Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
authorMark Goodwin <mgoodwin@mozilla.com>, Harsh Pathak <hpathak@mozilla.com>
Wed, 07 Jan 2015 06:08:00 +0100
changeset 222874 5f8dbb4956752d9759c92ac84b37c79d046805d2
parent 222873 2e983faaa3a5b7751b856e9fba4af91a4659534c
child 222875 68d1c3fd25f1fbbb5b8910a41ff0a691c0eae371
push id28074
push usercbook@mozilla.com
push dateFri, 09 Jan 2015 13:00:21 +0000
treeherdermozilla-central@ed280f6c7b39 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, Unfocused
bugs1024809
milestone37.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1024809 - (OneCRL) Create a blocklist mechanism to revoke intermediate certs. r=keeler r=Unfocused
security/certverifier/NSSCertDBTrustDomain.cpp
security/certverifier/NSSCertDBTrustDomain.h
security/manager/boot/public/moz.build
security/manager/boot/public/nsICertBlocklist.idl
security/manager/boot/src/CertBlocklist.cpp
security/manager/boot/src/CertBlocklist.h
security/manager/boot/src/moz.build
security/manager/boot/src/nsBOOTModule.cpp
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/tests/unit/test_cert_blocklist.js
security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
security/manager/ssl/tests/unit/tlsserver/cert9.db
security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
security/manager/ssl/tests/unit/tlsserver/key4.db
security/manager/ssl/tests/unit/tlsserver/test-int-ee.der
security/manager/ssl/tests/unit/tlsserver/test-int.der
security/manager/ssl/tests/unit/tlsserver/unknown-issuer.der
security/manager/ssl/tests/unit/xpcshell.ini
toolkit/mozapps/extensions/nsBlocklistService.js
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
@@ -4,21 +4,22 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "NSSCertDBTrustDomain.h"
 
 #include <stdint.h>
 
 #include "ExtendedValidation.h"
-#include "nsNSSCertificate.h"
-#include "NSSErrorsService.h"
 #include "OCSPRequestor.h"
 #include "certdb.h"
+#include "nsNSSCertificate.h"
 #include "nss.h"
+#include "NSSErrorsService.h"
+#include "nsServiceManagerUtils.h"
 #include "pk11pub.h"
 #include "pkix/pkix.h"
 #include "pkix/pkixnss.h"
 #include "pkix/ScopedPtr.h"
 #include "prerror.h"
 #include "prmem.h"
 #include "prprf.h"
 #include "ScopedNSSTypes.h"
@@ -62,16 +63,17 @@ NSSCertDBTrustDomain::NSSCertDBTrustDoma
   , mOCSPFetching(ocspFetching)
   , mOCSPCache(ocspCache)
   , mPinArg(pinArg)
   , mOCSPGetConfig(ocspGETConfig)
   , mPinningMode(pinningMode)
   , mMinimumNonECCBits(forEV ? MINIMUM_NON_ECC_BITS_EV : MINIMUM_NON_ECC_BITS_DV)
   , mHostname(hostname)
   , mBuiltChain(builtChain)
+  , mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
   , mOCSPStaplingStatus(CertVerifier::OCSP_STAPLING_NEVER_CHECKED)
 {
 }
 
 // E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR
 static const uint8_t ANSSI_SUBJECT_DATA[] =
                        "\x30\x81\x85\x31\x0B\x30\x09\x06\x03\x55\x04"
                        "\x06\x13\x02\x46\x52\x31\x0F\x30\x0D\x06\x03"
@@ -361,16 +363,37 @@ NSSCertDBTrustDomain::CheckRevocation(En
   // Since this affects EV there is no reason why DV should be more strict
   // so all intermediatates are allowed to have OCSP responses up to one year
   // old.
   uint16_t maxOCSPLifetimeInDays = 10;
   if (endEntityOrCA == EndEntityOrCA::MustBeCA) {
     maxOCSPLifetimeInDays = 365;
   }
 
+  if (!mCertBlocklist) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  bool isCertRevoked;
+  nsresult nsrv = mCertBlocklist->IsCertRevoked(
+                    certID.issuer.UnsafeGetData(),
+                    certID.issuer.GetLength(),
+                    certID.serialNumber.UnsafeGetData(),
+                    certID.serialNumber.GetLength(),
+                    &isCertRevoked);
+  if (NS_FAILED(nsrv)) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  if (isCertRevoked) {
+    PR_LOG(gCertVerifierLog, PR_LOG_DEBUG,
+           ("NSSCertDBTrustDomain: certificate is in blocklist"));
+    return Result::ERROR_REVOKED_CERTIFICATE;
+  }
+
   // If we have a stapled OCSP response then the verification of that response
   // determines the result unless the OCSP response is expired. We make an
   // exception for expired responses because some servers, nginx in particular,
   // are known to serve expired responses due to bugs.
   // We keep track of the result of verifying the stapled response but don't
   // immediately return failure if the response has expired.
   //
   // We only set the OCSP stapling status if we're validating the end-entity
--- a/security/certverifier/NSSCertDBTrustDomain.h
+++ b/security/certverifier/NSSCertDBTrustDomain.h
@@ -2,19 +2,20 @@
 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef mozilla_psm__NSSCertDBTrustDomain_h
 #define mozilla_psm__NSSCertDBTrustDomain_h
 
+#include "CertVerifier.h"
+#include "nsICertBlocklist.h"
 #include "pkix/pkixtypes.h"
 #include "secmodt.h"
-#include "CertVerifier.h"
 
 namespace mozilla { namespace psm {
 
 SECStatus InitializeNSS(const char* dir, bool readOnly);
 
 void DisableMD5();
 
 extern const char BUILTIN_ROOTS_MODULE_DEFAULT_NAME[];
@@ -115,14 +116,15 @@ private:
   const OCSPFetching mOCSPFetching;
   OCSPCache& mOCSPCache; // non-owning!
   void* mPinArg; // non-owning!
   const CertVerifier::ocsp_get_config mOCSPGetConfig;
   CertVerifier::PinningMode mPinningMode;
   const unsigned int mMinimumNonECCBits;
   const char* mHostname; // non-owning - only used for pinning checks
   ScopedCERTCertList* mBuiltChain; // non-owning
+  nsCOMPtr<nsICertBlocklist> mCertBlocklist;
   CertVerifier::OCSPStaplingStatus mOCSPStaplingStatus;
 };
 
 } } // namespace mozilla::psm
 
 #endif // mozilla_psm__NSSCertDBTrustDomain_h
--- a/security/manager/boot/public/moz.build
+++ b/security/manager/boot/public/moz.build
@@ -1,15 +1,16 @@
 # -*- Mode: python; c-basic-offset: 4; indent-tabs-mode: nil; tab-width: 40 -*-
 # vim: set filetype=python:
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 XPIDL_SOURCES += [
     'nsIBufEntropyCollector.idl',
+    'nsICertBlocklist.idl',
     'nsISecurityUITelemetry.idl',
     'nsISecurityWarningDialogs.idl',
     'nsISSLStatusProvider.idl',
 ]
 
 XPIDL_MODULE = 'pipboot'
 
new file mode 100644
--- /dev/null
+++ b/security/manager/boot/public/nsICertBlocklist.idl
@@ -0,0 +1,40 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+%{C++
+#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
+%}
+
+/**
+ * Represents a service to add certificates as explicitly blocked/distrusted.
+ */
+[scriptable, uuid(44b0ee42-1af3-45e7-b601-7f17bd67c5cc)]
+interface nsICertBlocklist : nsISupports {
+  /**
+   * Add details of a revoked certificate :
+   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
+   */
+   void addRevokedCert(in string issuer, in string serialNumber);
+
+  /**
+   * Persist (fresh) blocklist entries to the profile (if a profile directory is
+   * available). Note: calling this will result in synchronous I/O.
+   */
+   void saveEntries();
+
+  /**
+   * Check if a certificate is blocked.
+   * isser - issuer name, DER encoded
+   * serial - serial number, DER encoded
+   */
+   boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
+                          in unsigned long issuer_length,
+                          [const, array, size_is(serial_length)] in octet serial,
+                          in unsigned long serial_length);
+};
new file mode 100644
--- /dev/null
+++ b/security/manager/boot/src/CertBlocklist.cpp
@@ -0,0 +1,502 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertBlocklist.h"
+#include "mozilla/Base64.h"
+#include "mozilla/unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRTGlue.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsIFileStreams.h"
+#include "nsILineInputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "nsTHashtable.h"
+#include "nsThreadUtils.h"
+#include "pkix/Input.h"
+#include "prlog.h"
+
+NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
+
+static PRLogModuleInfo* gCertBlockPRLog;
+
+CertBlocklistItem::CertBlocklistItem(mozilla::pkix::Input aIssuer,
+                                     mozilla::pkix::Input aSerial)
+  : mIsCurrent(false)
+{
+  mIssuerData = new uint8_t[aIssuer.GetLength()];
+  memcpy(mIssuerData, aIssuer.UnsafeGetData(), aIssuer.GetLength());
+  mozilla::unused << mIssuer.Init(mIssuerData, aIssuer.GetLength());
+
+  mSerialData = new uint8_t[aSerial.GetLength()];
+  memcpy(mSerialData, aSerial.UnsafeGetData(), aSerial.GetLength());
+  mozilla::unused << mSerial.Init(mSerialData, aSerial.GetLength());
+}
+
+CertBlocklistItem::CertBlocklistItem(const CertBlocklistItem& aItem)
+{
+  uint32_t issuerLength = aItem.mIssuer.GetLength();
+  mIssuerData = new uint8_t[issuerLength];
+  memcpy(mIssuerData, aItem.mIssuerData, issuerLength);
+  mozilla::unused << mIssuer.Init(mIssuerData, issuerLength);
+
+  uint32_t serialLength = aItem.mSerial.GetLength();
+  mSerialData = new uint8_t[serialLength];
+  memcpy(mSerialData, aItem.mSerialData, serialLength);
+  mozilla::unused << mSerial.Init(mSerialData, serialLength);
+  mIsCurrent = aItem.mIsCurrent;
+}
+
+CertBlocklistItem::~CertBlocklistItem()
+{
+  delete[] mIssuerData;
+  delete[] mSerialData;
+}
+
+nsresult
+CertBlocklistItem::ToBase64(nsACString& b64IssuerOut, nsACString& b64SerialOut)
+{
+  nsDependentCSubstring issuerString(reinterpret_cast<char*>(mIssuerData),
+                                     mIssuer.GetLength());
+  nsDependentCSubstring serialString(reinterpret_cast<char*>(mSerialData),
+                                     mSerial.GetLength());
+  nsresult rv = mozilla::Base64Encode(issuerString, b64IssuerOut);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = mozilla::Base64Encode(serialString, b64SerialOut);
+  return rv;
+}
+
+bool
+CertBlocklistItem::operator==(const CertBlocklistItem& aItem) const
+{
+  bool retval = InputsAreEqual(aItem.mIssuer, mIssuer) &&
+                InputsAreEqual(aItem.mSerial, mSerial);
+  return retval;
+}
+
+uint32_t
+CertBlocklistItem::Hash() const
+{
+  uint32_t hash;
+  uint32_t serialLength = mSerial.GetLength();
+  // there's no requirement for a serial to be as large as 32 bits; if it's
+  // smaller, fall back to the first octet (otherwise, the last four)
+  if (serialLength >= 4) {
+    hash = *(uint32_t *)(mSerialData + serialLength - 4);
+  } else {
+    hash = *mSerialData;
+  }
+  return hash;
+}
+
+CertBlocklist::CertBlocklist()
+  : mMutex("CertBlocklist::mMutex")
+  , mModified(false)
+  , mBackingFileIsInitialized(false)
+{
+  if (!gCertBlockPRLog) {
+    gCertBlockPRLog = PR_NewLogModule("CertBlock");
+  }
+}
+
+CertBlocklist::~CertBlocklist()
+{
+}
+
+nsresult
+CertBlocklist::Init()
+{
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG, ("CertBlocklist::Init"));
+
+  // Init must be on main thread for getting the profile directory
+  if (!NS_IsMainThread()) {
+    PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+           ("CertBlocklist::Init - called off main thread"));
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // Get the profile directory
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+         ("CertBlocklist::Init - not initialized; initializing"));
+  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                       getter_AddRefs(mBackingFile));
+  if (NS_FAILED(rv) || !mBackingFile) {
+    PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+           ("CertBlocklist::Init - couldn't get profile dir"));
+  }
+  return NS_OK;
+}
+
+nsresult
+CertBlocklist::EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock)
+{
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+         ("CertBlocklist::EnsureBackingFileInitialized"));
+  if (mBackingFileIsInitialized || !mBackingFile) {
+    return NS_OK;
+  }
+
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+         ("CertBlocklist::EnsureBackingFileInitialized - not initialized"));
+
+  // Load the revocations file into the cert blocklist
+  nsresult rv = mBackingFile->Append(NS_LITERAL_STRING("revocations.txt"));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsAutoCString path;
+  rv = mBackingFile->GetNativePath(path);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+        ("CertBlocklist::Init certList path: %s", path.get()));
+
+  bool exists = false;
+  rv = mBackingFile->Exists(&exists);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!exists) {
+    PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
+           ("CertBlocklist::Init no revocations file"));
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIFileInputStream> fileStream(
+      do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = fileStream->Init(mBackingFile, -1, -1, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsILineInputStream> lineStream(do_QueryInterface(fileStream, &rv));
+  nsAutoCString line;
+  nsAutoCString issuer;
+  nsAutoCString serial;
+  // read in the revocations file. The file format is as follows: each line
+  // contains a comment, base64 encoded DER for an issuer or base64 encoded DER
+  // for a serial number. Comment lines start with '#', serial number lines, ' '
+  // (a space) and anything else is assumed to be an issuer.
+  bool more = true;
+  do {
+    rv = lineStream->ReadLine(line, &more);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+    // ignore comments and empty lines
+    if (line.IsEmpty() || line.First() == '#') {
+      continue;
+    }
+    if (line.First() != ' ') {
+      issuer = line;
+      continue;
+    }
+    serial = line;
+    serial.Trim(" ", true, false, false);
+    // serial numbers 'belong' to the last issuer line seen; if no issuer has
+    // been seen, the serial number is ignored
+    if (issuer.IsEmpty() || serial.IsEmpty()) {
+      continue;
+    }
+    PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+           ("CertBlocklist::Init adding: %s %s",
+           issuer.get(), serial.get()));
+    rv = AddRevokedCertInternal(issuer.get(),
+                                serial.get(),
+                                CertOldFromLocalCache,
+                                lock);
+    if (NS_FAILED(rv)) {
+      // we warn here, rather than abandoning, since we need to
+      // ensure that as many items as possible are read
+      PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
+             ("CertBlocklist::Init adding revoked cert failed"));
+    }
+  } while (more);
+  mBackingFileIsInitialized = true;
+  return NS_OK;
+}
+
+// void addRevokedCert (in string issuer, in string serialNumber);
+NS_IMETHODIMP
+CertBlocklist::AddRevokedCert(const char* aIssuer,
+                              const char* aSerialNumber)
+{
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+         ("CertBlocklist::addRevokedCert - issuer is: %s and serial: %s",
+          aIssuer, aSerialNumber));
+  mozilla::MutexAutoLock lock(mMutex);
+  return AddRevokedCertInternal(aIssuer,
+                                aSerialNumber,
+                                CertNewFromBlocklist,
+                                lock);
+}
+
+nsresult
+CertBlocklist::AddRevokedCertInternal(const char* aIssuer,
+                                      const char* aSerialNumber,
+                                      CertBlocklistItemState aItemState,
+                                      mozilla::MutexAutoLock& /*proofOfLock*/)
+{
+  nsCString decodedIssuer;
+  nsCString decodedSerial;
+
+  nsresult rv;
+  rv = mozilla::Base64Decode(nsDependentCString(aIssuer), decodedIssuer);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = mozilla::Base64Decode(nsDependentCString(aSerialNumber), decodedSerial);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mozilla::pkix::Input issuer;
+  mozilla::pkix::Input serial;
+
+  mozilla::pkix::Result pkrv;
+  pkrv = issuer.Init(reinterpret_cast<const uint8_t*>(decodedIssuer.get()),
+                     decodedIssuer.Length());
+  if (pkrv != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  pkrv = serial.Init(reinterpret_cast<const uint8_t*>(decodedSerial.get()),
+                     decodedSerial.Length());
+  if (pkrv != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  CertBlocklistItem item(issuer, serial);
+
+  if (aItemState == CertNewFromBlocklist) {
+    // we want SaveEntries to be a no-op if no new entries are added
+    if (!mBlocklist.Contains(item)) {
+      mModified = true;
+    }
+
+    // Ensure that any existing item is replaced by a fresh one so we can
+    // use mIsCurrent to decide which entries to write out
+    mBlocklist.RemoveEntry(item);
+    item.mIsCurrent = true;
+  }
+  mBlocklist.PutEntry(item);
+
+  return NS_OK;
+}
+
+// Data needed for writing blocklist items out to the revocations file
+struct BlocklistSaveInfo
+{
+  IssuerTable issuerTable;
+  BlocklistStringSet issuers;
+  nsCOMPtr<nsIOutputStream> outputStream;
+  bool success;
+};
+
+// Write a line for a given string in the output stream
+nsresult
+WriteLine(nsIOutputStream* outputStream, const nsACString& string)
+{
+  nsAutoCString line(string);
+  line.Append('\n');
+
+  const char* data = line.get();
+  uint32_t length = line.Length();
+  nsresult rv = NS_OK;
+  while (NS_SUCCEEDED(rv) && length) {
+    uint32_t bytesWritten = 0;
+    rv = outputStream->Write(data, length, &bytesWritten);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // if no data is written, something is wrong
+    if (!bytesWritten) {
+      return NS_ERROR_FAILURE;
+    }
+    length -= bytesWritten;
+    data += bytesWritten;
+  }
+  return rv;
+}
+
+// sort blocklist items into lists of serials for each issuer
+PLDHashOperator
+ProcessEntry(BlocklistItemKey* aHashKey, void* aUserArg)
+{
+  BlocklistSaveInfo* saveInfo = reinterpret_cast<BlocklistSaveInfo*>(aUserArg);
+  CertBlocklistItem item = aHashKey->GetKey();
+
+  if (!item.mIsCurrent) {
+    return PL_DHASH_NEXT;
+  }
+
+  nsAutoCString encIssuer;
+  nsAutoCString encSerial;
+
+  nsresult rv = item.ToBase64(encIssuer, encSerial);
+  if (NS_FAILED(rv)) {
+    saveInfo->success = false;
+    return PL_DHASH_STOP;
+  }
+
+  saveInfo->issuers.PutEntry(encIssuer);
+  BlocklistStringSet* issuerSet = saveInfo->issuerTable.Get(encIssuer);
+  if (!issuerSet) {
+    issuerSet = new BlocklistStringSet();
+    saveInfo->issuerTable.Put(encIssuer, issuerSet);
+  }
+  issuerSet->PutEntry(encSerial);
+  return PL_DHASH_NEXT;
+}
+
+// write serial data to the output stream
+PLDHashOperator
+WriteSerial(nsCStringHashKey* aHashKey, void* aUserArg)
+{
+  BlocklistSaveInfo* saveInfo = reinterpret_cast<BlocklistSaveInfo*>(aUserArg);
+
+  nsresult rv = WriteLine(saveInfo->outputStream,
+                          NS_LITERAL_CSTRING(" ") + aHashKey->GetKey());
+  if (NS_FAILED(rv)) {
+    saveInfo->success = false;
+    return PL_DHASH_STOP;
+  }
+  return PL_DHASH_NEXT;
+}
+
+// Write issuer data to the output stream
+PLDHashOperator
+WriteIssuer(nsCStringHashKey* aHashKey, void* aUserArg)
+{
+  BlocklistSaveInfo* saveInfo = reinterpret_cast<BlocklistSaveInfo*>(aUserArg);
+  nsAutoPtr<BlocklistStringSet> issuerSet;
+
+  saveInfo->issuerTable.RemoveAndForget(aHashKey->GetKey(), issuerSet);
+
+  nsresult rv = WriteLine(saveInfo->outputStream, aHashKey->GetKey());
+  if (NS_FAILED(rv)) {
+    return PL_DHASH_STOP;
+  }
+
+  issuerSet->EnumerateEntries(WriteSerial, saveInfo);
+  if (!saveInfo->success) {
+    saveInfo->success = false;
+    return PL_DHASH_STOP;
+  }
+  return PL_DHASH_NEXT;
+}
+
+// void saveEntries();
+// Store the blockist in a text file containing base64 encoded issuers and
+// serial numbers.
+//
+// Each item is stored on a separate line; each issuer is followed by its
+// revoked serial numbers, indented by one space.
+//
+// lines starting with a # character are ignored
+NS_IMETHODIMP
+CertBlocklist::SaveEntries()
+{
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+      ("CertBlocklist::SaveEntries - not initialized"));
+  mozilla::MutexAutoLock lock(mMutex);
+  if (!mModified) {
+    return NS_OK;
+  }
+
+  nsresult rv = EnsureBackingFileInitialized(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!mBackingFile) {
+    // We allow this to succeed with no profile directory for tests
+    PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
+           ("CertBlocklist::SaveEntries no file in profile to write to"));
+    return NS_OK;
+  }
+
+  BlocklistSaveInfo saveInfo;
+  saveInfo.success = true;
+  rv = NS_NewAtomicFileOutputStream(getter_AddRefs(saveInfo.outputStream),
+                                    mBackingFile, -1, -1, 0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  mBlocklist.EnumerateEntries(ProcessEntry, &saveInfo);
+  if (!saveInfo.success) {
+    PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
+           ("CertBlocklist::SaveEntries writing revocation data failed"));
+    return NS_ERROR_FAILURE;
+  }
+
+  rv = WriteLine(saveInfo.outputStream,
+                 NS_LITERAL_CSTRING("# Auto generated contents. Do not edit."));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  saveInfo.issuers.EnumerateEntries(WriteIssuer, &saveInfo);
+  if (!saveInfo.success) {
+    PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
+           ("CertBlocklist::SaveEntries writing revocation data failed"));
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsISafeOutputStream> safeStream =
+      do_QueryInterface(saveInfo.outputStream);
+  NS_ASSERTION(safeStream, "expected a safe output stream!");
+  if (!safeStream) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = safeStream->Finish();
+  if (NS_FAILED(rv)) {
+    PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
+           ("CertBlocklist::SaveEntries saving revocation data failed"));
+    return rv;
+  }
+  mModified = false;
+  return NS_OK;
+}
+
+// boolean isCertRevoked([const, array, size_is(issuerLength)] in octet issuer,
+//                       in unsigned long issuerLength,
+//                       [const, array, size_is(serialLength)] in octet serial,
+//                       in unsigned long serialLength);
+NS_IMETHODIMP CertBlocklist::IsCertRevoked(const uint8_t* aIssuer, uint32_t aIssuerLength,
+                                           const uint8_t* aSerial, uint32_t aSerialLength,
+                                           bool* _retval)
+{
+  mozilla::MutexAutoLock lock(mMutex);
+
+  nsresult rv = EnsureBackingFileInitialized(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mozilla::pkix::Input issuer;
+  mozilla::pkix::Input serial;
+  if (issuer.Init(aIssuer, aIssuerLength) != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  if (serial.Init(aSerial, aSerialLength) != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  CertBlocklistItem item(issuer, serial);
+  *_retval = mBlocklist.Contains(item);
+
+  return NS_OK;
+}
new file mode 100644
--- /dev/null
+++ b/security/manager/boot/src/CertBlocklist.h
@@ -0,0 +1,75 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CertBlocklist_h
+#define CertBlocklist_h
+
+#include "mozilla/Mutex.h"
+#include "nsClassHashtable.h"
+#include "nsCOMPtr.h"
+#include "nsICertBlocklist.h"
+#include "nsIOutputStream.h"
+#include "nsTHashtable.h"
+#include "nsIX509CertDB.h"
+#include "pkix/Input.h"
+
+#define NS_CERT_BLOCKLIST_CID \
+{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }
+
+enum CertBlocklistItemState {
+  CertNewFromBlocklist,
+  CertOldFromLocalCache
+};
+
+class CertBlocklistItem
+{
+public:
+  CertBlocklistItem(mozilla::pkix::Input aIssuer, mozilla::pkix::Input aSerial);
+  CertBlocklistItem(const CertBlocklistItem& aItem);
+  ~CertBlocklistItem();
+  nsresult ToBase64(nsACString& b64IssuerOut, nsACString& b64SerialOut);
+  bool operator==(const CertBlocklistItem& aItem) const;
+  uint32_t Hash() const;
+  bool mIsCurrent;
+
+private:
+  mozilla::pkix::Input mIssuer;
+  uint8_t* mIssuerData;
+  mozilla::pkix::Input mSerial;
+  uint8_t* mSerialData;
+};
+
+typedef nsGenericHashKey<CertBlocklistItem> BlocklistItemKey;
+typedef nsTHashtable<BlocklistItemKey> BlocklistTable;
+typedef nsTHashtable<nsCStringHashKey> BlocklistStringSet;
+typedef nsClassHashtable<nsCStringHashKey, BlocklistStringSet> IssuerTable;
+
+class CertBlocklist : public nsICertBlocklist
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTBLOCKLIST
+  CertBlocklist();
+  nsresult Init();
+
+private:
+  BlocklistTable mBlocklist;
+  nsresult AddRevokedCertInternal(const char* aIssuer,
+                                  const char* aSerial,
+                                  CertBlocklistItemState aItemState,
+                                  mozilla::MutexAutoLock& /*proofOfLock*/);
+  mozilla::Mutex mMutex;
+  bool mModified;
+  bool mBackingFileIsInitialized;
+  // call EnsureBackingFileInitialized before operations that read or
+  // modify CertBlocklist data
+  nsresult EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock);
+  nsCOMPtr<nsIFile> mBackingFile;
+
+protected:
+  virtual ~CertBlocklist();
+};
+
+#endif // CertBlocklist_h
--- a/security/manager/boot/src/moz.build
+++ b/security/manager/boot/src/moz.build
@@ -4,16 +4,17 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
 EXPORTS.mozilla += [
     'DataStorage.h',
 ]
 
 UNIFIED_SOURCES += [
+    'CertBlocklist.cpp',
     'DataStorage.cpp',
     'nsBOOTModule.cpp',
     'nsEntropyCollector.cpp',
     'nsSecureBrowserUIImpl.cpp',
     'nsSecurityHeaderParser.cpp',
     'nsSecurityWarningDialogs.cpp',
     'nsSiteSecurityService.cpp',
     'PublicKeyPinningService.cpp',
--- a/security/manager/boot/src/nsBOOTModule.cpp
+++ b/security/manager/boot/src/nsBOOTModule.cpp
@@ -1,43 +1,48 @@
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "mozilla/ModuleUtils.h"
 
+#include "CertBlocklist.h"
 #include "nsEntropyCollector.h"
 #include "nsSecureBrowserUIImpl.h"
 #include "nsSecurityWarningDialogs.h"
 #include "nsSiteSecurityService.h"
 
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsEntropyCollector)
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSecurityWarningDialogs, Init)
 NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
 
 NS_DEFINE_NAMED_CID(NS_ENTROPYCOLLECTOR_CID);
 NS_DEFINE_NAMED_CID(NS_SECURITYWARNINGDIALOGS_CID);
 NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
 NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
+NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
 
 static const mozilla::Module::CIDEntry kBOOTCIDs[] = {
   { &kNS_ENTROPYCOLLECTOR_CID, false, nullptr, nsEntropyCollectorConstructor },
   { &kNS_SECURITYWARNINGDIALOGS_CID, false, nullptr, nsSecurityWarningDialogsConstructor },
   { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
   { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
+  { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
   { nullptr }
 };
 
 static const mozilla::Module::ContractIDEntry kBOOTContracts[] = {
   { NS_ENTROPYCOLLECTOR_CONTRACTID, &kNS_ENTROPYCOLLECTOR_CID },
   { NS_SECURITYWARNINGDIALOGS_CONTRACTID, &kNS_SECURITYWARNINGDIALOGS_CID },
   { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
   { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
+  { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
   { nullptr }
 };
 
 static const mozilla::Module kBootModule = {
   mozilla::Module::kVersion,
   kBOOTCIDs,
   kBOOTContracts
 };
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -4,21 +4,24 @@
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "nsNSSComponent.h"
 
 #include "ExtendedValidation.h"
 #include "NSSCertDBTrustDomain.h"
 #include "mozilla/Telemetry.h"
+#include "nsAppDirectoryServiceDefs.h"
 #include "nsCertVerificationThread.h"
 #include "nsAppDirectoryServiceDefs.h"
 #include "nsComponentManagerUtils.h"
 #include "nsDirectoryServiceDefs.h"
 #include "nsICertOverrideService.h"
+#include "NSSCertDBTrustDomain.h"
+#include "nsThreadUtils.h"
 #include "mozilla/Preferences.h"
 #include "nsThreadUtils.h"
 #include "mozilla/PublicSSL.h"
 #include "mozilla/StaticPtr.h"
 
 #ifndef MOZ_NO_SMART_CARDS
 #include "nsSmartCardMonitor.h"
 #endif
@@ -1073,16 +1076,22 @@ nsNSSComponent::InitializeNSS()
                        Preferences::GetBool("security.ssl.enable_alpn",
                                             ALPN_ENABLED_DEFAULT));
 
   if (NS_FAILED(InitializeCipherSuite())) {
     PR_LOG(gPIPNSSLog, PR_LOG_ERROR, ("Unable to initialize cipher suite settings\n"));
     return NS_ERROR_FAILURE;
   }
 
+  // ensure the CertBlocklist is initialised
+  nsCOMPtr<nsICertBlocklist> certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID);
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+
   // dynamic options from prefs
   setValidationOptions(true, lock);
 
   mHttpForNSS.initTable();
 
 #ifndef MOZ_NO_SMART_CARDS
   LaunchSmartCardThreads();
 #endif
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -0,0 +1,271 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This test checks a number of things:
+// * it ensures that data loaded from revocations.txt on startup is present
+// * it ensures that certItems in blocklist.xml are persisted correctly
+// * it ensures that items in the CertBlocklist are seen as revoked by the
+//   cert verifier
+// * it does a sanity check to ensure other cert verifier behavior is
+//   unmodified
+
+let { XPCOMUtils } = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {});
+
+// First, we need to setup appInfo for the blocklist service to work
+let id = "xpcshell@tests.mozilla.org";
+let appName = "XPCShell";
+let version = "1";
+let platformVersion = "1.9.2";
+let appInfo = {
+  // nsIXULAppInfo
+  vendor: "Mozilla",
+  name: appName,
+  ID: id,
+  version: version,
+  appBuildID: "2007010101",
+  platformVersion: platformVersion ? platformVersion : "1.0",
+  platformBuildID: "2007010101",
+
+  // nsIXULRuntime
+  inSafeMode: false,
+  logConsoleErrors: true,
+  OS: "XPCShell",
+  XPCOMABI: "noarch-spidermonkey",
+  invalidateCachesOnRestart: function invalidateCachesOnRestart() {
+    // Do nothing
+  },
+
+  // nsICrashReporter
+  annotations: {},
+
+  annotateCrashReport: function(key, data) {
+    this.annotations[key] = data;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIXULAppInfo,
+                                         Ci.nsIXULRuntime,
+                                         Ci.nsICrashReporter,
+                                         Ci.nsISupports])
+};
+
+let XULAppInfoFactory = {
+  createInstance: function (outer, iid) {
+    appInfo.QueryInterface(iid);
+    if (outer != null) {
+      throw Cr.NS_ERROR_NO_AGGREGATION;
+    }
+    return appInfo.QueryInterface(iid);
+  }
+};
+
+let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+const XULAPPINFO_CONTRACTID = "@mozilla.org/xre/app-info;1";
+const XULAPPINFO_CID = Components.ID("{c763b610-9d49-455a-bbd2-ede71682a1ac}");
+registrar.registerFactory(XULAPPINFO_CID, "XULAppInfo",
+                          XULAPPINFO_CONTRACTID, XULAppInfoFactory);
+
+// we need to ensure we setup revocation data before certDB, or we'll start with
+// no revocation.txt in the profile
+let profile = do_get_profile();
+let revocations = profile.clone();
+revocations.append("revocations.txt");
+if (!revocations.exists()) {
+  let existing = do_get_file("test_onecrl/sample_revocations.txt", false);
+  existing.copyTo(profile,"revocations.txt");
+}
+
+let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+// set up a test server to serve the blocklist.xml
+let testserver = new HttpServer();
+
+let blocklist_contents =
+    "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+    "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">" +
+    // test with some bad data ...
+    "<certItems><certItem issuerName='Some nonsense in issuer'>" +
+    "<serialNumber>AkHVNA==</serialNumber>" +
+    "</certItem><certItem issuerName='MA0xCzAJBgNVBAMMAmNh'>" +
+    "<serialNumber>some nonsense in serial</serialNumber>" +
+    "</certItem><certItem issuerName='some nonsense in both issuer'>" +
+    "<serialNumber>and serial</serialNumber></certItem>" +
+    // some mixed
+    // In this case, the issuer name and the valid serialNumber correspond
+    // to test-int.der in tlsserver/
+    "<certItem issuerName='MBIxEDAOBgNVBAMTB1Rlc3QgQ0E='>" +
+    "<serialNumber>oops! more nonsense.</serialNumber>" +
+    "<serialNumber>X1o=</serialNumber></certItem>" +
+    // ... and some good
+    // This item corresponds to an entry in sample_revocations.txt where:
+    // isser name is "another imaginary issuer" base-64 encoded, and
+    // serialNumbers are:
+    // "serial2." base-64 encoded, and
+    // "another serial." base-64 encoded
+    // We need this to ensure that existing items are retained if they're
+    // also in the blocklist
+    "<certItem issuerName='YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy'>" +
+    "<serialNumber>c2VyaWFsMi4=</serialNumber>" +
+    "<serialNumber>YW5vdGhlciBzZXJpYWwu</serialNumber>" +
+    "</certItem></certItems></blocklist>";
+testserver.registerPathHandler("/push_blocked_cert/",
+  function serveResponse(request, response) {
+    response.write(blocklist_contents);
+  });
+
+// start the test server
+testserver.start(-1);
+let port = testserver.identity.primaryPort;
+
+// Setup the addonManager
+let addonManager = Cc["@mozilla.org/addons/integration;1"]
+                     .getService(Ci.nsIObserver)
+                     .QueryInterface(Ci.nsITimerCallback);
+addonManager.observe(null, "addons-startup", null);
+
+let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                  .createInstance(Ci.nsIScriptableUnicodeConverter);
+converter.charset = "UTF-8";
+
+function verify_cert(file, expectedError) {
+  let cert_der = readFile(do_get_file(file));
+  let ee = certDB.constructX509(cert_der, cert_der.length);
+  equal(expectedError, certDB.verifyCertNow(ee, certificateUsageSSLServer,
+                                            NO_FLAGS, {}, {}));
+}
+
+function load_cert(cert, trust) {
+  let file = "tlsserver/" + cert + ".der";
+  addCertFromFile(certDB, file, trust);
+}
+
+function test_is_revoked(certList, issuerString, serialString) {
+  let issuer = converter.convertToByteArray(issuerString, {});
+  let serial = converter.convertToByteArray(serialString, {});
+  return certList.isCertRevoked(issuer,
+                                issuerString.length,
+                                serial,
+                                serialString.length);
+}
+
+function run_test() {
+  // import the certificates we need
+  load_cert("test-ca", "CTu,CTu,CTu");
+  load_cert("test-int", ",,");
+
+  let certList = Cc["@mozilla.org/security/certblocklist;1"]
+                   .getService(Ci.nsICertBlocklist);
+
+  // check some existing items in revocations.txt are blocked. Since the
+  // CertBlocklistItems don't know about the data they contain, we can use
+  // arbitrary data (not necessarily DER) to test if items are revoked or not.
+  // This test corresponds to:
+  // issuer: c29tZSBpbWFnaW5hcnkgaXNzdWVy
+  // serial: c2VyaWFsLg==
+  ok(test_is_revoked(certList, "some imaginary issuer", "serial."),
+     "issuer / serial pair should be blocked");
+
+  // This test corresponds to:
+  // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+  // serial: c2VyaWFsLg==
+  ok(test_is_revoked(certList, "another imaginary issuer", "serial."),
+     "issuer / serial pair should be blocked");
+
+  // And this test corresponds to:
+  // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+  // serial: c2VyaWFsMi4=
+  // (we test this issuer twice to ensure we can read multiple serials)
+  ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+     "issuer / serial pair should be blocked");
+
+  // Soon we'll load a blocklist which revokes test-int.der, which issued
+  // test-int-ee.der.
+  // Check the cert validates before we load the blocklist
+  let file = "tlsserver/test-int-ee.der";
+  verify_cert(file, Cr.NS_OK);
+
+  // blocklist load is async so we must use add_test from here
+  add_test(function() {
+    let certblockObserver = {
+      observe: function(aSubject, aTopic, aData) {
+        Services.obs.removeObserver(this, "blocklist-updated");
+        run_next_test();
+      }
+    }
+
+    Services.obs.addObserver(certblockObserver, "blocklist-updated", false);
+    Services.prefs.setCharPref("extensions.blocklist.url", "http://localhost:" +
+                               port + "/push_blocked_cert/");
+    let blocklist = Cc["@mozilla.org/extensions/blocklist;1"]
+                      .getService(Ci.nsITimerCallback);
+    blocklist.notify(null);
+  });
+
+  add_test(function() {
+    // The blocklist will be loaded now. Let's check the data is sane.
+    // In particular, we should still have the revoked issuer / serial pair
+    // that was in both revocations.txt and the blocklist.xml
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+      "issuer / serial pair should be blocked");
+
+    // Check that both serials in the certItem with multiple serials were read
+    // properly
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+       "issuer / serial pair should be blocked");
+    ok(test_is_revoked(certList, "another imaginary issuer", "another serial."),
+       "issuer / serial pair should be blocked");
+
+    // Check the blocklist entry has been persisted properly to the backing
+    // file
+    let profile = do_get_profile();
+    let revocations = profile.clone();
+    revocations.append("revocations.txt");
+    ok(revocations.exists(), "the revocations file should exist");
+    let inputStream = Cc["@mozilla.org/network/file-input-stream;1"]
+                        .createInstance(Ci.nsIFileInputStream);
+    inputStream.init(revocations,-1, -1, 0);
+    inputStream.QueryInterface(Ci.nsILineInputStream);
+    let contents = "";
+    let hasmore = false;
+    do {
+      var line = {};
+      hasmore = inputStream.readLine(line);
+      contents = contents + (contents.length == 0 ? "" : "\n") + line.value;
+    } while (hasmore);
+    let expected = "# Auto generated contents. Do not edit.\n" +
+                  "MBIxEDAOBgNVBAMTB1Rlc3QgQ0E=\n" +
+                  " X1o=\n" +
+                  "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
+                  " YW5vdGhlciBzZXJpYWwu\n" +
+                  " c2VyaWFsMi4=";
+    equal(contents, expected, "revocations.txt should be as expected");
+
+    // Check the blocklisted intermediate now causes a failure
+    let file = "tlsserver/test-int-ee.der";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+
+    // Check a non-blocklisted chain still validates OK
+    file = "tlsserver/default-ee.der";
+    verify_cert(file, Cr.NS_OK);
+
+    // Check a bad cert is still bad (unknown issuer)
+    file = "tlsserver/unknown-issuer.der";
+    verify_cert(file, SEC_ERROR_UNKNOWN_ISSUER);
+
+    // check that save with no further update is a no-op
+    let lastModified = revocations.lastModifiedTime;
+    // add an already existing entry
+    certList.addRevokedCert("YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy","c2VyaWFsMi4=");
+    certList.saveEntries();
+    let newModified = revocations.lastModifiedTime;
+    equal(lastModified, newModified,
+          "saveEntries with no modifications should not update the backing file");
+
+    run_next_test();
+  });
+
+  // we need to start the async portions of the test
+  run_next_test();
+}
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
@@ -0,0 +1,27 @@
+# a sample revocations.txt for tests
+# Lines starting with '#' are ignored - as are empty lines like this:
+
+# otherwise:
+# non-empty lines are treated as base-64 encoded DER issuer data
+# ...unless the line starts with a ' ' (space) character, in which case it's
+# assumed to be base-64 encoded DER serial data.
+
+# First a serial with no issuer to ensure this doesn't cause parsing to fail
+# (there should be an issuer first, but we need to test this won't fail)
+ dGVzdA==
+# next, let's ensure data that isn't valid base64 doesn't cause breakage.
+ this serial isn't valid base64 (but then there's no issuer anyway)
+Neither is this issuer, though the serial is fine
+ dGVzdA==
+dGVzdA==
+ in this case, issuer is fine but not the serial
+# Next two entries; we can add valid base-64 encoded data for some basic tests:
+# issuer is "some imaginary issuer" base-64 encoded
+# and serial "serial." base-64 encoded
+c29tZSBpbWFnaW5hcnkgaXNzdWVy
+ c2VyaWFsLg==
+# issuer is "another imaginary issuer" base-64 encoded
+# serials are "serial." and "serial2." base-64 encoded
+YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+ c2VyaWFsLg==
+ c2VyaWFsMi4=
index 0c46e9e0ec62ed7add81e3463f3fb1911a856e6a..904cb849b801ebbde2ae0da2b7f364ee575bc0d2
GIT binary patch
literal 294912
zc%1CL2V4`&7x$eIx*#f5ibQ&MLq`!oKzax1LLi}c0wG;c5W8aUy<q`+K`bctjwqI^
zSg>R7_01-WAP~#_KVF{C`<$<4_atY|?Ck8!ZzoH3CnU%>l}05dW#?s*X+$gBXdE7o
zb0!jTINU}4O9t1D1pg)8;XNMrYcAr<?@7t?KI0@=(m1vv?>OrmYXZxg{{{d600000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000000000000000000_`e!wNl8^zZG2>E7KK`rm`+Zm
zWaZ}v79?b(CQ7*mySs$C6TST1+#`qrA2Gn6_}x!5B9jnHV<!ng4q<{EGRO(kjPEHV
zf5<`L>zsp?v75N0s)jZ`RuG?GkdQ`Aq<v2z@k0)nw`(a##x4X&)&6b!k(!@hK+XG}
zMEr+LgwD=+*prOMS>dHrwYBk6Y-r?!4C;69cS8)zC)8!QuY1R6e#Ha^d-=HpM-qM9
zBZ*=DUO{2*=oVZ9{73kDxrP#5h6e<Pni0te|3%`zEcq`h)E0bzenLV&vPa+Aqi^j6
zZ_y<7*66|pUD%=vJ9J@>E*#JW8C@js7Y>4~5aCjgBVs973b$h|SlS4dwt}UdU}-N{
zItZ3z!7@RxOcWGMSUh3*1h%En7UXOx$k|emv!x(sOF_<-f}AY{Ia>*$tOQY3f+#CN
zl$9XLR^YW2cx?q<TY=YB=oRE?E6CGMkkVeb6x5(#Pc0FljmBCEN^6bqu@n>;GX-@m
zNNpuZZ6!!;jR;c<6AC}E5-hC+OB=xw-L|!0tJZ?8S__VgjUd)W5Nm@7KS5&?sWw*D
zRyL$|)3V*{kifd#v}reO+fBQ6)Bd|@+a6}y9%kDfX4@WS+ZJZqUL4!@;@Gwq$F{vV
zw(Z5SZ7+^(dvR>ri^De^+D&r1nb2+~wwsi8liF@3eK!RSL1-ql7bgKN4#kFyP!a?+
zZjT6PuU}gSW0IJps=GEGCzOxej8qymj$A;?7QB!9-bv#~-%SEv_QWOl3q0==DuFV>
z6#xJL000000000000000000000000000000000000000000000000000000000000
z000000000000000000000000000000000000000000000000000002|zlOB0EPq+R
zx{G7$vensr+0wlCyl1?7ynlEXc_(>wyxqKN-WuLw-YniE-WVQ}m&;4x#qmb+{CIA>
zAv{Z-F^|Yo<@M%Ca6fZjaUXHda*uFpxwp7Y+-=<T+~wSP+-cl#TrRhOo54-wMsb6<
zp4?$vTdp}*kE_A$$CcsYIPW-5IW3&)oCeMb&Oy#DP8DZ0XAx&6XCkMB!{Fp_k~yO|
zVH{tMD`zl=#4+M%b5uC;9C7w1_Dl9db~F1j`wY9Dy_da}UCCa?p39!fE@N}pG<G^W
zfgQ;XWP7lk*fwl4);HE$Rx5v30RR9100000000000000000000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z00000004mh$B`z8<8>-{;dIOxS%?{71p*_l|415Y^owq&$j6N7d6+RRS72B?Cg-4r
z+M#Eb*_c7f!VDx+VC*^{mw_3h(lH}8O<-(!ot%mpNhz2?O%@m%wnimkMkEz8A}9i5
z#TS`G%#cpN3@Ng}SoAI?9y6ljFe7S|z?ieQG!`?)#$d*nXn`^9+><EGcpQltk0J!d
zg!(h#m~na}W}FHW7-MILg<?i%2xf!?3k+^fOb}*72VzE4fWV-COYp}GvL9x|`wEO)
z$3h>>DDcJ%nwP*xjk@oN8TULeqh*A^NW{H!$BegbnDNF{U_@2d49AQ;E|{^~SzrV{
z;tazKwi9Nsh6)Vt6*C+$qhbhVOdl*TTyJf6z>ID7n6cGPU^pI_X^R;%Y%rt3T430G
zxNU_Qw=6NEnItgGgPtIm@puqsJhBiN29!o~%(!TV84acaLwi)M31;jy#*7*xfuTk|
zYbY=j*4OD_#z9@oIG}^2Ib(nsr}YJfOm)7tz#uqn7=Rh;wJ@Vn6E##nkL74!23s97
zSp5aY>#RC8%s8lu83$AZ##7Q5Wy~m1!i-`?fpKs8?0%Rrt1o8E>?1Im6YLZ)!?rhO
z*vJcvCVN>q%#i7Y8Pc)><6O#18O(SgjTz6S1jexj6-mrcmcR@pae;9#>mmU&8pNas
z;xc^Wf-GMj3JR@pywALPUJ1{KC(S+2ozD&6s&Q^{N;p0o4kwNi#R=mCvaYe_vcg#X
znAeyqnTCw#jNObZh8+V}G_EMHs6YJ-eGWaIZd~}Xu%>WFA+M0hyTd!dOXUS}pK&j7
zcX5|+ZMj;UZ=8D^3cHD&$_`|GU^O#8Fq@fm%yrD(j5mzSjD3tSh9hGDL!v0FD6Gh?
zXaIdXeIcDor_w#>7W6)a?+O<cjxD@Wc!0N>H;!k<lV_9I{aAZhi&zX+6w8*S%B6Ed
z8M7Jr^tbee!tg?C_C|IIXB%f6X8`*}(UGD_%oL_sPpdHi00000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000RMkRhv11vG)d}+nj|4ioS@h@l$uW?dS%h5d6`s7Dw#&5
z|2j#bI01(*Ko>MMf;ArLN9u$07ABSwBzASl7v;!9!*bC@PM0JjNkms_9xYpxBMS}7
z6qR#^C`URPmL|%ZD$0?9h9!&gCW&%T(J+cAZ=xti0vbmCb=}ARI!PRw)hJOLiWTLE
zLBpa&d80%*BGIr22SOnpu_BR>K|-&Qz#Br%NHWh)P0pfHi0)Ywb7~eXmBt{_Q)wyu
zNFpt-fExa<BS)ee4ii<ZP*IK$G%Q$@H%OEt5Dg3Xb>;j2I*A{em9MA``G|6OqhVg6
zyq=;Q9%$HzAp|BKu_0L@B%#-&V+DI<ktx*N0)Ekm?ml5eL125OyZ;ZdZs^8cMHOwh
zD2EFg<}AuPOq9b34I4Uu;EYGqNGgbu&?_H6OQGfwX~Hy)KX(s7vl#sIG!8#^+oM_7
z{XC8B&)qg?7S^J6(@K=X^5?lCKX(rjm94obhnWc>0*~mCbP%G@(cir&CpC}XD!R0J
zliyEjENXLxW`r0#VnEVEbc7C#F0n*fHjzTjpwg&%f09@it#2K4K|&W6=)x3T7>O#2
z0qWI97usDm)UkVX>JJ0{B(WBny{4!VXozyCqhb9;dDTQYRM9Y%U#pk$uahXDSt*Lz
zP(M+QzGzq<QC<a6j^1dP{LkCA+|S*;&@5y{Z9qnpLmCZ}`gzupKX*%@S%{0;06~;P
zj6lH2$nwW?1%)RFylcEFUNLV3Pm9~i-N>bLow<^n37i+4yPV7HJ!}?xFzX|0Gb@W_
z%Dl~7&x~QpGIlU146UN8MGK4Kip=Tn=-cR1=+Si9!V|n^`V5{9ZyT?S`?AQA9?xad
zKXcug)rDs{aok=!pCU@pGWKZh7S=cRF!o!{RE`M?DZ0tZr|)L(XXvnY&=r{XnPjE{
zBb8CZ`@n19t>H0vPCR993wISan`_Vc$~nw=%X!GT&N<88!p>(~vR<;*v65K2%&W{5
z%uuEnV-q8Wp<HyKXl7A(kv{zyeFMFW9zyq_ixqzC>CrO)00000000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000Kk6@Itebl>kQHE#MJ!!0xE@=z#yh}m|wV1iqH?g3Kvy?
zt!Zd{ewS&=gF{@1Bm}W1`cN6fkW?mBIKi?THG`VW&xJw^rsn5lXHlqmd00ld*g6Nz
zFk7GCk4LmgT8M@)LnVHJyuKG`B#G!s&7);uA(?1MMwj_|u~g|;sx&lJstq9vj|?K2
zBc{SsdRh5sqEJQ-mFSw6N=r>7XAr~DsqU#oG=Aa3^2y266fBEmG>ar7LMR^5ArX-Q
z!YoufWZ|Dp`<@LIi=v=WiFyQIJTic!iKq*s6ua4Q0v16=BjN`U67YyI$q>;OMhxgM
z-~0D!MW?KG7fe|lhXs#9gJTf_1&^4Jj1U81u=a2=1&zu_gSt5kF<5jo8XeW8mby;h
zU69WYC+Bx4KqQt$1e!&-1ECO)SdmD`AYm3pf-E{tx!pe7Hj$22xT_11mRCR>iDeUp
zW)tcrUM!18hLVOL4#Ipav7!``Gg2wt?FlhFFFPx_<KYXzatuau3>qO`+#8P!BMn7{
z2y?XlWsd1sM#RLtj1Yd|Q?rr-u{;CNJpKPgDM#dGXZ}#5eprsaXpTNE;>F^4WH8Ad
zu@&Yx=$ASAXLsCbZ!9}6G&@gY!bm)#OB#r13v*Kw)g3*sun}mOdzXIQ@%VLUj_y8T
zoo7&Y!!mM3GaBBdL3L`&!s_jmg$tI2Gn&P)?%SlFn+<wI$h3kys(IVI_U&0XVOb1C
zvvBOPJASG8nPggGig{QTzv<=kYvOwzoysx<%V;o~k%J{61&^4KOb{bsMgxBtZ;!>>
zq4Bm>gfu*2PBKM|h4DIF3(`3Q8!Q8BGy^LVAqkI|l8g~UVFtwS8Hm`vB^FLX!x39T
z4jw^B7KoWJT)$IlVTUaEUKYW*Aa78YVs{(HKP1Hbwqs&uO~}9_79=yoL>QynZ44DF
zwQxhmUC&1y_o`#BF+lf6@0S}%LVH_5R(e)8Jqz22E><Ht{F5MNTA-PkV{c5+HzwE{
zBlL|S_C_CDYoi|yFeAj^5d)GQq9fe4M#nzVsT^8Zq$V1v(WO(i9mLLI>R4ERG)%3_
z`A5VdSH+@K&?x0DO}5+P(6MTjuy{o@zMl@k6OU+;)DbmdeBUmIqA!-d51L*<gD@D6
zD3cVCzQXjf0kjmpNTKJv-dI9;G@+b1VH6%QB<Ul%!i1Va{pOzy0#mcv_epq;>4k;L
zqM<TGf*T%DC#fMS!cc`y`y`E}mO@iY4j?$=5jBzuq9jZ$FDwxajd696z|xANX$f5h
z6QROXVv>Y@GU)dCji!L{8pn!am9tMXJ~Pv~pSW|mp)5<z0Cp5xi#>~Vo41B*#c}7}
z;5_0S;$*RUG1oJ1@l<)Eco%r3%t5Rz-2Lnqyr;b3TrOu3SAjW=_knkhcY}9=SI1kz
zo5SPq3V0)V{=C6FOP&Hxiu;QDn0twPhP#tn#hu12<gVdnag(^dTsN*MSC=cr`Np};
zxyq^GY~{@2Oy(qUMsbF6Y&a^M-t33$TkLvvEqgM%lpW0WW-GJhSyx#XSe2~htkJ9@
zRxrz(Wx~>75tyHtSD5FSE0_zI<;>B{L}oNIglWjsW~%ac6#xJL000000000000000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000005v1*aXpZb%H&fO7%h~5vL4ibesXZ5KB^kt!dag
zUzgyG&&wy9lMuw-Je|tOPi0cws2S8`eh>wnzn+?xho#NM);ZWZTZv%SVRIu%=nUFf
zm@^YwXUG!N@Pz_bI`&Z-wocV2_~WzkQCBD<hw7S_N=r>7XN0HHQrwGZK2%0nJ~^41
zf~8Kz)=B*dwjHAUvuSOCR4fGrTPLazkZ$r%z}#eP9j{8T#HVJFDb(Bo{!a6^8^W&x
zclS8VKMGsNY7w0931o^-x0MuwrHaPZQD`v}$>s(5REjw{-<<k=>hDM_MFh4E*Cq_d
z=eN(yZtm`Gj?Q>)p6Fsu%PXLc#L|Uf>riwG`qZpKaz-kpQy~QNlXs}Q5G*7ZTL+;t
z!gn9q7UG(hfqsyhl^lo#1z>A`(c2x7mz~+MwfSKozS!EwkPs{))IYmJdA+gpUf9}G
zkzj(S{21VY`9@%CcTIw$p!%@dYd@0iK4ETHB3EoZ9BmTqDfsQZ0Nt(&=61%`!_Z0A
zGbuJ`mSkE%9@U&GoXFk@OE45$JEAkUXQt+7l4*%4<^@^&<CV`ZX<PCkShB&`+CiCM
zf$x&a9`o8^Yg@FCT{E@8+}7CI3hjR1lVN#TVonmaM$j7ko<%C!Rr3a6J_~GZ-iM&~
z!`_-<4pVGx(wAU>$2K6$!Wi=yVQWKdt%s&8$V$)3re_IL>S7+9-UMP>9$x;T2H3~?
z*jgJ~4?vT(A5AUnV@+(WAxF^szR&8|hyAg&S}%fn+a^@8&s4CrGAfPPiTOG1?x?<W
zY^+LH5=Cs?56y-~&8P8;*%$k)54Ki74-J}404;@@=blAz7j)^~m|GrO%c0efjV2L@
zW1hQvFU%v0t!2>iWMuQ@C?z|e=EBdYh@6>|L3Pc}l*W=sVQWdWJc7(zT_mv2#IZF2
zRadmEt}bGdgnlyU7Wn6b0{SEz?*wlKFNUYjeahX*9nJOP_TyaRWO7z=wAlC9RqP_R
z3tN`ez*@+nvMiYIm<O2SnZZmA#$ConMj>MuL%QgE(fp#sA~X7R`Xu^C`YpB*TY(+N
z9>JK&V9_h-(|HegXPIJ*hfD`1k@JDm%v{5q!pvcYa}lm;QE^cUXCf!B=vmPvPF<0A
z5sBx@Goc^ih_fFv3>fl^lZ-9w)9h_5UzQbjF}IYP%=Kr_W^;-ZIYT%)j97*nZ!>Q$
z>jkTcC&zuo+QV8_w5w<dOPTqZHHMYOS;q<GHgfm!m^?D`2D84W&%OWv0000000000
z00000000000000000000000000000000000000000000000000000000000000000
z0000000000000000000000000000000KlIjPQc;m=v>k|N*ftY_L*N-KTvM%Q<iw~
z(B+An3q?5!PzOC)ws2CZ^ogmPBHoJy7M8TQJ-9|g^UFuQ(i;|^4T-!ppkR!|%6;eE
z#|6ByD$5h)$VDB?K9xxGBF}p!>V_Uss_EMhqPIvn2hA@V^~T#6KiNE^tl`Gh#B{e4
z4<(8Tnu%GW9GPfX2I>v7sm}BBtN%c-tNn-CoWbLsr1+$Za-^YQsi?Pc*NLOo)U&o)
zFE)CZ6nr$`_3+@Z6j6?3G%N}AMxQva`MTt`fOAJ)7>rPPy3@tQ=KxidgMx-7qF&}@
zo!JUikB0bIr$q;E{`7WR(=4+DQ4TU17LR&&OUgA*`#5P&X!72#=L0gP9`a|bixcG-
zg@(nV-hoLsRC%+DTUs6EYyI!;6MMg4$hH_!j%YM23ia}WSfLN>x1>bPbjmEGY`BIK
zzmyg!$`OHvg`-|eTBx<d`B(UDV+>Qae(E3XxZb3Aq$o!i8WxIrhq}-HWI1)nD}~Ap
zT3f@)*3FK6`aDFGBNz<}LcQ*zw@*I)*_iIVG*xEkT)gBAhy9^}q8tHem_O=uy?k%B
z*Q058Y0lk!u@+5@srKa!exe+{XqXS`{dO-!d~L;)&-KjxwKF6=@v}YYhrC5OywEUD
z)O-EVp7_&-Av53Ke$LE(6D=vbuWz`AD8~pi%pLVk+g`yQq9Lj8yIbx+wXdIq-Na}o
zH&G5(G;Fva(<iTsZZ5uXDw3i_+vJdKba4+S%SDvK84VN6Eq}UbpP$SH=f$<dqH>gm
z%rsiwOWMv!lw&9w=7@R^__(~cpBjB`XP|9e>}&Jrxap>bLqs_SqhSuHS8dop)A{So
z&PYBxJonql8cQp6e`9-54m&i=7WERReYWTor`?3t`toenc&+)~<4qfFL^-U{Fe`!5
z816x4j+yFzU8X_8G6okt+^vdXDat`Y!w}RvHc<Q6s@Q-59^;79#c$-TBhGYQHb|7i
z0u3`qy^J`I2NlolZyvLHcdoCC@~zzaqbX*h9HwZP3F@sJ*?7U~srh-mKB}#}(5BwC
z59{9=i*gvDj{7MS*PdKP8#unKy2SF4Y<=?HiW&nnKRtoq-BX>jdBygB#^zL#*Y`H+
zWu^7<o~|f|4jN`CDpP&b5ts4IV|R4M-Q%0LxHfMJy5xFTah^6BHbBsEM)x}r`LR!!
zP5OnE7k8YO_CkEuYKd}aqG1}SH|TM?Mcrd<yRq~g&Ff?DH<jM9o1res(H{*{L%oZ?
zITf4Dy}werMenqMnuqEu;~lZ8q8ut{m@?{J(6465$>aig3fqRYx#HUOOY&zXD2Z|?
zqGA0|?}N&^6^2$JKIAPQa3xV=_l|KqXwp}dqYoOUfO_k8wg%9o0wtJ?6R|m|73=-Z
zUw_+MltUg3lS92^ttKbdY135}x4b>C487y+>9NJSmnerU8YY8!KULb2XP(TP$KCz)
z^`Rq688yAjMo5ctNTFepsJHe_l#^WCEZ?H(eV;DPm2h$kiJK)M${~)15l}C}up?SN
zs8uO>V)k{3kB4@Icf6XID#2Q&JBPgII-Iwd3XXf4?aInvI?!hq?k*_H)6VtDQOnqz
zemQMra!t~G>b8XY35xN}v72KWqL)T&48JmRb;yR`rl3{+Y`>YlWRF5OJJ$do3+HU_
zC@;gI){g!|H0-7AtZng@mq?$H<K{cf?wD2^O)}hKz|)P;;STf}prB==DW-N!O-kjW
z;>v#K`Yw`xFOTnaMy8Lnqm+!e7Qu^OD4>TZL44`rO1*pc>+DeKXN~L4|A)i%=6m~<
z$l*FA>CN}`{vWoiM*kMiUy0#yt8h{12mDocCw@F1)W`ond(7J4mfOn96~0s~eHb<H
z(l9-#{bRhEN2#tMold=J5uhC1U;OT(a{Z+KV%wyq-Z^0Xw(()X;Mdls86~@`-E8#^
znwgH6HbY(U`25rn8|%`pUn>ss-CFY`XxR1rlV2<;+`eW1(-E?BtS>WfZOz(f-BSHY
zKbDSMEXz3Lz5dv0`?Ck}IQ~C;aga~p_bRhi`m??Mvl>(4BZ#s#Lu)M8vG7cYYlxsa
zkba~-NN-63fAFR#6-v#g5nWxx#NsmXXo`+6oO^GM7H^jNUEYq09kmC@y=&4^hWOP;
zYm`Xs#=jZ0XOP_lMtW(gcM-Zz!MJgQaY{ezRI#}A|KYv*5&m8k@K^kUoSIcg&Pb)W
zQ8TE?WEzzclA4@F&GXN8FQWNS8DaV4WGYgEZ{WWimlDMAV(9K7@{%$pWu9g4<nj1k
z61eVa1sR|!PqHQ<mIz{NNwTqzQkA#v_!b#VvPW!%F@pp#Uc!P9zn6p<OwG^9&Z1EB
zi2m6`YKQU^FX>nUyabL=JQ;@+j~6R0#%-xSW9ZzsIp<yc=lg0aqrG&-jlOw9W0`CU
zdqL(Et@tut>zoTp<E}|XobM;@zGJzH`&5>fR<C{|ZdH}7e7tHLT_sCm?oNG^A=VN0
zC0kX47M@xy6SmU#V0=J)wCj^9Da&~Zq(_1C>ZXilO}>3@z5AXg-^#q!9FaS+!X~Zv
zsnCHMVg!D3UBRypM2^3AT8eo5H*qlp*Qv?~{F34y%RVQ}m(nv(JhvyrtnaaP6mBKw
zoZ0xLCZV#QHLCR2P8y-8e<b4iT;~Ciwx0&O)pNNwa&ykIagTONa_+o~MFu4{?S8qX
zmM~F4)+=P?88N>F_75i6H(Leom_gI7{;)91Tz!>{ja_~J%x{e8&-&FQ$ri017`(Ac
zb#v`pCxdZlI}p{N|Chtl-8TY!3F6gLl9%g9!*!CpZj0D1c|F~R+9c1jha@jG>i(}J
zFQcpE&B~X1@a;xFm$zKQ!?O!co<6hJ@?)Hr!Md?T=S!-FdRFPo;OV79JOs_a1UJsM
zljM#3%Zis8bq^;{Jj#z!$5*!V{MX<%b<6m3b+h|X-Rz<eUD7~ATNtAzi0P)={8Yx)
z<XPQhy@|u`p`WpcB=7TF|0$xM9lk$rTc2$<Z*7vIPG$#GwoWqar)b$25j<m<)vBt;
z$<NYiqhl&=eVH~-&hdp>P43Q?FQb<G?AdP|Q5Tx4_C==QnrT-2i^;`WD-RAP>k|DJ
zj7s?$x8l8=|BPh`C9DfeTr_VF+`~|}-mX$URVZWnh;AntQ$*kCi_0OhlG3J<cnJw9
zf=oBsCc9yM?v1TGU0x`t?n^ycNRIbTupIAjEyie?LQqhQHtS?-L&XCpH);1hMqgS=
zzS>tM=}sFHCmT6j{el?t&b7$;>+UB%eQ}$6fHU?(S;X|gn}U|z_+)VF$&=V<6U+JK
z>+x~(Rc9rASai*zbynrMR~t39R1MEk=GJ|BBKvXL2!#pg5f{~Rf9v3McYT5{Vk3G=
z#8RVLaGgY~+ak7$SWmYgOvGsJ?IOnfFGVa7_pV*UY)DoJNqERjLZ}%@=J{yfr|{2e
zWC}I6fPd_X?ml5eL2Gc&qL@>&XsI*?zqO=y)j5^WW{2gRuuXLnhF_OFwtwyEYNElC
ze-1I7@5a#wr@elBbJ}X<aXM~-mg0z;AdOS{VZWJwS?3aQZ*c;h%jfT>a5v3Uzwai0
zFOd>4CSUOGv<Y5%XTke-mGw(a{FmAOOeI%+v>K>+!eP75>M0jUDL40Jdy{ToUlb`H
zkUhMQa_#o5UJQ5L^ulznZy|%6EYu!v@R7Q`SmwQ<?B;~G)#kUE$u9ek(`(*VtS%bk
z6SXNnqTjr*fztv8k3aqDA;Zn0X=e5ylYeI8x1{GzUgt+%F~;^;QnH`R#{w_2(dnCv
zsSz@zLX|9@ixkg72BFH>SKJ6ODA5yD^%m43a%N5j)gm!F6R~VlP&{7T0MSEq+TJ7h
zGL;k>EobncK^fVJ<cyT;eA-}pK7)QO#(1O``k{ijI6+Jt=|-7jsHRh2ST0>dULg5k
z#;TLtw;O#ZWm`X%%5h}+A?gkfZ|Vi>oG56id$(rqpr;hOnvts-ix<naXumLw(i!-~
z%+iC?Z}OT^YYaTzs%u)hIw&lZvRW9DQCUwfR=CiZzc>88L__aAp0m#=R61POn0Zll
z)2Za5X?>Ju)>CIz%C26v4{f9WLwEd_q1|0K=F7QjPsw>A?hUS!oOfHqb~*3qrrtIt
z9o|D@(x~d1UyVuAx@xsW$SnDNgJUn6+l1OO`b7IWH&E6}e3rMeX(i_4ZSox4Z{6Km
zX6_<r1_-X4-Dymk^_R6es(KF&`xf5Tdef<l0^yf#F>Ag`FKSciv_Bt~+WsiPwo%9+
zk~v~3jM3}RVff$Nh=Q+fe<Z$JJ|EiBGQDs%o3o=ghg}_I=`pQbeALtO5ettk(rIKr
z^Qio)z#RRk(9MN8Je$5h$=+6sygbyrYV#yEUGmmCy_0jKFO-FlB4Q4XjZRsCzjU^e
zSw%QF#hER>gt#C(eC67GmC21`PAra%%S<b@if6nIJIgr28!hEkOWU__MZXt9@ns`S
z#8@c3Ita03K-Zf5KP<ZK`id9pMqj5jj6SYE>vDz3_!Vc2_O4<$jX3<#(adjvpN>iJ
z%0ADlUd*+Q*PUSH;1Uw9u5<s=&P<J$wfM!pu1<%Fr!Kn8NL+T@OM1t$rcE2ej~<ut
zl=Ix>x_S{|ie22Jvi(JS8>$}cov$LhJWTEqrQTz7LTG#jDPsD$K_1V<zHw5HNX^(c
z8Esdh`o|w1|L*>7#+Oa!o|4U|>fN}`qu}m}*x{>u4>!^_*&NnGvKjb@^DEg*?JAoa
zhmS0jc=G&{t_>quZNgZiv3_1hCvw$pExhhF(Swv{CjBB|QkkBUpcz=>%9H+M*$jNd
z#tCFIlVXFO{>ik0JgPahC?_?KO5qEqF<&?<+JrN;V<#0CEu8iw#IA#Ik~+Tqq2mZ*
z{M>9pzHixGxaHp!&ZpnleZD32Szq;K!!S+SVaf=<C6>=^hn0(8pJ=p=@Fn)39Mz!T
zjKz+Jy$pToGoI{kJTqWi$(lFb<#Fmdj~s7oP$7&Ne`k5jSbJLah{qp1c6jk-$Y0tc
zJ7EGn-8v=VP|}LAlisX%D6z5#*sC&P{A$JbJL|4oHQ5~7cVo19@RG&(LgCCsvIV=u
z7f!wmmJqwE%m2gD`Qw2=)zYV-Icvkc)5-%5?7Eovl{NFlLD^j+pN7%g@AMww@n|kh
z`_}Nr$(MSKyOM2rk<qLcP`GQijd=MWs^&NR8lT-UFUs$3Xx-dk?mcf-%~vVHHV?lN
zotQmeHa^^DRz{_~40IWCVXa@oK(gm4qg#u#<P}@g9_JoaUG=!->b!tSYilphK%0}O
zZt=$ly}O?a@YQl?PpM_#BNnccT6SB+cD3y3mWiolxMRCoI{%ky>Ahk`yIQJ|R1hWM
z;g=7frBL&TwC{~0rK@I|oZ4~HJNWF=N5u4AzO6%UOXTO$bno0d`jB<$+sPc$WmzUI
z^<@r21dYKNSDt}Wa{ezb3wW=nzzH=oH9wO~OH45@$fD&H<kR@yQQMW%jIW%t+LSY;
z^N>?yjdapan;-Sl=Ev{;er*K^`(A*yzVs)<&)SJ(vCEdU?HR}yih-_ub@D8Qh$Cgi
zdv7xB*;+OyatyWi`z$~F86Wt;r}kDvb)-D6{<O;UG`ej6tN!a|pJSV**BsbYf8o&a
zv2%>_eY8g&smo5w%%9!-iAbUy4K6&p<NBo~U-p)%ot@(47$f8S>h8JbO~uc>H|h8V
zjSQj47YkK11xexyp+H47kp3mAlx%8#7EQ2!e@{HIq2_>bcR3T1^aks)qZ*C`rBqBY
zee<N~dAe=1+ot=R7jGwRcaIu!P?zVWx&QQ9{iWVjH(j5clZr~(75pLX=}wgsXO8Dq
z>z2w%_8GT&tI^J(3Z~9#TSpHuzw4yql008!Siy>g;t`3nYL)P=ho5;&+$X-3-Y8{w
z?#_UZef?D<Vw>#M(029nUh*%Gdv`ye;tT2Eo)S{;71ME@gtXftwhL)bH_kR8b?6}>
zb-lIy_k=XLtB~U4r?C%b%spt+vULG9+_-o1UQN3#jwX-x&C6J|>E4|KlAB$Rl<C<E
z8iR#k@cF~8rTk?fb-lF>ClJ!^^z(<2XY&6!{WK$)AV$K-f&ZIqp7^j@fqLkXwR2oh
zt99YVmr8lMr3Ep8H6z50zFfFA&2`?(wOS@qqa##qN<VB)yQbc}_<&O3#H)9YGb-Za
zwr)68vGnkYz0waa9*h21_}TjDmUQA&;^v~{e57@bEUEd6uX@p9ImPPqy^RvoI-6q+
zg;t*DTjn>;slB3*>HT2E>=vPHW+54Z{o%{zKt#Jlt4m$}b@2?#x83C<5wN{Rywt<l
zn{<4A*fMvHyKBILO}QlLm-A*H+tF*L^vHKZM(<mA?!M<S*IVJ$hvvM{N|zlwgehhs
zm%jCO@OgR5lxZdNWY_gJ8-BpXDqqF9?{L}aBv-1;IH_0{w{xfTK85sgzg@X@g5&_+
zfK1J`le`!A(~>QE6u*`F3T;b2?-_q~(7XHfC|@(}dP*~0Z*9eO(#&p)*shs9-7?!W
z)3%2+)A7K}-_y*bu9|uM&IX;{hfl6cy&1A9{LHo|Vz$xcb7|ui#N0?1-%T98+3?f0
zZ)F2*+OBiPbkfYUzpR;#2heX?-3~taqN&Fh&B<+|ne<1Z+2LxZ^^aFOt)mcglBwX*
zAU{&4>)_*$RI{!+kn^!B@#sc>TH2|RhQl<ckM1@9b?EGY%C1XJEBKA)I$G}tIMm<R
zW<{xHqub-)J(MFSLo+U)x6m6{s`-{z<fY@%Yrxt4I_oqvHMV)<EqrQ|UK-q9-&*Tp
znUHv_ajomad2w=eFBTb4j@Gw+kT|G9i^!I&wV}}*E?z!v8sXaWgUwNr@={a&86Gf6
zzJ7h=)r#b+mB+(3$;NAF(Zd%!QqSL)a;wDsQN68^ZR^15)a3pN`!e4Lg;#F9dH;;A
z-`6>~X_Do4KP_h@H4WIbA>=VJZFrxT49meEG#nLcoTemMtr;|E$x9_-jUO%OVNSmC
z-FW@&6%V3foll&*owl;^;5xn4Xgm6OulU2`-QDlz`GRTPQ-bMu0R4jYgJ5=B#CE~#
z=|<UhZPTiUu5H?Uxc#eZo7ApSY1n)$Hu96>F2%q?hj+JJMi+3>R^OD$$5S*|rw-$T
zRTr%IFs4kwQqT;{aOJ+8u5Bj$WvR6Ja0~aNRJM;UHTgnW+9s6L-~5A6hjFF#kK;<d
zM4FO}5kp}N@q3r~H^a)Uqx*#UoPJ~Wp#Pywx~4X>Toz3{vbnTyID5?Ac`pjey{`Y$
z@MVF0;|>oSLsr_N*{a0}c^87ueHs1Dgp8|oZFyW@8W}SOxwhrHc3D>4+2$MH))ZZj
zPJ5@z@YHTDQ0aA>U@t>kcQkhA1??S=2w!^dWx4kntrN88V)2cNxf=<O&3j%TQ+ZWt
z#S%7|$p-Ql7Y3<pE?k<Bxyr;RPIHR33|H;dH=A+Dne@o{>ut#16Q(AuPGI$#ZK{4k
zIWqlC^}1p^XZNbPtxK&<U+Z5VL}=D_yArZ#ICI*&%}8KE9X>t0+V88P>KMijHH(D0
zAxk9dT?wm}ki*?8rCqk{A*r7qdHRu1AVu_oKRV9c-5JCeMp91+qs@nATqj}dwutS*
z*wc-%Z6t~G&`8oe=*jPmBq?3x@z!>h`Hqbq#k>30nVXzmeDK6Trv8d%;`!Itk8TTo
z7Rn$`yJ%HrGzj|@XL(wukz~$amPhlT$G9KAeW&K<7ofl56f@<k<IFa7r2N}qq}7kZ
zNUJCWAz2`1!bttjV+eXGErs~KC`7C*KNHGpQPUOHZZg~|e`9jJ<cEE0R$LEywDlV|
zJx>8YfrLDBRr$2S;?9%>Ci-iFsWq=Qi><VG4qtRC*J)tTyv>YxcdVY-Oi`L&=eK0-
z%g_1cnnO+>Jgj)%WQaU_!kP^geRBVKygE16rs29<f0LpkUzd1Rw%Ue^RZf%JR5|tL
z`lB<aP9+G1G6P9N41_|djcAo<bgIq2E|yXZpH<ST%WPHzExNc-OeQFC+?gAfH!AKt
zJnE8`(T%dV>E|v_-V%ARruWP@ikfVtbQkw$Llig0Hm8&ywW^vh=@N0s>y&AsUrUOY
zjdbQF8????sO;n-zL#-m#qsdL<a1^v#A1EJ{9%V8h&S{Wp0HmUq8j3JI<qt}vNxL%
zI+H7Cq(AQ&e}34zyET%pn-)E#o901}aGi9s+ak8>W>2@xwgIJi4-F^{D2=}wP$qU&
zO!B+jh2zp32h4ahHj;RL@7~?lPbW?HJAHo1o)Nig6xK|98W6v}tdE(X8R+54gF6i<
z|Mqup1Ik5Qmp_*C<x-n3m*s78nfRN3B>$;UcKrU;ZIAJDvmv$@;b$tja-iRuh^PB@
z4O^6Q{Pt$#UV5*hjK-O{2Eq5;$peTA;-uzt#&&fyLZ-a?t^M*`=g~6~D4RYms2s1f
zeQMRtpsccG>YfH6Zz)#iNA9keGlWv$S`!~VP5p6RtFL$Ur}W;ZcAUP|vYIetilcU*
zgi44RC(Lha$`@br`r}6{R*dis6RKn?l8opIRZ<gCFH!4QgMa-`<K_S0)g!i*k7!(!
zn{N`$py~1YDW^qVHc&;L=3Zaj-*lmN;PbHZN!5dPez-T*&S~a`laH2eIOvyr-K1q=
z<pg;@X4a`g7a2wUW^Rgo@ihurJb<@+=9Oy`W*TmMTd;Fk@Ii~ARrtZg8H>~;CoZ0@
znsj7V@RPN9%-l2dVYzuKo=<0^jYm``_`^fp-QC}OWi;(6Wi+5P;5sQ|w?%AM#-47E
zm@+1sv@2u8f2oYxqiWlgQIDj95QPW7{}10Gys~K2yiEQef=r|Gn@K`9KP);vkdQhY
zKeE(l?q-8Yq>r!t-`A~G_J6{jOu1ii#q%nmVbaVpdt*VvFu;{FaY{ezX2xIEO6^g5
zaRRNxzH@&cTUznOa$%cTCUhQK{#J!_l26MY<<l|>u^^ctCc<2FyX{k0p?+tS`Ec@r
zExfGJ2VQe$wp#3(eWD`x?9Ng{eXY_h$Puq+_X0P~Qyh71z0w`AO?N-Y7kZpHuxXjj
zqYL`xIYXCmhuur|yL;rp_&2*l8<NjVo|Ea-wCr7F4DZRoYnic6#KjIr%dVKa%HD77
z3yRN$q3kE`73Ut${O3Ar#Ozqx^qe<StZL$J3iUG$NkR04`l*Fzl=T0hR{#1Kvwi_1
zAm!j-hE(mqc}Fy^jnR&I8AsGtd2`2Vn1ob{#`wt(*ZF?&_iCn<-@lx6u<+1k_AdJN
z6KUf}%!0DlI%!_^QzKuGb->rOYHS;Cl|J}|yNU9+Yln-OLHg$(9;0Y7XK%diL=0&e
z_idez|B3sC`IHCMQ%WqyU(D@&dO|@>$~Ck_{eEBh)5G80qcQNMu?B*!L&TMfbsA<w
z{N=8rMn3aH*YWZX<@cF){8xNizajtm6)VdhuUJ|Bruh7{Z=7CL^P=TOFV=Q>dRBvc
zgXM|AjHb7HWz0REj#_u<>Xw#RYiUQff36byIA1t&B(m!DzHxE;NKf{(t{dj3wT;;*
z6=rCkUt%J0q26oate5W${Wf{up51ggxAx}5iw|4ACA#hoPCdH*vJG)%pRY4K8>Y_o
zFnXbWc$B?|>$#J$%G;L@5%vvl#PeUZ`hMSAy)+`pU-8dk-CeCe5odGWPa=29$My8J
z=7Wk1o*gNF_wqhH{(5oN=i>v%-wHJ&N3Jtoy|8~q=C0U={TtR6&5K+f?vZyp$Na|E
z^=kXSBwX8Z<!Rz0rA5+19hJ^RR&UypQDt;|P!@N6?JfE0Es@LSIQd7{SuMLA6Y28)
za`=p+d%u)^v(!!~%1185e-*U-?gtO#-#dieJ&XlkOx0^Y0ml57CqRYub?qlW1CpNL
zG9!NnG`bX=NXsUox0njLb$r)TpuOd;2PY#2T^=dFop5c|Y|`V=Z}v>R|30+$z(vPf
zf<8zP|Eb(p=BV3t3gqIHV*blhpu+ltIP3yTdR8_)>-#CthToMJw{_+C&RzL8tEAIO
zko4n8ko5DDU{YRoCJ`&v@0<i%X$=l8jl(|ZrKFghx)(cH_VnCjs)Q1AK0!9&nZepQ
zyY5(-e4RV7Z#uE^)HCVw(k<&+=bb+vuH^1t$z3yH_vEH^yo>2W9ArP+m|1EUjQ+At
zGFM67;pVJmt2On^C47swU#5+x->uG}C|`CyWL8|X!jASlZ)S8*?CeTi+!GGH`;*`g
z_4?OOg0Tgh*vI5gtGQoYSF=apRNgyyjJ`TICixY~;l*o)eD2dLriKq5r5RqFGqkws
z?L{Nv+cW0xYPOBP@bE;$5rh206Jt*K4yiP@_K_zvILg>vsd%`f<<RYhx><{+kNP-M
zSMmP(*A>wxZcG{I{FG3)YPxQ)21m^Pykq(6>Sl&dgKs3-rv9YA{AmN|?ukzPuNFEz
z_0>XQ{Q+F3uNK`FvHhz>Pq$LxR||eox&Om{|BsX)Mm=@Fv`5w8IvucXhgR(etf$A;
zZCA+*d*~{e8u{$6u9A_vp7s(e9&CNQd4oqdPi3u`grm$!Czty&x|3Gz@Ok#_+`9os
zr511TDnaynsu`$}Pvbf@gKkG4?aiR4hmpc&P=aXpRF%n8=Xb8M?jDrap~@Qfznfkl
zv0|CpahoEaJ7MRDrFTvo?-M5_J~-t*KAL^K|1p}xh;>#9cd75@XnYJQ@rh|&+UURk
zz}%o4Ia6+lJvr51Ggd0udU=@oPGsQqDgHM$Mog*HU@Je~mss-R+QKT=7uT9@oIKhr
zXZwzKE+unH>ccnxjNB>afB8j_=HM`^^;plL4(OplB*AGz_k+leH!^p<>3LMw-sDaE
z7!z0gWJI!2PQe;m?MeFP-0gPet(6t{`OnmY%BvJ6RZJ~2&}#cKn9^ww8S|G1kp!pp
zxK7U?;Ey0p_#?;}Z6nB0KN~^*q&|K*g8bclel~JExwtjC|EO7g{gakf@IutD#V?s9
znG{T!V7ex7D()_^p7`>_q5<CcfwQNUMiVXlhb9H9e<>YpnzT&)>EpQ#2e*%T>T9dL
zK{AVJceiSCM1PmhYyX*cdS(5cVb?NNPt-epiE?Mv{8{?W^*VBadW~QAPfa>t;`naq
zk!k1qZarwYv~06*<d}?5k%7XIqdKBiqS9WOe|^}<Uirc&>&vZ-*$20OJZS%Z>f%M~
zZ`&BJ7%pY<_U!%G!Y2Kl4zA}dE>umAP|is^nzCQ#WBp!d_2RvIV>K&I<o3H9u+#e7
z+4{o~a(aWx&ds~1JYc1bm<~s3-qe6ijgixfSW#Og&(;S|>n|nYb^PV$p}Rg(>*xcU
zRtJhTs4>qMcn71c=udjc@22hUk(_)D)$Az^B{)^$IzNuDyCSx0XiqoIw$X=1&x}4)
zKac(84Xv?V^-|9Mq1l%AA3{8ydg9X>F1S|s4Jws?LD|1|(=6vz6%4Zjn$u^M($xjc
zKoeK)_}@O8ioa8BH?(5E&Ec!15??JjZE6|&=Xd`jKPn^g<3p+1egyPKviQt=<<<R%
zqb{%dptt1Vh|`N_WQ9<o)G0M*E3aSa-CQg!en`sY;7#|tN>>J^dL9VMT3WZ!L{09S
z+*(BL`fi1#d$k_j37R-+L5a*tYFxqd>?Zn~6@Axz_6xc?YvH<-*XNe3UTnvs4H|Rl
zagK4?f?6wctGN}9GnJ<gdcC^7IAdm^L(l)ntN*z<XHE@?53E1Zq&KV=XT8g@(W$M6
z=y$F?a4mWJ@bEmJi;Hd_d>QzeIk{<SbCGv%Q=gz0uD8ZD57f3Uz42|LUDau&<%621
zEnI$y-pX1g*(zygd^#YFx<VuV<L7nZk*_>!yk?W{tJeh=q;sm*?%H-^G~;o}(32-W
z_m@82^l+sy+FC@l`rkUf-922GFM$1fNC5dQzso(U-4?N30DHO-wh5qG4+-Gwth!$b
zU`$s5+*9Qr<}&a@1NGs-ghg^zPA`uHT6+wCSN@D4>ojonCF0cs$sbE|R0YjI9anDI
zNdQCtvH-r$!mc{D|JYT5uYW~t`WN%(e>y;Z{L=wn|8z)1WPmV6_22x)^=7KVq`^%t
zRGB9pJ{wMrF`0C%!8g8U8*YkujrZA`s+I#P=Z@6m*2!+onc*bY7<Jis$;4+jb~2|9
z5Th%N8$MRQbosr8i?Xj60Wmjj70V6L(@cmtXCHkgm?Ztm<9OBHWNXUfk9Mc$PAVq)
zo|kx%OB{S}-H<P<#H=G{RWFv!vcqnjq96%^z2M8ADxzGX_+Q;HrG4$xxs-}k>kL+D
zBoC@}UA7`{Mt~c2pq})%ra`LYKu@g?Yo7&BUb81(I-gWqc4o-=i(#>WCcZYB71ez|
zpO=l&)nCco`oL(QSjm;c=gdtmS4H{zEBv#+>6+?HNm`?+=QGMQWzW&4Dgrd+8#f0v
z&D_3f$C=~ten-Q{U%dRe!ebrUPDHi$-#N71Js+K~d@4Pqe6O<(;5sQ^w?%AMzMgJ>
znDRv{w=19Lf2n*=Nn_fTPm{#|P9!|yeY^XEYIIi({P0wdv&5wI`FV{!wMTvDrgQsU
z-JU0YT(2xjG3$x@r!<ezUmD8HlmrdJ9#>AmDgCf}fBD8z{_d6F1R9u~n4jbB9-c}|
z`QdMxC1OT=Nu1s$iP4=U@uxNN<KWQR;fKK?|LqSq8+QBW=imPO>iLzryfu5RTGr;v
zip@RYK{TV&x7Z=?<`2Acyl?igLko6XZ}D%G-d^^?jOY5S>fS>YlWJ4-=NoV8L?*6%
zkfuC_HfPM1%XvBUzQ!+;mvavub_p=syIq%MJ+eF{K>~kN^|Ph&)BzKR4<eden(ydC
zJ+!p0^`nla#c(~+mN6&4R-f<ow_7sb<*r2D<gaVxG)vB|-N%!sXl!)dfgf*iZ;DvT
z%dZxT9kyQ>^Gfd6O|rtJ(@5}F<@Yi7uC32Biha>I-mq%)_@L)&lVbDkF2Ap+L5rpy
zqWj66*>fiT)$TN_{s$&rHZ#6&+2{J}un#4Db;eXPtpda9N}D#DYvNx77A<eybo<lQ
z(b7(r=u=A@n(EQ^^y?n-XUDv|i6Z#=sn}Ec`IJ<Q>!hFE7O`DFd%9t^jU4;+(8%%L
z^x3}}IYxC=&3!ZKcAQFRUTd&gN1>?IaD|29fcczCN4LCC&yfAA9G|*`Sy+~O_r*qz
z<MKL<96kTCYTlbZ3nx%b^tao>ADukozarXXGU|`NId>zDKbO{@KF66bo|AHJndQ)t
z_X)N~CGjU4pXy0IkK%eMRc@1eP8cg~@oZZk>g%VUO7hP-(sm^K60&WN<v%hxy6Uw0
zmlfwO=+TGgT#t}mx*)*keEr?zzVq_OyYpI4UN7?*7R_9_Fvd<vaf$m;HTjnnn@*2r
zdLRe3e;c{s6Dve|@bkM*RGvNlFMe!d6H&?C+WJsMMI!S2wSm_?N34r9+clt%Z+i83
z55KtU=ZP^J2B|hIxW6!5>>ch(nS{;2XSJq@o(8NJG!G4(O*73t&zeNHA&7CJd_Vbp
znV)8y={RfDUe3B+g~@$guNn=I-lo@ZcGr{ZZ(Hw8oUvsb`8h!@!_>21WTpAsxt|kO
zo<!S$sP_ExL)YCbHhfL%(^HyuZ~9DJCr#_Nh#j8t+{5jwP16*5NYk1V?0%(bkzF-y
z0&VQ{eOpW~Ph93Tn@f#ZxMI!LnY|Vq^)Vk^H#DqX-|VIJL!Hv3-fg$b>vYnz!GBrP
zniFhs-$#OiJ5%^4W_RHi)Dkf%zP#nM$y?-~%iE80aq!<F$|OakuP{bdcq5D}HIMdF
zUAyIy|KaG>`-U&~EO?ihtUYwzw98^2TF6J5W~l@{tZ7-s8`!i~>u}2Z>x1wT<hS>R
z1#Ij;PUiELq_+wC33H^c^^M&f_k~l<Xt}xa!CuqjgB2OiZ@=`fnzE4XQTOJ8meuEA
zYIf?4w^3WuQzvXD&<*w(`wcPmP?&UL=)<)S6J9N3{a-N1OLcubJ}R!4*n98$QoH0-
z-xI>^R}r7ysbVQA<VD^0-;%g~;kvDg<J0Cx*nO<MUqa8-X&SvzCFa$(W#O^2UT0-2
z-?MqX72Rz0>*ZH@^JQ-4StR-RWSymXab>FHCM1|Y4U7)9+T3Jfe~G%}j$B~I(2U_#
zXKm(;Kk#C;r<qJ_|K(^?5!K{H9MbNl-{R|?d{60JbAk=7liqb(#CE;w>2}w4Yo}b#
z+}f$yWH0-Bw{}K!RlSF4+Z-fM_gT0T-<<JJesln3Tm`RUQ)9X0X~(r6DMu4ap4}#w
zQF>v&JRD!t>DJCse_8dK>}7C5)kAm1OYrk9cXz(vp;L5RYZJVPe|ckPH?n6)(if-)
zKT<P1FFPxlA4CjH&1%1L<o@f6f@eOjyHk-gykT0@(2IuZwU^I*6;qZuYE#1sF;Lw4
zl~!R)XtE3?45dso8Jm21bH+uvowII7#jm}TX%<?jZ186Ej6V1MRc^f7)&JQp7uk6?
z#m0;E+i!9%*ZSg@CT`}Z2X9??mld`@3puN?>O`t@zwq;EZ>pcF<;?qhCETc=$)$72
z*dyp`km6kkO(=z#NP3BpiA8EwVnzXlYMx(^K*`P|r)K3_<fLY0rDi2}ltwfqwdl7}
zDw}lo@n6waW8;FX*=dCb)+S804R`ru_@+Y9DDR-mytxS_XZIwJN}M2ZTXy$KyR$y$
z-D<?w#zb%YwDS#q$IUZ)SJNcR_oUwBT9}1Spgy@jc)i``RRP(XpWODA8y!8VX3@=Q
zmHkTw&)T~~YKcvjl2`1jeD1N$V+XXDd*=Jg9oO0azGcsHD;EOVAb;Mye!KN_H+Lal
zb7gx<bDQj?ah)``+ak7WZcjJywlStm4~;R;rM&#r7&E-9+8QP9Jy3Kd-Dkv8n?5gZ
zj-vLx9eRM~c4l1g!z&(oSJ$36cC&PO8ATeq+BiY3(-_n3FRSgjlovRG+J5hvF8nd3
zuv@$Gdv%Ezn=iX9ZL%Bw=i|&DX8_^9Mbt@Zh>9>q;ZOeXa=eB17$23FalbWv>qD#l
zbJkUSsd#dRc5u$cBNmnu56J7jcB?gW@yVEx+P6si>GUCK(MQ;lt95P8`Y*AuYLqHJ
zJk`zBLi$mu`L*HWkLRp2N;E#WAnHrfn`LLGc$u+}Ho0F`x%zpG^c}-(FBh&3c)=OB
zPsPT-Nd2kY$~|7+ax0ZFjcr1T8<FB^LXj;lM~X{Dk2pn$<=@cdzaqfaiLYy?9{i`z
z<fC>AhmB_pRZY59vFO;De#@$PD>Qo>=o&b+B!02nbRd`AU={9MeDu+kQMk=%yr~i@
ztj7Ie84F}Tt0&ES7jmfKxtEV=gpqNvnfWWzD^vqcOt#nt{7^TOo8o7#3>`7;@*eL?
zI_0GCp93^~&DX7&f7?Uyw)e%*zGxd2)z^O3j=G!jm9Mr^J*BqiQl8^FscpAKY**W!
zZtR%aMoD%U;i~`HUjI*Od#pj_cSg7pxMk84-lMV`jJ<@i>uQ|fw>{nE#FvDeQxAt*
zO-@B--tr~;>mPn?n_D41d%E3$JqJsP5^a|&mH30)j(g|)mu2@@gEFptkjvN168r)F
z%UGzh!kzlJBiycnD?0LLaywgfsc!X28`+T_BaV35oq5^1HBQooY&->j@x(H_#@K~P
zm15`Qm!#G?N!r?9qz<3^mX2I`IbQP4KV;{|vy+NX#@OzO9B}G!c$1cW;hw4g)UKi!
zS{}BY8(=<I=5om0?KhSWeDK6sq455Vm-inJAAK%EKgs-rW%Smk>gyItD?Z=*Nhr7c
zl6Q0c5#Nng>F-~^_R*lhmrNRvr>75JZEcBrL$l?Md;Q7tb&Jw`vD$#F>czR!sJrwu
z$5S&HPraWzO*yY3cC=dc={>m*)#CWKk-OsLdJnI8w~?u5c>G+9yOR1SyKzSK1=YT{
z7U}g~xZbw3VnSH(H)G}GW5epVrD%*=eY3`V*|W(nZLgd(UMXk~zig?Z6LdG-G+(mB
zdrGp7HK5(`2g&NTh#jT~?%@W5NmeMK!vOKWl&phU7k@rL6f}W%UB$|iJS?_;l!eTu
zlM4^uc>XCY(UE@obe++d;{HcUZ-3r7d8hOA{iRZ3f|j6$D?_Iz>bPIle_5;!W}(kX
z!2Y%((5h|xmsSU@diUqU!XIZP;=k=S=4bje|KSPKRTUN6rfRol5BpNjtE&&5-Z*Iz
z%gFD|$Ly`fSIUd_vj{3C|5(^io02Gxd~f&Pd*$^ddN1pez~1Am#ov8!*?e*Tp~iTn
zzGFC!3}0MUo$l1f<VpTB^8FQV*H6E#V0Y8Ry?C|a&aI}CK2(?-oxxPT+Gsbuc<r1k
zCBah+0{&E=$i$}k4ypr?!@>Hb6;zE+GOj^>D;?@)HA^1}Tl?s7^JBF>)|34Q$J~+F
z@P!tpGiSm}9Cb~}*RYW-r_WT&?SD}%Te3l1VfFcUGvgnG>>Hb}Sylh)p1$Sg7QM!o
zua`bQDT8||S2{s0`OwX!r&5(v*7n|{`(pL_mltH>ubNLCTPA3!KWUcT)_*s1+4D6C
z-&2}&FzW)YlO}ar#CA>U=|&>dBzb;WP3^wn*tgl@%=7f)g>MS#@^<Ck&Dor(lVP6r
zG5KWDJL-{yR|(qjPh$_p+=;G^XbAr{@>IzE5XGQo|60F?zB{}Fz1W^!?*48}SC8Q;
z!wj85h7yOg+W*7P761SM000000000000000000000000000000000000000000000
z0DwQIIGWxw&&t-R;D!J8v$E4nx<0*TO7xK0NqutnEICKp8b7!Bu%$z6nB-QQHH-&h
z<4%`{1&&)#lT;>O*!HY!+fL8Q{>!rs^LK9~PB>oxRq&uN%5X-fXJz+AO7KkV={0F4
z|K?fQB$BNqiDYMKCA?v|{q2tv*t!d6qNETL7{t`yeJt#;8&|xer%4&jA7e1)Rnopo
zrVl>OUGO$J<@CYGkb8GmrH-sRK7%>9_CRg<QN=}7V>Dt;^to|m_1aOj1sm_&)$kcv
zl&P||+-!2(gsAx~HuhHD?>Aj_Ykj%s!T?r^dard0W!K~d?&tDsm&{IS9Ozzionnyc
zGA--oI7V3(OM0+E>muPT%uz^$;E@DceZ}RGUL780^H&}zv+POh*8|3O4%)-3+4IC~
zbe|{{NetUFnw;^Xbl|1%spG$;-tXl$sd@D3>fLGt$H+>X@@4N=UQJ1B=4?vYGG=tp
zrDHBDl`ZWa<Q~CiKO&BDAC;ps^WIH+f4g2<=`)=kCSN<gO;!H9Q}&%5#px8qp>u2d
zXI>DSmusc9tzQ*2{G%q?aDLqte(&JwC~ago*=K%T{Xn_3Pg&x{LzgFR#+M)kJ#>FG
zzdwZGI^7@LZ4uk=kM8Lf*fxD3t*5Fium8x-RYs4NEu2&;ePZgSi1%WFg(WR+53Y5n
zva8I%rSF0{<BJzLPghm8jCe5Ldz0(#sKZicNK`RXk9~6nRk8~gEQtTW)!My#!HCBR
z<dogcUh5;$?v?3Ceb8dYAN(iw^VntOEv040M%i7T88nS^>(i1qN?KAMD++Gy8zno{
z_vQf?Z>uGF)Wg0D8JlK2rhDH1YQ9EIDSL5V#hTr1&q2%YndhMOi*Bg+#dFY<-*r8c
zjJJDy!ht(cMS&QXpi{VewuZ;bEhQJ157yhZp+wc|mAGR#c|mDLo}d|c<Hm({dJY=%
z@19BcJ2f3AIFsb%lg&v8VsD;KW#p$asczH^YBIm8Q$o<0<j`kOHuGOz*eON%51xEM
zLaa#EHuebi1j_cehz-dKAqitlf<s)0==O;|R0c7GUjX5Q1iu%97);I2$<CsnlU^_E
za%P#pKeLpH@o<~d!dKtf{Q1=ygHr3g(pU7BU-SIux|5>(i$#I=x4wHhRaP@a(s5A@
zf%|;nOmn~IyN%z~iD$HIGmJlDeMP?J(4xjqDp50yZ!y<PH#jUDCH6eJ1Tjnv%>P_9
zBAq(*fO@H(rn}0N6LLusk6#+pA3xdra_3|v+??wZA03H0x#7O>w4#sbb~+g-qVM#@
z<q+An^9Vtvn=^##dy3=H=9?DtEmO9C$&IEfOi^FDTyjKH(&^<gPOOAC@)8GQD*wOc
z?mM2!_J08Qv1hhK!xmZRSdWqHz4r>)qhsfok#$f+_Do30NTEVjWF?OkDP$*<y(0Y1
zA&-nwJx|~B`{VxO^m^UL=en=Y{k}ifxvuVufW(;m*~6L%)2FKw<2`+sQ5kzAMYL=h
zP?9NuWgZrOPIDUheg36yoco*SK5;&}EZsU%2uM@x)o=rcUUdz0xO1*IyqwJ`|9bL$
zTH|hW#;7FC4csZU3IdHfctU(Hv469#FmrA;tLY4!a`r>JUEV4Ys5Hk3Me=2H_&N13
z|7-PN=^hT)quzlb?x=^@jM{!o*dypMLBuv;wD*FguKHqn>$FOn(5lyxJSA*bqe~|J
z=7K#g+8|?>n&X`)9kPEcZwe&*l$c1x2jYD3=4C{;3c95!X4#71f<_jFhon@QCQX8y
z>p=a+0NM%6nI{n{Zw*Wguv@sFtGVk$>1imj1kl>bhKwWi%L~}POREpD%<&T*r5-12
zkxZFFs${wVz~R>9qvi>~^Ps$)=`Dt58eT84{g|*r(EiZXQyd3BCNx2tFQG<8Hgwzn
zn7DIyMD4~EBwx2TZ8W*&9X1))vBji3JyV;lEXG~C$(i^c%#H`R+HR%+%jSS%SECgF
z@Q$|CQy{>e0f#1N^DXJShZ=@%KYA{Fy#l-5h{OTp{PvAV@Q*-B&`IF&t#e3VHK@!#
zHR$#i{Ag@3-n{f&`YJj>i=xqzooU>q8DB#50=qIxq3Ux}Zv*It#V49D>ZGYDMv&t-
zm^+9uk<;??nU2yX-@d&OW*Z#wgq%a?F~`N&b<1Fr_RMQWE*0)zRrRrSbIOP0u5P^1
zq4I(>){vpThxYFkoJ(<&inF6Ruf(9ri%s^kKDcDZmGb}K)$CX1DT_x!G}~WA4sxZP
z4Q5i5$VO2uH!fGG3gdUcoV=`C&{e<6*i2rqAX9$d7uVDLt)OZfTbPg~5OlgJ&NOU1
zm(cxnaAa0W{;Nxx>?s;7%+H9eD})-2{Vx~l*wU)g=?9ayF_0o(Ws%h+lC|y&5PVC@
z+dz*UN|2YLbOs{~o-*G{{X;wV0yopghmp|scW+HDioX~`^FcXb0u#^%QG3)@PXPgY
z1UxXr9RU%Yf!hLt5hP$ytKnfU40hcw;A~}~MQxBwR*P+dV)in{;1^nF08tYbfOz?I
zcwHh}g6U~suD{8}?U%vv?-B41zYGr6C<DNzfRL~5Aw>dx*5FO~)px*g06BJx$8q3u
z;)lp3rd_zCpfX||i|XeHF3#k9Z5M^7w4rwDVJ((aXKTopIBCxqKst1oCDDLR^fmFU
zt;4i`vV-4B=xqa0VRU!?zF`w)iX3`I8tq2>#zysl$xKcb59OR$85U_W%2q$3cGG6#
zw25ol$}BvTi$chy`C4|kH^kdV+jVDJv(w+VZz6YqJe-~Ud_65XG~UFT!Y^0N*{S9i
z_>X2or4<WMM+k~BRy=Ep`g8<&OMB-w@D=s*AkUACiW7&Fw%VOD`iliw;@b3atyyyX
z&{NH!+KZUaJ&qQ|IXz)@8_2ylbmvk2{DOEyM@<<zb<Yvk45Gx$d2x=ZIE?T%t00V;
zy0saql&&CnSA8$#4!X!1+z%WT6ly-B{8iR#)(`gfYBZIDVPlObY>Ha-0ei4HFvJ~f
z5S<Cz*jOP5oBVl;!?1DLk4@EWCaK`0#~_UqsZ4Jhv0_kS`wQgTPpW+Er!z<)_j>$;
zKV(6vEH~3Y5fCK42OHZzj7|Q$IbahTTPJvys=L{ni8)$bvVxTX@O=>_Tra^!UK&nD
z7Vw{XkHIYR*{;7_{tJ!RL99ULt#jyhBB0t1feIc2mDx8z{D`VZQLff;vTRYF*o=w<
zxi*%u2>Fv7;tzDxB83eMU0-Av<J>B`fBcGcKK5Nbb@J>LkiEC1pE2*)T-c0;VL9J5
z$z*H+5IycK33mzKcnWAnPq^4i<yphW5j|kym~%Lf<%s#xT58-}CcmIDb8&tN?Seqi
z>NJ=>-VuNOVGWJEVXGdy05tfydW-}e>jG373A!u_zsWXGQBjc5g%2OkAB17-Xk9;X
z1YN|3wKrm_>GbSUmLw`KOC4y+IBuh;53h~5ESV5yV#|B;le}}qC@nbuIbxRCnM+~%
zh&F?&r7F$@`?BaY8I{GhBKktZgs|(;i>9u^J~wB2d(&-MG<}`rht}Wrp1eQ^4j{Jx
zu930$<}ryd8@bLWfgYobnS7oafTz;;Zi!#+<Bp;ib=?%U1za~7$IMmhl;%ZMHDFR&
zAWF*oc{9KsDGv;BM@mE|;<l9L2$C|VK=&{yA^WA2i|Q`2I8^~&^s+a_Z(F*tvCcE3
zjpI5N_v|fs9nG3S4tfxMfU((T8t?!D-T${cXTut$1K1;_qTQwKEQZNA2RqJh>j?QT
zbo_R+<!|mB*q{C9?)f2zjY!=j4NXU~8=l^(k)yacNGT*fi(M?h=I1@9UUGCa<h^W)
z6>2VZbWsjweyg&YBk$jlZPLst$Mn?P-MDy%g(#_T4apZO=Q$Y%@qE;21M-Dl;*Z8-
zOjh1QF3_v(ELO<K{z!IanNpMRIBVCk?5lO@&}Uta29q6+eE9qsZsl!(C=HbSIS>iI
z0r5Z$_rvFVj9dcKGZpuq4tL(L8pCZ=Qc_tKlq2*p3IU!<fnA}pEN`dO&A?6<4SI2@
z%*l@|B#$6lDt8953{S~9da5|2wZspa9B-*nXmJsKHQV@(i&fl5Uk370EKuLR(CS*_
zDq&96W4(fDw1nUrS|YgUQt4hPU+%h^h#M}gr1><!H%9#)e2|~%KD`%}4|~uHm0D_N
z7$lEQJ`oX-tAtr+iYV)H3bX-xtUEBo9qSOCW82o5AjrD(HLSy|bKY;=a&-2pNxva+
zn@9A6x*WZ=XpB?Ru@daL9|@b?F8?)Gkcy{F6QFDSbzj6l*FDzB|6%LW*Wg<h9at5@
zkeh`adfU)B|2lM_-Ozz_fu}$)8Me+LKA=SSA#%4vRF)$|+F9)0V1O9~POsVMa6Y^2
zUao9)pUATo5`%Pte=gZlJpp=NE_84zy6487YdX?gVA^rqBoud_52JCd<Z6HlnE~MQ
zn-irobC{=-nk>t^As_gn{M#oKYWiwwCeU;(pSo@U!xF3?MQ|%q$Skf0_VaJ(;RbNv
zn}j26Atwiv`R}T}{m#(|t#Fp=)hKCWNx4GW<olV%Jc7BGlf!H%CeF2&zg=)9o36Eb
zm4@BO9efWUlxN|k^x{L?c<;v{vB|ME{ZmXT?Fl&c)B@d=9QmA$iS-6V2{PREo#yl1
zv#*1!XTnRY&ax*~a15`=vgY^RnKQOCDy3)zR<$2}GPintiqB6To)zEA?!$V|{WVPt
ze%`o%9GA78>ciE=!mel*m~lpkGA?}$1F*-q14G;~4$&$0)i}Kih*{%wEP3htPp@$@
zytH4tr+ytT-ia+vt*sKcWEQApcbqwWORCrBjPbFhD-NZDShZu&bI>z}n+d@I2m<d}
z<7E7YwM$;o18iz%Wou+==HLu#2W%_?pKaXS6_EwTUGz40mwsn~)A!+H0-XlZZ=HQg
z=AXa5Gu!#?-iY6yi=KT+Uq5U(w7h6XIn2eZB3N{Hn4giRl!JM|TZ0u<R1u;D#r1k4
zYbBH(;zk$Js%h!!9Xm~pMVb^$6na!p#CJVhU>F6rL<;3zw~|J@gKef&RIOegMRTek
z^1M|H#;|LA6oqA93D`h0$c{!TZ9pY_KryQFx}RVC9A$yr7JyDb2O#SffDAx7Uz(k3
z37_X@g-`UenwkCa35g`S?(n!1>^AokmK*qhDIQR}^QVh(t6rs_6!bZwbzHRLbDuD#
zxc-ED2B$-e13UCCfy`q&>Gc}$YUsQ!IW2|`{d;5ThryD3B^Gv31w@wuBPpdL%#{<z
zT?#6xGo)^o=gfbMO(8GvYPG?rbepZty4f1XWiRDGL3~#FlT3R$JfRN1MSh{*i_vlW
z!&gE|)GbQaTb00J)rxNSkbKz;5Hzn1yIJ69?$YzX5O?%MY<6zfhx!Pr4`WLM4yzBH
z_KV3dLz9df$IY|B5u4mi^$}N_=}PE^ttT?eo09T*o8Abyka(W}<@1|Ka1Ic7Zclw^
z`iI4gE%gU%ifL?QD)+rrJRPv(+_sxezg{K+cWVjM1)c#h0vWc>p%gVTrTY4(e|70j
zrmgO=^gEMdX!syQC@omvs{U=q(vnXRr8n`b@0>ZMTO5J){^7ty%WP*o{^$qC9vZ!$
z#TRB@W?{+`#u<wcur#5^^O4fAqIw{v@10-xyn((b40QG(f%^k0&FU%%hExpYPoht)
z2(yo$Xg%R)*(5!nNM^)ajWYQqMDIzi_rF}a!-<FSu0!<1iwdp9Pq;EE)lt6KmjiEd
z(J6O1IACferRuClDyFzxSjP%ht*ACe%jV1bOAwn3w;0S@er@KF6Hy_<EgG;!ZNymW
zUlcWUwV$CYOZTPu1IMp8qBrJXmt>3;RvjUcbz#;@6z;%VxaQ2Lzy9hdYKcF=-Ow&p
z*N@8Z{{LPc|4Ii@o4+ITj`11!boNM@;&3_ga-u*X%r!kkxfWaM2iW7<fg$d=hS)UP
zc1;&Su7$UJJj^x6{jNbr!%vJmJMpY6>vxerXsBXi`0|CXcR49z4NS>8-B-z;bf<>0
z=zRT+FX+<$cs3-wWdgA2nu!ssvy+)AtC16{+0NFfzQ{nBY4O{pIsO->ef#V9zFL6_
z9t4$<)6eda{j65UpejAp*B~xqqWJs;QHofJp{dDHOWG`)8`tGmJ4)?90uD<@<df(%
z<t+=n7@0?#vj)1O`u#Mf+E+Tk4nzIKY7bWEuvh^O<D-Nlkv_x=A#?tdpPSYBpxCY%
zn)ys9J}$Ud#-kn_E%BWw;V6rEn|4BvYMp_zQwGQMb?%mJu0RNoWvdi~G3QHt;Klsc
zmEis@!49eiQQLy+j-L5oyn@@5o&cp>z`Kd|H(6&QJ>7y$tMZ#;5o=Lo*D?wN@Ddh;
zCu^R0(BS0U8(?LNxR3M~+pR%SGF~3PqN~SG%kolLzM^Tq|3Vg(ikO$#+hbBhBf`Yj
zrIbG@03b|)OVr|E+@WT!fi4LR1CqpMB0uta7*I=HzPJEStMA<&zufoUDjw<|c=IiF
zqt4ktOmn&csGZiZk+e3VM$+Le<A6P89vI?|nTSr%uWCAK?WhU)U#fYv=I<RfIYA&G
z`&RceZg#(#8Q2^)Qi9b_rr+$eOXUKeAQKazy5#5#A3ZqiXSItkX>s6uTdHjg-|(4x
z4@;PI=}7E5uvtO_hWJliR7^rk6{-)!)!fVzQ9!T(fMi#zA%B?Ft2Ir4O;(+D8ptXk
z!3u8}tBD9JykRh0VF%LR+qgRH#r1ct*6tk<x%qbOhzR@mdtdq^f!o*9kCkA*)a9fZ
zPBEi+KmZvw(0<FLUDrv3ljSs>m)}cBNMQhRoFSb2urU%o7@b^!)VT3X<Q)%zgubg_
zGwQR@*#NaDy%Ys$p%XL-5MixXVC4F2kNY|-Stt6cQ#DWowe*6|w(yY8GsjvAs<_L(
z=m60&CQ%^ked#*s^+xUM4%&f0AAcbKmcg7rkT3hUSAGZKT|MwW68SL$X3R;yqvIT`
zv(7gqrla%DJY6_K%&Ju0wh)++SHU(lujK9~xj1zvp!n7xYSU%9RJ_Qw*SKv>aSojW
zuSJg2UgPw8OMWxlg|no}-0Zsc1>9LQvyibKLKk2gnU7IQ3EfgioPTkKFR9AAH^^Q1
z`F|C3JtB*%m3HXqk=NSjfoJ4z-+I4wBF80lF22?|q(Z;bmIbTidS|oG_`ulKKor|o
zYhD8Ouzg^NJ8UC5tGA0?bp#c={xKSd6}$HPRbF&&Y8~!%u{@Es05<R>mrVwVteMSX
zN5wonN195bm&?v`TpNm^<_d3<HXzV?PqFKR{fAlhk5LDF{oNB{1hz8WGlbW2w6nF?
zwEzfd0(Pix3vK_)Thbl?upmeP$hUP4$JY{QGnRvfj8vNu{q%C6ERQv+bkZ^ns^KFH
ztTpuwCazD69?jm)CjP9dktb67C7m@hqoV4|;wYJUTs%<lE|xTu@g2o|ZqdpVWmJCC
zkO^M$(x-PCP7CH-6<IfZWsG(X<<SwG%3=Y0UdEZw@yS)}CQ@ZcVC-PA?7VQM1tl5J
zB9WS#|Iic`eYonpN6Ie@^id9QQeug39^dV6c^5H49028A$y<R%tTl_6p^ov>nVol7
zX>vdxbb=j_#3JQDj#k`#&-I7f0+(Je2-az}GGetQ&fH*lq;GveQ{$5(>RHt{_q5g}
zuFgscnW~o1jgNr+JKTm9%FKl9R;Kz|M$f#FeMw)fGV$re)4T6Iq4m>H-iZB6tG~(h
zf7xw<5;3bBVFGjbSve;QG@$ol^e3lbAgUq?ME@8yz#b3}3~>iUMCaBvh$;vI(aZk)
zVIbP=2eGq-T|Lb6SlTuJQ%%wy<&;;IT5X>S;EtruiR=0+zv0LVh2TKZls7><4+u2a
z3nJbh2GPs@pNXJ@K-^AWF-I``AFOOGU>uIX4#jN}?fwfAg+PKpfvt164!yT7evOIB
zWGAQ}p_qGDjFT-3EFF<~IijpMd8U4pCr`&A{&R<bqis;DnmT`a{gfNka_xfT>siut
zE*m%fX)^w5x?u+JB!l=l5-+=)c!(rWVg+#JT{b3CSsVY&4|fNe&Zn^)jkkU}K_qX@
zo|8dxQaF0B^%D_~|78*&QbA*fX9zOEt+~KF!YZLH6i)(=??Dj<{s|vG8;*p00EXa~
zwAWn>(PuvU>s}=DICiYP>T36my2lV!CD#bm#@Sw+8gEglS``aVwSr|U6*9Zx#|2dS
z2B~vsfcn_6{`5FIKgOKgFC~5fO7^_GsO^;Ml2tD@CYD5GM?+<X6i#-OJ#T=1#*Mb>
z|NQZ8^t3LWz{Kakt8SE|VB4e*gQGd8;OX(bJpb1nCUNCaXu}sK7uj1@Sb}j#=#hLC
z>M#zK5XGUF{k|!l14G>55Ybt+JwdLBpb2u94db7mAh+EQW3-aFTNEB<N=Tf3kZX3(
z%`&tlN<ji)qLDgca*}Svi(HnR_0Z!A+m)i%o(b|lUMae4!2fUNcVU!tw6od$RuH5G
z*kQ2EqV4ZbnuEA`cLT}$i!~!Ww%uR<BOYV?GF3+gNz?GxB5sZ8Qg;f`VO03Z^c#@f
z1vOdqu_=-2k)sYL2hp38BNt+X4OMb2c8odm&vP+@eTyH6^UytGVU`S!q#$lcu#(KJ
zvhL~jQIRir`cXxwry_JF1@b7rVp0-2mg}|qK!I&8*T{oadVLq*D=4^HHoN`~Z}YQ%
zIXOgYv}Wg#>k{2N<|0-bA|5K0C!iTKRMoUd`$|&+v;Deqjf;&xuVfC5d7d&~mga~$
zfppUH{Txokf@|w^5l7c2Pxn-^;Z-q~kv23-aPg{~QIZQiU2}sp)HhhKBwkU}+VMTZ
z`WVj1Fcz_M@1^X$$~Qh@rJ?s0bXn&8-FAQ66P_%G=l{R#K(W{FV`Rp|kuWb0m+P~2
Lby)ERwIlr>1P`7~
--- a/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
+++ b/security/manager/ssl/tests/unit/tlsserver/generate_certs.sh
@@ -262,28 +262,30 @@ make_EE otherIssuerEE 'CN=Wrong CA Pin T
 export_cert localhostAndExampleCom default-ee.der
 
 # A cert that is like localhostAndExampleCom, but with a different serial number for
 # testing the "OCSP response is from the right issuer, but it is for the wrong cert"
 # case.
 make_EE ocspOtherEndEntity 'CN=Other Cert' testCA "localhost,*.example.com"
 
 make_INT testINT 'CN=Test Intermediate' testCA
+export_cert testINT test-int.der
 make_EE ocspEEWithIntermediate 'CN=Test End-entity with Intermediate' testINT "localhost,*.example.com"
 make_EE expired 'CN=Expired Test End-entity' testCA "expired.example.com" "-w -400"
 export_cert expired expired-ee.der
 make_EE mismatch 'CN=Mismatch Test End-entity' testCA "doesntmatch.example.com"
 make_EE selfsigned 'CN=Self-signed Test End-entity' testCA "selfsigned.example.com" "-x"
 # If the certificate 'CN=Test Intermediate' isn't loaded into memory,
 # this certificate will have an unknown issuer.
 # deletedINT is never kept in the database, so it always gets regenerated.
 # That's ok, because if unknownissuer was already in the database, it won't
 # get regenerated. Either way, deletedINT will then be removed again.
 make_INT deletedINT 'CN=Test Intermediate to delete' testCA
 make_EE unknownissuer 'CN=Test End-entity from unknown issuer' deletedINT "unknownissuer.example.com"
+export_cert unknownissuer unknown-issuer.der
 
 $RUN_MOZILLA $CERTUTIL -d $DB_ARGUMENT -D -n deletedINT
 
 make_INT expiredINT 'CN=Expired Test Intermediate' testCA "-w -400"
 make_EE expiredissuer 'CN=Test End-entity with expired issuer' expiredINT "expiredissuer.example.com"
 NSS_ALLOW_WEAK_SIGNATURE_ALG=1 make_EE md5signature 'CN=Test End-entity with MD5 signature' testCA "md5signature.example.com" "-Z MD5"
 make_EE untrustedissuer 'CN=Test End-entity with untrusted issuer' otherCA "untrustedissuer.example.com"
 
@@ -315,9 +317,13 @@ make_EE_with_nsCertType nsCertTypeCritic
 
 # Make an X.509 version 1 certificate that will issue another certificate.
 # By default, this causes an error in verification that we allow overrides for.
 # However, if the v1 certificate is a trust anchor, then verification succeeds.
 make_V1 v1Cert 'CN=V1 Cert' testCA
 export_cert v1Cert v1Cert.der
 make_EE eeIssuedByV1Cert 'CN=EE Issued by V1 Cert' v1Cert "localhost,*.example.com"
 
+# Make a valid EE using testINT to test OneCRL revocation of testINT
+make_EE eeIssuedByIntermediate 'CN=EE issued by intermediate' testINT "localhost"
+export_cert eeIssuedByIntermediate test-int-ee.der
+
 cleanup
index 2a9b36051bcadba393a58a78532768392e7d7078..3717715c1761ee76d5a4ec15039d0cdfa90d9aca
GIT binary patch
literal 458752
zc%1Cr2T)UM_b>j0jua`<qz9#lXn+s`BE9z}NGG8P2uSa+jbcGTtf<(#VgsxwDk3&4
zh#+DY6~x{U6cztT4(~6Jm-{4V?##V2_rE?fXFprNtbNv5!8{3xIetFw@fk51vGdZB
zs2Li@xcN9d9%rqgfy3ci82?D(*n}AW2#okO9>-k^&Y(wF0{e{<$qU65NMcv>ujkYA
zt@3{5h2}N$P!9kA00000000000000000000000000000000000000000000000000
z0000000000000000000000000000000000000000@c)!VVPOSTRXklkgGx(`Ns7s!
z+EX*A|5-)sd>w539W?xHY~39+{`0#Uy7AE(-o7p#Hoid`ZVo{jvpijVW;tkhd1}~s
zc{;kg*!gStI(WO=*f~tqh|h>gGW=&T(wi<Kq+q9t$HgZ{$K<4^CNh3Ef|{8zkM-+_
z|6D)9@IPmwwn9P*3Yz#3))z$0rN&1mr>A?T#b;47VuXjAbMdryn61GInJuutKtq>m
zNHo&37Gzx`kadkjDlI0F{Ut)9uE7fb>l(&-jsijo%9{9yf7;HZCB#H!u)job)HR0V
zF*-5Sv*Q<1Q2Nh*O?-NKW=tCUYXnAJ=AZPxu0k=?TSCSQD`;xsSD3PHGIq>9;~RCe
zjl2N&8_veo%h!LZ29?P8hjF`6jTrwJGtXJS!TcRV=5JA$zoamKNn!nx`6Uz*^I*a}
zkeLTl=7GXIm@yAj=7GjIn6WNJ{O8EJBGHI-{O8|8VjWFbM>6YZ$~sb5M>E!u$~w|m
z$0$}~|Fri{f2?z(f6iG~Hey}bh;?Nn)|HJ|S2ki@*@$&zV^)<htIC*FWz4EFW>t|{
zDVdd$St*&7lK)9r*Cey9Y0COa%0EZe1X=&3M#O*4nYBi&Zb?K2BUa19r>t4CzS@}e
z)yAx^CK3Pn>VLlQpWiWN9Z9UC3G2xGcavEERub#qN@CqECahW$R;>x~pWk8DM#Y#I
zlZ;Ia*{4SA(-B`lVxO9@Ps!|4Q}!w4e@@BlGBUf2%q}Cd%gFyJBeUBfv)duF+aa^t
zA+y^dv)duF+aa^tVVs(=PpRxv8v8VgeHzU^jbWe0{?94v8{wZ*8oM1Dvz=%YDlwYI
znmC2X!k#bLOwX84NWn?-e|6`_{!<!Z$Uf(1+(iorG7fm`7xV5~;-3Wo0000000000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000QmnK@rmOYN4=tzxT1qaJFy?wC#(m1g0*8eutuy7tH$<W
zTd{RmDYg*H!&0$0ECLI_JTQA~24;lmVH%hMCW#3a{Vw`e^tPz0sI#c0=t|MKqT@vy
z8J7eA000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000000000000@V`NXUjR>7jrr@bPSTWS=`v4bLfXo8
zSSQooMQSro6fb?6KAClLx;1nX>!h|XT8njZ=vW|ub+YS^kS6P7%RrC@>tucX0(I8O
z$~$k=SSQOa-%w?p6j%7Fuuh6nf|OY&*?%J@vQAPh(v?^z@xiYYStn7rJ_XiEaP?_<
z)`|DqJUP~h>#mg(SSNN}wX&=ei-uJ)tP_);&!kx=20m}3SSQ-icgM3%)Wgq6vQ8AK
zHzimn;}2dCXPt;vr-`vn_$?2NW1cAdF3uBWo%AJN5MiBsG@LKYI_X)pMu>ItoJJC4
zope%!1z0C{;y&@SPOi1d@(J?`h$>u6ZXL&%xgJKsVZX5f>?`&G>&0GTPq7DBJJy0V
zW0$c8>@0Q?tHBOo`>>tZ7Hk8y23vuZV8s}Q<zbmv3N{yu#i&>)7Kr&`9+)#`hgo7~
zj7tIl000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000000000000_<x)LKMt?QJm@kHI?RJM^Dvotn8ZA2
zF%JahL6dpVU>?+&2Q}tFm3dHM9+a7fiOho%^PtE)C@>H5%!3^BFoAiHWgcXh2WjR(
zig_5%JV-JR63l}*^B~4NjAI@|nFkT(L6~_EVjcvU2La}RpLyWp=f{bTWBm8%71iOe
zpV$}d4c3J{z*@2E*hQ=ktHBOnJFtz|Dy#&fW4Tx=7LQS}Aj}7I!E7)y%n;MVG%+Pi
z8WY9vML&za6ul|xDtb`VT6DeWBIA+(00000000000000000000000000000000000
z0000000000000000000000000000000000000000000000000000000000000RB%9
z=9j_m!3FCLue!sl&hV-|yiOioCk?M!!z*EU)f`?mhFA6BRc&}x9bQ$2SLNY#;_#|8
zyebZ_3d5`X@G3XFP8eQghgX^5ReE@p8eYc_uad*7#PBLUyowF4<Azt!;Z<aK6&_xN
zhF8JiRbY7KA71%{_+><y*I|rOuc!`({lvatZ?G=x0oICL$1Y-ZSPgan+ktJwR$(O=
z9m~a1v3QJ%1z|pz3uc3vVTPC<rim$G(wHcQFZx;ZrRYsjSJ8u_)}rf07a5lX00000
z00000000000000000000000000000000000000000000000000000000000000000
z00000000000000000000000000Pugp@c+kNZ+O)mUUi07?csIu@H%OD)f!$2!>i`-
zsxiE(53g#&tLpHoGQ27euM>w?rQua^cvTo)<%d_f;dR3BDm%Q&46o9|tJLs1et4A}
zUL}TC@!?f$cpW#qiVm+L!>jP{Dm1(b4zB{kEC2AyC&Vu!%DfI^lzIg?T!B%Mc9B)V
zU;z&6Eu32DfC(377lvaR1%*ZT3XT?iEQrRo6etxfE4WrDTa;SZi1}h>MY9Xsigp!r
zVJ$@xSaD%rK}F$#!be5**j(&n;mZHp-yi@0000000000000000000000000000000
z000000000000000000000000000000000000000000000000000000000000008`Z
ziu@!zVZz~DOG?tv-d?#6Qj4S7FWp~WqsI)gL&jy5E)r=jKQj9VpLf=RZu{Oxy39c2
z(AE~epf0t{g@U`!w>m8G`ewXXhZ*enwLk<5YITm%^1m|StaO{-q%CsV%plT4?|sdh
z#cfX?M$NTvej`ZdSBaX;3}%^Br+Ii>{>g88?n%t^M6BpWwA&<RaPM^U)khPPkCC?O
zzKQj{>eXlKJ4=fhgfutQJQh0cb?3?#ZAbZ!r)+H88VJlF?>?bo{L!~F+(-!_zBRx4
zk9V${s>uxMgv6h(94tNKKc{}E)hn_5l4tG#4Q8Mj`&0p|pm%?;kT~c0>O9|%O*4+G
zGXu;g-@lhq8yCFRGAS$i&?B5cM}itNFv{>JnYDhyA77{wckGu^h{eGvbX8_B)1l&*
zQTdE-<Esv-9-FoJKt<Tc&nnEoVg8A->%aA~UAM=J&fI_(T4Q#>Uzr)$-S4SzdAkxX
zQuyk8*tE`j@sy=)6Pdx^o;ZR1t5^KKoOj{e8X;$Vg>&{LC1&vW(wWFxI(}<^y!f0q
z?|X>QxbxD1ip*f;iPZ%&l!Yd{*NHb&yL$+lE)TI(U{$>D%Xzl-?#-ZR)r=!%^K{$K
z6ei0vgIhW0Jw)$XZ#`!foHAj?THT#uBBpZ8pux@N2c<mZ&M9wlV_2U-NW?0Aoe9i9
z(MnUl^5E3lLZ6y8{JnA3$atcso-8xaSowRJScG~fUiHtXbtS5mt|j{SWLVz}I%kM$
z7nXZI7HtzW3dM!k+8@o8W(LLH>eu#!d8s)q(O4z$H0^-KTI(HB%pf<ysdx2f%Cl?6
z19zlt<hoK{&yOC@45|X|-8KGb&^k#<;REL1DS7VA<$g(K@H%e!{u?_oG)op&FEDyL
z?(&@a)n_GG-&Z{f>uYwMcv75FMLj5~D`u?vwMU#8L?nK4stZYcb-kw6?)ed)4!b7V
zjbg0ZW4=st(4f>Tleu?yx1VekaUr_zAIA)Q-p!rX_)gulIQ!)DgJG{b7j>Dg5oHEj
z|60<gZg{<0q<hjWZAB-AZ+a)gM3})QnX@x)%*m99E-=ZjS^em7hs5n=!pxwzs&SW&
zv7Z~Y_9t#ZaB=-Yi;Gi)m_g&I4_+C<-hz3#&0#6=s}Fj#KJFJ}22|Bf%lupVd!}`{
zIzO2C($(3imL$LoepQjFYj31&EUFvoyL4rH?pevjj{MBv-1lHh@rZTqIjf{UZci1o
zwD*fx$EUzg5+&xEY8dsNlV9+D>d-bfC-vE`k&1$h`v5+yk9k)hi4Fd90ssI200000
z00000000000000000000000000000000000000000000000000000000000000000
z000000000000000000000002||Ag2=Va9PB-F_Snhi`I@#$kOPMIPbqTiuI1)ZCwX
zSh^3npLf@A$GKU%X}C4G&3Ak5w%sif+lb{AH5Bc@EQ*G(5KOh`S&?IrPGM4^XW^T|
zgGC~R&4r}}-wN6bCg%Sts3@3SaH1f)z$|}zK0WVh-u`^Me8GHL{-nH~JdeC-xf!{$
zazE$R=8ey7&0Ui-nDZz{Glwr{OHM>ieNIu1b@smOrCGPLj%K@Ni)Y7Y>t}t)^3O8K
z%+CzX9LTK8lF#hStjxq`yvWea5Y5<~5u0%-V^M}v`jPbVw0mhM(|yuq(^Jxo()!Xu
z(kxOJq(-F<r8cCgranvEkt&k%CS^*>xRk1tgp}r#Wht)n4$Uh~zL|Vzp8GuUd5QC;
zCcjViOrDmMoaCAGG3iLMWYX=V6^Wk{?<7ji{hYWm(L1p^F(r{WclF$~gxZAFbBz+d
z&h?!ulW;eIlrSOQKb{od9=|reFaCIZMqEeS$vORVI^we8$Z-{M0dewka^}pA-4L5I
zM=`c@4kh+S?CIEvF@rJYF%x6X#N@?1jH!$Xj;@d19Q8P=J~}j7CAuKmBI<Wkc$6ir
zh!##8qMeUYqdlc<rQxX0sTx!qbvreZ+CZI8wT|2wxger3VrQgnBwr*gk`VDC!aibB
zcyzdZ_^a^U5dz^&;l*J+VOPS0LVLm%hdGAr4T}xa4qX}=7qUNOX{c^UZ>V#qNXWI2
zDIw#6U4y3tHwP~Zej8jBoDg&~=+Nx<vu_3^22Bkr4RQ|>pPfA0GjK&<@@&b#+q0(y
zehfSkC>8KIfEXYZP#usGa3^48fcLE0S*!i;`q$3#oh36XZI+S$SATzhl3#|Ozh9r<
zasLT^?S5;0`+Yln<$d~nD|`cdPx@y0l6^M#<anR<-rz&={^2v*N71{}+uVDiSFo44
z*F&#LuR*UfUU{C6J?lMwdp!0m@U-yU>>28*;@arC)8&Orqbtpo;JU!o)|JmC+Qr_v
z*g4uoz`4m~lJhI)-5%#Wwz@~STVoyA>7s>2F@?lJnfxdD7xI?nCFYvuDrLXQzLK>n
zD?QUPQzQLd`mMALX?dv*sXFuC&AXXgmYke4JxOYA>)hIe^aTHSxw!s0r{-*k4T?37
z{uTW=YD-iR&5EWG*%jFsu`nV!d~&!@=+)5uA@L!u!D2!0XCI!uBG4<4IP1%-yZ&qZ
zGyF{a<bCe@oc7N34)#*^{OyK!ec`gprTG8$9RmOW0000000000000000000000000
z000000000000000000000002s|1IkLHhk&vb0VT*(lR29jLeKoV@*sMzcMi<8=IKn
zn~*sLe+iY-Oz@4!dK&&BvYv!*K-N?77f?Bwh(AA8ZW2LcGBh&6pF`$Ee7zdK6)T?`
zllz~T#4bOJii!9$99K6rGBh)xu%}yx%qjTOsGKp~Q^<N6{v@)Vgg=3-r{a&Ja>jIz
zjg^zx<EcgFM10NY@v-6&H%>JwCgP8dy1Jo}2`$>#%!obRBgmYBKa9#5(>;W&r{NDG
z>q+=3WIYvs0F^VQyML^l$R5u=WKP8I9XY;#VoEH#d=Dxn;&*dg-6$r8MmA<ocNa3J
z;CG^O#&mZe>uLDy$a)ff8?v5?--^l^)7>&wZpa?bW@JvpZyG&5Ry^XysYJy@{KnB&
zr$iaY#2SzI-ra!ADfsoMoH5-BWIYYP4p~pauSM2V@oP{yW4f!y%14Z66*4E{SB@GV
zD>fSOy<3ioiTD*9SEo^;4NYR%(=9{h6nrTvXH0iFvYv)thO8&yOOW+c{8CiTnC_CX
z@@V#W79(>ae$nXhvEnFpc`+&`;umsW-6)ns9`TrA0WzoH>8PAB-TBCR8XiN|lki2z
zdMdsUl{2PWFjhWdTgpe~M0_5{_?YpC#|*isn268exH>h8#%P*7-E3q|!Dpdz#&k20
z^)!42vYv!bN7hsEX{ekr-PEyi3VS>$$ef6uH+p=m*pywKjEaf)B+jcF$3_#)*wal!
z<`n!~RL+=g0<xZlk4M&%@Nvj`Dt-<sXG}MCtbD|HVvsozAI&j7W<25nT@)%N;%OXL
zH;axnW!!W8&vdECoPv);<&5b@AnR%PaAZ9RABL=_;zLn6W4a+@<y7`~f{{59A2fP=
ztk{fQJ{uJi@qwIIH>E{UOxV*6K;{(uEL6^zu0OJ#hWA6(lkmRCdMe%rl{2R6Jyvea
z9*-9?C*nOh#>b3}*ySFmn22}hygD(O7&GE~*A1Cd@UEzwF<lpAJq_=StS8}}ko8o&
zBPwT1*I}%D#P_Z}GAH8gIL60}M||(vqGBT6hU4mtJ7$xp81{6nkvRo#g~}PzwM5p_
z@H3J1B)kQ(o{FD=${Eu&A1fd6kjf016Y-SM<734%cDX4kCgRDQS0|Z~O-9@^m>_cs
zo`lL7(=|rc)9^;fdJ^6cSx?0iQ8{C})5pq3+%rr==0v;!$M~4>h<k>qsF;Y?=eW9Q
zj45&Ct~LdkQ}BAIoH1QpWIYY9gRCdvwUPBy{A5(lnC_&p@)7q8TF9J;CyX8+D;{yr
zpoxl!cn!|0o5seHM?4c&N9Gi~8Y*W@R~1=L!>b_cNqA*sJrzF@l{2QRG*&+1nXn=<
zC*l=2#>a?FMm!UiN5w?E9Ou;yjiXG-?CDNG<`ldvDrZbr23b$TOC#$^cqwE(6+a%8
zGo~v!RzBj%mIN{<;>9_}$BakZv528!B7Pjl)yZZi)R+;^ghi1#1uufi8PgR;*3<Ap
z$a)f95Lr*f3!rkwbos~1M?4eeL*_(0e)RZQ@rWA-hl+`~znoV$CK6-W)5Q%Ta|-Sc
zDyNy?ek1E?xL?S65^fM#PsRO2<zyo6$5=Ugy0`&kPQ>+djE@<!r;GcJiix;Bj;otc
zX+#>0J>74}oPzs`${ExBf~=?EJ|pW%xKGG>D()jHXH56QSUG!J!o5f4MBKa4<736_
zA5-AoqGBTM4d>MvkEKnc+0*Ss<`mp(RL+=g53-(y>qgd-aIcW{RNPBc&Y13tv2ykU
zR$Lb{C*q!SjE@<!A9CQHp<*KLDaX}GRI0HV`?U$&6J$=oJx1k>={`c%({K-w^(5Q_
zWIYwviOLz%y+2mYer*ERfy{}xd!xt4irEi2aP6p=h->4#x^avljs0u_cNdvcaIL7E
zG2J`JdK#_;Sx>^<M%Ghtw@^7_x;Mwl*_%G@1~Mn&nmNYDjM>j7aMw{W5qFK_>c&w~
zL^Be5x>u1o1$PCNGp2hPSx>_?A?r!FOUQaEt`U_prh9R$e8hMfkU0@|Vf6S|@rZBz
z^Qf4JJI8r-lUTDD_Ol6GJu;`@&Z2V0bk88`X}CIMJqdRjSx?2CLgkF<o*XM5@kjdv
zGAH7WbBvD>N3)+z;EthUBCeL>>PFEfh9iDPhO0s56kIhbXH54fvYv)Jf~+Uu4kPQS
zxI?I%G2Me><s-JGDr8Q?9T+`6Ry^V%$9_~y#O>p}I+;w09&x|B7nxIVdr&!Jy1S9}
zG~6y^JqfoHSx?37K;?|-ZXYWjalg9_nG<naImX9~N8GV&LB&KI$LskN!&s9T+K5MF
zn~*sLSBc6Q)8%|ce{?+!$N7r>=z0>4^A-Kk^;8_^EBd2y#&kJf(P!l&9+7drqCYw(
z;?|5FA1fa5t-l%-6LFlc=QEyf7)G&QamTGh<`i5xDrZcW^A-Kk^)wvkEBd4BNjT0|
z^heiIah$K{kIEU-<$Oh-m9t-Q$8o-*KRPGkmU4`b8MA*pj9Y?=i8#*J^NF!kTGWVL
zZ4ol3;EGW>W4fHL=#Q?a;W%H>A6-wvalWEIx}J)guf}hK|6k=~A~sgc-qebaF|kmU
z-wMy39W$k|x3mIOO3dfHv>A<P%D&6ZL&lU`R7^9;K~~eUk=3LuWHmJt6_be>W5w+I
z+H_=0Oyd|DGiBe?rlL|}3g@Mbjbo_n#|ZO~F(nxl(@c_()wD!pHEAxgnwo%$$;9}v
zV)i{`95N=(;TRe-Wj{2CMWw`;(U&%jjiQi7{4gOJ8B?NAG0lXAtfo<s)uc#dH8lbi
zlZoMD#q2#R3>gzcM-A<tlzn@Ipi*Km=cP&Hm=X7=LCBag8x_+`0+H3U0Aw|37P6Y^
zkBZ4ezp-NWeW@=pCi-v;jggMHFZD*HL@$m@$HW*jo<aQ2NIj7;#RC=7Ox%&xG&f{5
z$rV{mbwR~sqVrfW`zfgtGA25X9vUlU-yROAlxWX+X|kE28T-{6J7i3;Ma47|8)P-j
z8d*)ULRM2PQ8Ae~bF7&Cvug`vOq{_nG-k@)+ssiZ(TwxbM6!`F`$Yu`GNzcKVwwpV
zSxqxRR+C7`YN|0RCKHXuirKFw7$RdLkz;7glzn?lN2SDR9G8x!7*mMscPttpW6D%i
zOf%6(R@0^+t4VsuYN{?OCKGkWirKFLXd`3d<k3T8rR;a&O+uwaEzV05$&^_3_C!F&
z6irl2Gtod+)6|jGBsF9;RTUMJi7I2o?7Kr{WK5jMF*HUR!`_~hP$^N7<I+)-Xk$b6
zeW?O6rpTjWnu#2;nl=GhO_D`cQ)N&wnJ7J0%>J`0g^Y>gM-PpavhPbJQ7KV^^U{Xo
zm}vHovc-`xMGO_wOvWLrX`;w#k_fVzDvXNBM4_=__7fmMWK0y`7#cHWKV0BPr9?h4
zepS&FYI=J1ytHTu91honZ^2>PihdOZ7S<L@6vX9U%2&(F&27(}p0g~wC)+k_OXiPE
zzl<XpqUq6T7t$uCW~Q{J7|dIm{4&`xX=7qvqSxH2xq=Ci@%8bFap`kz&(Vu5j(HYi
z9=$H=bCerxAB~?H9$6PTA!1&5bNJ-2`Js<O$swzQKL)!5?VkO2c5vW{K&gPav#!k2
z^e^;#;79T;_j&8%;Jw}Jmsfyiji<OroO_eIx?7&>Jy)X3a_1gr8>h{V1CD+UM;*r5
z$JjO4Dcfe*wAxIyUSjpa%F?oO=J%Q276&baW>C%R%@xejD7Pqjri;kW$umqUNMA_q
z#`}!<jKU008%`jmOusQ*dm7!~k%7t7a{V{@c2l<K{m}E%J*+FNL)AX3EjM}Ir0bKk
zv<eBG1Y^xIjn^7B>YLQQt9hv&P~}$%Q$DRMJ26S=s*<K+zQR3)>GCCVFXd)V*dY5&
z)<b5W3|=}!>V(wz@$r(EBvmDH#M{IT#FmWf8aG39oyaE<7vWt(e}rZW9ut%hn8SaO
zUzsnHaYOv?p%du#f;J0ea3h{2a=bc2q|YaY3W-ix?7VnD0xu{@^dj1@e<@BR31}$%
zjw+GgwN#aCJ^92p9igb%HiOcMuELJ_<~PIV-BGIH!{hnz8pLrzBL9@}iH<xM(3raZ
z)z2i4buZ=cPfj#_owjCLkEDn6x+}9M8EC7-gsPh|y0k-fNh9&l<(yU4e|36?c8FCz
zU3hc-%g_6du31G>aaD`ARtoWR>blIWOK0KY+qtV(8kA3HIyjkMxog9?m$j6|PRsM1
zq?b(zc+<z|(iS~SDi2-KVq}f4-q>BL8@ft(pRNDm%ey<AC90|#Zts_DU976Hi(8j<
zDMcnxi}jb+51o*yX_+s6$9>uawY=T(+JkfV$JvLwFuJrsc1b4k(B*hrL4CJdc>Qnh
zzrIPg^Ue2n=F^n6s9!)@qV8i^Gw%_%E)UJ?j<IpHmmQk=(E7rOZ(fE@DfccU?2PF*
zSkpW4!q0t-F0IGxl6{ZILzmL`p09hct3s<vbN7M)ou;ffnNBtP2jgFM{cRR&sQqHh
ztxGEb+ra|Qw0nvTuk|YgYNq^n^YCEiA4?IU$!1%x=hH+OU0R{L<Ykug?S9jPzCT<k
z?^?0EtV%31d9|gIMf*0bHKgRYD)$$~+`0_spVT#_@Ym@@v+uXp1eUb&Ke+bmvUR(h
zS>sCDvZ%mobWOUYpw)1fW4?mPLz6=}I^VHvZq=KwcxCE7aNjrkUGevn-Zg1H*UF!(
z><+W$*5tIT#5|woSqp+I6sLXtntP}BaE@Jct-`7$gF>r+sRX=WG&vL5BrlVcAn8?L
z-c7f{R2(l0NCnMUo^G}&!(fiFpwFi@@v2K2xHTCSlkHt`v$`}t;96v~uS~uCLEEsz
zm2I*%$~fon1wP)4+uP#5Ztu~r=JL>`&$Oz6AiaW+J=d)EswJN?50RXI(?p@<Zl>)v
z;_Kk7``o(x)hK*o=`(*{@{c78?DOx<$rQa_|7qxs)c9Qv6E@|4I?d>E2D(cM4_&^{
zYK`CL?yR;eUB|D_WcJnm7po@A%h9DOHZE!?oHpYcw=O+u9UNo%`JdayJ02A2+3uhl
zCt4%@R!BE_-J>{vIrAh&m*&VWX(l{$X>h6e=&>ztS9*UCOZhziK$7rA1xbN9^99$_
zx44HS9_Q!QW$w1gO&#YJ2fMzSw*2MQ<PHh<OABZ2%(+%|+40_$rz=k|x->)2l9&Av
zQ|>a5GZH>jdW%S~>Ra~onfcmxq2dRr3il5z#9l@%=hkKMx}3_~%?DHqC#I~4X?P=l
z^~>|5CmHmh`48Ivv<D@qF}kFnXUWU{`0kO^!B54%PEL&%m`M8O_P$9bd;byNhTF!E
zw@MG>FVW!ErCVv;(fZc-O<LF77u~vhI!l4_$a2fk`;#W*pI%Wd>P=*HX^NgDFZ<(9
z{bYSL#h**Eec!!obt~{nf2q@devZ$}ZwAZDBw{reaqCj9+`Z+Mx|s7V&utkpB|}1&
z*GdovmrGTMt9VCTkq;<fbV){b$<zM0!6`4~jn4CnpBn$@M@&2PZCkTchW?bFCv@+r
zJm2%P?*z9l`QKGf3TbkG>$Uu~MB_czj|Cf2=s`1PEtvnz;qz_v$ZL!)O~&k!_;2pi
z11v9!?9jydKai$7E`JiR&|33iluh4v|Mc5gE>%GrQ@C~cZc|lLU2y4+2P&q{2kd9R
za<zN#$3-yT;{H$NQt^gO*BM=s&|UH}%UM1r8y*_2$j;%*kf0Q=?#%v3Oj=|4IsN&q
z38e+cHk5Gd^5@})iXEH9w!XJsNNJyDPCB~QVYSYwSG68~`4YBU1xbvp$Cz{L8T}p<
z9-6cW@z|E`DSz?AhbMy>PTM9-eSKw#=lz9oVr7AsJNMl<&aKJL!!^-A@4kF=uGGS9
zX_@7ruQl3wA8h}|HW@uk){GH2$7s?B*(5KM^z@4@%u~O5FX7Xa;2G;|Od@`!-+qy4
zq-UOM-4yBE_JUiJY1O)C4z6%?CFSl2w!Uz7{<TGWyOpP|xTQEHx909Sl}n7<+mQ42
z=6F924_!L#xYgtBdc@@JE?c*aQxwZ<9G-8n5slxIv!b%%yl7V%w=Ns<t1~SR;Pk&Y
z-dx_<{N^<IYes6as##Bvci-0^xh27jE{W(adD$ON?ppRZ9k;uF{oSyf<c>2FW$&NV
z-zj$PO4m{C2P;qdr*i9ZM+7FmukkXaX|d4pue-v8E#`04(wcDe;EP3npZAu1_hEE7
z9oZ#M`=eN__S)<VH$Oxjh~M|v^$6zlzE7Ciw=<`FYTY`=(@K2Yx)c+cza%4Lwd*mP
zNiBCprYcqbF{~-%n~HmPRQX|@t!)sa%W3FY^0GfFXPoNKZA^c7OegZ!bkT<&T>84h
zmKjJ82WnP0DNEk&<kscgoZZc8=UyjVSzb8t)4Qs#8doFI>jU#WPtN{hzR~j|^A<Ni
z&ytt@am)Vw{+kxatnK?Vw9nc0#wkqn=GXAWUpk8JSkKPvTE2!`moK{KlL?)3C)ur!
zR!mEp-cH>1^lJJ-UsJ{4BG28&A_N#+PDRg>m;JHS_`Yf@{a$o;NqY7QBRR2R&m|!d
z$4-<#%u=ciBAj}{t;;KT_tK3AmJEps3D+dLylA;n)}YjrIGH%9%f~L`kkflcm-@&q
zdD<U4_wFn(q^sN1KQEmumbp>6)INWPdUf57XZ~BNij||e?&5u+3Sujp>TU-)xdfO$
zTNMzyHe`~*m+I@&ON<ir)a{otx|}j*m(+iAr*1!>B5`rq4WjPi!1D1+0v7JA-q&Q6
z9+*F;r&+`Oso5rOT?Y1h@>{mck;`V?x^%X~U|-VqNWF=Nemzv$+?Eg?a*O%6O%L5A
zFSF#6>ui0AGp<_l^^x<5r*wgRw-$}-tkx{d{bSU*aF=B>w=NwgG{{RNe6>xFTh!A#
z#lyJvbY)c7@w2MSw#O&tcFgZ(Y(2UhTMx&(2zhAopb|aw-fZ=v&m>AHfB40;Y~S{o
zbgvlcfxU+uSGau3=GLUouj#a(GM5ifUjEXoFixl@9ab@MD!L!nz5lCb;L+Qnj3#xE
zP4Y5Ht>vU~XI|aU(#sY*sI4?_|K`J|+@q=wuk;kWH7M6b;CeqaRVlf(!7WsHW<BM_
z?d`=H7FAZW3^sX}&f9hFh3PieWXA2S{a?5D=yz1|(4|?Mom#@pT|c!9zW%*lTx)#)
z$DyF1myWjdPX?ZEX(R(~U3RRUSZdgO>C%RG&#o2NEKs?9;G4Wr<ci>_k#9C07U<Vy
zbU7K_B`^D9Vfjg=`_1F#<}PkLV{hu#<?T`6^lRA-$KuANBCGT}BDr<Bsa(|7E&c6R
z{J`wxCtuFn+w9ui++yjq*yF~MPVvlj+ZbI=LUzg1{&@X_spg$uOO8g`Np9xDf6brl
zwfg7h>1vywob!7#fED_2>++;RNA->#p^DHwEqzBtUOm`!=1XVfj^kBn&-481`c8jj
zbg6}&B`^D<pHRT_1*ywL&s|(qZzOE1*ck9S)0MVgIMS>8V&s~RTim*g%i0ruYx_p)
zf+tfaDR*KoaLw+rZ&iQm9{$$-;Pg;O1EWg<dX~KGk2*iqEd=pR(mkSI1lwYNWxoG<
zRp*F?t88fgN0VQl_ZM*MvN7mRPg{dn{aYtuHs6;wNkcEDmfdS!_`As}`iZ>$S{p`}
zn&?^bvOiK%lV0G@#|q3eZ7jPvOH*Ge&3Y+W^mUfnLD`11jvTH(ZEK5M7jU9{(d^)v
z8x{7e8EiN)@xhJm(;i1~La${q;`(zKU1}h^<Y|ATCfP4))lHbLvOMVG1f{)4t!I9k
zry@%EQ=q>_g7m#{0k<xzHVe?JUHd1!uga)%KTSK^qE%kH@j^zYk8t3Ac~c8>MwjYi
zc4_=??$ooNRqff_Dk83P;g@dM$J!suhkm9Foh<%Aza*I(owt$eF0NB~Ab$1}`R1fk
z-(L}ZGq=WRbl)Fe=W?vG>6_UBlXJ}dQ4QTCFSATrd%E_TjzjXY6zR77j(VbC@%<e~
zv}=y1W$h=|B%B!F)@4?D_S_Fzms*d@#P@2hY_Bj$n{eQzhsVd+>Q&bZL*<_^wjNc^
zt!MQ6z<Fr0J0c|Qi}Bp$<!yDI?XyVJ=%mLIXJ%$rpU}JZqU3eqJ#I}(+}Seu-khSp
zsWZu;k<O~2-HKDq?uG<?*&2T5*Qqp0GowirWRtv1@{jeL^d%FQsHr<QKeGvcqVa|%
zDMkIc|3R~l)A21$m$^O@SAKl|b8Od)-zLlXE}fia`NF;q(|dKz%3C&X+`~okeG!b?
zTbc9r=6Fv$4_(R@=(mY0G-@YHHk~+ncH?+@S|#b1(f9S`l}*;O+NN{;t~~YS)D`D?
zU90-}5*nhP9P%H%J}_(ImE?=AjuGa$U!6}fx}1pal9&DQe99J&$KO4_r4;QkIzGK!
zZ`@C_;MVLDYkn@Se!WFu|3z+HF1?VL5O1`tpe*lraoT}X8+#vZstcEEQI<4Jk+NK1
z$b2@TgzS>1{c)yI<EGNS>k0x!%i`B3_&!l0FWr8BTaI*M1hu5LL_(5Vm)4O29kvpy
zDuSQf-~D=#CjDC9yTUu2p?zBY7oWWvI^D|XQV~5%UiQc0D-GYIG|3a`GwlCbd}+o%
zY;?J%hiOMO*S(UOT+&72*5#v<Ki9P<d6G6a`PJ!`oD^ww9x^=WdrRh7$4)K!!^@tG
zE)~$T<Yj*xkSN6VohRAJZf<$>U_+zs1|d)V@fM4GRJ*m!r&gZg`ds`nO<DA^yrP%G
z^VHOL(%O@cWZvgbJtx-_6e2dWuEVE{(WN|kmb~nb!smXgBtC7Q)_ftab#Smm`c3I!
z&8sTSuT1tD9gmg#ozHdWS!Z+QZDiF_h3(zT>KDH=dR?!3q{VaYveweHU$=FaUuASD
zhwPH4{c)STT>`!J^&WeNxo1UJZoWKDYvJ*Cb6&Yc1ue(cYpm?%*5&wk=Ou;D^@75F
zuGOUNf4j`#WwXxm`F%nyBDO1DU5(XZbU9(nE@}VfPW|1xY^l}#X9n9QmZlla3oMWA
z3M`+PCB3pYLeE?D;v24y+oUwLgm2Z5o69a2%HbuOO~}imWdviZkK`*`sH{A9{urZ6
zS#+1Y%<@K8OR^*1f$OjHG9qT~jj@h7D>CJ{*S@G}YP(c&b!IH))@A4edd#iKm-OFt
z-^kb%H>e;!@K<i~;J2_fJF2zcOe5`QY&|j@TMx(I<l&*o1%20S3Z&}K_tnX59A7$N
zsief)@Lt0AO$#l0g=#}~RC8-mTVVGOS&_i=cDJm4uP$l9BvP+MOxP?LG+XINh;Y?&
zenykh$R>H2q`%F{N8?^UDz(17v+&)47OhH6skCtk4VOO6I6JT=Hb;!>bDrQI-wq`9
zr+S=-7Dy;gY<RN8O)tFa#R22D;qtk0ubB7gQvY>(kN#Uty!?E1Y4XX4vaW_7e{+l{
zT#Fj~D@rbvF#A(>LGkiM+|;IUuFocfR`t3*z8Ey?!b!0lS%qJP_VU#yZd+S??Km5d
z=3{-2(dBq_m%Qwcgp_UC_=u9S{U`ee%H_9u3y7RFEAQM&SyND7x$wAqJ-04j5;a>^
zep_#*m_wScsPcNI<^$=KUvY=bginV*-LXG{`OX(fWS2bcj}?oF#vjJ#^ln#w;61qb
zbEoH5Pt`rgj~|o?I<BTbP|M)frJ-5f+uj&{zFGC_C-U8m>Qz=$m2-ZQWp{MpQ0aJ|
zdzFkXCD60vWq&M<y-15|k856W;q;dkw8`r>8GO$=T~?CRabfbs0iR8-TwgPbwBlb9
zj<1t{cd*?<yX?~XgSLt1)Kx$7DV=^{bgq>7(>8JREP2@<XHOp7Rooqr9$58Nj;8Fo
zpgG{lqw{gbM)vrLp+9%)Z{XIY|I14RWxxI$-~E=?EzHbUW=2WWdWM%<O__FnN(|q%
zR7RI#=vnfzKNkA<P^D5%Z(U7XRPcV@u6yqjzQ{j4G$rSU?z-@|i-PWQ>+&3_k@QG0
zL{v3x!omCVURCMrzJiyR+G>67d#ZWuE8E?SF2^Ce<Y|A5Rk5lrTwFHCqPs!)=lW$m
zGM{jYLT8TkW=?*-<;nL$ncTYk5J(PrJtu->akR=akQBIcD&?o6WmMJCyZkfoboqr3
z7+s2v*=6*<xl><p<(~N3t_J(7WQ}VZQV&Y3-$Z@kymv4wWtr~L;KUt2xpmn>o7Y+J
z_(k=zg!~>~3i-jH&xe2$iko^*Iq8M@nj5ZQbSZ-Fl9yRli_YxZo2lKYA6J&%{Stpz
z_`<-is)O%Wq_wD~Eu3?-j9Zu6u}xuDD);(@c(qTMS#S5=>Qn#X4`;0wP=?lfX1FfY
zXKX#foLkT6zl+I3lb4+=e-HJXoU>0&qo}{gwobXY;!5w58AQjh0C&Ftx9{AVoK>w;
z8`u6Ae=E;3-m&)63Nvl>p#aCBpyM*WD`a<-h%lNILN>|EB*};C6HmRm+uWc1BEj`D
z@mzkvnbSt;IoB(E_X?(_2XMU~l3mqvd&%6+-SJb8G#Xg-v~>=xQ7HEx8oZ-(K)%i7
zd>rHU7UaCWIsRTM4_)>=)gGMjobY4r-q7ctPENuJt)oq&othG=S*q5pzAU$tTbH!2
zJEnj3St-=Ef!dnwF-L3x*(|(7!B}N**QCtxi=;j?x)eZn$<zL5^dV#2!Xf3=v3sBB
z&(A3h_Gz4a_-B>OcTp+x9k<P2aqDuWg-=`Mbb3IB^CVk=<lfc|+xHJNeJ@*=aU{Pm
z+gkE4qf35dmptu{4r?spo8~Bnr5#czdcA$m@APBsscFJrTT=zLmoD$Je#)&&t;X$b
zdFzzhjjM8=pIfjeLv&_=`Ln$PKL`h@`c}C@p^Ps1(6i)af3(+jc}7?1qT9KyAKX=2
zMvrKv#V^X0km@*f*XZr0qAy%uGfQ)u-u9)e$9T4W$*sV<Qv9ScYc26}I;l<a2VLAR
z1~R(Dqi4y>{^+#r(2M?Cg{7-nA8VU;G}mfQTX~s2^O~QP`6TBDm48lg{b}1f**}hU
zH=l=N#+6@jSpo~UmF*m#WbJ&P-b-2}G}o2UB@R7HUiQa#<Eovk?@zlz-|>#R^0TFG
z=s6oj&!ti`Fa91{yKljDuJ0RDOjU^ff%DvJZMWgB^vgCK-4iwmoAXxe)izM9qfC^!
zPbXl=CV6}NYU%o0&jL5KZ2Yn~w6`#H;WPhA@z_HjE<9|BfAf0g<W=07^lI3sUM6TJ
zlzywGl%yHG=DfE=yxDoHo}t<27p;<aCDI8+V>bD(-ktMUE4yRsg7=#%YYPkm^?DYB
zANW<^QFl#h>UpaJyP~Hgaci=~&gGCnvshy3EX6m1#Xm&9Pn@^n$>ir}mbkZc<!`5%
z(Fuj<CV81;VdlYsp~Kmlw&#mfPx(IlvZU+dZ&@kFhV10m9}^4G&v0v!&!*d2bf3W=
z_a}J`xkD9Ci~KL|w=;}3SC=>6IpCF%LDwwc*mgMnGCdDHrk>w=@xYR(2fE4^_e~lf
z*)(_BUe(4`B6FfUOV>GU4t>b2$D0>6OHp%shz|U%ZD+Q3zOtO(sxmEO-j5x=W+hEx
z`Tcawd}NQj%<)_L?RZV=`+m`;g*zwhU+=H;aPy0^8Z%p+y!aEQU0=@i&FQ~WZ<H_U
zkxd^|GJ9*^lkaU3J#*86^3L+IPo0x>`{-ZkguMT{u}6Qf053mvIkomUC9tca!}O&g
ze_B#Nz}0Pj0~-XAKQ_L4m#KT%n_H6xW-baRZu^)Np6@^MF#f3Ux~usGPLJ$-##=qw
z9<WP%9-WYjZjzUc@#@05o}08PcefP|(=}Ccb@R{bgthHTa+6eYU*F=~Qpl}I<5>;!
zcb~c6y<w3oRW+|~-S_eMzA(-Cr@yU=YpDqLJVz(wAe-cAU#z?$QIjVTqm>i0_WehR
z-m-aCZ(mYX1AKJ7OJbr<9jxWnWZ{O3ZWouk`98j~$v$aGv);nTS6-joe%E92C9l&l
zI={^6glzOAdD#}v5bjT;O^bSRL!_fBpuWrFyI8ees_z3o7s14H$v^$LzR-NeubL8G
zQ+hnAvgIpTnecmvIA9^|*!H0KvfAWn{r->Wge>$VdD#_z#A?+}6ySTf&4AD5qe`vj
zlda!c?47d@iMHLS`YUv+hwCJ3pTE7Jq#18evS9O>`%1G{MjjiKSgen^U~bpMYWy?l
zgiQ1#dD#>fuLuiSWF~KKDk(D%bLfau|Ew?NN~Jq1vM0642S!NQa%(cB9ZT-tP1C=X
zdH2=&>&Ih?Kk`jcyL<j!LW!P7L6O!AIw1quBu|@Sot6L2pL$!Qq`IZke+g->uG%S*
zSl<z{wuJVn!+WAd2-nwdjo&^@^!$;Mv^ww<Iq~F7!R@whQnp?7wm$8zvnEGVlTJt<
zv&nz;lB21O`_eU+-dGl!o!Yso{H4oxvoD@6^IeRV7m0ZV`_*%OKzXx}mL;*|V~n2n
zA3nW+r%%2_FAQHRp{TGcx<7IE-yp`ri!^kTyi8I@zfAa;L2ORhjAPw33ZFF$w)i}`
zby7{l%Iv#H`!=Evw<hggs!Vu%ELF>?OMdcW;SUB`FC;Tn-fqemlJn{l)AWj^Yo>B;
zIHNxfg@+z%Z-w9LU$))vmIFa1vBgd8&>@4TF~vuYb(3GWjnfY0`cvP^zO(oZdz`ON
zy0NFj<@-`m_n@j{jgzi>UD4{jXePU7I$bjb*&{D=)W6>I;{I{npoWwZlQl<{+kTTt
z-CB{yKWG<dI5%=gp2n?5g&EIOGRK{FZBNZJY@A5K|0#Z1DXsre=JMn|hqkTx)^x(W
z|GKe9e>4maP0soC-u8yG`Ja_mr-Cj<>~5z|Q>7hxeg`Wl>`|becU{Q!P1FtB)Y6Og
zc9Y8tE*elKeEl(h&vggSOnuFGH*@I<!vs1Z8Qml=o8pJ$1IM2)TQ{c|k2knb79xJM
z;Yo4$6VKoq$?=c00`4VpeI91Mt8clx+LRTKPMpcPdc|w;RkFch3oHFtl3BwK=X}O<
zha_Z^JZ*~67fpXgsja>0JllND>EF8Z-(@I7MP@8kKiMCewqn{Iu0NRe%KUogs9T4d
zs&U`9HLBSwpB`^&Iz|hwT0XF7|6o>u37wFLo+K}uqDV>D;<WUs!uOucYctY|%gO&*
zX86ZsZ~e~7)jg5LA>~|OU5<=-b#Z#{#KZc<S((KPw;!-u;_}gCLhY(;n|pmPE&o6#
z%tcR<mre0gQ*S||=s<X?^Zj}QG1&`0^dp<rFP*vhP#oVfvCE&FxHXv&(f94fH#1zu
zyK&AX_&a*{7V0gnFcPy^^?uG|%IlU1bV34plDuq+SGEkc?&=u4k|kw|c}@MYXOe5^
zz~i8EACE{zNaki8<@y@l>*)b$4Y{~qh6K5y_X(btbkE!O`Bk`BzPqvN`PWU#JL!aY
zWRpB?id~m|=CphL5Kt5-YBq|}FIs)L|Ivnuru9n(UTq;1EsNpSWM*cZ%FDz1bN4Q_
z9`AKyrtKer@tH>}-_o8JNXDGA{&<p3h#RxXfA!*+h^6)6mHO8^NH;7V_WP@^6Et}%
zI}omYMr6qYZ?Wr=VceRe=Y*|^SbSM}(|uoAr^{+~GY*Aid!`r}wQq~7FYWyLmQI+1
zZjzTtu1uY*zH?trP4)Szbq+uFe<o-6{djguyzbS)`m%+-dRE+;6fgK4)HL-@OXaG~
zw+Jr}#|54V>NXSFBs26-_-%Z}mqT>TSk4V+^aon;(4$mUNuHB`+f>1&M#nF#^0;);
zr+xCr*W*1*jdd?MJ=J&S*5gGt@1bp)Gj97o`Gr$DGkvIPi@^@*1M&ikKfj%HVn|Dl
zt{H>uk(W8@Rfj7c$hP0DGLRLVMYt>ROg!wkT=+?MrOQ!!$D1EJ$gRhIwH@i%TB5h2
z0tVjPnCo5ApH`W$W1j6b>4f!<1WxU@p%bDxZfwpE_u`?+<+4&SLJGeF%|C8<t8%qH
z`A+%%yIUp2Zs$Mu=TluNv6AcG;m~fk77zbSF_hDHF$!=Ie!U`5V}3zj5T?^y6R^Tx
zpH7HEH_6MUD52OMZGCgKTZPPPeE*)Ool}Z#nJi7-)V)wMS9)im$!Ts)-g+gQV<0cE
zMbO0EA;|XCzIXZYngeTvkEuUgd~(|qAz?a!hHR3jP4UnYflAYA#l9C-GDnsSW}I93
z?Teyhc29Z7{J-TgH!S9IYcj9l%nEs_+ugeB3@ti)#P4~gbV+D^Joo9u`vRkyXD6o6
z2~_kXdD#>%U)Q_U*RFlWu(sCUXBuDJ8YTWqv#-5ym~!aILX8vF^SCwnWXhV8?&12~
zK7+KX+5ACybKW;38LzIn{3RDlDA11=qZ1<0ljLPnY&_X3N0ce+J`i7{9DhV|(RBkn
z_357Uz&F8v^k@1x#B*yBcegoNCVp{ro2g<-%Ift?eIp<CJ-+MuV7Zj3Pd%<Znofv7
zPm-5Su~z=~*~HzCzJ1iV)3fu$p_{Qv-%qUKcR1bKk`m;!`SWeAZ%?%v{E=|;p6t+M
z*M=Lo`rbFoFRwpjVWHOl$Hwtd^)Y8UAspExPn+W3?!C!-a^@#0*!*4AxX8hmxXxtX
z%wV0o<mK<>_W!K@!1eEuJ?gl2lon3>IQZUZ-S>nA5|xkMtP|Otbm>=v71=GJpH2uH
zv&nz;=9}Bs=B-wnVPC1*AX|K-=Ut*mVcX5H_`>d8*Pgu9+#;}<>l>Ml2d(McAE;g^
zTdiY%wr84E{6_qblm3f88}1ePDb4RgCxoJ#<Ykf>TQ;qaCa=2qXz-D+?!!0Z2KTDQ
zPT65{L1l_kQ_{dnBd+gb3KE&-?)~eiSDJPGg3XRgU8Y_z)?A%Q^sI^4Yb4QOP1g(=
zz2R_vBq1+7zMMNh;C}RaAEKeZkFw6bCrYVlpS@GFS|2)+pS==3#`O`eq2jmX(~gr$
z3y9wZGw)owlk-hT`EqFS;R4f(6Y|xv>6*dF9(nqk|4U@o7ao<@pCT<;spkGrvVMJD
zN8duNQ#F4NCa$f$p~J05;haZLD=nq7qQu<-Z8w@|ztLLq>9)cWuR$%9l%|)W-E>0G
zf8E%lKc10?CYx_X{qi+;nAXr8-6OC|@U;8R;Bu3NzuP-6SPCl3HFEv4UHI_jmlgMW
z4;I-bT#1xjemGxed*%<EdE(38g-vUSZHzmh+2|&D*%U2SEYkX%6!4s1K(+1h6;HJr
zrkCH(l1kZaAK%;VvnrkI&jkwSm0THTw?b#zRm;DP$6W9=X^J-si0=LSa%AOg9FMBd
z34zEadD;}$JW?ig%4$0v-KG?kXKJ~9W$tS2&V&Bqv4zzYpD*v($gRnbv1f_CfnsmI
z_sJB9J^4|$UMT#<`;Sr{Q|Akm>#Og0KqmyCC&|mExZ+vOs&zBuzjY{{NE3gz_r37N
z?QT&zahHjbnsJBT|Ka*cF8gjxsC0aGd~WynBzHgM3#kjR`}VVENq<WDIPXQl9Q`~x
zVHSFlyljfok7>^|P$G$C?-$*6Ji~tdxTytmm+1v77`v)pv)TJzja!pLbHo~JgX8^U
zHPTF#AKO2^Vfpp?xo77>mp#VsDcu$4NGJHCC&|mEIJkKB&XV6I34`0#=+$jmH9L*E
zxXOk0R+iruKX=ZA!b{wmJh*wG+(RF}s`g9TB?%ke*O}?oC7X)Ry|G(V_2udp115BW
zAF@fFHpQpMFMrpZqU3#doY$0fV!Pw5<-c@pNSWvzGFYWIas0ACZcWB7I1{(1ak5UD
zX3Nx-LSJ@1JkYr8;F49150^WZNxIp+pc8z@Z1P{drg-!19JMJf-Jj_6P62JboR2%~
zeta(PyDsr|)-nq1+;6U*JtDB%qS?}9r?>s<xNXmG1eQLWej|6LN~YHM{>7MD1@S7K
z;Dc_Gmq}JU(U-gW+!6m&BK}KIfAo!^;uxcCRjXGu+MU=O`N5j&rg-q-l|+%l<7n>|
z%-H8~^n+UC_?1ie)T4Ln#XkJ7s!Jh=uIbIW;f(%JSzhkT<?zO>`%K8IEK;0yo&I`E
zIregu;qP~k>r>|w3$X#N_vJ%JghS_K)oaGd_57H2e(`dF7O}IDugXizFsqA!N!!fn
znqJ5rdHPGX20^E$T)#&({1v!Nx-u=XueZqj>^7&PKQ)Ct%u0gXx!%~X^H$=GYlw75
zC+~!{Qu#xsmJRzubxY-Tp7*5sZRMjAJUMS{jt|)7p-H2()3d7QdH-meZhYuG4(}dH
z3AQu-v+lU@i`}LMhGCDnzOmPKe)EfJ_12362h)~MO!A<(mU-lP7Hy?bv^G^tzbrr}
zc%Yl)WmA-`Y&)Ed|J`o1_=(G{FiOMbl|+X@3#+AzVtsGg*0%(3YqBiDTYa45kB|24
zH(O@q%pELyo^%#}e9qqql3hXW(l^xT1b1YUJZ*|~`*nXk+j2g{V?pwnM-4YCH>_II
zU6QqaO4N?a-uu=FiF0eRJb88RL9@CD!uq>EofkYc^=?`0>@bB;Psb{)+M3k+=ma<P
zBzf5s)5Sh%)nc<Ik!XoC*64~E)EQRx**P5_{Ico$-o<2Ru5S-nZ5rP-Dc<VY@oh~V
z4i+V?C&yU|OxAw%$tdNa%X7Y=4|IYndXl_siXH*V;*%(jjwU&Lbw|ywE_|W8OY`AP
z{-0H${Hy*f+qsonleW_7HX8Q!4>rs653a@Qbl1EJCe9TUp^2OK*&dj#bb(HAK~IvG
zO;Ky(nWMD>!m9=XHpV75tlNGdYgdQWj%n+&@mC%f_1kd$@u{f$nKk^y#sl|WukXdS
z-$<xx<rB$N70B>x$XzGidgnBq;EZgNr%loP%Z*Fh2l#T*boISc;`g3$Q%wo1)>M8g
zwetkN*5)_YyYiczr08q>Vjna*T@8sj(x&8It8=rR_HSu_zV+qaz$we<1g9~Z{8yiC
zmilhzRh|1i8$CKgPWTV@3!MwC+_0(S%$6-5r%G!aU2e&(N&7B)!eE$r?2<qwe6)c>
z*5?M7>kpJ$_tH`{9Vq!_Pv`_kbd$VHQara$=T(c7W#RpnvSOu-yr028mq|`?kB!$_
zf4|@s;XK!$11asB=YI85jLqE0@|%T4zxd)k=TU3B38IB6d&cklY){v8;Mj0DJ{FvZ
z9xrvxIn(j<w(Yr(xc#TUmJ1*MacAZ@(fs1qI;VfFm5b*3!}6Dg?K-Mck9nzP?4lpr
zDD<&ui{5U{vUhp?-B%u%C1v30n)b*Zd70zu$ulQX_w0?zo+ul0mpW+^@pseigf!gw
zB))on>HTx7xb=9w#IFl~en+@N=n0XejL$lI5C43&i_drSjeQy~1@0=h&<UI$Rmu4g
z={z*~AkVYHy=PyQS>BK6EfemPB@T2h7R?d249LAi2zzy<i(8YQq@&uZzpnMYuJAj5
zO^1cC-vYtw6_=8w1Fl4UI#~byJ)OY$NtK)*)Xqbb#tCVen#-@OTYFkLPsAi-+RP~-
zU5B2Ss;)Dd(Dlp9U?R6BlLLcQFSWe?yXp4Rq<sq}`U;fJd?Ng1M!{K2`6UbL^v=);
zoF7!l`El_)H0k(qHvdxV!w=IW51YF@`y-<Decxw&DI2nAxS_Dm+OQ_B9|`z?)M$PG
zLuuGDnKSjzJ&riZE<NV>dacxlj8jt<6vS+y6F5JolJi6Bd1%t-)Xzg_JIG3JZhL6X
zr?}lyiHek%vG#Y%#d{aePq<bg%yp6j{O{NKZ*OXe`!Uy0FXT;Ruk}?Nzq0hIHginu
z*Ty6|f%9W3IX^m|hbH}-vZYRKovU)VUuO}i^vRkjPSNXMJuX$*^0@HP)$1k>Tz?ES
zWtT|BA8KxodFfJX?-0*j`-1z62Ob)?x%QrS95??RonVQcBrltyMT$segM`J}gE}pp
z+b);e(Mt$Z`oi|rOl_H;&>`tZ=GLT;*3<*PZ^X{^&X}_M^v`m#^*Hy-gVSCGD3oRN
zT^ByNi%yt{Y?7x<G4jy0^slERk2cCJ-5BSc{*5xTyTD^;`JS~l#sLzBB(8s5^|WQi
zWAz%1&KJ5udz`5=RL8~Z9tpd4t%PKAVPK!!xGXw>^HVB0|7Qj~G&wc(<fBQ^H|tzN
zLdpbome#cGZ?$`1X61L^;^5AAbQ;%p8=q9z;<eP&==r1RD<`<@{<LGAd%?AJgk;f~
zf1=eZWus@%37j8N$@#xj;Gs$D-a<on{UH<c`}4v)3kwAUdV1=AOy0YccFbtft%bS2
zxHUP`xX5_*Ph#!WiXXqvIZvmZSKaL>S8OC5+*3YYY62yXu4&G>;f($tJMhrs+kJZ}
zQld_E<HXKpu5G+GM4EjgiB_?>J9AgvfghWKl(;?wnh?=${C&^W@1cYObM@{AYCru#
zH47$`k_KrWJ6{l->6&K99(kD~=~`P-qTuPhMNKM-?F;Kknsbz29+u#9`u`|<>$a%A
z|9zY8?rtQcyBm>CNkLla?i`WskOm0_3F(mTl9Fyj8Yux01i|0DKll9)!}oBHK7#YO
zw#>EH+H0M!vHp?%mqyHh_B!wMKV%zduCP2a2+FO?In)=g(Ic|TPIF=;ZX%=9k>o*i
zkbX+YAs5j6ZD;2M_0PBS*YB*ce~2!8(O~Z)a^~ZHi^~}su&zq@0tgcK{b~BQ<$d=I
zBE$(MS@TAa$mXRu;(WYeK(^E*T{I<#4pL7EIcft6Nc4WPY7LocewN!YkpDHJ{j#b}
z>n?s*=F~3%HoP5dz}K`!-PEuYP+_d*PYZ%#SNu7rt)c`ZuYsoKr!vpy+R@ZNbdYvR
z$blbFKq_ZnhBAHSuuGlp$j$#!_yzmc6Io)TzO2nCcn)3=9dHr0Y+DfQ?`HSb^k#i6
z9z}(Hkaa7rzTXLrS@y9)tZKF%hz?Rt2|0EI3P@S9MWpV0qqK>teRKaj%s-m&g8sBh
zp5yS+_Oj_`sDNK*2dCG$Sz|Z{$)ZbpI8Z-mRtd21zAKPiHZQ<RA*7%x1<^seDItfS
zKmqyEBzb`hw37c(lN#a5|580+dfMP~xzOry-%~XBPey<@*j{B&Qe1VtG-@H%c8fnX
zbYZuPOz;rGRr@@iw>)#{F$|*P{d<zol;YbJkBf&9BbC#tx$;qxg_FEL-8v7Be+d4N
zQI>yaex?Wn$#Z%{(H@<tf%s;aZ=~<IcP0Bb9EzJ(#o(}%HwhgAGKh}nuaHoc;xFPx
z!(-nNUPgT3lQKB=5?t4k@nGY_dCviQM$KPxEI^RKurKmpC%82nn_d_M$VbJis>9Lm
z-j+-b8l`lGvG*B(=pfaUkmG2efD}BdG~bs!B-i<1{E9CTb6rD4{;X>Bi}EYHrG9~j
zTY$Q#l}n~v9hucwBV%Hzap8x^*luOEDc-{33v9{q9~g0sL3EI2%6mg`fFTJK%P<-<
zzYo!zPUt;w;@93|`?eXFgKVQ@!gruRl*$Hph{cPWUaW;6E0IgD&SuWlFisn(q0YWA
z#W%U~!P^;Ie-JGvWZ~Q$%>xCas9*rgOkDFxiQ=j%&Qv>Ap$7)>xY@MxjCJ-*09rgE
z5aU~Pwu2OgP4~HnZ~-rj3(}FBDLv7R;dHsh!)Bwl1sy@O9DikmCdbo{U8AP(syRbp
zI|nMDu+E90Bz2bBC+2nZMMQJjYQ%syeR&HE2Tl&pgBwXUQsoMwT}l)_bRW{NW4<Y-
z<4dGT1JOZBDIv!cK><01d@5FR!siqbiCD&QtS^dU4Nnw-z;^0|`nlp|dF~&;y^Bn`
zKfKxL{rYn2et)#&um@+dqcwk4xL^$D<Xi8$$AIV{os^KnlAwSrZunwQ^BEz0$|O)t
za;PqY&7pk*2IIAdj+VM(4e}=79<PT8OP8n7G5u}Gv!k`N-A)2yzl`0PN&@Vw@F6ey
zu@n#;q>>VHWD^vSbniS>qnF)C(*mo;&uPj;dWs&{!8y<RcLcJ`^vs|Eo=@vMoWO~A
z_{y{43*{}pe2AdNY-2U=oO>Y0B4015L&Q9Y4$?>oIXDUmNTG=B9pbq4WYtKD3G?Zl
z5X8qkT=9wA=7})-><q8uMS&pmRc~%)bXxcx{Y>gP>3n4neo}NYuAWN!CCRE}FFbY(
zL<cFPgdAT5%?Y)!??=`T;u#m(CD5s)idF5sjrRnJW(rJlx}PFF&IMeAiSl%Kxhgs=
zjJ(>cHm-TykoLHw+)4Poav(ik*~C*7a49nXJxORvvAAf(L$fJ|2!)C7kadDLLYxut
zQhN8BAh*YdQgK3ISRlv{Y$jblBLA#gl6v2h8bMLK8|q#<3&&;#C1+%Hwq)>&8q;4P
zp(;fmg<aj5^kv=RVPqcD1D&i<IU>5QNfWA*n+#qLq)K%l$chY?YHdpcSh)`Gk>qd<
z=Hl9U?ENpaVduCM@lt{xuRwH=K1#@eVo*Sm%Opvwp^heUdG$^6KJ%@{t;yhs773uL
z;Mu9mwUPw<@JXgkk$?Ppd&FV(ZNFG1gJ_WS=_F(Sw}zPKW^<p_Nv1(`kUC1pv1ZV0
z=^voZsr7CNF}6?*;OZYF%A=7-F*`S%PTTC-deOK~13|uaU_q<U!mECfo|9A2Fkdcy
zra=<DE%BiBPxcEMf^aMlEdxa1Knz!dhOwa_k-R&yWqRx->$E~-*r2wIAWV?XFmAm0
zsw$RO2@qqYnB>cd4|p4GsXFpI$#flAL4?aXr832x7+%a$S}|%MTKc~-LX%^>Y4U+&
z_NJkaeG_BI%dG`nq}hS>9|W&{2U=+jy}9B7VjNRM7+Ne3oX^(7!_tj)NT!QPQJ%t?
zJB7^<OIxB7XaUhdnkXR$%|QVP-wR(JPe4U`L+XcJX~r5dH{PBY@vPwub3ntJ8Y84Y
zAV@=7L{;~kUbTm=7Sm^IA!9u6ds_$oU_GC0+dVP-iXjN1gA`Fhj=O^blK9f5!p_Ao
zN?Kc{cJtd~JO;+tr*WIdL6TWiy>*-jfPx#u@;^^6N>k^J(q^*xzH^x@qKWp|I_5<2
zvHMq>su_YIAw86kL-(M7tb+Mk|K7+?vJK=AO8SVoeXZeCsZDB<@mit*!C8(Q&|u~6
z0V?#%`m$&Eak`FKdFi(UGcS^T4gA8Non5yxQCMjZ9i)a5a`Yb*kW8PxSK@2-C3ayi
zU_YD2Dt$|j9l^V&aYCuOnY#Dkas%-1X1PXADoUZV5}{yOk@)$lLGwn1PfN1@{0;`K
zD;<^+hz`<12|0ie3P`e^7NMY!hR)F%!*`cir*O-8VpSn<xpmpmY)=Vs67Yc_u>vpP
zNUaZ3b2rfA5?endl$ktQ#OWPObdIRhq7B&30MSwYJxORvu_Yr=E5#XMaj8^=ibcy#
z04)ywJ1W8O5{yB4oUTK50T863D#>A-?~+_0iAZcnR7uFkkboSl$)&SU3y)R3Y)n=V
z9mQWEp(;fr-*L|6;~Mfe!C1VqUa4!sNFB0-8B7P-R9#cGv*&=X7xJoHPYK^$%kcgz
z^Js9JBq$L({u4Q%>KQF_PV1Fyz73*-lu$yBgoFZe_am9V>Vaj<t104v9*f^@+1UX<
z2}C|b;?Eb9Nm*_IYY;@c61?^s)Jo^X*c=2(sHrz-S!Qrk3w!o8`@D1+z`v7_4ob+u
zlu$r65L0X6T9L(^p!dwTM5D5d9!4niihd8dbhSVry_stRf@E%*O1iCTnumqi$Fi7r
zq<!7d7MmLR%RW!pabt0YB^E?W3RyUJ$74dlNa2uIQaQbdtX`b!`-<G&dox|R=DZR<
z2f-h9BG4J>A>dhK>kD^rZ!N*)?#x>s^^b$qR-p+&YSSw@m%?Oi#B{<ST9UsqLX#tm
z+?UW`!4OA#KP~j^DRI^Ft2Rm<a{EP+#fgMaL}C;mM(HORk5&$SP=YJX8-tved%y5+
zf5QirX5eSXQq4K;bb{z0^^=gJLZN`%+T?vaD{*GweuO1*G%A<-x~FGVh2l3yhPEc{
zc3pN5;AKkhgjwN{cb}d+yv~`U_=J#Rp>Ic6kh-y?_*4`tnCvHr4$?jeIj|H8NcWzP
z{4&&M%%MHuF(I#<_!!;`3{F&u9<KYcq#>rT0sfTlWVs?x<9uWM`a{*VVpZ!w=T%lS
z>&Mk~Hz9<q$eoZT5FMm^5^`)R6p$pu<JPic`P?sa8VlRCU1r*;<k!B<6EvpQvdUmz
z#JT~BIb4hikq%ejU;Sq7oLFuBv+j@IvNmJIBUMHwA4vnd45EW{PeKlFg#xlSO<b!*
zU^h?R^4Lp2h4#0(KxnKh2D4>&CVZ7HN>dS_tKpov?$x)zz9ts&_TIM8^-!Z`Lp;{~
zP`ZHMS0<&$Z6G>G^(5p7StuZvCCv3L4JUdQXyV9!yrULz_w!I+(Dx}Z9G^mv$>J3Q
zf-Fo@jb!KF=01X78#J~nSC25kIy+$Z{%DP%-Sf`9AKct{e@_ycQgo|dce{Oa{dwyg
zOM+>h!%<vxYKCmNDI9f@NW4lZ8Bi8e*guW@EUDsw%<4;*BD<6qFr!z8a>}LV1X`H+
zoDP`pL3Fr(g@mpY_k$Z3%M!v0?O6*bHBK2lNs}$Uo^hYm!oa3=;0KQYLGsl(=Csjm
zqn$sk<>hJgA=F>`cG!EKG+~hzCA<|`rU9aZG*3bf^@Re`lJDT@nqIE1%Dg8Bu1{rV
zr&4gP`IuS_sp6cjf3rF!5M=aC(yEhZT>iAHnJ}@edjkf=j>iQfGE27;H`A>k<2;BC
zQalMcS{MpQQa9VTFP>a{kO-@TYtEF!LO=K2UB0Ai6JMJk=f|}J{6Fb-w7oCaP@tB)
zEB&R3yMTaT4?Ba<3Fnv5*A8#fg^))eS}cgdff#TM1!GW=@<=x9q7C<_GSsrMq>Ox?
z)jskA5+Xs8!?w_HEWl&DA6O>55p67qYgmgFA{K2*+4TG(x_FN254Wx;Ux+(tfoL)R
z$_UkgrNi*ywS^pAepwZAbV>A3PTla>p*h}@ND9Ab@pB`<OQ~^sUo@Dd%Y%17W!m4*
zx{F@lkSHn{ubzk>%-QmhVA_J{Af1zt!=9mltlju-zW0n`EIa!hZBYstkJbEm-5Igx
zLs84D?cm&l2Ef}6`l_MkG0I3t^+rN<s71;ZHD@DT>joRV_?jt#S=V4lNaZBt$Z2Sn
zvyYE*T{!pMIQ?kl>oA2r=G1QG)!b6a3LnwSbvH5t9<<S=jYC_<7bKlM+TF+|OD50p
z&Gl|6i}IT(VfJ6xWu5`iK^i9^2VX-0X_!rsR7f?-Oq4qk)L1OWQO2O#E=olWpPW?V
zIxd|J2sw^9)Aw<NgBRzrQf-T?&62QfJDO@RW6#CmT1Ja={tQG1DV&5HzYPWCk%9}#
z(Db=w$Dbvqh0&{@jut`&A+98BF=ASjG23d6K#;9&i|?MC&u|aaQ8n-lhFs{k&N?nH
z27ge+){!tTHiiSyLHZ^khk!!?sh&V0HCTt^(7K=Ntef66p&=*IZzfr@xSuq4P4(Qq
z90(G2DOQLS?J}ssPSfm5qPEe+MPqms^;O*{Mtc@PCgBQ*4*Bm%LZv}%LuYZ8ZJwfb
z^RtH`NE?~0IPe<Bwhy>2$GPDu!UH@J%@6wQzpah_c4RaS6_?5(#Vr~w5jh>kJF*#L
z$-8zz9z=)qS4gNz@htyO4*ChR+?m6VTL(I?BBtxM^boisra4amMw-z9z)5n#eP?<3
zR!<IVc;};yJPsn89x|Z)AqoDOIFduUiuC*ehz?RW2|1P>nnRPA0w!v+JX2?_FHXxI
z6=}gFa#KaFcz;5F!(Avz`#J{*a(Is?-@DdcZaj~yQFp77aGMy}0)fh~JZfH5@#=kk
zB!~{uHVHW#9-4zT0}?Yonq3{foMoFohWnI<X?YNyRN8KpiA1?h|67;?@C(lKOR6#R
zAFZ%)(tAss<i-v|#of8+dN+v7w{H#Rb+<sY@Q{UbcSJoDjPmY*OOjzf;8m2WQzvHG
z;;mt;P)XE&l53tMY?8(h;sG&A%~DUJo?!aYUu=jf@lJ7>X73$8GAeaYBs-^G*~p&-
z(Zc<e5t<xVg3aN5b+Ci77YjMAzIx?J%9q;vrfG%+hr-SD6zRSJVqAD0HdH{sED0xa
zWjbK>Q5C!T#L^Z)!jGxL?RVy6E%7s0L`psoinE!Uo0pTT<+PlkFjj*g%=_veZOOeH
z{f^}}QCwnN%t+|}KNSWdEIbz}0s&%efMid7hZPP%<)CPZM(z+Q9yyo=0f!C;i8*~c
zI8}e-wlnRg5DF#?3``Gf4NQ<>U|k?qfQ^5zKb4=i@1!rAPnh?bw}@AY=aHwP$6NPX
zcYU`SHw;&6mrfTlXLqMDCl<$74yz7A_DOaJc8_fHY_4o{UR1n5eQs&pZcSq4YB^&0
zz#`au(VWjL&UDXI?pdzMrHPhtxiQjHQ=?`h0z*fGAp-{eK)rcA9^IHH+fSr)GPQqb
zt7(;JA!wRteAK{Gw^!>|qfzx$nO5OYj#S!Il2A;4eEL{Lp-2Jdk)eE@JeHh|Y_BYp
zjJNcpG@DeI<eH?2M2h&4xT4rw(OXe{ks1*UVQZmIAu>UCfiVFV{#Sgfd_ufQJO@0F
zxbwKKxO6xxI8iw)+1uGk*jyiuJbb_!%(BSB#~jDB$0YY4m+_KOi=mtWiQbg1nT~+g
zk!Fa7fjW?Co{EPuhGLsSiae9-2bmga2`K`J3Gqi_JR*C-enJ`oU;Jr&4!lU*O<W0_
zbnH`X6|5pG7)(QqIt(my8?;_DDpYTjNfb8ZFr+mk5yTXPBLqeGw{W*``ryX^#Xk^T
z2;}d*khzd0H~&8grJJAmJRdRnWK4T?<Pf*~wx+H44^DOYbLYe)<+a_O9>A}oba{MM
zq)Mw3TA23w*M=u>Znv905?E$>{cLKAe$zzPU`ogz{Qr;gpM=syZMO6>@@6O*=xKB~
zV@w5<R;BYOyA222Z)zPq+=<@;Q7SyMEc_9b9?q{dobwpV8;&ff4?~?$&>+?_^&?AJ
zt1OuEo?!ScB{W&;54aYr50artVB|N!o#$Pp)+dxnHgtY7CsWxmXV4=A)U_n$G8dMh
zBc*ews^<77PoPp)H!MY_Kc1O?PE4yCJqn@?L4eSV{15V<gwhWe(M|C&HG)n!F|grG
zGu%X7f+H+C*q$%dfjY|2IVpf3`)&w)L1ZWDZKgkC!)mf;rerhEX%p*(w0_5<FK&mO
zf+6Am3JFb;?8!(t1RQcT{hfUden-!is8cOAc2Q5CmF0ZN{q(H~@ZfaYMas>FqV|)O
z8Df9=P8O%$G*r(FmfP<3+RBlEIrJUy^S-ASHs`VC6Zofti~TflDjPU|e5E(O4}*&K
z=UGnpbxcGz_lYUbjYDZy0A-Kn4lBe|BFV)!%S;*9F2^+c2tDP!g%gGC3Y}%GA}Wu;
zl=t+)cPXJ+WiY|f@hi!#cBkssBzMG-T9PEYXATkjRy*o;T2YBq19~$>-by&DN;-*k
z{z{nGPjz8MNQ2QM8kk<>W_%EXn)ss)OnFZ)e1{UMWd<W*VBL=e>Ws7BX^jnP6h<=d
zQE{I>t452#c!y3DxC^+2kZ{dD#w`cRG4}SgyYMs$Jgn?5NEg>I?fA?l&Av9>4x)Q`
z&o6v8OK8>^>-5Mt#$xjuB5hR(Xl4XrPmqUBvYZFHa>;-7biK620iwi<3_N-H;8y7=
zoEgmeO|p;Oq~XENf#t=7^_W1kxot6+@}6M$ZkEt2G^TjJp13{=<KefU+6x_hGhfgs
z@XUhj2}%hWmAAH|HsFwe*GOIP+`eNbUWhf>_?ovAk><axeoMGdoFSn&*d6k)f+_DA
zhVNzx%}S#k=Z!2oOCOcdV1<tzYXcol%pXjYN0!JOqR*8-5Kq_wQPxIiz+f_Jb6qG6
z*OK-goEd~f9o@W;u|LG|l(X*JaR5{L|CJJ|e)KS9<Q>(GGOVJbg=yzZD*o)d`fym}
zz^70qnt0ZS9&l8w=zHa$SNsBP&l*t1E@e#PB$lGWD>cG8U?yP2$UmMifhqm|Ps)Ef
zzsOU$(XKEeIIVV&>ezPCmOfNg{_v3?eSkuUx`wwx&<zkJrp*l+Wp;VCbss11qj#?#
zN*SgW`}tE4*mW*%R5gFT08`%64Bw@MCd)c4w+|#|HfQI(Xa@D3i+Gdg>kPf#?!~xR
zM7?Wa<R5@2TbiYWh9}vx3#PX6SQBPpDZk1D(1pZ&$He9NxQt^D0@1$ofvleYApdDE
zvvc2>)yw*MkafJS73_4+a)B)GpM3n7kavyGM%nFC0qxwzf8-1zzit}x8vRC@I+G-+
z=jqXtvi@Ae;Udy-vC*IkhV=d`Bvfx2dL4L?-2tL?RKoQa$BcF?a-6hg{k=c@yj>1_
zbS41J*NczKF1KUpz4KB(sx&Ro@NKw+;cj=G!=9`=J!F&Md<A~q_dLU97UtkT?0@OU
zOUV|xcdm|Xqgh&!CBZgMW|f~q1l}6v`F4`)eu&usv=vS*wda4zJw8!#Db|0K3^S;A
zl2x8RNGoc!JVl<zNg@WOyeAsIO9@Rs!Vr}*c?<PTKQ!lkH8T0Uae{9YB|%zx6(;cs
zi$h9=IN)0w1{LD)c}u*|OU93KE72H)OEHHWTu1`@j!0*`NU>L7%6q2aJCsoMBhAOA
zOSP8|-oWU*nKi`!E<65UCt&oqdv~p8K1lD#4DdIdPC0}~3p*Y6PY-X(S&=w>naewD
zn(LPAY&QN=UMcKkFy%ef@ZBt-=|}0MC89761I|k-R2)e+iT8uN@fTTY)MLbYBg<h^
z#od5Q^{)%D9OPazdA0ULzmFa!Y39Cdx3xAGIvKO-;N!sM2UFg24d2ZYntm*0-`R|<
z9dN!dgWVt@;<{D*VWY2nreD-(BWF2v91A!OT5}c4{_Tef`?|~$-g(&LoVupr6>TM_
zh-D?y0Jjo5e=y}e+3?*gq3K72aM2HsW3@kTP_5Sf^yDFOqbOCa<(b$15f)U#Uy1;D
zPhyU^#3XJP8_QVR2gkuHQ7TaR9VU~E!@iOnW#9Ect0|b$<*$@b^`k5gtnjeCZddxC
zb>Ii=`2<0uv;{}^3cbjJKvVUoYrvBw+|4}Nq@T@4VPSW+es+>A%W!DUen9Qdpw$_T
zq3Uw}0j6~RKPms|DC1A*MiM(!x~vp&iHKvStGVg9@FkTNxQ!KLb5J0O@B|Pg#hV&*
zV{LgJiUoQ&^AxsObQjQ+1gzzh3uXExiH@5JnDU-+_%0<hSw?!&oZb3&m+0Oui~A7`
zE%_ex6gAP;evY<~A1KuI1v~_-Beu>$jwy9^!JCiX&z_BddmNq<M(~J_WnLBM5?&k+
zTs@8u)$>2de>%*Fx8tvgxA9|bOa_xC*Em2@c{>{9<gcVs+Zp?O#%pgE2(mxR(wKy<
z)ViK%79E4Y^D|pypVV;L;6XQGDGmQ(Bp(>k;jfTTeKjp-Vp6CcWyi?z3KO(OBPDzN
zbnOK@L*P|Y`a89&OThn?y`I*WbR%}Yb+;X1JCu5)B^Y&iw7t)-h8j1GZyI*5!O#1i
za@dU5+LBB7U;2^8$hqf}v|OHwEQdFyDM?Wf*Oy<F!ol=?-+gqRW^Dk@c6v%f&h2Di
zP?zJC`uiafad#iChv<)FmMcn;;r;1Q!~cFQ?>UF>QbN;@qdZK*Kd<yN<K8%<T(`za
zP$SmE24o`V9wLhg7+;)60A4Dy{xx06+t>ao-$IZ1o4T8B0|P=FdeP*^^+#Uz;pE$3
z%6rn`JCsoMV{dVL@Il^d0=I0qmdd=`@#@rv9A<eUOr1?;9Pds80dHd}VbJYGVqq~5
z{81Z8q&j<keDu--|8n;rS-7%2Cz>J-OnJ{bd^byI`jJszpjBKLW8FGW5f6)mL3%Kj
z!R!LV%DS2%U>(LMVhV^-b>8*YM_=#O#-B57i|>1#ecVLyEOZhr!mBG;j4%*4!Iby3
z!*{cUrXOccza$@-TpEVZUsgpYRaykY?j6!w!TNREhJHD!AOQRmH|iFYPWprVGmYfK
zN}TZ7g+qw=09@YnTX;(v>{8ZwVKC)A@9^C$q3Op^HXB$?7mLBZSSwF;yxVRq4a&FH
z@FnUQGh=Z2N%DZQ%IkU7CG9@8t<RhdbLWRomtXT2?=q!T{nir08zX-s!T_eU{wpO^
z{n+bUPsTBxQqt0Ey6)P$0W$j#6ntTdZlIS@J|ei9`Wc8)*5m~(tQcsMC(ZU{5nREK
zmIR6h7AZyYf#^17H@nRwFs0T1N%>Dd>Jpz~sG4HAM_Z#LV`IK^kam<Z$JGjS?VdMx
zdB3|D0z3+nRxvWiW3ax7v6Cm=(-srDQ$i$ONEc2EkAXr<F@LoWri7FaLr_AKr3QaB
zh4D&Dak)tDnNUVVoAXDXV;O>O_HkA<W3%inT)<!T6hizlll3Q>lI4sULN(<=?yQan
zE(n}xKk4mQ6_N?T)nfr!J^w)p{7aO!s#awJFV92N!j040P!en(`Oz9-rv|*XgE1$p
zw^#>UKX$<F9?&qjQ{sMs2~|wp)=;P(>vo+QItx7ZaF=6xu?B`T|0^U^>&GO&bj3`>
z0j90B6j*_Vr~+2{;b*-MICD}i+Y#dz0snT!t|FB^rk}Iw_mTx$8s&x-ug>laic%gR
z;Srl+Xh?>GpEsm^SV-8?T9E&rCNRY5mhR2z%c3YLoFkmUl8K-i3~=6bQqsFEp!{e$
zbOfA1b^HwGc@x(>a%=x{PC*nRhY=lFk9GMpQ|7MF^oMwcFTs?M`e6u4X!;T5+Fx>d
z&DB^Zni1E*Nlitdo0BkT<VRg}YgM&L9)=GPr9bP<y0fOpoMMPTO4^~52+XHws(Du8
zUlU={VQPd9=3q)l|L|Q(sQU2;?R~ov$<DLLBxRTDD#SD4yhKOzLsXJ;g@Y%8NG|{n
z#GIk4Uk6LiYDnYu?fnYIap=p1qc}e?rL2F*kwk1^VgROu6c9sX3Dy3p&|0*g;**0#
z2R}-fysoeEF$!^Fv#Dg}iH{^cByN8K+<Y;yD*M_>4I`v3ynnH8D6`!37zU5VTc6wV
zW!PW@iXfO0(m)K6B{cnrFym43UH26ZS5M&lCQ*J^u=X3<VqMEgxd(4VL}rh;fhg_a
zhviw+1r(Yl_7$TKC@*cDLY4hi2*dcE99*%>bR2;xAr-_BSwho~pWg2lW#s53zps_h
z+k7~M&Fo9p2%lo#<%Og>zU2Q9@Qr9^EN`T=v)0J-ahe9pIgAS{?aLFSst|o0x+1j_
zu}F0=rO{t0q3Xwwq9d2JeY`8eWtP`jXk)(f-VF+$ZhDZ5D@U2n<sZKTJiRQUm)-SR
z50|XlJW2em?d@t>vQnG%tW=O-cs<SSD+@5C;r~hbPpahg0~e~F7`0Bnm>C7Wj~n(W
z#->tqI-e}QzdYWndR7Lgy-$6Mcp3QAe5V@23B@4GWO~#gT~r(k|A9c{wHIw%7#f%o
z(nAbE2~Cz}{UfCogaaFBGvB7+9u_)L>JCW}WsSPmD_v{B`6&TP*$Om>e8mVpmA0^E
z?(=YbSJcK{e&i>I&pzVQ06H1+gacQPK1B8W5AvTzF(m8_W385|mzZlXKWpBMB0}N~
z+H%@s|2Dv*hg=Ak4|ocS&9LqZ6B%`8c*WbseN3maArH`Gi_tjg6*q|QnEZnt7*g-A
zkWjs~z0=ydZscZoWHzhxLNh>C_OLKZiL%x^ii4bMFPs<f8hZws@1LJzFW{@r4hY}}
z)m7MS+<2*bQuj6o>;?~R@jJlJ8&X6pBrIrdA@omU`{F;MgsB>O)P9Eh_MBB}dGyQh
zaO+0RW0%gJiV*E1SHS(%&s(P#M8zHfsoi*I@j1+#C}hTCQgbf~i9<f1rfYYnf+-<Q
z#1NFw^y9nUae5E}XZZuR_;OrOuNY@rFAFhZTvj(%AXeM3EZ|_BFym&->8A9T{#4&*
zol9i)Q+ue&{2QNmNctn!=dn*6fGHtW#CIv7>PJ*honH;Kb=b1ZE&i)<8j+qK)WaBJ
z*FqV)X3y*|4*=&h7J!WB2U)z&vTIdaEUnl0*+&rTn&W#c_84uox5dcVz?6_KVu&oE
z=||^L1$9=k8NG*rcx(F0)qWv*h<<x8v2#eoYJ=aGg#q1=O1&gumm<9qnz5VfOKPUO
zMsfL*mvM13IdaJFqbK72qlA<ZLu3g}KUy@(=m{lTvfH$2y5ZWK#fyDNWw(KakN6eY
z@0HS@0cg`WAYPqJV;2=`oi`r+8PQm8o!I@;N_V4pM$)=vtZl0iObKZthR70{e*76s
z<*Zs^z!R$dz{YOmM6K%p$1|?Wfbhc_4~jmgvNYhC65r1%<Ctp!dlQGj*IHk3gyD5u
z#-(TUEr+-he7DeCz?2$)rG%;<-!d>WtEa$HHgEX4CyJ@N4X!;!<Kf8QvLZNRyUih>
z2BIYA(ELp0ckPBJh8bV#dg$!Zho;cBGZyH?pBK^pN_ZMfss4Xb{?objgvY9sYY!d0
zbtOoHM6mXSc2}eiJ%~j!m=X9B)DcM3fGD3MqVj(4$>J%@IsHbj!|=Et-Csw4An9;0
z?^Zr{TowaN38^H8poAt%v{lJA>Vb!Ax=+lThl=RJ=;R!JeC_K^aWJ+ek~2#U1)^L_
z`zAN3PV28aCo5`j!q2tpY3dRan@wFdmyI@fiu2#nOck<v{)7CdW22hQgi}3e!3VLU
z77Ckh9WFOM(eXM4UDfRq$QT5Nt^NeuZtK;)iIuxT$~;r|nsH{b^Rdj7%IID-5jgg5
z4(WY|3WikqD<m{Y3MOc*P*Bv`(O8|j4r;p1<~cICnAQ0CRzxi~ktE>)u6Z!<JD6iR
z#IBYetR^QUFpYi+R7W{I2(=1`*$SGi|FRB#-jGgWAz>~{E~|f9KT4Y(=*GSESB;aN
zaVhb9>+Inb*L5y%Jv$NdN_b(;a{!1^GA8PB-dI<|@l9$(7sIfCJ*&bKtr9Zyc`dqx
z?W~Xgy|qC~i6JPV=|{zdb=<N(>xZu`LjzA^X4E4n?cGg9x29Of!mE5N+yTGkf(9&K
zw!j6XzWgl^$8NjuBG%fz^=!&Ih)zngI{p}Y089yKCB91uRX@6uGg~Ys<<!RPyjOct
zGVz#oai>G5KzxxSCK@E-mWBjG`JQsCdF!36#&?}7yX{U`xx8QMAEF(^sK;(H!zdW1
z_rR2pT4IPSq3OqS)OL!Q-It~ly$F2K%X*AoLSMA&9B|qi-^|E;j%W!6qMWRQugUR>
z48F`;Yu9G%?6lBP_N_mki!w*=`~9-5bq-7k=_Q895}JMtnYp#GlK9hm(uv$6vkv#Q
z(kAUgg+2~$j`R;0-yS$+AW9BbdRB%(_jM9Z)Sf+u23g$w(%Z2$c?VjTKYtY9ME={?
zfD{u$WC=|_Dhp$Hp_aXFGpiW6`JzuHuiUrX{O}d*RJQ1$Aj2C^z<WNS?LQ?V(U@DV
z>x#3Fkc)nisw*)~SJfH!DNR`1^qc(mn=b!XN~rqr^!MVyw^t)V*D(Pr1w!bTjIpAt
zIgGEb@#}Y;iyTk@?_)E5AAY6r%a}O%wmKo=G;`$W)gRqAD=r3A1rh>RPQSFklyd(k
z<v*<-k$p_UzmTBd!~C$Fc+zIt;nuu`*XyE&7iR6OV4XMI2}Ef%j-y5?{yDtYg67z9
z$<(BC!_Ml=jFh-qUP_~=iyt0L327&WpoAt%^_!u$pz_LQJ<}EqG^5gxZ7rY2`N|j|
zEcmYB5<4wlAWDhtGxdl7BFBm+H`B`UGfQU*CVbt(>eB>{L*&sOD&pYkk%6q9{~-Tq
z{rG8Ev*NA4k@#TRiV9D+rKDXNd7FctZKmgMQKg8mCcq!{Kk}Q^-U){1xCZiUC>Y_&
z-G*L=BJ!m&{5x;B{#5S3fFY&-3JFb;2yQNFqOO<pyc4`Mmo}fRK)Is!-)RXGns5UL
z6*AZW?|!frg80>6t=5M*!5=26!xN0S41M(OHFE#_dMu7;L3tAVydm|(LPBO1{1#UK
z(vPO$)~}^Bzgs)*M48$+(DOWNYqpmn^(Fg*{v5BQx*YKQDpRp+lqB7$AX7OTLu4o~
ztnNJe;Z2&7Yr6~11WSkPe|v(EeqsnpX!@}wb6zgk8)?X2(O=ZPU};H;#3c%}K%}#h
zX>rzUQ|J#wnJp}psF0%zn{!^3=foVY5^hk}@3eK~kHEMS`diOg2}}toD85SxRX;ZH
z&RO`oo^8J3E7p8nMfa<Lbgkwyi~fhF?WBGdQT)#VU)vl;&o1$EP2YNN?#2iz&WU|g
z_Lpe&{}ba2Gyf%lz8_2pX()!s5}JNA?0_k~cH0!`3;&MUbv2v$`_OhebrU(-J>%T+
zsgVTWj==(oeQb!?$lI?PvX3oqZBs)PNG+3Y(n3cy38t5xiDZE(Ar-|CSwho~gDE=G
zX|oMx7N>(;&52{Xt69u?9vq`%e?m=2S$|3b8g$5`t$ZszvkuIE_qgLBnqlZ&9L3Rm
zUa85;^MAujZ%PcNgme@`WC=|_<_$67tcx$%66e9@y5uYeB}Us|h|so7n^KS8SQj`E
z08w^V#fFZ#9K<znp?KzgZ|iC&(0i?p;HdBW5%2X0oAggGrO00?q3Xv<gho~mU6Xgz
z&oM_LCn(}HBzpMG9jC8eDq+`Esu%;hr@V(t(n6L34T6%wgx?Nqm2b9TfjH&IrO=oh
zRBxy#|ND9`{C`sZ)1`zzVg%&xNfGzzk#BfEWqsY78~hUVaa<F|U?{u&CL;$hOWFv-
zm0NTj^<bTA9ljN&u3CEc7GiF1qDF+UT`P-@|N0S9R1850O_p5rC49wbsu{joDK#Vu
z9<>qrkuoGrACI1&AgR7CjsyHk>hp%Cb$us4IA3gv1ec(wy()%CsUh{WB)-M}r`QAx
z8n}7{A*$zpkpDCuv7w)RQfHj%UDJV=H`$Z5p7h}K&u%WXItXg0JRb=00Hv@N9CKZa
z?RLUfdYnR^ieHKq)~EBrHOmTd<Vfct88PI7AqD;l2~CpdDHgDMgnCO18?o(brk%;m
zM&jfjaYQqH0wivJ#w`JUo6xuM*2jv-ytv7beWW$`*~ob(`NfmxkE`C8Ep1l?v7UgR
zH>9apNQh5Zfd8NNSA)xq9Q1xG>#6tIl+)f$SF-V{dIy{|BJ)HU2v#_X0-hQh{Kd`B
zw?h8yGC6M2M|<b6QJw&n>z&SXqREs(SY_q^&Xho^iXkYW>Bs8+9oJ%_+7vbZhq~=t
zDdp;gzas`$uimTlI%bk)1po@&u}=@a3n0mCf4Alg+k1lhhBG+*iJPady5v_x;h|L$
zL@*_!tN1P@RQ(wBh}!6L5d#dyN$d8o|2t9iXO%*Io7PXudEUX2G5GlbQ3~vNAuKlU
zCJNAeI9u(xyksh<NfJV~N(zv@!B;lf9tTrG%8DVfglgU`Y<W|^YIdUC8%Kjz@uSS0
z`u?{B=;J#<*dps6iW$%V@9ZWfKMj6xQLalRo4xva^9`b5Mua7stl)b2Pzl9thYy$%
z(pC(SB{cnLNfZ^z{I)IpbIqA831@&v{vlJ#*RM^{=4hjuFP`ZFo(z>u{Nj{_xHDd-
zQQWKYu_CsgMI27Flp3^$>3M#wTZRdygwz#7WC=|_W;#nRG$mB}QHy0RD41-|u+b%(
zzvkXbDSoq;Qmnm@3V0`>)cTp#OSsVyF@`6vM9N59qNlM`Y@PX(-ZF*0w8!HBQ*!>5
z5~_Z*-}pHm4=;Nma~Za-*Byjo+Ow-AbbVe`dxZWzLO`JkP^a_k`NFF-hS7>cZ@x^o
zAn#T4APh0x$nhmfc;_8gF)A=6$Nx$BPy4HX@Q3*|Wv?v^zxW2GeVOeb)*8F<X4H(@
z39FcFG6|0bqLk4Lt|h-w^Kni$to&_S@J2JPkNA7;=i+Ju;gF+-#UU^yq_Y@;5}GU#
zrKL6qT%K7QEALOZTBI>GGQ76WpPUYqCYf3e#W|%1{2LeEyj97{Chb_T!IL}c88HpP
zm3lm~P*{)M`B14-vlLuCY>?ISALKvnuhy5-8O}3kHuuZ9$RII0@R_a*VrN@FN9mIp
z+;{yn47jZk5)$ytWcQ_7{G7^Au{Xl#FwaHn(^HejYkr^F4De9X!H^IC3JFb;6<e8V
zKL&akX7^))cC!>|U3;R;%BbtREqa}`N2RSZ0iSoHYb^ue)4HTKFZMaEuEzWqIaG$4
zZ23tn1jdRl@X5i?8&X;<Bxohb^>62MW-Go3Jss>{>Ud&NCR$FT0FP)ppk)U8!WxxI
z@u9~Q;AzI1^9`L|{WR1<cK94o{?-sVRcYandYc>MuOal7Qat~y%pk4B5R}mLBZL0b
z5rbM4rQw#c&xrd`uI3~iA*!lL=$JH>L7bQ{;I0NbhCo)uauf47d(Oj1DGQbdSDhAQ
zqbBXlzd4?DS{ogLDIvARcPXLj$M4v`#+dVw4`5@g0;XklYQ-3Xhl+R0h(;EVD2@Va
z%>ehYkd)h4N&~CAkth|?V`!<#cwUNTPFT#7_-ziD67__FDIvYZ5LrUgkC|pqzXj1C
z_`iN$hISEOhUY;(Q~b4<`fEYWVian72|3^`ls80M2!itFi$6v1I|8V6WNkjhAXyNZ
zVqDzjh?OFlfGHux#SmFS(~nM-JaNmrW+ZR1{2#CSENR`OaepfHm<}gxnaBFhMFF@)
z)T|%y^vEHYAfA(D+czY5BhdBKK_#NifxhY)nc&jMe|Hif&BYK|Ler0QAsBuePC{eL
zioYeA8yD46UtSxaulh9qq)C4tfgh{^xch>=gfSW8lcnUL=sb+xCvYx1#5>m*{p2-l
zK~(4y9a}IZ!(S<(>c^|b--p<iesRX|_-`}uqeM<0N<>9HOJR)03`;ZpWX}#ndE_@a
zW1HAHpk&C`ae(5ZqT*v~G_y0zWZ<JV;H{$n-xH_*KPmrdfA#38HA1y%-E1UxbBL#F
zkXHP9f0jx|Zn6aluZ`g^d%zuo{-j>t)0=eBRqHidvJuPiw0_kdwLfafH4aHIjA546
zU`j}RF$5)4^P#9j1A=+0;D`FFM6&t%b`iEM4IcKGe8c-t^57HV4dAD}cfY8mMDtLJ
ziPm$<xH&Yl(e3zfgQl6Oihk1&txpV~fUAcVqI&)Z`A_?+w|${)S2bLi(r6sowr6(V
zdM=0hWE@NKaE7sjpQO;e2mIqXH5#O?muKS|OIMCEA>!74R|<<zq}bdMFHxRFCG!#t
zN%L1oXp&Uwt+jTfDIw#Ta@Z0qS&-sGW^?d=X1mO!Ffyn3)%iOR<c*yyKN(BUWsJ-9
z3ClQ3S3W(Xq4$Se(6Al@Q9xUaGWdBz`iq4G1+A?G{z+GTxT`}v8mpZ=%Z`F#*!qJ0
z{kB&E{(yPK&k~H2FX&h_K$PNco&&})KjyW6%52-mPiZRYs3kLIP@A|QbFFQp<xzks
zAqB<|l+g6!1JCf!t}H^x9vjvVqvcb4RDQhcNWeXX3#Zt8nHTsS(48eD)@+<}oHXRH
z!_U}Xv@Q7S>dmLc!}L|xEVu7#0<Uhtl#mAFyOdD%qwg^tyeqaw>a)P|hIbc9`qo)8
z-!q0OA~k4Me);9sq61N0c2Jn}qOmG>o?p=IiI%a-!tHt<O^YW?GHQIOe!fT#ri4@&
zLu3g}KiXpl88m1|#i&oPo!({=9CnGTI>!#1M{zsO==jdQ2OQP=tp1qXpEcUgHCU&i
zU?F(TH<f9hoP&!lnc#aNN#a*zFeRkJ7$Qq(`qAfGLW6ON^l-%WF|}f_$wYPQkkW6)
z3f3DZ#=%CT3&8swv6f5l(V54KF{459-ySJaU=e-W%tjP_ikpO9ZH$m84yJ^Z7(-+U
z)%sDbIQg>WjQWOqoq51v&=x<8@#Jeq#$!&LKZHcw%Yf@gGC4`zdIOX`Uae}jaP#)B
z&O0sR5^t%bD+!fCWugOKfGJ7;N(ogzj^PVeQ67^j{4TZq5?k|(Q1@`WT<QniNH~MK
z-k{+=;Lhda%e)?|K#tay^yfNEA292dT$x9!OU9=iB6L4sO(REwDM|iM%73y}hjU&N
z48b89Ei#N!Ithx|h<KHD<SEupy{U;&PWWun0z`?^9@5+Ne%$#oO2s_b!J>ryf{VhX
zd#`Bt1=@BVsQ?m~64GQ0K?zNk4Eq+5@i4<DtjPU^gmk*kaz?e1h%Y#N%QHW=nUI>G
z0#S}4U?wd0`KVV`{$?1+Q8-2o8s1^~47X+{m=YI=7Kse59wNx<0Ymctled~^y{B?g
z^@F`eV1@M`jL2P`oQGWPvFkwv2pv+=Da3%Ya7Vja$h6!8bPLFivqah$3XI3)QM?N}
zA6Dy{dNboIJpw}#{uL6MB%RTt2PWr3oAdMk)DkAO<F-CXx0(CMfXbEj_WOB;bUF|u
zs!Zw>XJgP(eR1#Ou}^H4Ow<Lvl%d7lg#4gImkeVa@biXL84C$=^I8c0let>3IDuGE
zCH>g&ndQuw4amQNJ*3AS4S^B1lv0nRp{^2$l2?%2Zo<VkDYC2Wc5DjHTi5k?#9>n-
zIMRI1R9?q07EB50GKQdprXLG_hN@kg@SeE1ml7$~Uip2C;*_dYkYDrd<8Q(<lzIuc
z7XPtGrTpDft+Z<8NCO^@UZfRAKH<w1EsvVj!<I5VE-)pe%=j)PRQ<UB(b-7x_V5MI
zK)6*|t87E+Q$LC0X_CtDbgQy&)rm?#lzd;97lM0ng(wWDq8Pexe4b@a&z%+vK0MAt
znOZm%DgaYL+KeHxgr*;>@G9a1D)3sth0B`x>$l^g<{RCK*a7F(&QvOnlPNnO%C4m!
zvN=yJT_^+FEfo!TRhJ(9NM|jHTVOGEJ3}k{$quH3)EPr$2~9uJhC1h>_rXuf@Re6?
ztrwjSD<GbYj;`?2PvE!kU62Dx5nVj0mEx1E_w%W1VutKe7Wa3be~D!*mE%LPX%O`l
z?gUdp`ivp6gr*-ggDL0Tc5G4AU02ZI=*W`g93CgWv0VN1<#9;59)&C5dmDpWuH&`#
zl)+gH7Ed%Pe6IDdv>I!CyKc27I=n(eg*TWI>#vkh_2blnND5&{Crl=~YQvQ?wY{>c
zh3oc4bz26?ZE>TT_-i0a->Dg`1sZYp){IY2G?9NlukK|D$o4VL-I+1$=N0AM1yf@F
zpOpV3eQ6Ge?Z+%-z0Qcv_gIK}w|}K(+)T<a)cY&GfSuY5)&%g30huySrN%N=!pfvn
zTHeK}EZof(K4q5Fcx7eb&e5$;U`j}-F$5(vS?<P5&RnKH>aRkJSKRZN7H+sO(tX2B
z`aHfx%%xpK3h-|{*o-fDEfURhQa0_hhN`3TQu6g%X6D3k5!w8v$m1ddaP^==R?mNs
z|Fl(|h{4w$X~MI*n7qwx$8f!d)+aPcclp7bve{R}88s>e@bd8cF!l&M(@bT<(_Pgl
z9_FFFj>L11VLL<1OLc@ILpLxa+Fv1|NpjJ@x`au`7ysPM&6s2QQBeSjU#MC8lqzDq
zITm}C8sPUw`JN<v*~}Qpmo1-yM5(2PkvK+m7>S>!F1fx+@M}LJ06%X?tFe%PFu$4A
zKl$a<d@@pMEX)Z${)qkz=SXreL!sp%hcB$#x>x-CN@{Tj(20htR#7*bgIL|*5MfzU
z-YoiE1}S2Poy}IJY1lZA9~(>wsWpb6gr*+{rH{IOKND`gE&Y~rY*ip-;<Kne*{mf{
zwcI~jIf4MVkA;ium4`rGD5=O!<K6wc?I43DU&;(N#eY%+WRdcDtrtvr&vSW)5~_X_
z*QxK+Kc|luE>oG`N=Hn(c1l8<M2(Dkmw~IS`Sb(ed@Gsmvcbl;tWsiMi4ByqYT|yn
zA&C^0%YN!zRN%@(qx$cb<~`5l-7KN$$K-C-idS~K<(VY4>N9E$Y>wt8-Ba`#Nd44>
ze{x`X06mv#1D|LXyl?~B@bgTgP`2hjMm<7eHmecFr0sxv1XBJ3ro895yqhI7{kZV#
zcTvXC)50FD@_sau(7@gHk(H2jq21AXJ!?kne8BHKjxWMqAPTX!Be?w%Ti%{;{&KNP
zOoHR0>1M1$Zdm@}zZQp78$)CXO+U)mRV$Cj5MyAp&nJPtc?U^xRrr>C3+_)xfb*lJ
z`UYsSMzq!QIaNvg@T^2u4ITcfipva3?hy_md%iMx^|9WkGcYCmUn!yLM-mg0nVrCa
zF-04i&ONK{`hihv4E9QHL86rxMW~p$Uw|lcXS&JXM814V50f6+c~RM%TyHR867KBC
zcDpeYE>{2FS>Su7%l}dSlV9#Lyu5bG+FJdx6>;&Gl}BuJNHmY1pTC29HZn1gz&>#a
zc-E=rhG`5zB8W4l*r<&5OWWMlx80BlG}<j5wjb+?S`uK&d#1~~l+a`;7fIQL%Z76*
z=iZaUd14&*3)?1sA)r^WgS%XlhgIzd5amxVWUL`#LWYx4ifC2OPCDn%m=P==E?qR%
zOqA9??=`{I0|QY#|AYLeSB)jI-+mMUiYY$k@Xj8u_`F*9atsNKVTvV}7B8wd4LN}z
ztJ*qqAF^ehk7T-VBn}^o6Ga8ouj7@XrZ68QZ49mNf@ncOe}#l<B_99F`;|%2cMV1L
z>TFa&yrHA7S@vx0m-SMfuBQ{EOhAy%N|fhX;RkJxMdit4eA$J9e-1@WDgRhA(6`q2
z9*O+{q66LYTng}VaasRUKc;c%!-vj(@4sG&?Dc5CJ;yM8q#`O>mb*c)($-NsJqvh)
zt0U3t0ME;0^k)~JaA{~;Qrp<;$!tY57-L?NJo3m{Fy%eZ<y}f>`tikH*{f7MxPk?)
zgXzYm!VY&YS$kn^{*%0=p~&GFTtI7uHGN4DD#}a&#eTXi{Dp5nlC8vfkAcGXk9;cx
zwLBwHV9I-*%R7`%_2bI=f{r+g8%5wNHrlW1f9TU6egYlT>zS@5Am=|h05JklPM^u7
zyd&l9SAQTDi@BQ|oZM*J6H2wfi(;`K7ud(k3Z}g0xxAYtH2s*sGyLG!`>WN{?QaRs
zRNkRack0V%2<2W38I2Wc=Cr~9Q8Eu!p!jGP6mYz<>?<pHIyFpnb-@}{_F)k5{KXuf
zZUmU}p6BvzmQbx9vtv706Kg`{qmbO34I~4FwA3uGY_4pD9Ui5w8Kp7+`sJ{no6yP)
zUVWt}iVU;wAPx2S%}x4UShGm*q@9Q-h7(Nb^Y<*F>Bm@}m!YFJ{Q7@5yzMt~UfRF<
zZ2H`=5UZz?08?~4%l<16Wob5kgx{q-<4a{<%t~a^_rBr?5|#MA@?O0#mI>sTPGCy!
zzfwZgkDoS`%2noZQe7vEESQK>UdJp?nwu#YRnC2v)e?AlTMM|Oo?NyZ=VD4VWz87@
zKY}aLy!L8$89#vhn^(FeW2yKzFy%ed<^L%EsUMGVF>@lDXJt{W2uoJlrmB}z2_3A1
z_*~uJAU?^K`3g8FF4i#kiM+lp@uLB}_px2|KgQVj&WTrl*q6Qjp;cgxM*^n2XS%#g
z2~C!%mF&m^rOlV$ugvA@(H9;L&0s|IMwK<CY9F}5OA1~CQKC(#eX;%8Crlk=RD5-S
z#n|XJ&+m>*O(Q4y)keB6vjAK@9+1`ZALKvvBPXSf`;?I$gHtgv%MbN&&vhT`@4ek?
zC^5&%&x?nm03`-OY`pz^VKN_7*&9OEVU6;BCGyJlZ5s>xCcPx?v}7d#L%RPJ5-Kb3
zw?-H(ivTm1TTtUx-sor#`6d7Mlxz0U3zJtFk;0LHet-gTI&Yhlw|FV6o59-ebJCLV
zMzV@wtl=Ndd5(GV9DtwqJ<lb-nK_ra`M>mIAZ(8-hjB*IeCZ4t4v|%&QCCz&tjyAn
zZ^-U7Dnlm+fZrxi=v4Ii+Vz;T{t$jiXx>`0T`{n`De<eK?(nBdMA!gR-t%1ErG%y*
zYeKBy<E?Ujn;I}L=A*d5Q2UV{y9}^f5PZiyd+)yv_y&Be!(Z1SVuqcw`UW0fhVz8e
z)>!<rh+OJWVxlAxh8i)L@}B4N4kc9m$iQ~!B0;_Os=|*mjz*!!TpfF_CQ!|5IVIKk
zXZEVlEfD2Mb>Sgt4xDCA-&#@E3GS7B&3lOz*B5v;q%1TS%tZe+&pprO-7KM+n7gC7
zJmC5$is-SeiZxjP)4Gu4MK7aG?^*`Uy9cjW0mqPNi}&41_2z`M^2~3C-e#qizZ>Wk
zeUep_AidbnO0#|ero895yqhI7{kZcaF^e9PbUHrSgu=6K@>N4Fj})f9GH%i!zY8y$
zs6G%S)m#%y!sB*OLZv+_ZRUl_wQ!DU>lUvsX+SjE3YSMLn9}j@Swho~mq!s9Bo)jk
z`OGp~J)>+dC&WP+=&&{lqZXHlOi?lBK$Lde&0^~81x1294+O1#RgsXpwcPYAELqTF
zxj1P39{UZZboeVJRQ)K==(qB<rFK`9!hHAKfmQT{#g3hP*5Xd<dG%{4hFL(b({fC-
zy%Dvg{mYTjn#@91F}1mu=9T4YS8mK1iC>oMP{5S;Oqc(o{HH@DxERLk8dVO<E~U+U
zD$XBseG@TxI;ZB0>o%g}vK2l8E_&J@zf$!s<uQmkPZ;|stchSls<&$^Jxl!RmxBW5
z7kCOV<vr8oT}o)O^h0nmhCi9DTS97GZs{!SMW`QwKdES8VGMAzuhjPH0^F-k^EydL
z{qdNcvPH;_K3>GaKzW;w<@7bE-)1e^1U?^JJ+=_l^FPRcQrWKCrpi=oHWWDoWlk!4
zj(1s>={GGf^S^wO)lT*$^V=Q}q}QV-zRY#;lT`e>8&vZj(-Po<f~}i=8_4&rzR#-a
z9|J?${1p<a`5iD?>A74rynYRO)q(FH+#WW6OJs;j?jQX@kB9I*IR*%l^zDAmuSX@N
zi0?OR1R7p6AKwa$A3f{AZQZ!JnX7f*13&M3o=bi%D>FgMf9c1sUyV(_+Rc85E~zB?
z%2heJdSEgBOptB6bjo2p?(_f-h*HF3!Y1{1nv5YKP7rUT%qUx-iKpPz394qz0fBh7
z;|DP1J<sJ`N@)7gCH1k2jPeFSa}EE_ZJI7DqfFvx(c+V$<r~klY6~Pl3!bFIiM+jW
znBA6D&(vFPGc`&vj}Vhh%Yy8&9NC>hjU_PUJ<sJGN~ro#QshCtQx^t-rZhDcaw68K
zZG~$Ru}}XjGLnsK7-32e;67Gqvim!Z#rGjN&bKLB9Syc+I)kFQvkk<BwzZgD=%HZB
zd!Ea?Swho~Z;w!sJ3qlV-K^rZX25;zKp77I6CxS@q6B_|q&@dD6%eIEXUPGIL(>44
zKL~{rE2NEaX|RATb4zTxsYoz(!tp1V@}B4NZkEvWqrLk<8U5uiuc6V&pQ_c$mg+sq
z`R~pN_bM!j9V}D!<A5kRod%Lo5NtVgWUnS$r{10kD^N$qN6lkD+82197UY8jrnLBb
zmeBMgYEmTE&ov4RnG28QDYL+@Yuz*>ZlCsge7-KysMU}Io^?u+_v{uv^Wq9T?>hdJ
z<2!H4eGPL|F^{?u$r_ZJWG)V-H2*6lRQ-4@A+et=h?I-X@6^kyR;Qt5(Sb+agRhmM
zsK!n&8IBD^8Qp;1sS&2|#;WnTRF$M5GuO*}1alX@It~=qPrE-fG{BViOqc(o{HIHM
z^2Nl$U+}h#Q}wx1efv6EF1ygXy?(-LBvEMXj8jzuenT0kDg4&glUn^#W8V<R_|LN6
zf`WesH&Q~3{|b+nYVQr0@}BAPE+sTsn&-8)jjx9*KWM^YkM)0oVr1d*BRDEJD6F&S
zs5LXI6mZ`^od0AHfsBUUuCzAfH<6`YpY+2iay|^tXXWx+4=#$q)$<Ipdj5m_r=!5|
z%yxQ8q9=<br6i(a59e^aG>wdTrw<SG(~}Ib%a)@650z9PO*D};Q&qt{4#qbN@GO7K
zIV`wqzpmESAAsz2Wd?>c`70zeNm5cFsHm*=h9s^RYoG6l4BHk5)+Qu#?fQ;gaC&tM
z1CB#qI5ms>Y1Q<Um`ZPQ)$JUUE%HUei|LpBsr5H$FwH6=;OBkMbIE6B#w*PGFa21J
z^ZTSPB~-USGAOVr`Q%TCb;+P;#@sFXu7?k(U=;A|H;+EatCcy$F8541lFt?rr3k@J
zZ4cw}3AGIlWZ&lN5P&J~c`ol#Leq~?7mNP#e>N3NF=u9TuJ9i{GA|YNdTgukb!%Iy
zmD(5Zlr2Yt<tG7OrxWWTWp<-=Zge>w5BPD^%lfy&m=_eCJH24ad!EZXlu-2}Q{65$
z7GFZ3C>3!{v&_$!#Ydr(8Mm|bhLc5%N?1&QXD%-ixM(z+7LoIQl*8nNSaFwp6~*sP
z$s5rL<POK!{jCM2yyv;Rn<X^;NcV7@V~LTJ(Kn6gGEwxhDQbVQ%4|qEWzWW&(m!Ed
z4v12@lDArqHPQsfaMM?rAf%oi8SU&fVe2bn*^2nrf)l!6%6p#6yIDfhk00N|{we#R
z^CyZA9z#t0S{R=sgT=`d-)?v%l@d<34DdAL<eM8gv7?Rt8Fji_m9;MxL*J!!#BO{(
zG?KrNeSmJ^4W`updzMg*mrvPpQV2sUHSvA9s_vlrPT?Ec^#5b;ErasNx`tic-Q8V-
zhTsz1-8Hzo2X}(IySux)y99^e?gR@b5BW~jJTuHY^PWHXalVGCq_`p1O0(9rdw1`>
zZlO^J&+>VM`SH(=|G0a2F47uxuJu}j13O+UZv_qe*^3{KKH?zekqr-By$?J5XOznS
zW0e1De0(=Pw*~2G>*2~{J8<tKv_i%X39Y$EJ+C;Dn)V`p|IhD~pw_CYu@gNy<jnzu
zL1&~oj5X84mk0gf0I)H<VFFF#XOw^Gbom<P|LQGZ@Af8=Kzg?kiZ?2qR<e2qC>0aC
zls!`PQC)Bv(k>bT|0&Agw00oft@ZcnM?3%vfd<+<>jkc9_Z2dl!*z+zg)PZHqx?&!
z%m0q@-<-?Vpq3Zzl)m&Kup>S@>gBme&H`iGDmNeC6KkKei)N62in6sxp?8TP?#@J=
zPy~mC4f4tj18TkjZ!3ORe!5knwdLo~qwuGp=QYUx)ly)Htil$Lu!+x|8hIY0dA=Wz
ze;|Az=VhDF6)GNJYmxZJw*wShZE=8>X=$1GvY>!3pl(hfijrOqU^1@`wpz-@r9JU8
zNcsOU$bWMt{aO>HIU7@e@XqhXT#H#DqB|X!KpE2ST)asuTWizR{?V36CofN#cw~wV
z*K@)@?(pii_X~HL?xqZ*kHs%3B5r>EzW>tal9|bXLGORnAD~kW#asht#i29_U{N6c
zbGRduQ~Y|X7Poc<wMmycz&|bp<{v*X^S2)1V(XOjXaO`~bjPxlwO)-D?!L@gfy+Ez
z`WfY4`dt2Zl>cUYT<1voT8gECjjov7>>^yqJp-q15Wv{{`Jy@f`pNwLKlTTZ!Luo8
zO0lzkKPFIb8?$#wL@hKEgpxMn_?2%RPIm1-*Xe)hbNOFU{;TnE6uBs6VPWY!uKngi
z&M-0Pa{JYy-Ts9zp|G`ae&XUkb`-Qu5!S2Q^x5b(Ugf473|WXNIwV+({yA+Hjxg=^
zk*E0?<zM<-{`a~3H{)aK*?J%8)iT*=YRngbL<N?!L>jv|)OvNUD6AC>=^533ic${&
z$#?0T@la?|^kJonWg0JAjc$RNlE;tVpd+IOuk>e>f9Z4i-{<n*jE^rQ2I03@rv?F5
zPB$Mg{Mn<K!?%6rJr|mUC^0#k$q)Z2O1o0#DE<ygyXo7wGC>v7pbr@1FKY#>H&DoR
z8qDMW=^5%R`9Gh_e=|N_mNJ9P)pTilO}06bdP#x-ZzD#%R28t|T<}KTId%PGUtr-V
zZHcc{zTvaBfuVRUWR$wYO?Fkf0X*j#HYX0!FTOvcl=vT`{8!^+8;P%{v(rS#6(=}M
zrmi<ttiC>YO7SNV4f4!w9zw)_ylzuORPCcRX3dHIu9Qcc3APFOP1<^Gu$uZ)lWClG
z8Ghi;DF4#w@-@o;)uPKxPw4AWRP+{ff=@{2N-_R97(C}<h~v*K&8;ZXu!*7n*qLV5
zlW2~GPQfSN)!kIg?AiUuy6M^*A=N<OLgb@m#*d#-{-x99e@FRm&SgOMQVcW&+v6kC
z8H}MDV>#@QydQ%f+Zjdh^|w|H-+z49iRF|_P~j0@*@UT^yZszkhplKbrFg+MLS<f2
zyi6po)1O0+=%0t4{{;EJ>JJb~h)Iwz=_ptBDU6se<O!`<pJamhx<Qg|<#uh0tK=UW
zLE{YQp)_mq_-|&E@PGtA>+uU9e|BAS;g^`^&H1Deh4wQ@k^eEsf3<$~z1RGV9Ion7
z2F24OeUK_gIG)D<c*r<`cgo}i_V_>cDWS@&l^&@Y2Z~fF;r7DuY$r2qKkia<eIQDi
z1X;ea5B~Z4{!5=rrca;VePI6IjE^+dgN%*WR`FDUQ3~_=f|1p})|hq;66qnzy~&}}
z3K;(sC9zI;^$=~r(8t@vVYmx<H$w{AczWMcOM#Y547?EOnV(VqrO)MmNBM8Y$4xBu
zXNV7aEY5o_zRW@AB~kjz%dsul=I89-#YBgx|G4x1U7~3dVM1FaV-m4Wa~w>vVG|XQ
z2@dJys#^F5hCBV$pHcp$&*gtb`LD*u_Kf!^1hT70BJYel#Mz>iDjv)}Wek}0c|0h@
zE!Tbj$Ihk{F_eDCj^2qAy^ca?4Vj5jB?$VRV#qTds`YqJ9MH_L00013AdCQRT#l|b
z4d&Oz44*8uN>uk1NoDlJGlW+7F}al3VwfiBVX4GO0||O@0MWUT++Z6aZhrpI|2_Wi
z@qds1pB=%xSRNoKaBxU}egOrE84lp*2OJy#02~sM4-5d3kGr??|NHTOz6<U@ufzR+
zh5!6V0Wh3iw155;7!WWIK<z(Y{P~B#!fw3iVI&~L=k0b)y2UvYwxAin{~Z5$@#kl}
zZ=u}I7HT&9b9Cl`8sR(-33!LE=!O=00mGQdI-NACIwr_=S`eurCQvPS#J5i7+qnY=
z_G@NpbDyTlkE|qJG}J<oF<8h$$tFT&-KHzc-m(%kEyuDvD;;4M8IE<;9j8K23Cs(w
zn>ChY%sZ8jq?%6eW&_N7#7YM9*(SOG0RZ25*S(_vgZ@8uhXDlyeuoKy^085~2?4pW
zs&rC_49=u4QI<&QKP&J+yo1b;s`$0dPmz<XzOz*=nV@Qt=v>0CH;{Q~MEJ3?y8g%;
z`@s<$S9H!K{aJ+}8oy2Ju`FUVeiIh@(L-fl&|2gMMdQ-&6V9?J7C@u<Dp`hE!0Jer
zDX0n!+ZVb^y~s)cO6#i$V%xayw>F|4Y^;WcCRSf#^9Ye__`57U4?FBa)(;eI5<qz0
z*}oAs{5ZjPnC3$zHql$Qo;?UHxwVs#|AZ}KZHxv!mFKMw9)v7hKP?ufc3P%wtk2~U
z5ZIx=+N8(A>^1ZLqqB(l-h57+188C`ccVfSXu11|k<+@SyV*=WmM9Na<UG#(n^Xo%
zqr5$F+7)~=*$TYRw%wk{0MxJ4MRUAlbc_7R;a)^K|GjH#5XsgLx*L#3ryK6G>YhOQ
zl?INR&B~<T8<7{wA+%Z&BBCL=B!w9&1VCe1Rn!ANY{njyA5+m#ze&v<{*Xx%5boK|
z^!|Y-{fgNc^xWx{x`lBkJ6iZH`eRU5NI+W$diUb^sATi?yvR%M#&SxiixjY?=l0{-
zgT48Juo9cU;WAiminsC$iEbTXl_tpM<HA{0-ofnN#hcXQ6eM$^19MO?XhF3bd7Y0Z
z4Nm8;)TQQphI7xSuFr!%9?o5bhC0fvv37*(nB)zG_(F-W^(?RZ&bHAI%ega~0@*@9
zf`-YOWGcizg8A&$M2+(nxEi5z(54RNuD(ePQ;%yD$I&m^k13*osvpXbVr!jwrQ&N(
z^q_NY+CLEZ3i)N9`4>SQO5FH@$mSIc0X%6W;6Lfca3A_&oFla^r^M{}P2JUp!eu%L
zdRuSzJ&1)kp&21idUSl4yaxmT00jKq)fmi+`I{AH!)f<tg}v+=gA_)GKlQnGw8eml
z0LF_r_54v`)s^GqyoejtcREjd7`f`AM1fxGYuH&(#_lN=UvYH;JWmp)Q3992Ri=<Y
z1naZW1S8x;aiNifHY);hkMaVY&@4d{8%U`*m{r((YS3j<NAn>Sb0xZTq;=E<jw`?!
zli(Q+Ws<tXz1+gKCQAgHk6!{r3;JRDb68B_MimIL|5jm(6_K0Da$gd&W;bO#ZsJX>
z!^M95QkZh-1;v;g59aJC(|f%GoTWx6HVWJu`!Hti<a@x!$9+Jqfk3{Y3;$0ndNv*A
zng{|HcK3nxG|8J_hiQ)zE3orV!e@TA+pbx_Q}!fv-*3`j@%o6|-glc38>7+IxD;0l
zHR=<nUN~D3M}7mBMM$=E3L__y=^0=1+#LSA?jb>UMNK#EXCC@ys`Hr(5)YC`^AZ$H
zI=kf+MfgL}c)h0j!dVY3V-;~4LydOt2)Ac7<1sCjP@sX4l|;@!eNtKbgYUHvv=Nv@
znrf795koYsAN4|mnybhsyOeQ-kp)OLtr@LvnLQl~Z&Gp6$<850IAR6U*JZ9h40&qk
zndH1udrepKNrPc^^RMhIZJo=kTjUto80hmctWkOx#)p>&&wZ;2x?Qg0Ni2<|yulI5
z<pXpq@-kp`l}Ln{s3%K6h3(U=6V9t1-=wzLC!i(gRNbUgx{mHLbhoE=nO?n8o3Y&Z
zqAZ+r)1Kd#2g^W;hEN{6$&O85W7K6nA3UMKcSz0_ei19(;5&O-_Q@PopLaB#z`%jp
zHG=OBcVf{bleF-WMk;a0f0N4ZqzJA<zgyXY0BQ-E8R`*04w?T-{c&`F2ihTODp{#L
z(bPGlB?uZw?dzntK0(pQyC3&V{R0|yc>#_wzprE2=!l6;IXfVMh5s-_@>qE2(+38`
zLX;jG13HK1*f*&a)!h=NfVJ*8adv(oW~L$yzC|&w)EbkP;ZG2pdxtYoKLpW8sN=lW
z3KllS!xk6UEH@~kWLv10KtRdWRr1w7>pHW=lvZjW4R=uG+>9R4)ltBsw3j7>G&wjr
z61*zxcUNODFUD_Hn2Fl<pB1*!)2uT_E+6}S>)h4qMjZ^Q9Z~s@3M;T>T6eqA25fd3
zr&HB!7b$sEL3$5}=~;_V%W}(Ns5W9HU3~I|90{3mPDL(;hbgb($mq<pO<f~;^EomJ
zhVufW#in8BSu0z-xr0)rTfqk78FFTs+EV8t%o{hii(QwPKq^Jc_=k4RcNnRdEIl8$
z=?p%cEy89OEap12poqU!7*CMtcmd|~oDaz5_?A1ygF{cS(=UZ_sP(W*>+(`<#@kZD
z*n%vFq%zZZukYSQ4KlD7$l|Iy0we6wG+J`ih@U=-m83n!oZ$zb8GEOBdZi5R^0Xyq
z(9RG<Ow+=w7dPK)u|G=1aaojqta;X8G0>QMr%z0^d-d*=*&xQE8ME@sEh1A-_o#Yt
zB@8osr*}s$<4(_4@vJ*gu42`eH&gv$bVk=}0dhXzxMlR|W6KU`2dK$ws&j1yt#m>6
z=qW&}Fe&tz&RydNS&e-oZw3piybx{X-JKG3*|-}p5XRR>LYPoq?${Dx*Lw$-f(Cc6
zX&2~o+qOcBc}$c<{ro1C4Y%4A-&J8c_PYrvPf06B@e_pTE0v5E(MhANCNy9Ss31|E
zps@kVJ1h2Fd6R1JNg(4g+HGESl>YV;12XHvy#*1I6MjCs!R|p2u+<B<Npcf>*W+SO
z;8H~<j^dkClH{X{?b6XR&E^4i{V%MUy^>~6uhgexpFB~(bfH4kN8y|{a9i+r?M7K6
zgexb9X9|7pJ|zRiNq@2#1^a#g{_de*?}!5IP-J(R5$t9B#Dcl=-owRCPxk3bmZi7<
zuU%qFRoB?tUx0zW(nZ8k2ZK92zEZ)mO1ogebMen09YNgD2<8&7S)%ZJ%){9gQ;xIQ
z_d0cp2x&gV4MDKS-9*~l?vsvd5%7C|`OaZ%thWPF#;wDfG}sS&DU$al6$b2mLzo&Y
zH@v<~ppXtWRsx!b@GCW=6rlxQ9Hc7h1_ymu#!kn+$carwn?f`wSx(P_17y8sKhc*u
z({!r3oUg{7Sr(kgRN|0$_yM$5$932NFslk>+UMna=fm2o!hUx(2J@o-W`%tMxc;-k
zBI}~vIk3S<C7NJ5D<vdB--oJm|50Ii4@`tO!yoFz^TVeZjMv+(#2B_#(o|ukt@sg8
z+v;jWT?C2E9L+>u<mtKTFpf&a!MD;Ozmr2%>D^Y+Zn+xqbqqPR+(zd+`--cT+o>QW
zDH29Xvj>k|9k_g?Ta2}$r&^5%tTwX=E0WaB@nt<TG?L_da1f>OGApMvP=WOSTZM6y
zYkS7;-ZzHH$j8H}wgAvdbd>#47)6xQj(e{Kyj1ANGV4&lm=pIF^i&R=ve1?_StYv|
zcrbTn_o*LzLfiUi;KA4As}m%XGWYrPHP86Q0l_=+dom{VD8}K&hRq8nLLcTdlbt$L
zdMv_X4OlIq!L+wH?6K{gHu|WVGT>(+SBB{jm4UCc`joJwKxS?Ib?I_}y|moY!s#T$
zkKRmm4-?K#N8wH>#xwFy$29IcL+CjWuc<ysy<A*wYzx;$or=%}NS&zbWpS{gys%#1
z^6h<9Dk7&eG;Z|4<@(Al_~#%p13h&Ok+0wHWg+@r^pp{f2nsGr`Zx+UnsTS!q{@)A
z9kOdz<5#&lZ}HE6v@%ufUwEY&!zem<eW<6{n5B+w1~ANK*9XEb!_d$V1if@Op}W9E
z3@69})5WN*_Zzu}i}s^;O(~zpvJTA$Z^E-3*P0~@|KU;T!=RP+CUx~|A5L#~-cALe
z>|US6H1a;cGtnzG#!F~QM-*}-Sv_(ruD+^TetqTR^T(cP+3fg9WpWw&6oA6UrOr5f
zX>dHaYaZvtJ0OY(fJ^Ms_9^*?c~GuT%!qw$1=mfDZ&HOi+5mL$zPo5l08ViFH)iWu
z7<B)-;&hOyjJ+s?0>E-0m5t^qovakH-a$mDVP>$YY~%qqGFtXZueF|{{p7%mplXvh
zVPoT<2vZ%X@xHezYXMniES5_ScnWzp^6jgzXiui&==W+6epjexgd&v&bSvVo)CVAe
z9Oj`K<FwFo;b*%eY7Lh$(u=d8`I}gd<uwO=U_iUC)(Z%BP{abjnh*&pAFPMkst!0i
z{JvDS{HR=BhaSXb?<+h-;(Jxt@2<vRUbNq=Fty6YKPznI_}Y0reR@<?AJ@M8gB8VW
z^JmNdnn*tNRPRJN#=C#6hx_basm3TA83dwr8YGlDm_{_`ekNS}1K!o^(D5UmE5DUf
zhanp)kZ!gDZAH}=cPFsTB9f5=i0J@%1{IAiKXv0A!1;+{*9zdSa9($i41yFZ<=n#d
zVxu|V;dD)H3sXlX9hYmx3739PFL2Q|`}Wivq>H~**bbV<r-z^xs{+9NS)DtQPRb@Z
z-CqhDnAP4ox@q?r<hX&^;)ynQ)gSQ0j=i(Bi*5d5<plKNQ!ad!hZ0Ar)$vFL$<($W
z)UY^<t%g#mQI3v_|2-1odt>Y=yQbg77(ezwuc>edh<2;VL~bW-Pn?hriYGlj^H*k$
z9%+d!Q=IsC5^yLOo(Zyyk=;1&fTp~K{?6w?#HM2%h@pX=H&dOb{W1o?Y{7_n?m(^i
zY8#hhu%G`m)yqhng%v#?hBA2eA&?Ta&oi(y^qNc$r-g#!jHr_X5sn@9KLe>+b`Yu|
zl#5lnVvC;W3|V7`q--tjcPDC)e3lNevnJZ1vwf4=FfI|OnF)(ctdiQc1Gk5RaMywS
zN=4c6OF64~Z*ypvJTJ0bw1DMts-)4mQfB5@=8kZJ!M=|F<71MHL$mo($}Leu|FY&%
z5^WED<YjwVU%Ai|iJzG|TP)#sHp924ujpT2yo9$oszlv&A1@h$JR6`IUa84$Wn5P4
zHmE})#PYJR<MKnt_0MHF40I~KjNa2Lk+m)IzElI*vencAAH}P5@*1OmSnXe57Hm+Y
z6Pfd>54EC^eelAhYh-(qx`SiD%*D~st`UQnQ-cWN(1u5T_exD0VTJbAkO=~wd6ZVu
zzF1HU_^xuOl@X%su;98P)1%SYfSOFk8zen}=|ew*Ke3B-JmouKUfhO}o;Wa>Ug$-d
ztnMiib0+fkwO>e^%GM&e01v6DSd;XIecsX9z$?{-yu?n`qx`_)%ELwWR6%;4{Fo$G
z^Qj#bJgnQXx?ZCwkWOw-9Ih$RNl=f7n{b5r5*}_~!g!<H8l>v9JQ7m=TXEmr-mv4Z
ziR5pt#$aC5->fj1L)SkmY|Ob`5^|b1y^TlB8iga4A{!dw{T~%}`r?l8Vu(;u@m$J-
zW8bSUB$>f@&dL)6vJy&B3;e9v1!F*l6qC-`D@rcjXMWr<H;xzRQ*a{|q>V*%$hlUE
z2J9RBEnCBn&Aw9T=w7&9)H4Qlz8NYc#L0}=Sg*%0$M4Hc$p;@MI_Xw4q2PSv?+x8w
zm#C^V5zEwR<ucOk{#IcGX*<@{N~UE2#C(o|eO1w_9)O>JDJ*fK?e?LjagufdWk<C>
zgm{YQ8!_iHglxQ4t>`5B87P<*i;nd^q7`Mp0XM)^v_;6sOYaM~_2sT|F8qiHNQMB5
zO#|b3j+AIaPMnBLU};N(ns@5GfhDJ6{39kdyFqYF&xeL656fZ!I0^XP4Nr?z$7J?k
zy+qJd<f8zho?tCN5owk+S;;q3onq3-Sh8O5^s3K^2&<4iWEd+$@io;I>o&Y>hxEP6
zSr{vkR8gvVV5@GL_rR?gCta2Ty^(`!03}n?Xr3-THJ@&PjOF$pRh2B&HB)nlY5VYO
zJXdB?ZOd3^OfY5Mq%!+{K3*7Hc#p<3PvwS{4ca>KrRSBJND)(`&(k<#;>PN%t2>W%
z8^!ELwZ3@$P%J-2fN0N`&+Y}Gk8Z9dN-|wdjsPPQstA&xT$MBmgDQj7P4nJpMB%=t
z>e65HO=>&i<URJyoS2R2)*-KguhZpM;fz;mNGQd6Q<_D32ZuKsW;9e2@J!68B425y
zhnd$}d}X*(%?<A6?YA<*6j7aKWiRCb@ZgCNcQscaUj7o>mrh1@lTxO{><H?&6{h1t
z+ioqNMT;WjOn79Ecn1ghdH<EVhm7yux~%O6XV(VCsryw9Uz%s}hmj)lk_YbA@MC{L
z^rRjV+;<6MGvuwsC85UwJfDNaT!csjABeo2%#S(u?!F{aOikwWZ&JBoLGEG&CU*w}
z?m~$Cs-bP>R({<JJL_o|q&j4$tt?zNA73<=B`oKzC&w!MUfqg1JAyUHUMHLxSZ|?i
zWa2h#yT*_?+)WTP)*za7suWu4<Q0gHuVJKIa&Kii_^PnqU5&xKD8E@@VmXn2R#>Mv
z-*>hM^~nYq)^5#fT6OIxYVtoStSwX*Xo1nb&ivi8J{d7vrBNKbN`HWN>$)qOJ1)zx
zH93BVcy{j-pv=8^+onpTDy(PU7+RF66BOo>R8jn-JGEI$XJg-V&yZgNg`GIQQh&FV
zsfAtq#v=iP{eYa~ME%Nq#&c@`#zeR%rv@bN)%N5@x%atPIgzBSlDs~w_unck%UOmr
zsT8`3nLio0PbdH##E$Ffm%>P$keQC#AYIfb2OSlP`kIH(b>FSdw16bQAY*-*Bi{t>
zZ56PtBi=d0<O2jpVxok4E~t6Pf1)urRbWgXUIG5mO@HVPoDG6BAUjr6nH5?_7i3Qm
zfK&TiQzkQYw}ZV!c0o~f3G&{3rUsGnxKde)ogEM&6Vax%{{nxb0BhxY2E1*8HD=SB
zsa||Uf8k?|P_-CjqOx+LRi<)-uKnw_ui?7UrL!{bkvlM4lWJ(wF((G6Xf8OT#b(19
zxC4eOYZ?<-5cF>RSIrg0$dK+8Ne1sn&SwJx>4tYY7Ih{&d{8@ivkg*<Z&H)FS`|D&
zi*<rkZeUl;PF=$MoW)+L%znHsJAKycK0Fs|qG^LAtyyb=MBT!DRnKN{nS)`9S5N3<
zo+6MJI1jWr3g@C$e&^)QSg5?od~iV^J0p&|#2gou;3;dYZ&EuUOPmYOTynqW>?K$u
zefyG1%d7cH6<qoX=rEkF-rZKbl(8eFfGeft?4~-8vTjeViKdlbf-I--<IMX?l$ft<
z(P=?_iYAe8`smDV`Ltt{p-05KzPO_(%tb8x+nZF?tR6}w<w|wy=ymLEz-q`((y^qk
z)QCgIi5oG>)&~x>a%VTmTyPA(Zk&<xD^{VX0J)-K;?qwl5=CYHeenv3L8({lU&<;_
z0qvv*oL4HnQBb>3m?sMjeK=|#C*Gt+4ybAqBXp>B+l>48$VrRdr8l6xQt8cRhKj98
zyky2~@Xx*sW5XLcSZ1@7!#%<qY^KY6dikh5wFc=e)We(a2yB2(+THS5g1{A-fT$6O
zd7~OTeQ;pFyoZF1c<)tVzq=ZPd69p!!UQ&}|Ew?!9zyEm5}I+av);s)krqZKEGf!A
zDs1>ZAKswnkeOFo_JrB7>=MP6*xx}zrbP&Z;(2;GQXuKF5SJ=KT?K6&;$Xvc8EYfG
z6U8xfX?w^eT1UI4bTm4%H>VZiV0KXb!SRXtwAzdyf}qOT$nM=q0u;l>vjmoNIt+59
zS?e6AK{w0bj3blC)K2nTLfcn(3$gv2_?^F1*c>_#8HV`yq{32$tw2<?Xzwyw_AiA+
z@qoOr8dzKyeN~3__Z(r#qLBds>@qFgkH%~Jc=BCh?mbv8eM@Z~$32aZzfB_cGXjHa
zn34?eJNn^KMmhs^7dmG~T?b55Z=;MS^{9u@4t(Qv(vD&u2)4YJLIVjm_N|vy!IN8Z
zsk#tNXK~P6FmD)HmgSMsMitn74X<m>UNF5V7}@5rH&Y$e@?z+I-W9oj*O9}=WH*_?
zw(I^i)#DgHmM!yd*5<l=)bk_#VgwwL)qLrON#hpHO9x(GG%eNaklughaGE@SJWOgl
z-7bL;^TKu=7XEG^h5F$>HlHuq6>Bx$y#Gxqo;7atK1>(71KfK!=yI}X4jHds3k^h6
z+WgWIW3?Y20*=NqAQWP=cpfs_c6*)3;+$3lg6g=ATAZ@XY&F030lE0K>zB`^F6TD@
zsr!9z!-+8QU>eKc^TAoa9L9Z<I?Cv84cd=qsCkbfq+Wf=Br;Od@k-r@8~^OE=9vKb
z0T`DWN3t*cYYS*-rB!#Btc5bgdw_0-0p^ekq00$SR0Aj-8#7gAftDg9?T;Pb%IdCp
zz*{&Zni05{91-5W_OpU$pH%b$UP8_WaMqQLHJeYTU3{fNu*&RDy%>qrp~u<fYP}$A
zC{$TIKCKxAbmaOxLL;~c%yKiwlU(7UP0==3WsQiV-X)-gfa}P-bkhV-A?IbQQ)Mzz
zcYhCm`*uE@Afc_PXxODMJhqXKDj@%E_Tej4j&fkgBv}%`t%8sYhed>bt(9I%u7B%@
zbWMm5IYDR78LUo7RX^>%8(%e`NxXmYq<?mhRS!T1Ks@XjJ9HkGzN?KgX*KBAMDll6
zV=yn$Z&ny*XVjk+MiBW#2d$022#EW978i`0EEY^X_eX_wSIT^TsQ5HcCS`9rszlC%
z6XgY+e60{qh$@gV1}_=x!O2`N-GfQVlH-pv_wh)sS-*co!F*wgj)c%3=ho9%l!y-+
zZ=!>!2pb2xRt%6%yv^{EY^&s?jgL|9)8Jg8z(JBWO!q|^nf^fE$vtQnn!Sn@SR0GI
z{fF6wA!-$Yzg1YuBALXO?QINJjNIC|@}rB6pgPN63Y!>)zy^aS_i=L68d3%kspoH2
zVMal&&)XZPwFOmh8yM2|ndb-OKu4}SC+|Ie(CH91&Gm)tUSyPQZp5G5bY%lzFo+zI
z1{OFw-tI%-iI9<(r8hB{i;?S<k%KS*|6&GpJl)9u48!R$LH;B~?Qr<D%C^&rO=1O!
z`cpMCbs*i@6I>&<-`ffsB)Y~TF?3~&?-EY6kTpacwjGpxP4xmdnl|4jKZEzJ1bM=i
zOo;9fkhkziwq>v%RoH5k5}eX$vq+xTi)n75WR393$r*THf%ID%>41Ddqg$30r4kHR
zw}TQae6Zi7mR2IU0u<XO&5J2Zlz7$+ubCSuyiy5@BXc$tjqwo<x#ntYWQT4}kTv~3
z1CV5WW13vMqv#u(Xpn6|@h>9ZGS>gNXBl#*tJk&XV7qmn-By(>+Irk*WpE5--u(9D
z>UhxHXA*%`NpM~mYhs1}<vm!&;4Af6N%_mMxTNx&8Omb5j{A#@vpEj4ys~827R39}
z_m_HLDFC>m(OyL|?my;Z4<uW7JtIG^6u`u&eHPIzu~d@aj<yr?OmIzqlUgL1`dwRY
zoI%Hoi8npnE4sxIfa{fN^c3ImCFoKUdTA5#^oL%`v~Xr!aKSOZfoZ^frMkm9h~q`%
zC!m4v48=pcGRk<Jvyga0UGa^luI>P#sK_|#%mFq?sB;3tZ&DxRK$r~*u_YlWnsx?1
zo5=4e=>NI{htV!{@*cfStbIHQ&8inR3a4@2B&~6zX(^YXKUlm73hFu;^wBv-aTHh{
zpWG^PqhuMP%5f%qeRui`S*W|g^+oL?oE`AD+*gJD?rIF?Mf}YQW4T}dv%<2-o8QIy
zMo6td&VVv%0I2hStZ@0G!fLz_6vfAGX!bFC%8992;`q`+`>XsN`Q3e6lP(;BL|0a4
zo>SQ7>V;Xz-AvQs(Y^I-r{yM}y<Vtv0onw1j{5vnH4@$}SFhj)Sawfrti2RCuc({e
z5xa=sZ#bYqZvnGG+7}IIHcaE!9|AwawYmvHdlAVt&w8&#Czb&p(f+N%AnEk(KN(!|
zF7|w9d1qg7ZkPGE{Yznd7WzTWDKm#k#ge^Qok9zX5X%N&z*IyMx~_H<Y2{$)jWZrR
zQq<-UMLc8!DRFb!3kvivEd2DST%`#8$VT*2N#DswqF?9>qp}#}go408ju3eOvH1(%
zwco9WSJlp?9P8}cU$edd+sE}J(LSP4BU+h0WAW`?Tp4?Dk;#)GTAp<0Se?I}>e3$f
zhF04c%dC2iI}=eNO%twyzn+)T-x#4=Hz`M0N@l}81wnL(f`cV!=1e=8n|3TzOqNe~
zdnC$jbU_lHB!UXgFENPKi_Q*Jjar+;a8Akd=+ZsBBiB|0kn&f3lbY#5v<87i#J1fm
znK4<Mf@)QMarsL1uZ*|cEnO?%mXBUsYh73r;=ArTCjyog^4q;Fy)1Cq^r(u;`+ob*
zYm|vu|ER?86sCLvYUyr42r!m&TGl(wAgH_LJl5vzrLFZJV!48bC`6sf4gqUQ{gbV?
z=|EnoC3QSS_#xR%hNdh<I}4)eBA7D9{7BEx;vOi~*n&#tG;CSdsf+7oz|UJti|uL4
z@AlCkQq^zx3pn_camRhbN#q>zMnt>b9wZV<c|JN6PJNEp&f~E)%y22_7Hxi|w#2Z6
z?OBr|Ocs(chr$!N+<jP#5NA)~$cCaK9j}SetNA)&S_g>Q;_i%saELq(H=#r-+Px>E
z-9Fhyb;)ASds|9dv9;_V{`Ph5EN@U)$krGGU8rfj#_eR)9y-=5_0AQabJZjCQfA!>
z{uA2PDV5bhU_HlHX;c5whJ0f2QmH~ry$k82fA+H=hB_ieoM45OaLX69Bu6RTao!YM
zLNn>*t*RA8&R2!~?rIF?MflAMqm@1Qv%>sj@CWlWrSXIV38FyOY>NnDd9(hguw}I<
z_`-7X8rZe4KCt`tf}9oE!<rWlGh2AT5QcYW0%(spbl<{Ls7MRs3|g+LfO6S*mD5IT
zxCv#Gs$7!3F`co5qa=4rW)xmN*#+TnjCJ)Q?@@8Ux`z~$MkCm)9_8EEu*|G{#H4cW
z|B)e5e8Q>>R2&IYUL3JrG7uXP0sOZLQ>oIdYFoF+Jz5D{ed=DhtydUM{-rQ)_gL^9
zrp@HwE8HlZeZJegRIG)fxXB;)rED$-<Yj&#Dc{DPe0mV_-c1pOG2$+eHD@djV6rc_
zN;R^3$nUt8@ZN@+D&AiVVpp$zWuj|4da?hA-6)K3MNd=8i)f3w8){U02P3N-p*)^x
z;TZ3A(!Hp{Kbs)`(pRJ1L0>O`AgtZsY`KE+W~zhZ2nCrk(0m7;EiBF?)pf0YANXs9
z7J*`0sj#oO)R6uUq6AnL0XR(Kb`kA&%O5}vq>(nl2v2P7-PZ-S-J*QRd$xw^`J7xG
zJtM9c<(5gEG4!@>YaZHYmuvR*-@a4B>s7p9_|bj_?el&E05O9(F}NT5D>aks`aI=y
zQSgx-Rn#EJ7BMd5vPHR<(5QCcK4v*$Z~@#g#i}u6^GD;3O4p?cJ6j8&8&ws6p}N@}
zuTF}86eBsWWZk*96zSW00+vq#%;x+*4#HS`HwOOJ+6@qo@k*UA5@QSkFO0Ak2rxfk
z&T_WM!(FYR3u27~5?QiQ4`xj-T1T}<RvH#`uSt}X_*Trh{`qz$z=5{`(WWICImSRS
zN|U6L@G$00>Tc5|SEbB4Vm^DkGVcUNa@P~h+OLNQ+VwEfFu3a+pIBuuA@m6$)|*Jb
zl~doFZL@>kF~|9iQ`JE{|9H|(-Q0liNuzcotMM~DSAtOC=hTdoSv>fdd_%NNcQF0-
z0+Ow<aLej!sr+Hp<y;?SnG@4x%U{cQ^_{Ae=eWCu&m-~#fST69q~_y^rq$uMbXV1D
z^H5@r9z_8t>kcaP_N%tUl$3`#2iNB_myDdSKZkmZ;pIBWvA0a9xr@$CzAEf@S7R_Q
z{BKqmnf~;j73QKXydQnewm!&oH;KrHx@oiLrT<5T<q}F3sGPPp@}wCLZB@P7HG_6G
zpNq92liL&2#Up?RVc3|YeBW&kYym5{*#Yap>lLG?U;dC%9E?&IQPCi48IXk~LMDH!
z&orgf6rI4K?;y~kqaKNMWP2hZR{3ZKH(Ecoxswmf5zdJ(1Bxb3^I1`{#`sx+wr^-4
zI!8!C@oyC-lR}l>C>@%3s;()~`22*N;h5k1OJN=z$Sx&RS{Xo`jUt`n?ttFBy}ro@
zaa3Dadv*6XR|}r0UoEg9n>Y~7D0nQ@xK<J>@{Vh5JmZqEb8IUdYt7kzoHLZq=XDr1
zX~{(<kwbY0DFq5~Tuil!a#EZYLAr7V1%5(0t9dtmSb}xUZIcuEX)%&RV8*2TPEi%<
z2HW2SZ-+N_g7y5(RA<i=fOJZ~QlOE6RU4FGW5~M#0eVgKuiiomlOy;#delQFObB3{
zMz@%|y!142`;v8IMRL;yA(2xJAQG4%9}n#+;bv^11{p%QZm$QlOi@9iu>#0uhug?t
zvtvf)-kw~wn#JjNKM_YJU$cFIh1C?syZiJ??IYZzSU|-SojJAv+k8BQCsb@<Gi0cm
zf>nIE$VixdiWt)dn-3w_T-Mmn(M7NhVE`>yg5k$E*GJd851uH1=%H(i>FFaEe3N>+
z%twWCKAc^&3BG+`y!<&nF8<dBqnn5Lts6?Qo+q%pTW_B_qW6y-fHigEM8c$qbXk$^
zSb+9^_92jU6S23CAs;p<qn4O@Lw>x&<60Ir)ei!dL#N%=HJrSie0Y<Z4R{EYZlY4T
z&M?#X{BXNkz{V2%Yk31od2_c{m9*t?-Ws#*`qkAI!B8wjB-FU$%Y0@Y-B)@WU3zP)
z2}Y3ACvWcaj3pP?ZpMN4F6rp9KN#un&@4frPq~PF)}P*_9z+T5J{7$)j1_dE!rWZc
z!#J?Vd!@RupFBiZ<XQ8S-SzB`KIFNC$s*F0vUR(A<qiYp3WK_tR>cx85$vZ_7HWQe
z2OP$UI{lm!v%MvC62i5M`Eh0oqqH1phT-N_VZXZ?gL&b8v%>JTn*Xe@Vx_rhrc>G}
z5(M-UPlZLewu8RgKPv1XET!7h(yQ~@Bld)@F@88&Zlb}ToD|o;`dz>1*{)1^60*{A
z3CcI1^6h(AN8#bl@+_jmX;NBit}G9pT_efu{{7&aCWRTJ@vsC7(Z#I0VhzvZu4N0&
zV-TQTb*P-gJT}R~3w`lvF8AZ_$caN1t1E6o@tUk=);HlyE!yjUtFY3+St|+_H(ntx
ztl2YcMzSAQvwgo5mLc@0{iAbWP+VuYmat9wgRzbN9cw{1xN5uMnoR0fYtl4MpiIML
zwwA<g*!S^{vKtR2--NW{WjKk5V77f(u&^CLr&M(kzlaO`fbZ;LaFx7cGlKmvuH7KP
zpe;6%8t(R_l0hf1Y*li5?D~UB#%}Ea#DhhI2r})m+|*E19(k?rh=iBtw(!kV$J7^=
z>5&&G<e+~7CPp1CjH8B6`*qI*Zja(d3i|t(Oyt&ftl1CEg7)N*q#=4z!;hiS2B~H$
z>a;=kTk61mSA*RK4`3z5%yd&1ABAD8RY8Mt=XefmDv9&iE;!NOq$Yk{98JcCz{C}^
z6)J=jS;4R1{v}Rj)`QhnXCOC4mJ4z~hUZRt(>+UORVf1%1hr3vu}lxMrceahCFb+a
zHQ!F4A^mtYy|z01cFSjvq<>hhy4=)OxLWK<L)jR=Nj2?8sM>C~qZrQqu&$bgfVUnP
zN&ZT0kaccxktj{Rt7%L)M?hC4XpcDaRIjvGy$^BiR{qom2Da}Z%<$v8zC`4`a|UsP
z=d+)hGW@e!WRY+REtrF29LIp1s4}0&+cJS#8t@;+Z$dc3$}Eyo3F_c(|3wYLfQi*i
zhehR#e8JlBTDCv&7p17}7b0Tdlptb}Os&rY4=BIr=^4F*hqS12&s0(Zjt1Z(@cq2K
z%tYu*`Ec(K3t)>UD6;Y<H7S?Af?Q#(A#o83D;Ahc?n0bD@s&y`(hA%?f5~U)iXgCt
zh?N;Xg`Lb~#^v*^{syO8nTZ4P_H^+Z%O+AHc~lc@fp-VMhIaCJcQnAuj3FYLK?`SV
zkAs)aAk+G*!hUx(2J^!HW`$wsj{aF;d&Z%KBU$!@!2y*%jE7KtMy=5;e^l65UdzSK
z8njy-tdr#o><r^DyUXHjD<rM(sa8?XQuU4|GX&?y)g=N1-s%2+)r#x(K<##h<K~kh
z9!cC<*Ew)SayC03D$waZ(a^ZdJ95c#v90*U1)H|@(Ak5XmrnvsawY>M3oHb=2tQ&(
zW+LK+DK4;jwb+COCPy?;>#{liR$*5OAqgZFNs6Uww%^r~GkkeCPN;q<?A)|LC%vnp
zMbLu5^h58sk_m50^esTyU4@HKZhY}UvvU_dg`~yQjBjLI8x<vxS6Igl%DzmIsc<|g
z31K24`o&J6bPRcRb{GYg38<Ru&5x^v0%aM$SSbET9m#GIfmF0SOOxhJ3_c-H5qcn)
zTKXpeSMp*KHgY+NVD1jR1T@FeNm}RioHtWlBYMIF^PrcRMj{?I&;e`3R+ek}*Y+1{
zG>jNvYfA0@vbm8;a<Yi|<`wI$F@ow`;M7C1qMD+y+W1<mI6~4vO$!J|w=Bzw??asr
zec0GQSMQI=6OyoA#vJp~ij?1^M&*-<Y~g5@4n)kI4lT6`m+)=W{+i}!6Li8bC0Ih5
z4wpvZiP4Rx-9L-nErb_U;{WixMH-3i&(!<)5So3G@ToL)3Jo?7Z=H}JDuXR)d!AzF
z64`N%rH6e*_q*EL*M9G;ZKhIF^AkFX!XwX=7!oqdU!S;$TyzW<C+CA4GJ^mZoToeb
zb2pUASR5kXMGfSA<hfi+kXa96e+bB^jt?K+l<|bGrf+Q?E^}^{^#{XIndOoGgqAeY
z_C&E<`zBQ@KW5V4!=nB}B@1O9+LMos`q?jCLk8GlTwiFzoPCx#R@yUt345sdHqkT9
zcl!u}TY8=(cFZo?0;tASTsU882B4m9Z0u!Q8bbSy!t`;WzAS+jg&3#<?qm^K<4vj=
zcbvb--o_Lt5<7e%&8+w#4r|ye6+UiXgK4;Tya2G9J{mt`fVPJ7f}#|7wv|x$M}Wj2
zIX6@lfSOVx_gbT)bEXGRQbv8YveVfC4)%R}1O+U_jD8I8W*Y4T`m4fzcQpp{!u)21
z!IyOWSz(I1=m}Lhb*p~X#kwVM6wpk#m%D#d*opnj2fjI;dlF+~n$ca&FsQLaBLh$r
z*JNNQy)&}HgvM`7R6i0!5zPpSN6#RF{Hu#jlBTAVQ3R!mJqkja!WN4>XU#Z1Ks~Y0
zFycFSJr{x5pum1ukITx(A)y78@UC014|dwFwAM#m;O(LDcFuWke{LJAE~^<|Obl@R
z+39Z;ri$B0xY5tO;^(?05|q`W9edH&@=IX?x2CKY+QRI&ctF@_D%p4dK3xmTSz25|
z&FLfL>a27J9P6iyo{<C0l-+lsm6s1Gi9D4Sn=zU{SOdLy*_=O-wKJMHA}$AZ;#)3_
z1C2Ok!0r-o4F)sShV@NLAv5Apkh20`21Q_-*MolVLX)Ib#&r*y6<IZ>5OqKe5Luqy
z*BlOfq0-WS`;k9KiVI4XcXP=o2@K%HgiORp+{$aJPm|-;MaPC*?vgJid+oSQcg2h@
zQIaxc<Zyw48OCqaI?C+82F^}wgcsFKYAqfW%Gib3UeqlT{-|U1+vn4&we|CKCqrMD
zev|rn7%85=q9X_Gt__HfZ|%{>=|cULS~tIhffFgM0}WluHC#;-NQs?qEpo67Fe8oC
z6gN&90>y+YT8m{?N@U`!c8+Y^p+f`J@Y!k5JWNJ|9L>rcM3YluhgPk#`c10eRknyB
zh7qX`**iFfX$eKF$H;(JYD!qnSqH$T%EwhvbjsTV*2YPC&Pds1N>pBcw^MV9PC35!
z;WGGoz!zz5Zn<n@{TTsY9WO35mFV`YxGe+x(iJZ3f}=w(lHa6;HrqYXYwZp7FruR~
z;cRS6^QgAIQh}}L+8X$Va_#&ISGR%_(UNZS=6(B|s?00L$&C9MpSFcoR?TVWGaqnG
z6J#kPA$GHr78j%5caj{n;wXLTtod%-eHb9UyZI(HV(;)~5kE}MrZ7R7rTjBPf~^+e
zuMQ-~1Ve|+94|WUUxDerlnAzhr8Ne4(v}hM?@qk%@`+qIbgt=VEYqH-U`Q558^F-3
z5@gL<Y9}24Dr8Nc`AS_;oC5X>U;Di(>~~jVFfa6PRv2WZ?VlB<ZGI-)q;9@FR8=jo
zQ7$_#(2Jb(M}^IG+(kKn=44?Eu{eu=Q=BC5|28~?pbZYfZoCJm?!JOKXb&n>#00->
zaF>AnAnzltagsSF)zO(KyJj7}33NP)iK7W_#GI{&)$opRC0uH)OeMS++a2|&{gcnd
za%zRZ#q#3X$iM~+>z(JMu|>Ga!Of~t1CZ3hg)9!cB2&rVD$K!~;Le&$&$X9#II|!B
z`aOuo8SyWL`N10pSA4~n2yU)0gq<l1sPr{RYaf&ZYr{|#Dk3>S<utoPSpyY+s1}K9
zBJ|WhC(!x<`>C%uw(dIAr{n(o^QrIg1TP?m|Kx{tS47WXa;tBm)6LzHur4#e9%W`O
zky*XB_FO-cr;;WMvZmEYt4$A6TJ@$fH%;oZCS0#bL6b9A<hIFR$D65cE8MD-0<Nv8
z=wG@>)2Zaa@N{qWn(Eo){=^mVo{rMng+VU2j%jHb@xI&2Zi4u&v9z}c3eZl@{-P;~
zz-CHRtUdU8G2>93B8!{cX&(FX%s~=|xBX=C=UV!)nTKyuH!~)9JM9AyqFV!v3c&}P
z_COK9Ua2?{0Ta)jgWAM^>IXRVaa-odDA=1R55f^_op3+G(a4|VkQOF6zAq-7I9iUC
zbN3yXvI!}#R%?=#T#Tf+=p0#iAsijKLtMW}RSJUx2oj>*WLF~o`j7)u3jXco;FVf|
z3Q5sF++CV>n-(*D*2ZmYqwDI7eJXBrK;#U~#guI_-lO7$3!B8rpLNa|V0#taAds%3
zx-OLjZ!j=-TEK`WuAZ4WaT4?<buXUgow1S2Ltj#lqxMI{2^0E<tX~UiA(Qqk;6Tpr
z#RO3Wq;~h*;FmHCUGIxms+LUvQVSW{@g57PRZ??PbV@gx0Gp@wZwTem!dJ8+5ZD6|
zXl-2;pgA=j0{DR5q~;&)kYZ%G(4neQ7!~=80vJ@C7`;-5TVfC2ttk;Z=9K&5ZBQQu
zSU7W>nUPo;o`2k)2$OXtp^+37{ZK_|h+AN00qfeQ`f)a}Fi-HAoa*IXyPb*+)6zRQ
zJ<$*1Rbjuo8iRSEezU@Wxr_d+Faa;5Vbuo&MHaK^+}Zjm2+?;Eg@07oNcxEprdAxH
zlwoGHr##lOPDUJ<p`3mQb%9I-z&1f2!R2roo){oue1yL`0izU`p&Zt;zZbP(7S`!e
z;!Iba@2LbUekqux>-+7BFcnO`r^409vE06IJj>?!p(I1|`rq=B<4Ae?h+t$$=6-ZU
z7<N)|-evYjP9fHGk!J=}{jI`?*(yYp)sJ}ng5pl0W*j-h(h$ymDUAJ|zv7@hGBXiT
z=5hFYm##GUA;PW@6i>tKr6JR(XI<**7l$A?mKTVSky1Jbf?S5({BvW>oXb%i)RZ99
z{V1bu0q0xK+^LAny9XBG9h-w*f$@I(#z-B?8HBSqGp~Iqw0q%`X9R8z8H3DopL^0;
zd?6N5x46aKXZ;fc1!0`!;nRIe+N?KIeLqlx5Be}HSTXXnL=lF@$9o_k@HN#*tZXu=
z7KwnjFU)~d@z+Am6o5qaH%d5iXZ$#fHQ5=)q$U*)v~{u0!b0+C>rOxf`9b!Fhea!0
zTY|EqO@pefK!Hs=FrF>mq;|laZA^+xj}HQsaUcy*$T_UL6}(az$f?PVTKic|eKJDg
z`KiCwGMaUf67_c`n%a)TL;3J2gN@mSFT4A+QA@t7T})z5!Q!M1nZnWOF+j2}jij4@
z$%W8x+&L0>``S-mh9=C|lGGxUq*r1&3ZZxJdH9ve1m>FU<5LelwH*&iLvAwc<tgv(
z*SQ74E?9wsT<ExK4JZ4ZL+sY%Wz(mX^(=c&)Tst6Jc{m%H}e_cVWWuRm(`<Ot~2kl
zH>q4ON6;!Uer(MfO*C?=Hju?KJ5{e#eo1ElYs_!r(_DaG*+)!s4^PPJ6xYM2Fj>F*
zHP@n{pCO+;qneUvB;-(GNL_4NHby!^ouah4@!(tG%24l%EBfSHX;1o?y}c9Rmbke-
z*~JZ!(}UXNo4e6zc-s1}EnMQ`SY#rV61_uX?()6*iiIvkQNa2btlc^alt9dbvy5#T
z4g1<oPWRfMG7*lo&J5?iX^l7WrNv?i+cIlTR;*%C+2?t~6}>9#cUNODFXZo482Xdn
zU-n4K9+}Z~AK}0EbE@Ac(cD|~-+UkQM}?iy<}P*gsx9Q*lVltSjitv}%Im9P>9<T2
zuY85u@P+{C0q5&l7u-hqN@ya|DQlV8T}Fig^8!=&4rZkZKC>0~@SAL?R*DZ~u7S40
zxz(c6O%7twlcelYTxyZ=^<+kV`g>1%df)jYYf96UHYQr8#Awb~)F}Gv{625<SjP{4
zt1t*E))2AzrWMp>R%1be*@Rja$eLdY(-z}7fR29TmAHc4_W#rqOoW-bA;&#k?hWE#
zp`asa5?ylgT~-J`$g8FoFx<aF!XQStoT*1A464i@2z*V%of_Rzq*41UaG+B_29?Nw
zb5cqqNk%MBM^pf@v%eaWh};C+a9QVbGlF)hREFn$t3jsm9RX)WOC`OI>og^mDax@1
zQ{#dp*PE#xXC6TQBN7dhp}^pXRLrT1sCVMm+Huqys%VWbq-(iyD<bIjvhQzURnkzd
z@zdyP>bt=o4L-5kLO!NesL#1ZJ(*dN&K|Ce0i?UNLUyXU>7<M`y@Q>H;g&YPEhBo9
znm+z*pXd99?w}%Akg!B`bgF_j+piVto?jh2;=5cnlUyumkZikZZk=n2Y=uyhW~Z1W
zjVhV<;|C!E<^=1I15_8pBBit;-J2<`01H7q+Y{=1*9K=964f+O<(=QYogY|Lt7ZhI
zc@j{=@0^G`XH+L|^s6^oQCyebMUSLv&iH$F^7Tv!G-%7D@PV>0B0$ynBche(Hh52?
z32Kxif-3t>HH)n|ENPjgZ*_AZ04^9(>}zdFbb2k<=;Tm8-lQs%ee=J_SR2eo-ngOi
z=m9W6u!MT0631X_Y_s>n{aCF6XBEATFyuqPn!f9+KLdT1J{A5vuc7o6WI(Aoa*x?j
z^P>filCr5aG)zAy0xcvb$C?%*1seC@vwPkLv^S~p)#!Lc?ac92StR*b9igAGRP}sc
zso)&nn9?2GK)L&`YlLI!)J7Ph_}%5$`c(JgDM%hB7b+(4{Bw5zgfQtr8Ke`CyF<W4
zLv@;Vns|%ZYk0hIts;&yzxdHYoV_aScUNODFT`(F*tO+f?uDhlaC_4v?&U)4kc^RG
z2%}$7)@%MzVe2OFU)UG<3?Pq%#Y;zhslE)(Na(cG0)*4Hh)t}cGvXB|D&cr^L)BQv
zaKp^0E%0W9o~<>wM&JQCp#<{#k@{!v&dfqxxkziQZF<9Skl^TPOtPtu%P~M)2@h4Y
z8Zql1J-i=F{Nha@F$H>TL%_aU#POU5#H<=unGR+7{_i&!4R#Y_`ch@@8$k<W=spuH
z8gR(h|5DhvOb1}r04#5SHu)TvlimjvmCX!nRmjBP@q|_cUF1tJoHQu#kdpqy5`iI4
zmF;gxJZ@jveE3(ub@rm8J<I|#M2fCc!;;*lK-nSy>IcQXu_=SC1?Uyg?ZLBsE`Klv
zDeB_Jf6{k#%Ug$>OzIh^7nunc(J?8C4L0KY$_5+jsLrdIOcc}kW~w(b5ro#lani?^
zHQR*30qBh03H_Q#e&nmD@#zyxZ3G<=GUFz<IH2mVIXJDpj<YBowoBJ%<d}UZy%Zo6
zZ>|jitq&-g0c>oM?bcm=DY1LNP?|pd{4jw|cRFLj^!C2N3kTo&A$mo-(HKMI#`_{Y
ztsRY5>i3JZ12nvf4@||Xx?43<NpNVf?SM4;Gmk>UW_}T&+!{ixK%%0P`-#9$#xLNz
zuEfJDzAz+DJ~KloR-q%)`if8ufc&wXNN-YgKfllVFmLf~+M2?HPt8CNPMh=BL~`<S
zf%;_=miRoCAY}G~bZ|6Ej(ri(&@`rLLoq@kIqcUWaJ;%g6@|F2cs0$bsRC9|(_s5k
zB)V*v@)sbqq+y+uTskZP`k^<e7E7viWYpQ90Fc|nos{WgcDQ7#uhe>ZOKzJdx+h)Q
z6{$df<YQD!UeYTLGt2S#7S|2CxiEq>O5scJWP&=FgbCYsS0wnYvMUto6*gnprbdSC
z@`LX*d`-(YMBjcQ8Aw7UXnr@X<rq3*>=IZ{yQ}(H{*{XPMNRXo)Hv$tnA7aLE~%1{
z%Y|UpMnD+gbRc-14_L=sAAy)K7`kpYXXp8kEfr+zBALx&9CV_q1U#ST$dG#*rkIB7
zi~Utz752NUF_;(p|6%W~V)E{yzD?ZSU5mTByE_zjcemnFti_>tvEuIT6ff@X?!^o9
z2Hr`Y@0t5a=3tV}0lyyh;0np!SN8tjYp?Z}6?V$x|8Iq*p|tP}o4dlBd}8yiid$Nq
zg&&Lfr@|)kNc{?0S#}DYVL-kONf6PxyH|5C-lh_74I<kQ^rY1<@5s+U)rDTr`iY!X
z>>glHSJL2|m#vX#8W-+cp$EAn2UX8GIk+QJU7F|kcJ&G=(6-i*db6sBSr~x>|HOP^
zMvo?l6lNfzo=xSIG41)@eeytpM=$(=sXA!*xpLw^6=wU{+p$w{%jD%q)eP4(3}2>A
zUHeU8tADch(AhRuLKg>}2N1Nh_T<EBxPm8dqItBgI-p&y;XejAa2CnutHb3Pt5u|#
zEk^kg0o6a`g>1q(nn}YM0NZ|d8o6XNto-hZ4O*k9MzlPa-|DD4q1GCkBkeB2&KANv
z3GH`YT=KIzCb80f$pW=-HXz=q50-tje$gKGz{$b?j22QG@P(rqtDc~YCz7{a-Z3rr
zWC>L?!S$_b34(`KI~K@@)SUFb#(m?gX4vn5O#1lxXdoPckl(t*q(>~OYM4@5>gYtf
zcBE!0nC=tXIU*d4kvxliWf-{ciXEk(QPnxI58$)kG*lgT8ZuXbkX3pxv@g(+&!<ms
zEub&`X=sY-ra6xyB+m-Kz=l>?@^8ZEr1AS+qR{CrPH-m~Vfb=0TV@$aveCqQQ*VM3
zCP<=0Zq$6IDlu~0{jk$Jdr1y-0qYtUX!Qd%d;_9)X`RsKMX<z#sZsSSwI}Yd0>njJ
z&&dG(a&c><)o1Lb-L5zkUyb@(M-PN{<|DTc^`F5c9>_zVxFk@O=5<Noz6X95vRI5b
z2KCJWzw|7EB6)i<S%6d*P-hVPsl_WBXJzHv%jv}5FK)-LRDsrCk(3h4CrpWEod-SL
z>>fBj3QoI-EXeN@CKp82_mIRs=RiY>WUyiVawehTIGx{tPiYCM<i2=-`<CSgaconZ
zc^<GE2>9$5lK?#jfv26aUO;N3wkt72x|C$_R<;8AO~hw?HKHqRFw*<871dq|ttSG#
zqS$fTnbqygxuma`-_Ho2q%VqXxj<@>D1$Lw?((1P1CYO=Mm2kP_0nf)b@y-+e1AKI
z{q5ZtE(r0L6}B52|8Iru7kB4Uu&BrwR^I~!Y6Z6j@pe)FA6;8P!+k8qvzhtS_dwZy
zLI4lXoPK~f*YcG@E3Sn*2MvazKdVJDy*_;mbpFNbQg1E`YR^94d`SH>e-!6W?)c;f
zcVUO+k5J#!6l5m)w#|`KoWsTZPKK95WdyXn^3ruU&``6)eqzC2#+8rydr2^M*1f2g
zK6<M_ai4D=W1JoR_bF^DEra+-MpCGYxOjEe&soxb5AIE26b0Gr{mrCCwVVp2D;_#0
zT$(kK<)cK3tQ_$m_0ixr1;OWJo-f~$S3G`TvN0y*;4ftMskgxrLaV#*AI3QOAMrE<
zOT<mq5}O+qLf1YP`n9*I#F*v!-?HKD*_wIpvkB=9jLwY((Nps^8y<I!;H@OJjgCU2
z1Y4vknd_EAbLGK%?J~w-0bJ@eJ+_zZehicwPGgELhxZqZE+lWY<LsMXrQ!Ua!_3%S
zx!KAz;WbX%Dx6BF4}i@zP-t9bq97hC(mcVl4-CrL<9R(a4y~m`)T-00$T>75%sKh$
zJ{(ux4qy!x0xsn!U`1Rl_T*IOyoQH6z7BKKI-GtzvPw1)k|COY?z`r+oL1>%YM?7|
z<FrZ7#FuXqQq3w(!7-(f8ZQ}p9Qk@;RYo)9IF5c8Sy!X+^B_2%T<1pxdr0RJoxaqm
z@k$-wH<BIfOs*;~%%Snn)SnMwJ<Cd6ZC<G(*VY<ng)@zn+KcTLWaZ2#a&h-!6-obd
zIV|wnQoq-R&Yu&&q-tukU**%)YlYzY_OV1?wQVLf@&Uu!$g}~aj;0o#tDa{HAXThV
zrSx7e%06wMM|gAtvRuE2&hwSZH5Cytr&E_$WAd4<kPeOmK|0!`rl0bmJkFHyr&@PM
z%D0vqw4Mc(nhz}-r_)zHbk&BK_by#JyKLjx-Og-hC6Xyrp%gCE0I4+c3V5R)I*dA-
z^+itfagd?qsc+qQ@z6q)QW#Z6@-oM@j}EA+Cj@g4-9jA05t_#e%hh{*%D$kwxu~KX
zJVH#&NEC`M?|YDc&4<4a8ZxR|prHw}`FT3Ij?)J+`_{GfFYm^1LGZt<uyrHWe=DrJ
z;Y7g&QW4zCb4b_0GOk2!V)_3lZQT%ZzW=$nM{(Jlc57=+$d?i`2Xen-*gv0$p>)u)
zlkG=5Ux?ppaktC>3~qR{E1*z@{TceH+U&-t12h?G30b#E|Bp|l=gwN*ek;u&H>&6P
z=B0ea*Yr;k-M=UCS)P<l?JZYtv}&v^BdS2%$=j*qcxWULqlWkn3J;8~(!KwC{0I6&
zlzGu&v$JIRM%~YVK&H?yx^D_gO5M@C{lJ!!ue@I&$2Us7CN0?8d+dS$YPTad7Kq?O
zKfc_m#3o?H5%$v1^nx^jfYxZSM#|cCWf2*HNM{{(zEkG2zEdqo7IIx>{5$PN>M?AC
zP&5GPbY}VnXBq<&j7u~m?U$f>AP%R&Em7Um^({-2-$-sZ!f$L24bCvlMR7VB9rULH
zz~`ay@j(L-1V>nXiH%aF8eY#PAJ^BVKI4@2r?A(2dU5O?H^5*9fih<`y$FjR_q^=b
z&!A#1rF?fiw9#{b$~BY(g`HuEmg<gkDxJ(-Vw2OZf)4&ni1tX-xR0brA0SnNXCh#&
z<Wm_$-wFXEf07CO%6`h*v!+L}?CG6TrL{nu=g8cj8(0nt_Mp_<@gD-KY0*)COr}4m
zc4=7^wIB}TR59Q~DC#0Jsa`1=ZhfK9!uM^a0Oc#E@JWKz1-z{}CPv*c*mLkbHXOPx
zDZ&xhb3mxy+TJ*5a2i8f;I^-n8j8o};h=FX%};?M>4<;%R@o(HCdf@k&6AT^WL-iE
zsm#uX%qbzCFdk-#?j40G?BoR^l*n1P1nD>py9<zds&IdyVaKA#Y+sM95E|W;aK!S~
zGeX~R)o9OfsIhY%FDQhv6|S6C6B44Zo>KJJ`4AQ1%vU}on3NN;c&%<)T<WIwLb5*%
zbO>TMQD1D~xbASyYS!Cg=3%s>x61)i=fnJCLj^V4yi+7!rmY!^N`>d&N?X_NUGD4`
zS3a6IG}MoXx`hzyrUR3jGH);K@aOE#WJ5N%529i9jhE46w;=H0L^MY%Q&9yhVVNJq
zb$`&anF6Y|E<KJydmepN*x%lb;eud)Sz+^>kpEVgA^tqS_b5$1{f4yU0^gRjq(n9A
zKNU9iRJ0XmCOj3R#WziX(>6E$41x~*ldZ*Dg&ei!*(Ht&be>ril+PrRI@o-)%4Qm_
zA#qd7pm5ffR@Dui{I`ER(w;oV>TM(TS)&k4${I*G2ucU_xFhTIpLt)~$Nd{2zd6LZ
zGnHSs`9qe1C>j%1zbj9%98#VZG$>K1XUEO|Q(+1Pwk$dQN@1u1c>C>7nwS=NOPp^C
zyEFO?M(hlGK5R39o0>D6{Kw7pBW*L1%54uAUAK2+b{#!bAHtK=@)n-1#$%w7kes^t
z*5b*$3mO}Bxx@28SANYN6Nkz{NmRsE)h>bD1mXasC$j?<s4(`0dE~t#iFpPNL>mr$
z>k-}D*rZZZv?klZQv+&M>17HrZBDQbNOv5tNCz@a4#1_p4Ux-JbCk~^SlzcwL#`ZW
z2+c|Uy3~0PZ{$efXhD^MX9LKRm*{DHHnZ~#XK@Xfc1@=_btCMBZ1gIWeJ)hD>DTmv
z^b+@c!^8+{lv{06W4>i3Qu5!09%%7LTC@YCqV;qsCC;JK(R2jjf=GTIQ~99A`$|3C
zg3FN`ZNH`Qjn>v<^%UZ5pEnPJVeuD3xbN4Cp!ffgIS?;$x6hv*qd)TSRmYKD_kwg-
z#Cdd&2*x56G1x}NtF!e6Sr!cN7dUcNSs?#`J*I{`266R$9p|BJ#<x0o{MZsK?{B?u
z{8_X)kL&8tcmikpB|geo{fsuhyYFw<aug`b)tfNfnU)*b1P=J17G1*-yCCBBy}aP-
z!=1X@UA|2Uxkv%NGzU*?Eox=hXw-MVbXg0=P^r>5DZc&sy0F1I$=@7sRHweHb~H%s
zQYP(L%<QZq-L~v7^`!Oe<@K@dL`SZI!9RZxdrZJT?wpDglJ(Lo_%gsA2{c9iCK<sD
ze*bI%AT{85->YgFyJ@wjfbP-*RzRcwW$En+*P`gpxbv>i0%Q%6O?}`H<MbZl>*p%T
z10qWJZ(F>&U6=@2BqjaTtr-X(8GGk~b^@Z&f8-%O4N_--fVpdxe%={$(yv;depT4t
z-i_gcpnq9m;}&QCR@h@PyJ5nxQ;KiX^L0=Ech44tQ1O2%Y;ecr2w2O>X79wh=70q|
zxhU>W-0_%8SMqc}J#%CyJn6M)8?BIxO}r(t2jOWfkCk@+Cx{=UY`^5Q*jQ#D!+N7d
zMd+apL+F--!v`ITD2=JQ(zO1V{m%aNRf_i0&v~&qjK!xQs4a@x%k&=#7e1fcG1$l{
zaZcg#nx$SGi_!m6VX$UF{7X+Fk_DQ+D5I?(1QG?Jv)&YD#M5x7-=yoAXoxplDYYX(
z^s!L`*mj8D76gP<qYxTIf{yVKonY!d4@>wmwcFW$<7+tNp>)~YQ6w+ypDGl}DqQ`+
zqEi{&oz#GMO;<~<%1zO``?VnQVAM;j?XG@;uoLaE-ySD_%Kvat?quzI-8WywoZ9##
zDIzKCnr30}KW_{Zk5TyoeqaQS42KhFyFwfln$qpOr~or*Z2tDy*AYg(o{>=2K@=I6
zCPAnpZbMc2=;0I1#A%6zR|(c#(T{H`3P6RNKWPtvI7r4Y@tVP@f7c^7sCg=Rn^Tk$
zBN+_KN$fD?0xqgJ!lbhX<GQH9jp+YTrVX!^#x!L5O4UnkseB2?knSnW7%R>;CU?5Y
zZ8HAtBAV84^Cxanw!z%Iw~t;0X8gKl$NDQ8%Z0bXmSmNn)SPj!HXlJk%}!YE$@YO!
z5#XoKHMe#(Wrgf1bsk<~;-Qk2<ALAau5@KH6j?5sB{%RmV_$9-P9%BbnY?&+P>bj-
zY7-_1>+YOm&=4<g^0R6JV-JGZ88F>xI~(FYvC)gze^rngT}HASpL22Flnnqp4$U(E
z;^iPq@|nwf0!_zgR&OEhjmi{GM{2OE63o`W>yyCbYk@VUvM(R60i{|t=DB|GC6*|w
z1jmenaw~J?OWQj4(Dqz+4%Eq(Aka(6Gp`d2OZOFpH{pKVvm4;)1lmvdES)U@;%LuM
zBwuEtl2jt!I<jq-ZkcIvw_WwaFSrcOt`UE>#s1!=Ba5a+{5=8FH9fMXZg|aLxe+0h
z@fs!5BboSx%35Qz#B<39C}>?=5=9ke3a!d{!UE`3VSjr!h6{rHWrYn)q5fN8ZNIhn
z;q((_Jz|khzdM5Si>l}+{vUHBF~5^m4zt0iONjSNa*SP`)aXO78B%=(o*v5Pn9)r)
zD+U>d&$8_1hhXQNHWmJM<IcEn84j_vVkkKCD=J`EhrL;oVB|<+9-q^#IeMin--Lp>
zm;IXp9XIrx%68pq4)Ol6Afnse>gC>%u>ZIXnHk*>vv$oXPEk4(>Urzqe=6+DDl!cw
z5L_e;(yEo{akvzIWZ|bbg`rd65Tgu_8Wsd#Kay-67=odLYG5!bu866UI*7?p6A`*@
z*OM@!g|L6*N7XQ~2R;hdJcPxhwEv7^C3p><K$g_!+2(lvaNvx+X2X(1-$0;5eRXY6
z{dF!e2kDso3$ikmzhfv_?NL>7hZS%5d54zO=J-eeGkvV7aJK|iuleq$6AUQAAp?L*
z{pV&@5R=$rfbAvFw{Q+iBTgdCw+BXlgt_(hc{)Q%y)+3Zx%pKm&@MJ;_ifC*JPfuC
zEW|q}>0t(=F6aFa4DCFDzvek=49NEnIg<$&_1Fc+;IS%nCu2fkuqFeZo8-K~9|(@r
zY*Z1v5%OhJST7r5Me~*VS)o(*&Ky26d4=HfLCA~Rv3So9KR&L^ImRK3r!N!Gzd&gn
z>c4|U-|}r@Hq6q(c20)ib2hZ4@GVqaoe^EBkwE5jNCnOVzFdu(X=V;@1$X+crDB;*
z;E~~s48MJWgBnG5pX*z0nZoxfqT?P+I-z~}WPWi=<k%0dV}<yA^3$jJ5xGbW<qUb)
z;D`il{foeW{3kC;0si~dEtj=1n#PJxz#g!6R)8zCvV-V>@GVa&LR-Cw(Kg{tW=G!I
zU5i8n+l@SUmdx|T#hx2WoXVl#L(ktIsG}ZZuh0ujUN#=Xq}Y-Ez}!j8Ic%5cMR4O_
zsM^Ij3vE>}7|k9_b=zPM4;vdc0o>Xf*sHY2?Iqpz^R(f)?bx1!Lem25o5EyH%BCM}
z<+@85pG{=GgI9Ux^)te<x)0Z;i1W>zd(}()*%n-G`b<7=e^z%a(y&i>;|6oC)zV4-
z-~<san%V35!#0vSivDem<X_&6;ex<_Sz%pv6aQ8iqbCOu^L`sf;4$rUmW%}9M`;7B
ze=02XV2CC^F0MA3@Wfu=PoH0RpK|O>RFpTR-0uhb8mfgbj}C884C)nnHq&`ClSA1}
z?AC?rS$A00Kt+VltYEkILRHfpJu?Pq$U#25p0Yr8-K5b+hEekI&hm(xeX*N}9Bb5K
z0Y6Y1YG|VF<EVeed!aARaKr`_CNBgke<fG=PlfFd>~oTlQ)341KdqPVa~uL^IVQX*
zEI&fJez~T(>}A5ME9UdQEc+_gToX!bjAI%}vHebtU<q-our}Bqv(y?Ipbm8hTPLc_
zW%pc-$6g_;y;wm)FUearP>){h3Mp!^w291Al0S|F`-I~t?x8j!x1DTWGbscr0rHm9
zE$GQsUmFo4C0iXzxeKTE@0wT_(GT6ckRfd!7?bm^0hc!<Z$oBN289&$ots$Sk&PIg
zJA(zkm9~b0xXCu<DMegoz>IhL17k-!fh(so$5-KNBecJKbyPS>iPKsJ3g<WG4VxI<
zITuzpYbTsAw*><UhY=Z>Pt)*uCRS+|1KjqeMv}W&h^N^q39WlQ5-h^@7CT?#t*Bz~
z>#T-&O<G82^H;W&*~L^w0vqpev<9G}nqtS%-a2J1ePqrL=}(6kD3L$63QFUzKjj9y
zCr(Z=5Jt3mx%Ie!bX2D8fFS_>u%3~fJ#;S4AD@F-y9+I}wvrR_Hh_1N0^39u!RmgS
zqyU=;+<_t9y;;@r1OMUG$(0+rLqh|S6xtV2<h5Pc{^jB>Ur}LQqyREWc-fEX+6Fhc
zLLdXSU5}4yLTnO%Yv2e>nJHbomamGOHv%t=nMSJ=-hT5%x?(>N;1_B($wCQwatysr
z?h+{qhJs`~qs{yzwS|X)45e}r8I*1?IZsC}C9CCnHY&OIE2-d`yRyJpG5k5}7wXqa
z>MyHV0IAwbd@L&g^LTlPylG;=V5(HVabG7hOWKc=^IG2eE8GR}cPM+zce<xF>Q9oq
zz-`vh3oiUzY)nfES4z!IX`hQ(Q5*1XkkIta)i#qKbo2J2^Y9j~@n6~2DMET_k9bws
z-`<Vz|04}VE(RcPJ~uDN2AgXOQ{!2ER4qldFN#C5kP@Q8b$plq^WX1z&wJkUp7*@x
zJ@0wXd*1V&_q^vl?|ILA-t(UKyyrdddCz;^^Pcy-=RNOv&wJkUp7*@xJ@0wXd*1V&
z_q^vl?|ILA-t(UKyyrdte@(a`)!%*bO%ms)3iPiR-y~>dp8TA)&p-CjPmn^5r+eli
ztN!`odth}zS~~`kGBt=i=*p~pmS+FqTiT7e#b}qN%I<c)rFz9+ycc&{XIt1$)QpNC
zT%94L)rB90dTp*{TiduY>K?Wjg<-T`^dq!Vci1>tr0>cXMNcj>CJDSPaA1qlVG5iS
zJAD1vvyv=kh{al#O~@^UV(ivFdxqM1LvbUXWc=rg@6-(LR1~EPDnXB-auNGPW~_bp
zleZV&M~K}(%@3AyHN-xrEMC}M%q$-?&w15_4g0h$g1`C%wY^XlU_8k?+i1YlM+0ex
z=6d?dhK-t;RlgAD@)N9V;|s>$@)UV_)po<pvhYo$<Vgd&s{WMxY(pzhrCAukH|yhS
zUHfU<LAS*$90!YR=BpOn6Kdl@_MGQ+8buz{Zo+KKckA1J!2MZxr9X*VNH8^77DhQf
zGu%93EZjA{z6?HYK+|;n>WJLXH^S*O8P>Saz?H)XG<>s#-(Es~4URXnjS^FkBa_hU
z)@H!eeC^jNK@qq+@h6u;@pg%zcT+0Q6L_s>1rZJ))d44OD9VDqoooDfbKZRD+~r5<
z;w$x8cLN$Dbn8hloUzmf3lZ3f5Du37(90@E9;}Ri-cJo3Y2-GY^*&ug&2>Z3hcU@!
z=Gh2FTlm4azaDo-J0#OVD(s=(WSAN72&E<CJY0FQudSRj9BQtG-J&YIpl=Oa57NI}
zwT~?yS&N6TY^&~LN&Q&_>y@kOU)t)M@dAF~zI3j9W^|^QNE(Q!Iapl7F0~Q$*_Vh;
zA1{QTHck6*y6$z(CM!h>xQQ33hY`@hl*olOTc3)AniB04W&0~NR8{1@(#C%KQ_8^v
z#_+%w7%a@E69}`fq@nnmA&7ipBm0dXd^hZR^L0z)RftkDF#R$%)q5VR2sknH&3U};
zMd&vIQCmvs0aEGBLw+A*vP}3v7%FCnSJI3fQoRjqhudPrs@Nv))qraTrWU1T=BDy4
z1(_GN8w{|uxQn9;PyU?^8gvirzD;9edSBW@0H5a)S)WD+9XW)TvfhaWK{Ht3Tc%fp
z`}*ShZ|}x%LCU|ZFehxae=E#g8^$dv1ZpU{{No*nqFdmO=>F0_6}IT5`2AMdCp;iS
zFcuS?`Qv`7bh${ARxjijlPL&|M0+wr@h7*mG=qCz{HCTf@gpNcizY#-l8;uqp(K#^
z_+AEGE4oj?*<m{&p#ypx%Lz&`J{yl&ztQj^AL3j$+Vx<fW!E}|q*=0@OnYV1J<H>d
z+$Hy(=?bvW>@%I>3Yz{?VV`T41p5NA@d_VmGQ}YaUNjqQr~kL_P7{lp%~PQPkP1R=
zdR_%71IrGV%cgk;C>q}pgEo@m)?nRb!)J_|>T>%^bbp1d$ES#P!k0foHj@tmY720S
zxdj<@!-vM3L?YQQ8f7D!A<MGYBsdRE=)c2ofh>N-h3YDOsG{)*X28Mv)|$iIZI+j+
zW=#S$F$$L`sn`vCw^w8^T403+xEu6m#th(dNr5b%67rVRa#;(0Q}wq=u_Qv)zK8-z
zG5eanzMtVvner4n#u4%>z&!F5tjy#r79sSMKG3&eEA`G^0%cMf0>>B{XPf;hRhhp`
zQ_m}qgY`HYMNkPH#Ro{G_Pfc-ARMUS1&%yY5piDFLD?pHrAm2IKA<GpKSB+f>eg=+
z`?}gCn@Zp^OZ||-)hHq=)N=tX6J{4?k|FA~cE>{h*`}3I5fh?e*^j?%%)q29l}Od*
zH=)z23s{_=no$%_`-z1HUdZaJNc81l#r#y?MoNa>k6!x)`DG=3^nTg0Me8Vnt@yT>
z#ey=f{E^@zg$>&;OfebD4SX7l*%i3xgSZz5@jr>ztQh>>bXJVHa~Rs-i5T~qHS>U{
z;$CyJLQy~dB;DgH>Ww&Jox~k@e5K;Vuty0A$PcDda}u`@LeIvSm6DV8Ih*Q4yYo1P
zfiG-y*V@<a3b80!I<N2rqZ)9C-u&<rFxVEG=KhLT-&#Y12{Z?0r^^nInlosM<k<@)
z_o-i^gWwWb#ZU4R&@1&oW?gV%rS$R=`)j?%R(7SYoxj`nd+7#UEuH<v611ugs^74Y
z675P-lN{cS5^Oy)TXR$x%M1Nfvu1h<Aa_9D`i7xZciAmo752AxV>lee|2u_2{g1+I
z0xbUTfB)Yo3<?McMSCjx-wJ~&&HSaJxk2C>1fJJEA@*6}iY4@)3ahfx__0;>bX7ne
z!rBV8@F8bOa%Gtx75*Yaaj)j~G8zWY0)jWA1=ROEJ%LW{you_z8_Z^>mcn3+bpgJm
zCu8OjLo0!5!>a^piYr|Y<Xk(Dk-}2Z`KdzO+BCWoC*%X37{=EjI5Y60OY*+K;q}Xg
zFK9r?%aMouTEnG#uL3IrG*E+(JyLns1O2vi-Dxr|@L@T30Q*&7{w}+q#Cvx<L&@S`
z-zkE2&uB`Z)_S>;=d}s9!^>SGu!d@jUXW!J6mdcv;k+hYPD66cCDD=+mzU3??w-Bi
zcUYrTd^QCn?PT#Nf8gLYOO&pj+;_-qLTW3IQ2(6X{Tw+M)cF(U`Z<|S+jH_46SA%J
zH`%0iqByCIKiAfQQi_Z=fI84{V}Q9_Y(FplvS$=Jl9MVLWqI|j;2!2q#s0$P<B*wX
zY@sX1TFyv#@DBI7x0YXz3;AJBpTCo4A2nsqjH8d3#!fK(1s_clxQZhsuz9!qhmxJp
zaey?o3=g*2a$x>d{>eIBlrg3xmXxqpnyGU}U1RVdDexm?+t~baOTKBAj4_Csa-JXu
zWU=X-ol>|->~UkRQ=2}M>CSMk(|Q@Pd#t%NqU=m41fP_~GeFvvK(1#QuM?Dt<R#A4
z6+~Lci~HRxO>2_&YQ5)y9!IHplo=e9Oy&1WX5skb8CLR3+_84FwHlRE8_=U4sWtt0
z|JG<=g<vkVQM3I=?FhWd*nUzXQGm4Ywcc;7FM0Qeib&Rfwl}&o_C=sxY2rBQ%2hT(
ztKV2a9b@OgAS?R%wYg@0<Hzl;uNCVEvLNC7Xa}1pF;|<?e6|AK)jCI*BLx<On$~CO
zid&t_Tmnc-vK!9Ul2VG)X_p=gv)rTf+F&Gnr6Cr>-~X(jA2xK&M&?3Zxv?RWfJ$4k
zO}FQ$MmBkt(NQZlVCrU$R`UGL*Nd`+$9m!2liPV(Zgc?#b_t~ig8nL`zq_}>1<C*J
zi3)}O$l%{P%6<%l^3$A<G$vK;M{7ZzQu&a9{!bm%H@;vpNL+CqwQf1o%bGAEpQNP`
zaWSzBEsVr1DM476K(#&a{Z=c+@fMe8QzuFF^w=19*#O6bx@d?~TGTVvgBfS*Rq@hH
z&{k8R4I#CYjyeQhm*ufr%^8TYC=C+aBR)hP7tcBa?xZpRf@M?ZB4!Uk@FvVF^b<ia
zi5U?4&lA-TvEuM4ZyIw`N;_Eo&CyU!6G5A|6V)L!n1MX|M{<Y8TGE%O8T*Il8nn3u
zT@d$L@B~lSM}C)4NN$J=D$#(o@w3rO9h|@j!o6mRqadV-41!oXIKO$m-~r0{9xzRD
zTplCO7&wH1QFGIwpkgd~Q|pA6DY{3~PyIU84vJhDhFpc`n0--t2k{O{Q*pBbJ-??M
zeSbz~O%~-S*#K_X&f@?i*&o-0&tQqx=Z2(4^;^F2wR@SQONUMe9TTePRb!xG*pg{>
z>4S^34u=y%3WDC=7U32A@E3yzy)?0LDy)0hLp@fPlIW`ri^Wm+aA}JMilw$kLnTy^
z@!Pv_fYcxhNXA|&&~sZ;9Ib?JKlk#}OW&H)d*=+<h}J!Nh{q(PS5X~T$j56NPq{@t
z!}m*M9X9}hb1xS{vmd6BE8v%hpWj24EfkIuRG*yLo~js&JC_gSrmx-(737L=0Hnq#
z*tH6m%4Xc%j1j=)tsm3ceav~KuI{g=bP0ZO2I9qiLeVka+%axO)W_IdBKA&ELqRh)
zG@Yl~CWmcz8ZB=_Hs}b~|Fh+T_2(0dcW{2c>@q0NsAPZfC)={Z5P;N_=x6k0Gv}^D
z_HnvQp%{5ICYQGfx1$Vc?ZY#_ha2&l>g#7HK2{gG{JAX*w7lV1M?0AD51Xlqb7aEi
zv|eZU1T)*zq?yF#Hne-sWM6(2oA{Yf`g@rPBR|Pq8{qMf8rFln7Y`X?bbOP;c@)Xe
z-&I)NPLF9t&>tgF!&fJGoYdzr)}j}E&|tTi@#69)<iYY|!vq|lmOiyxA#uf!>dUR9
zeXF{Ngh6Kx=&)PY_J>NZcP<7}#T$#*Q&V{r*x%lb;eup;c}RE98N<I7X23>uTooTW
zwYq3*Ejn}n9sr7G{7;1){<`gzjDSEImp8n%H~Hpr5r_;?W8Y>W(8GVW81i9T^k@|F
zrzA1X4oJ!i%?v6ONKSP%6$WWWUfxTzU3gprHnV0uvvu;bMY!=)VWgpZhnJ1A>Orm<
zVHLKACuiapSw0dgx2?4*hg~_>R=D)0l0+8&BrsW#({;K^7kk#M|5VtA)E_tQ=)T|Y
zdsLe`bc4Zp14owM6o&S~<J%KHBC+WzjA;p?e(JH+F954z^3Ve(rsCGb>dhO~>5mhD
zW4la2;NEjG9FkA#I`E0x^0{1Gkk1yl(&5Y@AYN*ESXRYw#lnx+KgT(6CmJ3qBmNL9
z7H<t&0TD@_S_Ar-c~WL{$x>N%=31?_%&2d|U|h7DN-6hVB7>2VmE`JU^A~_i{bZd1
zi8y#EN0b27h?9hu*H}#ZZ4#=PrZ<xloAr_vL+@$d*V5m-B>wsy3hU$}sU9Uda_BX-
zHXC#^IZoxWm1g?~pAopdu|8%z(_k-8CrpfS{rQ4FKp?b(l$)^!cu?cwlbYVQR+Ua?
zgF2yju*WfDyYyG;J#rp*7v!`r$1~V`b}CS)imkQ~3zV+kLg<Mys#&2?j6%r{9unJ&
z<Y>H$@5wbxek)g1a?7*8((q*kJ{+#7UUN-@4nw9XKq~1aN({$$f<mgcS%M$63HsEX
zRyc3tvi;(|MJwF+DoNPp!Q-#}9DlKAiTi-dtygz={(0eX02*IuF<I8FNj)>U$)-+<
zw+gFZj-Z*Uoan3`$zy@}^xpR_&Os*nKV}H;QU>RmHCXl)%*p=LT$HHuad{hu#4!^p
zB|w{BUf>If-|?|iU^(+lh}hNvqMRUfCEi*FyJ78ux(CYix8aQ8&L5X{J)9PBaZrxV
zZ#9;e?r0<ds|N^d+~4^}U;t9(c_r7fw8mhXzN4V3f6f#dmJE5D=*Ai(M*MOe;Y^&n
zvltJO9f1SJ9Ku#Zy&T@PE$;mRUHcR&Lh$q<?PU4p!-cAEhdHPT=}MYBR?Yree`B!e
zt#Y&Na(-Q=;oGI~Z|}x%!4H2~VT}_y|5lh9TcwknT;Dw?N85_&x{aUju!+n+6_%D`
z;3B8AW0edR<Yd!S$TDZ2fS~ZALQvHYEipS0_4G~hQxZ^a=r(Pd-Us11)Jr?Z^WY4}
zpocGcdcuMbUfgTj#xyvkWRxTyhY^Q|RX0uxS!lf#OE0BpB{2ynf>5SRei`K)MSfJI
zWhcB50BNn(u!oBko!Xnyx|k@*-JSYRg>l3xQl`|@lV_!$oU)nJo3AE|L%u1jRth^!
zJH9^dEU%vTcH3heYp7_{$sI{vPfW!m-8BjfiH)<3Az{_so(aqbF%#5ZrYH3p^Enk4
zU1e<dFfv?R)I7TDA<D?*7%EU!8cV9P!`R<g<!ZdMb0&YRG3gn2(0Dx~C~^D8ScHPD
z^jUeWX1P+N=Pnvt5K)m3sOzx~s)5FuFU;^Xz@<(>x`Z?$V_igE4oNw2kN@k7_yF4L
zQlGd!N-v=WVM-<)Hk6`u8|BPLuV;fCOX6|lJ;ch1D$PQs!S5E8&Eh9Br7y9)ALQ%M
z2n?jeSUn4|Wf_N@K*93_Z=pASJ^)Bv)|%XG)LJ6+9eBww2Un@&xA`UaN@eD>U2{qO
zVXoYwh=^pqE?+VG+|C9ShpGA?`3)#&(G~)FY@O_M<>MLtbW2y}T4o&=A(94E`D~%;
z03Jj64E2U954HP{GvFai%6x~XiI&|Kp44Fu&vQpv15vF%U#X2P;nTK*)r>*<iS5}g
zI8@`)QsX7}TN=3GJu}Pg!L;2s;E80D<9b<6IH^(V(aq1#%luSb);cBxQY&*r1sNJ$
z%|4R%HP8U5erVvPNcDNkuqO80cd+Cw0;S=v7dgqVUfd$v+(u{vN=Tn-@t&E-16yxH
z&a2vE@5z_y?nCB(EqK}-8cSFIkf`37F$>5D*lZOhKrD%YLK(z~JOB$85ZP4B_I|nq
zNPW;tC5gqq3z>7TLpq>2b>#|B`}j)z&c(g5w;Ia<W~zmKLAtjHCJX)@x$2k=)C4bJ
z)p1}xvT%zAtyvzqG=yy;XHHi<)q&XZd|q>%2e&wF%7W8$IZ<w5J{k1!RbhX7H--z6
z{$+(#Uz_|}VKa?GKbLUqYFINV56qN*DqIUItNl}9@xrVVhnOY8?8*5ZsWOwa2XV6a
z%%YW=D)EAP`W{31MzG%-%W?fBt6>VXRk2GRm>m2pf{Zv1uA(p0^xL^2#WP@dn8@J1
zi+PC!rr?C;FUN?CC|>H<$1U5SCh^18%b;@QjQ4rEpFV-pu(CXTnRjyo|EWfG{6lnZ
z{|`9!;D0J?taX>dM~;r=JiemhGtLhE`3^VJo5BKZ&{yG6I@9Ue;gnXVas{Q@yEPK%
z^YugL4W@I~aPaoC&*&j2=Fh~2UWNxQ90T&A7+E3Kb_JWhif1*EW?X@2nYht!mD&&l
z)E}VP*YP%xr@9xxz93y&Ggv_cq9)mWV`Xk<FXGV+f8d96CFXR34X@z}<_RfH%)3Qa
zVuxEeaVZJrTm?M!)oxrx()vmAlWF|Ar=|57r+@XC$Lmrri2*XT86xZ@(L-74p8dMg
z0ShCKHPo;JKJ*OXwi}zYXD))9SSaC(wyGfH7#l!4(Fq+7&nF`yVQ?uFWT>|oi2FMa
z)`=T%n|QhSGPP$8rnn*`EzaAlyl3xl8HqQA358B+t&7*qIf(1pH|x|zgzbrDe=i9!
z@t3dd-7sTOhgUZdYbUR=ZQR(Q<hCp3at&~$NEW)1;y3px+AZxN_vW(+US9z`UqeuU
zcO>Q$s2_b-D;=t>#~m~fY}_l=r#ue)+`h6jXX6>u#rpIs><{uwUQVh{+v-X+D{>b+
zFltVXjYs)zxbf|$Tmg?M<@aY75rR16d@|Jy3;RAAxHt)<Nk+jR0nb*$7SG#vYrV(;
zGfIyuj9rWInk0Vf>?|d|&MQKu+vP2Cp0Kh~JUELXXEznY7*w>MV$haHybavmG5kBv
zG6*lHn9yhI)EWpkVk-41p)0f1EXw?1_({&|n=e!LBS31ag}e?WX<3QxkLE<X#~jS<
zv-a^<>Q3YN*e3IFBC+Y}T%Gjg=wUf&hS?BOFfx^LmQxBbRC&LP=T$$*QTu_IvA7jd
z9VUN1t+P`ti!&#|EH`BP$wsrUv)Lul>Z`*3_HGOpB>Bq<E3MJ^x5BiCI;)l;Y8A%&
zFUZ9)P8)=TWIF$;uwmdOw82sMlEIemeKI)Kn}h<QmoQB{^g(`Cs?8XCQM=MvmSAPX
ziH)UD)f0*;PMl-$lae$_SlTLHo~)eP0)#|x`q;lauURNJ5du_6L#hQv5cg6bPdkf1
zYP9=jo8<CKjxnk42-T5s>E`dGr=KOibj>^IozBz+a0QcpulP@erIlvfA;>N_sO=^$
zA^YZPD^?uTy(tX7Tv&2{2Qmq7+I$9GpMj(6K)}Wf@uke$e@mTj`ldLp*1*GHl1b|O
z@5`Jb-LC}!VnME9)Mwv6<A;&Vb7OoQsx<@8v_Ft`nc7HRO0~2q;#5J7db!rwuMzY(
zi8Pz3;+8{=K)sNS`l`+)K&k4xZ#VEMHZoY;4dW~g7fbya^@qgbA8vJdz}Fnc8K<KX
zJ>=u-oLYo02$INJWk#<{JrCmw@3<K|+Se=pnfbE+Dsz;+@ORUB^oH&4_-BTD=Z6J~
zBAaqudBu^28eb*6b-VrRRALXJ&eowL&Q+H}SW|zf0LJcd!1Fcs#@&p@h8WNaO(-wx
zF<YaEspUK0Cft7N<)ihZt1DTEt|0Wen*!-pl4)8d?^-3E&BgU_a3fojb%ui`FKHfT
zqIzVg3Xg)r5)T0pMXQC6g^LdTsq&|v6Tvyg-W?znaR(=F<1*!!@|@oduf%~FKHVqa
zSE>Vxe9%MN=d7`0dutX8GANU|Puj6p5t!m4m2y?=ny}<X4j_(ql+>0;YmlWwo=vEm
z9}^*O{JsoJ?+*`@(`{f$%bDu<SC#-CO6kw!?(vAJdol>&ev5t$G+smM^-A5R9nmY0
z)K*RJw5imMJ5`S;LMqy!C2rxG8ah=+!kK#3(?G<;*4Bt$DI_1^BuN4*vkMLiuN%2N
zh2DsC`jxia-V0x5;jRq$BKge5GqN&cu@UBK6~MyPD6c82{nm&dsoKZlGJgQ7bY=(J
zLg6VH7iY?Mbe9Q6&Q(=V4x?Cqip!^i#-i}rPHXE6IV+b)c~wW=9sx)~|7V0n&Vn`b
z7etu#YsC0hh5hZ_7%oWsmlc-#2jbrf^O_?`LaaFCkzuvcR<3%yshv-x{ink6qLl99
zgr;ci7a(mYc_{waYO-|sc(p59mZN;?cS{1s<G#wUP)!Zhk@>QDmbe`IBT`e6)rRyC
zE*;b>V1Mu11hxuLhtvjRZ{|_!#T67q`lv<wlG{F4Lh#g)T;Ez>-x0W$MT^G^V|1!j
zT^yStj?~Tb=XLHEZMYC-MB^CX|5O;xo_C@PyA}mzzMps7nt%#RkP_9K!iZ9VqCd{{
z)OnOUZ>!cYmU04{^D+(i-$HWL@F;0bOh?UiGYRJrL^J9)ErZXJH?Zb<q8(Cg=X?J&
zQj@W>{@~j6=}Zhl08tBj96XAwTLcs_3s{yUe@zFXAT4?t8}=8E;ni57{~3Gd_kGrZ
zG(IGYtuIxnr1bSE9JqGL6z)qPJg7X2@<ITY`j+RcqyyX{RJ>)d7%iHAtpL@@@7JYH
zF*-Fl0_JNcOfwpyP+LMSf}2qxcQA4*s+pg));-t9QxdpmaMwESLT$Pe-DNf#-R>TB
zSo$;l+B2V{u3L`b7jj46v=@&!K&mP=HazGS`}gIaeM3GevqnKq#RG5GoEr~$cXnsz
zI;dihbYA@m_jZwmltYilD7#gnAb75&Vq*7r)w!i-Z;d6&fU8CayqHMw>AGWRI4QdI
zL$S7bHaKkAX>@lWz{Mbr)ZCX}9Xa6EZ@j%mzq7=Mh8Mk3-Ad{D`_w>5exyjR+oGYs
z+_8I<5a2Mv?Ma01eToS5%zVaU?3fbEbNJd28F~ihH-m8Wg4K+#?Ea)7CE~+w0vA@?
z5xmFd1(2HdlDz=2qx8X;xBr1K6Z?i1X7p_Ur|B3>V2}$X3@ky%1G6VmcKc*ZXdNee
z!pG)Nn7WBm1U9$aRy{ucbHSc<&I9-W`PqRqacN&S;$E_S+M*jKjp9B1W<+E>Re;ok
zCAMrLPLOd5!wiKiew+sRjIp=j>!+hl1LHof=zj+7iv62Zeec`9h>JQ2=Q$1x>>u>S
z$q7g@xam8P2T!hdaPI6E@Xj&v>64IkPL^!uD2&=XCVG9@a8UikJol=wzr7p7;fVfj
zfdp2@t>(WK)&v2!9`g{@tZLr+JfUC{-6QW=^iPFdj*ty(>u=rN*b{EE(kSsY7Ho4<
zlC(0@Z1}0sfeFjIX@tW0E=XGn<VJaZh?-Eh@bF7MCx%8(4@dce!6y{>9K*8>3fC+F
zTC}8~mf~nvXqnKjy@vBEn-ApLG6{0qBP9XHVy)RmPd&_@L?UNHDP}`Hq4R4{P|6iy
zjm&=*NJQ%sw?Bu<Xx~Iq@0AnHSRF~>9lRAtU<Fc*$T6w6aq|S_@34a_b1hKG>M^)&
zlsn^&dkFB2RRZBpEH|B|m@hQC^?&-5#_iO)N)}>%?d1`gm`5{<Z~r0dk|Qv>?Kv2-
z@yGYu>*}9~ej0yfCTab)Q752PWl5OF`GPc7>4PfsK<!1?fl>{Acx0ukB6{T|AFV9k
z^8x&!eegpTry;~8P@wFpuZ<1PvtZli>y=8d0O~R{;`c=0w~ZYfYC2#T2;r-T{LK5^
z;{bC>$j&*+;kI7qjTPp|o~918jZppEmDMnG!#=!Cg(Z=?{K4d1fV8pM;HnW)tM$Di
zX_y^Dg$dL@e<ELL>Mh_iJu`>>#wt+3(?Cz^kvDS7jy87t5$D>r!bTB3SJ1x3=Ioa+
zI-FEZ3y@WpeDlP0C!C5uItRgptOcTZ0MfqC|C-swhGBpetB}5HJiG15owt3Z(T}@!
ze0oYSo5oe2rq{RBLecs8O$V_DggWaSmeZT!j*F*_23TPhWP_M7bm$aoVZu&C=&KF7
z*;Fek^h?R0H$a;HGCi}SC3{HJASQ^h`ml3pb@Pu`n(cb6t?g9Z7(zK{MH>8_ewyE6
zhb|49kP%hfcha~cANY&ol2%Xj2HkE5V}Bc>_2t#`Z7;72rXMXJ-MONv_W)^Hflpw{
zqs1s0)&tCcbYpmBh$2Q`X%K(L&|+;;zjL<mV;s33%Mys>z6gbfIYEd4@ds8SoKYIa
z!4baD>2Q0{9_%MJ9&*Dy!J|^wuyd_!tW!C^7`+PV@9wQ|IKscIqvY1Wf9r_YY!%Zl
zDPZS>7rsq?yB*{%ji>gXIx4i&!pi+|dH{~dq#sIZ!xN#K=hWJK64#oE*z<#$K&vSZ
zdbeuB+M>i&n>(=*tIBZq5>b%hj+UxI5cVLB$HJHlAwWXYlBiNd*RQ&^caW?xnu)gx
z$*Yn`y{B7@JR4H+M7YHgxdaz)0x!s7RB}Te(~z?V^z<o8yP?eQKXvp?qi6?YE3eU?
zwc|I<4bV6kn4t8Vj`q?BK-aiZ1wW-yu4xnZC5Wz}jM4<l0C!$6s?deQjY;foDwr6-
ziMR0NI`kY3Q<W|1IMvOYR17*^ShM}EzS*IZ+|-YO+$JPyTD%bBHtmP)I7MV7M^nxs
z?T*)C2PxLE*~5i$Jr#KB*lkxM_WF)aLdtUu0?fpD&rI<(Xa(T1rm!f1hpBtYFs8Pt
zbZ0^4ZtGT>dR^9qCLUv>LxLxU^g|82*K4;SEBmr%G}#<_FSOieUp4y4b^cuYbszQo
zJZ2p;s$kg(^P%D=f-i(GSouy?0d1WPkoE-9n~4a*AxkG9>@#zBO=HGw8u&`{^UR&V
z`0e$KFse-8u%*p|2qs%Na!Hyu^#>M8pH)&cJ?JiRfjnImDBsO2;qK|<_yG}i;11Cx
z!kUc~RHKd=K-%GIT2x1bGU>XH`9Xe}Y4B4$<;yFLicrpgu$VcG$lPm9!|<ojABJ0x
zi|_*ZYN9O)1ty<%g_R?oXd7!*$8$M?r$5nr+GDXKnM1||!$2vJlg#04faTYc%2^Z}
ze7(g!d^2;Fztn1Hiuy|9UF@Q@{m?Gsnyt6Iuw{HK=1@HZva_<|zbFAq94#5v*z=Oi
zN#X})8Xy8f0vuko&V~xwZh-V>-oD+1qQ)KqAdS-`A&)@v^SsQD(vZ>EgE=^ZtJe#r
zpdy+kHxfcUwPt}=cNh$1#V#(&-9)Z#sL}ca3+q@OvuocFjBJ@Xcas-n($=_!YxM)f
z`1yAb+yR+<hm;kJ`&S+P-MtkqNbr|0croJ#|JIS8lDFzUXSIb^0>7=BN$C<0*sRq*
zb=1|bsn?yG9jNy$|ENjFKo}=kZ0qcF&w{iVHukIR<4mhP6OZF9ylgs|x~xU5FD1?1
zui}lRg!Le`v#Ez!8^^76RF%qy572Z#j)!~5JMjUizoV{#Pw#)Ja)rWp<f~Uxfd;t4
z`5z`!Vl)RHH8Z!xE#}~96Frl&%u2zU%$5D;1<yze8q0at=3Z*if?HXg2DY^Th~t0j
zwFrVkIVX>iiB~2F>@!6nk?t${eZ-s#WEHt(cE3oX=ZLtqNFRCh)SJ>Qav0@+Z+Uz1
z5D&=+M;qI1hSqOSV4jrTReI=dg~Br_eLfgo$7^CMZ()Lsoy~JMzh9M6$K=EMyxz)e
zr}yI;dtQv4>4N^gPJ8l_0g`dZix!SSX4+fLZm|_^1mH#BSdU1oO@1C-tK;;(BgW`A
zFb2wNv8AN036~DgPn%s0AW9pAJUrSHdnYXUVbq4cZ<l)3l12g&eOYH8OQ|?b6bC3B
zsWCz7RNAZ`vd}4AT)$%cKn@9rMgBat6B(!kkh)gA0dxQ<@QuS|hc~!P7TA#AaPyU_
z07Qu?ru?;Qyvy_UG8<)i+2EoQ+?e#<m2ar_Sl=VJ8CtY9IZrx~Td!p42Wc3w;W|$s
zp~dRm@{*gcMi2}+0rzJ_eIkrxfK;WgggMCzh51x)D6mtvemf8s^ZTz<jGHXZGv_@o
z>aGGMUa^T@@Ty`iy6gk9vukD<rZwEe+-ZiD`Iwnrk(tyH+BW45STc_t5{bwBUDej2
zrHM3G{o~zx`)O29fYdf&3h(uaD9ipucd@F88>zT6%D39IM5lvbB`a_9V>}n3G-Eph
z3JvPY@)qCrNvXasJc%E~_)@K}1op<p#V=@u4u4nK(wm-+8xik(;YYc_9UlD_M%vcb
zdXbfh0+3pH9p)M}C9zW1{2<uP@EJ{XMJMf*sv6aVZG8#zJV956?yC&tjOVX<$gn$e
za{~KSK-4J+x=5(o2Nk^bx1~$^4*8tPPlG|09}8AxOR0az3OzK99P`f@VuQ*`CSC>h
zw|8T>ApT!gSVZ6OzZJ&pqRPrOaRpo(L}5|$h^@_ALLKl=g-t!@Vl~5zXt9uNXPM$u
zBDrnreO#pa_;VHow%GZ+qIv}x8As2}=>qw5|79m;GcltBc=)ADXq6pFOxJ_&7g*Pq
z%Mg_W?JPM-0X&jaH$jbQ8<2q#?{ZDrV!XAUY&B3m4efB=adzx$nq&(;B`@ir875N7
zbQ}=vr+Iwe1(p9)nB_h4a>o6oMrZH#Wpt4^h!Uv4@teY=A#PpttKl`nH%p?ATxQS<
z)iV^px6PoBzoU{@ZU+2nroq}iZ#-pB5!=HL+{6+&Fl{r~wlLgQ&~Vown-dTnc*N^b
z!w;av+0cy&mg2MNS3xQh<rtAN%+_P#iO~g#eEGn{1!*-v>PSns1Tu6B8if`qTLt!k
znF=Ok=TsY8e)r`!>_-`U!0*-Wgjo*YZ)4E*vj}a4^MA{JHKuy2oXVraHMtEXgZbkS
z0WIaXn2#Zh149LI+BiwvW_hcTpj?{#S<GZCgbgcB@<w(1dHMn57b$f4iU6F+)q!_y
z6+}iYEW0pCJm8<=rQ^%{poieSzg(H*yMe)pj03-Yqp}dj<@_@AKu&cSB`fyCVnj6F
zc$Q1&=l?>T+1Sz?G_2KuVya&?jZJzS=iFT8Blf~3q|MCh!K&Sf_vpf@O)i8KL11It
zpbfaNW8Hz0n97GBwAjNoeYGUaCCIkrl^Ov)FEk4E2o@f+Tc`z-m83AU|M9m<P0cr9
z#R1iPPCMj}3+tmk$vE^zQ_?fugHWX{y7?dCh~R9$a$~zl?vABCaN@aM>81mu&K4#l
zVu6|Q6p{(g(!nw4>W{~Yyi%o^Z1i_`35?Ut7P$mEe&4X<ewGVA{9{HB7MSxGtpN{9
zcHBncIo>MPG(S-#Asx#VOrD=k_)SJQ!1pNhX8verA8B}z<XHqDmGuJ<gQ)K>rcu<&
zk1y^?d8M@53a`|KD8lMAg6t0ZoT58?);f`UklGbKnus0!im*W0wwdab9`n@XiO;j)
zF{zc7z*TIAa!17pw4IlM0>9a=mF2AVkV%WzkNNms752AxW4IvRUshOflJdV5#wV8a
z$Q;dcg;-pQU!xXUl%#ul{!fJ!d;cNIMQ>9h+J+~m>l+v}_GmDyyUZ&=y;oMN5bA%*
zr7O(u=zhA{!!-Mr!pK(uEg4F=ic`)e+?k~a#%&UH#EIS7@?(&KuQWpF*<{)XoFB9f
z9=5ZI2a%KV;>+RbBg`neqTA=>%_iw<!9sIFO!gZT70=+UGib6H<!kT%E;+TFI^Z!H
zN~&;|4rsh-9@ZQGNT2tnFwDzEHsRf|(QMd+&28H6O=!p^NRpjW&+9oR9)b-XMr%+V
zC%)jpV>zka%kxSqft!?1CdAbeF7!yh1icR6KnTd!f}a;7hy2>~ECP!gi1LciF)rLY
zL`aO9=X+$_u)l}SGi};Vga#cmO&_nTP_ORWp2NZ4-GH>Ri0Heo`NebVw!v(>0DiBw
zj-Yhd;Q6><K7B3)t!-tdy};rBy3}><5)#aPhPKkDG}9rPT2@qVE<AK)28BJmg3c(M
z$GxGS{c2?cQ>UbSz%9d;tuiL+ODAb;0<?y<a;2iOd|Dl#%lr|<uh{@nC+&2lCNmQ;
z-6fFW4eXb~DYXvY-sS~&HadY+s;YZhPg!}x?dE*&h1{^Br`MpT3QjtT5@-_r)XEEC
zNWhPpcLY6k&T%sQqlIS|M0{A9_t&^i$U2o#>M%tIHsmQlYIY53vakVDNn7Y~O?{2R
z^O(PL)+^PDG7GZ~DOyRrZ&T-YRzM$@Ei1W+eOFik1EWJ-W@ttOyX512MOqPosP9p+
zt!)?rjcbQL1==1HQ)uq!h5$^LHV!f+M2<H=D$?BDQ>n?F`vP2eV<wu3Qi5=h;w$wf
z*vBN7MC>D&LAFs4xEpMX57*1G2P(5`5cY{_d$&YgGa?syyc=f|UU-Vw*@y~Zf`4G*
zV`#3LV-WqCYQqjvD!x9cwlm<rwL)r=tAr$bxk+4?%(|iWP^4t<?c@HG?&RgXaQCz(
zPHG6qcW=JuQ%v@+IDFa8HpFI0dx>Ixh$E$HcwB^0E^CB3G38^16W<8=98Brzzta#&
zw3pnl3QN0n!vF7At-rk+!v%5wvch~F{vV&&#r*63uXgS-sH(PI;5gkS4bmVjwb^t?
ziKxVb0@8?dcSx5sNOyxscS(l=(kUe+(g=vs$l3b5XU_XR<Jo&Vb7sz$_5TDPnDv`$
zjrX+{voW&&lFjvgwmGJFG9p@>aQowbKf=liWk6iTR`+6Gd&RakWgPZx2vlg=r<_fR
zI@pAaJ$fvX*SGIZclz%8-49<$^7yUYbq~lyx|!CPt-dhJN)UV7mZrGe<&ir_@Lepy
zKx`cs$=obl8Pdt+Bu%ks-XVNw!ChKFOnoO|b!?ANAkd4L2eD>g$}<9qAp0n|;zpO`
z|9XTu>Th$j=~+3VO7P$waD1=P9bF6g`v`jwI#srD{cg@z{La&68Rf1@S1sng9%kn`
z?9KB8I!7Gr55$uZGv5(ohbpK<<Wf8MoL=B_;809&8oShK^(bJXSj{tr;zxVGL8Dw`
zm@K$7?2RmW!b9Gc7Jy=#cF2N)pEy@ehY~fV(#P=nLXm|EBP+aMwBmc}U{rpg48HkH
zx4`(JU32*FKQ(Wi<1ySnQ?%K}pSu*Dw&w1Wj`jDSQXAFP2@~q)zbf*Hu*xQy7apXX
zh(GCZqZqHprYo))ii$ZhU&DKO2h008ODIWTgkt=TO-t&v=yMLjsNIPxmxx|9)o`q`
zb^YIe?7-JILT>;4*=k(gvg`vaM!h6`*I!qq%etqQC~Z8YNj5Klz=Qjc@jP{eCpgkk
zqLbzfLBS0z8l{;%GOzv1t;o0{3mfXn*dvmI*B_s;*KMqqW;_}G(1?ghzocP%`P-{@
zGFMtUVwj5^>5k-L6eFKxghr_Ty6P0wLu;|I)6cr<4&8lx<arAzQYwC|qp_>HSSzvn
ziQdZ%I_J2}$&B(J<#<1HJ<HYV<3%u&R`8stk{2zB+Z;;FVGt%55c>Tq9orfv2Cl(J
zGsFlx$BzPwLNiR>e}DKh5Ix4I1j{$YVVb#89R01rZu5E4bY~BecPlx4)~CFwSkHG?
zdpxp@Y~1-T`A(Nr0(?~nH%RI>yYHY9Axf}Cve{XNlDj<E{q0pLXgIeOsnz;(O~q6N
z+l*`;6fPh9y6RfLOP_3KhC&X>NJ#|AOaF-zA!!5rBBzX={dZ@7Y2Y(sf6Jks>*0O%
zHmbp2khVL`MWv)Jekc2}eG{l8g!qy$JKh3e4omsh5%&N6uMrn=Xox@YMDWq_uJy+A
zGV|>6r1EfmKK`83{e|1In}}<?%NLh>&bdyPP8yEYjyMh`_8s<=c22g#wyZY()(h5x
zR<V}5mUk_(&Cksro0Xekm>Qb2n2;Ge7!4XRKl3%5Gvt37Ww2==t)H%UqNl1`s*9#$
zp#4UhSj$GUPm=+1X&@jVARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr(h
zARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr(hARr*1|HJ$k
z0%TF8{0R{p%}w>689O-X^YIDu37UWfA>V;P0wAz3kDo7(4jSga{%dAbJRW5pssH&F
zhld}9E(-OT1d5r%v{jjPbm1Xs4JC~r^?`(pJVtOZE8m)S4H6<E5+WTB78=IiKZb<)
z?_Z<Py~>QPa-Vh~?QKb$jhRkL!cH5E=OJ}K&7Zlzh^t~$geYa8D}~@t)=^a*k6CWF
zOkL6<JE(u1Ei)CHE9kXZNZGq9o1c5014~)(m~M^U&im+2;HY#C;?3t?T`tc>>KOJl
z<-aKoxd<0Ql+sX@hG009dnOc5%NRgxk(G})oyg}0KRBO<_2UfWNn#moG#&W#!cs0x
zzE4P?U7<W%9=L^M%P2fs<fu3L`h1mu<#;FB)bSjml!87>LpYRbI93l$1j1IRG|Wb-
zHKG)>s426@@fEoE+*M-b^-*wODb@9`WgE)BvXmG0vSSt<cqK5P$@DPPPV_s6P*ug#
zy@e?6K%XT)97=7*y`^>ixR%u`eekWh*jO~5D3F&m@-hd`(}O10OI27(A!_WF?A)(O
zQT%Q1H!3b`R;kDH*d^yE&8*h>8^-ZdAWBK-vwRANGBIo3DXZdoiD6EK$83P9{?4OS
zS*I{^Jt=lMTa(U1E?7#piH!_4#bCLEdT_z|%a45~;Q?!m(xHe%ap(-TXn{5mr36%^
z01q5WUTd}i`Ti}*<fd&zj^2tfuP(yoR>pmC<@MeMQtG>3VJRm$Z#9RDB@ozSA$+=B
z{gPf-)6Mz3y_g`b{nEmP#l#V!6#uOftk3f^UOqlJl-btFJJ+O~T{t^OO$db4`cad<
z!uAr~1D9pz*aNpMNMR{)aE~~%Wu=r6`uVP&vq{Lff^fcSom|BFXKwT>wVwY}ia}Sx
zGfQty6^b?#FIUV@9`8USY~3s+dJCLh2EHE>PEC5~^EzQEWtBcGmC>?O>bbB@4V!z;
z6jAJxA|7-Ihfk3;^ba;^`_Tu8qDuZtX=&{K-$?#H86`PbUjx(W;Wx>fn8C(O=|Ria
zB)v*Fvm}ZF7G9rR5iVdMBknRtJO(Wie+;;BRDGhl)fVl6+F1?CLaZZH{PwDe2!a%W
ziiBs90TTr{$F+|%k7IAJ>utM%LRE-kPcNx5$0PkZE5_0JU?H`5;t*y^{Smi%gxog#
z(ZVD53G`?4CENB(m+0bla7ZEdTlk;%Tab@e7%cQB`w{$lNxf+wO<tABaVMWSw}ZW4
zW%jm*#$gzj%kw1~449ioxV?0XfRi~!+mIC`O{riZInKtm*O}3t`&wOt%zEhO78io9
zgl9jF-^pNmSBV|FIRUaM;XovJaVR~H7S$kYvW+1za*=F>r9{-vSTJfBl~wXKRTBEp
zNGL|IS|{AmLNU%|krF5K${eB;gsOyVKkgH~ItV`e+_-|Lxl+EpA5PAb&t31)`|RwU
zV`!%oH8L#a_&bkx&W0F#q^C<aD9^|eN20ASNUN1o8c3DM1nHJ~AxZ)0vxH|qb{~!3
z6+qYg90AIeNQt*BNZ=QV%h*!h!Y+-Glyzqof~E8Wz41Q|>cjJ+{GMXJ7r~F@f|-^k
z*4~NI>uX}n*Ea}Jf}zh6p8dEJzvM1zh=moGd!c$pieb@Tv8Ppce<@u1#wYYAUvaHq
zDZAg-<rk--ZYerusKkFt&v{YZ;!pf}5X1f6`lrst=^GFwKlE9`vmdLnZjZ-FzD@}n
zp<cqb>xkHuD0B#u@ndUtSGhK?cISnqL{%JH<<{_FPUyURh{6>p?R~XOk*2ovv{q46
z<Jp+56hsMvs)TDl-rlf{d=zsOh`m2no@w27>}H+u_CC|Cz6*jcO`Z)lbg-1e^v0QC
zJRfxx-pB?Q$CCCDlxkcF8ebdX_Rj^@M0YhqlzhKc3jE2T9>YJ)wXVWuIm_eGcrX7e
z-ND`-EkUelF-7{*!FGpyX;{j78?CO_GLdRA>nUJAuACWMevbLc6S1*Qk(ujFnhIBl
zk{7xXo>{hzlq}u)EM8<YmHO5&GP+B72tVG!b*!uFnaCH)`zP|Slpyns)mG8T3XNAU
zn>kp?`A#aGBvq`mgTR?`I1EW2#vrSQ=O3%*7xIrDHCToB)Wd(Qn`r2t=Qb;YOoc`Q
z*8~*iUe*bPM1ApL^M!@vt&0-$ooQ_Mv?%sLrb#L$Y>2<#@<m(A;M#PKjy%Q@g5-vZ
zglCed)r%9gPGwt-enY`DNe#PtR8bfN>^+ZC3v@lc`e~BELUxo&hv-jGS`2SioDnr0
zEeJSrjGTVh(3r&9++_PO?EtyoT>p8$dHKMGMj&CnKiQ9+t8MYReHHanbyON}kd-v#
z4v<HjAEHj(z{9+CJ;yu>OKB3h?&g1N+dz;!McYhk!+I+->iL-HvsoYcX0ymzd}4_5
zHgqLC`*H7y@+=+^p<_q0rDSz+Qyxnp;@M4S<i1rw7hd(*{z6#FM4z%){}cw1qhNRE
zN0=mGhJ7p#gF@6EBsmv}I;Z=_K$M(Nm2mCH@h%=PjTS+au2GEg=GNj+hN@15-$CJW
z0d{}|@#LF%SjyT&>Ep`+ZVS1m?jSza{XrsZdka;iK(RMycgKCTN5~*b4(PLlXFqz<
zX2`fLbr=yiI^&aslZGd_<nf;#xWAk|uWbXl*Ta09&{8$1In~`eUzc%?@F!xo{Ah58
z6RTND0o=X*Lzl%Z7NTT_K1+D^<AbCFdy7xO8-7Do)I6Nsoo5K97wWST!h_FINjWyV
zVa{?&$*TN(A740Nq>8LjI8>f`Q=>)pgmuqVG&&oVHdg|oWP?6Sc=lt(9VUAft`L<k
zr-dO=^v+FVYL}fqqzX;Cr7BxTlt?9EDd~4+X0TSCN}z_=l5@|b+Y{<U44mFumbj^o
zh4QiEkQ}09g{p*WKVp&SM<)s-=)YBxma%<|7Fl^y$Iu_yxVzZtoc1uzH5QhVl9`#%
zs{e)dl-Bz+`?c;RbXU&$IEONYE0MVE?w(G6h?3>EN}fMC)Vp&m8?9R7ce=g89h;IF
z@K3b7rC)iV@yC4I!f=u}yoRNGUsF9EPt-hJAoXqE0W==ZyFB8cw0%RZMBgE9RX+JX
zM9B<Y3C}D&=kY5!(_>!6Z}$=ewU-B@Vkj1oPK5~Vp2U{rIeNidJ(?kBd-+Oo%%x<>
z^AV|=!xt2C{H-_yc{c?)P;$%o0wJsC)_<&?zmY;Fe=^FYru&b3eV7wx!5)0~Sy<^(
ze#nysG_UMbjcgxqtMX34LUNYOs<wnS?0BEeoKtyW-|IeFSEtQ(F<6?flUXch$%Y`A
zpd#U!WXfM>?+NX*rN76>GH0l_AlbD$BaD<}5_3^;f1!S!*aZuzfUq@lf3ilPxz|h!
zRAWLlaBxK-@V4nd&RDFfwKMz+<bE^$^M3Og8ygCM{$xMWYKJn`E)ofs%1j*h6A|o4
zdv83{y{$v&R)Duo?stCzmU1S7LXDXO*&xEjM_=qbNUC0wp)<hA`>jA>muSdcvkwp@
z19T-k`%&Er1-H0^@?|5b*?|;$()WNbn-SJ28Uxjf5(<tfxG>*&%={N0j7II2Gi*9r
zR9(%X(GnmwL<V7o(c4jN6~^oR{4Fp&R3%*dQRZpZ!v_mA;zJz$7<SIj+V#4Y@fcSS
zZkLBD+e??e(}ktnmw!P=LzazbIXN$s8C>FhiHyZas^fa|UA*3m7s2B&h>{NaEaBOY
zbSLYP{;_d*E(-@G^P^ac`n{E;idb$#CS<u9tLI6Uu$1R7Rnr?S<Yl}&*LLbJjI&#H
z`F6LaNG|R9aL=+ZZ9E`KTIjQcXFqZXa2};|Gx5^0MS%9ib%LL5NFB*2cA_H;rHQEo
zogczdhBNXSoXF22dlXHWR8GYwTr>DFuJ-JWq9>k!TDhfuK5NiGpCvr|G33No6!SR3
zEGjuWmRpay!+ooJit*kuo{Ps=B=<%T%-?GiC(`mhtpmq~-<GSttA^LaO4xwu8$W|r
z|7hR++-`9jqNIkZglj*tN8VGJkq@1W3IVHV<ho<tyl?Xc!&m3Yd@W^Tq1pp|SjxYS
z<LcTx#gREDTlI!bS8y=|vpR0{`+Vg%x!BNnw00Mwr24Ir_fHOWyefNUd0F(QUPgGs
zCNabpIboXzQwQ57t*zR%-PVc*u#}bf3Smgw>T_YZ9Z3B<hG*&eNpi*-M^AF7^%r+A
zz!VVWP3TH^W_eS(*2rwAP@f>-C0SAB5Lev^Ldf`}K50{#!^gBaqGDLer_U2<Q}(N0
z>4k}7PQUpc(;iFrKDx$pT|{#+>jgriKV<b#{$ut0LjKXCMiJ7!82L`S<TzX6*~m>F
zby0x{y<@ysLN^@Y+>r4=6<A25A0zHhuD;>z9k$qNux@qzAlbR0xuF@&+THFR(fsWU
zf~0_oglCd5VAJmleaD|>P*_{tgqx)L?@3yNSM)3#`5i!-*g40rklRf<28Z7G-*Grc
zE?z|9bT35ZfYj^9WT^#ayX7q3JcitF@_*cKp=Tgt6VM;MKN4o0dV}~QQeNB}kV;7#
zW=Jicx|lmqATX%&rcKuFkAbDs-dmph8c@r;HB9qYwhtRZZbl-;J4dTF1pRo&jRZPg
zh>{Gt5}y6|qUWl^_dYvIX5sWX5-+GSXa(1B=*syfgR$LPsn^_-FrV7c6_atAWB4h0
zOc2Kc7v1sLqE&YTUXBKZb&9LteSZ&8l0sF&wI8WFs)*wli)!0GA$|WGT2LMQHjW_P
z`8~bRlF{pcX!$@`O8)tTD3-s%vThQN^5v!6);q}mSeP{!m-SS<)Q-o9a}A;-fj&!k
z_9J4s*KCe-yONZk%)%2%os0p)b>8fGT_Z<>++a<W3@=#9=yH`Kcilr$>)n2rt_My{
zPdq)QJc+`LvbyS-ssk14AWCBBvxH|qO34Jh(DQ7$D6LOf=*VL!u5-}ARi|)Eetx!a
zF|gol220r%mEI>yYNUEy82Et4#^)`$GV*+_7n{S|OHR`8ytrEsB@y&l!m}TD;_JWT
zh!KI?lfM+;-;1ni|G4tGv7yf$hYY<4ThUSkmNNVBlD7dL?cMeS*7*j@B@vT9IQGbS
zD@)US#m260`sXt+Ayg$?`w{*4fFHd?Zk^190$FYSy+*9Eu8aOwoI_2!W_$j}DKIQ$
z?wZA>s$Q%hzbEHS4XUr>cCT)qlNmq$e4<<YrG*|G4N>0st@4i!bw#-#^k_#<->^&%
zTQrrgw}`fo&#tc&5Ae&&T0V(gN5fJo{n#oGchSsYqkC<4(cL<hI&zw)63+FRaexfl
z@RrvpL`eW$3C}D?DG|W$-)`Aoy|Xit*%91RESV_v<ME@wV(M-i9d62krDTdhQ|<{4
zID3-JUuUD*OTYg_NigvJ2O_r+B7|veeI&^0!T-<I^9#xMNAHit6d7ZbD9Yalo9-g8
zV!TLToJs%o!<0r#a0vu{Qyq~E3mN3Opr=as(7KRvNgN3w(JMJd&%Z^bFSBJ}E<3g9
z^9lrs2Nem=BnN#fMQ$xTNip{%KDYX8i?r@*9*#=>BP%D<UF$|fohB^g>4X)LFLMW-
zd94do=q<K60hS-Bl6Hq9y4k4(?c_s0&ve{>-fu%8BVMq{pX|q-0@d>?i(+@}Nna7n
zdD0Z{xM_rWMwyNiW$JZGF(S;<l3hKHcNZu9c<hU-xb7w?eTypB`r`(E73WapE7_A(
z8i*1Hx)PrKC|{6du=_sXpoeTaz=ci-@5Sw&USzH?kRis%b4G8qG+0X2CJla~w&&Lf
z+$c>`hp!FQ?l@!*4@o6sT_uatr4Rgkf5e8Wglj*h%c3)V`gDlNM0aLnXu@v(=n8Ln
zJgp7=Iuj>sXt&)Hma?mgb4wJT>_dw%RuD2zU~<(`M+>t78%_YOg{7%gG8#mQ1$~zA
z>_^AjB~w|HeuZILZuXD&BYu#0y-bwfsK-#+$aoatJq+`00(<nLykW3~<?24aS@Elp
z!pFE?!%?^OY68R@j-5kA4j@WQ=(B`pKW2lKy@%W!6R?m4@J9luuoX@SOEVC>X>9HY
zv4|Kcr@;KQ#vU2X{^tjtjK|O1-Gu)7YeQY=a}#~FF&&9|PF(kV07QuaeU@;&Khi0G
z3{|dub+jhes1dpQL3mCiip^-{2Tk3xw^Rc(FyAIX`5Z|csdrqe)Fe)(0_4UC@!NZr
Q)}-`kLr<wXoA?R;3w!94X#fBK
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..d1c019f78d34a9454c22fd5b23b642482f72e74c
GIT binary patch
literal 533
zc$_n6ViGiHVys%g%*4pV#FV9Fz{|#|)#lOmotKf3o0Y*p#!$*Yf{i(pg;`iIB(=Ci
z!85NUwJ0|=B{Q)k)j&?1*U-e!(9q1t(9qn-I7*z?1et4~VyI-G0MRY!>Z*`gTwI!(
zqL5Unkcn(c<9uXW8Ce;a8+#cH8atU98yQaAyXh4@fn8%(vs&}#w0+mKU;LUe`&)X(
z*@Kb6&z>yJ3|oJ4a+THI1A9A;3(sBOEFE)7;NHz;E8_N+u6_JO+B>WwS8PRxPH%iy
z)U2nb7RFvb*4=V>`)Teax#|ol?v-=6mKO!=ud6qkKP}^`qU-KEDQcOH6Y}o2SGMI<
zb6D}eoy)|`$iTQb${@l(1n3W0K^9&E?k3Kh{N%)(jQrvf10yyLZ8k<$R(3{47BvGE
z10@*WfU!+1qokz3N?#wY+R6e5^bL4GCJ8e#{%2t_U_c9SW}u%JzIprafTp>nywir7
znM|h2Z$v6s?RPaK=6q~bycXWy`9JeHw@c51hGiReN-*0*t}^Xd_+!bfjI0N>>oPVq
zHw0cg;kZQ9$oxg&F~<B?3URJ+1xiz%-M8>F=a$W$V)rur_Q@^cycg~AA8%{SP7$`9
Wu~#zp64T5=W7#c2>r=yj$p8Q#-n>)*
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..afac61f517454353e10a1896f32699104d78266d
GIT binary patch
literal 499
zc$_n6VtjAV#2B%FnTe5!i77tHfR~L^tIebBJ1-+6H!FjIkfDG99~*Nh3$rkLNNRD3
zg0rK6oH(zciJ^g!fq|Kkp^0UbIIjsZ*FeTl%0L35M-Z&XGp{7IC^t1FGqEJqpm9F3
z9gM6D%#FPa292Fejg1V;nLBGUE-W;%4SUXPcASmz^woDNY#*ZPJVjP*;rYPa!lCzm
zi$Lm^cfXs8&)bx2OZQ>UH#<@MO6&O2vr>N-U$~@F?o@Cmf@8sKfA5P&pQH=UEberz
ze|!2)o40**)si_e<|4xLU5`ufewwuIY(tg1!GW#+!`A$+4(71>@Z^oy``1j&j0}v6
zy$n1IjMzA|*%(<_*%=vG)C^P%lwf=V#x}8xl9B=|ef^yL<iwne{NfTT3n0)p5CZyH
zR+y3TKMRKe8<1jRWIzi}W}qKUBUaUIe*02Pj5YG&ZN)ntZYv{ocE}0%WN+wn_l>`E
zQ6XlHzWC+Y&*y|QeP_7Y#%ikgey?`2hg$W=5_f5(byIZyOzkN*WoD|4^7-xicUG2W
zuFcfAJ+&*j%hCm%Z)wPJY*D#<e#e_T-`+m!p1i3&@dGnYj<$zT<SN}6GyWtkISl}I
C^sVav
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..e3c286ebc8f0a9653c1710560b9eb3c99ad7fa58
GIT binary patch
literal 569
zc$_n6Vlp*oVw|^tnTe5!i77t8fR~L^tIebBJ1-+6H!FjInxTq;5*u?U3$w6vNNRD3
zf@fYyYEf=#N@ik7szOP=LP}~*YDubroH(zciJ^g!fq|Kkp{Ze%IIjsZ*Feuu$3P2W
zjxyLB*Sr+n)Vz|+l1hcNqWoNi(!A`v{PH}7%;MtG)FOk%`N%F|WMyD(>}4=$>||<e
zWO!S0+0yZ<{ZEyQ44pI2VtcvH&PY#X6{(uV%$4+BZN>B*kBznd&FB`)R#<iBJx53D
zrj>7JUc4AC;_A1mZh6<v-Wx0HuVh<Wa{V#YF_JHB_`8y=P=wd={?vubWK?uneHyo3
zFX=3QvY{YF^t!`goyLmA<|QABrbGwEPFtnS@TRt$iJ6gsadDPGhJgyuN3wz}vIf#k
zl28vo+^?5fk(gVMld6}TpKD;m#-Yu|$jZvj$jG8*018hi-+-}AETg2Pz)D{~CqFqc
zCnLYO#L5B)^bL4GCJQq%{%2t_U_gr$W?&e^me$6;PW-*B?w|9r8aD>9AC~S7w`Rno
ze>SxI_@$D!@ZC*q^%t+Q)UQmpZCwBDiiX0sbGqMmZ|S`B@>Ikzwc;b)F=u?NS81Af
z^D<wy;WWQF>E*VkhaX)&G<EL8xL;G0g`cnfGAa7hy*@>Ucg%;DPE-z(u4S^gXw&g!
L!-Goi%RZ3+;PTB^
--- a/security/manager/ssl/tests/unit/xpcshell.ini
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -13,16 +13,17 @@ support-files =
   test_name_constraints/**
   test_cert_trust/**
   test_cert_version/**
   test_cert_eku/**
   test_ocsp_url/**
   test_ocsp_fetch_method/**
   test_keysize/**
   test_pinning_dynamic/**
+  test_onecrl/**
 
 [test_datasignatureverifier.js]
 [test_hash_algorithms.js]
 [test_hmac.js]
 
 [test_sts_preloadlist_perwindowpb.js]
 [test_sts_preloadlist_selfdestruct.js]
 [test_sts_holepunch.js]
@@ -36,16 +37,18 @@ support-files =
 [test_sss_savestate.js]
 
 [test_pinning_dynamic.js]
 [test_pinning_header_parsing.js]
 
 [test_certificate_usages.js]
 [test_ocsp_stapling.js]
 run-sequentially = hardcoded ports
+[test_cert_blocklist.js]
+skip-if = buildapp == "b2g"
 [test_ocsp_stapling_expired.js]
 run-sequentially = hardcoded ports
 [test_ocsp_stapling_with_intermediate.js]
 run-sequentially = hardcoded ports
 [test_ocsp_caching.js]
 run-sequentially = hardcoded ports
 [test_ocsp_required.js]
 run-sequentially = hardcoded ports
--- a/toolkit/mozapps/extensions/nsBlocklistService.js
+++ b/toolkit/mozapps/extensions/nsBlocklistService.js
@@ -69,16 +69,20 @@ var gBlocklistLevel = DEFAULT_LEVEL;
 XPCOMUtils.defineLazyServiceGetter(this, "gConsole",
                                    "@mozilla.org/consoleservice;1",
                                    "nsIConsoleService");
 
 XPCOMUtils.defineLazyServiceGetter(this, "gVersionChecker",
                                    "@mozilla.org/xpcom/version-comparator;1",
                                    "nsIVersionComparator");
 
+XPCOMUtils.defineLazyServiceGetter(this, "gCertBlocklistService",
+                                   "@mozilla.org/security/certblocklist;1",
+                                   "nsICertBlocklist");
+
 XPCOMUtils.defineLazyGetter(this, "gPref", function bls_gPref() {
   return Cc["@mozilla.org/preferences-service;1"].getService(Ci.nsIPrefService).
          QueryInterface(Ci.nsIPrefBranch);
 });
 
 XPCOMUtils.defineLazyGetter(this, "gApp", function bls_gApp() {
   return Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULAppInfo).
          QueryInterface(Ci.nsIXULRuntime);
@@ -720,16 +724,23 @@ Blocklist.prototype = {
 #      </emItems>
 #      <pluginItems>
 #        <pluginItem blockID="i4">
 #          <!-- All match tags must match a plugin to blocklist a plugin -->
 #          <match name="name" exp="some plugin"/>
 #          <match name="description" exp="1[.]2[.]3"/>
 #        </pluginItem>
 #      </pluginItems>
+#      <certItems>
+#        <!-- issuerName is the DER issuer name data base64 encoded... -->
+#        <certItem issuerName="MA0xCzAJBgNVBAMMAmNh">
+#          <!-- ... as is the serial number DER data -->
+#          <serialNumber>AkHVNA==</serialNumber>
+#        </certItem>
+#      </certItems>
 #    </blocklist>
    */
 
   _loadBlocklistFromFile: function Blocklist_loadBlocklistFromFile(file) {
     if (!gBlocklistEnabled) {
       LOG("Blocklist::_loadBlocklistFromFile: blocklist is disabled");
       return;
     }
@@ -857,22 +868,27 @@ Blocklist.prototype = {
         case "emItems":
           this._addonEntries = this._processItemNodes(element.childNodes, "em",
                                                       this._handleEmItemNode);
           break;
         case "pluginItems":
           this._pluginEntries = this._processItemNodes(element.childNodes, "plugin",
                                                        this._handlePluginItemNode);
           break;
+        case "certItems":
+          this._processItemNodes(element.childNodes, "cert",
+                                 this._handleCertItemNode.bind(this));
+          break;
         default:
           Services.obs.notifyObservers(element,
                                        "blocklist-data-" + element.localName,
                                        null);
         }
       }
+      gCertBlocklistService.saveEntries();
     }
     catch (e) {
       LOG("Blocklist::_loadBlocklistFromFile: Error constructing blocklist " + e);
       return;
     }
   },
 
   _processItemNodes: function Blocklist_processItemNodes(itemNodes, prefix, handler) {
@@ -884,16 +900,30 @@ Blocklist.prototype = {
           blocklistElement.localName != itemName)
         continue;
 
       handler(blocklistElement, result);
     }
     return result;
   },
 
+  _handleCertItemNode: function Blocklist_handleCertItemNode(blocklistElement,
+                                                             result) {
+    let issuer = blocklistElement.getAttribute("issuerName");
+    for (let snElement of blocklistElement.children) {
+      try {
+        gCertBlocklistService.addRevokedCert(issuer, snElement.textContent);
+      } catch (e) {
+        // we want to keep trying other elements since missing all items
+        // is worse than missing one
+        LOG("Blocklist::_handleCertItemNode: Error adding revoked cert " + e);
+      }
+    }
+  },
+
   _handleEmItemNode: function Blocklist_handleEmItemNode(blocklistElement, result) {
     if (!matchesOSABI(blocklistElement))
       return;
 
     let blockEntry = {
       versions: [],
       prefs: [],
       blockID: null,