Q!_F*ScCBl^-_36Td@OG
z+ufv8P|5;`5=#4l?_cn?T+I<t5sn@<KUCfGdA{4aGX0t}QxXqQ+5^uLoPK;pNq?Pv
zC$#*HkL$blcl%ol{obHpJro8`>?V86PYWR5GYh33!xlt)&%o9GQ^m}<Rk3u1I43mU
zcJ3aBX{VlB>j9v&1D+)~{RsWZ7`G+Mht9{?lBm?}`!dot)YO})j<Dqt?NB8AcNn0Q
zGSrkk1~W4I(lxXOET7+LLg|?xTOKKnGO-DCe>~rx04QyND#7Z<D!lwSdV9ntawTr|
z5qlJOximado2e!aBmAL;tzRohK+frXQnf$fgw>05Vm+_8DXDgo#|j}PgZ$szSG@fk
z5Zwz<zWA;3j~;p?Jrb*%kZySEqLWwxMY!d?UAe5@8}S5+P<{GwV=M>qy(8$26)y;4
zlTF;}b`|F8dqMtJZ#E%XWF?E|Ombz`PSyZQ8{kTCvYbM7M<mn9h%1kcdh9?h%S487
zh0{PnT$Vci8Oz+Od<IHs;d$eDY<&1bX)%y~n&IYs_PJYm#P$_04=IPuL9Q($pn9zT
zQ9XYl|7d+REjOEOM3Cuc0X3`Vuu5i1jB}%#0RHK~dEH7c=?U3A$c+$OWMkM^!P~xh
zwNe2|ZF@no_FYGLVijl!=hR%yZcYHC6;LENNsb^SJw42Uj_36FDk`&LD~`tn7n2vj
znLqOW+O3~5ALQqckBVv<aGjKlQ&-A3XDe@|<_`Rh^J;F}O6_zq^?wv50><0&pX1GA
z&TYZ<NAEux)yjz{o2Nv=PoaHE%53p_Z=_P}eSSNOsdH;`76`Qj@)UzJ6$gR!4brZV
zhN_hcXzeqz*zcWrE>Xi*2N#N_H`f5A1#l%e{rG4&LFXBw^K?8YS=NtTKBhW*CoH=I
zr(Qy6g0bI=9^_dIHaN=)ahtR^Tz74XxO}&H{a(n^r{XWfu%VdCMwuO#0ZMbAO0fEI
z|Jt<RoZP1@x1p?K_4KKtb3nX@X#{m--L;(r=f~S1P)gJ`!4Wn-X=h(*mXX3X=C;mD
zBAwGNgzzmW^)%iG&R-*L20Tk}`mtg%;JVS_49?Is>DoMwi)J{^Cbanx#W8xB>e@-V
z4&<j%weLg|w00t&TDJR~``ti2){N?OPqIVm{7hpG*hY!`^^|K0JWFu;kwd&M0m5}#
zEN9rNRAJ$(Ir+KW+vxfGZ^TIsexb<;5TKO#oGv3LlcHgIDv5!pU*}ZqYkH%f`t}N!
z$wN^(Z>Zh@lqSHl1g9Spzvr>@A0LXEa?8KjorsQ0#Jo3Mg5^nZ32Q)Gf}?@~xj%<`
zspMOZ@z#5s$|^g4)o(#_11?GjweNA={6Z$P<;(y|W1vc~`myy!88%Xv;+#P=gAe|)
zI6BDnNi6PD!rLTgTf_YY5qyv{Q4I3StEH764wC7VeDpK;r2f*q&NvK(%_->N(bpDx
z0Hx7ym4CG9GO{|+Rm){%1vP_S_|=zdwH)f3sE&2aa}G37`zmv^OOS73KN*?2^>5Hh
zd(9XAh(i7*Dd^;thZdSB{a6`{(VWsdfYK1S5}YjG{eU{Mus5OWtAT5Y-mJX~nv(Q<
zF3~9HFbO|0MJEq(t(t3x<UN{;l{&^%H&dTF=GOh=5?8x&SNs>X5xa^mkA6V)82qDp
z{zCrI`;WOD@%f7*6Y8qR?r9!W2Ojfs({eCxI)#%V4mx3c9YF41tuz)|9LG3kf`K5b
zr;9rXL%Av--c|mh3AfsEW6O|s13>BnMS_#0+|)-xMo$Xm>Otb+`m->@xvw#JFRL0+
z?zg3LC#0fmKp~&_hQm%P)_O}PHjVCfl5%Xz7r~ad2aH+umgv%^Yrz4=TkoIa&24HX
zz{m9`{g~NgrI#Wp^FV|AO}`}Y$-t(<T>W$FKD}AxD2JJyhGLL=+aOWa7!^{HP*3%6
zFXfPRlqYrBYh7F+*C?guDYKYj0ZLuqN^ttIeP3?o?5^e`Llza9T1`cOKQ$_kp>Ak+
za|W~7cEe;8C?)nc)m83*KIjPCCmVt<`!O(07f$I)Efn&YO=Rf@s9yn;IzW|R^&?Bl
zMq}tsUGD?pb$GM9Aj3^#jMu}G7o$PAquiUBCpn;$21CRL?oC&%n`vxMN1>CysF412
z#0gc8aBKB$Q3&PxwL+u~JWFu;aa7a5{YP3Pec{_7F(g8LPxh0W_pf)WZ+$Ol4GO4F
zUV(fvBg<#850~A^wqeS`(r~b<UC>ZJQ+^}3c(r948Ek+DP-+3s5}bbQEyGNEhd4kg
zcwg(`XJGZBvCS;e0XF37nauf>u=$caD5Zoy>{F|=HXjKh+AQujA8IX~a5=L=eVAA9
zdr={rdq@CEP2gFA(~rnOIph2@ZP@<FKZMDizI8aISvt-+h?}$3yzK3i`2q5C@r|2c
z1y>?+Wh3Ee7E0zf6e^V;OR(v~Hy*DvdF7h%g#gOuK$T$iV-e)D1rx}~g?9K-DK)Dz
z2%7YF)!uK2$zV+2yLdEw8$j-Lf`}~+l|EaNXMmv*8@#R?VDYg^Va?65AyF~hj$h>l
zC^deo<oJ_G-E%Z}o$Z4zw!~qjY`Qdpm><(8X~Ng~TDkOTMjPX|6`+*!kE4vwhzvKz
zSVQ>L$2uic?_`AqM6{Kv-M@CQcz)voDAj>0!O2qSJ}-*f4pHbUZmmb+k^a!O7xmh1
z-DRBP&29Mnc*bi`N>PGqVw>3T{miC&zC1(AhCV}ise~-+dbBql6hE)_eE`*?_K)iM
z3(5W`QC><!B!{?O`ME;0pmVlg))9VOLp}TH|JG+JfhCP{66E5GKBEwR$7T(_Sx`u>
zHv>`6tHc&WEUR7SKn&X5I_aO50Hi8VBsfXlDf>NJ_e7<kXS(dUSU{C%97ST-T6*|$
zp={1RkP$Ep@_c}S5;Vr|skP5Lg@Y(vc=MZWEli^!s_>o{B)pMfw*U2Hrt;76=Ca~8
zGv)h}eza7-j_x8c!&iDyAVP*sk6ic77zXlWE?kA;z^Qj%9^@O&2z$sDJsO$$e3!-!
zdAW;}C1tyF=hF1h;%CRN?`6`N0ZL`yN^trSv3lc-^`|xZh&A?h2b|fP*1R`4u0n~Q
zCw!OC(IsDi{8T*c*$1R`cz)N<ZMr`kF^+{-E1;)y=Y1;7VsGvaF)&2|N+qC5u=){G
zoc8^6!AMP?UqloHLp~xtm2rO?+z2|=JLgVOEs6w?%l=)<pIV?>mHmuHE#TJM7%-`>
zqf;J4jO~@=L+UTxZ~;n1;8}vxj}zISrnv~0lSNWRD%(~QRn7`;T)P=Gsmdl_Uf5?D
zf_$2oec6Ol!}Rg|KCU_Z-aX_Xcu5d?v;Im7jwXvzaa~awpi}^!B{=;^mpm2eGrnAI
zZ5@RZlu|sA%kunjD;3s6pr}arl9|gH<cJrh_ZgvI-Sulz25|4>JKw+Z6dN<QBBZ}~
zqBO0J_v@KQ9(b1E^dlO<<Dx37Hj_O^UV$39&Ucr6tM-0uw@PseQ`wVGt{|TuUq)gk
zhl?nEd&5pi9%&~XLGzjFD&%vzD_v~i<!KM+uYQyRssyVa=f?Dpq@TVoo5YRNc##pS
zm_KSY0qu1XP1U{TMU|Hc@?57SvdE~Pd>{AgMQ-A^Zjh)6t5N6MHZh``O*}^=S3|x7
zl(N57^8Cr9u9mo64W(viq?P=97e5ZkaNPg%MN8kai|-o?2#1J6aiEkjkl(he6p6Fe
z3v!bJ%AHzbyf!A+Bvz$9noq?BF9}lvlrq4T;A9Db+m}P2`q;IA?7%jN@sL4Wq&A`6
zsgUv>Qmd-^(wY&JlID9EKg5clv1I@C)3*_B)Rw3xn_Qof$Tp!=TOp$xk^t2s{g3MT
z3(5UQ=L0BHbz;4KReUyq`QmgeVehi2)3N!!mr{*n&f<14z6}&Ifm=v?OB&t+%20ZQ
zMA%abD%^(dXm%7;G)txGv~Ke&04W6&2~Lv38(f2$y@+jXU0cU!FepNy_d|(#<awS6
zY{`rICnnmUkSVM#xDtlT8!=ER_#4>68+(qV60I2&L}>xXc7emwu7L6W$2pgroC2JD
zRy=>yk8!Z(A}}^C-|Q=1#uuOB)e@2Nk(`J~$RLD=({pa>*Md?O<-}KefAhfWZ_S)b
z{PyMza^^@1JDv;d``J5$<Z3D<fKmdu5}bale^PxpZnxh$eNP7MqIEV`VJ$pg*zd5I
zaU?DIzTh?=l(O(S`6h*v|M|1fuj2WT#IO9iJzfdcQy%Ne{7@S85GVyG#epip>c=B1
zLemOLE{51D4Q4ljg^?Ne+o(a5;di1)7CX%+0U%F=SeY71O(k0+x>+5jfpVl0m@9QP
z`dV_kjzM>M5O3{z3s8yy&k~$|)I_mYwBn6gd!lVKR-+v!r$<7RH-Rq4%IU3|Bx4MN
z0`kp!BV@_O$}_sk;(kWN(i6W_N;rvL%DTxx_lPIeDdc?s<ul+}g42)sR7We@#>uVg
z55_z+^GQi?0dZV@FQHeNP)tvnJ@3^)u3VBJx8@a`y@}&)AKLkNU%O5+@s3e+p2)_2
zo4auWJp-T=1)e21{g{@!;FkOGafNbTmEC5Ty5X6|x};kafsq)al%rMGDJ#e)v&o%o
z2BmPRlLnr`?S!QPtLTtTD)C52>|}UKN4QW2fKmjg60CmYc*!s<Gq@+3-n<XV)c<kZ
zuN$kSjq3QR%65Mv9*H!_&&;NnX<DL%Q!$*8AU0TP5-0?8z1(j*$}o~U?rlBjtbWZz
zPk*cYqkhbLnSSty$J~u_aNZ1oMPeK`6)4~=(ldNtaf>|6Vhi$&EELpp<~&I;6^KF3
zhgS?D5}sTrXL?t6Nx?ZggUW5Uzm&qjmEdIQ&#X$=4&&#ExZ(4eYmA|X?t{@Hv!6-e
zOzO2&FU7kqP)bSVnUxAMMj|5*hUqUad}m7ukMST+It8Mq@f!z6n)LzIBlPdp^EdL3
z`jLRgSR2tz@rNieVz?!BR@mwzZoe|h9Ig_tt>1<x#2v_64QWb|=UmG;OCgx&HCO6;
z?eRXaT{T>}ko8zfKZ=^M0Z2ihNN|!2nJh%PtkclFOu}R|+V|p$RK-cUzJHQ45gXL?
zaRMIX8_s&{$q=*U!H|2s{9Zf3aM7{H7{+t&Mca?dSICnOP=2jr3H)=s`8YWQc=-RM
zA9+evw3?6MWYno$58l%jbTSsM&9V4spGL8Iyjmee0NFeO9p!r%%(RL6X7pU*L~^#G
z6ATPTUD+K4C0g3}FGqjv4CM!|1g9S-o@Fz9u0l@Qo#b-(zywL);ZlAZFQkp%?3jpa
z;UNn0h6vI)d(oottE95OwKD%q6P7T>dc8nrE8zsIZAP+0(F=f*52zBXemur5Itf4B
zYFb0nU8~$bjwWD#&(`46Z+`RHHL^>L1R9ib;<L|ZcQXV|yz3QAq8t3QvG|vFcr_{+
zjd;rVeB>+r03|Q*EWzo=p7RN5UU=QD7_I`5j1;@VRBplK>^+q|<nlyONpD(^rx*lr
zeG0w|8$b&py2x-ois6RxK+Mb(?&yN)545u692fy8d4OjLPCp)`tauBVAt5Cf+^OH-
zA=nOnJkqO|Uy0Vo+<@0PLj}3Zwr8mRec4;sJtfy{)s&5_{MR+D!8ltZ2;Q>W8(qua
zFab(#;8}vxkJY&>6Um|_8Bt>-E9g$0F^3|>E>RLe3@zTOk1uMxIY234mB!cEv;$~U
zyY3ZXSVP7AA65x7HCIgQl!Ua+#|?k&4CMl<1gjreb{u0h63;`CkH;%>UbbI)z0B^D
zr=}UW!}#9p+vq?Ja$SSMGAD|C$x!Z-WO!K;-T+3q_5+{gqXp{Vd}wWacMCwt`CBFL
zAARWr_czvURR+5`cAqBM_h;lMM@M8BN!DeAS*9Z$F7L%b9*X9m*IgnJtC_f+!4t%q
zKa0xEv@mrgJl-WZ`?yQ`(G#HL0Imcl%eJu(D>PeAOC6@)_L;@TcdLw|r`URqcXyi$
zekYQ@k^%Yo<BOg3HleAH+C>R1O!NetS5<DJs`mO}JULP*ly7Fn0oB9)kLvjg`A4@J
z^a4j((LcAXw2f~IT2#2K`Nu*xdFAF4>iHw$z6US_f<kiC$MFTuHg)*gmIXkQzA3|M
zOp$N>uCHhEXgyC(kmw3PvH?YclO$}-@?@P`#a>g;XgKMc#zUhgaR?ZUy&7)|4Smjn
zbV06Tb(V`q7*7(}e%bwagWY_-$m_~9c0IGBJ%zNp%P{lJ1u)+KIOmdslgG@0OMvrF
z`mt-hJ;iX~W5aa)6YWpX%Gy#V&|~h3u+x}mh%}G$v>?wXw~F2N3chq~#7LheYaw%>
zr^$(XH7;a67a-GO6I+Ll15mO6SAx@zM>;BVXxLb;oh^2vHD%53=!zk4h~1$F*7-a*
zwB`mueoC4aP>~dzK`D41?(MFDh#O@#K&KcMp{el3y;R6OEAZFO7iOSJu=;VLo1KSL
z4<pXdB2i^`Z+SFZ-QZ);N%3kSa)>R?)Taed%DOc1%lkq$TPag-E>8O65o}~<TXp47
z;ZJbV6M_0;_y8pn@GQaUM_;mR39pq-3k+9xblhmX=v0q)+}9`G33In~?OfgsAfG1m
z)J<xy4UcZOCER0zu^H`_Or9|#wTQ{_^lbk$r1MGwC>eog2~IyMyg6~U-3Z?a8m%T_
zXYT2`fv~>QniCNic?FBdwA%wR%V}l%%G+affsnCk{3d}&8IoP?R>>>+BTu3DJXo><
z5rC2bc$VPw<Hu*z&Z?{ts^71RBjPCBo5wZpyMBrlTlI)lwT&s`fqZ9=;$U_bY0Xpw
zHo}pBZ8pmp%OGa>T6R^0SPKbesq>Topri+?1gjsBaE;^BcvFr0l*J_+pTosg5gV8V
zLtFNgx!sbTCVM7<QWDY9V%ZPA)}PiJ%5>iBS%LRtZb){ikb4kJ-tXz{3I-_YeyjYW
z56yb=?V9Y{QVx3jqFtNQDbcU={KboW;J6ci>>;>`oIZk54%OC7q+qvvD-`>2?7}sX
z!m&E$qP&l(`N7yFd0i%59-yQJt^_Ab-v#t4=B&h`l>L5;u#U=bSOld~yy*!3!>go<
zcdmXQt4BBD=IFh$6m2<v`a;ax-7j~9QrvAQ81IPrm|zMjI70!|L-X%njqw+f-|A1I
zTxphn-XB1lHpk<`DNjdFp7B!#FQjGdpn7cogiW0T<Q6>U4|D3Rk&OrbH?y}-{E%gP
z&bPJ5@;ppd7V0IIE9vq8NNS)+aFWbWyBWfA&J({#l%&npYK3y@aEBQCkb}eegzY=Y
ztF&&A@AE+H&B{;J^0xHb=yBCrJsCcEAmr_9K9RB%u5Rm!{<Z2)_0RF<w6rwi{iFRk
zWcra*b<5ZS<r0&ZgV-1c;{H2|hAakHUWI7e1VQp3zky&jhES6h7uqDoBfwbrHcYHR
zm$ECw&A*SgxLYVf+GYlzqy(-6rysTKVNlCDi4vOdY)-@&-&}-z-;H^hp*>u)EF$Nc
zfeP}O$0m4L;cMJsCFQQWZS})E92o{=V{8~=6ou21z2X$3U#q|rK$T$iql9U$qQWBS
z(@~~D1Sfa%4x{c>G^#ZSmdZ#KXYumShM<(kGOx)=@$(?<rWW{f!aw-mLnBe)8F&(Z
zPBEJG!+0JAP?7`B5}bY{zuJxsPD)1eSUmZ#@D*v<xW5Wd3CU~J3co;m{q_yW9eB41
z>RC;;G7|n>n+FYdmU(T4oQHeUxcAPSs5iNY4n6=S8SpH@=|?7B=JPBzY7R1n7_OtI
z2I1yAV&@V{UGNa2nZl}Jx2K?#(Nr8JS2A<ZKBbdZRnsY{kCZ`F>%B)`;nS|T+StT?
z-D{8n&k~$|jJOIELcENziA&E*VlyJ?^xo^4rjlJn^Y9suW!nh@xvo)`M#f=U&yy6*
zBGn+RiPlVy)rc6FGK<!raqNBTw7d^ck^ohL)sKv^vZ}K(kyCLIJgV9S-iXBV4xbPL
z4RjXjh?<Hu6^ubC)h?6k+kKxxGf%Y{eX(9cMc~Wr#2gGbW4gNA(bm}f^@;P7-zxuT
ze-2u;Gp&pyys4iB+83)toV)y}-IM8)eXF)M{koo)N+zI`Rp@e2Q2Sc*QK+3zg9m0e
zS;lXqEVa*d@=1)B4-j|=0ZL-vN^r6y7O%6g87(%(NKL>mtr}&mzk-OEm@>v|u5ek(
zoX0K$d6L(wG_s82nj)j9r-<J^T_koSkq^b!`fdyAF6X|6XbJ{Y579rW=P%?R-D;FV
z9Saj2bcjwcq}_}W2WScLP8waJC1H7?2oyw2go4~Q2K95yTj${i+R<sNqc;6s_fOmd
zOx+#bc>10W@0gY!zxJ;Z0!4z8WFn9C#p1x_#w-kdo0mYd*r2TFOP)0&TUTxuE?wk&
zko%SQn+;4({n0N_n8)s3$D;Hs#^rNqHH=G=@Xqx}*?s!;HrzkXx#ZwC=d!fo`lIJZ
ztlVpVF7B9&*RsQ68JS-w-&RiF&7a6&nAH1|rRxtSg52tKv^sSbQb)V@g;XssfB~W)
zI}PEpt9?6!af<6sDme#0i4R-}PCvfxedr97XQaz1{&ow+!BrKuhH5tY;7&|w>C`7y
z!Zro+t_@x(9i=6ao3Pgkay)d|8;v1e{V*iqYgkm*Q&qH!A%GGOs1mGxB<ZZiNv0~T
zYu|vn*orKy3GYkBNO2#c;9s#Q35k~p1$jc&LTVhHT2wAE)>qDV87xL8@0W^mN0M_*
zpO!nZTQF||l(@jN1g9S%EB)s3#XFS6_#_r}L=Ccs&9*u677Q(1O$x$wRkK09(;i=`
zdhTs_iudwx(4$+yty#y{XWAD#$|ASBfx0GC>DRdxIKZ<6rys>6!d@Hsw%(ODWGr^R
zqbsX-F+kNK^h$qqvv@bW=niuCcY9pcfFz!U`eSjZ0=q*%AAt(=LY*IjOW!>+Ui7<U
z8h{cTc$VPw<3UQp1&S~>Pe=OqLUh^K+K#2Qt)|8SZxnp^Qe-7Nkl)yncY4p!hz|F8
ze-i0-hwdJmI+!Qv+<h-s_r;on)4;c1_rO>{m0<NF{N)KZ{0FIRd=Els&FvxWBo#vs
z<Go~;+78{0_e-EpXDryX-BmYA;^X#ZCf0s(HsMsna*J>IeCx`v?0YK(&#yOLF@LN4
zqe)#!Dhxi})i*FI$Hx&)^^6945BlcuLFoj&vZ8fE_z~n8%gR6ZDx*Dg^BKrXobGzs
z#@~)zzf+B7-J%-CM>eDJ`?a4D1Go~LEWZ*#@C^0sIX`@MvXD67J5u^ESsuh5M2JM)
z)Bg2KGsv&TpiYES=?xFL(Mjj7cTn%AIMz|-3muxl_KLuU_@-|R1*jhMf3Kdukeq+?
z{8&bqJx&Cpaxu~@4MC6aI+bcR>&H)PQa!#EE}l;{F(A)h4f9<zQpZw!SxmI@6bd5E
zFFnyHxK(u^r*(Kf?``we8UTp~6baV*kAYQ!G>bYJFMM%s?YA7EwgX>8!xH?=&Cl`H
z!;Gm1c{bzqq&;>ZZ72DQI*%ujGz{~+bU)vUI-QOg=DjWKAQ=5Mr=$LJyv_J6IC%c(
ze1L;O_1g#AGH?B<KtaR>ybPWR>zEhW6$WlZZyz(tAVJQSj9SSYhbUQ><KI1>8t&pz
zw5qdiKX2q#b&pheki1$a1t?K~E5YeUnZh?FheIJJz4+fkJjnUcUbFP}L$gM4nIVk5
zqVm_w1f^7O*5<};fAt8#2Gcx!T4JX8%q8#3s8~AEL;6$ltl?kJkH|okVD)2`Bs}%T
z#wj8-`Hh8{72^wy2ej3R%y#(49F(Zh!wz3i%I<3BJt1`bnN|U$FlhGB^y-z)R$3DV
zln_)~J8S#&UvKmv0nZYgespE|Fr7;jR2-$}<^23O<|nRSLYmA@1A_8SwnmKq7m!aA
z$Y1X&8%J8{9^|=g%8JH{pQHMHiDNOU4H0&^bdMDLbz%}C@GQal{zo1a|4}d3R3vC#
z^s$g9$Z}U$<=GJaqz=#c=>#oQKz>gG$`L;4@s@%w)up+&7r&a?ju!t`GewOhIj&ZI
za?e5tK#2f6OR%0F$yJsjRqBe)H>H}iV-IHp<^|&zEY^OK)|>Y|872k!G{N<r=?&A{
zXCBp>B3IKPQWIF{9la}?Vn$?<*H5~dxv@|oARsUh7a@F}x>nkgStJ-jYPu+GNIw_p
z<Kty3rY9heB)G-21N?#iUjM!Rd;RzN@Acp7zt?}S|6c#Uzv59O{b6v>(6Ijb0~{=F
zGzh>iG&BeZG%T!86bP&^h+yCU_t(Gv6xy$!qy2yVp9B6<2xukV1;D>TLqZlp=>7VS
zfZs;Bc3x>hBuCDKrS`sN8dfxz9pi)ib^ZDw;GbfGudb%s!bCYVl3%dZxpLve>t4YM
z;h}oP;8_@J8q=CuUOsYr#M=zMGpndV@u={j#L;ewfJ&8pSBBe~_q9~mS5v6kyTk`$
z#R`MusC>FN(G)8q#-DV9KD;s^wCK$qbV}woYYMBFd$&{Ayb;wOtZ$h4M<E0%Oqh}g
zg<&_37zjKE5%{6;spYc92ETIVF2+)v=B#guv<JY8u;m=fo7hbmwHV^$`FFlLNyG~-
z*{?c3OrN2%k(m7<fh%z0955K6W)f5x@?QOE2O7QQQ%I6_FG}TPg5XK&YoaCDikHrL
z+FN2OV`R|bFM7<R{1dhL38C}Uw5Ydm5!VNIAR!>xgCTj@>EV$7^&o%(3kl6m2!jKC
zNrABC9k#4~&dkBH`l9RGly?o__8%q~5`oNhf;;NDBx@m?1omN9%;Lut4#SVe7v0S>
zv6GYD(X-d{Z$-XbE@B|U1ZL1yw@{+sFjhTyArvX+^2gNqBe@7w1!1{buQI%6RNnIV
z+51i(7Cn5NfklQMMb=1hXy7qh;5A0jkNg1lT*JA~#4aCvGHLu?zy_W6hqCZweHGO*
zyH9sx*A^_t?kLZjf=_nwI#vuW^g%8n%@=-p#AHLhEBTgq=<RXY?jkXs*gCJ>_Ljp{
z)5v{ai{r*g{p(K=lHqQje#|lw8k>nX?7?XD8f>#G4A3vH(`@#tKddfRr3HMs_yI)>
z?Mg)u@mMS$N|$n)H19@Qy-`~>w<t3d=i@$54vS9qi9M+PH^E_(S1;C)cJemk9axCL
z8P!}%%L@GpE+~ROABlH=$%?WGVtZMFet19q^T3E{mm633<w8sClOl;U!CjR$$<OCg
zZ2h<nL0lb#7D}m6qgG!KsMTf16<ZP_#%0ed%JNK;4tTz;Glo?^uUl|^)m(CWr3=?-
z|4b>X(U=K2DTd62gXwb<8|7wW5{9;4s?NQ@kCcfjvY@+u-onMe>T5^--@Ch|xjG}{
zINt8LWq0_N4vzj5JWK!EUA2nx(1d=pv;FaI=hDoMMx`X%Grd#s%Uz&*IquGJuXJcD
zMR8EYRVh`k8UGQs-9CO|?PC2;FIC0qv&iVOQj`bR#+;nE<C|oO0mLF2_smMg1zD}A
zXU-bJ`Vt?$hY%G)56C+jk5xE5!`O#HJn@duhERURsp^kVb;l}AefR>6&%Djp*7o=A
z7*ga7VW<j!&9b^z-KL=~q+2ktf4e=PXA!foZl$>E*0<!nxPsK_YQ85NwLd3+u?ZtP
zuB&J)jT)F|kiBUi!Si|@LFF_vf`30E##f)RRv!X#z*y!JtZC}iu_#08M$~ZrIfB<%
zDTk|+;3cAoSLPt%a<@SjG@Y)E&zL3mVUb4TUhvCmv{p<_TErTnE}=G+l9=w!h%i;-
zE;NqcyC3-Y;#-C1m{Mc%L}6#U5ADzv)c$tEELHc&Uz&a!)KDG@#NKtP?T~zYqZjy&
zK6jqLWn?4%AmANZ2%Jy?MR%boD#doRLt8TB_F#QK$>NK+k%$o&bjNhn%CFBFWGwqP
zK8pA@j+pZp5`Mjl#?>ej*>1FOvP*@Xtz7f6nG+4V5XfH2;wO#%Xq$GQb}_o>gj!j?
znXWF#=zW%|{d>38_lx?q+E2kh{EpV%ytSgyd}>YexBIbWmyzC5{3_O_OLot8<ZCJX
zgh@ETS?Y&9UOUTZ)zG9+{32#O{lt6!-K|}EuUK6z?@&B$ht%`x@Ws>;+c;9bIY=7%
z#Yk^=;WZTxv~$sn(or1pu(WK=0%c!3*6MyS2qCYqKD#z?u0YqhJ47xsNhGeE<BD#{
zZxkLDRPNZx3`?&jIu#%xARr<Cug~o9C=&n6b<A>3`Oi9joAW&$mp}*0;bHZ|3{>y8
zMWaH4|5?YUIc3!e<4>LmwW~Kq2vlz!Q54=N8ftlqN<wh>CXOD5rOV0FbUwQGy!ZS<
zS2(PqPycM9=XxtFH|+UfCG)w<E<9dWxL!U53LK>C)Z4<X@_Rlh-QX8;MXL<>Y|yN%
zF<+Be<jXUl%h81|nYgv~9jnLnpexV!o+aqx9mj_I9tOjcUvCeXV-}VkMN7z`Bv3Hd
znptHw(w^v&?4FB>Vg0a6fMYwuxcwp7p?}C6r04H!xM4MyQ8!wF6OJ;HYF7lkXEEcc
zKi;%8cSy)TEw=u6_YTEI&>~Gme-K;TLUJ5p(;3?_n@oYzq!xN(#%=S-squFTDB>!P
z!vZ9;m;bqrH&ZS1AVUxo2i15w80&7dEHovt|5e8|c>TE4{vPAs$Ju=9vX}5%`<xRj
zXbQr|HD#npnS}^GjFWqtPX^tF7Dp5uioPavUP@<mc2{CoRS7_{H=^v+IXor~q10%2
zUNq2-Xz{k`@oaI6p3O0DegEpLULwo8YMXTOJ2K?fG2y5L@4&{C{uC9mCl_oG^Gvmh
zf6BAq%$*N*ialZQpW0&%&z~%?e-1FL9K@>-va(D0I2{&ke!WmmQG+?BdawFbbqsTd
zsa)}*mZbKp$my&nm+1@DR~`JdF=f~<GXjs{H64-7ARLEE<)OSnRs_f<aJ+h9qr?<@
z=I>lYzI7naS)hzIoVeGk&k1pV$WhpHR+CG5q3P-$GeKvL_W1khYRj2`F1qn@ng(Uu
zH@`MP+-cjs_wVV-=VLmV)h^;q8<*lIdrKv^6(&Z?t!|qJdcK!oZi}9DT^pwSA{l4j
z?KPNDEslyEw>=k}TE<Ukd~rrjzqr)M%J>k>A(WP02$Hf7<U`MAK6g#6#z9hNaUdsk
zRJcB`$KNG0g`Im%zg9(lvugXwA_YC=;=%v$vzcQo+II=Z5m`-Z-<NvP+rM{j&NbXu
zRh}JUd%QV?`}s=4#|GQ!Z@0Vgr#zchMzj$I6<L`53tY(;&H8J#Z$4-3L00|{u|vX6
zh2>+5Ez=n_e}>LssqyxFRl#mdfJEzoK>JA3rr#jB;?+~xQ_B>?kR6IoXP#C=&ugr<
zF@#YrRm?&yWYK9q4i^ms;%!Mstw0`Lwhz_PG6$T|Pc`WKH7@&yV<Rn%km5|3s*R8Q
z-c8-|;d{hq^~=`u7CEz*Fdy<IlH~t(&*_lAsL6J1*&Tclk`Pb!I)mbK-ahMaOyoOF
zOyM?T2e}dETCpn;l$?3#PnVfLJp%5+c0H%(d1Nm*Bv9tia<fdiibH8(LdTAyeoP$d
zxRba2v`#6nO^9G6OEb3{FrcR~((ve5@s{MkdP^^3u)|!<bQDB{Dw2{-4u`+E7XPw#
z2g+6kHuv}Lo<3gWp2@fV`xu7$5uuRzeXP#rf4g@x7Fv-SxotUGFnu~Vee)IEU!&<)
zLVF$t*hE|X?A87mpd!(wZ}_Z9-y6xDSIPKNCHJLX<}=^XL2|uj^(zl?%E|@mo(-u4
zlvIVCb$kd_4C&|Smn3=Et$t1C4L=fUaBWlev8Ldi{fXqHc6WZ>W%@S1lGI;v#bCbt
zq>wW3uD97Y2pVhp_wFu%*>`Ed&~uCU(hIj6=_M)?37`LVKbwXQiyN}zZ|pONjECu@
z`@kZ;kGe;!l4JZ3ZT;>#leh;dht=Ur-3kKY4YfkH1MPFUDkx!7G-yvD4>kPu6WVe6
zq;MuFx!3G&!M08b%t(|3q05|%`1gq~N#WCLjDI@$GNHgP){?Bwqw>dQmGFN?w4mFH
zG!Cccj?-oMY|&kCo?hC-SNm5T|6iZk<59%_ck38sB8&E)b&RdwA-X?TX|YE`C?>4m
z*(k`181g^s_=5B1o5S*3#pQC3sQL9wTe>>Yx6RM+j3wCW-iATZ@NG$Zvb2>{Yv54U
z^-zlIuGw=GeHZ)LN}*JBvtTjXsD^M?jJA`9`ULtDj#i<>XE84OzE@=$fg+kzH2yZE
zQ8))HPuy*u?l;sjkWI53)m9o9gi^H>2<0PsUX~+R;d!1a8(1$#Vm6FM467he9R!Eb
zM#!LB-%^jM+=*le<u_-t2`}{hWI2fUS_-V49bzlsCOp23h9rysR>sfTV+S|T`@>DJ
zpsEax&%NoP4<GNd|2G&;0(ki@=?(h6B>F?Hgol#3NlyWYhUMN&NvXu_N21*dLs7If
z&n09dg{g!8T*oI$g!F9e=h~>ouZ4$<LVXp6qLcnr$0AYKrv=A(_&hDRdzcxKKEsq)
zlA%<$JB{SWJ1T=LA#)q(Rm()dhb3B36bxkk9x|mr3}_FZAbTluBDQpXj(gXbO}3rg
z2P+h5yK09TH*b6TA%_=ji@-ICj+Sb~i0MUIYbEyRov=JRa~4Icb25&2jeS?>UEAx{
zb_UyGf1UJ)<(!c{XLLUeMGn@F6iG(ObTV@W(tJZ0k8qvuJ?M}QM4*MHvrM$g=nhq&
zBrV4y&TZ5B?Z!?>;0L?pvJPR&vU_cd_t}w36fy|SpQB(m5&E(eV4&<4INvVr%upZ&
zSuAWkQ?-g}w1u_ep{w2@^Q=XqM9_LPDVg+oF`IL*`=q?RWoG&J(-qX$N-PoI?i2ov
z*P%%H?IyUiq5gkQSJetlZY%25y5=?4K`MlAkM$!DYx=j`WY3Kjl;mx@Dn1)=JgX_7
zVS=t`tAtqNx?bVyTG88bMRZS*g;=*|89>KCPvJ{CVf8<lE7$GwFqRKGCCe+)<fy%l
zap*htf%oKoho!z0y5w@-{`UD)42<kb;dlWmviF1QJDa%@)uyax%F60Dv{Aozdr4>$
zNo87L@6<IT7$};>o?niK{Ovv}45Vp(w(BC<B@(v%FeIWz(N+rW`>iM}mTZD^<{lC$
zy0pnNj-r#>{X~S=v`aFZ_Vr>2+}B9)1%-@UpVGU2l<|*Dx!<$L=dtw~p=-W2wxFpu
zsIR}CV0!xVp#?j%yA4ad%KPx)+-e>-4y90CVQJdPL8v={ClJ*WS>+&#hY~g6(bJgd
z_wKVvdI%=A6g$E5AG}9fl@#c7M%MqT2g+}1+2xZk1w6zp42|s9W-DTchKKJ>=Q#qC
zytZI(4POz6Jw#&V;=Zq9LgR<3aP&e}43Vw1)`l~T^;6QYzqQdD?enkcN!=-4;;kV=
zAs3L+w1TQj-=wr&c6}Z4(zr}OZCSQ#<p4(}VqaR{^OIL19J62`4b0?+Ni83)X74A?
z&8A+lNxygFvk{+0FZBcuYpFnVJiEhfh|sbB+x^v#JI$S(ywwl&M5Zhza7m}*`q}Ny
zd0USwo+99;j&vt-V3lcV0Q0cwi`_!Nwh2{@(AUJh<BISLnC|Pa)suiBcFrlTJ9N4c
zWew(1?$=sm(k^BC$j^~{WXd`o-tSRgVYvBWnKvFYqJK9~<gLxS(ed2iSB622t$~%C
zD-g+Q70Fp$T{8N;`{u);7+So#3u>ZZL3V`hhhj{t<-gqo!$#Oof1YZ~Y>M2WTd>f!
zxPO8C^o3<?n^Bx5N+Qw;PoeF$2FCa~hwMd#k?VWh^^6Nw^j`I<SccYzym&I_=A~AT
z?*o9p(MgaCrH3p#J0<_k+lzbzbA#>A@m?>bad@p;UZxOVAO_^K_-gBvi@zFqsy3GN
z*4SD5%Z-DyN1H|WkYqtT&0lr=e|=_;M-ls9uHz0wsDIWmo*)EbN*K+{@RgjyNsGm0
za$!N%|5?YKa^wpQNa#awRdan^u;r(S7c**oC5}a!ZFFN69TID0qUp3txf@YgPX0ld
z4~$XhJfbUV);)rym>-mwb4aA?1;y-alp-7$340JG`RXs{BbK9|+(R$rtUVXPJ0~m)
z`QGoq2Z@tE{{wEV=pwa}T?s-*;oC~TYO_<F+nx3@@%bn35Tsd{TjH9$gEZKkECz80
zLM0O^{vSs&--!9Go8KQwhD+ya%`03+KzPwiD<`zA^4NV`8LZMNf;WOFtA_o&N%Y?0
zZO5{EtnM~*sybiz6e083*85FS-V7FKJFk~*f<k2GlsfyCHaZKAUtmVc3U8vGaL!NO
zhf_CKX#VFqc4Gc^LggCna#yx`s49%`-l!}d{$F+6uyL=SFf|Y^Z=<Ghg{GZ#zWtN#
zw7_G!-mGWIg;OIwt#k=KZKFsD8Eto1u>;>f34i|<TcezH^PLf*9eOE^#0y)-ynVLV
z)>hBCA@PQ7j0XKM-+T@_#Y$Lwvpi;cqUF~l<@p}*1LUNNUnH>3erVjvyf_bpCZ>qV
z&&KYO)X1{`am)1jlCnzbDjWs#HpX^pzlihO%na^y7d<D;lm(ou)r)pl#lB_X10io*
zw#^sUpP6u)F(7itQJk4zNgh{L4>Sxo=j6pjT&M_b&DTW<NRNXh_xXNKmThS^RKSeJ
zFB|_ziaaSh#ir^U7_~C`P%0Q0(=6avyiI=^>UF|O`z&usApG~!)c|(zSP<8NI@erc
z3lCJ(=G`hu&)?Hk*t!%3-?VG^BNfBAmp|I|?R%9cxo!q@Z{na6DOW>l8ahg+)0cf9
zI0%R`9%-^|9uo|?t3rvckYiAmcTCJ&UU|r>IPwwdKSx45lUeOK{2C<@GG_dFz+Yzw
zvU#KEyXOfEu}}vQffa^q+UM1^HgViowc0c$5yn(3bnZS##dlTeTWwMry1#c9e|7ql
zauano`)rR69oIeK=eLFJzujDDv*#31VUNW$BJmAqOm)FqH#R=S4L_#r6e4fzNvak-
zm9=;!W^`Wt$WKdy-xQ9teVs*m$C{D>FHMrueoh&QcVT4Q_C<CKhC&|uI}CE6p)=96
ze2C$#T5rnw;S`;%A-8KpT1bLa8Ebsa_ymbtmJioMpCB8CaXpQyUffi%`WgGg`DMcI
z-2$^ytg>1#1mZd9b$c{QE6KfvLw~z}dJ-*p$y}CtiF=26%JnT)AgkFF#K@RL7aA>p
z=`(xLCtu_J&gFYdT=ox*szH-461-bmPwYF0s_^e8(^B&;)t0@u@6v7J8B>!u!juPX
zYc|aCov(A9(iDny5{|nG%wE6`R--56iIS`;biuy3de9!)vPJEh+u8SY#}%9F)b$Io
zc6s0B_<Q$VeZ<JgyD`_Yw=|R1Eu{~3=?!&%yLA@mCJG(B1?f<ybBDQ#N-yHa$|^?%
zGxBt1C)l#M&nStbwPtgp4QCXm5D~?ba4R)^AH^xKPZsDYPZboTjO{Q9q6FZdBJb6I
zmCEzDk8;hd<A=*LsY-!z)6=uElHCmap`SG2sv)P3{<J%xf_RLq4oM-D<*jt2P;|X~
zkI1r(u8lLflF5HqtZpLDd)<CD9v?a5m2W(E)m60|__w<i?Z@H!LC?9G&}2ei%{54k
z&A2!16-ald(8IQ?D}Hb@oi5+B2Eub$v3ikh&BV{##fRWS7P6at<Vapm4iqP-JYnCr
zt{HLmmw0}R+qFkdAh*}z$UM6*4h@TeMcnk7_R9&>oAgM@Ys2Ihk+=qzmjq<jNJT={
zVUufqViG-@#*SEOk?(_w|ElBv>oa>i%CrCFI<B>`|7RV~V$JJX8`Ii--RnF=tDC-L
z&wfGnZ*^QkSmFKr%C_LOw;*CZ7Y^c_6#mSx&`SJ9e2tO_+YK&`;gQQD^u?X)c^i8W
z0Z+eUjOc0u7Szzu_m@+_{*k4TaPz6GpOS6FWhHps(No_F^D4$>ur%T(_Eii@q3WB|
zo^CSR1d}G;rQ<t<(NBcmm!E&a)#h+7F<q^0e2eTC5u+j0{;^ti247HYOW*%GWf}#$
zU1wk~4*kB53SHw?&y#n?agTZs)9LfwO1Gp;N!}D6gi-Fm8xgLcrM>v3+Uu<P+G0zj
zm@Ii$9SK1_$0vM+s3cHdxs)#MiskJrdzr521FAd&{1+;=!|J5nXPtlKFKyWyXZqNC
z?~Wq==Q>9Gs(rrELW2C|#78q7dkEghHlX)kb*wjCk+ea~Z0A{gH@l-R;AR={S<LrB
zGYED`^{k!w0(wLy;s$Deh0X*i-JuS)NBarBDU~o}50)t>!Xbf2M$d2n!4N*u%4Z|;
z?Z;fDi3$_V30cus9l9U$p^hDVkhl{@YU5s|kyb&^b`jQ7yFm|}l6)Je;tI3)h)0cC
zkCH%$<K*FnK51sDOi^pxMSjm^TPM6vl5EYGPj6DNG7`PjOcnb&0B_G|QA%ixW+mu!
zY09DDNLR4Cc6;Rco{K^_VT}y5>G>ymLR(VwTj>@Di^b=HbzG2D>zXA_GjMVV3p1u>
zgBirtkK7sAIhwX~>_Yt-aOtRlE^Yx%;%t_V6G^ZF#Q96VpRT0TCyF^n_-h;Z`w+)Q
z4Ktpny)XQGx{7=HO(i8#nnm+zf2Q2B7mLV?Q9IW9PsThCI}NA>n!yX-Pltmc_8B0z
zGhw0p++24~`qTI|OJ`|VMSHOzN(3HTUhwv7CQ|jIGOyvtu|?5VnNgfP8(2(E<KLZ^
zc@Vo5@`Hk6Q+uus30t<Cq1V1(*gJo!_tbi1=CUoCJ9nLzD0hc&vUBhEZk+Pkwaj-<
zol4Y{x6JG?FO={t1^#yXJ+f($8JB7FmK^dfrD+y)VDE{gh@<$)P7&`l4Y}5#@spsa
zg$WST>#Z^we^Ly1C(E&KfLlrN1)}UG?tBtyebi$?wLA}Uj4BDLqfzmS`CX=B(&%Sx
z)pEj`MIEkTG`GEGj3ds$jy=vEsMjWJ^(__aehK^T)ZvE?VhGtB0@(phh2{LizjwbR
z{5}zIGqW@KZJwg2>9|Dw{&M_p_iCXZmHfG<?QJ8z6;0&hkG2sXb@Kib57VKEs&RJ3
z*TyVP==6O7;#N3Awaef4E8<5fdsHetisF_zkJSk`Uhg`SuZb5DyHfr??7U@gT}c*Z
zD`sZP7Be$5Gcz+Yqs7e3Y%w!4Tg)trnb9Ik&r|lq>*=wpY9?Mp$BVA5Ke|7pvm)=g
z-@18rX1YkqRRZ^r>UylPyf+F7?J0DDN)!xsTUChlxO@wh2F^NHR{k7y@qB}Mh&&7I
zXuu%yn1r3~!O#@6Pzc1j`fKhHaojXCz1L8R**87w)nc!4Of#n++>pWJJe^WjA-xSV
zV@MB4kF;d=%lz25h1Q{a8R6_X`_hP5tnBiw$EKpN{qQ3-x@6i%PSi~PZFW-G3RAnh
zua1W98)xROitCkM$~5*uyZ6{j#^gnKhk7>`yI@P@1g)DTYWi)MuovRCu#_#2n?pqB
zg(~azVg3B0PT-N73|QY(_(+TLoqo+-+7zOFSaC3h>s9*UB{!TMt}Pq?2X`uIWUrqd
z_5A&1R;;=9>4|K9LVE4gCEV(={6w(x+!Bu~(yZYu=~2Im7CuFS8D+`qRKF3FkPMA}
zX=_Xzhs8*CGtN#cZGek6%7U{D;!wdv=v$ols%wKrKvPQQV?*kb9#QkkXN<chQVp&(
zCDfqiPUWH(#eoudb{og9idrk!)SYb5-A_Ms{9m5z(J(y!Ssg=m@tOa-jz_9a*II2M
zfsp44K)PgC`DXD9Xa7~l$*kmI+w?-hXvkZf0f}r`BkL-yWf)89ZbHX_-0UUdcc)55
zUv_CFL00&Mx!bM=R&F?n>_TxZ1mCkugxMi%&*kCX8GwvGbT4MGeAkv>>cPx<%!C+x
z9q)a$Rvl4)fJJN*%ZrnKnpk&gd>$cEaKIoDdJMz0ebx0gRvVADZ7Or`=G`>=sWfzp
zwX5jKLA4_Pa#l9V#a{YycuqjGVt|d8EA|KeFrpLZwf3-%lJxQ}1Huiv0M8v~M$ki{
z=vmt2F5ZjjHJ~T4%YkYJf;JN6tXiHzi*Q#<NI;%l*dZB;0xJc8(ZLtfsY5b#A2eAH
z6%r!w3oFL#Woo4O-|M(WTkiIhG)mJ?v@y^B4MDE7zTV@fjzR8o?cW2ZV=W?O`Q0mH
zvbPC>l@#}KScIW;*mDeDw~|(uK5snABe}jL%&v>oHoT#1@lS%-yKC&~lDLF<t+Mcx
zmRt^k!7a2JvpYaLkSoh|%U6gJ+bF;3RCiI)(;c>5^q6#TqOEip70+E=f*vM85w1wD
z;_AxOy0UL?F)B?u%7u$snPXOAmt7;n!SialaDKwgFtEV!W<@pI)XLVut~w!`sbnfs
zEJ|9p=*A?(=k4{wKKX3<dCc-yr`>4N@Po#K<wL`x`&@06dXghJ8Eh8Pir452)7vQd
z))YU!N|{PVgt9hj%+^FpmVtBA^cbo$-i|hw<ow|6Lu*b-O1a&1V(+ixDygRM-LpBN
z`&BbGaDAR><i?nc%a6FKrPv}pzcP6kx<+hs;U}*F1nWsp7PfN!`dp3=Vc>_+e@7G|
zl0nDNp%GAfj=WN7Wky1W{64A1f<6+^HXjxz>-G&ZGJm|nEevCq$fNTx>}j(^ztn!1
z8@SJSMnH^6uYFmS-Gf4Xn@ATqlOK!65k=nNGlPX`i>@;zdaz85*?!u41n04$UvrZ{
z=jYfGO-ZNaNgpo{A5ACpFgpI=&Z^7czeEbYJu=i@PxYIWcUmo%hzC<<uy26sL_T>L
z%A-lWnS6C(b0_}Dwq|-Fj|rSMNc8lETI8sNODEsXD;`zb<Xb|K2pM$6nWSz*I#LoL
zw*$7~@=kM9xm90b#VVbOk74GN{T%$`MGfA!Jyo`+r%9gPlSB+cV_nGO)sT?2v`G*g
zfnRfLA5ht&v*B$`h(nbNS>&}A5DDr3;N~HP;2}}n`gD@@Ea2tInr#w~R&p*Ocp_y^
zrO8~a1Xe}YnKc`Sxe~ObX6!pOZPp7T;T&l{)X_D~eX9AM7t0@f{Y?|c!N-{!JPL}L
zYP+p~K+uqjmA|Jj-$>qe9ix?1hx=ou1%`+Lf$0S3r)?lNzjT*O8|Wv1E!=MO-5Qzr
zdFJD<mwLbH9bZtL8JD3R#|*e<Pb(O{BKo|b|D4r_4<3L7TO715cFd@6EAa}k9+HdO
zmx<}8wPI0y=0-&=@--F+vU~>EvF@iE=x{M6WL;}J9Lx8fmYg1x$_g*6(}wceZB}}V
z1gx$1PJq~jdCYy;pqjN?EUgE?MS$$(n#Th8@bMbF);ms&rX0v)2Fl=rJ4wJ=sbADI
z7<CV)9gYU{ar)4&x!n<@MYQEr@vFI-rQUSRy5C()YX0Dks5sH+p<4jhjd`acFUr55
z$tZCPLAN;uGw|)CHJSFs-PTcuByO6AQox$TX1YKY3M7jOcirF+nfeAqsSI(b!5x_4
z6Docvy7*)J><4o)JOUEGI;%a|6g^!IMiV0h*6YxW%?uZdJ1-yh@jmC#@ubsT3;`}7
z#1u9`91|GhVD^EJ#DQLwf9UwXJ=vpSxc|dCu4en+mU1EDJS8*YiFdem_9jAdrzy-9
z*Tny;jz?!6E?7Td1s7Hno3CUH_7beZJyn{`JU5&koEk6Gew1GzV~ug({9?n|L!Yd3
z_{y6#HVWpZlc{*_A-uJHL&R5*c)~S|LMvqv*WnfPspq-My)pa!<)@1D;2ICg`cpGZ
zrlf1PXW8NANf~KE+L7rluQXJ3bD<ES)hW2~JNv$EDh_6TRtfU=6e?2rCjE1VryUf5
zR4dLa&jOkI6Qx}Y_cyMarzugs)E_Bj9T%dOcA5RU=$zB7QlLK-Rmr!LylJhLYA|@(
zU^IPgIhcdINl_>-SU$e2J#d9-y?k8t*JNWcP2As0({3cZI55slg`3b!@Ot6hPzA=3
z5jpz3j)5*Q$+YLcBv&D7*oMkhhZx~TI{nnKqhxN(u{1C(PhC~93ybx57r)t7N7HI?
zZYz`t;g#8^_I~6^-vN(Ti)1hw<f%6OkiziPnUf?-!{hlQ-l33;tXtC0<^-mTMjr>_
z^e3CyX1G`x()*vbKep8~zf%lq{`Ae%Lf2J34ijaj+6qWNxQdjhZ8vzf*f=)Yp`>a|
zb{ycD-ih+c8)2E~VXZL<PAtJ$Kwt@ZDC8JD(H%oLz&43$W4;7S0A~p7ovC^D&KSu^
zg^4(n-G$ApRtiz&W|?_85)Ww_e${LSL8$6h!P{W98ikIO$?25r0a%NWmmt{r&^fR@
z2S_hOE@7Laqmk-x?;xF|dE;|iwVpVGfSeU1xWmndtzXC0>BBX?+c}6T)O*n7s;$5R
z?#0TUA90mzOTFkW{p^b&b}OQousrvP{~%xD;oXqw5M4zc@w4Kc?j@H`>c?dx@$K2W
z4LNn$&P;pE{hjkMyn3~ipx{xQ=0Y_Q$ElgkPt}Z^o|IsZHN(eD2ybbKt1~+OmY5qL
zB+aG*=oJg59E;o7Es8p%bsRa(^(YG@-Ym&)ne$Uw!ACm_E-%)<(F0f^xyM<cw|tA>
zXs+`&SccC2^dH=}o0`guUVTq^RbNOo`ZgMy6}6^dGkdK9zgF@Oe&$GJIk_o>RLmAD
zl}2~Q&Lv8bjt@s3iup_|B9D3W?y81)X4|c3DMCd)z|8bw+<Wdpg2NGSB>RvwW$#%<
zUcA5<wI}U;8!tH1hXX92W=?TAT`k`RAtj2cEsy1|A1fs^TL~T(@c08Mf6cw90_cLV
zPneld=sO{Js8cKnRIc=c8(*%@dlpi!Y|u29=G=$1qVQDmg5*5CuEBkDG8Ciy;tEl4
zrYr)hGgKfHn#w@qN;(L1jS}?v#Hl0d1T4q+Z1S^&1Ah;9*5^cGgN9UynDEXXdH~*~
z%~nJ>(*-$!t-2my{N!0=*HapR59Gm>{tQ+Tc|g7g^cn389{5~j+!8|ZnkV6^ziAG5
zhQ>px53!p=_gxZv>k3>RSc^UQ!QBx}zr{b%a!hs2d;wq!sHJWFoRgZ2d<27pL6aI%
z>`A;Vfu&htK~Q|V|0O2?3cE7POw?P$7ayFy<}qj45{KknPf#sW0lMZoLr0(Lm78-Y
zhLgpzT2ZJX<2I!jKkU*mdD-h3<BJ$srx}1M2+Xa`WyD*MFtp{AIC%Mv=991~Y(nU}
z2%leb7t1W~7g+0vm_A2%^52F~?w*cV|KMgqF<%CTU_YxLb7n{Q=yFcTF~P(bJJdOD
zgvmO&MakR(>$(wREo8Ok5TIGA_mwHC-Xw(w`>m5kgr?Ncsxa2-5{hbp>TUlnnljAU
z`(%*U3aVIY0UBIc7AqU}qr!gXwdvceTJ;{8nsp|DqWSjogP({U;mJnP%zX-M<XXVy
zUJyf~@8-upbo}3*?9nh>|6v{Heg9nin~vN4YSEr_i`BM$c2VUZ>XS;kg?j!~$8(#q
z2&jhnNb#a8%VGvsp-Mb#Tn+AO*+OnEVrw~$tlInu^cP$$DTQSfPK1No#3<@Al)$j|
zZLj_NH14Qw;&B$kw+zh2kwKHfTGt(cFzaft#nI}ifE$uN_mvi<lOHz(8aRc7UnPZd
z``NNXm0N-2+m1fgy*z|i?UsJNt)-%Kc-0bhq7mqC9kew_Cw8g>Nr1n#IihVl))+|>
z{jR8Pn$dTrm#^It4od+w(RK!pF=IJyIlONAyd8C^6Gj5fBaguN5%lQ(m3Btmdf0YG
z9;9s{o)Sz`b2!m4KE#VL@&@N{)>vdNt;1&n0=y@y_uKc%#}h9f=$V90Yksd|HQX3!
zabE(@hR{!yqUDvr$4oSOKXr`R0V77SP@3FhmL6Ks5rcf0Y}2p=jL;1@me5!5pkOSY
zWeuDkSMWvHr3WR{Ox|fCvK7I`(iCXJqE022ucU?ZMGQazMC;M?i62!YUzHI_3-E!a
z)YhIloJNe-xUXn0;u9d>?lTa#e(XGVw%o4OHx?Pd65}Y)b4sI^q?4dK`X>Zaex}VF
z@NcLPs1b=5E2eT5k+H|9iK{%d_OYjSA32Z&Uj`9PZ*b+uzoJsgYvb{gU_c=r>GPEC
zHm3lJSLcrLtUvMvo4rEy;O@m#S>y?yRefYhmHmnWp{mjW+v}m`gF^9!wH+JUfEs%@
z5gX)>8gWS4Y&d|ofJ3md0k3b9B=oW5*Kwu6>#>nRDz4a9)x2&>Pfds-m^%6+u7K_5
z@h2H$z9eBeWgA<bghm{CRy(C#Mf+yGALCo7Z6TkaCDr(%#KrgUm7NvgG(?7ospPhG
z4%_!c4{*vynyqhyW;}mi_q!^5K_TO-b~toPOLQP8iZ#syj>Y|@)`E(j<33Ci4|XRd
zWpKk}KPLlzq6lkK#gtT^$Xe$c))?P)+?boWJpVN}#uc4`(C1AJDQKzy>@G7oMY2(q
zAKWt;cFrp?Z7c$#-^$Mzt}28H!5g3?b?6AnYsLVWH)W-%K-IysO^bJJsr0bO1-dyM
zn9vUuw<4pqbux7{>+J_JJ^&5(k>KHu+^!jimzqCMVZ4K8VV?S6#t+kTE>|!>QCH9d
zXNy=44J^uGg1TrVzbWtaLF>3zrf&?6b9b}C1>hoJaI*Z@+%yRTahgiKvg8H5imc7r
zE^97%KUajW7}VFac(}~qFk?;K!UmDyDt`^Ey5nIv5puf|5mqJq*uC#DtOjtQydNru
z=qq5uQ(Ab07fX=yu9d6-D&-~+cu7Nhm+^ec-is9(`%(WykyM;%rRT1xJAb_B_<ch&
z9~iu~7II;1_MC!3HLs3T2KtHQ8=Wk)biQxMbMWC=E3K=`ZGNQDuem?Wvh$gHIr)nW
znN+Spj0xL%T8;nUp6elC%Yu5^V^bIVP{KmvTdPpdn(MCSUf5Ti=jW<UkRTr7{sG@c
zwSSXiJ&jqx;#)N>>U`#&AO67DV-#94xx(ucWF{|~DuFVj_tqM^2<|dZys?sS(cY7(
z&WIb0ob@)rS46EME9&XEgG5Nb&fqN3o%9^7O<Hu9HL2{BhOf4Lv_3uXGr#7R0qD+U
zFJ(di)jRLt1RqYlKE`7G+4EjAna02NU0lyn)PHAQS&3(IUtpB{it3$ZXL6Zfe0L5p
z(}}CMH|e)TaFr+nju5`(y3bKy6W212FbkxGF{&LeITcBve3L3@xuacvT|-T*FIKnU
z9Q;m_lKV2SALR&~fU!pvhZ3z{SoVnB{35%cL1GRJKmZWWLHXK(wqVszv^FBz7V{4s
z|F<W5Gz{l|SjUMY+W)R&FrUV|VWEnGDoRWEyCDs_<!chS|D|_~>i__uNiYMaiT6Pa
zGQqx(<0~IVE-yKk2Yt7JFeWC*ei-X`OTGIFqupR4RT=3}fq&?f&Quhxr8+`PV-0>1
z;{A!_5P3Yy>_YkItOH{dwGG!>{h>-myLKEs2VDhlrjAXc*tZvzbDcGV==$r{M*fJL
zJ2j4sVr@?{G4yHnmh1&0?EBdW+E{Z>j=Dpj5}KBLZYgfDZ*A!7Ww76X*v3&<_y8YB
zijyJ^kMLa1Bb53L(>n^7g8i7@mJjW;b^4dGWI+R{wA5v4%qhBRjDb1cBJBOLigSfF
zRXT}5Csw0sy_6>?p?PLrG?!^r2uqSgRgh^l&QT{=ebASGuVd1by8(@!KDpe60-4Um
zLJh3!lc}FN4)Ye+gCjsqkJG+FkG#$&5_&z5OGkHe_8YIl<m#AL%R1LD3*gSw@n`>F
zCsSG5^xOfN0~2*lO<2*Sy&a}ny00s>)kL{pjRS_n2b$(8<05^!>&yYUlQ(|*7E{eA
zL^U!ZvJ}KQMSnI&aI+~`pO5o|c8HNLgdqKm#cZhq4CqVZfgN68zM*$#JkBj1#~95@
zQWA=vcQ-{tgC<hJ9^1-xT?pv&#9+>dD?909P(trJQf*(-`rRs+bGvV2F}Y2`v>UG@
zUe`|Z*UyqVj-&x_o^vQ(VdQ9F9D~(_ETBPIFQUx8)Yl8rMUsF~$Hm7Y9YgDgy|zPz
zH@Nq6TOqC1!1R1;e7}w>eoV!4jKg9lweNS+ojg7)nl#JSkGNt!Q>YP$5S10|6P)Dg
z@OGc`sz-!Pr@Kj-K)uw#M>9MZuEH^R9roJy57&$`?k_ogWTmYteV<u+vzDXUW(u>;
zCf)xsxXl!3lsMQhrc1B;2)0hiz|c2GYF_1jIN^hoKRTeT$!4S|lgqw#@<nh@sPeE!
z*8yQ+>($4f+iU-Z_3q_9sF~&0+<5Ss#JxBf%ZFqnoCZctG-GkpKYQNf(=lu<00a3n
zIT>am?L2$ev-vw3h)aWCALDGpuyqId4icf{@m?0)B1ZY64@eK!)D`s6GbQgYL9>dI
z>jopWx&@U0Ax5#9CA3c-QhI3MmOo&EYH{$t^;5ft0^TFHZ85-^sjh(d2cvf(7M5sA
z?GbwCEs7+XDaYoNDnFS>i3{nm+`D!BX20~}1I8B%9{FfjkY?d5XS$au9JC+YT3bic
zo5Qw}k~<IiS!A-!RzrwvGQx;u9{7?1j<}EjA}YLJ5vr+hH)l+j{qh`k-fedez5sTK
zUzmM(Uu|-&lj)ZT*vsLme3&D{L}z%E>|AdySzc(&h$(X--N>k#>fuGGwJsTTC<&lO
zZ-=i|U1t>AJPVTDw7!1$9v{(h@ag>Xjf#{O+^@M4l#CiD7`^@c=<BX)sS&VMA`CEp
za8olE#26=5_@L6L;lWsZ$=GsUw|@|WXef+51`_)uIs|w7cDl<n;v${Yij_<6m4ZzR
zfig!(G8<Jn9}yl{E?h(So|xz1(_$(Dwb+vI#rgVv<)HbEP;p%Q93bkAY5&71y45rR
zjq$=l5XQUeOB$i$i5&6cG9E<1z9n*AfS~>acJ=J7lHc@>!He>Tx<pvBQ>)uZuTP}&
z4p7CUesIgrs81`>Pq|SCW6z<=zv4G2;5f32ZD{sdnP`v_O86k;TlgFMEK1&*)!&(E
zb4g#_<Ua4Fz==k{O$0D7F1*DA2YF1)XV?a(lvKRBuRwP_!0s|j-oN?bCLtnkoPDf_
zHd8~au}N>;@|HKSh|ujDC7gd*$RFCEOG%K~;#6(=c1#Sbrz-oScl=+T?9nhB|5+U)
zmhd|LyN;LmSb1<?tM9$9%3ev<VNqMC8+iUz$H(ZZvr6KWT84xJL@a5&MgT$2%-ml;
zHoDRfeJmlNFy3m-_!x2bNO~r^h2{xLIiy_Z5JV>@3m~Y{+iql+VS&tgCYjdE)a@;-
z!=sgcbbB6AA{4jv$urmR!F6erH*J`;NYi*3&q5$X<dU313Y-Cn1zb|8s{2AmEM>{A
z`zhKrCHHVU;&cj@zwhilVfH%Nh6~&k8Fb70)eC@l3XwBoOh_hc89?Xq1A7{vmr4u}
z$zFwbz#Tpa=@G)xO(t`?S<c(fB|*IG_s3$~nDYAFui|zP@;YI-#Oh;>LH)+4a5S&9
z+qca&`i6o7z=Rev&HOMj?H7o701)Y`*>1nr@g0Qf)yP^Wl9yvfa8ZcA4Q>)P-%lM2
zie*U8S;o!30edQ^R)3#5t}8fKw<CPN&957&hB>xx-1@(bbczo`j)^_Tu=QvTkR+Od
z5tAI?xJidYl<&$Dyt%rgm*{27jSY&IO%kX^!3%3rZ|e_xxX<}IhX$teMIayE7%l5f
z;}2j7)yck(bMo*Ddl~KtIpi}{)r(px<q2gIBO_<DFc|`CSND&-3@2g&@T1x+iau#z
z#s&^K$cYT(2vZaMBAIc^w7jx2M33tSgbEF|ugy5mj=cmt5liH%EmsJ>7h2S3fHGCR
z@!E)pAc@c@(;Ncxus;00zELvsvI$+IP<ZIgT1H8}87Qrl99WatCfJ`Y)N-vr7g$)n
zr1QPtuj8sI$XcM(ptw&$j^-R2P6Y3MChpVEhmhud^EjERol4<XMTB9XISzAl-T{N|
zqUb;}N0(=i!n=K$ocVG^?iLp1@NJo+s+YKK8xwfaf{9JE!junLwRhtF%-~thgaVvf
z##a{1LAoSET+(+SbfMnD(neb7`XI+}t9t5C-)@#;1GyJF{35;q<rl~hmp2MRvOtdM
zoOQh89FLFuJpF6#uXhBz-?RY^54lcvYz!VWK5fKT|KPr)bRqhT+k<<mQL*t2$<wg2
zMZSJeXLNhV^=Kb(V!Rt+Xacp$p!%yvWSkcCXAkq#XjT!$k4tYHa*<s#oCvaM(-uuN
z?7K$UFv7d0S$TG?0YtWW1nrERWW2Q7BCXetfB{R5#K?ET<<s}Cn|2OoBp9VfF(n(7
zw^Q*#X&zOnk;8RhLqa&enXS=&98*zPg2z2R{KBnW0aCFW+4X~)YNR~EDi_^zv8C|g
zt_;OAHpJXn|21_fq=1GkPSIxNo=?Df7KcTNJ-+D-4icS=#xYOH1hB~~xwu3$NO%DU
zk7P6T`2*yu8SC;S&zrR3hgdN<*`zY=%~ERzX8)~%+n^)76zEnP63nkzr|Ydg_4G4^
z70h3c$rGDrQfLCvtBFE~ur4W)f78?m0NUbE!|*b#-iCm8=pC4j#7q0ZU24l?4<Z)%
z?4srpddhy#mjkcODXIGP<aN7jkecs^nSrD%i|m?I$9b`@`&O*%<1)Xh*8Cl_?8Xh}
z7IR+~XLitg2fi#xmG;k;aagXLhffgaMHYPmkI;inQ20WXm?-pYMl-Lo0jZ1Nbt4mt
z+H{9p$xoVK61ip@c4YnsI^G`&MH&T?e)F(;?V8YVw+n=Bu%@=?#UiP;b0r+`2lpzm
zKRisFpECc;6MPW#p_afPrC8A&fPJ)y9mIikaEU(=5W<&tcbt={6-J}-FDG$=5;+S&
z2+Md0gwN|O1hN*U=^!`QpY$*5NncH#t}X*zYcJqtInl)`nvDEA`(WTJS~LWw&satf
zh!t(%M13Eph?kBd<!vErr$!xfIS5}JJtzYoVle*D@qc@=N5ioHhjpCTm;3KJo-vlc
zcBQk3Yy#tG-uLUr7>~uD{8t^P-eW9ONYU^DKpl#e5y$P4ZxJCd#UP#S?Tq26C0>3L
z6-eOpGV%p0$OB8JZi6Gy0YGIXJEm02pu^t=Xy<hNWU2~=>pe44=8+7pS{TbQY#lfa
z>F>Gt1(5LSF#F?HFyeVYevWeNN-EWtZ%fZ`Uy#T`kpNdYk8}I&0-Cxri;96!LA08+
z71T@o>U-E2&U{xHDmxdl%cTVc!dr3&2HVg<cT6&GOUyEA^e@uFR>kI=1%Pf93HGo2
zkZKmYR_Q)hc*@Dy&3l;zw2ublO}h>$AbmyLA<$nB^A7lMXA=K>ZJ>i|Ah_hz$iI(A
z8-ESCZf0<y`2k9idLs|%PmTfcHZ2MMQq~~qL^I7G1N05fMxVXrr;g1~F|r8auExmT
zV_ky5p*AB4!fYh3H08MqgpEKh0y$?xHwUL*gPRz)8&s2h12LD6gDNaWfmNm6hJcj6
z+c?L5G<dO1v`v<0TBRBx>~p)itD#>~^cB33yu0ZVtoguKJYt=y02Y6E%lNKqV9Ab5
z)Y5Y8P$`G)foc+<BUlgTR71=Z#A|h_tctmMa?CPMOV|<SabOc;Rvl#Oh?5EmJ-R&#
z()u$T3E4bQL>ShQj=Bv6`(xkZn4QwST8KT5$P4UwT%!q6h93EafNw5+G4fZGEgaz(
zkuwp!0PhJ&6$#_*9Qo`<)VcNe>@SwmMrtF7`S;=FP+LuBxCb?5R3>=zjDQZmnXM%j
zTDu2TK<3AA)3Xfogpn8uqyC7i9Xy0$mzE+*1`0j0zA5OHb<~Pr2&dY9P=0_L(-Sk@
zXp?+J!_B=xf2soQ;V+H#$$M$H$FahtTv0y9kKz2Cj;KqQtix+GgfN?i^JH<2jQCq-
zr0H5EhgBTY-&8sP?5T5Z6HssRy$T|B8<}>vKmmPjjgvpz)i%l$P|j73?}@rkIN9m(
z{ANiM%KkI|mc~oP9?P2wYc7`_OzY3%9oU~!E^0u(xRVCe;1+GPTFDejF>t9QVEQ81
z0zl(CYqUd*YV%0-n!Hlkz(1cdpLU6UHq3sPlM^P2l5~xT9YYY5<9Osm&SsIy4m($p
zoFn^kj0;1(RPTvbP_c4HJZynoSoF?u^r1BN5QyZkre^y+!3Z4AWe=0Dr;*`jA^mhm
zKF2Goo8Qbbed(m@!%KLKA!X8!VRnE+jz0@e{`~r5S<&${#iso{%hBMahNY*<hr@Ya
zN-Hu4Lq*%^*thInSeh6QH_l|yPS9OuwwhIc1zPmxXXf%@aYz#Y4l?WeXq6=`SVyNV
zk;uOd=K?vYKVq1inUE-0vE*{Po8?DrK~7Rk9MZgYw+|duk?Fc}0FZt<HOe7hZb54f
z+kfQBjZJ{VI2->pckYMUlZkWEaY1Q__BHZs+OH~<u|K#mK?SgtH%i8_q7{8MQKC^W
zGLpPD8NXp{sb9hdgMM(SxzMOc=NxQ5ARlbSL3HAj_ut<UQ%#B3b>Z&~aI}Jq3SP2c
zDASKpF-%LOc-R^T0^zQ>S)Lpg=8z18R%62@`eM~}1Ic0NP2$(>Gmz5_)Ss<AotXni
zu0TXecM4^icpTK0mQV1TH3rk4iL4s5&?DMB&hO07#X3Z?9GHJ_i)hT#Oy_n2l17SH
zeoeaR0>#j+u{2Uy+KnrGAHZhJC#+HD2ytbI`>NP9yXuk#dKuoF(Q-qDge&{1YW$8x
zngs7?pcYE$=E|zf)A{p~KICnivt-gUK0!#Mrc$L-Vvq#k2J&;z>Pd<+2GfBzC7A`V
zn(~?_;(W1LoS4xAfWa&)fLGg~)*m|lZ%_7U7`Fecj_Gm_asOS%RkNG0zK5e|<2s*w
zJiP>{6h99q{i}}GKJcXRI=mwi24~}1B@nSDRW&M_k=xjteq7fmOCSw9xEi8ZA0^0m
zcl~H2WW{;`?7!%s1YBy7;@Wc{vqh>{^ZuD!WOwG{(e;bUR-X8CMyJ(*Uu!fBv9)4{
zofVT$y-yJGp=EB>t?p>dCCM<w=K<5LA_ECqi=6&}#dvtmNA+js>*bUYG|9}TL=6(u
zQx6`x2Fg1><Vmc|_t&^Hl1%_x92RglnqwlmEMdO!d6{voq%Z)(PSLM@d&BT*ue!K&
zy3aXFK=okF<9VyAHxi!>ST;sSy~~A_H-f0^ycnbpt0+$}K~v{I)3YV;f@<e2GI4zK
zpsZ|rO#NZs|H;Z~Yge)AGrrr6p2FI$Hjjhu6rZD?I(DAoSKx32Kz=U51&8z!DtNe}
za9M<`f$!KJlFzn2jYm-K7SD4z(lM?Bt8t$Dvj6TSS_u*|huT52DVL)e@dCr6AH;Ro
zS8PXZRNj&_9W4}=zW)6*oyE1Xyw*x^d$9TIPzD@hF{2cL;k+!XNQXdoegkb8C3|a#
z5<76<{8J_i2G2Mk)!P^)e~P2R2(G-9@v$}PCl;4b03DnlOB>}xDZkJ&V`-Zn0KT(N
zj=^)Rfs%M(nX8L4@Nlp=`MT!%^axaE6-xWkCX9P+Fc$>NFjsK%4a}rzg*Zs2TRxq`
zS*^$OGV{E1E#dWC;Z3BxF&(#v9P&w?uj(R-4Ft&e&na)jcj>>5D<;fzZ&k@B+zK;a
zfb~yf8(hRvKQ|2R15A|jQ<q@T$PaM{H;|JQrj4q*@Y%j@dUSvk-eHIWTD+`W6ft~j
zoW+IUioKGpe&jk1Lo+gF*>YbUi6HW3F$Yuzr;dA4jy!Xu+(bL|&>?M|b@5rE*cQlU
z3(bhFi0l=z?98U&8;hyFD!Be!2|Y#ZEYxLO_~Dsm6VAwzaHysiV=)-=*WASP$xjW3
z`Y#TI%%_t8xSArY62U*XDU0nt-fm6is+Mp`AQwT!FTx!PV_Zl8IYBN)b1VsR@v9>z
zKQ{QkBbD0N<X<yM@X%_plE!uB3#EVQ1D?bq;E4XBvjOBv`$Q1ebhcH2`Y@*ViIA?3
z`&n#ou>(WW>Y~Ydj=AiP1A3}!1UK&0gd8lk4<JCRL}Oht13vuJ9<7rgtUVDD@z>nm
zf%CmJG9rk;7(v!pmVqd%R1zRRxbwFw?}!}Cqn@xY(5Yx9_0Z2n=v=%4^WsL9g4$cG
zYw=dm`0)H1MD3zxu~$!1zj!0h5=eiI92Usl>b9l?@K#{BN@NDs+pfH3d&T=CH~Ezp
z>ODpA`G<D=%ZvFX>K<si5_FD|o`@Yv$eEt4z4U&;s!~@HdIUv7?N?$b)g`f3C66ql
zmd@Yo^WKPxD!#k%13FkBct0PW(yj$R|AQO0*HOdEW6FNCd}XYW<-LP3oENzUM22Ge
zurvCp7dNvr)*?dD$OV3LmMR0usbGfIWlW>QnUSrz02u``s#TW*!|V&a%N7dSBhW^1
zlv26RIn1`oEZVtFOHMVKU9*Lf<LuQq&NF>0Th>LV`f_NjDjze_Ys(O;xL#QQTnR}4
zJLxo2dFF3=$6CrE`4>iyT<>s0awn}AyGe7&%71W^j&$5UdoQplua8Q0Wq(E(l|+K3
zl~7G3!tzc9VaL(Z=!UKprNFp4w&of_HR&{tM;vTU*1o1W36R1HzFf6xa&521VU)39
zHl8oy(6_SVtJQoKDHVZ($6kk8UdS|8?-IMQ1VJQSJh9S~<pKoQ8h;ome!dmId2zUx
z>bE=YuB5v_G}zt!L&yK^$sP^E`XAP@S6A}C>$qG=-fp1L+any#tpTrpp6WFMX5e3S
zTu{^3>vO*)rV6ILj{+IOu$gkJE({h=N`*&+bu}-ePVL-C?`3Nr+Rt#`J9QVP9X_=+
zp9_D3Axm#hyxnBGXm84+XYIlj_NGWC$ia263hMFckoC+PxZ+`K?30dPDbzgJPPO+w
zSK=Vom~Ev38%nJ|l#jn^MZi2Vnfcy>lp;!ro`{0&&18b+ne{zI&5k!s=dD(5vzA4p
zoxvGQaZUW|#Ga!xLaZ35fWzXa(#Bbx17vOVWLvrmfQhet`8dhYSKLC)wWU_fbeXiC
zUw5e9aj`L;Hya3(pCc!t4Yx-;?`U){^x+snx%Z#u<v7LzdD3yhp~T1F8Zo<7YyDow
zN06E86E<e|jo7~H2R=xNcU_3LKXuF-Axec@n6@e+RW1Mi##&|=2DgtFN*l-7F<!~^
zI5s`J1Wx~3>lXA>E>1`IAs`zSOqf0-n%7`(Wm>3vHU{qU^-T3dUO9yZ^oubu;=+mE
z5uG@NcY75c5rDqugl?W!a$@8BC~G|R3ra$}7ySH9sROkEf(~D4$8-ijXD?Fs=`k2C
zwNorOs4ABO`-N>TXvkzun{6bk#xc=)U#5e2H%J;kkey2PW1gye%8RRm#e24KcAAjS
z8WpZ1Je)Qk+wDUT48W)RVT!fkEitOYt%JT^1{Q?fTorKjs|}5IGuFp4Q^S#~VMRZ?
zlh1G$LtZiritSb(f--`enldSZ8w&a&NG$(m-?1&G<!%qI;4$<k7dF8<odrZT3ay_T
zh7L;8>OUEMa-t@gxWgbXd2W9d`YIkCVkD<-zG_pPVMz_zkZP*ymPfg{h(@Ruu3vXG
zqlo<uwzFv0JbO_Z*nK41DLP)BMjFVF+l%=zzLDekiz~^tmSOE@LN*9DNjIwETxD=(
zqpO@MpGv$4g#=U9k|xvyJ_)vWnYyLQ8%=jm5MGZynZM>v)MgAZ(Ik;OQY%97g#S<x
z+p7EWgS)kmucD+nG*;v*`{ft3Hdn_AF{g2a3npv)j7_&(+x{Tv+&2>yZaT!2D&txd
zDbLABqKuuuhG)NQXz~Dt+G@HMKWl)pP#Z5quNtqwn&1pEmZOS35|JdQjDiq<#HZ-u
zA%^wuNry#j=L970&7vD49gf4As?v%|Dk14&G-BdesV@6<A>r5DZOZ+?So^ig@kj~H
z*ptjQ{(C$>$9v;gAC1#2l!l>w9TwQw=$dF|E$v{-=VFg~v(i0?M;vsULb_pai_JV6
zZ823N8os=j1l3vuMNEdwJUQnpf<{uR2rc5~Hi;)g4`m=EFXZQA%A&@RK9->Nn#J`T
zYRB=zG+s*;zM97thvwqXcEJ2skWv~A1BI8(HM$Uxdbjt0Nb^=Q!M{1&6E@fX9it6x
z^s`tlJCb&la>Gd`%@6KwFMp=^7l<56(G({}3cP*v#Ls%}OZ|d4Ct!L5yddz~8z((<
z!uH3>Dy)i|O@td>k@z+y8|ENmi;&sCMY-1=?CI$!h<wv~wbRqc5w&y8$})7IkH<7-
zoMayYlsyXDx9ktN#h0Cr@U>7|V%@5Wb7wzHcIBCu(U)bVI}jTLJ4$zaNU{0NlE0+c
zRJR%c9#M=H;hl!U)pVcRf|4KH2~_yc?8YwxYxVoG&@VSlW7@N0S8ogM{Z;i+uuo>*
zx@7U2V}u#X2)O*%=P9)gMZG*hOnjxu<bwRHlEQYR@7<E1btRLQj=1?LO6T#yqSr(r
zT%niHd_?t3OmD1_l_H*jW+qO)usOObj1zRfTsx>R7)ZksgM3E7gHqRqd7)lCN+)vo
zac1>@d$LEvu>5Crj1P<S?%#FHxK~YDEC<gsVBa|n6)3gq2$c4}%#LRV%~ebqu(nAa
zns}FJMX+5s%A(@dw@A9f>5bUV3SW(O>oU*i7bW<6NX}NG0#^%)A8JqA!XI4IAkND=
zkY$unztVm%l=n(34rk`<*z#f7mqFLt8%MiP0VROLhe@!K9vuhfZpVGy`Qr2jNzX8G
z2ikCaZ@EGD^0nQEVT&I#9@4^SH6>BuiW>ef=I-!dv6jD7&JBL|UbxHxjeWRjM9fvr
zW_{ePOs}g+38aFw`jZUJ^ClJ?s&ml<gd>6FL%L;!#xv(#P83i&-0)K<ke_)L^+SVa
zjnj_Gf_-&D*e1YU$R3HZG+m_jQIom&I+B+BQWAV!eK8HdBk$esbqr&%8a54Dw@i%&
zvu_AT4ICG^mh@A{3`k-bNDDdU;NJqpA)Xt=9bXOm++&j_8XkPLR^*r=@939PRH-5P
zFMR@T0~_z@`C=?v%s@U$vOy5m<%xg@%Zq+fu*dBX_}p0}HIQTYE|;S03u1P$ibKGB
z!+GD<jG6B?!{C?r)w85rS2BrxuVd$7aIw0VsBX**{4{38;K>gF--MZ(Z2(V=t@HZ%
zGsG-kP3?lCsIX3B2w;|jnm28Ey}sPOpnKi5Uq*~wzb<dri!r7a;<X#+tJL(TUoH#o
z$bP!o@~2K=U%QbK+hC8<g_XohvKV$sQt7lpD`7=;iI7Of&ZBEUbpaLcop&nbX!t0I
zTtTu&+WLmQzH;Jn5q?+KNbu{pS_O?jw<}u24^gLu7oHi1Jgk@exzR~vY_iLXji!9j
z>QYr=DM*^DLH2>2o@Lo>qk~bQ<M|G)o47<Qd1p&${WO>k!0tk3Pu-nT>pZ4#UBQCj
zpe)xTbt0WIc(kKQVNuC)*|!=pN=VY_I`)HDocw7?FHz(kpex~vU0kmX11{lHfUilu
z#(=v27>EfPw8kDD$<1IsxW335u(;B1j?+M~z_Fqz9KMf2T7>y@CGP*Vz2gUW89LA-
zXNp5zi(F{P{>15>L;}^^+i5-=Dg*z!GArkB*FCFmg=;%hQzu|3LoACm1ne^vtCXao
z9M|yD@Q;-P6Wg>K&SAtRG!4D(3WgZMZ8)_oa?d+sX${KQeCx{suix->?9+R`WTKtt
zz?t9#Tn5%PqOi3$H`^#tA!V}RZ7xV9nx|$d{+e4fckHpPIOR%8)STu6w+mnCu&nV9
zZrewh&dLQ!6Lq6@jqq<HBDNj91Q1l@p-=L(ArNmsG<f%4gCoU_Vl0j`Biwcg;a%dH
z21jy7R$N%3JM^(-^LLf$luO2o-7vpox&~$FPn@kFNOD?HnnZ4QaZ>1c^1w*6C6l|3
zQ-t3??YAVpe~++4n|}aY#RP_y(c3*~M8TObz)RiO^qa3gJVUXB)aYNm><8;<Hu;+K
z(GrO7esB-n#Sd21MwoJ1flhw|Y506jgaKg<{^6tX?sm<I=<_jb$s;UV7Be%b&=Cj+
zfT*H3FMtV|&n)M{)DG#=h+kri+y<OC?7^L2Y4n_+Ea(<w3i8R2>zvL*9KP%_o$6|v
z?s3UZ4<th#IYeWwNyjz<r*MAxUf=$TVVc2tI-05kc$O)5S3K;mx#4)TEG$}>B$~mx
zMU0)-{V?2={C;o~oQ|c-_O}_P$CSL-79JQvf~pT+Ue@GM^r03Jm3{*Cg>7|@T~C1+
zY%uBR6=tG*eFkblQKxU~$^gfp^~WyVu4+#`$6t@gooyslb`xp?6pN_!v9{KqfgVya
zlX%1FJs+&@gL`u$ocCm9^=|q&2#CgAd|2gd1>cvW4X>%69Q}x!Qh<T~hmQZ-lRX-S
z`9G^;yz#!pf7dYqrN+g=LoLwD%nD78yD7oiYr@9A>Nuwes!#UP<y>TUf#aNecvenS
zJ&HV!o>ps92nfGouQS-}^<8p1$#xc)P&T*@I6lj$SFAHyO7J3X)GTXUEImoJyTjn2
z#QFLskg%j~H{$vT(u8~6JA7xqR92m`kS<#{Dz)0s=CNcL7F^TzPl94!91cA{$?mzc
z)=3~h!y*YoNzLiyOOf?2HJo?F2F-%fkk9&SmvG4+ymTcN6bfMyKA@wyx?9$HzxiF_
zpa!h~*t!o1YNkh@YLpDPAw0fgFSk|0e_5VNDsH*)!T3BRnuc?<NUMYb#d~Vr^r+(-
zNwDCe1ea^VXk&shVe+M*cPe!_(6x1U9Z+wCG>+!?I&NJ?5am2@=oqdC|H=<yv<oZ+
zC-PIr_3sC`&BO6<yd)&7G1V`f8_EV*<-A&r2#TaH_kHvd%OU1qXfOPx@?4f5_)6Jm
z(gs@Rc$o<;w9lK2$M2q#b>F)ehDgmKG$p&z`y;L}<X@OmG!`z&$MNV0TVW$P2tat`
z;t{`X7@VDQ<GDRSgYS*>0r<&z#2T}?mLIv8UVB-u_(-l+Cgr5*f_JwDxuce%L}0&(
zoFw`L8`4c4i_e3}11+R$E*1J^z@I?o^a@5cESF2zG$XkP1=Q+%9PJ}&c<3TIDB^L0
z-<WuyFifaD5|6z?Vw};|T34|L&j~n7YK&ac*Y1}1#A@w~!^NQ>QR3XH6~^=F0P(?*
zXRIN0Xdl^C>eq2qAHB0JQ9JIabBQ*n_r>{JL-3i}&$wF6L79IMpk@C0MVnqWM#1|A
zd-Ap7JDJ{MtopiWM6Mq>BvmVtMRJm}fp*)l383xA^Ae`hNL>bI$4)Hbr)V+wd4nD(
zi<4I9Db3kxEO572>h+#RC$wYH;MI=KQ^%(cWgQ4KBO@NL2d9V(A{mSE=0Mf43Fc(k
zlhuu=`j<Sh*#iVY@?Ue)8So1pHy#YHX~zyB>1BgvvU9=w+@PhKjd6PyQZNRcJQ;S4
z1sM{&?X6g<`)oi5%4u+<{cVy`yTh)e#jC~Ry{wP9+ycedT#@#L-XtmiMZAs9(-uf;
zzEwWVtIq2yKl>E_wFDoS&v2rAfyYRU6F!PDsC)p1zUUitLDb0&{H-Pdq%W@0R(aYP
z*i;{9xa{u?a0y8ixMN4z#dCkn?V;7nC$-b7ov5(Pos&vop{=q1vzOU|v`9_{d|EV<
z-n3ANxL<BahY;O+>JU}BCsl%}34dN<V$jFr>etDC0>&+fMn#H<PEi6HNB>E0!mK(s
zEkRf_;P43Ix~%Tdq5SGRQu}EOH^mi}Z%vIP2#r}c1EgcroD`!QF+t%pJFk{$7s<w0
zvQEG_EfyTX{Bo5N)L-iQrYm2EW8gPun-@(*2VciUNMb<&b>uSaTfOiM|6Iz2w1&nT
z31dvx*P4Tmc_T~WfXMck!L7z{0taq}$gD(Wr8a8a&yVKW0obGRZENT8TcRpV`SM~Q
znhj6n7nO9s4U6GmL<@i@wCMKjls!w)T4x$)-_mKhI}z<+Y~l>0ig+oX`q1T1lP6@K
z4atnRv54#-ofk=_hfze?o`D?^4U6^GqBN`We$Czau|qG!{W6%ALZ^JUM??{H@MZ4@
z_u_hqy0$x-xavJq#;vOKipPfO=&J=-^-atC;-;j2Cl6&m)AhA|YvnR)B|N<-i0n=_
z$#^|NsC786tGGiN=y@>lV^~L7r`Txe@gsjo)tqzlqn5T8+`YaY$)FTP3M=Hr;~Q>f
z=)}mSXsT{dsOO^s5>BW9AXGOj6=M%tCnVp!vU@fG^dCC@Z%_76UZ%gLW54e@_Ve_0
z{hvSopXm7eKLx-fEol089dCUF1BqTXRf9~F1s?lSCC!7IR{XCze)iT{UpbTP3iOlm
z10Jz3p7NMXB8B(+{H?nyz)Tfi2q9KcTHnRI5a`L_9=WH8V=b%4jVv9?Jgg;#)tpe7
zxz3$r?LqZshu2~nXG*|J2EaR)@9V8aIfWmt44c%Qd1&p8nhyxH>k}#{w3u2r=5xrG
zKKyD!SnlJS${f$uvj3sOUoQwENKv0&D2s?<I7%Gt_#AIM^_2MIrazhFzR1#uc%bP)
zdw;6Sb<@nYs!;p_9>|$ImsyY9M-Yy`s>8je;DRm%DAUEYiwEMvKhHVjQsS!Hz&ll0
znaBSnFA!bk8%%XsNaOv!t{ue<BrBtsmx!DJaW089zr|+0AiU3^g|P0v48Rwasgu!k
zREuS_fuk9Qgr+1M0l_QU*A8*1W>H$lUtqW7Tz4tZn!j7gSutN-4{0pqmHy*Q2GQJs
zWP;_Wy9^>acU7$EvPhgpQrFeYCS`ZYGwxX90uxspM6Qr!D?KCMn^xUbzq0GKY4~7J
zQO=OXgH|&!Fwy}q>^!YY5A$DMb)>~18AAF#k|I7e_G*l+(96)`kM^OcpHt`ad26R-
zS`FTl!tN9P=2{&S8?*BwbID6)155b(TbwR*EXEu1K!2jwfSih`7ggKQP=%)<Jm`YN
z2~kK(^5Qpdz7o)yUtV=bC(MFRV_X>^<1)4_e9%Nnki_PXtF}>=cUtm!buBYCK=k(y
zohU6W@?gsBEUBzA_O>>6TrSuOO7B;N4gu77Me4<5`#xi0O;yn#Q)XzkAF1FHbxIz(
zFvFKap#Acy1#hrZ%X``hb-A*Ox^bIU{v%g^Oin}}@LEZl`30~Q#@MS}X;Ot{V+{tr
zGCvV8d5o=`W@%4#SX&Du`?L(C)iT*MmO+#VFb;h_RV`sBgwD`D=&Kfmevqx})*!I{
z<yA{J)Mo?gIOP}A(e;MR112fMW&c<&C5lXJcX@(D0}w)emQyPW(hAQ8KC?)55`5Ej
zu2GL5h_cZAju;Wh8l0uf9#ewa;UhkRCSZtm8-PmgD)IcpIrlpL6JNSP5Ah!n`k($Z
z!hR2pPiW=<-s)cUUT_~xJ$pSrcsRRHxs$sEx^B9%yCgWDJBvEyIlee5J5)PB*&Eq)
z+hN)|+DzDxTKie8SutCFpK4nOndg{2nJJo9nnIZ98@C&y8QB_+7!n!y=&$HA>P6`u
z>hkMkXy0qgYL#k%YU*mVYM`iFs|~B+t9q&|sL(2hDeWooDyAviDoD#0%LB=2$~MX(
z$e2qHNaISmOU_ABON5ATi*t%4iC&6|ixh|e2&)U#3&9DR3iJwm;CJSm;v?q`<k{q5
z=T6`{=Mv@2<9OjvX0K+4Vl!gxX2oQ2WS(FqW%6TOV`OHCp+BY<qRXLuqE)1+q=BH;
zr)sA{qqL<Mp&%mnAzLA1B#k0DB;hB{Ai5`#B`hTbCD6rh#Ye%j#vR7R$MM8oz^26t
z`>^+c_k9}XEvEFl;&(t8n&^$_2x#X2w^{yA{Zs$cKlM-jQ~%UI^-uj%|I|PAPyJK>
z)Iar4{Zs$cKlT6T^2HCd0_F2V0&p-h(J?TxchsR}U^HZ4HZ=PFiiv@lfr*XQ*N0XU
z4D#oLcu+W68Ct&o_azK1BM5H%B4j4rwWV-)YZTX@v>%(-al~|snNC~Or6__W3J(Gh
zARrJRE-e%o#E(A%g8bLtL2&6Ix7}#TAEFsRL&xggrtmx!TM$7vAV`3-3Fo$ia%sO)
zTK+jD>))V^PywGWUMHEcRjzYQ$k*Ybz~sn1i9&nWp#p{-GMW(iD@ypMB)JK{H<zic
z1-G^l-M+DJx{wKu@2gcSA*>x=BlEsfTKp-cKGWZzL<Fwpto5rUyl(G(f!iU6urt`;
z;Z`)qXmb%P_fALk{42_#Fg?jUcH#k8d~@ZZPcmzjXT{p0{DV<A)&fDXTbUx?Db4?U
zEcO2erJS`!!QJ~X^I#m-vV5AHQvD;fFNj@A)F5|BTx(vO!GA?L=(0UD>J|WGw&sj7
zt}R4bv!Hr2dX3^_92LpbA&dC*ozm>j$CB}HP$FeOskbK?M$}GWZx}Q!1G_eo=F+fz
zO>TYB`*<3ex%yX>QU@J7s*Ze+&F*C98Is1TDabWZp>ahSANahoCh<;=zEhh1`B>`x
z4NCt-T?dSM+F(Rt0ZI5GK4m6bVC3DQ1vt?h=y&xMlg58VnL?S6_skZ)V;!wMpwOak
zW74l|qK&yVOU<^#Y^fzF^_|k>Pbryc{|2T0I3F*rCA)^<>oJ2?GP9qsD;kI<YR|sN
zBWC|TgDm)8QFfVk-7PMsv-!=P1dJ(v1b(nX0}&jD%}IeJ0!V=6mibO;{7Xs$9oqj<
zboBIpgK}u87pQDq0J&1h;r+ap2l9?1ztKmxH=o!<%QN4U6O6y23}5froP?}mvYYer
zR2T_z8j?5ySJvvLjFYW-0;tr}|4wQ2=aheEEEj3}DN(#r3VaJXcuHJ4b8NG{CCcpj
zb!<))m0(><xBrTAM8@dIzDaUdjP~0U$7Nk>VK^9l)+zZx@7e)=fSy{BFJ7P_D9=wy
z3nRDx390{oGL#R{aWa(o%&3zjN7cKMge&uh?nh@IG!&T9Q}84~ydwV!lB@uml@ypw
zA7uyDIRc?2pSK=oiivssIk3Sg*T$^z?mMKxpF;kfkt|~<WKA;&KGZu<Sj?`tkJwRj
zF`a|mucROMp#>~L-TW)a0^HkciArC=DKTT&im<h{6bO@v8=lV``3GGDWf=AR-`{Wj
ze}BK}4UHM-nf_1w_$^aEI>V};Gqd?A71MNfmAs7WYBG#jwZ^<-?!sPy{jVrNS0-{7
zM`#u6A-6MKY&giM?53E6E_=r)V=`0W;1Bn{Q|kRW<=^q+^;80ZCo@ydK?O))zP17>
zuHD57RZ&zNTDfAmS!#>dUr|Q2ukIH<-3Q`v8G`6~x+GlhA5N;QMi0m&JP*xn&Ypay
z)csS+zvagj>(MbnFW|&;*|=;8E;5W|dc!ukp;e~kyq+_?XISySqU@uihEn#M^DZ9E
zT6%A9Qlagx32OL&z4O3sBOBwr1Nfa%=g-IT@A%PJ`_1l|-h!}RLsgBVi3a8?TU3G|
zvKc_O6DUHB`)A?5qQriL)2U8}$hABcp^BaY@b4?aQYW;B16!3j@J^iVS^G|@{pVx(
zcl;QU2<VQmF!8ogS+3GGwRQcGXzINbW=@WkJ-w4>sD1rkQ7Yd!VDy>w)Kceqq6~f2
zs>nzr4}mbjk}}gaxMLa8Q~ge<_2*;xcl@Z>KndAqK(cL7qbG@1C!;?9J_?U_dEJu`
z8%jm>=FIP}DCNs@DF*U2?~~PDM}_RoYN{5~+v#7&l|(9bI$g)aNxxHS{wd|(@?)Vy
z>WBZQlDllHB5KqCOn0|*NsE-EgwoO>-6bI{Ee$H&NOyO42nYz$(uj0PODW|U-*dja
z9<M!{e{f&V+IyZ^F)M3}p#3X@vu%^Jq^knbySdtkBh%fkIy5YJ#d0uZ&1E@`B#KHY
zPPG$xE&bF<;fs7c1x}{x;KSUuME=fWK&ksrCHGw(>R&6X?Yaf4bqCcMS<^9ED+`hK
zuiXQYwF(WcKA2IFQ-l6{HhfE7y)W=8>SI|_YL?H(x_$yD*l#XKosBU$)tHkFD0Lt!
zp~;frx3R%~FMMU_Vuwzl23!~{XL0<T@&*%q&63#!d+`dGa#x>%?Xv|gdAgz6Z$*WG
zlG_*_JDzQqL+1-Wi$l3YB%pe<|Eiw<Ai3@mWoZWaW+B~|i=gcV(K^C#hS-H2zx?^<
z44DeKq;EF;*uaprnqIxG0yr9pB8f2A%TCI~+FmI)#L9as1;Px+@<y%zQVSvynk23F
z!|dY4mkbaZzOirBwq9WS6)10TRljOCyOF?z^Q;F$rabmbuqyf#`pKfw*=t+q3BfZF
zB|R^@+m|a$NIds~CxG$R{A;{T&A0?ixdiUgk5ARaSNgMUcl@=fKbFsmQ?@1SPX-kd
zeTk$L9TH(CM*vg$#ni0Nk%TiyGe4jc33U2mB6r_2y1p*GulvWO=ZMHCpwxh@gr*;H
zrbOr|iw<VAR1D`LmL5KoxbdZgkt_|Kqa&8rE3keJrc7XV(M5fzJHwi=+KQF!5*{$x
z;r6+_ls&-wZC$fs$2UOv9HJ7cer$IU`8mE|INDIBNwgJ{q%$znEO1V;zDOMQMB(h3
zZwgEq<4PA%c|RyiaXPT<qGeIXqz~`SxNXEyFAF`YuNvDJpj3yPB{cmwZ?|$2tfS@-
zpgj4B!ppP>`FC_n{7u+df#30)$ySSDFlCD<?&+I8lWlR-`rk0CW_&HJUU1TaALJ`k
z<`Wc$2z&vh8ssdY=|@SPIi{}7st5wQ7WCnsgTjKUq}*-1?B-|q8kP;Qr&?f2W1X%+
zs`CrhFebRPO8NlK8|~1VAtzS;`r_}wU#d2)0HrGAETQQ~mvx&@OsHcO2C?;76Gf#0
z9Z#`V2R3Ql2ReKjUR*|wfGN?(hDpT&9$?c@t`2sS(;-Vt`-~VKcN-3`Ex)Ds=t>GG
zRUj&%>c>|~_eqaAH2Xc4WoAf9-Ouz-QB<kcFMN{3`5&-iT`7VoXDv1HN*-={Tic;_
znTy0&ty}0L2ht@yN9#Qd9h@xv2`H8SspPxMLp>|`x&G3x0+koC;sOY>>N{D@lJVE(
ze5x60yU8@X>)T+;sHWfjmjl+-uVs1>(h~@&BBhAAP&l?d?<+K<7adH{0!k&wN@%ha
zD1fUdC5hX;PsA`4Nv9_xG3{%EViU`WI_36;?DfOXU`n?1mvFc^8R{w|^7y1ZxgJ-H
z@@{W%>>MAqQ4eIp?rQ<nqxj#|^S?;myF}@%L{uMfbI6_g-FqtHeeRrx8@XFjI`-%9
zk<X+BaDEMdAvIs--4wx?b@q--zC-c1;Zd8huA4s_D)Jf|f49<2-wq%ZAR?hj(#ZYQ
zhnUKtUYRCU6`O|@6)VhNchyZ|p6BJuHj|xS-v>ilRLuQiY#Fb0ba*kggZa+&wMu-u
zuJ%Wge7kT1jgLoCz<A65J>Di390DA7nm@jtg_VrCVn7u3xkp68{#<RkfAGcPJ+^!V
zss-DbmaI-NCCaWX{(YaNmN{YC(K7cXy_fS^iAq?H5KKCxM*N?3*a1p8$VzDX(JtPF
z6b^Hl!$5p3Q)RI7-c>D8l<Ao1o&(-gf7P?h6ELOc`8G{UrcT`UO6%KCXKqPp6#YAf
zl$P;G)d{t`QC(+%@)<-WRQ+hy6r8Laf8h^Du33hiW?qgPA)3-%mA1U$C6tW#Np=oQ
zNhV+wcjgna+2!;)+^|<xFEZ1;u$Wh6uksVBwd>hw51^EVoFz2<m{A6QHXz$y{85sy
zx+vyBUl~!I7pi=l;X5;`A5<BzW}q*Zg)dM_iQjpirfd-e_IeeJAdfWVDWAz}+RV{$
zEhXpzN*TymLer1U%2}0e3hkOP$&OqGFgP+*qRPU!R=lVE*sGiEJ?i>kO6oBVK6Qyh
z6ok{b4n*uVioPIq!=EJ!UyXUhUpz$kum>omA!i9qKhC&i2^Z*H*?Zd=zwBupsru;?
z<XK2lo3q3EG><gyb3B-G%^ewkypnu<^z48wrf9bfiBH$f=M+KY%KWzmn&!=CKq&=L
z2~|I8H5pN;IlG6mr!btv;;-nu<(Ud<nA^CLV)?<whEkylrmSGfz}6O3VZ^4JOFxhF
zXC^v4eRPi__8Fqb;&wg_VHlv4{HO9x^T%*J@*^?!s8gA@Q&^LYUo}%2cw>;vQ;b)b
z6tPrU)tkVSr#(BSzPUF|#Yg)mmWoD!y4hLOeiT11v5~gMU&EY>0!j(UN~p5j_WUVf
z${wmXh#>s_1807N%IhD=?Q}u;iEvd}9og?d_fW33$(`#y8K=IBc}Uy$&gzLzod^Ce
zOm4UzQo^Z;ORYfli2qeR|3Thq{z$OQZGgnlDf=L})A`BrO8Neeo<#8>%&>UBd$t}o
z-HBkxClqxmi4{^Vw@GQb181Rv9?cvTq}>4|!TOhe_|24#0P-nBBs58C*2|UfGGU5q
z^E6b)KK7H}>c2R^Tzk1ox4!ahd@M;A4EYoZ_lT@c<_-L|f23Xw-FeTmP}=p`!{|k!
zecguaybEBwpZve^=H}(+wYW<^+F6AKTETI75f$*ZChjcVXXzz~#%7enywWv}srjWZ
z52mD#dZ#;fv6}J9Ho)*h&S2r@=hV``x4K?iYp3;wVU4|jQVg;ZntqHP-dx!%d<WMk
z8&MitVksHBj}IRd)^+MQpNmH$<4*v(CTRE3RFBPgkaLo+T*BFz=+RTGsVXF$p9vB}
z{c<Lhf8KyaAu6Hj$KLA9!RIbFdlkJj>%JFdfjO_q9!1Xi>Kyu4>yLK38-XcXJ9AUb
zdR`<r1W27!>E7g@c0|=D=HSS%N#$#$s!IK79ude{Ler1@{P=a;DEk=ZTf|kqzngQ&
zlq&;-n$#TxzIu%z>;~b2DMKqZ67LOR4(|^)J{fv7pH5qXJ}$-iy^f938<$@;G!#$@
zL(USKenhymTy(czzph+uXk1Q;6r(8*kq}hP$7C;q(JYdX76DUUS$_-?gcYJD*&E^T
z^7x{#D@JE;FB5({KQ|un<7!bAP(Fs7B{co`A-$)zC~a$GI^)qj%Ko1jGWwWRJ0=m%
z4}_LD%oh=9L02xX8mx<!Ww@<PdyHbQHB84jba{!VbkEQcp6kBYHGT;wg&-=S>PLs?
z&rl=fVb>$d9zB5DPAx+DMA3>Z+Vkk%T8st5HO?aF{4wd5e%3K*&*)O=G3~z391iuP
zqjKRE`4fs3Hv<D)bU-QiPo>#i9_ou#{T#lMNaGjs%yLMp6x(j>rZb-@!>+3k=;Wv+
zk_5n%A_c{mg!U}QWM*ldq*Y&uw9_T3pB0+6?S{Oj7tgE`1C#=gmC$6FHC8B_-P$F*
zO5xb%+u4UCUOb5`s3T;<{e;jqe1RAdOiA*3LroBk(N^67Zn<f8Tzj~3d~8iZI#l{7
z<U&ZW+#aYN{=ci|5Asf1xgj-Hf-~-{Enm~mq}#|?_DZxA;;4r*{EMFMgqF(7#DF0~
zn6ow~cjNp@qC!|l5D;gT1-I5ThhKYSp6kEuP%4fGkbDr4&?NblY`l}vDp@1>gO<ql
zCEA3$f<JQMOMQAS5$2AxpF5LaNP+?h166GkY*d9lYgXO9Ztuu}U05f{uLX;RpHzc-
zEr9Xn{cF4hOe}aff$_dWKXU4DvCQh<s&)7r>E9A_yNvp2<+b%yez5plfj<)*a}Bz_
z+QwB#e!f6aeORod@Np>gX`p~+@6R#H@6(2Lu6*cofbtP!B~<&5wRP7rGl%b6$ry@G
z3n{*#Uq$#ARk}x*us!0A9B={Mn^<Ce0wbwm#nCn{Hp^`4DjOSib4{vgWOJD*t4dQk
z@BvWrKvY82kGd|hx=1iq@G0L>8K)Q#1<rBOJLuXDz1r>U`qE3@fc`9bop?{HQTXD^
zw^F*F=55coYR32}c24bKduQmlR0<3NN^ZzmLeq~=RNR=zKL^&&j4LUR_ZoVO5VbLo
zyH}Lq+a7i;Qrm&<i}QsxDmJ0c`&c6NH4D}Gy3{03?8syI6lA7lJv%#cX91L4kh6rQ
zACagZ#M~r2KI(p8QMB`U+Bf;|!L(zXRq=6L9^Va4CmEO$7LD4;fh+HNnM1K&i0L7Y
zHZgjLY+D^!gi~eXGPXoMpyY&{B{co0Q=0e6^!+><CBNVhht*gora4k>;QKnp{fX0*
z__C06FlFYkfif09JbDP8rwdl1NQlVbk$H2FPMTiS@5Jse=WKwI1ELbDeq?f-!O!)5
z>9N{)Vjaw1(h0kFf)nj-eT(}rI%*{8BnwPg5={Ov+b{=Zrrt1|h#oelX*e3CbgRnY
zF<(yP&zQ<T=W`zZQ+cODC7D003TPh?s*_}r=+COr_z|65{M@W9dU!Fhq{|p{4!Z77
z;ouU$kAS+2c3dBf>0m;S{l<u8pnCkIQ`l_`26^w#`YJnQB{W&uCI}`sZaJXtr=kXS
z@@BaxiT`3Llzc-XFa<x{rLdO_rrdt}-ihvF5<N|0dh;=RN#Hcrd!@0SFa!aneZwIN
zByXU49{hLp{4dh@E>Wgj!yX;2aZkey`CivP(+Dm|?Yowgx)@?p89R~D9DoHwj-cQM
zFWqu2siS$xy1$~(i*@-8&xe=S$vrOMm-T`%6+p5<L_(8fpoEa?RmHImbrjXp(<%$a
zFXtF<NxzVxKSCHT##6X{1bViOq9N63MX@Z(zHFC7E+mE{w@%F^%-_5$P#|v5TSfyI
zZ`S`e-W=QlcRQcc`Ki>`#bLvGWQ6uBH*YUC9MwbIWFoRf`*LSDBUlz+Fr}2yUSJ^a
z<iZLb&stNS<>V4Ar9CyXARRaCc%nfe3p}7?fvkk4AM0=OJ=%^MB}7c<6>`k$UKQKY
z^;+iB($8N7+R}PxiGeBG9qooGW~>}FcnzJD^)D%iQs^fX@z_Jul;u8A(N?SjN@j>k
zsQR&~Zw|9r6&|Awk0SMCzWsU5lOmzvYE&|@5b`%Md^DiP#%|7MBrH|h42oF0e*aoQ
zR;GCB$MpT!^Nb{U6f3D~p#xAdLCzAYe)Re@I`@V2Fzthg!RiLtFDKPACOTOp)xfBS
zw~E<iQD92eUK&anxT(2l#l7fGBi1dMwWp5@x6&}(-s73yTMGVjew7h&meBO$r{q1K
z&{)!XN#5@-7}JYUPz@#|Dx-4(iQ5SyejtbtgDDr(SQOq|UP*Lcqqj(JOP9TPO!ACD
zt};V@=H&~5Vr*AH$pAS^X!`N=W&KWrxzTD9(L-b9z0GxW+oxKQ*f!rqWEtr0eUJw|
z89Fr5OjJ7(luq}-ZJ)*D(1NPW9d9IM9X-*E?W{HYi!7kL4^atKKc>ha2*bO~uI9D|
z3(C#l2i^{e+TpqkWc~^&7<+zP<p`!U!oXy4`dTQW!)#-n8D|?DD7>@$TW7G!fm)CZ
zo^|F=^U(iOd8hT&p@i<R{Q$|XSWPYLbX9hRit7fcN<@nxjdcC5X40adZ$#2#+SA=*
z-6Aj>84EF7?ZmfS%fw_3CL1H~KYtK<)r<uw=^!hi$&z)J@Ma<4g-7XTck)qi-Yk|D
zoBL~yisO3H!$^!9KSnU+3f2trfssYF$@Z2E*K<2Fk?d!BawT0jFTN5NQSHf{0M$eL
zclG>1-f4Yx!0k<Ax4oHbOqNuqSa7Ys=KVO+v<od8DQ37@7V&NsFyu#7q8Zis&=>rq
zN1|ztAupFzs_C6icxCGtBBE@5w#WlW8i+`!-r7#-1ER(s*~R<Ijg_S%Ta9{N7ofVg
z{z4bld=UH!tqcrFl%q1(%ws>jIEKHu7MnsLSW|JPr8v-ZtWoyK*QNZ=Iu`Zc<891k
zZpzJdmwrs;Saay|%0-wfyQZBdsa`+2@xU_{e=G1ojIEp!clI}!(lN;z#wO7OIWt_J
zC&nkUrnYm~rX|*I*PJZR@B7FxFQBA?tc0c?HFIJ<O3r;+R8y0845^<dz~OS>xv+3+
zJUJ<%p6-aR27OQWKRQ%@Kf<Q=!x&d%x2v}QaC|{P_mJEo|L2Nny_^xCq=cx1svq%u
zYIbGgN#^`e8RI7^c@XwT+UkS44r!R_CsSsWKK6j_-Oq#>AOsAVbYghMl_RiZt$bN6
zc!}>Pbo44>GAiR@A5c<2&Jvn_<SEK->1U!eLo~ZOjI_CBCy{U*mSK{BKY1hf2Hwxe
z225Fsm^Px)^BiwsdKNz8a);o;PWf|4JB-OOimPSb+&L$pB!`?OH2v7*N56a<(;eT|
z$d|5t8}I`rv`E*gM!5TfqefL%)pO8Ow(_f9?5_TP`T4Q}*Q8A&`aD&-3sIi3_EzEM
z@9ipR1OX)(<Se1-$1Zo~dAS6J#b`GVWR<FY>+i%a=?)&QH)ZD8x7pNqI-o1+UI|9)
z#!SZcTHRXkR&rt@Qx#7qXd0F;h`0{DZQr&4N>YeQ==xF1Q7)m36Hd8x%;<WtOi@wb
z0WV#<e&plY7^>?I4bYuE$}!f%wAR_~AW0Q&1k~Szs%V5%E?nU|k;B{RrFAD&fb!ly
zl^l0@sJAa^t<dH@q?lF}Vxl@kEDRgL#&UnR<G|!a5~_s-2l@`oVrg*mbNST@3yS8h
z4-IkpqZw|3oKJd*JgOcl?8@dUfRY5V5}GVOCX9}$nZlU!=5EHhdI;j)G!r*?nw0-+
zMTRZjL2d{AkNcx)V{tU9Y!%NQT^E$7kwnj!?l9JWvu2XXR47wHFb1lJ_^;~ugXFTf
zOO)tMMl!+|1;hMp_fGM}uWofF57jE00!7vJ7yL{(LrlPsx}7eQ1)8ZlSb@z1D0)jP
z4DJzD*62L;)nnohw><Sy03;DaBs59tn!}C>goUVbXez|sC$ZBQeWu$vUYccge8jtp
zKJEA(4Ec8E^KrEuG2?G-<5$&;S4p(xLO%q$G7S!48_gA^gAIW3Cj5K61s<6i^K#y$
zAMpZ^QL$-K8e5-)$-)w;_7`3ZwZE1bS-rf$?0IjH@e538AgIXsb7|Q&a>qgwe{JRM
zqUf4s?t%11{x<8<8|g_+KuG{u2~9sTY56=+VAeuTYj}sX)fh^C4`rFo7gxP!+~6G@
z`;9K>uDFoeu3z|YUDEcUwZego(VlItiq$kuBvHU_$}YxKx+$Q<hp2?A9|gESpPC%?
zB`7}S9mNrz?<M7tWE4T>k;E?4o>FtiECy3H;G3c(f5s8RUo1|%LN3Z9*ddN%XySNe
zd~#DJN3<ycDDfa?2~9t4m)#GiNx0hdLCItoL^cTY^o~IDihhb9do<qWzord(PB2ww
zVUmaIAPpm-0o|*hgR(MRW$$L_9h{a~aAJ|yfA+<3A!i9qKc3gC&V2UW9@rLLAN%gG
zwNOw<{9}t|Ic}PL6+;<|Bo9m}7pEkjz@}8VfWt!lgzBe>&=z+<Mroa*%i<%2iMZ%u
zK#2o6OKAEL8IJ_1#4<z)9eqb<EpcDUq+hyx);L;3fM^(o{%CL-Oqo4m<>UNw=*B|m
zePo!&16CuXTH@OjA=+1;Qf@!j=>6Go#)hbbsvjwOs3aZpGFMXH)bmmAe0xitUWJD7
zM#j4=OmBl^Otb(@dE3cNgpZC*D!=NzE^tJ2Au6f*{2jpzo^(==5AC|_HK4@$m-5k_
z9_p~W{o0;AM!dP{GP{a7#%O#6Huq0N(kju_1U*|&ib2odsWRvI?g<3%Cok753L{_H
z?=2zMBzKpdx4@qZTOb$w*+apEtc0o`vzw{sy|4IQeK(kcVJHirf3Gt!&{jc|6^?%)
z=8C%xnq_Y`Df_X0EbFzFncq0P`)NuOb`JXF{#JOOm9Rl_H&8toe^t+akmh%Z@+h?t
z7lDd4%y^<8`e`}Y^xIn2x9idB!Pj4ZOEs3UwSgXPdxGLmU>XOrQ)mp6k@pTuN^N|P
zLN?RBkMJxTK5&T%K%zrLLX%{DW1I8)KF-_(>oVhq>f>l7(cy@ie(5g15&aOYMDjtu
z;OZo#c|cvz?LSFq&6T{o)Aqo-%ib6XWja_g1v9a`<}ondX#YLloSeo2JRE%dcj?D&
z*IkCpytbDeF5lB5JaOQhf39JE*<*|_Yza1bp=uifI?H|gO9pW`9kv`pub*$1jx6@7
z>3xF_$~(t*+?%nVb}0cRDr6-z{V2O|o}wtVB4eszE|S0UO+;W^mzf`4fYiqDcWp9E
zpd^@*5jA7^7ry#_0HSruZ^uivEqb$w#L7awcsxe)U)P7pfD#3w5~_a8Quuv&3(NRD
zlxn{flLHfx{W?#dazIO8U^8(|SoDn==r;+)B4YAp+REI8W$IjgBm&sELY#$*cvr1f
zs%Dkk_<#Q4$dI#yrXNdiO9C6*v6#Kzk4a`MUFHmKMmW>cAILnP=JqRbQAz_-zV4?)
zy-44hTY_<X9N4?a76enM#v8O|<rdx5Mcse?XRR6ua+c8aqv`pj`;RF;_D=}!RbkF3
z=8%8Tc7JRMuidwh%rKy$Z~{|4OP0@J{B6K(lXjC!(2M>1xuLWM7qORlTva*lU>Q#v
zphSe6B{coW-^aYQ7XkO#{8{zulB5?jcoC`=L8q9-f`pu#)2$yt&#!*r7%nz9h#DSG
z5Ajta>YkB!i!eAdn}3V03o{W(jC}$q5g;m|>c?JFEX6=6gYPlgPLYM}_~`8{d0uF9
z&VKMsX2iuyBg$aPceAg*)NC={FY*1dh!(-|dL_~_`sPrXewBZr&}w$^&mIc=Kb3d-
zC;|3+w~(3WYeB+61{7TL&vTA2>6gC#GO&v|?LBYiMNYw#N(YC{&9!w?uXf>`sEg7T
z$m>VDEow8WUX~EC7jCHjISBy=SqV*+*J3tPKX2F0J#DSC6)X9AR^|gV0%e$DP%<7%
zw;te!g6>CEv8x<vwU$J8?&pikkHY9(8A)bkeqora^na9ld`tmU5A1(c&;KDG-6cv%
z>DdmY(Ma;mljOL8R@WT6<?s)&lh!?t_H5fvTa^w$uK>wPZ~ZDX){>CZ>hs_{F#U{6
z%kTtG=8#3fq`-u!4IMzjKtw{5WZi1a#bnt|+1phMYpPK7^rO6V_$E=!XaX5N+g*EK
z(2q2q*Jb<a)VC;0cB9C5l}Ds`V7}%I*c}`xb5@hdKpf%orw#J`d%S@b=QifKOFu4q
zzb?hKr9<Z)ZG81|LgO0qGc&cd-{>;oD?Bo~vNS$0<p*ER)@(5~YzN-Q;b|w5$6+cH
zp6@M!3YdoOYjt1bq5w)C$VzDX5$~BuU6ulUGkhY7jlft3Y8{E!D7=Tw!wABZJ-YPK
zHPE{jB05O6v>ok9#JdmMoM)e@o$VXNEIH`FoO{*&c>MYYp!9~QgsLAg{TMP!P<Zyg
z#I~IX=qU(viSFeyOpA3{Z`wqa;LTZrDT5`hYWeftZ7Z^iZL<4UVj)p})sdc0*)e=<
zBxH#}+yf|IL(USKexxoWrU>FgYK-G<2+u=A+4iSmH|`zKMq}@FP#KsdtOZk!s<K=D
zB3k9lH3`Fn;U-eSei4?yXJN3j<vDry`dfB8p!9;AB{co0<F74tw8F3}()#n@x5Zk|
z3CV&iZ7{*r@q0t_sie<@V9HO9XKJ<Yeh1LurV2F>BqtbeY<e-GXZBa`2~RH>XYc?@
zPsmw9(~oht4_SlER>#7*FHXK<ykWneKrlxzvQn3>hAr0h!Gjb`IZS2BQXm&(@M=#_
zJN-1}&@SQCm-cEETm1mT0Q_wXe?aL0Q3+K)zFCXt(F%D{`N4(q@X6d<s#`0~+Rf><
z|J$K8ztWR&CNL$x6Ib#N$0OWhILy-LYc!GH{Fq4CB{mOn2QGZZKBK(?l<xmj-f7be
z>&k?xKLhzDWw3>%7T!A+`&qjdTxxS$^%v{rYdsMIFeRa?;KMdP+~7*|;F9}B2WeQ&
zU#ZuXoKZE}(v}oqv=jlQ8)PLkS&s5=cvv;Lp?C~*dn`>^8OEQz_>R+In;732wT6L3
zm=C%;5j&Jc{v4S>LwWdW3PX=<0M_18DVJE1!8MglZ%aAWpC-uluj=^^lJhQ6&P^8!
zWFPB^v5)pE;s|X%TRe{)RsHC{@Q_wqUdGHS7z`=PfjU+Z7AV(IwDFw#rnD-GB9Ohf
z=!6V&g|!x|>1`H(bb*M3>eh+|KL!peQc+eb{DWcwsy^*o^6#w8m0p42jPSkc%(-Al
zsvL`Um)3hS<PQAu)H0Lt)UvPRsgo9IlBUVkvbs?=fbo9y-{Z~AY0PQP&&7S0ezfSS
za_qnj@w?{^KTvQrac>}6ZyI&yu|y}s-UIcXQ_%Z!aAZ3LD^=qY_vjvmW)~=aRdF4o
zP+4GnMQFviROXm?2`HT*E1~H}fgsH1C*;j`7er|fUYW24e^*h}ajo_0yU51qClfUo
z0#oM6D(VIn=`aVWZ?aDo5?UsrXxu(;eA9IPJX-9B=*FMtkP}2DRQ)*AV!DnTT1bA(
zoh*(tNY$0)Yw=6empKFxx10Ckh%^>V`AVuWPdu)d^<Ltsw{6be-0{l0c)FkR<wJJX
z%n2)($bixja+c8a;}<J>{KA32bBwjG^k(uUl!1zo;R+jyyb=N}GSg0PHNcdLMjQ=s
z4_<nq+BsUQu%z@;*Zx||`}QPI3Nim?s)iy3P&z=)5}JNI$eewN6!-`=%|CDBW#_xF
z(x=&0LUiVj5RO)zWGJ=5Kv!Qv)qR>nlhH8<!^RgLHKfrii}_3z$`mG&yQSTCwXg@2
z_K>rLrXO>aggK>7FiT^2B-G4i%!h?d0x^+I;baw9xj&oAC4inW;ITiTd3$N;9f?FN
z;_Q}8GnC+I|7#T{H)UP?C1Y%fC!n;0sD!E?&D)LL+>{l^BCOhM&8FYztD8CE*4gXA
zTm~WRzd76lziw=FgEvI=*N;K#tlQtZExY;%lv^Y4`afw))#whydDH==?LU=wdZ>F_
zRL3^QeN$MNJRZm<MN_*{|JBVADjgDMG0=@Jc@_w!B(|i<6cEB!64{H*pRr9o_$+Ab
zn$jpXja&o!*rsmy8c@E3tb``ZcN4mb8nY)8)}3%qTHa>0+&(cJ_s7xT6OFv``a0<V
zdZVDBN-_cR+eOR)_hzXB-pyYf!dVs?xOF-$tW~#372>l%_1OGZ_52_5PFuMf`RwoY
z9?c03j|{Z8(><$i<3A3^;&^}Jo5O<v*GOy)x{$??rN88kYBl1T)?hxv`(5PA;^$D0
zwFxT8x+k-vB;o+l8X^*!Bt7~Jm%a~ZR-9?<KVN*Ss>bzg(b`00h-YV=?uMtgnFsWn
zcJr-}<*}B9h{i1T0{AZxHrxCL3^$t-7t^F;?&*cCz<68zJ>GogCKdw5cj?EP5yOZd
ziWb+S^fn==2YJyK6z6@9anBBh3Gg20k0^rPpOby|UHHaSD83}C73o<Yol`n&)57g9
zdK!cgD&9doJUBpU30VnEKRWCQ2M^;&@h3>EZe|;FV7<s1JYBa`mu-R@aG!9i0o@f>
zkP44!<7Xpqs@4cW(p{;ybd}$J%3IxyTElspFo_=lC|^KSLe-Cp`5TX)xtNcK>vplq
zBEZrPv&%-Y28hFGvJT~3k(Pe}Q<k$HcORQ@Ww7yYYwr(j1jNl-Ia@p)GzqHT+cYMN
z|1*EIfSe^X{rE%rb5$BAN#7}TQrztchRo%@?b=kn^V%1led?%U(rnQAqlapW(VnLr
znJn!0<Ge-Bfd<5L9?2(HyA-(H3My<yfYKatmQbBvwYgRD4n!>#@)(J?e7NiZJFAiO
z(yHY?ZaJST_0#X5JI+~{4vWqHPZ^Ca4lz?(f1czPOeIKT$gF&bz*O;zai{^5W{|Ul
zrXLxjGm=#ByJiF9?YC!<!g_tK5ue4OGmpNPJWd?^S_Qgi77@{YxisHCP|q^ANB!-a
zI!?q+7ThP^8X3gd-#G4we`dL+5S38%V<{eP*LF`-tXX+UnPN7af=5h!Q`?ra+-l~5
zu{pyE=$uDE#=vExKEq&lwU9KXd^CNIv9rR?sdEp*=rqX6UVt4?n*3AAf0u{4P?YJu
zq(nI3ap=A7`Oz(w;}D%LlxgmQdj#h=`ul>QyA!)Vr5%v6QY3|~tbgeRY`I?%D+hlq
z$rtBVi#`w~jkf`m#*mfJWI279D4KCK&fcmhKMH3lLNP96tgA46^C^EmjwFRw5cItb
z7X4At(yM3Hv#c-FUP?>Pyf652rirb>kg=Ti(Y*bv3aB2VzpCdy$U9v{H0=0QM7Ggm
zH>RKY5;wi6V>&Kuu*#+Cs<P}tjpsQ%=%@F#k#PNSa%8184HL$*S;&2JoX5?t(odq4
zhL{f?7x=jYNJEH7Xp;0Rn)<C`I5Hn1_nT2$#ouf<FOzy1cOPblNEFjVg$wjHPAfW$
z2U3@kwJ0La2fZtgKgwuQA-MQ>b=#6Jlc9b19uAE6U-w)B*_m;2ahl$xA8~rCM3yzO
zVQ8A`vyAz-tU^ESE7RFMh@XomL^!W%25lbaAb4GqN&6w$WTU{Kh=9HR_L7~>AyOH~
zifP3iN&8qpsSjBRO+PMiMIyiq+@rLfd@SPfHB`s2c!Q$6(AY{Stg@Z^Dy|t!sU3B6
z_Ciu6j}>c+mFfWT8;!1_)Dh~3y;-YIJs*A0kN~9~L?u-H=vZ!GDKzzdbv^NWlpr4O
z+d0XAUuC_k$hLN-soGkwpd&7^@75a<D>e02QbeJmNv&PU$scJ%o+bG9Th}SfH;GC>
zsS7zvX!;TEoxA=MLDvnEg`WKyc+Zvci{H!A+us-3M*PX;JElRuJ90+WvotUfN<N-T
zV$6)R<31zXzGc&=oe=iO;Iw#0LI@~zAZH0pKbDby%*_aNcOi~-b#?sW)ihvS+Ur;^
z7OfWS4U-dv3c6N((Tja7hS>X5yIIVe5UyRvsLBtGqQ*}LRfKe`j3v|yP-;WY5}JN2
z)7W&X<Y2nA>Ol5dguOplD>0A|32*mFYwG&#;{q|zdn<?|S1dXo-5kPWmMht>s5RAC
zZ+9LCIbI3Lb}P>plAQudEr?2}`VmfY@20n*InL<J%J4X1%HZt!fd5>db81uX3EIz`
zFwpyRrZKl}oCl*m{YVd4-n6l0c|cb`so~?y%^Rbgy;U~+XO^q^PvxCH+N0Cf6=W;t
ztwTO{s=ZLWv>GAk_cQwNqI*Q>O)+wQ7dx0T#n6M=hGO*xX|N6smDa2Bp(N+Wrt69@
z2ptU(SynlJvebaAgeJ?zKm@f<MJT1GTgXY|L4=dAeAiEzX;cqkwieUxQ}&~QDc76h
zOyo9E5FKfTsf!+T-jK&F8Si^G1h`GQla>_5%>&i*{J*N_|BwQAy6SztKexTfZo+E*
zP=UOQp8I12ELvu&PHIwB$;teFXAv0k{QaaEjvc+T;DX#CcThI=+xbg+XJwej_ii3l
z(k_292axIzk<cWGKNyFEN?q=K9{6slJeaK+-_Jlv|CFP2<7JSy6b_d*=*iH|<~2tG
zUdLagHP+&cx-|2}LoR!>(Mi4U9<a*omI?#o{ntI0z~9Eql-ul1^T(6;m%3b!Uxn+|
zrQ|(qub$#?*3rBDZEUO5{@&Yo_`DxX$<4NOeV($hZY|noU{iI<dHym+PqWehr|HsH
zs>xKz9Z;%5RzlN{L4_C(>@#2UZcQ54CLe^N(LOz&%NDHq&Z~mDjZ=Zo4W<mYOA)<_
zjqr~@>Vf%@J{(k-dK;y%yXbX>nwBiSDNhV2RUj&%>c?snOAPC;>*@|C%qWu>)EcAW
z!=GxI#6Di@OguO-Y63kA%<^WPPp*WWG$wKrW<Z%Q6(-ei3NPVfM6G@ecQa+?pSid)
z<Se1-M>`S|={}{?DU4EViazSmk2kYprS8s7=E_e``AQReKyQRN9nt8<w^$G)nODk#
zWw%Pd5%!f{d#GIChv2udtFNX3D3u^*2~9r=Z@5^DULGNTuPm+K3e17e6GuGoHx@xQ
zzW;GLm8+TvOo_ecC{NZ^CRF`p2kVeStf5Sa5xu7MgvDLA-UjVgswkjTgq$Tb{fK1N
zEwZmEiMGU}fR9ZXB)0aFXA^@~b#VSD!xCH5u?BRO>o+x;^^m@sM(KlJYKW}zH>LUR
zlb`w+wF@+Jak1QafKmaX5~_Y2s3kUc;hs;$O{!psaMFmdQXN>zq8-imZohBJ8-4v1
z^jjHkJC6@3UtE_f6WVoK-n57=Cy_9EZ;OuhYxcRI&@%u^`F|?!G=FsJu$<t<_UhKq
ziSaz@t+fiztDqx}<K19<EmzrX{SNd?Y<|Lrq}DsCmwkp(Yb7pJCx&j4>>CDh&HCsC
z`FPqXEr3!EvJ#ps4TlvY1HPtak(Mg1-?nC*XzO74MHnK@C*@7a+;pnWfGLp@3f5^5
f7kzV2K0ZgS2=3OrgqzwQR#tK|A#SZW$<+KG6A@A{
--- a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ -1,37 +1,33 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "TLSServer.h"
 
 #include <stdio.h>
-#include <string>
-#include <vector>
-
 #include "ScopedNSSTypes.h"
-#include "base64.h"
 #include "nspr.h"
 #include "nss.h"
 #include "plarenas.h"
 #include "prenv.h"
 #include "prerror.h"
 #include "prnetdb.h"
 #include "prtime.h"
 #include "ssl.h"
 
 namespace mozilla { namespace test {
 
 static const uint16_t LISTEN_PORT = 8443;
 
 DebugLevel gDebugLevel = DEBUG_ERRORS;
 uint16_t gCallbackPort = 0;
 
-const char DEFAULT_CERT_NICKNAME[] = "default-ee";
+const char DEFAULT_CERT_NICKNAME[] = "localhostAndExampleCom";
 
 struct Connection
 {
   PRFileDesc *mSocket;
   char mByte;
 
   explicit Connection(PRFileDesc *aSocket);
   ~Connection();
@@ -59,232 +55,16 @@ PrintPRError(const char *aPrefix)
     }
   } else {
     if (gDebugLevel >= DEBUG_ERRORS) {
       fprintf(stderr, "%s\n", aPrefix);
     }
   }
 }
 
-template <size_t N>
-SECStatus
-ReadFileToBuffer(const char* basePath, const char* filename, char (&buf)[N])
-{
-  static_assert(N > 0, "input buffer too small for ReadFileToBuffer");
-  if (PR_snprintf(buf, N - 1, "%s/%s", basePath, filename) == 0) {
-    PrintPRError("PR_snprintf failed");
-    return SECFailure;
-  }
-  ScopedPRFileDesc fd(PR_OpenFile(buf, PR_RDONLY, 0));
-  if (!fd) {
-    PrintPRError("PR_Open failed");
-    return SECFailure;
-  }
-  int32_t fileSize = PR_Available(fd);
-  if (fileSize < 0) {
-    PrintPRError("PR_Available failed");
-    return SECFailure;
-  }
-  if (static_cast<size_t>(fileSize) > N - 1) {
-    PR_fprintf(PR_STDERR, "file too large - not reading\n");
-    return SECFailure;
-  }
-  int32_t bytesRead = PR_Read(fd, buf, fileSize);
-  if (bytesRead != fileSize) {
-    PrintPRError("PR_Read failed");
-    return SECFailure;
-  }
-  buf[bytesRead] = 0;
-  return SECSuccess;
-}
-
-SECStatus
-AddKeyFromFile(const char* basePath, const char* filename)
-{
-  const char* PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
-  const char* PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
-
-  char buf[16384] = { 0 };
-  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
-  if (rv != SECSuccess) {
-    return rv;
-  }
-  if (strncmp(buf, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER)) != 0) {
-    PR_fprintf(PR_STDERR, "invalid key - not importing\n");
-    return SECFailure;
-  }
-  const char* bufPtr = buf + strlen(PRIVATE_KEY_HEADER);
-  size_t bufLen = strlen(buf);
-  char base64[16384] = { 0 };
-  char* base64Ptr = base64;
-  while (bufPtr < buf + bufLen) {
-    if (strncmp(bufPtr, PRIVATE_KEY_FOOTER, strlen(PRIVATE_KEY_FOOTER)) == 0) {
-      break;
-    }
-    if (*bufPtr != '\r' && *bufPtr != '\n') {
-      *base64Ptr = *bufPtr;
-      base64Ptr++;
-    }
-    bufPtr++;
-  }
-
-  unsigned int binLength;
-  ScopedPORTString bin((char*)ATOB_AsciiToData(base64, &binLength));
-  if (!bin || binLength == 0) {
-    PrintPRError("ATOB_AsciiToData failed");
-    return SECFailure;
-  }
-  ScopedSECItem secitem(::SECITEM_AllocItem(nullptr, nullptr, binLength));
-  if (!secitem) {
-    PrintPRError("SECITEM_AllocItem failed");
-    return SECFailure;
-  }
-  PORT_Memcpy(secitem->data, bin, binLength);
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (!slot) {
-    PrintPRError("PK11_GetInternalKeySlot failed");
-    return SECFailure;
-  }
-  if (PK11_NeedUserInit(slot)) {
-    if (PK11_InitPin(slot, nullptr, nullptr) != SECSuccess) {
-      PrintPRError("PK11_InitPin failed");
-      return SECFailure;
-    }
-  }
-  SECKEYPrivateKey* privateKey;
-  if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, secitem, nullptr, nullptr,
-                                               true, false, KU_ALL,
-                                               &privateKey, nullptr)
-        != SECSuccess) {
-    PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed");
-    return SECFailure;
-  }
-  SECKEY_DestroyPrivateKey(privateKey);
-  return SECSuccess;
-}
-
-SECStatus
-DecodeCertCallback(void* arg, SECItem** certs, int numcerts)
-{
-  if (numcerts != 1) {
-    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
-    return SECFailure;
-  }
-
-  SECItem* certDEROut = static_cast<SECItem*>(arg);
-  return SECITEM_CopyItem(nullptr, certDEROut, *certs);
-}
-
-SECStatus
-AddCertificateFromFile(const char* basePath, const char* filename)
-{
-  char buf[16384] = { 0 };
-  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
-  if (rv != SECSuccess) {
-    return rv;
-  }
-  SECItem certDER;
-  rv = CERT_DecodeCertPackage(buf, strlen(buf), DecodeCertCallback, &certDER);
-  if (rv != SECSuccess) {
-    PrintPRError("CERT_DecodeCertPackage failed");
-    return rv;
-  }
-  ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
-                                                     &certDER, nullptr, false,
-                                                     true));
-  PORT_Free(certDER.data);
-  if (!cert) {
-    PrintPRError("CERT_NewTempCertificate failed");
-    return SECFailure;
-  }
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  if (!slot) {
-    PrintPRError("PK11_GetInternalKeySlot failed");
-    return SECFailure;
-  }
-  // The nickname is the filename without '.pem'.
-  std::string nickname(filename, strlen(filename) - 4);
-  rv = PK11_ImportCert(slot, cert, CK_INVALID_HANDLE, nickname.c_str(), false);
-  if (rv != SECSuccess) {
-    PrintPRError("PK11_ImportCert failed");
-    return rv;
-  }
-  return SECSuccess;
-}
-
-SECStatus
-LoadCertificatesAndKeys(const char* basePath)
-{
-  // The NSS cert DB path could have been specified as "sql:path". Trim off
-  // the leading "sql:" if so.
-  if (strncmp(basePath, "sql:", 4) == 0) {
-    basePath = basePath + 4;
-  }
-
-  ScopedPRDir fdDir(PR_OpenDir(basePath));
-  if (!fdDir) {
-    PrintPRError("PR_OpenDir failed");
-    return SECFailure;
-  }
-  // On the B2G ICS emulator, operations taken in AddCertificateFromFile
-  // appear to interact poorly with readdir (more specifically, something is
-  // causing readdir to never return null - it indefinitely loops through every
-  // file in the directory, which causes timeouts). Rather than waste more time
-  // chasing this down, loading certificates and keys happens in two phases:
-  // filename collection and then loading. (This is probably a good
-  // idea anyway because readdir isn't reentrant. Something could change later
-  // such that it gets called as a result of calling AddCertificateFromFile or
-  // AddKeyFromFile.)
-  std::vector<std::string> certificates;
-  std::vector<std::string> keys;
-  for (PRDirEntry* dirEntry = PR_ReadDir(fdDir, PR_SKIP_BOTH); dirEntry;
-       dirEntry = PR_ReadDir(fdDir, PR_SKIP_BOTH)) {
-    size_t nameLength = strlen(dirEntry->name);
-    if (nameLength > 4) {
-      if (strncmp(dirEntry->name + nameLength - 4, ".pem", 4) == 0) {
-        certificates.push_back(dirEntry->name);
-      } else if (strncmp(dirEntry->name + nameLength - 4, ".key", 4) == 0) {
-        keys.push_back(dirEntry->name);
-      }
-    }
-  }
-  SECStatus rv;
-  for (std::string& certificate : certificates) {
-    rv = AddCertificateFromFile(basePath, certificate.c_str());
-    if (rv != SECSuccess) {
-      return rv;
-    }
-  }
-  for (std::string& key : keys) {
-    rv = AddKeyFromFile(basePath, key.c_str());
-    if (rv != SECSuccess) {
-      return rv;
-    }
-  }
-  return SECSuccess;
-}
-
-SECStatus
-InitializeNSS(const char* nssCertDBDir)
-{
-  // Try initializing an existing DB.
-  if (NSS_Init(nssCertDBDir) == SECSuccess) {
-    return SECSuccess;
-  }
-
-  // Create a new DB if there is none...
-  SECStatus rv = NSS_Initialize(nssCertDBDir, nullptr, nullptr, nullptr, 0);
-  if (rv != SECSuccess) {
-    return rv;
-  }
-
-  // ...and load all certificates into it.
-  return LoadCertificatesAndKeys(nssCertDBDir);
-}
-
 nsresult
 SendAll(PRFileDesc *aSocket, const char *aData, size_t aDataLen)
 {
   if (gDebugLevel >= DEBUG_VERBOSE) {
     fprintf(stderr, "sending '%s'\n", aData);
   }
 
   while (aDataLen > 0) {
@@ -454,20 +234,19 @@ ConfigSecureServerWithNamedCert(PRFileDe
     if (SECITEM_CopyItem(certList->arena, certList->certs + 1,
                          &issuerCert->derCert) != SECSuccess) {
       PrintPRError("SECITEM_CopyItem failed");
       return SECFailure;
     }
     certList->len = 2;
   }
 
-  ScopedPK11SlotInfo slot(PK11_GetInternalKeySlot());
-  ScopedSECKEYPrivateKey key(PK11_FindKeyByDERCert(slot, cert, nullptr));
+  ScopedSECKEYPrivateKey key(PK11_FindKeyByAnyCert(cert, nullptr));
   if (!key) {
-    PrintPRError("PK11_FindKeyByDERCert failed");
+    PrintPRError("PK11_FindKeyByAnyCert failed");
     return SECFailure;
   }
 
   SSLKEAType certKEA = NSS_FindCertKEAType(cert);
 
   if (SSL_ConfigSecureServerWithCertChain(fd, cert, certList, key, certKEA)
         != SECSuccess) {
     PrintPRError("SSL_ConfigSecureServer failed");
@@ -502,18 +281,18 @@ StartServer(const char *nssCertDBDir, SS
     }
   }
 
   const char *callbackPort = PR_GetEnv("MOZ_TLS_SERVER_CALLBACK_PORT");
   if (callbackPort) {
     gCallbackPort = atoi(callbackPort);
   }
 
-  if (InitializeNSS(nssCertDBDir) != SECSuccess) {
-    PR_fprintf(PR_STDERR, "InitializeNSS failed");
+  if (NSS_Init(nssCertDBDir) != SECSuccess) {
+    PrintPRError("NSS_Init failed");
     return 1;
   }
 
   if (NSS_SetDomesticPolicy() != SECSuccess) {
     PrintPRError("NSS_SetDomesticPolicy failed");
     return 1;
   }
 
--- a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
@@ -14,23 +14,16 @@
 // it will connect to a specified port and issue a simple HTTP request.
 
 #include <stdint.h>
 #include "prio.h"
 #include "ScopedNSSTypes.h"
 #include "secerr.h"
 #include "ssl.h"
 
-namespace mozilla {
-
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPRDir, PRDir, PR_CloseDir);
-MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPORTString, char, PORT_Free);
-
-} // namespace mozilla
-
 namespace mozilla { namespace test {
 
 enum DebugLevel
 {
   DEBUG_ERRORS = 1,
   DEBUG_WARNINGS  = 2,
   DEBUG_VERBOSE = 3
 };
@@ -44,19 +37,16 @@ extern const char DEFAULT_CERT_NICKNAME[
 
 // Pass DEFAULT_CERT_NICKNAME as certName unless you need a specific
 // certificate.
 SECStatus
 ConfigSecureServerWithNamedCert(PRFileDesc *fd, const char *certName,
                                 /*optional*/ ScopedCERTCertificate *cert,
                                 /*optional*/ SSLKEAType *kea);
 
-SECStatus
-InitializeNSS(const char* nssCertDBDir);
-
 int
 StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig,
             void *sniSocketConfigArg);
 
 template <typename Host>
 inline const Host *
 GetHostForSNI(const SECItem *aSrvNameArr, uint32_t aSrvNameArrSize,
               const Host *hosts)
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/md5signature-expired.pem.certspec
+++ /dev/null
@@ -1,6 +0,0 @@
-issuer:Test CA
-subject:Test MD5Signature-Expired End-entity
-validity:20110101-20130101
-signature:md5WithRSAEncryption
-extension:subjectAlternativeName:md5signature-expired.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/md5signature.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Test End-entity with MD5 signature
-signature:md5WithRSAEncryption
-extension:subjectAlternativeName:md5signature.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/mismatch-expired.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Mismatch-Expired Test End-entity
-validity:20130101-20140101
-extension:subjectAlternativeName:doesntmatch.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/mismatch-notYetValid.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Mismatch-Not Yet Valid Test End-entity
-validity:20330101-20340101
-extension:subjectAlternativeName:doesntmatch.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted-expired.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Other test CA
-subject:Mismatch-Untrusted-Expired Test End-entity
-validity:20110101-20130101
-extension:subjectAlternativeName:doesntmatch.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/mismatch-untrusted.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Other test CA
-subject:Mismatch-Untrusted Test End-entity
-extension:subjectAlternativeName:doesntmatch.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/mismatch.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Mismatch Test End-entity
-extension:subjectAlternativeName:doesntmatch.example.com,*.alsodoesntmatch.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/mismatchCN.pem.certspec
+++ /dev/null
@@ -1,2 +0,0 @@
-issuer:Test CA
-subject:doesntmatch.example.com
--- a/security/manager/ssl/tests/unit/tlsserver/moz.build
+++ b/security/manager/ssl/tests/unit/tlsserver/moz.build
@@ -1,84 +1,8 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 # lib must be first, because cmd depends on its output
 DIRS += ['lib', 'cmd']
-
-test_certificates = (
-    'badSubjectAltNames.pem',
-    'beforeEpochINT.pem',
-    'beforeEpochIssuer.pem',
-    'beforeEpoch.pem',
-    'ca-used-as-end-entity.pem',
-    'default-ee.pem',
-    'delegatedSHA1Signer.pem',
-    'delegatedSigner.pem',
-    'eeIssuedByNonCA.pem',
-    'eeIssuedByV1Cert.pem',
-    'expired-ee.pem',
-    'expiredINT.pem',
-    'expiredissuer.pem',
-    'inadequateKeySizeEE.pem',
-    'inadequatekeyusage-ee.pem',
-    'invalidDelegatedSignerFromIntermediate.pem',
-    'invalidDelegatedSignerKeyUsageCrlSigning.pem',
-    'invalidDelegatedSignerNoExtKeyUsage.pem',
-    'invalidDelegatedSignerWrongExtKeyUsage.pem',
-    'ipAddressAsDNSNameInSAN.pem',
-    'md5signature-expired.pem',
-    'md5signature.pem',
-    'mismatchCN.pem',
-    'mismatch-expired.pem',
-    'mismatch-notYetValid.pem',
-    'mismatch.pem',
-    'mismatch-untrusted-expired.pem',
-    'mismatch-untrusted.pem',
-    'notYetValidINT.pem',
-    'notYetValidIssuer.pem',
-    'notYetValid.pem',
-    'noValidNames.pem',
-    'nsCertTypeCritical.pem',
-    'nsCertTypeCriticalWithExtKeyUsage.pem',
-    'nsCertTypeNotCritical.pem',
-    'ocspEEWithIntermediate.pem',
-    'ocspOtherEndEntity.pem',
-    'other-test-ca.pem',
-    'other-issuer-ee.pem',
-    'rsa-1016-keysizeDelegatedSigner.pem',
-    'same-issuer-ee.pem',
-    'self-signed-EE-with-cA-true.pem',
-    'selfsigned-inadequateEKU.pem',
-    'selfsigned.pem',
-    'test-ca.pem',
-    'test-int-ee.pem',
-    'test-int.pem',
-    'unknownissuer.pem',
-    'untrusted-expired.pem',
-    'untrustedissuer.pem',
-    'v1Cert.pem',
-)
-
-for test_certificate in test_certificates:
-    input_file = test_certificate + '.certspec'
-    GENERATED_FILES += [test_certificate]
-    props = GENERATED_FILES[test_certificate]
-    props.script = '../pycert.py'
-    props.inputs = [input_file]
-    TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.tlsserver += ['!%s' % test_certificate]
-
-test_keys = (
-    'default-ee.key',
-    'other-test-ca.key',
-    'rsa-1016-keysizeDelegatedSigner.key',
-)
-
-for test_key in test_keys:
-    input_file = test_key + '.keyspec'
-    GENERATED_FILES += [test_key]
-    props = GENERATED_FILES[test_key]
-    props.script = '../pykey.py'
-    props.inputs = [input_file]
-    TEST_HARNESS_FILES.xpcshell.security.manager.ssl.tests.unit.tlsserver += ['!%s' % test_key]
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/noValidNames.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:Test CA
-subject:End-entity with no valid names
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/notYetValid.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Not Yet Valid Test End-entity
-validity:20310101-20320101
-extension:subjectAlternativeName:notyetvalid.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/notYetValidINT.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Not Yet Valid Test Intermediate
-validity:20310101-20330101
-extension:basicConstraints:cA,
-extension:keyUsage:cRLSign,keyCertSign
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/notYetValidIssuer.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Not Yet Valid Test Intermediate
-subject:Test End-entity with not yet valid issuer
-extension:subjectAlternativeName:notyetvalidissuer.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/nsCertTypeCritical.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:nsCertType Critical
-extension:subjectAlternativeName:localhost,*.example.com
-extension:nsCertType[critical]:sslServer
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
+++ /dev/null
@@ -1,6 +0,0 @@
-issuer:Test CA
-subject:nsCertType Critical With extKeyUsage
-extension:subjectAlternativeName:localhost,*.example.com
-extension:nsCertType[critical]:sslServer
-extension:basicConstraints:,
-extension:extKeyUsage:serverAuth
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/nsCertTypeNotCritical.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:nsCertType Not Critical
-extension:subjectAlternativeName:localhost,*.example.com
-extension:nsCertType:sslServer
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/ocspEEWithIntermediate.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test Intermediate
-subject:Test End-entity with Intermediate
-extension:subjectAlternativeName:localhost,*.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/ocspOtherEndEntity.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Other Cert
-extension:subjectAlternativeName:localhost,*.example.com
-extension:authorityInformationAccess:http://localhost:8888/
new file mode 100644
index 0000000000000000000000000000000000000000..a82b2910c5cbb1aa242de9e4398a16833e3296b6
GIT binary patch
literal 630
zc$_n6Vk$CdV!XY8nTe5!i77t9fR~L^tIebBJ1-+6H!FjIgrS&$2pe-K3$rk<e@RAa
zkwQsoafyPnqk)__uc3*dfsuiMnUSH1MU*(N2{P9}-B8s)8KP4ryeK~}9jHkmATv)P
z1Z03~UW%@3UP)$2r9tC-WJ?)Y8JHV;84MabnHn1z&iz^Wcv70v<q1)?SJb8UUcc~<
zNtE-r>F(-aHQ~+wN+xMC-!KYcwoU2QYDqu4G3N@;_NkAe5>{Nx)d?vRRr}g7S>U;!
z*uC#NB;W6F<eGV(sgp@)zt)99lPiC3)aCwu@y)URI{()9!RMuyp2~C(3cr~3b;CP}
zf|-AAhHD6EUAvIZ#LURRxVUk*LE{dC5};>f1zB<pvYRxt^fL33b4pWEb&E@rQu1>X
zGxLh|3NrKZGV{{)QY#X33vyERlJj#xDpM<nQYos1P1wMQjYFG_k(HI5k&#8sK*c}_
z#y4PW6U!(mDX`Ml&&f|t%*n_vF0rxz0(}D>kV}Ob8UM2|88D#5C^IlrH8o4~re&2K
zSdr9g7Vh|4{p%!QjiQ5`GiM|<o!^xnm)ynrh->E(^Yh*pU3Rmqh>2eNd;3?$ZTHXZ
zSysZ<u`Ba_ot{oeSL&PRR;$f7F7?mf_~wxpPeXLi?z#6TtdeZ9n!0Bj`+U<p5zpAq
b#dRk(w#Yrz^(gk^IjOY&$J1Slj2)Q)uNmV>
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/other-issuer-ee.pem.certspec
+++ /dev/null
@@ -1,6 +0,0 @@
-issuer:Other test CA
-subject:Wrong CA Pin Test End-Entity
-issuerKey:alternate
-subjectKey:alternate
-extension:subjectAlternativeName:*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com
-extension:authorityInformationAccess:http://localhost:8888/
new file mode 100644
index 0000000000000000000000000000000000000000..4da6f3bf6b2ccc7f23527eea12f48e7902b4642f
GIT binary patch
literal 452
zc$_n6Vmx5b#HhJ|nTe5!iIrg?N7oMnUN%mxHjlRNyo`+8tPBPchGGUHY|No7%)-3>
zB^jwj3MHw<B?``t26E!Oh9-svMg|6EMusNlQR2KN$Xq-+8|Ne2!pO?N+}O)t(Ade;
z*vK$Ve1Y<Y)23Wu?rz6C%+Gy#yE&fCG*PpU@ye-%=2v6qq^)AQz&k(lkR6+u#g$a2
z8Q;ncZhq=ydwe(1;p+LG#?vuoyCUVzybix1Yf-kV|L)$UDe6W?%x3uOT5(<vezNu6
zBE=VP9Qezg-~06ZwNt}|9Mv@4Q%2F7-$|{U!y)`(&u=DXMh3>kK$jZ`0o^Vu%*gnk
zg~NaiNHH-oq6H2!(7merSFd=bZ*@)UvcbEvM{d1+8vnJ#tgijbZ;vleMP@PW_0QWd
zuW&-@4i%Zs)SSw9ULWlGE{ZW7-yr_(8PCrRER5eGcf|AXIqm+wwn|0)<b@bl5ve%y
yc8#N@8+;zlRpFbn+N^a_S7^|GP0{od_D8p5NXIR^zgu_V``%AxH&1IW;R66o0IGWc
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/other-test-ca.key.keyspec
+++ /dev/null
@@ -1,1 +0,0 @@
-alternate
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/other-test-ca.pem.certspec
+++ /dev/null
@@ -1,7 +0,0 @@
-issuer:Other test CA
-subject:Other test CA
-issuerKey:alternate
-subjectKey:alternate
-validity:20150101-20250101
-extension:basicConstraints:cA,
-extension:keyUsage:cRLSign,keyCertSign
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:security/manager/ssl/tests/unit/tlsserver' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.key.keyspec
+++ /dev/null
@@ -1,1 +0,0 @@
-rsa1016
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/rsa-1016-keysizeDelegatedSigner.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:RSA 1016 Key Size Test Delegated Responder
-subjectKey:rsa1016
-extension:extKeyUsage:OCSPSigning
new file mode 100644
index 0000000000000000000000000000000000000000..62d959834b0a02080ccaf96986fb19f582a678dc
GIT binary patch
literal 668
zc$_n6Vwz#l#KgFOnTe5!iAiUJ0WTY;R+~rLcV0$DZdL{ZAwvNJJ~rl17G`1gkksN5
z1!qSCIdNV?Qv+iIV?#?ra|7cjab6Q-u7Q%Ff`J@FkGNxAeo01Zkpft+YhH?OYF<fZ
zNu@y(qY|=JjI0dIO^o~uKyfanCPqevr5g_)YWVihGlDJdnFwcx@q-y(qTJXfYv?Mf
z%6`1+AEj5e&8V)RsPl;Nw?h}ccExpHczAUo|7VE+qaw9O+Y7E2W!NX?mD_gx57Bh7
zwtaq^wR-Uji?{X6Yk!<MvpBwK71vd^#~bRO*-kxXd!}Gru%*bRX0C?jh_x+Og*CID
z{_qVES()e_T=4n)l$f`9-?TSAuGio9C3fMC*z9eE$!~d9Y@Gb>+|v?2fr*~1&c)Xk
zuiADw{<(0R`1At9_YCL0A6_Cqo%^Gm>yAyUa?K3q8q|D$tSf12Y4UDIvYXaB;i+OL
z_VoOI9DU&0VfhrUsv~a}Ehw4HRAXqvCo*}0LaJHihFB(MMh3>knFi?w%D|A66=aby
zkZR)0$xlwq$;dA*Y2ww=ORY%EEyzjLOU}<VFk<7-W@BV!WoKk$Q8Q36P=fId7~8}$
zN=gc>^!4GItt@~*-+%{XurMRze-<VK2DEr*Zfs=8?{UjNJEzO3;`u@in}ze`A38b)
z+psYS99b!^{7>)6qPdB)A1rQaxKVu}`}@I=9?iquN6&g3`x;Qtl4-H9i&wG!v&sCR
z$n+S0UWHxC?)**9x1KHX;@sL}{b+5b8~+#1<g5kPOiS+fHN0P{;<2J`($9k%7yfse
Op6k8memsj+gC_vDmHN#9
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/same-issuer-ee.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Another Test End-entity
-extension:subjectAlternativeName:localhost,*.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/self-signed-EE-with-cA-true.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test Self-signed End-entity with CA true
-subject:Test Self-signed End-entity with CA true
-extension:basicConstraints:cA,
-extension:authorityInformationAccess:http://localhost:8888/
-extension:subjectAlternativeName:self-signed-end-entity-with-cA-true.example.com
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/selfsigned-inadequateEKU.pem.certspec
+++ /dev/null
@@ -1,6 +0,0 @@
-issuer:Self-signed Inadequate EKU Test End-entity
-subject:Self-signed Inadequate EKU Test End-entity
-extension:keyUsage:keyEncipherment,dataEncipherment
-extension:extKeyUsage:serverAuth
-extension:subjectAlternativeName:selfsigned-inadequateEKU.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/selfsigned.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Self-signed Test End-entity
-subject:Self-signed Test End-entity
-extension:subjectAlternativeName:selfsigned.example.com
-extension:authorityInformationAccess:http://localhost:8888/
new file mode 100644
index 0000000000000000000000000000000000000000..a46410db966439bf7640bbfae9460cde418af401
GIT binary patch
literal 440
zc$_n6V%%cT#3;LfnTe5!iIrg?N7r`)UN%mxHjlRNyo`+8tPBQ1h5`nBY|No7%);y;
zsl_D<&W;9h;=G0?h6Y9k24+TvCT3CMye7z8ta=*fBb&^~%D~*%%V5yh$<)}$Fze+h
z?WL0@ZRwYPn{WU3X#Jt1K@+d`^i*s3e*KldS@UK`#r|q$F|E6Lrl~j5QeOEylH7Ci
z%e8WDlcoT^b`zHGKOHw-*?;(If{0*qtxcs5L*60f{?~~;ev^y+_#Yje_=w;9zLsm_
zGU4r;wR?U}(mFo5O7zxM^NEcsrr&G|>QnP)VrFDuTr6fFVju)`wX85B<9`+o12!PV
z#K?#iAk0AbCMw*RWhpLaa3o08aB-^iZ%*ex-zAoZras^}7P{iq>j$qT1WbDUtYRLs
zuK8OMsx-ap6GQ6qrhlPfPtTs)z_b732Ck+xEd0wZexH)?B6wd*vCR6TpP#83ZG5V7
s_0yLHA5L>JyyI!@l1M*%f5Dkd5wR6~>y$q(Tm9)0XTmMr{+2co062rDJOBUy
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/test-ca.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test CA
-subject:Test CA
-extension:basicConstraints:cA,
-extension:keyUsage:cRLSign,keyCertSign
new file mode 100644
index 0000000000000000000000000000000000000000..d1c019f78d34a9454c22fd5b23b642482f72e74c
GIT binary patch
literal 533
zc$_n6ViGiHVys%g%*4pV#FV9Fz{|#|)#lOmotKf3o0Y*p#!$*Yf{i(pg;`iIB(=Ci
z!85NUwJ0|=B{Q)k)j&?1*U-e!(9q1t(9qn-I7*z?1et4~VyI-G0MRY!>Z*`gTwI!(
zqL5Unkcn(c<9uXW8Ce;a8+#cH8atU98yQaAyXh4@fn8%(vs&}#w0+mKU;LUe`&)X(
z*@Kb6&z>yJ3|oJ4a+THI1A9A;3(sBOEFE)7;NHz;E8_N+u6_JO+B>WwS8PRxPH%iy
z)U2nb7RFvb*4=V>`)Teax#|ol?v-=6mKO!=ud6qkKP}^`qU-KEDQcOH6Y}o2SGMI<
zb6D}eoy)|`$iTQb${@l(1n3W0K^9&E?k3Kh{N%)(jQrvf10yyLZ8k<$R(3{47BvGE
z10@*WfU!+1qokz3N?#wY+R6e5^bL4GCJ8e#{%2t_U_c9SW}u%JzIprafTp>nywir7
znM|h2Z$v6s?RPaK=6q~bycXWy`9JeHw@c51hGiReN-*0*t}^Xd_+!bfjI0N>>oPVq
zHw0cg;kZQ9$oxg&F~<B?3URJ+1xiz%-M8>F=a$W$V)rur_Q@^cycg~AA8%{SP7$`9
Wu~#zp64T5=W7#c2>r=yj$p8Q#-n>)*
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/test-int-ee.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:Test Intermediate
-subject:EE issued by intermediate
-extension:subjectAlternativeName:localhost
new file mode 100644
index 0000000000000000000000000000000000000000..afac61f517454353e10a1896f32699104d78266d
GIT binary patch
literal 499
zc$_n6VtjAV#2B%FnTe5!i77tHfR~L^tIebBJ1-+6H!FjIkfDG99~*Nh3$rkLNNRD3
zg0rK6oH(zciJ^g!fq|Kkp^0UbIIjsZ*FeTl%0L35M-Z&XGp{7IC^t1FGqEJqpm9F3
z9gM6D%#FPa292Fejg1V;nLBGUE-W;%4SUXPcASmz^woDNY#*ZPJVjP*;rYPa!lCzm
zi$Lm^cfXs8&)bx2OZQ>UH#<@MO6&O2vr>N-U$~@F?o@Cmf@8sKfA5P&pQH=UEberz
ze|!2)o40**)si_e<|4xLU5`ufewwuIY(tg1!GW#+!`A$+4(71>@Z^oy``1j&j0}v6
zy$n1IjMzA|*%(<_*%=vG)C^P%lwf=V#x}8xl9B=|ef^yL<iwne{NfTT3n0)p5CZyH
zR+y3TKMRKe8<1jRWIzi}W}qKUBUaUIe*02Pj5YG&ZN)ntZYv{ocE}0%WN+wn_l>`E
zQ6XlHzWC+Y&*y|QeP_7Y#%ikgey?`2hg$W=5_f5(byIZyOzkN*WoD|4^7-xicUG2W
zuFcfAJ+&*j%hCm%Z)wPJY*D#<e#e_T-`+m!p1i3&@dGnYj<$zT<SN}6GyWtkISl}I
C^sVav
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/test-int.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Test CA
-subject:Test Intermediate
-validity:20150101-20250101
-extension:basicConstraints:cA,
-extension:keyUsage:cRLSign,keyCertSign
new file mode 100644
index 0000000000000000000000000000000000000000..7457064ebd9d5597e06ccbd38cac0082366e54e2
GIT binary patch
literal 933
zc$_n6VqR#_#MHTfnTe5!iHWDxfR~L^tIebBJ1-+6H!FjInxTq;5*u?U3$w6vNNRD3
zf@fYyYEf=#N@ik7szOP=LP}~*YDubroH(zcse!S9k)gS<rKw?*IIjsZ*Feuu$3P2W
zjxyLB*Sr+n)Vz|+l1hcNqWoNi(!A`v{PH}7%;MtG)FOi>MkQpYFtRc*H!<=v0L8hO
zniv@wUWrFs4)xNBO;I_jYCh{wDnr|EGrRA#+bZ-`Ygejkr#;*?r?%(oPmQ-855;O&
zb&iKED{eCk3}A2xKeQ*ca89<c#ao|QJ4_GMyT#kb&VKpjUC&C_Ne>s-EKK=PapSbZ
ztP>W?W72LaW;=Jdf6&tQWj7WwXZHzRf8c$*=ZqVL2Y&Te%vkv1QO}zTyiSMTN~_Gj
zt9iei@1rL7PU+k4876DHzfF_kG|ls8EL-!uNT2D?Itdn^L&1{Fdm991_qh3OPrs5d
zuk6w9m2D1I-(GpzNd+Yx_~%u~5ftC0pcZvzTicN|Q9k{D29Lh%$WKafIm)b(eQAdi
zkN=+cf{Pe9X5XG)$;8aaz__^af<fb1gT@YEz{(1;G&UI2HAzAP5)zJjsTGO21v#mD
z$@#fWCa6-GdC57YDXF@}rAaCIxrv#1#d-yqd3l+6=_tCiQFWC7BTqLsKP45LVgn;K
z4sA9@R#tXKMiw;#P||_&4H(<RGD=Dctn~GB@{<#DGV+T{tSo>)-+%|?dSOP!|13-f
z3~1?(85GwVeY-R&&qq(VeIOv)b>*$|3l9eVk4>+#Y!%$Oqi^?PZx5xz*S-rKI)0B|
zBjw0ba|x}qE{V>#E>ZuzyqTXA=Sy(D?{H0zdEdr!{TS1Py+zV0Wi63$3u;%d-@PKD
zO62Cwt>ViPRf4W6?m46`#T);(PAM(>u|;k952my8JHOm5__uA%6mJ$M3-i3`ioZV{
z{Sh}aQtMo&sefn4W)<P@Pw%pcOgkWSD<CLC@}1Je*|9tS+Po6Dyl%pd83*Tc82@pb
zbw%~?$weRU|LYcz_z|!_ch2vnbEe(-=$t-5+3EfNMK6Qzlzy7$YNPceAhvHu@t>kc
W2~umDx4F-o5o;%RBxc@`ORfMQRdOHz
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/unknownissuer.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Test Intermediate to delete
-subject:Test End-entity from unknown issuer
-extension:subjectAlternativeName:unknownissuer.example.com,unknownissuer.include-subdomains.pinning.example.com,unknownissuer.test-mode.pinning.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/untrusted-expired.pem.certspec
+++ /dev/null
@@ -1,5 +0,0 @@
-issuer:Other test CA
-subject:Untrusted-Expired Test End-entity
-validity:20110101-20130101
-extension:subjectAlternativeName:untrusted-expired.example.com
-extension:authorityInformationAccess:http://localhost:8888/
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/untrustedissuer.pem.certspec
+++ /dev/null
@@ -1,4 +0,0 @@
-issuer:Other test CA
-subject:Test End-entity with untrusted issuer
-extension:subjectAlternativeName:untrustedissuer.example.com
-extension:authorityInformationAccess:http://localhost:8888/
new file mode 100644
index 0000000000000000000000000000000000000000..3a69e645a10689e8269e4633816e6d9735b64909
GIT binary patch
literal 407
zc$_n6Vw`Ny_?L+(zQTZ)jZ>@5qwPB{BO^B}gMpBtfB_#Hb0`b5FndU9afyPnqk)__
zuc3*dfsuiMnURr!QIt5Z2{IQ&Pne;Cb81nELF0U6lNnhVm>YW;3>rI`8XFmAFG?u!
z4Sbq4ou#=bXXgsz>-kgo{Qn2bZ9K;5e(hq<pBWxC(-;=FJ<*vRr{Z*7_)}ithnBg8
z&A)n=#5p;zRaxDClB_MYMpZ*8;xzy1(;*MvtuWT94p{TaQ^!MG{$jJx<&^VDi(Yp}
z1n8K_f3s)Wvnf2EXQIpH=a-{CUR=HS*<~hXMg~SSk23?^Wqi%b^3H`wrF!8ohcmy^
z^cB8*wGvz1=Ha)Q<*C3<_FpwecifM(wb*m_^M8K7*!5*cc%Qon_w2ctZ<lDU!{pli
zK|1`CB!92m`QC_c97n3fcFZW=u3PzVZT913TQ`0A>N4r-(Y<VncX%t73e8^e#l`6T
U4E70^GCSCh9{>AMVg8K{05|cT`Tzg`
deleted file mode 100644
--- a/security/manager/ssl/tests/unit/tlsserver/v1Cert.pem.certspec
+++ /dev/null
@@ -1,3 +0,0 @@
-issuer:Test CA
-subject:V1 Cert
-version:1
--- a/security/manager/tools/genHPKPStaticPins.js
+++ b/security/manager/tools/genHPKPStaticPins.js
@@ -3,23 +3,23 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 // How to run this file:
 // 1. [obtain firefox source code]
 // 2. [build/obtain firefox binaries]
 // 3. run `[path to]/run-mozilla.sh [path to]/xpcshell \
 //                                  [path to]/genHPKPStaticpins.js \
 //                                  [absolute path to]/PreloadedHPKPins.json \
-//                                  [an unused argument - see bug 1205406] \
+//                                  [absolute path to]/default-ee.der \
 //                                  [absolute path to]/StaticHPKPins.h
 
 if (arguments.length != 3) {
   throw "Usage: genHPKPStaticPins.js " +
         "<absolute path to PreloadedHPKPins.json> " +
-        "<an unused argument - see bug 1205406> " +
+        "<absolute path to default-ee.der> " +
         "<absolute path to StaticHPKPins.h>";
 }
 
 const { 'classes': Cc, 'interfaces': Ci, 'utils': Cu, 'results': Cr } = Components;
 
 var { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
 var { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
 var { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
@@ -63,18 +63,17 @@ const PINSETDEF = "/* Pinsets are each a
   "};\n\n" +
   "struct StaticPinset {\n" +
   "  const StaticFingerprints* sha1;\n" +
   "  const StaticFingerprints* sha256;\n" +
   "};\n\n";
 
 // Command-line arguments
 var gStaticPins = parseJson(arguments[0]);
-
-// arguments[1] is ignored for now. See bug 1205406.
+var gTestCertFile = arguments[1];
 
 // Open the output file.
 var file = Cc["@mozilla.org/file/local;1"].createInstance(Ci.nsILocalFile);
 file.initWithPath(arguments[2]);
 var gFileOutputStream = FileUtils.openSafeFileOutputStream(file);
 
 function writeString(string) {
   gFileOutputStream.write(string, string.length);
@@ -346,17 +345,17 @@ function downloadAndParseChromePins(file
         pins: pinsetName });
     }
   });
   return [ chromeImportedPinsets, chromeImportedEntries ];
 }
 
 // Returns a pair of maps [certNameToSKD, certSKDToName] between cert
 // nicknames and digests of the SPKInfo for the mozilla trust store
-function loadNSSCertinfo(extraCertificates) {
+function loadNSSCertinfo(derTestFile, extraCertificates) {
   let allCerts = gCertDB.getCerts();
   let enumerator = allCerts.getEnumerator();
   let certNameToSKD = {};
   let certSKDToName = {};
   while (enumerator.hasMoreElements()) {
     let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
     if (!isCertBuiltIn(cert)) {
       continue;
@@ -370,20 +369,23 @@ function loadNSSCertinfo(extraCertificat
   for (let cert of extraCertificates) {
     let name = cert.commonName;
     let SKD = cert.sha256SubjectPublicKeyInfoDigest;
     certNameToSKD[name] = SKD;
     certSKDToName[SKD] = name;
   }
 
   {
-    // This is the pinning test certificate. The key hash identifies the
-    // default RSA key from pykey.
+    // A certificate for *.example.com.
+    let der = readFileToString(derTestFile);
+    let testCert = gCertDB.constructX509(der, der.length);
+    // We can't include this cert in the previous loop, because it skips
+    // non-builtin certs and the nickname is not built-in to the cert.
     let name = "End Entity Test Cert";
-    let SKD = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+    let SKD  = testCert.sha256SubjectPublicKeyInfoDigest;
     certNameToSKD[name] = SKD;
     certSKDToName[SKD] = name;
   }
   return [certNameToSKD, certSKDToName];
 }
 
 function parseJson(filename) {
   let json = stripComments(readFileToString(filename));
@@ -592,17 +594,18 @@ function loadExtraCertificates(certStrin
   let constructedCerts = [];
   for (let certString of certStringList) {
     constructedCerts.push(gCertDB.constructX509FromBase64(certString));
   }
   return constructedCerts;
 }
 
 var extraCertificates = loadExtraCertificates(gStaticPins.extra_certificates);
-var [ certNameToSKD, certSKDToName ] = loadNSSCertinfo(extraCertificates);
+var [ certNameToSKD, certSKDToName ] = loadNSSCertinfo(gTestCertFile,
+                                                       extraCertificates);
 var [ chromeNameToHash, chromeNameToMozName ] = downloadAndParseChromeCerts(
   gStaticPins.chromium_data.cert_file_url, certSKDToName);
 var [ chromeImportedPinsets, chromeImportedEntries ] =
   downloadAndParseChromePins(gStaticPins.chromium_data.json_file_url,
     chromeNameToHash, chromeNameToMozName, certNameToSKD, certSKDToName);
 
 writeFile(certNameToSKD, certSKDToName, chromeImportedPinsets,
           chromeImportedEntries);